The Washington Post reports:
An internal FBI audit has found that the bureau potentially violated the law or agency rules more than 1,000 times while collecting data about domestic phone calls, e-mails and financial transactions in recent years, far more than was documented in a Justice Department report in March that ignited bipartisan congressional criticism.
The new audit covers just 10 percent of the bureau's national security investigations since 2002, and so the mistakes in the FBI's domestic surveillance efforts probably number several thousand, bureau officials said in interviews. The earlier report found 22 violations in a much smaller sampling.
The vast majority of the new violations were instances in which telephone companies and Internet providers gave agents phone and e-mail records the agents did not request and were not authorized to collect. The agents retained the information anyway in their files, which mostly concerned suspected terrorist or espionage activities.
But two dozen of the newly-discovered violations involved agents' requests for information that U.S. law did not allow them to have, according to the audit results provided to The Washington Post. Only two such examples were identified earlier in the smaller sample.
FBI officials said the results confirmed what agency supervisors and outside critics feared, namely that many agents did not understand or follow the required legal procedures and paperwork requirements when collecting personal information with one of the most sensitive and powerful intelligence-gathering tools of the post-Sept. 11 era -- the National Security Letter, or NSL.
Such letters are uniformly secret and amount to nonnegotiable demands for personal information -- demands that are not reviewed in advance by a judge. After the 2001 terrorist attacks, Congress substantially eased the rules for issuing NSLs, requiring only that the bureau certify that the records are "sought for" or "relevant to" an investigation "to protect against international terrorism or clandestine intelligence activities."
The change -- combined with national anxiety about another domestic terrorist event -- led to an explosive growth in the use of the letters. More than 19,000 such letters were issued in 2005 seeking 47,000 pieces of information, mostly from telecommunications companies. But with this growth came abuse of the newly relaxed rules, a circumstance first revealed in the Justice Department's March report by Inspector General Glenn A. Fine.
"The FBI's comprehensive audit of National Security Letter use across all field offices has confirmed the inspector general's findings that we had inadequate internal controls for use of an invaluable investigative tool," FBI General Counsel Valerie E. Caproni said. "Our internal audit examined a much larger sample than the inspector general's report last March, but we found similar percentages of NSLs that had errors."
"Since March," Caproni added, "remedies addressing every aspect of the problem have been implemented or are well on the way."
Of the more than 1,000 violations uncovered by the new audit, about 700 involved telephone companies and other communications firms providing information that exceeded what the FBI's national security letters had sought. But rather than destroying the unsolicited data, agents in some instances issued new National Security Letters to ensure that they could keep the mistakenly provided information. Officials cited as an example the retention of an extra month's phone records, beyond the period specified by the agents.
Case agents are now told that they must identify mistakenly produced information and isolate it from investigative files. "Human errors will inevitably occur with third parties, but we now have a clear plan with clear lines of responsibility to ensure errant information that is mistakenly produced will be caught as it is produced and before it is added to any FBI database," Caproni said.
The FBI also found that in 14 investigations, counterintelligence agents using NSLs improperly gathered full credit reports from financial institutions, exercising authority provided by the USA Patriot Act but meant to be applied only in counterterrorism cases. In response, the bureau has distributed explicit instructions that "you can't gather full credit reports in counterintelligence cases," a senior FBI official said.
In 10 additional investigations, FBI agents used NSLs to request other information that the relevant laws did not allow them to obtain. Officials said that, for example, agents might have requested header information from e-mails -- such as the subject lines -- even though NSLs are supposed to be used to gather information only about the e-mails' senders and the recipients, not about their content.
The FBI audit also identified three dozen violations of rules requiring that NSLs be approved by senior officials and used only in authorized cases. In 10 instances, agents issued National Security Letters to collect personal data without tying the requests to specific, active investigations -- as the law requires -- either because, in each case, an investigative file had not been opened yet or the authorization for an investigation had expired without being renewed.
FBI officials said the audit found no evidence to date that any agent knowingly or willingly violated the laws or that supervisors encouraged such violations. The Justice Department's report estimated that agents made errors about 4 percent of the time and that third parties made mistakes about 3 percent of the time, they said. The FBI's audit, they noted, found a slightly higher error rate for agents -- about 5 percent -- and a substantially higher rate of third-party errors -- about 10 percent.
The officials said they are making widespread changes to ensure that the problems do not recur. Those changes include implementing a corporate-style, continuous, internal compliance program to review the bureau's policies, procedures and training, to provide regular monitoring of employees' work by supervisors in each office, and to conduct frequent audits to track compliance across the bureau.
The bureau is also trying to establish for NSLs clear lines of responsibility, which were lacking in the past, officials said. Agents who open counterterrorism and counterintelligence investigations have been told that they are solely responsible for ensuring that they do not receive data they are not entitled to have.
The FBI audit did not turn up new instances in which another surveillance tool known as an Exigent Circumstance Letter had been abused, officials said. In a finding that prompted particularly strong concerns on Capitol Hill, the Justice Department had said such letters -- which are similar to NSLs but are meant to be used only in security emergencies -- had been invoked hundreds of times in "non-emergency circumstances" to obtain detailed phone records, mostly without the required links to active investigations.
Many of those letters were improperly dispatched by the bureau's Communications Analysis Unit, a central clearinghouse for the analysis of telephone records such as those gathered with the help of "exigent" letters and National Security Letters. Justice Department and FBI investigators are trying to determine if any FBI headquarters officials should be held accountable or punished for those abuses, and have begun advising agents of their due process rights during interviews.
The FBI audit will be completed in the coming weeks, and Congress will be briefed on the results, officials said. FBI officials said each potential violation will then be extensively reviewed by lawyers to determine if it must be reported to the Intelligence Oversight Board, a presidential panel of senior intelligence officials created to safeguard civil liberties.
The officials said the final tally of violations that are serious enough to be reported to the panel might be much less than the number turned up by the audit, noting that only five of the 22 potential violations identified by the Justice Department's inspector general this spring were ultimately deemed to be reportable.
"We expect that percentage will hold or be similar when we get through the hundreds of potential violations identified here," said a senior FBI official, who spoke on the condition of anonymity because the bureau's findings have not yet been made public.
Wednesday, June 13, 2007
| [+/-] |
FBI Finds It Frequently Overstepped in Collecting Data |
Friday, March 9, 2007
| [+/-] |
Justice Department: FBI Acted Illegally On Data |
Audit finds agency misused Patriot Act to obtain information on citizens
MSNBC reports:
The FBI improperly and, in some cases, illegally used the USA Patriot Act to secretly obtain personal information about people in the United States, a Justice Department audit concluded Friday.
And for three years the FBI has underreported to Congress how often it forced businesses to turn over the customer data, the audit found.
FBI agents sometimes demanded the data without proper authorization, according to the 126-page audit by Justice Department Inspector General Glenn Fine. At other times, the audit found, the FBI improperly obtained telephone records in non-emergency circumstances.
FBI Director Robert Mueller said he was to blame for not putting more safeguards into place.
“I am to be held accountable,” Mueller said. He told reporters he would correct the problems and did not plan to resign.
“The inspector general went and did the audit that I should have put in place many years ago,” Mueller said.
The audit blames agent error and shoddy record-keeping for the bulk of the problems and did not find any indication of criminal misconduct.
Still, "we believe the improper or illegal uses we found involve serious misuses of national security letter authorities," the audit concludes.
Attorney General Alberto Gonzales, who oversees the FBI, said the problems outlined in the report involved no intentional wrongdoing. In remarks prepared for delivery to privacy officials late Friday, Gonzales said that “there is no excuse for the mistakes that have been made, and we are going to make things right as quickly as possible.”
At issue are the security letters, a power outlined in the Patriot Act that the Bush administration pushed through Congress after the Sept. 11, 2001, terror attacks. The letters, or administrative subpoenas, are used in suspected terrorism and espionage cases. They allow the FBI to require telephone companies, Internet service providers, banks, credit bureaus and other businesses to produce highly personal records about their customers or subscribers — without a judge's approval.
About three-fourths of the national security letters were issued for counterterror cases, and the other fourth for spy investigations.
Chief acknowledges deficiencies
In an earlier statement, Mueller called Fine's audit "a fair and objective review of the FBI's use of a proven and useful investigative tool."
The finding "of deficiencies in our processes is unacceptable," Mueller said.
"We strive to exercise our authorities consistent with the privacy protections and civil liberties that we are sworn to uphold," Mueller said. "Anything less will not be tolerated. While we've already taken some steps to address these shortcomings, I am ordering additional corrective measures to be taken immediately."
Fine's annual review is required by Congress, over the objections of the Bush administration.
The audit released Friday found that the number of national security letters issued by the FBI skyrocketed in the years after the Patriot Act became law.
In 2000, for example, the FBI issued an estimated 8,500 letters. By 2003, however, that number jumped to 39,000. It rose again the next year, to about 56,000 letters in 2004, and dropped to approximately 47,000 in 2005.
Over the entire three-year period, the FBI reported issuing 143,074 national security letters requesting customer data from businesses, the audit found. But that did not include an additional 8,850 requests that were never recorded in the FBI’s database, the audit found.
Also, Fine’s audit noted, a 2006 report to Congress showing that the FBI delivered only 9,254 national security letters during the previous year — on 3,501 U.S. citizens and legal residents — was only required to report certain types of requests for information. That report did not outline the full scope of the national security letter requests in 2005, nor was it required to, Fine’s office said.
Additionally, the audit found, the FBI identified 26 possible violations in its use of the national security letters, including failing to get proper authorization, making improper requests under the law and unauthorized collection of telephone or Internet e-mail records.
Of the violations, 22 were caused by FBI errors, while the other four were the result of mistakes made by the firms that received the letters.
Unauthorized signatures
The FBI also used so-called "exigent letters," signed by officials at FBI headquarters who were not authorized to sign national security letters, to obtain information. In at least 700 cases, these exigent letters were sent to three telephone companies to get toll billing records and subscriber information.
"In many cases, there was no pending investigation associated with the request at the time the exigent letters were sent," the audit concluded.
In a letter to Fine, Gonzales asked the inspector general to issue a follow-up audit in July on whether the FBI had followed recommendations to fix the problems.
“To say that I am concerned about what has been revealed in this report would be an enormous understatement,” Gonzales said in remarks prepared for delivery to the privacy officials. “Failure to adequately protect information privacy is a failure to do our jobs.”
Senators outraged over the conclusions signaled they would provide tougher oversight of the FBI — and perhaps limit its power.
"I am very concerned that the FBI has so badly misused national security letters," said Sen. Arlen Specter, R-Pa., top Republican on the Senate Judiciary Committee, which oversees the FBI.
Sen. Russ Feingold, D-Wis., another member of the judiciary panel, said the report "proves that 'trust us' doesn't cut it."
The American Civil Liberties Union said the audit proves Congress must amend the Patriot Act to require judicial approval anytime the FBI wants access to sensitive personal information. “The attorney general and the FBI are part of the problem, and they cannot be trusted to be part of the solution,” said Anthony D. Romero, the ACLU’s executive director.
Justice spokeswoman Tasia Scolinos said Gonzales "commends the work of the inspector general in uncovering serious problems in the FBI's use of NSLs."
