The Office of the Inspector General (OIG) at the Department of Justice (DOJ) reported on March 9 that the Federal Bureau of Investigation (FBI) has been systematically underreporting National Security Letter (NSL) requests and has repeatedly violated federal law and agency policies in collecting personal information. The report unleashed a firestorm on the Hill, with calls for reform of the USA PATRIOT Act.

The Patriot Reauthorization Act of 2006 directed the OIG at DOJ to review the FBI's use of the NSL powers under Section 505 of the USA PATRIOT Act and to report any improper or illegal use of such powers. Without court approval, the FBI can issue NSL requests that require Internet service providers, telephone companies, credit reporting agencies, and banks to disclose information relating to individuals':

• Internet use: websites visited and the email addresses to which and from which emails were sent or received
• Telephone use: the times and durations of calls and the numbers to which or from which calls were received or dialed
• Financial transactions: checking and savings account information, credit card transactions, loan information, credit reports and other financial information

Previously restricted to suspected terrorists or spies, the USA PATRIOT Act significantly broadened the NSL provision to cover any information that is "relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities." The USA PATRIOT Act also expanded approval authority of NSLs beyond senior FBI Headquarters officials to all special agents in charge of the FBI's 56 field offices. In October 2005, President Bush issued Executive Order 13388, which expanded access to NSL records to state and local governments and "appropriate private sector entities."

Inaccurate Reporting

Pursuant to requirements of the USA PATIROT Act, the FBI reported to Congress that 39,000 NSL requests were issued in 2003, 56,000 in 2004 and 47,000 in 2005. The OIG investigation found that the FBI significantly underreported the requests. "Overall, we found approximately 17 percent more national security letters and 22 percent more national security requests in the case files we examined in four field offices . . . As a result, we believe that the total number of NSL requests issued by the FBI is significantly higher than the FBI reported." (emphasis original). The OIG also found systematic errors regarding the status of NSL requests and the classification of targets of NSLs, specifically, whether the target was a U.S. citizen or non-U.S. citizen.

Violation of Federal Law and Policy

The OIG investigated abuse of NSL powers and found that approximately one-fifth of the reviewed files contained unidentified violations of NSL legislation and policy. "In our review of 77 FBI investigative files, we found that 17 of these files — 22 percent — contained one or more violations relating to national security letters that were not identified by the FBI. These violations . . . included instances in which the FBI issued national security letters for different information than what had been approved by the field supervisor. Based on our review . . . we believe that a significant number of NSL violations are not being identified or reported by the FBI."

The OIG also found that over 700 "exigent letters" were used to collect information from three telecommunications companies on over 3,000 telephone numbers in violation of law and policy. "We concluded that the FBI's acquisition of this information circumvented the requirements of the [Electronic Communications Privacy Act] NSL statute and violated the Attorney General's Guidelines for FBI National Security Investigations and Foreign Intelligence Collection and internal FBI policy. These actions were compounded by the fact that the FBI used the exigent letters in non-emergency situations, failed to ensure that there were duly authorized investigations to which the requests could be tied, and failed to ensure that NSLs were issued promptly after the fact pursuant to existing or new counterterrorism investigations. In addition, the exigent letters inaccurately represented that the FBI had already requested subpoenas for information when, in fact, it had not."

Political Fallout of the Report

The report elicited an immediate response from the director of the FBI, Robert S. Mueller III, who took full responsibility for the underreporting, "Who is to be held accountable? And the answer to that is I am to be held accountable." He attributed the reporting inaccuracies to "deficiencies in the database" and assured, "We have already taken steps to correct these deficiencies."

President Bush also responded to the report, stating that the OIG "justly made issue of FBI shortfalls [and] also made clear that these letters were important to the security of the United States." Bush stated that he would ensure that the FBI quickly corrects the mistakes, "My question is, 'What are you going to do to resolve these problems?'"

Republicans and Democrats on the Hill expressed outrage in response to the findings and promised a full investigation. Sen. John Sununu (R-NH), who in response to the United States attorneys scandal and the NSL report called for the replacement of Attorney General Alberto Gonzales, stated that the report "has shown that our worst fears regarding the documentation and oversight of National Security Letters were all too real."

Legislators called for reform of the USA PATRIOT Act in order to resolve the problems. Sen. Arlen Specter (R-PA) stated that Congress may have to "change the law . . . to impose statutory requirements and perhaps take away some of the authority which we've already given to the FBI, since they appear not to be able to know how to use it."

The House Judiciary Committee held a hearing today, March 20 on the report, and the Senate Judiciary Committee has scheduled a hearing for March 21. A representative of the FBI and the Inspector General of DOJ, Glenn A. Fine are expected to testify at both hearings.