[House Hearing, 110 Congress]
[From the U.S. Government Publishing Office]


 
THE INSPECTOR GENERAL'S INDEPENDENT REPORT ON THE FBI'S USE OF NATIONAL 
                            SECURITY LETTERS

=======================================================================

                                HEARING

                               BEFORE THE

                       COMMITTEE ON THE JUDICIARY
                        HOUSE OF REPRESENTATIVES

                       ONE HUNDRED TENTH CONGRESS

                             FIRST SESSION

                               __________

                             MARCH 20, 2007

                               __________

                           Serial No. 110-21

                               __________

         Printed for the use of the Committee on the Judiciary


      Available via the World Wide Web: http://judiciary.house.gov


                                 ______

                    U.S. GOVERNMENT PRINTING OFFICE
34-175                      WASHINGTON : 2007
_____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512ï¿½091800  
Fax: (202) 512ï¿½092250 Mail: Stop SSOP, Washington, DC 20402ï¿½090001

                       COMMITTEE ON THE JUDICIARY

                 JOHN CONYERS, Jr., Michigan, Chairman
HOWARD L. BERMAN, California         LAMAR SMITH, Texas
RICK BOUCHER, Virginia               F. JAMES SENSENBRENNER, Jr., 
JERROLD NADLER, New York                 Wisconsin
ROBERT C. SCOTT, Virginia            HOWARD COBLE, North Carolina
MELVIN L. WATT, North Carolina       ELTON GALLEGLY, California
ZOE LOFGREN, California              BOB GOODLATTE, Virginia
SHEILA JACKSON LEE, Texas            STEVE CHABOT, Ohio
MAXINE WATERS, California            DANIEL E. LUNGREN, California
MARTIN T. MEEHAN, Massachusetts      CHRIS CANNON, Utah
WILLIAM D. DELAHUNT, Massachusetts   RIC KELLER, Florida
ROBERT WEXLER, Florida               DARRELL ISSA, California
LINDA T. SANCHEZ, California         MIKE PENCE, Indiana
STEVE COHEN, Tennessee               J. RANDY FORBES, Virginia
HANK JOHNSON, Georgia                STEVE KING, Iowa
LUIS V. GUTIERREZ, Illinois          TOM FEENEY, Florida
BRAD SHERMAN, California             TRENT FRANKS, Arizona
ANTHONY D. WEINER, New York          LOUIE GOHMERT, Texas
ADAM B. SCHIFF, California           JIM JORDAN, Ohio
ARTUR DAVIS, Alabama
DEBBIE WASSERMAN SCHULTZ, Florida
KEITH ELLISON, Minnesota
[Vacant]

            Perry Apelbaum, Staff Director and Chief Counsel
                 Joseph Gibson, Minority Chief Counsel


                            C O N T E N T S

                              ----------                              

                             MARCH 20, 2007

                           OPENING STATEMENT

                                                                   Page
The Honorable John Conyers, Jr., a Representative in Congress 
  from the State of Michigan, and Chairman, Committee on the 
  Judiciary......................................................     1
The Honorable Lamar Smith, a Representative in Congress from the 
  State of Texas, and Ranking Member, Committee on the Judiciary.     2
The Honorable Jerrold Nadler, a Representative in Congress from 
  the State of New York, and Member, Committee on the Judiciary..     4
The Honorable Trent Franks, a Representative in Congress from the 
  State of Arizona, and Member, Committee on the Judiciary.......     5
The Honorable Robert C. Scott, a Representative in Congress from 
  the State of Virginia, and Member, Committee on the Judiciary..     6
The Honorable J. Randy Forbes, a Representative in Congress from 
  the State of Virginia, and Member, Committee on the Judiciary..     6

                               WITNESSES

Mr. Glenn A. Fine, Inspector General, U.S. Department of Justice
  Oral Testimony.................................................     7
  Prepared Statement.............................................    10
Ms. Valerie Caproni, General Counsel, Federal Bureau of 
  Investigation
  Oral Testimony.................................................   215
  Prepared Statement.............................................   219

                                APPENDIX
               Material Submitted for the Hearing Record

Prepared Statement of the Honorable Sheila Jackson Lee, a 
  Representative in Congress from the State of Texas, and Member, 
  Committee on the Judiciary.....................................   272
Prepared Statement of the Honorable Linda T. Sanchez, a 
  Representative in Congress from the State of California, and 
  Member, Committee on the Judiciary.............................   279
Response to Post-hearing questions from Glenn A. Fine, Inspector 
  General, U.S. Department of Justice............................   281
Post-hearing questions posed to Valerie Caproni, General Counsel, 
  Federal Bureau of Investigation, from Chairman John Conyers, 
  Jr.............................................................   286
Letter from Richard C. Powers, Assistant Director, Office of 
  Congressional Affairs, Federal Bureau of Investigation.........   289
Prepared Statement of Caroline Frederickson, Director, Washington 
  Legislative Office, American Civil Liberties Union (ACLU)......   290
Letter requesting additional information submitted to Valerie 
  Caproni, General Counsel, Federal Bureau of Investigation......   295
Press release by the Department of Justice from March 9, 2007, 
  submitted by the Honorable Howard Coble, a Represenative in 
  Congress from the State of North Carolina, and Member, 
  Committee on the Judiciary.....................................   297
Article entitled ``Official Alerted F.B.I. to Rules Abuse 2 Year 
  Ago, Lawyer Says,'' The New York Times, submitted by the 
  Honorable John Conyers, Jr.....................................   299


THE INSPECTOR GENERAL'S INDEPENDENT REPORT ON THE FBI'S USE OF NATIONAL 
                            SECURITY LETTERS

                              ----------                              


                        TUESDAY, MARCH 20, 2007

                  House of Representatives,
                                Committee on the Judiciary,
                                                    Washington, DC.
    The Committee met, pursuant to notice, at 9:40 a.m., in 
Room 2141, Rayburn House Office Building, the Honorable John 
Conyers, Jr. (Chairman of the Committee) presiding.
    Present: Representatives Conyers, Berman, Boucher, Nadler, 
Scott, Watt, Lofgren, Jackson Lee, Waters, Delahunt, Sanchez, 
Cohen, Johnson, Schiff, Davis, Wasserman Schultz, Ellison, 
Smith, Sensenbrenner, Coble, Goodlatte, Chabot, Lungren, 
Keller, Issa, Forbes, King, Feeney, Franks, and Gohmert.
    Staff Present: Perry Apelbaum, General Counsel and Staff 
Director; Robert Reed, Oversight Counsel; Joseph Gibson, 
Minority Chief Counsel; Caroline Lynch, Minority Counsel; Ameer 
Gopalani, Majority Counsel.
    Mr. Conyers. Good morning. The Committee will come to 
order.
    We are here for a hearing on the Inspector General's 
Independent Report on the FBI's Use of National Security 
Letters.
    Nearly 6 years ago, in the immediate aftermath of September 
11th, the Department of Justice told us that they needed 
significantly enhanced authority, while promising the Members 
of this Committee in no uncertain terms that these new tools 
would be carefully and appropriately used. Two years ago, when 
the PATRIOT Act was reauthorized, they promised us there was 
not a single instance in which the law had been abused.
    Now, to underscore the importance of the reasons that we 
are holding this hearing, many of us remember the times in the 
past when the power of our Government has been abused. One war 
led to the suspension of Habeas Corpus; in another war, the 
notorious Palma raids; in World War II, the internment of 
Japanese Americans; in the Vietnam War, secret spying and enemy 
lists. In my view, we are now in a period where we risk a 
continuation of these deplorable acts and effect genuine harm 
to the Constitution and to the rule of law.
    One week ago, the Inspector General told us that the exact 
opposite was true of the promise that had been made that there 
was not a single instance, when the PATRIOT Act was being 
reauthorized, that the law had been abused.
    One tool in particular, the National Security Letters, 
essentially secret subpoenas issued without any court review, 
was used repeatedly to invade the privacy of law-abiding 
Americans outside the law and proper legal process. This was a 
serious breach of trust. The Department had converted this tool 
into a handy shortcut to illegally gather vast amounts of 
private information while at the same time significantly 
underreporting its activities to Congress. We learned that the 
number of National Security Letter requests had increased from 
8,500 in the year 2000 to in excess of 143,000 from the 3-year 
period between 2003 and 2005. The Department of Justice 
consistently provided inaccurate information to Congress 
concerning the National Security Letters, failing to identify 
at least 4,600 security letter requests to us. The security 
letters were routinely issued without proper authorization and 
outside statutory and regulatory requirements.
    The Inspector General found that more than 60 percent of 
the investigatory files they looked at included one or more 
violations of FBI policy; but worse, the Inspector General 
found even more widespread abuses concerning the so-called 
Exigent Letters: that is, emergency requests for telephone and 
other data. An Exigent Letter, as opposed to a National 
Security Letter is meant to obtain information in an extreme 
emergency like a kidnapping when the Bureau has already sought 
subpoenas for the requested information. But the FBI issued 
these letters in nonemergencies as a means to bypass the 
requirements of the National Security Letter procedure, and so, 
as if it were not troubling enough, in many instances, the 
Bureau attempted to issue after the fact National Security 
Letters to cover their tracks on their use of Exigent Letters. 
The Inspector General specifically found that the Exigent 
Letters were ordinarily issued when there was no emergency 
present and very often when there was not even a pending 
investigation. More often than not, the letters were issued 
based on promises that subpoenas were in the process of being 
issued, when that was not the case and even though some 
subpoenas were never issued at all.
    The Federal Bureau of Investigation made numerous factual 
misstatements in the letters which were frequently issued in 
violation of the statute as well as the Attorney General and 
FBI guidelines. The recordkeeping was so poor that it was 
impossible for the IG to document how and why all of these 
problems occurred, and what disturbs me most is that the abuse 
and misuse of these security letters is not an isolated 
instance. It appears to be a part of a pattern in which the 
Department of Justice has violated not only our trust but the 
very laws which they are charged with enforcing, and so from 
the approval of the notorious torture memos to warrantless, 
illegal surveillance to the wrongful smearing of able U.S. 
Attorneys, this Department of Justice has squandered its 
reputation for independence and integrity. The Attorney General 
needs to understand that with power comes responsibility and 
with authority must come accountability.
    I would like now to turn to the distinguished gentleman 
from Texas, the Ranking Member of this Committee, Mr. Lamar 
Smith.
    Mr. Smith. Thank you, Mr. Chairman.
    Mr. Chairman, I appreciate your holding this hearing on the 
Inspector General's report on the FBI's use of National 
Security Letters. The Inspector General should be commended for 
conducting a thorough audit as directed by Congress and the 
PATRIOT Act reauthorization. The report raises concerns as to 
the FBI's internal recordkeeping and guidelines for the use of 
NSLs and terrorism and espionage investigations. It is clear 
from the report that these deficiencies are the result of the 
poor implementation and administration of National Security 
Letter authority. In other words, the problem is enforcement of 
the law, not the law itself. Timely corrected measures by the 
FBI and effective oversight by the Justice Department and 
Congress will ensure proper use of this important law.
    The Inspector General's report found that the FBI's 
database for tracking NSLs significantly underestimated the 
number of NSL requests, resulting in inaccurate reports to 
Congress on the FBI's use of NSLs. From 2003 to 2005, the FBI 
issued a total of 143,074 NSLs. This compares to 739 Exigent 
Letters to three telephone companies issued contrary to 
national security investigation guidelines. The Exigent Letters 
represent 1/200th of the National Security Letters issued. 
Although the use of these unauthorized letters is 
disconcerting, the FBI discontinued this practice last year. 
The Inspector General makes two other very important findings.
    First, there is no evidence that anyone at the FBI intended 
to violate the law or internal policy. This is a significant 
finding because it confirms that FBI agents acted in good faith 
and sought to comply with the law even as they worked under 
severe time constraints and with an urgent desire to thwart 
terrorist activities.
    Second, as detailed by the Inspector General, NSLs are a 
critical tool in fighting terrorism and in keeping our country 
safe. The information acquired through NSLs is valuable to 
international terrorism and espionage investigations and has 
allowed the FBI and intelligence agencies to identify 
terrorists and spies, the sources of their financing and their 
plans to attack or harm our national security.
    In addition, the FBI shares important information gathered 
through NSLs with other intelligence agencies, joint terrorism 
task forces and State and local law enforcement agencies. To do 
their job, the FBI must be able to collect important 
information about suspected terrorist and spies while complying 
with the law and freely share such information with key 
partners.
    In response to extensive oversight efforts conducted last 
Congress, the PATRIOT Reauthorization Act added critical new 
safeguards. For instance, an NSL recipient can challenge the 
request in court. Nondisclosure orders require supervisory 
approval, and the recipient may disclose the NSL to an 
attorney. I applaud the Administration's response to the 
Inspector General's report and expect the Administration to 
follow through on its promise to act quickly to remedy the 
deficiencies identified by the Inspector General.
    Mr. Chairman, on September 11, 2001, the United States was 
attacked. More than 3,000 people lost their lives. Members of 
Congress overwhelmingly approved important new counterterrorism 
tools for our Nation's law enforcement personnel and updated 
existing authorities to meet the terrorist threat. We must 
continue to demonstrate responsible leadership on the NSLs and 
other important national security issues. Of course, we need to 
be vigilant to make sure these problems are fixed, that the 
Inspector General's recommendations are implemented and that 
our civil liberties and privacy are protected.
    Mr. Chairman, I yield back the balance of my time.
    Mr. Conyers. I thank the gentleman for his statement.
    I would like now to recognize the Chairman of the 
Constitution Subcommittee, Jerry Nadler, for 2\1/2\ minutes.
    Mr. Nadler. I thank the Chairman. I would like to thank 
Chairman Conyers for holding this important hearing on the FBI 
abuses of National Security Letters.
    We are here today in response to the Department of Justice 
Inspector General report that found widespread abuses of the 
FBI's authority to issue National Security Letters. An NSL can 
be issued to a third party such as a health insurance company 
or an Internet service provider, ordering them to reveal all of 
their information about you and your transactions, and the 
third party is prohibited from telling you or anyone else about 
the order. That is the so-called ``gag order provision'' so you 
cannot object to an NSL directed at your information in court 
as you could to a subpoena, because you do not know about it 
and the third party may have no interest in going to court to 
protect your rights or your privacy.
    While last year's reauthorization of the PATRIOT Act did 
make some changes to the NSL provisions, these changes were 
essentially meaningless. For example, the court is now 
authorized to modify and set aside the gag order only if it 
finds there is no reason to believe that disclosure would 
endanger national security, diplomatic relations or anyone's 
life or safety, but the court must accept the Government's 
assertion of harm as conclusive, so this protection is 
meaningless.
    Some of us had predicted that the unrestricted authority of 
the FBI to issue NSLs would be abused, and unfortunately, our 
worst fears have now been realized. The IG's NSLs have been 
used by the FBI to collect and retain private information about 
American citizens who are not reasonably suspected of being 
involved in terrorism. During the last Congress, we predicted 
that unchecked power would lead to rampant abuse. That is why I 
proposed the Stop Self-Authorized Secret Searches Act 2 years 
ago. This bill would have restored some pre-PATRIOT Act 
provisions that an NSL could not be issued unless the FBI made 
a factual, individualized showing that the records sought 
pertained to a suspected terrorist or spy. It would have given 
the recipient of a National Security Letter an opportunity to 
obtain legal counsel, the right to challenge the letter and the 
nondisclosure requirement, a real right to challenge it. It 
would have given notice to the target of the NSL if the 
Government later seeks to use the records obtained from the NSL 
against him or her in a subsequent proceeding. It would have 
given the target an opportunity to receive legal counsel and 
challenge the use of those records.
    The bill would also have authorized the FBI to obtain 
documents that it legitimately needs while protecting the 
privacy of law-abiding American citizens.
    The abuses by the DOJ and by the FBI have proven that these 
legislative fixes are a necessary check on the investigatory 
power. We do not trust Government always to be run by angels, 
especially not this Administration. It is not enough to mandate 
that the FBI fix internal management problems in recordkeeping 
because the statute itself authorizes the unchecked selection 
of information on innocent Americans. Congress must act now to 
fix the statute authorizing the abuses revealed in the IG 
report and to hold those responsible for these abuses and 
violations accountable.
    Thank you. I yield back.
    Mr. Conyers. Thank you.
    The Chair recognizes the distinguished gentleman from 
Arizona, the Ranking minority Member of the Constitution 
Subcommittee, Trent Franks, for 2\1/2\ minutes.
    Mr. Franks. Well, thank you, Mr. Chairman.
    Mr. Chairman, today our task is a vital one, to check and 
balance our sister branch of Government through oversight and 
to ensure citizens' rights are being properly safeguarded. 
Today's subject is somewhat delicate because we must all walk a 
fine line. In our great and critical responsibility to prevent 
jihadist attacks upon American citizens, we must also be 
careful to strike the proper balance between vigilance and 
fighting the enemy on the one side of the scales and the 
preservation of citizens' rights on the other.
    The report of the Inspector General's that we review today 
is hopeful. We see that, while there are human imperfections in 
the FBI's operation, there is an overall finding that the FBI 
is, indeed, carrying out its duties responsibly, there being no 
evidence of any intentional or deliberate act to violate the 
law. The NSLs are performing their vital function as a valuable 
tool in national security investigations.
    To put today's hearing in perspective, we should keep in 
mind that the issuance of NSLs under the PATRIOT Act is a 
relatively new process given that the PATRIOT Act is only a few 
years old and that this new use of NSLs will necessarily 
require a careful examination of their best and most 
appropriate use in this early period. Certainly, we will have 
to work out the kinks given that we are most likely in the 
business of fighting terror for a long time to come.
    While the FBI's practices have had their shortcomings, it 
appears that these are problems that can be easily resolved, 
and this is good news. Many of the issues that we must review 
today are administrative in nature and, to some extent, 
unavoidable. Government is a human institution, and it is 
therefore by definition imperfect. Those of us who have run 
corporations know that a perfect audit is a very rare 
occurrence, particularly on the first go-around.
    Most businesses do internal audits, perhaps many, many 
internal audits, to discover where human judgment has fallen 
short and where to improve before being audited by an outside 
source. This is an arduous but necessary task and one that I 
hope we do well here today and prospectively. The FBI has vowed 
that it will make all of the adjustments that Mr. Gonzalez and 
Ms. Caproni have recommended. We look forward to the 
realization of this goal.
    With that, I thank the witnesses for joining us today, and 
we look forward to hearing your testimony.
    Thank you, Mr. Chairman.
    Mr. Conyers. Thank you.
    The Chair recognizes the distinguished gentleman from 
Virginia, Bobby Scott, Chairman of the Crime Subcommittee, for 
2\1/2\ minutes.
    Mr. Scott. Thank you, Mr. Chairman.
    Mr. Chairman, we all believe that it is important to be 
aggressive in fighting terrorism and also aggressive in 
maintaining privacy and freedoms, and I do not believe we 
should operate on the premise that we always have to give up 
freedom in order to obtain security, but for us to provide 
appropriate oversight we have to have accurate information. 
Unfortunately, there are indications that we have received 
clearly inaccurate reports after the significant use of secret, 
invasive processes that do not appear to be necessary to 
advance terrorism-related investigations. Whether it is a 
secret NSA wiretapping in violation of the FISA law or the 
inappropriate use of the National Security Letters, we are 
discovering that what is actually occurring is quite different 
from what we were being told, and we cannot evaluate the 
ongoing need for NSA letters without accurate information.
    There is also a clear indication of intentional misuse of 
the word ``exigent'' letters to telephone companies as 
emergency information when in fact no emergency existed. 
Somebody obviously knew that was a problem that would affect 
reports to Congress and oversight boards, and we need to find 
out who these people are. With these disturbing indications, 
Mr. Chairman, I hope the testimony of the witnesses today will 
reveal who is responsible for these abuses and who should be 
held accountable for false reports to Congress.
    Thank you, Mr. Chairman. I yield back.
    Mr. Conyers. Thank you so much.
    Another Virginian, the Ranking minority Member of the Crime 
Subcommittee, Mr. Randy Forbes.
    Mr. Forbes. Mr. Chairman, I would like to thank you and the 
Ranking Member, Congressman Smith, for holding this important 
hearing today, and also for our witnesses for being here.
    You know, the subject matter of this hearing makes for 
great theater, but when the show is over we have the task of 
finding the facts and making sure the proper balance is struck 
and implemented to protect our citizens. That we will do, and 
hopefully, we will do it without the negativism and the 
emotionalism that seems so prevailing in public policy today. 
Pounding our fists makes great sound bites, but does not stop 
terrorists or protect the privacy rights of our citizens.
    It is clear that National Security Letters are important 
tools in international terrorism and espionage investigations 
conducted by the FBI. The Inspector General's report, which 
details the audit of 77 case files in four field offices, shows 
a disturbing pattern. In 60 percent of those cases, the FBI's 
files were found to be in violation of the FBI's internal 
control policies for issuing National Security Letters. While 
the audit conducted concluded that there was no evidence of any 
intentional or deliberate act to violate the law, it is also 
clear that changes need to be made to the FBI's procedures so 
that they reflect the scope and intent of the law rather than 
the evolution of general practice.
    I look forward to hearing from the FBI about what 
procedures were in place during the time of the Inspector 
General's audit and how, given the inadequacies identified by 
the Inspector General, the FBI plans to correct these.
    Mr. Chairman, I yield back the balance of my time.
    Mr. Conyers. Thank you.
    All other opening statements will be included in the 
record.
    Mr. Glenn A. Fine, Inspector General at the Department of 
Justice, a post held since he was confirmed by the Senate on 
December 15, 2000. Mr. Fine has worked for the Department's 
Office of Inspector General in a variety of capacities since 
January 1995. He has had several years in private practice and 
has also served as an Assistant United States Attorney in 
Washington, D.C.
    We are also privileged to have with us the General Counsel 
of the Federal Bureau of Investigation, Ms. Valerie Caproni, a 
position she has held since August 2003. Prior to that, Ms. 
Caproni served as an Assistant United States Attorney in the 
Eastern District of New York, as a supervisor at the Securities 
and Exchange Commission and has also worked in private 
practice.
    All of your statements will be made a part of the record in 
their entirety, and we will have a 5-minute time for each of 
you, and we ask Inspector General Glenn A. Fine to begin our 
testimony.
    Welcome to the Committee.

        TESTIMONY OF GLENN A. FINE, INSPECTOR GENERAL, 
                   U.S. DEPARTMENT OF JUSTICE

    Mr. Fine. Mr. Chairman, Congressman Smith and Members of 
the Committee on the Judiciary, thank you for inviting me to 
testify about two reports issued by the Department of Justice 
Office of the Inspector General regarding the FBI's use of 
National Security Letters and its use of section 215 orders to 
obtain business records.
    The PATRIOT Reauthorization Act required the OIG to examine 
the FBI's use of these authorities, and on March 9th we issued 
reports detailing our findings. Today, I will summarize the key 
findings from our reviews, focusing my comments on the National 
Security Letter report.
    Under five statutory provisions, the FBI can use National 
Security Letters (NSLs), to obtain without review by a court 
records such as customer information from telephone companies, 
Internet service providers, financial institutions, and 
consumer credit companies. Although most of the statutory 
provisions regarding NSLs existed prior to the enactment of the 
PATRIOT Act, the Act significantly broadened the FBI's 
authority to use NSLs in two primary ways.
    First, it eliminated the requirement that the information 
sought must pertain to a foreign power or an agent of a foreign 
power and substituted the standard that the information 
requested must be relevant to or sought for an investigation to 
protect against international terrorism or espionage.
    Second, the PATRIOT Act significantly expanded approval 
authority for NSLs beyond a limited number of FBI headquarters 
officials to the heads of all FBI field offices. Our review 
examined the FBI's use of NSLs from 2003 through 2005. The OIG 
will conduct another review examining the FBI's use of NSLs in 
2006, which we are required to issue by the end of this year.
    In sum, our review found widespread and serious misuse of 
the FBI's National Security Letter authorities. In many 
instances, the FBI's misuse violated NSL statutes, Attorney 
General guidelines, or the FBI's own internal policies. We also 
found that the FBI did not provide adequate guidance, adequate 
controls, or adequate training on the use of these sensitive 
authorities. Before describing the main findings of our report, 
however, I believe it is important to provide context for these 
findings.
    First, we recognize the significant challenges the FBI was 
facing during the period covered by our review. After the 
September 11th terrorist attacks, the FBI implemented major 
organizational changes while responding to continuing terrorist 
threats and conducting many counterterrorism investigations, 
both internationally and domestically.
    Second, it is also important to recognize that in most but 
not all of the cases we examined, the FBI was seeking 
information that it could have obtained properly through 
National Security Letters if it had followed applicable 
statutes, guidelines and internal policies.
    Third, we did not find that the FBI employees sought to 
intentionally misuse NSLs or sought information that they knew 
they were not entitled to obtain. Instead, we believe the 
misuses and the problems we found generally were the product of 
mistakes, carelessness, confusion, sloppiness, lack of 
training, lack of adequate guidance, and lack of adequate 
oversight. I do not believe that any of my observations, 
however, excuses the FBI's misuse of National Security Letters.
    When the PATRIOT Act enabled the FBI to obtain sensitive 
information through NSLs on a much larger scale, the FBI should 
have established sufficient controls and oversight to ensure 
the proper use of those authorities. The FBI did not do so. The 
FBI's failures, in my view, were serious and unacceptable.
    I would now like to highlight our review's main findings. 
Our review found that after enactment of the PATRIOT Act the 
FBI's use of National Security Letters increased dramatically. 
In 2000, the last full year prior to the passage of the PATRIOT 
Act, the FBI issued approximately 8,500 NSL requests. After the 
PATRIOT Act, the number of NSL requests increased to 
approximately 39,000 in 2003, approximately 56,000 in 2004, and 
approximately 47,000 in 2005. In total, during the 3-year 
period, the FBI issued more than 143,000 NSL requests. However, 
we believe that these numbers, which are based on information 
from the FBI's database, significantly understate the total 
number of NSL requests. During our file reviews in four FBI 
field offices, we found additional NSL requests in the files 
than were contained in the FBI database. In addition, many NSL 
requests were not included in the Department's reports to 
Congress.
    Our review also attempted to assess the effectiveness of 
National Security Letters. NSLs have various uses, including to 
develop links of subjects of FBI investigations and other 
individuals and to provide leads and evidence to allow FBI 
agents to initiate or close investigations. Many FBI 
headquarters and field personnel, from agents in the field to 
senior officials, told the OIG that NSLs are indispensable 
investigative tools in counterterrorism and counterintelligence 
investigations, and they provided us with examples and evidence 
of the importance to these investigations.
    The OIG review also examined whether there were any 
improper or illegal uses of NSL authorities. From 2003 through 
2005, the FBI identified 26 possible intelligence violations 
involving its use of NSLs. We visited four FBI field offices 
and reviewed a sample of 77 investigative case files and 293 
NSLs. We found 22 possible violations that had not been 
identified or reported by the FBI. We have no reason to believe 
that the number of violations we identified in the field 
offices was skewed or disproportionate to the number of 
violations in other files. This suggests that the large number 
of NSL-related violations throughout the FBI have not been 
identified or reported by FBI personnel.
    In one of the most troubling findings, we determined that 
the FBI improperly obtained telephone toll billing records and 
subscriber information from three telephone companies pursuant 
to over 700 so-called Exigent Letters. These letters generally 
were signed by personnel in the Communications Analysis Unit 
(CAU), a unit of the Counterterrorism Division in the FBI 
Headquarters. The Exigent Letters were based on a form letter 
used by the FBI's New York Field Division in the criminal 
investigations related to the September 11th attacks.
    Our review found that the FBI sometimes used these Exigent 
Letters in nonemergency circumstances. In addition, the FBI 
failed to ensure that there were authorized investigations to 
which the requests could be tied. The Exigent Letters also 
inaccurately represented that the FBI had already requested 
subpoenas for the information when in fact it had not. The FBI 
also failed to ensure that NSLs were issued promptly to 
telephone companies after the Exigent Letters were sent. 
Rather, in many instances, after obtaining records from the 
telephone companies, the FBI issued National Security Letters 
months after the fact to cover the information obtained.
    We concluded that the FBI's use of these Exigent Letters 
inappropriately circumvented the requirements of the NSL 
statute and violated Attorney General guidelines and FBI 
policies. In response to our report, we believe that the 
Department and the FBI are taking our findings seriously. The 
FBI concurred with all of our recommendations, and the 
Department's National Security Division will be actively 
engaged in oversight of the FBI's use of NSLs.
    In addition, the FBI's Inspection Division has initiated 
audits of a sample of NSLs issued by each of its 56 field 
offices. The FBI is also conducting a special investigation on 
the use of Exigent Letters to determine how and why the 
problems occurred. The OIG will continue to review the FBI's 
use of National Security Letters. In addition to issuing a 
second report on the use of NSLs in 2006, we intend to monitor 
the actions that the FBI and the Department are taking to 
address the problems we found in that review.
    Finally, I want to note that the FBI and the Department 
cooperated fully with our reviews, agreed to declassify 
information in the report, and appears to be committed to 
addressing the problems we identified. We believe that 
significant efforts are necessary to ensure that the FBI's use 
of National Security Letters is conducted in full accord with 
the statutes, Attorney General guidelines, and FBI policy.
    That concludes my testimony, and I will be pleased to 
answer any questions.
    [The prepared statement of Mr. Fine follows:]

                  Prepared Statement of Glenn A. Fine

    Mr. Chairman, Mr. Smith, and members of the Committee on the 
Judiciary:
    Thank you for inviting me to testify about two recent reports 
issued by the Department of Justice Office of the Inspector General 
(OIG) regarding the Federal Bureau of Investigation's (FBI) use of 
national security letters and the FBI's use of Section 215 orders to 
obtain business records. In the Patriot Reauthorization Act, enacted in 
2006, Congress directed the OIG to examine the FBI's use of these two 
important authorities. The reviews were directed to examine, among 
other things, the number of times these authorities were used, the 
importance of the information obtained, how the information was 
utilized, any improper or illegal uses of these authorities, and other 
noteworthy facts or circumstances related to their use.
    On March 9, 2007, we issued separate reports on the FBI's use of 
national security letters and Section 215 orders. We publicly released 
two unclassified reports, with only limited information redacted 
(blacked out) which the Department or the FBI considered to be 
classified. We also provided to Congress, including this Committee, 
copies of the full classified reports that contain some additional 
classified information on the FBI's use of the two authorities. 
However, the OIG's main findings and conclusions are included in the 
unclassified versions that were publicly released.
    In this written statement, I will summarize the key findings from 
our reports, focusing most of my comments on the national security 
letters report. I will first provide brief background on national 
security letters and how we conducted our review. I will then provide a 
few observations to put our findings in context. Next, I will highlight 
the main findings of our national security letter report. After that, I 
will briefly summarize our report on the FBI's use of Section 215 
orders to obtain business records.

              I. THE OIG'S NATIONAL SECURITY LETTER REPORT

A. Background on National Security Letters
    Under five statutory provisions, the FBI can use national security 
letters (NSLs) to obtain--without a court order or any review by a 
court--records such as customer information from telephone companies, 
Internet service providers, financial institutions, and consumer credit 
companies. Most of these statutory provisions regarding NSLs existed 
prior to enactment of the USA PATRIOT Act (Patriot Act) in October 
2001. Prior to the Patriot Act, the FBI could obtain information using 
a national security letter only if it had ``specific and articulable 
facts giving reason to believe that the customer or entity whose 
records are sought [was] a foreign power or agent of a foreign power.'' 
In addition, NSLs could only be issued by a limited number of senior 
FBI Headquarters officials.
    The Patriot Act significantly broadened the FBI's authority to use 
NSLs by both lowering the threshold standard for issuing them and by 
expanding the number of FBI officials who could sign the letters. 
First, the Patriot Act eliminated the requirement that the information 
sought must pertain to a foreign power or an agent of a foreign power. 
Instead, it substituted the lower threshold standard that the 
information requested must be relevant to or sought for an 
investigation to protect against international terrorism or espionage. 
Consequently, the Patriot Act authorized the FBI to issue national 
security letters to request information about persons other than the 
subjects of FBI national security investigations, so long as the 
requested information is relevant to an authorized national security 
investigation.
    In addition, the Patriot Act permitted Special Agents in Charge of 
the FBI's 56 field offices to sign national security letters, which 
significantly expanded approval authority beyond a limited number of 
FBI Headquarters officials. Finally, the Patriot Act added a new 
authority allowing NSLs to be used to obtain consumer full credit 
reports in international terrorism investigations.
B. The OIG Review
    As directed by the Patriot Reauthorization Act, the OIG's report 
examined the FBI's use of national security letters during the time 
period from 2003 through 2005. As required by the Reauthorization Act, 
the OIG will conduct another review examining the use of NSLs in 2006, 
which we are required to issue by the end of this year.
    During our review, a team of OIG staff conducted interviews of over 
100 FBI and Department of Justice employees, including personnel at FBI 
Headquarters, the FBI Office of the General Counsel (OGC), FBI 
Counterterrorism and Counterintelligence Divisions, FBI personnel in 
four field divisions, and officials in the Department's Criminal 
Division.
    In addition, the OIG reviewed a sample of FBI case files that 
contained national security letters at four FBI field divisions: 
Chicago, New York, Philadelphia, and San Francisco. These field 
divisions were selected from among the eight FBI field divisions that 
issued the most NSL requests during the review period. During our field 
work at the four field divisions, we examined a sample of 77 
investigative case files that contained 293 national security letters. 
An investigative case file can contain a large number of documents, and 
some of the case files we reviewed consisted of the equivalent of 20 or 
30 boxes of documents. We used a judgmental sample in selecting which 
files to review and included in our sample both counterterrorism and 
counterintelligence cases, cases in which the NSLs were issued during 
preliminary investigations and full investigations, and opened and 
closed FBI cases.
    The OIG also analyzed the FBI OGC's national security letter 
tracking database, which the FBI uses for collecting information to 
compile the Department's required reports to Congress on NSL usage. 
Finally, we distributed an e-mail questionnaire to the 
counterintelligence and counterterrorism squads in the FBI's 56 field 
divisions in an effort to determine the types of analytical products 
the FBI developed based on NSLs, the manner in which NSL-derived 
information was disseminated, and the occasions when such information 
was provided to law enforcement authorities for use in criminal 
proceedings.
C. Findings of the OIG Review
    Our review found widespread and serious misuse of the FBI's 
national security letter authorities. In many instances, the FBI's 
misuse of national security letters violated NSL statutes, Attorney 
General Guidelines, or the FBI's own internal policies. We also found 
that the FBI did not provide adequate guidance, adequate controls, or 
adequate training on the use of these sensitive authorities. In many 
respects, the FBI's oversight of the use of NSL authorities expanded by 
the Patriot Act was inconsistent and insufficient.
            1. Background to OIG Findings
    However, before detailing the main findings of our report, I 
believe it is important to provide context for these findings and also 
to note what our review did not find.
    First, in evaluating the FBI's misuse of national security letters, 
it is important to recognize the significant challenges the FBI was 
facing during the period covered by our review. After the September 11 
terrorist attacks, the FBI implemented major organizational changes to 
prevent additional terrorist attacks in the United States. These 
changes included overhauling and expanding its counterterrorism 
operations, expanding its intelligence capabilities, attempting to 
upgrade its information technology systems, and seeking to improve 
coordination with state and local law enforcement agencies. These 
changes occurred while the FBI and its Counterterrorism Division had to 
respond to continuing terrorist threats and conduct many 
counterterrorism investigations, both internationally and domestically.
    Second, it is important to recognize that in most--but not all--of 
the cases we examined in this review, the FBI was seeking information 
that it could have obtained properly through national security letters 
if it had followed applicable statutes, guidelines, and internal 
policies.
    Third, national security letters are important tools that can 
provide critical evidence in counterterrorism and counterintelligence 
investigations. Many Headquarters and field personnel--from agents to 
senior officials--believe these tools are indispensable to the FBI's 
mission to detect and deter terrorism and espionage.
    Fourth, we did not find that that FBI agents sought to 
intentionally misuse the national security letters or sought 
information that they knew they were not entitled to obtain through the 
letters. Instead, we believe the misuses and the problems we found were 
the product of mistakes, carelessness, confusion, sloppiness, lack of 
training, lack of adequate guidance, and lack of adequate oversight.
    Yet, I do not believe that any of these observations excuse the 
FBI's widespread and serious misuse of its national security letter 
authorities. When the Patriot Act enabled the FBI to obtain sensitive 
information through NSLs on a much larger scale, the FBI should have 
established sufficient controls and oversight to ensure the proper use 
of these authorities. The FBI did not do so. The FBI's failures, in my 
view, were serious and unacceptable.
    I would now like to highlight our review's main findings, which are 
detailed in the OIG's 126-page report.
            2. OIG Findings
    Our review found that, after enactment of the Patriot Act, the 
FBI's use of national security letters increased dramatically. In 2000, 
the last full year prior to passage of the Patriot Act, the FBI issued 
approximately 8,500 NSL requests. It is important to note that one 
national security letter may request information about multiple 
telephone numbers or e-mail addresses. Because the FBI's semiannual 
classified reports to Congress provide the number of requests rather 
than the number of letters, we also focused on the total number of 
requests.
    After the Patriot Act, the number of NSL requests issued by the FBI 
increased to approximately 39,000 in 2003, approximately 56,000 in 
2004, and approximately 47,000 in 2005. In total, during the 3-year 
period covered by our review, the FBI issued more than 143,000 NSL 
requests.
    However, we believe that these numbers, which are based on 
information from the FBI's database, understate the total number of NSL 
requests issued by the FBI. During our review, we found that the FBI 
database used to track these requests is inaccurate and does not 
include all NSL requests.
    First, when we compared information from the database to the 
documents contained in investigative case files in the 4 FBI field 
offices that we visited, we found approximately 17 percent more NSL 
letters and 22 percent more NSL requests in the case files than we 
could find in the FBI database. In addition, we determined that many 
NSL requests were not included in the Department's reports to Congress 
because of the FBI's delays in entering NSL information into its 
database. We also found problems and incorrect data entries in the 
database that caused NSLs to be excluded from the Department's reports 
to Congress.
    Therefore, based on shortcomings in the FBI's NSL database and its 
reporting processes, we concluded that the Department's semiannual 
classified reports to Congress on NSL usage were inaccurate and 
significantly understated the total number of NSL requests during the 
review period.
    Our report also provides breakdowns on the types of NSLs used by 
the FBI. We determined that, overall, approximately 73 percent of the 
total number of NSL requests were used in counterterrorism 
investigations and 26 percent in counterintelligence cases.
    In addition, our review found that the percentage of NSL requests 
that related to investigations of U.S. persons increased from about 39 
percent of all NSL requests in 2003 to about 53 percent in 2005.
    As directed by the Patriot Reauthorization Act, our review 
attempted to assess the effectiveness of national security letters. 
NSLs have various uses, including to develop evidence to support 
applications for orders issued under the Foreign Intelligence 
Surveillance Act (FISA), develop links between subjects of FBI 
investigations and other individuals, provide leads and evidence to 
allow FBI agents to initiate or close investigations, and corroborate 
information obtained by other investigative methods. FBI personnel told 
the OIG that NSLs are indispensable investigative tools in many 
counterterrorism and counterintelligence investigations, and they 
provided us with examples and evidence of their importance to these 
investigations.
    We determined that information obtained from NSLs is also used in 
FBI analytical intelligence products that are shared within the FBI and 
with DOJ components, Joint Terrorism Task Forces, other federal 
agencies, and other members of the intelligence community.
    In addition, information obtained from NSLs is stored in FBI 
databases such as its Automated Case Support system and its 
Investigative Data Warehouse. However, because information is not 
tagged or identified in FBI files or databases as derived from NSLs, we 
could not determine the number of times that NSLs were used in such 
analytical products, shared with other agencies, or used in criminal 
cases.
    As also directed by the Patriot Reauthorization Act, the OIG review 
examined whether there were any ``improper or illegal uses'' of NSL 
authorities. We found that from 2003 through 2005, the FBI identified 
26 possible intelligence violations involving its use of NSLs, 19 of 
which the FBI reported to the President's Intelligence Oversight Board 
(IOB). Of the 26 possible violations, 22 were the result of FBI errors, 
while 4 were caused by mistakes made by recipients of the NSLs.
    These possible violations included the issuance of NSLs without 
proper authorization, improper requests under the statutes cited in the 
NSLs, and unauthorized collection of telephone or Internet e-mail 
transactional records. For example, in three of these matters the FBI 
obtained the information without issuing national security letters. One 
of these three matters involved receipt of information when there was 
no open national security investigation. In another matter, the FBI 
issued national security letters seeking consumer full credit reports 
in a counterintelligence investigation, which the NSL statutes do not 
permit. In other matters, the NSL recipient provided more information 
than was requested in the NSL, or provided information on the wrong 
person, either due to FBI typographical errors or errors by the 
recipients of NSLs.
    In addition to the possible violations reported by the FBI, we 
reviewed FBI case files in four field offices to determine if there 
were unreported violations of NSL authorities, Attorney General 
Guidelines, or internal FBI policies governing the approval and use of 
NSLs. Our review of 293 national security letters in 77 files found 22 
possible violations that had not been identified or reported by the 
FBI.
    The violations we found fell into three categories: improper 
authorization for the NSL, improper requests under the pertinent 
national security letter statutes, and unauthorized collections. 
Examples of the violations we identified include issuing NSLs for 
consumer full credit reports in a counterintelligence case, which is 
not statutorily permitted; issuing an NSL for a consumer full credit 
report when the FBI Special Agent in Charge had approved an NSL for 
more limited credit information under a different NSL authority; 
issuing an NSL when the investigation had lapsed; and obtaining 
telephone toll billing records for periods in excess of the time period 
requested in the NSL due to third-party errors.
    Thus, it is significant that in the limited file review we 
conducted of 77 investigative files in 4 FBI field offices, we 
identified nearly as many NSL-related violations (22) as the total 
number of possible violations that the FBI had identified (26) in 
reports from all FBI Headquarters and field divisions over the entire 
3-year period. Moreover, 17 of the 77 files we reviewed, or 22 percent, 
had 1 or more violations.
    We have no reason to believe that the number of violations we 
identified in the four field offices we visited was skewed or 
disproportionate to the number of possible violations in other files. 
This suggests that a large number of NSL-related violations throughout 
the FBI have not been identified or reported by FBI personnel.
    Our examination of the violations we identified did not reveal 
deliberate or intentional violations of the NSL statutes, the Attorney 
General Guidelines, or FBI policy. We believe that some of these 
violations demonstrated FBI agents' confusion and unfamiliarity with 
the constraints on national security letter authorities. We also 
believe that many of the violations occurred because FBI personnel do 
not consistently cross check the NSL approval documentation with the 
proposed NSLs, or verify upon receipt that the information supplied by 
the recipient matches the request. Other violations demonstrated 
inadequate supervision over use of these authorities.
    We examined the FBI investigative files in the four field offices 
to determine whether FBI case agents and supervisors had adhered to FBI 
policies designed to ensure appropriate supervisory review of the use 
of NSL authorities. We found that 60 percent of the investigative files 
we examined contained one or more violations of FBI internal policies 
relating to national security letters. These included failures to 
document supervisory review of NSL approval memoranda and failures to 
include in NSL approval memoranda required information, such as the 
authorizing statute, the status of the investigative subject, or the 
number or types of records requested.
    In another finding, our review determined that the FBI Headquarters 
Counterterrorism Division generated over 300 NSLs exclusively from 
``control files'' rather than from ``investigative files,'' in 
violation of FBI policy. When NSLs are issued from control files, the 
NSL documentation does not indicate whether the NSLs are issued in 
authorized investigations or whether the information sought in the NSLs 
is relevant to those investigations. This documentation is necessary to 
establish compliance with NSL statutes, Attorney General Guidelines, 
and FBI policies.
    In addition, we found that the FBI had no policy requiring the 
retention of signed copies of national security letters. As a result, 
we were unable to conduct a comprehensive audit of the FBI's compliance 
with its internal control policies and the statutory certifications 
required for NSLs.
    In one of the most troubling findings, we determined that from 2003 
through 2005 the FBI improperly obtained telephone toll billing records 
and subscriber information from 3 telephone companies pursuant to over 
700 so-called ``exigent letters.'' These letters generally were signed 
by personnel in the Communications Analysis Unit (CAU), a unit of the 
Counterterrorism Division in FBI Headquarters, and were based on a form 
letter used by the FBI's New York Field Division in the criminal 
investigations related to the September 11 attacks. The exigent letters 
signed by the CAU typically stated:

        Due to exigent circumstances, it is requested that records for 
        the attached list of telephone numbers be provided. Subpoenas 
        requesting this information have been submitted to the U.S. 
        Attorney's Office who will process and serve them formally to 
        [information redacted] as expeditiously as possible.

These letters were signed by CAU Unit Chiefs, CAU special agents, and 
subordinate personnel, none of whom were delegated authority to sign 
NSLs.
    Our review found that that the FBI sometimes used these exigent 
letters in non-emergency circumstances. In addition, the FBI failed to 
ensure that there were duly authorized investigations to which the 
requests could be tied. The exigent letters also inaccurately 
represented that the FBI had already requested subpoenas for the 
information when, in fact, it had not. The FBI also failed to ensure 
that NSLs were issued promptly to the telephone companies after the 
exigent letters were sent. Rather, in many instances, after obtaining 
records from the telephone companies the FBI issued national security 
letters many months after the fact to ``cover'' the information 
obtained.
    As our report describes, we were not convinced by the legal 
justifications offered by the FBI during our review for the FBI's 
acquisition of telephone toll billing records and subscriber 
information in response to the exigent letters without first issuing 
NSLs. The first justification offered was the need to reconcile the 
strict requirements of the NSL statute with the FBI's mission to 
prevent terrorist attacks. While the FBI's counterterrorism mission may 
require streamlined procedures to ensure the timely receipt of 
information in genuine emergencies, the FBI needs to address the 
problem by expediting the issuance of national security letters or by 
seeking legislative modification to the voluntary emergency disclosure 
provision in the Electronic Communications Privacy Act (ECPA), not 
through these exigent letters. Moreover, the FBI's justification for 
the exigent letters was undercut because they were used in non-
emergency circumstances, not followed in many instances within a 
reasonable time by the issuance of NSLs, and not catalogued in a 
fashion that would enable FBI managers or anyone else to review the 
practice or the predication required by the NSL statute.
    In sum, we concluded that the FBI's use of these letters 
inappropriately circumvented the requirements of the NSL statute, and 
violated Attorney General Guidelines and FBI policies.
    As directed by the Patriot Reauthorization Act, our report also 
describes several other ``noteworthy facts or circumstances'' we 
identified in the review. For example, we found that the FBI did not 
provide clear guidance describing how FBI case agents and supervisors 
should apply the Attorney General Guidelines' requirement to use the 
``least intrusive collection techniques feasible'' during national 
security investigations to the use and sequencing of national security 
letters. In addition, we saw indications that some FBI lawyers in field 
offices were reluctant to provide an independent review of NSL requests 
because these lawyers report to senior field office managers who 
already had approved the underlying investigations.
D. Recommendations
    To help the FBI address these significant findings, the OIG made a 
series of recommendations, including that the FBI improve its database 
to ensure that it captures timely, complete, and accurate data on NSLs; 
that the FBI take steps to ensure that it uses NSLs in full accord with 
the requirements of national security letter authorities; and that the 
FBI issue additional guidance to field offices that will assist in 
identifying possible violations arising from use of NSLs. The FBI 
concurred with all of the recommendations and agreed to implement 
corrective action.
    We believe that the Department and the FBI are taking the findings 
of the report seriously. In addition to concurring with all our 
recommendations, the FBI and the Department have informed us that they 
are taking additional steps to address the problems detailed in the 
report. For example, the FBI's Inspection Division has initiated audits 
of a sample of NSLs issued by each of its 56 field offices. It is also 
conducting a special inspection of the exigent letters sent by the 
Counterterrorism Division to three telephone companies to determine how 
and why that occurred.
    The FBI's Office of the General Counsel is also consolidating its 
guidance on NSLs, providing additional guidance and training to its 
field-based Chief Division Counsel on their role in approving NSLs, and 
working to develop a new web-based NSL tracking database.
    In addition to the FBI's efforts, we have been told that the 
Department's National Security Division will be actively engaged in 
oversight of the FBI's use of NSL authorities.
    As required by the Patriot Reauthorization Act, the OIG will 
continue to review the FBI's use of national security letters. We are 
required by the Act to issue another report by the end of this year on 
the FBI's use of NSLs in 2006. In addition, we intend to monitor the 
actions that the FBI and the Department have taken and are taking to 
address the problems we found in our first review.

                    II. THE OIG'S SECTION 215 REPORT

    In the last section of my statement, I want to summarize briefly 
the OIG's second report, which examined the FBI's use of Section 215 
orders to obtain business records. Section 215 of the Patriot Act 
allows the FBI to seek an order from the FISA Court to obtain ``any 
tangible thing,'' including books, records, and other items, from any 
business, organization, or entity provided the item or items are for an 
authorized investigation to protect against international terrorism or 
clandestine intelligence activities.
    Section 215 of the Patriot Act did not create new investigative 
authority, but instead significantly expanded existing authority found 
in FISA by broadening the types of records that could be obtained and 
by lowering the evidentiary threshold to obtain a Section 215 order for 
business records. Public concerns about the scope of this expanded 
Section 215 authority centered on the ability of the FBI to obtain 
library records, and many public commentators began to refer to Section 
215 as the ``library provision.''
    Our review found that the FBI and the Department's Office of 
Intelligence Policy and Review (OIPR) submitted to the FISA Court two 
different kinds of applications for Section 215 orders: ``pure'' 
Section 215 applications and ``combination'' Section 215 applications. 
A ``pure'' Section 215 application is a term used to refer to a Section 
215 application for any tangible item which is not associated with an 
application for any other FISA authority. A ``combination'' Section 215 
application is a term used to refer to a Section 215 request that was 
added to a FISA application for pen register/trap and trace orders, 
which identify incoming and outgoing telephone numbers called on a 
particular line. In a combination order, the Section 215 request was 
added to the pen register/trap and trace application in order to obtain 
subscriber information related to the telephone numbers.
    We found that from 2002 through 2005 the Department, on behalf of 
the FBI, submitted to the FISA Court a total of 21 pure Section 215 
applications and 141 combination Section 215 applications.
    We found that the first pure Section 215 order was approved by the 
FISA Court in spring 2004, more than 2 years after enactment of the 
Patriot Act. The FISA Court approved six more pure Section 215 
applications that year, for a total of seven in 2004. The FISA Court 
approved 14 pure Section 215 applications in 2005.
    Examples of the types of business records that were obtained 
through pure Section 215 orders include driver's license records, 
public accommodations records, apartment records, and credit card 
records.
    We also determined that the FBI did not obtain Section 215 orders 
for any library records from 2002 through 2005 (the time period covered 
by our review). The few applications for Section 215 orders for library 
records that were initiated in the FBI during this period were 
withdrawn while undergoing the review process within the FBI and the 
Department. None were submitted to the FISA Court.
    With respect to how information from Section 215 orders was used, 
we found no instance where the information obtained from a Section 215 
order resulted in a major case development such as disruption of a 
terrorist plot. We also found that very little of the information 
obtained in response to Section 215 orders has been disseminated to 
intelligence agencies outside the DOJ.
    However, FBI personnel told us they believe that the kind of 
intelligence gathered from Section 215 orders is essential to national 
security investigations. They also stated that the importance of the 
information is sometimes not known until much later in an 
investigation, when the information is linked to some other piece of 
intelligence. FBI officials and Department attorneys also stated that 
they believe Section 215 authority is useful because it is the only 
compulsory process for certain kinds of records that cannot be obtained 
through alternative means.
    We did not identify any instances involving ``improper or illegal 
use'' of a pure Section 215 order. We did find problems with two 
combination Section 215 orders. In one instance, the FBI inadvertently 
collected information from a telephone number that no longer belonged 
to the target of the investigation. In another instance, the FBI 
received information from a telephone that was no longer connected to 
the subject because of a mistake by the telephone company.
    We also found that the FBI has not used Section 215 orders as 
effectively as it could have because of legal, bureaucratic, or other 
impediments to obtaining these orders. For example, after passage of 
the Patriot Act in October 2001, neither the Department nor the FBI 
issued implementing procedures or guidance with respect to the 
expansion of Section 215 authority for a long period of time. In 
addition, we found significant delays within the FBI and the Department 
in processing requests for Section 215 orders. We also determined 
through our interviews that FBI field offices do not fully understand 
Section 215 orders or the process for obtaining them.

                            III. CONCLUSION

    In sum, our review of national security letters revealed that, in 
various ways, the FBI violated the national security letter statutes, 
Attorney General Guidelines, or FBI internal policies governing their 
use. While we did not find that the violations were deliberate, we 
believe the misuses were widespread and serious.
    Finally, I also want to note that the FBI and the Department 
cooperated fully with our review. In addition, the FBI and the 
Department agreed to declassify important aspects of the report to 
permit a full and fair airing of the issues we describe in the report. 
They have also acknowledged the problems we found and have not 
attempted to cover up the deficiencies. The FBI and the Department also 
appear to be taking the findings of the report seriously, and appear 
committed to correcting the problems we identified.
    We believe that these serious and ongoing efforts are necessary to 
ensure that the FBI's use of national security letter authorities to 
obtain sensitive information is conducted in full accord with the NSL 
statutes, Attorney General Guidelines, and FBI policies.
    That concludes my testimony, and I would be pleased to answer any 
questions.

                               ATTACHMENT




    Mr. Conyers. Thank you, Attorney General.
    Will the person in the back row, standing up, please sit 
down or leave this Committee room?
    I am now pleased to welcome the General Counsel for the 
Federal Bureau of Investigation, Ms. Valerie Caproni.
    Welcome to our Committee.

 TESTIMONY OF VALERIE CAPRONI, GENERAL COUNSEL, FEDERAL BUREAU 
                        OF INVESTIGATION

    Ms. Caproni. Thank you. Good morning.
    Mr. Chairman, Ranking Member Smith and Members of the 
Committee, it is my pleasure to appear before you today to 
discuss the recent report by the Department of Justice Office 
of Inspector General regarding the FBI's use of National 
Security Letters. I have submitted a detailed written 
statement, and in the interest of time, I will stress only a 
few points.
    The IG's report is a fair report that acknowledges the 
importance of National Security Letters to the ability of the 
FBI to keep the country safe and the difficult environment in 
which our employees have been working since 9/11. The IG found 
no deliberate or intentional misuse of the National Security 
Letter authorities, AG guidelines or FBI policy. Nevertheless, 
the IG review identified several areas of inadequate auditing 
and oversight of these vital investigative tools as well as 
processes that were simply inappropriate.
    The FBI fully supports each of the IG's recommendations and 
have implemented other remedial steps not proposed by the IG. 
Collectively, these reforms will ensure full compliance with 
both the letter and the spirit of the law.
    NSLs generally permit us to obtain the basic building 
blocks of an investigation from third party businesses. Unlike 
grand jury subpoenas used in criminal cases, however, National 
Security Letter authority comes from several distinct statutes, 
and they have very specific rules that accompany them.
    The NSL authority used most frequently by the FBI is that 
provided by the Electronic Communications Privacy Act, or ECPA. 
Through an ECPA NSL, the FBI can obtain subscriber information 
for telephone and electronic communications and can obtain toll 
billing information and electronic communication transaction 
records. Significantly, the FBI cannot obtain the content of 
communications through an ECPA NSL. That requires a court 
order. ECPA NSLs are, by far, the most common NSL that we use.
    Pursuant to the Right to Financial Privacy Act and the Fair 
Credit Reporting Act, we also have the authority to issue 
different types of National Security Letters. The authority to 
issue an NSL lies at a senior level within the FBI. It can only 
be issued by an official who ranks not lower than Special Agent 
in Charge or Deputy Assistant Director. All such officials are 
career Government employees, and before an NSL can be issued 
such employees must certify that the information sought is 
relevant to an authorized national security investigation.
    As directed by Congress in connection with the IG's report, 
we endeavor to declassify as much information as possible in 
order to maximize the transparency of our use of this important 
national security tool. To that end, for the first time the 
public has a real sense of the frequency with which the FBI 
uses National Security Letters. In the period covered by the 
report, the number of NSL requests--that is, not letters. 
Remember that one letter can have multiple requests--has ranged 
from approximately 40,000 to 60,000 per year, and we have 
requested information on fewer than 20,000 persons per year. 
For a variety of reasons that will be discussed below, those 
numbers are not exact. Nevertheless, for the first time, the 
public can get a sense of the order of magnitude of these 
requests.
    There are three findings by the IG that were particularly 
disturbing to me, and it is those three findings that I wish to 
address at some length this morning: First, inaccurate 
reporting to Congress, second, the use of so-called Exigent 
Letters and, third, violations of law and policy with respect 
to the usage of NSLs.
    I am particularly distressed by the fact that the IG found 
significant inaccuracies in the numbers that we report to 
Congress. The responsibility to gather the data for 
congressional reporting lies with my division, and we did not 
do an acceptable job. The processes we put in place for 
tabulating NSLs were inadequate, and we had no auditing process 
in place to catch errors. Although we realized we had a problem 
prior to the IG's report and were working on a technological 
solution, that realization came later than it should have, and 
for that I bear responsibility.
    At some point several years before I arrived at the FBI, 
our process for congressional reporting shifted from a totally 
manual process to a stand-alone database. While the OGC 
database was a giant technological step forward from 3x5 index 
cards, it quickly became an unacceptable system given the 
increase in our use of National Security Letters since 9/11. 
The OGC database is not electronically connected to ACS, the 
system from which we derive the data. Instead, there is a 
manual interface between ACS and the database. An OGC employee 
is responsible for taking every NSL lead that is sent to OGC 
and manually entering the information into our database. Nearly 
a dozen fields must be manually entered, including the file 
number of the case in which the NSL was issued, which is 
typically at least 15 digits and letters. Needless to say, 
human error creeps in.
    Approximately a year ago when we were unable to tick and 
tie numbers in the database to previously reported numbers, we 
recognized that our technology was woefully inadequate. We 
began at that point to develop an automated system to improve 
our ability to collect this data. That system, in addition to 
improving data collection, will automatically prevent many of 
the errors in NSLs that we will discuss today by automating 
much of the work associated with preparing NSLs. The system 
will also allow us to automatically ensure that required 
reporting data is accurately collected. The NSL system is being 
designed so that the FBI employee requesting an NSL will enter 
data only once.
    For example, an agent or an analyst who wishes to get 
telephone toll billing records will only have to tell the 
system that he is seeking an ECPA NSL for toll records and type 
the telephone number once. The system will then automatically 
populate the appropriate fields in the NSL in the authorizing 
electronic communication. The system will ensure that the two 
documents match exactly, and it will minimize the opportunity 
for transcription errors that gave rise to unauthorized 
collections.
    Agents and analysts will still be required to provide the 
narrative necessary to explain why the NSL is being sought, the 
factual basis for making the determination that the information 
is relevant to an appropriately predicated national security 
investigation and the factual basis for any determination that 
the NSL should include a nondisclosure provision.
    We are optimistic that we will be able to pilot the system 
this summer and roll it out to all of the field offices by the 
end of the year. At that point, I will be much more confident 
that in the future the data we provide to Congress is as 
accurate as humanly possible. In the meantime, we are taking 
several steps to correct the numbers we have previously 
reported. We have discussed our methodology with the IG, and we 
will offer him the opportunity to review our work. We are 
striving to have the corrected reports to Congress as soon as 
possible.
    The next significant finding of the IG I would like to 
discuss this morning involves the use within one unit at 
headquarters of so-called Exigent Letters. These letters, which 
numbered in excess of 700, were provided to telephone companies 
with requests for toll billing information. All of the letters 
stated that there were exigent circumstances, and many stated 
the Federal grand jury subpoenas had been requested for the 
records even though in fact no such requests for grand jury 
subpoenas had been made.
    From an audit and an internal control perspective, the FBI 
did not document the nature of the emergency circumstances, did 
not keep copies of all of the Exigent Letters it provided to 
the telephone companies and did not keep records to track 
whether it had subsequently provided further legal process. 
Moreover, some employees told the IG that there was not always 
an emergency relating to the documents that were sought.
    OGC has been working with the affected unit to attempt to 
reconcile the documentation and to ensure that any telephone 
record that we have in an FBI database was obtained because it 
was relevant to an authorized investigation and that the 
appropriate legal process has now been provided. If we are 
unable to determine the investigation to which a number 
relates, it will be removed from our database, and the records 
will be destroyed.
    The IG rightfully objected to the FBI's obtaining telephone 
records with a letter that stated that a Federal grand jury 
subpoena had been requested when that was untrue. It is unclear 
why that happened. The Director has ordered a special 
inspection in order to better understand the full scope of 
internal control failures and to make sure that, in fact, every 
record obtained pursuant to a so-called Exigent Letter has been 
appropriately connected to a national security investigation. 
That review will also determine whether the practice discussed 
by the IG existed anywhere other than in the headquarters unit 
identified in the report.
    In response to the obvious internal control lapses this 
situation highlights, changes have already been made to ensure 
that this situation does not recur. Any agent who needs to 
obtain ECPA-protected records on an emergency basis must do so 
pursuant to 18 USC, section 2702. Section 2702 permits a 
carrier to provide information regarding its customers to the 
Government if the provider believes in good faith that there is 
a life or death type emergency that requires disclosure of the 
records. By FBI policy, a request for disclosure pursuant to 
that provision generally must be in writing and must clearly 
state that the disclosure without legal process is at the 
provider's option. The emergency must also be documented to our 
files so that the use of the letter can be audited. The policy 
allows for oral requests, but any oral requests have to be 
approved and documented to the file.
    The IG also examined the misuse of NSLs that had been 
reported and some that had not as part of the IOB process. As 
this Committee knows, pursuant to executive order, the 
President has an Intelligence Oversight Board that receives 
from the intelligence community the reports of intelligence 
activities that the agency believes may have been unlawful or 
contrary to executive order or presidential directive.
    The IG found that from 2003 to 2005 the FBI had self-
reported 26 potential violations involving NSL authorities. The 
IG also found, however, a number of potential IOBs in the files 
it examined that had not been reported to OGC for adjudication. 
Although press accounts of this report have implied that the IG 
found massive abuses of the NSL authorities, a careful read of 
the report does not bear out the headlines. The IG examined 293 
NSLs, a reasonably small, non-random sample. We do not suggest 
that the sample was not a fair sample but only point out that 
it is questionable from a statistical standpoint to attempt to 
extrapolate from a very small sample to an entire population.
    Of the 293 NSLs the IG examined, 22 were judged to have a 
potential unreported violation associated with them. Of that 7 
percent, 10, or almost 50 percent of that group, were third 
party errors. That is, the NSL recipient provided the FBI with 
information that we did not seek. Only 12 of the NSLs examined, 
or 4 percent of the total group, had mistakes that the IG 
rightfully attributes to the FBI.
    Examining the 12 potential errors that were attributable to 
the FBI reveals a continuum of seriousness relative to the 
potential impact of individual rights. Four of them, or just 
over 1 percent of the sample, were unquestionably serious 
violations. Specifically, two of the violations involved 
obtaining full credit reports and counterintelligence 
investigations, which is not statutorily authorized. One 
involved issuing a National Security Letter when the 
authorization for the investigation to which it related had 
lapsed, and one involved issuing an NSL for information that 
was arguably content and, therefore, not available pursuant to 
NSL. The remaining eight potential errors involved lack of 
attention to detail and did not involve the FBI's seeking or 
obtaining any information to which it was not entitled.
    We do not excuse lack of attention to detail, and I have 
admonished the lawyers in the field who review NSLs that they 
must be careful so that they can avoid this sort of error, but 
we do believe that such mistakes pose different challenges and 
risks than seeking information to which you are not entitled.
    In short, approximately 1 percent of the NSLs examined by 
the IG had significant errors that were attributable to FBI 
actions and that had not been but should have been reported as 
potential IOB violations. A 1-percent error rate is not 
acceptable, and we have taken steps to reduce it. Those steps 
are discussed at length in my written testimony, and I will not 
repeat them here.
    But among the steps I do want to mention is that the 
Director has ordered a special inspection of all field offices' 
use of National Security Letters, an inspection that began on 
Friday. We offer to fully brief the Committee on the results of 
that inspection when it is complete. Several of the actions we 
are taking involve changes to FBI rules and policy. Rules will, 
of course, only eliminate errors if they are followed. The IG's 
report has painfully demonstrated for us that, while we are 
good at establishing policy and setting rules, we are not as 
good as we must be at establishing internal controls and 
auditing functions to make sure that the rules are followed.
    The full parameters of an FBI compliance program have not 
been set, and the inspection that is currently underway will 
clearly influence the parameters of the program. In short 
order, however, the FBI will establish a vigorous, 
multidisciplinary compliance program that assures as well as 
any compliance program can that our employees faithfully adhere 
to all of our rules and policies, particularly those that are 
designed to protect privacy and civil liberties.
    The FBI is acutely aware that the only way we can achieve 
our mission of keeping the country safe is if we are trusted by 
all segments of the American public. With events like the 
London terror attack of 2 years ago, we are all worried about 
the risk of a catastrophic attack from homegrown terrorists. 
Our single best defense against such an attack is the eyes and 
ears of all Americans, but particularly in those segments of 
the population in which the risk of radicalization is at its 
highest. We need people in those communities to call us when 
they hear or see something that looks amiss. We know that we 
reduce the probability of that call immeasurably if we lose the 
confidence of any part of the American public.
    Mr. Conyers. Counsel, can you wind down at this point?
    Ms. Caproni. Yes, sir.
    We will put into place a compliance program to maximize the 
probability that we do not lose the confidence of the American 
public by dint of the sort of errors highlighted in this 
report.
    I appreciate the opportunity to appear before the Committee 
and look forward to answering your questions.
    Thank you.
    [The prepared statement of Ms. Caproni follows:]

                 Prepared Statement of Valerie Caproni

    Good morning Mr. Chairman, Ranking Member Smith, and Members of the 
Committee. It is my pleasure to appear before you today to discuss the 
recent report by Department of Justice's Office of the Inspector 
General (OIG) regarding the FBI's use of national security letters 
(NSLs). The OIG's report is a fair report that acknowledges the 
importance of NSLs to the ability of the FBI to conduct the national 
security investigations that are essential to keeping the country safe. 
Importantly, the OIG found no deliberate or intentional misuse of the 
national security letter authorities, Attorney General Guidelines or 
FBI policy. Nevertheless, the OIG review identified several areas of 
inadequate auditing and oversight of these vital investigative tools, 
as well as processes that were inappropriate. Although not 
intentionally, we fell short in our obligations to report to Congress 
on the frequency with which we use this tool and in the internal 
controls we put into place to make sure that it was used only in accord 
with the letter of the law. Director Mueller concluded from the OIG's 
findings that we must redouble our efforts to ensure that there is no 
repetition of the mistakes of the past in the use of these authorities 
and I share his commitment. I would also like to acknowledge the role 
of Congress and the effectiveness of congressional oversight in 
surfacing the deficiencies raised in this audit, which was called for 
in the USA PATRIOT Improvement and Reauthorization Act. The report made 
ten recommendations in response to the findings, designed to provide 
both the necessary controls over the issuance of NSLs and the creation 
and maintenance of accurate records. The FBI fully supports each 
recommendation and concurs with the Inspector General that, when 
implemented, these reforms will ensure full compliance with both the 
letter and the spirit of the authorities entrusted to the Bureau.

                       NATIONAL SECURITY LETTERS

    National Security Letters generally permit us to obtain the same 
sort of documents from third party businesses that prosecutors and 
agents obtain in criminal investigations with grand jury subpoenas. 
Unlike grand jury subpoenas, however, NSL authority comes through 
several distinct statutes and they have specific rules that accompany 
them. NSLs have been instrumental in breaking up cells like the 
``Portland Seven,'' the ``Lackawanna Six,'' and the ``Northern Virginia 
Jihad.'' Through the use of NSLs, the FBI has traced sources of 
terrorist funding, established telephone linkages that resulted in 
further investigation and arrests, and arrested suspicious associates 
with deadly weapons and explosives. NSLs allow the FBI to link 
terrorists together financially, and pinpoint cells and operatives by 
following the money.
    The NSL authority used most frequently by the FBI is that provided 
by the Electronic Communications Privacy Act (ECPA). Through an ECPA 
NSL, the FBI can obtain subscriber information for telephones and 
electronic communications and can obtain toll billing information and 
electronic communication transaction records. Significantly, the FBI 
cannot obtain the content of communications through an ECPA NSL. 
Although the exact numbers of ECPA NSLs remains classified, it is the 
most common NSL authority used.
    Pursuant to the Right to Financial Privacy Act (RFPA), the FBI also 
has the authority to issue NSLs for financial records from a financial 
institution. RFPA NSLs are used commonly in connection with 
investigations of potential terror financing.
    Pursuant to the Fair Credit Reporting Act, the FBI has the 
authority to issue three different, but related, types of NSLs to 
credit reporting agencies: an NSL pursuant to 15 U.S.C. 1681u(a) for 
the names of financial institutions with which the subject has or has 
had an account; an NSL pursuant to 15 U.S.C. 1681u(b) for consumer 
identifying information (name, address, former addresses, employment 
and former employment); an NSL pursuant to 15 U.S.C. 1681v for a full 
credit report. Of all the FBI's NSL authorities, only the last of the 
FCRA authorities is restricted to use only in international terrorism 
cases.
    Finally, the FBI has the authority to issue NSLs pursuant to the 
National Security Act in the course of investigations of improper 
disclosure of classified information by government employees.
    For the first 3 types of NSLs (ECPA, RFPA, FCRA) the NSL must 
include a certification by an authorized FBI employee that the material 
is being sought for an authorized national security investigation. That 
certification is slightly different in the case of a FCRA NSL for a 
full credit report, where the certification required is that the 
information is relevant to an international terrorism investigation.
    The authority to issue an NSL lies at a senior level within the 
FBI. An NSL can be issued only by an official who ranks not lower than 
Special Agent in Charge or Deputy Assistant Director. All such 
officials are career government employees who are members of the Senior 
Executive Service. Procedurally, an agent or analyst seeking an NSL 
must prepare a document (an electronic communication or EC) in which 
the employee lays out the factual predicate for the request. The 
factual recitation must be sufficiently detailed so that the approving 
official can determine that the material sought is relevant to an 
investigation. Additionally, it needs to provide sufficient information 
concerning the underlying investigation so that reviewing officials can 
confirm that the investigation is adequately predicated and not based 
solely on the exercise of First Amendment rights. Finally, the EC 
includes a ``lead'' to the Office of the General Counsel (OGC) for 
purposes of Congressional reporting.

                               OIG REPORT

    As directed by Congress, we endeavored to declassify as much 
information as possible concerning our use of NSLs in order to allow 
the maximum amount of public awareness of the extent of our use of the 
NSL tool consistent with national security concerns. To that end, for 
the first time the public has a sense of the frequency with which the 
FBI makes requests for data with national security letters. In the 
period covered by the report, the number of NSL requests has ranged 
from approximately 40,000 to 60,000 per year and we have requested 
information on less than 20,000 persons per year. For a variety of 
reasons that will be discussed below, those numbers are not exact. 
Nevertheless, they, for the first time, allow the public to get some 
sense of the order of magnitude of these requests; there are a 
substantial number of requests, but we are not collecting information 
on hundreds of thousands of Americans.
    There are three findings by the OIG that are particularly 
disturbing, and it is those three findings that I wish to address this 
morning: (1) inaccurate reporting to Congress of various data points we 
are obligated to report relative to NSLs; (2) the use of so-called 
exigent letters that circumvented the procedures required by ECPA; and 
(3) known violations (both previously self-reported by FBI and not 
previously reported) of law and policy with regard to usage of NSLs.

                        CONGRESSIONAL REPORTING

    A finding of the report that particularly distresses me is the 
section that addresses the inaccuracies of the numbers we report to 
Congress. That responsibility lies with my division, and we did not do 
an acceptable job. The process for tabulating NSLs simply did not keep 
up with the volume. Although we came to that realization prior to the 
OIG report and are working on a technological solution, that 
realization came later than it should have.
    At some point several years before my tenure at the FBI began, our 
process for tracking NSLs for Congressional reporting purposes shifted 
from a totally manual process, where NSL data was written on index 
cards, to a standalone Access database. This database is referred to in 
the OIG report as the OGC database. While the OGC database was a giant 
technological step forward from 3 x 5 index cards, it is not an 
acceptable system given the significant increase in use of NSLs since 
9/11. First and foremost, the OGC database is not electronically 
connected to ACS, the system from which we derive the data. Instead, 
there is a manual interface between ACS and the OGC database. An OGC 
employee is responsible for taking every NSL lead that is sent to OGC 
and manually entering the pertinent information into the OGC database. 
Nearly a dozen fields must be manually entered, including the file 
number of the case in which the NSL was issued (typically 15 digits and 
alphanumeric identifiers).
    Approximately a year ago we recognized that our technology was 
inadequate and began developing an automated system to improve our 
ability to collect this data. The system, in addition to improving data 
collection, will automatically prevent many of the errors in NSLs that 
we will discuss today. We are building an NSL system to function as a 
workflow tool that will automate much of the work that is associated 
with preparing NSLs and the associated paperwork. The NSL system is 
designed to require the user to enter certain data before the workflow 
can proceed and requires specific reviews and approvals before the 
request for the NSL can proceed. Through this process, the FBI can 
automatically ensure that certain legal and administrative requirements 
are met and that required reporting data is accurately collected. For 
example, by requiring the user to identify the investigative file from 
which the NSL is to be issued, the system will be able to verify the 
status of that file to ensure that it is still open and current (e.g. 
request date is within six months of the opening or an extension has 
been filed for the investigation) and ensure that NSLs are not being 
requested out of control or administrative files. The system will 
require the user to separately identify the target of the investigative 
file and the person whose records are being obtained through the 
requested NSL, if different. This will allow the FBI to accurately 
count the number of different persons about whom we gather data through 
NSLs. The system will also require that specific data elements be 
entered before the process can continue, such as requiring that the 
target's status as a United States Person or non-United States Person 
be entered. The system will not permit requests containing logically 
inconsistent answers to proceed.
    The NSL system is being designed so that the FBI employee 
requesting an NSL will enter data only once. For example, an agent or 
analyst who wishes to get telephone toll billing records will only have 
to prompt the system that he is seeking an ECPA NSL for toll records 
and type the telephone number once. The system will then automatically 
populate the appropriate fields in the NSL and the authorizing EC. The 
system will then generate both the NSL and the authorizing EC for 
signature, thereby ensuring that the two documents match exactly and 
minimizing the opportunity for transcription errors that give rise to 
unauthorized collections that must be reported to the Intelligence 
Oversight Board (IOB). Agents and analysts will still be required to 
provide the narrative necessary to explain why the NSL is being sought, 
the factual basis for making a determination that the information is 
relevant to an appropriately predicated national security 
investigation, and the factual basis for a determination whether the 
NSL should include a non-disclosure provision. In addition, this system 
will have a comprehensive reporting capability.
    We began working with developers on the NSL system in February 2006 
and we are optimistic that we will be able to pilot it this summer and 
roll it out to all field offices by the end of the year. At that point, 
I will be confident the data we provide to Congress in future reports 
is as accurate as humanly possible.
    In the meantime, we are taking several steps to correct the numbers 
we have previously reported. First, we are making data corrections in 
our database. Through a computer program, we have identified all 
entries that must be erroneous because there is an apparent error in 
the entry (e.g., there are more NSLs reported than requests; the date 
shows a year that is impossible (203)). We are manually reviewing those 
entries and making corrections. We have also started a random sampling 
of ten percent of the total entries in the OGC database which contains 
approximately 64,000 entries. Those entries will be manually checked 
against ACS. We will determine whether there is a significant 
difference between the entries in our database and the actual 
information in ACS. To the extent there is a difference, that will be 
the factor that will be used to correct our prior reporting. While not 
yielding an exact count, we believe that to be a statistically 
appropriate way of correcting prior reporting. We have discussed this 
methodology with the OIG and will offer it the opportunity to review 
our work. We are striving to have corrected reports to Congress as soon 
as possible.
    As with the other shortcomings identified by the OIG, there was no 
finding of an intent to deceive Congress concerning our use of NSLs. In 
fact, as noted, we identified deficiencies in our system for generating 
data prior to the initiation of the OIG's review and flagged the issue 
for Congress almost one year ago. While we do not know the extent of 
the inaccuracies in past reporting, we are confident that the numbers 
will not change by an order of magnitude.

                            EXIGENT LETTERS

    The next significant finding of the OIG involved the use within one 
unit at Headquarters of so-called ``exigent letters.'' These letters, 
which numbered in excess of 700, were provided to telephone companies 
with requests for toll billing information regarding telephone numbers. 
All of the letters stated that there were exigent circumstances. Many 
of the letters stated that federal grand jury subpoenas had been 
requested for the records even though in fact no such request for grand 
jury subpoenas had been made, while others promised future national 
security letters. From an audit and internal control perspective, the 
FBI did not document the nature of the emergency circumstances that led 
it to ask for toll records in advance of proper legal process, did not 
keep copies of all of the exigent letters it provided to the telephone 
companies, and did not keep records showing that it had subsequently 
provided either the legal process promised or any other legal process. 
Further, based on interviews the OIG conducted, some employees 
indicated that there was not always any emergency relating to the 
documents that were sought.
    OGC has been working with the affected unit to attempt to reconcile 
the documentation and to ensure that any telephone record we have in an 
FBI database was obtained because it was relevant to an authorized 
investigation and that appropriate legal process has now been provided. 
As of late last week, there were still a small handful of telephone 
numbers that had not been satisfactorily tied to an authorized 
investigation. If we are unable to determine the investigation to which 
those telephone numbers relate, they will be removed from our database 
and destroyed.
    The OIG rightfully objected to the FBI obtaining telephone records 
by providing a telephone carrier with a letter that states that a 
federal grand jury subpoena had been requested when that was untrue. It 
is unclear at this point why that happened. The Director has ordered a 
special inspection in order to better understand the full scope of 
internal control lapses.
    We also concur with the OIG that it is inappropriate to obtain 
records on the basis of a purported emergency if, in fact, there is no 
emergency. We continue to believe, however, that providers had the 
right to rely on our representation that there was an emergency and 
that the ``exigent letters''--had they been issued only when there was 
an exigent circumstance and had they correctly identified the legal 
process that would follow--would have been an appropriate tool to use.
    In response to the obvious internal control lapses this situation 
highlights, changes have already been made to ensure that this 
situation does not recur. Any agent who needs to obtain ECPA-protected 
records on an emergency basis must now do so pursuant to 18 U.S.C. 
2702. Section 2702(c)(4) permits a carrier to provide information 
regarding its customers to the government if the provider in good 
faith, believes that an emergency involving danger of death or serious 
physical injury to any person requires disclosure without delay of 
information relating to the emergency. A request for disclosure 
pursuant to that statute generally must be in writing and must clearly 
state that the disclosure without legal process is at the provider's 
option. The letter request must also set out the basic facts of the 
emergency so that the provider can make some assessment whether it 
concurs that there is an emergency.

                  INTELLIGENCE OVERSIGHT BOARD PROCESS

    The OIG also examined misuse of NSLs that had been reported (and 
some that had not been reported) as part of the IOB process. As this 
committee knows, pursuant to Executive Order 12863 the President has an 
Intelligence Oversight Board that receives from the agencies in the 
intelligence community reports of intelligence activities that the 
agency believes may have been unlawful or contrary to Executive Order 
or Presidential Directive. This language is interpreted by the FBI and 
DOJ to mandate the reporting of any violation of a provision of the 
Attorney General's Guidelines for FBI National Security Investigations 
and Foreign Intelligence Collection if such provision is designed to 
ensure the protection of individual rights.
    The FBI requires its employees to report any violations of law or 
policy about which they are aware. We encourage employees to err on the 
side of reporting so that we can be sure that all violations are 
appropriately reported. In terms of process, all potential violations 
(called PIOBs--or potential intelligence oversight board violations) 
are reported to OGC. Lawyers within OGC are responsible for 
``adjudicating'' the violation--that is, determining whether the PIOB 
is an actual Intelligence Oversight Board violation. If it is, a report 
is made to the IOB, a copy is provided to DOJ and a copy is provided to 
the FBI's Inspection Division. If the violation involved intentional 
misconduct, the Inspection Division will determine whether the matter 
should be referred to the Office of Professional Responsibility for 
discipline.
    The OIG found that from 2003 through 2005, the FBI had self-
reported 26 potential violations involving NSL authorities. Of the 26, 
OGC adjudicated 19 to be violations and reported them. The OIG agreed 
with each of those determinations. Of the 7 PIOBs that OGC determined 
were not violations, the OIG agreed with all but one. As to the one 
determination about which we disagreed, upon re-review, the FBI 
concurred with the OIG that it was a violation that should have been 
reported and it has since been reported to the IOB. These 20 violations 
included: third party errors (4), NSLs issued when the authority for 
the investigation had lapsed (3), obtaining ECPA-protected records 
without any legal process (3) and obtaining a full credit report in a 
counterintelligence case (1).
    The OIG also found, however, a number of potential IOBs in the 
files it examined that had not been reported to OGC for adjudication. 
Although press accounts of the reports have implied that the OIG found 
massive abuses of the NSL authorities by the FBI, a careful read of the 
report reflects a different set of facts. The OIG examined 293 NSLs--a 
reasonably small sample. The sample was a judgmental sample and the 
size was chosen because the audit was extremely labor intensive. We do 
not suggest that the sample was not a fair sample (although it was not 
random), but only that it is questionable from a statistical standpoint 
to attempt to extrapolate from a very small sample to an entire 
population. Moreover, there was wide variation in the number of 
purported unreported violations from different field offices. The OIG 
found 8 potential violations that were unreported in files in both the 
Philadelphia and Chicago field offices, but only 2 unreported potential 
violations from files in New York and 4 from San Francisco. We are 
doing additional follow-up work, but the wide variance between field 
offices may be a function of the very small sample, or it may indicate 
that the percentages of potential errors detected are not constant 
across all field offices.
    Setting aside questions about whether the sample is representative, 
I urge you to look closely at the numbers before arriving at the 
conclusion that there is a systemic problem concerning the use of NSLs. 
Of the 293 NSLs the OIG examined, 22 (7%) were judged to have potential 
unreported IOB violations associated with them. Moreover, of that 7%, 
10--or almost 50%--were third party errors--that is, the NSL recipient 
provided the FBI information we did not seek. Only 12 of the NSLs 
examined--4%--had mistakes that the OIG rightfully attributes to the 
FBI.
    Examining the 12 potential errors that were rightfully attributed 
to the FBI reveals a continuum of seriousness relative to the potential 
impact on individual rights. Four (or just over 1% of the sample) were 
serious violations. Specifically, two of the violations involved 
obtaining full credit reports in counterintelligence investigations 
(which is not statutorily authorized), one involved issuing an NSL when 
authorization for the investigation to which it related had lapsed, and 
one involved issuing an NSL for information that was arguably content, 
and therefore not available pursuant to an NSL. (In the latter case, 
the ISP on which the NSL was served declined to produce the requested 
material so there was, in fact, no collection of information to which 
we were not entitled.) The balance of the 12 potential violations 
identified by the OIG do not, in our view, rise to the same level of 
seriousness as those 4. The remaining 8 involve errors that are best 
characterized as arising from a lack of attention to detail, and did 
not result in the FBI seeking or obtaining any information to which it 
was not entitled. Those 8 potential violations involved errors such as 
using the wrong certification language in an NSL (although the 
appropriate certification is not materially different) and having the 
NSL and the EC seeking the NSL not entirely consistent. We do not 
excuse such lack of attention to detail, but we do not believe that 
such mistakes result in or cause a risk to civil liberties.
    In short, approximately 1% of the NSLs examined by the OIG had 
significant errors that were attributable to FBI actions and that had 
not been, but should have been, reported as PIOBs.
    While a 1% error rate is not huge, it is unacceptable, and we have 
taken steps to reduce that error rate. First, we are very concerned 
that of all the potential IOBs involving mistakes in NSLs attributable 
to the FBI (whether previously reported or not), 3 involved the same 
mistake: namely, issuing an NSL for a full credit report in a 
counterintelligence investigation. In order to ensure that this 
particular error is fully rectified, the FBI ordered all field offices 
to examine all counterintelligence files in which Fair Credit Report 
NSLs have been issued since January 1, 2002 in order to ascertain 
whether the file contains a full credit report. If it does, the credit 
report must be removed from the file, sequestered with the field 
office's attorney, and a PIOB must be reported to OGC. The results from 
that search are due to headquarters by April 16, 2007.
    Several other steps we have taken will, we believe reduce the 
likelihood that the FBI will commit the other mistakes in the future. 
First, as indicated previously, the FBI is developing an automated 
system to prepare NSLs and their authorizing ECs. That system will 
reduce to zero mistakes such as having the wrong certification language 
or inconsistency between the NSL and the EC. It will also ensure that 
the investigative file out of which the NSL is being issued is open. 
Finally, it will ensure that an NSL for a full credit report cannot be 
issued out of a counterintelligence file.
    Other changes to FBI policy have been made that we believe will 
facilitate better handling of IOBs and also reduce errors that lead to 
IOBs. First, last fall we provided comprehensive advice to the field 
regarding its responsibility towards information obtained as a result 
of third party errors. That guidance requires all such information to 
be sequestered and reported to OGC as a PIOB. If the ``over collected'' 
information is irrelevant to the investigation (e.g., the telephone 
company transposed a number and provided us records on the wrong 
telephone account), then it will be destroyed or returned. No such 
information should be entered into FBI databases. If the information is 
relevant to the investigation but simply not within the four corners of 
the NSL, then the information must be sequestered until a new NSL has 
been issued for the extra data. After the new NSL has been issued, the 
information can be entered into FBI databases.
    Secondly, we have collected all the rules and policies on NSLs into 
one document which will be disseminated to the field. Those rules now 
mandate that, until the deployment of the automated NSL system, all 
NSLs and ECs be prepared from the exemplars that are provided on OGC's 
website. That should eliminate many of the mistakes identified by the 
OIG.
    All of these rules will, of course, only reduce or eliminate errors 
if they are followed. The OIG's report has highlighted for us that 
there must be some sort of auditing function--above and beyond the IOB 
process--to systematically ensure that these rules, as well as others 
that govern our activities in national security investigations are 
followed. The FBI has historically been very good at establishing 
policy and setting rules, but we have not been as proactive as we 
should have been in establishing internal controls and auditing 
functions.
    The full parameters of the compliance program have not been set, 
although these aspects have been: the Inspection Division with 
participation of DOJ's National Security Division and Privacy and Civil 
Liberties Office is in the process of a special inspection of NSL usage 
in all 56 field offices and headquarters. That inspection should 
uncover any other significant problems with our use of this tool but 
should also tell us whether there are variances between offices in 
terms of the numbers and types of errors. The results of the inspection 
will then inform the program that the Attorney General announced of 
having teams of DOJ lawyers, FBI lawyers and the Inspection Division 
periodically audit field offices' use of NSLs. That process will begin 
in April and should result in at least 15 offices being audited this 
year. We are also considering other proactive compliance programs in 
order to develop a program that ensures, to the maximum extent 
possible, that the rules and policies designed to protect privacy and 
civil liberties are faithfully adhered to by all of our employees, that 
we promptly identify and correct any violations of law or policy, and 
that any information collected erroneously is removed from FBI 
databases and destroyed. In addition, a working group co-chaired by the 
Office of the Director of National Intelligence and the CPCLO has been 
convened to examine how NSL-derived information is used and retained by 
the FBI. The FBI and DOJ's National Security Division will have a 
representative on this working group. We welcome the Committee's input 
as we move forward on these initiatives.
    The FBI is acutely aware that the only way that we can achieve our 
mission of keeping the country safe is if we are trusted by all 
segments of the American public. With events like the London terror 
attacks of 2 years ago and the Canadian plot to use fertilizer bombs to 
destroy buildings in Canada in 2006, we have all become worried about 
the risk of a catastrophic attack from home grown terrorists. Our 
single best defense against such an attack is the eyes and ears of all 
Americans--but particularly of those segments of the population in 
which the risk of radicalization is at its highest. We need people in 
those communities to call us when they hear or see something that looks 
amiss. We know that we reduce the probability of that call immeasurably 
if we lose the confidence of those segments of the population. That is 
one of the reasons that we are looking for ways to assure all Americans 
that we are respectful of individual rights, including privacy rights, 
and that we use the tools that have been provided to us consistent with 
the rules set out by Congress.
    I appreciate the opportunity to appear before the Committee and 
look forward to answering your questions.

    Mr. Conyers. Well, General Counsel Caproni, I want to thank 
you for your candor and forthcomingness in coming before us 
today, and we will include the rest of your testimony, of 
course.
    Now let me begin the questioning, and I thank both the 
witnesses.
    Inspector General Fine, I am curious as to how you have 
come to the conclusion that these errors that have been 
reported and that bring us to this chamber were sloppy--the 
results of sloppy bookkeeping, recordkeeping or compliance with 
the law, but none of it was intentional.
    How could that be if they have known about these excesses 
since the year 2004, and their Communications Analysis Unit 
warned them about it in early 2005, and we have something like 
at least over 700 Exigent Letters and somewhere in the 
neighborhood of 40,000 to 50,000 NSL letters for 3 years?
    Mr. Fine. Let me separate some of those issues.
    I do not believe that they intended to go out and to obtain 
information that they knew they could not obtain and said, ``We 
are going to do it anyway.''
    I think what they did was complete carelessness; they did 
not follow the rules, did not follow appropriate procedures, 
and obtained information that they could have obtained properly 
but by taking shortcuts. Now, we did not do a review to ask 
everybody what was in their minds and what exactly they did, 
but we saw instances where people just simply did not follow 
the rules and did not take appropriate action.
    Mr. Conyers. But they were being warned. This did not just 
come up recently. This goes back to 2004.
    Mr. Fine. In 2004, it is correct that attorneys in the 
Office of General Counsel had concerns about the Exigent 
Letters and were not saying ``stop it,'' but were saying ``we 
need to take different measures to issue these letters.''
    Mr. Conyers. Do you think that the law was so complicated 
that people in good faith just could not figure out what it was 
we were requiring?
    Mr. Fine. I think what they did was inappropriately take a 
model from another context and apply it to this context, which 
was wrong--it clearly was--and that they did not think 
carefully, and they did not take appropriate actions. Now, I 
know that the FBI is conducting a special inspection to look at 
exactly what everybody knew and when they knew it and why they 
took the actions that they did. We did not do that kind of 
review. We did not ask everybody up and down the line, and it 
is possible that people had motivations that were not 
appropriate.
    Mr. Conyers. But there is no way we can tell. There is no 
way I can tell, but there is no way you can tell either.
    Mr. Fine. It is true that we did not do a performance 
review of every individual, so I think that is an appropriate 
point, Mr. Chairman--I really do--and I do think it is 
incumbent upon the FBI to go back and look and see exactly what 
people were doing, at what stages, and why they did, what they 
did and take appropriate action to hold people accountable.
    Mr. Conyers. Now, do you make a distinction between the 
National Security Letters and the Exigent Letters in terms of 
the severity of the offense that brings us here today?
    Mr. Fine. I think I do. I think the Exigent Letters were 
the most troubling aspect of this.
    Mr. Conyers. And why is that?
    Mr. Fine. Because there is a process in the law to allow 
voluntary disclosures from these telephone companies if there 
is a true emergency, and we believe the FBI should have 
followed that voluntary process. Instead, they went with these 
Exigent Letters, which they used in a different context, and 
applied it to this context which, in our view, was 
inappropriate.
    With regard to the National Security Letters, there were 
many of them, and many of them did comply with the requirements 
of the law. We saw, and we tried to do a review to see how many 
did not. We found a significant number did not, but with regard 
to the Exigent Letters as a whole, that whole practice was very 
troubling to us in and of itself.
    Mr. Conyers. Now, are you satisfied with the steps that 
have been described here today by the General Counsel in terms 
of how we clean this mess up?
    Mr. Fine. Well, we have been briefed by the Department and 
the FBI about the steps they are taking. I think they are 
taking this seriously, but I am not in a position right now to 
say, ``I am completely satisfied. I trust all this.'' We need 
to see what happens with these steps, see whether there are 
concerted efforts over time, to see whether they really are 
adequately implemented. So I cannot say right now that they 
have done all they can, but I think they are taking important 
steps and taking this very seriously.
    Mr. Conyers. I thank you so much.
    I recognize Lamar Smith.
    Mr. Smith. Thank you, Mr. Chairman.
    Mr. Chairman, I am hoping my first question will not count 
against my time.
    Mr. Fine, I noticed, in reading your bio that when you were 
a senior in college and co-captain of the basketball team you 
were recruited by the San Antonio Spurs. They happen to be my 
hometown team. My question is this: Don't you regret not 
playing for the Spurs rather than becoming a Rhodes scholar and 
graduating from Harvard Law School?
    Mr. Conyers. The gentleman's time has expired.
    Mr. Fine. Congressman, I was drafted in the 10th round by 
the San Antonio Spurs, and if I were maybe a little taller than 
59", I might have had a chance to play. So I do not really 
regret that my future was in the law rather than in 
professional basketball. But I tell people who do not believe I 
actually played basketball when they see me at 59" that before 
I started this job as the IG I was 69".
    Mr. Smith. A very good answer.
    Mr. Fine and Ms. Caproni, let me address a more serious 
question to both of you, and it is this. We have unearthed 
these problems that are recognized and that are being dealt 
with, and some of the reasons for those problems have already 
been seen, and the practice has been discontinued, but my 
question is this:
    Do you all feel that the problem is with how the law was 
enforced rather than with the law itself? In other words, if 
the law were carried out as intended, doesn't that solve our 
problem? Mr. Fine first.
    Mr. Fine. Congressman, I am really not in a position to say 
what the law should be or if there should be modifications to 
the law.
    What my job is is to look at the law and to look at the 
application of the law and to see the problems that occurred. I 
do believe that if the FBI had assiduously and carefully 
applied the law, we would not have seen as many problems as we 
have, and it really was unacceptable and inexcusable what 
happened here.
    Mr. Smith. Ms. Caproni.
    Ms. Caproni. From our perspective, the problem is not with 
the law, although I would note that unlike other areas that our 
agents, where they get these sorts of records, there are very 
specific rules, and they have to win through those rules. That, 
in my sense, is our responsibility as the lawyers to make sure 
that the agents understand what they can do and what they 
cannot do.
    Again, there is no doubt that the problem with the National 
Security Letters was a colossal failure on our part to have 
adequate internal controls and compliance programs in place. 
The laws, themselves, provide us with a needed tool, and it is 
a tool that we should use responsibly.
    Mr. Smith. Okay. Thank you.
    Mr. Fine and Ms. Caproni, why are National Security Letters 
important in our investigation of terrorism?
    Ms. Caproni. They are critical. National Security Letters 
provide us the basic building blocks that we need to build an 
investigation. For those of you who had prior criminal AUSA 
experience--and I know a number of you did--you are used to 
issuing grand jury subpoenas to obtain telephone records and 
banking records. Frequently in terrorism investigations, we do 
not have an open criminal investigation. In fact, that was one 
of the things that the 9/11 Commission really encouraged us to 
do and that this Committee encouraged us to do and the 
intelligence Committees, to move more--when we are thinking 
about a terrorism case, to move from simply a criminal mindset 
to thinking in an intelligence mindset. So a National Security 
Letter is the tool that we use in order to get the basic 
building blocks of those investigations, again, like phone 
records for almost every terrorism case, financial records when 
we are building terrorism financing cases. So, without National 
Security Letters, our national security investigations would 
really be stopped before they even got started.
    Mr. Smith. Okay. Thank you.
    Mr. Fine.
    Mr. Fine. I do think that they are important investigative 
tools. They can connect terrorist individuals with terrorist 
groups. They can find out where terrorist financing can occur. 
They are indispensable in counterintelligence investigations. 
And the FBI did tell us, from folks in the field to 
headquarters, how important they were to the investigations and 
showed us examples of that. I have said that I think they are 
important. There also needs to be important checks on these 
tools because they are intrusive, and there is information that 
is obtained and retained for significant periods of time, and 
so while they are important investigative tools, there also 
needs to be appropriate checks on them as well.
    Mr. Smith. Mr. Fine, in your conclusions--it is the second 
one--you say, ``In most but not all of the cases we examined in 
this review, the FBI was seeking information that it could have 
obtained properly through National Security Letters.''
    What percentage would you guess is that? In other words, 
what percentage of the problems could have been resolved if 
they had obtained National Security Letters?
    Mr. Fine. We found instances, a few instances, where they 
obtained information inappropriately and could not have used 
a----
    Mr. Smith. How many of the 739 would you guess that is?
    Mr. Fine. Well, the 739 is hard to tell because they could 
not tie them to appropriate investigations all the time, and 
there were many times where they could not tell us it was an 
emergency, so I do not know how many in the 739. That is the 
most troubling aspect of it.
    With regard to the others, the National Security Letters in 
the files we reviewed, I would say we found about seven where 
there were illegal uses of them, where the FBI was attempting 
to obtain information through confusion, through error, of 
information that they were not entitled to obtain through a 
National Security Letter, either an educational record or 
obtaining information on a full credit report in a 
counterintelligence case, which they are not allowed to obtain, 
or not using it in NSL----
    Mr. Smith. You said seven times?
    Mr. Fine. Seven of the reviews that we found and we found 
in our--seven of the individual ones, and as you will recall, 
we did not do a review of every NSL that was issued. We did a 
small sample of them.
    Mr. Smith. Okay. Thank you, Mr. Fine.
    Thank you, Mr. Chairman.
    Mr. Conyers. Thank you very much.
    The gentleman from New York, Jerry Nadler.
    Mr. Nadler. Thank you.
    Well, Mr. Fine, I suppose. You state in your report that 
there were no intentional violations of NSL policy procedure, 
that these were basically carelessness but that there were no 
intentional violations, no crimes.
    Mr. Fine. Correct.
    Mr. Nadler. Okay, but we also read in the report that 
agents intentionally went around the statute to provide phony 
information requests to telephone companies based on false 
statements.
    For example, the FBI's Communications Analysis Unit went 
around the NSL statute because it felt that the statute was 
insufficient and contracted with the telephone companies to 
access information directly. These contracts were approved by 
the Office of General Counsel and were exploited by issuing 
Exigent, or emergency, Letters. Well, let me ask the General 
Counsel.
    What is the statutory basis for an Exigent Letter? As far 
as I can tell, there is no basis for it.
    Ms. Caproni. Well, under 2702, we have the authority to get 
records from a phone company in an emergency circumstance 
without a National Security Letter. The Exigent Letters were 
undoubtedly inappropriate shortcuts to the process, though.
    Mr. Nadler. Well, under 2702, if you were going to get 
information in an emergency, what do you have to do?
    Ms. Caproni. You simply have to tell the carrier that there 
is an emergency. We recommend that you explain to the carrier 
what the emergency is, and it is then up to the carrier to 
decide whether or not to provide us records. So it is not a 
compulsive system.
    Mr. Nadler. Not compulsive, but of course, the carrier has 
no particular interest in protecting--if you are looking at my 
records or if you want my records, for example, the phone 
company has no particular interest in protecting my privacy 
rights, and I will never find out about it, so I cannot go to 
court to protect them, correct?
    Ms. Caproni. I do not represent the carriers, but I would 
disagree with the theory that they have no particular interest 
in protecting your records. In fact----
    Mr. Nadler. What is their interest?
    Ms. Caproni. In fact, the carriers were diligent in making 
sure that any record they gave to us they subsequently obtained 
a National Security Letter for.
    Mr. Nadler. Well, wait a minute. Mr. Fine's report says, in 
many, many instances, hundreds of instances, that that never 
happened.
    Ms. Caproni. As of right now, there are still some numbers 
that have not received National Security Letters to back up the 
requests.
    Mr. Nadler. But back up years later after the report, but 
that is backfilling, in other words, and that is certainly not 
evidence that the phone companies were diligent in seeking 
these things. That is saying that, after this report was done, 
someone said, ``Wow, we have got a problem on our hands. We had 
better go get these letters 4 years later or 3 years later.'' 
That is not evidence of what we are talking about.
    Ms. Caproni. Respectfully, even though I am not defending 
the practice, it is not the case that it was only after Mr. 
Fine's report came out that they were attempting to make sure 
that the paperwork documentation was appropriate for every 
record they obtained.
    Mr. Nadler. You think the paperwork documentation should be 
done as appropriate.
    Ms. Caproni. If it is not, the records will come out of our 
database and be destroyed.
    Mr. Nadler. In this morning's Washington Post, it says: 
Under past procedures agents sent exigent circumstances letters 
to phone companies seeking toll records by asserting there was 
an emergency. Then they were expected to issue a grand jury 
subpoena or national security letter which legally authorizes 
collection after the fact. Agents often did not follow up with 
that paperwork, the Inspector General's investigation found.
    The new instructions which, according to the Washington 
Post, were issued to the FBI tell agents there is no need to 
follow up with National Security Letters and subpoenas. The 
agents are also told that the new letter template is the 
preferred method in emergencies but that they may make requests 
orally with no paperwork sent to phone companies.
    In other words, it appears from this morning's Washington 
Post that instructions are now being given to the FBI not to 
bother with any backup documentation after an oral request to 
the phone company for records invading people's privacy.
    Ms. Caproni. Quite the contrary. The instructions are that 
if they get information based on an oral request--and just to 
give an example of when that might be appropriate, if a child 
has been kidnapped and the ransom call comes in----
    Mr. Nadler. Obviously, in those--I am not questioning the 
need in an emergency like that for getting records right away.
    Ms. Caproni [continuing]. And to get them on an oral 
request.
    Mr. Nadler. I don't doubt it. What I am questioning is 
that, according to today's Washington Post, the opposite of 
what the two of you are saying is the case and that now they 
seem to be saying we will take care of this lack of follow-up 
of documentation by simply declaring it unnecessary.
    Ms. Caproni. No, Congressman, that is not the policy. The 
policy now is that if a request is going to be made on an 
emergency basis for records, that has to be documented. It has 
to be documented in the first instance in the request. But if 
there is not time to do that so that you need an oral request, 
then that has to be documented to the file together with the 
approval for it. So it is, again, an internal control to avoid 
the problem that was existing, which was emergency had become a 
flexible----
    Mr. Nadler. Okay. One final question. That is to Mr. Fine. 
Just a quick clarification on accessibility of PIN numbers and 
Social Security numbers of individuals through this process.
    On page 73 of your report, there is a discussion of a 
potential Intelligence Review Board violation because an agent 
accessed a bank balance by getting a person's bank account and 
PIN number from the result of a FISA order. The agent was 
faulted for not using an NSL but was not faulted for the fact 
that the PIN number was readily available.
    The reason I flagged this is because this reference makes 
clear that through an NSO 215 order the Government can secretly 
obtain the PIN number for someone's debit or credit account----
    Mr. Conyers. The gentleman's time has expired. Finish.
    Mr. Nadler. What limits are there on this and what 
protections on this power to get PIN numbers and credit account 
numbers?
    Mr. Fine. The FBI can get bank records and records like 
that. There has to be predication for it and they have to show 
the need for that. That is one of the tools that the FBI has 
used and can use, as we pointed out. That is one of the reasons 
there needs to be controls on this.
    Mr. Conyers. The gentleman's time has expired.
    The Chair turns to the former Chairman, Jim Sensenbrenner 
from Wisconsin, whose letter to the Department of Justice first 
triggered the inquiries that have flown from this. I 
congratulate him and recognize him at this time.
    Mr. Sensenbrenner. Thank you very much, Mr. Chairman.
    Just by way of background, we did some oversight when I was 
the Chair of the Committee and received a letter in late 2005 
that indicated that there were problems with National Security 
Letters. The audit that the Inspector General conducted was as 
a result of a provision that I put in the PATRIOT Act 
reauthorization that required this audit to be made as well as 
a subsequent audit that Mr. Fine is doing that I am sure we are 
going to talk about extensively later when the report is 
issued.
    I would also like to point out that National Security 
Letters were not authorized by the initial PATRIOT Act in 2001 
but have been around since 1986 in legislation that was 
authored by Senator Patrick Leahy of Vermont, who is the 
Chairman of the Judiciary Committee on the other side of the 
Capitol.
    The PATRIOT Act reauthorization put in a number of civil 
liberty protections relative to National Security Letters 
because we knew that there were problems afoot and decided 
that, even though NSLs were not a part of the PATRIOT Act, that 
they needed to have civil liberties protections.
    I am proud of that work that this Committee did and 
eventually found its way into the PATRIOT Act Reauthorization 
Act, which was signed by the President in March of last year.
    One of the things, Ms. Caproni, that I am really concerned 
about is that the Justice Department and the FBI in particular 
have come to the Congress repeatedly over the last dozen years 
asking for administrative subpoena authority, meaning that 
subpoenas could be issued without judicial supervision. This 
Congress has repeatedly rejected each and every one of those 
requests.
    Now a National Security Letter is kind of like an 
administrative subpoena, although it is limited to the type of 
information that can be obtained. I would like to know from 
both of the witnesses whether the FBI simply turned around and 
used NSLs to get huge amounts of information after Congress 
said ``no'' again to administrative subpoena authority.
    Ms. Caproni. No, we didn't. National Security Letters are 
always focused on a particular case. There is no bulk 
collection via National Security Letters. And while our 
congressional reporting numbers are off, as Mr. Fine correctly 
found, they are not off by an order of magnitude. That is, we 
reported that we collected data on less than 20,000 people a 
year. While that number may go up, it is not going to go up to 
above 200,000.
    Mr. Sensenbrenner. How can you account for the fact that 
the number of NSLs that were issued before 9/11 was about 8,000 
plus per year and then it went up to 150,000? Do we have that 
many potential terrorists running around the country? If so, I 
am really worried.
    Ms. Caproni. I think it is a function of two things. First 
off, I think it is a function of the fact that post-9/11 a 
number of agents were moved into the counterterrorism area and 
the Director directed that no lead in a counterterrorism case 
would go unpursued. So there is a directive to agents that they 
must cover all counterterrorism leads. That is point one.
    I think point two was, because we were focusing much more 
on an intelligence-driven reaction to counterterrorism threats, 
the toolbox that we were using was focusing mostly on National 
Security Letters, as opposed to the prior reaction, which would 
have used grand jury subpoenas.
    Mr. Sensenbrenner. Mr. Fine.
    Mr. Fine. I agree with Ms. Caproni. Prior to the September 
11th attacks, it was rarely used. There were delays in getting 
them, and they were not following the leads that they would 
have followed after the 9/11 attacks.
    After the 9/11 attacks, they are attempting to connect the 
dots, attempting to track down leads. When there are 
indications from a terrorist overseas that there might be 
connections to the United States, they try and follow that.
    Mr. Sensenbrenner. My time is running out. I just make the 
observation that one of the things that gets people in this 
town in big trouble is overreaching. I think that, given your 
report, Mr. Fine, the FBI has had a gross overreach. What this 
does is it erodes support for the function that the FBI does to 
protect all of us from future terrorist attacks.
    I hope that this would be a lesson to the FBI that they 
can't get away with this and expect to maintain public support 
for the tools that they need to combat terrorism. Given the way 
the FBI has acted, I have my doubts. But let this be a warning.
    And my time is up.
    Mr. Conyers. The Chair recognizes the gentleman from 
Virginia, Bobby Scott.
    Mr. Scott. Thank you, Mr. Chairman.
    Mr. Fine, you suggested that there is some confusion in how 
to work these things, as I understand it, representations that 
there was an emergency, when in fact there was no emergency, 
and representations that grand jury subpoenas had been issued, 
when in fact they had not been issued. Is that right?
    Mr. Fine. That is correct.
    Mr. Scott. Has anyone been sanctioned?
    Mr. Fine. No. The FBI, as a result of this report, is going 
and looking at a special inspection to look at exactly what 
happened with this, how the problems occurred, and to determine 
accountability. I think that is appropriate.
    Mr. Scott. To your knowledge, no one has been sanctioned so 
far.
    Mr. Fine. Not yet, no.
    Mr. Scott. Okay. Ms. Caproni, you indicated that we need to 
change our mindset from criminal investigation to intelligence 
gathering.
    Ms. Caproni. I am saying that, post-9/11, that has been 
what the FBI has been charged with doing--really not thinking 
of our terrorism investigations as wholly criminal.
    Mr. Scott. Now when we use these letters, are we obtaining 
information regarding United States citizens?
    Ms. Caproni. Sometimes.
    Mr. Scott. That is a yes? Not always, but sometimes?
    Ms. Caproni. Correct. About half and half.
    Mr. Scott. You are using this mindset against United States 
citizens. When you get all this information like Social 
Security numbers and phone records, how long is this 
information retained?
    Ms. Caproni. The issue of retaining national security--data 
that is obtained via National Security Letters is subject to a 
working group that the DNI is chairing together with the 
Department of Justice and that we will participate on in terms 
of how long we should keep it. As of right now, it is subject 
to the normal archive rules, so we keep it for whatever the law 
under our archives requires, which is typically 20 years.
    Mr. Scott. Twenty years. Now how many criminal convictions 
have you gotten from NSL letters? How much information from NSL 
letters has resulted in criminal convictions for terrorism-
related offenses?
    Ms. Caproni. That was one of the questions that the IG was 
charged with answering, and I think deriving is very difficult. 
Because, while National Security Letters are typically used at 
the beginning of an investigation, we don't tag the data; and 
so tracing it through to know whether national security data 
started----
    Mr. Scott. Mr. Fine.
    Mr. Fine. We try, too, but you cannot tell how many 
convictions as a result of that. It is not specifically 
segregated or tagged. When we tried to follow through the 
system, it was very hard to do that. So I can't give you a 
number.
    Mr. Scott. If somebody said one, would that surprise you? 
Could you contest that number?
    Ms. Caproni. I would.
    Mr. Fine. I would think it would be higher, but I can't 
tell you one way or the other.
    Mr. Scott. What information is obtained through NSL letters 
that could not have been gotten through going through the 
normal FISA process, even in emergencies when there is an 
after-the-fact process with the FISA courts?
    Ms. Caproni. Anything that we can obtain through a National 
Security Letter could be obtained from a FISA 215 order.
    I would tell this Committee that I think if you change the 
law in that way, you would be doing grave disservice. It would 
essentially sink the system. We issue, as you can tell from the 
report, thousands of National Security Letters to get 
information. We do not have an infrastructure in place to take 
every one of those to court any more than an AUSA in any 
district has the infrastructure in place to go to court to get 
every grand jury subpoena. It is simply--we don't have the 
infrastructure to do that.
    Mr. Scott. So you are not getting information you couldn't 
get through FISA, but just administratively you would have a 
judge looking at what you are doing and not having a process 
that lacks oversight.
    Ms. Caproni. Congressman, under FISA--under the FISA 
statute, section 215 of the PATRIOT Act gave us the authority 
to get an order for any type of record.
    Mr. Scott. That is what we are talking about.
    Mr. Fine, did I understand that in these cases there is an 
actual ongoing investigation prior to issuing these letters or 
there is not an identifiable investigation ongoing when they 
issued the letters?
    Mr. Fine. It has to be tied to some investigative file. 
They have to open an investigative file or a threat assessment 
or preliminary inquiry or full inquiry. It has to be tied to 
one of those, and can't be issued out of a control file.
    Mr. Scott. That is what they are supposed to be doing. Are 
they doing that?
    Mr. Fine. We found there were instances of they were issued 
out of a controlled file.
    Mr. Scott. If there is no ongoing investigation, what is 
the standard for deciding when to issue one and when not to 
issue one?
    Ms. Caproni. The standard is that it has to be relevant to 
an authorized investigation. What Mr. Fine was talking about 
with the control files is, while it is a difficult situation to 
understand, those NSLs were in fact--they related to an 
authorized investigation. There was a bureaucratic problem, 
which nobody likes to hear. There is a bureaucratic problem, 
but there was a huge bureaucratic problem that we believe we 
have worked out. None of the NSLs that were issued out of 
control files did not relate to an authorized investigation. 
They all were tied to investigations that were appropriately 
open.
    Mr. Conyers. The distinguished gentleman from North 
Carolina, Howard Coble.
    Mr. Coble. I thank the Chairman.
    Good to have you all with us.
    Mr. Fine, your report recommends a number of changes on the 
FBI's use and tracking of National Security Letters. The 
Attorney General issued a press release on March 9th responding 
to those recommendations; and I presume each of you is familiar 
with that report, are you not, the March 9th report?
    Let me put this question to each of you: Will those 
recommendations submitted by the AG restore the FBI's 
accountability for its use of NSLs?
    Mr. Fine, start with you.
    Mr. Fine. I believe that the response to the 
recommendations and what the FBI and the Department is doing is 
appropriate. Is it sufficient? Is it all that needs to be done? 
I am not sure. We will have to see what the results of those 
steps are.
    We try to provide recommendations to ensure that these very 
important but sensitive tools are used in full accord with 
National Security Letter authorities, AG guidelines, and 
internal control policies. They hadn't been in the past.
    Mr. Coble. Ms. Caproni.
    Ms. Caproni. I think we are going to have to work to get 
the trust of this Committee back, and we know that is what we 
have to do, and we will do it.
    Mr. Coble. Can the FBI implement the Attorney General's 
directions within the 4 months when the AG has requested Mr. 
Fine to report on your progress?
    Ms. Caproni. I hope so. There are some that are going to 
require some interagency work, but certainly if not all will be 
implemented in 4 months, we will have made substantial 
progress.
    Mr. Coble. You may have addressed this earlier, Ms. 
Caproni, but let me put it to you in case you did not. Does the 
FBI have any discrepancy or challenge with the report that Mr. 
Fine has issued?
    Ms. Caproni. No, we accept the report. To the extent we had 
factual quarrels, we worked those out.
    Mr. Coble. You may not be able to respond to this. What do 
you think, Ms. Caproni, are the greatest obstacles that your 
office faces in implementing the AG's directions?
    Ms. Caproni. I think that any obstacles there are the 
Director is going to make sure are removed. I think it is 
time--it is energy and effort; and we are going to do it.
    Mr. Coble. I thank you both for being here.
    Mr. Chairman, if I may, I would like to submit for the 
record the March 9th press release submitted by the Attorney 
General.
    Mr. Conyers. Without objection, so ordered.
    [The information referred to is available in the Appendix.]
    Mr. Coble. I thank the Chairman. I yield back my time.
    Mr. Conyers. I ask the lady--don't sit down now. I ask you 
to please excuse yourself from this hearing. No visitors can 
interrupt a hearing in the Congress. Just a moment. Would the 
officers escort this lady out, please.
    The Chair recognizes the other distinguished Member from 
North Carolina, Mr. Mel Watt.
    Mr. Watt. Thank you, Mr. Chairman. I thank the Chairman for 
convening the hearing.
    Mr. Fine, I am looking on page 7 of your testimony in which 
you indicate that you reviewed 293 National Security Letters in 
77 files and found 22 possible violations that had not been 
identified or reported by the FBI, and I am trying to 
extrapolate that, although Ms. Caproni seemed to take some 
issue with whether that was a reliable sample.
    I am trying to assume for the moment that it is, without 
trying to figure out how many there would be of the total 
National Security Letters that were possible violations.
    My formula is I am starting with 143,000 National Security 
Letter requests on page 5. Would that be an appropriate place 
to start? Have you done the extrapolation for me?
    Mr. Fine. I haven't done it, but there are 143,000 
requests, and, as you know, a request--there can be multiple 
requests in a letter, so there are approximately 45,000 letters 
during the time period, with 143,000 requests. I think the 
starting point would be about 44,000 letters during the time 
period.
    Mr. Watt. And if you extrapolated the possible violation 
out, what would that come to, according to your math?
    Mr. Fine. If you are talking about 7 percent, approximately 
7 percent of the 293 had a violation, so 7 percent of 44,000 
would approximately be about 3,000.
    Mr. Watt. So you are telling me----
    Mr. Fine. That is quick math. I hope it is correct. I think 
it is.
    Mr. Watt [continuing]. That it is possible my FBI and my 
people who are supposed to be protecting my interest violated 
the law how many times?
    Mr. Fine. Well, I think there are possible violations of 
either the law, the Attorney General guidelines or the FBI's 
policies several thousand times, if you statistically 
extrapolate. It was a small sample. We didn't think it was 
skewed or biased. But if it held up through the entire 
population of files, several thousand, some more serious than 
others. But that is a lot.
    Mr. Watt. Ms. Caproni, why ought not our public be 
concerned about that kind of disregard of the law and internal 
process?
    Ms. Caproni. Well, I think the public should be concerned. 
We are concerned, and we are going to fix it.
    I would say, as Mr. Fine said, the sort of errors range 
sort of on a long continuum of seriousness. The most serious 
errors that Mr. Fine identified were obtaining full credit 
reports in counterintelligence cases. We had a----
    Mr. Watt. That is 7 of the 22 files where you say they were 
real serious violations. Extrapolate that out for me, Mr. Fine.
    Mr. Fine. Well, I think in Ms. Caproni's testimony she 
talked about the level of seriousness and which were FBI errors 
and which were company errors and came up with the figure that 
a little bit over 1 percent of them were serious violations 
involving FBI errors. If you extrapolate that to the entire 
population, that would be about 600 cases of serious FBI 
misconduct.
    Mr. Watt. Ms. Caproni, is there some reason that this 
Committee and the American public shouldn't be concerned about 
law enforcement violating the law 600 times?
    Ms. Caproni. We are quite concerned about this, 
Congressman; and we are making every effort to figure out where 
those errors are, to sequester the material, to pull it out of 
our files and to destroy it. We will----
    Mr. Watt. How many files have you all destroyed based on 
this investigation up to this point?
    Ms. Caproni. When we identify data that----
    Mr. Watt. Isn't that a number rather than an explanation?
    Ms. Caproni. Congressman, I don't know the number.
    Mr. Watt. Has the FBI destroyed any files up to this point 
based on this investigation?
    Ms. Caproni. We destroy data all the time when we discover 
it was improperly collected. So both outside of Mr. Fine's 
investigation and----
    Mr. Watt. Have you destroyed any files based on this 
investigation?
    Ms. Caproni. Again----
    Mr. Watt. Have you destroyed any file?
    Ms. Caproni. Not a file.
    Mr. Watt. Have you destroyed any information based on this 
investigation?
    Ms. Caproni. Yes.
    Mr. Watt. What have you destroyed?
    Ms. Caproni. The full credit reports that were obtained 
improperly, and I think there was also some telephone data.
    Mr. Watt. How many is that?
    Ms. Caproni. It is not much.
    Mr. Watt. In these 600 cases that you have identified as 
possible real serious areas, several hundred, do you intend to 
prosecute anybody for violating the law?
    Ms. Caproni. We will have to look at what the facts are. I 
am not going to pre-judge.
    Mr. Watt. How long is it going to take you to look at that?
    Mr. Conyers. The gentleman's time has expired.
    Ms. Caproni. The inspectors are in the field now, and I 
think they will have completed their inspection, which is a 
sampling process, but they will have completed it within a week 
or so.
    Mr. Watt. You have got a more reliable sampling process 
than Mr. Fine.
    Ms. Caproni. It is bigger, and it is across all field 
offices.
    Mr. Conyers. The gentleman from California, once an 
attorney general for his State, Dan Lungren.
    Mr. Lungren. Thank you very much, Mr. Chairman.
    Ms. Caproni, I was one of the ones who have defended the 
FBI and the Justice Department in the use of these as we went 
through legislation the last 2 years, and to say that I am 
disappointed doesn't give justice to what I feel about this.
    Mr. Fine has said that this is the result of mistakes, 
carelessness, confusion, sloppiness, lack of training, lack of 
adequate guidance and lack of adequate oversight. That sounds 
like a report about a first or second grade class. We are 
talking about agents of the FBI, who are lawyers in many cases, 
who have college degrees, who have other kinds of education. We 
are talking about people who have gone through the FBI Academy. 
We are talking about people who presumably have been trained to 
go into this.
    We are how many years past 9/11?
    In response to the question I believe it was of Mr.--I am 
not sure who asked you this, but whether you could get this 
done in 4 months, you said you hoped so. I hope you will 
deliver a message that we expect it will be done. Because I 
don't think if you can't get it done in 4 months you are going 
to have to worry about improving your procedures for NSLs 
because you probably won't have NSL authority.
    I just want to convey to you how upset many of us are who 
have defended this program and have believed it is necessary to 
the protection of our country and you in the FBI have an 
obligation to try to find out who the potential terrorists are 
but also to make good on the promise we have made to the people 
of America that the terrorists are not going to succeed by 
indirection what they can't do by direction. That is, to 
destroy the constitution.
    I just--I will tell you this. I talked with Mr. Mueller 
yesterday. Because I have known him for 30 years. He's Mr. Fix-
it. He goes in and fixes messes. He has done it all over this 
Government. I have seen his work in San Francisco. I have seen 
his work here at the Department of Justice. If I didn't know 
him, if I didn't know his record, if I didn't know he is the 
man we have put in many places to fix things, I would have no 
confidence in the FBI right now.
    So I hope you will deliver a message to all your people 
that it is not good enough to tell us you hope it is going to 
be done in 4 months. I hope you are going to deliver a message 
that it better be done in 4 months or you are not going to have 
NSLs to worry about. I have to say that as someone who supports 
them and will fight on the floor to have that authority given 
to you if there is proper oversight. But I probably won't get a 
majority of votes on the House floor if you don't fix it. So 
can you tell me you are going to do better than you hope to fix 
it in 4 months?
    Ms. Caproni. Congressman, you are absolutely right. Yes, it 
will be done.
    Mr. Lungren. I appreciate that.
    Now, Mr. Fine, you are the Inspector General for the FBI. I 
want to congratulate you on what you have done. We say we take 
some satisfaction in your carrying out the authority we gave 
you, but sometimes that doesn't happen, and we appreciate the 
job you have done here.
    Maybe you won't want to answer this question. Maybe you can 
help me. How do you explain carelessness, confusion, 
sloppiness, lack of training, lack of adequate oversight with 
the FBI? I just turned on television last night and watched one 
or two or three of these shows that always shows the FBI as 
being far better than local government. A little burr under my 
saddle, because I am a former AG of California. I appreciate 
the FBI, but how do you explain this? I am not sure what would 
be worse, frankly.
    At first, I was relieved that you said this and that it 
wasn't intentional action by the FBI. At least, we haven't 
found that. I would at first have been worried about that.
    Now, as I think about this, should I be more worried about 
the fact that the FBI now, in something as important as NSLs, 
has marks of carelessness, confusion, sloppiness, lack of 
training, lack of adequate guidelines and lack of adequate 
oversight? Is this exceptional in your experience in your 
oversight of the FBI?
    Mr. Fine. I think the FBI worked hard to get these 
authorities but didn't take it seriously enough putting in 
controls over these authorities. I think there is often a 
problem sort of between the receipt of the authority and the 
execution of that authority. That is clearly what happened 
here. We were very troubled by it.
    We have seen problems in the FBI in terms of information 
technology and trying to upgrade their information technology. 
We have seen problems, but they are--these are difficult tasks, 
and they are trying to do this as they are changing their 
mission, and, quite honestly, there really is no excuse for it.
    Mr. Lungren. Do you have any questions that the NSLs are of 
some value?
    Mr. Fine. Yes, I believe they are of value.
    Mr. Lungren. If we lost them, that would be a loss.
    Mr. Fine. I believe they are a valuable investigative tool 
to counterterrorism and counterintelligence investigations, and 
that is why it is so troubling.
    Mr. Lungren. We better fix it so we don't lose a tool that 
is truly effective.
    Mr. Fine. I think they need to fix it.
    Mr. Lungren. Thank you, Mr. Chairman.
    Mr. Conyers. The gentlelady from Texas, Sheila Jackson Lee.
    Ms. Jackson Lee. Mr. Chairman, again, my appreciation for 
your continuing effort of establishing transparency in 
Government.
    I welcome both of the witnesses here today and recount just 
limited history that troubles me as we find ourselves here 
today. I know the good intentions of the witnesses, but 
certainly I need not remind you of the era of McCarthyism and 
certainly that role law enforcement played in that misdirected 
era of the United States of America.
    As a young lawyer, I participated in the investigations 
into the assassination of Dr. Martin Luther King and John F. 
Kennedy right here in this Congress; and what was exposed was 
the extensiveness of the COINTELPRO of Dr. Martin Luther King--
wrongheadedness, as far as I am concerned--as relates to the 
utilization of protecting this country. A civil rights leader 
who happened to be outspoken against the heinous governmental 
acts of segregation, and all of a sudden he became a major 
target of the Federal Bureau of Investigation, with any number 
of officers, agents, if you will, probing and looking over 
paperwork that he might have generated.
    That smacks, as far as I am concerned, of where we are 
today, even though, Mr. Inspector General, you have indicated 
that it has been without malice, without intentions. And we all 
know that there is a phrase that says, a journey to a certain 
place is paved on that road with good intentions.
    So I am not very happy as to where we are today, because I 
argued vigorously about the extensive powers that we were 
giving to the President of the United States out of fear. One 
thing that the Constitution reminds us and certainly the 
Founding Fathers, who left a tyrannical society to be free, is 
that tyranny can get the best of us. Lack of control can get 
the best of us.
    So I ask to the General Counsel of the FBI, did you 
determine what percentages of those letters that were sent 
without National Security Letters generated into terrorist 
responses or terrorist incidences or terrorist prosecutions? I 
would be interested in that number. Why don't you just answer 
that yes or no. Do you have the percentage?
    Ms. Caproni. I do not.
    Ms. Jackson Lee. I would like to get the percentage, 
frankly.
    Ms. Caproni. The Director has ordered a special 
investigation of the whole exigent letter instance. We will 
brief this Committee when we have the results of that.
    Ms. Jackson Lee. I will join my colleague on the other side 
of the aisle. How quickly can you get that information? This is 
about protecting the Constitution and securing the homeland, 
two very important jurisdictional responsibilities; and I 
happen to serve on both Committees, Homeland Security and this. 
So my question is, how soon can you get those numbers? It makes 
a real difference to know whether you generated potential 
terrorist threats that would secure the homeland or whether or 
not the FBI was on a fishing expedition.
    Ms. Caproni. Congresswoman, let me assure you that the 
group was not on a fishing expedition. Having said that, I 
understand my assurance to this Committee at this point isn't 
worth a lot. The Inspection Division is conducting the inquiry. 
They know that they have to proceed quickly, but I regret I 
can't tell you when they are going to be done. I will make sure 
that the Director understands that you want it done as quickly 
as possible.
    Ms. Jackson Lee. Certainly we wish the Director well. We 
would have wanted to have him appear before this Committee, but 
we do wish him a speedy recovery.
    Ms. Caproni. Thank you. I will let him know that.
    Ms. Jackson Lee. Mr. Inspector General, I assume you will 
say to me that you don't speculate, but let me quickly ask you 
a question and will you be thinking, the General Counsel, on 
this question.
    The President signed on the PATRIOT Act a signing statement 
which indicated that he was going to interpret or have the Act 
interpreted in a manner consistent with the President's 
constitutional authority to supervise a unitary executive 
branch to withhold information. Just be thinking about that. I 
wanted to know, did that give you free ride. That is why I have 
legislation that indicates that agencies should not be running, 
I must say, amok because of signing statements.
    Mr. Inspector General, what you looked at and you said it 
has not been intentional--help me out--however, don't you 
believe there should be restraints put in place and might the 
PATRIOT Act be entirely too broad to even be a valuable tool 
that would restrain people in balancing both security and as 
well balancing civil liberties?
    Mr. Fine. I do believe that there need to be controls. I do 
believe that there needs to be a balance, a balance of 
effective tools to prevent terrorism, and at the same time 
effective controls on the use of those tools.
    What was most troubling to us was that those controls were 
not implemented and not followed. I share the concerns 
expressed by the Members of this Committee, and that is why we 
did the report.
    We were not restricted or limited in what we did, and I 
know there was a Presidential signing statement, but the 
Department did cooperate with us. We did provide the 
information that we had. We provided it in the most 
unclassified way we could, and the Department actually did 
unclassify a fair amount of this information so it could be 
fully aired. We also provided a classified report to this 
Committee and other Committees describing the additional 
information. So we did what we could to identify the problems 
in this program.
    Mr. Conyers. The gentleman from Florida.
    Ms. Jackson Lee. Mr. Chairman, can she answer yes or no on 
the signing statement? Would you indulge me?
    Ms. Caproni. The signing statement had absolutely no impact 
on how we secure letter authority.
    Mr. Conyers. The gentleman from Florida, Mr. Ric Keller.
    Mr. Keller. Thank you, Mr. Chairman.
    Ms. Caproni, let me begin with you. If the FBI didn't have 
National Security Letters as an investigative tool, you could 
get the same information via prosecutor through a grand jury 
subpoena or by going before a FISA court and getting a court 
order, isn't that correct?
    Ms. Caproni. Yes.
    Mr. Keller. The concern that you have with those two 
options is you essentially don't have the manpower. I think you 
said it would sort of sink the system.
    Ms. Caproni. I was responding to a suggestion that all of 
these should be obtained via court order. If that were the law, 
that would create substantial obstacles to our national 
security program.
    Mr. Keller. That is why you aren't using in all cases the 
grand jury subpoena or the FISA court orders, because you don't 
have the manpower power to do that and still do your 
investigations?
    Ms. Caproni. I would say it is perhaps slightly more 
nuanced than that. On grand jury subpoenas, there are cases 
where we don't have a criminal case open, so a grand jury 
subpoena is not an option. Further, the whole philosophy of 
making sure that we are thinking from an intelligence 
perspective rather than immediately cutting to the chase of a 
criminal investigation encourages agents to use national 
security tools versus criminal tools.
    Mr. Keller. Let me follow up, because the challenge we have 
is getting this in the strike zone. We want you to have this 
information that you need as an investigative tool, but we want 
there to be some sort of check on your authority. To use the 
grand jury subpoena, for example, to get my phone records, I 
have the ability to move to quash that subpoena and have a 
judge hear it.
    Ms. Caproni. Only if someone tells you the subpoena has 
been served, which is not the typical route of a grand jury 
subpoena.
    Mr. Keller. Before you went before a FISA court you would 
have a set of eyes through the FISA court judge looking at it, 
correct?
    Ms. Caproni. That is correct.
    Mr. Keller. In terms of using the National Security Letter, 
let's say you served it on my phone company. The phone company 
is not necessarily looking out for my personal privacy 
interests, and so there is not a set of eyes looking at it, at 
least from an individual perspective.
    Ms. Caproni. Again, that is the same as with a grand jury 
subpoena, correct.
    Mr. Keller. So all we have is our Inspector General as a 
check on the controls to make sure that you are applying it in 
an appropriate way.
    Ms. Caproni. I think this report has told us we internally 
have to do a far better job at making sure that we are 
maintaining internal controls over the use of this tool. I 
fully expect Mr. Fine to come back to visit us in future years 
and will dutifully take us to task if we have not accomplished 
that.
    Mr. Keller. Mr. Fine, imagine a housewife in Orlando, 
Florida. She does absolutely nothing relevant to terrorism or 
espionage, never met or spoken to a terrorist or spy. Based on 
your investigation, does she have any reason to worry about 
National Security Letters violating her privacy by looking at 
her phone records, bank records or Internet search records?
    Mr. Fine. I think that there are times when the FBI looks 
for telephone records of potential terrorists and looks to see 
who they have contacted or been in contact with. Could be 
advertent, could be intentional contact, could be inadvertent 
contact. As a result of that contact, there can be efforts to 
look and see what telephone numbers have been called.
    Now, if they had no contact whatsoever with the subject of 
a potential terrorist investigation, it is less likely that the 
records would be obtained here.
    Mr. Keller. In framing my question, I said, no contact, 
either written or spoken. So let me ask you, based on your 
investigation, were there any situations where you saw National 
Security Letters being used when there was no relevance 
whatsoever to international terrorism or espionage?
    Mr. Fine. We couldn't in our review look at all the 
investigative case files and say there was an adequate 
predicate. There wasn't. We looked at how they were used and 
whether on their face they were improper. So it is impossible 
for us to say that the relevancy standard was met.
    One thing we did find and I would note, this is that, in 
many cases, the counsel of the FBI field offices, either the 
Chief Division Counsel or Assistant Counsel, did not 
aggressively and independently look for that. And they are the 
ones who should be checking on that, they are the ones who need 
to ensure there is adequate predicate for this investigation. 
And we saw in many cases that that didn't happen that they 
acceded to the wishes or the arguments of the case agents or 
special agents in charge without independently and aggressively 
looking at that.
    Mr. Keller. One final question. Can you give us an example 
to help make your case, if you have one, as to what is a 
scenario where a National Security Letter is your best 
investigative tool because, for whatever reason, a grand jury 
subpoena or a FISA court order is insufficient?
    Ms. Caproni. Any time I would say that they were at the 
very beginning of an investigation; say, for example, after the 
London bombing when the British authorities provided us with 
telephone numbers of the British bombers. So we were looking to 
see if we have anyone in the United States that had telephone 
contact with the London bombers. In my view, the appropriate 
way to pursue that investigation is via National Security 
Letter.
    Mr. Keller. Because you wouldn't have time under the other 
options?
    Ms. Caproni. We wanted to know that very quickly; and, 
again, I think the American people would want us to know very 
quickly after the London bombings took place whether we had any 
cells or groups of people tightly related to the London 
bombers. So we needed to move very quickly; and, in fact, the 
investigators did move very quickly on that to figure how out 
who here was connected to there and was it an innocuous 
connection or a dangerous connection.
    Mr. Keller. My time has expired.
    Mr. Conyers. The distinguished gentlelady from Los Angeles, 
California, Maxine Waters.
    Ms. Waters. Thank you very much, Mr. Chairman.
    May I ask, were these witnesses sworn?
    Mr. Conyers. They were not.
    Ms. Waters. May I respectfully request that they be sworn 
in?
    Mr. Conyers. Too late.
    Ms. Waters. Then, Mr. Chairman, I suppose we are going to 
have to rely upon them, particularly the General Counsel, 
continuing to tell us that they are acting within the law.
    I shall proceed with my questions.
    Mr. Conyers. If the gentlelady will yield, false testimony 
before this Committee can constitute a violation in and of 
itself, a misstatement, any deliberate misstatements.
    Ms. Waters. Well, I would have preferred that they be under 
oath, but--however, the Chair has made that decision; and I 
shall proceed.
    Let me just ask about the use of these exigent letters. As 
I understand it, these letters are used basically to get around 
having to get the NSL letters; is that right, Mr. Fine?
    Mr. Fine. These letters were used in advance of or in lieu 
of National Security Letters, that is right.
    Ms. Waters. There was information collected as a result of 
these letters, particularly the operation I believe that was 
set up with the contract with the three telephone companies or 
telecommunications companies; is that correct?
    Mr. Fine. Well, there were contracts with the telephone 
companies so that they would provide information to the FBI on 
an expedited basis.
    Ms. Waters. Ms. Caproni, do you still have contracts with 
those telephone companies, any other telephone companies, or 
any other private businesses to supply you information in the 
manner that those companies did?
    Ms. Caproni. We continue to have contracts with the 
telephone carriers that obligate us to provide them with 
appropriate process to get records.
    I can't answer the balance of your question. I don't know 
if we have other contracts with other private parties. The 
telephone companies it made sense, because of the volume of our 
request.
    Ms. Waters. How much are the taxpayers paying the telephone 
companies, that they pay to provide them services to spy on us?
    Ms. Caproni. I don't know what the dollar value of the 
contracts are.
    Ms. Waters. You have no idea?
    Ms. Caproni. I actually don't.
    Ms. Waters. You have never heard any discussion about it?
    Ms. Caproni. I am sorry, I don't. I just don't know the 
amount.
    Ms. Waters. Information was collected on millions of 
Americans using this as a tool. Now that you know that they are 
were innocent, they probably should not have been under 
investigation. Has all of this information been purged and 
gotten rid of?
    Ms. Caproni. We did not collect records on millions of 
Americans?
    Ms. Waters. How did it work then?
    Ms. Caproni. The exigent letters were provided to the 
carriers, which promised future process. That future process, 
unfortunately, was not always promptly provided.
    Ms. Waters. What did they do?
    Ms. Caproni. Who do?
    Ms. Waters. The companies. How did they mine the 
information and did they mine information of innocent people?
    Ms. Caproni. The carriers provided us with toll billing 
information, which was then placed into our databases. There is 
no connection between their databases and our databases. The 
information comes out electronically and moves into ours.
    Again, we are talking about--I believe the number of 
numbers at issue, according to the Inspector General, is 
somewhere in the neighborhood of 3,000. It is my belief, 
though--again, we will have to wait and see what the special 
inspection finds--that all of those numbers were tied to 
authorized investigations. To the extent any were not, the 
records will be removed from our databases and destroyed.
    Ms. Waters. When will they be removed? How long will it 
take?
    Ms. Caproni. Again, I am anticipating that that special 
inspection will take a couple of weeks at least, but probably--
I just actually don't want to speculate.
    Ms. Waters. Didn't you have a court order relative to your 
contracts with these telephone companies?
    Ms. Caproni. No, ma'am.
    Ms. Waters. Was there a court decision relative to the 
manner in which information was obtained?
    Ms. Caproni. The information was obtained from the carriers 
pursuant to--it was supposed to be obtained pursuant to the 
laws of ACBA.
    Ms. Waters. But they were not.
    Ms. Caproni. Again, as Mr. Fine has indicated, there were 
these exigent letters that were used. What we are trying very 
hard to do is to unravel and to make sure that we do not have 
the records of anyone as to which there was not--it wasn't 
relevant to an authorized investigation.
    Ms. Waters. How long have you been trying to do this?
    Ms. Caproni. We began the process with them last fall and 
we are--we within OGC are to the point that if they cannot 
demonstrate to our satisfaction very quickly, then any of those 
records have to be removed from the database and destroyed.
    Ms. Waters. Certificate letters, are you still issuing 
certificate letters?
    Ms. Caproni. No.
    Ms. Waters. When did you stop?
    Ms. Caproni. Shortly after OGC learned about them, that 
process was stopped. We entered into discussions with the Fed 
over whether--Federal Reserve Bank in terms of whether or not 
it required a National Security Letter. There was some back and 
forth between lawyers, that the decision was made that they 
would prefer a National Security Letter, so----
    Ms. Waters. So you collected information using these 
certificate letters. Has that information been destroyed?
    Ms. Caproni. No.
    Ms. Waters. When are you going to do it?
    Ms. Caproni. I don't believe we are going to do it.
    Ms. Waters. Why are you going to keep information that was 
improperly collected on financial records of innocent people? 
Why would you keep it?
    Ms. Caproni. One, they are not innocent people; and two, it 
wasn't improperly collected. The Federal Reserve Bank is not 
directly covered by the right to financial privacy. They can 
ask for a National Security Letter, which they now have done, 
and because----
    Ms. Waters. Why did you stop using certificate letters if 
they were legal and proper?
    Ms. Caproni. Because we thought the better process was a 
National Security Letter, and the Fed asked us to provide 
National Security Letters.
    Ms. Waters. How have you determined whether or not the 
information you collected was on individuals who were 
suspicious, guilty, had committed a crime? How do you determine 
whether or not these people are innocent and the information 
should be destroyed?
    Mr. Conyers. The gentlelady's time has expired. Please 
answer the question.
    Ms. Caproni. Certainly. The issue is whether the 
information is relevant to an investigation. There are times 
when we gather information that is relevant to an investigation 
but it turns out that the person was not engaged, for example, 
in terrorist financing. We don't then destroy the information, 
though the investigation is closed. So it is much like any 
other information that is gathered during the course of an 
investigation.
    The issue of whether that policy will continue is a matter 
that is under discussion by a group that is being chaired by 
the DNI in terms of whether we should or we should not continue 
to retain information that is gathered via National Security 
Letters after the investigation is closed.
    Mr. Conyers. The gentleman from Virginia, Mr. J. Randy 
Forbes.
    Mr. Forbes. Thank you, Mr. Chairman.
    Mr. Chairman, I hope I can emulate your very calm manner of 
handling this Committee; and I just want to tell the witnesses 
what I said at the beginning--I want to thank you both for 
being here. We know you have a tough job, and we appreciate you 
coming in here and answering our questions today.
    I have listened to the Committee as we have gone through 
this process, and we have had testimony from the Washington 
Post, we have had testimony from members of the audience, 
testimony from Members of this Committee. You are the only 
witnesses we have here.
    I think that you get the message, both of you, you had it 
when you came in here, that no one on this Committee condones 
any of these lapses or feels that it is not urgent that they be 
corrected and corrected as quickly as possible. We are also 
grateful that this Committee requested this audit. Because, Mr. 
Fine, through your good work, we were able to find out what 
these problems were so that we can correct them.
    The other thing, Ms. Caproni, you have been asked to take a 
lot of messages back to the FBI, all of which are good and 
valid messages. But another one I want to ask you to take back 
today is that, although the FBI messed up in handling the NSLs, 
I want you to take a message back to those agents in the field, 
who I know are working around the clock; they are away from 
their families a lot of the time, and thank them for not 
messing up on what Mr. Fine said was one of their key missions 
and that was to detect and deter terrorism and espionage in 
this country. Because if you had messed up on that one, we 
would have a lot more people in this room and a much harsher 
hearing than we are having today.
    The other question I would like to ask either of you to 
respond to: Do either of you have any evidence today that 
anyone in a supervisory position gave instructions, either 
expressly or impliedly, to any person under his or her 
supervision to misuse the NSLs?
    Ms. Caproni. Not to my knowledge.
    Mr. Forbes. Mr. Fine.
    Mr. Fine. We did not find that evidence. We did not find 
that there was an intent by people who knew they were misusing 
it to misuse it. So, no.
    On the other hand, we did not do a thorough review of what 
people up and down the line knew and did, so we reported what 
we found.
    Mr. Forbes. That is being conducted, as I understand it, 
now, is that correct?
    Ms. Caproni. Correct.
    Mr. Forbes. And if you find that information you will 
present that back to the Committee, correct?
    Ms. Caproni. Absolutely.
    Mr. Forbes. The second question for either of you: Is there 
any evidence that any member of the FBI or the Justice 
Department provided any information either orally or in writing 
to this Committee or to Congress which they knew to be 
inaccurate or false?
    Ms. Caproni. Not to my knowledge.
    Mr. Forbes. Mr. Fine, you don't have any?
    Mr. Fine. I don't have that information, no.
    Mr. Forbes. Just the balance that we have talked about, we 
know the harm that comes from violation of privacy interests of 
our citizens, that is huge. But I wish you would go back--and, 
again, just take a minute--and talk about what Mr. Fine has put 
in here about--says: These tools are indispensable to the FBI's 
mission to detect and deter terrorism and espionage.
    We know there has been a lot on your plate since 9/11 and 
you have had to do that. Can you tell us, with as much 
specificity as you can, exactly how these NSL letters have 
helped to do and accomplish that mission?
    Ms. Caproni. Again, National Security Letters provide the 
basic building blocks of an investigation. Starting with phone 
records, phone records are critical to the counterterrorism 
agents to figuring out who was connected to whom; and that 
permits us to trace foreign terror acts that have occurred, 
obviously, since 9/11 and trace them in to individuals who are 
in the United States and to determine whether those individuals 
are up to no good or, in fact, it is just an innocent 
connection. But for National Security Letters, I don't know how 
we would do that.
    They have also been absolutely indispensable in the area of 
terrorist financing. We have done a tremendous amount of work 
getting bank records on individuals we believe are funneling 
money to foreign terrorist organizations overseas. Again, 
without National Security Letters, could we go through a FISA 
order? We probably could, but we certainly couldn't do that 
very efficiently. So a National Security Letter is an efficient 
way for us to get the basic building blocks of an 
investigation.
    Mr. Forbes. Have they stopped any terrorist attacks that 
you know of that could have possibly happened in the United 
States? You may not have that information.
    Ms. Caproni. I am sorry, I don't.
    Mr. Forbes. Thank you both.
    Mr. Chairman, I yield back the balance of my time.
    Mr. Conyers. I thank the gentleman.
    The Chair recognizes Stephen Cohen, the gentleman from 
Memphis, Tennessee.
    Mr. Cohen. Thank you, Mr. Chairman. Stephen, yes. You can 
call me Stephen.
    Mr. Conyers. Stephen.
    Mr. Cohen. Thank you, sir.
    Mr. Fine, did you do any study of the people whose records 
were looked at illegally for any similarity in demographics?
    Mr. Fine. No. We looked at whether they were U.S. persons 
or non-U.S. persons, but within those persons we did not look 
at the demographics of those individuals.
    Mr. Cohen. Ms. Caproni said they were all with 
investigations that were ongoing. Did you find that to be true, 
also?
    Mr. Fine. We could not verify that they were all connected 
to an ongoing investigation. I know the FBI is trying to do 
that now. But as part of our audit we could not do that, all 
that.
    Mr. Cohen. Do you think it might be a good idea to look at 
those people to see if there are any demographic consistencies, 
if there is a group of the American public that might be looked 
at in a closer manner than others and that might----
    Mr. Fine. It is possible. That would be quite an 
undertaking, and one has to realize a lot are not on 
individuals but are on telephone numbers. There are certainly 
consumer credit reports and other things that do relate to 
individuals. So that kind of review is possible but incredibly 
intensive and requires additional resources while we are trying 
to comply with this Committee's and the Congress's directive to 
do a review of the use of them in 2006 according to the 
guidelines that were set out here.
    Mr. Cohen. Thank you.
    Ms. Caproni, you said that these were all tied to 
investigations, is that correct?
    Ms. Caproni. I said I believe that they are all tied to 
investigations, and that is what we are trying to work through 
with that unit now.
    Mr. Cohen. If you find that they are not tied to 
investigations, could you make a report to this Committee of 
who those individuals were and why they were--their records 
were sought when they weren't tied to investigations?
    Ms. Caproni. Yes, we will provide this Committee with what 
we find through the course of that special inspection.
    If I could just say, though, so there is no 
misunderstanding, the unit at issue typically gets simply a 
telephone number. So they don't know--that is part of with what 
they are charged of finding out, is who belongs to this 
telephone number, what are the toll billings, records for this 
number. So the name of the person associated with the phone 
number is typically not part of what CAU does.
    And for the exigent letters, to my knowledge--again, the 
special inspection will reveal much more in terms of the ins 
and outs of what they were doing--they were working off of 
telephone numbers and not off of names.
    Mr. Cohen. In the report, it says that some of these 
violations demonstrated FBI agents' confusion and unfamiliarity 
with the constraints on National Security Letter authorities. 
Other violations demonstrated inadequate supervision over the 
usage of these authorities.
    This is from Mr. Fine's statement.
    Ms. Caproni, do you think that these are maybe indices of a 
systemic problem with the FBI, where the agents have confusion 
and unfamiliarity with other policies and other laws? And, if 
so, are you doing something about it?
    Ms. Caproni. Congressman, that is exactly what I am 
concerned about.
    In the discussions that we have had--and I can tell you 
that we have had a lot of soul searching at the FBI since then. 
We got an F report card, and we are just not used to that. So 
we have had a lot of discussions about this.
    One concern is, are we--most of the agents grew up--the 
agents my age at the FBI all grew up as criminal agents in a 
system which is transparent, which if they mess up during the 
course of an investigation they are going to be cross-examined, 
have a Federal district judge yelling at them. The national 
security side occurs largely without that level of 
transparency.
    Our concern is and what this report has shown us is that we 
have simply got to do a better job making sure that, although 
the actions that are taken in national security investigations 
are typically taken in secret and they don't have the 
transparency of the criminal justice system, that that imposes 
upon us a far higher obligation to make sure that we have a 
vigorous compliance system, that we have in place the training 
that is necessary, that we restrain agents, that when agents 
are working in this area we make sure they know.
    Mr. Cohen. I think that is what we need. I appreciate your 
candor.
    There is some signage in the Capitol and one is a statement 
by Brandeis, something to the effect that the greatest threats 
to liberty come from insidious men of zeal, well-meaning but 
without knowledge or understanding.
    I think that you will find that if our agents, our FBI 
agents, even though well-meaning and zealous, don't know what 
they are doing, that it is a threat to people having faith in 
the whole system. I hope you will correct that. I feel 
confident you will.
    Ms. Caproni. You are absolutely correct. We will.
    Mr. Cohen. Thank you.
    Mr. Conyers. I thank the gentleman, Steve Cohen.
    The Chair recognizes now the gentleman from Virginia, Bob 
Goodlatte.
    Mr. Goodlatte. Thank you, Mr. Chairman, and thank you for 
holding this hearing.
    Ms. Caproni and Mr. Fine, thank you for your testimony 
today. These are very serious concerns, and we appreciate your 
helping us understand how they occurred, why they occurred, and 
what is being done to correct them.
    I have several questions I would like to ask, starting with 
you, Ms. Caproni.
    In Mr. Fine's report on page 8, paragraph 3, he notes, ``In 
addition, we found that the FBI had no policy requiring the 
retention of signed copies of National Security Letters. As a 
result, they were unable to conduct a comprehensive audit.''
    Can you explain why something as important and serious as a 
National Security Letter would not have a signed copy retained 
in the records of the Bureau?
    Ms. Caproni. I can say that there were different processes 
in different field offices; but, no, I cannot. I mean, there is 
just no reason why there was not a policy that said you have to 
keep a copy of the signed copy.
    What we keep, which is typical of how our records are, is 
the carbon copy, in essence, which is typically initialed.
    But, no, in the world of Xerox machines, there is no reason 
why we had not told people to hang on to a signed copy.
    Mr. Goodlatte. Mr. Fine, did you draw any further 
conclusions from that? Do you know why they were not retained?
    Mr. Fine. They were not retained because there was not a 
clear policy that was enforced.
    Mr. Goodlatte. No ulterior motive that you know of?
    Mr. Fine. I do not believe there was an ulterior motive, 
but this was an example of an incredibly sloppy practice that 
was unacceptable.
    Mr. Goodlatte. I agree.
    Let me ask you, when did you first learn of the problem 
with the FBI's improper use of the exigent letters?
    Mr. Fine. Well, we began our audit, as required by the 
PATRIOT Reauthorization Act, around the beginning of 2006. As 
you can see from this report, there are a lot of issues, and we 
did interviews and document requests and field files.
    I think sort of the first indications where we learn about 
it were in the spring or summer of last year, where we had to 
work through those issues.
    Mr. Goodlatte. And who did you learn that from?
    Mr. Fine. We learned it from, I believe, people in the 
Office of General Counsel, the National Security Law Branch of 
the FBI, about these issues. I think they are the first people 
we learned it from, as well as from the review of documents and 
e-mails and things like that.
    Mr. Goodlatte. And what steps have you taken to ensure that 
the practice was stopped?
    Mr. Fine. The steps we have taken are to inform the FBI 
about the unacceptability of this practice, to note it, to 
report it, to let the people who are in charge of the FBI and 
the General Counsel's Office know about it, and to make a 
recommendation that it does stop.
    Mr. Goodlatte. When did you make that recommendation?
    Mr. Fine. I think we made the recommendation when our 
report was issued to the FBI in draft; and I think that was in 
either December or January of this year. It was December of 
last year or January of this year.
    Mr. Goodlatte. Ms. Caproni, has that practice been stopped?
    Ms. Caproni. Yes.
    Mr. Goodlatte. What steps have you taken to ensure that it 
does not persist in any of the offices of the FBI?
    Ms. Caproni. Well, first, we are trying to find out whether 
it did happen in any office other than the unit at 
headquarters, and we should know that answer probably by the 
end of this week or sometime next week.
    The second thing is that the practice of providing a letter 
with a promise of future legal process has been banned. And, 
again, we are also developing a vigorous compliance program to 
make sure that we do not simply make the rule, but we actually 
have in place some kind of process to make sure that the rules 
are being followed.
    Mr. Goodlatte. Current law authorizes a full credit report 
request for only counterterrorism investigations. The Inspector 
General discovered two instances in the same field office of a 
full credit report request under counterintelligence 
investigations.
    How is this being corrected?
    Ms. Caproni. This is being corrected by--the deputy 
director ordered a full audit of every counterintelligence file 
that has been opened since January 1, 2002. This authority went 
into effect in the PATRIOT Act. So, realistically, we think the 
earliest one that could have been issued would have been in 
2002.
    So they have to review every file since then in which a 
Fair Credit Reporting Act NSL was issued and find out if they 
have any full credit reports. If they do, they need to remove 
them from their files and report it as a potential IOB 
violation. Those will, in turn, be reported on to the IOB.
    Mr. Goodlatte. One last question.
    In at least one instance, a National Security Letter issued 
under the Electronic Communications Privacy Act was determined 
by the Inspector General to be seeking content.
    How was this remedied, and what steps do your field agents 
take to delineate between content and transaction information?
    Ms. Caproni. In that case, there was no need to remedy it 
because the Internet service provider refused to provide us 
with any records, so we actually did not have an 
overcollection.
    Mr. Goodlatte. Have you remedied the request? I mean, they 
should not be asking for that.
    This was a big issue when we wrote the PATRIOT Act, and it 
was the subject of a great deal of discussion with the 
Administration about making sure that we had a clear line 
between what could be requested and what could not be 
requested.
    Ms. Caproni. The statute defining electronic communications 
transaction records actually does not define the term, and 
there had traditionally been the debate that says that we will 
leave up to the ISP what is content and what is not.
    We think that is a trap for the unwary. It is bad for our 
agents in that we do better with bright lines. And so OGC will 
establish--we are in the process of making sure that we have a 
list that makes sense of what is content and what is not.
    In the abstract, that seems like a very clear line; in 
practice, it is not. There are some difficult issues because 
some of the answers revolve around how the ISP keeps their 
records.
    So we are working on it. My anticipation is that, within 
the next week or two, we will have out to the field these 
records you can seek, these records you cannot seek, and it 
will be a very bright line.
    Mr. Goodlatte. Thank you, Mr. Chairman.
    Mr. Conyers. The gentleman from Georgia, Mr. Hank Johnson.
    Mr. Johnson. Thank you, Mr. Chairman.
    In these reports that I have read, it indicates that there 
were three phone companies that the FBI, particularly the FBI 
Communications Analysis Unit, the CAU, contracted with three 
telephone companies between May of 2003 and March of 2004. Who 
were those telephone companies?
    Ms. Caproni. The telephone companies were AT&T, Verizon and 
MCI, which has now been acquired by Verizon.
    Mr. Johnson. Now, are those contracts still in force at 
this time?
    Ms. Caproni. Yes, they are.
    Mr. Johnson. And are there any other phone companies that 
are contracted with the FBI through the Communications Analysis 
Unit or any other unit of the FBI?
    Ms. Caproni. Not through the Communications Analysis Unit; 
broader than that, I do not know. We may have contract--not for 
this sort of information. We may have other contracts with 
phone companies, but not like this.
    Mr. Johnson. And nobody put a gun to these telephone 
companies' heads and made them sign the contracts, did they?
    Ms. Caproni. No.
    Mr. Johnson. They were just simply agreements with the FBI 
and with the phone company?
    Ms. Caproni. Correct. From our perspective, because these 
originated--given the volume of our requests, that this 
permitted us to get our records very quickly.
    Mr. Johnson. Well, I understand.
    Then the phone companies received compensation for engaging 
in this contract with the FBI; is that correct?
    Ms. Caproni. That is correct.
    Mr. Johnson. And this compensation, was it merely for 
expenses or was there profit involved, or you have no way of 
knowing?
    Ms. Caproni. I do not know.
    Mr. Johnson. Really, you do not really care as long as you 
get the information, correct?
    Ms. Caproni. Again, from our perspective, the goal was to 
get the information in a form that is readily usable for us so 
that we do not have--some phone companies give us paper 
records. That requires a lot of data.
    Mr. Johnson. Okay. All right. I understand.
    Earlier in your testimony, ma'am, you stated that the phone 
companies were responsible for a lot of the errors that are 
cited in the compliance with the National Security Letters.
    Ms. Caproni. We do see third-party errors, correct.
    Mr. Johnson. You saw a substantial number, and so you are 
placing upon the phone company the obligation to properly 
document whether or not there has been a follow-up with an 
exigent letter?
    Ms. Caproni. Oh, no, sir. They are two separate things. I 
do not excuse our lack of recordkeeping in connection with the 
exigent letters. They did keep the records, which was 
fortunate.
    Mr. Johnson. And it is important to note, Mr. Fine, that 
your analysis of the FBI's compliance with the PATRIOT Act 
found that there were woefully inadequate mechanisms for the 
collection of data on these National Security Letters. In other 
words, the recordkeeping by the FBI was woefully inadequate as 
far as the issuance and follow-up on these National Security 
Letters and also the exigent letters; isn't that correct?
    Mr. Fine. We did find serious and widespread misuse and 
inadequate recordkeeping, absolutely.
    Mr. Johnson. Do you have any idea, Mr. Fine, how much the 
telecommunications companies were paid for their so-called 
``contract'' with the Government?
    Mr. Fine. I do not know, no.
    Mr. Johnson. All right.
    Can you, Ms. Caproni, provide my office with that 
information, along with copies of the contracts between the CAU 
and the phone companies?
    Ms. Caproni. I have great confidence that we are going to 
get a number of questions for the record after this, and I am 
assuming that will be one of them, and we will respond 
appropriately.
    Mr. Johnson. Will it take a subpoena for us to get that 
information?
    Ms. Caproni. I do not believe so. I do not know what is in 
the contract, so I do not know if there are any sensitive 
issues.
    Mr. Johnson. Will you provide it to my office?
    Ms. Caproni. Again, we will respond to questions for the 
record as they come in.
    Mr. Johnson. All right.
    Why, if the NSLs are the FBI's bread-and-butter 
investigative technique, could the Inspector General only 
identify one terrorism prosecution out of the 143,074 people 
whose investigatory information was obtained?
    Ms. Caproni. Again, Mr. Fine can explain his methodology, 
but I think the issue and the difficulty of that question is 
that because there was no congressional--because we were not 
legally obligated to tag the data, tracing it through is 
difficult.
    Mr. Johnson. So 1 out of 143,000.
    How does that equate to being the bread-and-butter 
investigative technique for uncovering terrorism by the FBI?
    Ms. Caproni. Again, we disagree that in only one case did 
NSL data contribute to a criminal prosecution.
    Mr. Johnson. But would you say more than 10 or less than 
10?
    Ms. Caproni. I do not know. It is my belief that virtually 
every counterterrorism case that began in its normal course of 
affairs is likely to have a National Security Letter used 
sometime during it.
    Mr. Johnson. And it is also----
    Mr. Conyers. Your time has expired.
    Mr. Johnson. Thank you.
    Mr. Conyers. Mr. Johnson, any records that you request will 
come to the Committee, and then you will be advised.
    The Chair is pleased now to recognize the gentleman from 
Florida, Mr. Tom Feeney.
    Mr. Feeney. Thank you very much, Mr. Chairman.
    Earlier, Mr. Smith alluded to your illustrious basketball 
career. I went to the same high school as Mr. Fine. He 
graduated a few years before me, and I wish I had had a jump 
shot like Mr. Fine did, but not nearly so much as I wish I 
would have been able to hit a fast ball like Mr. Reggie 
Jackson, who graduated a few years before Mr. Fine did.
    But we thank you for your work. By the way, none of us is 
the most famous graduate because Benjamin Netanyahu, the former 
Prime Minister of Israel, is. I had to get that plug in.
    We are very grateful for your work here, because a lot of 
us are supporters of the PATRIOT Act, but only with some 
serious restrictions. And I guess the first question I want to 
ask you--and I want to remind people that it was the 
reauthorization of the PATRIOT Act that actually required the 
report that you have just completed; is that right?
    Mr. Fine. Yes.
    Mr. Feeney. And I hope that not just your report but the 
tenor of the questions from supporters of the PATRIOT Act, as 
well as the critics, is being listened to very carefully in the 
Justice Department and in the FBI.
    We have got to get this balance correct; and nothing could 
be more critical because some of the most unthoughtful critics 
of the PATRIOT Act candidly will be the first ones--when there 
is another 9/11 and when we do not get the information 
accurately ahead of time to stop, maybe not 3,000 or 4,000 
people, but 300,000 or 400,000 people, they will be the first 
ones jumping on the Administration, the Justice Department and 
the FBI for not doing its job.
    But those of us trying to strike a thoughtful balance 
between civil liberties and the need to protect America from 
this new threat are very, very concerned about what we have 
heard, and if the FBI does not take this to heart, we will 
correct the problem.
    I do not think anybody could have said it better than Jim 
Sensenbrenner, who, again, is a supporter of the PATRIOT Act, 
who said that the overreaching that is apparent here within the 
FBI is going to erode support, if it has not already, for very 
important national security initiatives. And I would hope that 
everybody down at Justice is listening because these are the 
supporters, people like Lungren, Feeney and Sensenbrenner, who 
are telling you this is not right, that it cannot continue.
    Mr. Fine, do you have an opinion as to whether or not the 
serious problems that you have discovered in initial compliance 
with the PATRIOT Act are largely because of ambiguities or 
poorly structured legislation? Is it statutory language that is 
the problem, largely, here; or is it abuses within the FBI and 
compliance?
    Mr. Fine. I do not think it was the statutory language that 
was ambiguous. I think it was the execution of the policy by 
the FBI that was woefully inadequate.
    Mr. Feeney. Just to follow up, can you identify or do your 
report and investigation lead you to conclude that there are 
any important statutory improvements we can make?
    I realize it is not your typical arena to give us advice, 
but are there any specific pieces of advice that you would give 
the Congress in terms of oversight or statutory reforms here?
    Mr. Fine. Well, you are correct, it is not my arena to do 
that. What I try to do is present the facts to this Committee 
and to Congress and let the facts lead this Committee and 
Congress to do what they believe is appropriate.
    There is one section of the report that does talk about an 
ambiguity in the meaning of toll billing records. I think there 
ought to be something done about that, because that was a 
concern of what that meant, and it should be clarified.
    I do think----
    Mr. Feeney. Could the AG do that, by opinion?
    Mr. Fine. I do not think so. It has to be done by Congress.
    I do think that the Committee does need to strike a balance 
and to sort of balance the need for protections and controls 
over civil liberties with the need for tools to prevent and 
detect and deter terrorism. And that is the difficulty in this 
task, and that is the real concern that we have about how the 
FBI implemented this.
    Mr. Feeney. You said you sampled 77 case files, the report 
indicates. How many case files are there all together, roughly?
    Mr. Fine. That I could not tell you.
    Mr. Feeney. Do you believe that the 8,850 failed reportings 
are systemic and that, if you would extrapolate, we would 
probably see that elsewhere?
    Mr. Fine. I do believe that the files we looked at were a 
fair sample and that there is no reason to believe that it was 
skewed or disproportionate. We did not cherry-pick them.
    Mr. Feeney. Do you have any reason to believe that there 
were more abuses in the 8,850 requests that were not properly 
reported? Is it any more likely for there to be abuses of civil 
liberties or of the law or of the AG's rules than the requests 
that were properly recorded?
    Mr. Fine. Well, we do not know how many requests were not 
recorded in the FBI's database. There were problems with the 
database structurally so that things were not in there. There 
were delays in entering in the database, so Congress did not 
get the information, and when we looked at the files, there 
were NSLs that were in the files that did not go into the 
database.
    Approximately--I think it was 17 percent of the ones we 
found were not in the database. Now, that is a significant 
number; and now--I know the FBI is trying to find them in the 
database as we speak, but we have no confidence in the accuracy 
of that database.
    Mr. Feeney. Finally, if I could, Mr. Chairman.
    Ms. Caproni, you alluded to the culture of the FBI, which 
traditionally, I find, is a crime-fighting institution. Some 
people have called for an N15 type of intelligence agency with 
a different culture, and it might be interesting that you take 
back the interest that some of us in Congress have, that if the 
FBI cannot change its culture or have a separate culture for 
intelligence than it has had traditionally, we very much need a 
different type of institution to get intelligence right, to 
protect this country on a day-to-day basis.
    Ms. Caproni. Again, I believe that we can do this. We are 
going to do this. We can get this right. We are going to get it 
right.
    Mr. Feeney. Mr. Chairman, I yield back the balance of my 
time.
    Mr. Conyers. Thank you. There was not any left.
    Mr. Feeney. That is why I did it.
    Mr. Conyers. I see.
    Okay, we are now going to recognize the gentleman from 
California, Mr. Adam Schiff.
    Mr. Schiff. Thank you, Mr. Chairman.
    Inspector General Fine, you have said that you did not find 
that any of the violations were deliberate or intentional, and 
yet, you also report the issuance of blanket NSLs, which, to 
me, appear to be an effort to cover up what was recognized to 
be a flawed issuance of these exigent letters.
    Given that NSL letters are supposed to be case-specific, 
the NSLs were a blanket violation of the law, weren't they? How 
can they be described as unintentional or anything but 
deliberate?
    Mr. Fine. I think what you are referring to, Congressman 
Schiff, is the issuance of what we have heard about of blanket 
NSLs in 2006. We have not reviewed 2006 yet. We reviewed 2003 
to 2005. We have heard about this. It is past the review 
period, and we are concerned about it, and we will look at 
that.
    Mr. Schiff. Well, Ms. Caproni, in your briefing on the Hill 
last week, you acknowledged that when agents realized that they 
had been issuing these letters, these exigent letters, saying 
that subpoenas were forthcoming when they were never 
forthcoming, that blanket NSLs were issued as a way of 
basically trying to clear up or cover up or, in other words, 
make up for the failure to use correct processes in the past.
    Assuming those are the facts, Inspector, doesn't that show 
a level of deliberateness and intention that far exceeds what 
you have described in your report?
    Mr. Fine. It certainly shows us concern of what were they 
thinking. They clearly were not following the procedures. They 
clearly were not providing NSLs in advance or even, quite 
reasonably, soon thereafter; and it did give us concern.
    And there were a lot of people who did this. It was done as 
a sort of routine practice which is, in our view, completely 
unacceptable. But I think it is important for the FBI to look 
at this and to interview these people and find out what 
happened up and down the line. And we will be looking at it, as 
well, in 2006.
    Mr. Schiff. Well, even as to the false statements 
themselves, in these exigent letters that said that subpoenas 
were forthcoming when they were not, let me ask you, Ms. 
Caproni, if a local cop in the city of Burbank in my district 
wrote letters to the phone company, or went out and served 
letters on the phone company, saying that Federal grand jury 
subpoenas would be forthcoming, because that local cop wanted 
to get information that maybe he could not get another way, or 
could not get as quickly another way, and you learned about 
this practice, that cop would be under Federal investigation, 
wouldn't he?
    Ms. Caproni. Congressman, I really do not know that. I do 
not think you have given me enough facts to say whether that 
would or would not be the case.
    Mr. Schiff. Well, a local police officer acting under the 
color of Federal law, demanding records, claiming a Federal 
process that is nonexistent, that would not be an issue for a 
Federal investigation?
    Ms. Caproni. It would certainly be troubling, much as the 
practices that were taking place in the CAU unit are troubling.
    Mr. Schiff. Well, you know, having worked in the Corruption 
Section of the U.S. Attorney's Office in L.A., I can tell you 
it would be more than troubling. You would have FBI agents 
assigned to investigate that local cop.
    It does not seem to me to be any different to have FBI 
agents giving telecommunications providers letters saying that 
subpoenas are forthcoming when they are not.
    When did your office discover that these old New York form 
letters were being used to get information?
    Ms. Caproni. Sometime in 2006.
    Mr. Schiff. You know, there is a report in The Washington 
Post that indicates the head of the Communications Analysis 
Unit, the same unit that drafted most of these letters, warned 
superiors about the problems in early 2005.
    Do you know anything about that?
    Ms. Caproni. I know what I have read in the paper, and I 
know that the Inspection Division is going to do a full 
inspection of this to see what exactly the unit chief said.
    Mr. Schiff. Well, I am asking you to go beyond what you 
have read in the paper, and we all know what the IG is going to 
do.
    When did you first learn about the fact that the head of 
the unit that was drafting these letters had warned superiors--
do you know who those superiors are?
    Ms. Caproni. I do not know who he says he warned.
    Mr. Schiff. Were you warned by him?
    Ms. Caproni. No.
    Mr. Schiff. Do you know if anybody in your office was 
warned by him?
    Ms. Caproni. I am not sure that I even necessarily agree 
that there was a warning. I know that there were--and I knew 
generally that there were what I understood to be bureaucratic 
issues within that unit. That did not include----
    Mr. Schiff. You keep on describing these bureaucratic 
issues. I find an interesting kind of mix of an acceptance of 
responsibility in your statement and a denial of 
responsibility. You seem to accept responsibility for mistakes 
others have made, but acknowledge very little responsibility on 
behalf of the office you run.
    It is primarily your office that is intended to advise the 
agents about how to comply with the law, particularly in an 
area where the courts are not scrutinizing it, as you pointed 
out, in a process that lacks transparency.
    Isn't that fundamentally the job of your office?
    Ms. Caproni. That is fundamentally the job of my office.
    Mr. Conyers. The time of the gentleman has expired.
    The Chair recognizes Louie Gohmert of Texas.
    Mr. Gohmert. Thank you, Mr. Chairman. I appreciate that.
    I am very pleased that when we renewed the PATRIOT Act, we 
did insert the provision that would require this Inspector 
General report so that we could find out this information that 
is so very important.
    In your report, your indications, Mr. Fine, were that the 
FBI did not provide adequate guidance, adequate controls, or 
adequate training on the use of these sensitive authorities; 
and that oversight was inconsistent and insufficient.
    Ms. Caproni, as I understood Director Mueller to say last 
week, he took responsibility for the lack of training and 
experience, and that troubled me a great deal. You had 
indicated earlier that people of, I guess, our generation and 
especially those in the FBI had grown up with accountability, 
knowing they could be cross-examined. And yet, it seems that 
the overzealousness that Mr. Cohen spoke of often is found in 
maybe new agents who do not have the time on the ground, the 
experience.
    Wouldn't you agree that is sometimes found in newer agents 
who lack the training and experience?
    Ms. Caproni. I do not know in this case if this is an issue 
of young agents versus old agents. I just do not know the 
answer to that.
    Mr. Gohmert. Well, are you familiar with the new personnel 
policy that this Director instituted in the FBI that is 
affectionately, or unaffectionately, called the ``up or out 
policy''?
    Ms. Caproni. Yes, sir, I am.
    Mr. Gohmert. You know, I appreciate the Director last week 
saying that we welcome more oversight; I appreciate your 
openness in that regard. But just in my couple years of being 
in Congress, it seems to me that the FBI, at the very top at 
least, was not interested in oversight and was set on 
intimidating anybody who really wanted to pursue that.
    I know we have one Member of Congress, a former FBI agent, 
who had indicated to me that--because many of us who are very 
familiar with many FBI agents, we have been hearing that this 
policy was causing the FBI to lose some of their best 
supervisors.
    The policy is basically--as I understand it, once you have 
been a supervisor for 5 years, then you either have to move up 
to Washington or move out, that you cannot be a supervisor; and 
that we have lost many of our best supervisors, and we just put 
new, inexperienced people in supervisory capacities. And this 
was something that Mike Rogers, a former FBI agent and a Member 
of Congress, wanted to talk to someone about; and when he 
finally was able to get somebody to agree, in a supervisory 
position, he goes back to his office and his whole office staff 
is out in the hall because the FBI has come over and done a 
sweep of his office that was really unnecessary, and it seemed 
to be more about intimidation.
    One of the most outspoken critics of the FBI in the last 
couple of years has been Curt Weldon, and we know that, back in 
September-October, the FBI announced, well, gee, he is under 
investigation just at a perfect time to get him defeated. And 
so it seems, when we find out that there are all of these 
143,000 letters that were inappropriately requested and that, 
gee, somebody asked tough questions of the FBI personnel and 
they may very well be the 143,000 and first letter in the next 
batch inquiring about their own records, that there has not 
been this desire for oversight, but there has been quite some 
intimidation.
    So I am curious, has there been any revisiting of this up-
or-out policy to get rid of the best trained and experienced 
supervisors since this lack of training and experience and 
inadequate guidance and controls have come to light?
    Ms. Caproni. Congressman, the period of time covered by Mr. 
Fine was at a period of time when those supervisors would have 
still been in place. What we have seen, actually, is that the 
5-year up-or-out has encouraged people to bid for and seek 
promotion to higher positions, which has been a net positive.
    Now, I know that you have an interest in this, and I know 
that there were agents who were not happy about the policy. The 
Director feels very strongly that it is an appropriate policy, 
that it does move good supervisors up in management so that 
they have a greater span of control, so that we can further 
benefit from the skill sets that they have from their tenure at 
the Bureau.
    Mr. Gohmert. So the answer is, no, you are not revisiting 
the policy? Is that your answer?
    Ms. Caproni. That is correct.
    Mr. Gohmert. Okay. I just wanted to weed through and get to 
the answer. Thank you.
    Now, with regard to these letters, it is deeply troubling 
because we have been hearing about how important they were in 
order to get this information. But you know--I mean, we had 
assurances from everybody from the AG on down that there was 
adequate oversight, that there was adequate training.
    What suggestions--since you are not changing any personnel 
policies, what actual structural policies within the FBI are 
going to change to make sure that there would be adequate 
oversight just in case the NSLs were allowed in the future?
    Ms. Caproni. Again, we are going to do substantially more 
training. Agents are now being placed into career paths, and 
they are going to be required, after their time at Quantico, to 
return to Quantico for sort of a postgraduate period. That will 
have extensive training for those agents who are on the 
national security career track.
    We are also implementing an auditing practice that will 
include Department of Justice lawyers, inspectors from the FBI, 
and FBI lawyers to go out and methodically audit the use of the 
National Security Letters.
    More generally, we are going to create a compliance program 
within the Bureau that will be interdisciplinary, and it will 
make sure that--not just with National Security Letters. I 
mean, this is one tool, and it is a tool that, as indicated in 
this report, we need better controls on. Our concern is that 
there may be other things that we need to make sure that we 
have gotten better controls on, that we think we have given 
perfectly clear guidance on, but in terms of execution in the 
field, we have got some problems.
    So, again, I cannot say enough that we take this report 
extremely seriously. We know we have got issues. We know we 
have got problems. The Director and upper management are 
absolutely committed that we are going to fix this.
    Mr. Conyers. Your time has expired.
    Mr. Gohmert. Thank you, Mr. Chairman.
    Mr. Conyers. Mr. Artur Davis from Alabama is recognized.
    Mr. Davis. Thank you, Mr. Chairman.
    Ms. Caproni, give me your best legal assessment. Would the 
exclusionary rule apply to any evidence obtained from the 
improper issuance of these letters?
    Ms. Caproni. Probably not, but I have not, quite frankly, 
given that a great deal of thought. It is not a fourth 
amendment violation. The exclusionary rule clicks in when you 
have got a fourth amendment violation. These records are being 
held by third-party businesses, so it is not a fourth amendment 
problem.
    Mr. Davis. Well, would there not be fourth amendment 
implications if information were obtained as a result of the 
improper use of Federal statutory authority?
    Ms. Caproni. There would be other problems, but I do not 
think there is a fourth amendment problem.
    Mr. Davis. Well, do you think that there would be a 
practical problem?
    A classic hypothetical: If a National Security Letter were 
improperly issued, and it turned out later on there was perhaps 
a valid basis for the issuance of a warrant, wouldn't that 
possibly be compromised or wouldn't the emergence of a valid 
basis later on be compromised by the misuse of an NSL?
    Ms. Caproni. Again, I am always leery of responding to 
hypotheticals. All I can say is, there is no--we are not 
minimizing this. We do not want any improper use----
    Mr. Davis. So you are not sure. Let me follow up on Mr. 
Schiff's questions.
    Are you familiar with the name Bassem Youssef?
    Ms. Caproni. Yes, sir, I am.
    Mr. Davis. Mr. Youssef, as I understand it, was in charge 
of the Communications Analysis Unit at the Bureau; isn't that 
right?
    Ms. Caproni. He was, beginning in the spring of 2005.
    Mr. Davis. Is it accurate that Mr. Youssef raised concerns 
about the misuse of the NSLs to his superiors?
    Ms. Caproni. That will have to be determined through the 
inspection. I do not know the answer to that question.
    Mr. Davis. Well, you know that that has been reported, and 
I assume, Mr. Fine, neither you nor Ms. Caproni has any basis 
to dispute what Mr. Youssef's lawyers are saying about his 
making that report.
    Ms. Caproni. I would note that Mr. Youssef is in litigation 
with the FBI.
    Mr. Davis. That is not what I asked you. I asked you if you 
had any basis to dispute this report.
    Ms. Caproni. I do not know one way or the other.
    Mr. Davis. Mr. Fine, do you have a basis to dispute that 
there were complaints raised by the former head of the 
Communications Analysis Unit?
    Mr. Fine. We did not review what he did, what he----
    Mr. Davis. Mr. Fine, how is it possible that you did not 
review the fact that the former head of the unit raised 
questions about the misuse of the NSLs? How is it remotely 
possible that was not reviewed?
    Mr. Fine. We reviewed what happened in that unit and what 
was issued; and we did review the discussions that occurred 
between the Office of General Counsel, and that included----
    Mr. Davis. Mr. Fine, the head of the unit--not a secretary, 
not an intern, not a line officer--but the head of the unit 
raised concerns. How is it possible that you did not conduct an 
interview of Mr. Youssef?
    Mr. Fine. We did interview Mr. Youssef, and we did not hear 
that concern from him. And, in fact, from the interview of Mr. 
Youssef and also from the review of the records, we saw that he 
had signed a letter. And many letters were signed----
    Mr. Davis. Are you disputing that Mr. Youssef complained 
about the improper issuance of NSLs?
    Mr. Fine. To his superiors?
    Mr. Davis. Yes.
    Mr. Fine. I do not know that. I do know----
    Mr. Davis. Did you ask him?
    Mr. Fine. I do not believe we--I am not sure whether we 
asked that question, but----
    Mr. Davis. Mr. Fine, how do you possibly not ask the head 
of the unit if he had any concerns about whether or not the 
statute was followed? How does that possibly not come up as a 
question?
    Mr. Fine. We did ask him, and we questioned him 
extensively, our attorneys did, about the communications 
between the Office of General Counsel, which was that----
    Mr. Davis. Well, did he say that he raised questions?
    Mr. Fine. Not that I am told, no.
    Mr. Davis. Not that you remember or not that you were told? 
Which one?
    Mr. Fine. Well, I actually did not do the interview, but 
let me just check.
    [Brief pause.]
    Mr. Davis. While you are working on the answer to that, Mr. 
Fine, the rather obvious observation is that I hope that your 
time to get the answer is not taken out of my time.
    If you have the head of the Communications Analysis Unit 
raising questions about how that unit does its work, it is a 
little bit amazing to me that you are having to search your 
memory as to what happened during the interview.
    But let me move on.
    Mr. Fine. Well----
    Mr. Davis. Is it true--well, my time is limited, Mr. Fine.
    Is it true that Mr. Youssef won the Director of Central 
Intelligence Award in 1995 for his work infiltrating the group 
that tried to blow up the Trade Center in 1993?
    Mr. Fine. I have heard that.
    Mr. Davis. Do you have any reason to dispute it?
    Mr. Fine. No.
    Mr. Davis. Is it true that Mr. Youssef was the legal 
attache to Saudi Arabia during the time that the Khobar Towers 
bombing was being investigated?
    Mr. Fine. I have no reason to dispute that.
    Mr. Davis. Is it true that Mr. Youssef received outstanding 
personnel evaluations during that time?
    Mr. Fine. I have no reason to dispute that.
    Mr. Davis. So you have someone who was the head of a unit, 
who had won awards for his intelligence work, who apparently 
received superior evaluations, raising concerns about how his 
unit was being conducted; is that accurate?
    Mr. Fine. I am not sure it is accurate. I am not----
    Mr. Davis. What is inaccurate about it?
    Mr. Fine. What is inaccurate is that it is not clear what 
concerns he raised and what he did to stop this. And we did 
look----
    Mr. Davis. Again, Mr. Fine--I know my time is up. If the 
Chairman would indulge me for one question.
    I guess I am searching for what is opaque about this. This 
gentleman was in a very important position; he was in charge of 
the unit. You admit that you interviewed him, but your memory 
seems foggy as to what you asked him, and your memory seems 
foggy as to whether or not he raised concerns to his superiors 
and what the concerns were.
    I cannot imagine a more important interview that you could 
have conducted.
    Mr. Fine. We did conduct that interview, and we went over 
extensively what the concerns were between him and the General 
Counsel's Office and the attempts to put the exigent letters--
--
    Mr. Davis. Who did he raise these concerns with?
    Mr. Conyers. The gentleman's time has just about expired. 
What I would like to do is to give the Inspector General an 
opportunity to fully finish his answer.
    Mr. Fine. We did interview Mr. Youssef, Congressman, and we 
did not find that, as a result of his actions, the problems 
were corrected. We did find, through review of the NSLs, that 
he signed one, that under his leadership these exigent letters 
continued; and we saw the efforts between the Office of General 
Counsel and the CAU to correct this, which did not occur, and 
we did not see that he put a stop to this.
    However, we did not do----
    Mr. Davis. Was he of the power to put a stop to it?
    Mr. Fine. He was the head of the unit.
    Mr. Conyers. Just a moment. If my colleague will suspend, I 
want him to be able to complete his answer before we go on to 
the next Member.
    Mr. Fine. We did not see that this practice was stopped 
during his time. There was an attempt to sort of provide NSLs 
reasonably soon after the exigent letters, but the exigent 
letters continued.
    And it is important to determine who did what, when and 
how; and the FBI is going to do that, and we are going to look 
at that very carefully, as well. But our review was not to look 
at everybody's actions up and down the line, including his or 
others' to determine what steps each one of them took.
    What we tried to do is present the problem and the issue 
and make sure that it stopped as a result of it.
    Mr. Conyers. The gentleman's time has expired.
    The Chair recognizes Darrell Issa, the gentleman from 
California.
    Mr. Issa. Thank you, Mr. Chairman.
    I guess I will start off slowly and just follow up on Mr. 
Gohmert for a second. It does seem amazing that an organization 
of excellence, as the FBI has historically been, would adopt a 
``We have got to get you to the Peter Principle achievement 
level with this up-or-out policy,'' and I would strongly second 
Mr. Gohmert, what I think he was saying, which is, if you have 
people who can be very good at what they do at the beat levels, 
so to speak, of the FBI in various positions--if they can, in 
fact, be superb leaders at a level that they are comfortable 
and, quite frankly, in a community that they are comfortable 
living and working in and building more capability, rapport and 
analysis capability and you adopt an up-or-out program--what 
you do is, you force them either to leave because they do not 
want to leave communities they are attached to or, quite 
frankly, you force them to a management level they may not be 
comfortable with.
    It is bad enough that the Army will not allow a great 
company commander to continue being a company commander and 
must force them to a staff position somewhere where they 
endlessly see papers in the hopes that they someday will get a 
battalion command, but there is a certain amount of history 
there.
    I strongly suggest that the FBI should not have a history 
that people doing a good job at a given level be forced on. 
Having said that, that is a management decision that the next 
Administration hopefully will straighten out.
    Speaking of management decisions, General Fine, I am a 
little shocked that under this Attorney General, this 
Administration seems to look at violations of constitutional 
rights for limited capabilities that we have granted from this 
body, as the general counsel said, ``troubling.''
    If what the FBI did was done by a private sector 
individual, wouldn't the FBI be arresting them? Wouldn't the 
U.S. attorneys be prosecuting people who played fast and loose 
with these rules?
    Mr. Fine. It depends on the intent involved and what 
happened.
    Mr. Issa. Okay. Let me back up.
    If there were a pattern over time, as there is, of abuses 
piling up to where it was clear that people knew it was 
happening--even some people clearly made comments that it 
should not be happening, that it was inconsistent with the law, 
but it continued--isn't that a poster child for the FBI and for 
the U.S. Attorney's Office to criminally prosecute people who 
do these things?
    Mr. Fine. Again, if there were an intent to do that as 
opposed to a pattern of negligence, and also a knowledge of 
this, and we went in and looked at it after the fact and found 
all sorts of problems and compiled a 126-page report which lays 
it out in black and white, and it is, you know, a serious, 
serious abuse.
    But at the time, were they aware of it? Did they know about 
that and what their intent was? That is much harder to say. We 
did not find evidence of criminal misconduct, but we certainly 
found evidence----
    Mr. Issa. Wait a second. Wait a second.
    Piling up evidence that crosses the guidance we allow to 
pile up that evidence, and you are saying that it is not 
criminal?
    Mr. Fine. Well, you have to look at the individual 
allegations as well. We looked at the files. We found in 
several files, in many files, that there were no abuses. We 
found in others that there were problems with them.
    Mr. Issa. But there are no prosecutions and no dismissals; 
is that correct?
    Mr. Fine. Well, there are no prosecutions. The FBI is 
looking at the evidence right now to see what people knew and 
what they did not, whether it was because of any intentional 
conduct that they knew they were doing wrong.
    We did not see that, but we did not do a review where we 
asked each individual, ``What did you do and why?'' we did a 
review of--an audit of this to lay out the problems for the 
Congress.
    Mr. Issa. Well, I would suspect that I join the Chairman 
and many Members on both sides of the aisle in saying, I have 
serious doubts about whether or not the Congress can continue 
to extend capabilities that are not 100 percent adhered to and 
there are no significant results when they are not adhered to, 
and then not feel that what we are doing is giving the FBI the 
ability to violate people's constitutional rights.
    You know, I heard today, well, geez, we would not exclude 
this--and Congressman Schiff brought it out--we will not 
exclude this information even though we played fast and loose; 
and we will not dismiss and we will not prosecute.
    Well, with all due respect, from the Attorney General on 
down, you should be ashamed of yourselves. We gave--we 
stretched what we could give in the PATRIOT Act. We stretched 
to try to give you the tools necessary to make America safe, 
and it is very, very clear that you have abused that trust, and 
when the reauthorization of the PATRIOT Act comes up or any 
bill coming down the pike, if you lose some of these tools, 
America may be less safe, but the Constitution will be more 
secure, and it will be because of your failure to deal with 
this in a serious fashion.
    I yield back.
    Mr. Conyers. Thank you very much.
    The Chair recognizes Keith Ellison, the gentleman from 
Minnesota.
    Mr. Ellison. Thank you, Mr. Chair.
    Mr. Fine, I want to talk to you about your report 
recommendations starting with the exigent letters.
    Wouldn't it be better simply to adopt the FBI's practice, 
current practice, of simply banning the use of exigent letters? 
I notice that in your recommendations, or in what I believe are 
your recommendations, your suggestion is to take steps that the 
FBI not improperly use the letters, but why not just say ``no 
exigent letters''?
    Mr. Fine. Well, there should not be an exigent letter of 
the sort that they use. There is a process under the statute to 
get emergency information under certain conditions, and that is 
the way they ought to do it. So that is a proper use of such a 
request.
    They surely should ban the way they did it in the past.
    Mr. Ellison. And that would be a change by statute or a 
rule change?
    Mr. Fine. Well, it does not need to be a statute. There is 
a statute that allows voluntary disclosure if there is an 
imminent threat and danger to the safety of an individual or 
others, and if there is that exigent circumstance, they can get 
the information and use such a letter. But what they should not 
do is combine it with an NSL the way they did it in the past. 
They ought to completely separate that and follow the statute.
    Mr. Ellison. Right. So what you are saying is that the 
practice in which the FBI was using the exigent letters 
combined with the NSL was--if the statute were properly 
followed, then there would not be the problem that we see 
today; is that right?
    Mr. Fine. That is correct.
    Mr. Ellison. Now, what sort of sanctions do you think 
should be applied, given the way that the FBI did use the NSL 
and the exigent letters?
    Mr. Fine. I think the FBI ought to look at this and look at 
the individuals involved and find out if they inappropriately 
and knowingly misused the authorities. They ought to take 
appropriate action against individuals, either management 
individuals who allowed it to occur or individuals in the 
field; and if they had poor performance, that ought to be 
assessed as well. So I think that ought to be something that 
the FBI is looking at.
    But I do not think they ought to say that simply because 
there was a misuse of the statute inadvertently that that would 
necessarily require misconduct charges against them.
    Mr. Ellison. Right. Well, you know, part of the problem 
here is that the very nature of the act that allows for the 
expanded use of the NSL is below the radar, and so it, by 
nature, lacks transparency, which is why people are so upset 
that the abuses took place.
    But I guess my next question is, another recommendation 
that you have made is that there be greater control files for 
the NSLs. How would you envision that working?
    Mr. Fine. No. There should be greater controls on the use 
of NSLs. They ought to make sure that the people know when they 
can be used and under what statute they can be used. There need 
to be signed copies of the NSLs so that there can be an audit 
trail. They have to be connected to an investigative file, not 
a control file.
    Mr. Ellison. Excuse me. I am sorry, Mr. Fine.
    Do you see this as essentially a training problem?
    Mr. Fine. I think it is a training problem. I think it is a 
supervision problem. I think it is an oversight problem. And I 
think it is a lack of adequate internal controls and is an 
auditing problem as well.
    Mr. Ellison. Now, that brings me to the few questions I had 
for Ms. Caproni.
    Ms. Caproni, do you have the staff to make all of the 
changes that are needed in order to have this program work 
properly?
    Ms. Caproni. I would always like more resources.
    Mr. Ellison. No. I am asking you--that is not my point.
    My question is, in order to--we could just simply go back 
to status quo, anti--back to pre-PATRIOT Act where NSLs were 
authorized, but not the expanded use of them that we have now. 
That could be one way to simply solve this problem.
    But my question is, at this time, do you have the staff to 
provide the training, to provide the controls that are called 
for by the recommendations?
    Ms. Caproni. I do. We are going to get some more staff that 
we have already discussed. We are going to get some analytic 
help, because we think that some of this would have been 
detected if we had had good analytic help so that we could see 
trends.
    But I think that we have enough lawyers. I think we can do 
what needs to be done. We are going to have assistance from 
Department of Justice lawyers for some of this, but I think we 
have sufficient resources.
    Mr. Ellison. Ms. Caproni, if you have the sufficient 
resources, why didn't you use them before? I mean, I guess the 
question that comes up in my mind is that you either do not 
have the resources to effectuate the changes that have been 
recommended or you do. And if you do, why weren't they applied?
    Ms. Caproni. This report told us a lot that we just did not 
know. I mean, I will fall on that sword again, which is that we 
learned a lot from this report, and we are going to make 
changes.
    I think I have got the personnel to do it. I think we have 
got the resources. We are going to make the resources 
available.
    This is important to us. It is important to us to regain 
the confidence of the American people and to regain the 
confidence of this Committee. You are one of our oversight 
Committees, and you are very important to us, and we are not--
trust me, I am not happy that we have this report and that I am 
in the position of saying, you know, we failed.
    Mr. Ellison. Ms. Caproni, if I could just go back to Mr. 
Fine.
    Mr. Fine, one of the changes that was made in the PATRIOT 
Act was to say that, I think, people other than headquarters 
officials could issue these letters.
    Should the authority for the issuance of the letters be 
retracted to what it was before the PATRIOT Act?
    Mr. Fine. I am not sure of that, and I do not want to 
necessarily give legislation that should occur.
    I do think it is important, if that authority is out there, 
that it has to be overseen; and bringing things back to 
headquarters may or may not be the answer. As you will recall 
in the September 11th attacks with the Moussaoui case, one of 
the concerns was headquarters was controlling the field too 
much, and so there are considerations on both sides of this 
issue. I do think that when it does go out there, it has to be 
used appropriately and overseen appropriately.
    Mr. Ellison. But if you had a narrower route through which 
these letters were authorized, wouldn't you have greater 
accountability?
    Mr. Fine. You could. You could have greater accountability.
    On the other hand, the effect of this could be diminished 
significantly, so I think that is the balance that has to be 
struck.
    Mr. Conyers. The time of the gentleman has expired, but I 
would like to say to Mr. Ellison that he has raised a point 
that we need to try to figure out at this hearing: Are there in 
existence the resources that are required and needed to reveal 
all of these people who have been abused or who have been 
violated by this system?
    For this hearing to close down--the gentleman from 
California, Mr. Berman, will be recognized next--without our 
having figured out, for example, that we do not have anywhere 
near the resources, as I have been talking with the gentleman 
from California, Mr. Lungren, about, either in the Federal 
Bureau of Investigation or in the Office of the Inspector 
General.
    If resources do not exist here, we may end up very well 
correcting everything from this point on, but how many 
thousands of people will have been violated to whom we will all 
be saying, from now on, not to worry, that it is all over with?
    That is a troubling consideration, Mr. Lungren, that we 
have had under discussion, that I am still looking for the 
answer to.
    So I recognize the gentleman from California, Mr. Berman.
    Mr. Berman. Well, thank you very much, Mr. Chairman.
    Mr. Fine, section 126a of the PATRIOT Act requires that not 
later than 1 year after the date of enactment of this act the 
Attorney General shall submit to Congress a report on any 
initiative of the Department of Justice that uses or is 
intended to develop pattern-based data-mining technology.
    The 1-year deadline expired on March 9th of this year. To 
my knowledge, we have not received this report. Can you give us 
an update on the progress of this report?
    Mr. Fine. From the Attorney General, no, I cannot give you 
progress. That is not my office. But I certainly can bring back 
that question to the Department.
    Mr. Berman. But I thought----
    Ms. Caproni. Congressman, I, unfortunately, can tell you. 
Yes, it was not submitted on time. I think we sent a letter 
indicating that it is still being worked on. I saw a draft 
going back across between us and the DOJ, so it is being worked 
on.
    Mr. Berman. Okay. Well, then, let me ask you.
    As I understand the audit that the Inspector General has 
undertaken, information from the National Security Letters is 
routinely added to the FBI's internal automated case system, 
which has about 34,000 authorized users; and then it is 
periodically downloaded into the Investigative Data Warehouse, 
which has approximately 12,000 users.
    Is it possible that other agencies of the Federal 
Government, or anywhere, are using information in that 
Investigative Data Warehouse for data-mining purposes?
    Ms. Caproni. For data-mining purposes, I do not know the 
answer to that. I mean, they could get access to it as 
appropriate for their agency.
    Mr. Berman. So it is possible?
    Ms. Caproni. I do not know the answer. I do not know.
    Mr. Berman. You do not know if it is possible, or you do 
not know if they are?
    Ms. Caproni. I do not know what they are doing with it, and 
I do not know what rules and restrictions govern them, so I 
just cannot answer that question.
    Mr. Berman. Well, let me get one thing clear.
    Is the report that we are awaiting an Inspector General's 
report or an Attorney General's report?
    Ms. Caproni. An Attorney General's.
    Mr. Berman. An Attorney General's report. All right.
    So will that report include the data-mining of information 
in the Investigative Data Warehouse by agencies not within the 
Justice Department? This report that you have seen circulating, 
will it include the data-mining of information by other 
agencies from the Justice Department's Investigative Data 
Warehouse?
    Ms. Caproni. It does not, but I do not know whether that 
means that no such activities are occurring or because it is 
not within the scope of the request.
    Mr. Berman. Well, since I was involved in this language, we 
think that since the database is under the purview of the 
Department of Justice, the use of it by other agencies would be 
included in that report under section 126a.
    Ms. Caproni. I will make sure that the people at DOJ 
understand that that is your interpretation of it.
    Unfortunately, I have been in the world of NSL and this 
report, and I have not been in the world of the data-mining 
report, so I just have not read it, so that is why I cannot 
answer your question.
    Mr. Berman. So you have not been personally involved in 
determining whether other agencies are being cooperative on how 
they are using the data from the--I take it you do not.
    Ms. Caproni. I do not. I just have not been involved in it.
    Mr. Berman. If you, subsequent to this hearing, could get 
that information and pass it on to me, I would be very 
grateful.
    Ms. Caproni. Certainly, I can.
    Mr. Berman. The information about whether the report will 
talk about other agencies' use of the Justice Department's 
Investigative Data Warehouse for data-mining purposes.
    Ms. Caproni. Again, I will make sure that the Department 
understands your position.
    Mr. Berman. Thank you.
    Mr. Lungren. Would the gentleman yield to me----
    Mr. Berman. I would be happy to.
    Mr. Lungren [continuing]. So I could ask a question?
    Ms. Caproni, one question just came to mind, and that is, 
part of this testimony today has talked about how agents in the 
field and special agents in charge in the field did not get the 
proper legal advice from, I presume, people who report to you, 
that they were not challenged as to the legal sufficiency of 
the NSLs or of the exigent letters; is that correct?
    Ms. Caproni. I think that comment was relative to the 
lawyers in the field, who actually do not report to me.
    Mr. Lungren. Whom do they report to?
    Ms. Caproni. They report to the special agents in charge. 
They report to their field office head. That is one of the 
things that Mr. Fine has suggested that we look at, and that is 
actively under discussion at the Bureau right now, whether that 
reporting structure should change.
    Mr. Lungren. So they do not report to you at all?
    Ms. Caproni. No, sir, they do not.
    Mr. Lungren. So they were on their own in the advice they 
were giving of a legal nature to the agents and to the special 
agents in charge to whom they report?
    Ms. Caproni. On a reporting basis, they do not report to 
me. I do not supervise them.
    I am in charge of the legal program. So we provide the 
CDCs. That is their title. We provide them with substantial 
legal advice, and they frequently call us when they have 
questions, but I do not rate them, and they do not report to 
me. I do not hire them; I do not fire them.
    Mr. Lungren. I know, but what I am trying to figure out is, 
if these attorneys report to the SAC, does that make it more 
difficult for them to tell the SAC that he or she is wrong when 
they are asking for one of these letters?
    Ms. Caproni. That is the concern that Mr. Fine has raised. 
I mean, I----
    Mr. Lungren. Well, do you share that concern?
    Ms. Caproni. I do share that concern.
    Mr. Lungren. Could that be one of the real problems we have 
got here?
    Ms. Caproni. I will say there are arguments both ways, 
Congressman. It is not--and the reason I say that is because I 
report to the Director of the FBI, and I do not have any 
problem telling the Director of the FBI my legal advice; and if 
he does not like it, it is still my legal advice.
    That is what the CDC should be doing, but whether they----
    Mr. Lungren. My experience has been that the SACs are 
pretty important people in their various offices, and most 
people generally think they are the top dogs, and we have this 
problem where, apparently, good legal advice either was not 
given or was not accepted, and maybe that is something we ought 
to look at if you folks will not look at it.
    Ms. Caproni. Again, we are actively looking at that very 
question of whether the CDC reporting structure should change.
    Mr. Lungren. And I thank the gentleman from California for 
yielding, although he is not here to receive it back.
    Mr. Conyers. I thank you all.
    The gentleman from Minnesota had one last question that I 
have agreed to entertain, if you will.
    Mr. Ellison. Thank you, Mr. Chair.
    My question is, of all of the letters that have been issued 
and of all of the inaccurate and improper data that has been 
set forth, clearly some information came back; and in the cases 
where individuals' information was obtained in violation of the 
rules and of the statutes, what has happened?
    Have these individuals been notified? What recourse do they 
have? What is the story on the people?
    Ms. Caproni. The people are not notified. Their records are 
removed from our databases, and the records are destroyed.
    Mr. Fine. That is correct.
    Mr. Conyers. Thank you very much.
    Ladies and gentlemen, this has been an excellent hearing. 
We thank the witnesses for continuing in an extended period of 
examination. We will all be working together. There are 5 
legislative days in which Members may submit additional 
questions to you and send them back as soon as you can.
    We also want to enter into the record Caroline 
Fredrickson's statement on behalf of the American Civil 
Liberties Union, Congressman Coble's Department of Justice 
facts sheet release. We also have The New York Times, which 
officially alerted the FBI to rules abuse 2 years ago, dated 
March 18th. And we also have a letter being hand-delivered to 
the general counsel, dated today, March 20th, which asks her 
for additional information.
    The record will be open for 5 additional days, and without 
any further business before the Committee, the hearing is 
adjourned. We thank you for your attendance.
    [Whereupon, at 12:45 p.m., the Committee was adjourned.]

                            A P P E N D I X

                              ----------                              


               Material Submitted for the Hearing Record

       Prepared Statement of the Honorable Sheila Jackson Lee, a 
    Representative in Congress from the State of Texas, and Member, 
                       Committee on the Judiciary



Prepared Statement of the Honorable Linda T. Sanchez, a Representative 
in Congress from the State of California, and Member, Committee on the 
                               Judiciary



   Response to Post-hearing questions from Glenn A. Fine, Inspector 
                  General, U.S. Department of Justice



   Post-hearing questions posed to Valerie Caproni, General Counsel, 
  Federal Bureau of Investigation, from Chairman John Conyers, Jr.\1\
---------------------------------------------------------------------------
    \1\ At the time of publication, responses to post-hearing questions 
posed to Valerie Caproni had not been received by the Committee on the 
Judiciary.



     Letter from Richard C. Powers, Assistant Director, Office of 
         Congressional Affairs, Federal Bureau of Investigation



   Prepared Statement of Caroline Frederickson, Director, Washington 
       Legislative Office, American Civil Liberties Union (ACLU)

    On behalf of the American Civil Liberties Union, its more than half 
a million members and activists, and 53 affiliates nationwide, I thank 
Chairman Conyers and ranking member Smith for holding today's hearing 
on FBI abuse of National Security Letters.
    Over five years ago, in the wake of the terrorist attacks of 
September 11, 2001 Congress passed the USA Patriot Act,\1\ giving the 
FBI extraordinarily broad powers to secretly pry into the lives of 
ordinary Americans in the quest to capture foreign terrorists. One of 
the changes the Patriot Act made was to expand the circumstances in 
which National Security Letters (NSLs) could be issued so that the 
information sought with such letters would no longer have to pertain to 
an agent of a foreign power, and would no longer be limited to the 
subjects of FBI investigations.\2\ An NSL is a letter that can be 
issued by Special Agents in Charge (SAC) of the FBI's 56 field 
offices--without any judicial review--to seek records such as telephone 
and e-mail information,\3\ financial information, and consumer credit 
information.
---------------------------------------------------------------------------
    \1\ Uniting and Strengthening America by Providing Appropriate 
Tools Required to Intercept and Obstruct Terrorism Act of 2001, Pub. 
Law No 107-56, 115 Stat. 272 (2001)[Hereinafter Patriot Act].
    \2\ Id., section 505.
    \3\ Telephone and e-mail information that can be obtained with NSLs 
includes historical information on calls made to and from a particular 
number, billing records, electronic communication transactional records 
and billing records (including method of payment), and subscriber 
information.
---------------------------------------------------------------------------
    The four NSL authorizing statutes include the Electronic 
Communications Privacy Act,\4\ the Right to Financial Privacy Act,\5\ 
the Fair Credit Reporting Act,\6\ and the National Security Act of 
1947.\7\ Subsequent legislation expanded the types of institutions from 
which records could be sought using NSLs. The Intelligence 
Authorization Act for Fiscal Year 1996,\8\ amended the FCRA to give the 
FBI authority to obtain credit header information with NSLs, and a 
provision of the Patriot Act, expanded this power to allow the FBI and 
other government agencies that investigate terrorism to obtain full 
credit reports.\9\ The Patriot Act also reduced the standard necessary 
to obtain information with NSLs, requiring only that an SAC certify 
that the records sought are ``relevant'' to an authorized 
counterterrorism or counter-intelligence investigation.
---------------------------------------------------------------------------
    \4\ 18 U.S.C. section 2709 (1988).
    \5\ 12 U.S.C. section 3401 (2000).
    \6\ 15 U.S.C. section 1681 et seq. (1996).
    \7\ 50 U.S.C. section 436(a)(1)(2000).
    \8\ Pub. Law No. 104-93, section 601(a), 109 Stat. 961, codified at 
15 U.S.C. section 1681u (Supp.V. 1999).
    \9\ Patriot Act section 358(g)(2001).
---------------------------------------------------------------------------
    The ACLU opposed these unwarranted expansions of NSL power, and 
opposed making provisions of that statute permanent with the Patriot 
Reauthorization Act of 2005,\10\ fearing these unnecessary and 
unchecked powers could be too easily abused. When Congress reauthorized 
the Patriot Act, it directed the Department of Justice Inspector 
General (IG) to review the effectiveness and use of these expanded 
authorities and one of the first of these reports, a review of the 
FBI's use of NSLs, was released on March 9, 2007.\11\
---------------------------------------------------------------------------
    \10\ USA PATRIOT Improvement and Reauthorization Act of 2005, Pub. 
Law No. 109-177, 120 Stat. 192 (2006).
    \11\ Office of the Inspector General, A Review of the Federal 
Bureau of Investigation's Use of National Security Letters, March 2007, 
http://www.usdoj.gov/oig/reports/FBI/index.htm (Hereinafter IG Report).
---------------------------------------------------------------------------
    The IG's audit confirms our worst fears: that the FBI uses its NSL 
authorities to systematically collect private information about people 
who are not reasonably suspected of being involved in terrorism, and it 
retains this information indefinitely. The FBI ignored the scant 
requirements of the law and developed shortcuts to illegally gather 
information the FBI wanted from telecommunications companies and 
financial institutions. It did this without opening the investigations 
for which, by law, this information must be sought or be relevant to, 
and often without ever bothering to secure the NSLs or grand jury 
subpoenas it told these telecoms and financial institutions it would 
secure to support its claim of access to sensitive customer 
information.\12\ This should be of great concern to all Americans, 
because the IG found the FBI is increasingly using this power against 
U.S. persons.\13\ And despite the issuance of more than 140,000 NSL 
requests, the IG report documents only one terrorism conviction--for 
providing ``material support'' for terrorism--and only 153 ``criminal 
proceedings'' resulting from the extensive use of this power.\14\ 
``Criminal proceedings'' is defined as all federal grand jury 
proceedings, as well as search warrants, indictments and trials.\15\
---------------------------------------------------------------------------
    \12\ IG Report at 94.
    \13\ IG Report at 38.
    \14\ IG Report at 63, 64.
    \15\ IG Report, footnote 103, p. 62.
---------------------------------------------------------------------------
    For over five years the Federal Bureau of Investigation has 
collected vast troves of data in secret and without accountability. I 
hope this hearing is only one of many to reestablish checks and 
balances on the executive branch and curb its many abuses of power. The 
ACLU asks this committee to hold the FBI and this administration 
accountable for these abuses and to make statutory changes that will 
ensure that they cannot happen again.

                    THE INSPECTOR GENERAL'S FINDINGS

    Despite statements to the contrary, the Inspector General found 
much more than just sloppy management and poor record keeping. The 
Inspector General's report documents systematic failures to meet 
statutory requirements, and at times, intentional refusals to comply 
with the law.
Intentional Violation of the NSL Statute
    Most disturbingly, the Inspector General's report shows that the 
FBI's Communications Analysis Unit (CAU) declared itself unconstrained 
by the NSL statutes--arguing that the law was ``insufficient'' for 
CAU's purposes--and it contracted directly with three telephone 
companies to access information illegally.\16\ The information included 
telephone toll and call detail records and the contract specified that 
the telephone companies would provide ``near real-time servicing'' of 
these requests. The contracts were approved by the FBI's Office of 
General Counsel (OGC), and fulfilled by issuing so-called ``exigent'' 
letters that were used even when no exigent circumstances existed.\17\ 
The IG was able to confirm the use of 739 exigent letters to obtain 
information on 3,000 telephone accounts, in the clear absence of 
statutory authority to do so.\18\ The true number is unknown because 
the FBI does not keep adequate records. That FBI Office of General 
Counsel procurement attorneys were involved with these contracts 
confirms that the telecommunication companies were paid for their 
cooperation and silence, and confirms that contrary to the IG's 
assertion that the FBI's use of ``exigent'' letters was undertaken 
without the benefit of advance legal consultation,\19\ FBI lawyers were 
instrumental in establishing this illegal process.
---------------------------------------------------------------------------
    \16\ IG Report at 88.
    \17\ IG Report at 92.
    \18\ IG Report at 90.
    \19\ IG Report at 97.
---------------------------------------------------------------------------
    CAU staff, who were not authorized to sign NSLs, used ``exigent'' 
letters containing obviously false statements to obtain documents from 
the telephone companies when no authorizing investigation was open, 
when no NSLs or subpoenas had been requested, and when no emergency 
situation existed.\20\ They then asked FBI field offices to open 
investigations so NSLs could be issued without telling the field office 
personnel that CAU staff had already received the records,\21\ a clear 
indication that they knew what they were doing was improper. FBI 
National Security Law Branch (NSLB) attorneys were made aware of this 
issue in late 2004, possibly through complaints from field agents who 
resisted CAU's directives, and an NSLB Assistant General Counsel 
concluded that the practice of using ``exigent'' letters did not comply 
with the NSL statute. Yet, rather than prohibiting the practice 
outright, the NSLB attorney counseled CAU for two years regarding how 
and when CAU officials should use them. Regardless of this advice, CAU 
continued using these ``exigent'' letters, and the practice wasn't 
``banned'' until the IG issued its report.\22\ Even today the FBI is 
unable to determine whether data requested with ``exigent'' letters was 
ever covered with properly issued NSLs or subpoenas.\23\
---------------------------------------------------------------------------
    \20\ IG Report at 92.
    \21\ Id.
    \22\ FBI letter to Inspector General Glen Fine dated March 6, 2007 
included in the appendix of the IG Report.
    \23\ IG Report p. 91.
---------------------------------------------------------------------------
    And the issuance of ``exigent'' letters was only one of the illegal 
methods the FBI used to circumvent the NSL statutes. Using a similar 
scheme, the Terrorist Financing Operations Unit issued ``Certificate 
Letters'' to obtain the financial records of at least 244 named 
individuals in violation of the Right to Financial Privacy Act.\24\ 
Again, agents without authority to issue NSLs used these letters to 
circumvent the law and gain access to private financial records, and 
then lied about it when confronted by NSLB attorneys. When the NSLB 
attorneys realized they had been misled they ordered the practice 
halted, but it did not stop.\25\ This sequence reveals what can only be 
described as clearly intentional misconduct.
---------------------------------------------------------------------------
    \24\ 12 U.S.C. section 3401 (2000). See IG Report at 115.
    \25\ IG Report at 117.
---------------------------------------------------------------------------
    In other instances NSLB attorneys actually signed NSLs without 
reference to any authorized investigation, and more than 300 NSLs were 
issued out of an FBI control file that was opened specifically because 
there was not an authorized investigation from which to issue an NSL 
for the data the FBI wanted.\26\
---------------------------------------------------------------------------
    \26\ IG Report at 100.
---------------------------------------------------------------------------
Increasing Collection of Data on U.S. persons
    When Congress expanded the FBI's authority to use NSLs, it required 
FBI officials to certify that the information sought with these letters 
is relevant to an authorized investigation. By instituting this 
requirement, Congress clearly intended for NSLs to be a targeted 
investigative power, rather than a broad power that could be used to 
cast a wide net. But, the IG report makes clear this is not how the FBI 
is using its NSL authorities. In one example, nine NSLs were used to 
obtain records for 11,000 different telephone numbers. And, agents and 
analysts often didn't even review the data they received from NSLs. 
They simply uploaded it into computers.\27\ The IG found information 
received from NSLs is uploaded into three separate FBI databases, where 
it is retained indefinitely and retrievable by tens of thousands of FBI 
and non-FBI personnel,\28\ even if the information exonerates the 
subject from any involvement in terrorism.\29\ Despite this 
extraordinary collection effort, the IG was able to document only one 
terrorism conviction resulting from the use of NSLs.\30\ Clearly NSLs 
are not being used as targeted investigative tools.
---------------------------------------------------------------------------
    \27\ IG Report at 85.
    \28\ IG Report at 28, 30, and 110.
    \29\ IG Report at 44.
    \30\ IG Report at 64.
---------------------------------------------------------------------------
    The IG also expressed concern that the FBI allows agents to use 
NSLs to access information about individuals who are ``two or three 
steps removed from their subjects without determining if these contacts 
reveal suspicious connections.'' \31\ The fact that NSLs are being 
issued from control files and ``exigent'' letters are being used by 
analytic units at FBI Headquarters suggests that this tool is not being 
used in the manner Congress intended. Despite the FBI's claims that 
NSLs are directed at suspected terrorists, the Inspector General found 
that the proportion of NSLs issued to obtain information on Americans 
is increasing. In fact, the majority of NSLs the FBI issued in 2005 
were used to obtain information about U.S. persons (American citizens 
and lawful permanent residents of the U.S.).\32\
---------------------------------------------------------------------------
    \31\ IG Report at 109.
    \32\ IG Report at 38.
---------------------------------------------------------------------------
Datamining
    Neither the NSL statutes nor Department of Justice policy require 
the FBI to purge from its databases sensitive personal information 
about persons who are found to be innocent and not tied to foreign 
powers.\33\ The Inspector General confirmed that the FBI has taken 
advantage of this loophole and uploads all information--admittedly 
innocent or not--into national databases that are indefinitely 
maintained. The data received from NSLs is uploaded into a ``Telephone 
Application Database'' where a link analysis is conducted, and into an 
Investigative Data Warehouse where it is mixed with 560 million records 
from 50 different government databases.\34\ Tens of thousands of law 
enforcement and intelligence personnel have access to the information, 
which is not given a disposition, leaving innocent people associated 
with a terrorism investigation long after their information becomes 
irrelevant. Intelligence products developed from this data do not cite 
the origin,\35\ so errors in the information can never be checked 
against the source documents. Instead, errors will be compounded when 
intelligence products derived from this erroneous information are 
distributed throughout the intelligence community and to state and 
local law enforcement agencies.
---------------------------------------------------------------------------
    \33\ IG Report at 110.
    \34\ IG Report at 28, 30.
    \35\ IG Report at 54.
---------------------------------------------------------------------------
Erroneous Reports to Congress and the Intelligence Oversight Board
    The Inspector General found that statutorily required reports to 
Congress excluded at least six percent of the overall number of 
NSLs.\36\ The number of unreported NSLs may be higher, but record 
keeping is so bad at the FBI, the Inspector General was unable to even 
confirm a final number. A review of just 77 cases from four FBI field 
offices found 22 percent more NSLs in case files than the FBI General 
Counsel knew about. More significantly, the IG found 60% of those files 
deficient in required paperwork, and his review doubled the number of 
unlawful violations that needed to be reported to the President's 
Intelligence Oversight Board.\37\
---------------------------------------------------------------------------
    \36\ IG Report at 34.
    \37\ IG Report at 78.
---------------------------------------------------------------------------
                          PROPOSED AMENDMENTS

    Regrettably, the Inspector General's report only included 
suggestions for internal changes within the FBI's discretion, and did 
not include recommendations for amending the underlying statute that is 
the source of these abuses. It is clear that the violations the 
Inspector General uncovered were the natural consequence of a statute 
that allows government agents to access sensitive information without 
suspicion of wrongdoing, in the absence of court oversight, and with 
complete secrecy compelled by a gag order with criminal consequences. 
In fact, even if management and technology problems identified in the 
IG's report are solved, hundreds of thousands of NSLs will continue to 
collect information on innocent Americans because that is exactly what 
the statute allows.
    The ACLU recommends three statutory changes that are absolutely 
necessary to ensure that the law protects privacy while permitting the 
collection of information necessary to investigate terrorism.
Limit NSLs to Suspected Terrorists and Other Agents of Foreign Powers
    First, Congress must repeal the expansion of the NSL power that 
allows the FBI to demand information about totally innocent people who 
are not the targets of any investigation. The standard should return to 
the requirement that NSLs seek only records that pertain to terrorism 
suspects and other agents of foreign powers.\38\ And the FBI should not 
be allowed to use NSLs to investigate people two or three steps removed 
from any criminal or terrorist activity.
---------------------------------------------------------------------------
    \38\ Agent of a foreign power is defined in the Foreign 
Intelligence Surveillance Act of 1978, 50 U.S.C. Sec. 1801 (1978).
---------------------------------------------------------------------------
    Under current law, the FBI can use an NSL to obtain information 
that the FBI asserts is ``relevant'' to an investigation. The FBI has 
clearly taken advantage of this ``relevance'' standard and issued NSLs 
to obtain information on innocent American people with no connection to 
terrorism. In fact, it obtained this information without even opening 
an investigation to which the information must be relevant. NSLs are 
now issued to collect records just for the sake of building databases 
that can be mined later. In addition to being wholly ineffective as an 
investigative technique, this data collection and warehousing is an 
affront to the privacy of U.S. persons.
Restrict the Gag Provisions and allow for Meaningful Challenges
    The gag provisions of the NSL statutes unconstitutionally inhibit 
individuals receiving potentially abusive NSLs from challenging them in 
court. Congress should amend the NSL statute so that gag orders are 
imposed only upon the authority of a court, and only where necessary to 
protect national security. Judicially imposed gag orders should be 
limited in scope and duration.
    Further, gags must come with a meaningful right to challenge them 
before a neutral arbiter. Last year's amendments created a sham court 
proceeding, whereby a judge is powerless to modify or overturn a gag if 
the federal government simply certifies that national security is at 
risk, and may not even conduct any review for a full year after the NSL 
is issued. Under the NSL statute, the federal government's 
certification must be treated as ``conclusive,'' rendering the ability 
to go before a judge meaningless. To comport with the First Amendment, 
a recipient must be able to go before a judge to seek meaningful 
redress.
Court Review
    If there is one undeniable conclusion that Congress can draw from 
the Inspector General's report, it is that the FBI cannot be left to 
police itself. Allowing the FBI to keep self-certifying that it has met 
the statutory requirements invites further abuse and overuse of NSLs. 
Contemporaneous and independent oversight of the issuance of NSLs is 
needed to ensure that they are no longer issued at the drop of a hat to 
collect information about innocent U.S. persons. Court review will 
provide those checks and balances as was intended by the Constitution.

                               CONCLUSION

    The Inspector General reviewed just a tiny proportion of NSLs 
issued by the FBI from 2003 through 2005, yet he found an extraordinary 
level of mismanagement, incompetence, and willful misconduct that 
clearly demonstrates that the unchecked NSL authorities given to the 
FBI in the Patriot Act must be repealed. The FBI and Department of 
Justice have shown that they cannot police themselves and need 
independent oversight. The American Civil Liberties Union applauds the 
Committee for holding this hearing and opening a window on these 
abuses, but there is more work to be done. Congress must fully 
investigate the FBI's abuse of power to insure that those responsible 
for these violations are held accountable, and the innocent people who 
have had their privacy invaded and their civil rights abused need to be 
identified and notified, and records that have been improperly or 
inappropriately seized should be purged from FBI databases. But most 
importantly, Congress needs to fix the Patriot Act, which has set the 
stage for all of these problems.

Letter requesting additional information submitted to Valerie Caproni, 
            General Counsel, Federal Bureau of Investigation



    Press release by the Department of Justice from March 9, 2007, 
 submitted by the Honorable Howard Coble, a Represenative in Congress 
    from the State of North Carolina, and Member, Committee on the 
                               Judiciary



Article entitled ``Official Alerted F.B.I. to Rules Abuse 2 Years Ago, 
  Lawyer Says,'' The New York Times, submitted by the Honorable John 
                              Conyers, Jr.



                                 
