The Federal Bureau of Investigation's Compliance
with the Attorney General's Investigative Guidelines
Office of the Inspector General
Of the four Investigative Guidelines, the Guidelines on General Crimes, Racketeering Enterprise and Terrorism Enterprise Investigations (General Crimes or GCI Guidelines) have the broadest scope. They govern the FBI's investigation of general crimes, racketeering enterprises, and terrorism enterprises. Below we describe the various levels of investigative activity permitted under the General Crimes Guidelines, the two types of investigations they authorize: 1) general crimes investigations and criminal intelligence investigations, and 2) the new anti-terrorism authorities that were added after September 11, 2001. We also provide our compliance findings and recommendations for each of these Guidelines activities and provisions.
The General Crimes Guidelines authorize three graduated levels of investigative activity. These activities are the checking of initial leads, preliminary inquiries, and full investigations. With limited exceptions, the General Crimes Guidelines provide that any lawful investigative technique may be used in preliminary inquiries and full investigations. General Crimes Guidelines, Introduction, A.280
One level of investigative activity is the checking of initial leads, which can be undertaken after receipt of information indicating that some follow up regarding the possibility of criminal activity is warranted. Following up on such leads often is for the purpose of determining whether further investigation (either a preliminary inquiry or a full investigation) should be conducted.
The next level of investigative activity is a preliminary inquiry. According to the General Crimes Guidelines, a preliminary inquiry is appropriate when information or an allegation indicates the possibility of criminal activity and responsible handling requires further scrutiny beyond checking initial leads. General Crimes Guidelines, Introduction, A. A preliminary inquiry allows the FBI to determine whether a full investigation should be opened.
The range of investigative techniques in a preliminary inquiry is broad, with the Guidelines prohibiting only mail openings and nonconsensual electronic surveillance. General Crimes Guidelines, Introduction, A. The Guidelines state that the FBI should not hesitate to use any lawful techniques in a preliminary inquiry, even if "intrusive," where "the intrusiveness is warranted in light of the seriousness of the possible crime or the strength of the information indicating its existence or future commission." Id. § II.B.4.
The Guidelines define full investigations as either general crimes investigations or criminal intelligence investigations. General crimes investigations may be opened where facts or circumstances reasonably indicate that a federal crime has been, is being, or will be committed. GCI Guidelines, Introduction, B. The standard for initiating a general crimes investigation is "substantially lower than probable cause" and may be satisfied when the objective of the investigation is to prevent future criminal activity, as opposed to investigating a completed criminal act. Id. § II.C.1.
The second type of full investigation defined by the General Crimes Guidelines is a criminal intelligence investigation. There are two types of criminal intelligence investigations: racketeering enterprise investigations (REIs) and terrorism enterprise investigations (TEIs). According to the General Crimes Guidelines, a racketeering enterprise investigation may be initiated when facts or circumstances reasonably indicate that two or more persons are engaged in a pattern of racketeering activity as defined in the Racketeer Influenced and Corrupt Organizations (RICO) statute, 18 U.S.C. § 1961(5). Id. § III.A.2.a. A terrorism enterprise investigation may be initiated when facts or circumstances reasonably indicate that two or more persons are engaged in an enterprise for the purpose of: 1) furthering political or social goals wholly or in part through activities that involve force or violence and a federal crime, 2) engaging in terrorism as defined in 18 U.S.C. §§ 2331(1) or (5) that involves a federal crime, or 3) committing any offense described in 18 § U.S.C. 2332b(g)(5)(B). Id. § III.B.1.a.
We describe below the requirements of the General Crimes Guidelines relating to preliminary inquiries, general crimes and criminal intelligence investigations, and the new counterterrorism authorities, followed by our compliance findings and recommendations.
The General Crimes Guidelines state that the opening of a preliminary inquiry must be based on an allegation or other information that is recorded in writing and authorized by an FBI supervisor. In "sensitive criminal matters," the FBI must notify the U.S. Attorney or an appropriate Department of Justice (DOJ) official of the basis for an inquiry as soon as practicable after its opening, and must create a record of the notification. GCI Guidelines § II.B.2.
Preliminary inquiries may be authorized for up to 180 days. A Special Agent in Charge (SAC) may grant up to two 90-day extensions if the inquiry has failed to yield a "reasonable indication" of criminal activity and further investigative steps are warranted. Additional extensions require approval by FBI Headquarters. Id. § II.B.3.
When a preliminary inquiry fails to develop sufficient information to justify a full investigation, the FBI must end the inquiry and record its closing. In sensitive criminal matters, the FBI must notify the U.S. Attorney of the closing and record the fact of the notification in writing. Id. § II.B.7.
The revised General Crimes Guidelines altered authorization procedures and time limits for preliminary inquiries to provide agents with greater flexibility to respond to terrorist and criminal activity. The major revisions to the preliminary inquiry provisions of the Guidelines were:
The focus of our review was on the Guidelines' requirements for predication to initiate or extend the preliminary inquiry, and notifications to appropriate DOJ officials of the initiation and closing of sensitive criminal matters.
In our visits to 12 FBI field divisions, we reviewed a sample of 46 preliminary inquiries at 9 FBI field office locations. From a list of over 60,000 preliminary inquiries provided to us by the FBI, we requested 6 inquiries from each of 12 field offices.283 Three offices did not identify any preliminary inquiries in general crimes cases, while others provided fewer than six. We examined key requirements of the preliminary inquiry provisions of the General Crimes Guidelines. We focused on whether the field office had complied with the following notifications and authorizations.
All but one of the preliminary inquiry files we examined contained the written allegation or information justifying the inquiry. Nineteen of the preliminary inquiries extended past the initial 180-day authorization period, of which 13 continued more than 270 days and required a second extension. Of these 19 preliminary inquiries, 10 (53 percent) did not contain the necessary documentation authorizing the extensions, closings, or conversions to full investigations. Ten of the 13 files (77 percent) for preliminary inquiries that extended over 270 days contained no documentation authorizing a second extension, closing, or conversion. Thus, of the 32 instances when an extension, conversion to full investigation, or closing was appropriate, we found authorization documentation missing in 20 instances or 63 percent. The following table summarizes these findings.
Our review also identified six preliminary inquiries involving sensitive criminal matters. We found that all appropriate notifications to the U.S. Attorneys were made in each of these cases.
Preliminary inquiries allow FBI agents to investigate information that is ambiguous or incomplete. The limitations on the duration of preliminary inquiries ensure that a determination whether to end the inquiry or continue with a full investigation is made in a reasonable period of time.
As we discuss in Chapter Two, abuses of the FBI's investigative authorities in conducting domestic intelligence investigations led to the first set of Attorney General Guidelines issued in 1976. Among the abuses documented by the Church Committee were the FBI's extensive use of preliminary inquiries to collect information about students, civil rights groups, and war protestors, among others.284 The 1976 Guidelines eliminated the use of certain intrusive techniques in preliminary inquiries, including the recruiting of new informants and the use of mail covers. The revisions to the Domestic Security Investigation Guidelines in 1983 eliminated preliminary inquiries in domestic security investigations, permitting them to be used only in the conduct of general crimes investigations.
In light of the extended time periods for preliminary inquiries and the devolution of significant authority to field managers in the May 2002 revisions of the General Crimes Guidelines, we believe our findings regarding the FBI's failure to develop adequate controls to ensure that authorizations for extensions, conversions, and closings of preliminary inquiries are obtained and documented in case files merit corrective action.
We recommend that the FBI take the following step.
(20) Ensure compliance with the General Crimes Guidelines' requirements to obtain and document authorizations for the extension, conversion to full investigation, and closing of preliminary inquiries.
The FBI has jurisdiction to investigate federal crimes except where such responsibility is specifically assigned by statute or otherwise to another federal investigative agency. General Crimes Guidelines Preamble; see generally 18 U.S.C. § 533 (2002).
The FBI's general crimes investigations address a broad range of criminal conduct and account for the majority of FBI criminal investigations. From May 2002 through March 2004, the FBI had over 62,000 open general crimes investigations. The FBI categorizes these investigations in program classifications such as Domestic Terrorism, Organized Crime, Drug Program, White Collar Crime, Civil Rights, and Violent Crime and Major Offenders. MIOG Introduction, § 2-1.285
The General Crimes Guidelines impose requirements for both the predication needed to open a full investigation and the authorization process that the FBI must follow. Under the Guidelines, "[a] general crimes investigation may be initiated when facts or circumstances reasonably indicate that a federal crime has been, is being, or will be committed." General Crimes Guidelines § II.C.1. The Guidelines explain that information justifying the opening of an investigation "must [have] an objective factual basis" and that "a mere hunch is insufficient." Id. In making the determination whether to open a general crimes investigation, the FBI "may take into account any facts or circumstances that a prudent investigator would consider." Id.
The approval process to open an investigation under the General Crimes Guidelines is similar to the process for opening a preliminary inquiry. The FBI supervisor authorizing an investigation must ensure that facts or circumstances satisfy the reasonable indication standard described above and that this information is recorded in writing. Id. § II.C.3. In "sensitive criminal matters," written notification must be provided to the U.S. Attorney or an appropriate DOJ official, as well as to FBI Headquarters, as soon as practicable after the investigation commences. Id. When that investigation is terminated, the FBI must notify the appropriate federal prosecutor within 30 days. Id. § II.C.4.
The Guidelines also contain procedures for disseminating information regarding general crimes. With limited exceptions, in circumstances where the FBI obtains credible information concerning serious criminal activity not within its investigative jurisdiction, the Guidelines require the relevant FBI field office to promptly transmit the information, or to refer the complainant, to the law enforcement agencies having jurisdiction. Id. § II.C.6. Where full disclosure is not made to these agencies within 180 days, the FBI field office is required to notify FBI Headquarters in writing of the facts and circumstances concerning the criminal activity. Id.
The May 2002 revisions to the General Crimes Guidelines did not alter the scope of general crimes investigations. As described above, the most significant changes concerning general crimes investigations involved preliminary inquiries, not full investigations. These changes were in addition to revisions that expressly recognized the fundamental shift in the FBI's focus to the detection and prevention of terrorist attacks.
To examine the FBI's compliance with the general crimes provisions of the General Crimes Guidelines, we reviewed 72 general crimes files at 12 field offices. Initially, we requested that each field office provide documentation on six "sensitive criminal matters" within the meaning of § II.A.2 of the Guidelines. However, many of the case files identified by the FBI did not involve circumstances that met this definition, and we were advised that it was not practicable to isolate qualifying cases from the FBI's many general crimes files during our site visits. In total, we examined 32 files involving sensitive criminal matters, which accounted for 44 percent of all the general crimes files we reviewed.
With respect to the Guidelines' requirements in general crimes cases, we focused on the following issues.
Of the 72 general crimes files we reviewed, we determined the following.
Predication in Opening Documentation
We found only one matter where it was not possible to determine the predication in the opening documentation. This case was investigated in concert with another DOJ component. Later entries in the file, however, established that there was reasonable indication that a crime had been committed and that the basis for the investigation was sound.
Notifications in Sensitive Criminal Matters
Dissemination of Information to Other Law Enforcement Agencies
Our review examined 16 instances where the FBI disseminated information developed in general crimes investigations to other law enforcement agencies pursuant to § II.C.6 of the General Crimes Guidelines. We determined in each case that the FBI adhered to the applicable Guidelines' requirements.
Our review found that the FBI generally is complying with the requirements of the General Crimes Guidelines governing general crimes investigations.
In contrast to general crimes investigations, which target individuals and specific criminal acts, the focus of criminal intelligence investigations is on a group or enterprise. The purpose of these investigations is to obtain information concerning the nature and structure of an enterprise - including information relating to its membership, finances, geographical dimensions, past and future activities, and goals - with a view toward detecting and preventing the enterprise's criminal activities and prosecuting those responsible for them. There are two types of criminal intelligence investigations: racketeering enterprise investigations (REIs) and terrorism enterprise investigations (TEIs). GCI Guidelines, Introduction, B.
Terrorism enterprise investigations, which can develop intelligence to help prevent terrorist acts, are classified as either domestic or international.290 Domestic terrorism investigations involve U.S. persons residing in the United States who are not acting on behalf of a foreign power, and who may be conducting criminal activities in support of terrorist objectives. International terrorism investigations involve U.S. persons or foreign nationals in the United States who are targeting national security interests on behalf of a foreign power.291 After the issuance of the revised Investigative Guidelines on May 30, 2002, and until a new FBI investigative classification was established effective October 1, 2003, that combined criminal and intelligence international terrorism investigations, the FBI conducted a limited number of international terrorism investigations under the terrorism enterprise investigation Guidelines.292 Since October 2003, however, the FBI has elected to use the terrorism enterprise provisions of the General Crimes Guidelines solely to investigate domestic terrorism matters, while international terrorism investigations are conducted under the Attorney General's Guidelines for FBI National Security Investigations and Foreign Intelligence Collection (NSI) Guidelines.293
Racketeering Enterprise Investigations
The General Crimes Guidelines authorize the initiation of racketeering enterprise investigations "when facts or circumstances reasonably indicate that two or more persons are engaged in a pattern of racketeering activity as defined in the RICO statute, 18 U.S.C. § 1961(5)." General Crimes Guidelines § III.A.2.a. The Guidelines state that "[t]he standard of 'reasonable indication' is identical to that governing the initiation of a general crimes investigation." Id.
Racketeering enterprise investigations must be approved by the SAC with notification to FBI Headquarters and must be based upon a written recommendation indicating that the standard for opening the investigation is satisfied. Id. § III.A.5.a. The FBI also must notify the Organized Crime and Racketeering Section of DOJ's Criminal Division and any affected U.S. Attorney's Office of the initiation of the investigation. Id. § III.A.5.b. The first authorization period may not exceed one year, and renewals may be obtained for additional periods also not to exceed one year. Renewal authorization is obtained from the SAC, with notification to FBI Headquarters and the Organized Crime and Racketeering Section of DOJ's Criminal Division. Id. § III.A.5.c. The SAC must review the investigations on or before the expiration of the period for which the investigation and each renewal is authorized. Id. § III.A.5.d.
Terrorism Enterprise Investigations
The standard for initiating a terrorism enterprise investigation also incorporates the "reasonable indication" threshold. The General Crimes Guidelines provide:
A terrorism enterprise investigation may be initiated when facts or circumstances reasonably indicate that two or more persons are engaged in an enterprise for the purpose of: (i) furthering political or social goals wholly or in part through activities that involve force or violence and a violation of federal criminal law, (ii) engaging in terrorism as defined in 18 U.S.C.§§ 2331(1) or (5) that involves a violation of federal criminal law, or (iii) committing any offense described in 18 U.S.C. § 2332b(g)(5)(B).
Id. § III.B.1.a. As with racketeering enterprise investigations, the Guidelines provide that terrorism enterprise investigations must be authorized by the SAC with notification to FBI Headquarters, and they must be based upon a written recommendation.294 The FBI also must notify the Counterterrorism Section of DOJ's Criminal Division, DOJ's Office of Intelligence Policy and Review (OIPR), and any affected U.S. Attorney's Office of the opening of a terrorism enterprise investigation.295 General Crimes Guidelines § III.B.4.a. Authorization periods and procedures in these investigations are the same as for racketeering enterprise investigations. Id. § III.B.4.b and c. The FBI is required to report to DOJ's Counterterrorism Section and OIPR the progress of terrorism enterprise investigations within 180 days of their initiation and the results at the end of each year the investigation continues. Id. § III.B.4.f.
The revisions to the criminal intelligence provisions of the General Crimes Guidelines emphasized the reduction of administrative requirements by devolving approval authority to FBI field offices, extending authorization periods, and expanding the scope of terrorism enterprise investigations. Major changes to the Guidelines included:
Racketeering Enterprise Investigations
To examine the FBI's compliance with key provisions of the racketeering enterprise investigation provisions of the General Crimes Guidelines, we reviewed all REIs at the 12 FBI field offices we visited. Because 4 of the offices had no REIs, we reviewed the 14 available REI investigative files at the remaining 8 offices. The FBI provided the OIG with a list of all REIs that were open on or after May 30, 2002, which listed a total of 37 such investigations nationwide. Our review primarily focused on whether the field offices obtained the necessary authorizations and provided appropriate notifications. Specifically, we examined the following authorization and notification requirements.
In addition, we determined whether there was evidence that the FBI notified the Organized Crime & Racketeering Section of the DOJ Criminal Division and any affected U.S. Attorney's Office of the opening of the investigation.
Terrorism Enterprise Investigations
We asked the FBI to identify 6 terrorism enterprise investigative files for each of the 12 field offices we visited. Only 4 of the 12 offices had any TEIs, and, together, they had 5 TEIs. Our review focused on the following documentation and notification requirements.
Racketeering Enterprise Investigations
We found that documents in each of the 14 REI case files adequately stated the reasons for opening these investigations and that the authorizations were properly provided by the SAC.
With respect to notifications of case openings, the investigative files contained documentation that the field office notified FBI Headquarters in 12 of the 14 cases, or 86 percent of the time. According to the MIOG, the initiation of a racketeering enterprise must be followed by notification, including all supporting documentation, to FBI Headquarters within 14 calendar days of receiving authorization by the SAC.296 The FBI also must notify the Organized Crime & Racketeering Section of the DOJ Criminal Division and any affected U.S. Attorney's Office. We found no evidence of notifications to DOJ in 10 of the files we examined (71 percent), while 12 of the 14 files (86 percent) lacked evidence of notification to a U.S. Attorney's Office. One field office told us that once it notifies FBI Headquarters of the opening of a REI, it relies upon Headquarters to notify the U.S. Attorney's Office and/or the Organized Crime & Racketeering Section of DOJ. This practice may account in at least some instances for the missing documentation of opening notifications.
Notifications of renewals also were problematic. The files associated with four of the five investigations that continued beyond the initial authorization period did not contain documentation of notification to FBI Headquarters or evidence of review by the SAC on or before expiration of the initial authorization period. The table below summarizes our findings with regard to Guidelines-related documentation for racketeering enterprise investigations.
Terrorism Enterprise Investigations
We found that documents in the five FBI case files adequately stated the reasons for opening these investigations and that the authorizations were properly provided by the SAC. However, the files we reviewed did not consistently contain evidence of required notifications and reports.
Opening Basis Adequately Meets Guidelines' Criteria
A SAC may authorize a TEI (subject to FBI Headquarters' concurrence) after assuring that the facts or circumstances contained in a written recommendation reasonably indicate the existence of an enterprise as described in the Guidelines. General Crimes Guidelines § III.B.1.a. We found that all five TEIs satisfied the standard to open a terrorism enterprise investigation.
Notifications to FBI Headquarters
The General Crimes Guidelines require notice to FBI Headquarters after a SAC authorizes a terrorism enterprise investigation. Id. § III.B.4.a. We found that in all five cases we examined FBI Headquarters was appropriately and promptly notified of the case initiations.
Notifications to the Department of Justice.
The General Crimes Guidelines require that the FBI notify the DOJ Criminal Division's Counterterrorism Section, OIPR, and any affected U.S. Attorney's Office of the opening of a terrorism enterprise investigation. Id. We found that evidence of these notifications was not consistently present in the case documentation. Only one office's files contained notification to the U.S. Attorney's office for a case initiation. We did not find evidence of notification to the Counterterrorism Section for three of the five case initiations and to OIPR for four of the five cases. Officials from one field office told us that once it notifies FBI Headquarters of the opening of a TEI, it relies upon Headquarters to notify OIPR. This practice may account - in at least some instances - for the absence of documentation of opening notifications.
Progress Reports to the Department of Justice
The General Crimes Guidelines require that the FBI report to the DOJ Criminal Division's Counterterrorism Section and OIPR the progress of TEIs no later than 180 days after their initiation, and the results at the end of each year the investigation continues. Id. § III.B.4.f. The MIOG states that the results of the investigation must be furnished within 180 days to FBI Headquarters with a cover communication setting forth the status of the investigation, and the memoranda must arrive at FBI Headquarters at least ten days before the due date. MIOG § 100-3.1.1. We did not find documentation of this progress report in three of the four investigations that continued beyond 180 days, including one TEI that extended beyond one year. Moreover, the single field office that drafted a progress report submitted its report 39 days late.
Investigations Extending Beyond One Year
A TEI may be authorized initially for up to one year and may be continued for additional periods each not to exceed one year. General Crimes Guidelines § III.B.4.b. Of the five cases we reviewed, only one continued for more than one year. The SAC authorized this investigation with FBI Headquarters' concurrence for periods less than one year and had approved seven extensions. In accordance with the General Crimes Guidelines, the SAC reviewed the case prior to the expiration of each extension and submitted all required authorization documentation to FBI Headquarters. However, the file did not contain evidence of either the 180-day progress report or the yearly progress reports to DOJ.
With respect to compliance with the criminal intelligence provisions of the General Crimes Guidelines, our review found that the FBI has not ensured that:
Opening notifications to DOJ and U.S. Attorneys' Offices were not evident in many of the files for REIs (71 percent and 86 percent, respectively), and notifications of TEIs to DOJ's Counterterrorism Section did not appear in 60 percent of the files. Notifications for both OIPR and the U.S. Attorneys' Offices did not appear in 80 percent of the files. Although only a few files (14 percent) lacked documentation of opening notifications to FBI Headquarters, we found a general lack of consistency in the FBI's documentation practices and supervisory reviews. The MIOG does not specify what procedures should be followed in providing notifications to DOJ and U.S. Attorneys' Offices, or whether such notifications should be documented.
We also identified compliance deficiencies with respect to renewals and reporting. In REIs, documentation of SAC reviews was missing in 80 percent of the case files we examined, as were renewal notifications to FBI Headquarters. Progress reports to DOJ in terrorism enterprise investigations were missing in 75 percent of the case files.
In addition, our review identified a discrepancy between the requirements of the General Crimes Guidelines and the MIOG. One of the most significant changes to the criminal intelligence provisions of the General Crimes Guidelines in May 2002 was the devolution of approval authority from FBI Headquarters to SACs to initiate and renew criminal intelligence investigations. With respect to terrorism enterprise investigations, the Guidelines provide:
A terrorism enterprise investigation may be authorized by the Special Agent in Charge, with notification to FBIHQ, upon a written recommendation setting forth the facts or circumstances reasonably indicating the existence of an enterprise. . . .
General Crimes Guidelines §§ III.B.4.a and b (emphasis added). When the revised General Crimes Guidelines were issued, the Attorney General described the rationale for the change:
[U]nnecessary procedural red tape must not interfere with the effective detection, investigation, and prevention of terrorist activities. To this end, the revised guidelines allow Special Agents in Charge of FBI field offices to approve and renew terrorism enterprise investigations, rather than having to seek and wait for approval from headquarters. I believe this responds to a number of concerns we have heard from our field agents. . . . These major changes will free field agents to counter potential terrorist threats swiftly and vigorously without waiting for headquarters to act.297
The FBI, however, amended the MIOG to require not only notification to FBI Headquarters, but also concurrence by FBI Headquarters. Effective April 30, 2004, the MIOG provides:
With regard to full-field terrorism enterprise investigations of domestic terrorism, it is hereby the policy of the CTD [Counterterrorism Division] that, consistent with the revised [Attorney General Guidelines] on General Crimes, Racketeering Enterprise and Terrorism Enterprise Investigations, a full-field terrorism enterprise investigation may be authorized by an SAC only with concurrence of the Domestic Terrorism Operations Section in CTD, FBIHQ.
MIOG § 100-2.3(3) (emphasis added). In light of the Attorney General's stated reasons for the revision of §§ III.B.4.a and b of the General Crimes Guidelines, the current MIOG provision regarding authorization of terrorism enterprise investigations appears to be inconsistent with the requirements of those Guidelines and, in practice, may undercut the rationale underlying this Guidelines revision.
Therefore, we recommend that the FBI take the following steps.
(21) Institute measures to ensure consistency in meeting and documenting the notification and reporting requirements provided in §§ III.A.5 and III.B.4 of the General Crimes Guidelines, including requiring FBI field offices to maintain in the relevant investigative file documentation of the notice of the opening of criminal intelligence investigations to DOJ's Counterterrorism, Organized Crime and Racketeering Sections, Office of Intelligence Policy and Review (OIPR), and the relevant U.S. Attorneys' Offices as required in racketeering enterprise investigations and terrorism enterprise investigations. The FBI should also ensure that progress reports required by the Guidelines in terrorism enterprise investigations are provided to OIPR, DOJ's Counterterrorism Section, and FBI Headquarters.
(22) Discuss with DOJ how to reconcile § 100-2.3(3) of the MIOG, requiring Headquarters' concurrence with the initiation and renewal of terrorism enterprise investigations, with §§ III.B.4.a and b of the General Crimes Guidelines, which authorize field level initiation and renewal of these investigations.
As we discussed earlier in this report, following the September 11 terrorist attacks the Attorney General ordered a comprehensive review of the Attorney General Guidelines. In remarks accompanying the announcement of the revised Guidelines, the Attorney General explained that the Investigative Guidelines "bar[red] FBI field agents from taking the initiative to detect and prevent future terrorist acts unless the FBI learns of possible criminal activity from external sources." His remarks focused on the absence of clear authority to be proactive in preventing terrorist attacks:
Under the current guidelines, FBI investigators cannot surf the web the way you or I can. Nor can they simply walk into a public event or a public place to observe ongoing activities. They have no clear authority to use commercial data services that any business in America can use. These restrictions are a competitive advantage for terrorists who skillfully utilize sophisticated techniques and modern computer systems to compile information for targeting and attacking innocent Americans.298
These restrictions led the Attorney General to conduct a reevaluation of the Investigative Guidelines and the Guidelines governing foreign intelligence and foreign counterintelligence investigations.299 Two of the four guiding principles for the Guidelines revisions identified by Attorney General Ashcroft focused on measures to enhance the FBI's authority to proactively investigate terrorist threats by, among other means, visiting public places, attending public events, and "surfing" the Internet. Specifically, the Attorney General stressed that "even absent specific investigative predicates," FBI agents were now "empowered to scour public sources for information on future terrorist threats." In addition, he noted that the FBI "will also be able to enter and observe public places and forums just as any member of the public might."300
FBI Director Mueller also addressed the need for proactive authority to access public information in his July 2002 testimony before Congress:
The changes in the Attorney General Guidelines . . . are designed to increase the ability of our field agents to gather the intelligence we need to prevent terrorist attacks. To that end, they reduce some of the bureaucratic hurdles requiring Headquarters' approval for certain steps, and in the provision that has gotten a great deal of attention, they permit FBI agents to go to public places where anyone else, except FBI agents, including state and local police and non-Justice Department law enforcement agents, were always free to go.
Our review examined the steps the FBI took to implement the new and expanded authorities in Part VI of the General Crimes Guidelines, particularly as they relate to the FBI's authority to visit public places and attend public events for the purpose of detecting and preventing terrorist activities. We describe our findings on the FBI's use of these authorities and the internal controls in place to ensure that predication standards and record retention constraints are observed, and conclude with our recommendations. In Chapter Eight, we analyze and evaluate the FBI's steps for implementing these measures, along with other authorities contained in the revised Investigative Guidelines.
Part VI of the General Crimes Guidelines, entitled "Counterterrorism Activities and Other Authorizations," states that the FBI needs to be proactive in preventing terrorist acts against the United States by authorizing a number of activities "which can be carried out even in the absence of a checking of leads, preliminary inquiry, or full investigation." The new authorizations include activities specifically focused on terrorism (Subpart A) and other tools that are available to obtain information about both terrorism and non-terrorism-related crimes (Subpart B).
Subpart A of Part VI authorizes the FBI to engage in two types of "counterterrorism activities": 1) utilizing information systems, which the FBI may operate or participate in, to identify and locate terrorists and alien supporters of terrorist activity; and 2) visiting public places and events on the same terms and conditions as members of the public "for the purpose of detecting or preventing terrorist activities."
In Subpart B, the FBI is authorized to conduct topical research, use online resources, and prepare reports and assessments "for purposes of strategic planning or in support of investigative activities."302
As with other Investigative Guidelines, we first identified significant requirements of Part VI of the General Crimes Guidelines that could be tested. We focused on the following questions.
Neither the General Crimes Guidelines themselves nor the MIOG require that agents obtain supervisory approval of or document activities carried out pursuant to Part VI. In advance of our visits to 12 FBI field offices from May to August 2004, we sought to determine what data is collected about the FBI's utilization of Part VI authorities. We therefore asked the 12 field offices to provide us with documentation reflecting field office policies and procedures regarding the use of these authorities and their document retention policies pertaining to information derived from use of the authorities.
In addition, we collected relevant guidance issued from FBI Headquarters, chiefly from the Office of the General Counsel, the Criminal Investigative Division, and the Counterterrorism Division; surveyed Division Counsel; reviewed a sample of communications between the OGC's newly established point of contact on constitutional and privacy issues and Division Counsel; examined relevant FBI and DOJ congressional testimony; conducted interviews of Headquarters officials and relevant field personnel during our visits to 12 FBI field offices; and, in March 2005, conducted interviews of the 12 SACs of those field offices.
Our effort to collect data from investigative files comparable to those we reviewed in connection with the Confidential Informant Guidelines, the Undercover Guidelines, the Consensual Monitoring Guidelines, and the General Crimes Guidelines was unsuccessful. Apart from the various guidance memoranda issued by FBI Headquarters that we discuss below, none of the 12 field offices we visited provided information in response to our request for documentation reflecting established procedures governing visits to public places and events. We found no forms generated by FBI Headquarters or any of the 12 field offices we visited for recording the fact of a visit to a public place or attendance at a public event pursuant to this new authority. The FBI may not retain information derived from such activities "unless it relates to potential criminal or terrorist activity."303 If the information does not relate to criminal or terrorist activities, the only information that can be retained is documentation of the fact of the visit, which, according to OGC guidance, should be maintained in a non-investigative or "zero" file.
However, FBI policy on the maintenance and review of zero files is different from the highly regimented rules pertaining to investigative files. Zero files are created for each FBI classification number to enable the FBI to maintain information relating to that classification that does not, at the time, meet the requirements for initiating an investigation or that does not relate to an ongoing investigation.304 However, zero files must be reviewed by a supervisor at 120-day intervals, rather than every 90 days in the case of investigative files, or more frequently if deemed appropriate by the SAC.305 We were told that program coordinators are also supposed to review zero files. In addition, during the Inspection process every three years, the Inspection Division reviews zero files to ensure they do not contain work of a higher priority than other matters being addressed by the field office.
The number of times that the FBI has used the Part VI authorities is difficult to determine. The Department of Justice advised the House Judiciary Committee in May 2003, that the FBI does not maintain centralized statistics on how many times agents attend public meetings.306 The Department further stated that fewer than 10 of the 45 field offices the FBI had informally surveyed reported that they had conducted investigative activities at mosques since September 11, 2001, and only one of the investigative activities was conducted pursuant to Part VI authorities of the General Crimes Guidelines.307
We asked the FBI Director whether he knew how frequently these authorities are utilized. He reiterated that the FBI does not require agents to obtain supervisory approval or send a form to Headquarters, and therefore it is difficult to determine to what extent these authorities have been used.
In addition, before our visits to 12 FBI field offices, we surveyed the FBI's Division Counsel on a variety of topics related to the Investigative Guidelines, including the subjects about which they have been consulted on Part VI authorities.308 Our survey showed that 65 percent of surveyed Division Counsel had been consulted regarding the authority to visit or attend public events. Of these inquiries, 96 percent said they were consulted about whether it is permissible to conduct surveillance of or attend such events and 86 percent also stated that they had been consulted about record retention issues.
Our survey also revealed a need for more guidance on the appropriate use of the new authorities. For example, when we asked whether Division Counsel encountered ambiguities or interpretive questions about the General Crimes Guidelines, 23 percent of surveyed Division Counsel responded "yes." Of that number, 83 percent stated that the authority to visit public places or attend public events generated questions, while 72 percent stated that the permissibility of disseminating the information to law enforcement agencies and others generated questions.
The responses of Division Counsel to our survey questions regarding Part VI authorities are presented below.
The Division Counsel survey indicates that 21 months after the effective date of the revised Guidelines, field personnel continued to struggle with questions about the use of these authorities. Only 37 percent of the survey respondents stated that they found fully satisfactory the guidance regarding privacy and other civil liberties issues that arose in their field offices in connection with use of the new Guidelines.
Under the General Crimes Guidelines, the FBI must have particularized information to justify the checking of leads or initiating a preliminary inquiry or a full investigation. By contrast, the Part VI.A.2 authorities permit the FBI to visit public places or attend public events "on the same terms and conditions as members of the public" and only "for the purpose of detecting and preventing terrorist activities." General Crimes Guidelines § VI.A.2.
The FBI relied upon OGC and its Headquarters operating divisions to develop guidance on the Investigative Guidelines. We therefore reviewed the guidance memoranda sent to the field from FBI Headquarters. The following memoranda, which we describe in more detail below, address the predication required for using these authorities.
While discussing recurring questions about predication, the guidance memoranda encourage, but do not require, supervisory approval for FBI agents to attend a public event. For example, the October 7, 2002, OGC memorandum states:
If time permits, an agent should obtain his or her supervisor's approval before visiting a public place or attending a public event to detect or prevent terrorist activity. This policy will help to ensure that the attendance is for a law enforcement purpose authorized by this section, and reflects the appropriate balance between law enforcement and First Amendment concerns. In assessing the use of this law enforcement technique, a supervisor may want to consider, for example, factors such as the potential to detect or prevent terrorist activity, and the potential chilling effect on First Amendment protected activity. Good judgment and discretion are essential to ensure that this investigative technique is in fact effective while at the same time protecting constitutional rights.
In the March 27, 2003, guidance memorandum, the OGC designated an Assistant General Counsel as the point of contact at Headquarters to "coordinate guidance and assistance to FBI Headquarters and Field Offices on investigative, operational and policy matters that may have an impact on, or be perceived as having an impact on, constitutional and privacy rights and interests."309 Among the topics about which field agents were encouraged to consult the point of contact was "attendance at meetings and public gatherings of religious, political or other groups/organizations."310
The Counterterrorism Division's September 1, 2004, guidance addressed the use of Part VI authorities in the context of attending and surveilling protest events. With respect to predication, it stated:
Attendance and Surveillance at Public Events. - Agents may not conduct surveillance of individuals or groups solely for the purpose of monitoring the exercise of rights protected by the First Amendment. . . . The second broad investigative basis for attendance and surveillance is found under Part VI of the General Crimes Guidelines. Under this section, agents may attend a public event or visit a public place on the same terms as the general public. Under this authority, however, such attendance may be undertaken for the purpose of detecting or preventing terrorism, or assessing a threat to national security. Further, although the revised Guidelines permit such attendance even if neither a preliminary inquiry nor a full investigation is open, agents are reminded that this authority is limited to matters observable and obtainable in a public forum. Undercover activity, surreptitious entry into a private gathering at these events, and certain other investigative techniques (e.g., consensual recording of conversations) are not permitted under this authority. (Emphasis in original).
We also examined a sampling of the communications between OGC's point of contact and the field divisions. We noted that OGC has urged caution with respect to use of Part VI authorities and suggested that the FBI is on firmer footing if it obtains "individualized justification" prior to visiting pubic places. The OGC guidance also reiterated the Privacy Act prohibitions against including names in the FBI's records systems based solely on the exercise of First Amendment rights.
In a response to Congress, the Department also articulated the considerations the FBI weighed in evaluating whether to require supervisory approval prior to permitting agents to visit public places or attend public events pursuant to Part VI.A.2:
Question. The GAO Report reflects that "FBI headquarter [sic] officials are currently considering whether to require mandatory supervisory approval prior to allowing an agent to enter a public place or attend a public meeting." Have you made any final decisions on this matter? What is the possible downside of requiring supervisory approval of this easily abused investigative technique?
In our April 2005 interview of Director Mueller, he emphasized that he balanced the need to encourage use of the proactive Part VI authorities with the desire to be able to measure and evaluate their use. He said he had expected the Virtual Case File System would have been implemented and would have had features that facilitated notification to FBI Headquarters of the use of Part VI authorities. The Director stated that had that capability been available, he was prepared to require the "relatively modest imposition" on field agents of sending notice to Headquarters. However, in light of the problems in implementing the Virtual Case File, the Director said he would have to revisit the question whether to require supervisory approval and some form of documentation beyond the entries in zero files.
Finally, it is important to remember that the FBI has multiple sources of authority to enter public places pursuant to the Investigative Guidelines, the NSI Guidelines, and other authorities.
Part VI contains strict limitations on the FBI's authority to retain information derived from its visits to public places and events, stating, "No information obtained from such visits shall be retained unless it relates to potential criminal or terrorist activity." General Crimes Guidelines VI.A.2. In addition to the OGC memorandum dated October 7, 2002, noted above, we identified several guidance memoranda distributed by the FBI that restate the prohibition against improperly retaining information derived from these authorities.
However, due to the manner in which FBI field offices record and maintain information regarding the exercise of Part VI.A.2 authorities and the absence of centrally retrievable data, we were unable to determine whether the FBI is retaining information derived from these activities in conformity with the General Crimes Guidelines and implementing guidance.
OGC guidance has noted the distinction between what the FBI may retain in full investigations and what it may retain from the exercise of Part VI authorities. On March 19, 2004, OGC guidance entitled "Protection of Civil Liberties" stated that information derived from the surveillance of subjects in the course of an open investigation "should be collected, maintained in FBI records, and disseminated in compliance with the Privacy Act and departmental policy."312 On the other hand, personal identifying information may only be retained from the surveillance of persons under Part VI authorities if the information is "relevant to an existing investigation or preliminary inquiry; by itself or in combination with other known information, justifies a new inquiry or investigation; or relates to another law enforcement activity the FBI is authorized by law or regulation to conduct."313
Similarly, in responding to congressional concerns about record retention issues related to Part VI authorities, Director Mueller stated that "if information obtained during the visit rises to the level of a lead, such information should be properly documented, including a statement describing how the information is related to potential criminal or terrorist activity, and then filed accordingly."314
The following diagram provides FBI Division Counsel's views regarding Part VI consultations and the clarity of guidance issued by FBI Headquarters concerning retention of information derived from use of Part VI.A.2 authorities during the period May 2002 to February 2004.315 Our survey indicated that 65 percent of Division Counsel were consulted about the FBI's authority to visit or attend public events under Part VI authority. Of that number, 96 percent said they were consulted about the permissibility of surveilling or attending public events, 86 percent said they were consulted about the propriety of retaining information derived from these visits, and 63 percent stated that they did not believe FBI guidance on information retention was clear when the revised Guidelines were issued.
The FBI has provided significant guidance to the field about the highly sensitive Part VI authorities. The FBI does not require advance supervisory approval or documentation of the use of the authority to visit public places or attend public events, and agents do not open a discrete investigative or administrative file in the absence of a preliminary or full investigation. Some SACs we interviewed in the 12 field offices said they require approval by or notification of a first line supervisor of an agent's use of the authority to visit public places or attend public events. However, because of the limited amount of information we were able to obtain from FBI Headquarters or field offices about their utilization of the Part VI authorities, it is unclear, even with respect to the 12 field offices we visited, how often these authorities have been used or whether the FBI is using these authorities in conformity with the Guidelines. That said, we did not find indications that these authorities are used extensively. Field agents, their supervisors, and Headquarters personnel repeatedly told us that given the many leads, inquiries, and active investigations that they must pursue, visiting public places and events absent an indication of unlawful conduct or threat potential is not a priority.
As discussed above and in Chapter Eight, over the last three years since the revised Guidelines were issued, the Office of the General Counsel and the Counterterrorism Division have generated guidance addressing the distinctions between record retention in preliminary inquiries or full investigations, on the one hand, and the stricter limitations imposed on retaining information collected in the course of monitoring protest activities or in connection with the FBI's "special event" responsibilities, on the other.
In our interviews of FBI Headquarters managers, our surveys of Chief Division Counsel, and our field interviews, FBI employees expressed recognition of the FBI's obligation to protect civil liberties. The FBI personnel we questioned about the Part VI authorities - from new agents through the Director - exhibited awareness of the FBI's past lapses in the area of domestic political investigations and surveillance of protesters. Specifically with respect to the authority to visit public places and attend public events, field and Headquarters personnel we interviewed said they are acutely sensitive to the need to exercise these authorities carefully and responsibly.
What is missing, however, in the FBI's implementation of the Part VI authorities is the capability to retrieve and analyze information about when and how these authorities are used; whether information derived from visiting public places and attending public events is being inappropriately retained, indexed, or disseminated; and, for at least the first two years since the Guidelines were in effect, clear, easily accessible guidance on these authorities. Nearly two-thirds of Division Counsel who responded to our survey said they believed the guidance was unclear when the Guidelines were issued, and more than half believed the guidance was still unclear 21 months later when they responded to our survey. In our view, in light of the minimal predication standards and the potential for abuse, the FBI should reconsider whether advance supervisory approval and easily retrievable documentation should be required when Part VI authority is used.
In evaluating the sufficiency of the Guidelines' provisions and related FBI guidance on Part VI.A authorities, we compared the internal controls for predication in the FBI's use of Part VI authorities with the FBI's parallel authorities under the NSI Guidelines. Effective October 31, 2003, the NSI Guidelines introduced a new investigative activity called "threat assessments." The NSI guidelines permit the FBI to visit public places and attend public events for the:
proactive collection of information concerning threats to the national security, including information on individuals, groups, and organizations of possible investigative interest, and information on possible targets of international terrorist activities or other national security threats. . . . This is comparable to the authorization under Part VI of the Attorney General's Guidelines on General Crimes, Racketeering Enterprise and Terrorism Enterprise Investigations to engage in information collection for counterterrorism or other law enforcement purposes without any more specific investigative predication . . . .
NSI Guidelines, Introduction, § A.1.316 While the FBI's specific requirements for approval of threat assessments and documentation of information derived from the exercise of this authority are classified, we believe that the FBI should require at least equivalent measures for supervisory approval and documentation as are required for threat assessments under the NSI Guidelines.
Particularly with respect to our analysis of the Part VI authorities and throughout this review, we have been mindful of the leading priority of the FBI: to "develop intelligence about terrorist activity and use that intelligence to disrupt their plans."317 We agree with the sentiments expressed by Director Mueller that a careful balance must be struck between the objectives of encouraging proactive use of the Part VI authorities and having the assurance that at least a field supervisor has approved their use. However, we believe that the FBI should reevaluate - now and in conjunction with its ongoing plans for technology improvements and contemplated revisions of the Attorney General Guidelines - its guidance with respect to the authority to visit public places and attend public events, and for retaining, indexing and disseminating information derived from those activities.
First, the FBI's other authorities in the NSI, and investigative portion of the General Crimes Guidelines to visit public places such as religious sites are subject to layers of supervisory approval and documentation requirements. For example, a preliminary inquiry or full investigation of a religious site or its leadership under the NSI Guidelines' counterterrorism classification requires SAC approval with notice to FBI Headquarters and the DOJ. Comparable investigative activity under the General Crimes Guidelines is a "sensitive criminal matter" requiring approval by the SAC with notice to FBI Headquarters and either the U.S. Attorney's Office or the DOJ. These approvals would have to be obtained before an agent entered the religious site. A covert entry of a religious site by an undercover agent would also be classified as a sensitive circumstance under both the NSI Guidelines and the General Crimes Guidelines, requiring in either case FBI Headquarters approval. Likewise, before a source operating at the express direction of the FBI could enter a religious site, and before the FBI could open a source who is already a member of a religious organization, the SAC would have to approve the activity, as it would be classified a "sensitive circumstance" under both the Confidential Informant Guidelines and the NSI Guidelines.
We appreciate that the new authorities to visit public places and attend public events for the purpose of detecting or preventing terrorist activities are designed to be used proactively and should not be encumbered with layers of supervisory approval. We therefore are not recommending that supervisory approval and notification for Part VI authorities be the same as that required for preliminary and full investigations. In the absence of exigent circumstances, however, we believe a field supervisor's judgment should be brought to bear on the exercise of these new authorities. In addition, we believe the FBI's use of these authorities should be documented in an easily retrievable fashion.
Second, the FBI has already acknowledged in guidance distributed by OGC and in its response to congressional inquiries that when time permits agents should obtain supervisory approval before exercising Part VI.A.2 authorities and that documentation should be maintained in some retrievable fashion. The FBI recognizes the value of this and encourages its agents to do so. However, we believe a uniform requirement to obtain such approval, absent exigent circumstances, should be implemented.
Third, we believe that the FBI's practice of retaining information derived from visiting public places or events in zero files does not provide the FBI with centrally retrievable information about the use of these authorities and does not facilitate compliance with the Guidelines' constraints on record retention and dissemination. A simple, standardized form or an e-mail template could be used to capture when and why these authorities are used. Such a record would serve several purposes: 1) it would enable field supervisors to conduct meaningful "file reviews" every 120 days, even in the absence of an investigative "file"; 2) it would assist the Inspection Division in performing the audit we recommend in Chapter Seven; and 3) it would also allow checks on whether the authorities are used appropriately. Since OGC has already issued guidance recommending that agents should document their attendance at public events pursuant to Part VI authorities, we believe the incremental burden of requiring standardized and easily retrievable documentation is reasonable and not significantly burdensome.
Fourth, the added burden on case agents is not likely to be substantial. We were told in many field offices we visited that agents do not have time to visit public places or attend public events other than in connection with checking a lead, a preliminary investigation, or a full investigation. Consequently, requiring supervisory approval and easily retrievable documentation when these authorities are used should not be onerous.
Fifth, the FBI's information architecture is under a period of fundamental transformation.318 The FBI has the opportunity now to build into its technology systems the ability to identify the source of all information it collects, stores, and disseminates. Incorporating documentation requirements for the Part VI authorities should be considered now, as the FBI upgrades its information technology systems. Whether the information is collected as evidence for a criminal trial or as part of the FBI's intelligence base, the FBI needs to be able to identify the source of information it collects and retains and be certain that field agents follow appropriate guidance with respect to the intended uses of the information.
We therefore recommend that the FBI take the following steps.
(23) Require field level supervisory approval prior to the exercise of Part VI.A.2 authorities to visit public places or attend public events for the purpose of detecting or preventing terrorist activities, absent exigent circumstances.
(24) Develop a standardized form or a short e-mail template to be completed by case agents to document their use of the Part VI.A.2 authorities.
(25) In light of the survey responses of Division Counsel, consider whether (a) field office practices since May 30, 2002, regarding predication, collection, record retention, indexing, and dissemination of Part VI.A information, and the practices regarding utilization of "zero files" or other files to capture Part VI.A information, are in conformity with the Guidelines and FBI guidance; (b) there is a need for further guidance on predication, collection, record retention, indexing, dissemination, or other issues; and (c) FBI Headquarters managers should have access to data reflecting use of Part VI.A.2 authorities in order to be satisfied that these authorities are used in conformity with the Guidelines.