Skip navigation

Review of the Fbi Use of Exigent Letters and Other Requests for Phone Records 2010 Partc

Download original document:
Brief thumbnail
This text is machine-read, and may contain errors. Check the original document to verify accuracy.
unaware of exigent letters until he read press accounts in 2007 about the
OIG's first NSL report. Similarly, Willie Hulon, who served as Assistant
Director of the CTD from December 2004 to June 2006, and as Executive
Assistant Director for the FBI's National Security Branch from June 2006 to
January 2008, told us that he did not know about exigent letters. Hulon
said he "assumed that we were using the NSL legal process." Joseph Billy,
Jr., who served as one of the CTD's Deputy Assistant Directors from April
2005 to October 2006, as its acting Assistant Director from June 2005 to
October 2006, and as its Assistant Director from October 2006 until his
retirement from the FBI in March 2008, also told us that he did not know
about the CAU's use of exigent letters until the OIG's first NSL investigation
discovered the practice in 2006.

D.

The FBI's Senior Lesdership

The FBI's senior leadership also told us they were unaware of the
CAU's use of exigent letters until the OIG's first NSL investigation.
We determined that in July 2006, shortly after OIG investigators
conducted the first interviews in our first NSL review, FBI General Counsel
Valerie Caproni was informed by the Assistant General Counsel that in
emergency circumstances the CAU was using letters that promised future
legal process to obtain records from the on-site providers. The Assistant
General Counsel also advised Caproni that there had been problems with
identifying preliminary investigations to which after-the-fact NSLs could be
tied, but that NSLs were being issued within 2 or 3 days. However, Caproni
told us that she did not actually see an exigent letter until December 2006
when the OIG showed her some sample exigent letters during an interview
in connection with our first NSL report.
FBI Deputy Director John Pistole served as Deputy Assistant Director
and then Assistant Director of the CTD from May 2002 to October 2004,
and as Executive Assistant Director of the National Security Branch from
December 2003 to October 2004. Pistole told us that he did not know
specifically about the use of exigent letters. He said he understood that if
something was "hot, you could get the information right away and then
follow up with paper," which was the "normal course of business" in
counterterrorism investigations.
FBI Director Mueller told us that he was unaware of the CAU's use of
exigent letters until at or about the time the FBI received the draft of the
OIG's first NSL report, which was in late 2006. Mueller stated that, until
then, he was unaware that the CAU was receiving telephone records without
the appropriate legal process.

40

E.

Employees of On-site Communications Service
Providers

We also interviewed employees of the communications service
providers who were assigned to the FBI about the use of exigent letters.
The first Company A analyst who arrived at the CAU in April 2003
told us that he was acquainted with the use of exigent letters from his
previous experience as an on-site analyst at the FBI's New York Field
Division, where, as noted above. exigent letters had been in use since 2002.
Rogers and other CAU personnel who signed exigent letters said that this
Company A analyst told them that exigent letters were a method for
requesting telephone records from Company A. This analyst defined exigent
circumstances as "needing of the records immediately." The Company A
analyst confirmed that he often informally briefed CAU and other FBI
personnel on the use of exigent letters, and said he told them that they
could use an exigent letter when "they needed the records quicker."
The on-site Company C employee, who arrived at the CAU in April
2004, told us that neither his company supervisors nor FBI officials
described exigent letters to him before he began working at the CAU. He
said that he was first presented with an exigent letter soon after his arrival
at the CAU and that he accepted the legitimacy of the letter based on the
"credibility" of both the SSA who signed the exigent letter and "the whole
unit. "47 The Company C employee, who did not have prior experience in
subpoena or NSL compliance, told us that he accepted exigent letters at
"face value" as indicating that the FBI needed the data as soon as possible
and would subsequently provide legal process. The Company C employee
stated that he honored exigent letters without consulting his Company C
supervisors.
The on-site Company B employee arrived at the CAU in early
September 2004. This employee had extensive prior experience with
subpoena compliance. He said he had not been told prior to his arrival
about the CAU's use of exigent letters, and that on the second day of his
assignment, September 8, 2004, a CAU intelligence analyst presented him
with an exigent letter. The Company B employee said he initially declined to
honor the exigent letter, telling the CAU analyst that she would need to
provide an NSL before Company B would process the request. The
Company B employee stated that the analyst was 'stunned" by his refusal

47 The fIrst exigent letter we found that was issued to the on-site Company C
employee was dated April 14, 2004.

41

and took the matter to a CAU SSA. The Company B employee said the CAU
SSA then explained to him the concept of exigent letters and told him the
NSL was "not written or not going to be written right now or today." The
Company B employee told us that he conferred with his Company B
supervisor. who told him to honor the requests but to be sure to get the
after-the-fact legal process. Thereafter. the Company B employee regularly
accepted exigent letters and provided responsive records to the CAU. The
Company B employee told us that "the majority of the time" he "did not
know what the [exigent] circumstance was." He said he "pretty much
assumed ... that it was an exigent circumstance" because he was
supporting counterterrorism investigations in the CAD.
We determined that the providers' on-site employees often received
exigent letters from CAU personnel - and responded to them - without
receiving any information about the FBI investigations for which the records
were needed. The providers' employees told us that they accepted exigent
letters without question and assumed that the circumstances were exigent.
For example, the Company C employee told us, "most of the time I know
nothing about the case personally" and that he sometimes relied on CAU
personnel saying the matter was "hot." The Company B employee said that
he only received case details related to exigent letter requests less than 25
percent of the time, but he reasoned each time that, "it is an emergency
situation and they need my assistance. I am taking their word." A
Company A analyst told us that the CAU requesters "did not always tell me
the circumstances of why they needed the records" and said he accepted the
FBI's representation in the exigent letters, observing, "personally, it wasn't
my place to police the police."
The Company B employee told us that although he "assumed" CAU's
requests were emergencies, he had concerns about whether the exigent
letter requests were truly emergencies, and these concerns led in part to
Company B's decision to change its procedures. Beginning on October 10,
2006, the on-site Company B employee placed a stamp on the exigent
letters for which he provided responsive records. The stamped text stated,
"An emergency involving danger of death or serious physical injury to a
person requires disclosure without delay of infonnation relating to the
emergency."'. The Company B employee told us that he added the stamped
text to the exigent letters at the direction of Company B's legal counsel and
he also required FBI requesters to certify by initialing and dating the
stamped declaration that the circumstances of the request comported with

48 The stamp appeared on the fmal 13 exigent letters served on the on-site
Company B employee between October 10, 2006, and November 6, 2006.

42

the legal standard for an emergency voluntary disclosure pursuant to 18
U.S.C. § 2702(c)(4).49 The Company B employee stated that he did not
provide responsive records unless requesters signed or initialed this
certification.
The Company B employee told us that he also followed his
supervisor's instruction to be sure to get after-the-fact legal process, and he:
(1) created a spreadsheet to track the outstanding legal process; (2)
reminded CAU personnel and sometimes requesters in the field via either
face-to-face conversations, telephone calls, or e-mails that he was still
awaiting process; (3) brought the issue of exigent letters to the attention of
CAU Unit Chief Glenn Rogers and later Unit Chief Bassem Youssef; and (4)
provided a list of telephone numbers still awaiting process to a CAU SSA so
that the numbers could be incorporated into the Company B May 12, 2006,
"blanket NSL" described in Chapter Four.

F.

Types of Cases in which Exigent Letters were Used

CAU agents, analysts, and Unit Chiefs told us that they used exigent
letters and other informal requests to the on-site communications service
providers to quickly obtain telephone records and analyze them in
connection with many urgent, high priority counterterrorism investigations.
They said that many of the re uests that came to the CAU involved
telephone numbers from

49

18 U.S.C. § 2702(c)(4) provides:

Voluntary disclosure of customer communications or records.

* * *
(c) Exceptions for disclosure of customer records. - A provider described in
subsection (a) may divulge a record or other information pertaining to a
subscriber to or customer of such service (not including the contents of
communications covered by subsection (a)(l) or (a)(2)) ....

* * *
(4) to a governmental entity, if the provider, in good faith, believes that an
emergency involving danger of death or serious physical injury to any person
requires disclosure without delay of information relating to the
emergency; ....
An earlier version of this provision that was in effect between 2003 and
March 8,2006 - the period when most of the exigent letters were issuedauthorized a provider to voluntarily release toll records information to a
governmental entity if the provider "reasonably believes that an emergency involving
immediate danger of death or serious physical injury to any person justifies
disclosure of the information."

43

According to FBI officials, on some occasions the CAU sought
telephone records in connection with international terrorism investigations
involving terrorist plots that were believed to pose an imminent threat to the
United States or its citizens abroad. For example, in a ~ case that
received widespread media attention, the FBI investi ated a terrorist lot
to detonate ex losives
CAU personnel
sought calling records for thousands of telephone numbers in support of
this investigation, which we refer to as Operation Y in this report. CAU
personnel also said they used exigent letters to obtain calling information to
help the FBI address numerous bomb threats. FBI officials said that in
these and other cases the CAU enabled the FBI to quickly address serious
threats through its ready access to the on-site communications service
providers.
The CAU also used the on-site communications service providers to
obtain telephone records in support of criminal investigations, such as
organized crime and kidnapping cases. For example, the CAU issued
exi ent letters in the kidna in investi ations r e g a r d i n g _
who disa peared in 2005 _
and
, a U.S. citizen from
who was kidnapped in Iraq
However, as described in Chapters Four and Six, FBI officials told us
that the investigations for which exigent letters were used, although urgent
and important, did not necessarily involve imminent threats or lifethreatening circumstances. For example, we discuss in Chapter Four a
high-profile FBI operation we call "Operation Z' for which CAU personnel
used exigent letters and other informal requests to request records for
hundreds of telephone numbers associated with a dead terrorist. According
to the FBI supervisors responsible for the operation, the circumstances in
which the records were obtained for exploitation were not exigent. In
addition, we found that exigent letters were issued in cases such as media
leak investigations, fugitive investigations, and other investigations that did
not include exigent or life-threatening circumstances.

44

IV.

Other Informal Methods for Requesting Records without Prior
Service of Legal Process

In addition to the use of exigent letters, we detennined that CAD
personnel regularly requested and received from the three on-site
communications service providers toll records and other information related
to
telephone numbers without issuing any legal
process or even providing exigent letters. We could not determine the full
scope of this practice since the CAD had no systematic tracking system to
document the requests, and the telephone providers did not consistently
document these requests. However, based on our interviews of CAD
personnel and the providers' employees, as well as our review of documents,
we concluded that CAD personnel requested _
for records of more
than 3,500 telephone numbers without prior service of legal process or even
exigent letters.
A.

E-mail, Face-to-Face or Telephone Requests, and Informal
Notes

In most of the instances described in this section, CAU personnel
conveyed their record requests to the on-site providers by FBI e-mail.
However. employees of the ~ers also told us that CAU personnel
sometimes conveyed their _
requests by giving target telephone
numbers to the providers' employees verbally during telephone calls or visits
to the providers' CAU work stations. or on pieces of paper, such as post-it
notes. CAU ersonnel also sometimes sent re uests to the roviders'

A CAU Intelligence Analyst told us that one of the Company A
analysts routinely provided toll records to him without first receiving legal
process or an exigent letter. The CAU Intelligence Analyst stated that this
was the process he used "close to 100 percent of the time." The Intelligence
Analyst said he would usually fax an exigent letter to the Company A
analyst several days after he received responsive records pursuant to his
informal requests. We also found several FBI documents indicating that
on-site Company A employees _
and in many cases provided
telephone toll billing records to the FBI without any prior legal process or
even exigent letters.
Exigent letters were never provided to Company A for many of these
requests, either before or after the fact. Indeed, as we describe in Chapter

45

Four of this report, the FBI was able to locate exigent letters for only 235 of
the 700 telephone numbers listed on one of the so-called "blanket" NSLs
issued by the FBI to cover or validate records previously obtained by the
FB!.sO
We did not have similar data for Comp~y C, but
employees of both carriers told us they also _
and
provided telephone records to the FBI in response to e-mails and verbal
requests and without legal process or exigent letters. The Company B and
Company C employees stated that they believed such _
usually
related to major FBI counterterrorism investigations.
We also determined that in connection with at least three major FBI
counterterrorism investigations in 2005 and 2006, CAU personnel requested
telephone records for hundreds of telephone numbers from the three on-site
communications service providers. While we identified some exigent letters
associated with these operations, the majority of the requests in these
operations were initiated without legal process or exigent letters. In a
majority of these instances, even when records were turned over to the FBI,
exigent letters were not subsequently provided to cover the requests and
records provided for these major operations. Moreover, in most instances
the FBI issued legal process to cover these requests well after the records
had been provided to the FBI, from 20 days later to 6 months later.
The on-site Company C employee also told us that apart from major
FBI operations, he occasionally provided records to CAU personnel prior to
receiving legal process or an exigent letter. We also reviewed an e-mail
message the Company C employee sent in January 2006 to Unit Chief
Youssef and a CAU Intelligence Analyst in which the Company C employee
stated that he would give priority to requests which did not have
accompanying legal process or an exigent letter if the CAU provided him a
reason to do so. In response to this e-mail, the CAU Intelligence Analyst
stated that "[w]e are working with hundreds of numbers and it's not
practical to give the [exigent letter] for every number that comes in."
We also reviewed the on-site Company C employee's log and identified
numerous instances apart from major FBI operations where telephone
records were provided to the CAU without legal process or exigent letters. 51

50 This was the Company A September 21, 2006, blanket NSL, described in Chapter

Four.
51 The Company C on-site employee kept a contemporaneo~ requests made
by CAU personnel. He said he used the log to record requests for _ _, including
requests pursuant to legal process, exigent letters, sneak peek requests, and, in some
(Cont'd.)

46

In some instances the FBI issued exigent letters after receiving the records.
In other instances, exigent letters were never provided or the FBI did not
issue any after-the-fact legal process for up to 20 months.
The on-site Company B employee told us that he gave telephone
records to the FBI without legal process or exigent letters more often in
connection with major FBI operations than in other matters. However, we
reviewed e-mails from September 2005 to November 2005 indicating that on
at least three occasions the Company B employee provided records to CAU
personnel prior to receiving legal process or exigent letters. and none of
these three instances related to major operations.
B.

"Sneak Peeks" or "Quick Peeks"

Many CAU SSAs and Intelligence Analysts we interviewed, and
employees of the three on-site communications service providers, also told
us about a practice that became known in the CAU as "sneak peeks" or
"quick p e ~ tof CAU personnel, the providers' employees
routinely _
of their databases to determine whether they
had any responsive records, without receiving legal process or exigent
letters. The providers' employees would then describe for the CAU
personnel the information contained in the databases without providing the
records to CAU personnel. We reviewed documents showing that employees
of all of the on-site providers communicated this type of information to CAU
personnel either verbally, bye-mail, or telephonically. At times. the
providers' employees even invited CAU personnel to view records on their
computer screens. If the providers' databases contained requested records,
CAU personnel would then decide whether to issue exigent letters or obtain
legal process from the field division or Headquarters' operating unit in order
to obtain the actual records.
Glenn Rogers, the CAU's first permanent Unit Chief, acknowledged to
us that he knew about this practice of sneak peeks. He stated that he
believed the practice was first used in the FBI's New York Field Division
before it was used by CAU personnel. He said he did not see any legal
problem with the practice and stated it was his understanding that there
was no expectation of privacy in telephone records because the "numbers
belong to the phone companies." He said he therefore did not think there
was anything wrong with requesting sneak peeks, and he did not believe

instances, post-it notes or a "'sticky." Neither Company A nor Company B maintained
Company A and Company B are able to retrieve records of the
_ _ _ _ by their on-site employees.

~ e r .both

47

that NSLs or other legal processes were required prior to such sneak peeks.
Bassem Youssef, who succeeded Rogers as the CAU Unit Chief, told us that
he had no "first-hand knowledge" of the sneak peek practice in the CAU
during his tenure. However, Youssef stated that the concept, as he came to
learn in 2007, was to indicate only whether the on-site providers had
responsive records on a telephone number. 52
We also reviewed the Company C employee's log and identified many
entries of database _
for which the employee noted that there was
"no paper." The log identified CAU re~uch as "any calls between
these numbers in past month," "any _
calls during Dec 22-25, 2005
[for three domestic telephone numbers]," and "any [telephone calling]
activity [for three domestic telephone numbers]." The Company C employee
told us that "sometimes there was nothing said" by FBI personnel about the
reasons for sneak peek requests. The requesters sometimes just said, "here
is a sticky with numbers" and they would specify a date range.
E-mail records we examined from employees of the three on-site
communications service providers also showed that in response to sneak
peek requests, they confirmed whether the provider had records on an
identified telephone number. These e-mails also showed that the providers'
employees sometimes responded to these requests with additional
information about the calling activity by the identified telephone numbers.
For example, e-mail messages from the providers to CAU personnel often
included whether the telephone number belonged to a particular subscriber
or a synopsis of the call records, such as the number of calls to and from a
~lephone number within certain date parameters, the area codes.
_
called, and call duration. 53
The on-site Company C employee told us that he responded to
requests for sneak peeks "fairly frequently," estimating that he responded to
such requests approximately 300 times (which represented nearly one-half
of all the requests he received from CAU personnel from April 2004 until
June 2007). The on-site Company B employee stated that sneak peeks

52 We asked Youssef about an August 8, 2006, entry in the Company C employee's
log which listed Youssef as the CAU requester for a sneak peek involving four telephone
numbers. Youssef told us that he had no recollection of making such a request to the
Company C employee.

53 As described in Chapter Three of this report, sneak peeks were u s ~ FBI
in connection with a media leak matter in which the three on-site providers _ _ their
databases for calling activity of a reporter.

48

"could have been 1,2, or 3 times a week." An on-site Company A analyst
told us that sneak peeks occurred daily.
We also reviewed e-mails from CA~onnel to employees of the
their databases for specific
three on-site providers with requests to _
calling activity. For example. in September 2005 an on-site Company A
analyst received an e-mail request from a CAU Intelligence Analyst that
listed four domestic telephone numbers and asked:
Could you take a look at these numbers. below, and let me
know if you have any calls to _
or Oregon in the past six
months? If so, [FBI case agent] has indicated he will be able to
provide us with a subpoena.
Similarly, in a March 2006 e-mail exchange between a CAU
Intelligence Analyst and the on-site Company B employee with the subject
line "quick peek," the Intelligence Analys~d a "quick peek to see if
[Company B has] any data" for a specific _
cellular phone number.
The Com~y B employee responded to the request, "I ran the number for
the past _
days and picked up some calls. Stop by my desk if you'd like
to see the calls."
We also reviewed a series of e-mails between CAU personnel and a
Company A analyst related to a major counterterrorism investigation that
was underway in _
2006. In one of the e-mails, Unit Chief Youssef
provided a list of four telephone numbers that were determined by a prior
Company A _
to be in contact with a particular telephone number that
had been a target number in an NSL. In response, the Company A analyst
wrote to Youssef, a CAU Intelligence Analyst, and a CAU SSA that, based on
Youssefs request, Company A took a "quick peek" at the calling activity of
the four telephone numbers identified in the earlier e-mail. The Company A
analyst wrote, "very interesting calling patterns and we strongly suggest that
these numbers are added to the NSL for exploitation."
The evidence indicates that the FBI OGC first learned about sneak
peeks in February 2007 when a CAU SSA, at Youssefs direction, sent an
e-mail to FBI General Counsel Valerie Caproni, NSLB Deputy General
Counsel Julie Thomas, and the Assistant General Counsel in which the SSA
addressed various statistics related to the CAU's use of exigent letters such
as the total number of exigent letters issued by the CAU, the total number
of telephone numbers included in the exigent letters. the number of
telephone numbers for which records had been obtained from the providers
without legal process or an exigent letter, and the number of telephone
numbers for which legal process was required. In this e-mail, the CAU SSA,
for no apparent reason, referred to the sneak peek practice. He described
the practice as "a process wherein the telecom provider would glance at the

49

network to check if it was meritorious to draft a subpoena and/ or NSL to
officially request the records!' The e-mail stated that if there were no
records, an NSL would not be drafted.
Caproni told us that she did not recall the SSA's e-mail. When we
asked her if she was aware that the FBI at times received more infonnation
than just whether the provider had records on a particular number, she
said she was not.
As discussed in the analysis section at the end of this chapter, we
concluded that the FBI's use of these sneak peeks in many cases violated
the ECPA.

v.

Records Obtained in Response to Exigent Letters and Other
Informal Requests

In this section, we describe the types of records obtained by the FBI
from the on-site communications service providers in response to exigent
letters and other infonnal requests. We also discuss how these records were
analyzed and uploaded into FBI databases. In addition, we describe
"communi of interest" or "calling circle" _
(often called a
communi of interest" , throu h which Com an A

A.

Types of Records Collected by the Providers

Each of the three on-site communications service providers had
different capabilities to respond to the CAU's requests for telephone
records.

The amount of information available to the FBI under its contract with
Company A was substantial. PowerPoint slides prepared by Company A
explaining its resources, which were incorporated into a CAU presentation

50

for other FBI divisions and units, stated that Com an A

•

domestic

•

local and long distance calls;

•
•
•

•

-

cellular calls,

•
•

•
Of the three providers, Company A had the greatest volume of records
available to the FBI. The key features of Compan A's on-site su ort were
the availabili of
of tele hone records,
These features were not
available to FBI field agents or Headquarters personnel who served NSLs on
Company A through its more formal procedures.

, the Com an B on-site employee could only provide
calling records
These were the same types of telephone
records that FBI agents outside of the CAU obtained from Company B's

51

subpoena compliance office. The records available to Company B's on-site
employee dated back
4 Nevertheless, like the advantage offered
by the Company A and Company C on-site employees, the advantage offered
by the on-site Company B employee was the speed with which requests to
Company B were processed and records provided to the CAU.
Employees of the three on-site communications service providers told
us that they believed that they could release any information in their
databases to the FBI without regard to whether the request was
documented in exigent letters, NSLs, or grand jury subpoenas.

B.

How Records were Uploaded and Analyzed by the FBI

CAU personnel told us that the three on-site communications service
providers delivered telephone records to the CAU in an electronic format
that was compatible with FBI databases and a
database used by the FBI primarily for analysis of telephone toll
billing records. The records provided in electronic format could be directly
uploaded without being re-formatted. The on-site communications service
providers' employees told us that during normal business hours they
usually hand-delivered to CAU employees the requested electronic records
on a compact disk (CD). In many instances the on-site providers' employees
would also contemporaneously forward an electronic copy of the records to
the CAU requesters as e-mail attachments.
We found that in
sometimes forwarded tele
Some of these records sent to CAU requesters
were associated with high-value terrorists. 55

54 Although the FBI's requirements for the Company B contract stated that
Company B "would deliver at least _
of historical records," the on-site C ~ B
employee told us that in some instances he was able to obtain records for up to _
55 The OIG informed the FBI Inspection Division about this practice and raised
concerns about ssible breaches of FBI internal olides, as well as security concerns
raised by the
The Inspection Division
informed us that the telephone
did not contain any classified
information and that the CTD did not consider the matter to be a security issue. We
disagree, and believe that
does raise security
concerns.

52

We also determined that the tele hone records received b the CAU
were routinely uploaded into the
database
without being compared to the FBI's original request. The CAU employee in
charge of the CAU team that uploaded the records told us that there was no
mechanism in place to verify that the records were for the target telephone
numbers and within the date ranges specified in the original request. He
also stated that his team did not receive a copy of the FBI's original request.
The team therefore was not in position to check whether any information
had been mistakenly supplied to the FBI or had been mistakenly requested
due to FBI errors. Several CAU SSAs and Intelligence Analysts told us that
they sometimes informally checked the records to see whether the records
matched the requests, but none of these individuals said there was any
formal protocol requiring such a review. 56
Mter the CAU team uploaded the records to the
database, a CAU employee would deliver the CD to the CAU
requester, who was responsible for forwarding the CD to the FBI field or
Headquarters' operating unit that had initiated the request. The CD
containing records was considered by the CAU to be the "original"
evidence.

The results of the CAU's analysis are used to create documents called
"trace reports" or " . reports" that were normally forwarded to requesters
as attachments to an EC. However, field office requesters sometimes
preferred to conduct their own analysis and would specify that the CAU not
perform any analytical work. In these instances, the CAU sent requesters ~
56 In response to our first NSL report, the FBI aGC directed that FBI case agents
ensure that, in the future, the records obtained in response to NSLs match the NSL
requests. The CAU's policy now requires CAU requesters to certify to the database manager
bye-mail that responsive records have been verified as accurately encompassing both the
target telephone numbers and date ranges specified in the NSLs.

53

summary report from the database of all the data related to a particular
telephone number.

C.

Community of Interest/Calling Circle _

In addition, we found that the FBI often asked Company A's on-site
emplo:y:ees _
what were termed "community of interestn or "calling
circ1e n ~se requests were conveyed to Company A in NSLs,
grand jury sub oenas, exi ent letters, and e-mails. We determined that as
part of its
contract with the FBI, on-site
Com an A anal sts used Company A's community of interest
on records that were not identified in FBI
requests. However, the FBI did not maintain documentation of how often
these community of interest requests were made, and we could not
determine how often the FBI acquired records in response to these

-

1.

Community of I n t e r e s t _

54

DIAGRAM 2.1

Calling Circle or "Community of Interest" _

55

2.

Community of Interest

for the

FBI

We found that F ~ t s for records often included requests for
community of interest _
We identified 52 exigent letters (of the 514
signed by CAD personnel) served on the on-s~anyA analysts that
included requests for community of interest _ 5 7 We also identified
more than 250 NSLs and over 350 grand jury subpoenas served on the 3
on-site providers that requested community of interest _
Prior to mid-May 2006, the FBI issued to the 3 on-site providers 107
NSLs that included in the body of the letters com.munity of interest
requests. After May 2006, the community of interest requests appeared in
"boilerplate" attachments appended to over 150 NSLs. The standard
attachment listed 18 types of records, including a "'calling circle' ... based

57 Even though Company B and Company C did not
community of interest
_ , we identified ~ t letters to Company B and 20 exigent letters to Company
C that requested such _ _

56

on a
community of interest" that the attachment stated "may
be considered by you to be toll billing records pursuant to § 2709." The FBI
'Assistant General Counsel had drafted this attachment for the CAU. It was
retained on the CAU's share drive and accessible by all CAU personnel and
the on-site providers. 58
We determined that community of interest _
generally were
after the Company A analyst confirmed with CAU personnel that
was needed. In addition, in some instances, prior to
such
,CAU ersonnel asked that the communi

9 Thus, it appears that community of interest
requests often were included as boilerplate language in NSLs served on the
on-site Comp~alysts,although Company A did not necessarily
_
such _
in each instance.

We found evidence that some FBI officials who signed NSLs that
contained community of interest _
requests were not even aware that
they were making such requests. For example, NSLB Deputy General
Counsel Julie Thomas, who signed at least four NSLs dated from February
2005 to ~ 0 0 5 requesting in the body of the letters community of
interest _ , told us that she was not aware of Company A's
community of interest capability until June 2006, when Company A
representatives briefed her and other FBI aGC attorneys on Company A's
capabilities under its contract with the FBI. Thomas said that if she had
signed NSLs prior to June 2006 containing a community of interest _
request, the request would "probably not" have meant anything to her

58 This NSL attachment was similar to a model standard NSL attachment the FBI's
National Security Law Branch (NSLB) in FBI aGe had previously circulated to FBI
personnel and posted on its Intranet website. The previous standard NSL attachment listed
all of the records identified in the post-May 2006 attachment except calling circle records.

59

addition

We reviewed exigent letters and NSLs that contained the following text: "In
lease rovide a 'callin circle' for the fore oin tele hone number s

57

because she had not yet had the briefing from Company Aft0 The approval
ECs we obtained that ~ NSLs did not mention community
of interest _
or _
records.
Similarly, two NSLs signed by then Acting CTD Deputy Assistant
Director Arthur Cummings III in October 2006 and an NSL signed by then
CTD Assistant Directo~h Billy, Jr., in January 2006 contained
community of interest _
requests, although the corresponding approval
ECs did not address that community of interest _
were to be
_
or the predication for these _
requests under the ECPA.61
Thomas told us that there "appears to be the strong potential" that other
FBI personnel made community of interest _
requests without
"understanding what it means'" and that "the appropriate relevance inquiry
is not being done. It
We requested the approval ECs for 28 NSLs issued between July 28,
2004, and May 2, 2006, to the 3 on-site providers that included requests for
community of interest records in the body of the NSLs. The FBI located
approval ECs for only 21 of these NSLs. Of these 21 approval ECs, only 4
stated that community of interest records were being requested and only 2
described the relevance of
records to the
investigation.
We also requested the approval ECs for 25 NSLs issued between
May 22,2006, and December 21,2006, to the 3 on-site providers that
included standard attachments requesting community of interest records.
The FBI located approval ECs for only 17 of these NSLs. Of these 17
approval ECs, none stated that c o m m u ~ r d swere being
requested or described the relevance o f _ records to the
investigation. This indicates that officials who signed NSLs containing
community of interest requests in the letters or attachments often were
unaware that they were making such requests.
Senior CTD officials we interviewed ~did not know how often
community of interest _
had been _
by Company A.
Although most CAU SSAs and Intelligence Analysts sald they knew about

60 In contrast, Thomas said she perfonned a relevancy analysis when she signed
NSLs that included community of interest _
requests in late 2006 in connection with a
major FBI counterterrorism operation.

61 Cummings told us that he did not understand the concept of Company A's
until after release of the OIG's fIrst NSL ~
community of interest _
2007. Billy said that he knew about Company A's community of interest . . . . . . . . .
by 2004 or 2005.

58

Company A's ability to
community of interest _ , none told
us that they had ever personally requested community of interest
from the on-site Company A employees.
The CAU Intelligence Anal st res onsible for the team that uploaded
toll billing records into the
database told
us that when the responsive data was delivered to his team for u loadin ,
the team could not distin ish
numbers provided by
Company A in response to community of interest requests. He said he
would only be able to identify the records derived from the community of
interest requests by analyzing the information accompanying the original
request and other background information. This CAU Intelligence Analyst
told us that no one in the FBI had ever asked him to segregate records
obtained in response to community of interest
requests or asked any
questions about the practice.
Based on our review, we believe that in most instances when CAU
personnel asked the on-site Company A analysts to _
community of
interest
, Com an A initially provided toll billing records for only
the target numbers
records). We found some e-mails
showing that the CAU or other FBI requesters reviewed these records and
identified
telephone numbers for which they requested
records. However, in responding to these requests for
records, the on-site Company A analys~
and the FBI did not provide separate legal process for the _
records. 62 For example, we found e-mails showing that Compan A anal sts
inter reted communi of interest requests as authority to run
telephone numbers without requiring
legal
process. 63 Similarly, a CAU Intelligence Analyst told us that community of
interest requests "could be used to obtain the
[toll records}
without a new NSL or grand jury subpoena."

63 In a September 2006 e-mail to CAU personnel, an on-site Company A analyst
wrote that "the fcommunity ofinteres~ein the [attachment] will allow fCompany A]
to provide call detail records without _ _ authority."

59

Thus, while the NSLs containing the community of interest
request language were signed by FBI officials who were dele ated the
authority to s ~ , the actual decisions about which
records were _
were made by CAU Intelligence Analysts, Supervisory
Special Agents, and Special Agents who were not among those to whom the
FBI Director delegated authority to sign NSLs.64 As a result, in cases where
the NSL signer was unaware that the NSL or attachment contained a
communi of interest request, the decisions to
the
records were made without the appro~riate official having made
the determination required by the ECPA that the
telephone numbers were relevant to authorized national security
investigations.
As we describe in the analysis at the end of t h i ~ I
was able to establish before issuing the NSL that the _
telephone numbers were relevant to an authorized national security
investigation, we believe a separate NSL for the
telephone
numbers was not required before requesting or obtaining records on the
tele hone numbers. However, if the FBI did not establish
the relevance of the
telephone numbers rior to the
initial
, reliance on the original NSL to obtain
telephone records violated the ECPA, the Attorney General's NSI Guidelines,
and FBI policy.
NSLB attorneys told us that prior to the FBI's implementation of an
automated system to facilitate the issuance of NSLs and collection of data
on NSL usage for required r e ~the FBI had not determined
whether it had acquired any _
records on U.S. persons that
65
should have been reported to Congress. The FBI's automated NSL system

64 Prior to the Patriot Act, approximately 10 FBI Headquarters officials were
authorized to sign national security letters, including the FBI Director, Deputy Director,
and the Assistant Directors and Deputy Assistant Directors of the Counterterrorism and
Counterintelligence Divisions. However, the Patriot Act also authorized the heads of the
FBI's 56 field offices (Assistant Directors in Charge or Special Agents in Charge) to issue
NSLs. Since enactment of the Patriot Act, approval to sign NSLs has been delegated to the
Deputy Director, Executive Assistant Director (EAD), and Assistant EAD for the National
Security Branch; Assistant Directors and all Deputy Assistant Directors for the
Counterterrorism, Counterintelligence, and Cyber Divisions; all Special Agents in Charge of
the New York, Washington, D.C., and Los Angeles field offices, which are headed by
Assistant Directors in Charge; the General Counsel; and the Deputy General Counsel for
the National Security Law Branch in the Office of the General Counsel.
65 The FBI's new NSL "'subsystem" for creating NSLs is described in the OIG's
second NSL report. OIG, NSL 11,21.

60

implemented in January 2008 requires the user to enter the total number of
telephone numbers for which toll billing records are requested in each
NSL.66

3.

Com an A's Use of Community of Interest _

Based on information provided by the on-site Company A analysts
and other information from Company A, we found that Com an A's on-site
~ s e d the community of interest
_
services Company A provided to the FBI. On~ A analyst
estimated he may have used the community of interest _
for up to
25 percent of the _
he
Company A records show that
from 2004 to 2007, Company A analysts used its communi of interest
to review records in its database for 10,070
telephone numbers. We believe that most of these numbers were
by Company A analysts without community of interest requests from the
FBI but did not generate records that were provided to the FBI. A Company
A attorney told us, based on ~ d to him, that the majority
of the community of interest _
by the on-site Company A
analysts did not result in disclosure of any data to the FBI. However, we
found that Company A did not request and the FBI did not provide legal
process or exigent letters in connection with C o ~ s use of its
community of interest
as part of its _
support
services.

66 After reviewing a draft of this report, FBI officials t~ect
to add a feature to the automated system to capture data on - - . . .
numbers.

61

4.

FBI Guidance on Community of Interest _
Requests

Glenn Rogers, who was the CAU's first permanent Unit Chief
beginning in March 2003, told us that the NSLB had approved the use of
community of interest _ , although he said he could not recall the
name of the NSLB attorney who had approved their use. Bassem Youssef,
who succeeded Rogers as the CAU Unit Chief in November 2004, told us
that he was present at a June 2006 briefing by Company A representatives
for FBI OGC attorneys and DOJ personnel on Company A's capabilities,
which included a reference to the community of interest" Youssef said
that no one in the FBI OGC raised any questions about community of
interest _
at the time and that he never heard from FBI OGC
attorneys about the issue until it was raised during the OIG's first NSL
review.
We determined that in November 2004 and December 2004, the NSLB
Assistant General Counsel first exchanged e-mails with several CAU
e~ding the use of language such as "a 'calling circle' based on
a_
com.munity of interest" in the body of NSLs or the
accompanying attachments to NSLs.67 After reviewing the language used in
the CAU's community of interest requests, the Assistant General Counsel
expressed concern to a CAU SSA that the
information
may be "running a little far a field." The Assistant General Counsel
thereafter checked with then NSLB Senior Counsel for National Security
Affairs Marion Bowman about the CAU's practice of obtaining
telephone records using NSLs. Bowman replied that he
thought the FBI's acquisition of records on
numbers was
authorized if the records "related" to an investi ation, but stated that
records
Thereafter, bye-mail
dated March 7,2005, the Assistant General C o u n s ~
Youssef that NSLB could " m a k ~t h a t _
records are relevant, but that _
records would require
additional information supporting the position that the records were
relevant.

67 Although the fIrst e-mail exchanges we found on this topic were in November
2004, we found that community of interest _
requests were contained in exigent
letters, grand jury subpoenas, and NSLs as early as February 2003.

62

While no formal legal review of community of interest _
was
undertaken by the FBI, the Assistant General Counsel stated that, "we had
generally allowed the CAU to do it because, as we understood it, their cases
are often more serious and involve immediate threats." However, she said
she believed the community of interest feature was used by the CAU only in
urgent circumstances "where you don't have time to do an investigation
kind of piece by ~ a n tGeneral Counsel stated, "The only
reason you do a _
in the very beginning is because you
don't really have the time and you think the situation is serious enough that
you need to get that information right away." She explained that NSLB had
approved the community of interest attachment for NSLs served on the
on-site providers based on a relevancy analysis that took into account the
immediacy and seriousness of the underlying threats for which the CAU
~al support, rather than on a relev~sis of the
_
telephone numbers that w o u l d . _
FBI General Counsel Caproni and NSLB Deputy General Counsel
Thomas told us that while the FBI has not issued written guidance on
community of interest _
requests, the concluded based on their own
legal analysis that community of interest
records could satisfy the ECPA relevance standard. Caproni stated that the
ECPA relevance requirement does not necessarily mean that only
records are relevant t ~ Thomas also stated
that any relevance assessment of the _
telephone numbers
wou~ecific"and that, based on the nature of t h e . target,
the _
records could be relevant under the ECPA.
In March 2007, after the GIG raised questions about community of
interest _
requests in connection with our on oin exi ent letters
investi ation, the FBI directed its em 10 ees
April 2007, the Assistant General Counsel instructed all Chief Division
Counsel~ (CDC) in FBI field divisions to contact NSLB if they saw any
community of interest requests. 68

68 CDCs in all 56 FBI field divisions report to the Special Agents in Charge of the
field division and are responsible for reviewing all NSLs prepared for the signature of the
Special Agent in Charge. The Assistant General Counsel stated in her April 9, 2007, e-mail
to the CDCs that NSLB had "opined to CAD that in certain situations, they can ask for and
obtain from the embedded carriers information on a
of calls i.e.

She stated that sU'ch requests must be made in the NSL attachment (which lists
the type of information the provider "may consider to be 'toll billing records'," not the body
(Cont'd.)

63

B~g

in May 2007, several draft policies on community of
interest _
requests were circulated between the CTD and the FBI OGC.
The latest draft dated November 23, 2007, addressed circumstances in
which community of interest
would be authorized usin NSLs or
sub oenas. The draft olic stated that

On December 16,2008, the FBI issued the FBI's Domestic
Investigations and Operations Guide (DIOG), which provides specific
guidance for requesting community of interest records. The DIOG requires
that NSLs requesting community of interest records must be approve~
the NSLB Deputy General Counsel and served on the CAU, and that _
telephone numbers for which information is obtained must be
reported to the NSLB for congressional reporting purposes. 69
The DIOG further provides that "if an NSL is seeking _ _ _
records, the NSL [approval] EC must clearly statet.ha~
information is being sought and must demonstrate the relevance
of the
information to the national security
investigation."70 We agree with this requirement and cC?ncluded that in
order to satisfy the ECPA this relevance assessment must be made before
issuance of NSLs seeking
records.

VI.

OIG Analysis
A.

Requests for Telephone Records through Exigent Letters
and Other Informal Requests

To protect the confidentiality of telephone and e-mail subscriber
information and telephone toll billing records information, the ECPA states
that wire or electronic communications service providers "shall not

of the NSL, and that the attachment required legal sign-off on the relevancy of the
information sought to the investigation.
69 Federal Bureau of Investigation, Domestic Investigations and Operations Guide
(FBI mOG), §§ 11.9.3(E) & (E)(3).
70

FBI mOG, § 11.9.3(E)(3).

64

knowingly divulge a record or other information pertaining to a subscriber
or customer of such service ... to any government entity."71 The ECPA NSL
statute contains an exception to the confidentiality of such records by
requiring communications service providers to provide covered records to
the FBI if the FBI Director or his designee certifies in writing that the
records sought are
relevant to an authorized investigation to protect against
international terrorism or clandestine intelligence activities,
provided that such an investigation of a United States person is
not conducted solely upon the basis of activities protected by
the first amendment to the constitution of the United
States. 72
During the period covered by our review, the Attorney General's NSI
Guidelines authorized the use of NSLs only during investigations of
international terrorism or espionage, upon the signature of a Special Agent
in Charge or other designated senior FBI official. 73 In order to open such
investigations, the FBI must satisfy certain evidentiary thresholds, which
must be documented in FBI case files and approved by supervisors. 74 If
case agents want to issue NSLs, FBI policies require a 4-step approval
process. Case agents must secure the approval of their supervisors, the
Chief Division Counsel, an Assistant Special Agent in Charge, and the
Special Agent in Charge (or equivalent supervisors and attorneys at FBI
Headquarters), who signs the NSL.
We concluded in our first NSL report that the CAU's use of exigent
letters was a circumvention of the ECPA NSL statute. 75 We found that
neither the ECPA, the Attorney General's NSI Guidelines, nor FBI policy
authorize the FBI to obtain ECPA-protected records by serving this type of
informal letter prior to obtaining the records, with "legal process to follow."
In limited circumstances a separate provision of the ECPA authorizes the
FBI to obtain non-content telephone records from communications service

71

18 U.S.C. § 2702(a)(3).

72

18 U.S.C. §§ 2709(a) and 2709(c).

73 The Attorney General's NSI Guidelines were replaced by a new set of Attorney
General Guidelines, the Attorney General Guidelines for Domestic Operations, which
became effective on December 1,2008. The new guidelines do not alter the requirement for
NSLs issued in national security investigations.

74

OIG,NSLI,17-18.

75

OIG, NSL I, 95-98.

65

providers. During 2003 through March 8, 2006 - the period when most of
the exigent letters were issued - that provision authorized a provider to
voluntarily release toll records information to a governmental entity if the
provider "reasonably believe[d] that an emergency involving immediate
danger of death or serious physical injury to any person justifie[d]
disclosure of the information."76 However, we did not agree with the FBI's
after-the-fact rationale that the letters could be justified under this
provision for several reasons, including that the letters were sometimes
used in non-emergency circumstances and that senior CAU officials and FBI
attorneys told us they did not rely on the emergency voluntary disclosure
provision to authorize the exigent letters at the time. 77 We discuss the
potential application of the emergency voluntary disclosure provision to
exigent letters and other informal requests in greater detail in Chapter
Six.
In this review, we found that many FBI supervisors and employees
issued or approved these exigent letters even though the letters on their face
contained statements that were inaccurate, such as that a grand jury
subpoena had already been submitted to the U.S. Attorney's Office and
would be served as expeditiously as possible. Yet, when we asked these FBI
supervisors and employees why they issued such letters stating that
subpoenas were forthcoming, no one could satisfactorily explain their
actions. Instead, they gave a variety of unpersuasive excuses, contending
either that they thought someone else had reviewed or approved the letters,
or that they had inherited the practice and were not in a position to change
it. or that the communications service provider accepted the letters. But
with few exceptions, no one objected to the inaccurate statements in the
letter. Moreover, we found instances in which the signers of exigent letters
did not know whether there were exigent circumstances.
In Chapter Five of this report. we assess the accountability of
individual FBI supervisors and employees for these improper practices.
However, we believe it is important to note here the widespread failure to
object to letters that contained inaccurate statements on their face. For FBI
officials and employees to unquestioningly issue hundreds of these improper

76 18 U.S.C. § 2702(c)(4) (Supp. 2002). In March 2006, the provision was amended
by the PATRIOT Improvement and Reauthorization Act 0/2005 to allow voluntary disclosure
"if the provider, in good faith, believes that an emergency involving danger of death or
serious physical injury to any person requires disclosure without delay of information
relating to the emergency." USA PATRIOT Improvement and Reauthorization Act 0/2005,
Pub. L. No. 109-177, § 119(a), 120 SIal. 192 (2006).

77

OIG, NSL I, 96-97.

66