U.S. Department of Justice
Office of the Inspector General

A Review of the Federal Bureau of
Investigation's Use of Exigent Letters
and Other Informal Requests for
Telephone Records

Oversight and Review Division
Office of the Inspector General
January 2010

UNCLASSIFIED

TABLE OF CONTENTS
TABLE OF CONTENTS

i

LIST OF ACRONYMS

viii

TABLE OF CHARTS, TABLES, AND DIAGRAMS

xi

CHAPTER ONE INTRODUCTION

xii

I.

Findings in the DIG's Previous Reports

2

II.

Methodology of the OIG Investigation

4

III.

Organization of this Report

6

CHAPTER TWO THE FBI'S USE OF EXIGENT LETTERS AND OTHER
INFORMAL REQUESTS FOR TELEPHONE RECORDS

9

I.

The Electronic Communications Privacy Act (ECPA)

9

II.

Background on the FBI's Use of Exigent Letters
A.

Origins of Exigent Letters in the FBI's New York Field
Division
1.

2.
B.

The FBI's New York Field Division Contract with
Company A
The New York Field Division's First Use of Exigent
Letters

11
11
12
12

The Work of the Communications Analysis Unit (CAUl
and the FBI's Contracts with the Three Communications
Service Providers................................................................... 14

1.
2.

3.
4.

5.
III.

The CAU's Mission and Organizational Structure
Terminology Used in this Report for Non-Content
Telephone Transactional Records
FBI Contracts with the Three Communications
Service Providers
Location of the Three Communications Service
Providers
Relationship between CAU Personnel and the
Providers' Employees

16
19
20
24
25

Exigent Letters Issued by CAU Personnel

25

A.

27

Text of the CAU Exigent Letters

1

B.
C.

CAU's Exigent Letters Practice

29

1.
2.

34
38
40

E.

Employees of On-site Communications Service
Providers

41

Types of Cases in which Exigent Letters were Used

43

Other Informal Methods for Requesting Records without Prior
Service of Legal Process

45

B.

E-mail, Face-to-Face or Telephone Requests, and Informal
Notes

45

"Sneak Peeks" or "Quick Peeks"

47

Records Obtained in Response to Exigent Letters and Other
Informal Requests

50

A.

Types of Records Collected by the Providers

50

B.

How Records were Uploaded and Analyzed by the FBI

52

C.

Community oflnterest/Calling Circle _

54

;:

54

3.
4.
VI.

Signers of Exigent Letters in the CAU
CTD Supervisors

The FBI's Senior Leadership

A.

V.

28

D.

F.

IV.

Counterterrorism Division's and CAU's Recognition of
the Use of Exigent Letters

g~=~~~g ~~ :~~:~::~ ~.i~;.ili~

FBI
56
Com an A's Use of Community of Interest_
.................................................... 61
FBI Guidance on Community of Interest_
Requests
62

OlG Analysis
A.

64

Requests for Telephone Records through Exigent Letters
and Other Informal Requests

64

B.

"Sneak Peeks"

72

C.

Calling Circle/Community of Interest _

75

CHAPTER THREE: ADDITIONAL USES OF EXIGENT LETTERS AND
OTHER INFORMAL REQUESTS FOR TELEPHONE RECORDS

79

Obtaining Calling Activity Information on "Hot Numbers"

79

I.

ii

A.
B.

C.
D.

II.

Legal Authority for Obtaining Calling Activity
Information

80

Hot Number _

81

1.
2.

82
83

FBI OGC and CAU's Unit Chiefs' Knowledge of Hot Number
_

85

OIG Analysis

87

Seeking Reporters' Telephone Records Without Required
Approvals

89

A.

Federal Regulations and Department Policies

89

B.

First Matter

91

I.
2.

91

3.
4.
C.

D.

III.

IV.

Company C
Company A

Background
The Investigation of the Leak of Information to the
Media
FBI Notifies the Reporters That Their Records Were
Obtained
OIG Analysis

91
101
102

Second Matter

104

1.
2.
3.
4.

104
105
III
113

Background
The Leak Investigation
OIG Investigation
OIG Analysis

Third Matter.

114

1.
2.
3.

114
115
120

Background...
The Leak Investigation
OIG Analysis

Inaccurate Statements to the Foreign Intelligence Surveillance
Court

122

A.

FISA Case No.!..

124

B.

FISA Case No. 2

124

C.

FISA Case No.3

125

D.

FISA Case No. 4

126

E.

OIG Analysis

127

Improper Administrative Subpoenas Issued to the On-site
Providers

1ll

129

A.

The FBI's Administrative Subpoena Authority

B.

Administrative Subpoenas Served on the On-Site

130

Providers............................................................................. 131

C.

Improper Administrative Subpoenas Issued in Two FBI
Investigations
1.
2.

3.
4.
D.

Issuing FBI Administrative Subpoenas in the
Absence of an Active Narcotics Investigation
Administrative Subpoenas were Signed by
Unauthorized Personnel
Two Additional After-the-Fact Administrative
Subpoenas
Knowledge of the Use of The Title 21 Administrative
Subpoenas

OIG Analysis

The FBI's Attempts at Corrective Actions From 2003 through
October 2006
A.
B.

C.

131
132
133
134
134

CHAPTER FOUR: THE FBI'S ATTEMPTS AT CORRECTIVE ACTIONS
REGARDING EXIGENT LETTERS
I.

131

137
137

A Backlog First Develops During Rogers's Tenure as
CAU Unit Chief.

139

NSLB Knowledge of Exigent Letters and Involvement in
Issuing After-the-Fact NSLs

142

NSLB Attorney Meets with CAU Personnel Regarding
Exigent Letters

146

D.

CAU Begins Implementing then Abandons a Tracking
System for Legal Process..................................................... 150

E.

CAU Unit Chief Youssef Learns that the CAU has Obtained
Records in Advance of Legal Process
151

F.

NSLB Attorney Provides Incorrect Advice to the CAU About
the Use of Exigent Letters
154

G.

NSLB Fails to Recognize Applicability of the ECPA's
Authority for Emergency Voluntary Disclosures to Requests
Sent to the CAU
155

H.

The September 26, 2005, Meeting

157

I.

The CAU Efforts to Reduce the Backlog

159

J.

DIG Analysis of FBI Attempts at Corrective Actions From
2003 through October 2006

162

IV

K.

FBI Issues 11 Improper Blanket NSLs in May to October
2006
1.
2.
3.
4.
5.

II.

165
166
167
178
184

The FBI's Corrective Action Since November 2006

185

A.

FBI OGC Learns of Blanket NSLs

186

B.

The CAU's Draft Memorandum to the FBI OGC Reporting
Possible Intelligence Oversight Board Violation

187

C.

FBI Legal Guidance Clarifying Legal Authorities

190

D.

Relocation of Communications Service Providers'
Employees From the FBI

191

FBI Analysis of Whether it Will Retain or Purge
Records

192

E.

1.
2.

FBI Analysis
FBI Analysis of Records Obtained From Exigent
Letters and 11 Improper Blanket NSLs
Steps Taken to Purge Records
Records Improperly Acquired Relating to Criminal
Investigations
Other NSLs Referred by the OIG to the FB!..
OIG Analysis of FBI Retention Decisions

208
209
210

OIG Conclusions Regarding FBI Attempts at Corrective Action
for Exigent Letters

211

3.
4.
5.
6.
III.

Youssef Proposes Policy and Procedures for Service
of NSLs
NSLB Revises Model for Exigent Letters but Approves
Their Continued Use
Three Blanket NSLs (May, July, and September
2006)
Eight Additional Blanket NSLs in 2006
OIG Analysis of 11 Improper Blanket NSLs

165

192
196
208

CHAPTER FIVE OIG FINDINGS ON FBI MANAGEMENT FAILURES
AND INDIVIDUAL ACCOUNTABILITY

213

I.

213

Management Failures
A.
B.
C.

Failure to Plan for Proper Use of the On-Site
Communications Service Providers

214

Failure to Provide Training and Guidance to CAU
Personnel

216

Failure to Oversee the CAU Activities

219

v

II.

Individual Performance

221

A.

CAU Unit Chief Glenn Rogers

221

B.

CAU Unit Chief Bassem Youssef

224

C.

NSLB Deputy General Counsel Julie Thomas

230

D.

NSLB Assistant General Counsel

235

E.

General Counsel Valerie Caproni

237

F.

Signers of the 11 Blanket NSLs: Joseph Billy, Jr., Arthur
Cummings III, Michael Heimbach, and
Jennifer Smith Love

239

1.
2.
3.
4.
5.

III.

Joseph Billy, Jr
Arthur A. Cummings III
Michael Heimbach
Jennifer Smith Love
OIG Conclusion on CTD officials who signed
improper blanket NSLs

243

G.

CAU Personnel Who Signed Exigent Letters

244

H.

FBI Personnel Involved in Media Leak Investigations

249

1.
2.
3.

249
252
254

First Matter
Second Matter
Third Matter

Conclusion

256

CHAPTER SIX: CONCLUSIONS AND RECOMMENDATIONS
I.

239
240
241
242

............. 257

Conclusions

257

A.

Exigent Letters and Other Informal Requests

257

B.

Other Informal Requests for Telephone Records

268

C.

FBI Attempts at Corrective Actions

272

1.
2.

D.

E.

The FBI's Initial Attempts at Corrective Action
Corrective Actions after the OIG's First
NSL Report

273
275

Improper Requests for Reporters' Telephone Records or
Other Calling Activity in Three Media Leak
Investigations

276

OIG Findings on Management Failures and Individual
Accountability for Exigent Letters and other Improper
Requests for Telephone Records

279

VI

II.

Recommendations

285

III.

GIG Conclusion on Exigent Letters and Other Improper
Requests for Telephone Records

288

Vll

[pAGE LEFT INTENTIONALLY BLANK]

viii

LIST OF ACRONYMS
AUSA
CAU
CD
CDC
CTD
CXS
DAD
DT-6
EC
ECPA
EOPS
FBI
FISA
FISA Court
FISDU
lOB
ITOS-I
NSD
NSI Guidelines
NSL
NSLB
OGC
OIG
Ole
PIOB
SAC
SSA

Assistant United States Attornev
Communications Analysis Unit
Comoact Disk
Chief Division Counsel
Counterterrorism Division
Communications EXPloitation Section
Deputy Assistant Director
Domestic Terrorism [Souadl 6
Electronic Communication
Electronic Communications Privacy Act
Electronic Surveillance Operations & Sharin" Unit

Federal Bureau of Investi"ation
Forei"n Intelli"ence Surveillance Act of 1978
Forei"n InteIli"ence Surveillance Court
Field Investi"ative Software Develooment Unit
InteIli"ence Oversi"ht Board
International Terrorism Operations Section
National Security Division
The Attorney General's Guidelines for FBI National Security
Investi"ations and Forei"n InteIli"ence Collection
National Security Letter
National Security Law Branch
Office of the General Counsel
Deoartrnent of Justice Office of the Inspector General
Office of Le"al Counsel
Possible InteIli"ence Oversil<ht Board
Special A"ent in Char"e
Supervisory Special A"ent

IX

[pAGE LEFT INTENTIONALLY BLANK)

x

TABLE OF CHARTS, TABLES, AND DIAGRAMS
CHART 2.1

Organizational Chart of Communications Exploitation Section

15

CHART 2.2

FBI DGC, Senior Leadership, and Counterterrorism Division Officials
Management (2003 through 2007)

18

CHART 2.3

Exigent Letters Issued by CAU Personnel to the Three On-Site
Communications Service Providers (2003 through 2006)

30

CHART 4.1

Analysis of FBI's Basis for Retaining Records from Exigent Letters
and 11 Blanket NSLs

200

CHART 4.2

Analysis of FBI's Basis for Retaining Records from Exigent Letters
and 11 Blanket NSLs

201

CHART 4.3

Records for 10 Telephone Numbers Uploaded into FBI Databases
with the Longest Periods of Overcollections

207

TABLE 2.1

Exigent Letters Issued by CAU Personnel by Calendar Year
(2003 through 2006)

26

TABLE 2.2

Exigent Letters Issued by CAU Personnel to the Three On-Site
Communications Service Providers (2003 through 2006)

26

TABLE 4.1

Three Blanket NSLs Issued by the CTD in 2006

169

TABLE 4.2

Eight Blanket NSLs Issued by the CTD in Connection with FBI
Operations Y and Z

178

TABLE 4.3

FBI's Analysis of Basis for Retaining Records Listed in Exigent Letters
and 11 Blanket NSLs

198

DIAGRAM 2.1

Calling Circle or "Community ofInterest" _

55

DIAGRAM 2.2

Comparison of NSL Approval Process with Exigent Letters

69

DIAGRAM 4.1

Timeline of Requests Made
by the Three
On-Site Communications SeIVice Providers Addressed by Three
Blanket NSLs, and Subsequent Corrective Actions

177

DIAGRAM 4.2

FBI Summary Chart of Plan to Rectify the Exigent Letters Situation

194

Xl

[pAGE LEFT INTENTIONALLY BLANK]

xii

CHAPTER ONE'
INTRODUCTION
On March 9, 2007, the Department of Justice (Department or DOJ)
Office of the Inspector General (O[G) issued its first report on the Federal
Bureau of Investigation's (FBI) use of national security letters (NSL). Issued
in response to the requirements in the USA PATRIOT Improvement and
Reauthorization Act of 2005 (Patriot Reauthorization Act), the first report
described the use and effectiveness of NSLs, including "any illegal and
improper use: in calendar years 2003 through 2005. 2
On March 13, 2008, the OIG issued its second report on NSLs, which
assessed the corrective actions the FBI and the Department had taken in
response to the OIG's first NSL report. The second report also described
NSL usage in calendar year 2006. 3
In this third report, we describe the results of our investigation of the
FBI's use of exigent letters and other informal requests, instead of NSLs or
other legal process, to obtain the production of non-content telephone
records from employees of three communications service providers
(Companies A, B, and C).4 The OIG conducted this investigation to examine
in greater detail the extent of the FBI's use of exigent letters and other
informal requests for such information. as well as to assess the
accountability of FBI employees and supervisors who were responsible for
these practices. We examined the conduct of the FBI personnel who signed

I The Office of the Inspector General (OIG) has redacted (blacked out) from the
public version of this report information that the FBI and the Intelligence Community
considered to be classified. We have provided full versions of our classified reports - a
Secret version and a Top Secret/Secure Compartmented Information (SCI) version - to the
Department of Justice, the Intelligence Community, and Congressional committees.
;2 U.S. Department of Justice Office of the Inspector General, A Review ofth£
Federal Bureau of Investigation's Use of National Security Letters (March 9, 2007) (NSL I),
available at www.usdoj.gov/oig. We refer to this report as the first NSL report, or NSL I. All
references to this report are to the unclassified version that was publicly released. We
provided a separate classified version of the report to the Department and Congress.

3 U.S. Department of Justice Office of the Inspector General, A Review ofth£ FBI's
Use of National Security Letters: Assessment of Corrective Actions and Examination of NSL
Usage in 2006 (March 13,2008) (NSL II), available at www.usdoj.gov/oig. We refer to this
report as the second NSL report, or NSL II.
4 In this report, we do not identify the specific companies because the identities of
the specific providers who were under contract with the FBI for specified services are
classified.

1

these letters or made these informal requests, their supervisors, and the
FBI's senior leadership.

I.

Findings in the OIG's Previous Reports

In our first NSL report, we described how the FBI issued at least 739
so-called "exigent letters" between March 11, 2003, and December 16, 2005.
These letters were signed by personnel in the FBI Counterterrorism
Division's (CTD) Communications Exploitation Section (CXS) who were not
authorized to sign NSLs, including two Assistant Section Chiefs, Unit Chiefs
assigned to the CXS's Communications Analysis Unit (CAU), Supervisory
Special Agents (SSA), Intelligence Analysts, and an Intelligence Operations
Specialist. We determined that the 739 exigent letters requested
information relating to approximately 3,000 telephone numbers. The
overwhelming majority of the letters requested production of telephone
records, allegedly "due to exigent circumstances," and also stated that
subpoenas requesting the information had been submitted to a U.S.
Attorney's Office for processing and would be served formally as
expeditiously as possible.
We concluded that by using exigent letters to acquire information
from three communications service providers prior to serving NSLs or other
legal process, the FBI circumvented the requirements of the Electronic
Communications Privacy Act (ECPA) NSL statute and violated the Attorney
General's Guidelines for FBI National Security Investigations and Foreign
Intelligence Collection (NSI Guidelines), and internal FBI policy. We also
found that there were factual misstatements in the letters. While almost all
exigent letters stated that subpoenas requesting the information had been
submitted to a U.S. Attorney's Office and would be served on the providers,
in fact subpoenas were not issued in many instances and in other instances
had not been requested. Moreover, we developed information that exigent
letters sometimes were used in non-exigent circumstances. We also found
that the FBI was unable to later establish that some of the exigent letter
requests were made in connection with the required open preliminary or full
investigations conducted pursuant to the Attorney General's NSI Guidelines
or that the records requested were relevant to those investigations.
In our first NSL report we also described the circumstances in which
attorneys in the FBI Office of General Counsel's (FBI OGC) National Security
Law Branch (NSLB) became aware of the exigent letters practice in late 2004
and the efforts NSLB attorneys made to limit the practice, and the fact that
the FBI did not direct that the practice stop for over two years, until after
the OIG provided its first NSL report to the FBI in February 2007.

2

While we recognized the significant challenges the FBI faced during
the period covered by our first review, we concluded that these
circumstances did not excuse the FBI's circumvention of the requirements
of the ECPA NSL statute, the inaccurate statements in the exigent letters,
and the violations of the Attorney General's NSI Guidelines and internal FBI
policy governing the use of NSLs.
In our second NSL report, we assessed the FBI's response to the
findings on the misuse of NSLs in our first NSL report. In particular, we
examined the status of the FBI's implementation of our recommendations
from our first NSL report and additional corrective actions by the FBI and
other Department components. We concluded that the FBI and the
Department had made significant progress in implementing our
recommendations and had taken other significant corrective actions in
response to the serious problems we identified in the use of NSLs. However,
we concluded that it was too early to definitively state whether the new
systems and controls developed by the FBI and the Department would
eliminate fully the problems identified with the FBI's use of NSLs.
As required by the Patriot Reauthorization Act, our second NSL report
also described the FBI's use of NSLs in 2006. We found similar misuses of
NSLs to those we identified in our first NSL report and a continuation of the
upward trend in NSL usage.
Finally, in our second NSL report we made 17 additional
recommendations designed to help the FBI further improve its oversight and
use of NSLs.
Our first and second NSL reviews were limited to the FBI's use of
NSLs and exigent letters and did not investigate other ways in which the FBI
initiated requests for records or other calling activity information from the
three communications service providers, such as bye-mail, face-to-face, or
telephone requests. Our reviews also did not investigate other ways in
which the providers' employees gave information to the FBI without legal
process, such as by providing calling activity information through what CAU
personnel and the three providers called "sneak peeks" or "~eks," or
by _
FBI personnel to calling activity information by _
"hot
numbers. "5 Similarly, our first and second NSL reviews did not investigate
ways in which the resources available from the on-site communications
5 As discussed in more detail in Chapter Three of this report, a hot number is a
the FBI to either Company A or Company C for purposes of
telephone number identified
having the providers
to identify calling activity by that
number.

3

service providers were used in connection with other FBI or Department
activities, such as FBI administrative subpoenas, applications for electronic
surveillance orders filed with the Foreign Intelligence Surveillance Court
(FISA Court), or grand jury subpoenas in media leak investigations.
Moreover, in our previous NSL reviews we did not assess the
individual accountability of the signers of the exigent letters, their
supervisors, or attorneys in the FBI OGC. In addition, we did not address
the training, guidance, supervision, or legal oversight provided to the CAD
employees who signed the exigent letters, or the role of FBI supervisors and
senior FBI management in the use of exigent letters.
In this investigation, as described in this report, we cover these and
related subjects.
II.

Methodology of the OIG Investigation

The OIG team that conducted this investigation was composed of
attorneys, special agents, program analysts, auditors, and paralegals from
the OIG's Oversight & Review, Investigations, and Audit Divisions. The OIG
team led this investigation and wrote this report. Personnel from the FBI's
Inspection Division participated with the OIG team on parts of this
investigation. 6
In this investigation, we interviewed over 100 FBI employees and
former employees, as well as employees of Company A, Company B, and
Company C, each of which co-located employees in FBI offices beginning in
2003 and continuing through late 2007. We interviewed 31 of the 32
current or former FBI employees who signed the exigent letters. We also
6 After we issued our first NSL report, we initially referred our fmdings regarding
exigent letters to the FBI for it to conduct an investigation to determine whether
disciplinary action should be taken against any FBI employees involved in the exigent
letters practice. However, after further consideration and discussion with the FBI, we
determined that the DIG should lead the investigation. As a result, the DIG determined the
scope of the investigation, the witnesses to interview, and the content of this report.
Initially, FBI Inspection Division personnel assisted us in interviews of FBI employees and
employees of the communications service providers. However, we detennined that they
should not participate in all aspects of the investigation. For example, the Inspection
Division did not participate in the review of CAU Unit Chief Bassem Youssef or his conduct.
In addition, after our first interview made clear the scope of the issue, the FBI was not
involved in further interviews relating to the leak investigations in which the FBI sought or
obtained toll billing records or other calling activity information of members of the news
media. Finally, no FBI personnel participated in the writing of this report, and this report
reflects the conclusions of the QIG only.

4

interviewed all 4 of the officials in the FBI Counterterrorism Division (CTD)
who signed a total of 11 after-the-fact "blanket" NSLs in 2006 that were
issued in an attempt to "cover" or "validate" records previously obtained in
response to exigent letters or other improper requests.
We also interviewed FBI supervisory personnel who oversaw the CTD's
CXS and one of its units, the CAU, from 2003 to the present; current and
former Deputy Assistant Directors (DAD) and Assistant Directors in the
CTD; the former Executive Assistant Director of the FBI's National Security
Branch; the FBI's Deputy General Counsel for the FBI OGC NSLB; an
Assistant General Counsel assigned to the NSLB and other NSLB attorneys;
several retired or former FBI officials; and the FBI General Counsel, Deputy
Director, and Director.
In addition, we examined thousands of FBI documents and electronic
records from FBI Headquarters and field divisions, as well as additional
documents obtained through OIG administrative subpoenas served on the
three communications service providers.
Our investigation also sought to determine whether any FBI personnel
who signed or had supervisory responsibility for those who signed the
exigent letters and made other informal requests violated any criminal laws
or engaged in administrative misconduct or improper performance of official
duties. To this end, we consulted with the Public Integrity Section of the
Department's Criminal Division for a decision on whether the evidence
warranted criminal prosecution. We provided to the prosecutor the evidence
we gathered in our investigation, including transcripts of interviews,
relevant documents, and e-mails. The Public Integrity Section declined
prosecution of any individuals relating to the exigent letters matter.
With the assistance of the Department's National Security Division we
also examined applications for pen register/trap and trace orders or
electronic surveillance orders filed with the Foreign Intelligence Surveillance
Court (FISA Court) that referred to telephone numbers listed in exigent
letters or some of the blanket NSLs signed by CTD officials in 2006. 7 We
examined these applications to determine if the supporting documents
accurately characterized the means by which the FBI had obtained the
subscriber or calling activity information it relied upon in seeking the
orders.

7 A "pen register" is a device that records the numbers that a target telephone is
dialing. A "trap and trace" device captures the telephone numbers that dial a target
telephone. See 18 U.S.C. § 3127 (2000).

5

We also served OIG administrative sUbpoenas on the three
communications service providers to obtain copies of exigent letters, NSLs,
administrative subpoenas, and other documents relevant to our
investigation.

m.

Organization of this Report

This report is divided into six chapters. Chapter Two describes in
detail the circumstances in which the FBI used exigent letters and other
informal requests to obtain telephone records from the three on-site
communications service providers. This chapter also contains our analysis
of each of these methods for obtaining telephone records and other calling
activity information.
Chapter Three contains additional findings and analysis concerning
how the use of exigent letters and other informal requests led to additional
improper practices, including the acquisition of calling ac~rmation
regarding "hot numbers" without legal process; improper _
and the
acquisition of reporters' and news organizations' telephone toll billing
records and other calling activity information; inaccurate statements to the
FISA Court about the source of subscriber and calling activity information
supporting applications for FISA Court pen register/trap and trace and
electronic surveillance orders; and the improper use of FBI administrative
subpoenas to cover records acquired from exigent letters or other informal
requests.
Chapter Four contains our findings and analysis regarding the
various corrective actions attempted by the FBI to address the use of exigent
letters, including the issuance of 11 improper blanket NSLs. This chapter
also describes steps taken by the FBI after the OIG's first NSL report was
issued in March 2007 to address the use of exigent letters and other
informal requests for telephone records. This chapter also contains our
findings on the FBI's analysis of whether it will retain telephone records it
acquired after issuing exigent letters or that were listed in the 11 blanket
NSLs.
Chapter Five examines the FBI's management failures that led to
these improper practices. It also evaluates the actions of individual FBI
employees, including the CAU personnel who signed exigent letters; the CAU
Unit Chiefs who supervised the unit; the senior CTD officials who signed 11
improper blanket NSLs; and attorneys in the FBI's Office of the General
Counsel who provided legal advice relating to the exigent letters. In
addition, this chapter examines the conduct of FBI and Department
personnel who sought or acquired reporters' telephone toll billing records or
other calling activity information without proper authority or approvals.

6

Chapter Six. contains our conclusions and recommendations.
The appendix. to the report provides examples of exigent letters signed
by CAU personnel.

7

[pAGE LEFT INTENTIONALLY BLANK]

8

CHAPTER TWO
THE FBI'S USE OF EXIGENT LETTERS AND OTHER
INFORMAL REQUESTS FOR TELEPHONE RECORDS
This chapter details the FBI's use of exigent letters and other types of
informal requests for telephone records. First, it provides background on
the FBI's initial use of exigent letters in 2002 in connection with its criminal
investigations of the September 11 hijackers, the migration of the practice to
FBI Headquarters in 2003, and the FBI's contracts with Company A,
Company B, and Company C to provide on-site support to FBI
investigations. It describes the FBI's establishment of the Communications
Analysis Unit (CAU), and the FBI's process for issuing exigent letters; the
CAU personnel who signed them; and how the requests were initiated,
drafted, approved, and documented.
This chapter also describes other practices by which CAU personnel
requested and received telephone records from the on-site communications
service providers without prior issuance of legal process or even exigent
letters. These other informal methods included e-mail requests or oral
requests. These informal requests also included what CAU personnel called
"sneak peeks/' which were requests without legal process to obtain
information about whether calling activity existed for particular telephone
numbers or subscribers, to obtain details about the calling activities, or to
view records on the on-site providers' computer screens without obtaining
the records themselves.
In addition, this chapter describes how the telephone records were
analyzed by the FBI and uploaded into FBI databases. The chapter also
describes FBI re uests for a "communi of interest" or "callin circle"

I.

The Electronic Communications Privacy Act (ECPA)

To protect the confidentiality of telephone and e-mail subscriber
information and telephone toll billing records information, the Electronic
Communications Privacy Act (ECPA) states that communications service
providers "shall not knowingly divulge a record or other information
pertaining to a subscriber or customer of such service ... to any

9

government entity!'B The ECPA contains an exception to maintaining the
confidentiality of such records by imposing a "duty to provide" responsive
records if the Director of the FBI or his designee certifies in writing that the
records sought are
relevant to an authorized investigation to protect against
international terrorism or clandestine intelligence activities,
provided that such an investigation of a United States person is
not conducted solely upon the basis of activities protected by
the first amendment to the Constitution of the United States. 9
During the period covered by our review, the ECPA and Attorney
General's Guidelines for FBI National Security Investigations and Foreign
Intelligence Collection (NSI Guidelines) authorized the use of national
security letters (NSL) only during investigations of international terrorism or
espionage upon the written request of a Special Agent in Charge or other
specially delegated senior FBI official. IO In order to open such
investigations, the FBI must satisfy certain evidentiary thresholds, which
are documented in FBI case files and approved by supervisors. If case
agents want to issue NSLs, FBI policies require a 4-step approval process.
Case agents must secure the approval of the case agent's supervisor, an
Assistant Special Agent in Charge, the field office's Chief Division Counsel,
and the Special Agent in Charge (or equivalent supervisors and attorneys at
FBI Headquarters) who signs the NSL. FBI personnel authorized to sign
NSLs are all members of the Senior Executive Service.
We concluded in our first NSL report that the CAU's use of exigent
letters circumvented the ECPA NSL statute. I I We found that neither the
ECPA, the Attorney General's NSI Guidelines, nor FBI policy authorize the

8 18 U.S.C. § 2702(a)(3) (2000). In this report we refer to entities that provide
electronic communication services to the public as "communications service providers" or
the "providers."

• 18 U.S.C. §§ 2709(a) and 2709(b)(2) (2000 & Supp. IV 2005).

to The Attorney General's NSI Guidelines were consolidated with other Attorney
General Guidelines into a new set of Attorney General Guidelines, referred to as the
Attorney General's Consolidated Guidelines, which became effective on December I, 2008.
The new guidelines now govern the FBI's criminal investigations, national security
investigations, and foreign intelligence investigations. However, these new guidelines did
not alter the requirements for NSLs issued in national security investigations, which
include investigations of international terrorism and espionage.
It

OIG, NSL I, 95-98.

10

FBI to obtain ECPA-protected records by serving this type of informal letter
prior to getting the records. with "legal process to follow."
In our first report, we noted that in limited circumstances. a separate
provision of the ECPA authorizes the FBI to obtain non-content telephone
records from communications service providers. From April 2003 through
March 2006 - the period when most of the exigent letters were issued - the
ECPA provision authorized a provider to voluntarily release toll records
information to a governmental entity if the provider "reasonably believe[dj
that an emergency involving immediate danger of death or serious physical
injury to any person justifie[d] disclosure of the information." 12 However, for
several reasons we did not agree with the FBI's after-the-fact argument that
the exigent letters could be justified under this provision. In fact, senior
CAU officials and FBI attorneys told us they did not rely at the time on the
emergency voluntary disclosure provision to authorize the exigent letters,
and we also found that the letters were sometimes used in non-emergency
circumstances. 13

n.

Background on the FBI's Use of Exigent Letters
A.

Origins of Exigent Letters In the FBI's New York Field
Division

As described in our first NSL report, the FBI initiated a criminal
investigation, referred to as PENTIBOM, immediately after the
September II, 200 I, terrorist attacks. As a part of that investigation, the
FBI arranged to have a Company A fraud detection analyst located on-site at
the FBI's New York Field Division to assist in providing and analyzing
telephone records associated with the September 11 hijackers and their
associates.

12 18 U.S.C. § 2702(c)(4) (Supp. 2002). In March 2006. the provision was amended
by the USA PATRIOT Improvement and Reauthorization Act 0[2005 (Patriot Reauthorization
Act) to allow voluntary disclosure "if the provider. in good faith. believes that an emergency
involving danger of death or serious physical injury to any person requires disclosure
without delay of information relating to the emergency. ~ USA PATRIOT Improvement and
Reauthorization Act 0[2005. Pub. L. No. 109-177, § 119(a). 120 Stat. 192 (2006).

13

OIG. NSL 1.96-97.

11

1.

The FBI's New York Field Division Contract with
Company A

The analysis of telephone records associated with the September 11
hijackers and their associates became the primary responsibility of a newly
created squad in the FBI's New York Field Division known as Domestic
Terrorism 6, or DT-6. DT-6 developed close working relationships with
several communications service providers due to the heavy volume of FBI
requests for telephone records.
In early 2002, the New York Field Division, with the approval of FBI
Headquarters, entered into a contract with Company A that provided for a
Company A fraud detection analyst to be co-located with DT-6 to respond to
the FBI's increased need for telephone records. To provide this support, the
Company A analyst accessed Company A's telephone records databases
from a computer work station installed for his use at the New York Field
Division. The Company A analyst was able to respond immediately to FBI
telephone records requests and also was available to respond to requests
after normal business hours. According to an FBI Supervisory Special
Agent (SSA) who worked in the New York Field Division, this arrangement
proved to be highly beneficial to the FBI's ability to investigate terrorist
threats and was soon used to support a wide variety of FBI counterterrorism
investigations.

2.

The New York Field Division's First Use of
Exigent Letters

At first, the FBI obtained records from the on-site Company A analyst
solely through grand jury subpoenas issued in the PENTTBOM
investigation. 14 An SSA assigned to the DT-6 squad said this process was
also facilitated by the co-location of several Assistant United States
Attorneys (AUSA) at the FBI's New York Field Division's offices. As a result,
FBI agents were able to quickly obtain grand jury subpoenas from the
co-located AUSAs to serve on the Company A analyst prior to obtaining
responsive records.
Eventually, the AUSAs left the New York Field Division's office s
and over time Com an A

14 Since the PENTTBOM investigation was a criminal investigation, grand jury
subpoenas were appropriate legal process by which to obtain non-content records from a
communications service provider.

12