Congress first granted the Federal Bureau of Investigation (FBI) the authority to use National Security Letters (NSLs) in 1986. This authority ensured that the FBI would have the necessary tools to investigate threats to the national security posed by terrorists and spies because Congress had, at the same time, enacted statutory privacy protection to certain classes of records held by third-party businesses.
Congress then understood a principle that remains true to this day: To appropriately and efficiently investigate threats to the national security, the FBI needs the ability to gather very basic information about individuals, including information about their finances, where they live and work, and with whom they are in contact, without alerting the targets that it is doing so.
The NSL authority is now and always has been quite limited. First, unlike grand jury subpoenas that can be used to collect any non-privileged document from any person or entity, the FBI can use NSLs only to obtain a very narrow range of information from a very narrow range of third-party businesses: NSLs can be used to obtain transactional information from wire or electronic communications service providers (e.g., phone companies and Internet service providers), financial institutions (e.g., banks and credit card issuers), and credit-reporting agencies. Other documents that can be critical to a national security investigation (e.g., hotel records, employment records) cannot be obtained using an NSL. Second, unlike grand jury subpoenas that can be issued in any type of criminal case, NSLs can be used only during duly authorized national security investigations. Finally, unlike grand jury subpoenas that can be issued by any Assistant U.S. Attorney or Department of Justice prosecutor, no matter how junior or inexperienced, NSLs can be issued only with very high-level FBI approval.
Although the NSL authority is quite limited, NSLs are nevertheless critical tools that enable FBI investigators to gather the type of basic information needed as the “building blocks” of national security investigations. It is not an exaggeration to say that virtually every significant national security investigation, whether of an individual suspected of planning to wreak havoc through an act of terrorism or of an individual suspected of spying on the United States for the benefit of a foreign nation, requires the use of NSLs for at least some critical information.
The arguments posited by ACLU’s Mike German and Michelle Richardson are the ones that have been raised consistently by critics of NSLs, and must be considered against the backdrop of the importance of the tool and its limited scope. They assert that the standard required to issue an NSL is too low; the Department of Justice’s Inspector General found that the FBI misused NSLs; and the socalled “gag order” is constitutionally objectionable. None of these arguments withstands scrutiny.
The Appropriate Standard
As noted in the German-Richardson essay, prior to the enactment of the PATRIOT Act, an NSL could be issued only if the FBI could certify that there were “specific and articulable facts giving reason to believe” that the target of the NSL (i.e., the person about whom information was sought) was an “agent of a foreign power.” The PATRIOT Act changed the standard so that an NSL can now be issued so long as the information sought is “relevant” to an authorized national security investigation. Although the German-Richardson essay argues that this change in standard was problematic, it does so without providing any context. While reasonable people may disagree about the appropriate standard, a rational debate cannot occur in a vacuum.
First, the German-Richardson essay characterizes the information that can be obtained with an NSL as “sensitive, private information.” A person not steeped in the intricacies of the law might infer from that assertion that an NSL can be used to obtain private diaries or psychiatric records or attorney-client privileged information—data that really is both sensitive and intensely private. The reality is far different. None of the information that can be obtained with an NSL is constitutionally protected. As noted above, the only information that can be obtained is information about who is in communication with whom (not the content of the communication); information contained in credit card and bank records; and information aggregated by credit-reporting agencies. The unifying feature of all that data is that it has been shared with a third party (e.g., the person on the other end of the phone line, the clerk in the store who processes a credit card purchase, the teller who processes the checks deposited in a bank account). As the Supreme Court made clear in United States v. Miller, 425 U.S. 435 (1976), there is no reasonable expectation of privacy in such data. Moreover, the overwhelming majority of NSLs are issued to obtain information that virtually no one considers “private” or sensitive: subscriber information for phone numbers.
Second, putting aside the hyperbole about the inherent sensitivity of the information, to consider whether the NSL standard is too low, one must consider whether the standard required in a national security investigation is in sync or out of sync with the standard that exists to get the exact same information in other contexts. The fact is that information obtainable with an NSL is also obtainable with a grand jury subpoena in any criminal investigation and with an administrative subpoena in narcotics investigations.23 Although such investigations are obviously important, their purpose is to investigate crimes that generally pose far less danger to public safety and the national security than is posed by the targets of national security investigations. The standard for issuance of a grand jury or administrative subpoena is that the information sought must be relevant to the crime being investigated.24 It would be exceedingly odd public policy to make it harder for investigators who are investigating threats to the national security to get basic transactional data than it is for investigators who are investigating routine federal crimes to get the exact same information.
The Inspector General Reports
German and Richardson assert that three Department of Justice Inspector General (DOJ/OIG) reports “confirmed pervasive FBI mismanagement and misuse and abuse” of the NSL authority. In fact, one IG report in 2007—almost five years ago—found significant weaknesses in the FBI’s internal controls over the use of NSLs. Significantly, it did not find misuse in the sense of the FBI using NSLs maliciously or inappropriately to obtain records that were not relevant to an authorized FBI investigation. Indeed, the then-Inspector General testified that the IG “did not find that FBI agents sought to intentionally misuse the national security letters or sought information that they knew they were not entitled to obtain through the letters.”25 Instead, the IG found that in approximately 7.5 percent of NSLs that it sampled (22 of 293), there was some type of error in either the issuance of the NSL or the handling of the data received.
Of those errors, however, almost half (10 out of 22) were third-party errors, that is, the recipient of the NSL provided information that had not been sought by the FBI. Excluding third-party errors, the actual rate of FBI error was approximately 4 percent (12 out of 293). Of the 12 FBI errors, the overwhelming majority (10 out of 12) were non-substantive errors (e.g., the NSL used certification language slightly different from the statutory requirement (although the meaning was the same)) and only two (0.6 percent of all NSLs sampled) had substantive errors (i.e., one NSL sought information not appropriately obtainable with an NSL and one NSL was issued after the preliminary investigation to which it related had “lapsed”). While the FBI error rate was unacceptably high, one must question whether two substantive errors out of 293 NSLs can fairly be characterized as “pervasive.”
The IG’s second report on this topic was issued the following year, and it concluded that the FBI had made substantial strides in improving its processes and internal controls regarding the use of NSLs. Glenn Fine testified that the IG’s “review of the FBI’s corrective actions concluded that the FBI and the Department have evidenced a commitment to correcting the serious problems we found in our first NSL report and have made significant progress in addressing the need to improve compliance in the FBI’s use of the NSLs.”26
The IG’s final report was not about NSLs at all but was about so-called “exigent letters.” “Exigent letters” were devised and used primarily by a single unit at FBI headquarters to obtain phone records without issuing an NSL. While the practice originated in response to legitimate emergencies during which the FBI can obtain phone records without any legal process,27 the practice morphed into an inappropriate substitute for required legal process (either a grand jury subpoena or an NSL) when there was no emergency.
While the German-Richardson essay focuses on the negative findings of the IG, it studiously avoids discussing the actual controls that are in place—and have been in place since shortly after the 2007 IG report—to avoid the type of errors discovered by the IG. Those controls are important because they collectively operate to ensure that the FBI is using the NSL authority responsibly and appropriately and in a way that is subject to audit and review.
First, by statute the FBI can use NSLs only in predicated national security investigations. The Attorney General has established the standards that must be met to commence a predicated national security investigation, and the predication for every full investigation of a U.S. person must be submitted to the Department of Justice for review.28 The authority to conduct national security investigations is further controlled through internal FBI policy that establishes internal controls regarding opening predicated investigations.29 Next, since June of 2007, the FBI has had clear policies in place regarding virtually every aspect of issuing an NSL. NSLs may be issued by only a few high-ranking officials at FBI headquarters and by Special Agents in Charge (SAC) of FBI field offices.30 The policy and procedures set forth clearly the standards that must be met before an NSL can be issued and mandate that the factual basis for the issuance of the NSL be documented in the file. FBI policy requires an FBI attorney to review every NSL before it may be authorized and clearly articulates the parameters for that review.
Except in very limited circumstances, which generally account for fewer than 30 NSLs per year, NSLs must be created using an automated workflow system that minimizes the potential for error and helps ensure that statutory and policy requirements are met. As noted above, many of the errors detected by the IG in 2007 were non-substantive errors, such as citing the wrong statute, misquoting the required certification language, or omitting a step in the review process. The automated system ensures against such errors, automatically ensuring that each required review occurs and automatically ensuring the language in the NSL is uniform and legally correct. Finally, the automated system requires that documents received in response to an NSL are reviewed to minimize the impact of overproduction (production of material not called for by the NSL) and other third-party errors.
The FBI mandates that all employees who may play a role in issuing an NSL take training to ensure that they understand the rules. The FBI’s Office of the General Counsel has created standardized training that is presented live and via a web-based training system. No person who is authorized to sign NSLs may do so until he or she has certified the receipt of that required training. The FBI and DOJ have robust after-the-fact oversight to ensure compliance with the law, policies, and procedures. Attorneys from DOJ and FBI conduct audits of NSL usage in more than half of the FBI’s field offices each year. Reports from these audits are presented to the Assistant Attorney General for National Security at DOJ, the FBI’s General Counsel (GC), and the SAC of the field office that was audited, among others, so that any issues identified can be appropriately addressed. The FBI’s Inspection Division also conducts an annual audit of NSL usage. The results of that audit are reported to the GC and the FBI’s Deputy Director, among others. Employees who make certain errors that are detected during the Inspection Division process or through other means lose the authority to approve NSLs until they complete remedial training and attest that they understand the rules for NSL issuance.
In short, the FBI has taken numerous steps to improve compliance on the front end of the NSL process and to conduct rigorous self-evaluations after the fact to ensure strict compliance with the various statutes and policies that govern the use of this important tool.
Constitutionality of the Gag Order
By statute, the recipient of an NSL can challenge an NSL if responding would be unreasonable, oppressive, or otherwise unlawful. The FBI ensures that all recipients are aware of their ability to challenge the NSL by informing them of that right on the face of the NSL itself. Similarly, for any NSL that includes a non-disclosure order, the NSL notifies the recipient that, should they desire to disclose the fact that they received an NSL, they can either commence an action to set aside the nondisclosure requirement or they can notify the FBI of their desire to disclose. The NSL further informs the recipient that if the FBI wishes to maintain the secrecy of the NSL in the face of the recipient’s desire to disclose it, the FBI will bear the burden of commencing a judicial proceeding in which it will be required to demonstrate the need for secrecy to a federal judge. If the FBI fails to do so, then the recipient will be free to disclose the NSL. That notification was added to all NSLs in February of 2009, based on the decision of the Second Circuit Court of Appeals in Doe v. Mukasey, 549 F.3d 861 (2d Cir. 2008), that such a procedure was necessary for the non-disclosure provision of the NSL statute to pass constitutional muster.
As the DOJ IG noted in its 2008 report on the FBI’s use of NSLs, the vast majority of NSLs (approximately 97 percent) include nondisclosure requirements. That statistic is not particularly surprising, as NSLs can be used only to investigate national security cases—cases where the risk from premature disclosure can be particularly grave. For example, a terrorist target, on learning of an investigation, could take steps to expedite his plans of mayhem, to eliminate individuals who are believed to be cooperating with the government, or to destroy critical evidence. Or diplomatic relations could be gravely harmed if a foreign government were to learn that the FBI had obtained phonerecords associated with its officials who are in the United States. In short, there are good and sufficient reasons why the FBI generally wishes to keep the existence of an NSL secret; nevertheless, there is now a clear and constitutional process that NSL recipients can follow if they wish to make a disclosure.
We should note that after approximately three years of including in NSLs the provision for disclosure (during which time the FBI issued well over 50,000 NSLs), no recipients have notified the FBI that they wish to make a disclosure.
Although NSLs will no doubt remain the national security tool that critics love to hate, when one focuses on reality rather than on hyperbole, it is clear that the NSL is a constitutional tool that is reasonably used and is necessary in national security investigations to maintain the safety and security of the American people.
23. 21 U.S.C. § 876.
24. United States v. R. Enterprises, 498 U.S. 292, 299 (1991).
25. Statement of Glenn A. Fine before the Permanent Select Committee on Intelligence U.S. House of Representatives concerning “The FBI’s Use of National Security Letters and Section 215 Requests for Business Records,” March 28, 2007
26. Statement of Glenn A. Fine before the House Committee on the Judiciary Subcommittee on the Constitution, Civil Rights, and Civil Liberties concerning “The FBI’s Use of National Security Letters and Section 215 Requests for Business Records,” April 15, 2008 (http://www.justice.gov/oig/testimony/t0804/final.pdf).
27. 18 U.S.C. § 2703.
28. U.S. DEP’T OF JUSTICE, ATTORNEY GENERAL’S GUIDELINES FOR DOMESTIC FBI OPERATIONS (http://www.justice.gov/ag/readingroom/guidelines.pdf).
29. FBI, DOMESTIC INVESTIGATIONS AND OPERATIONS GUIDE (DIOG) (http://vault.fbi.gov/FBI%20Domestic%20Investigations%20and%20Operations%20Guide%20(DIOG)/fbi-domesticinvestigations-and-operations-guide-diog-2011-version).
30. Special Agents in Charge are members of the Senior Executive Service. While there is no required period of time an agent would need to work at the FBI before he or she could be promoted to Special Agent in Charge of a field office, as a practical matter, most SACs have at least 15 years’ experience before becoming an SAC.