The Rights of the People (38 page)

The amendment in the Patriot Act also invited the use of the NSL in criminal cases. If a foreign spy has diplomatic immunity from prosecution—as most probably do—agencies might just want to monitor him or expel him from the country, the customary remedy. Americans and nondiplomats can be arrested, of course, but those instances come along infrequently. By contrast, a suspected terrorist on U.S. soil is usually put into the criminal justice system: arrested, indicted, tried—certainly
not expelled. So the NSL, a device conceived for intelligence gathering, was transformed into an evidence-gathering tool, raising constitutional implications.

The Patriot Act expanded the number of people who could issue a letter, from ten high-ranking officials in FBI headquarters to the heads of all fifty-six FBI field offices plus numerous managers in various divisions based in Washington.
³⁴
This made authorization quite easy. Furthermore, a new form of NSL was added to the Fair Credit Reporting Act permitting authorities to demand from credit companies any information on individuals, including full credit reports.

The amendments allowed a continuous hailstorm of NSLs to pepper Internet providers, telephone companies, banks, libraries, and other institutions holding private records of millions of people. The nature of the targets also shifted. Before the Patriot Act, about 39 percent were “U.S. persons,” a term defined in law as citizens and legal immigrants who are permanent residents.
³⁵
From 2003 through 2005, U.S. persons jumped to 53 percent in the FBI’s official tallies, and a sample survey by the Justice Department’s inspector general showed the figure as 12 percent higher, or about 65 percent overall.
³⁶
Terrorism investigations accounted for about 73 percent of the NSLs, intelligence cases for just 26 percent, and foreign computer intrusions for the remaining 1 percent, according to the inspector general’s study. The National Security Letter had been entirely transformed.

But even the loose standards weren’t loose enough for agents who violated them frequently. Two official studies found the FBI files on NSLs laced with evidence of bureaucratic confusion and shortcuts, ignorance of the law, and outright dishonesty.

Part of the fault lies with a Congress skilled in writing complexities into statutes. Hapless FBI agents, few of whom are lawyers, cannot always be blamed for mistakes as they journey through bewildering loopholes and labyrinths. “We found confusion about the authorities available under the various NSL statutes,” the first study reported blandly in 2007. It did not go on to suggest the remedy: either judicial oversight or a straightforward prohibition against administrative government access to private records. Instead, we have protective laws riddled with exceptions.

The confused legal terrain allows officials to wander unbridled as they issue NSLs. The inspector general found “no clear guidance” to FBI agents, for example, on how to reconcile “the expansive authorities in the NSL statutes” with a long-standing presidential executive order mandating “the least intrusive collection techniques feasible.”
³⁷

The FBI’s carelessness in drawing up National Security Letters rivaled its laboratory’s imprecision in analyzing evidence. Its official statistics understated the number of NSLs actually in the files, the inspector general found, and forty-eight violations were discovered in a relatively small sample of 293 NSLs. Despite the Patriot Act’s vague requirement that the information be “relevant to an authorized investigation,” many letters were issued where no investigation had been launched. In three of the four divisions surveyed, signed copies were not kept, so investigators could not check on whether they had been approved by an official authorized to issue them. A cavalier approach prevailed.

Mistyped phone numbers and e-mail addresses produced personal information about the wrong people. Communications companies turned over more than was requested or allowed. Nine NSLs were illegally used to obtain full credit reports for counterintelligence, although the law authorized them only for counterterrorism.
³⁸
Two NSLs illegally sought content information from e-mails, beyond the addresses and subject lines the law permitted. Time limits were violated as phone records were obtained for periods thirty to eighty-one days longer than prescribed by the NSLs. One agent, using a bank customer’s PIN obtained through a FISA warrant, got illegal access to the person’s account without an NSL.

Thanks to press reports, the inspector general learned that a North Carolina university was served with an NSL going far beyond its legal authority by demanding “applications for admission, housing information, emergency contacts, and campus health records,” as the FBI investigated a student’s possible involvement in the 2005 bus and subway bombings in London. Oddly, a grand jury subpoena for the records, already in process, was later served, and the university complied. Agents seemed to see the NSL as a shortcut.

“In most cases,” the report concluded, “the FBI was seeking to obtain information that it could have obtained properly if it had followed applicable statutes, guidelines, and internal policies.” But the broadened NSL became the administrative path of least resistance where even the thinnest checks and balances were missing. This led some agents to cheat the law and lie to each other, as well as to telecommunications firms.

The FBI entered into contracts with three unnamed phone companies to provide information on thousands of numbers, often through pen registers, which record the destinations of outgoing calls, and through trap-and-trace devices, which capture incoming numbers. (The names are anachronistic, dating from an era of copper wires and electromechanical switches; their functions are now performed by computers.)

The inspector general, Glenn A. Fine, blasted the FBI in 2010 for the “casual culture” that had grown up between agents and telecom firms. Instead of using NSLs or other legal means, “FBI personnel sought and received telephone records based on informal requests made by e-mail, by telephone, face-to-face, and even on post-it notes,” he reported. At least 3,500 phone numbers were monitored in this informal manner, facilitated by three phone companies stationing employees in the FBI’s Communications Analysis Unit, which “blurred the line between the FBI and the service providers” and “contributed to the serious abuses.” In a practice called sneak peeks, the company representatives “would check their records and provide a preview of the available information for a targeted phone number, without documentation of the fact of the request. At times, the service providers’ employees simply invited FBI personnel to view the telephone records on their computer screens. Notably, virtually none of these FBI requests for telephone records—either the exigent letters or the other informal requests—was accompanied by documentation explaining the authority for the requests.” Agents obtained phone records on news reporters without the required authorization by the attorney general.

The FBI also “made inaccurate statements to the [secret] FISA Court,” Fine discovered. “In several instances, the FBI submitted affidavits to the Court that information in FISA applications was obtained through NSLs or a grand jury subpoena, when in fact the information was obtained by other means, such as exigent letters.”

Evading even the relaxed procedures for obtaining National Security Letters, agents in the Counterterrorism Division who were not authorized to sign NSLs issued 739 of these so-called exigent letters requesting data on about 3,000 phone numbers from March 2003 to December 2005. They were trying to invert a Patriot Act provision allowing telecom firms that see something suspicious to tell the government without risking a lawsuit by the customer. But here, the FBI was initiating the request, and agents lied to the phone companies, and sometimes to other FBI officials, that NSLs or grand jury subpoenas had been applied for and would soon follow, and that the situations were emergencies.

In fact, the inspector general found, not a single subpoena had been requested, most of the letters were issued in nonemergency situations, and “there sometimes were no open or pending national security investigations tied to the request.” The FBI didn’t even keep track of whether NSLs were ultimately issued after the exigent letters were sent, relying on the phone company to maintain such records. And when attorneys in
the Justice Department’s National Security Law Branch learned of the practice and tried to stop it, the Counterterrorism Division’s Communications Analysis Unit went through the motions of applying for National Security Letters after the fact, without telling the lawyers that the phone information had already been received.

The same thing happened on a smaller scale when nineteen “certificate letters,” instead of NSLs, were sent to a federal reserve bank in search of federal wire transfers by 244 people. Prompted by the Justice Department’s investigation, Federal Reserve attorneys conceded that the records should not have been provided on the basis of the certificate letters.

Even where proper procedures were followed, the justification for issuing National Security Letters could be flimsy, as in a request stating merely, “The subject is in contact with the subjects of other international terrorism investigations. These subscriber and toll billing records are being requested to determine the identity of others with whom the subject communicates.”
³⁹
The chief division counsel who received this sparse application for an NSL turned it down but circulated the text among twenty-two other FBI chief division counsels to collect their views. Thirteen agreed that it should be rejected, but nine said they would approve it. One of those who would have turned it down told investigators that nothing had caused more friction in his twenty years with the FBI than the questions he had raised about NSL requests.

The criteria were so loosely constructed that the National Security Law Branch felt it necessary to post this sardonic guidance on its Web site in March 2006, after the Patriot Act was reauthorized: “A perfunctory recitation that (1) the subject is the target of the investigation, (2) he has a telephone, and (3) therefore, it follows that an NSL for his telephone records is relevant to the authorized investigation will not suffice. Otherwise, any target with a telephone or a bank account is subject to an NSL. And that is not the standard for issuance of an NSL.”
⁴⁰

Following the revelations in the 1970s about FBI snooping, the agency reportedly stopped amassing huge files on people who were not part of criminal or counterintelligence investigations. In the first place, everything was on paper, one former agent noted, and warehouse space was limited. But it doesn’t take warehouses to store data in a computer age, and since 9/11, law enforcement and intelligence officers have understood
one very bold lesson: They risk more criticism from Congress and the public by missing an attack than by violating privacy.

So, they collect. “As a criminal investigator, my goal is to gather evidence necessary to prosecute a bad guy,” to get “one step closer to putting that guy in handcuffs and going to court,” said Mike German, the former undercover agent who infiltrated domestic militia groups for the FBI. “As an intelligence investigator, your goal is to collect. The evaluation of a criminal investigator is based on actual success. But a collector, they’re measured by how fat their file is. And if you collect every day in and day out, you’re going to have a fat file—and particularly if it’s all classified, you don’t have anybody looking over your shoulder. And if you’re mindful of protecting civil liberties and are judicious, your files are not going to be so fat.”

Computer systems obviously make it easier to share intelligence information. Unsourced records obtained from NSLs—including those on innocent people not being investigated—are uploaded into databases accessible by 34,000 officials throughout government in U.S. Attorneys’ offices, the Drug Enforcement Administration, the Federal Bureau of Prisons, Homeland Security, and the CIA, as well as state and local law enforcement agencies that are part of joint terrorism task forces throughout the country.

The FBI and other collectors claim to have enhanced their capacity to analyze the burgeoning mass of information, but German has his doubts. “That was the lesson of 9/11,” he said, “and unfortunately people didn’t catch that.” Some fifty or sixty officials in the CIA and the NSA had known that two of the nineteen hijackers had arrived in the United States, but nobody told the FBI.
⁴¹
Since then, impediments to sharing may have been reduced, but the inundation of information has remained overwhelming, producing few significant prosecutions, German noted. “Is that really an efficient use of all those agents and all that money?”

It’s hard to make a case that the extensive collection and sharing of data have made agencies smarter and more agile. They failed to search multiple databases and consolidate scattered intelligence reports on a Nigerian student, Umar Farouk Abdulmutallab, whose radicalization had prompted his father to visit the U.S. Embassy and warn the CIA. The young man’s multiple-entry U.S. visa wasn’t withdrawn, he wasn’t placed on the no-fly list, and he wasn’t even given extra screening in Amsterdam before he boarded a Northwest flight to Detroit on Christmas Day of 2009, explosives hidden in his underwear. A blast that would have brought down the plane over Michigan was narrowly averted when the bomb fizzled
and passengers subdued him. A preliminary investigation into the intelligence failure hinted at the burdens created by over-collecting. “The information that was available to analysts, as is usually the case, was fragmentary and embedded in a large volume of other data,” said the report. President Obama instructed officials to examine “how to meet the challenge associated with exploiting the ever-increasing volume of information available to the Intelligence Community.”
⁴²

One example of wasted resources was witnessed by Lawrence Wright, author of a book on al-Qaeda, when he was visited at home by FBI agents inquiring about calls he’d made to Egypt. One of the conversations, with a relative of Ayman al-Zawahiri, Osama bin Laden’s deputy, was summarized in an intelligence database, he was told by an official. “I was surprised, because the FISA law stated that my part of the conversation should have been ‘minimized’—redacted or rendered anonymous—because I am an American citizen,” the author wrote.