Skip navigation

Review of the Fbi Use of Exigent Letters and Other Requests for Phone Records 2010 Partg

Download original document:
Brief thumbnail
This text is machine-read, and may contain errors. Check the original document to verify accuracy.
"should not be followed with a subpoena or other compulsory process.# The
memorandum also stated that letters requesting emergency voluntary
disclosures must be approved by Assistant Special Agents in Charge,
Special Agents in Charge, or higher authority, 193 NSLB Deputy General
Counsel Julie Thomas was among the approving officials on the
memorandum.
We found that during the period when FBI OGC attorneys were
developing this guidance they did not consider or discuss how the
emergency voluntary disclosure statute related to the use of exigent letters
Indeed, the Assistant General Counsel acknowledged to the OIG and her
supervisors that the NSLB had not relied on the emergency voluntary
disclosure statute as authority for issuance of exigent letters.
In an interview on July 20, 2006, OIG investigators asked the
Assistant General Counsel about the legal basis for approving exigent
letters. She stated that none of the NSL statutes "specifically addressed
emergency situations.# However, she said she believed that there was "an
exception in national security circumstances where we think it's absolutely
necessary.# She said the FBI had "tried to reconcile the literal interpretation
[of the NSL statutes] with the other policy considerations" that the FBI
needs to deal with when "lots of lives are at stake." The Assistant General
Counsel said that in making this judgment the FBI took into account its
policy mandate, its mission, and the emergency voluntary disclosure
statute. However, she said that she was "not pretending ... in retrospect"
that the FBI had relied on the emergency voluntary disclosure statute at the
time to support the use of exigent letters. 194
FBI General Counsel Caproni told us that she was unaware of the
FBI's use of exigent letters or that the FBI had obtained records before
issuing legal process until the GIG brought the issue to her attention in late

193 Office of the General Counsel, Federal Bureau of Investigation, electronic
communication to all Divisions, Emergency Disclosure Provision and Information From
Service Providers Under 18 U.S.C. § 2702(b), August 25, 2005.
194 We found that the Assistant General Counsel advised Thomas in an e-mail on
July 20, 2006, following an OIG intelView in this matter, "[ajrguably, the CAU disclosures
fall under 2702 disclosures, although we have never tried to fit them under that ... and
maybe we should, and that would solve the problem." She also told us in September 2007
that the emergency voluntary disclosure statute was not considered in regard to the CAU's
activities, stating, "it never carne up and it is kind of curious why it did not," and that "in
retrospect, we probably should have [considered 18 U.S.C. § 2702(c)(4)I, but I guess we did
not see the need for it at the time."

156

2006. She added that, "[s]o, certainly at the time, no, we had no
discussions that these [exigent letter requests] - would qualify under that
provision of the ECPA."195
As noted above, NSLB Deputy General Counsel Thomas told us in
August 2008 that she believed at the time she signed after-the-fact NSLs in
2005 that the CAU's requests to the providers were likely emergency
requests that fell within 18 U.S.C. § 2702. However, she qualified her
statement, noting that in light of the many interviews and conversations she
had had on the subject she could not separate what she knew at the time of
her interview from what she knew in 2005. In light of the Assistant General
Counsel's and Caproni's recollections to the contrary and the
contemporaneous documentary evidence corroborating their statements, we
concluded that that the NSLB did not rely on 18 U.S.C. § 2702's emergency
voluntary disclosure provision during the period the CAU issued exigent
letters.
In Chapter Five of this report, we describe further the management
failures that led to the continued use of exigent letters until mid-November
2006, including the FBI OGC's failure to instruct CAU personnel, in
coordination with CTD management, to use the ECPA emergency voluntary
disclosure statute rather than exigent letters in qualifying emergencies.
H.

The September 26, 2005, Meeting

Although the number of exigent letters issued by the CAU declined
after April 2005, the backlog of old requests requiring legal process
persisted. We found that NSLB attorneys did not recognize or focus on the
existence of the backlog of requests requiring legal process. Rather, the
NSLB continued to focus on the umbrella file proposal in order to ensure
that future emergency requests for records were quickly followed by NSLs.
In late September 2005, the Assistant General Counsel suggested a
meeting with Youssef and personnel from CTD operational units to discuss
her umbrella file proposal. She said her purpose for proposing the meeting
was to have the operational units agree to open the umbrella files, which in

195 Caproni also told us that although she was not aware of the CAU's use of
exigent letters, she believed that if they were used in true emergencies they were defensible
under 18 U.S.C. § 2702(c)(4).

157

her view could serve as the open national security investigations for
emergency requests from which after-the-fact NSLs could be issued. 196
The meeting took place on September 26, 2005. The Assistant
General Counsel, her immediate supervisor, Youssef, and personnel from
CTO operational units attended. The Assistant General Counsel told us,
and her contemporaneous e-mails reflect, that although the purpose of the
meeting was to discuss the umbrella file proposal. Youssef told her at the
meeting that umbrella files were not needed because the CAU did not have
many emergency situations in which requests were made without open
national security investigations. 197 The Assistant General Counsel told us
that Youssef came to the meeting with a "different agenda." which was to
discuss that the CAU needed the operational units to respond to the CAU's
requests for NSLs. She said that Youssef stated at the meeting that the
CAU needed the CTO operational units "to understand that they need to
issue these NSLs promptly when they are asked."
Youssef acknowledged to us that he had told the Assistant General
Counsel at the meeting that emergencies were "few and far between" and
that umbrella files were not needed. Youssef told us, however, that in this
comment to the Assistant General Counsel he was addressing only
instances in which there was "absolutely no predication, no case open,
nothing." He estimated that CAU personnel requested records for such
emergencies only 10 or 12 times over a period of "several months." but said
he could not tell us for sure how often such emergencies occurred.
Youssef told us that at the meeting he emphasized that the CAU was
attempting to address the "significant backlog" of legal process owed to the
on-site providers. He said he explained that the CAU was not obtaining the
legal process from the operational units and that "this is going to kill us."
Youssef told us that he did not mention at the meeting how many requests
for legal process were outstanding. 198 He also said that at the time of the

196 Youssef told us that several months earlier he had discussed with the Assistant
General Counsel that he would like to have NSLB attend a meeting with him and the CTD
operational units'leadership.
197 In an e-mail to Youssef dated October 21, 2005, the Assistant General Counsel
wrote that Youssef had stated at the meeting that emergency requests were "few and far
between" and that umbrella files were no longer needed..
198 None of the other attendees from Headquarters' operational units recalled that
backlogs were discussed at the meeting. Additionally, the Assistant General Counsel's
contemporaneous e-mail summarizing the meeting made no reference to any discussion of
the backlog problem.

158

meeting he was aware only that Company B had outstanding record
requests that were not covered by legal process.
Youssef said that at the meeting the operational units agreed to issue
NSLs prior to future requests for telephone records, except for "extreme
cases where it is an emergency." He also said that an agreement was
reached that the CTD operational units would provide the NSLs upon
request from CAU personnel. In fact, beginning in November 2005, the
number of exigent letters issued by the CAU to the on-site providers
decreased significantly.
The Assistant General Counsel e-mailed Youssef on October 21,2005,
to confirm Youssers statement in the meeting that "there no longer seemed
to be a need to create umbrella files, as we had previously discussed." We
found that the umbrella file proposal was not pursued after this.

I.

The CAU Efforts to Reduce the Backlog

Beginning shortly before and continuing after the September 26,
2005, meeting, Youssef and CAU personnel made various additional efforts
to obtain after-the-fact legal process for the backlogged record requests. On
October 5, 2005, Youssef convened an "all-hands" CAU meeting in which he
encouraged CAU personnel to ensure that all outstanding requests for
records from the three on-site communications service providers were
covered by legal process. Contemporaneous e-mails also show that on
September 6, 2005, and October 26, 2005, Company B and Company C
sent to CAU personnel spreadsheets listing the record requests that still
required legal process.
In subsequent e-mails to CAU personnel, Youssef assigned these
telephone numbers to the pertinent CAU teams and instructed the team
leaders to contact the relevant FBI field divisions and the CTD operational
units to address the backlog of after-the-fact NSLs. He referred to this task
as "a priority matter."
The Assistant General Counsel told us that after the September 2005
meeting she followed up with Youssef in e-mails and telephone
conversations to see what the NSLB could do to assist Youssef and the CAU
in ensuring that the operational units provided the necessary NSLs. She
also asked what instructions he would like the FBI OGC to give the CTD
operational units and the field on that subject. She said that Youssef did
not respond in writing to her e-mail message, but later spoke with her and

159

said that there were "no problems" and that he would let the NSLB know if
they needed help.'••
On January 5, 2006, the Company B on-site employee again sent an
e-mail to Youssef and CAU team leaders with a spreadsheet of telephone
numbers for which Company B still had not received legal process. The
Company B employee stated in the e-mail that since he had sent the
previous spreadsheet in September 2005, he had only received "one to two
NSLs" and that the spreadsheet contained "a few additional cases."
On February 7, 2006, the Assistant General Counsel sent an e-mail to
Youssef, with the subject line "Issuance of NSLs - Follow up," in which she
inquired about the status of the CAU's issuance of NSLs. She wrote:
The last we talked, in November, 2005, we understood that
there was going to be an effort by [CTD operational units] to get
these NSLs out and that you would be requesting these NSLs in
advance of getting the information when you were not given
enough information to go on .... We haven't heard from you in
awhile and I wanted to make sure that there was nothing that
needed to be done on our part to assure that these NSLs were
being issued in a timely manner and they were being issued
based on enough information to assure relevance to an
authorized investigation.
On February 10, 2006, Youssef responded bye-mail:
We are actually making some reasonable headway in getting the
NSLs. Our telecom reps are very happy with the results. If we
run into any resistance, 111 definitely reach out to you for
assistance and backing.
Youssef told us that when he informed the Assistant General COllilsel
that NSLs were being issued in a timely fashion, he was referring not to
after-the-fact NSLs covering the backlogged record requests, but rather to
after-tbe-fact NSLs issued to cover new exigent letters being used by CAU
personnel.

199 The Assistant General Counsel also sent an e-mail message to Youssef on
November 18, 2005, in which she wrote, "/w]e haven't seemed to be able to get in touch"
and asked whether the CAD was obtaining the information it needed from requesters of
"emergency telephone information" to ensure predication for the issuance of NSLs.

160

Youssef also told us that he did not then inform the Assistant General
Counsel of the problems the CAU was facing regarding the backlogged
record requests because he knew the process of obtaining after-the-fact
NSLs for backlogged numbers would "take some time," and he wanted to
"give it another two or three months."
However, CAU personnel told us that the CAU had little success in
obtaining after-the-fact legal process for the backlogged items. Youssef also
told us that the CAU's work to address the backlog from September 2005 to
May 2006 ultimately was "an exercise in futility." CAU SSAs told us that
the original requesters were not motivated to provide after-the-fact legal
process after they had received the records from the CAU. In addition, one
SSA noted that occasionally cases were closed between the time the exigent
letter was served and the requesting unit was contacted for an after-the-fact
NSL.
To determine how successful the CAU was in obtaining legal process,
we reviewed spreadsheets that Company B and Company C gave to CAU
personnel at various times during this period. In January 2005, September
2005, January 2006, and May 2006, the on-site Company B employee
provided information and spreadsheets to CAU personnel regarding
telephone records requests for which Company B still had not received legal
process. 200 Based on our review of that material, we determined that the
CAU obtained after-the-fact legal process for only approximately 25 percent
of the requests that were pending from January 2005 to September 2005,
and for approximately 30 percent of the requests for process that were
pending from September 2005 through April 2006. The Company B
employee's spreadsheets also showed that the number of telephone
numbers that had been _
and that required after-the-fact legal
process declined considerably between September 2005 and April
2006.
'
The spreadsheets prepared by the on-site Company C employee also
showed that the CAU had similar rates of obtaining after-the-fact legal
process for requests previously made to Company C, and also illustrated a
decrease over time in the number of telephone record requests requiring
after-the-fact legal process.

200 Company A did not provide similar information to the CAU, and we were
therefore unable to determine how many telephone numbers Company A had _
without legal process or how often CAU personnel were able to obtain after-the-fact legal
process for its previous record requests to Company A from 2003 to mid-2006.

161

We also determined that ITOS-I management learned sometime in
2006 that the CAU needed NSLs to cover the information previously given to
the FBI by the on-site providers. Michael Heimbach, an Assistant Section
Chief for ITOS-I from February 2003 to March 2004 and a Section Chief for
ITOS-I from March 2005 to January 2007, told us that he first became
aware of a backlog of NSLs in the latter part of 2006. He said he learned at
that time that the CAU needed ITOS to issue NSLs for over 100 telephone
numbers. Heimbach told us that he assigned personnel in ITOS "to figure
this out ... we got to get it right. We have to fix whatever is wrong."
We found that between February and May 2006, a CAU SSA informed
an ITOS-I Assistant Section Chief that there was a backlog of NSLs which
ITOS-I "owed" for records acquired in exigent circumstances. When the
Assistant Section Chief briefed Heimbach, Heimbach assigned her to
oversee the response of ITOS-I to the issue of the CAU's backlog. She told
us that she convened two meetings with her Unit Chiefs and a CAU SSA
who had the list of telephone numbers that required NSLs, and she
instructed the Unit Chiefs to work with the pertinent field divisions to
ensure that NSLs were issued. However, as described below, the backlog
was addressed in another manner beginning in May 2006 when the CAU
SSA drafted and CTD Deputy Assistant Director (DAD) Billy signed a
blanket NSL to cover the outstanding Company B record requests.
J.

OIG Analysis of FBI Attempts at Corrective Actions From
2003 through October 2006

In sum, as described above and further discussed in Chapter Five of
this report, we found that the FBI repeatedly failed to take steps to ensure
that the CAU complied with the ECPA when obtaining subscriber and toll
billing records information from the on-site communications service
providers.
When Glenn Rogers became CAU Unit Chief in 2003, he learned
about and used an exigent letter provided by the Company A analyst. He
said he relied on the Company A analyst's representation that the letter had
been approved by FBI and Company A attorneys. However, Rogers did not
seek any guidance about the use of these letters or confirm with FBI OGC
attorneys that they were appropriate. Also, we believe Rogers failed to take
appropriate steps to ensure that timely legal process was obtained as
promised after exigent letter requests were made. This failure resulted in
the development of a significant backlog of records requests for which there
was no legal process. From the beginning of his tenure as CAU Unit Chief
in 2003 until just prior to his promotion to CTD Assistant Section Chief in
November 2004, Rogers also failed to develop or implement any system for
tracking FBI requests for records or other information from the on-site
providers.

162

We concluded that after Bassem Youssef became the CAU Unit Chief
in November 2004, he took some steps to address the backlog of requests
for legal process from the on-site providers relating to exigent letters.
However, Youssef terminated the CAU's Tracker Database in February 2005
after complaints from CAU staff that the system was "cumbersome."
Youssef said that at the time he terminated use of the database, he did not
know that the CAU was obtaining records prior to service of legal process.
However, even after the time he acknowledged learning about the Company
B backlog he did not implement a process to maintain an accurate record at·
the time they were made of the nature, number, and origin of the requests
to the on-site providers whether communicated by exigent letter, by
telephone, bye-mail, on pieces of paper, or through sneak peeks. The
failure to maintain such records was an internal control problem that
greatly complicated the FBI's later efforts to determine whether it had a
basis to retain the records.
In addition, contrary to his suggestion, Youssef was not the first FBI
official to raise the issue of exigent letters to NSLB attorneys. We found that
NSLB attorneys, including Thomas, learned about the exigent letters
practice in December 2004. Further, we found that when Youssef first
spoke with the Assistant General Counsel on March 11,2005, about
streamlining the NSL process, the Assistant General Counsel already was
aware that the CAU was obtaining records pursuant to exigent letters prior
to service of legal process. In fact, Youssef told us that he did not learn that
exigent letters were used by the CAU to obtain records from the on-site
providers, or that there was a significant backlog of promised legal process,
until some time after this meeting. 201
We concluded that several factors contributed to the FBI's failure to
timely and effectively address the use of exigent letters. First, CAU Unit
Chief Rogers and his CTD supervisors approved the use of exigent letters
without first consulting FBI attorneys.

201 Mter reviewing a draft of this report, Youssefs attorney stated that at the
March 11,2005, meeting, Youssef was the fIrst to tell the Assistant General Counsel that
the CAU's receipt of records without legal process was wrong but that the Assistant General
Counsel did not provide him with any guidance or instruction to address the problem. As
we describe in this chapter, however, the Assistant General Counsel was already aware of
and concerned about the exigent letter problem before she met with Youssef, had already
made suggestions to her supervisors about the need for opening preliminary investigations
to support issuance of NSLs, and after the March 11 meeting provided guidance and
instruction to Youssef as she learned more about the exigent letter practice and attempted
to address it.

163

Second, the CAU failed to maintain an accurate record at the time
they were made of the nature, number, and origin of the requests to the
on-site providers whether communicated by exigent letter, by telephone, by
e-mail, on pieces of paper, or through sneak peeks.
Third, the CAU received a steady stream of requests, often in major
threat situations, from senior headquarters officials and field personnel,
who expected - and came to rely upon - prompt responses. As a result,
using exigent letters and other informal requests, the CAU quickly
developed a backlog of record requests for which it had obtained records but
not provided the promised legal process.
Fourth, all three on-site providers accepted exigent letters and other
informal requests as a basis for providing subscriber and toll billing records
information, and other calling activity information covered by the ECPA.
Fifth, we found that senior CTD managers assumed that its
operational units were acquiring information from the on-site
communications service providers through the CAU by lawful means. It was
not until early 2006 that a CTD ITOS Assistant Section Chief learned about
the backlog of promised legal process from the CAU and directed her Unit
Chiefs to address the problem by obtaining the approval ECs and
after-the-fact NSLs from the pertinent field divisions.
Sixth, we determined that when NSLB attorneys learned about the
CAU's acquisition of records without legal process, induding the use of
exigent letters, they did not stop the practice or at a minimum ensure that
CAU personnel were trained on the methods by which the FBI is authorized
to obtain telephone toll billing records and subscriber information in various
types of investigations. Instead, the attorneys themselves became involved
in issuing after-the-fact NSLs to cover records previously obtained through
the use of exigent letters. Further, while the NSLB made resources available
to the CAU regarding the use of NSLs, NSLB attorneys did not believe that
they could assist the CAD until umbrella files (preliminary investigations
from which the NSLs could be issued) were implemented. However, the
initiative to create umbrella files languished for nearly 9 months and
ultimately was rejected, and the designated NSLB attorneys did not receive
requests for assistance from the CAD.
Although NSLB attorneys were aware that the CAU was still obtaining
records without legal process, they failed to terminate the exigent letters
practice. Rather, the NSLB allowed the CAU's use of exigent letters in what
they believed were emergency situations, and focused on the umbrella file
proposal as a way to link telephone numbers listed in exigent letters and
after-the-fact legal processes to open national security investigations.

164

Seventh, the NSLB provided advice to the CAU about the use of the
exigent letters that was inconsistent with the ECPA NSL statute. In April
2005, the Assistant General Counsel sent an e-mail to Youssef in which she
advised that exigent letters should be used by the CAU "only if it is clear ...
that the requester cannot await an NSL." This advice was inaccurate
because the ECPA does not authorize the FBI to obtain toll billing records
from communications service providers unless it first serves compulsory
legal process such as an NSL or the provider makes a voluntary production
pursuant to Section 2702's emergency disclosure provision. Even if the
letter were interpreted as seeking voluntary production, the advice that the
letter could be used "when there really are exigent circumstances ... only if
it is clear... that the requester cannot await an NSL" would allow use in
circumstances that did not meet Section 2702's standard. The NSLB's
erroneous advice was forwarded by Youssef to all CAU personnel. Neither
the Assistant General Counsel's immediate supervisor nor NSLB Deputy
General Counsel Thomas - who were both informed that Youssef was
circulating the e-mail containing her advice to the entire unit - corrected
this inaccurate advice.

K.

FBI Issues 11 Improper Blanket NSLs in May to October
2006

This section of our report describes the FBI's ineffective attempts at
corrective action from May through October 2006. regarding the exigent
letter practice and the backlog of record requests for which the FBI had not
yet served legal process. During this period, the NSLB reaffirmed its flawed
approval of the use exigent letters with the promise of future legal process.
In addition, the FBI issued 11 improper blanket NSLs prepared by CAU
personnel and signed by senior CTD officials to "cover" the records it had
previously received through exigent letters and other informal requests.
1.

Youssef Proposes Policy and Procedures for Service of
NSLs

On May 10, 2006, Youssef e-mailed the CAU's draft of a guidance EC
containing proposed procedures for the CAU's use in obtaining records from
the on-site communications service providers to an FBI OGC attorney for
review. The draft guidance stated that in exigent circumstances the CAU
could obtain records from the on-site providers using exigent letters and
then issue after-the-fact NSLs. The draft stated specifically that the CAU
would issue exigent letters "in crisis situations where there is a specific

165

threat to the United States or its allies, both domestically or overseas, and
loss of life and property are imminent. "202
On May 18, 2006, Youssef forwarded the draft EC to NSLB Deputy
General Counsel Thomas. On May 19, 2006, the Assistant General Counsel
reviewed the draft EC and recommended minor changes. These changes
were incorporated into a draft EC dated May 19,2006, but this draft was
never finalized or distributed. However, in May 2006 this OIG review
became known within the FBI, and the number of exigent letters issued
dropped significantly thereafter.

2.

NSLB Revises Model for Exigent Letters but Approves
Their Continued Use

On May 19, 2006, in connection with her review of the draft EC, the
Assistant General Counsel asked a CAU SSA to send her copies of the
exigent letters that were being issued by the CAU. The SSA sent copies of
exigent letters, one for each provider, to the Assistant General Counsel that
day by e-mail. 203 This was the first time she or any attorneys in the FBI
OGC had reviewed the text of an exigent letter.
On May 26, 2006, the Assistant General Counsel responded to the
CAU SSA by sending him revised model exigent letters, stating the new
letters should be used "[p]ronto." She revised the exigent letters to state
that NSLs, rather than grand jury subpoenas, would be forthcoming. The
SSA e-mailed the revised exigent letters to all CAU personnel. The Assistant

202 Mter reviewing a draft of this report, Youssefs attorney stated that this draft
guidance set forth the "proper definition of 'exigent circumstances m and, if adopted, would
have brought the exigent letter practice into compliance with the law. We found that the
draft guidance's reference to imminent loss of life was much closer to the standard set forth
in Section 2702(c)(4)'s emergency voluntary disclosure provision than the Assistant General
Counsel's earlier guidance and we believe it likely would have resulted in a further decrease
in the use of exigent letters if adopted. However, the draft also described procedures that
would have continued the flawed practice of promising compulsory legal process to obtain
the records through exigent letters.
203 In the May 19,2006, e-mail from the Assistant General Counsel to the SSA,
which copied Youssef, the Assistant General Counsel stated that she was not sure that she
had ever seen an exigent letter and asked to see one. Later that day the SSA forwarded to
her copies of exigent letters, one for each of the three on-site providers, again copying
Youssef. The SSA who sent the letters to the Assistant General Counsel told us that he
could not recall whether he e-mailed the letters in response to her request or at Youssefs
direction. Youssef asserted to us that he had asked a CAU SSA to send an exigent letter to
the Assistant General Counsel for review in April or May 2006. The e-mail from the CAU
SSA to the Assistant General Counsel did not indicate that Youssef or anyone else in the
CAU was concerned about its contents.

166

General Counsel told us that her intent was to make sure that if the CAU
was "going to use exigent letters at all, this [the revised letter] is the
document [they] need to use."204
On June 15,2006, the Assistant General Counsel forwarded a copy of
the revised exigent letter to Thomas, her immediate supervisor and other
FBI OGC attorneys, and she informed them that she had drafted similar
exigent letters for each of the on-site providers. The e-mail stated that she
had changed the letter that the CAU had been using, which referred to a
grand jury subpoena and not an NSL.
Thomas did not object to the revised exigent letter. She told us that
she did not recall receiving the e-mail and that she had no recollection of
the e-mail.

3.

Three Blanket NSLs
(May, July, and September 2006)

On May 17, 2006, the OIG interviewed the Assistant General Counsel
in connection with our first NSL review. During the interview, she told us
about the CAU's use of exigent letters. This was the first time we
questioned her, or anyone else in the FBI, about exigent letters.
Following the interview that same day, the Assistant General Counsel
sent an e-mail to Youssef with copies to other CTD and NSLB personnel.
The e-mail stated that the Assistant General Counsel had discussed with
the OIG the difficulty that the CAU had experienced in obtaining prompt
issuance of NSLs to the on-site communications service providers after
receipt of records. She wrote that she had represented to the OIG, "as you
have represented to me, that the problem appears to be resolved" and that
the operational units were issuing the NSLs.
Youssef acknowledged receipt of the e-mail the following day, May 18,
writing, "thank you for volunteering our names." He added in the e-mail
that he was only kidding and that "an [OIG] interview would be welcome at
any time."

204 Like the original exigent letter, the revised model exigent letter promised future
legal process, which we concluded circumvented the ECPA's requirements that either (1)
the FBI issue legal process in advance of obtaining records, or (2) the provider produce
records voluntarily in circumstances satisfying Section 2702's emergency voluntary
disclosure provision.

167

On May 18, shortly after Youssef sent his response to the Assistant
General Counsel's e-mail regarding her interview with the DIG, a CAU SSA
asked the on-site Company B and Company C employees to send him lists
of records requests for which legal process had not been provided. Both
providers responded that day with lists of records requests for which they
had not received legal process. Youssef told us that because the Assistant
General Counsel had informed him about the DIG investigation, he may
have asked about the efforts to address the backlog and that may have
prompted the May 18, 2006, e-mails from the Company B and Company C
on-site employees attaching the lists of telephone numbers.
As described below, the telephone numbers the providers identified
were subsequently incorporated into blanket NSLs the FBI issued to
Company B and Company C to "cover" or "validate" _
or records
provided to the CAU for which the providers had not received NSLs or other
legal process. Additionally, in July and September 2006, Company A
provided to the CAU lists of record requests that still required legal process,
and in September 2006 the FBI issued another blanket NSL to Company A
to cover its outstanding requests for legal process.
However, as summarized in Table 4.1 and detailed more fully in the
following sections, these three blanket NSLs issued to the on-site
communications service providers were deficient. The ECPA does not
authorize the FBI to issue retroactive legal process for ECPA-protected
records. Moreover, using blanket NSLs to "cover" the previously obtained
records would not cure any prior violations of the ECPA that occurred when
the FBI sought and received records without prior legal process and in the
absence of a qualifying emergency. In addition, all three of these blanket
NSLs were used to cover many telephone numbers not relevant to national
security investigations (which include counterterrorism and espionage
investigations), did not contain the required certifications regarding
non-disclosure, and did not state that they related to records that had
already been provided to the FBI.

168

TABLE 4.1
Three Blanket NSLs Issued by the CTD in 2006

U

ril

I
g-

o

1

NSL Date
05/12/06

Recipient
Company B

Signer
DAD Billy

192

48

2

07/05/06

Company C

A/DAD Heimbach

35

7

3

09/21/06

Company A

A/DAD Love

700

120 (approx.)

a.

Z

Company B May 12 NSL

The first blanket NSL that addressed the backlog of records requests,
dated May 12, 2006, was issued to Company B around May 23,2006. 205 It
was signed by Joseph Billy, Jr., then a CTD Deputy Assistant Director
(DAD).206 The blanket NSL contained as an attachment the list supplied by
the on-site Company B employee on May 18, 2006, of 192 telephone
numbers. The on-site Company B employee told us that those were all the
telephone numbers for which Company B needed legal process at that time.
The list included numbers that CAU personnel had asked Company B to
during the period September 2004 to April ~suant to exigent
_
letters (some of which had been provided after t h e _ .
The CAU SSA who drafted the Company B May 12 NSL said that it
was his idea to create the blanket NSL. He said the on-site communications
service providers' employees were complaining to him and others on his
team that they were owed NSLs for a lot of numbers they had previously
_
at the FBI's request. The SSA told us that his idea was to draft

205 We refer to this NSL as the Company B May 12 NSL which was the date on the
NSL, even though it was not signed until after May 23,2006.
206 Billy became the Assistant Director of the CTD on October 15,2006, and
remained in that position unW his retirement from the FBI in March 2008.

169

one NSL for then-DAD Billy's signature. The SSA told us that he discussed
his idea with Youssef and that Youssef agreed with the proposal. The SSA
also stated that when Youssef agreed with the concept, he appeared "quite
giddy about getting the books cleared up.'
Youssef also said to us that this SSA proposed to him the idea of the
Company B May 12 NSL. Youssef stated that the SSA told him he had
discussed the issue of obtaining individual after-the-fact NSLs with the CTD
operational unit and had been told that it would "take forever" to get the
NSLs. Youssef added that the SSA told him that if all the telephone
numbers were put in one NSL. Billy would sign it. Youssef said to us that at
first he resisted the idea because he did not want to create a precedent of
having the CAU draft NSLs, since that was the operational unit's job.
However, he said that the SSA suggested that they draft the NSL "to be
cooperative," and therefore Youssef agreed. Youssef also stated that within
a few weeks or maybe a month or two from that conversation the SSA
informed Youssef that the NSL had been signed.

The SSA told us that he used as a model for the blanket NSL, a copy
of an NSL provided by a CAU Intelligence Analyst on his team. He said the
process of drafting the NSL and getting it signed took about 2 weeks. The
SSA later learned that the NSL that he used as a model was outdated and
did not contain the certification required by the USA PATRIOT Improvement
and Reauthorization Act of 2005 (Patriot Reauthorization Act) concerning
imposition of non-disclosure and confidentiality requirements on NSL
recipients. 207
The Company 8 May 12 NSL also was not accompanied by any
approval EC. An approval EC is the document routinely generated by FBI
agents seeking approval to issue NSLs. FBI policy requires approval ECs to
describe the underlying national security investigation to which the NSL
relates and, in the case of NSLs seeking telephone records, the relevance of
the telephone number to that investigation. The SSA told us that he did not
prepare or ask others to prepare an approval EC for the Company B May 12
NSL because he did not think it was necessary. Youssef also told us that

207 Section 116 of the USA PATRIOT Improvement and Reauthorization Act of2005,
Pub. L. No. 109-177, 120 Stat. 192 (2006) states that if the FBI seeks to impose
non-disclosure and confidentiality obligations on NSL recipients, the FBI Director or his
designee must certify that disclosure of the FBI's demand for information might result in
danger to the national security of the United States; interference with criminal,
counterterrorism, or counterintelligence investigations; interference with diplomatic
relations; or danger to the life or physical safety of any person.

170

when the NSL was drafted he was unaware that an approval EC was
necessary.
The CAU SSA who drafted the Company B May 12 NSL told us he did
not discuss it with any FBI aGC attorney. He said he also did not know
there was an NSLB attorney who would draft an NSL for him. Neither
Youssef, who was aware of the NSLB's outstanding offer of assistance, nor
anyone else in the CAU or CTD notified the FBI aGC about the blanket
NSL.
Billy acknowledged to us that his signature appeared on the Company
B May 12 NSL. However, he said he did not recall signing the NSL, did not
know the SSA who prepared the document, and did not recall ever meeting
him. Billy stated that over the course of his FBI career he had signed
hundreds of NSLs. He also said that his normal practice was to rely on an
approval EC to adequately describe the predication for the requested
records. In response to our questioning, Billy said he did not rule out the
possibility that over the course of his FBI career he had signed an NSL
without an approval EC, but he stated that such a case would be an
exception and that he believed he would have received sufficient facts to
ensure that the NSL was properly predicated. Billy also said that he knew
that NSLs were authorized only in instances in which there was an open
preliminary or full national security investigation and that the requested
records had to relate to that open investigation.
We found several defects with this NSL. First, this NSL was served
after-the-fact. As noted previously, there is no provision in the ECPA
authorizing the issuance of retroactive legal process.
Second, this NSL was defective under the ECPA because 39 of the 192
telephone numbers included in the Company B May 12 NSL were relevant to
FBI domestic terrorism investigations, and 5 related to FBI criminal
investigations. However, the ECPA and the Attorney General's NSI
Guidelines authorize the use of NSLs only in international terrorism or
espionage investigations. Therefore, the use of this NSL to cover previously
obtained records for telephone numbers relevant to domestic terrorism and
criminal investigations violated the ECPA NSL statute, the Attorney
General's NSI Guidelines, and FBI policy.
Third, the NSL did not contain the certification required by the Patriot
Reauthorization Act and the ECPA for NSLs imposing non-disclosure and
confidentiality obligations on the recipient.
Fourth, this NSL also failed to comply with FBI policy requiring that it
be accompanied by an approval EC establishing the predication for the
request and the relevance of the telephone records sought to an authorized

171

national security investigation. The FBI also relies on approval ECs to
generate required reports to Congress on NSL usage.
Finally, the NSL did not disclose that the FBI had previously asked
Company B to _
these records or that Company B had done so and
had provided responsive records.
b.

Company C July 5 NSL

A second blanket NSL, dated July 5, 2006, was issued by the CTD to
Company C.20' This NSL was prepared by the same CAU SSA who prepared
the Company B May 12 NSL.

As described above, on May 18, 2006, the Company C employee sent
to a CAU SSA a list of telephone numbers for which Company Chad
previously delivered records to the FBI without legal process. This list
contained 70 unique telephone numbers. The SSA who drafted the
Company C July 5 NSL requested that the Company C employee omit from
this list telephone numbers related to any criminal investigations. In
response, the Company C employee gave the SSA an amended list on July 5,
2006. that excluded telephone numbers associated with criminal and
counterintelligence investigations. The amended list consisted of 35
telephone numbers for which CAU personnel had asked Company C to
provide records from September 2004 to April 2006. The SSA attached the
amended list to the Company C July 5 NSL.
Michael Heimbach, then a Section Chief for the ITOS-I of the CTD,
signed the July 5 blanket NSL. At the time he was temporarily assigned as
an Acting Deputy Assistant Director (Acting DAD) of the CTD.209 Heimbach
signed the NSL as Acting DAD. At the time Heimbach signed this NSL, the
FBI had not issued guidance on whether FBI personnel selVing as Acting
DADs were authorized to sign NSLs. The FBI aGC later issued guidance on
June 1, 2007. stating that Acting Deputy Assistant Directors are not
authorized to sign NSLs.210 However. on January 16. 2009, the
Department's Office of Legal Counsel (OLC), in response to a request for a
legal opinion by the FBI General Counsel Caproni, opined that Acting DADs

208

We refer to this as the Company C July 5 NSL.

209 In January 2007, Heimbach became a SAC in the FBI's Washington Field Office.
Since April 2008 Heimbach has been the CTD Assistant Director.
210 Because the FBI did not formalize this guidance until June 2007, the FBI Office
of Professional Responsibility (FBI OPR) decided to take no disciplinary action against any
Acting Deputy Assistant Director who signed NSLs without authorization.

172

(and certain other acting officials) are authorized to sign NSLs under three
of the NSL statutes, including the ECPA NSL statute, 18 U.S.C. § 2709.
Caproni notified the OIG in March 2009 that the FBI is revising its June I,
2007, guidance in light of the Ole opinion.

On July 5, 2006, the SSA who prepared the NSL sent an e-mail to the
Company C employee stating, "I have the signed NSL cleaning up all the
past #'s requested for Company C." Youssef, who was copied on the e-mail,
responded to the SSA, "this is good." On July 7, 2006, the Company C
employee acknowledged receiving the NSL in an e-mail that he sent to the
SSA and Youssef.
Youssef told us that he did not recall knowing at the time that the
SSA drafted the July 5 Company C NSL, but that it did not surprise him.
Youssef said he had discussed other blanket NSLs with the SSA for two
major operations. He also stated that he could not recall what was in his
mind when he wrote in his July 5, 2006, e-mail to the SSA, "[t]his is good,"
in response to being informed that the Company C July 5 NSL had been
signed.
Heimbach told us that he signed the NSL but could not recall how the
NSL came to him, who brought it to him, and to whom he returned it.
Heimbach said that an NSLB attorney, whose name he could not recall, had
assured him that he was authorized to sign the NSL as an Acting DAD.
However, he stated that he did recall contacting any NSLB attorney prior to
signing the NSL to ensure that he was authorized to sign as an Acting CTD
DAD.211 Heimbach told us that he learned sometime after he signed the
Company C July 5 NSL that he was not authorized to sign NSLs as an
Acting DAD.2l2 The SSA also told us that sometime after Heimbach signed
the NSL, Heimbach mentioned at a section meeting that he had learned that
he was not authorized to sign NSLs and advised CXS personnel that NSLs
should not be brought to him for signature.
The Company C July 5 NSL was not accompanied by an approval EC.
Heimbach told us his practice was that he would not sign an NSL without
an accompanying EC establishing and documenting the predication for the

211 The SSA who prepared the NSL told us that he asked Heimbach to sign the NSL
and that Heimbach immediately signed it with no discussion.
212 An NSLB attorney told us that she believes that in early August 2006 Heimbach
asked her whether another CTD Acting DAD, Arthur Cummings, II, was authorized to sign
NSLs. This attorney said she told Heimbach that Acting DADs were not authorized to sign
NSLs.

173

NSL and the relevance of the telephone numbers to an open national
security investigation. Heimbach said that he assumed he was told when
he signed this NSL that the approval EC was being prepared or had already
been prepared.
As was the case with the Company B May 12 NSL, no CAU or CTD
personnel sought legal guidance from any FBI aGC attorney regarding the
content of the Company C July 5 NSL.

We found several defects with this NSL. First, as was the case with
the Company B May 12 NSL, the NSL was served after-the-fact, which is not
authorized by the ECPA. Second, the NSL included seven telephone
numbers relevant to domestic terrorism investigations for which NSLs are
not an authorized technique under the ECPA NSL statute or the Attorney
General's NSI Guidelines. Third, although the NSL imposed a
non-disclosure and confidentiality obligation on Company C. the NSL did
not contain the certification required by the Patriot Reauthorization Act and
the ECPA for such NSLs. Fourth, the NSL was not accompanied by the
required approval EC establishing the predication for the request and the
relevance of the records sought to an authorized national security
investigation.
Finally, the NSL did not disclose that the FBI had previously asked
Company C to _
these records or that Company C had already done so
and had provided responsive records.

c.

Company A September 21 NSL

The third blanket NSL, dated September 21, 2006, was issued to
Company A.213 It was prepared by the CAU's Primary Relief Supervisor. 214
The NSL listed 700 telephone numbers that CAU personnel had asked
Company A to _
between May 2003 and January 2006. Some of these
numbers were provided in response to e~ters. and some of the
exigent letters had been issued after the _ . 2 1 5

213

We refer to this as the Company A September 21 NSL.

214 We call this SSA the Primary Relief Supervisor because Youssef referred. to him
in this capacity in his annual perfonnance evaluations.
215 The telephone numbers listed on this NSL were relevant to various FBI
investigations, including international terrorism investigations. However, others related to
domestic terrorism investigations and criminal investigations such as fugitive cases, alien
smuggling, securities fraud, arson, illegal narcotics, and bank robbery.

174

The Primary Relief Supervisor stated that Youssef had assigned him
to work with Company A on the outstanding telephone numbers. He said
that he worked directly with the Company A analysts to obtain a
spreadsheet of numbers for which legal process was outstanding, and he
also sought guidance from the SSA who had drafted the Company B May 12
NSL.
On July 28, 2006, a Company A analyst sent a preliminary list of 213
telephone numbers to the Primary Relief Supervisor. The Company A
analyst took approximately 3 months to compile the final comprehensive
list, which identified 700 telephone numbers. The Primary Relief Supervisor
then drafted the Company A September 21 NSL and attached the list of
700 numbers. He said that in drafting the NSL he likely used a "pony" (or
model NSL) given to him by the SSA who had drafted the Company B
May 12 NSL.
Youssef told us that he was not aware at the time that the Company A
September 21 NSL had been issued, and that he learned about it later in
connection with the DIG investigation.
This NSL was not accompanied by an approval EC, which is required
by FBI policy to document that the requested records are relevant to an
authorized national security investigation. The Primary Relief Supervisor
told us that he did not know that an approval EC was required for an
NSL.
The NSL was signed by Jennifer Smith Love, who was then a CXS
Section Chief, temporarily assigned to serve as an Acting CTD DAD.216 Love
told us that she recognized her signature on the Company A September 21
NSL but could not recall any details surrounding this NSL, including who
gave it to her. Love told us that at the time she signed the NSL she was
unaware that an approval EC was required.
Like the Company B May 12 and Company C July 5 NSLs, the
Company A September 21 NSL was defective in several respects. First, the
Company A September 21 NSL was served after-the-fact. Second, the NSL
included 134 telephone numbers that were relevant to criminal and
domestic terrorism investigations for which NSLs are not an authorized
technique under the ECPA NSL statute or the Attorney General's NSI

216 In December 2006, Love was promoted to be a Special Agent in Charge in the
FBI's Washington Field Office. In June 2008 Love became the SAC of the FBI's Richmond
Field Division.

175

Guidelines. Third, although the NSL imposed a non-disclosure and
confidentiality obligation on Company A, the NSL did not contain the
certification required by the Patriot Reauthorization Act and the ECPA for
such NSLs. Fourth, the NSL was not accompanied by the required approval
EC establishing the predication for the request and the relevance of the
records sought to an authorized national security investigation.
Finally, the NSL did not disclose that the FBI had previously asked
Company A to _
these records or that Company A had already done so
and in many instances had provided responsive records.

d.

Timellne Regarding Three Improper Blanket
NSLs

Diagram 4.1 (next page) illustrates the timeline of the three blanket
NSLs just described, including the time period in which records were
without legal process pursuant to exigent letters or other
initially _
infonnal requests, the dates of the blanket NSLs issued to cover these
requests, and the date of three correcting NSLs (described later in this
chapter) issued by the FBI to address the records identified in the three
improper blanket NSLs.

176

DIAGRAM 4.1

Timeline of Requests Made and
by the
Three On-Site Communications Service Providers
Addressed by Three Blanket NSLs, and Subsequent Corrective Actions
2008
JFMAMJJA

Company
(700)

,

Blanket NSL
May-Oa

Revised NSL

l

Jan-06

Sep-06

Aug-OB

,

Blanket NSL
Company B (192)

l

8ep-04

Apr-06

May-06

Blanket NSL
Company C (35)

Apr-06

Sep-04
Total=927

•
,

Date range for
Blanket NSLs Issued
Revised NSL Issued

Revised NSL

ithout legal process (SIINF)

177

l

JuI-06

Jun-OB

,

Revised NSL

Mar-OB

4.

Eight Additional Blanket NSLs in 2006

We determined that CAU personnel drafted and CTD senior officials
signed eight additional improper blanket NSLs between August and October
2006 related to major FBI operations. Together, these eight blanket NSLs
were issued to cover the FBI's previous requests to the communications
service providers without accompanying NSLs for
on calling
records and other information on over 1,500 telephone numbers.
All of these eight NSLs were served after-the-fact, although the ECPA
does not authorize retroactive legal process. Five of the NSLs also failed to
comply with the ECPA certification requirement for NSLs imposing
non-disclosure and confidentiality obligations on the recipients. The eight
NSLs also were issued without approval ECs in violation of FBI policy and
failed to disclose that the FBI had already acquired the records. The
additional deficiencies in these eight blanket NSLs are summarized in Table
4.2 and described in more detail in this section.
TABLE 4.2
Eight Blanket NSLs Issued by the CTD
in Connection with FBI Operations Y and Z

.
o

~

......
i~
o I:l e el:
.. 0
u.a u c:a.
c:a."
CIlI.
'S ';-'S ~lIo1I
U

Date

Recipient
Company B

1

08/24/06

2

08/24/06 Company C

3

08/25/06 Company A

4

09/19/06 Company A

5

09/19/06

Company C

Signer
A/DAD
Cummings*
A/DAD
Cummings*
A/DAD
Cummings*
A/DAD
Cummings*
A/DAD
Cummings*

i~i

. .a
Ii>\'s

U

'l:lI

0

.!!

"'l:lIl!
uClll,a

u

oS
., ..::s
CIlI •

.

..=~i
~ e

_U 0u
c::-

'to!
u'l:ll

.!l'l:ll

u ..

.. 0

U

a

:i g

'l:lI

u

l:•

&
....0
's..:I
.!~

-to=
.u,

oral

~i
o 0

u ..

"c:a.

.!=-

72

...J

...J

...J

5/04/07

5/04/07

610

...J

...J

...J

3/07/08

3/07/08

735

..J

...J

...J

3/07/08

3/07/08

107

...J

...;

...J

5/04/07

5/04/07

73

...J

...;

...J

5/04/07

5/04/07

178

.

0
0
.... U

o

s:I
.. 0
41

6

10/20/06

Recipient
Company A

Signer
Assistant
Director
Billy

7

10/20/06 Company B

8

10/20/06 Company C

Date

~

e
41

41

o ~.sas

fIl

.... '1:1

i2~t

u u

o.U

a~a ase;

i::i

'1:1

0."

U

as ....

'8

~:I

.!'1:1
U ..
.. 0

~J ~ ~

445

..J

..J

Assistant
Director
Billy

445

..J

..J

Assistant
Director
Billy

445

..J

..J

..U
,gs:I ..U
.... ::s
as IIll

5~

t.!l

u'1:I
U I
s:I

~ ~

41

.t....

'1:1
41

U

to
Ofll

-S
....&
0

~i
o 0
41 ..

.5~

.... 0.

~~
None
required
per FBI
OGC
None
required
per FBI
OGC
None
required
per FBI
OGC

~~
4/13/07

4/13/07

4/13/07

*Cummmgs signed the NSLs as SAC.
Yellow = Operation "Y" blanket NSLs Turquoise = Operation "Z" blanket NSLs

a.

Five Blanket NSLs in Connection with
Operation "Y"

The CAU SSA who drafted the Company B May 12 and Company C
July 5 blanket NSLs also drafted five other blanket NSLs in August and
September 2006. All five of these additional blanket NSLs listed telephone
numbers r e ~ o rFBI counterterrorism operation that was
initiated in _
which we refer to as Operation Y.217
We were told that CAU employees told the three on-site
communications service providers when Operation Y first began that the FBI
was undertaking a significant operation that would generate many requests
for _
of telephone records, and that after-the-fact NSLs listing
multiple telephone numbers would be prepared to cover the requests for
these records. Youssef told us that he could not recall whether he or
someone else from the CAU informed the providers about the anticipated
requests for Operation Y. He told us that the plan was for the Headquarters
operational unit to prepare after-the-fact NSLs. We determined that, with
few exceptions, records requests relating to this operation were

217

The name of this operation is classified.

179

communicated to the on-site communications service providers by informal
means other than exigent letters, such as bye-mail.

CAU personnel made requests for
telephone records related to this investigation for a 6-week period. The
Company B on-site employee told us that he was informed by CAU
personnel that Operation Y involved "something big going on ... and it
could be another 9/ 11."
One Company A analyst told us that he received no briefmg from the
C A U ~ o nY, and a second Company A analyst told us he
had _
for the FBI for this case for several weeks without
even being aware that the _
he was conducting were associated to
Operation Y.
Arthur A. Cummings III, then a SAC in the FBI's Washington Field
Office but temporarily assigned as an Acting Deputy Assistant Director
(DAD) in the CTD, signed the following five blanket NSLs relating to
Operation Y, none of which had approval ECs:
•

August 24,2006, NSL to Company B listing 72 telephone
numbers (Company B August 24 NSL);

•

August 24,2006, NSL to Company C listing 610 telephone
numbers (Company C August 24 NSL);

•

August 25, 2006, NSL to Company A listing 735 telephone
numbers (Company A August 25 NSL);

•

September 19, 2006, NSL to Company A listing 107 telephone
numbers (Company A September 19 NSL); and

•

September 19,2006, NSL to Company C listing 73 telephone
numbers (Company C September 19 NSL).

As a SAC in the Washington Field Office, Cummings was authorized
to sign NSLs.218 Cummings acknowledged that the NSLs contained his
signature and said that he specifically recalled signing the Company C
August 24 and Company A August 25 NSLs because they included many
telephone numbers. He said that he had no specific recollection of signing

218 In November 2006, Cummings became a DAD in the CTD, and in January 2008
became the Executive Assistant Director for the FBI's National Security Branch.

180

any of the other three blanket NSLs. Cummings said that he believed that
each of the NSLs had approval ECs because it was his practice to ensure
that NSLs always had approval ECs.
Cummings told us that prior to signing any NSLs while assigned as an
Acting DAD he asked an NSLB attorney whether he was authorized to sign
NSLs in that capacity. He stated that the NSLB attorney told him that
although he was not authorized to sign NSLs as an Acting DAD, since he
was "formally" a SAC at the time he was authorized to sign NSLs in his
capacity as a SAC. 219 Cummings stated that other than signing NSLs, he
perfonned no other duties as a SAC while temporarily assigned as an Acting
DAD for the CTD.
The NSLB attorney with whom Cummings consulted confirmed that
based on direction from her NSLB Unit Chief, she had advised Cummings
that he was authorized to sign NSLs as a SAC. 220
We determined that all five Operation Y NSLs were defective. First,
the NSLs were served after-the-fact. Second, although the NSLs imposed
non-disclosure and confidentiality obligations on Company A, the NSLs did
not contain the certifications required by the Patriot Reauthorization Act
and the ECPA for such NSLs. Third, the NSLs were not accompanied by
approval ECs establishing the predication for the requests and the relevance
of the records sought to authorized national security investigations.
Finally, the NSLs also did not disclose that the FBI had previously
asked the providers to _
these records or that the providers had
already done so and in many instances had provided responsive records.

219 As noted above, at the time the FBI had no written guidance on the authority of
acting FBI officials to sign NSLs.

220 NSLB Deputy General Counsel Thomas told us she was not sure whether this
advice was correct. She stated, "the issue would be if you are an Acting DAD, then you
have left the current (SACl position." She added that her advice would have been to have
the NSLs sent to her instead of having Cummings sign them because, "we do not need to go
down that legal road." As noted previously, the FBI OGC issued guidance on June 1,2007,
stating that Acting Deputy Assistant Directors are not authorized to sign NSLs. However,
on January 16, 2009, the Department's Office of Legal Counsel opined that Acting DADs
are authorized to sign NSLs under three of the NSL statutes, including the ECPA NSL
statute.

181

b.

Three Blanket NSLs in Connection With
Operation "Z"

The FBI issued three more blanket NSLs in October 2006, one to each
of the three on-site communications service providers, in connection with a
different major FBI counterterrorism investigation, which we refer to as
Operation Z.221
In connection with 0 eration Z, the CAU was rovided tele hone
numbers recovered
. Youssef advised CAU
personnel of the investigation bye-mail on
stating that "[w]e
anticipate numerous requests for telephone exploitation and I want us to be
ready." He also asked for a CAU "volunteer to head this project." Four days
later, on
the CAU began asking the on-site providers to
provide records for groups of telephone numbers related to this operation.
The CAU Primary Relief Supervisor told us that at Youssefs direction
he issued three exigent letters dated
one to each of the three
on-site providers. These exigent letters listed telephone numbers relating to
Operation Z. The exigent letters, which were sent to the three on-site
providers bye-mail, each contained an attachment listing the same 48
telephone numbers. From
through October 20,2006, the CAU
asked for, and in many instances received, toll billing and other records on
397 additional telephone numbers relating to this operation. Almost all of
these _
were requested without exigent letters.
Youssef stated that he did not recall directing the Primary Relief
Supervisor to issue exigent letters at the start of Operation Z, but that he
would not be surprised if exigent letters had been issued because that was
how the CAU regularly operated. Youssef said that he was not aware that
only one exigent letter was issued to each provider, with _
on
additional telephone numbers later requested without even exigent letters.
A CAU Intelligence Analyst who worked on Operation Z told us that
she volunteered to be the coordinator of telephone analysis requests that
the CAU would receive in connection with this operation. She maintained a
contemporaneous log of the telephone numbers that the CAU gave to the

221

The name of this operation is classified.

182

three on-site providers to _
in connection with this operation. She said
that in late October 2006, the Primary Relief Supervisor directed her to
Using her
compile a list of all telephone numbers that had been _
log, the Intelligence Analyst prepared a list of 445 telephone numbers and
gave it to the Primary Relief Supervisor.

The Primary Relief Supervisor then prepared a blanket NSL for each of
the three on-site providers, attaching the list of 445 telephone numbers to
each NSL. He said that he gave the NSLs to Youssef or Youssers immediate
supervisor for Billy to sign, and that the NSLs were signed on or around
October 20, 2006.
Billy confirmed his signature was on all three NSLs, although he said
he could not recall signing them. He said he recalled the case and that
NSLs were issued. He also told us that signing NSLs without approval ECs
was "completely outside" his practice.
Youssef told us that he was not involved with the Operation Z NSLs.
He said that the Primary Relief Supervisor was the CAU point of contact
with the CTD operational unit for Operation Z. Youssef also said that he did
not recall that the Primary Relief Supervisor had drafted the three blanket
NSLs for Operation Z and said he also did not recall whether he had
provided the NSLs to Billy for signature. Youssef told us that he recalled
one instance in which he had provided NSLs to Billy for signature but did
not think it related to Operation Z. Youssef said that Billy asked him what
case the NSLs were associated with but did not ask for any approval ECs.

The Primary Relief Supervisor stated that he did not draft approval
ECs to accompany the NSLs because he believed they were being prepared
by the CTD operational unit involved with Operation Z. He also told us that
when he drafted the Company A September 21 NSL, he did not know that
approval ECs were required, but he knew that a CTD operational unit was
responsible for preparing ECs for the Operation Z NSLs.
We determined that all three Operation Z NSLs were defective. First,
the NSLs were served after-the-fact. Second, the NSLs were not
accompanied by approval ECs establishing the predication for the requests
and the relevance of the records sought to authorized national security
investigations. Finally, the NSLs did not disclose that the FBI had
previously asked the providers to _
these records or that the providers

183

had already done so and in many instances had provided responsive
records. 222

As described in the next section, the FBI later drafted an approval EC
dated April 13, 2007, documenting the predication for these three blanket
NSLs. We found a draft version of this EC stating that the records were
obtained in exigent circumstances. However, the final signed EC did not
contain that statement. In an e-mail dated April 30, 2007, from the
Assistant General Counsel to NSLB Deputy General Counsel Thomas
relating to the issuance of the EC, she told Thomas that the Unit Chief of
the operational unit responsible for Operation Z "was not willing to put in
[the approval Eel that it was an exigency, and he was not even willing to say
that CAU thought it was an exigent circumstance because he didn't think
CAU could believe that." The Unit Chief and an SSA of the operational unit
responsible for Operation Z told us that they believed the telephone records
requested by the CAU for this operation were not _
under exigent
circumstances. In addition, Youssef said that the telephone records that
the CAU obtained from the on-site providers in Operation Z were of "very
high intelligence value as opposed to a known threat."
5.

OIG Analysis of 11 Improper Blanket l'ISLs

In sum, we concluded that the FBI's attempt to address the backlog of
records requests awaiting legal process by issuing blanket NSLs was
ill-conceived, legally deficient, contrary to FBI policy, and poorly executed,
and these blanket NSLs created more problems than they solved.
First, as described at the beginning of this Chapter, the ECPA does
not authorize the FBI to issue retroactive legal process to cover previously
acquired records or information. Moreover, issuance of retroactive legal
process did not cure any prior violations of the ECPA that occurred when
the FBI sought and received records without prior legal process and in the
absence of a qualifying emergency.

222 In addition to the Operation Y and Z blanket NSLs discussed in this section, the
CAU used the same practices in support of other counterterrorism investigations. For
exam~er-the-fact NSLs and 3 after-the-fact grand jury subpoenas were used to
cover _ _ and the acquisition of records for more than 950 telephone numbers that
were relevant to 2 other counterterrorism operations in 2005 and 2006. The FBI served
legal process between 2 weeks and 6 months after receipt of the records. In many
instances, records were provided in response to requests communicated bye-mail and
other informal means. We found only a few exigent letters associated with these requests.

184

Beyond this threshold legal problem, we found that the three blanket
NSLs to the three on-site communications service providers in 2006 to cover
the backlog of records requests listed telephone numbers that were relevant
to many different FBI investigations, including criminal and domestic
terrorism investigations for which NSLs are not an authorized technique
under the ECPA and the Attorney General's NSI Guidelines. Accordingly,
the signers of the NSLs could not certifY, as required by the ECPA, that the
records sought were relevant to "an authorized investigation to protect
against international terrorism or clandestine intelligence activities" and
that any investigation of a U.S. person was "not conducted solely on the
basis of activities protected by the first amendment to the Constitution of
the United States."223 Also, these NSLs were issued without the required
approval ECs, in violation of FBI policy. Without approval ECs to capture
the records identified in these NSLs, the FBI did not collect data necessary
to include in required periodic reports to Congress on NSL usage.
The eight blanket NSLs issued in connection with Operations Y and Z
also failed to comply with FBI internal policy because they were issued
without accompanying approval ECs. Additionally, the three blanket NSLs
to Company A, Company B, and Company C to cover the backlog of records
requests and the five Operation Y NSLs did not contain the required ECPA
certification for NSLs imposing confidentiality and non-disclosure
obligations on the recipients.
Finally, none of the 11 blanket NSLs stated that the FBI had already
acquired the records, in some instances more than 3 years earlier. While we
developed no evidence suggesting that the communications service
providers who received these NSLs were misled, we nonetheless believe that
the NSLs should have stated that the FBI had already acquired the records.
The FBI later made this disclaimer in various corrective NSLs issued in
2008 and 2009. We believe it should have done so in these 11 blanket NSLs
as well so that the NSLs would be fully accurate and would not mislead
anyone who subsequently reviewed these NSLs.
II.

The FBI's Corrective Action Since November 2006

We describe in this section the FBI's attempts at corrective action
beginning in November 2006, after the FBI aGC learned that the CTD had

223 See 18 U.S.C. § 2709(b). As discussed below, the FBI did not complete until
March 2009 its review of all the telephone numbers listed in these three NSLs and issue
revised NSLs for the telephone numbers that were relevant to national security
investigations.

185

issued blanket NSLs without approval ECs. These efforts included the
CTD's preparation of draft memoranda reporting possible intelligence
violations to the FBI OGC; the FBI OGC's notification to the President's
Intelligence Oversight Board (lOB) of an intelligence violation; the issuance
of new guidance in March 2007 clarifying the FBI's authority to request
telephone subscriber and toll billing records information; mandatory NSL
training for FBI employees; relocation of the communications service
providers' employees; and the FBI's analysis of whether it will retain records
acquired in response to exigent letters and the blanket NSLs.
A.

FBI OGC Learns of Blanket NSLs

As described above in connection with the Company B May 12 NSL,
the Assistant General Counsel sent an e-mail to Youssef and other CTD and
NSLB personnel regarding what she had told the OIG during her May 17,
2006, interview concerning problems the CAU had experienced in issuing
NSLs. The Assistant General Counsel sent Youssef a follow-up e-mail on
August 2, 2006, in which she asked Youssef whether there was any backlog
of requests for which the FBI had received information but not yet issued an
NSL. In his e-mail response dated August 3, 2006, Youssef stated that Billy
had signed a "blanket NSL" for the "backlogged requests. "224

On August 3 and on August 8, 2006, the Assistant General Counsel
sent e-mails to Youssef requesting a copy of the NSL and approval EC that
Youssef said Billy had signed in his August 3 e-mail but she received no
reply from Youssef. NSLB attorneys took no further action regarding the
Company B May 12 NSL until November 2006. On November 7,2006, in
connection with a meeting FBI General Counsel Caproni had scheduled that
day with the OIG concerning a draft of our first NSL report, the Assistant
General Counsel forwarded Youssefs August 3, 2006, e-mail about the
Company B May 12 NSL to Caproni. The Assistant General Counsel wrote
to Caproni. "I presume that Bassem [Youssef] told OIG about it so I thought
you ought to know about it."
Caproni forwarded the e-mail to Billy and asked him whether he
recalled signing a blanket NSL. Billy responded that he did not recall
"signing anything blanket.' On November 8, 2006, Caproni forwarded
Billy's response to the Assistant General Counsel and asked her whether
she could "unravel this." Also on November 8, the Assistant General

224 Although Youssefs e-mail did not further describe this NSL. Youssef told us that
he was referring to the Company B May 12 NSL.

186