[Infowarrior] - FBI Finds It Frequently Overstepped in Collecting Data

[Richard Forno]

FBI Finds It Frequently Overstepped in Collecting Data

By John Solomon
Washington Post Staff Writer
Thursday, June 14, 2007; A01


http://www.washingtonpost.com/wp-dyn/content/article/2007/06/13/AR2007061302
453_pf.html

An internal FBI audit has found that the bureau potentially violated the law
or agency rules more than 1,000 times while collecting data about domestic
phone calls, e-mails and financial transactions in recent years, far more
than was documented in a Justice Department report in March that ignited
bipartisan congressional criticism.

The new audit covers just 10 percent of the bureau's national security
investigations since 2002, and so the mistakes in the FBI's domestic
surveillance efforts probably number several thousand, bureau officials said
in interviews. The earlier report found 22 violations in a much smaller
sampling.

The vast majority of the new violations were instances in which telephone
companies and Internet providers gave agents phone and e-mail records the
agents did not request and were not authorized to collect. The agents
retained the information anyway in their files, which mostly concerned
suspected terrorist or espionage activities.

But two dozen of the newly-discovered violations involved agents' requests
for information that U.S. law did not allow them to have, according to the
audit results provided to The Washington Post. Only two such examples were
identified earlier in the smaller sample.

FBI officials said the results confirmed what agency supervisors and outside
critics feared, namely that many agents did not understand or follow the
required legal procedures and paperwork requirements when collecting
personal information with one of the most sensitive and powerful
intelligence-gathering tools of the post-Sept. 11 era -- the National
Security Letter, or NSL.

Such letters are uniformly secret and amount to nonnegotiable demands for
personal information -- demands that are not reviewed in advance by a judge.
After the 2001 terrorist attacks, Congress substantially eased the rules for
issuing NSLs, requiring only that the bureau certify that the records are
"sought for" or "relevant to" an investigation "to protect against
international terrorism or clandestine intelligence activities."

The change -- combined with national anxiety about another domestic
terrorist event -- led to an explosive growth in the use of the letters.
More than 19,000 such letters were issued in 2005 seeking 47,000 pieces of
information, mostly from telecommunications companies. But with this growth
came abuse of the newly relaxed rules, a circumstance first revealed in the
Justice Department's March report by Inspector General Glenn A. Fine.

"The FBI's comprehensive audit of National Security Letter use across all
field offices has confirmed the inspector general's findings that we had
inadequate internal controls for use of an invaluable investigative tool,"
FBI General Counsel Valerie E. Caproni said. "Our internal audit examined a
much larger sample than the inspector general's report last March, but we
found similar percentages of NSLs that had errors."

"Since March," Caproni added, "remedies addressing every aspect of the
problem have been implemented or are well on the way."

Of the more than 1,000 violations uncovered by the new audit, about 700
involved telephone companies and other communications firms providing
information that exceeded what the FBI's national security letters had
sought. But rather than destroying the unsolicited data, agents in some
instances issued new National Security Letters to ensure that they could
keep the mistakenly provided information. Officials cited as an example the
retention of an extra month's phone records, beyond the period specified by
the agents.

Case agents are now told that they must identify mistakenly produced
information and isolate it from investigative files. "Human errors will
inevitably occur with third parties, but we now have a clear plan with clear
lines of responsibility to ensure errant information that is mistakenly
produced will be caught as it is produced and before it is added to any FBI
database," Caproni said.

The FBI also found that in 14 investigations, counterintelligence agents
using NSLs improperly gathered full credit reports from financial
institutions, exercising authority provided by the USA Patriot Act but meant
to be applied only in counterterrorism cases. In response, the bureau has
distributed explicit instructions that "you can't gather full credit reports
in counterintelligence cases," a senior FBI official said.

In 10 additional investigations, FBI agents used NSLs to request other
information that the relevant laws did not allow them to obtain. Officials
said that, for example, agents might have requested header information from
e-mails -- such as the subject lines -- even though NSLs are supposed to be
used to gather information only about the e-mails' senders and the
recipients, not about their content.

The FBI audit also identified three dozen violations of rules requiring that
NSLs be approved by senior officials and used only in authorized cases. In
10 instances, agents issued National Security Letters to collect personal
data without tying the requests to specific, active investigations -- as the
law requires -- either because, in each case, an investigative file had not
been opened yet or the authorization for an investigation had expired
without being renewed.

FBI officials said the audit found no evidence to date that any agent
knowingly or willingly violated the laws or that supervisors encouraged such
violations. The Justice Department's report estimated that agents made
errors about 4 percent of the time and that third parties made mistakes
about 3 percent of the time, they said. The FBI's audit, they noted, found a
slightly higher error rate for agents -- about 5 percent -- and a
substantially higher rate of third-party errors -- about 10 percent.

The officials said they are making widespread changes to ensure that the
problems do not recur. Those changes include implementing a corporate-style,
continuous, internal compliance program to review the bureau's policies,
procedures and training, to provide regular monitoring of employees' work by
supervisors in each office, and to conduct frequent audits to track
compliance across the bureau.

The bureau is also trying to establish for NSLs clear lines of
responsibility, which were lacking in the past, officials said. Agents who
open counterterrorism and counterintelligence investigations have been told
that they are solely responsible for ensuring that they do not receive data
they are not entitled to have.

The FBI audit did not turn up new instances in which another surveillance
tool known as an Exigent Circumstance Letter had been abused, officials
said. In a finding that prompted particularly strong concerns on Capitol
Hill, the Justice Department had said such letters -- which are similar to
NSLs but are meant to be used only in security emergencies -- had been
invoked hundreds of times in "non-emergency circumstances" to obtain
detailed phone records, mostly without the required links to active
investigations.

Many of those letters were improperly dispatched by the bureau's
Communications Analysis Unit, a central clearinghouse for the analysis of
telephone records such as those gathered with the help of "exigent" letters
and National Security Letters. Justice Department and FBI investigators are
trying to determine if any FBI headquarters officials should be held
accountable or punished for those abuses, and have begun advising agents of
their due process rights during interviews.

The FBI audit will be completed in the coming weeks, and Congress will be
briefed on the results, officials said. FBI officials said each potential
violation will then be extensively reviewed by lawyers to determine if it
must be reported to the Intelligence Oversight Board, a presidential panel
of senior intelligence officials created to safeguard civil liberties.

The officials said the final tally of violations that are serious enough to
be reported to the panel might be much less than the number turned up by the
audit, noting that only five of the 22 potential violations identified by
the Justice Department's inspector general this spring were ultimately
deemed to be reportable.

"We expect that percentage will hold or be similar when we get through the
hundreds of potential violations identified here," said a senior FBI
official, who spoke on the condition of anonymity because the bureau's
findings have not yet been made public.