[House Hearing, 110 Congress] [From the U.S. Government Printing Office] THE INSPECTOR GENERAL'S INDEPENDENT REPORT ON THE FBI'S USE OF NATIONAL SECURITY LETTERS ======================================================================= HEARING BEFORE THE COMMITTEE ON THE JUDICIARY HOUSE OF REPRESENTATIVES ONE HUNDRED TENTH CONGRESS FIRST SESSION __________ MARCH 20, 2007 __________ Serial No. 110-21 __________ Printed for the use of the Committee on the Judiciary Available via the World Wide Web: http://judiciary.house.gov ______ U.S. GOVERNMENT PRINTING OFFICE 34-175 WASHINGTON : 2007 _____________________________________________________________________________ For Sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512�091800 Fax: (202) 512�092250 Mail: Stop SSOP, Washington, DC 20402�090001 COMMITTEE ON THE JUDICIARY JOHN CONYERS, Jr., Michigan, Chairman HOWARD L. BERMAN, California LAMAR SMITH, Texas RICK BOUCHER, Virginia F. JAMES SENSENBRENNER, Jr., JERROLD NADLER, New York Wisconsin ROBERT C. SCOTT, Virginia HOWARD COBLE, North Carolina MELVIN L. WATT, North Carolina ELTON GALLEGLY, California ZOE LOFGREN, California BOB GOODLATTE, Virginia SHEILA JACKSON LEE, Texas STEVE CHABOT, Ohio MAXINE WATERS, California DANIEL E. LUNGREN, California MARTIN T. MEEHAN, Massachusetts CHRIS CANNON, Utah WILLIAM D. DELAHUNT, Massachusetts RIC KELLER, Florida ROBERT WEXLER, Florida DARRELL ISSA, California LINDA T. SANCHEZ, California MIKE PENCE, Indiana STEVE COHEN, Tennessee J. RANDY FORBES, Virginia HANK JOHNSON, Georgia STEVE KING, Iowa LUIS V. GUTIERREZ, Illinois TOM FEENEY, Florida BRAD SHERMAN, California TRENT FRANKS, Arizona ANTHONY D. WEINER, New York LOUIE GOHMERT, Texas ADAM B. SCHIFF, California JIM JORDAN, Ohio ARTUR DAVIS, Alabama DEBBIE WASSERMAN SCHULTZ, Florida KEITH ELLISON, Minnesota [Vacant] Perry Apelbaum, Staff Director and Chief Counsel Joseph Gibson, Minority Chief Counsel C O N T E N T S ---------- MARCH 20, 2007 OPENING STATEMENT Page The Honorable John Conyers, Jr., a Representative in Congress from the State of Michigan, and Chairman, Committee on the Judiciary...................................................... 1 The Honorable Lamar Smith, a Representative in Congress from the State of Texas, and Ranking Member, Committee on the Judiciary. 2 The Honorable Jerrold Nadler, a Representative in Congress from the State of New York, and Member, Committee on the Judiciary.. 4 The Honorable Trent Franks, a Representative in Congress from the State of Arizona, and Member, Committee on the Judiciary....... 5 The Honorable Robert C. Scott, a Representative in Congress from the State of Virginia, and Member, Committee on the Judiciary.. 6 The Honorable J. Randy Forbes, a Representative in Congress from the State of Virginia, and Member, Committee on the Judiciary.. 6 WITNESSES Mr. Glenn A. Fine, Inspector General, U.S. Department of Justice Oral Testimony................................................. 7 Prepared Statement............................................. 10 Ms. Valerie Caproni, General Counsel, Federal Bureau of Investigation Oral Testimony................................................. 215 Prepared Statement............................................. 219 APPENDIX Material Submitted for the Hearing Record Prepared Statement of the Honorable Sheila Jackson Lee, a Representative in Congress from the State of Texas, and Member, Committee on the Judiciary..................................... 272 Prepared Statement of the Honorable Linda T. Sanchez, a Representative in Congress from the State of California, and Member, Committee on the Judiciary............................. 279 Response to Post-hearing questions from Glenn A. Fine, Inspector General, U.S. Department of Justice............................ 281 Post-hearing questions posed to Valerie Caproni, General Counsel, Federal Bureau of Investigation, from Chairman John Conyers, Jr............................................................. 286 Letter from Richard C. Powers, Assistant Director, Office of Congressional Affairs, Federal Bureau of Investigation......... 289 Prepared Statement of Caroline Frederickson, Director, Washington Legislative Office, American Civil Liberties Union (ACLU)...... 290 Letter requesting additional information submitted to Valerie Caproni, General Counsel, Federal Bureau of Investigation...... 295 Press release by the Department of Justice from March 9, 2007, submitted by the Honorable Howard Coble, a Represenative in Congress from the State of North Carolina, and Member, Committee on the Judiciary..................................... 297 Article entitled ``Official Alerted F.B.I. to Rules Abuse 2 Year Ago, Lawyer Says,'' The New York Times, submitted by the Honorable John Conyers, Jr..................................... 299 THE INSPECTOR GENERAL'S INDEPENDENT REPORT ON THE FBI'S USE OF NATIONAL SECURITY LETTERS ---------- TUESDAY, MARCH 20, 2007 House of Representatives, Committee on the Judiciary, Washington, DC. The Committee met, pursuant to notice, at 9:40 a.m., in Room 2141, Rayburn House Office Building, the Honorable John Conyers, Jr. (Chairman of the Committee) presiding. Present: Representatives Conyers, Berman, Boucher, Nadler, Scott, Watt, Lofgren, Jackson Lee, Waters, Delahunt, Sanchez, Cohen, Johnson, Schiff, Davis, Wasserman Schultz, Ellison, Smith, Sensenbrenner, Coble, Goodlatte, Chabot, Lungren, Keller, Issa, Forbes, King, Feeney, Franks, and Gohmert. Staff Present: Perry Apelbaum, General Counsel and Staff Director; Robert Reed, Oversight Counsel; Joseph Gibson, Minority Chief Counsel; Caroline Lynch, Minority Counsel; Ameer Gopalani, Majority Counsel. Mr. Conyers. Good morning. The Committee will come to order. We are here for a hearing on the Inspector General's Independent Report on the FBI's Use of National Security Letters. Nearly 6 years ago, in the immediate aftermath of September 11th, the Department of Justice told us that they needed significantly enhanced authority, while promising the Members of this Committee in no uncertain terms that these new tools would be carefully and appropriately used. Two years ago, when the PATRIOT Act was reauthorized, they promised us there was not a single instance in which the law had been abused. Now, to underscore the importance of the reasons that we are holding this hearing, many of us remember the times in the past when the power of our Government has been abused. One war led to the suspension of Habeas Corpus; in another war, the notorious Palma raids; in World War II, the internment of Japanese Americans; in the Vietnam War, secret spying and enemy lists. In my view, we are now in a period where we risk a continuation of these deplorable acts and effect genuine harm to the Constitution and to the rule of law. One week ago, the Inspector General told us that the exact opposite was true of the promise that had been made that there was not a single instance, when the PATRIOT Act was being reauthorized, that the law had been abused. One tool in particular, the National Security Letters, essentially secret subpoenas issued without any court review, was used repeatedly to invade the privacy of law-abiding Americans outside the law and proper legal process. This was a serious breach of trust. The Department had converted this tool into a handy shortcut to illegally gather vast amounts of private information while at the same time significantly underreporting its activities to Congress. We learned that the number of National Security Letter requests had increased from 8,500 in the year 2000 to in excess of 143,000 from the 3-year period between 2003 and 2005. The Department of Justice consistently provided inaccurate information to Congress concerning the National Security Letters, failing to identify at least 4,600 security letter requests to us. The security letters were routinely issued without proper authorization and outside statutory and regulatory requirements. The Inspector General found that more than 60 percent of the investigatory files they looked at included one or more violations of FBI policy; but worse, the Inspector General found even more widespread abuses concerning the so-called Exigent Letters: that is, emergency requests for telephone and other data. An Exigent Letter, as opposed to a National Security Letter is meant to obtain information in an extreme emergency like a kidnapping when the Bureau has already sought subpoenas for the requested information. But the FBI issued these letters in nonemergencies as a means to bypass the requirements of the National Security Letter procedure, and so, as if it were not troubling enough, in many instances, the Bureau attempted to issue after the fact National Security Letters to cover their tracks on their use of Exigent Letters. The Inspector General specifically found that the Exigent Letters were ordinarily issued when there was no emergency present and very often when there was not even a pending investigation. More often than not, the letters were issued based on promises that subpoenas were in the process of being issued, when that was not the case and even though some subpoenas were never issued at all. The Federal Bureau of Investigation made numerous factual misstatements in the letters which were frequently issued in violation of the statute as well as the Attorney General and FBI guidelines. The recordkeeping was so poor that it was impossible for the IG to document how and why all of these problems occurred, and what disturbs me most is that the abuse and misuse of these security letters is not an isolated instance. It appears to be a part of a pattern in which the Department of Justice has violated not only our trust but the very laws which they are charged with enforcing, and so from the approval of the notorious torture memos to warrantless, illegal surveillance to the wrongful smearing of able U.S. Attorneys, this Department of Justice has squandered its reputation for independence and integrity. The Attorney General needs to understand that with power comes responsibility and with authority must come accountability. I would like now to turn to the distinguished gentleman from Texas, the Ranking Member of this Committee, Mr. Lamar Smith. Mr. Smith. Thank you, Mr. Chairman. Mr. Chairman, I appreciate your holding this hearing on the Inspector General's report on the FBI's use of National Security Letters. The Inspector General should be commended for conducting a thorough audit as directed by Congress and the PATRIOT Act reauthorization. The report raises concerns as to the FBI's internal recordkeeping and guidelines for the use of NSLs and terrorism and espionage investigations. It is clear from the report that these deficiencies are the result of the poor implementation and administration of National Security Letter authority. In other words, the problem is enforcement of the law, not the law itself. Timely corrected measures by the FBI and effective oversight by the Justice Department and Congress will ensure proper use of this important law. The Inspector General's report found that the FBI's database for tracking NSLs significantly underestimated the number of NSL requests, resulting in inaccurate reports to Congress on the FBI's use of NSLs. From 2003 to 2005, the FBI issued a total of 143,074 NSLs. This compares to 739 Exigent Letters to three telephone companies issued contrary to national security investigation guidelines. The Exigent Letters represent 1/200th of the National Security Letters issued. Although the use of these unauthorized letters is disconcerting, the FBI discontinued this practice last year. The Inspector General makes two other very important findings. First, there is no evidence that anyone at the FBI intended to violate the law or internal policy. This is a significant finding because it confirms that FBI agents acted in good faith and sought to comply with the law even as they worked under severe time constraints and with an urgent desire to thwart terrorist activities. Second, as detailed by the Inspector General, NSLs are a critical tool in fighting terrorism and in keeping our country safe. The information acquired through NSLs is valuable to international terrorism and espionage investigations and has allowed the FBI and intelligence agencies to identify terrorists and spies, the sources of their financing and their plans to attack or harm our national security. In addition, the FBI shares important information gathered through NSLs with other intelligence agencies, joint terrorism task forces and State and local law enforcement agencies. To do their job, the FBI must be able to collect important information about suspected terrorist and spies while complying with the law and freely share such information with key partners. In response to extensive oversight efforts conducted last Congress, the PATRIOT Reauthorization Act added critical new safeguards. For instance, an NSL recipient can challenge the request in court. Nondisclosure orders require supervisory approval, and the recipient may disclose the NSL to an attorney. I applaud the Administration's response to the Inspector General's report and expect the Administration to follow through on its promise to act quickly to remedy the deficiencies identified by the Inspector General. Mr. Chairman, on September 11, 2001, the United States was attacked. More than 3,000 people lost their lives. Members of Congress overwhelmingly approved important new counterterrorism tools for our Nation's law enforcement personnel and updated existing authorities to meet the terrorist threat. We must continue to demonstrate responsible leadership on the NSLs and other important national security issues. Of course, we need to be vigilant to make sure these problems are fixed, that the Inspector General's recommendations are implemented and that our civil liberties and privacy are protected. Mr. Chairman, I yield back the balance of my time. Mr. Conyers. I thank the gentleman for his statement. I would like now to recognize the Chairman of the Constitution Subcommittee, Jerry Nadler, for 2\1/2\ minutes. Mr. Nadler. I thank the Chairman. I would like to thank Chairman Conyers for holding this important hearing on the FBI abuses of National Security Letters. We are here today in response to the Department of Justice Inspector General report that found widespread abuses of the FBI's authority to issue National Security Letters. An NSL can be issued to a third party such as a health insurance company or an Internet service provider, ordering them to reveal all of their information about you and your transactions, and the third party is prohibited from telling you or anyone else about the order. That is the so-called ``gag order provision'' so you cannot object to an NSL directed at your information in court as you could to a subpoena, because you do not know about it and the third party may have no interest in going to court to protect your rights or your privacy. While last year's reauthorization of the PATRIOT Act did make some changes to the NSL provisions, these changes were essentially meaningless. For example, the court is now authorized to modify and set aside the gag order only if it finds there is no reason to believe that disclosure would endanger national security, diplomatic relations or anyone's life or safety, but the court must accept the Government's assertion of harm as conclusive, so this protection is meaningless. Some of us had predicted that the unrestricted authority of the FBI to issue NSLs would be abused, and unfortunately, our worst fears have now been realized. The IG's NSLs have been used by the FBI to collect and retain private information about American citizens who are not reasonably suspected of being involved in terrorism. During the last Congress, we predicted that unchecked power would lead to rampant abuse. That is why I proposed the Stop Self-Authorized Secret Searches Act 2 years ago. This bill would have restored some pre-PATRIOT Act provisions that an NSL could not be issued unless the FBI made a factual, individualized showing that the records sought pertained to a suspected terrorist or spy. It would have given the recipient of a National Security Letter an opportunity to obtain legal counsel, the right to challenge the letter and the nondisclosure requirement, a real right to challenge it. It would have given notice to the target of the NSL if the Government later seeks to use the records obtained from the NSL against him or her in a subsequent proceeding. It would have given the target an opportunity to receive legal counsel and challenge the use of those records. The bill would also have authorized the FBI to obtain documents that it legitimately needs while protecting the privacy of law-abiding American citizens. The abuses by the DOJ and by the FBI have proven that these legislative fixes are a necessary check on the investigatory power. We do not trust Government always to be run by angels, especially not this Administration. It is not enough to mandate that the FBI fix internal management problems in recordkeeping because the statute itself authorizes the unchecked selection of information on innocent Americans. Congress must act now to fix the statute authorizing the abuses revealed in the IG report and to hold those responsible for these abuses and violations accountable. Thank you. I yield back. Mr. Conyers. Thank you. The Chair recognizes the distinguished gentleman from Arizona, the Ranking minority Member of the Constitution Subcommittee, Trent Franks, for 2\1/2\ minutes. Mr. Franks. Well, thank you, Mr. Chairman. Mr. Chairman, today our task is a vital one, to check and balance our sister branch of Government through oversight and to ensure citizens' rights are being properly safeguarded. Today's subject is somewhat delicate because we must all walk a fine line. In our great and critical responsibility to prevent jihadist attacks upon American citizens, we must also be careful to strike the proper balance between vigilance and fighting the enemy on the one side of the scales and the preservation of citizens' rights on the other. The report of the Inspector General's that we review today is hopeful. We see that, while there are human imperfections in the FBI's operation, there is an overall finding that the FBI is, indeed, carrying out its duties responsibly, there being no evidence of any intentional or deliberate act to violate the law. The NSLs are performing their vital function as a valuable tool in national security investigations. To put today's hearing in perspective, we should keep in mind that the issuance of NSLs under the PATRIOT Act is a relatively new process given that the PATRIOT Act is only a few years old and that this new use of NSLs will necessarily require a careful examination of their best and most appropriate use in this early period. Certainly, we will have to work out the kinks given that we are most likely in the business of fighting terror for a long time to come. While the FBI's practices have had their shortcomings, it appears that these are problems that can be easily resolved, and this is good news. Many of the issues that we must review today are administrative in nature and, to some extent, unavoidable. Government is a human institution, and it is therefore by definition imperfect. Those of us who have run corporations know that a perfect audit is a very rare occurrence, particularly on the first go-around. Most businesses do internal audits, perhaps many, many internal audits, to discover where human judgment has fallen short and where to improve before being audited by an outside source. This is an arduous but necessary task and one that I hope we do well here today and prospectively. The FBI has vowed that it will make all of the adjustments that Mr. Gonzalez and Ms. Caproni have recommended. We look forward to the realization of this goal. With that, I thank the witnesses for joining us today, and we look forward to hearing your testimony. Thank you, Mr. Chairman. Mr. Conyers. Thank you. The Chair recognizes the distinguished gentleman from Virginia, Bobby Scott, Chairman of the Crime Subcommittee, for 2\1/2\ minutes. Mr. Scott. Thank you, Mr. Chairman. Mr. Chairman, we all believe that it is important to be aggressive in fighting terrorism and also aggressive in maintaining privacy and freedoms, and I do not believe we should operate on the premise that we always have to give up freedom in order to obtain security, but for us to provide appropriate oversight we have to have accurate information. Unfortunately, there are indications that we have received clearly inaccurate reports after the significant use of secret, invasive processes that do not appear to be necessary to advance terrorism-related investigations. Whether it is a secret NSA wiretapping in violation of the FISA law or the inappropriate use of the National Security Letters, we are discovering that what is actually occurring is quite different from what we were being told, and we cannot evaluate the ongoing need for NSA letters without accurate information. There is also a clear indication of intentional misuse of the word ``exigent'' letters to telephone companies as emergency information when in fact no emergency existed. Somebody obviously knew that was a problem that would affect reports to Congress and oversight boards, and we need to find out who these people are. With these disturbing indications, Mr. Chairman, I hope the testimony of the witnesses today will reveal who is responsible for these abuses and who should be held accountable for false reports to Congress. Thank you, Mr. Chairman. I yield back. Mr. Conyers. Thank you so much. Another Virginian, the Ranking minority Member of the Crime Subcommittee, Mr. Randy Forbes. Mr. Forbes. Mr. Chairman, I would like to thank you and the Ranking Member, Congressman Smith, for holding this important hearing today, and also for our witnesses for being here. You know, the subject matter of this hearing makes for great theater, but when the show is over we have the task of finding the facts and making sure the proper balance is struck and implemented to protect our citizens. That we will do, and hopefully, we will do it without the negativism and the emotionalism that seems so prevailing in public policy today. Pounding our fists makes great sound bites, but does not stop terrorists or protect the privacy rights of our citizens. It is clear that National Security Letters are important tools in international terrorism and espionage investigations conducted by the FBI. The Inspector General's report, which details the audit of 77 case files in four field offices, shows a disturbing pattern. In 60 percent of those cases, the FBI's files were found to be in violation of the FBI's internal control policies for issuing National Security Letters. While the audit conducted concluded that there was no evidence of any intentional or deliberate act to violate the law, it is also clear that changes need to be made to the FBI's procedures so that they reflect the scope and intent of the law rather than the evolution of general practice. I look forward to hearing from the FBI about what procedures were in place during the time of the Inspector General's audit and how, given the inadequacies identified by the Inspector General, the FBI plans to correct these. Mr. Chairman, I yield back the balance of my time. Mr. Conyers. Thank you. All other opening statements will be included in the record. Mr. Glenn A. Fine, Inspector General at the Department of Justice, a post held since he was confirmed by the Senate on December 15, 2000. Mr. Fine has worked for the Department's Office of Inspector General in a variety of capacities since January 1995. He has had several years in private practice and has also served as an Assistant United States Attorney in Washington, D.C. We are also privileged to have with us the General Counsel of the Federal Bureau of Investigation, Ms. Valerie Caproni, a position she has held since August 2003. Prior to that, Ms. Caproni served as an Assistant United States Attorney in the Eastern District of New York, as a supervisor at the Securities and Exchange Commission and has also worked in private practice. All of your statements will be made a part of the record in their entirety, and we will have a 5-minute time for each of you, and we ask Inspector General Glenn A. Fine to begin our testimony. Welcome to the Committee. TESTIMONY OF GLENN A. FINE, INSPECTOR GENERAL, U.S. DEPARTMENT OF JUSTICE Mr. Fine. Mr. Chairman, Congressman Smith and Members of the Committee on the Judiciary, thank you for inviting me to testify about two reports issued by the Department of Justice Office of the Inspector General regarding the FBI's use of National Security Letters and its use of section 215 orders to obtain business records. The PATRIOT Reauthorization Act required the OIG to examine the FBI's use of these authorities, and on March 9th we issued reports detailing our findings. Today, I will summarize the key findings from our reviews, focusing my comments on the National Security Letter report. Under five statutory provisions, the FBI can use National Security Letters (NSLs), to obtain without review by a court records such as customer information from telephone companies, Internet service providers, financial institutions, and consumer credit companies. Although most of the statutory provisions regarding NSLs existed prior to the enactment of the PATRIOT Act, the Act significantly broadened the FBI's authority to use NSLs in two primary ways. First, it eliminated the requirement that the information sought must pertain to a foreign power or an agent of a foreign power and substituted the standard that the information requested must be relevant to or sought for an investigation to protect against international terrorism or espionage. Second, the PATRIOT Act significantly expanded approval authority for NSLs beyond a limited number of FBI headquarters officials to the heads of all FBI field offices. Our review examined the FBI's use of NSLs from 2003 through 2005. The OIG will conduct another review examining the FBI's use of NSLs in 2006, which we are required to issue by the end of this year. In sum, our review found widespread and serious misuse of the FBI's National Security Letter authorities. In many instances, the FBI's misuse violated NSL statutes, Attorney General guidelines, or the FBI's own internal policies. We also found that the FBI did not provide adequate guidance, adequate controls, or adequate training on the use of these sensitive authorities. Before describing the main findings of our report, however, I believe it is important to provide context for these findings. First, we recognize the significant challenges the FBI was facing during the period covered by our review. After the September 11th terrorist attacks, the FBI implemented major organizational changes while responding to continuing terrorist threats and conducting many counterterrorism investigations, both internationally and domestically. Second, it is also important to recognize that in most but not all of the cases we examined, the FBI was seeking information that it could have obtained properly through National Security Letters if it had followed applicable statutes, guidelines and internal policies. Third, we did not find that the FBI employees sought to intentionally misuse NSLs or sought information that they knew they were not entitled to obtain. Instead, we believe the misuses and the problems we found generally were the product of mistakes, carelessness, confusion, sloppiness, lack of training, lack of adequate guidance, and lack of adequate oversight. I do not believe that any of my observations, however, excuses the FBI's misuse of National Security Letters. When the PATRIOT Act enabled the FBI to obtain sensitive information through NSLs on a much larger scale, the FBI should have established sufficient controls and oversight to ensure the proper use of those authorities. The FBI did not do so. The FBI's failures, in my view, were serious and unacceptable. I would now like to highlight our review's main findings. Our review found that after enactment of the PATRIOT Act the FBI's use of National Security Letters increased dramatically. In 2000, the last full year prior to the passage of the PATRIOT Act, the FBI issued approximately 8,500 NSL requests. After the PATRIOT Act, the number of NSL requests increased to approximately 39,000 in 2003, approximately 56,000 in 2004, and approximately 47,000 in 2005. In total, during the 3-year period, the FBI issued more than 143,000 NSL requests. However, we believe that these numbers, which are based on information from the FBI's database, significantly understate the total number of NSL requests. During our file reviews in four FBI field offices, we found additional NSL requests in the files than were contained in the FBI database. In addition, many NSL requests were not included in the Department's reports to Congress. Our review also attempted to assess the effectiveness of National Security Letters. NSLs have various uses, including to develop links of subjects of FBI investigations and other individuals and to provide leads and evidence to allow FBI agents to initiate or close investigations. Many FBI headquarters and field personnel, from agents in the field to senior officials, told the OIG that NSLs are indispensable investigative tools in counterterrorism and counterintelligence investigations, and they provided us with examples and evidence of the importance to these investigations. The OIG review also examined whether there were any improper or illegal uses of NSL authorities. From 2003 through 2005, the FBI identified 26 possible intelligence violations involving its use of NSLs. We visited four FBI field offices and reviewed a sample of 77 investigative case files and 293 NSLs. We found 22 possible violations that had not been identified or reported by the FBI. We have no reason to believe that the number of violations we identified in the field offices was skewed or disproportionate to the number of violations in other files. This suggests that the large number of NSL-related violations throughout the FBI have not been identified or reported by FBI personnel. In one of the most troubling findings, we determined that the FBI improperly obtained telephone toll billing records and subscriber information from three telephone companies pursuant to over 700 so-called Exigent Letters. These letters generally were signed by personnel in the Communications Analysis Unit (CAU), a unit of the Counterterrorism Division in the FBI Headquarters. The Exigent Letters were based on a form letter used by the FBI's New York Field Division in the criminal investigations related to the September 11th attacks. Our review found that the FBI sometimes used these Exigent Letters in nonemergency circumstances. In addition, the FBI failed to ensure that there were authorized investigations to which the requests could be tied. The Exigent Letters also inaccurately represented that the FBI had already requested subpoenas for the information when in fact it had not. The FBI also failed to ensure that NSLs were issued promptly to telephone companies after the Exigent Letters were sent. Rather, in many instances, after obtaining records from the telephone companies, the FBI issued National Security Letters months after the fact to cover the information obtained. We concluded that the FBI's use of these Exigent Letters inappropriately circumvented the requirements of the NSL statute and violated Attorney General guidelines and FBI policies. In response to our report, we believe that the Department and the FBI are taking our findings seriously. The FBI concurred with all of our recommendations, and the Department's National Security Division will be actively engaged in oversight of the FBI's use of NSLs. In addition, the FBI's Inspection Division has initiated audits of a sample of NSLs issued by each of its 56 field offices. The FBI is also conducting a special investigation on the use of Exigent Letters to determine how and why the problems occurred. The OIG will continue to review the FBI's use of National Security Letters. In addition to issuing a second report on the use of NSLs in 2006, we intend to monitor the actions that the FBI and the Department are taking to address the problems we found in that review. Finally, I want to note that the FBI and the Department cooperated fully with our reviews, agreed to declassify information in the report, and appears to be committed to addressing the problems we identified. We believe that significant efforts are necessary to ensure that the FBI's use of National Security Letters is conducted in full accord with the statutes, Attorney General guidelines, and FBI policy. That concludes my testimony, and I will be pleased to answer any questions. [The prepared statement of Mr. Fine follows:] Prepared Statement of Glenn A. Fine Mr. Chairman, Mr. Smith, and members of the Committee on the Judiciary: Thank you for inviting me to testify about two recent reports issued by the Department of Justice Office of the Inspector General (OIG) regarding the Federal Bureau of Investigation's (FBI) use of national security letters and the FBI's use of Section 215 orders to obtain business records. In the Patriot Reauthorization Act, enacted in 2006, Congress directed the OIG to examine the FBI's use of these two important authorities. The reviews were directed to examine, among other things, the number of times these authorities were used, the importance of the information obtained, how the information was utilized, any improper or illegal uses of these authorities, and other noteworthy facts or circumstances related to their use. On March 9, 2007, we issued separate reports on the FBI's use of national security letters and Section 215 orders. We publicly released two unclassified reports, with only limited information redacted (blacked out) which the Department or the FBI considered to be classified. We also provided to Congress, including this Committee, copies of the full classified reports that contain some additional classified information on the FBI's use of the two authorities. However, the OIG's main findings and conclusions are included in the unclassified versions that were publicly released. In this written statement, I will summarize the key findings from our reports, focusing most of my comments on the national security letters report. I will first provide brief background on national security letters and how we conducted our review. I will then provide a few observations to put our findings in context. Next, I will highlight the main findings of our national security letter report. After that, I will briefly summarize our report on the FBI's use of Section 215 orders to obtain business records. I. THE OIG'S NATIONAL SECURITY LETTER REPORT A. Background on National Security Letters Under five statutory provisions, the FBI can use national security letters (NSLs) to obtain--without a court order or any review by a court--records such as customer information from telephone companies, Internet service providers, financial institutions, and consumer credit companies. Most of these statutory provisions regarding NSLs existed prior to enactment of the USA PATRIOT Act (Patriot Act) in October 2001. Prior to the Patriot Act, the FBI could obtain information using a national security letter only if it had ``specific and articulable facts giving reason to believe that the customer or entity whose records are sought [was] a foreign power or agent of a foreign power.'' In addition, NSLs could only be issued by a limited number of senior FBI Headquarters officials. The Patriot Act significantly broadened the FBI's authority to use NSLs by both lowering the threshold standard for issuing them and by expanding the number of FBI officials who could sign the letters. First, the Patriot Act eliminated the requirement that the information sought must pertain to a foreign power or an agent of a foreign power. Instead, it substituted the lower threshold standard that the information requested must be relevant to or sought for an investigation to protect against international terrorism or espionage. Consequently, the Patriot Act authorized the FBI to issue national security letters to request information about persons other than the subjects of FBI national security investigations, so long as the requested information is relevant to an authorized national security investigation. In addition, the Patriot Act permitted Special Agents in Charge of the FBI's 56 field offices to sign national security letters, which significantly expanded approval authority beyond a limited number of FBI Headquarters officials. Finally, the Patriot Act added a new authority allowing NSLs to be used to obtain consumer full credit reports in international terrorism investigations. B. The OIG Review As directed by the Patriot Reauthorization Act, the OIG's report examined the FBI's use of national security letters during the time period from 2003 through 2005. As required by the Reauthorization Act, the OIG will conduct another review examining the use of NSLs in 2006, which we are required to issue by the end of this year. During our review, a team of OIG staff conducted interviews of over 100 FBI and Department of Justice employees, including personnel at FBI Headquarters, the FBI Office of the General Counsel (OGC), FBI Counterterrorism and Counterintelligence Divisions, FBI personnel in four field divisions, and officials in the Department's Criminal Division. In addition, the OIG reviewed a sample of FBI case files that contained national security letters at four FBI field divisions: Chicago, New York, Philadelphia, and San Francisco. These field divisions were selected from among the eight FBI field divisions that issued the most NSL requests during the review period. During our field work at the four field divisions, we examined a sample of 77 investigative case files that contained 293 national security letters. An investigative case file can contain a large number of documents, and some of the case files we reviewed consisted of the equivalent of 20 or 30 boxes of documents. We used a judgmental sample in selecting which files to review and included in our sample both counterterrorism and counterintelligence cases, cases in which the NSLs were issued during preliminary investigations and full investigations, and opened and closed FBI cases. The OIG also analyzed the FBI OGC's national security letter tracking database, which the FBI uses for collecting information to compile the Department's required reports to Congress on NSL usage. Finally, we distributed an e-mail questionnaire to the counterintelligence and counterterrorism squads in the FBI's 56 field divisions in an effort to determine the types of analytical products the FBI developed based on NSLs, the manner in which NSL-derived information was disseminated, and the occasions when such information was provided to law enforcement authorities for use in criminal proceedings. C. Findings of the OIG Review Our review found widespread and serious misuse of the FBI's national security letter authorities. In many instances, the FBI's misuse of national security letters violated NSL statutes, Attorney General Guidelines, or the FBI's own internal policies. We also found that the FBI did not provide adequate guidance, adequate controls, or adequate training on the use of these sensitive authorities. In many respects, the FBI's oversight of the use of NSL authorities expanded by the Patriot Act was inconsistent and insufficient. 1. Background to OIG Findings However, before detailing the main findings of our report, I believe it is important to provide context for these findings and also to note what our review did not find. First, in evaluating the FBI's misuse of national security letters, it is important to recognize the significant challenges the FBI was facing during the period covered by our review. After the September 11 terrorist attacks, the FBI implemented major organizational changes to prevent additional terrorist attacks in the United States. These changes included overhauling and expanding its counterterrorism operations, expanding its intelligence capabilities, attempting to upgrade its information technology systems, and seeking to improve coordination with state and local law enforcement agencies. These changes occurred while the FBI and its Counterterrorism Division had to respond to continuing terrorist threats and conduct many counterterrorism investigations, both internationally and domestically. Second, it is important to recognize that in most--but not all--of the cases we examined in this review, the FBI was seeking information that it could have obtained properly through national security letters if it had followed applicable statutes, guidelines, and internal policies. Third, national security letters are important tools that can provide critical evidence in counterterrorism and counterintelligence investigations. Many Headquarters and field personnel--from agents to senior officials--believe these tools are indispensable to the FBI's mission to detect and deter terrorism and espionage. Fourth, we did not find that that FBI agents sought to intentionally misuse the national security letters or sought information that they knew they were not entitled to obtain through the letters. Instead, we believe the misuses and the problems we found were the product of mistakes, carelessness, confusion, sloppiness, lack of training, lack of adequate guidance, and lack of adequate oversight. Yet, I do not believe that any of these observations excuse the FBI's widespread and serious misuse of its national security letter authorities. When the Patriot Act enabled the FBI to obtain sensitive information through NSLs on a much larger scale, the FBI should have established sufficient controls and oversight to ensure the proper use of these authorities. The FBI did not do so. The FBI's failures, in my view, were serious and unacceptable. I would now like to highlight our review's main findings, which are detailed in the OIG's 126-page report. 2. OIG Findings Our review found that, after enactment of the Patriot Act, the FBI's use of national security letters increased dramatically. In 2000, the last full year prior to passage of the Patriot Act, the FBI issued approximately 8,500 NSL requests. It is important to note that one national security letter may request information about multiple telephone numbers or e-mail addresses. Because the FBI's semiannual classified reports to Congress provide the number of requests rather than the number of letters, we also focused on the total number of requests. After the Patriot Act, the number of NSL requests issued by the FBI increased to approximately 39,000 in 2003, approximately 56,000 in 2004, and approximately 47,000 in 2005. In total, during the 3-year period covered by our review, the FBI issued more than 143,000 NSL requests. However, we believe that these numbers, which are based on information from the FBI's database, understate the total number of NSL requests issued by the FBI. During our review, we found that the FBI database used to track these requests is inaccurate and does not include all NSL requests. First, when we compared information from the database to the documents contained in investigative case files in the 4 FBI field offices that we visited, we found approximately 17 percent more NSL letters and 22 percent more NSL requests in the case files than we could find in the FBI database. In addition, we determined that many NSL requests were not included in the Department's reports to Congress because of the FBI's delays in entering NSL information into its database. We also found problems and incorrect data entries in the database that caused NSLs to be excluded from the Department's reports to Congress. Therefore, based on shortcomings in the FBI's NSL database and its reporting processes, we concluded that the Department's semiannual classified reports to Congress on NSL usage were inaccurate and significantly understated the total number of NSL requests during the review period. Our report also provides breakdowns on the types of NSLs used by the FBI. We determined that, overall, approximately 73 percent of the total number of NSL requests were used in counterterrorism investigations and 26 percent in counterintelligence cases. In addition, our review found that the percentage of NSL requests that related to investigations of U.S. persons increased from about 39 percent of all NSL requests in 2003 to about 53 percent in 2005. As directed by the Patriot Reauthorization Act, our review attempted to assess the effectiveness of national security letters. NSLs have various uses, including to develop evidence to support applications for orders issued under the Foreign Intelligence Surveillance Act (FISA), develop links between subjects of FBI investigations and other individuals, provide leads and evidence to allow FBI agents to initiate or close investigations, and corroborate information obtained by other investigative methods. FBI personnel told the OIG that NSLs are indispensable investigative tools in many counterterrorism and counterintelligence investigations, and they provided us with examples and evidence of their importance to these investigations. We determined that information obtained from NSLs is also used in FBI analytical intelligence products that are shared within the FBI and with DOJ components, Joint Terrorism Task Forces, other federal agencies, and other members of the intelligence community. In addition, information obtained from NSLs is stored in FBI databases such as its Automated Case Support system and its Investigative Data Warehouse. However, because information is not tagged or identified in FBI files or databases as derived from NSLs, we could not determine the number of times that NSLs were used in such analytical products, shared with other agencies, or used in criminal cases. As also directed by the Patriot Reauthorization Act, the OIG review examined whether there were any ``improper or illegal uses'' of NSL authorities. We found that from 2003 through 2005, the FBI identified 26 possible intelligence violations involving its use of NSLs, 19 of which the FBI reported to the President's Intelligence Oversight Board (IOB). Of the 26 possible violations, 22 were the result of FBI errors, while 4 were caused by mistakes made by recipients of the NSLs. These possible violations included the issuance of NSLs without proper authorization, improper requests under the statutes cited in the NSLs, and unauthorized collection of telephone or Internet e-mail transactional records. For example, in three of these matters the FBI obtained the information without issuing national security letters. One of these three matters involved receipt of information when there was no open national security investigation. In another matter, the FBI issued national security letters seeking consumer full credit reports in a counterintelligence investigation, which the NSL statutes do not permit. In other matters, the NSL recipient provided more information than was requested in the NSL, or provided information on the wrong person, either due to FBI typographical errors or errors by the recipients of NSLs. In addition to the possible violations reported by the FBI, we reviewed FBI case files in four field offices to determine if there were unreported violations of NSL authorities, Attorney General Guidelines, or internal FBI policies governing the approval and use of NSLs. Our review of 293 national security letters in 77 files found 22 possible violations that had not been identified or reported by the FBI. The violations we found fell into three categories: improper authorization for the NSL, improper requests under the pertinent national security letter statutes, and unauthorized collections. Examples of the violations we identified include issuing NSLs for consumer full credit reports in a counterintelligence case, which is not statutorily permitted; issuing an NSL for a consumer full credit report when the FBI Special Agent in Charge had approved an NSL for more limited credit information under a different NSL authority; issuing an NSL when the investigation had lapsed; and obtaining telephone toll billing records for periods in excess of the time period requested in the NSL due to third-party errors. Thus, it is significant that in the limited file review we conducted of 77 investigative files in 4 FBI field offices, we identified nearly as many NSL-related violations (22) as the total number of possible violations that the FBI had identified (26) in reports from all FBI Headquarters and field divisions over the entire 3-year period. Moreover, 17 of the 77 files we reviewed, or 22 percent, had 1 or more violations. We have no reason to believe that the number of violations we identified in the four field offices we visited was skewed or disproportionate to the number of possible violations in other files. This suggests that a large number of NSL-related violations throughout the FBI have not been identified or reported by FBI personnel. Our examination of the violations we identified did not reveal deliberate or intentional violations of the NSL statutes, the Attorney General Guidelines, or FBI policy. We believe that some of these violations demonstrated FBI agents' confusion and unfamiliarity with the constraints on national security letter authorities. We also believe that many of the violations occurred because FBI personnel do not consistently cross check the NSL approval documentation with the proposed NSLs, or verify upon receipt that the information supplied by the recipient matches the request. Other violations demonstrated inadequate supervision over use of these authorities. We examined the FBI investigative files in the four field offices to determine whether FBI case agents and supervisors had adhered to FBI policies designed to ensure appropriate supervisory review of the use of NSL authorities. We found that 60 percent of the investigative files we examined contained one or more violations of FBI internal policies relating to national security letters. These included failures to document supervisory review of NSL approval memoranda and failures to include in NSL approval memoranda required information, such as the authorizing statute, the status of the investigative subject, or the number or types of records requested. In another finding, our review determined that the FBI Headquarters Counterterrorism Division generated over 300 NSLs exclusively from ``control files'' rather than from ``investigative files,'' in violation of FBI policy. When NSLs are issued from control files, the NSL documentation does not indicate whether the NSLs are issued in authorized investigations or whether the information sought in the NSLs is relevant to those investigations. This documentation is necessary to establish compliance with NSL statutes, Attorney General Guidelines, and FBI policies. In addition, we found that the FBI had no policy requiring the retention of signed copies of national security letters. As a result, we were unable to conduct a comprehensive audit of the FBI's compliance with its internal control policies and the statutory certifications required for NSLs. In one of the most troubling findings, we determined that from 2003 through 2005 the FBI improperly obtained telephone toll billing records and subscriber information from 3 telephone companies pursuant to over 700 so-called ``exigent letters.'' These letters generally were signed by personnel in the Communications Analysis Unit (CAU), a unit of the Counterterrorism Division in FBI Headquarters, and were based on a form letter used by the FBI's New York Field Division in the criminal investigations related to the September 11 attacks. The exigent letters signed by the CAU typically stated: Due to exigent circumstances, it is requested that records for the attached list of telephone numbers be provided. Subpoenas requesting this information have been submitted to the U.S. Attorney's Office who will process and serve them formally to [information redacted] as expeditiously as possible. These letters were signed by CAU Unit Chiefs, CAU special agents, and subordinate personnel, none of whom were delegated authority to sign NSLs. Our review found that that the FBI sometimes used these exigent letters in non-emergency circumstances. In addition, the FBI failed to ensure that there were duly authorized investigations to which the requests could be tied. The exigent letters also inaccurately represented that the FBI had already requested subpoenas for the information when, in fact, it had not. The FBI also failed to ensure that NSLs were issued promptly to the telephone companies after the exigent letters were sent. Rather, in many instances, after obtaining records from the telephone companies the FBI issued national security letters many months after the fact to ``cover'' the information obtained. As our report describes, we were not convinced by the legal justifications offered by the FBI during our review for the FBI's acquisition of telephone toll billing records and subscriber information in response to the exigent letters without first issuing NSLs. The first justification offered was the need to reconcile the strict requirements of the NSL statute with the FBI's mission to prevent terrorist attacks. While the FBI's counterterrorism mission may require streamlined procedures to ensure the timely receipt of information in genuine emergencies, the FBI needs to address the problem by expediting the issuance of national security letters or by seeking legislative modification to the voluntary emergency disclosure provision in the Electronic Communications Privacy Act (ECPA), not through these exigent letters. Moreover, the FBI's justification for the exigent letters was undercut because they were used in non- emergency circumstances, not followed in many instances within a reasonable time by the issuance of NSLs, and not catalogued in a fashion that would enable FBI managers or anyone else to review the practice or the predication required by the NSL statute. In sum, we concluded that the FBI's use of these letters inappropriately circumvented the requirements of the NSL statute, and violated Attorney General Guidelines and FBI policies. As directed by the Patriot Reauthorization Act, our report also describes several other ``noteworthy facts or circumstances'' we identified in the review. For example, we found that the FBI did not provide clear guidance describing how FBI case agents and supervisors should apply the Attorney General Guidelines' requirement to use the ``least intrusive collection techniques feasible'' during national security investigations to the use and sequencing of national security letters. In addition, we saw indications that some FBI lawyers in field offices were reluctant to provide an independent review of NSL requests because these lawyers report to senior field office managers who already had approved the underlying investigations. D. Recommendations To help the FBI address these significant findings, the OIG made a series of recommendations, including that the FBI improve its database to ensure that it captures timely, complete, and accurate data on NSLs; that the FBI take steps to ensure that it uses NSLs in full accord with the requirements of national security letter authorities; and that the FBI issue additional guidance to field offices that will assist in identifying possible violations arising from use of NSLs. The FBI concurred with all of the recommendations and agreed to implement corrective action. We believe that the Department and the FBI are taking the findings of the report seriously. In addition to concurring with all our recommendations, the FBI and the Department have informed us that they are taking additional steps to address the problems detailed in the report. For example, the FBI's Inspection Division has initiated audits of a sample of NSLs issued by each of its 56 field offices. It is also conducting a special inspection of the exigent letters sent by the Counterterrorism Division to three telephone companies to determine how and why that occurred. The FBI's Office of the General Counsel is also consolidating its guidance on NSLs, providing additional guidance and training to its field-based Chief Division Counsel on their role in approving NSLs, and working to develop a new web-based NSL tracking database. In addition to the FBI's efforts, we have been told that the Department's National Security Division will be actively engaged in oversight of the FBI's use of NSL authorities. As required by the Patriot Reauthorization Act, the OIG will continue to review the FBI's use of national security letters. We are required by the Act to issue another report by the end of this year on the FBI's use of NSLs in 2006. In addition, we intend to monitor the actions that the FBI and the Department have taken and are taking to address the problems we found in our first review. II. THE OIG'S SECTION 215 REPORT In the last section of my statement, I want to summarize briefly the OIG's second report, which examined the FBI's use of Section 215 orders to obtain business records. Section 215 of the Patriot Act allows the FBI to seek an order from the FISA Court to obtain ``any tangible thing,'' including books, records, and other items, from any business, organization, or entity provided the item or items are for an authorized investigation to protect against international terrorism or clandestine intelligence activities. Section 215 of the Patriot Act did not create new investigative authority, but instead significantly expanded existing authority found in FISA by broadening the types of records that could be obtained and by lowering the evidentiary threshold to obtain a Section 215 order for business records. Public concerns about the scope of this expanded Section 215 authority centered on the ability of the FBI to obtain library records, and many public commentators began to refer to Section 215 as the ``library provision.'' Our review found that the FBI and the Department's Office of Intelligence Policy and Review (OIPR) submitted to the FISA Court two different kinds of applications for Section 215 orders: ``pure'' Section 215 applications and ``combination'' Section 215 applications. A ``pure'' Section 215 application is a term used to refer to a Section 215 application for any tangible item which is not associated with an application for any other FISA authority. A ``combination'' Section 215 application is a term used to refer to a Section 215 request that was added to a FISA application for pen register/trap and trace orders, which identify incoming and outgoing telephone numbers called on a particular line. In a combination order, the Section 215 request was added to the pen register/trap and trace application in order to obtain subscriber information related to the telephone numbers. We found that from 2002 through 2005 the Department, on behalf of the FBI, submitted to the FISA Court a total of 21 pure Section 215 applications and 141 combination Section 215 applications. We found that the first pure Section 215 order was approved by the FISA Court in spring 2004, more than 2 years after enactment of the Patriot Act. The FISA Court approved six more pure Section 215 applications that year, for a total of seven in 2004. The FISA Court approved 14 pure Section 215 applications in 2005. Examples of the types of business records that were obtained through pure Section 215 orders include driver's license records, public accommodations records, apartment records, and credit card records. We also determined that the FBI did not obtain Section 215 orders for any library records from 2002 through 2005 (the time period covered by our review). The few applications for Section 215 orders for library records that were initiated in the FBI during this period were withdrawn while undergoing the review process within the FBI and the Department. None were submitted to the FISA Court. With respect to how information from Section 215 orders was used, we found no instance where the information obtained from a Section 215 order resulted in a major case development such as disruption of a terrorist plot. We also found that very little of the information obtained in response to Section 215 orders has been disseminated to intelligence agencies outside the DOJ. However, FBI personnel told us they believe that the kind of intelligence gathered from Section 215 orders is essential to national security investigations. They also stated that the importance of the information is sometimes not known until much later in an investigation, when the information is linked to some other piece of intelligence. FBI officials and Department attorneys also stated that they believe Section 215 authority is useful because it is the only compulsory process for certain kinds of records that cannot be obtained through alternative means. We did not identify any instances involving ``improper or illegal use'' of a pure Section 215 order. We did find problems with two combination Section 215 orders. In one instance, the FBI inadvertently collected information from a telephone number that no longer belonged to the target of the investigation. In another instance, the FBI received information from a telephone that was no longer connected to the subject because of a mistake by the telephone company. We also found that the FBI has not used Section 215 orders as effectively as it could have because of legal, bureaucratic, or other impediments to obtaining these orders. For example, after passage of the Patriot Act in October 2001, neither the Department nor the FBI issued implementing procedures or guidance with respect to the expansion of Section 215 authority for a long period of time. In addition, we found significant delays within the FBI and the Department in processing requests for Section 215 orders. We also determined through our interviews that FBI field offices do not fully understand Section 215 orders or the process for obtaining them. III. CONCLUSION In sum, our review of national security letters revealed that, in various ways, the FBI violated the national security letter statutes, Attorney General Guidelines, or FBI internal policies governing their use. While we did not find that the violations were deliberate, we believe the misuses were widespread and serious. Finally, I also want to note that the FBI and the Department cooperated fully with our review. In addition, the FBI and the Department agreed to declassify important aspects of the report to permit a full and fair airing of the issues we describe in the report. They have also acknowledged the problems we found and have not attempted to cover up the deficiencies. The FBI and the Department also appear to be taking the findings of the report seriously, and appear committed to correcting the problems we identified. We believe that these serious and ongoing efforts are necessary to ensure that the FBI's use of national security letter authorities to obtain sensitive information is conducted in full accord with the NSL statutes, Attorney General Guidelines, and FBI policies. That concludes my testimony, and I would be pleased to answer any questions. ATTACHMENT
Mr. Conyers. Thank you, Attorney General. Will the person in the back row, standing up, please sit down or leave this Committee room? I am now pleased to welcome the General Counsel for the Federal Bureau of Investigation, Ms. Valerie Caproni. Welcome to our Committee. TESTIMONY OF VALERIE CAPRONI, GENERAL COUNSEL, FEDERAL BUREAU OF INVESTIGATION Ms. Caproni. Thank you. Good morning. Mr. Chairman, Ranking Member Smith and Members of the Committee, it is my pleasure to appear before you today to discuss the recent report by the Department of Justice Office of Inspector General regarding the FBI's use of National Security Letters. I have submitted a detailed written statement, and in the interest of time, I will stress only a few points. The IG's report is a fair report that acknowledges the importance of National Security Letters to the ability of the FBI to keep the country safe and the difficult environment in which our employees have been working since 9/11. The IG found no deliberate or intentional misuse of the National Security Letter authorities, AG guidelines or FBI policy. Nevertheless, the IG review identified several areas of inadequate auditing and oversight of these vital investigative tools as well as processes that were simply inappropriate. The FBI fully supports each of the IG's recommendations and have implemented other remedial steps not proposed by the IG. Collectively, these reforms will ensure full compliance with both the letter and the spirit of the law. NSLs generally permit us to obtain the basic building blocks of an investigation from third party businesses. Unlike grand jury subpoenas used in criminal cases, however, National Security Letter authority comes from several distinct statutes, and they have very specific rules that accompany them. The NSL authority used most frequently by the FBI is that provided by the Electronic Communications Privacy Act, or ECPA. Through an ECPA NSL, the FBI can obtain subscriber information for telephone and electronic communications and can obtain toll billing information and electronic communication transaction records. Significantly, the FBI cannot obtain the content of communications through an ECPA NSL. That requires a court order. ECPA NSLs are, by far, the most common NSL that we use. Pursuant to the Right to Financial Privacy Act and the Fair Credit Reporting Act, we also have the authority to issue different types of National Security Letters. The authority to issue an NSL lies at a senior level within the FBI. It can only be issued by an official who ranks not lower than Special Agent in Charge or Deputy Assistant Director. All such officials are career Government employees, and before an NSL can be issued such employees must certify that the information sought is relevant to an authorized national security investigation. As directed by Congress in connection with the IG's report, we endeavor to declassify as much information as possible in order to maximize the transparency of our use of this important national security tool. To that end, for the first time the public has a real sense of the frequency with which the FBI uses National Security Letters. In the period covered by the report, the number of NSL requests--that is, not letters. Remember that one letter can have multiple requests--has ranged from approximately 40,000 to 60,000 per year, and we have requested information on fewer than 20,000 persons per year. For a variety of reasons that will be discussed below, those numbers are not exact. Nevertheless, for the first time, the public can get a sense of the order of magnitude of these requests. There are three findings by the IG that were particularly disturbing to me, and it is those three findings that I wish to address at some length this morning: First, inaccurate reporting to Congress, second, the use of so-called Exigent Letters and, third, violations of law and policy with respect to the usage of NSLs. I am particularly distressed by the fact that the IG found significant inaccuracies in the numbers that we report to Congress. The responsibility to gather the data for congressional reporting lies with my division, and we did not do an acceptable job. The processes we put in place for tabulating NSLs were inadequate, and we had no auditing process in place to catch errors. Although we realized we had a problem prior to the IG's report and were working on a technological solution, that realization came later than it should have, and for that I bear responsibility. At some point several years before I arrived at the FBI, our process for congressional reporting shifted from a totally manual process to a stand-alone database. While the OGC database was a giant technological step forward from 3x5 index cards, it quickly became an unacceptable system given the increase in our use of National Security Letters since 9/11. The OGC database is not electronically connected to ACS, the system from which we derive the data. Instead, there is a manual interface between ACS and the database. An OGC employee is responsible for taking every NSL lead that is sent to OGC and manually entering the information into our database. Nearly a dozen fields must be manually entered, including the file number of the case in which the NSL was issued, which is typically at least 15 digits and letters. Needless to say, human error creeps in. Approximately a year ago when we were unable to tick and tie numbers in the database to previously reported numbers, we recognized that our technology was woefully inadequate. We began at that point to develop an automated system to improve our ability to collect this data. That system, in addition to improving data collection, will automatically prevent many of the errors in NSLs that we will discuss today by automating much of the work associated with preparing NSLs. The system will also allow us to automatically ensure that required reporting data is accurately collected. The NSL system is being designed so that the FBI employee requesting an NSL will enter data only once. For example, an agent or an analyst who wishes to get telephone toll billing records will only have to tell the system that he is seeking an ECPA NSL for toll records and type the telephone number once. The system will then automatically populate the appropriate fields in the NSL in the authorizing electronic communication. The system will ensure that the two documents match exactly, and it will minimize the opportunity for transcription errors that gave rise to unauthorized collections. Agents and analysts will still be required to provide the narrative necessary to explain why the NSL is being sought, the factual basis for making the determination that the information is relevant to an appropriately predicated national security investigation and the factual basis for any determination that the NSL should include a nondisclosure provision. We are optimistic that we will be able to pilot the system this summer and roll it out to all of the field offices by the end of the year. At that point, I will be much more confident that in the future the data we provide to Congress is as accurate as humanly possible. In the meantime, we are taking several steps to correct the numbers we have previously reported. We have discussed our methodology with the IG, and we will offer him the opportunity to review our work. We are striving to have the corrected reports to Congress as soon as possible. The next significant finding of the IG I would like to discuss this morning involves the use within one unit at headquarters of so-called Exigent Letters. These letters, which numbered in excess of 700, were provided to telephone companies with requests for toll billing information. All of the letters stated that there were exigent circumstances, and many stated the Federal grand jury subpoenas had been requested for the records even though in fact no such requests for grand jury subpoenas had been made. From an audit and an internal control perspective, the FBI did not document the nature of the emergency circumstances, did not keep copies of all of the Exigent Letters it provided to the telephone companies and did not keep records to track whether it had subsequently provided further legal process. Moreover, some employees told the IG that there was not always an emergency relating to the documents that were sought. OGC has been working with the affected unit to attempt to reconcile the documentation and to ensure that any telephone record that we have in an FBI database was obtained because it was relevant to an authorized investigation and that the appropriate legal process has now been provided. If we are unable to determine the investigation to which a number relates, it will be removed from our database, and the records will be destroyed. The IG rightfully objected to the FBI's obtaining telephone records with a letter that stated that a Federal grand jury subpoena had been requested when that was untrue. It is unclear why that happened. The Director has ordered a special inspection in order to better understand the full scope of internal control failures and to make sure that, in fact, every record obtained pursuant to a so-called Exigent Letter has been appropriately connected to a national security investigation. That review will also determine whether the practice discussed by the IG existed anywhere other than in the headquarters unit identified in the report. In response to the obvious internal control lapses this situation highlights, changes have already been made to ensure that this situation does not recur. Any agent who needs to obtain ECPA-protected records on an emergency basis must do so pursuant to 18 USC, section 2702. Section 2702 permits a carrier to provide information regarding its customers to the Government if the provider believes in good faith that there is a life or death type emergency that requires disclosure of the records. By FBI policy, a request for disclosure pursuant to that provision generally must be in writing and must clearly state that the disclosure without legal process is at the provider's option. The emergency must also be documented to our files so that the use of the letter can be audited. The policy allows for oral requests, but any oral requests have to be approved and documented to the file. The IG also examined the misuse of NSLs that had been reported and some that had not as part of the IOB process. As this Committee knows, pursuant to executive order, the President has an Intelligence Oversight Board that receives from the intelligence community the reports of intelligence activities that the agency believes may have been unlawful or contrary to executive order or presidential directive. The IG found that from 2003 to 2005 the FBI had self- reported 26 potential violations involving NSL authorities. The IG also found, however, a number of potential IOBs in the files it examined that had not been reported to OGC for adjudication. Although press accounts of this report have implied that the IG found massive abuses of the NSL authorities, a careful read of the report does not bear out the headlines. The IG examined 293 NSLs, a reasonably small, non-random sample. We do not suggest that the sample was not a fair sample but only point out that it is questionable from a statistical standpoint to attempt to extrapolate from a very small sample to an entire population. Of the 293 NSLs the IG examined, 22 were judged to have a potential unreported violation associated with them. Of that 7 percent, 10, or almost 50 percent of that group, were third party errors. That is, the NSL recipient provided the FBI with information that we did not seek. Only 12 of the NSLs examined, or 4 percent of the total group, had mistakes that the IG rightfully attributes to the FBI. Examining the 12 potential errors that were attributable to the FBI reveals a continuum of seriousness relative to the potential impact of individual rights. Four of them, or just over 1 percent of the sample, were unquestionably serious violations. Specifically, two of the violations involved obtaining full credit reports and counterintelligence investigations, which is not statutorily authorized. One involved issuing a National Security Letter when the authorization for the investigation to which it related had lapsed, and one involved issuing an NSL for information that was arguably content and, therefore, not available pursuant to NSL. The remaining eight potential errors involved lack of attention to detail and did not involve the FBI's seeking or obtaining any information to which it was not entitled. We do not excuse lack of attention to detail, and I have admonished the lawyers in the field who review NSLs that they must be careful so that they can avoid this sort of error, but we do believe that such mistakes pose different challenges and risks than seeking information to which you are not entitled. In short, approximately 1 percent of the NSLs examined by the IG had significant errors that were attributable to FBI actions and that had not been but should have been reported as potential IOB violations. A 1-percent error rate is not acceptable, and we have taken steps to reduce it. Those steps are discussed at length in my written testimony, and I will not repeat them here. But among the steps I do want to mention is that the Director has ordered a special inspection of all field offices' use of National Security Letters, an inspection that began on Friday. We offer to fully brief the Committee on the results of that inspection when it is complete. Several of the actions we are taking involve changes to FBI rules and policy. Rules will, of course, only eliminate errors if they are followed. The IG's report has painfully demonstrated for us that, while we are good at establishing policy and setting rules, we are not as good as we must be at establishing internal controls and auditing functions to make sure that the rules are followed. The full parameters of an FBI compliance program have not been set, and the inspection that is currently underway will clearly influence the parameters of the program. In short order, however, the FBI will establish a vigorous, multidisciplinary compliance program that assures as well as any compliance program can that our employees faithfully adhere to all of our rules and policies, particularly those that are designed to protect privacy and civil liberties. The FBI is acutely aware that the only way we can achieve our mission of keeping the country safe is if we are trusted by all segments of the American public. With events like the London terror attack of 2 years ago, we are all worried about the risk of a catastrophic attack from homegrown terrorists. Our single best defense against such an attack is the eyes and ears of all Americans, but particularly in those segments of the population in which the risk of radicalization is at its highest. We need people in those communities to call us when they hear or see something that looks amiss. We know that we reduce the probability of that call immeasurably if we lose the confidence of any part of the American public. Mr. Conyers. Counsel, can you wind down at this point? Ms. Caproni. Yes, sir. We will put into place a compliance program to maximize the probability that we do not lose the confidence of the American public by dint of the sort of errors highlighted in this report. I appreciate the opportunity to appear before the Committee and look forward to answering your questions. Thank you. [The prepared statement of Ms. Caproni follows:] Prepared Statement of Valerie Caproni Good morning Mr. Chairman, Ranking Member Smith, and Members of the Committee. It is my pleasure to appear before you today to discuss the recent report by Department of Justice's Office of the Inspector General (OIG) regarding the FBI's use of national security letters (NSLs). The OIG's report is a fair report that acknowledges the importance of NSLs to the ability of the FBI to conduct the national security investigations that are essential to keeping the country safe. Importantly, the OIG found no deliberate or intentional misuse of the national security letter authorities, Attorney General Guidelines or FBI policy. Nevertheless, the OIG review identified several areas of inadequate auditing and oversight of these vital investigative tools, as well as processes that were inappropriate. Although not intentionally, we fell short in our obligations to report to Congress on the frequency with which we use this tool and in the internal controls we put into place to make sure that it was used only in accord with the letter of the law. Director Mueller concluded from the OIG's findings that we must redouble our efforts to ensure that there is no repetition of the mistakes of the past in the use of these authorities and I share his commitment. I would also like to acknowledge the role of Congress and the effectiveness of congressional oversight in surfacing the deficiencies raised in this audit, which was called for in the USA PATRIOT Improvement and Reauthorization Act. The report made ten recommendations in response to the findings, designed to provide both the necessary controls over the issuance of NSLs and the creation and maintenance of accurate records. The FBI fully supports each recommendation and concurs with the Inspector General that, when implemented, these reforms will ensure full compliance with both the letter and the spirit of the authorities entrusted to the Bureau. NATIONAL SECURITY LETTERS National Security Letters generally permit us to obtain the same sort of documents from third party businesses that prosecutors and agents obtain in criminal investigations with grand jury subpoenas. Unlike grand jury subpoenas, however, NSL authority comes through several distinct statutes and they have specific rules that accompany them. NSLs have been instrumental in breaking up cells like the ``Portland Seven,'' the ``Lackawanna Six,'' and the ``Northern Virginia Jihad.'' Through the use of NSLs, the FBI has traced sources of terrorist funding, established telephone linkages that resulted in further investigation and arrests, and arrested suspicious associates with deadly weapons and explosives. NSLs allow the FBI to link terrorists together financially, and pinpoint cells and operatives by following the money. The NSL authority used most frequently by the FBI is that provided by the Electronic Communications Privacy Act (ECPA). Through an ECPA NSL, the FBI can obtain subscriber information for telephones and electronic communications and can obtain toll billing information and electronic communication transaction records. Significantly, the FBI cannot obtain the content of communications through an ECPA NSL. Although the exact numbers of ECPA NSLs remains classified, it is the most common NSL authority used. Pursuant to the Right to Financial Privacy Act (RFPA), the FBI also has the authority to issue NSLs for financial records from a financial institution. RFPA NSLs are used commonly in connection with investigations of potential terror financing. Pursuant to the Fair Credit Reporting Act, the FBI has the authority to issue three different, but related, types of NSLs to credit reporting agencies: an NSL pursuant to 15 U.S.C. 1681u(a) for the names of financial institutions with which the subject has or has had an account; an NSL pursuant to 15 U.S.C. 1681u(b) for consumer identifying information (name, address, former addresses, employment and former employment); an NSL pursuant to 15 U.S.C. 1681v for a full credit report. Of all the FBI's NSL authorities, only the last of the FCRA authorities is restricted to use only in international terrorism cases. Finally, the FBI has the authority to issue NSLs pursuant to the National Security Act in the course of investigations of improper disclosure of classified information by government employees. For the first 3 types of NSLs (ECPA, RFPA, FCRA) the NSL must include a certification by an authorized FBI employee that the material is being sought for an authorized national security investigation. That certification is slightly different in the case of a FCRA NSL for a full credit report, where the certification required is that the information is relevant to an international terrorism investigation. The authority to issue an NSL lies at a senior level within the FBI. An NSL can be issued only by an official who ranks not lower than Special Agent in Charge or Deputy Assistant Director. All such officials are career government employees who are members of the Senior Executive Service. Procedurally, an agent or analyst seeking an NSL must prepare a document (an electronic communication or EC) in which the employee lays out the factual predicate for the request. The factual recitation must be sufficiently detailed so that the approving official can determine that the material sought is relevant to an investigation. Additionally, it needs to provide sufficient information concerning the underlying investigation so that reviewing officials can confirm that the investigation is adequately predicated and not based solely on the exercise of First Amendment rights. Finally, the EC includes a ``lead'' to the Office of the General Counsel (OGC) for purposes of Congressional reporting. OIG REPORT As directed by Congress, we endeavored to declassify as much information as possible concerning our use of NSLs in order to allow the maximum amount of public awareness of the extent of our use of the NSL tool consistent with national security concerns. To that end, for the first time the public has a sense of the frequency with which the FBI makes requests for data with national security letters. In the period covered by the report, the number of NSL requests has ranged from approximately 40,000 to 60,000 per year and we have requested information on less than 20,000 persons per year. For a variety of reasons that will be discussed below, those numbers are not exact. Nevertheless, they, for the first time, allow the public to get some sense of the order of magnitude of these requests; there are a substantial number of requests, but we are not collecting information on hundreds of thousands of Americans. There are three findings by the OIG that are particularly disturbing, and it is those three findings that I wish to address this morning: (1) inaccurate reporting to Congress of various data points we are obligated to report relative to NSLs; (2) the use of so-called exigent letters that circumvented the procedures required by ECPA; and (3) known violations (both previously self-reported by FBI and not previously reported) of law and policy with regard to usage of NSLs. CONGRESSIONAL REPORTING A finding of the report that particularly distresses me is the section that addresses the inaccuracies of the numbers we report to Congress. That responsibility lies with my division, and we did not do an acceptable job. The process for tabulating NSLs simply did not keep up with the volume. Although we came to that realization prior to the OIG report and are working on a technological solution, that realization came later than it should have. At some point several years before my tenure at the FBI began, our process for tracking NSLs for Congressional reporting purposes shifted from a totally manual process, where NSL data was written on index cards, to a standalone Access database. This database is referred to in the OIG report as the OGC database. While the OGC database was a giant technological step forward from 3 x 5 index cards, it is not an acceptable system given the significant increase in use of NSLs since 9/11. First and foremost, the OGC database is not electronically connected to ACS, the system from which we derive the data. Instead, there is a manual interface between ACS and the OGC database. An OGC employee is responsible for taking every NSL lead that is sent to OGC and manually entering the pertinent information into the OGC database. Nearly a dozen fields must be manually entered, including the file number of the case in which the NSL was issued (typically 15 digits and alphanumeric identifiers). Approximately a year ago we recognized that our technology was inadequate and began developing an automated system to improve our ability to collect this data. The system, in addition to improving data collection, will automatically prevent many of the errors in NSLs that we will discuss today. We are building an NSL system to function as a workflow tool that will automate much of the work that is associated with preparing NSLs and the associated paperwork. The NSL system is designed to require the user to enter certain data before the workflow can proceed and requires specific reviews and approvals before the request for the NSL can proceed. Through this process, the FBI can automatically ensure that certain legal and administrative requirements are met and that required reporting data is accurately collected. For example, by requiring the user to identify the investigative file from which the NSL is to be issued, the system will be able to verify the status of that file to ensure that it is still open and current (e.g. request date is within six months of the opening or an extension has been filed for the investigation) and ensure that NSLs are not being requested out of control or administrative files. The system will require the user to separately identify the target of the investigative file and the person whose records are being obtained through the requested NSL, if different. This will allow the FBI to accurately count the number of different persons about whom we gather data through NSLs. The system will also require that specific data elements be entered before the process can continue, such as requiring that the target's status as a United States Person or non-United States Person be entered. The system will not permit requests containing logically inconsistent answers to proceed. The NSL system is being designed so that the FBI employee requesting an NSL will enter data only once. For example, an agent or analyst who wishes to get telephone toll billing records will only have to prompt the system that he is seeking an ECPA NSL for toll records and type the telephone number once. The system will then automatically populate the appropriate fields in the NSL and the authorizing EC. The system will then generate both the NSL and the authorizing EC for signature, thereby ensuring that the two documents match exactly and minimizing the opportunity for transcription errors that give rise to unauthorized collections that must be reported to the Intelligence Oversight Board (IOB). Agents and analysts will still be required to provide the narrative necessary to explain why the NSL is being sought, the factual basis for making a determination that the information is relevant to an appropriately predicated national security investigation, and the factual basis for a determination whether the NSL should include a non-disclosure provision. In addition, this system will have a comprehensive reporting capability. We began working with developers on the NSL system in February 2006 and we are optimistic that we will be able to pilot it this summer and roll it out to all field offices by the end of the year. At that point, I will be confident the data we provide to Congress in future reports is as accurate as humanly possible. In the meantime, we are taking several steps to correct the numbers we have previously reported. First, we are making data corrections in our database. Through a computer program, we have identified all entries that must be erroneous because there is an apparent error in the entry (e.g., there are more NSLs reported than requests; the date shows a year that is impossible (203)). We are manually reviewing those entries and making corrections. We have also started a random sampling of ten percent of the total entries in the OGC database which contains approximately 64,000 entries. Those entries will be manually checked against ACS. We will determine whether there is a significant difference between the entries in our database and the actual information in ACS. To the extent there is a difference, that will be the factor that will be used to correct our prior reporting. While not yielding an exact count, we believe that to be a statistically appropriate way of correcting prior reporting. We have discussed this methodology with the OIG and will offer it the opportunity to review our work. We are striving to have corrected reports to Congress as soon as possible. As with the other shortcomings identified by the OIG, there was no finding of an intent to deceive Congress concerning our use of NSLs. In fact, as noted, we identified deficiencies in our system for generating data prior to the initiation of the OIG's review and flagged the issue for Congress almost one year ago. While we do not know the extent of the inaccuracies in past reporting, we are confident that the numbers will not change by an order of magnitude. EXIGENT LETTERS The next significant finding of the OIG involved the use within one unit at Headquarters of so-called ``exigent letters.'' These letters, which numbered in excess of 700, were provided to telephone companies with requests for toll billing information regarding telephone numbers. All of the letters stated that there were exigent circumstances. Many of the letters stated that federal grand jury subpoenas had been requested for the records even though in fact no such request for grand jury subpoenas had been made, while others promised future national security letters. From an audit and internal control perspective, the FBI did not document the nature of the emergency circumstances that led it to ask for toll records in advance of proper legal process, did not keep copies of all of the exigent letters it provided to the telephone companies, and did not keep records showing that it had subsequently provided either the legal process promised or any other legal process. Further, based on interviews the OIG conducted, some employees indicated that there was not always any emergency relating to the documents that were sought. OGC has been working with the affected unit to attempt to reconcile the documentation and to ensure that any telephone record we have in an FBI database was obtained because it was relevant to an authorized investigation and that appropriate legal process has now been provided. As of late last week, there were still a small handful of telephone numbers that had not been satisfactorily tied to an authorized investigation. If we are unable to determine the investigation to which those telephone numbers relate, they will be removed from our database and destroyed. The OIG rightfully objected to the FBI obtaining telephone records by providing a telephone carrier with a letter that states that a federal grand jury subpoena had been requested when that was untrue. It is unclear at this point why that happened. The Director has ordered a special inspection in order to better understand the full scope of internal control lapses. We also concur with the OIG that it is inappropriate to obtain records on the basis of a purported emergency if, in fact, there is no emergency. We continue to believe, however, that providers had the right to rely on our representation that there was an emergency and that the ``exigent letters''--had they been issued only when there was an exigent circumstance and had they correctly identified the legal process that would follow--would have been an appropriate tool to use. In response to the obvious internal control lapses this situation highlights, changes have already been made to ensure that this situation does not recur. Any agent who needs to obtain ECPA-protected records on an emergency basis must now do so pursuant to 18 U.S.C. 2702. Section 2702(c)(4) permits a carrier to provide information regarding its customers to the government if the provider in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of information relating to the emergency. A request for disclosure pursuant to that statute generally must be in writing and must clearly state that the disclosure without legal process is at the provider's option. The letter request must also set out the basic facts of the emergency so that the provider can make some assessment whether it concurs that there is an emergency. INTELLIGENCE OVERSIGHT BOARD PROCESS The OIG also examined misuse of NSLs that had been reported (and some that had not been reported) as part of the IOB process. As this committee knows, pursuant to Executive Order 12863 the President has an Intelligence Oversight Board that receives from the agencies in the intelligence community reports of intelligence activities that the agency believes may have been unlawful or contrary to Executive Order or Presidential Directive. This language is interpreted by the FBI and DOJ to mandate the reporting of any violation of a provision of the Attorney General's Guidelines for FBI National Security Investigations and Foreign Intelligence Collection if such provision is designed to ensure the protection of individual rights. The FBI requires its employees to report any violations of law or policy about which they are aware. We encourage employees to err on the side of reporting so that we can be sure that all violations are appropriately reported. In terms of process, all potential violations (called PIOBs--or potential intelligence oversight board violations) are reported to OGC. Lawyers within OGC are responsible for ``adjudicating'' the violation--that is, determining whether the PIOB is an actual Intelligence Oversight Board violation. If it is, a report is made to the IOB, a copy is provided to DOJ and a copy is provided to the FBI's Inspection Division. If the violation involved intentional misconduct, the Inspection Division will determine whether the matter should be referred to the Office of Professional Responsibility for discipline. The OIG found that from 2003 through 2005, the FBI had self- reported 26 potential violations involving NSL authorities. Of the 26, OGC adjudicated 19 to be violations and reported them. The OIG agreed with each of those determinations. Of the 7 PIOBs that OGC determined were not violations, the OIG agreed with all but one. As to the one determination about which we disagreed, upon re-review, the FBI concurred with the OIG that it was a violation that should have been reported and it has since been reported to the IOB. These 20 violations included: third party errors (4), NSLs issued when the authority for the investigation had lapsed (3), obtaining ECPA-protected records without any legal process (3) and obtaining a full credit report in a counterintelligence case (1). The OIG also found, however, a number of potential IOBs in the files it examined that had not been reported to OGC for adjudication. Although press accounts of the reports have implied that the OIG found massive abuses of the NSL authorities by the FBI, a careful read of the report reflects a different set of facts. The OIG examined 293 NSLs--a reasonably small sample. The sample was a judgmental sample and the size was chosen because the audit was extremely labor intensive. We do not suggest that the sample was not a fair sample (although it was not random), but only that it is questionable from a statistical standpoint to attempt to extrapolate from a very small sample to an entire population. Moreover, there was wide variation in the number of purported unreported violations from different field offices. The OIG found 8 potential violations that were unreported in files in both the Philadelphia and Chicago field offices, but only 2 unreported potential violations from files in New York and 4 from San Francisco. We are doing additional follow-up work, but the wide variance between field offices may be a function of the very small sample, or it may indicate that the percentages of potential errors detected are not constant across all field offices. Setting aside questions about whether the sample is representative, I urge you to look closely at the numbers before arriving at the conclusion that there is a systemic problem concerning the use of NSLs. Of the 293 NSLs the OIG examined, 22 (7%) were judged to have potential unreported IOB violations associated with them. Moreover, of that 7%, 10--or almost 50%--were third party errors--that is, the NSL recipient provided the FBI information we did not seek. Only 12 of the NSLs examined--4%--had mistakes that the OIG rightfully attributes to the FBI. Examining the 12 potential errors that were rightfully attributed to the FBI reveals a continuum of seriousness relative to the potential impact on individual rights. Four (or just over 1% of the sample) were serious violations. Specifically, two of the violations involved obtaining full credit reports in counterintelligence investigations (which is not statutorily authorized), one involved issuing an NSL when authorization for the investigation to which it related had lapsed, and one involved issuing an NSL for information that was arguably content, and therefore not available pursuant to an NSL. (In the latter case, the ISP on which the NSL was served declined to produce the requested material so there was, in fact, no collection of information to which we were not entitled.) The balance of the 12 potential violations identified by the OIG do not, in our view, rise to the same level of seriousness as those 4. The remaining 8 involve errors that are best characterized as arising from a lack of attention to detail, and did not result in the FBI seeking or obtaining any information to which it was not entitled. Those 8 potential violations involved errors such as using the wrong certification language in an NSL (although the appropriate certification is not materially different) and having the NSL and the EC seeking the NSL not entirely consistent. We do not excuse such lack of attention to detail, but we do not believe that such mistakes result in or cause a risk to civil liberties. In short, approximately 1% of the NSLs examined by the OIG had significant errors that were attributable to FBI actions and that had not been, but should have been, reported as PIOBs. While a 1% error rate is not huge, it is unacceptable, and we have taken steps to reduce that error rate. First, we are very concerned that of all the potential IOBs involving mistakes in NSLs attributable to the FBI (whether previously reported or not), 3 involved the same mistake: namely, issuing an NSL for a full credit report in a counterintelligence investigation. In order to ensure that this particular error is fully rectified, the FBI ordered all field offices to examine all counterintelligence files in which Fair Credit Report NSLs have been issued since January 1, 2002 in order to ascertain whether the file contains a full credit report. If it does, the credit report must be removed from the file, sequestered with the field office's attorney, and a PIOB must be reported to OGC. The results from that search are due to headquarters by April 16, 2007. Several other steps we have taken will, we believe reduce the likelihood that the FBI will commit the other mistakes in the future. First, as indicated previously, the FBI is developing an automated system to prepare NSLs and their authorizing ECs. That system will reduce to zero mistakes such as having the wrong certification language or inconsistency between the NSL and the EC. It will also ensure that the investigative file out of which the NSL is being issued is open. Finally, it will ensure that an NSL for a full credit report cannot be issued out of a counterintelligence file. Other changes to FBI policy have been made that we believe will facilitate better handling of IOBs and also reduce errors that lead to IOBs. First, last fall we provided comprehensive advice to the field regarding its responsibility towards information obtained as a result of third party errors. That guidance requires all such information to be sequestered and reported to OGC as a PIOB. If the ``over collected'' information is irrelevant to the investigation (e.g., the telephone company transposed a number and provided us records on the wrong telephone account), then it will be destroyed or returned. No such information should be entered into FBI databases. If the information is relevant to the investigation but simply not within the four corners of the NSL, then the information must be sequestered until a new NSL has been issued for the extra data. After the new NSL has been issued, the information can be entered into FBI databases. Secondly, we have collected all the rules and policies on NSLs into one document which will be disseminated to the field. Those rules now mandate that, until the deployment of the automated NSL system, all NSLs and ECs be prepared from the exemplars that are provided on OGC's website. That should eliminate many of the mistakes identified by the OIG. All of these rules will, of course, only reduce or eliminate errors if they are followed. The OIG's report has highlighted for us that there must be some sort of auditing function--above and beyond the IOB process--to systematically ensure that these rules, as well as others that govern our activities in national security investigations are followed. The FBI has historically been very good at establishing policy and setting rules, but we have not been as proactive as we should have been in establishing internal controls and auditing functions. The full parameters of the compliance program have not been set, although these aspects have been: the Inspection Division with participation of DOJ's National Security Division and Privacy and Civil Liberties Office is in the process of a special inspection of NSL usage in all 56 field offices and headquarters. That inspection should uncover any other significant problems with our use of this tool but should also tell us whether there are variances between offices in terms of the numbers and types of errors. The results of the inspection will then inform the program that the Attorney General announced of having teams of DOJ lawyers, FBI lawyers and the Inspection Division periodically audit field offices' use of NSLs. That process will begin in April and should result in at least 15 offices being audited this year. We are also considering other proactive compliance programs in order to develop a program that ensures, to the maximum extent possible, that the rules and policies designed to protect privacy and civil liberties are faithfully adhered to by all of our employees, that we promptly identify and correct any violations of law or policy, and that any information collected erroneously is removed from FBI databases and destroyed. In addition, a working group co-chaired by the Office of the Director of National Intelligence and the CPCLO has been convened to examine how NSL-derived information is used and retained by the FBI. The FBI and DOJ's National Security Division will have a representative on this working group. We welcome the Committee's input as we move forward on these initiatives. The FBI is acutely aware that the only way that we can achieve our mission of keeping the country safe is if we are trusted by all segments of the American public. With events like the London terror attacks of 2 years ago and the Canadian plot to use fertilizer bombs to destroy buildings in Canada in 2006, we have all become worried about the risk of a catastrophic attack from home grown terrorists. Our single best defense against such an attack is the eyes and ears of all Americans--but particularly of those segments of the population in which the risk of radicalization is at its highest. We need people in those communities to call us when they hear or see something that looks amiss. We know that we reduce the probability of that call immeasurably if we lose the confidence of those segments of the population. That is one of the reasons that we are looking for ways to assure all Americans that we are respectful of individual rights, including privacy rights, and that we use the tools that have been provided to us consistent with the rules set out by Congress. I appreciate the opportunity to appear before the Committee and look forward to answering your questions. Mr. Conyers. Well, General Counsel Caproni, I want to thank you for your candor and forthcomingness in coming before us today, and we will include the rest of your testimony, of course. Now let me begin the questioning, and I thank both the witnesses. Inspector General Fine, I am curious as to how you have come to the conclusion that these errors that have been reported and that bring us to this chamber were sloppy--the results of sloppy bookkeeping, recordkeeping or compliance with the law, but none of it was intentional. How could that be if they have known about these excesses since the year 2004, and their Communications Analysis Unit warned them about it in early 2005, and we have something like at least over 700 Exigent Letters and somewhere in the neighborhood of 40,000 to 50,000 NSL letters for 3 years? Mr. Fine. Let me separate some of those issues. I do not believe that they intended to go out and to obtain information that they knew they could not obtain and said, ``We are going to do it anyway.'' I think what they did was complete carelessness; they did not follow the rules, did not follow appropriate procedures, and obtained information that they could have obtained properly but by taking shortcuts. Now, we did not do a review to ask everybody what was in their minds and what exactly they did, but we saw instances where people just simply did not follow the rules and did not take appropriate action. Mr. Conyers. But they were being warned. This did not just come up recently. This goes back to 2004. Mr. Fine. In 2004, it is correct that attorneys in the Office of General Counsel had concerns about the Exigent Letters and were not saying ``stop it,'' but were saying ``we need to take different measures to issue these letters.'' Mr. Conyers. Do you think that the law was so complicated that people in good faith just could not figure out what it was we were requiring? Mr. Fine. I think what they did was inappropriately take a model from another context and apply it to this context, which was wrong--it clearly was--and that they did not think carefully, and they did not take appropriate actions. Now, I know that the FBI is conducting a special inspection to look at exactly what everybody knew and when they knew it and why they took the actions that they did. We did not do that kind of review. We did not ask everybody up and down the line, and it is possible that people had motivations that were not appropriate. Mr. Conyers. But there is no way we can tell. There is no way I can tell, but there is no way you can tell either. Mr. Fine. It is true that we did not do a performance review of every individual, so I think that is an appropriate point, Mr. Chairman--I really do--and I do think it is incumbent upon the FBI to go back and look and see exactly what people were doing, at what stages, and why they did, what they did and take appropriate action to hold people accountable. Mr. Conyers. Now, do you make a distinction between the National Security Letters and the Exigent Letters in terms of the severity of the offense that brings us here today? Mr. Fine. I think I do. I think the Exigent Letters were the most troubling aspect of this. Mr. Conyers. And why is that? Mr. Fine. Because there is a process in the law to allow voluntary disclosures from these telephone companies if there is a true emergency, and we believe the FBI should have followed that voluntary process. Instead, they went with these Exigent Letters, which they used in a different context, and applied it to this context which, in our view, was inappropriate. With regard to the National Security Letters, there were many of them, and many of them did comply with the requirements of the law. We saw, and we tried to do a review to see how many did not. We found a significant number did not, but with regard to the Exigent Letters as a whole, that whole practice was very troubling to us in and of itself. Mr. Conyers. Now, are you satisfied with the steps that have been described here today by the General Counsel in terms of how we clean this mess up? Mr. Fine. Well, we have been briefed by the Department and the FBI about the steps they are taking. I think they are taking this seriously, but I am not in a position right now to say, ``I am completely satisfied. I trust all this.'' We need to see what happens with these steps, see whether there are concerted efforts over time, to see whether they really are adequately implemented. So I cannot say right now that they have done all they can, but I think they are taking important steps and taking this very seriously. Mr. Conyers. I thank you so much. I recognize Lamar Smith. Mr. Smith. Thank you, Mr. Chairman. Mr. Chairman, I am hoping my first question will not count against my time. Mr. Fine, I noticed, in reading your bio that when you were a senior in college and co-captain of the basketball team you were recruited by the San Antonio Spurs. They happen to be my hometown team. My question is this: Don't you regret not playing for the Spurs rather than becoming a Rhodes scholar and graduating from Harvard Law School? Mr. Conyers. The gentleman's time has expired. Mr. Fine. Congressman, I was drafted in the 10th round by the San Antonio Spurs, and if I were maybe a little taller than 59", I might have had a chance to play. So I do not really regret that my future was in the law rather than in professional basketball. But I tell people who do not believe I actually played basketball when they see me at 59" that before I started this job as the IG I was 69". Mr. Smith. A very good answer. Mr. Fine and Ms. Caproni, let me address a more serious question to both of you, and it is this. We have unearthed these problems that are recognized and that are being dealt with, and some of the reasons for those problems have already been seen, and the practice has been discontinued, but my question is this: Do you all feel that the problem is with how the law was enforced rather than with the law itself? In other words, if the law were carried out as intended, doesn't that solve our problem? Mr. Fine first. Mr. Fine. Congressman, I am really not in a position to say what the law should be or if there should be modifications to the law. What my job is is to look at the law and to look at the application of the law and to see the problems that occurred. I do believe that if the FBI had assiduously and carefully applied the law, we would not have seen as many problems as we have, and it really was unacceptable and inexcusable what happened here. Mr. Smith. Ms. Caproni. Ms. Caproni. From our perspective, the problem is not with the law, although I would note that unlike other areas that our agents, where they get these sorts of records, there are very specific rules, and they have to win through those rules. That, in my sense, is our responsibility as the lawyers to make sure that the agents understand what they can do and what they cannot do. Again, there is no doubt that the problem with the National Security Letters was a colossal failure on our part to have adequate internal controls and compliance programs in place. The laws, themselves, provide us with a needed tool, and it is a tool that we should use responsibly. Mr. Smith. Okay. Thank you. Mr. Fine and Ms. Caproni, why are National Security Letters important in our investigation of terrorism? Ms. Caproni. They are critical. National Security Letters provide us the basic building blocks that we need to build an investigation. For those of you who had prior criminal AUSA experience--and I know a number of you did--you are used to issuing grand jury subpoenas to obtain telephone records and banking records. Frequently in terrorism investigations, we do not have an open criminal investigation. In fact, that was one of the things that the 9/11 Commission really encouraged us to do and that this Committee encouraged us to do and the intelligence Committees, to move more--when we are thinking about a terrorism case, to move from simply a criminal mindset to thinking in an intelligence mindset. So a National Security Letter is the tool that we use in order to get the basic building blocks of those investigations, again, like phone records for almost every terrorism case, financial records when we are building terrorism financing cases. So, without National Security Letters, our national security investigations would really be stopped before they even got started. Mr. Smith. Okay. Thank you. Mr. Fine. Mr. Fine. I do think that they are important investigative tools. They can connect terrorist individuals with terrorist groups. They can find out where terrorist financing can occur. They are indispensable in counterintelligence investigations. And the FBI did tell us, from folks in the field to headquarters, how important they were to the investigations and showed us examples of that. I have said that I think they are important. There also needs to be important checks on these tools because they are intrusive, and there is information that is obtained and retained for significant periods of time, and so while they are important investigative tools, there also needs to be appropriate checks on them as well. Mr. Smith. Mr. Fine, in your conclusions--it is the second one--you say, ``In most but not all of the cases we examined in this review, the FBI was seeking information that it could have obtained properly through National Security Letters.'' What percentage would you guess is that? In other words, what percentage of the problems could have been resolved if they had obtained National Security Letters? Mr. Fine. We found instances, a few instances, where they obtained information inappropriately and could not have used a---- Mr. Smith. How many of the 739 would you guess that is? Mr. Fine. Well, the 739 is hard to tell because they could not tie them to appropriate investigations all the time, and there were many times where they could not tell us it was an emergency, so I do not know how many in the 739. That is the most troubling aspect of it. With regard to the others, the National Security Letters in the files we reviewed, I would say we found about seven where there were illegal uses of them, where the FBI was attempting to obtain information through confusion, through error, of information that they were not entitled to obtain through a National Security Letter, either an educational record or obtaining information on a full credit report in a counterintelligence case, which they are not allowed to obtain, or not using it in NSL---- Mr. Smith. You said seven times? Mr. Fine. Seven of the reviews that we found and we found in our--seven of the individual ones, and as you will recall, we did not do a review of every NSL that was issued. We did a small sample of them. Mr. Smith. Okay. Thank you, Mr. Fine. Thank you, Mr. Chairman. Mr. Conyers. Thank you very much. The gentleman from New York, Jerry Nadler. Mr. Nadler. Thank you. Well, Mr. Fine, I suppose. You state in your report that there were no intentional violations of NSL policy procedure, that these were basically carelessness but that there were no intentional violations, no crimes. Mr. Fine. Correct. Mr. Nadler. Okay, but we also read in the report that agents intentionally went around the statute to provide phony information requests to telephone companies based on false statements. For example, the FBI's Communications Analysis Unit went around the NSL statute because it felt that the statute was insufficient and contracted with the telephone companies to access information directly. These contracts were approved by the Office of General Counsel and were exploited by issuing Exigent, or emergency, Letters. Well, let me ask the General Counsel. What is the statutory basis for an Exigent Letter? As far as I can tell, there is no basis for it. Ms. Caproni. Well, under 2702, we have the authority to get records from a phone company in an emergency circumstance without a National Security Letter. The Exigent Letters were undoubtedly inappropriate shortcuts to the process, though. Mr. Nadler. Well, under 2702, if you were going to get information in an emergency, what do you have to do? Ms. Caproni. You simply have to tell the carrier that there is an emergency. We recommend that you explain to the carrier what the emergency is, and it is then up to the carrier to decide whether or not to provide us records. So it is not a compulsive system. Mr. Nadler. Not compulsive, but of course, the carrier has no particular interest in protecting--if you are looking at my records or if you want my records, for example, the phone company has no particular interest in protecting my privacy rights, and I will never find out about it, so I cannot go to court to protect them, correct? Ms. Caproni. I do not represent the carriers, but I would disagree with the theory that they have no particular interest in protecting your records. In fact---- Mr. Nadler. What is their interest? Ms. Caproni. In fact, the carriers were diligent in making sure that any record they gave to us they subsequently obtained a National Security Letter for. Mr. Nadler. Well, wait a minute. Mr. Fine's report says, in many, many instances, hundreds of instances, that that never happened. Ms. Caproni. As of right now, there are still some numbers that have not received National Security Letters to back up the requests. Mr. Nadler. But back up years later after the report, but that is backfilling, in other words, and that is certainly not evidence that the phone companies were diligent in seeking these things. That is saying that, after this report was done, someone said, ``Wow, we have got a problem on our hands. We had better go get these letters 4 years later or 3 years later.'' That is not evidence of what we are talking about. Ms. Caproni. Respectfully, even though I am not defending the practice, it is not the case that it was only after Mr. Fine's report came out that they were attempting to make sure that the paperwork documentation was appropriate for every record they obtained. Mr. Nadler. You think the paperwork documentation should be done as appropriate. Ms. Caproni. If it is not, the records will come out of our database and be destroyed. Mr. Nadler. In this morning's Washington Post, it says: Under past procedures agents sent exigent circumstances letters to phone companies seeking toll records by asserting there was an emergency. Then they were expected to issue a grand jury subpoena or national security letter which legally authorizes collection after the fact. Agents often did not follow up with that paperwork, the Inspector General's investigation found. The new instructions which, according to the Washington Post, were issued to the FBI tell agents there is no need to follow up with National Security Letters and subpoenas. The agents are also told that the new letter template is the preferred method in emergencies but that they may make requests orally with no paperwork sent to phone companies. In other words, it appears from this morning's Washington Post that instructions are now being given to the FBI not to bother with any backup documentation after an oral request to the phone company for records invading people's privacy. Ms. Caproni. Quite the contrary. The instructions are that if they get information based on an oral request--and just to give an example of when that might be appropriate, if a child has been kidnapped and the ransom call comes in---- Mr. Nadler. Obviously, in those--I am not questioning the need in an emergency like that for getting records right away. Ms. Caproni [continuing]. And to get them on an oral request. Mr. Nadler. I don't doubt it. What I am questioning is that, according to today's Washington Post, the opposite of what the two of you are saying is the case and that now they seem to be saying we will take care of this lack of follow-up of documentation by simply declaring it unnecessary. Ms. Caproni. No, Congressman, that is not the policy. The policy now is that if a request is going to be made on an emergency basis for records, that has to be documented. It has to be documented in the first instance in the request. But if there is not time to do that so that you need an oral request, then that has to be documented to the file together with the approval for it. So it is, again, an internal control to avoid the problem that was existing, which was emergency had become a flexible---- Mr. Nadler. Okay. One final question. That is to Mr. Fine. Just a quick clarification on accessibility of PIN numbers and Social Security numbers of individuals through this process. On page 73 of your report, there is a discussion of a potential Intelligence Review Board violation because an agent accessed a bank balance by getting a person's bank account and PIN number from the result of a FISA order. The agent was faulted for not using an NSL but was not faulted for the fact that the PIN number was readily available. The reason I flagged this is because this reference makes clear that through an NSO 215 order the Government can secretly obtain the PIN number for someone's debit or credit account---- Mr. Conyers. The gentleman's time has expired. Finish. Mr. Nadler. What limits are there on this and what protections on this power to get PIN numbers and credit account numbers? Mr. Fine. The FBI can get bank records and records like that. There has to be predication for it and they have to show the need for that. That is one of the tools that the FBI has used and can use, as we pointed out. That is one of the reasons there needs to be controls on this. Mr. Conyers. The gentleman's time has expired. The Chair turns to the former Chairman, Jim Sensenbrenner from Wisconsin, whose letter to the Department of Justice first triggered the inquiries that have flown from this. I congratulate him and recognize him at this time. Mr. Sensenbrenner. Thank you very much, Mr. Chairman. Just by way of background, we did some oversight when I was the Chair of the Committee and received a letter in late 2005 that indicated that there were problems with National Security Letters. The audit that the Inspector General conducted was as a result of a provision that I put in the PATRIOT Act reauthorization that required this audit to be made as well as a subsequent audit that Mr. Fine is doing that I am sure we are going to talk about extensively later when the report is issued. I would also like to point out that National Security Letters were not authorized by the initial PATRIOT Act in 2001 but have been around since 1986 in legislation that was authored by Senator Patrick Leahy of Vermont, who is the Chairman of the Judiciary Committee on the other side of the Capitol. The PATRIOT Act reauthorization put in a number of civil liberty protections relative to National Security Letters because we knew that there were problems afoot and decided that, even though NSLs were not a part of the PATRIOT Act, that they needed to have civil liberties protections. I am proud of that work that this Committee did and eventually found its way into the PATRIOT Act Reauthorization Act, which was signed by the President in March of last year. One of the things, Ms. Caproni, that I am really concerned about is that the Justice Department and the FBI in particular have come to the Congress repeatedly over the last dozen years asking for administrative subpoena authority, meaning that subpoenas could be issued without judicial supervision. This Congress has repeatedly rejected each and every one of those requests. Now a National Security Letter is kind of like an administrative subpoena, although it is limited to the type of information that can be obtained. I would like to know from both of the witnesses whether the FBI simply turned around and used NSLs to get huge amounts of information after Congress said ``no'' again to administrative subpoena authority. Ms. Caproni. No, we didn't. National Security Letters are always focused on a particular case. There is no bulk collection via National Security Letters. And while our congressional reporting numbers are off, as Mr. Fine correctly found, they are not off by an order of magnitude. That is, we reported that we collected data on less than 20,000 people a year. While that number may go up, it is not going to go up to above 200,000. Mr. Sensenbrenner. How can you account for the fact that the number of NSLs that were issued before 9/11 was about 8,000 plus per year and then it went up to 150,000? Do we have that many potential terrorists running around the country? If so, I am really worried. Ms. Caproni. I think it is a function of two things. First off, I think it is a function of the fact that post-9/11 a number of agents were moved into the counterterrorism area and the Director directed that no lead in a counterterrorism case would go unpursued. So there is a directive to agents that they must cover all counterterrorism leads. That is point one. I think point two was, because we were focusing much more on an intelligence-driven reaction to counterterrorism threats, the toolbox that we were using was focusing mostly on National Security Letters, as opposed to the prior reaction, which would have used grand jury subpoenas. Mr. Sensenbrenner. Mr. Fine. Mr. Fine. I agree with Ms. Caproni. Prior to the September 11th attacks, it was rarely used. There were delays in getting them, and they were not following the leads that they would have followed after the 9/11 attacks. After the 9/11 attacks, they are attempting to connect the dots, attempting to track down leads. When there are indications from a terrorist overseas that there might be connections to the United States, they try and follow that. Mr. Sensenbrenner. My time is running out. I just make the observation that one of the things that gets people in this town in big trouble is overreaching. I think that, given your report, Mr. Fine, the FBI has had a gross overreach. What this does is it erodes support for the function that the FBI does to protect all of us from future terrorist attacks. I hope that this would be a lesson to the FBI that they can't get away with this and expect to maintain public support for the tools that they need to combat terrorism. Given the way the FBI has acted, I have my doubts. But let this be a warning. And my time is up. Mr. Conyers. The Chair recognizes the gentleman from Virginia, Bobby Scott. Mr. Scott. Thank you, Mr. Chairman. Mr. Fine, you suggested that there is some confusion in how to work these things, as I understand it, representations that there was an emergency, when in fact there was no emergency, and representations that grand jury subpoenas had been issued, when in fact they had not been issued. Is that right? Mr. Fine. That is correct. Mr. Scott. Has anyone been sanctioned? Mr. Fine. No. The FBI, as a result of this report, is going and looking at a special inspection to look at exactly what happened with this, how the problems occurred, and to determine accountability. I think that is appropriate. Mr. Scott. To your knowledge, no one has been sanctioned so far. Mr. Fine. Not yet, no. Mr. Scott. Okay. Ms. Caproni, you indicated that we need to change our mindset from criminal investigation to intelligence gathering. Ms. Caproni. I am saying that, post-9/11, that has been what the FBI has been charged with doing--really not thinking of our terrorism investigations as wholly criminal. Mr. Scott. Now when we use these letters, are we obtaining information regarding United States citizens? Ms. Caproni. Sometimes. Mr. Scott. That is a yes? Not always, but sometimes? Ms. Caproni. Correct. About half and half. Mr. Scott. You are using this mindset against United States citizens. When you get all this information like Social Security numbers and phone records, how long is this information retained? Ms. Caproni. The issue of retaining national security--data that is obtained via National Security Letters is subject to a working group that the DNI is chairing together with the Department of Justice and that we will participate on in terms of how long we should keep it. As of right now, it is subject to the normal archive rules, so we keep it for whatever the law under our archives requires, which is typically 20 years. Mr. Scott. Twenty years. Now how many criminal convictions have you gotten from NSL letters? How much information from NSL letters has resulted in criminal convictions for terrorism- related offenses? Ms. Caproni. That was one of the questions that the IG was charged with answering, and I think deriving is very difficult. Because, while National Security Letters are typically used at the beginning of an investigation, we don't tag the data; and so tracing it through to know whether national security data started---- Mr. Scott. Mr. Fine. Mr. Fine. We try, too, but you cannot tell how many convictions as a result of that. It is not specifically segregated or tagged. When we tried to follow through the system, it was very hard to do that. So I can't give you a number. Mr. Scott. If somebody said one, would that surprise you? Could you contest that number? Ms. Caproni. I would. Mr. Fine. I would think it would be higher, but I can't tell you one way or the other. Mr. Scott. What information is obtained through NSL letters that could not have been gotten through going through the normal FISA process, even in emergencies when there is an after-the-fact process with the FISA courts? Ms. Caproni. Anything that we can obtain through a National Security Letter could be obtained from a FISA 215 order. I would tell this Committee that I think if you change the law in that way, you would be doing grave disservice. It would essentially sink the system. We issue, as you can tell from the report, thousands of National Security Letters to get information. We do not have an infrastructure in place to take every one of those to court any more than an AUSA in any district has the infrastructure in place to go to court to get every grand jury subpoena. It is simply--we don't have the infrastructure to do that. Mr. Scott. So you are not getting information you couldn't get through FISA, but just administratively you would have a judge looking at what you are doing and not having a process that lacks oversight. Ms. Caproni. Congressman, under FISA--under the FISA statute, section 215 of the PATRIOT Act gave us the authority to get an order for any type of record. Mr. Scott. That is what we are talking about. Mr. Fine, did I understand that in these cases there is an actual ongoing investigation prior to issuing these letters or there is not an identifiable investigation ongoing when they issued the letters? Mr. Fine. It has to be tied to some investigative file. They have to open an investigative file or a threat assessment or preliminary inquiry or full inquiry. It has to be tied to one of those, and can't be issued out of a control file. Mr. Scott. That is what they are supposed to be doing. Are they doing that? Mr. Fine. We found there were instances of they were issued out of a controlled file. Mr. Scott. If there is no ongoing investigation, what is the standard for deciding when to issue one and when not to issue one? Ms. Caproni. The standard is that it has to be relevant to an authorized investigation. What Mr. Fine was talking about with the control files is, while it is a difficult situation to understand, those NSLs were in fact--they related to an authorized investigation. There was a bureaucratic problem, which nobody likes to hear. There is a bureaucratic problem, but there was a huge bureaucratic problem that we believe we have worked out. None of the NSLs that were issued out of control files did not relate to an authorized investigation. They all were tied to investigations that were appropriately open. Mr. Conyers. The distinguished gentleman from North Carolina, Howard Coble. Mr. Coble. I thank the Chairman. Good to have you all with us. Mr. Fine, your report recommends a number of changes on the FBI's use and tracking of National Security Letters. The Attorney General issued a press release on March 9th responding to those recommendations; and I presume each of you is familiar with that report, are you not, the March 9th report? Let me put this question to each of you: Will those recommendations submitted by the AG restore the FBI's accountability for its use of NSLs? Mr. Fine, start with you. Mr. Fine. I believe that the response to the recommendations and what the FBI and the Department is doing is appropriate. Is it sufficient? Is it all that needs to be done? I am not sure. We will have to see what the results of those steps are. We try to provide recommendations to ensure that these very important but sensitive tools are used in full accord with National Security Letter authorities, AG guidelines, and internal control policies. They hadn't been in the past. Mr. Coble. Ms. Caproni. Ms. Caproni. I think we are going to have to work to get the trust of this Committee back, and we know that is what we have to do, and we will do it. Mr. Coble. Can the FBI implement the Attorney General's directions within the 4 months when the AG has requested Mr. Fine to report on your progress? Ms. Caproni. I hope so. There are some that are going to require some interagency work, but certainly if not all will be implemented in 4 months, we will have made substantial progress. Mr. Coble. You may have addressed this earlier, Ms. Caproni, but let me put it to you in case you did not. Does the FBI have any discrepancy or challenge with the report that Mr. Fine has issued? Ms. Caproni. No, we accept the report. To the extent we had factual quarrels, we worked those out. Mr. Coble. You may not be able to respond to this. What do you think, Ms. Caproni, are the greatest obstacles that your office faces in implementing the AG's directions? Ms. Caproni. I think that any obstacles there are the Director is going to make sure are removed. I think it is time--it is energy and effort; and we are going to do it. Mr. Coble. I thank you both for being here. Mr. Chairman, if I may, I would like to submit for the record the March 9th press release submitted by the Attorney General. Mr. Conyers. Without objection, so ordered. [The information referred to is available in the Appendix.] Mr. Coble. I thank the Chairman. I yield back my time. Mr. Conyers. I ask the lady--don't sit down now. I ask you to please excuse yourself from this hearing. No visitors can interrupt a hearing in the Congress. Just a moment. Would the officers escort this lady out, please. The Chair recognizes the other distinguished Member from North Carolina, Mr. Mel Watt. Mr. Watt. Thank you, Mr. Chairman. I thank the Chairman for convening the hearing. Mr. Fine, I am looking on page 7 of your testimony in which you indicate that you reviewed 293 National Security Letters in 77 files and found 22 possible violations that had not been identified or reported by the FBI, and I am trying to extrapolate that, although Ms. Caproni seemed to take some issue with whether that was a reliable sample. I am trying to assume for the moment that it is, without trying to figure out how many there would be of the total National Security Letters that were possible violations. My formula is I am starting with 143,000 National Security Letter requests on page 5. Would that be an appropriate place to start? Have you done the extrapolation for me? Mr. Fine. I haven't done it, but there are 143,000 requests, and, as you know, a request--there can be multiple requests in a letter, so there are approximately 45,000 letters during the time period, with 143,000 requests. I think the starting point would be about 44,000 letters during the time period. Mr. Watt. And if you extrapolated the possible violation out, what would that come to, according to your math? Mr. Fine. If you are talking about 7 percent, approximately 7 percent of the 293 had a violation, so 7 percent of 44,000 would approximately be about 3,000. Mr. Watt. So you are telling me---- Mr. Fine. That is quick math. I hope it is correct. I think it is. Mr. Watt [continuing]. That it is possible my FBI and my people who are supposed to be protecting my interest violated the law how many times? Mr. Fine. Well, I think there are possible violations of either the law, the Attorney General guidelines or the FBI's policies several thousand times, if you statistically extrapolate. It was a small sample. We didn't think it was skewed or biased. But if it held up through the entire population of files, several thousand, some more serious than others. But that is a lot. Mr. Watt. Ms. Caproni, why ought not our public be concerned about that kind of disregard of the law and internal process? Ms. Caproni. Well, I think the public should be concerned. We are concerned, and we are going to fix it. I would say, as Mr. Fine said, the sort of errors range sort of on a long continuum of seriousness. The most serious errors that Mr. Fine identified were obtaining full credit reports in counterintelligence cases. We had a---- Mr. Watt. That is 7 of the 22 files where you say they were real serious violations. Extrapolate that out for me, Mr. Fine. Mr. Fine. Well, I think in Ms. Caproni's testimony she talked about the level of seriousness and which were FBI errors and which were company errors and came up with the figure that a little bit over 1 percent of them were serious violations involving FBI errors. If you extrapolate that to the entire population, that would be about 600 cases of serious FBI misconduct. Mr. Watt. Ms. Caproni, is there some reason that this Committee and the American public shouldn't be concerned about law enforcement violating the law 600 times? Ms. Caproni. We are quite concerned about this, Congressman; and we are making every effort to figure out where those errors are, to sequester the material, to pull it out of our files and to destroy it. We will---- Mr. Watt. How many files have you all destroyed based on this investigation up to this point? Ms. Caproni. When we identify data that---- Mr. Watt. Isn't that a number rather than an explanation? Ms. Caproni. Congressman, I don't know the number. Mr. Watt. Has the FBI destroyed any files up to this point based on this investigation? Ms. Caproni. We destroy data all the time when we discover it was improperly collected. So both outside of Mr. Fine's investigation and---- Mr. Watt. Have you destroyed any files based on this investigation? Ms. Caproni. Again---- Mr. Watt. Have you destroyed any file? Ms. Caproni. Not a file. Mr. Watt. Have you destroyed any information based on this investigation? Ms. Caproni. Yes. Mr. Watt. What have you destroyed? Ms. Caproni. The full credit reports that were obtained improperly, and I think there was also some telephone data. Mr. Watt. How many is that? Ms. Caproni. It is not much. Mr. Watt. In these 600 cases that you have identified as possible real serious areas, several hundred, do you intend to prosecute anybody for violating the law? Ms. Caproni. We will have to look at what the facts are. I am not going to pre-judge. Mr. Watt. How long is it going to take you to look at that? Mr. Conyers. The gentleman's time has expired. Ms. Caproni. The inspectors are in the field now, and I think they will have completed their inspection, which is a sampling process, but they will have completed it within a week or so. Mr. Watt. You have got a more reliable sampling process than Mr. Fine. Ms. Caproni. It is bigger, and it is across all field offices. Mr. Conyers. The gentleman from California, once an attorney general for his State, Dan Lungren. Mr. Lungren. Thank you very much, Mr. Chairman. Ms. Caproni, I was one of the ones who have defended the FBI and the Justice Department in the use of these as we went through legislation the last 2 years, and to say that I am disappointed doesn't give justice to what I feel about this. Mr. Fine has said that this is the result of mistakes, carelessness, confusion, sloppiness, lack of training, lack of adequate guidance and lack of adequate oversight. That sounds like a report about a first or second grade class. We are talking about agents of the FBI, who are lawyers in many cases, who have college degrees, who have other kinds of education. We are talking about people who have gone through the FBI Academy. We are talking about people who presumably have been trained to go into this. We are how many years past 9/11? In response to the question I believe it was of Mr.--I am not sure who asked you this, but whether you could get this done in 4 months, you said you hoped so. I hope you will deliver a message that we expect it will be done. Because I don't think if you can't get it done in 4 months you are going to have to worry about improving your procedures for NSLs because you probably won't have NSL authority. I just want to convey to you how upset many of us are who have defended this program and have believed it is necessary to the protection of our country and you in the FBI have an obligation to try to find out who the potential terrorists are but also to make good on the promise we have made to the people of America that the terrorists are not going to succeed by indirection what they can't do by direction. That is, to destroy the constitution. I just--I will tell you this. I talked with Mr. Mueller yesterday. Because I have known him for 30 years. He's Mr. Fix- it. He goes in and fixes messes. He has done it all over this Government. I have seen his work in San Francisco. I have seen his work here at the Department of Justice. If I didn't know him, if I didn't know his record, if I didn't know he is the man we have put in many places to fix things, I would have no confidence in the FBI right now. So I hope you will deliver a message to all your people that it is not good enough to tell us you hope it is going to be done in 4 months. I hope you are going to deliver a message that it better be done in 4 months or you are not going to have NSLs to worry about. I have to say that as someone who supports them and will fight on the floor to have that authority given to you if there is proper oversight. But I probably won't get a majority of votes on the House floor if you don't fix it. So can you tell me you are going to do better than you hope to fix it in 4 months? Ms. Caproni. Congressman, you are absolutely right. Yes, it will be done. Mr. Lungren. I appreciate that. Now, Mr. Fine, you are the Inspector General for the FBI. I want to congratulate you on what you have done. We say we take some satisfaction in your carrying out the authority we gave you, but sometimes that doesn't happen, and we appreciate the job you have done here. Maybe you won't want to answer this question. Maybe you can help me. How do you explain carelessness, confusion, sloppiness, lack of training, lack of adequate oversight with the FBI? I just turned on television last night and watched one or two or three of these shows that always shows the FBI as being far better than local government. A little burr under my saddle, because I am a former AG of California. I appreciate the FBI, but how do you explain this? I am not sure what would be worse, frankly. At first, I was relieved that you said this and that it wasn't intentional action by the FBI. At least, we haven't found that. I would at first have been worried about that. Now, as I think about this, should I be more worried about the fact that the FBI now, in something as important as NSLs, has marks of carelessness, confusion, sloppiness, lack of training, lack of adequate guidelines and lack of adequate oversight? Is this exceptional in your experience in your oversight of the FBI? Mr. Fine. I think the FBI worked hard to get these authorities but didn't take it seriously enough putting in controls over these authorities. I think there is often a problem sort of between the receipt of the authority and the execution of that authority. That is clearly what happened here. We were very troubled by it. We have seen problems in the FBI in terms of information technology and trying to upgrade their information technology. We have seen problems, but they are--these are difficult tasks, and they are trying to do this as they are changing their mission, and, quite honestly, there really is no excuse for it. Mr. Lungren. Do you have any questions that the NSLs are of some value? Mr. Fine. Yes, I believe they are of value. Mr. Lungren. If we lost them, that would be a loss. Mr. Fine. I believe they are a valuable investigative tool to counterterrorism and counterintelligence investigations, and that is why it is so troubling. Mr. Lungren. We better fix it so we don't lose a tool that is truly effective. Mr. Fine. I think they need to fix it. Mr. Lungren. Thank you, Mr. Chairman. Mr. Conyers. The gentlelady from Texas, Sheila Jackson Lee. Ms. Jackson Lee. Mr. Chairman, again, my appreciation for your continuing effort of establishing transparency in Government. I welcome both of the witnesses here today and recount just limited history that troubles me as we find ourselves here today. I know the good intentions of the witnesses, but certainly I need not remind you of the era of McCarthyism and certainly that role law enforcement played in that misdirected era of the United States of America. As a young lawyer, I participated in the investigations into the assassination of Dr. Martin Luther King and John F. Kennedy right here in this Congress; and what was exposed was the extensiveness of the COINTELPRO of Dr. Martin Luther King-- wrongheadedness, as far as I am concerned--as relates to the utilization of protecting this country. A civil rights leader who happened to be outspoken against the heinous governmental acts of segregation, and all of a sudden he became a major target of the Federal Bureau of Investigation, with any number of officers, agents, if you will, probing and looking over paperwork that he might have generated. That smacks, as far as I am concerned, of where we are today, even though, Mr. Inspector General, you have indicated that it has been without malice, without intentions. And we all know that there is a phrase that says, a journey to a certain place is paved on that road with good intentions. So I am not very happy as to where we are today, because I argued vigorously about the extensive powers that we were giving to the President of the United States out of fear. One thing that the Constitution reminds us and certainly the Founding Fathers, who left a tyrannical society to be free, is that tyranny can get the best of us. Lack of control can get the best of us. So I ask to the General Counsel of the FBI, did you determine what percentages of those letters that were sent without National Security Letters generated into terrorist responses or terrorist incidences or terrorist prosecutions? I would be interested in that number. Why don't you just answer that yes or no. Do you have the percentage? Ms. Caproni. I do not. Ms. Jackson Lee. I would like to get the percentage, frankly. Ms. Caproni. The Director has ordered a special investigation of the whole exigent letter instance. We will brief this Committee when we have the results of that. Ms. Jackson Lee. I will join my colleague on the other side of the aisle. How quickly can you get that information? This is about protecting the Constitution and securing the homeland, two very important jurisdictional responsibilities; and I happen to serve on both Committees, Homeland Security and this. So my question is, how soon can you get those numbers? It makes a real difference to know whether you generated potential terrorist threats that would secure the homeland or whether or not the FBI was on a fishing expedition. Ms. Caproni. Congresswoman, let me assure you that the group was not on a fishing expedition. Having said that, I understand my assurance to this Committee at this point isn't worth a lot. The Inspection Division is conducting the inquiry. They know that they have to proceed quickly, but I regret I can't tell you when they are going to be done. I will make sure that the Director understands that you want it done as quickly as possible. Ms. Jackson Lee. Certainly we wish the Director well. We would have wanted to have him appear before this Committee, but we do wish him a speedy recovery. Ms. Caproni. Thank you. I will let him know that. Ms. Jackson Lee. Mr. Inspector General, I assume you will say to me that you don't speculate, but let me quickly ask you a question and will you be thinking, the General Counsel, on this question. The President signed on the PATRIOT Act a signing statement which indicated that he was going to interpret or have the Act interpreted in a manner consistent with the President's constitutional authority to supervise a unitary executive branch to withhold information. Just be thinking about that. I wanted to know, did that give you free ride. That is why I have legislation that indicates that agencies should not be running, I must say, amok because of signing statements. Mr. Inspector General, what you looked at and you said it has not been intentional--help me out--however, don't you believe there should be restraints put in place and might the PATRIOT Act be entirely too broad to even be a valuable tool that would restrain people in balancing both security and as well balancing civil liberties? Mr. Fine. I do believe that there need to be controls. I do believe that there needs to be a balance, a balance of effective tools to prevent terrorism, and at the same time effective controls on the use of those tools. What was most troubling to us was that those controls were not implemented and not followed. I share the concerns expressed by the Members of this Committee, and that is why we did the report. We were not restricted or limited in what we did, and I know there was a Presidential signing statement, but the Department did cooperate with us. We did provide the information that we had. We provided it in the most unclassified way we could, and the Department actually did unclassify a fair amount of this information so it could be fully aired. We also provided a classified report to this Committee and other Committees describing the additional information. So we did what we could to identify the problems in this program. Mr. Conyers. The gentleman from Florida. Ms. Jackson Lee. Mr. Chairman, can she answer yes or no on the signing statement? Would you indulge me? Ms. Caproni. The signing statement had absolutely no impact on how we secure letter authority. Mr. Conyers. The gentleman from Florida, Mr. Ric Keller. Mr. Keller. Thank you, Mr. Chairman. Ms. Caproni, let me begin with you. If the FBI didn't have National Security Letters as an investigative tool, you could get the same information via prosecutor through a grand jury subpoena or by going before a FISA court and getting a court order, isn't that correct? Ms. Caproni. Yes. Mr. Keller. The concern that you have with those two options is you essentially don't have the manpower. I think you said it would sort of sink the system. Ms. Caproni. I was responding to a suggestion that all of these should be obtained via court order. If that were the law, that would create substantial obstacles to our national security program. Mr. Keller. That is why you aren't using in all cases the grand jury subpoena or the FISA court orders, because you don't have the manpower power to do that and still do your investigations? Ms. Caproni. I would say it is perhaps slightly more nuanced than that. On grand jury subpoenas, there are cases where we don't have a criminal case open, so a grand jury subpoena is not an option. Further, the whole philosophy of making sure that we are thinking from an intelligence perspective rather than immediately cutting to the chase of a criminal investigation encourages agents to use national security tools versus criminal tools. Mr. Keller. Let me follow up, because the challenge we have is getting this in the strike zone. We want you to have this information that you need as an investigative tool, but we want there to be some sort of check on your authority. To use the grand jury subpoena, for example, to get my phone records, I have the ability to move to quash that subpoena and have a judge hear it. Ms. Caproni. Only if someone tells you the subpoena has been served, which is not the typical route of a grand jury subpoena. Mr. Keller. Before you went before a FISA court you would have a set of eyes through the FISA court judge looking at it, correct? Ms. Caproni. That is correct. Mr. Keller. In terms of using the National Security Letter, let's say you served it on my phone company. The phone company is not necessarily looking out for my personal privacy interests, and so there is not a set of eyes looking at it, at least from an individual perspective. Ms. Caproni. Again, that is the same as with a grand jury subpoena, correct. Mr. Keller. So all we have is our Inspector General as a check on the controls to make sure that you are applying it in an appropriate way. Ms. Caproni. I think this report has told us we internally have to do a far better job at making sure that we are maintaining internal controls over the use of this tool. I fully expect Mr. Fine to come back to visit us in future years and will dutifully take us to task if we have not accomplished that. Mr. Keller. Mr. Fine, imagine a housewife in Orlando, Florida. She does absolutely nothing relevant to terrorism or espionage, never met or spoken to a terrorist or spy. Based on your investigation, does she have any reason to worry about National Security Letters violating her privacy by looking at her phone records, bank records or Internet search records? Mr. Fine. I think that there are times when the FBI looks for telephone records of potential terrorists and looks to see who they have contacted or been in contact with. Could be advertent, could be intentional contact, could be inadvertent contact. As a result of that contact, there can be efforts to look and see what telephone numbers have been called. Now, if they had no contact whatsoever with the subject of a potential terrorist investigation, it is less likely that the records would be obtained here. Mr. Keller. In framing my question, I said, no contact, either written or spoken. So let me ask you, based on your investigation, were there any situations where you saw National Security Letters being used when there was no relevance whatsoever to international terrorism or espionage? Mr. Fine. We couldn't in our review look at all the investigative case files and say there was an adequate predicate. There wasn't. We looked at how they were used and whether on their face they were improper. So it is impossible for us to say that the relevancy standard was met. One thing we did find and I would note, this is that, in many cases, the counsel of the FBI field offices, either the Chief Division Counsel or Assistant Counsel, did not aggressively and independently look for that. And they are the ones who should be checking on that, they are the ones who need to ensure there is adequate predicate for this investigation. And we saw in many cases that that didn't happen that they acceded to the wishes or the arguments of the case agents or special agents in charge without independently and aggressively looking at that. Mr. Keller. One final question. Can you give us an example to help make your case, if you have one, as to what is a scenario where a National Security Letter is your best investigative tool because, for whatever reason, a grand jury subpoena or a FISA court order is insufficient? Ms. Caproni. Any time I would say that they were at the very beginning of an investigation; say, for example, after the London bombing when the British authorities provided us with telephone numbers of the British bombers. So we were looking to see if we have anyone in the United States that had telephone contact with the London bombers. In my view, the appropriate way to pursue that investigation is via National Security Letter. Mr. Keller. Because you wouldn't have time under the other options? Ms. Caproni. We wanted to know that very quickly; and, again, I think the American people would want us to know very quickly after the London bombings took place whether we had any cells or groups of people tightly related to the London bombers. So we needed to move very quickly; and, in fact, the investigators did move very quickly on that to figure how out who here was connected to there and was it an innocuous connection or a dangerous connection. Mr. Keller. My time has expired. Mr. Conyers. The distinguished gentlelady from Los Angeles, California, Maxine Waters. Ms. Waters. Thank you very much, Mr. Chairman. May I ask, were these witnesses sworn? Mr. Conyers. They were not. Ms. Waters. May I respectfully request that they be sworn in? Mr. Conyers. Too late. Ms. Waters. Then, Mr. Chairman, I suppose we are going to have to rely upon them, particularly the General Counsel, continuing to tell us that they are acting within the law. I shall proceed with my questions. Mr. Conyers. If the gentlelady will yield, false testimony before this Committee can constitute a violation in and of itself, a misstatement, any deliberate misstatements. Ms. Waters. Well, I would have preferred that they be under oath, but--however, the Chair has made that decision; and I shall proceed. Let me just ask about the use of these exigent letters. As I understand it, these letters are used basically to get around having to get the NSL letters; is that right, Mr. Fine? Mr. Fine. These letters were used in advance of or in lieu of National Security Letters, that is right. Ms. Waters. There was information collected as a result of these letters, particularly the operation I believe that was set up with the contract with the three telephone companies or telecommunications companies; is that correct? Mr. Fine. Well, there were contracts with the telephone companies so that they would provide information to the FBI on an expedited basis. Ms. Waters. Ms. Caproni, do you still have contracts with those telephone companies, any other telephone companies, or any other private businesses to supply you information in the manner that those companies did? Ms. Caproni. We continue to have contracts with the telephone carriers that obligate us to provide them with appropriate process to get records. I can't answer the balance of your question. I don't know if we have other contracts with other private parties. The telephone companies it made sense, because of the volume of our request. Ms. Waters. How much are the taxpayers paying the telephone companies, that they pay to provide them services to spy on us? Ms. Caproni. I don't know what the dollar value of the contracts are. Ms. Waters. You have no idea? Ms. Caproni. I actually don't. Ms. Waters. You have never heard any discussion about it? Ms. Caproni. I am sorry, I don't. I just don't know the amount. Ms. Waters. Information was collected on millions of Americans using this as a tool. Now that you know that they are were innocent, they probably should not have been under investigation. Has all of this information been purged and gotten rid of? Ms. Caproni. We did not collect records on millions of Americans? Ms. Waters. How did it work then? Ms. Caproni. The exigent letters were provided to the carriers, which promised future process. That future process, unfortunately, was not always promptly provided. Ms. Waters. What did they do? Ms. Caproni. Who do? Ms. Waters. The companies. How did they mine the information and did they mine information of innocent people? Ms. Caproni. The carriers provided us with toll billing information, which was then placed into our databases. There is no connection between their databases and our databases. The information comes out electronically and moves into ours. Again, we are talking about--I believe the number of numbers at issue, according to the Inspector General, is somewhere in the neighborhood of 3,000. It is my belief, though--again, we will have to wait and see what the special inspection finds--that all of those numbers were tied to authorized investigations. To the extent any were not, the records will be removed from our databases and destroyed. Ms. Waters. When will they be removed? How long will it take? Ms. Caproni. Again, I am anticipating that that special inspection will take a couple of weeks at least, but probably-- I just actually don't want to speculate. Ms. Waters. Didn't you have a court order relative to your contracts with these telephone companies? Ms. Caproni. No, ma'am. Ms. Waters. Was there a court decision relative to the manner in which information was obtained? Ms. Caproni. The information was obtained from the carriers pursuant to--it was supposed to be obtained pursuant to the laws of ACBA. Ms. Waters. But they were not. Ms. Caproni. Again, as Mr. Fine has indicated, there were these exigent letters that were used. What we are trying very hard to do is to unravel and to make sure that we do not have the records of anyone as to which there was not--it wasn't relevant to an authorized investigation. Ms. Waters. How long have you been trying to do this? Ms. Caproni. We began the process with them last fall and we are--we within OGC are to the point that if they cannot demonstrate to our satisfaction very quickly, then any of those records have to be removed from the database and destroyed. Ms. Waters. Certificate letters, are you still issuing certificate letters? Ms. Caproni. No. Ms. Waters. When did you stop? Ms. Caproni. Shortly after OGC learned about them, that process was stopped. We entered into discussions with the Fed over whether--Federal Reserve Bank in terms of whether or not it required a National Security Letter. There was some back and forth between lawyers, that the decision was made that they would prefer a National Security Letter, so---- Ms. Waters. So you collected information using these certificate letters. Has that information been destroyed? Ms. Caproni. No. Ms. Waters. When are you going to do it? Ms. Caproni. I don't believe we are going to do it. Ms. Waters. Why are you going to keep information that was improperly collected on financial records of innocent people? Why would you keep it? Ms. Caproni. One, they are not innocent people; and two, it wasn't improperly collected. The Federal Reserve Bank is not directly covered by the right to financial privacy. They can ask for a National Security Letter, which they now have done, and because---- Ms. Waters. Why did you stop using certificate letters if they were legal and proper? Ms. Caproni. Because we thought the better process was a National Security Letter, and the Fed asked us to provide National Security Letters. Ms. Waters. How have you determined whether or not the information you collected was on individuals who were suspicious, guilty, had committed a crime? How do you determine whether or not these people are innocent and the information should be destroyed? Mr. Conyers. The gentlelady's time has expired. Please answer the question. Ms. Caproni. Certainly. The issue is whether the information is relevant to an investigation. There are times when we gather information that is relevant to an investigation but it turns out that the person was not engaged, for example, in terrorist financing. We don't then destroy the information, though the investigation is closed. So it is much like any other information that is gathered during the course of an investigation. The issue of whether that policy will continue is a matter that is under discussion by a group that is being chaired by the DNI in terms of whether we should or we should not continue to retain information that is gathered via National Security Letters after the investigation is closed. Mr. Conyers. The gentleman from Virginia, Mr. J. Randy Forbes. Mr. Forbes. Thank you, Mr. Chairman. Mr. Chairman, I hope I can emulate your very calm manner of handling this Committee; and I just want to tell the witnesses what I said at the beginning--I want to thank you both for being here. We know you have a tough job, and we appreciate you coming in here and answering our questions today. I have listened to the Committee as we have gone through this process, and we have had testimony from the Washington Post, we have had testimony from members of the audience, testimony from Members of this Committee. You are the only witnesses we have here. I think that you get the message, both of you, you had it when you came in here, that no one on this Committee condones any of these lapses or feels that it is not urgent that they be corrected and corrected as quickly as possible. We are also grateful that this Committee requested this audit. Because, Mr. Fine, through your good work, we were able to find out what these problems were so that we can correct them. The other thing, Ms. Caproni, you have been asked to take a lot of messages back to the FBI, all of which are good and valid messages. But another one I want to ask you to take back today is that, although the FBI messed up in handling the NSLs, I want you to take a message back to those agents in the field, who I know are working around the clock; they are away from their families a lot of the time, and thank them for not messing up on what Mr. Fine said was one of their key missions and that was to detect and deter terrorism and espionage in this country. Because if you had messed up on that one, we would have a lot more people in this room and a much harsher hearing than we are having today. The other question I would like to ask either of you to respond to: Do either of you have any evidence today that anyone in a supervisory position gave instructions, either expressly or impliedly, to any person under his or her supervision to misuse the NSLs? Ms. Caproni. Not to my knowledge. Mr. Forbes. Mr. Fine. Mr. Fine. We did not find that evidence. We did not find that there was an intent by people who knew they were misusing it to misuse it. So, no. On the other hand, we did not do a thorough review of what people up and down the line knew and did, so we reported what we found. Mr. Forbes. That is being conducted, as I understand it, now, is that correct? Ms. Caproni. Correct. Mr. Forbes. And if you find that information you will present that back to the Committee, correct? Ms. Caproni. Absolutely. Mr. Forbes. The second question for either of you: Is there any evidence that any member of the FBI or the Justice Department provided any information either orally or in writing to this Committee or to Congress which they knew to be inaccurate or false? Ms. Caproni. Not to my knowledge. Mr. Forbes. Mr. Fine, you don't have any? Mr. Fine. I don't have that information, no. Mr. Forbes. Just the balance that we have talked about, we know the harm that comes from violation of privacy interests of our citizens, that is huge. But I wish you would go back--and, again, just take a minute--and talk about what Mr. Fine has put in here about--says: These tools are indispensable to the FBI's mission to detect and deter terrorism and espionage. We know there has been a lot on your plate since 9/11 and you have had to do that. Can you tell us, with as much specificity as you can, exactly how these NSL letters have helped to do and accomplish that mission? Ms. Caproni. Again, National Security Letters provide the basic building blocks of an investigation. Starting with phone records, phone records are critical to the counterterrorism agents to figuring out who was connected to whom; and that permits us to trace foreign terror acts that have occurred, obviously, since 9/11 and trace them in to individuals who are in the United States and to determine whether those individuals are up to no good or, in fact, it is just an innocent connection. But for National Security Letters, I don't know how we would do that. They have also been absolutely indispensable in the area of terrorist financing. We have done a tremendous amount of work getting bank records on individuals we believe are funneling money to foreign terrorist organizations overseas. Again, without National Security Letters, could we go through a FISA order? We probably could, but we certainly couldn't do that very efficiently. So a National Security Letter is an efficient way for us to get the basic building blocks of an investigation. Mr. Forbes. Have they stopped any terrorist attacks that you know of that could have possibly happened in the United States? You may not have that information. Ms. Caproni. I am sorry, I don't. Mr. Forbes. Thank you both. Mr. Chairman, I yield back the balance of my time. Mr. Conyers. I thank the gentleman. The Chair recognizes Stephen Cohen, the gentleman from Memphis, Tennessee. Mr. Cohen. Thank you, Mr. Chairman. Stephen, yes. You can call me Stephen. Mr. Conyers. Stephen. Mr. Cohen. Thank you, sir. Mr. Fine, did you do any study of the people whose records were looked at illegally for any similarity in demographics? Mr. Fine. No. We looked at whether they were U.S. persons or non-U.S. persons, but within those persons we did not look at the demographics of those individuals. Mr. Cohen. Ms. Caproni said they were all with investigations that were ongoing. Did you find that to be true, also? Mr. Fine. We could not verify that they were all connected to an ongoing investigation. I know the FBI is trying to do that now. But as part of our audit we could not do that, all that. Mr. Cohen. Do you think it might be a good idea to look at those people to see if there are any demographic consistencies, if there is a group of the American public that might be looked at in a closer manner than others and that might---- Mr. Fine. It is possible. That would be quite an undertaking, and one has to realize a lot are not on individuals but are on telephone numbers. There are certainly consumer credit reports and other things that do relate to individuals. So that kind of review is possible but incredibly intensive and requires additional resources while we are trying to comply with this Committee's and the Congress's directive to do a review of the use of them in 2006 according to the guidelines that were set out here. Mr. Cohen. Thank you. Ms. Caproni, you said that these were all tied to investigations, is that correct? Ms. Caproni. I said I believe that they are all tied to investigations, and that is what we are trying to work through with that unit now. Mr. Cohen. If you find that they are not tied to investigations, could you make a report to this Committee of who those individuals were and why they were--their records were sought when they weren't tied to investigations? Ms. Caproni. Yes, we will provide this Committee with what we find through the course of that special inspection. If I could just say, though, so there is no misunderstanding, the unit at issue typically gets simply a telephone number. So they don't know--that is part of with what they are charged of finding out, is who belongs to this telephone number, what are the toll billings, records for this number. So the name of the person associated with the phone number is typically not part of what CAU does. And for the exigent letters, to my knowledge--again, the special inspection will reveal much more in terms of the ins and outs of what they were doing--they were working off of telephone numbers and not off of names. Mr. Cohen. In the report, it says that some of these violations demonstrated FBI agents' confusion and unfamiliarity with the constraints on National Security Letter authorities. Other violations demonstrated inadequate supervision over the usage of these authorities. This is from Mr. Fine's statement. Ms. Caproni, do you think that these are maybe indices of a systemic problem with the FBI, where the agents have confusion and unfamiliarity with other policies and other laws? And, if so, are you doing something about it? Ms. Caproni. Congressman, that is exactly what I am concerned about. In the discussions that we have had--and I can tell you that we have had a lot of soul searching at the FBI since then. We got an F report card, and we are just not used to that. So we have had a lot of discussions about this. One concern is, are we--most of the agents grew up--the agents my age at the FBI all grew up as criminal agents in a system which is transparent, which if they mess up during the course of an investigation they are going to be cross-examined, have a Federal district judge yelling at them. The national security side occurs largely without that level of transparency. Our concern is and what this report has shown us is that we have simply got to do a better job making sure that, although the actions that are taken in national security investigations are typically taken in secret and they don't have the transparency of the criminal justice system, that that imposes upon us a far higher obligation to make sure that we have a vigorous compliance system, that we have in place the training that is necessary, that we restrain agents, that when agents are working in this area we make sure they know. Mr. Cohen. I think that is what we need. I appreciate your candor. There is some signage in the Capitol and one is a statement by Brandeis, something to the effect that the greatest threats to liberty come from insidious men of zeal, well-meaning but without knowledge or understanding. I think that you will find that if our agents, our FBI agents, even though well-meaning and zealous, don't know what they are doing, that it is a threat to people having faith in the whole system. I hope you will correct that. I feel confident you will. Ms. Caproni. You are absolutely correct. We will. Mr. Cohen. Thank you. Mr. Conyers. I thank the gentleman, Steve Cohen. The Chair recognizes now the gentleman from Virginia, Bob Goodlatte. Mr. Goodlatte. Thank you, Mr. Chairman, and thank you for holding this hearing. Ms. Caproni and Mr. Fine, thank you for your testimony today. These are very serious concerns, and we appreciate your helping us understand how they occurred, why they occurred, and what is being done to correct them. I have several questions I would like to ask, starting with you, Ms. Caproni. In Mr. Fine's report on page 8, paragraph 3, he notes, ``In addition, we found that the FBI had no policy requiring the retention of signed copies of National Security Letters. As a result, they were unable to conduct a comprehensive audit.'' Can you explain why something as important and serious as a National Security Letter would not have a signed copy retained in the records of the Bureau? Ms. Caproni. I can say that there were different processes in different field offices; but, no, I cannot. I mean, there is just no reason why there was not a policy that said you have to keep a copy of the signed copy. What we keep, which is typical of how our records are, is the carbon copy, in essence, which is typically initialed. But, no, in the world of Xerox machines, there is no reason why we had not told people to hang on to a signed copy. Mr. Goodlatte. Mr. Fine, did you draw any further conclusions from that? Do you know why they were not retained? Mr. Fine. They were not retained because there was not a clear policy that was enforced. Mr. Goodlatte. No ulterior motive that you know of? Mr. Fine. I do not believe there was an ulterior motive, but this was an example of an incredibly sloppy practice that was unacceptable. Mr. Goodlatte. I agree. Let me ask you, when did you first learn of the problem with the FBI's improper use of the exigent letters? Mr. Fine. Well, we began our audit, as required by the PATRIOT Reauthorization Act, around the beginning of 2006. As you can see from this report, there are a lot of issues, and we did interviews and document requests and field files. I think sort of the first indications where we learn about it were in the spring or summer of last year, where we had to work through those issues. Mr. Goodlatte. And who did you learn that from? Mr. Fine. We learned it from, I believe, people in the Office of General Counsel, the National Security Law Branch of the FBI, about these issues. I think they are the first people we learned it from, as well as from the review of documents and e-mails and things like that. Mr. Goodlatte. And what steps have you taken to ensure that the practice was stopped? Mr. Fine. The steps we have taken are to inform the FBI about the unacceptability of this practice, to note it, to report it, to let the people who are in charge of the FBI and the General Counsel's Office know about it, and to make a recommendation that it does stop. Mr. Goodlatte. When did you make that recommendation? Mr. Fine. I think we made the recommendation when our report was issued to the FBI in draft; and I think that was in either December or January of this year. It was December of last year or January of this year. Mr. Goodlatte. Ms. Caproni, has that practice been stopped? Ms. Caproni. Yes. Mr. Goodlatte. What steps have you taken to ensure that it does not persist in any of the offices of the FBI? Ms. Caproni. Well, first, we are trying to find out whether it did happen in any office other than the unit at headquarters, and we should know that answer probably by the end of this week or sometime next week. The second thing is that the practice of providing a letter with a promise of future legal process has been banned. And, again, we are also developing a vigorous compliance program to make sure that we do not simply make the rule, but we actually have in place some kind of process to make sure that the rules are being followed. Mr. Goodlatte. Current law authorizes a full credit report request for only counterterrorism investigations. The Inspector General discovered two instances in the same field office of a full credit report request under counterintelligence investigations. How is this being corrected? Ms. Caproni. This is being corrected by--the deputy director ordered a full audit of every counterintelligence file that has been opened since January 1, 2002. This authority went into effect in the PATRIOT Act. So, realistically, we think the earliest one that could have been issued would have been in 2002. So they have to review every file since then in which a Fair Credit Reporting Act NSL was issued and find out if they have any full credit reports. If they do, they need to remove them from their files and report it as a potential IOB violation. Those will, in turn, be reported on to the IOB. Mr. Goodlatte. One last question. In at least one instance, a National Security Letter issued under the Electronic Communications Privacy Act was determined by the Inspector General to be seeking content. How was this remedied, and what steps do your field agents take to delineate between content and transaction information? Ms. Caproni. In that case, there was no need to remedy it because the Internet service provider refused to provide us with any records, so we actually did not have an overcollection. Mr. Goodlatte. Have you remedied the request? I mean, they should not be asking for that. This was a big issue when we wrote the PATRIOT Act, and it was the subject of a great deal of discussion with the Administration about making sure that we had a clear line between what could be requested and what could not be requested. Ms. Caproni. The statute defining electronic communications transaction records actually does not define the term, and there had traditionally been the debate that says that we will leave up to the ISP what is content and what is not. We think that is a trap for the unwary. It is bad for our agents in that we do better with bright lines. And so OGC will establish--we are in the process of making sure that we have a list that makes sense of what is content and what is not. In the abstract, that seems like a very clear line; in practice, it is not. There are some difficult issues because some of the answers revolve around how the ISP keeps their records. So we are working on it. My anticipation is that, within the next week or two, we will have out to the field these records you can seek, these records you cannot seek, and it will be a very bright line. Mr. Goodlatte. Thank you, Mr. Chairman. Mr. Conyers. The gentleman from Georgia, Mr. Hank Johnson. Mr. Johnson. Thank you, Mr. Chairman. In these reports that I have read, it indicates that there were three phone companies that the FBI, particularly the FBI Communications Analysis Unit, the CAU, contracted with three telephone companies between May of 2003 and March of 2004. Who were those telephone companies? Ms. Caproni. The telephone companies were AT&T, Verizon and MCI, which has now been acquired by Verizon. Mr. Johnson. Now, are those contracts still in force at this time? Ms. Caproni. Yes, they are. Mr. Johnson. And are there any other phone companies that are contracted with the FBI through the Communications Analysis Unit or any other unit of the FBI? Ms. Caproni. Not through the Communications Analysis Unit; broader than that, I do not know. We may have contract--not for this sort of information. We may have other contracts with phone companies, but not like this. Mr. Johnson. And nobody put a gun to these telephone companies' heads and made them sign the contracts, did they? Ms. Caproni. No. Mr. Johnson. They were just simply agreements with the FBI and with the phone company? Ms. Caproni. Correct. From our perspective, because these originated--given the volume of our requests, that this permitted us to get our records very quickly. Mr. Johnson. Well, I understand. Then the phone companies received compensation for engaging in this contract with the FBI; is that correct? Ms. Caproni. That is correct. Mr. Johnson. And this compensation, was it merely for expenses or was there profit involved, or you have no way of knowing? Ms. Caproni. I do not know. Mr. Johnson. Really, you do not really care as long as you get the information, correct? Ms. Caproni. Again, from our perspective, the goal was to get the information in a form that is readily usable for us so that we do not have--some phone companies give us paper records. That requires a lot of data. Mr. Johnson. Okay. All right. I understand. Earlier in your testimony, ma'am, you stated that the phone companies were responsible for a lot of the errors that are cited in the compliance with the National Security Letters. Ms. Caproni. We do see third-party errors, correct. Mr. Johnson. You saw a substantial number, and so you are placing upon the phone company the obligation to properly document whether or not there has been a follow-up with an exigent letter? Ms. Caproni. Oh, no, sir. They are two separate things. I do not excuse our lack of recordkeeping in connection with the exigent letters. They did keep the records, which was fortunate. Mr. Johnson. And it is important to note, Mr. Fine, that your analysis of the FBI's compliance with the PATRIOT Act found that there were woefully inadequate mechanisms for the collection of data on these National Security Letters. In other words, the recordkeeping by the FBI was woefully inadequate as far as the issuance and follow-up on these National Security Letters and also the exigent letters; isn't that correct? Mr. Fine. We did find serious and widespread misuse and inadequate recordkeeping, absolutely. Mr. Johnson. Do you have any idea, Mr. Fine, how much the telecommunications companies were paid for their so-called ``contract'' with the Government? Mr. Fine. I do not know, no. Mr. Johnson. All right. Can you, Ms. Caproni, provide my office with that information, along with copies of the contracts between the CAU and the phone companies? Ms. Caproni. I have great confidence that we are going to get a number of questions for the record after this, and I am assuming that will be one of them, and we will respond appropriately. Mr. Johnson. Will it take a subpoena for us to get that information? Ms. Caproni. I do not believe so. I do not know what is in the contract, so I do not know if there are any sensitive issues. Mr. Johnson. Will you provide it to my office? Ms. Caproni. Again, we will respond to questions for the record as they come in. Mr. Johnson. All right. Why, if the NSLs are the FBI's bread-and-butter investigative technique, could the Inspector General only identify one terrorism prosecution out of the 143,074 people whose investigatory information was obtained? Ms. Caproni. Again, Mr. Fine can explain his methodology, but I think the issue and the difficulty of that question is that because there was no congressional--because we were not legally obligated to tag the data, tracing it through is difficult. Mr. Johnson. So 1 out of 143,000. How does that equate to being the bread-and-butter investigative technique for uncovering terrorism by the FBI? Ms. Caproni. Again, we disagree that in only one case did NSL data contribute to a criminal prosecution. Mr. Johnson. But would you say more than 10 or less than 10? Ms. Caproni. I do not know. It is my belief that virtually every counterterrorism case that began in its normal course of affairs is likely to have a National Security Letter used sometime during it. Mr. Johnson. And it is also---- Mr. Conyers. Your time has expired. Mr. Johnson. Thank you. Mr. Conyers. Mr. Johnson, any records that you request will come to the Committee, and then you will be advised. The Chair is pleased now to recognize the gentleman from Florida, Mr. Tom Feeney. Mr. Feeney. Thank you very much, Mr. Chairman. Earlier, Mr. Smith alluded to your illustrious basketball career. I went to the same high school as Mr. Fine. He graduated a few years before me, and I wish I had had a jump shot like Mr. Fine did, but not nearly so much as I wish I would have been able to hit a fast ball like Mr. Reggie Jackson, who graduated a few years before Mr. Fine did. But we thank you for your work. By the way, none of us is the most famous graduate because Benjamin Netanyahu, the former Prime Minister of Israel, is. I had to get that plug in. We are very grateful for your work here, because a lot of us are supporters of the PATRIOT Act, but only with some serious restrictions. And I guess the first question I want to ask you--and I want to remind people that it was the reauthorization of the PATRIOT Act that actually required the report that you have just completed; is that right? Mr. Fine. Yes. Mr. Feeney. And I hope that not just your report but the tenor of the questions from supporters of the PATRIOT Act, as well as the critics, is being listened to very carefully in the Justice Department and in the FBI. We have got to get this balance correct; and nothing could be more critical because some of the most unthoughtful critics of the PATRIOT Act candidly will be the first ones--when there is another 9/11 and when we do not get the information accurately ahead of time to stop, maybe not 3,000 or 4,000 people, but 300,000 or 400,000 people, they will be the first ones jumping on the Administration, the Justice Department and the FBI for not doing its job. But those of us trying to strike a thoughtful balance between civil liberties and the need to protect America from this new threat are very, very concerned about what we have heard, and if the FBI does not take this to heart, we will correct the problem. I do not think anybody could have said it better than Jim Sensenbrenner, who, again, is a supporter of the PATRIOT Act, who said that the overreaching that is apparent here within the FBI is going to erode support, if it has not already, for very important national security initiatives. And I would hope that everybody down at Justice is listening because these are the supporters, people like Lungren, Feeney and Sensenbrenner, who are telling you this is not right, that it cannot continue. Mr. Fine, do you have an opinion as to whether or not the serious problems that you have discovered in initial compliance with the PATRIOT Act are largely because of ambiguities or poorly structured legislation? Is it statutory language that is the problem, largely, here; or is it abuses within the FBI and compliance? Mr. Fine. I do not think it was the statutory language that was ambiguous. I think it was the execution of the policy by the FBI that was woefully inadequate. Mr. Feeney. Just to follow up, can you identify or do your report and investigation lead you to conclude that there are any important statutory improvements we can make? I realize it is not your typical arena to give us advice, but are there any specific pieces of advice that you would give the Congress in terms of oversight or statutory reforms here? Mr. Fine. Well, you are correct, it is not my arena to do that. What I try to do is present the facts to this Committee and to Congress and let the facts lead this Committee and Congress to do what they believe is appropriate. There is one section of the report that does talk about an ambiguity in the meaning of toll billing records. I think there ought to be something done about that, because that was a concern of what that meant, and it should be clarified. I do think---- Mr. Feeney. Could the AG do that, by opinion? Mr. Fine. I do not think so. It has to be done by Congress. I do think that the Committee does need to strike a balance and to sort of balance the need for protections and controls over civil liberties with the need for tools to prevent and detect and deter terrorism. And that is the difficulty in this task, and that is the real concern that we have about how the FBI implemented this. Mr. Feeney. You said you sampled 77 case files, the report indicates. How many case files are there all together, roughly? Mr. Fine. That I could not tell you. Mr. Feeney. Do you believe that the 8,850 failed reportings are systemic and that, if you would extrapolate, we would probably see that elsewhere? Mr. Fine. I do believe that the files we looked at were a fair sample and that there is no reason to believe that it was skewed or disproportionate. We did not cherry-pick them. Mr. Feeney. Do you have any reason to believe that there were more abuses in the 8,850 requests that were not properly reported? Is it any more likely for there to be abuses of civil liberties or of the law or of the AG's rules than the requests that were properly recorded? Mr. Fine. Well, we do not know how many requests were not recorded in the FBI's database. There were problems with the database structurally so that things were not in there. There were delays in entering in the database, so Congress did not get the information, and when we looked at the files, there were NSLs that were in the files that did not go into the database. Approximately--I think it was 17 percent of the ones we found were not in the database. Now, that is a significant number; and now--I know the FBI is trying to find them in the database as we speak, but we have no confidence in the accuracy of that database. Mr. Feeney. Finally, if I could, Mr. Chairman. Ms. Caproni, you alluded to the culture of the FBI, which traditionally, I find, is a crime-fighting institution. Some people have called for an N15 type of intelligence agency with a different culture, and it might be interesting that you take back the interest that some of us in Congress have, that if the FBI cannot change its culture or have a separate culture for intelligence than it has had traditionally, we very much need a different type of institution to get intelligence right, to protect this country on a day-to-day basis. Ms. Caproni. Again, I believe that we can do this. We are going to do this. We can get this right. We are going to get it right. Mr. Feeney. Mr. Chairman, I yield back the balance of my time. Mr. Conyers. Thank you. There was not any left. Mr. Feeney. That is why I did it. Mr. Conyers. I see. Okay, we are now going to recognize the gentleman from California, Mr. Adam Schiff. Mr. Schiff. Thank you, Mr. Chairman. Inspector General Fine, you have said that you did not find that any of the violations were deliberate or intentional, and yet, you also report the issuance of blanket NSLs, which, to me, appear to be an effort to cover up what was recognized to be a flawed issuance of these exigent letters. Given that NSL letters are supposed to be case-specific, the NSLs were a blanket violation of the law, weren't they? How can they be described as unintentional or anything but deliberate? Mr. Fine. I think what you are referring to, Congressman Schiff, is the issuance of what we have heard about of blanket NSLs in 2006. We have not reviewed 2006 yet. We reviewed 2003 to 2005. We have heard about this. It is past the review period, and we are concerned about it, and we will look at that. Mr. Schiff. Well, Ms. Caproni, in your briefing on the Hill last week, you acknowledged that when agents realized that they had been issuing these letters, these exigent letters, saying that subpoenas were forthcoming when they were never forthcoming, that blanket NSLs were issued as a way of basically trying to clear up or cover up or, in other words, make up for the failure to use correct processes in the past. Assuming those are the facts, Inspector, doesn't that show a level of deliberateness and intention that far exceeds what you have described in your report? Mr. Fine. It certainly shows us concern of what were they thinking. They clearly were not following the procedures. They clearly were not providing NSLs in advance or even, quite reasonably, soon thereafter; and it did give us concern. And there were a lot of people who did this. It was done as a sort of routine practice which is, in our view, completely unacceptable. But I think it is important for the FBI to look at this and to interview these people and find out what happened up and down the line. And we will be looking at it, as well, in 2006. Mr. Schiff. Well, even as to the false statements themselves, in these exigent letters that said that subpoenas were forthcoming when they were not, let me ask you, Ms. Caproni, if a local cop in the city of Burbank in my district wrote letters to the phone company, or went out and served letters on the phone company, saying that Federal grand jury subpoenas would be forthcoming, because that local cop wanted to get information that maybe he could not get another way, or could not get as quickly another way, and you learned about this practice, that cop would be under Federal investigation, wouldn't he? Ms. Caproni. Congressman, I really do not know that. I do not think you have given me enough facts to say whether that would or would not be the case. Mr. Schiff. Well, a local police officer acting under the color of Federal law, demanding records, claiming a Federal process that is nonexistent, that would not be an issue for a Federal investigation? Ms. Caproni. It would certainly be troubling, much as the practices that were taking place in the CAU unit are troubling. Mr. Schiff. Well, you know, having worked in the Corruption Section of the U.S. Attorney's Office in L.A., I can tell you it would be more than troubling. You would have FBI agents assigned to investigate that local cop. It does not seem to me to be any different to have FBI agents giving telecommunications providers letters saying that subpoenas are forthcoming when they are not. When did your office discover that these old New York form letters were being used to get information? Ms. Caproni. Sometime in 2006. Mr. Schiff. You know, there is a report in The Washington Post that indicates the head of the Communications Analysis Unit, the same unit that drafted most of these letters, warned superiors about the problems in early 2005. Do you know anything about that? Ms. Caproni. I know what I have read in the paper, and I know that the Inspection Division is going to do a full inspection of this to see what exactly the unit chief said. Mr. Schiff. Well, I am asking you to go beyond what you have read in the paper, and we all know what the IG is going to do. When did you first learn about the fact that the head of the unit that was drafting these letters had warned superiors-- do you know who those superiors are? Ms. Caproni. I do not know who he says he warned. Mr. Schiff. Were you warned by him? Ms. Caproni. No. Mr. Schiff. Do you know if anybody in your office was warned by him? Ms. Caproni. I am not sure that I even necessarily agree that there was a warning. I know that there were--and I knew generally that there were what I understood to be bureaucratic issues within that unit. That did not include---- Mr. Schiff. You keep on describing these bureaucratic issues. I find an interesting kind of mix of an acceptance of responsibility in your statement and a denial of responsibility. You seem to accept responsibility for mistakes others have made, but acknowledge very little responsibility on behalf of the office you run. It is primarily your office that is intended to advise the agents about how to comply with the law, particularly in an area where the courts are not scrutinizing it, as you pointed out, in a process that lacks transparency. Isn't that fundamentally the job of your office? Ms. Caproni. That is fundamentally the job of my office. Mr. Conyers. The time of the gentleman has expired. The Chair recognizes Louie Gohmert of Texas. Mr. Gohmert. Thank you, Mr. Chairman. I appreciate that. I am very pleased that when we renewed the PATRIOT Act, we did insert the provision that would require this Inspector General report so that we could find out this information that is so very important. In your report, your indications, Mr. Fine, were that the FBI did not provide adequate guidance, adequate controls, or adequate training on the use of these sensitive authorities; and that oversight was inconsistent and insufficient. Ms. Caproni, as I understood Director Mueller to say last week, he took responsibility for the lack of training and experience, and that troubled me a great deal. You had indicated earlier that people of, I guess, our generation and especially those in the FBI had grown up with accountability, knowing they could be cross-examined. And yet, it seems that the overzealousness that Mr. Cohen spoke of often is found in maybe new agents who do not have the time on the ground, the experience. Wouldn't you agree that is sometimes found in newer agents who lack the training and experience? Ms. Caproni. I do not know in this case if this is an issue of young agents versus old agents. I just do not know the answer to that. Mr. Gohmert. Well, are you familiar with the new personnel policy that this Director instituted in the FBI that is affectionately, or unaffectionately, called the ``up or out policy''? Ms. Caproni. Yes, sir, I am. Mr. Gohmert. You know, I appreciate the Director last week saying that we welcome more oversight; I appreciate your openness in that regard. But just in my couple years of being in Congress, it seems to me that the FBI, at the very top at least, was not interested in oversight and was set on intimidating anybody who really wanted to pursue that. I know we have one Member of Congress, a former FBI agent, who had indicated to me that--because many of us who are very familiar with many FBI agents, we have been hearing that this policy was causing the FBI to lose some of their best supervisors. The policy is basically--as I understand it, once you have been a supervisor for 5 years, then you either have to move up to Washington or move out, that you cannot be a supervisor; and that we have lost many of our best supervisors, and we just put new, inexperienced people in supervisory capacities. And this was something that Mike Rogers, a former FBI agent and a Member of Congress, wanted to talk to someone about; and when he finally was able to get somebody to agree, in a supervisory position, he goes back to his office and his whole office staff is out in the hall because the FBI has come over and done a sweep of his office that was really unnecessary, and it seemed to be more about intimidation. One of the most outspoken critics of the FBI in the last couple of years has been Curt Weldon, and we know that, back in September-October, the FBI announced, well, gee, he is under investigation just at a perfect time to get him defeated. And so it seems, when we find out that there are all of these 143,000 letters that were inappropriately requested and that, gee, somebody asked tough questions of the FBI personnel and they may very well be the 143,000 and first letter in the next batch inquiring about their own records, that there has not been this desire for oversight, but there has been quite some intimidation. So I am curious, has there been any revisiting of this up- or-out policy to get rid of the best trained and experienced supervisors since this lack of training and experience and inadequate guidance and controls have come to light? Ms. Caproni. Congressman, the period of time covered by Mr. Fine was at a period of time when those supervisors would have still been in place. What we have seen, actually, is that the 5-year up-or-out has encouraged people to bid for and seek promotion to higher positions, which has been a net positive. Now, I know that you have an interest in this, and I know that there were agents who were not happy about the policy. The Director feels very strongly that it is an appropriate policy, that it does move good supervisors up in management so that they have a greater span of control, so that we can further benefit from the skill sets that they have from their tenure at the Bureau. Mr. Gohmert. So the answer is, no, you are not revisiting the policy? Is that your answer? Ms. Caproni. That is correct. Mr. Gohmert. Okay. I just wanted to weed through and get to the answer. Thank you. Now, with regard to these letters, it is deeply troubling because we have been hearing about how important they were in order to get this information. But you know--I mean, we had assurances from everybody from the AG on down that there was adequate oversight, that there was adequate training. What suggestions--since you are not changing any personnel policies, what actual structural policies within the FBI are going to change to make sure that there would be adequate oversight just in case the NSLs were allowed in the future? Ms. Caproni. Again, we are going to do substantially more training. Agents are now being placed into career paths, and they are going to be required, after their time at Quantico, to return to Quantico for sort of a postgraduate period. That will have extensive training for those agents who are on the national security career track. We are also implementing an auditing practice that will include Department of Justice lawyers, inspectors from the FBI, and FBI lawyers to go out and methodically audit the use of the National Security Letters. More generally, we are going to create a compliance program within the Bureau that will be interdisciplinary, and it will make sure that--not just with National Security Letters. I mean, this is one tool, and it is a tool that, as indicated in this report, we need better controls on. Our concern is that there may be other things that we need to make sure that we have gotten better controls on, that we think we have given perfectly clear guidance on, but in terms of execution in the field, we have got some problems. So, again, I cannot say enough that we take this report extremely seriously. We know we have got issues. We know we have got problems. The Director and upper management are absolutely committed that we are going to fix this. Mr. Conyers. Your time has expired. Mr. Gohmert. Thank you, Mr. Chairman. Mr. Conyers. Mr. Artur Davis from Alabama is recognized. Mr. Davis. Thank you, Mr. Chairman. Ms. Caproni, give me your best legal assessment. Would the exclusionary rule apply to any evidence obtained from the improper issuance of these letters? Ms. Caproni. Probably not, but I have not, quite frankly, given that a great deal of thought. It is not a fourth amendment violation. The exclusionary rule clicks in when you have got a fourth amendment violation. These records are being held by third-party businesses, so it is not a fourth amendment problem. Mr. Davis. Well, would there not be fourth amendment implications if information were obtained as a result of the improper use of Federal statutory authority? Ms. Caproni. There would be other problems, but I do not think there is a fourth amendment problem. Mr. Davis. Well, do you think that there would be a practical problem? A classic hypothetical: If a National Security Letter were improperly issued, and it turned out later on there was perhaps a valid basis for the issuance of a warrant, wouldn't that possibly be compromised or wouldn't the emergence of a valid basis later on be compromised by the misuse of an NSL? Ms. Caproni. Again, I am always leery of responding to hypotheticals. All I can say is, there is no--we are not minimizing this. We do not want any improper use---- Mr. Davis. So you are not sure. Let me follow up on Mr. Schiff's questions. Are you familiar with the name Bassem Youssef? Ms. Caproni. Yes, sir, I am. Mr. Davis. Mr. Youssef, as I understand it, was in charge of the Communications Analysis Unit at the Bureau; isn't that right? Ms. Caproni. He was, beginning in the spring of 2005. Mr. Davis. Is it accurate that Mr. Youssef raised concerns about the misuse of the NSLs to his superiors? Ms. Caproni. That will have to be determined through the inspection. I do not know the answer to that question. Mr. Davis. Well, you know that that has been reported, and I assume, Mr. Fine, neither you nor Ms. Caproni has any basis to dispute what Mr. Youssef's lawyers are saying about his making that report. Ms. Caproni. I would note that Mr. Youssef is in litigation with the FBI. Mr. Davis. That is not what I asked you. I asked you if you had any basis to dispute this report. Ms. Caproni. I do not know one way or the other. Mr. Davis. Mr. Fine, do you have a basis to dispute that there were complaints raised by the former head of the Communications Analysis Unit? Mr. Fine. We did not review what he did, what he---- Mr. Davis. Mr. Fine, how is it possible that you did not review the fact that the former head of the unit raised questions about the misuse of the NSLs? How is it remotely possible that was not reviewed? Mr. Fine. We reviewed what happened in that unit and what was issued; and we did review the discussions that occurred between the Office of General Counsel, and that included---- Mr. Davis. Mr. Fine, the head of the unit--not a secretary, not an intern, not a line officer--but the head of the unit raised concerns. How is it possible that you did not conduct an interview of Mr. Youssef? Mr. Fine. We did interview Mr. Youssef, and we did not hear that concern from him. And, in fact, from the interview of Mr. Youssef and also from the review of the records, we saw that he had signed a letter. And many letters were signed---- Mr. Davis. Are you disputing that Mr. Youssef complained about the improper issuance of NSLs? Mr. Fine. To his superiors? Mr. Davis. Yes. Mr. Fine. I do not know that. I do know---- Mr. Davis. Did you ask him? Mr. Fine. I do not believe we--I am not sure whether we asked that question, but---- Mr. Davis. Mr. Fine, how do you possibly not ask the head of the unit if he had any concerns about whether or not the statute was followed? How does that possibly not come up as a question? Mr. Fine. We did ask him, and we questioned him extensively, our attorneys did, about the communications between the Office of General Counsel, which was that---- Mr. Davis. Well, did he say that he raised questions? Mr. Fine. Not that I am told, no. Mr. Davis. Not that you remember or not that you were told? Which one? Mr. Fine. Well, I actually did not do the interview, but let me just check. [Brief pause.] Mr. Davis. While you are working on the answer to that, Mr. Fine, the rather obvious observation is that I hope that your time to get the answer is not taken out of my time. If you have the head of the Communications Analysis Unit raising questions about how that unit does its work, it is a little bit amazing to me that you are having to search your memory as to what happened during the interview. But let me move on. Mr. Fine. Well---- Mr. Davis. Is it true--well, my time is limited, Mr. Fine. Is it true that Mr. Youssef won the Director of Central Intelligence Award in 1995 for his work infiltrating the group that tried to blow up the Trade Center in 1993? Mr. Fine. I have heard that. Mr. Davis. Do you have any reason to dispute it? Mr. Fine. No. Mr. Davis. Is it true that Mr. Youssef was the legal attache to Saudi Arabia during the time that the Khobar Towers bombing was being investigated? Mr. Fine. I have no reason to dispute that. Mr. Davis. Is it true that Mr. Youssef received outstanding personnel evaluations during that time? Mr. Fine. I have no reason to dispute that. Mr. Davis. So you have someone who was the head of a unit, who had won awards for his intelligence work, who apparently received superior evaluations, raising concerns about how his unit was being conducted; is that accurate? Mr. Fine. I am not sure it is accurate. I am not---- Mr. Davis. What is inaccurate about it? Mr. Fine. What is inaccurate is that it is not clear what concerns he raised and what he did to stop this. And we did look---- Mr. Davis. Again, Mr. Fine--I know my time is up. If the Chairman would indulge me for one question. I guess I am searching for what is opaque about this. This gentleman was in a very important position; he was in charge of the unit. You admit that you interviewed him, but your memory seems foggy as to what you asked him, and your memory seems foggy as to whether or not he raised concerns to his superiors and what the concerns were. I cannot imagine a more important interview that you could have conducted. Mr. Fine. We did conduct that interview, and we went over extensively what the concerns were between him and the General Counsel's Office and the attempts to put the exigent letters-- -- Mr. Davis. Who did he raise these concerns with? Mr. Conyers. The gentleman's time has just about expired. What I would like to do is to give the Inspector General an opportunity to fully finish his answer. Mr. Fine. We did interview Mr. Youssef, Congressman, and we did not find that, as a result of his actions, the problems were corrected. We did find, through review of the NSLs, that he signed one, that under his leadership these exigent letters continued; and we saw the efforts between the Office of General Counsel and the CAU to correct this, which did not occur, and we did not see that he put a stop to this. However, we did not do---- Mr. Davis. Was he of the power to put a stop to it? Mr. Fine. He was the head of the unit. Mr. Conyers. Just a moment. If my colleague will suspend, I want him to be able to complete his answer before we go on to the next Member. Mr. Fine. We did not see that this practice was stopped during his time. There was an attempt to sort of provide NSLs reasonably soon after the exigent letters, but the exigent letters continued. And it is important to determine who did what, when and how; and the FBI is going to do that, and we are going to look at that very carefully, as well. But our review was not to look at everybody's actions up and down the line, including his or others' to determine what steps each one of them took. What we tried to do is present the problem and the issue and make sure that it stopped as a result of it. Mr. Conyers. The gentleman's time has expired. The Chair recognizes Darrell Issa, the gentleman from California. Mr. Issa. Thank you, Mr. Chairman. I guess I will start off slowly and just follow up on Mr. Gohmert for a second. It does seem amazing that an organization of excellence, as the FBI has historically been, would adopt a ``We have got to get you to the Peter Principle achievement level with this up-or-out policy,'' and I would strongly second Mr. Gohmert, what I think he was saying, which is, if you have people who can be very good at what they do at the beat levels, so to speak, of the FBI in various positions--if they can, in fact, be superb leaders at a level that they are comfortable and, quite frankly, in a community that they are comfortable living and working in and building more capability, rapport and analysis capability and you adopt an up-or-out program--what you do is, you force them either to leave because they do not want to leave communities they are attached to or, quite frankly, you force them to a management level they may not be comfortable with. It is bad enough that the Army will not allow a great company commander to continue being a company commander and must force them to a staff position somewhere where they endlessly see papers in the hopes that they someday will get a battalion command, but there is a certain amount of history there. I strongly suggest that the FBI should not have a history that people doing a good job at a given level be forced on. Having said that, that is a management decision that the next Administration hopefully will straighten out. Speaking of management decisions, General Fine, I am a little shocked that under this Attorney General, this Administration seems to look at violations of constitutional rights for limited capabilities that we have granted from this body, as the general counsel said, ``troubling.'' If what the FBI did was done by a private sector individual, wouldn't the FBI be arresting them? Wouldn't the U.S. attorneys be prosecuting people who played fast and loose with these rules? Mr. Fine. It depends on the intent involved and what happened. Mr. Issa. Okay. Let me back up. If there were a pattern over time, as there is, of abuses piling up to where it was clear that people knew it was happening--even some people clearly made comments that it should not be happening, that it was inconsistent with the law, but it continued--isn't that a poster child for the FBI and for the U.S. Attorney's Office to criminally prosecute people who do these things? Mr. Fine. Again, if there were an intent to do that as opposed to a pattern of negligence, and also a knowledge of this, and we went in and looked at it after the fact and found all sorts of problems and compiled a 126-page report which lays it out in black and white, and it is, you know, a serious, serious abuse. But at the time, were they aware of it? Did they know about that and what their intent was? That is much harder to say. We did not find evidence of criminal misconduct, but we certainly found evidence---- Mr. Issa. Wait a second. Wait a second. Piling up evidence that crosses the guidance we allow to pile up that evidence, and you are saying that it is not criminal? Mr. Fine. Well, you have to look at the individual allegations as well. We looked at the files. We found in several files, in many files, that there were no abuses. We found in others that there were problems with them. Mr. Issa. But there are no prosecutions and no dismissals; is that correct? Mr. Fine. Well, there are no prosecutions. The FBI is looking at the evidence right now to see what people knew and what they did not, whether it was because of any intentional conduct that they knew they were doing wrong. We did not see that, but we did not do a review where we asked each individual, ``What did you do and why?'' we did a review of--an audit of this to lay out the problems for the Congress. Mr. Issa. Well, I would suspect that I join the Chairman and many Members on both sides of the aisle in saying, I have serious doubts about whether or not the Congress can continue to extend capabilities that are not 100 percent adhered to and there are no significant results when they are not adhered to, and then not feel that what we are doing is giving the FBI the ability to violate people's constitutional rights. You know, I heard today, well, geez, we would not exclude this--and Congressman Schiff brought it out--we will not exclude this information even though we played fast and loose; and we will not dismiss and we will not prosecute. Well, with all due respect, from the Attorney General on down, you should be ashamed of yourselves. We gave--we stretched what we could give in the PATRIOT Act. We stretched to try to give you the tools necessary to make America safe, and it is very, very clear that you have abused that trust, and when the reauthorization of the PATRIOT Act comes up or any bill coming down the pike, if you lose some of these tools, America may be less safe, but the Constitution will be more secure, and it will be because of your failure to deal with this in a serious fashion. I yield back. Mr. Conyers. Thank you very much. The Chair recognizes Keith Ellison, the gentleman from Minnesota. Mr. Ellison. Thank you, Mr. Chair. Mr. Fine, I want to talk to you about your report recommendations starting with the exigent letters. Wouldn't it be better simply to adopt the FBI's practice, current practice, of simply banning the use of exigent letters? I notice that in your recommendations, or in what I believe are your recommendations, your suggestion is to take steps that the FBI not improperly use the letters, but why not just say ``no exigent letters''? Mr. Fine. Well, there should not be an exigent letter of the sort that they use. There is a process under the statute to get emergency information under certain conditions, and that is the way they ought to do it. So that is a proper use of such a request. They surely should ban the way they did it in the past. Mr. Ellison. And that would be a change by statute or a rule change? Mr. Fine. Well, it does not need to be a statute. There is a statute that allows voluntary disclosure if there is an imminent threat and danger to the safety of an individual or others, and if there is that exigent circumstance, they can get the information and use such a letter. But what they should not do is combine it with an NSL the way they did it in the past. They ought to completely separate that and follow the statute. Mr. Ellison. Right. So what you are saying is that the practice in which the FBI was using the exigent letters combined with the NSL was--if the statute were properly followed, then there would not be the problem that we see today; is that right? Mr. Fine. That is correct. Mr. Ellison. Now, what sort of sanctions do you think should be applied, given the way that the FBI did use the NSL and the exigent letters? Mr. Fine. I think the FBI ought to look at this and look at the individuals involved and find out if they inappropriately and knowingly misused the authorities. They ought to take appropriate action against individuals, either management individuals who allowed it to occur or individuals in the field; and if they had poor performance, that ought to be assessed as well. So I think that ought to be something that the FBI is looking at. But I do not think they ought to say that simply because there was a misuse of the statute inadvertently that that would necessarily require misconduct charges against them. Mr. Ellison. Right. Well, you know, part of the problem here is that the very nature of the act that allows for the expanded use of the NSL is below the radar, and so it, by nature, lacks transparency, which is why people are so upset that the abuses took place. But I guess my next question is, another recommendation that you have made is that there be greater control files for the NSLs. How would you envision that working? Mr. Fine. No. There should be greater controls on the use of NSLs. They ought to make sure that the people know when they can be used and under what statute they can be used. There need to be signed copies of the NSLs so that there can be an audit trail. They have to be connected to an investigative file, not a control file. Mr. Ellison. Excuse me. I am sorry, Mr. Fine. Do you see this as essentially a training problem? Mr. Fine. I think it is a training problem. I think it is a supervision problem. I think it is an oversight problem. And I think it is a lack of adequate internal controls and is an auditing problem as well. Mr. Ellison. Now, that brings me to the few questions I had for Ms. Caproni. Ms. Caproni, do you have the staff to make all of the changes that are needed in order to have this program work properly? Ms. Caproni. I would always like more resources. Mr. Ellison. No. I am asking you--that is not my point. My question is, in order to--we could just simply go back to status quo, anti--back to pre-PATRIOT Act where NSLs were authorized, but not the expanded use of them that we have now. That could be one way to simply solve this problem. But my question is, at this time, do you have the staff to provide the training, to provide the controls that are called for by the recommendations? Ms. Caproni. I do. We are going to get some more staff that we have already discussed. We are going to get some analytic help, because we think that some of this would have been detected if we had had good analytic help so that we could see trends. But I think that we have enough lawyers. I think we can do what needs to be done. We are going to have assistance from Department of Justice lawyers for some of this, but I think we have sufficient resources. Mr. Ellison. Ms. Caproni, if you have the sufficient resources, why didn't you use them before? I mean, I guess the question that comes up in my mind is that you either do not have the resources to effectuate the changes that have been recommended or you do. And if you do, why weren't they applied? Ms. Caproni. This report told us a lot that we just did not know. I mean, I will fall on that sword again, which is that we learned a lot from this report, and we are going to make changes. I think I have got the personnel to do it. I think we have got the resources. We are going to make the resources available. This is important to us. It is important to us to regain the confidence of the American people and to regain the confidence of this Committee. You are one of our oversight Committees, and you are very important to us, and we are not-- trust me, I am not happy that we have this report and that I am in the position of saying, you know, we failed. Mr. Ellison. Ms. Caproni, if I could just go back to Mr. Fine. Mr. Fine, one of the changes that was made in the PATRIOT Act was to say that, I think, people other than headquarters officials could issue these letters. Should the authority for the issuance of the letters be retracted to what it was before the PATRIOT Act? Mr. Fine. I am not sure of that, and I do not want to necessarily give legislation that should occur. I do think it is important, if that authority is out there, that it has to be overseen; and bringing things back to headquarters may or may not be the answer. As you will recall in the September 11th attacks with the Moussaoui case, one of the concerns was headquarters was controlling the field too much, and so there are considerations on both sides of this issue. I do think that when it does go out there, it has to be used appropriately and overseen appropriately. Mr. Ellison. But if you had a narrower route through which these letters were authorized, wouldn't you have greater accountability? Mr. Fine. You could. You could have greater accountability. On the other hand, the effect of this could be diminished significantly, so I think that is the balance that has to be struck. Mr. Conyers. The time of the gentleman has expired, but I would like to say to Mr. Ellison that he has raised a point that we need to try to figure out at this hearing: Are there in existence the resources that are required and needed to reveal all of these people who have been abused or who have been violated by this system? For this hearing to close down--the gentleman from California, Mr. Berman, will be recognized next--without our having figured out, for example, that we do not have anywhere near the resources, as I have been talking with the gentleman from California, Mr. Lungren, about, either in the Federal Bureau of Investigation or in the Office of the Inspector General. If resources do not exist here, we may end up very well correcting everything from this point on, but how many thousands of people will have been violated to whom we will all be saying, from now on, not to worry, that it is all over with? That is a troubling consideration, Mr. Lungren, that we have had under discussion, that I am still looking for the answer to. So I recognize the gentleman from California, Mr. Berman. Mr. Berman. Well, thank you very much, Mr. Chairman. Mr. Fine, section 126a of the PATRIOT Act requires that not later than 1 year after the date of enactment of this act the Attorney General shall submit to Congress a report on any initiative of the Department of Justice that uses or is intended to develop pattern-based data-mining technology. The 1-year deadline expired on March 9th of this year. To my knowledge, we have not received this report. Can you give us an update on the progress of this report? Mr. Fine. From the Attorney General, no, I cannot give you progress. That is not my office. But I certainly can bring back that question to the Department. Mr. Berman. But I thought---- Ms. Caproni. Congressman, I, unfortunately, can tell you. Yes, it was not submitted on time. I think we sent a letter indicating that it is still being worked on. I saw a draft going back across between us and the DOJ, so it is being worked on. Mr. Berman. Okay. Well, then, let me ask you. As I understand the audit that the Inspector General has undertaken, information from the National Security Letters is routinely added to the FBI's internal automated case system, which has about 34,000 authorized users; and then it is periodically downloaded into the Investigative Data Warehouse, which has approximately 12,000 users. Is it possible that other agencies of the Federal Government, or anywhere, are using information in that Investigative Data Warehouse for data-mining purposes? Ms. Caproni. For data-mining purposes, I do not know the answer to that. I mean, they could get access to it as appropriate for their agency. Mr. Berman. So it is possible? Ms. Caproni. I do not know the answer. I do not know. Mr. Berman. You do not know if it is possible, or you do not know if they are? Ms. Caproni. I do not know what they are doing with it, and I do not know what rules and restrictions govern them, so I just cannot answer that question. Mr. Berman. Well, let me get one thing clear. Is the report that we are awaiting an Inspector General's report or an Attorney General's report? Ms. Caproni. An Attorney General's. Mr. Berman. An Attorney General's report. All right. So will that report include the data-mining of information in the Investigative Data Warehouse by agencies not within the Justice Department? This report that you have seen circulating, will it include the data-mining of information by other agencies from the Justice Department's Investigative Data Warehouse? Ms. Caproni. It does not, but I do not know whether that means that no such activities are occurring or because it is not within the scope of the request. Mr. Berman. Well, since I was involved in this language, we think that since the database is under the purview of the Department of Justice, the use of it by other agencies would be included in that report under section 126a. Ms. Caproni. I will make sure that the people at DOJ understand that that is your interpretation of it. Unfortunately, I have been in the world of NSL and this report, and I have not been in the world of the data-mining report, so I just have not read it, so that is why I cannot answer your question. Mr. Berman. So you have not been personally involved in determining whether other agencies are being cooperative on how they are using the data from the--I take it you do not. Ms. Caproni. I do not. I just have not been involved in it. Mr. Berman. If you, subsequent to this hearing, could get that information and pass it on to me, I would be very grateful. Ms. Caproni. Certainly, I can. Mr. Berman. The information about whether the report will talk about other agencies' use of the Justice Department's Investigative Data Warehouse for data-mining purposes. Ms. Caproni. Again, I will make sure that the Department understands your position. Mr. Berman. Thank you. Mr. Lungren. Would the gentleman yield to me---- Mr. Berman. I would be happy to. Mr. Lungren [continuing]. So I could ask a question? Ms. Caproni, one question just came to mind, and that is, part of this testimony today has talked about how agents in the field and special agents in charge in the field did not get the proper legal advice from, I presume, people who report to you, that they were not challenged as to the legal sufficiency of the NSLs or of the exigent letters; is that correct? Ms. Caproni. I think that comment was relative to the lawyers in the field, who actually do not report to me. Mr. Lungren. Whom do they report to? Ms. Caproni. They report to the special agents in charge. They report to their field office head. That is one of the things that Mr. Fine has suggested that we look at, and that is actively under discussion at the Bureau right now, whether that reporting structure should change. Mr. Lungren. So they do not report to you at all? Ms. Caproni. No, sir, they do not. Mr. Lungren. So they were on their own in the advice they were giving of a legal nature to the agents and to the special agents in charge to whom they report? Ms. Caproni. On a reporting basis, they do not report to me. I do not supervise them. I am in charge of the legal program. So we provide the CDCs. That is their title. We provide them with substantial legal advice, and they frequently call us when they have questions, but I do not rate them, and they do not report to me. I do not hire them; I do not fire them. Mr. Lungren. I know, but what I am trying to figure out is, if these attorneys report to the SAC, does that make it more difficult for them to tell the SAC that he or she is wrong when they are asking for one of these letters? Ms. Caproni. That is the concern that Mr. Fine has raised. I mean, I---- Mr. Lungren. Well, do you share that concern? Ms. Caproni. I do share that concern. Mr. Lungren. Could that be one of the real problems we have got here? Ms. Caproni. I will say there are arguments both ways, Congressman. It is not--and the reason I say that is because I report to the Director of the FBI, and I do not have any problem telling the Director of the FBI my legal advice; and if he does not like it, it is still my legal advice. That is what the CDC should be doing, but whether they---- Mr. Lungren. My experience has been that the SACs are pretty important people in their various offices, and most people generally think they are the top dogs, and we have this problem where, apparently, good legal advice either was not given or was not accepted, and maybe that is something we ought to look at if you folks will not look at it. Ms. Caproni. Again, we are actively looking at that very question of whether the CDC reporting structure should change. Mr. Lungren. And I thank the gentleman from California for yielding, although he is not here to receive it back. Mr. Conyers. I thank you all. The gentleman from Minnesota had one last question that I have agreed to entertain, if you will. Mr. Ellison. Thank you, Mr. Chair. My question is, of all of the letters that have been issued and of all of the inaccurate and improper data that has been set forth, clearly some information came back; and in the cases where individuals' information was obtained in violation of the rules and of the statutes, what has happened? Have these individuals been notified? What recourse do they have? What is the story on the people? Ms. Caproni. The people are not notified. Their records are removed from our databases, and the records are destroyed. Mr. Fine. That is correct. Mr. Conyers. Thank you very much. Ladies and gentlemen, this has been an excellent hearing. We thank the witnesses for continuing in an extended period of examination. We will all be working together. There are 5 legislative days in which Members may submit additional questions to you and send them back as soon as you can. We also want to enter into the record Caroline Fredrickson's statement on behalf of the American Civil Liberties Union, Congressman Coble's Department of Justice facts sheet release. We also have The New York Times, which officially alerted the FBI to rules abuse 2 years ago, dated March 18th. And we also have a letter being hand-delivered to the general counsel, dated today, March 20th, which asks her for additional information. The record will be open for 5 additional days, and without any further business before the Committee, the hearing is adjourned. We thank you for your attendance. [Whereupon, at 12:45 p.m., the Committee was adjourned.] A P P E N D I X ---------- Material Submitted for the Hearing Record Prepared Statement of the Honorable Sheila Jackson Lee, a Representative in Congress from the State of Texas, and Member, Committee on the Judiciary
Prepared Statement of the Honorable Linda T. Sanchez, a Representative in Congress from the State of California, and Member, Committee on the Judiciary
Response to Post-hearing questions from Glenn A. Fine, Inspector General, U.S. Department of Justice
Post-hearing questions posed to Valerie Caproni, General Counsel, Federal Bureau of Investigation, from Chairman John Conyers, Jr.\1\ --------------------------------------------------------------------------- \1\ At the time of publication, responses to post-hearing questions posed to Valerie Caproni had not been received by the Committee on the Judiciary.
Letter from Richard C. Powers, Assistant Director, Office of Congressional Affairs, Federal Bureau of Investigation
Prepared Statement of Caroline Frederickson, Director, Washington Legislative Office, American Civil Liberties Union (ACLU) On behalf of the American Civil Liberties Union, its more than half a million members and activists, and 53 affiliates nationwide, I thank Chairman Conyers and ranking member Smith for holding today's hearing on FBI abuse of National Security Letters. Over five years ago, in the wake of the terrorist attacks of September 11, 2001 Congress passed the USA Patriot Act,\1\ giving the FBI extraordinarily broad powers to secretly pry into the lives of ordinary Americans in the quest to capture foreign terrorists. One of the changes the Patriot Act made was to expand the circumstances in which National Security Letters (NSLs) could be issued so that the information sought with such letters would no longer have to pertain to an agent of a foreign power, and would no longer be limited to the subjects of FBI investigations.\2\ An NSL is a letter that can be issued by Special Agents in Charge (SAC) of the FBI's 56 field offices--without any judicial review--to seek records such as telephone and e-mail information,\3\ financial information, and consumer credit information. --------------------------------------------------------------------------- \1\ Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001, Pub. Law No 107-56, 115 Stat. 272 (2001)[Hereinafter Patriot Act]. \2\ Id., section 505. \3\ Telephone and e-mail information that can be obtained with NSLs includes historical information on calls made to and from a particular number, billing records, electronic communication transactional records and billing records (including method of payment), and subscriber information. --------------------------------------------------------------------------- The four NSL authorizing statutes include the Electronic Communications Privacy Act,\4\ the Right to Financial Privacy Act,\5\ the Fair Credit Reporting Act,\6\ and the National Security Act of 1947.\7\ Subsequent legislation expanded the types of institutions from which records could be sought using NSLs. The Intelligence Authorization Act for Fiscal Year 1996,\8\ amended the FCRA to give the FBI authority to obtain credit header information with NSLs, and a provision of the Patriot Act, expanded this power to allow the FBI and other government agencies that investigate terrorism to obtain full credit reports.\9\ The Patriot Act also reduced the standard necessary to obtain information with NSLs, requiring only that an SAC certify that the records sought are ``relevant'' to an authorized counterterrorism or counter-intelligence investigation. --------------------------------------------------------------------------- \4\ 18 U.S.C. section 2709 (1988). \5\ 12 U.S.C. section 3401 (2000). \6\ 15 U.S.C. section 1681 et seq. (1996). \7\ 50 U.S.C. section 436(a)(1)(2000). \8\ Pub. Law No. 104-93, section 601(a), 109 Stat. 961, codified at 15 U.S.C. section 1681u (Supp.V. 1999). \9\ Patriot Act section 358(g)(2001). --------------------------------------------------------------------------- The ACLU opposed these unwarranted expansions of NSL power, and opposed making provisions of that statute permanent with the Patriot Reauthorization Act of 2005,\10\ fearing these unnecessary and unchecked powers could be too easily abused. When Congress reauthorized the Patriot Act, it directed the Department of Justice Inspector General (IG) to review the effectiveness and use of these expanded authorities and one of the first of these reports, a review of the FBI's use of NSLs, was released on March 9, 2007.\11\ --------------------------------------------------------------------------- \10\ USA PATRIOT Improvement and Reauthorization Act of 2005, Pub. Law No. 109-177, 120 Stat. 192 (2006). \11\ Office of the Inspector General, A Review of the Federal Bureau of Investigation's Use of National Security Letters, March 2007, http://www.usdoj.gov/oig/reports/FBI/index.htm (Hereinafter IG Report). --------------------------------------------------------------------------- The IG's audit confirms our worst fears: that the FBI uses its NSL authorities to systematically collect private information about people who are not reasonably suspected of being involved in terrorism, and it retains this information indefinitely. The FBI ignored the scant requirements of the law and developed shortcuts to illegally gather information the FBI wanted from telecommunications companies and financial institutions. It did this without opening the investigations for which, by law, this information must be sought or be relevant to, and often without ever bothering to secure the NSLs or grand jury subpoenas it told these telecoms and financial institutions it would secure to support its claim of access to sensitive customer information.\12\ This should be of great concern to all Americans, because the IG found the FBI is increasingly using this power against U.S. persons.\13\ And despite the issuance of more than 140,000 NSL requests, the IG report documents only one terrorism conviction--for providing ``material support'' for terrorism--and only 153 ``criminal proceedings'' resulting from the extensive use of this power.\14\ ``Criminal proceedings'' is defined as all federal grand jury proceedings, as well as search warrants, indictments and trials.\15\ --------------------------------------------------------------------------- \12\ IG Report at 94. \13\ IG Report at 38. \14\ IG Report at 63, 64. \15\ IG Report, footnote 103, p. 62. --------------------------------------------------------------------------- For over five years the Federal Bureau of Investigation has collected vast troves of data in secret and without accountability. I hope this hearing is only one of many to reestablish checks and balances on the executive branch and curb its many abuses of power. The ACLU asks this committee to hold the FBI and this administration accountable for these abuses and to make statutory changes that will ensure that they cannot happen again. THE INSPECTOR GENERAL'S FINDINGS Despite statements to the contrary, the Inspector General found much more than just sloppy management and poor record keeping. The Inspector General's report documents systematic failures to meet statutory requirements, and at times, intentional refusals to comply with the law. Intentional Violation of the NSL Statute Most disturbingly, the Inspector General's report shows that the FBI's Communications Analysis Unit (CAU) declared itself unconstrained by the NSL statutes--arguing that the law was ``insufficient'' for CAU's purposes--and it contracted directly with three telephone companies to access information illegally.\16\ The information included telephone toll and call detail records and the contract specified that the telephone companies would provide ``near real-time servicing'' of these requests. The contracts were approved by the FBI's Office of General Counsel (OGC), and fulfilled by issuing so-called ``exigent'' letters that were used even when no exigent circumstances existed.\17\ The IG was able to confirm the use of 739 exigent letters to obtain information on 3,000 telephone accounts, in the clear absence of statutory authority to do so.\18\ The true number is unknown because the FBI does not keep adequate records. That FBI Office of General Counsel procurement attorneys were involved with these contracts confirms that the telecommunication companies were paid for their cooperation and silence, and confirms that contrary to the IG's assertion that the FBI's use of ``exigent'' letters was undertaken without the benefit of advance legal consultation,\19\ FBI lawyers were instrumental in establishing this illegal process. --------------------------------------------------------------------------- \16\ IG Report at 88. \17\ IG Report at 92. \18\ IG Report at 90. \19\ IG Report at 97. --------------------------------------------------------------------------- CAU staff, who were not authorized to sign NSLs, used ``exigent'' letters containing obviously false statements to obtain documents from the telephone companies when no authorizing investigation was open, when no NSLs or subpoenas had been requested, and when no emergency situation existed.\20\ They then asked FBI field offices to open investigations so NSLs could be issued without telling the field office personnel that CAU staff had already received the records,\21\ a clear indication that they knew what they were doing was improper. FBI National Security Law Branch (NSLB) attorneys were made aware of this issue in late 2004, possibly through complaints from field agents who resisted CAU's directives, and an NSLB Assistant General Counsel concluded that the practice of using ``exigent'' letters did not comply with the NSL statute. Yet, rather than prohibiting the practice outright, the NSLB attorney counseled CAU for two years regarding how and when CAU officials should use them. Regardless of this advice, CAU continued using these ``exigent'' letters, and the practice wasn't ``banned'' until the IG issued its report.\22\ Even today the FBI is unable to determine whether data requested with ``exigent'' letters was ever covered with properly issued NSLs or subpoenas.\23\ --------------------------------------------------------------------------- \20\ IG Report at 92. \21\ Id. \22\ FBI letter to Inspector General Glen Fine dated March 6, 2007 included in the appendix of the IG Report. \23\ IG Report p. 91. --------------------------------------------------------------------------- And the issuance of ``exigent'' letters was only one of the illegal methods the FBI used to circumvent the NSL statutes. Using a similar scheme, the Terrorist Financing Operations Unit issued ``Certificate Letters'' to obtain the financial records of at least 244 named individuals in violation of the Right to Financial Privacy Act.\24\ Again, agents without authority to issue NSLs used these letters to circumvent the law and gain access to private financial records, and then lied about it when confronted by NSLB attorneys. When the NSLB attorneys realized they had been misled they ordered the practice halted, but it did not stop.\25\ This sequence reveals what can only be described as clearly intentional misconduct. --------------------------------------------------------------------------- \24\ 12 U.S.C. section 3401 (2000). See IG Report at 115. \25\ IG Report at 117. --------------------------------------------------------------------------- In other instances NSLB attorneys actually signed NSLs without reference to any authorized investigation, and more than 300 NSLs were issued out of an FBI control file that was opened specifically because there was not an authorized investigation from which to issue an NSL for the data the FBI wanted.\26\ --------------------------------------------------------------------------- \26\ IG Report at 100. --------------------------------------------------------------------------- Increasing Collection of Data on U.S. persons When Congress expanded the FBI's authority to use NSLs, it required FBI officials to certify that the information sought with these letters is relevant to an authorized investigation. By instituting this requirement, Congress clearly intended for NSLs to be a targeted investigative power, rather than a broad power that could be used to cast a wide net. But, the IG report makes clear this is not how the FBI is using its NSL authorities. In one example, nine NSLs were used to obtain records for 11,000 different telephone numbers. And, agents and analysts often didn't even review the data they received from NSLs. They simply uploaded it into computers.\27\ The IG found information received from NSLs is uploaded into three separate FBI databases, where it is retained indefinitely and retrievable by tens of thousands of FBI and non-FBI personnel,\28\ even if the information exonerates the subject from any involvement in terrorism.\29\ Despite this extraordinary collection effort, the IG was able to document only one terrorism conviction resulting from the use of NSLs.\30\ Clearly NSLs are not being used as targeted investigative tools. --------------------------------------------------------------------------- \27\ IG Report at 85. \28\ IG Report at 28, 30, and 110. \29\ IG Report at 44. \30\ IG Report at 64. --------------------------------------------------------------------------- The IG also expressed concern that the FBI allows agents to use NSLs to access information about individuals who are ``two or three steps removed from their subjects without determining if these contacts reveal suspicious connections.'' \31\ The fact that NSLs are being issued from control files and ``exigent'' letters are being used by analytic units at FBI Headquarters suggests that this tool is not being used in the manner Congress intended. Despite the FBI's claims that NSLs are directed at suspected terrorists, the Inspector General found that the proportion of NSLs issued to obtain information on Americans is increasing. In fact, the majority of NSLs the FBI issued in 2005 were used to obtain information about U.S. persons (American citizens and lawful permanent residents of the U.S.).\32\ --------------------------------------------------------------------------- \31\ IG Report at 109. \32\ IG Report at 38. --------------------------------------------------------------------------- Datamining Neither the NSL statutes nor Department of Justice policy require the FBI to purge from its databases sensitive personal information about persons who are found to be innocent and not tied to foreign powers.\33\ The Inspector General confirmed that the FBI has taken advantage of this loophole and uploads all information--admittedly innocent or not--into national databases that are indefinitely maintained. The data received from NSLs is uploaded into a ``Telephone Application Database'' where a link analysis is conducted, and into an Investigative Data Warehouse where it is mixed with 560 million records from 50 different government databases.\34\ Tens of thousands of law enforcement and intelligence personnel have access to the information, which is not given a disposition, leaving innocent people associated with a terrorism investigation long after their information becomes irrelevant. Intelligence products developed from this data do not cite the origin,\35\ so errors in the information can never be checked against the source documents. Instead, errors will be compounded when intelligence products derived from this erroneous information are distributed throughout the intelligence community and to state and local law enforcement agencies. --------------------------------------------------------------------------- \33\ IG Report at 110. \34\ IG Report at 28, 30. \35\ IG Report at 54. --------------------------------------------------------------------------- Erroneous Reports to Congress and the Intelligence Oversight Board The Inspector General found that statutorily required reports to Congress excluded at least six percent of the overall number of NSLs.\36\ The number of unreported NSLs may be higher, but record keeping is so bad at the FBI, the Inspector General was unable to even confirm a final number. A review of just 77 cases from four FBI field offices found 22 percent more NSLs in case files than the FBI General Counsel knew about. More significantly, the IG found 60% of those files deficient in required paperwork, and his review doubled the number of unlawful violations that needed to be reported to the President's Intelligence Oversight Board.\37\ --------------------------------------------------------------------------- \36\ IG Report at 34. \37\ IG Report at 78. --------------------------------------------------------------------------- PROPOSED AMENDMENTS Regrettably, the Inspector General's report only included suggestions for internal changes within the FBI's discretion, and did not include recommendations for amending the underlying statute that is the source of these abuses. It is clear that the violations the Inspector General uncovered were the natural consequence of a statute that allows government agents to access sensitive information without suspicion of wrongdoing, in the absence of court oversight, and with complete secrecy compelled by a gag order with criminal consequences. In fact, even if management and technology problems identified in the IG's report are solved, hundreds of thousands of NSLs will continue to collect information on innocent Americans because that is exactly what the statute allows. The ACLU recommends three statutory changes that are absolutely necessary to ensure that the law protects privacy while permitting the collection of information necessary to investigate terrorism. Limit NSLs to Suspected Terrorists and Other Agents of Foreign Powers First, Congress must repeal the expansion of the NSL power that allows the FBI to demand information about totally innocent people who are not the targets of any investigation. The standard should return to the requirement that NSLs seek only records that pertain to terrorism suspects and other agents of foreign powers.\38\ And the FBI should not be allowed to use NSLs to investigate people two or three steps removed from any criminal or terrorist activity. --------------------------------------------------------------------------- \38\ Agent of a foreign power is defined in the Foreign Intelligence Surveillance Act of 1978, 50 U.S.C. Sec. 1801 (1978). --------------------------------------------------------------------------- Under current law, the FBI can use an NSL to obtain information that the FBI asserts is ``relevant'' to an investigation. The FBI has clearly taken advantage of this ``relevance'' standard and issued NSLs to obtain information on innocent American people with no connection to terrorism. In fact, it obtained this information without even opening an investigation to which the information must be relevant. NSLs are now issued to collect records just for the sake of building databases that can be mined later. In addition to being wholly ineffective as an investigative technique, this data collection and warehousing is an affront to the privacy of U.S. persons. Restrict the Gag Provisions and allow for Meaningful Challenges The gag provisions of the NSL statutes unconstitutionally inhibit individuals receiving potentially abusive NSLs from challenging them in court. Congress should amend the NSL statute so that gag orders are imposed only upon the authority of a court, and only where necessary to protect national security. Judicially imposed gag orders should be limited in scope and duration. Further, gags must come with a meaningful right to challenge them before a neutral arbiter. Last year's amendments created a sham court proceeding, whereby a judge is powerless to modify or overturn a gag if the federal government simply certifies that national security is at risk, and may not even conduct any review for a full year after the NSL is issued. Under the NSL statute, the federal government's certification must be treated as ``conclusive,'' rendering the ability to go before a judge meaningless. To comport with the First Amendment, a recipient must be able to go before a judge to seek meaningful redress. Court Review If there is one undeniable conclusion that Congress can draw from the Inspector General's report, it is that the FBI cannot be left to police itself. Allowing the FBI to keep self-certifying that it has met the statutory requirements invites further abuse and overuse of NSLs. Contemporaneous and independent oversight of the issuance of NSLs is needed to ensure that they are no longer issued at the drop of a hat to collect information about innocent U.S. persons. Court review will provide those checks and balances as was intended by the Constitution. CONCLUSION The Inspector General reviewed just a tiny proportion of NSLs issued by the FBI from 2003 through 2005, yet he found an extraordinary level of mismanagement, incompetence, and willful misconduct that clearly demonstrates that the unchecked NSL authorities given to the FBI in the Patriot Act must be repealed. The FBI and Department of Justice have shown that they cannot police themselves and need independent oversight. The American Civil Liberties Union applauds the Committee for holding this hearing and opening a window on these abuses, but there is more work to be done. Congress must fully investigate the FBI's abuse of power to insure that those responsible for these violations are held accountable, and the innocent people who have had their privacy invaded and their civil rights abused need to be identified and notified, and records that have been improperly or inappropriately seized should be purged from FBI databases. But most importantly, Congress needs to fix the Patriot Act, which has set the stage for all of these problems. Letter requesting additional information submitted to Valerie Caproni, General Counsel, Federal Bureau of Investigation
Press release by the Department of Justice from March 9, 2007, submitted by the Honorable Howard Coble, a Represenative in Congress from the State of North Carolina, and Member, Committee on the Judiciary
Article entitled ``Official Alerted F.B.I. to Rules Abuse 2 Years Ago, Lawyer Says,'' The New York Times, submitted by the Honorable John Conyers, Jr.