Consumer Electronics Daily was a Warren News publication.
Sensenbrenner ‘Betrayed’

FBI’s Use of Exigent Letters ‘Sloppy’ But Agency Reforming, House Judiciary Told

The FBI’s use of “exigent letters” to get phone records from telecommunications companies without first going through a legal process may lead to revision of the Electronic Communications Privacy Act, and possibly the firing of the FBI’s top lawyer, officials indicated. The House Judiciary Constitution Subcommittee grilled FBI General Counsel Valerie Caproni at a hearing Wednesday about her office’s role in the controversy, the subject of a 300-page report by Justice Department Inspector General Glenn Fine. His office previously released reports on abuses of National Security Letters, which the FBI issued to organizations demanding phone, e-mail and other business records. Their gag-order requirement doomed the Patriot Act provision in court (CD Sept 7/07 p8).

Lawmakers received “repeated assurances” from the FBI that the end-run around legal processes through exigent letters, supposedly reserved for emergency requests, had long ago ended, but Fine’s report dispels that notion, said Subcommittee Chairman Jerrold Nadler, D-N.Y. He said the requests showed “reckless disregard for the law.” The subcommittee will review possible revisions to ECPA, including criminal sanctions for officials who violate the law, “but that is a matter for another day,” Nadler said.

"There’s no excuse” for FBI employees’ behavior, “but there is context” in the “tremendous pressure” agents were under after the Sept. 11 attacks, said Ranking Member James Sensenbrenner, R-Wis., the primary author of the Patriot Act and its 2006 reauthorization. The FBI stopped issuing the letters more than three years ago and no criminal intent was found by Fine, who agreed some of the letters were issued under genuine emergencies, dealing with “some of the most serious terrorist plots” the U.S. has faced, Sensenbrenner said. The FBI has issued better guidelines for when NSLs are appropriate, is auditing their use and spending considerable resources to verify whether certain records need to be purged now, he said.

"What we have here is something that needs further probing,” since Congress was in the dark for three years about the use of exigent letters, said Judiciary Committee Chairman John Conyers, D-Mich. “I am outraged that somebody would invent the term ‘exigent letters,'” which aren’t provided for in the Patriot Act, and whose use began around the same time Caproni became general counsel, he said. “There may be grounds for removal” of Caproni, he said: “There has obviously got to be some disciplinary action” from Justice’s Office of Professional Responsibility.

The report on exigent letters, Justice’s first comprehensive review of “informal ways” the FBI got records, showed FBI personnel issued at least 722 letters for 2,000 records to three service providers who had staff at the FBI, Fine said. But because of the bureau’s “incredibly sloppy practices,” including not putting exigent requests in a database, it’s hard to arrive at a final number, he said. “Every level” of the bureau, from the Communications Analysis Unit to senior officials in Caproni’s office, was involved. Emergency circumstances were largely “not present” and follow-up NSLs weren’t issued in most cases, as required even under the relaxed standard for exigent letters, Fine said. Agency personnel requested records more informally in some cases, through e-mail, phone, face-to-face and “even on Post-It notes” to telecom personnel on site, and sometimes got “sneak peeks” of records before receiving formal approval, Fine said. The FBI requested records on journalists to trace leaks without the attorney general’s authorization as required. Corrective actions were “poorly executed,” with the FBI issuing blanket NSLs to “cover or validate” improper exigent letters, he said. But the FBI’s responses to Fine’s report show that the bureau is taking the matter seriously, Fine said.

Caproni, who stressed the practice started before she joined, called the use of exigent letters a “failure of internal controls” but also a “wakeup call” for how the FBI makes requests. “We cannot unring the bell” but the FBI has improved training procedures under ECPA and established the Office of Integrity and Compliance after the fiasco. The FBI didn’t invent emergencies so much as fail to keep adequate records of requests and their rationales, and the exigent letters served as “sort of placeholders” for NSLs. The letters can now only be issued in an “emergency involving danger or death or serious injuries” and legally immunize service providers to turn over records, Caproni said. The blanket NSLs the FBI issued to legitimize exigent letters were a “good-faith but ill-conceived attempt” to clear a backlog. It’s reviewing 4,400 phone numbers covered by the NSLs and keeping those that are lawful, which Fine’s report found “reasonable,” she said.

But Fine’s report also said the FBI still had records that weren’t relevant to investigations, even if it was “reasonable” to keep them -- this after FBI officials including Caproni told the committee that irrelevant records had been “destroyed,” Nadler said. Caproni blamed a “laborious” review for the discrepancy -- officials checked whether a process had been started for given records, which “had frequently been the case,” and then whether they were relevant to an open investigation. “The issue is one of timing,” because records collected legitimately may not have been relevant later. Fine said the FBI was in an “unpalatable situation,” which is why the report deems the retention of irrelevant records reasonable. “They had to do time travel back and forth,” Fine said. He turned down Nadler’s suggestion that ECPA include criminal sanctions, as the Foreign Intelligence Surveillance Act does for violations. There are existing oversight mechanisms that should be “rigorously enforced,” including internal disciplinary measures, Fine said.

'I Don’t Think You're Getting the Message'

Sensenbrenner was most strident in his criticisms of the FBI. “I withstood the assaults” of lawmakers critical of the Patriot Act, including Nadler, but the FBI’s behavior for years has shown it “really wants to get around” the law’s restrictions, Sensenbrenner said. Congress initially declined to give the FBI administrative subpoena power, then expanded the bureau’s power under Section 215’s business-records provision, which requires FISA notification -- but then the FBI started using no-court-review NSLs instead. The 2006 reauthorization had “constitutionalizing provisions” to legitimize the FBI’s misuse of NSLs, but the bureau then started issuing exigent letters, which Sensenbrenner said Caproni approved. “Ordinarily I don’t agree on going on a witchhunt” but “I don’t think you're getting the message,” he said. “I've had the message for several years,” Caproni said, blaming the FBI’s counterterrorism division for signing off. She has always acknowledged “this was a massive failure."

But whenever Congress “tries to plug” civil-liberties loopholes in the law, the FBI unplugs them, Sensenbrenner said, raising his voice: “I came to this whole issue as your friend … and I feel betrayed.” He interrupted Caproni when she said her office has worked hard to “stay within the lines.” Nadler agreed there was a “clear pattern here of deliberate evasion” by the FBI. Caproni denied the FBI kept hopping to new procedures to avoid Patriot Act limits. NSLs started getting issued at the same time the bureau was making requests under Section 215: “The two had nothing to do with each other.” Sensenbrenner said he “lived this for six or seven years,” defending an unpopular administration’s antiterrorism policies: “This little Dutch boy has only got 10 fingers to put in holes in the dike."

Courts Subcommittee Chairman Hank Johnson, D-Ga., said he didn’t see a Fourth Amendment process for exigent letters. Caproni said they were constitutional because phone customers have no Fourth Amendment interest in records of their calls and billing, as opposed to the content of communications. The law says telcos are “entitled to provide” records, not legally required. But providers “would actually prefer to have belts and suspenders” -- an after-the-fact legal process, which the statute doesn’t anticipate, Caproni said. One of the problems was that FBI personnel “lost that professional distance” when telco employees worked onsite with the FBI and they all considered themselves part of the same team. But Caproni said she wasn’t in a position to know about the exigent process, assigned to an underling. Fine said Caproni’s officials were “trying to reform [the process] but they weren’t ending it.”

The FBI’s culture is changing to preempt another abuse of record requests, Caproni told Rep. Judy Chu, D-Calif. ECPA training for all employees happens every year or two, and the FBI does “auditing on the back end” to verify employees are following the rules. The Inspection Division has audited the use of NSLs several times, and a new automated request system “fills in all the boilerplate,” routes it so the request can’t go forward until receiving approval, and automatically uploads and prefills the request forms, Caproni said. “True emergency” requests will soon get a similar system. It’s a “thousand times better” than the spreadsheets officials previously used, she said. The FBI has taken some actions to address Fine’s report but more must be done, Fine said: “It’s not a one-time thing.”