Review of the Fbi Use of Exigent Letters and Other Requests for Phone Records 2010 Partd
Download original document:
This text is machine-read, and may contain errors. Check the original document to verify accuracy.
and inaccurate letters over a 3-and-a-half-year period is both surprising and troubling. Moreover, not only did the FBI issue exigent letters to obtain records from the three on-site communications service providers, the FBI used even less formal means to request or obtain telephone toll billing records or other information. We found that the FBI obtained records or information from each of the on-site communications service providers in response to e-mail, face-to-face requests, requests on pieces of paper (including post-it notes), and telephonic requests without first providing legal process or even exigent letters. These informal requests were made in connection with major operations as well as other international terrorism, domestic terrorism, and criminal investigations. As described in Chapter Six, like exigent letters, these other types of informal requests did not constitute legal process under the ECPA and FBI policy. We noted in our first NSL report that FBI personnel were required by FBI policy to document information demonstrating the FBI's authority to use NSLs in national security investigations. The predication for an NSL request was supposed to be documented in NSL approval memoranda, known as approval ECs. These approval ECs, which were routinely uploaded into the FBI's Automated Case Support System, identified the underlying national security investigation, summarized the facts establishing the predication for the requests, and described the relevance of the information requested to the investigation. 78 The steps required to complete these approval ECs and the chain of command required to approve each NSL request were designed to ensure that the FBI satisfied statutory and Attorney General Guidelines' requirements for using NSLs. In contrast, when CAD personnel issued exigent letters or made other types of informal requests for records and information from the on-site providers, they did not document the authority for their requests or explain the investigative reasons why the records were needed. The exigent letter requests also were not subject to any supervisory or legal review. Specifically, exigent letters and other informal requests were not (I) accompanied by approval ECs documenting the predication for the requests, specit'ying the date range of the records requested, and certifying the relevance of the information sought to pending national security investigations; (2) reviewed and approved by FBI attorneys; (3) approved by FBI supervisors; or (4) signed by one of the limited number of senior FBI 78 DIG, NSL I, 23-25. 67 personnel authorized to sign NSLs,79 Similarly, the exigent letters did not meet the legal requirements in the Patriot Act and Patriot Reauthorization Act that senior FBI officials certify in writing the relevance of the records sought to authorized national security investigations and that any investigations of U.S. persons are not based solely on activities protected by the First Amendment. We illustrate in Diagram 2.2 (next page) the differences between the 4-step approval process required for issuing NSLs and the I-step process used by CAU personnel to issue exigent letters to obtain the same information: 79 Prior to June 1,2007, a legal review and approval by an FBI attorney was not required. However, guidance issued by the FBI OGC in November 2001 recommended such a review. Office of the General Counsel, Federal Bureau of Investigation, electronic communication to All Field Offices, Counterterrorism, and National Security, November 28, 2001. 68 DIAGRAM 2.2 Comparison of NSL Approval Process with Exigent Letters :Uploaded-into-ACS--: I NSL Approval Process 1 Case agent prepares NSL and approval EC showing: • • , :for congressional and: :public reporting on : :NSLs :I , , 2 Supervisor approves NSL and initials approval EC 3 CDC approves NSL and initials approval EC 4 ASAC approves NSL and initials approval EC an authorized national security investigation information sought is relevant to that investigation certification that any investigation of a u.S. person is not conducted solely on the basis of activities protected by the first amendment I '----------.--------_. • '5 SAC initials approval EC & signs NSL certifying: relevance of the requested records to the investigation that any investigation of a U.S. person is not conducted solely on the basis of activities protected by the first amendment Exigent Letter 1 CAU SSA / analyst prepares and signs exigent 2 Exigent Letter I- letter 69 -+ In fact, the procedure for preparing and issuing exigent letters was so lax that employees of the on-site providers told us that they frequently prepared the exigent letters themselves. Indeed, a Company A analyst told us that to facilitate his preparation of exigent letters he created an icon on his computer desktop so he could easily retrieve and generate the form letter. We believe this is an egregious breakdown in the responsibility assigned to the FBI to obtain ECPA-protected records, and it further illustrates the lack of appropriate controls by the FBI on this important and intrusive investigative tool. Another result of the abbreviated, unsupervised procedures for issuing exigent letters and other types of informal requests was that FBI requesters did not document whether there was an open national security investigation to which the request was relevant - a key certification required to issue an NSL for toll billing records or subscriber information under Section 2709 of the ECPA. Indeed, as the FBI's analysis of whether it will retain records acquired through exigent letters and other informal requests has shown (which we describe in Chapter Four of this report), the FBI has concluded that records for hundreds of telephone numbers must be purged from FBI databases because there was no open national security investigation at the time of the request and no open national security investigation to which the request could be tied when the retention issue was analyzed years later. Also troubling was that most of the exigent letters and other informal requests did not include date ranges for the records requested. Of the 722 exigent letters signed by CAU personnel from 2003 through 2006, only 77 (11 percent) specified a date range for the records requested. Similarly, the CAU's other informal requests to the on-site communications service providers (such as those communi.cated bye-mail, in person, on pieces of paper, or by telephone) frequently did not have date parameters. As further described in Chapter Four of this report, the absence of date restrictions in many exigent letters and other types of informal requests had significant consequences. First, it meant that the FBI often obtained substantially more telephone records, covering longer periods of time, than FBI agents typically obtain when serving NSLs with date restrictions. Second, in cases where the date range established the relevance of the information sought to the investigation, its omission violated the ECPA's relevance requirement. BO 80 The ECPA NSL statute requires a certification that "the infonnation sought is relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities ...." See 18 U.S.C. § 2709(b)(I). Similarly, the emergency voluntary disclosure provision requires, since March 2006, that the infonnation disclosed be "retatled) to the emergency." 18 U.S.C. § 2702(c)(4). 70 Moreover, by not reviewing records obtained in response to exigent letters and other types of informal requests, CAU personnel compounded problems arising from the lax procedures at the front end of these requests. CAU personnel told us, and documents we reviewed confirmed, that records obtained in response to exi ent letters and other informal requests were routinely uploaded into a database when received from the on-site communications service providers. However, this uploading normally occurred without verification that the records obtained matched the requests. Further, the original FBI requesters often did not have access to this database or know that CAU personnel were uploading records into the database. We found in our first NSL review that the FBI did not always examine records obtained in response to NSLs prior to uploading the records into FBI databases. 81 However, in those instances where the communications service providers responded to routine NSLs issued by FBI field offices, the case agents or Intelligence Analysts who had initiated these requests would sometimes review the records before they were uploaded into FBI databases. Because of their familiarity with the underlying investigations, these case agents or Intelligence Analysts could identify records the FBI did not request, or had requested by mistake, and take corrective action before the records were uploaded or placed in investigative case files. In contrast, CAU personnel routinely uploaded records obtained in res onse to exi ent letters and other informal processes into t h e _ database upon receipt, without any review. The CAU SSAs and Intelligence Analysts said they were for the most part unaware of the facts of the investigations and were acting merely as conduits between the requesters and the on-site communications services providers. Indeed, CAU personnel did not even retain copies of the exigent letters or documentation of the other types of informal requests and therefore were unable to confirm that they received responsive records. This meant that neither CAU personnel nor anyone else in the FBI determined whether the FBI had received unauthorized 81 FBI personnel were not required until June 1,2007, after the OIG's first NSL report was issued, to confirm that records obtained in response to NSLs matched the requests in the NSLs before uploading them into FBI databases. We found in our first and second NSL reports that the FBI obtained unauthorized collections in response to many NSLs, findings confIrmed by the FBI's review of a statistical sample of NSLs issued from 2003 through 2006. The unauthorized collections included records not requested in the NSLs. See DIG, NSL I, 73-84; OIG, NSL II, 26-28, 82-99. 71 collections, handled the overcollected materials appropriately, and made required reports to the President's Intelligence Oversight Board (108).82 B. "Sneak Peeks" We also identified the FBI's practice of obtaining "sneak peeks" for telephone toll records in the providers' databases, a practice that we concluded violated the ECPA statute (18 U.S.C. § 2702(a)(3)). There is no provision in the ECPA allowing the FBI to obtain infonnation about these records without either issuing legal process or making requests for voluntaxy disclosure in qualifying emergencies, pursuant to 18 U.S.C. § 2702(c)(4). Because CAU personnel failed to keep records of sneak peek requests, we were unable to determine how often such requests were made during the period covered by our review, whether the requests were pertinent to FBI investigations, in what circumstances they were made, and what, if anything, the providers were told about the reasons for these requests. However, we found that these requests were routine. One Company A analyst told us he responded to these requests on a daily basis, a Company C employee told us that these requests were approximately one-half of the requests he received from the CAU, and a Company B employee told us that he responded to these requests up to three times per week. The on-site Company C employee's log and e-mails of the employees of all three on-site providers also demonstrate that such requests were routine. Although CAU Unit Chief Rogers was aware of and approved sneak peek requests, we found that he issued no guidance and failed to require supervisory review or establish internal controls regarding their use. Rogers said he understood sneak peeks to be requests to see if the providers "even had 82 Executive Order 12863, which has since been modified, requires the Department to report intelligence violations to the President's Intelligence Oversight Board. According to Executive Order 12863, possible intelligence violations include any activities that "may be unlawful or contrary to Executive Order or Presidential Directive." "Unauthorized collections" is a phrase used to describe several circumstances in which the FBI receives information in response to NSLs that was not requested or was mistakenly requested. For example, many unauthorized collections occur due to errors on the part of NSL recipients when they provide more information than was requested (such as records for a longer period of time or records on additional persons). The FBI refers to these matters as "over collections" or "overproductions." We refer to these as "initial third party errors" because, while the NSL recipient may initially have provided more information than requested, the FBI mayor may not have compounded the initial error by using or uploading the information. Other unauthorized collections can result from FBI errors, such as when a typographical error in the telephone number or e-mail address results in the acquisition of data on the wrong person. See NSL II at 141. 72 data at all" and whether it was worthwhile pursuing an NSL. Youssef said he had no "first-hand knowledge" that CAU personnel requested sneak peeks from the on-site providers and did "not know for a specific fact ... that it actually happened." However, Youssef added that "maybe someone [in the CAUl has used it." We found that FBI supervisors in the CTD's chain of command, above the CAU Unit Chief, either did not know about the practice. did not have an accurate understanding of the practice, or did not understand the legal implications of providing responsive information without legal process. For example, former CXS Assistant Section Chief John Chaddic believed, incorrectly, that in response to sneak peek requests, the providers only informed the FBI whether the number was or was not a valid telephone number. but no further details. Former CTD Deputy Assistant Director John Lewis said it was his understanding that the FBI could use sneak peeks to "get records that would be of interest to us" without legal process. stating. "it's also why I think the phone company was there." On August 28, 2007, the FBI OGC requested a iegal opinion from the Department's Office of Legal Counsei (OLC) regarding three questions relating to the FBI's authority under the ECPA, including sneak peeks. One question stated that, "on occasion, FBI employees may orally ask an electronic communications provider if it has records regarding a particular facility (e.g., a telephone number) or person." The request asked whether under the ECPA the FBI can lawfully "obtain information regarding the existence of an account in connection with a given phone number or person," by asking a communications service provider, "'Do you provide service to 555-555-5555?' or 'Is John Doe your subscriber?m However, based on information we developed in our investigation. we determined that the hypothetical example used by the FBi OGC in the question it posed to the OLC did not accurately describe the type of information the FBI often obtained in response to sneak peek requests. As described above the FBI sometimes obtained more detailed information about calling activity by target numbers, such as whether the telephone number belonged to a particular subscriber, the number of calls to and from the tele hone number within certain date parameters, the area codes called, and call duration. On November 5, 2008, the OLC issued its legal opinion on the three questions posed by the FBI. In evaluating if a provider could tell the FBI consistent with the ECPA "whether a provider serves a particular subscriber or 73 a particular telephone number." the OLC concluded that the ECPA "bars providers from complying with such requests. "83 In reaching its conclusion, the OLe opined that the "phrase lrecord or other information pertaining to a subscriber' [in 18 U.S.C. § 2702(a)(3)] is broad" and that since the "information [requested by the FBI] is associated with a particular subscriber, even if that subscriber's name is unknown" it cannot be disclosed under the ECPA unless the disclosure falls within one of the ECPA exceptions. As described in Chapter Two, the information the on-site providers gave to CAU personnel in response to their sneak peek requests often included more detailed information about the subscribers or customers than simply whether the provider had records regarding particular telephone numbers or persons. Therefore. we concluded that this information also was information "associated with a particular subscriber" within the meaning of 18 U.S.C. § 2702(a)(3). As described above, the ECPA prohibits the disclosure to the government of toll records or information related to a subscriber except in certain limited circumstances set forth in the statute. The relevant exceptions require providers to disclose such information in response to compulsory legal process. such as national security letters, and also permit voluntary disclosures based upon the providers' good faith belief of a qualifying emergency.84 We found that the FBI did not serve legal process under the ECPA for the information it received pursuant to sneak peeks. In addition, we do not believe that the FBI's sneak peek practice complied with the ECPA's emergency voluntary disclosure provision for several reasons. First. the practice was described to us as a routine occurrence in the CAU. not limited to "exigent" circumstances. Second. some of the specific instances where the sneak peek practice was used included media leak and fugitive investigations. which clearly did not meet the emergency voluntary disclosure provision. Third. the FBI's lack of internal controls over the sneak peek practice made it impossible for us - or the FBI - to reliably determine how many or in what circumstances sneak peek requests were made. and what the providers were told or believed about the reasons for these requests. Therefore. 83 The OLe identified a very narrow exception under 18 U.S.C. § 2702(a)(3) for disclosure of whether a particular telephone number was among those assigned or belonging to the provider but not '"whether the provider has given (the number] to a subscriber." 84 As described previously, prior to March 2006, this exception required the provider to have a "reasonable belief" that a qualifying emergency existed. 74 we found that the FBI's sneak peek practice violated the ECPA in many cases. 8S C. Calling Circle/Community of Interest _ In addition, we believe that the community of interest used by the FBI were improper. practices could we determine how often records or information about the telephone numbers other than the numbers listed in the legal process or exigent letters were provided to the FBI. Similarly, while Company A records show that from 2004 through 2007 the on-site Company A analysts used the Company A ~rest to review records for 10,070 _ telephone numbers, Company A could not d ~ whether these numbers were _ as part of Company A's _ service or in r e ~ e s t s . Company A also could not tell us whether these _ records were actually provided to the FBI. 86 Second, when FBI ersonnel issued NSLs that included requests for communi of interest , they did not consistently assess the relevance of the numbers before making the request. Instead, community of interest requests were often included in the boilerplate attachments to NSLs. The FBI issued NSLs that requested community of interest _ without conducting, or documenting in the approval ECs, any 85 In a draft of this report given to the FBI in April 2009, the OIG recommended that the FBI issue guidance specifically prohibiting the use of sneak peeks. In June 2009, the FBI posted guidance on its Corporate Policy Intranet prohibiting sneak peek practices. The guidance referred to the OLC legal opinion and also stated that FBI employees "may not informally seek statutorily protected information prior to the issuance of process." The FBI told us that this guidance will be incorporated into the next revision of its Domestic Investigations and Operations Guide. As noted above, we believe that most of Company A's communi without requests from the FBI as part of Company A's records were not provided to the FBI. (8/ / NF) 86 75 assessment of the possible relevance of telephone numbers to the underlying investigation. Absent such an assessment, we believe the FBI did not satisfy the ECPA requirement to issue NSLs in national security investigations only upon certification by those authorized to sign NSLs that the records are relevant to authorized national security investigations. 87 Moreover, although we identified instances in which some communi of interest re uests were limited to telephone numbers with or from , we do not believe these limitations necessarily satisfied the ECPA certification requirement or corresponding provisions of the Attorney General's NSI Guidelines and FBI policy.88 Third, FBI personnel who made the decisions to request community of interest _ after reviewing records were not among the officials to whom the FBI Director delegated authority under the ECPA to sign NSLs. CAU Intelligence Analysts and SSAs are subordinate to the FBI officials who are authorized to sign NSLs. Yet, after reviewing the records, these subordinate FBI em 10 ees sometimes asked the on-site Company A analysts to provide records. We believe that if the si ners of the NSLs did not themselves determine that the records were relevant to an authorized counterterrorism investigation, the of the records would violate the ECPA, even if the community of interest request was included in the NSL attachment. Fourth, when the FBI received ~ecords from Company A in response to its community of interest _ requests, the records did not identi or otherwise distin ish toll billin records in legal process or exi ent letters. Moreover, the FBI uploaded responsive records into a database, and the FBI did n o t ~ records on the target numbers listed in legal process from the records _ and provided in response to community of interest requests. It is therefore likel that the records of thousands of calls to and from tele hone numbers were uploaded into the _ database without the required relevance assessment by an authorized FBI official. Without additional research on these telephone 87 See 18 U.S.C. § 2709(b). Limitin a community of interest _ request to calls to or from _ numbers by itself is not necessarily a relevance assessment. community of interest requests to the calls from a would not necessarily satisfy the ECPA relevancy requirement. 76 numbers, the FBI is unable to identify which records are associated with numbers and whether those numbers were relevant to the underlying investigations for which they were requested. F ~ yA ~ its community of interest _ to review _ ~ o n enumbers as part of its ~rvices in the absence of specific _ requests from the FBI, the on-site Company A analysts sometime provided to the FBI information pertaining to a subscriber or a customer of its service. This also appears to violate the ECPA statute, which prohibits communications service providers from divulging "a record or other information pertaining to a subscriber to or customer of such service ... to any governmental entity." See 18 U.S.C. § 2702(a)(3). Finally, FBI e-mails indicate that in late 2004 FBI OGC attorneys became aware of but did not object to community of interest _ requests for telephone numbers. In May 2006, these attorneys also approved use of a boilerplate attachment for NSLs served on the on-site providers. This attachment listed community of interest records and 17 other types of information that "may be considered by [the providers] to be toll billing records." Although FBI General Counsel Caproni and NSLB Deputy General Counsel Thomas concluded that community of interest _ requests for telephone numbers could satisfy the ECPA relevance standard such that the FBI would not have to issue separate NSLs for the records, the FBI did not issue written guidance on when such requests were appropriate. In March 2007, on the advice of the FBI OGe, the CTD directed that such requests - In November 2007, the FBI OGC and the CTD that inco orates the rind Ie that the Although this guidance has not yet been finalized, current FBI policy as stated in the Domestic Investigations and Operations Guide (DIOG) requires that the NSLB ~ounsel approve community of interest requests and that _ telephone numbers for which information has been obtained be reported to NSLB for congressional reporting purposes. In addition, the ~ires that the NSL approval EC demonstrate the relevance of _ _ information to the national security investigation. 77 We agree with the idance and the DIOG, les articulated in the November 2007 draft We concluded that in order to satisfy the requirements of the ECPA, relevance must be determined before the request is made. 89 We also agree that senior FBI officials and a Department attome~approve such requests and that the record of telephone numbers _ pursuant to these requests should be created for purposes of congressional reporting on NSL usage by the Department. However, CTD's guidance still has not been issued. In sum, we concluded that the FBI's community of interest practices were ina ro riate and likel resulted in the FBI obtaining and uploading into a database thousands of telephone records for telephone numbers without the required certifications of relevance to an authorized international terrorism investigation by an authorized FBI official. In addition, we found that the FBI is unable to i d e ~today which records in the database are associated with _ numbers and whether those numbers were relevant to the underlying investigations for which they were requested. We also concluded that the FBI failed to review the implications of Company A's community of interest _ capability when Company A first posted its analysts on-site at the CAU; failed to issue written guidance in coordination with the FBI OGC about the circumstances in which such requests were appropriate under the ECPA; failed to establish an approval process for such requests or ensure that the predication for these requests was properly documented in approval ECs; and failed to ensure that records sought in community of interest _ requests were included in required reports to Congress on NSL usage. 89 After reviewing a draft of this report, the FBI identified for us another draft policy, dated February 2008, that did not require approval by a Department attorney. We believe that the approach in the November 2007 draft guidance is superior. No final guidance has yet been issued by the FBI. 78 CHAPTER THREE ADDITIONAL USES OF EXIGENT LETTERS AND OTHER INFORMAL REQUESTS FOR TELEPHONE RECORDS We found other irregularities in the way the FBI obtained telephone records and used the on-site communications services providers located in the Counterterrorism Division's (CTD) Communications Analysis Unit (CAU). As described in this chapter, we determined that the FBI obtained calling activity information from Company A and Company C on pre-determined "hot numbers" without legal process. In addition, in three media leak investigations, the FBI requested _ and in two instances obtained reporters'toll billing records or calling activity information without prior approval by the Attorney General, in violation of federal regulation and Department policy. We also determined that FBI Supervisory Special Agents (SSA) made inaccurate statements to the Foreign Intelligence Surveillance Court (FISA Court) in characterizing the source of records that the Department of Justice relied upon to support applications for electronic surveillance or pen register and trap and trace orders. In addition, an SSA assigned to the CAU signed administrative subpoenas to cover the FBI's earlier acquisition of telephone toll billing records through exigent letters or other infonnal requests in violation of the ECPA and the statute authorizing the use of administrative subpoenas in narcotics in~tions (21 U.S.C. § 876). This CAU SSA and an SSA assigned to the FBI's _ Field Division together signed 5 administrative subpoenas for telephone records that were dated from 7 to 44 days after the FBI had obtained the records without legal process, in violation of the ECPA.90 I. Obtaining Calling Activity Information on "Hot Numbers" From 2004 through 2006 the FBI used a service offered by Company A and Company C referred to as "hot number _ . " When using this service, the FBI asked Company A or Company C to provide calling activity infonnation for telephone numbers that CAD or other FBI personnel had identified as "hot numbers." As described below, the FBI sometimes included specific parameters in its r e ~ c h as whether there were calls to or from a particular area code _ After the _ were set on the hot numbers, and without receiving court orders or any type of legal process 90 As described below, some of these problems occurred in combination with the use of exigent letters or other informal requests. 79 authorizing release of this information, the on-site Compan~anyC em 10 ees informed CAD personnel when the hot numbers _ _ _ _ In addition, the providers sometimes gave the FBI more information than just the fact that calling activity existed, such as call originating and terminating information. Based on records we examined from Company A, Company C, and the., we determined that the FBI requested calling activity information on at least 152 telephone numbers and obtained calling activity information for at least 42 hot numbers from 2004 through 2006. 91 A. Legal Authority for Obtaining Calling Activity Information The Stored Communications Act, 18 U.S.C. § 2701 et.seq'J a subtitle of the ECPA which includes the ECPA NSL statute, authorizes the FBI to obtain historical, stored data from communications service providers. However, the case law is unsettled whether legal process issued under the Stored Communications Act can also be used prospectively to obtain records that come into existence after the issuance of the legal process. 92 91 As described below, Company A told us that 87 telephone ~ a c e don a We "hot" list by Company A for the FBI, but only 42 telephone numbers found documentation indicating that Company C placed at least 65 telephone numbers on a . . . . . . . . and we found evidence that at least some of these numbers 92 This issue has arisen in the context of government requests to obtain prospective cell site location information. Courts are divided on whether the government can obtain such information through legal process issued pursuant to the Stored Communications Act (and the Pen Register Act), or whether the government must obtain a warrant based on probable cause. See, e.g., In the Matter ofthe Application, 534 F. Supp. 2d 585, 599-600 (W.O. Pa. 2008)(W.D. Pennsylvania decision), affd, 2008 WL 4191511 (W.O. Pa. 2008). Several cases denying the government's requests for prospective cell cite location information pursuant to the Stored Communications Act rely in part on the fact that the Act does not authorize collections of prospective information. See, e.g., In re U.S. for Orders Authorizing Installation and Use ofPen Registers and Caller Identification Devices on Telephone Numbers, 416 F. Supp. 2d 390,395 (D. Md. 2006); In re Application of the U.S. for an Order (1) Authorizing the Use ofPen Register and a Trap and Trace Device and (2) Authorizing Release of Subscriber Information and/or Cell Site Information, 396 F. Supp. 2d 294,311-14 (E.D.N.Y. 2005); In re Application for Pen Register and Trap/Trace Device with Cell Site Location Authority, 396 F. Supp. 2d 747, 760-62 (S.D. Tex. 2005). But see, In re: Application ofthe United States for an Order for Prospective Cell Site Location Information on a Certain Cellular Telephone, 460 F.Supp2d 448, 452-459 (S.D.N.Y. 2006)(holding that the Stored Communications Act contains no explicit limitation on the disclosure of prospective data, while acknowledging that a majority of courts to have addressed the government's theory that the Pen Register Act, in combination with the Stored Communications Act, supports disclosure of prospective cell site location information have denied the government's applications); and In re U.S. for an Order Authorizing the Use of Two (Cont'd.) 80 The Pen Register Act, which authorizes court-ordered electronic monitoring of non-content telephone calling activity, can be used to obtain prospective calling activity information. 93 The Pen Register Act authorizes the installation of pen register and trap and trace devices in both criminal investigations and also in national security investigations pursuant to the Foreign Intelligence Surveillance Act (FISA).94 Pen registers identify outgoing dialed telephone numbers, while trap and trace devices identify incoming telephone numbers. Pen registers and trap and trace devices require court orders (pen/trap orders) and are issued for a fIxed period of time, not to exceed 60 days. B. Hot N u m b e r _ During the period cov~our review, the FBI identified 87 "hot numbers" for Company A to _ and at least 65 hot numbers for Company C to _ . The FBI did not provide legal process to Company A or Company C either before or after it identified the numbers and received calling activity information. We describe below details about the FBI's acquisition of this information, what the CAU Unit Chiefs and attorneys in the FBI OffIce of the General Pen Register and Trap and Trace Devices, 632 F. Supp. 2d 202,207 (E.D.N.Y. 2008) (granting prospective cell site location information and stating the Stored Communications Act does not preclude the ongoing disclosure of records to the government once they are created. Recent cases have questioned whether any cell site location information - historical or prospective - is available under the Stored Communications Act, or whether cell site location information is excluded because the cell phone is then a "tracking device' excluded under the Act. The W.D. Pa. decision has been appealed, and the 3rd Circuit's ruling will be the fIrst appellate decision on the issue. Prior to the appeal to the 3rd Circuit, the Department of Justice concluded that prospective cell site location information was encompassed within the terms of the FISA pen register provision, as amended by the Patriot Reauthorization Act. However, the Department is awaiting the 3rd Circuit's decision before pursuing this position with the FISA Court. 93 The Pen Register Act, which is part of the ECPA, authorizes the FBI to obtain court orders for the real-time interception of outgoing or incoming telephone numbers to a target telephone. See Electronic Communications Privacy Act of 1986, Title III ("Pen Register Act"), Pub. L. No. 99-508, codified as amended at 18 U.S.C. §§ 3121 - 27 (2000 & Supp. 2002). In criminal cases, the courts are authorized to enter ex parte orders for pen registers or trap and trace devices upon certification that the information likely to be obtained "is relevant to an ongoing criminal investigation." 18 U.S.C. § 3122(b)(2). 94 See 18 U.S.C. §§ 3121 - 27; 50 U.S.C. § 1842(e). 81 Counsel (FBI aGC) knew about the practice, and our analysis of this practice. 1. Company C Company C's hot number _ feature was described in a May 23, 2003, proposal of work that led to a contract between the FBI and Company C for the provision of Company C's on-site services in the CAU. A CTD Electronic Communication (EC) dated May 28, 2003, that requested fundin for this contract stated that the "statement of work also allows for the 95 However, we found that the FBI did not establish any procedures, guidance, oversight, or training for CAU personnel regarding the use of hot number _ We also found no evidence that NSLB attorneys conducted any legal review of the proposed COl~ontractin 2003, including the legal implications of hot number _ Further, we found no evidence that FBI attorneys evaluated the legal implications of hot number _ after Company C posted its on-site employee in the CAU in April 2004, or thereafter, until 2007. 96 A CAU SSA told us that to obtain information~umbershe provided a list of telephone numbers to Company C _ Company C would then notify him of calling activity by the targeted numbers. The on-site Company C's employee's log indicates that in some instances the Company C employee provided more information than just the fact of calling activity, such as call originating and terminating information. A Company C representative confirmed for us that Com~ did not receive legal process from the FBI to initiate any hot number _ and also did not receive legal process after it had provided information to the FBI about the hot numbers. The Company C representative also said that Com an C could not determine how often the feature was used or _ at the request of the FBI during the 4-year period covered by our review. However, based on information provided to us by a CAU SSA who used the Company C service and our review of Company C documents, we estimated that the FBI asked Company C to for at least 65 telephone numbers between May 2004 and September 2006. 95 The EC was initiated by the CAU and was approved by Thomas Harrington, the Deputy Assistant Director of the CTD. As described below, we found that based on inaccurate infonnation provided to her General Counsel Caproni came to the erroneous conclusion that hot number _ _ had not been used by the CAD. 96 ~007, FBI 82 Company C records also show that the FBI was billed for and paid a separate fee to Comp~thishot number We found that the FBI paid Company C _ for hot number during the period from 2002 through 2006. 97 2. Company A Documents that Company A provided to the FBI as part of Company A's 2004 contract proposal for on-site services in the CAU described Company A's capability to "track, follow, and ca ture fu itives, terrorists and other criminals" and to search for known fugitives (Le. . . . ." One of Company A's stated goals in the proposal was to create a report "to be customized specifically for the FBI based upon input data such as hot target list, significant numbers, secure data, etc." An on-site Com an A anal st told us that C ~ capability was Company A _ He said he could not recall when information on "hot numbers" was ~ e CAU.98 Use of this capability enabled the FBI to learn in _ that there was calling activity by the hot numbers. Additionally, if specified by the FBI requesters, Company A would" the requesters only to calling actiVi' within certain parameters, such as calls to or from a particular area code _ The on-site Company A analyst said that while he received details of the calling activity by the hot numbers - including the date, time, and duration of the calls - he informed the FBI requesters only that there had been calling activity. The Company A analyst told us that he typically notified the CAU or other FBI requesters of the calling activity verbally. The on-site Company A analyst who set many of the Company A hot number _ told us that he did not discuss with anyone in the FBI or Company A whether legal process would be served before he provided calling activity information. He also said that he did not receive any type of legal 97 Company C's schedule of payments shows that Company C billed the FBI at a rate of _ per month in fiscal year (FY) 2006 for for a maximum of 1,000 telephone numbers. A Company C representative told us that Company C also billed the FBI at a flat rate in FY 2002 and FY 2004. 98 Co~A's was different from another Company A capability called "hot number _ . " Hot number _ permits Company A to collect all toll bUS records at set intervals, such as every 4, 8, or 12 hours, while _ provided _ information about calling activity on particular telephone numbers. Company A told us that the FBI never received information or records from Company A in connection with its "hot number service, and we found no contrary evidence. 83 process or exigent letters for the calling activity information that he provided to the FBI. Based on information we obtained from Company A, we found that from June 2005 until December 2006, FBI personnel asked Company A t o . _ for at least 87 telephone numbers. A Company A representative told us that of the 87 telephone numbers, 42 telephone numbers enerated ~ ~ information. The attorney stated that information _ was conveyed to the Company A anal st of the _ calling activity. A CAU SSA who used the feature told us that typically he did not receive notification of the calling activity generated on his hot numbers , usually through an e-mail from the on-site Company A analyst. Unlike Company C, Company A provided its hot number _ service as part of its overall contract for services to the F ~ Company A did not impose separate charges for setting hot number _ A CAU SSA told us that CAU Unit Chief Rogers told him to use Company ~ a n yC's hot number _ service in connection with the _ fugitive investigation being conducted by the FBI's _ Field Division and in connection with another fugitive investigation being conducted by the FBI's Field Division. 99 Related to t h e _ ~ation, the SSA recalled attending a "meet and greet" session with a _ Field Division supervisor in the CAU that was also attended by CAU Unit Chief Bassem Youssef. The SSA said that the purpose of the meeting was for the CAU to describe its resources and how the CAU could support the _ fugitive investigation. 100 Several months after this meeting, the FBI began identifying hot numbers associated with the _ investigation and giving them to the on-site Company A analyst. The Company A analyst thereafter notified both the CAU SSA and the Field Division case agent bye-mail of the telephone numbers. The CAU SSA told us that several other CAU personnel used the hot number feature in other FBI investigations. We received independent information that corroborated the CAU SSA's statement regarding other CAU personnel using the hot number for other CAU cases. 99 84 The CAU SSA said that if the case agent was interested in obtaining toll billing records or subscriber information on the hot numbers, the FBI would issue administrative subpoenas or exigent letters for those records. 101 The CAU SSA estimated that he ~ompanyA a total of 20 telephone numbers in connection with both the . . and the other fugitive investigation. 102 In our investigation, we found no evidence that the FBI established procedures, guidance, oversight, or training to ensure that CAU personnel sought appropriate legal authority when they asked Company A or Com~ C ~ide calling activity information in response to the FBI's requests _ on hot numbers. _ C. _. FBI OGe and CAU's Unit Chiefs' Knowledge of Hot Number In this section we examine what CAU Unit Chiefs and FBI aGC attorneys knew about hot number _ CAU Unit Chiefs and FBI aGC attorneys told us they were unaware of the use of hot number _ by CAU personnel. CAU's first Unit Chief, Glenn Rogers, said he thou ht Com an A offered a hot number ca abili However, Rogers said he was not certain whether Company A's hot number _ was ever utilized by the FBI and also was not certain what authority the FBI would use to acquire the calling activity information. 101 The CAU SSA told us that before notifying FBI requesters of calling activity by the hot numbers, Compan A used "sneak eeks" to first determine whether the calling activity was associated with have investigative value. After the Company A analyst made this determination, he notified the FBI of calling activity by telephone numbers that might be of investigative interest. 102 The CAU SSA said he recalled first learning about hot number _ at a meeting in 2004 he attended with CTD Section Chief Michael Fedarcyk, CAU Unit Chief Rogers, and a female NSLB attorney whose name he could not recall. He stated that they discussed the use of "forward-Iookin sub oenas" or "antici ato search warrants" that would request information The CAU SSA told us that the NSLB attorney said that she approved of forward-looking subpoenas. He said he was not certain whether the legal processes discussed at the meeting were grand jury subpoenas or NSLs, but that the NSLB attorney said that there was no legal problem with forward-looking subpoenas. He also said that no FBI attorneys ever told him that they had legal reservations about hot number We could not identify any NSLB attorney at this meeti~the FBI could not locate documentation of any legal review by the NSLB of hot number _ _ or other features of the Company A contract from 2003 through 2007. 85 Ro~ccessor as CAU Unit Chief, Bassem Youssef, told us that hot was a feature offered by Com an C whereb the FBI "would on a articular tar et number" However, Youssef said he did not know what the authority was for hot number _ He said that after making inquiries with an FBI field division in 2006 and 2007, he believed that the FBI had never used Company C's hot number capabilities. number _ have authori On September 12, 2006, a CTD Contracting Officer's Technical Representative (COTR) sent an e-mail to Youssef asking him whether the CAU still needed ~ C's hot number _ service for which the FBI was then paying _ per month. 103 Youssef responded that he no longer needed the hot number _ feature and, in the event it were needed in the future, "we would ask for it on a month to month basis." The COTR asked Youssef to contact Company C and let it know that the FBI was cancelling the service. On September 18,2006, Youssef informed the ~ Con-site employee bye-mail that "we no longer need the hot # _ feature and we'll re-institute it in the future if we need it again." The Company C employee replied bye-mail that Company C was then using the feature for two FBI investi ations: the _ fugitive investigation being conducted by the FBI's Field Division and a second fugitive investigation being conducted by the Field Division. The Company ~ e e asked Youssef to confirm that he wanted to terminate hot number _ for both investigations, which Youssef confirmed. Marion Bowman, who was the National Security Law Branch (NSLB) Deputy General Counsel when the contracts were executed, told us that he was unaware of and did not review the contracts with Company A, Company B, or Company C to provide on-site services at the CAU and did not know the specifications for the contracts. Bowman's successor as NSLB Deputy General Counsel, Julie Thomas, told us that she recalled reviewing the contracts with the on-site providers for the first time in late 2006, after receiving a draft of the OIG's first NSL report. She stated that she recalled identifying the provision of the contract,discussing hot number _ and concluding that the FBI could obtain this type of information only through a pen register. She said that 103 Youssef had co-signed the Company C monthly invoices that included charges for this feature for 12 consecutive months prior to the COTR asking him whether Company C's hot number feature was needed. However, the invoices only referenced a lump sum amount and did not itemize the particular services provided for the charges. 86 she also recalled learning in April 2007 that Caproni had been informed at that time that the service had never been used. Thomas said she did not lean1 until shortly before her final DIG interview for t ~ in August 2008 that the FBI had paid Company C for hot number _ Caproni told us that based on information she had received from FBI personnel in April 2007, she believed that hot number _ had never been used by the FBI. In an April 2007 e-mail to CTD Assistant Director Joseph Billy, Jr., and other~sonnel,Caproni instructed that if the CTD sought to use hot number _ CTD must first contact the FBI DGC. She added that the FBI aGe needed to understand the technical aspects of the feature before providing a legal opinion about its use. In 2008, Caproni told us that her concern at the time was that the feature "might be an unlawful pen register. n 104 D. OIG Analysis We found that the FBI sought calling activity information on 152 "hot" telephone numbers from Company A and Company C and was provided information on at least 42 of those numbers. Company A provided information that there had been calls made to or from the numbers identified by the FBI, sometimes in response to specific inquiries from the FBI about whether calling We also found activity existed to or from a particular area code evidence that Company C also may have provided more information than just the existence of calling activity, such as call originating and termination information. We believe that the calling activity information requested by and conveyed to the FBI about these hot numbers required legal process. Although the information given to the FBI by Company A and Company C on these hot numbers was less extensive than the type of information typically provided in response to NSLs or pen register jtrap and trace orders, it constituted "a record or other information pertaining to a subscriber or a customer" under the ECPA,l°S As discussed in Chapter Two of this report in connection with our analysis of "sneak peeks," the Department's Office of Legal Counsel concluded, and we agree, that the ECPA ordinarily bars communications service providers 104 Mter reviewing a draft of this report, the FBI stated tha~uentto her OIG interview, Caproni concluded that as a matter of law, hot number _ _ did not implicate the Pen Register Act. >os 18 U.S.C. § 2702(0)(3). 87 from telling the FBI, prior to service of legal process, whether a particular account exists. We also concluded that if that type of information falls within the ambit of "a record or other information pertaining to a subscriber to or customer of such service" under 18 U.S.C. § 2702(a)(3), so does the existence of calling activity by particular hot telephone numbers, absent a qualifying emergency under 18 U.S.C. § 2702(c)(4). We found no evidence that the FBI requested or the providers gave the FBI this information pursuant to the emergency voluntaI}' disclosure provision of the ECPA. Instead, it appears that the information was disclosed as part of the contractual arrangement between the providers and the FBI, and was primarily used in connection with fugitive matters that did not qualify as emergency situations under 18 U.S.C. § 2702. Therefore, we believe that the practice of obtaining calling activity information about hot numbers in these matters without service of legal process violated the ECPA. We also found it both surprising and troubling that Rogers, as Unit Chief of the CAU and the official responsible for knowing and assessing the tools used by his subordinates to obtain information from the on-site providers, said he was not certain whether Company A's hot number _ feature was ever utilized by the FBI. We likewise were troubled that Youssef, Roger's successor as CAU Unit Chief, told us that he did not believe that hot number _ w a s used. In addition, from the inception of the FBI's contractual relationship with the three providers beginning in 2003, senior FBI officials knew that the CAU would be handling telephone transactional records which the FBI could lawfully obtain pursuant to the ECPA. However, the FBI failed to ensure that responsible officials in the CTD and the FBI OGC's NSLB reviewed the proposed and final contracts with the providers to ensure that the agreements conformed to the requirements of the ECPA and other relevant laws and policies. The General Counsel and the NSLB Deputy General Counsel did not review the contracts or associated documents with the on-site providers until late 2006 or early 2007. We believe that the absence of timely legal review was a significant management failure by the FBI. In part because NSLB attorneys did not review the contract proposals with the on-site providers, they were unaware of the specific services provided, including the hot number _ service. In Chapter Six of this report we provide recommendations to address our findings from this portion of our review. We believe the FBI should carefully review the circumstances in which FBI rsonnel asked the on-site communications service providers "hot numbers" to enable the Department to determine if the FBI obtained calling activity information under circumstances that trigger discovery or other obligations in any criminal investigations or prosecutions. Our recommendations also are 88 designed to ensure that FBI personnel receive periodic training on the FBI's authorities to obtain telephone records from communications service providers and that FBI aGC attorneys and program managers, including successor officials serving in these positions, are fully familiar with any FBI contracts with communications service providers. II. Seeking Reporters' Telephone Records Without Required Approvals We determined that in three media leak investigations the FBI requested, and in two of these instances obtained from the on-site communications service providers, telephone records or other calling activity information for telephone numbers assigned to reporters. However, the FBI did not comply with the federal regulation and Department policy that requires Attorney General approval and a balancing of First Amendment interests and the interests of law enforcement before issuing subpoenas for the production of reporters' telephone toll billing records. 106 In the sections that follow, we describe the federal regulation and Department policies governing the issuance of subpoenas for the telephone toll billing records of members of the news media, the facts we found regarding each of these three leak investigations, and our analysis of each of these three cases. A. Federal Regulations and Department Policies Because of the First Amendment interests implicated by compulsory process to obtain reporter's testimony or their telephone records, 28 C.F.R. § 50.10 (2004) requires special approvals and other advance steps before Department employees are permitted to issue subpoenas for reporters' testimony or the production of their telephone records. Specifically, this regulation requires that before issuance of such subpoenas, "all reasonable attempts should be made to obtain information from alternative sources."107 This regulation also requires the Department to attempt to negotiate the voluntary appearance of the news media personnel or the voluntary acquisition of their records. If the records are needed for a criminal investigation, the regulation requires "reasonable grounds to believe, based on information obtained from non-media sources, that a crime has 106 See 28 C.F.R. § 50.10. 107 28 C.F.R. § 50.1O(b). 89 occurred, and that the information sought is essential to a successful investigation ...."108 Any requests for such subpoenas must be approved by the Attorney General in accordance with principles specified in the regulations. 109 The regulation also requires that if the telephone toll records of members of the news media are subpoenaed without the required notice, the affected member of the news media must be notified "as soon thereafter as it is determined that such notification will no longer pose a ... substantial threat to the integrity of the investigation" and, in any event, within 45 days of any return in response to the subpoena. 110 Finally, the regulations state that failure to obtain the prior approval of the Attorney General "may constitute grounds for an administrative reprimand or other appropriate disciplinary action."111 Department policies supplement this regulation by specifying the information required to be included in requests seeking Attorney General approval for issuance of such subpoenas. 112 At the time of the investigations at issue, the FBI's media leak investigations were governed by the Attorney General's Guidelines on General Crimes, Racketeering Enterprise and Terrorism Enterprise Investigations. 113 In addition, at the time of these investigations, leak investigations involving H'. 28 C.F.R. § SO.IO(q(I). '''' 28 C.F.R. § SO.IO(g). 110 Section 50.1O(g)(3) of 28 C.F.R. states: When the telephone toll records of a member of the news media have been subpoenaed without the notice provided for in paragraph (e)(2) of this section, notification of the subpoena shall be given to the member of the news media as soon thereafter as it is determined that such notification will no longer pose a clear and substantial threat to the integrity of the investigation. In any event, such notification shall occur within 45 days of any return made pursuant to the subpoena, except that the responsible Assistant Attorney General may authorize delay of notification for no more than an additional 45 days. m 28 C.F.R. § SO.IO(n)(2004). 112 See United States Attorneys' Manual § 9-13.400, "News Media Subpoenas; Subpoenas for Telephone Toll Records of News Media; Interrogation, Arrest, or Criminal Charging of Members of the News Media." 113 As noted previously, several sets of Attorney General Guidelines were revised and consolidated into the Attorney General's Consolidated Guidelines, which took effect in December 2008. 90 classified information were categorized by the FBI as espionage investigations because they potentially involved violations of the Espionage Act. B. First Matter 1. Background An FBI squad onse the FBI CTD opened a counterterrorism 2. The Investigation of the Leak of Information to the Media The FBI's Field Office initiated a leak investigation ~ o determine whether U.S. government employees or others had violated criminal laws prohibiting the release of classified information in connection with the Washington Post and The New York Times articles. The investigation was assigned to a Field Office counterintelligence squad, and a case ~t was assigned to the matter. The U.S. Attorney's office in _ assigned an Assistant United States Attorney (AUSA) to the investigation on or about October . . . 91 According to our interviews and review of FBI documents, in November . . the AUSA assigned to the investigation discussed with the FBI case agent the possibility of seeking Department approval to subpoena the telephone toll billing records of the reporters who wrote the two articles in the Post and the Times. The case agent and the AUSA told us that they were both aware at that time of the Department's regulation that requires Attorney General approval for obtaining reporters' telephone toll records, and they recalled discussing the possibility of seeking such approval. They both stated that before taking this ~ they believed they should determine w h ~records of _ calls made by the reporters and others _ could be obtained from the on-site communications service providers located in the CAU. a. The Assistance Field Office Requests CAU On November 5, _ , the case agent sent an e-mail asking another Special Agent in the _ Field Office to inquire, in the other agent's capacity as his squad's liaison to the CAU, whether the on-site communications service providers could obtain telephone toll records of U.S. persons making ~ calls . The case agent's November 5 e-mail listed 12 _ telephone numbers, 8 of which were identified in the e-mail as belonging to Washington Post re orters _ and Washin ton Post researcher Times reporters The e-mail identified a 7 -month time period - a few months before and a few months after the published articles - as the time period of interest for the leak investigation. Three days later, the Special Agent who had received the e-mail from the case agent forwarded the e-mail to a CAU SSA - also copying the case agent. The Special Agent asked the CAU SSA in his forwarding e-mail whether, as a general matter, . . calls generated by the identified telephone numbers originating _ would be captured by the on-site providers' systems. The CAU SSA replied bye-mail on November 10, . , asking whether the Special Agent wanted him "to start pulling these tolls" and, if so, "what is the source of the request ... NSL or FGJ subpoena?" The CAU SSA's e-mail was copied to the case agent's supervisor, but not to the case agent. We found no e-mail response to the CAU SSA's questions, either from the Special Agent or anyone else. When we asked the Special Agent about this e-mail, he told us that he did not recall it. 92 In September and December , a CAD SSA and other CAD ersonnel provided briefings to the Field Office's squads, including the case agent assigned to the leak investigation (who attended one of the briefings), about the resources available to support FBI investigations from the on-site communications service providers. Five days after the December briefmg, the case agent on the leak investigation sent an e-mail to a CAD Intelligence Analyst who had participated in the briefing, asking the same questions that had been previously posed to the CAU SSA b the Special Agent: could the on-site providers obtain toll records on calls ori . atin telephone numbers _ The case agent stated in his December 14 e-mail to the CAU Intelligence Analyst, "You suggested that we run this past you before we send the subpoena." The e-mail also stated, "We likely will proceed with a federal grand jury subpoena, with the AUSA requesting DOJ approval before issuing the subpoena." The case agent also noted in the e-mail that the Special Agent who had originally forwarded this request to the CAD had already "touched base with [the CAU SSA] preliminarily on this matter." In response, on December 14, _ , the CAD Intelligence Analyst sent the case agent a sample NSL for toll billing records. The Intelligence Analyst also stated in his e-mail that he would check with the CAD SSA "to make sure he hasn't already pulled the tolls." We found no evidence indicating that the CAD SSA received this e-mail or that he was informed about any planned request for DOJ approval. However, in the absence of any request from the case agent o~one in the FBI, the CAD SSA issued an exigent letter dated December 17, _ , to Company A for telephone records of the reporters and others listed in the case agent's November 5, _ , e-mail. We determined that the SSA did this without further discussion with the case agent or the Special Agent who had asked only whether such records could be obtained through the on-site providers, not that the records should be obtained. I IS The CAU SSA's exigent letter sought records on nine telephone numbers, seven of which were identified in the e-mail exchanges described above as belonging to Washington Post and New York Times reporters or their news organizations' bureaus in The other two numbers were associated 115 We determined that this SSA had issued a total of 115 exigent letters, the second highest number of exigent letters signed by any CAU personnel. 93