A Review of the FBI Informal Requests for Telephone Records, OIG, 2010
Download original document:
This text is machine-read, and may contain errors. Check the original document to verify accuracy.
U.S. Department of Justice Office of the Inspector General A Review of the Federal Bureau of Investigation's Use of Exigent Letters and Other Informal Requests for Telephone Records Oversight and Review Division Office of the Inspector General January 2010 UNCLASSIFIED TABLE OF CONTENTS TABLE OF CONTENTS i LIST OF ACRONYMS viii TABLE OF CHARTS, TABLES, AND DIAGRAMS xi CHAPTER ONE INTRODUCTION xii I. Findings in the DIG's Previous Reports 2 II. Methodology of the OIG Investigation 4 III. Organization of this Report 6 CHAPTER TWO THE FBI'S USE OF EXIGENT LETTERS AND OTHER INFORMAL REQUESTS FOR TELEPHONE RECORDS 9 I. The Electronic Communications Privacy Act (ECPA) 9 II. Background on the FBI's Use of Exigent Letters A. Origins of Exigent Letters in the FBI's New York Field Division 1. 2. B. The FBI's New York Field Division Contract with Company A The New York Field Division's First Use of Exigent Letters 11 11 12 12 The Work of the Communications Analysis Unit (CAUl and the FBI's Contracts with the Three Communications Service Providers................................................................... 14 1. 2. 3. 4. 5. III. The CAU's Mission and Organizational Structure Terminology Used in this Report for Non-Content Telephone Transactional Records FBI Contracts with the Three Communications Service Providers Location of the Three Communications Service Providers Relationship between CAU Personnel and the Providers' Employees 16 19 20 24 25 Exigent Letters Issued by CAU Personnel 25 A. 27 Text of the CAU Exigent Letters 1 B. C. CAU's Exigent Letters Practice 29 1. 2. 34 38 40 E. Employees of On-site Communications Service Providers 41 Types of Cases in which Exigent Letters were Used 43 Other Informal Methods for Requesting Records without Prior Service of Legal Process 45 B. E-mail, Face-to-Face or Telephone Requests, and Informal Notes 45 "Sneak Peeks" or "Quick Peeks" 47 Records Obtained in Response to Exigent Letters and Other Informal Requests 50 A. Types of Records Collected by the Providers 50 B. How Records were Uploaded and Analyzed by the FBI 52 C. Community oflnterest/Calling Circle _ 54 ;: 54 3. 4. VI. Signers of Exigent Letters in the CAU CTD Supervisors The FBI's Senior Leadership A. V. 28 D. F. IV. Counterterrorism Division's and CAU's Recognition of the Use of Exigent Letters g~=~~~g ~~ :~~:~::~ ~.i~;.ili~ FBI 56 Com an A's Use of Community of Interest_ .................................................... 61 FBI Guidance on Community of Interest_ Requests 62 OlG Analysis A. 64 Requests for Telephone Records through Exigent Letters and Other Informal Requests 64 B. "Sneak Peeks" 72 C. Calling Circle/Community of Interest _ 75 CHAPTER THREE: ADDITIONAL USES OF EXIGENT LETTERS AND OTHER INFORMAL REQUESTS FOR TELEPHONE RECORDS 79 Obtaining Calling Activity Information on "Hot Numbers" 79 I. ii A. B. C. D. II. Legal Authority for Obtaining Calling Activity Information 80 Hot Number _ 81 1. 2. 82 83 FBI OGC and CAU's Unit Chiefs' Knowledge of Hot Number _ 85 OIG Analysis 87 Seeking Reporters' Telephone Records Without Required Approvals 89 A. Federal Regulations and Department Policies 89 B. First Matter 91 I. 2. 91 3. 4. C. D. III. IV. Company C Company A Background The Investigation of the Leak of Information to the Media FBI Notifies the Reporters That Their Records Were Obtained OIG Analysis 91 101 102 Second Matter 104 1. 2. 3. 4. 104 105 III 113 Background The Leak Investigation OIG Investigation OIG Analysis Third Matter. 114 1. 2. 3. 114 115 120 Background... The Leak Investigation OIG Analysis Inaccurate Statements to the Foreign Intelligence Surveillance Court 122 A. FISA Case No.!.. 124 B. FISA Case No. 2 124 C. FISA Case No.3 125 D. FISA Case No. 4 126 E. OIG Analysis 127 Improper Administrative Subpoenas Issued to the On-site Providers 1ll 129 A. The FBI's Administrative Subpoena Authority B. Administrative Subpoenas Served on the On-Site 130 Providers............................................................................. 131 C. Improper Administrative Subpoenas Issued in Two FBI Investigations 1. 2. 3. 4. D. Issuing FBI Administrative Subpoenas in the Absence of an Active Narcotics Investigation Administrative Subpoenas were Signed by Unauthorized Personnel Two Additional After-the-Fact Administrative Subpoenas Knowledge of the Use of The Title 21 Administrative Subpoenas OIG Analysis The FBI's Attempts at Corrective Actions From 2003 through October 2006 A. B. C. 131 132 133 134 134 CHAPTER FOUR: THE FBI'S ATTEMPTS AT CORRECTIVE ACTIONS REGARDING EXIGENT LETTERS I. 131 137 137 A Backlog First Develops During Rogers's Tenure as CAU Unit Chief. 139 NSLB Knowledge of Exigent Letters and Involvement in Issuing After-the-Fact NSLs 142 NSLB Attorney Meets with CAU Personnel Regarding Exigent Letters 146 D. CAU Begins Implementing then Abandons a Tracking System for Legal Process..................................................... 150 E. CAU Unit Chief Youssef Learns that the CAU has Obtained Records in Advance of Legal Process 151 F. NSLB Attorney Provides Incorrect Advice to the CAU About the Use of Exigent Letters 154 G. NSLB Fails to Recognize Applicability of the ECPA's Authority for Emergency Voluntary Disclosures to Requests Sent to the CAU 155 H. The September 26, 2005, Meeting 157 I. The CAU Efforts to Reduce the Backlog 159 J. DIG Analysis of FBI Attempts at Corrective Actions From 2003 through October 2006 162 IV K. FBI Issues 11 Improper Blanket NSLs in May to October 2006 1. 2. 3. 4. 5. II. 165 166 167 178 184 The FBI's Corrective Action Since November 2006 185 A. FBI OGC Learns of Blanket NSLs 186 B. The CAU's Draft Memorandum to the FBI OGC Reporting Possible Intelligence Oversight Board Violation 187 C. FBI Legal Guidance Clarifying Legal Authorities 190 D. Relocation of Communications Service Providers' Employees From the FBI 191 FBI Analysis of Whether it Will Retain or Purge Records 192 E. 1. 2. FBI Analysis FBI Analysis of Records Obtained From Exigent Letters and 11 Improper Blanket NSLs Steps Taken to Purge Records Records Improperly Acquired Relating to Criminal Investigations Other NSLs Referred by the OIG to the FB!.. OIG Analysis of FBI Retention Decisions 208 209 210 OIG Conclusions Regarding FBI Attempts at Corrective Action for Exigent Letters 211 3. 4. 5. 6. III. Youssef Proposes Policy and Procedures for Service of NSLs NSLB Revises Model for Exigent Letters but Approves Their Continued Use Three Blanket NSLs (May, July, and September 2006) Eight Additional Blanket NSLs in 2006 OIG Analysis of 11 Improper Blanket NSLs 165 192 196 208 CHAPTER FIVE OIG FINDINGS ON FBI MANAGEMENT FAILURES AND INDIVIDUAL ACCOUNTABILITY 213 I. 213 Management Failures A. B. C. Failure to Plan for Proper Use of the On-Site Communications Service Providers 214 Failure to Provide Training and Guidance to CAU Personnel 216 Failure to Oversee the CAU Activities 219 v II. Individual Performance 221 A. CAU Unit Chief Glenn Rogers 221 B. CAU Unit Chief Bassem Youssef 224 C. NSLB Deputy General Counsel Julie Thomas 230 D. NSLB Assistant General Counsel 235 E. General Counsel Valerie Caproni 237 F. Signers of the 11 Blanket NSLs: Joseph Billy, Jr., Arthur Cummings III, Michael Heimbach, and Jennifer Smith Love 239 1. 2. 3. 4. 5. III. Joseph Billy, Jr Arthur A. Cummings III Michael Heimbach Jennifer Smith Love OIG Conclusion on CTD officials who signed improper blanket NSLs 243 G. CAU Personnel Who Signed Exigent Letters 244 H. FBI Personnel Involved in Media Leak Investigations 249 1. 2. 3. 249 252 254 First Matter Second Matter Third Matter Conclusion 256 CHAPTER SIX: CONCLUSIONS AND RECOMMENDATIONS I. 239 240 241 242 ............. 257 Conclusions 257 A. Exigent Letters and Other Informal Requests 257 B. Other Informal Requests for Telephone Records 268 C. FBI Attempts at Corrective Actions 272 1. 2. D. E. The FBI's Initial Attempts at Corrective Action Corrective Actions after the OIG's First NSL Report 273 275 Improper Requests for Reporters' Telephone Records or Other Calling Activity in Three Media Leak Investigations 276 OIG Findings on Management Failures and Individual Accountability for Exigent Letters and other Improper Requests for Telephone Records 279 VI II. Recommendations 285 III. GIG Conclusion on Exigent Letters and Other Improper Requests for Telephone Records 288 Vll [pAGE LEFT INTENTIONALLY BLANK] viii LIST OF ACRONYMS AUSA CAU CD CDC CTD CXS DAD DT-6 EC ECPA EOPS FBI FISA FISA Court FISDU lOB ITOS-I NSD NSI Guidelines NSL NSLB OGC OIG Ole PIOB SAC SSA Assistant United States Attornev Communications Analysis Unit Comoact Disk Chief Division Counsel Counterterrorism Division Communications EXPloitation Section Deputy Assistant Director Domestic Terrorism [Souadl 6 Electronic Communication Electronic Communications Privacy Act Electronic Surveillance Operations & Sharin" Unit Federal Bureau of Investi"ation Forei"n Intelli"ence Surveillance Act of 1978 Forei"n InteIli"ence Surveillance Court Field Investi"ative Software Develooment Unit InteIli"ence Oversi"ht Board International Terrorism Operations Section National Security Division The Attorney General's Guidelines for FBI National Security Investi"ations and Forei"n InteIli"ence Collection National Security Letter National Security Law Branch Office of the General Counsel Deoartrnent of Justice Office of the Inspector General Office of Le"al Counsel Possible InteIli"ence Oversil<ht Board Special A"ent in Char"e Supervisory Special A"ent IX [pAGE LEFT INTENTIONALLY BLANK) x TABLE OF CHARTS, TABLES, AND DIAGRAMS CHART 2.1 Organizational Chart of Communications Exploitation Section 15 CHART 2.2 FBI DGC, Senior Leadership, and Counterterrorism Division Officials Management (2003 through 2007) 18 CHART 2.3 Exigent Letters Issued by CAU Personnel to the Three On-Site Communications Service Providers (2003 through 2006) 30 CHART 4.1 Analysis of FBI's Basis for Retaining Records from Exigent Letters and 11 Blanket NSLs 200 CHART 4.2 Analysis of FBI's Basis for Retaining Records from Exigent Letters and 11 Blanket NSLs 201 CHART 4.3 Records for 10 Telephone Numbers Uploaded into FBI Databases with the Longest Periods of Overcollections 207 TABLE 2.1 Exigent Letters Issued by CAU Personnel by Calendar Year (2003 through 2006) 26 TABLE 2.2 Exigent Letters Issued by CAU Personnel to the Three On-Site Communications Service Providers (2003 through 2006) 26 TABLE 4.1 Three Blanket NSLs Issued by the CTD in 2006 169 TABLE 4.2 Eight Blanket NSLs Issued by the CTD in Connection with FBI Operations Y and Z 178 TABLE 4.3 FBI's Analysis of Basis for Retaining Records Listed in Exigent Letters and 11 Blanket NSLs 198 DIAGRAM 2.1 Calling Circle or "Community ofInterest" _ 55 DIAGRAM 2.2 Comparison of NSL Approval Process with Exigent Letters 69 DIAGRAM 4.1 Timeline of Requests Made by the Three On-Site Communications SeIVice Providers Addressed by Three Blanket NSLs, and Subsequent Corrective Actions 177 DIAGRAM 4.2 FBI Summary Chart of Plan to Rectify the Exigent Letters Situation 194 Xl [pAGE LEFT INTENTIONALLY BLANK] xii CHAPTER ONE' INTRODUCTION On March 9, 2007, the Department of Justice (Department or DOJ) Office of the Inspector General (O[G) issued its first report on the Federal Bureau of Investigation's (FBI) use of national security letters (NSL). Issued in response to the requirements in the USA PATRIOT Improvement and Reauthorization Act of 2005 (Patriot Reauthorization Act), the first report described the use and effectiveness of NSLs, including "any illegal and improper use: in calendar years 2003 through 2005. 2 On March 13, 2008, the OIG issued its second report on NSLs, which assessed the corrective actions the FBI and the Department had taken in response to the OIG's first NSL report. The second report also described NSL usage in calendar year 2006. 3 In this third report, we describe the results of our investigation of the FBI's use of exigent letters and other informal requests, instead of NSLs or other legal process, to obtain the production of non-content telephone records from employees of three communications service providers (Companies A, B, and C).4 The OIG conducted this investigation to examine in greater detail the extent of the FBI's use of exigent letters and other informal requests for such information. as well as to assess the accountability of FBI employees and supervisors who were responsible for these practices. We examined the conduct of the FBI personnel who signed I The Office of the Inspector General (OIG) has redacted (blacked out) from the public version of this report information that the FBI and the Intelligence Community considered to be classified. We have provided full versions of our classified reports - a Secret version and a Top Secret/Secure Compartmented Information (SCI) version - to the Department of Justice, the Intelligence Community, and Congressional committees. ;2 U.S. Department of Justice Office of the Inspector General, A Review ofth£ Federal Bureau of Investigation's Use of National Security Letters (March 9, 2007) (NSL I), available at www.usdoj.gov/oig. We refer to this report as the first NSL report, or NSL I. All references to this report are to the unclassified version that was publicly released. We provided a separate classified version of the report to the Department and Congress. 3 U.S. Department of Justice Office of the Inspector General, A Review ofth£ FBI's Use of National Security Letters: Assessment of Corrective Actions and Examination of NSL Usage in 2006 (March 13,2008) (NSL II), available at www.usdoj.gov/oig. We refer to this report as the second NSL report, or NSL II. 4 In this report, we do not identify the specific companies because the identities of the specific providers who were under contract with the FBI for specified services are classified. 1 these letters or made these informal requests, their supervisors, and the FBI's senior leadership. I. Findings in the OIG's Previous Reports In our first NSL report, we described how the FBI issued at least 739 so-called "exigent letters" between March 11, 2003, and December 16, 2005. These letters were signed by personnel in the FBI Counterterrorism Division's (CTD) Communications Exploitation Section (CXS) who were not authorized to sign NSLs, including two Assistant Section Chiefs, Unit Chiefs assigned to the CXS's Communications Analysis Unit (CAU), Supervisory Special Agents (SSA), Intelligence Analysts, and an Intelligence Operations Specialist. We determined that the 739 exigent letters requested information relating to approximately 3,000 telephone numbers. The overwhelming majority of the letters requested production of telephone records, allegedly "due to exigent circumstances," and also stated that subpoenas requesting the information had been submitted to a U.S. Attorney's Office for processing and would be served formally as expeditiously as possible. We concluded that by using exigent letters to acquire information from three communications service providers prior to serving NSLs or other legal process, the FBI circumvented the requirements of the Electronic Communications Privacy Act (ECPA) NSL statute and violated the Attorney General's Guidelines for FBI National Security Investigations and Foreign Intelligence Collection (NSI Guidelines), and internal FBI policy. We also found that there were factual misstatements in the letters. While almost all exigent letters stated that subpoenas requesting the information had been submitted to a U.S. Attorney's Office and would be served on the providers, in fact subpoenas were not issued in many instances and in other instances had not been requested. Moreover, we developed information that exigent letters sometimes were used in non-exigent circumstances. We also found that the FBI was unable to later establish that some of the exigent letter requests were made in connection with the required open preliminary or full investigations conducted pursuant to the Attorney General's NSI Guidelines or that the records requested were relevant to those investigations. In our first NSL report we also described the circumstances in which attorneys in the FBI Office of General Counsel's (FBI OGC) National Security Law Branch (NSLB) became aware of the exigent letters practice in late 2004 and the efforts NSLB attorneys made to limit the practice, and the fact that the FBI did not direct that the practice stop for over two years, until after the OIG provided its first NSL report to the FBI in February 2007. 2 While we recognized the significant challenges the FBI faced during the period covered by our first review, we concluded that these circumstances did not excuse the FBI's circumvention of the requirements of the ECPA NSL statute, the inaccurate statements in the exigent letters, and the violations of the Attorney General's NSI Guidelines and internal FBI policy governing the use of NSLs. In our second NSL report, we assessed the FBI's response to the findings on the misuse of NSLs in our first NSL report. In particular, we examined the status of the FBI's implementation of our recommendations from our first NSL report and additional corrective actions by the FBI and other Department components. We concluded that the FBI and the Department had made significant progress in implementing our recommendations and had taken other significant corrective actions in response to the serious problems we identified in the use of NSLs. However, we concluded that it was too early to definitively state whether the new systems and controls developed by the FBI and the Department would eliminate fully the problems identified with the FBI's use of NSLs. As required by the Patriot Reauthorization Act, our second NSL report also described the FBI's use of NSLs in 2006. We found similar misuses of NSLs to those we identified in our first NSL report and a continuation of the upward trend in NSL usage. Finally, in our second NSL report we made 17 additional recommendations designed to help the FBI further improve its oversight and use of NSLs. Our first and second NSL reviews were limited to the FBI's use of NSLs and exigent letters and did not investigate other ways in which the FBI initiated requests for records or other calling activity information from the three communications service providers, such as bye-mail, face-to-face, or telephone requests. Our reviews also did not investigate other ways in which the providers' employees gave information to the FBI without legal process, such as by providing calling activity information through what CAU personnel and the three providers called "sneak peeks" or "~eks," or by _ FBI personnel to calling activity information by _ "hot numbers. "5 Similarly, our first and second NSL reviews did not investigate ways in which the resources available from the on-site communications 5 As discussed in more detail in Chapter Three of this report, a hot number is a the FBI to either Company A or Company C for purposes of telephone number identified having the providers to identify calling activity by that number. 3 service providers were used in connection with other FBI or Department activities, such as FBI administrative subpoenas, applications for electronic surveillance orders filed with the Foreign Intelligence Surveillance Court (FISA Court), or grand jury subpoenas in media leak investigations. Moreover, in our previous NSL reviews we did not assess the individual accountability of the signers of the exigent letters, their supervisors, or attorneys in the FBI OGC. In addition, we did not address the training, guidance, supervision, or legal oversight provided to the CAD employees who signed the exigent letters, or the role of FBI supervisors and senior FBI management in the use of exigent letters. In this investigation, as described in this report, we cover these and related subjects. II. Methodology of the OIG Investigation The OIG team that conducted this investigation was composed of attorneys, special agents, program analysts, auditors, and paralegals from the OIG's Oversight & Review, Investigations, and Audit Divisions. The OIG team led this investigation and wrote this report. Personnel from the FBI's Inspection Division participated with the OIG team on parts of this investigation. 6 In this investigation, we interviewed over 100 FBI employees and former employees, as well as employees of Company A, Company B, and Company C, each of which co-located employees in FBI offices beginning in 2003 and continuing through late 2007. We interviewed 31 of the 32 current or former FBI employees who signed the exigent letters. We also 6 After we issued our first NSL report, we initially referred our fmdings regarding exigent letters to the FBI for it to conduct an investigation to determine whether disciplinary action should be taken against any FBI employees involved in the exigent letters practice. However, after further consideration and discussion with the FBI, we determined that the DIG should lead the investigation. As a result, the DIG determined the scope of the investigation, the witnesses to interview, and the content of this report. Initially, FBI Inspection Division personnel assisted us in interviews of FBI employees and employees of the communications service providers. However, we detennined that they should not participate in all aspects of the investigation. For example, the Inspection Division did not participate in the review of CAU Unit Chief Bassem Youssef or his conduct. In addition, after our first interview made clear the scope of the issue, the FBI was not involved in further interviews relating to the leak investigations in which the FBI sought or obtained toll billing records or other calling activity information of members of the news media. Finally, no FBI personnel participated in the writing of this report, and this report reflects the conclusions of the QIG only. 4 interviewed all 4 of the officials in the FBI Counterterrorism Division (CTD) who signed a total of 11 after-the-fact "blanket" NSLs in 2006 that were issued in an attempt to "cover" or "validate" records previously obtained in response to exigent letters or other improper requests. We also interviewed FBI supervisory personnel who oversaw the CTD's CXS and one of its units, the CAU, from 2003 to the present; current and former Deputy Assistant Directors (DAD) and Assistant Directors in the CTD; the former Executive Assistant Director of the FBI's National Security Branch; the FBI's Deputy General Counsel for the FBI OGC NSLB; an Assistant General Counsel assigned to the NSLB and other NSLB attorneys; several retired or former FBI officials; and the FBI General Counsel, Deputy Director, and Director. In addition, we examined thousands of FBI documents and electronic records from FBI Headquarters and field divisions, as well as additional documents obtained through OIG administrative subpoenas served on the three communications service providers. Our investigation also sought to determine whether any FBI personnel who signed or had supervisory responsibility for those who signed the exigent letters and made other informal requests violated any criminal laws or engaged in administrative misconduct or improper performance of official duties. To this end, we consulted with the Public Integrity Section of the Department's Criminal Division for a decision on whether the evidence warranted criminal prosecution. We provided to the prosecutor the evidence we gathered in our investigation, including transcripts of interviews, relevant documents, and e-mails. The Public Integrity Section declined prosecution of any individuals relating to the exigent letters matter. With the assistance of the Department's National Security Division we also examined applications for pen register/trap and trace orders or electronic surveillance orders filed with the Foreign Intelligence Surveillance Court (FISA Court) that referred to telephone numbers listed in exigent letters or some of the blanket NSLs signed by CTD officials in 2006. 7 We examined these applications to determine if the supporting documents accurately characterized the means by which the FBI had obtained the subscriber or calling activity information it relied upon in seeking the orders. 7 A "pen register" is a device that records the numbers that a target telephone is dialing. A "trap and trace" device captures the telephone numbers that dial a target telephone. See 18 U.S.C. § 3127 (2000). 5 We also served OIG administrative sUbpoenas on the three communications service providers to obtain copies of exigent letters, NSLs, administrative subpoenas, and other documents relevant to our investigation. m. Organization of this Report This report is divided into six chapters. Chapter Two describes in detail the circumstances in which the FBI used exigent letters and other informal requests to obtain telephone records from the three on-site communications service providers. This chapter also contains our analysis of each of these methods for obtaining telephone records and other calling activity information. Chapter Three contains additional findings and analysis concerning how the use of exigent letters and other informal requests led to additional improper practices, including the acquisition of calling ac~rmation regarding "hot numbers" without legal process; improper _ and the acquisition of reporters' and news organizations' telephone toll billing records and other calling activity information; inaccurate statements to the FISA Court about the source of subscriber and calling activity information supporting applications for FISA Court pen register/trap and trace and electronic surveillance orders; and the improper use of FBI administrative subpoenas to cover records acquired from exigent letters or other informal requests. Chapter Four contains our findings and analysis regarding the various corrective actions attempted by the FBI to address the use of exigent letters, including the issuance of 11 improper blanket NSLs. This chapter also describes steps taken by the FBI after the OIG's first NSL report was issued in March 2007 to address the use of exigent letters and other informal requests for telephone records. This chapter also contains our findings on the FBI's analysis of whether it will retain telephone records it acquired after issuing exigent letters or that were listed in the 11 blanket NSLs. Chapter Five examines the FBI's management failures that led to these improper practices. It also evaluates the actions of individual FBI employees, including the CAU personnel who signed exigent letters; the CAU Unit Chiefs who supervised the unit; the senior CTD officials who signed 11 improper blanket NSLs; and attorneys in the FBI's Office of the General Counsel who provided legal advice relating to the exigent letters. In addition, this chapter examines the conduct of FBI and Department personnel who sought or acquired reporters' telephone toll billing records or other calling activity information without proper authority or approvals. 6 Chapter Six. contains our conclusions and recommendations. The appendix. to the report provides examples of exigent letters signed by CAU personnel. 7 [pAGE LEFT INTENTIONALLY BLANK] 8 CHAPTER TWO THE FBI'S USE OF EXIGENT LETTERS AND OTHER INFORMAL REQUESTS FOR TELEPHONE RECORDS This chapter details the FBI's use of exigent letters and other types of informal requests for telephone records. First, it provides background on the FBI's initial use of exigent letters in 2002 in connection with its criminal investigations of the September 11 hijackers, the migration of the practice to FBI Headquarters in 2003, and the FBI's contracts with Company A, Company B, and Company C to provide on-site support to FBI investigations. It describes the FBI's establishment of the Communications Analysis Unit (CAU), and the FBI's process for issuing exigent letters; the CAU personnel who signed them; and how the requests were initiated, drafted, approved, and documented. This chapter also describes other practices by which CAU personnel requested and received telephone records from the on-site communications service providers without prior issuance of legal process or even exigent letters. These other informal methods included e-mail requests or oral requests. These informal requests also included what CAU personnel called "sneak peeks/' which were requests without legal process to obtain information about whether calling activity existed for particular telephone numbers or subscribers, to obtain details about the calling activities, or to view records on the on-site providers' computer screens without obtaining the records themselves. In addition, this chapter describes how the telephone records were analyzed by the FBI and uploaded into FBI databases. The chapter also describes FBI re uests for a "communi of interest" or "callin circle" I. The Electronic Communications Privacy Act (ECPA) To protect the confidentiality of telephone and e-mail subscriber information and telephone toll billing records information, the Electronic Communications Privacy Act (ECPA) states that communications service providers "shall not knowingly divulge a record or other information pertaining to a subscriber or customer of such service ... to any 9 government entity!'B The ECPA contains an exception to maintaining the confidentiality of such records by imposing a "duty to provide" responsive records if the Director of the FBI or his designee certifies in writing that the records sought are relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities, provided that such an investigation of a United States person is not conducted solely upon the basis of activities protected by the first amendment to the Constitution of the United States. 9 During the period covered by our review, the ECPA and Attorney General's Guidelines for FBI National Security Investigations and Foreign Intelligence Collection (NSI Guidelines) authorized the use of national security letters (NSL) only during investigations of international terrorism or espionage upon the written request of a Special Agent in Charge or other specially delegated senior FBI official. IO In order to open such investigations, the FBI must satisfy certain evidentiary thresholds, which are documented in FBI case files and approved by supervisors. If case agents want to issue NSLs, FBI policies require a 4-step approval process. Case agents must secure the approval of the case agent's supervisor, an Assistant Special Agent in Charge, the field office's Chief Division Counsel, and the Special Agent in Charge (or equivalent supervisors and attorneys at FBI Headquarters) who signs the NSL. FBI personnel authorized to sign NSLs are all members of the Senior Executive Service. We concluded in our first NSL report that the CAU's use of exigent letters circumvented the ECPA NSL statute. I I We found that neither the ECPA, the Attorney General's NSI Guidelines, nor FBI policy authorize the 8 18 U.S.C. § 2702(a)(3) (2000). In this report we refer to entities that provide electronic communication services to the public as "communications service providers" or the "providers." • 18 U.S.C. §§ 2709(a) and 2709(b)(2) (2000 & Supp. IV 2005). to The Attorney General's NSI Guidelines were consolidated with other Attorney General Guidelines into a new set of Attorney General Guidelines, referred to as the Attorney General's Consolidated Guidelines, which became effective on December I, 2008. The new guidelines now govern the FBI's criminal investigations, national security investigations, and foreign intelligence investigations. However, these new guidelines did not alter the requirements for NSLs issued in national security investigations, which include investigations of international terrorism and espionage. It OIG, NSL I, 95-98. 10 FBI to obtain ECPA-protected records by serving this type of informal letter prior to getting the records. with "legal process to follow." In our first report, we noted that in limited circumstances. a separate provision of the ECPA authorizes the FBI to obtain non-content telephone records from communications service providers. From April 2003 through March 2006 - the period when most of the exigent letters were issued - the ECPA provision authorized a provider to voluntarily release toll records information to a governmental entity if the provider "reasonably believe[dj that an emergency involving immediate danger of death or serious physical injury to any person justifie[d] disclosure of the information." 12 However, for several reasons we did not agree with the FBI's after-the-fact argument that the exigent letters could be justified under this provision. In fact, senior CAU officials and FBI attorneys told us they did not rely at the time on the emergency voluntary disclosure provision to authorize the exigent letters, and we also found that the letters were sometimes used in non-emergency circumstances. 13 n. Background on the FBI's Use of Exigent Letters A. Origins of Exigent Letters In the FBI's New York Field Division As described in our first NSL report, the FBI initiated a criminal investigation, referred to as PENTIBOM, immediately after the September II, 200 I, terrorist attacks. As a part of that investigation, the FBI arranged to have a Company A fraud detection analyst located on-site at the FBI's New York Field Division to assist in providing and analyzing telephone records associated with the September 11 hijackers and their associates. 12 18 U.S.C. § 2702(c)(4) (Supp. 2002). In March 2006. the provision was amended by the USA PATRIOT Improvement and Reauthorization Act 0[2005 (Patriot Reauthorization Act) to allow voluntary disclosure "if the provider. in good faith. believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of information relating to the emergency. ~ USA PATRIOT Improvement and Reauthorization Act 0[2005. Pub. L. No. 109-177, § 119(a). 120 Stat. 192 (2006). 13 OIG. NSL 1.96-97. 11 1. The FBI's New York Field Division Contract with Company A The analysis of telephone records associated with the September 11 hijackers and their associates became the primary responsibility of a newly created squad in the FBI's New York Field Division known as Domestic Terrorism 6, or DT-6. DT-6 developed close working relationships with several communications service providers due to the heavy volume of FBI requests for telephone records. In early 2002, the New York Field Division, with the approval of FBI Headquarters, entered into a contract with Company A that provided for a Company A fraud detection analyst to be co-located with DT-6 to respond to the FBI's increased need for telephone records. To provide this support, the Company A analyst accessed Company A's telephone records databases from a computer work station installed for his use at the New York Field Division. The Company A analyst was able to respond immediately to FBI telephone records requests and also was available to respond to requests after normal business hours. According to an FBI Supervisory Special Agent (SSA) who worked in the New York Field Division, this arrangement proved to be highly beneficial to the FBI's ability to investigate terrorist threats and was soon used to support a wide variety of FBI counterterrorism investigations. 2. The New York Field Division's First Use of Exigent Letters At first, the FBI obtained records from the on-site Company A analyst solely through grand jury subpoenas issued in the PENTTBOM investigation. 14 An SSA assigned to the DT-6 squad said this process was also facilitated by the co-location of several Assistant United States Attorneys (AUSA) at the FBI's New York Field Division's offices. As a result, FBI agents were able to quickly obtain grand jury subpoenas from the co-located AUSAs to serve on the Company A analyst prior to obtaining responsive records. Eventually, the AUSAs left the New York Field Division's office s and over time Com an A 14 Since the PENTTBOM investigation was a criminal investigation, grand jury subpoenas were appropriate legal process by which to obtain non-content records from a communications service provider. 12