National Security Letters (NSLs)

Top News | Overview | NSL Statistics | Legal Authorities | Resources | News Items | Previous Top News

National Security Letters (NSLs) are an extraordinary search procedure which gives the FBI the power to compel the disclosure of customer records held by banks, telephone companies, Internet Service Providers, and others. These entities are prohibited, or "gagged," from telling anyone about their receipt of the NSL, which makes oversight difficult. The Number of NSLs issued has grown dramatically since the Patriot Act expanded the FBI's authority to issue them.

Top News

• Inspector General Finds Continuing Abuses of Patriot Act Powers. For the fourth consecutive year, the Inspector General found (pdf) privacy breaches by FBI agents using National Security Letters, which permit the FBI to compel the disclosure of records held by banks, telephone companies, and others without judicial oversight. A second report (pdf) found abuses of Patriot Act Section 215 orders that allow the FBI to demand business records and other "tangible things" from any company or individual. "[W]e found that the FBI had issued [NSLs] for information about [redacted] after the FISA court, citing First Amendment concerns, had twice declined to sign Section 215 orders in the same investigation," the Inspector General said. Sen. Patrick Leahy, Chairman of the Judiciary Committee, plans an oversight hearing. "Legislative action may be necessary to correct these abuses. I intend to seek accountability and advertence to the rule of law," he said. EPIC has recommended (pdf) reforms to the NSL authority. (March 14, 2008)
• FBI Issues Revised National Security Letter Guidelines. The FBI has sent to its field agents updated guidelines (pdf) for the use of National Security Letters (NSLs). The new guidelines prohibit the use of exigent letters, but continue other practices permitted by the Patriot Act. These other practices include field offices being able to issue NSLs as opposed to the pre-Patriot Act system of only headquarters issuance. FBI field offices also continue issuing NSLs under the lowered standard of "relevance to an ongoing investigation" permitted by the Patriot Act. (June 13, 2007)
• EPIC Calls for Repeal of Misused Patriot Act Powers. In a letter to the Senate Judiciary Committee, EPIC recommended that Congress repeal the National Security Letter authority. (Mar. 21, 2007)

Overview: What Does an NSL Do?

What Types of Information Can Be Obtained by NSLs?

• Telephone and E-mail Records: "Toll records," a historical record of calls made and received from land lines, cell phones, and other sources, of a specified phone number, as well as billing records associated with that number. E-mail records, including e-mail addresses and screen names associated with the requested account and the e-mail addresses and screen names who have contacted that account. Also includes billing records and methods of payment for each account.
• Financial Records: Financial information, including open and closed checking and savings accounts, from banks, private bankers, credit unions, thrift institutions, brokers and dealers, investment bankers and companies, credit card companies, insurance companies, travel agencies, casinos, and others. For a full list, see 31 U.S.C. § 5312(2).
• Credit Information: Full credit reports, names and addresses of all financial institutions at which the consumer has maintained an account, and identifying information of a consumer (limited to name, address, former addresses, and past and current employers).

NSL "Gag Order" Provisions

The four NSL statutes all include "gag order" provisions barring those who receive NSLs from disclosing the fact that they have received such a letter (even to the consumer whose records are being sought) and from disclosing the records provided. The Patriot Act did not alter these provisions. An op-ed explaining one NSL recipient's experience with the gag order entitled My National Security Letter Gag Order appeared in the Washington Post on March 23, 2007.

The American Civil Liberties Union (ACLU) has challenged the gag order provisions in two cases, Doe v. Ashcroft and Doe v. Gonzales. In both cases, the judges ruled that the gag orders were unconstitutional on both Fourth and First Amendment grounds. See the ACLU's pages on Doe v. Ashcroft and Doe v. Gonzales for more information.

The Patriot Reauthorization Act of 2005 modified some of the gag order provisions. An NSL recipient may now disclose the fact that they received an NSL in connection with seeking legal advice or complying with the NSL. NSL recipients were also given the ability to challenge, in federal court, compliance with the NSL and the gag order provisions. Additionally, the government was given the ability to seek judicial enforcement of NSLs in non-compliance situations.

Office of the Inspector General Report, March 9, 2007

Under the Patriot Reauthorization Act of 2005, the Department of Justice Office of the Inspector General (OIG) is required to review "the effectiveness and use, including any improper or illegal use, of national security letters issued by the Department of Justice." The OIG released its first report, covering calendar years 2003 through 2005, on March 9, 2007. The report detailed significant violations of law and regulations by the FBI in its use of its national security letter authority.

The FBI is required to report to Congress on the number of NSLs issued; the OIG found that the FBI underreported this number. The OIG review looked at 77 case files containing 293 NSLs from four separate FBI field offices issued in the 2003-2005 period. This review found that there were 17% more NSLs in the sample of case files than in FBI reporting databases. Delays in data entry also caused about 4,600 NSLs to not be reported to Congress. The OIG concluded that the FBI database significantly understates the number of NSL requests issued, and that Congress has been misinformed about the scale of the usage of the NSL authority.

The report further stated that violations are supposed to be self-reported by the FBI to the Intelligence Oversight Board. During the 3-year period in question, the FBI self-reported 26 violations out of the 140,000 NSLs issued. The OIG, however, found 22 potential violations out of the sample of 293 NSLs it reviewed. The OIG has stated that there is no indication that the 293 NSLs it reviewed are not representative of all of the NSLs issued, thus indicating that the FBI is failing to self-report a very significant number of violations.

The OIG also found over 700 "exigent letters," which are not authorized by statute and some of which appear to have been issued when no exigency or emergency existed. These letters requested records from telephone companies and promised that proper subpoenas had been submitted or would follow. However the OIG found no confirmation that subpoenas, NSLs, or other proper process did follow or had in fact been submitted.

In response to the OIG report, FBI Director Robert Mueller testified before the Senate Judiciary Committee on March 27, 2007. In his opening statement, Committee Chairman Patrick Leahy stated that the FBI's "pattern of abuse of authority and mismanagement causes me and many others on both sides of the aisle to wonder whether the FBI and Department of Justice have been faithful trustees of the great trust that the Congress and American people have placed in them to keep our nation safe while respecting the privacy rights and civil liberties of all Americans." Senator Arlen Specter, the ranking Republican member on the committee, stated that "the question is emerging as to whether the FBI is up to the enormous task that we have asked it to perform," pointing out that "every time we turn around, there is another, very serious, failure on the part of the bureau."

NSL Statistics

The Inspector General's report detailed the FBI's use of NSLs from 2003 to 2005. All of the below statistics were taken from this report.

• Total number of NSL requests from 2000 (prior to passage of the Patriot Act): about 8,500.
• Total number of NSL requests from 2003-2005 (after passage of the Patriot Act): 143,074.
  • 2003: 39,346
  • 2004: 56,507
  • 2005: 47,221
• Percentage of NSL requests generated from investigations of U.S. Persons:
  • 2003: about 39%
  • 2004: about 51%
  • 2005: about 53%
• Type of investigation connected to NSL requests (2003 through 2005):
  • Counterterrorism: 73.6%
  • Counterintelligence: 26%
  • Foreign Cyber Investigations: 0.4%

Legal Authority for NSL Power

The FBI's authority to issue NSLs dates back to 1986, when an amendment to the Right to Financial Privacy Act was passed permitting the FBI to obtain financial records in foreign counterintelligence cases. Since then, Congress has enacted a number of laws authorizing the FBI to obtain, without judicial oversight, certain types of information in terrorism, espionage, and classified information leak investigations. Among these laws are four statutory provisions that authorize the FBI to use NSLs to obtain customer transactional information from communications companies, financial institutions, and consumer credit agencies. The Patriot Act expanded these four existing statutes, and added a fifth NSL authority. The five sources of the FBI's NSL power are:

1. The Right to Financial Privacy Act (RFPA), 12 U.S.C. § 3414. As originally enacted in 1978, the RFPA required that before a disclosure of personal financial information was made to law enforcement, government agencies must have provided individuals with advance notice and have given the individual an opportunity to challenge the request. A 1986 amendment to the RFPA created an exception to this advance notice requirement by authorizing the FBI to obtain financial records in foreign counterintelligence cases in cases where the agency had "specific and articulable facts giving reason to believe that the customer or entity whose records are sought is a foreign power or an agent of a foreign power." These requirements were changed upon enactment of the Patriot Act; the FBI may now obtain financial records if the information is sought for foreign counterintelligence purposes, as long as the investigation is not based on conduct protected by the First Amendment. Congress again amended the RFPA in 2003 to expand the definition of "financial institutions" to which NSLs could be issued. The statute now covers large casinos, insurance companies, automobile dealerships, credit unions, real estate companies, and travel agencies.
2. The Electronic Communications Privacy Act (ECPA), 18 U.S.C. § 2709. The ECPA allows the FBI to obtain telephone and e-mail information by issuing a NSL. This includes historical information on telephone calls made and received from a specified number, and billing records associated with a number. It also includes e-mails, screen names, and billing records for electronic communication services. Lastly, it includes subscriber information associated with an individual's phone or e-mail account.
3. The Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681u. The FCRA, as amended in 1996, authorizes the FBI to issue NSLs to obtain a consumer's credit history information, including the names and addresses of all financial institutions at which the consumer maintains or has maintained an account. The FBI may also request a consumer's identifying information, limited to name, address, former addresses, and both current and past employers.
4. Patriot Act amendment to the Fair Credit Reporting Act, 15 U.S.C. § 1681v. This new national security letter authority authorizes the FBI (and any government agency authorized to conduct international terrorism investigations) to obtain a consumer's full credit report and "all other" information in a consumer's file for international terrorism investigations.
5. The National Security Act, 50 U.S.C. § 436. The National Security Act, amended to include NSL authority after the 1994 espionage investigation of former CIA employee Aldrich Ames, authorizes NSLs to be issued in association with investigations of improper disclosure of classified information by government employees. This authority is rarely used by the FBI. The NSLs can cover financial records and information, including consumer reports.

The USA PATRIOT Act's Impact on NSL Authority

The FBI's NSL authority was significantly expanded by the Patriot Act. Section 505 of the Patriot Act expanded the FBI's authority by:

• Lowering the threshold for situations in which NSLs may be issued. Previously, the FBI may only have used NSLs to request information if it had "specific and articulable facts giving reason to believe that the customer or entity whose records are sought is a foreign power or an agent of a foreign power." The Patriot Act eliminated this requirement, and now NSLs may be issued to request information that is merely "relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities," provided that such an investigation of a U.S. person is not based on activities protected by the First Amendment. As a consequence, the FBI may use NSLs to request information about persons who are not subjects of national security investigations, so long as the information requested is "relevant" to such an investigation.
• Expanding approval authority beyond senior FBI Headquarters officials. Special Agents in charge of the FBI's 56 field offices may now sign NSLs.
• Amending the Fair Credit Reporting Act to add a new NSL authority. This new authority authorized the FBI and any other government agency authorized to conduct international terrorism investigations to issue NSLs to obtain full consumer credit reports in international terrorism investigations.

FBI Guidelines regarding NSLs

The FBI is subject to two sets of guidelines, one for foreign intelligence and international terrorism investigations ("National Security Investigation (NSI) Guidelines"), and one for general crimes, racketeering and domestic terrorism ("Criminal Guidelines"). In October 2003, the Attorney General made significant changes to the NSI, permitting NSLs to be issued during preliminary investigations. Under the previous guidelines, NSLs could only be issued during full investigations with limited exceptions.

Legislative Proposals to Address NSL Issues

Legislation reintroduced by Representative Jane Harman (D-CA) on March 28 would return the threshold for when a NSL may be issued back to the pre-Patriot Act standard of requiring that the FBI show a specific connection to a terrorist or foreign power before an NSL could be issued. The bill also requires the approval of a Foreign Intelligence Surveillance Court judge or designated United States Magistrate Judge prior to the issuance of a national security letter, create an electronic filing system for NSL applications, and require the FBI to destroy information obtained through NSLs once it is no longer needed. The bill would further increase Congressional oversight of the FBI's use of NSLs. For more information, see the Library of Congress page on the bill.

Resources

• EPIC letter to the Senate Judiciary Committee, recommending that Congress repeal the National Security Letter authority.
• Office of the Inspector General, A Review of the Federal Bureau of Investigation's Use of National Security Letters, March 2007. Available at DOJ.
• National Security Letters in Foreign Intelligence Investigations: legal Background and Recent Amendments, Congressional Research Service, March 17, 2006.
• Documents (pdf, 3.1 mb) obtained by EPIC under the Freedom of Information Act describe thirteen cases of possible FBI misconduct in intelligence investigations.
• Administrative Subpoenas and National Security Letters in Criminal and Intelligence Investigations: Background and Proposed Amendments, Congressional Research Service, April 15, 2005.
• Administrative Subpoenas and National Security Letters in Criminal and Intelligence Investigations: A Sketch, Congressional Research Service, April 15, 2005.

News Items

• Gonzales Was Told of FBI Violations. Washington Post, July 10, 2007. Gonzales told Congress he knew of no wrongdoing after the FBI had sent him reports of violations of laws protecting privacy and civil liberties. Some of these violations involved the National Security Letter authority expanded by the Patriot Act.
• FBI Finds It Frequently Overstepped in Collecting Data. Washington Post, June 14 2007. An audit of 10% of the FBI's investigative files found over 1000 violations of law or agency rules governing the uses of National Security Letters. A previous audit of a sample of 77 investigations had found 22 violations out of 293 NSL requests. The FBI's self reporting system had found only 26 violations in all of its investigations during the same 3 year period covered by these two audits.
• Press Release, Representative Jane Harman (D-CA), Harman Reintroduces Bill to Restore Accountability and Oversight Over Use of National Security Letters, March 28, 2007.
• My National Security Letter Gag Order. Washington Post, March 23, 2007. In a Washington Post op-ed, a NSL receipient describes the effect the NSL gag order has had on his life. A president of a small Internet access and consulting business, he was ordered to provide to the FBI senstive information about one of his clients. The writer describes how he resents being enlisted as a "secret informer" for the government, as well as being forced to mislead his colleagues, family, and friends.
• FBI Violations May Number 3,000, Official Says, Washington Post, March 21, 2007
• FBI Confirms Contracts with AT&T, Verizon, and MCI, Wired, March 20, 2007
• Official Alerted FBI to Rules Abuse Two Years Ago, Lawyer Says, New York Times, March 19, 2007
• Amid Concerns, FBI Lapses Went On, Washington Post, March 18, 2007
• Gonzales, Mueller Admit FBI Broke Law, Associated Press, March 10, 2007
• Report Details Missteps in Data Collection, Washington Post, March 10, 2007
• FBI abused power to get private records: report, Reuters, March 9, 2007
• Military Expands Intelligence Role in U.S., New York Times, January 7, 2007
• The FBI's Secret Scrutiny, Washington Post, November 6, 2005
• Judges Question Patriot Act in Library and Internet Case, New York Times, November 3, 2005

Previous Top News

• Report Finds FBI Misused PATRIOT Act Powers. The Department of Justice Inspector General has determined that the FBI abused the National Security Letter authority established by the Patriot Act. With a National Security Letter, the FBI can demand information from companies and individuals without any court approval. The Inspector General found unreported violations of law in 22% of the cases examined and also that the FBI did not report the actual number of Security Letters to Congress as required by law. The FBI acknowledged today that there has been "inadequate auditing and oversight" of National Security Letter authority. (Mar. 9, 2007)
  
  
• EPIC FOIA Documents Show Possible Patriot Act Abuses. Documents (pdf, 3.1 mb) obtained by EPIC under the Freedom of Information Act describe thirteen cases of possible FBI misconduct in intelligence investigations. The documents were released by the Bureau in response to an EPIC open government request (pdf) for information about the FBI's use of provisions of the PATRIOT Act. EPIC has written a letter (pdf) to the Senate Judiciary Committee highlighting the need for the Attorney General to report to Congress on potentially unlawful intelligence investigations. (Oct. 24, 2005)

EPIC Privacy Page | EPIC Home Page

Last Updated: March 18, 2008
Page URL: http://www.epic.org/privacy/nsl/default.html