Electronic Frontier Foundation Report on Fbi Misconduct 2011
Download original document:
Document text
Document text
This text is machine-read, and may contain errors. Check the original document to verify accuracy.
Patterns of Misconduct:
FBI Intelligence Violations from 2001 - 2008
A Report Prepared by the Electronic Frontier Foundation
January 2011
EXECUTIVE SUMMARY
In a review of nearly 2,500 pages of documents released by the Federal Bureau of
Investigation as a result of litigation under the Freedom of Information Act, EFF
uncovered alarming trends in the Bureau’s intelligence investigation practices. The
documents consist of reports made by the FBI to the Intelligence Oversight Board of
violations committed during intelligence investigations from 2001 to 2008. The
documents suggest that FBI intelligence investigations have compromised the civil
liberties of American citizens far more frequently, and to a greater extent, than was
previously assumed. In particular, EFF’s analysis provides new insight into:
Number of Violations Committed by the FBI
From 2001 to 2008, the FBI reported to the IOB approximately 800 violations of
laws, Executive Orders, or other regulations governing intelligence investigations,
although this number likely significantly under-represents the number of
violations that actually occurred.
From 2001 to 2008, the FBI investigated, at minimum, 7000 potential violations
of laws, Executive Orders, or other regulations governing intelligence
investigations.
Based on the proportion of violations reported to the IOB and the FBI’s own
statements regarding the number of NSL violations that occurred, the actual
number of possible violations that may have occurred in the nine years since 9/11
could approach 40,000 violations of law, Executive Order, or other regulations
governing intelligence investigations. 1
1
This figure is an estimate based, first, on the fact that a significant number of FBI violations went
unreported, both internally and to the IOB; second, this estimate assumes the sample of violations reported
to the IOB and released to EFF is representative of all violations that occurred, including those that went
unreported; third, the estimate assumes violations occurred at the same rate over time. In the reports
released to EFF, roughly 33% were violations of the NSIG, 33% were NSL violations, and 20% were other
violations (the remaining violations were too heavily redacted to categorize). The estimate is based on an
extrapolation from the OIG’s estimate that 6,400 NSL violations occurred from 2003-2006. In the absence
Electronic Frontier Foundation
i
WWW.EFF.ORG
Substantial Delays in the Intelligence Oversight Process
From 2001 to 2008, both FBI and IOB oversight of intelligence activities was
delayed and likely ineffectual; on average, 2.5 years elapsed between a violation’s
occurrence and its eventual reporting to the IOB.
Type and Frequency of FBI Intelligence Violations
From 2001 to 2008, of the nearly 800 violations reported to the IOB:
o over one-third involved FBI violation of rules governing internal
oversight of intelligence investigations.
o nearly one-third involved FBI abuse, misuse, or careless use of the
Bureau’s National Security Letter authority.
o almost one-fifth involved an FBI violation of the Constitution, the Foreign
Intelligence Surveillance Act, or other laws governing criminal
investigations or intelligence gathering activities.
From 2001 to 2008, in nearly half of all NSL violations, third-parties to whom
NSLs were issued — phone companies, internet service providers, financial
institutions, and credit agencies —contributed in some way to the FBI’s
unauthorized receipt of personal information.
From 2001 to 2008, the FBI engaged in a number of flagrant legal violations,
including:
o submitting false or inaccurate declarations to courts.
o using improper evidence to obtain federal grand jury subpoenas.
o accessing password protected documents without a warrant.
For further information on this report, contact Mark Rumold, mark@eff.org, or Jennifer
Lynch, jen@eff.org.
of robust FBI auditing and thorough oversight, estimates such as these are the only reasonable method to
approximate the scope of the FBI’s investigatory misconduct.
Electronic Frontier Foundation
ii
WWW.EFF.ORG
TABLE OF CONTENTS
INTRODUCTION ..................................................................................... 1
THE INTELLIGENCE OVERSIGHT BOARD ................................................... 2
FBI INTELLIGENCE VIOLATIONS REPORTED TO THE IOB............................ 4
Violations of Internal Oversight Guidelines .......................................... 5
Abuse of National Security Letters....................................................... 7
Violations of the Constitution, FISA, and Other Legal Authorities ....... 10
TOTAL NUMBER OF VIOLATIONS FROM 2001 TO 2008 .......................... 11
CONCLUSION ....................................................................................... 12
Appendix 1—IOB Report 2007–1402 .................................................... 15
Appendix 2—IOB Report 2001–46 ........................................................ 17
Appendix 3—IOB Report 2003–25 ........................................................ 18
Appendix 4—IOB Report 2006–246 ...................................................... 19
Appendix 5—IOB Report 2007–718 ...................................................... 20
Appendix 6—IOB Report 2004–80 ........................................................ 21
Appendix 7—IOB Report 2007–1209 .................................................... 22
Appendix 8—IOB Report 2002–72 ........................................................ 23
Appendix 9—IOB Report 2002–74 ........................................................ 24
Appendix 10—IOB Report 2005–03 ...................................................... 25
Appendix 11—IOB Report 2007-1693.................................................. 26
Appendix 12—IOB Report 2006-224.................................................... 27
Appendix 13—IOB Report 2008-255.................................................... 28
Appendix 13—IOB Report 2008-255.................................................... 32
Electronic Frontier Foundation
iii
WWW.EFF.ORG
INTRODUCTION
EFF’s analysis of recently disclosed documents provides new insights into the Federal
Bureau of Investigation’s unlawful surveillance of Americans during intelligence
investigations conducted between 2001 and 2008.
In response to EFF FOIA requests issued in 2008 and 2009, the FBI released reports of
violations made to the Intelligence Oversight Board (IOB) — an independent, civilian
intelligence-monitoring board that reports to the President on the legality of foreign and
domestic intelligence operations. The nearly 2,500 pages of documents EFF received
include FBI reports to the IOB from 2001 to 2008. The reports catalog 768 specific
violations arising from FBI monitoring of U.S. citizens, resident aliens, and nonresidents.
Following a series of government investigations into FBI intelligence abuses, EFF
submitted FOIA requests in an effort to obtain the FBI’s IOB reports. In 2007, the
Department of Justice, Office of Inspector General released a report documenting the
FBI’s abuse of its National Security Letter (NSL) authority:2 the report found, in an audit
of only 10% of national security investigations, that the FBI may have committed as
many as 3000 NSL violations and had failed to report many of those violations to the
IOB.3 A 2008 OIG report confirmed and expanded the earlier report’s findings and
critically assessed the steps taken by the FBI to address the abuse of NSLs. 4
Following the second OIG report in 2008, EFF submitted FOIA requests to eleven federal
agencies and agency components requesting all reports of intelligence violations made to
the IOB from 2001 to 2008. EFF submitted subsequent requests the following year for
violations reported to the IOB from 2008 to 2009. In July 2009, after many agencies
failed to respond to the request, EFF filed suit against eight defendants — including the
CIA, NSA, Department of Defense, Department of Homeland Security, Department of
2
DEPARTMENT OF JUSTICE, OFFICE OF THE INSPECTOR GENERAL, A REVIEW OF THE FEDERAL BUREAU OF
INVESTIGATION’S USE OF NATIONAL SECURITY LETTERS (March 2007), available at
http://www.justice.gov/oig/special/s0703b/final.pdf.
3
See R. Jeffrey Smith, FBI Violations May Number 3,000, Official Says, WASH. POST., March 21, 2007,
available at https://www.washingtonpost.com/wp-dyn/content/article/2007/03/20/AR2007032000921.html.
4
DEPARTMENT OF JUSTICE, OFFICE OF THE INSPECTOR GENERAL, A REVIEW OF THE FBI’S USE OF
NATIONAL SECURITY LETTERS: ASSESSMENT OF CORRECTIVE ACTIONS AND EXAMINATION OF NSL USAGE
IN 2006 (March 2008), available at http://www.justice.gov/oig/special/s0803b/final.pdf. Even before the
OIG’s official acknowledgement of FBI investigative abuses, EFF, other civil liberties organizations, and
members of the media had documented numerous instances of improper government intelligence activities
in the years following 9/11. For example, in 2005, a FOIA request seeking information about violations
related to 13 national security investigations revealed numerous instances of FBI misconduct stemming
from the Bureau’s newly expanded powers under the USA PATRIOT Act.
Electronic Frontier Foundation
1
WWW.EFF.ORG
Justice, Office of the Director of National Intelligence, Department of Energy, and
Department of State — demanding the agencies comply with the law and produce the
requested documents. In December 2009, the Court ordered the agencies to begin
processing EFF’s request. In July 2010, two years after EFF’s initial FOIA request, the
FBI began its release of documents. Over three separate installments in July, August, and
October 2010, the FBI released nearly 2,500 pages of documents related to reports of
intelligence violations to the IOB.
The documents released to EFF constitute the most complete picture of post-9/11 FBI
intelligence abuses available to the public. Among other findings, EFF’s analysis of the
documents shows that, from 2001 to 2008, significant delays occurred in the reporting of
FBI violations to the IOB. The analysis also provides new insights into the type and
frequency of violations committed by the Bureau. Most violations fell into one of three
broad categories: first, FBI failure to comply with oversight guidelines; second, abuse of
the FBI’s authority to issue National Security Letters; and, third, the FBI’s failure to carry
out investigations within the bounds of the Constitution or other federal statutes
governing intelligence-gathering. Finally, EFF’s analysis concludes that the FBI may
have committed as many as 40,000 violations in the 10 years since the attacks of 9/11.
THE INTELLIGENCE OVERSIGHT BOARD
The Intelligence Oversight Board “was created in 1976 by President Ford in response to
recommendations made by the Rockefeller Commission calling for a Presidential-level
body with specific oversight responsibilities for the legality and propriety of US
intelligence activities.” 5 The Commission’s recommendations came in the wake of a
series of congressional reports that revealed illegal and abusive intelligence activities
targeting American and foreign citizens. These reports found that intelligence agencies
had intercepted and read Americans’ mail, performed surveillance on civil rights leaders
and other dissidents, and had orchestrated assassination attempts on foreign leaders.
In light of the Commission’s recommendation, President Ford established the IOB to
provide an independent review of intelligence activities to better safeguard citizens’ civil
liberties against these types of abusive practices. The IOB consists of five civilian
members, all with top-level security clearances, selected by the President to serve on the
IOB from the larger intelligence-monitoring body, the President’s Intelligence Advisory
5
President’s Intelligence Advisory Board and Intelligence Oversight Board, PIAB History,
http://www.whitehouse.gov/administration/eop/piab/history.
Electronic Frontier Foundation
2
WWW.EFF.ORG
Board (PIAB).6 The IOB’s mission is to “oversee the Intelligence Community’s
compliance with the Constitution and all applicable laws, Executive Orders, and
Presidential Directives.”7 The IOB must then report to
the President those violations the Board believes “may
Intelligence Oversight
be unlawful or contrary to an Executive Order or
Board
presidential directive.”8 Since its creation, the vast
Established in 1976 to
majority of the IOB’s reports and investigations have
oversee US Intelligence
remained secret.
Activities
Created in wake of
Slight modifications to the IOB’s authority and
structure have occurred since its creation in 1976, but
abusive practices such as
the IOB’s oversight capacity remained largely
reading Americans’ mail,
unchanged for nearly 30 years. In the years following
unwarranted surveillance
the attacks of 9/11, however, the Board’s role within
on civil rights leaders, and
the intelligence community was diminished in several
assassination attempts on
ways. First, from 2001 to 2003, President Bush failed
foreign leaders
to appoint advisers to serve on the IOB. 9 Even when
Role of IOB diminished in
advisers were appointed, however, the IOB continued
wake of 9/11 and many
to provide little real oversight: the IOB did not forward
intelligence abuses went
a single instance of intelligence misconduct to the
unchecked and unreported
Attorney General until 2006, despite having received
notice of several hundred violations.10 Further, in 2008, President Bush significantly
weakened the IOB’s oversight capacity by removing its ability to refer violations to the
Attorney General for criminal investigation. 11 President Bush also removed the IOB’s
authority to oversee intelligence agency general counsel and eliminated the requirement
for quarterly agency reporting to the IOB.12
Congressional reports of
EFF’s analysis of FBI reports to the IOB confirms the perceived inefficacy of the IOB’s
oversight from 2001 to 2008. Significant delays between violations occurring and their
eventual reporting rendered the IOB’s oversight capacity entirely impotent. On average,
nearly two-and-a-half years passed between the occurrence of an FBI intelligence
6
Id.
President’s Intelligence Advisory Board and Intelligence Oversight Board, About the PIAB,
http://www.whitehouse.gov/administration/eop/piab/about.
8
See, e.g., Exec. Order No. 13462 (Feb. 29, 2008), available at http://www.fas.org/irp/offdocs/eo/eo13462.htm.
9
John Solomon, In Intelligence World, a Mute Watchdog, WASH. POST, Jul. 15, 2007, available at
https://www.washingtonpost.com/wp-dyn/content/article/2007/07/14/AR2007071400862.html.
10
Id.
11
Charlie Savage, President Weakens Espionage Oversight, BOS. GLOBE, Mar.14, 2008, available at
http://www.boston.com/news/nation/washington/articles/2008/03/14/president_weakens_espionage_oversi
ght/?page=full.
12
Id.
7
Electronic Frontier Foundation
3
WWW.EFF.ORG
violation and its eventual reporting to the IOB. When a violation was reported within the
FBI internally, on average, six months still passed before the Bureau reported the
violation to the IOB, despite the Bureau’s requirement to report IOB violations on a
quarterly basis. In light of these significant gaps between the occurrence of a violation
and its eventual reporting to the IOB, it seems unlikely that the IOB diligently fulfilled its
intelligence oversight responsibilities for most of the past decade.
After taking office, President Obama rolled back some of the Bush Administration’s
changes to the IOB’s authority, but the function and effectiveness of the Board still
remains in question. In an October 2009 executive order, President Obama largely
reversed the changes made to the IOB’s oversight authority, and nine appointments have
been made to the larger President’s Intelligence Advisory Board. 13 Nevertheless, the
White House has not disclosed the composition or membership, if any, of the IOB, which
continues to call into question the legitimacy of current intelligence oversight efforts.
FBI INTELLIGENCE VIOLATIONS REPORTED TO THE IOB
As noted above, in EFF’s review of nearly 2,500 pages of documents released by the FBI,
EFF uncovered alarming trends in the Bureau’s intelligence investigation practices from
2001 to 2008. The documents suggest the FBI’s intelligence investigations have
compromised the civil liberties of American citizens far more frequently, and to a greater
extent, than was previously assumed. Broadly, these documents show that the FBI most
frequently committed three types of intelligence violations — violations of internal
oversight guidelines for conducting investigations; violations stemming from the abuse of
National Security Letters; and violations of the Fourth Amendment, Foreign Intelligence
Four Categories of FBI Intelligence Violations
1. Violations of internal oversight guidelines—over 1/3 of all violations reported
2. Violations of National Security Letter powers—almost 1/3 of all violations reported
3. Violations of the Constitution, FISA and other laws—1/5 of all violations reported
4. Remainder—Unclear from redactions
13
Charlie Savage, Obama Order Strengthens Spy Oversight, N.Y. TIMES, Oct. 29, 2009, at A16, available
at https://www.nytimes.com/2009/10/30/us/politics/30intel.html.
Electronic Frontier Foundation
4
WWW.EFF.ORG
Surveillance Act (FISA), and other laws governing intelligence investigations. Also,
based on statements made by government officials and the proportion of violations
occurring in the released reports, EFF estimates the FBI may have committed as many as
40,000 intelligence investigation violations over the past ten years.
Violations of Internal Oversight Guidelines
The first category of violation occurring with the most frequency involved the FBI’s
failure to comply with internal oversight guidelines for conducting investigations. This
type of violation ultimately resulted in investigations
occurring without any meaningful oversight from either
When the FBI fails
FBI Headquarters or the IOB. Of the reports filed with the
to comply with its
IOB, violations of oversight guidelines accounted for over
a third of all FBI violations.
own internal
guidelines there
The Attorney General Guidelines for FBI National
can be no
Security Investigations and Foreign Intelligence
meaningful
Collection (NSIG)14 set forth various reporting rules,
oversight.
investigative requirements, and classification regulations
for FBI agents to follow when conducting intelligence
investigations.15 Originally issued in 1976 in the wake of the Church Committee’s
revelations of frequent and serious FBI violations of citizens’ rights, the Guidelines task
the Attorney General with ensuring that all government intelligence operations occur
with sufficient oversight and within the bounds of the Constitution and other federal
laws.16 For example, the NSIG requires that, upon initiating a new intelligence
investigation, an agent report the investigation to FBI Headquarters within a specified
period. Other guidelines set requirements for annual reporting of investigations, for
information sharing practices between agencies, and — depending on the stage of the
investigation and the level of internal authorization — for the investigative techniques
FBI agents may use. Broadly, the Guidelines are intended to protect American citizens’
constitutional rights from intrusive and overreaching intelligence investigations.
In 2006, Department of Justice Inspector General Glenn Fine reported to Congress on
FBI compliance with the Attorney General’s Guidelines for Domestic Investigations, a
14
A previous version of the NSIG, the Attorney General’s Guidelines for FBI Foreign Intelligence
Collection and Foreign Counterintelligence Collection (“FCIG”) is referenced in some of the earlier
released documents. The NSIG replaced the FCIG in October 2003.
15
A partially declassified version of the guidelines is available at
http://www.fas.org/irp/agency/doj/fbi/nsiguidelines.pdf.
16
See ELECTRONIC PRIVACY INFORMATION CENTER, THE ATTORNEY GENERAL’S GUIDELINES, available at
http://epic.org/privacy/fbi/.
Electronic Frontier Foundation
5
WWW.EFF.ORG
distinct set of guidelines from the NSIG governing FBI domestic investigations.17 The
OIG investigation revealed “significant non-compliance with the Guidelines.” 18 EFF’s
analysis demonstrates that the FBI’s non-compliance extends to the NSIG, as well: the
FBI frequently violated its own internal oversight protocols for national security and
intelligence investigations. These violations ranged from a failure to submit notification
of the investigation of a US person to FBI Headquarters for three years,19 to a failure to
report a violation within 14 days of its discovery,20 to continuing to investigate a US
person when the authority to do so had expired.21 In all cases involving violations of the
NSIG, though, the FBI
FBI IOB Report 2007-1402
only reported to the IOB
when it determined the
agency’s
ability
to
supervise
the
investigation had been
“substantially impaired.”
In a 2005 Washington Post article, a senior FBI official dismissed the severity of this type
of violation, noting that the “vast majority of the potential [violations] reported have to
do with administrative timelines and time frames for renewing orders.” 22 But these
guidelines are much more than mere “administrative timelines:” the NSIG exists in order
to prevent intelligence agencies from invoking “national security” to monitor citizens
engaging in constitutionally protected activities — exactly the type of monitoring the FBI
was engaging in at the time.23
Taken together, the FBI’s disregard for its own internal oversight requirements and the
Bureau’s failure to timely report violations to the IOB undermined the safeguards
17
The FBI operates under two separate sets of guidelines issued by the Attorney General: one for domestic
investigations, one for national security and intelligence investigations. For a thorough treatment of the
gradual expansion of the Attorney General’s Domestic Guidelines, see EMILY BERMAN, BRENNAN CENTER
FOR JUSTICE, DOMESTIC INTELLIGENCE: NEW POWERS, NEW RISKS (Jan. 2011), available at
http://www.brennancenter.org/content/resource/domestic_intelligence_new_powers_new_risks/.
18
Oversight of the Federal Bureau of Investigation: Hearing Before the Sen. Comm. on the Judiciary (May
2, 2006) (statement of Glenn A. Fine, Inspector General, U.S. Department of Justice), available at
http://www.justice.gov/oig/testimony/0605.htm.
19
FBI IOB Report 2007-1402, Appendix 1.
20
FBI IOB Report 2001-46, Appendix 2.
21
FBI IOB Report 2003-25, Appendix 3.
22
Dan Eggen, FBI Papers Indicate Intelligence Violations, WASH. POST., Oct. 24, 2005, available at
https://www.washingtonpost.com/wp-dyn/content/article/2005/10/23/AR2005102301352.html.
23
See, e.g., DEPARTMENT OF JUSTICE, OFFICE OF THE INSPECTOR GENERAL, A REVIEW OF THE FBI’S
INVESTIGATIONS OF CERTAIN DOMESTIC ADVOCACY GROUPS (September 2010), available at
http://www.justice.gov/oig/special/s1009r.pdf (describing FBI surveillance of various American advocacy
groups from 2001 to 2006).
Electronic Frontier Foundation
6
WWW.EFF.ORG
established to protect civil liberties violations from occurring—the precise object of both
the NSIG and the IOB.
Abuse of National Security Letters
In the reports disclosed to EFF, the second type of violation occurring with the most
frequency involved FBI abuse of National Security Letters. These violations accounted
for almost one-third of all reported violations. National Security Letters, or NSLs, are
secret administrative subpoenas used by the FBI to obtain records from third-parties
without any judicial review. 24 While NSLs have existed since the late-1970s, the USA
PATRIOT Act greatly expanded the intelligence community’s authority to issue NSLs.
During the course of a terrorism or counterintelligence investigation, NSLs can be used to
obtain just three types of records: (1) subscriber and “toll billing information” from
telephone companies and “electronic communications services;” 25 (2) financial records
from banks and other financial institutions; 26 and (3) consumer identifying information
and the identity of financial institutions from credit bureaus.27
The FBI issued
The FBI's systemic abuse of NSLs has been well-documented
— both by Justice Department investigations and through
nearly 200,000
litigation and scrutiny of FBI practices by EFF. As noted
NSL requests
above, in reports from 2007 and 2008, the Inspector General
between 2003–
found that, between 2003 to 2006, the FBI may have
2006.
committed as many as 6,400 violations of the FBI’s NSL
authority.28 According to the 2008 Report, from 2003 to 2006,
the FBI issued nearly 200,000 NSL requests; almost 60% of the 49,425 requests issued in
2006 were for investigations of U.S. citizens or legal aliens. 29
24
See Electronic Frontier Foundation, National Security Letters, https://www.eff.org/issues/nationalsecurity-letters.
25
18 U.S.C. § 2709.
26
12 U.S.C. § 3414.
27
FBI has the authority to issue three different, but related, NSLs to credit agencies — an NSL pursuant to
15U.S.C. § 1681(u)(a) for the names of financial institutions with which the subject has an account; an
NSL pursuant to 15 U.S.C. 1681(u)(b) for consumer identifying information; and an NSL pursuant to 15
U.S.C. § 1681(v) for a full credit report. The FBI may only request a full credit report while investigating
international terrorism cases.
28
See Jason Ryan, FBI Search Abuses Could Number Thousands, ABC NEWS, Apr. 16, 2008, available at
http://abcnews.go.com/TheLaw/DOJ/story?id=4661216&page=1.
29
DEPARTMENT OF JUSTICE, OFFICE OF THE INSPECTOR GENERAL, A REVIEW OF THE FBI’S USE OF
NATIONAL SECURITY LETTERS: ASSESSMENT OF CORRECTIVE ACTIONS AND EXAMINATION OF NSL USAGE
IN 2006 (March 2008), available at http://www.justice.gov/oig/special/s0803b/final.pdf.
Electronic Frontier Foundation
7
WWW.EFF.ORG
Earlier scrutiny of FBI practices by EFF also revealed abuses of the Bureau’s NSL
authority. Documents obtained in a response to a 2007 EFF FOIA request showed that
the FBI issued an NSL to North Carolina State University to obtain educational records,
in clear violation of the FBI’s statutory authority.30 EFF also filed a lawsuit challenging
the legality of an NSL issued by the FBI to the Internet Archive. The government
formally withdrew the NSL request in 2008.31
Analysis of the FBI’s IOB reports released to EFF show that the Bureau committed
violations involving NSLs for telephone and electronic communications records twice as
often as it did for financial and credit records. While the FBI has publicly disclosed the
total number of NSLs issued annually, 32 the Bureau has refused to release the frequency
with which the three individual types of NSLs issued. However, if the rate at which the
FBI’s NSL violations occurred is an indicator of the frequency with which the three types
of requests were issued, then, on average, the FBI likely issued approximately 25,000
NSL requests for telephone and electronic communications records, 12,500 requests for
financial records, and 12,500 requests for credit information annually from 2003 to 2006.
Perhaps most startling, however, was the frequency with which companies receiving
NSLs — phone companies, internet providers, banks, or credit bureaus — contributed to
the FBI’s NSL abuse. In over half of all NSL violations reviewed by EFF, the private
entity receiving the NSL either provided more information than requested or turned over
information without receiving
a valid legal justification from
FBI IOB Report 2006–246
the FBI. Companies were all
too willing to comply with the
FBI’s requests, and — in many
cases — the Bureau readily
incorporated
the
overproduced information into its
investigatory databases.
For example, in a violation reported in 2006, the FBI requested email header information
for two email addresses used by a U.S. person. 33 In response, the email service provider
30
See Electronic Frontier Foundation, Report on the Improper Use of an NSL to NC State University,
https://www.eff.org/issues/foia/report-nsl-ncstate.
31
See Electronic Frontier Foundation, Internet Archive v. Mukasey, https://www.eff.org/cases/archive-vmukasey.
32
DEPARTMENT OF JUSTICE, OFFICE OF THE INSPECTOR GENERAL, A REVIEW OF THE FBI’S USE OF
NATIONAL SECURITY LETTERS: ASSESSMENT OF CORRECTIVE ACTIONS AND EXAMINATION OF NSL USAGE
IN 2006 (March 2008), available at http://www.justice.gov/oig/special/s0803b/final.pdf.
33
FBI IOB Report 2006-246, Appendix 4.
Electronic Frontier Foundation
8
WWW.EFF.ORG
returned two CDs containing the full content of all emails in the accounts. The FBI
eventually (and properly) sequestered the CDs, notified the email provider of the
overproduction, and re-issued an NSL for the originally requested header information;
but, in response to the second NSL, the email provider again provided the FBI with the
full content of all emails in the accounts.
Compounding the service providers’ problematic over-disclosure, the scope of the FBI’s
authority to issue NSLs for electronic transactional records rests on unsettled and unclear
legal grounds. The FBI’s NSL authority under the Electronic Communications Privacy
Act (ECPA) allows the government to issue NSLs to traditional telephone service
providers for non-content subscriber information and toll billing records — essentially,
the name, address, length of service, and local and long distance call records. 34 ECPA
also provides the authority to issue NSLs for “electronic communications transactional
records.”35 However, the exact scope of this remains unclear: according to the DOJ,
“electronic communications transactional records” include “those categories of
information parallel to . . . toll billing records for ordinary telephone service.” 36 What,
exactly, “those categories of information” constitute —
possibly including, for example, email “header”
Third parties, such
information, IP addresses, URLs, or other information —
remains unclear.
as financial
institutions or ISPs,
responded to NSLs
that lacked any
legal justification.
Third-parties not only willingly cooperated with FBI NSLs
when the legal justification was unclear, however: they
responded to NSLs without any legal justification at all. In
one instance, when requesting financial records from a bank
under the Right to Financial Privacy Act, the FBI used
language and statutory citations from ECPA — a statute
entirely unrelated to financial records — for its legal authority; nevertheless, the financial
institution complied with the FBI’s legally deficient request. 37 In another series of
violations, the FBI improperly requested and received full credit reports on subjects of
counterintelligence investigations. 38 The Fair Credit Reporting Act, the statute providing
FBI authority to request credit information using an NSL, however, only provides that
authority in terrorism investigations. 39 In other violations, the FBI failed to certify, as
34
See 18 U.S.C. § 2709(a).
Id.
36
See Department of Justice, Office of Legal Counsel, Requests for Information under the Electronic
Communications Privacy Act (November 2008) at 3 n. 3, available at
http://www.fas.org/irp/agency/doj/olc/ecpa.pdf.
37
FBI IOB Report 2007-718, Appendix 5.
38
FBI IOB Report 2004-80, Appendix 6.
39
See 15 U.S.C. § 1681(v).
35
Electronic Frontier Foundation
9
WWW.EFF.ORG
required by statute, that the NSL was relevant to a terrorism investigation and not being
used to investigate constitutionally protected activities.40 Again, despite the deficiency of
the request, the third-party complied with the FBI’s NSL.
The FBI’s abuse of its NSL power has garnered much of the attention in the debate over
the FBI’s abusive intelligence practices. What has not received as much attention,
however, is the unwillingness of companies and organizations to guard their clients’ and
users’ sensitive, personal information in the face of these NSL requests — whether the
request was legally justifiable or not. Undeniably, if the FBI had complied with the law,
the vast majority of NSL violations would never have occurred. Nevertheless, many of
the businesses and organizations with which Americans trust their most private
information are not applying any scrutiny to unjustifiable requests from the FBI and are
not responding to valid requests in a responsible manner.
Violations of the Constitution, FISA, and Other Legal Authorities
The third category of FBI intelligence violations reported to the IOB, accounting for
almost 20% of all reports, are violations of the Constitution, the Foreign Intelligence
Surveillance Act (FISA), and other federal laws governing criminal investigations and
intelligence-gathering activities. The first two types of intelligence violations committed
by the FBI — violations of the NSIG and NSL abuse — were readily susceptible to
categorization: these violations occurred with great frequency, and the violations were
often repetitive and largely similar. On the other hand, violations falling into the third
category were, in general, unique, and often flagrant, violations of a variety of legal
authorities.
Violations falling into
this third category were
FBI IOB Report 2002–74
consistently the most
brazen and egregious
violations. For example,
in two separate incidents,
the FBI reported to the
IOB that its agents had
made false statements in
written declarations to
courts.41 Another reported violation involved the FBI’s use of improper evidence to
40
FBI IOB Report 2007-1209, Appendix 7.
Electronic Frontier Foundation
10
WWW.EFF.ORG
obtain grand jury subpoenas.42 Other violations involved FBI’s use of a target’s username
and password to access and download account information 43 and a warrantless search of
password-protected files.44
Of the reports reviewed by EFF, however, this type of violation was also generally the
most redacted. One four-page report (on average, most reports are only one or two
paragraphs) is almost entirely redacted, with the exception of one paragraph that notes the
“scope of [the FBI agent’s] alleged offenses” warranted reporting to the IOB: the three
pages detailing the offenses, however, are almost entirely redacted.45 Moreover, solely
from the documents provided to EFF, it is evident that the FBI is withholding information
on an inconsistent and arbitrary basis. For example, one IOB report, which details the
issuance of NSLs without proper authority in the wake of the attacks on September 11th,
was inadvertently included twice in the FBI’s document release: one is nearly entirely
redacted; the other, almost entirely free from redactions.46 Numerous documents
throughout the FBI’s release provide similar evidence of the agency’s inconsistent and
arbitrary practice of redacting and withholding documents. 47
While the reports documenting the FBI’s abuse of the Constitution, FISA, and other
intelligence laws are troubling, EFF’s analysis is necessarily incomplete: it is impossible
to know the severity of the FBI’s legal violations until the Bureau stops concealing its
most serious violations behind a wall of arbitrary secrecy.
TOTAL NUMBER OF VIOLATIONS FROM 2001 TO 2008
Both the frequency and type of violations revealed in the FBI’s release to EFF are
staggering. At a minimum, these documents already demonstrate the need for greater
accountability and improved oversight mechanisms for American intelligence agencies.
Yet, at the same time, the FBI continues to withhold critical information on the
circumstances, rate of occurrence, and severity of these violations. And, if past
experience is any guide, it is likely that the FBI is either withholding or failing to report
many violations altogether.
41
FBI IOB Report 2002-72, Appendix 8; FBI IOB Report 2002-74, Appendix 9.
FBI IOB Report 2005-03, Appendix 10.
43
FBI IOB Report 2007-1693, Appendix 11.
44
FBI IOB Report 2006-224, Appendix 12.
45
FBI IOB Report 2008-255, Appendix 13.
46
FBI IOB Report 2001-69, Appendix 14.
47
See Jennifer Lynch, FBI Arbitrarily Covers up Evidence of Misconduct: Is this the Transparency Obama
Promised?, Electronic Frontier Foundation Deeplinks, available at
https://www.eff.org/deeplinks/2010/12/fbi-arbitrarily-covers-evidence-misconduct.
42
Electronic Frontier Foundation
11
WWW.EFF.ORG
In the absence of robust auditing and full disclosure from the Bureau, the only method for
approximating the scope of the FBI’s abusive intelligence practices is to extrapolate from
information contained within these releases and public statements made by government
officials. The IOB reports, themselves, provide some insight into the sheer number of FBI
intelligence violations. In previous litigation, EFF fought the FBI to release the IOB
matter numbers that accompany every IOB report. While not every IOB “matter” is
ultimately reported to the IOB, the numbers provide some indication
of the number of violations investigated by the FBI. Based on IOB
The number of
matter numbers on the reports released to EFF, it is clear that, at
FBI intelligence
minimum, the FBI investigated approximately 7,000 instances of
violations since
alleged misconduct from 2001 to 2008.
9/11 could
approach
40,000.
The actual number of violations that occurred from 2001 to 2008,
however, is likely much higher. The Inspector General has
acknowledged that as many as 6,400 potential NSL violations may
have occurred between 2003-2006;48 if the proportion of violations
released to EFF is representative of all FBI intelligence violations during that time period,
then the number of total violations during that four year time-period may have topped
17,000 — or an average of 4,250 serious intelligence violations per year. In the nine
years since 2001, EFF estimates that total could approach 40,000 possible violations.49
CONCLUSION
From 2001 to 2008, the FBI frequently and flagrantly violated laws intended to check
abusive intelligence investigations of American citizens. While many believed the era of
abusive FBI practices would end with the Bush Administration, there is little evidence
that President Obama has taken significant measures to change past FBI practices. Two
years into his term, the President has not publicly disclosed any appointments to the IOB,
48
See Jason Ryan, FBI Search Abuses Could Number Thousands, ABC NEWS, Apr. 16, 2008, available at
http://abcnews.go.com/TheLaw/DOJ/story?id=4661216&page=1.
49
This figure is an estimate based, first, on the fact that a significant number of FBI violations went
unreported, both internally and to the IOB; second, this estimate assumes the sample of violations reported
to the IOB and released to EFF is representative of all violations that occurred, including those that went
unreported; third, the estimate assumes violations occurred at the same rate over time. In the reports
released to EFF, roughly 33% were violations of the NSIG, 33% were NSL violations, and 20% were other
violations (the remaining violations were too heavily redacted to categorize). The estimate is based on an
extrapolation from the OIG’s estimate that 6,400 NSL violations occurred from 2003-2006. In the absence
of robust FBI auditing and thorough oversight, however, estimates are the only reasonable method to
approximate the scope of the FBI’s investigatory misconduct.
Electronic Frontier Foundation
12
WWW.EFF.ORG
and his campaign promise of unprecedented transparency within the executive branch has
gone largely unfulfilled — especially within the intelligence community.
Congress, however, has an opportunity to remedy these abuses: portions of the USA
PATRIOT Act expire in late February, and a bill has already been introduced in the
House of Representatives to reauthorize it. Instead of simply rubber-stamping the
intelligence community’s continuing abuse of American’s civil liberties, Congress should
seize this opportunity to investigate the practices of the FBI and other intelligence
agencies, and to demand greater accountability, disclosure, and reporting from these
agencies. Until then, the FBI’s pattern of misconduct will continue.
For further information on this Report, contact Mark Rumold, mark@eff.org, or Jennifer
Lynch, jen@eff.org.
Electronic Frontier Foundation
13
WWW.EFF.ORG
Appendix:
IOB Reports
Electronic Frontier Foundation
14
WWW.EFF.ORG
Appendix 1—IOB Report 2007–1402
Electronic Frontier Foundation
15
WWW.EFF.ORG
'"
notto, 2001-il~3. on "pdl U. 2005.
Ii....., 'non loa
oppro•• O hoot to n""ndd .rin~y Aot
[;;;;;;;:;~~N~.t,
Not'''; s."urlty Lltte, {~SLI
'11
(RFrAl
Unenol.: institution tOr .".
I
oubjOct'. tinoncial 'ecord. fr"",.
Tho
tin,nci.l ... nltutio" returneO H""".iU ,"co,d. lor tn' t=e
:'~'~'~'~~~;':=.9U.,.t'd. -pluo odOition" reco,d. prior tol
Jondy .. d tho «""Hs and uploaded • • O-. . . . ,y to on ~Bl
,~u".....
T"" .... ta uc•• diWj tn. OC<>p<o " f .n. ""L hu OincI """"-_
.eQu..
ond pIle;_" [cC* tn. I"IIl <I.ta"u., i
I~ ..
un•• ar. of tn. ""0'; to <open tn". _ U n " • ""tontial lOB or""
1
,"',
""od
"etU. or.. lnopettion (livid<>" (I""ol audit of Mort" 200',
"(Ul'
'<lV aV
.o,••_nt with tno COun...,l to tho
IO~.
._~ro& lh tho ",,1I.cHon or intor_t.o" ","roUlnt to
tMrd potty
or. "5L
th. urOc.
Hue,
I
I
"~_not
UfH?rt.blo "nl . . . tho I'IIl: " . . ,~und.<!
,J
1.,,,)y..O on<l "i>lo.d~d th<l onrpcO<lurHo" into "n ,.",'
. _dHab"o, tho. c"""",,,ndi09. t~. acme.
""oordin~l,., 0<iC r.p<>"~~
...• l,';,·I.-"NtUr
t",,".~Oa.
..;;,
.... _
.<>
lUI
'.ally. i. lOB _tt
oHio.
'0
2QQ1-'l~O
<ted that. on
ono"on_o
ex irod on
the!
I rlold
• "
C¥\>:»o·I08·I<
Electronic Frontier Foundation
16
WWW.EFF.ORG
Appendix 2—IOB Report 2001-46
Electronic Frontier Foundation
17
WWW.EFF.ORG
Appendix 3—IOB Report 2003-25
Electronic Frontier Foundation
18
WWW.EFF.ORG
Appendix 4—IOB Report 2006-246
Electronic Frontier Foundation
19
WWW.EFF.ORG
Appendix 5—IOB Report 2007-718
Electronic Frontier Foundation
20
WWW.EFF.ORG
Appendix 6—IOB Report 2004-80
Electronic Frontier Foundation
21
WWW.EFF.ORG
Appendix 7—IOB Report 2007-1209
Electronic Frontier Foundation
22
WWW.EFF.ORG
Appendix 8—IOB Report 2002-72
Electronic Frontier Foundation
23
WWW.EFF.ORG
Appendix 9—IOB Report 2002-74
Electronic Frontier Foundation
24
WWW.EFF.ORG
Appendix 10—IOB Report 2005-03
Electronic Frontier Foundation
25
WWW.EFF.ORG
Appendix 11—IOB Report 2007-1693
Electronic Frontier Foundation
26
WWW.EFF.ORG
Appendix 12—IOB Report 2006-224
Electronic Frontier Foundation
27
WWW.EFF.ORG
Appendix 13—IOB Report 2008-255
Electronic Frontier Foundation
28
WWW.EFF.ORG
'.
;
""
".
."
=
=
::,"...
- - - - - - - - - - -I
Electronic Frontier Foundation
29
WWW.EFF.ORG
Lop. . .
of
inhrno~
r81 ="010 Or rei pollc\ •• ,
withOut ""ce, oco 90no<dly no' <.pon.M. to tho
~08.
In tho
'n"oot Co'., ""~e'''' QUe h r.ponioQ '''ne .... , poHoy
violatioo. <0 the lOB bne<i upon "I. ,cope of th. . . . 11.~.d
0 ff ena••
d f 0 ' th ....on. d nCr Ibe<:l I>w~ 0'.
••
•
"
"",
""
,
Electronic Frontier Foundation
30
WWW.EFF.ORG
.."
"
."
CQnclt>du that t h •• _tten ... y
th~ Attornoy ".nonl Guld_Un. . for nil
of
I
•
.".",.,.
OOC d.,.. not boo". . . . ny oth., pro~l.lon. of tho
H' ' .... llc.ted by SSAc:::::J. oil.qo'" ..JoCOn"""t.
~S'G
~cco«!lnqly. OOC ""nclude. th.t SSAc::J. 01l090d
"'0,,0<><1",,< 10 repottobl. to tho lOB pu,"uont to <xecuti •• 0,,,,,.
llH2, tho July 17. 2M! InUlli,,_nc. Board Ropo«I"1l trhula.
On" t~. ""tll n. 2007 _"'rOn<!"'" outhor"" by stoph.n J. Hodley,
Auhton. to tho h . . tdea. for MoUono' Soco<lty ~H.iu .
•
Electronic Frontier Foundation
31
WWW.EFF.ORG
Appendix 14—IOB Report 2001-69
Electronic Frontier Foundation
32
WWW.EFF.ORG
..
- -.
'"OOMT'''''
CON'I'A.n.O
to
HUO uc ...
..."" •..,.."
A."
H•••UK
UJI0"" . .
""H~"lo.
•
O AT!, 01-01-'010
•
""""HU" "" "". 0>1"'0.;11""
........000' L.' Co,
'OC""."PV OK, O,-o.".oJI
••
",
(SI
(SI
tho
u of Invuti90U"" IFBII h. .
MUralned tho
Ohi.lon oI>ulnod finonol.l .'"""',.;,
~"tainlnq to • •u . "
0
o1ot "ull<>ot p<oPOO' o",,,,,,lty.
Io tflla <~.rd. In
In oor.jupet1pp MUb '0 <ja-9~ln~
- jptor!!ltlgOrl tH:
q'tlon"'oll
I
Dhlsi"" 1"11<..","') p."l"' .... d ."d 10.00<1 roquuu for
Mtc' FseoFl" ptrUJnlrlq to t~. oubjo<:t 011<1 hh ~nl"".
[
And Hnonc1al roe<>.oi. pertainll\'j to t!wl oubjeot.
tbe luter <~. .t " . . ,ont by fooo1Jo.il• •ltMe hours gr t1J.
" . . dIAl! to; 'MId irOd> Contu and tn. PonU9C<l
I
J
!
_
I.~tin~ bOP;
t....
Fr.
...' . coC<! ,O<Oo.d•.
Altllooqiith. ottn. prepue<l bYL
oly "re9"Ut.d"
IntonLOtloo I,coo tho ,ee<>.d-lloldor"h o •• I tponaln,. foe
.wI
pUpUi"'l tho cOHo.pondoneo Ine<>r<ocUy ocrled th_ . . Natlono'
s..curity Loou. .o (.ua 5~ U.S.C. S 1851 ond 12 U.S.C. S JUt) ond
reeHoS ttl! c.rtiUC.tlon l.n]"..... '
,
!
. ao t>.• Ie~i OU.h<>rity to req"""
t~. l"to<tOOtj,otI.
1M l . n . " ncO .I<jtIOd by tho ~ctln9 spoelal
."""'"
~,c
'"
"".nt
1ft Chug. ~h<>, ot t~ot ti_, dld Mt
l'90). a~tl>otltv
to i . . "" NotlonO). Socurlry l.ett.U. Thla
tt.r " " bo.n
r<lp<>rU<1 to
Fal', O!hco of Profe. . ion.l. Re.ponHbl11ty for
aetlon
appr"l'rl.ot..
QKl,
t'"
de_
ciiJi;!,t:::rm
.u
Ro. .on:
C>Ocl
Electronic Frontier Foundation
NSAlOGC
I
.Uy on:
33
WWW.EFF.ORG