Office of the Inspector General
United States Department of Justice

Statement of Glenn A. Fine
Inspector General, U.S. Department of Justice
before the
Senate Committee on the Judiciary
concerning
The FBI’s Use of National Security Letters and
Section 215 Requests for Business Records

March 21, 2007

Statement of Glenn A. Fine
Inspector General, U.S. Department of Justice,
before the
Senate Committee on the Judiciary
concerning
The FBI’s Use of National Security Letters and
Section 215 Requests for Business Records
Mr. Chairman, Senator Specter, and members of the Committee on the
Judiciary:
Thank you for inviting me to testify about two recent reports issued by
the Department of Justice Office of the Inspector General (OIG) regarding the
Federal Bureau of Investigation’s (FBI) use of national security letters and the
FBI’s use of Section 215 orders to obtain business records. In the Patriot
Reauthorization Act, enacted in 2006, Congress directed the OIG to examine
the FBI’s use of these two important authorities. The reviews were directed to
examine, among other things, the number of times these authorities were used,
the importance of the information obtained, how the information was utilized,
any improper or illegal uses of these authorities, and other noteworthy facts or
circumstances related to their use.
On March 9, 2007, we issued separate reports on the FBI’s use of
national security letters and Section 215 orders. We publicly released two
unclassified reports, with only limited information redacted (blacked out) which
the Department or the FBI considered to be classified. We also provided to
Congress, including this Committee, copies of the full classified reports that
contain some additional classified information on the FBI’s use of the two
authorities. However, the OIG’s main findings and conclusions are included in
the unclassified versions that were publicly released.
In this written statement, I will summarize the key findings from our
reports, focusing most of my comments on the national security letters report.
I will first provide brief background on national security letters and how we
conducted our review. I will then provide a few observations to put our
findings in context. Next, I will highlight the main findings of our national
security letter report. After that, I will briefly summarize our report on the
FBI’s use of Section 215 orders to obtain business records.

Office of the Inspector General, U.S. Department of Justice

1

I. THE OIG’S NATIONAL SECURITY LETTER REPORT
A. Background on National Security Letters
Under five statutory provisions, the FBI can use national security letters
(NSLs) to obtain – without a court order or any review by a court – records such
as customer information from telephone companies, Internet service providers,
financial institutions, and consumer credit companies. Most of these statutory
provisions regarding NSLs existed prior to enactment of the USA PATRIOT Act
(Patriot Act) in October 2001. Prior to the Patriot Act, the FBI could obtain
information using a national security letter only if it had “specific and
articulable facts giving reason to believe that the customer or entity whose
records are sought [was] a foreign power or agent of a foreign power.” In
addition, NSLs could only be issued by a limited number of senior FBI
Headquarters officials.
The Patriot Act significantly broadened the FBI’s authority to use NSLs
by both lowering the threshold standard for issuing them and by expanding the
number of FBI officials who could sign the letters. First, the Patriot Act
eliminated the requirement that the information sought must pertain to a
foreign power or an agent of a foreign power. Instead, it substituted the lower
threshold standard that the information requested must be relevant to or
sought for an investigation to protect against international terrorism or
espionage. Consequently, the Patriot Act authorized the FBI to issue national
security letters to request information about persons other than the subjects of
FBI national security investigations, so long as the requested information is
relevant to an authorized national security investigation.
In addition, the Patriot Act permitted Special Agents in Charge of the
FBI’s 56 field offices to sign national security letters, which significantly
expanded approval authority beyond a limited number of FBI Headquarters
officials. Finally, the Patriot Act added a new authority allowing NSLs to be
used to obtain consumer full credit reports in international terrorism
investigations.
B. The OIG Review
As directed by the Patriot Reauthorization Act, the OIG’s report examined
the FBI’s use of national security letters during the time period from 2003
through 2005. As required by the Reauthorization Act, the OIG will conduct
another review examining the use of NSLs in 2006, which we are required to
issue by the end of this year.

Office of the Inspector General, U.S. Department of Justice

2

During our review, a team of OIG staff conducted interviews of over 100
FBI and Department of Justice employees, including personnel at FBI
Headquarters, the FBI Office of the General Counsel (OGC), FBI
Counterterrorism and Counterintelligence Divisions, FBI personnel in four field
divisions, and officials in the Department’s Criminal Division.
In addition, the OIG reviewed a sample of FBI case files that contained
national security letters at four FBI field divisions: Chicago, New York,
Philadelphia, and San Francisco. These field divisions were selected from
among the eight FBI field divisions that issued the most NSL requests during
the review period. During our field work at the four field divisions, we
examined a sample of 77 investigative case files that contained 293 national
security letters. An investigative case file can contain a large number of
documents, and some of the case files we reviewed consisted of the equivalent
of 20 or 30 boxes of documents. We used a judgmental sample in selecting
which files to review and included in our sample both counterterrorism and
counterintelligence cases, cases in which the NSLs were issued during
preliminary investigations and full investigations, and opened and closed FBI
cases.
The OIG also analyzed the FBI OGC’s national security letter tracking
database, which the FBI uses for collecting information to compile the
Department’s required reports to Congress on NSL usage. Finally, we
distributed an e-mail questionnaire to the counterintelligence and
counterterrorism squads in the FBI’s 56 field divisions in an effort to determine
the types of analytical products the FBI developed based on NSLs, the manner
in which NSL-derived information was disseminated, and the occasions when
such information was provided to law enforcement authorities for use in
criminal proceedings.
C. Findings of the OIG Review
Our review found widespread and serious misuse of the FBI’s national
security letter authorities. In many instances, the FBI’s misuse of national
security letters violated NSL statutes, Attorney General Guidelines, or the FBI’s
own internal policies. We also found that the FBI did not provide adequate
guidance, adequate controls, or adequate training on the use of these sensitive
authorities. In many respects, the FBI’s oversight of the use of NSL authorities
expanded by the Patriot Act was inconsistent and insufficient.

Office of the Inspector General, U.S. Department of Justice

3

1. Background to OIG Findings
However, before detailing the main findings of our report, I believe it is
important to provide context for these findings and also to note what our review
did not find.
First, in evaluating the FBI’s misuse of national security letters, it is
important to recognize the significant challenges the FBI was facing during the
period covered by our review. After the September 11 terrorist attacks, the FBI
implemented major organizational changes to prevent additional terrorist
attacks in the United States. These changes included overhauling and
expanding its counterterrorism operations, expanding its intelligence
capabilities, attempting to upgrade its information technology systems, and
seeking to improve coordination with state and local law enforcement agencies.
These changes occurred while the FBI and its Counterterrorism Division had to
respond to continuing terrorist threats and conduct many counterterrorism
investigations, both internationally and domestically.
Second, it is important to recognize that in most – but not all – of the
cases we examined in this review, the FBI was seeking information that it could
have obtained properly through national security letters if it had followed
applicable statutes, guidelines, and internal policies.
Third, national security letters are important tools that can provide
critical evidence in counterterrorism and counterintelligence investigations.
Many Headquarters and field personnel – from agents to senior officials –
believe these tools are indispensable to the FBI’s mission to detect and deter
terrorism and espionage.
Fourth, we did not find that that FBI agents sought to intentionally
misuse the national security letters or sought information that they knew they
were not entitled to obtain through the letters. Instead, we believe the misuses
and the problems we found were the product of mistakes, carelessness,
confusion, sloppiness, lack of training, lack of adequate guidance, and lack of
adequate oversight.
Yet, I do not believe that any of these observations excuse the FBI’s
widespread and serious misuse of its national security letter authorities. When
the Patriot Act enabled the FBI to obtain sensitive information through NSLs on
a much larger scale, the FBI should have established sufficient controls and
oversight to ensure the proper use of these authorities. The FBI did not do so.
The FBI’s failures, in my view, were serious and unacceptable.
Office of the Inspector General, U.S. Department of Justice

4

I would now like to highlight our review’s main findings, which are
detailed in the OIG’s 126-page report.
2. OIG Findings
Our review found that, after enactment of the Patriot Act, the FBI’s use of
national security letters increased dramatically. In 2000, the last full year
prior to passage of the Patriot Act, the FBI issued approximately 8,500 NSL
requests. It is important to note that one national security letter may request
information about multiple telephone numbers or e-mail addresses. Because
the FBI’s semiannual classified reports to Congress provide the number of
requests rather than the number of letters, we also focused on the total
number of requests.
After the Patriot Act, the number of NSL requests issued by the FBI
increased to approximately 39,000 in 2003, approximately 56,000 in 2004, and
approximately 47,000 in 2005. In total, during the 3-year period covered by
our review, the FBI issued more than 143,000 NSL requests.
However, we believe that these numbers, which are based on information
from the FBI’s database, understate the total number of NSL requests issued
by the FBI. During our review, we found that the FBI database used to track
these requests is inaccurate and does not include all NSL requests.
First, when we compared information from the database to the
documents contained in investigative case files in the 4 FBI field offices that we
visited, we found approximately 17 percent more NSL letters and 22 percent
more NSL requests in the case files than we could find in the FBI database. In
addition, we determined that many NSL requests were not included in the
Department’s reports to Congress because of the FBI’s delays in entering NSL
information into its database. We also found problems and incorrect data
entries in the database that caused NSLs to be excluded from the Department’s
reports to Congress.
Therefore, based on shortcomings in the FBI’s NSL database and its
reporting processes, we concluded that the Department’s semiannual classified
reports to Congress on NSL usage were inaccurate and significantly
understated the total number of NSL requests during the review period.
Our report also provides breakdowns on the types of NSLs used by the
FBI. We determined that, overall, approximately 73 percent of the total
number of NSL requests were used in counterterrorism investigations and
26 percent in counterintelligence cases.
Office of the Inspector General, U.S. Department of Justice

5

In addition, our review found that the percentage of NSL requests that
related to investigations of U.S. persons increased from about 39 percent of all
NSL requests in 2003 to about 53 percent in 2005.
As directed by the Patriot Reauthorization Act, our review attempted to
assess the effectiveness of national security letters. NSLs have various uses,
including to develop evidence to support applications for orders issued under
the Foreign Intelligence Surveillance Act (FISA), develop links between subjects
of FBI investigations and other individuals, provide leads and evidence to allow
FBI agents to initiate or close investigations, and corroborate information
obtained by other investigative methods. FBI personnel told the OIG that NSLs
are indispensable investigative tools in many counterterrorism and
counterintelligence investigations, and they provided us with examples and
evidence of their importance to these investigations.
We determined that information obtained from NSLs is also used in FBI
analytical intelligence products that are shared within the FBI and with DOJ
components, Joint Terrorism Task Forces, other federal agencies, and other
members of the intelligence community.
In addition, information obtained from NSLs is stored in FBI databases
such as its Automated Case Support system and its Investigative Data
Warehouse. However, because information is not tagged or identified in FBI
files or databases as derived from NSLs, we could not determine the number of
times that NSLs were used in such analytical products, shared with other
agencies, or used in criminal cases.
As also directed by the Patriot Reauthorization Act, the OIG review
examined whether there were any “improper or illegal uses” of NSL authorities.
We found that from 2003 through 2005, the FBI identified 26 possible
intelligence violations involving its use of NSLs, 19 of which the FBI reported to
the President’s Intelligence Oversight Board (IOB). Of the 26 possible
violations, 22 were the result of FBI errors, while 4 were caused by mistakes
made by recipients of the NSLs.
These possible violations included the issuance of NSLs without proper
authorization, improper requests under the statutes cited in the NSLs, and
unauthorized collection of telephone or Internet e-mail transactional records.
For example, in three of these matters the FBI obtained the information
without issuing national security letters. One of these three matters involved
receipt of information when there was no open national security investigation.
In another matter, the FBI issued national security letters seeking consumer
full credit reports in a counterintelligence investigation, which the NSL statutes
do not permit. In other matters, the NSL recipient provided more information
Office of the Inspector General, U.S. Department of Justice

6

than was requested in the NSL, or provided information on the wrong person,
either due to FBI typographical errors or errors by the recipients of NSLs.
In addition to the possible violations reported by the FBI, we reviewed
FBI case files in four field offices to determine if there were unreported
violations of NSL authorities, Attorney General Guidelines, or internal FBI
policies governing the approval and use of NSLs. Our review of 293 national
security letters in 77 files found 22 possible violations that had not been
identified or reported by the FBI.
The violations we found fell into three categories: improper authorization
for the NSL, improper requests under the pertinent national security letter
statutes, and unauthorized collections. Examples of the violations we
identified include issuing NSLs for consumer full credit reports in a
counterintelligence case, which is not statutorily permitted; issuing an NSL for
a consumer full credit report when the FBI Special Agent in Charge had
approved an NSL for more limited credit information under a different NSL
authority; issuing an NSL when the investigation had lapsed; and obtaining
telephone toll billing records for periods in excess of the time period requested
in the NSL due to third-party errors.
Thus, it is significant that in the limited file review we conducted of
77 investigative files in 4 FBI field offices, we identified nearly as many NSLrelated violations (22) as the total number of possible violations that the FBI
had identified (26) in reports from all FBI Headquarters and field divisions over
the entire 3-year period. Moreover, 17 of the 77 files we reviewed, or
22 percent, had 1 or more violations.
We have no reason to believe that the number of violations we identified
in the four field offices we visited was skewed or disproportionate to the
number of possible violations in other files. This suggests that a large number
of NSL-related violations throughout the FBI have not been identified or
reported by FBI personnel.
Our examination of the violations we identified did not reveal deliberate
or intentional violations of the NSL statutes, the Attorney General Guidelines,
or FBI policy. We believe that some of these violations demonstrated FBI
agents’ confusion and unfamiliarity with the constraints on national security
letter authorities. We also believe that many of the violations occurred because
FBI personnel do not consistently cross check the NSL approval documentation
with the proposed NSLs, or verify upon receipt that the information supplied by
the recipient matches the request. Other violations demonstrated inadequate
supervision over use of these authorities.
Office of the Inspector General, U.S. Department of Justice

7

We examined the FBI investigative files in the four field offices to
determine whether FBI case agents and supervisors had adhered to FBI
policies designed to ensure appropriate supervisory review of the use of NSL
authorities. We found that 60 percent of the investigative files we examined
contained one or more violations of FBI internal policies relating to national
security letters. These included failures to document supervisory review of NSL
approval memoranda and failures to include in NSL approval memoranda
required information, such as the authorizing statute, the status of the
investigative subject, or the number or types of records requested.
In another finding, our review determined that the FBI Headquarters
Counterterrorism Division generated over 300 NSLs exclusively from “control
files” rather than from “investigative files,” in violation of FBI policy. When
NSLs are issued from control files, the NSL documentation does not indicate
whether the NSLs are issued in authorized investigations or whether the
information sought in the NSLs is relevant to those investigations. This
documentation is necessary to establish compliance with NSL statutes,
Attorney General Guidelines, and FBI policies.
In addition, we found that the FBI had no policy requiring the retention
of signed copies of national security letters. As a result, we were unable to
conduct a comprehensive audit of the FBI’s compliance with its internal control
policies and the statutory certifications required for NSLs.
In one of the most troubling findings, we determined that from 2003
through 2005 the FBI improperly obtained telephone toll billing records and
subscriber information from 3 telephone companies pursuant to over 700 socalled “exigent letters.” These letters generally were signed by personnel in the
Communications Analysis Unit (CAU), a unit of the Counterterrorism Division
in FBI Headquarters, and were based on a form letter used by the FBI’s New
York Field Division in the criminal investigations related to the September 11
attacks. The exigent letters signed by the CAU typically stated:
Due to exigent circumstances, it is requested that records for
the attached list of telephone numbers be provided. Subpoenas
requesting this information have been submitted to the U.S.
Attorney’s Office who will process and serve them formally to
[information redacted] as expeditiously as possible.
These letters were signed by CAU Unit Chiefs, CAU special agents, and
subordinate personnel, none of whom were delegated authority to sign NSLs.
Our review found that that the FBI sometimes used these exigent letters
in non-emergency circumstances. In addition, the FBI failed to ensure that
Office of the Inspector General, U.S. Department of Justice

8

there were duly authorized investigations to which the requests could be tied.
The exigent letters also inaccurately represented that the FBI had already
requested subpoenas for the information when, in fact, it had not. The FBI
also failed to ensure that NSLs were issued promptly to the telephone
companies after the exigent letters were sent. Rather, in many instances, after
obtaining records from the telephone companies the FBI issued national
security letters many months after the fact to “cover” the information obtained.
As our report describes, we were not convinced by the legal justifications
offered by the FBI during our review for the FBI’s acquisition of telephone toll
billing records and subscriber information in response to the exigent letters
without first issuing NSLs. The first justification offered was the need to
reconcile the strict requirements of the NSL statute with the FBI’s mission to
prevent terrorist attacks. While the FBI’s counterterrorism mission may
require streamlined procedures to ensure the timely receipt of information in
genuine emergencies, the FBI needs to address the problem by expediting the
issuance of national security letters or by seeking legislative modification to the
voluntary emergency disclosure provision in the Electronic Communications
Privacy Act (ECPA), not through these exigent letters. Moreover, the FBI’s
justification for the exigent letters was undercut because they were used in
non-emergency circumstances, not followed in many instances within a
reasonable time by the issuance of NSLs, and not catalogued in a fashion that
would enable FBI managers or anyone else to review the practice or the
predication required by the NSL statute.
In sum, we concluded that the FBI’s use of these letters inappropriately
circumvented the requirements of the NSL statute, and violated Attorney
General Guidelines and FBI policies.
As directed by the Patriot Reauthorization Act, our report also describes
several other “noteworthy facts or circumstances” we identified in the review.
For example, we found that the FBI did not provide clear guidance describing
how FBI case agents and supervisors should apply the Attorney General
Guidelines’ requirement to use the “least intrusive collection techniques
feasible” during national security investigations to the use and sequencing of
national security letters. In addition, we saw indications that some FBI lawyers
in field offices were reluctant to provide an independent review of NSL requests
because these lawyers report to senior field office managers who already had
approved the underlying investigations.
D. Recommendations
To help the FBI address these significant findings, the OIG made a series
of recommendations, including that the FBI improve its database to ensure
Office of the Inspector General, U.S. Department of Justice

9

that it captures timely, complete, and accurate data on NSLs; that the FBI take
steps to ensure that it uses NSLs in full accord with the requirements of
national security letter authorities; and that the FBI issue additional guidance
to field offices that will assist in identifying possible violations arising from use
of NSLs. The FBI concurred with all of the recommendations and agreed to
implement corrective action.
We believe that the Department and the FBI are taking the findings of
the report seriously. In addition to concurring with all our recommendations,
the FBI and the Department have informed us that they are taking additional
steps to address the problems detailed in the report. For example, the FBI’s
Inspection Division has initiated audits of a sample of NSLs issued by each of
its 56 field offices. It is also conducting a special inspection of the exigent
letters sent by the Counterterrorism Division to three telephone companies to
determine how and why that occurred.
The FBI’s Office of the General Counsel is also consolidating its guidance
on NSLs, providing additional guidance and training to its field-based Chief
Division Counsel on their role in approving NSLs, and working to develop a new
web-based NSL tracking database.
In addition to the FBI’s efforts, we have been told that the Department’s
National Security Division will be actively engaged in oversight of the FBI’s use
of NSL authorities.
As required by the Patriot Reauthorization Act, the OIG will continue to
review the FBI’s use of national security letters. We are required by the Act to
issue another report by the end of this year on the FBI’s use of NSLs in 2006.
In addition, we intend to monitor the actions that the FBI and the Department
have taken and are taking to address the problems we found in our first review.
II. THE OIG’S SECTION 215 REPORT
In the last section of my statement, I want to summarize briefly the OIG’s
second report, which examined the FBI’s use of Section 215 orders to obtain
business records. Section 215 of the Patriot Act allows the FBI to seek an
order from the FISA Court to obtain “any tangible thing,” including books,
records, and other items, from any business, organization, or entity provided
the item or items are for an authorized investigation to protect against
international terrorism or clandestine intelligence activities.
Section 215 of the Patriot Act did not create new investigative authority,
but instead significantly expanded existing authority found in FISA by
broadening the types of records that could be obtained and by lowering the
Office of the Inspector General, U.S. Department of Justice

10

evidentiary threshold to obtain a Section 215 order for business records.
Public concerns about the scope of this expanded Section 215 authority
centered on the ability of the FBI to obtain library records, and many public
commentators began to refer to Section 215 as the “library provision.”
Our review found that the FBI and the Department’s Office of Intelligence
Policy and Review (OIPR) submitted to the FISA Court two different kinds of
applications for Section 215 orders: “pure” Section 215 applications and
“combination” Section 215 applications. A “pure” Section 215 application is a
term used to refer to a Section 215 application for any tangible item which is
not associated with an application for any other FISA authority. A
“combination” Section 215 application is a term used to refer to a Section 215
request that was added to a FISA application for pen register/trap and trace
orders, which identify incoming and outgoing telephone numbers called on a
particular line. In a combination order, the Section 215 request was added to
the pen register/trap and trace application in order to obtain subscriber
information related to the telephone numbers.
We found that from 2002 through 2005 the Department, on behalf of the
FBI, submitted to the FISA Court a total of 21 pure Section 215 applications
and 141 combination Section 215 applications.
We found that the first pure Section 215 order was approved by the FISA
Court in spring 2004, more than 2 years after enactment of the Patriot Act.
The FISA Court approved six more pure Section 215 applications that year, for
a total of seven in 2004. The FISA Court approved 14 pure Section 215
applications in 2005.
Examples of the types of business records that were obtained through
pure Section 215 orders include driver’s license records, public
accommodations records, apartment records, and credit card records.
We also determined that the FBI did not obtain Section 215 orders for
any library records from 2002 through 2005 (the time period covered by our
review). The few applications for Section 215 orders for library records that
were initiated in the FBI during this period were withdrawn while undergoing
the review process within the FBI and the Department. None were submitted
to the FISA Court.
With respect to how information from Section 215 orders was used, we
found no instance where the information obtained from a Section 215 order
resulted in a major case development such as disruption of a terrorist plot. We
also found that very little of the information obtained in response to Section
215 orders has been disseminated to intelligence agencies outside the DOJ.
Office of the Inspector General, U.S. Department of Justice

11

However, FBI personnel told us they believe that the kind of intelligence
gathered from Section 215 orders is essential to national security
investigations. They also stated that the importance of the information is
sometimes not known until much later in an investigation, when the
information is linked to some other piece of intelligence. FBI officials and
Department attorneys also stated that they believe Section 215 authority is
useful because it is the only compulsory process for certain kinds of records
that cannot be obtained through alternative means.
We did not identify any instances involving “improper or illegal use” of a
pure Section 215 order. We did find problems with two combination Section
215 orders. In one instance, the FBI inadvertently collected information from a
telephone number that no longer belonged to the target of the investigation. In
another instance, the FBI received information from a telephone that was no
longer connected to the subject because of a mistake by the telephone
company.
We also found that the FBI has not used Section 215 orders as effectively
as it could have because of legal, bureaucratic, or other impediments to
obtaining these orders. For example, after passage of the Patriot Act in October
2001, neither the Department nor the FBI issued implementing procedures or
guidance with respect to the expansion of Section 215 authority for a long
period of time. In addition, we found significant delays within the FBI and the
Department in processing requests for Section 215 orders. We also determined
through our interviews that FBI field offices do not fully understand Section
215 orders or the process for obtaining them.
III. CONCLUSION
In sum, our review of national security letters revealed that, in various
ways, the FBI violated the national security letter statutes, Attorney General
Guidelines, or FBI internal policies governing their use. While we did not find
that the violations were deliberate, we believe the misuses were widespread and
serious.
Finally, I also want to note that the FBI and the Department cooperated
fully with our review. In addition, the FBI and the Department agreed to
declassify important aspects of the report to permit a full and fair airing of the
issues we describe in the report. They have also acknowledged the problems
we found and have not attempted to cover up the deficiencies. The FBI and the
Department also appear to be taking the findings of the report seriously, and
appear committed to correcting the problems we identified.
Office of the Inspector General, U.S. Department of Justice

12

We believe that these serious and ongoing efforts are necessary to ensure
that the FBI’s use of national security letter authorities to obtain sensitive
information is conducted in full accord with the NSL statutes, Attorney General
Guidelines, and FBI policies.
That concludes my testimony, and I would be pleased to answer any
questions.

Office of the Inspector General, U.S. Department of Justice

13