Inspector general: FBI not embracing privacy safeguards

A second critical inspector general's report says the FBI has conducted unlawful surveillance of American citizens and has not made the substantial changes necessary to clean up its act.

Declan McCullagh
Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
4 min read
This is an actual, completely redacted page from the inspector general's report on Section 215.

The FBI has wielded the Patriot Act's extraordinary surveillance powers to unlawfully collect information about American citizens and has resisted some efforts to impose additional privacy safeguards, according to the U.S. Department of Justice's inspector general.

Inspector General Glenn Fine, in a pair of reports released on Thursday reviewing the 2006 calendar year, acknowledged the FBI's top management has been receptive to the points he raised in his first report a year earlier. But he indicated that there was nevertheless resistance to increased oversight and better record-keeping, which would help to prevent further abuses.

The longer of the two reports (PDF) dealt with national security letters, or secret FBI requests -- done without court oversight or approval -- for administrative information that communication providers, credit agencies, or banks might store. The second report (PDF) discusses broader "Section 215" requests for information that can be sent to any individual or company under the Foreign Intelligence Surveillance Act; these, however, must be approved by a judge. (The second report was heavily redacted, with some key pages blacked out.)

Some highlights:

* The FBI tried to whitewash illegal uses of Patriot Act surveillance authority that was intended to be used against terrorists and spies but ended up being used against Americans. FBI officials characterized these unlawful acts as "administrative errors," which Fine said "diminishes their seriousness and fosters a perception that compliance with FBI policies... is annoying paperwork."

* An FBI working group created by the attorney general recommended against the privacy-protective step of "tagging" information obtained through national security letters on grounds it would place "an undue burden on the operation" of the bureau.

* The same working group downplayed the severity of the FBI's surveillance abuses, saying agents have a highly regulated system for approving national security letters and for identifying violations. Fine's response: "Contrary to the NSL Working Group's conclusions, we do not believe that existing controls are a sufficient basis on which to rely in evaluating the need for additional privacy protections."

* The Justice Department inaccurately reported the number of national security letters. Eleven of the letters sought billing records on a total of 3,860 phone numbers -- a whopping amount. That figure was not disclosed to Congress.

* Even though national security letters are not supposed to be used to obtain the contents of communications -- they only can obtain billing records and so on -- some e-mail providers handed over full message bodies or Subject: lines anyway. In these cases, however, the FBI's general counsel directed that the records be sealed and a second request sent.

* No information from a Section 215 order was actually used in a criminal proceeding in 2006. In addition, "the evidence showed no instance where the information obtained from a Section 215 order... resulted in a major investigative development." Nevertheless, Director of National Intelligence Mike McConnell responded by calling them "an invaluable tool."

* Companies served with Section 215 orders in two known instances in 2006, either by accident or because they're overeager, turned over more information than they're authorized to divulge. In one case, a company handed over data "that was not requested in the Section 215 application or authorized by the FISA court."

* In those cases, the FBI's adherence to the law is spotty. A situation involved the FBI receiving information about a U.S. person for two months after the surveillance order expired -- without objecting. In fact, the FBI argued that the information should be treated as an "voluntary production." Fine's report: "We disagree and believe that the production of these additional records should not be considered as voluntary..."

* The FISA court twice rejected the FBI's request for Section 215 orders because the police were investigating lawful conduct protected by the First Amendment. But after the FBI was rejected, it sent national security letters instead. Fine said the FBI should have re-evaluated the investigation instead.

The Justice Department said in a statement: "The Inspector General correctly emphasizes the need for sustained oversight of the FBI's use of NSLs and concludes that the senior leadership of the Justice Department and the FBI are committed to addressing these issues and continue to devote significant energy, time, and resources to this effort."

What does all this mean? For starters, it puts the FBI and the Bush administration slightly on the defensive; it's not convenient to have intelligence-related abuses and overzealous conduct by e-mail providers in the news at the same time you're calling for retroactive immunity for them and other companies.

Democratic Sen. Patrick Leahy of Vermont said in response: "The FBI mirrors the rest of the Bush administration in seeking to avoid accountability by providing itself blanket authority. When the Senate returns after the March recess, I intend to follow up with another oversight hearing. Legislative action may be necessary to correct these abuses."

I wrote earlier this week of the politics of wiretapping and eavesdropping, which are playing out in a new Democrat-backed bill that does not immunize telecommunications providers from lawsuits saying they opened their networks to the National Security Agency in violation of privacy laws. Republicans oppose it.

The Senate has already approved retroactive immunity by a 68-29 margin. A few weeks ago, if an up-or-down House of Representatives vote on retroactive immunity had been held, it probably would have passed. Now, with Thursday's pair of reports and other recent disclosures, it may be significantly less likely.