Office of the Inspector General
United States Department of Justice
Statement of Glenn A. Fine
Inspector General, U.S. Department of Justice
Senate Committee on the Judiciary
Reauthorizing the USA Patriot Act
Mr. Chairman, Ranking Member Sessions, and Members of the Judiciary Committee:
Thank you for inviting me to testify about the Office of the Inspector General’s (OIG) oversight work related to reauthorization of the USA Patriot Act. Our most significant oversight work regarding the Patriot Act has focused on the Federal Bureau of Investigation’s (FBI) use of national security letters (NSL) and Section 215 orders to obtain business records, and I will focus primarily on those issues in my testimony today.
In 2005, the Patriot Reauthorization Act directed the OIG to review the FBI’s use of NSLs and Section 215 orders. In March 2007, the OIG issued reports examining the FBI’s use of Section 215 orders and NSLs, which found serious misuse of NSL authorities. By contrast, we found that Section 215 orders generally were not subject to misuse, although they were used much less frequently than NSLs. A second set of reports, issued in March 2008, again examined the use of Section 215 orders and NLS, including the measures taken or proposed by the FBI and the Department of Justice (Department) to address the OIG’s recommendations regarding the misuse of NSLs.
In this written statement, I first summarize the findings of our NSL and Section 215 reports. I also provide an update on the status of the OIG’s ongoing review of the FBI’s previous use of so-called "exigent letters" rather than NSLs to obtain telephone records. I then discuss the actions the FBI and the Department have taken in response to our recommendations, including the FBI’s creation of an Office of Integrity and Compliance and oversight of the FBI’s use of NSLs by the Department’s National Security Division.
Finally, I briefly discuss other OIG work related to the Patriot Act, including the OIG’s responsibilities under Section 1001 of the Patriot Act to examine allegations of civil rights and civil liberties complaints against Department employees. I also note several ongoing and recently completed OIG reviews that, while not directly related to the Patriot Act, affect the FBI’s ability to perform its important mission.
I. SUMMARY OF FINDINGS OF OIG REPORTS ON THE FBI’S USE OF NATIONAL SECURITY LETTERS FROM 2003 – 2006
As required by the Patriot Reauthorization Act, the OIG examined the FBI’s use of NSLs from 2003 to 2006. As discussed in our two reports, the FBI is authorized under five statutory provisions to use NSLs to obtain records such as telephone toll billing records and subscriber information from communication service providers, transactional records from Internet service providers, bank records from financial institutions, and consumer credit information from credit reporting agencies.
The original Patriot Act in 2001 significantly broadened the FBI’s authority to use NSLs by both lowering the threshold standard for issuing them and by expanding the number of FBI officials who could sign the letters. First, the Patriot Act eliminated the requirement that the information sought must pertain to a foreign power or an agent of a foreign power. Instead, it substituted the lower threshold standard that the information requested must be relevant to or sought for an investigation to protect against international terrorism or espionage. In addition, the Patriot Act permitted Special Agents in Charge (SAC) of the FBI’s 56 field offices to sign national security letters, which significantly expanded approval authority beyond the previously limited number of FBI Headquarters officials. The Patriot Act also added a new authority allowing NSLs to be used to obtain consumer full credit reports in international terrorism investigations.
Our NSL reports examined the effectiveness of NSLs, which are used by the FBI for various purposes, including developing evidence to support applications for orders issued under the Foreign Intelligence Surveillance Act (FISA), developing links between subjects of FBI investigations and other individuals, providing leads and evidence to allow FBI agents to initiate or close investigations, and corroborating information obtained by other investigative techniques. During both of our NSL reviews, FBI personnel told us that they believe NSLs are indispensable investigative tools in many counterterrorism and counterintelligence investigations.
Our review of the FBI’s use of NSLs from 2003 – 2006 identified a general upward trend in their use, with the FBI issuing more than 192,000 NSL requests during this 4-year period.
National Security Letter Requests (2003 through 2006)
However, the OIG found that these statistics, which were based on information from the FBI’s database, significantly understated the total number of NSL requests issued by the FBI because the FBI’s tracking database was inaccurate and did not include all NSL requests. For example, our examination of case files at four FBI field offices found approximately 22 percent more NSL requests in the case files that we examined than were recorded in the database for those same files.
Our reports recognized the significant challenges the FBI faced and the major organizational changes it was undergoing during our review period. Nevertheless, we concluded that the FBI engaged in serious misuse of NSL authorities. For example, from 2003 to 2005 the FBI identified 26 possible intelligence violations involving its use of NSLs. The possible violations included issuing NSLs without proper authorization and making improper requests under the statutes cited in the NSLs.
However, in addition to the possible violations reported by the FBI, we conducted an independent review of FBI case files in four field offices to determine if there were unreported violations of NSL authorities, Attorney General Guidelines, or internal FBI policies governing the approval and use of NSLs. Our review of 293 national security letters in 77 files found 22 possible violations that had not been identified or reported by the FBI. The violations we found fell into three categories: improper authorization for the NSL, improper requests under the pertinent national security letter statutes, and unauthorized collections.
Examples of the violations we identified included issuing NSLs for consumer full credit reports in a counterintelligence case, which is not statutorily permitted; issuing an NSL for a consumer full credit report when the FBI Special Agent in Charge had approved an NSL for more limited credit information under a different NSL authority; issuing an NSL when the investigation had lapsed; and obtaining telephone toll billing records for periods in excess of the time period requested in the NSL due to third-party errors.
Thus, it is significant that in the limited file review we conducted of 77 investigative files in 4 FBI field offices, we identified nearly as many NSL-related violations (22) as the total number of possible violations that the FBI had identified (26) in reports from all FBI Headquarters and field divisions over the 3-year period. Moreover, 17 of the 77 files we reviewed (22 percent) had 1 or more violations.
Most troubling, the OIG’s March 2007 review also identified more than 700 instances in which the FBI improperly obtained telephone toll billing records and subscriber information from communication service providers by issuing so-called "exigent letters" signed by personnel in the FBI’s Counterterrorism Division rather than by issuing proper NSLs. These exigent letters stated they were being issued due to exigent circumstances and the FBI was in the process of obtaining subpoenas for the requested information. However, the OIG found that in some instances there was no pending investigation associated with the request at the time the exigent letters were sent; many were not issued in exigent circumstances; the FBI was unable to determine which letters were sent in exigent circumstances due to inadequate recordkeeping; and subpoenas in many instances had not, in fact, been submitted to the U.S. Attorneys Offices as represented in the exigent letters. As a result of our review, the FBI ended its practice of using exigent letters. As I discuss in more detail later in this statement, the OIG is in the final stages of our review that assesses who was responsible for the misuse of exigent letters and other improper requests for telephone records.
The OIG’s March 2007 report on NSLs made 10 recommendations to the FBI, including improving its database to ensure that it captures timely, complete, and accurate data on NSLs; issuing additional guidance to field offices to assist in identifying possible intelligence violations arising from the use of NSLs; and taking steps to ensure that it employs NSLs in accordance with the requirements of NSL authorities, Department guidelines, and internal policy. The FBI concurred with all of our recommendations and agreed to implement corrective actions.
One year later, in March 2008, the OIG issued a follow-up review on the FBI’s use of NSLs in which we determined that the FBI and the Department had made significant progress implementing recommendations from our first report and adopting corrective actions to address the serious problems we identified. The measures implemented by the FBI included developing a new NSL data system designed to facilitate the issuance and tracking of NSLs and ensure accurate reports to Congress and the public on NSL usage; issuing NSL guidance memoranda and conducting training of field and headquarters personnel; and creating a new FBI Office of Integrity and Compliance, an internal oversight office modeled after private sector compliance programs.
We also found that the FBI had devoted substantial time and resources to ensure that its field managers and agents understood the seriousness of the FBI’s shortcomings in its use of NSLs and their responsibility for correcting these deficiencies. In addition, in response to our March 2007 findings the Department’s National Security Division instituted periodic national security reviews of FBI field and Headquarters divisions to assess whether the FBI was using various intelligence techniques, including NSLs, in accordance with applicable laws, guidelines, and policies.
Our March 2008 report also examined whether NSLs issued after the effective date of the Patriot Reauthorization Act contained the required certifications to impose non-disclosure and confidentially requirements on NSL recipients. In the random sample of NSLs we reviewed, we found that 97percent of the NSLs imposed non-disclosure and confidentiality requirements and almost all contained the required certifications. We found that some of the justifications for imposing this requirement were perfunctory and conclusory, and that a small number of the NSL approval memoranda failed to comply with internal FBI policy.
Our March 2008 report made 17 additional recommendations to improve the FBI’s use and oversight of NSLs, such as providing additional guidance and training for FBI agents on the proper use of NSLs and on the reviewing, filing, and retention of NSL-derived information; reinforcing the need for FBI agents and supervisors to determine whether there is adequate justification for imposing non-disclosure and confidentiality requirements on NSL recipients; regularly monitoring the preparation and handling of NSLs; and providing timely reports of possible intelligence violations to FBI Headquarters. The FBI agreed with the recommendations and said it would implement additional actions to address our findings.
II. SUMMARY OF FINDINGS OF OIG REPORTS ON THE FBI’S USE OF SECTION 215 REQUESTS FOR BUSINESS RECORDS FROM 2002 – 2006
As also directed by the 2005 Patriot Reauthorization Act, the OIG issued two reports on the FBI’s use of Section 215 orders to obtain business records. Section 215 of the Patriot Act allows the FBI to seek an order from the Foreign Intelligence Surveillance Court to obtain "any tangible thing," including books, records, and other items from any business, organization, or entity if the item is for an authorized investigation to protect against international terrorism or clandestine intelligence activity. This is one of the three provisions that "sunsets" in December 2009 and is a focus of this hearing.
Our first report on the use of Section 215 orders, issued in March 2007, examined the FBI’s use of Section 215 authority from 2002 through 2005. We found that the Department’s Office of Intelligence Policy and Review, on behalf of the FBI, submitted requests for two different types of Section 215 applications to the FISA Court: "pure" Section 215 applications and "combination" Section 215 applications. A "pure" Section 215 application referred to a Section 215 application for any tangible item that was not associated with any other FISA authority. A "combination" Section 215 application referred to a Section 215 request that was added to a FISA application for pen register/trap and trace orders, which identify incoming and outgoing telephone numbers called on a particular line.
We found that from 2002 through 2005 the Department, on behalf of the FBI, submitted to the FISA Court a total of 21 pure Section 215 applications and 141 combination Section 215 applications. We found only two instances involving improper use of these Section 215 orders, which involved overcollections in response to Section 215 combination pen/register trap and trace orders. In both instances, the FBI identified the overcollections and reported the matter to the FISA Court and the Intelligence Oversight Board (IOB).
Our report also found that the FBI has not used Section 215 orders as effectively as it could have because of legal, bureaucratic, or other impediments to obtaining these orders. For example, we found significant delays within the FBI and the Department in processing requests for Section 215 orders. We also determined through our interviews that FBI field offices did not fully understand Section 215 orders or the process for obtaining them.
Our follow-up report issued in March 2008 examined the FBI’s use of Section 215 orders in 2006. We found that in 2006 the FBI and the Department processed 15 "pure" Section 215 applications and 32 "combination" Section 215 applications that were formally submitted to and approved by the FISA Court. Six additional 215 applications were withdrawn by the FBI before they were formally submitted to the FISA Court.
In both of our reports, we found no instance in which the information obtained from a Section 215 order resulted in a major case development. However, FBI personnel said that the importance of information from Section 215 orders is sometimes not known until much later in an investigation – for example, when the information was linked to some other piece of intelligence. We also found that little of the information obtained through Section 215 orders had been disseminated to intelligence agencies outside the Department. Nevertheless, FBI personnel told us that Section 215 authority was essential to national security investigations because it was the only compulsory process for certain kinds of records that could not be obtained through alternative means, such as NSLs or grand jury subpoenas.
Our March 2008 review did not identify any illegal use of Section 215 orders in 2006. However, we found two instances when the FBI received more information than it requested in the Section 215 orders. In one case, approximately 2 months passed before the FBI recognized it was receiving additional information that was beyond the scope of the FISA Court order. The FBI reported this incident to the IOB, and the additional information was sequestered with the FISA Court. In the other case, the FBI quickly determined that it inadvertently received information not authorized by the Section 215 order and isolated the records. However, the FBI concluded that the matter was not reportable to the IOB and that it should be able to use the material as if it were "voluntarily produced" because the information was not statutorily protected. We disagreed with this conclusion, and our report recommended that the FBI develop procedures for identifying and handling information that is produced in response to, but outside the scope of, Section 215 orders.
In addition, our report discussed another case in which the FISA Court twice refused to authorize a Section 215 order based on concerns that the investigation was premised on protected First Amendment activity. However, the FBI subsequently issued NSLs to obtain information about the subject based on the same factual predicate and without a review to ensure the investigation did not violate the subject’s First Amendment rights. We questioned the appropriateness of the FBI’s actions because the NSL statute contains the same First Amendment caveat as the Section 215 statute.
Of the three recommendations we made in our 215 reports, the FBI has addressed one recommendation, partially addressed a second recommendation, and has yet to address the third.
First, we recommended that the FBI develop procedures for reviewing materials received from Section 215 orders to ensure that it has not received information not authorized by the FISA Court orders. In response, the FBI developed a policy that requires the case agent to review material produced pursuant to a Section 215 order to determine whether the materials produced were responsive to the 215 order prior to uploading the material into FBI databases.
Second, we recommended that the FBI develop procedures for handling material that is produced in response to, but outside the scope of, a Section 215 order. The FBI responded by stating that it would sequester overproduced material that is "statutorily protected." However, the FBI’s policy allows agents to treat non-statutorily protected material as "voluntarily produced" without any inquiry whether the overproduced material was inadvertently or voluntarily produced.
We disagree with the FBI’s position on this matter for several reasons. The collections under a Section 215 order can involve non-public information about U.S. persons who are not the subject of national security investigations, and the FBI often uploads such information into FBI databases. The FBI’s comparison of a Section 215 order to a grand jury subpoena or civil discovery request is misplaced because, unlike a grand jury subpoena or civil discovery request, a Section 215 order is issued by the FISA Court. Moreover, unlike in the civil or grand jury context, it is unlikely that the persons or entities whose interests are affected by the overproduced records in response to a Section 215 order will learn that information about them has been uploaded into the FBI’s databases. We also believe that the distinction that the FBI makes – between statutorily protected records and non-statutorily protected records – when a provider produces records beyond that which is called for by the Section 215 order should not be dispositive as to whether the records are uploaded into the FBI’s databases. Finally, we do not believe that it is so difficult or burdensome for the FBI to inquire with the provider whether the records were produced inadvertently (which will likely be the cases in many instances) or, in the alternative, to obtain a Section 215 order for the overproduced material.
Our third recommendation related to the minimization procedures that the Patriot Reauthorization Act required the Department to implement for records obtained pursuant to Section 215 orders. The Reauthorization Act required specific procedures designed for Section 215 material that would minimize the retention and prohibit the dissemination of non-publicly available information concerning United States persons consistent with national security interests. The Reauthorization Act required that these procedures be adopted by September 5, 2006.
However, there was disagreement between the Department and the FBI regarding the definitions and scope of minimization procedures in general, including the time period for retention of Section 215 records, and whether to include procedures for addressing information received in response to but beyond the scope of the Section 215 order. To meet the statutory deadline, the Department adopted sections of the Attorney General Guidelines for FBI National Security Investigations and Foreign Intelligence Collections of October 31, 2003 (Guidelines) as "interim" minimization procedures for business records.
In our March 2008 Report, we concluded that these interim minimization procedures were deficient. The interim procedures were not specific to Section 215 records -- in fact, compliance with the Guidelines was already a prerequisite to obtaining a Section 215 order. In our report, we again recommended that the Department continue to work to develop appropriate standard minimization procedures for Section 215 records.
According to the FBI, the Department has drafted new minimization procedures for business records. However these procedures have not been issued.
III. OIG’s EXIGENT LETTER INVESTIGATION
As noted above, perhaps the most troubling finding in our review of the FBI’s use of NSLs involved the use of exigent letters. In our 2007 NSL report, we found that from March 2003 to November 2006 personnel in the FBI’s Communications Analysis Unit (CAU) issued at least 722 exigent letters to three communication service providers seeking telephone records. Most of the letters stated that the records were requested "due to exigent circumstances" and that grand jury subpoenas for the records had been "submitted to the U.S. Attorney’s Office who will process and serve them formally. . . as expeditiously as possible."
Yet, contrary to the assertions in the exigent letters, subpoenas requesting the telephone records in many instances had not been provided to the U.S. Attorney’s Office before the letters were issued. We also interviewed witnesses who told us that the FBI sometimes used exigent letters in non-emergency circumstances.
The Electronic Communications Privacy Act (ECPA) prohibits communication service providers from disclosing telephone records to the government unless compelled to do so by legal process such as an NSL, or pursuant to the voluntary emergency disclosure provision of ECPA, 18 U.S.C. Section 2702(c)(4). We concluded that the exigent letters did not constitute valid legal process under ECPA. We also were not persuaded by the FBI’s justification of the letters under the emergency voluntary disclosure provision for several reasons, including that the letters were sometimes used in non-emergency circumstances and that senior FBI attorneys told us they did not rely on the emergency voluntary disclosure provision to authorize the letters at the time. We concluded that the FBI’s use of exigent letters to obtain telephone records was an improper circumvention of ECPA.
After issuance of our NSL report, we conducted a separate review to examine in detail the FBI’s use of exigent letters and other informal requests for telephone records, and also to determine who in the FBI was accountable for these improper uses. The OIG has completed a draft report regarding the misuse of exigent letters, as well as other informal requests such as oral and e-mail requests to the service providers for telephone records. In addition, we reviewed the FBI’s issuance of after-the-fact NSLs to "cover" or validate records the FBI had received pursuant to exigent letters and other informal requests. Our report examines the accountability of FBI agents, supervisors, lawyers, and managers who used or condoned the use of these exigent letters and other informal requests for records.
In April 2009, pursuant to the OIG’s normal process, we provided the FBI and the Department our draft report and asked for comments on its factual accuracy and whether any information in the report was classified or too sensitive for public release. The FBI’s response was delayed, and subsequently the Office of the Director of National Intelligence (ODNI) became involved and consulted with other intelligence agencies in conducting a classification and sensitivity review. We recently received these comments from the FBI and ODNI, and we have made available an unclassified version of the report to subjects of the review for their comments. We will provide our report to the Committee and issue it publicly as soon as it is completed.
IV. ASSESSMENT OF THE FBI’S AND DEPARTMENT’S RESPONSES TO THE OIG REPORTS
In this section, I discuss the FBI’s and the Department’s responses to our NSL reports. Although we have not yet conducted another follow-up review of the FBI’s response to our reports, we have been monitoring the FBI’s implementation of our recommendations. For example, the OIG has met with officials from the FBI’s National Security Law Branch and others staff within the FBI’s Office of General Counsel and with officials in the FBI’s Office of Integrity and Compliance to discuss their actions to institute corrective actions. We also have been briefed on the new NSL data management subsystem that the FBI deployed last year to address some of the problems we identified in our NSL reports. In addition, we have reviewed internal audits conducted by the FBI Inspection Division, which concluded that there has been a decrease in several types of administrative errors in the use of NSLs that we described in our reports.
We also met with officials in the Department’s National Security Division who are regularly examining the FBI’s performance regarding the use of NSLs in its counterterrorism and counterintelligence investigations.
In the following sections, I offer the OIG’s thoughts on the FBI’s and the Department’s responses to the findings in our reports. In general, our sense is that the FBI is taking seriously its need to implement corrective action and to ensure that controls are implemented to prevent the serious violations our reports disclosed.
A. FBI Corrective Actions
The FBI has taken a series of actions in an effort to address our recommendations regarding NSLs. For example, in January 2008 the FBI deployed a new NSL computer subsystem built on the same computer application used to manage its Foreign Intelligence Surveillance Act (FISA) data. The NSL subsystem is now in use in all FBI field offices and at FBI Headquarters. This new system standardizes and automatically tracks NSL requests by creating mandatory fields for NSLs that must be completed by the requesting FBI case agent or official before a request to issue an NSL can be routed for review and approval by FBI supervisors, Chief Division Counsel, and Special Agents in Charge. This new process should eliminate discrepancies between NSL requests and approval documents and, among other information, also maintain a record of the U.S. person status of each target of an NSL request. While this subsystem will not eliminate all instances of non-compliance with NSL requirements, it has reduced common errors in NSLs that were identified in our reports, and it also has enhanced the FBI’s ability to accurately track NSLs and compile reports to Congress and other oversight entities.
In response to our recommendations that the FBI improve guidance and training with respect to the NSL process, in December 2008 the FBI issued a comprehensive Domestic Investigations and Operations Guide. According to the FBI, this Guide is being used to provide intensive training throughout the FBI on the proper use of investigative authority in general and supplements and reinforces the more focused training on the use of NSLs already being provided.
In response to our concern that the FBI was issuing NSLs contrary to statutory limitations, AG Guidelines, or internal FBI guidance, the FBI reported that its Inspection Division will periodically review a sample of NSLs to examine whether the necessary showing of relevance is made in each cover document accompanying an NSL and whether other actions are taken in compliance with NSL authorities and FBI policies. We have been told that the Inspection Division intends to conduct such audits on a quarterly basis, although it has not yet begun to conduct these quarterly reviews.
In addition, in response to the serious violations we found in our two NSL reports the FBI created an Office of Integrity and Compliance (OIC) in 2007 which is modeled after private sector compliance programs. According to the FBI, the OIC’s purpose is "to develop, implement, and oversee a program that ensures there are processes and procedures in place that promote FBI compliance with both the letter and spirit of all applicable laws, regulations, and policies." The FBI reported that the OIC will establish policies on compliance standards, guide assessments of FBI programs to determine areas at risk of non-compliance, and develop training for FBI employees that will mitigate those risks. The OIC will also work with the FBI Inspections Division to identify high-risk areas and ensure that compliance monitoring is carefully planned and executed. At present, the OIC is staffed by 15 personnel, and includes 9 attorneys, 3 program analysts, 1 administrative assistant, 1 special agent/attorney (on an 18-month detail), and 1 Assistant Director.
We believe this office can perform a valuable function by providing a process for identifying problem areas throughout the FBI, assessing existing FBI control mechanisms, and developing and implementing better internal controls on FBI procedures, including its use of NSLs. However, the OIC’s responsibilities cover all operational and program areas in the FBI, and we do not believe this office should be looked to as the primary oversight mechanism to ensure proper use of NSLs and Section 215 orders.
In addition, in our March 2008 report we recommended that the FBI consider providing the OIC with a larger permanent staff. The small size of the OIC remains a concern to us because at its present strength it cannot independently conduct risk assessments of FBI’s operations. Instead, the OIC relies on staff from the responsible program offices – the "risk owners" – to self-identify those areas of their operations most at risk of non-compliance with laws or regulations. We are concerned that relying on self-identification rather than aggressive independent review can result in assessments that focus on already known problems and miss unknown or emerging risks. Further, relying on program personnel to identify risks and conduct the compliance reviews puts the program personnel in the potentially difficult position of criticizing their FBI colleagues and supervisors.
Because of the importance of the OIC and the emphasis the FBI has placed on this office in addressing the problems we found in our NSL reports, the OIG intends to initiate a separate review to assess in detail the work of this office.
We also believe that additional work is needed to address other concerns we raised in our reports. For example, in our NSL reviews we recommended that the FBI consider changing the reporting structure for Chief Division Counsel (CDCs), the chief lawyers in each FBI field office. FBI Division Counsel play a critical role in reviewing and approving NSLs. Chief Division Counsel are responsible for identifying and correcting erroneous information in NSLs and NSL approval memoranda, resolving questions about the scope of the NSL statutes, ensuring adequate predication for NSL requests, and providing advice on issues concerning the collection of any unauthorized information through any national security letters.
Chief Division Counsel report to the Special Agents in Charge of the field offices in which they work, not to the Office of General Counsel (OGC) at FBI Headquarters. As a result, personnel decisions such as performance reviews, compensation, and promotion determinations concerning Chief Division Counsel are made by the Special Agents in Charge. We also found in our review that because Division Counsel report primarily to SACs rather than to FBI OGC, some Chief Division Counsel are reluctant to question NSL requests or to challenge requests generated in the course of field office investigations.
We understand that the FBI recently has taken steps to open Chief Division positions to non-agent attorneys and that other chain-of-command changes are under consideration, but at present the FBI has not modified the reporting structure for Chief Division Counsel. We believe this is a significant issue that should be addressed, and we remain concerned that Chief Division Counsel still report to and are supervised by their Special Agents in Charge, and therefore the Chief Division Counsel may not always provide the independent and rigorous review needed of the decision to approve NSLs.
B. National Security Division Corrective Actions
Our March 2008 report noted that the Department’s National Security Division (NSD) has implemented additional measures to seek to ensure better compliance with NSL authorities. For example, in 2007 the NSD began reviews, modeled in part on the file reviews conducted by the OIG in our first NSL report, to examine whether the FBI is using various intelligence techniques including NSLs in accordance with applicable laws, guidelines, and policies. In conjunction with the FBI’s Office of General Counsel, NSD attorneys review national security investigation files at the FBI. Among other things, the reviews examine FBI compliance with Attorney General national security investigation guidelines, use of NSLs, predication for national security investigations, and referrals to the Intelligence Oversight Board.
To date the NSD has conducted approximately 43 reviews, including 38 reviews of FBI field offices, 3 follow-up reviews of previously visited field offices, and 2 reviews of FBI Headquarters components. By the close of 2010, the NSD plans to complete reviews at all 56 FBI field offices and at FBI Headquarters.
NSD officials told us that they have observed during these reviews a significant decline in compliance issues with regard to NSLs, particularly since the FBI implemented its NSL data subsystem. However, the NSD reviews have identified areas of continuing concern, including FBI personnel not consistently following FBI guidance that material collected as a result of third party overproductions should not be uploaded into FBI databases or used to further the investigation pending review by Chief Division Counsel, and failures to specify in NSL approval documents the relevance of records sought to authorized national security investigations.
C. Department NSL Working Group
In response to the 2005 Patriot Reauthorization Act and the recommendations in our first NSL report, the Attorney General formed a Working Group (NSL Working Group) to examine how NSL-derived information is used and retained by the FBI. The Working Group was also charged with proposing minimization procedures that would ensure the FBI’s collection of information through NSLs and its retention of NSL-derived information was limited to the minimum necessary to carry out its counterterrorism mission.
In August 2007, the NSL Working Group sent the Attorney General its report and proposed minimization procedures. However, we had several concerns with the findings and recommendations of the Working Group’s report, which we discussed in our March 2008 NSL report. In particular, we disagreed with the Working Group about the sufficiency of existing privacy safeguards and measures for minimizing the retention of NSL-derived information. We disagreed because the controls the Working Group cited as providing safeguards predated our NSL reviews, yet we found serious abuses of the NSL authorities.
As a result, the Acting Privacy Officer decided to reconsider the recommendations and withdrew them. The Working Group has subsequently developed new recommendations for NSL minimization procedures, which are still being considered within the Department and have not yet been issued. We believe that the Department should promptly consider the Working Group’s proposal and issue final minimization procedures for NSLs that address the collection of information through NSLs, how the FBI can upload NSL information in FBI databases, the dissemination of NSL information, the appropriate tagging and tracking of NSL derived information in FBI databases and files, and the time period for retention of NSL obtained information. At this point, more than 2 years have elapsed since after our first report was issued, and final guidance is needed and overdue.
V. OTHER OIG REPORTS
I also want to briefly highlight several OIG reviews that may be of interest to the Committee. In addition to requiring OIG reviews of the FBI’s use of NSLs and Section 215 orders, Section 1001 of the Patriot Act directed the OIG to undertake a series of actions related to claims of civil rights or civil liberties violations allegedly committed by DOJ employees. Specifically, Section 1001 required the OIG to "review information and receive complaints alleging abuses of civil rights and civil liberties by employees and officials of the Department of Justice." It also required the OIG to provide semiannual reports to Congress on the implementation of the OIG’s responsibilities under Section 1001. The OIG has issued 15 Section 1001 reports since enactment of the legislation in October 2001. These OIG reports describe the allegations of civil rights and civil liberties abuses we received during each 6-month period and how we handled them.
The OIG has also conducted numerous other reviews of the FBI that, while not directly involving Patriot Act authorities, relate to FBI programs and functions that can impact its ability to perform its vital missions. For example, the OIG is continuing a series of ongoing reviews examining the FBI’s development of its Sentinel case management project. The Sentinel program is intended to upgrade the FBI’s electronic case management system to improve the FBI’s ability to use and share case information. Since March 2006, we have issued four audits reports that focus on the planning and development of Sentinel, the FBI’s processes and controls for managing Sentinel, and the contract with Lockheed Martin to develop Sentinel. We are nearing completion of our fifth audit on these issues.
In addition, the OIG has conducted reviews of the accuracy of the FBI’s terrorist watchlist and the FBI’s role in connection with the President’s Surveillance Program.
The OIG also is conducting a follow-up review of where the FBI has allocated its investigative resources. In the aftermath of the September 11, 2001, terrorist attacks, the FBI underwent a broad transformation aimed at focusing the agency on terrorism and intelligence-related matters. The OIG issued three previous audit reports examining how the FBI has managed this reprioritization and the impact it has had on the FBI’s more traditional criminal investigations. Our current audit is examining whether the FBI has improved its process for allocating resources among its various operations and is also examining the changes in the FBI’s allocation of resources during the past 3 years.
In addition, we are nearing completion of a follow-up audit of the FBI’s foreign language translation program. This review is assessing the FBI’s ability to translate foreign language information it receives and whether the FBI ensures the appropriate prioritization of translation work, accurate and timely translations of pertinent information, and adequate pre- and post-hire security screening of linguists. This review is also examining the FBI’s success in meeting linguist hiring goals and the extent of any translation backlogs and the efforts taken by the FBI to address these backlogs.
In sum, the Patriot Act gave the FBI significant new powers to perform its vital counterterrorism and counterintelligence missions. Our reviews found that, with regard to the use of national security letters, the FBI did not initially take seriously enough its responsibility to ensure that these letters were used in accord with the law, Attorney General Guidelines, or FBI policies. Since our disclosure of the abuses of NSLs, we believe that the FBI has devoted significant time, energy, and resources to correcting its errors, and has also attempted to ensure that its employees understand the seriousness of the FBI’s shortcomings with respect to its use of national security letters and the FBI’s responsibility for correcting these deficiencies.
However, this is an ongoing process and it is too early to definitively state whether the FBI’s efforts have eliminated the problems we found with its use of these authorities. We also believe that as Congress considers reauthorizing provisions of the Patriot Act, it must ensure through continual and aggressive oversight that the FBI uses these important and intrusive investigative authorities appropriately. We believe this oversight should come from several different levels and from different entities – not only congressional oversight hearings, but also rigorous oversight by FBI Headquarters managers and by FBI field supervisors, and regular oversight by the Department’s National Security Division. The OIG also has an important role to play in this oversight process, and we intend to continue our reviews of the FBI’s use of Patriot Act authorities, including NSLs and Section 215 orders.
That concludes my prepared statement. I would be pleased to answer any questions.