The FBI improperly and, in some cases, illegally used the USA Patriot Act to secretly obtain personal information about people in the United States, a Justice Department audit concluded Friday.
And for three years the FBI has underreported to Congress how often it forced businesses to turn over the customer data, the audit found.
FBI agents sometimes demanded the data without proper authorization, according to the 126-page audit by Justice Department Inspector General Glenn Fine. At other times, the audit found, the FBI improperly obtained telephone records in non-emergency circumstances.
FBI Director Robert Mueller said he was to blame for not putting more safeguards into place.
“I am to be held accountable,” Mueller said. He told reporters he would correct the problems and did not plan to resign.
“The inspector general went and did the audit that I should have put in place many years ago,” Mueller said.
The audit blames agent error and shoddy record-keeping for the bulk of the problems and did not find any indication of criminal misconduct.
Still, "we believe the improper or illegal uses we found involve serious misuses of national security letter authorities," the audit concludes.
Attorney General Alberto Gonzales, who oversees the FBI, said the problems outlined in the report involved no intentional wrongdoing. In remarks prepared for delivery to privacy officials late Friday, Gonzales said that “there is no excuse for the mistakes that have been made, and we are going to make things right as quickly as possible.”
At issue are the security letters, a power outlined in the Patriot Act that the Bush administration pushed through Congress after the Sept. 11, 2001, terror attacks. The letters, or administrative subpoenas, are used in suspected terrorism and espionage cases. They allow the FBI to require telephone companies, Internet service providers, banks, credit bureaus and other businesses to produce highly personal records about their customers or subscribers — without a judge's approval.
About three-fourths of the national security letters were issued for counterterror cases, and the other fourth for spy investigations.
Chief acknowledges deficiencies
In an earlier statement, Mueller called Fine's audit "a fair and objective review of the FBI's use of a proven and useful investigative tool."
The finding "of deficiencies in our processes is unacceptable," Mueller said.
"We strive to exercise our authorities consistent with the privacy protections and civil liberties that we are sworn to uphold," Mueller said. "Anything less will not be tolerated. While we've already taken some steps to address these shortcomings, I am ordering additional corrective measures to be taken immediately."
Fine's annual review is required by Congress, over the objections of the Bush administration.
The audit released Friday found that the number of national security letters issued by the FBI skyrocketed in the years after the Patriot Act became law.
In 2000, for example, the FBI issued an estimated 8,500 letters. By 2003, however, that number jumped to 39,000. It rose again the next year, to about 56,000 letters in 2004, and dropped to approximately 47,000 in 2005.
Over the entire three-year period, the FBI reported issuing 143,074 national security letters requesting customer data from businesses, the audit found. But that did not include an additional 8,850 requests that were never recorded in the FBI’s database, the audit found.
Also, Fine’s audit noted, a 2006 report to Congress showing that the FBI delivered only 9,254 national security letters during the previous year — on 3,501 U.S. citizens and legal residents — was only required to report certain types of requests for information. That report did not outline the full scope of the national security letter requests in 2005, nor was it required to, Fine’s office said.
Additionally, the audit found, the FBI identified 26 possible violations in its use of the national security letters, including failing to get proper authorization, making improper requests under the law and unauthorized collection of telephone or Internet e-mail records.
Of the violations, 22 were caused by FBI errors, while the other four were the result of mistakes made by the firms that received the letters.
The FBI also used so-called "exigent letters," signed by officials at FBI headquarters who were not authorized to sign national security letters, to obtain information. In at least 700 cases, these exigent letters were sent to three telephone companies to get toll billing records and subscriber information.
"In many cases, there was no pending investigation associated with the request at the time the exigent letters were sent," the audit concluded.
In a letter to Fine, Gonzales asked the inspector general to issue a follow-up audit in July on whether the FBI had followed recommendations to fix the problems.
“To say that I am concerned about what has been revealed in this report would be an enormous understatement,” Gonzales said in remarks prepared for delivery to the privacy officials. “Failure to adequately protect information privacy is a failure to do our jobs.”
Senators outraged over the conclusions signaled they would provide tougher oversight of the FBI — and perhaps limit its power.
"I am very concerned that the FBI has so badly misused national security letters," said Sen. Arlen Specter, R-Pa., top Republican on the Senate Judiciary Committee, which oversees the FBI.
Sen. Russ Feingold, D-Wis., another member of the judiciary panel, said the report "proves that 'trust us' doesn't cut it."
The American Civil Liberties Union said the audit proves Congress must amend the Patriot Act to require judicial approval anytime the FBI wants access to sensitive personal information. “The attorney general and the FBI are part of the problem, and they cannot be trusted to be part of the solution,” said Anthony D. Romero, the ACLU’s executive director.
Justice spokeswoman Tasia Scolinos said Gonzales "commends the work of the inspector general in uncovering serious problems in the FBI's use of NSLs."