Wash. Post noted FBI's increased use of NSLs, omitted that Justice IG found many instances of their illegal use

A Washington Post article about privacy concerns regarding the federal government's Digital Collection System noted that the number of national security letters “issued by the FBI soared from 8,500 in 2000 to 47,000 in 2005,” but it did not mention that the Justice Department's inspector general found many “instances of illegal or improper use of national security letters” by the FBI between 2003 to 2005, according to a 2007 IG report.

In an April 8 article, The Washington Post reported on privacy concerns regarding the federal government's Digital Collection System (DCS), which reportedly “allows authorized FBI agents and analysts, with point-and-click ease, to receive e-mails, instant messages, cellphone calls and other communications that tell them not only what a suspect is saying, but where he is and where he has been, depending on the wording of a court order or a government directive.” The article reported that while "[w]iretaps to obtain the content of a phone call or an e-mail must be authorized by a court upon a showing of probable cause," the " 'transactional data' about a communication -- from whom, to whom, how long it lasted -- can be obtained by simply showing that it is relevant to an official probe, including through an administrative subpoena known as a national security letter (NSL)." While the Post noted that "[a]ccording to the Justice Department's inspector general [DOJ IG], the number of NSLs issued by the FBI soared from 8,500 in 2000 to 47,000 in 2005," it did not mention that the DOJ IG, in March 2007, released a report that found many “instances of illegal or improper use of national security letters” by the FBI between 2003 and 2005. The IG's report stated that its investigation “found that the FBI used NSLs in violation of applicable NSL statutes, Attorney General Guidelines, and internal FBI policies,” and identified multiple ways that the FBI had done so. The Post article did not mention the IG's findings regarding NSLs, even though it quoted one privacy advocate, People for Internet Responsibility co-founder Lauren Weinstein, as saying: “When you're building something like this deeply into the telecommunications infrastructure, when it becomes so technically easy to do, the only thing that stands between legitimate use and abuse is the complete honesty of the persons and agencies using it and the ability to have independent oversight over the system's use.”

The March 2007 DOJ IG report also stated that “in most cases the FBI was seeking to obtain information that it could have obtained properly if it had it [sic] followed applicable statutes, guidelines, and internal policies,” and that the IG “did not find any indication that the FBI's misuse of NSL authorities constituted criminal misconduct.”

In a follow-up report issued a year later, the DOJ IG, among other things, examined reports of possible intelligence violations involving NSLs that had been reported to the FBI's Office of General Counsel (OGC) in 2006 and found 84 possible violations. In 14 of those 84 instances, the IG found that “the FBI received information it was not entitled to receive.” From the DOJ IG's March 2008 report:

To assess any “improper or illegal use” of NSLs in 2006, as required by the Patriot Reauthorization Act, we examined the reports of possible intelligence violations involving the use of NSLs that were sent to the FBI OGC from January 1, 2006, through December 31, 2006. We identified 84 possible intelligence violations involving the use of NSLs, of which the FBI determined that 34 needed to be reported to the President's Intelligence Oversight Board (lOB).6 The 34 matters included the same types of errors identified in our first NSL report that was completed in March 2007, such as the issuance of NSLs without proper authorization, improper requests, and unauthorized collection of telephone or Internet e-mail records. Of these 34 intelligence violations, 20 were the result of FBI errors, while 14 resulted initially from mistakes by recipients of the national security letters. We generally agreed with the FBI's decisions on which violations needed to be reported to the lOB, except for six that we believed should have been reported to the IOB but were not. We concluded that the decisions not to report these were inconsistent with prior FBI OGC decisions or that the reasons for not reporting them to the lOB were unpersuasive.

As we did in our first NSL report, we determined whether the FBI would have been entitled to the information provided under applicable NSL statutes, Attorney General Guidelines, and internal policies. We found that of the 84 possible intelligence violations identified and reported to the FBI OGC in 2006, the FBI received information it was not entitled to receive in 14 matters. In one of the matters the FBI requested information it was not entitled to under the applicable NSL statute. In the other 13 matters, the FBI made proper requests but, due to third party errors, obtained information it was not entitled to receive under the pertinent NSL statutes.

6 Of the 84 possible intelligence violations, 52 involved the FBI's acquisition of information it had not requested in the NSLs (referred to as “initial third party errors”). Since the FBI OGC has not yet determined whether the FBI compounded the third party errors by using or uploading the unauthorized information, we could not reach a conclusion as to whether these 52 matters involved improper use of NSL-derived Information [Page 11].

From the March 2007 DOJ IG report (large pdf):

Finally, in evaluating the FBI's use of national security letters it is important to note the significant challenges the FBI was facing during the period covered by our review and the major organizational changes it was undergoing. Moreover, it is also important to recognize that in most cases the FBI was seeking to obtain information that it could have obtained properly if it had it followed applicable statutes, guidelines, and internal policies. We also did not find any indication that the FBI's misuse of NSL authorities constituted criminal misconduct.

However, as described above, we found that that the FBI used NSLs in violation of applicable NSL statutes, Attorney General Guidelines, and internal FBI policies. In addition, we found that the FBI circumvented the requirements of the ECPA NSL statute when it issued at least 739 “exigent letters” to obtain telephone toll billing records and subscriber information from three telephone companies without first issuing NSLs. Moreover, in a few other instances, the FBI sought or obtained information to which it was not entitled under the NSL authorities when it sought educational records through issuance of an ECPA NSL, when it sought and obtained telephone toll billing records in the absence of a national security investigation, when it sought and obtained consumer full credit reports in a counterintelligence investigation, and when it sought and obtained financial records and telephone toll billing records without first issuing NSLs [Page 124].

From the April 8 Washington Post article, headlined “FBI Data Transfers Via Telecoms Questioned”:

When FBI investigators probing New York prostitution rings, Boston organized crime or potential terrorist plots anywhere want access to a suspect's telephone contacts, technicians at a telecommunications carrier served with a government order can, with the click of a mouse, instantly transfer key data along a computer circuit to an FBI technology office in Quantico.

[...]

“When you're building something like this deeply into the telecommunications infrastructure, when it becomes so technically easy to do, the only thing that stands between legitimate use and abuse is the complete honesty of the persons and agencies using it and the ability to have independent oversight over the system's use,” said Lauren Weinstein, a communications systems engineer and co-founder of People for Internet Responsibility, a group that studies Web issues. “It's who watches the listeners.”

Different versions of the system are used for criminal wiretaps and for foreign intelligence investigations inside the United States. But each allows authorized FBI agents and analysts, with point-and-click ease, to receive e-mails, instant messages, cellphone calls and other communications that tell them not only what a suspect is saying, but where he is and where he has been, depending on the wording of a court order or a government directive. Most of the wiretapping is done at field offices.

Wiretaps to obtain the content of a phone call or an e-mail must be authorized by a court upon a showing of probable cause. But “transactional data” about a communication -- from whom, to whom, how long it lasted -- can be obtained by simply showing that it is relevant to an official probe, including through an administrative subpoena known as a national security letter (NSL). According to the Justice Department's inspector general, the number of NSLs issued by the FBI soared from 8,500 in 2000 to 47,000 in 2005.