A Justice Department investigation has found pervasive errors in the FBI's use of its power to secretly demand telephone, e-mail and financial records in national security cases, officials with access to the report said Thursday.
The inspector general's audit found 22 possible breaches of internal FBI and Justice Department regulations -- some of which were potential violations of law -- in a sampling of 293 "national security letters." The letters were used by the FBI to obtain the personal records of U.S. residents or visitors between 2003 and 2005. The FBI identified 26 potential violations in other cases.
Officials said they could not be sure of the scope of the violations but suggested they could be more widespread, though not deliberate. In nearly a quarter of the case files Inspector General Glenn A. Fine reviewed, he found previously unreported potential violations.
Surge in records requests
The use of national security letters has grown exponentially since the Sept. 11, 2001, attacks. In 2005 alone, the audit found, the FBI issued more than 19,000 such letters, amounting to 47,000 separate requests for information.
The letters enable an FBI field office to compel the release of private information without the authority of a grand jury or judge. The USA Patriot Act, enacted after the 2001 attacks, eliminated the requirement that the FBI show "specific and articulable" reasons to believe that the records it demands belong to a foreign intelligence agent or terrorist.
That law, and Bush administration guidelines for its use, transformed national security letters by permitting clandestine scrutiny of U.S. residents and visitors who are not alleged to be terrorists or spies.
Now the bureau needs only to certify that the records are "sought for" or "relevant to" an investigation "to protect against international terrorism or clandestine intelligence activities."
Errors not considered deliberate
According to three officials with access to the report, Fine said the possible violations he discovered did not "manifest deliberate attempts to circumvent statutory limitations or departmental policies."
But Fine found that FBI agents used national security letters without citing an authorized investigation, claimed "exigent" circumstances that did not exist in demanding information and did not have adequate documentation to justify the issuance of letters.
In at least two cases, the officials said, Fine found that the FBI obtained full credit reports using a national security letter that could lawfully be employed to obtain only summary information. In an unknown number of other cases, third parties such as telephone companies, banks and Internet providers responded to national security letters with detailed personal information about customers that the letters do not permit to be released. The FBI "sequestered" that information, a law enforcement official said last night, but did not destroy it.
Alan Raul, vice chairman of the White House Privacy and Civil Liberties Oversight Board and a former Reagan White House lawyer , said in an interview that the Bush administration has asked the board to review and recommend changes in the FBI's use of national security letters.
"The processes seem to be seriously in need of tune-up," Raul said. "We hope to play a role in helping the FBI get to where it knows it needs to be."
Lanny Davis, another board member and a former attorney in the Clinton White House , said his recent briefing by the FBI left him "very concerned about what I regard to be serious potential infringements of privacy and civil liberties by the FBI and their use of national security letters. It is my impression that they too regard this as very serious."
Fine's audit, which was limited to 77 case files in four FBI field offices, found that those offices did not even generate accurate counts of the national security letters they issued, omitting about one in five letters from the reports they sent to headquarters in Washington. Those inaccurate numbers, in turn, were used as the basis for required reports to Congress.
Officials said they believe that the 48 known problems may be the tip of the iceberg in an internal oversight system that one of them described as "shoddy."
Lack of follow-up cited
The report identified several instances in which the FBI used a tool known as "exigent letters" to obtain information urgently, promising that the requests would be covered later by grand jury subpoenas or national security letters. In several of those cases, the subpoenas were never sent, the review found.
The review also found several instances in which agents claimed there were exigent circumstances when none existed. The FBI recently ended the practice of using exigent letters in national security cases, officials said last night.
The report, mandated by Congress over the Bush administration's objections, is to be presented to several House and Senate committees today. But senior officials, speaking with permission on the condition that they not be identified, said the Bush administration has already responded vigorously to the audit's findings.
Official: Gonzales ‘incensed’ by findings
Attorney General Alberto R. Gonzales learned of the findings three weeks ago and "was incensed when he was told the contents of the report," according to a Justice Department official.
"The attorney general commends the work of the inspector general in uncovering serious problems in the FBI's use of NSLs," said Tasia Scolinos, a spokeswoman for Gonzales. "He has told [FBI Director Robert S. Mueller III] that these past mistakes will not be tolerated, and has ordered the FBI and the department to restore accountability and to put in place safeguards to ensure greater oversight and controls over the use of national security letters."
FBI and Justice Department officials have long described national security letters as an indispensable tool in combating terrorism, and Fine's report, according to one official who cited excerpts, said investigators told the inspector general that the letters "contributed significantly to many counterterrorism and counterintelligence investigations." Fine did not make an independent assessment of the efficacy of the letters as investigative tools.
Most errors self-reported
FBI procedures require that any possible violation of law or regulation on national security letters be reported to the President's Intelligence Oversight Board within 14 days of discovery. Of the 26 breaches it discovered before Fine's review, the FBI referred 19 to the oversight board.
Among the responses officials highlighted last night is a tracking database under development by the FBI to ensure that its accounting of national security letters is accurate. One official said the FBI would begin deployment of the system in four of its 56 field offices by the end of the year. Meanwhile, the official said, each office will be required to "hand count" the numbers every month.
Gonzales, officials said, has ordered the department's national security division and inspections division to begin audits next month of a sampling of national security letters in every field office. About 15 offices should be audited by the end of the year, the official said.
Reforms ordered
Gonzales has also ordered that he chief counsel of every field office personally sign off on every national security letter, a practice that has been encouraged but not required until now.
The office of Director of National Intelligence Mike McConnell has established a working group to consider how much of the information gathered by national security letters should be retained and whether any of it should be purged. After the Patriot Act was passed, the Bush administration eliminated the FBI's requirement that irrelevant personal information from case files be discarded after cases are closed.
Mueller has ordered improved training of agents involved in national security cases and better record-keeping. Last May, changes began with the fixing of databases.
A senior group of FBI inspectors has been asked to review the conduct of agents and their supervisors to determine if any should be disciplined for mistakes.