Review of the Fbi Use of Exigent Letters and Other Requests for Phone Records 2010 Partg
Download original document:
This text is machine-read, and may contain errors. Check the original document to verify accuracy.
"should not be followed with a subpoena or other compulsory process.# The memorandum also stated that letters requesting emergency voluntary disclosures must be approved by Assistant Special Agents in Charge, Special Agents in Charge, or higher authority, 193 NSLB Deputy General Counsel Julie Thomas was among the approving officials on the memorandum. We found that during the period when FBI OGC attorneys were developing this guidance they did not consider or discuss how the emergency voluntary disclosure statute related to the use of exigent letters Indeed, the Assistant General Counsel acknowledged to the OIG and her supervisors that the NSLB had not relied on the emergency voluntary disclosure statute as authority for issuance of exigent letters. In an interview on July 20, 2006, OIG investigators asked the Assistant General Counsel about the legal basis for approving exigent letters. She stated that none of the NSL statutes "specifically addressed emergency situations.# However, she said she believed that there was "an exception in national security circumstances where we think it's absolutely necessary.# She said the FBI had "tried to reconcile the literal interpretation [of the NSL statutes] with the other policy considerations" that the FBI needs to deal with when "lots of lives are at stake." The Assistant General Counsel said that in making this judgment the FBI took into account its policy mandate, its mission, and the emergency voluntary disclosure statute. However, she said that she was "not pretending ... in retrospect" that the FBI had relied on the emergency voluntary disclosure statute at the time to support the use of exigent letters. 194 FBI General Counsel Caproni told us that she was unaware of the FBI's use of exigent letters or that the FBI had obtained records before issuing legal process until the GIG brought the issue to her attention in late 193 Office of the General Counsel, Federal Bureau of Investigation, electronic communication to all Divisions, Emergency Disclosure Provision and Information From Service Providers Under 18 U.S.C. § 2702(b), August 25, 2005. 194 We found that the Assistant General Counsel advised Thomas in an e-mail on July 20, 2006, following an OIG intelView in this matter, "[ajrguably, the CAU disclosures fall under 2702 disclosures, although we have never tried to fit them under that ... and maybe we should, and that would solve the problem." She also told us in September 2007 that the emergency voluntary disclosure statute was not considered in regard to the CAU's activities, stating, "it never carne up and it is kind of curious why it did not," and that "in retrospect, we probably should have [considered 18 U.S.C. § 2702(c)(4)I, but I guess we did not see the need for it at the time." 156 2006. She added that, "[s]o, certainly at the time, no, we had no discussions that these [exigent letter requests] - would qualify under that provision of the ECPA."195 As noted above, NSLB Deputy General Counsel Thomas told us in August 2008 that she believed at the time she signed after-the-fact NSLs in 2005 that the CAU's requests to the providers were likely emergency requests that fell within 18 U.S.C. § 2702. However, she qualified her statement, noting that in light of the many interviews and conversations she had had on the subject she could not separate what she knew at the time of her interview from what she knew in 2005. In light of the Assistant General Counsel's and Caproni's recollections to the contrary and the contemporaneous documentary evidence corroborating their statements, we concluded that that the NSLB did not rely on 18 U.S.C. § 2702's emergency voluntary disclosure provision during the period the CAU issued exigent letters. In Chapter Five of this report, we describe further the management failures that led to the continued use of exigent letters until mid-November 2006, including the FBI OGC's failure to instruct CAU personnel, in coordination with CTD management, to use the ECPA emergency voluntary disclosure statute rather than exigent letters in qualifying emergencies. H. The September 26, 2005, Meeting Although the number of exigent letters issued by the CAU declined after April 2005, the backlog of old requests requiring legal process persisted. We found that NSLB attorneys did not recognize or focus on the existence of the backlog of requests requiring legal process. Rather, the NSLB continued to focus on the umbrella file proposal in order to ensure that future emergency requests for records were quickly followed by NSLs. In late September 2005, the Assistant General Counsel suggested a meeting with Youssef and personnel from CTD operational units to discuss her umbrella file proposal. She said her purpose for proposing the meeting was to have the operational units agree to open the umbrella files, which in 195 Caproni also told us that although she was not aware of the CAU's use of exigent letters, she believed that if they were used in true emergencies they were defensible under 18 U.S.C. § 2702(c)(4). 157 her view could serve as the open national security investigations for emergency requests from which after-the-fact NSLs could be issued. 196 The meeting took place on September 26, 2005. The Assistant General Counsel, her immediate supervisor, Youssef, and personnel from CTO operational units attended. The Assistant General Counsel told us, and her contemporaneous e-mails reflect, that although the purpose of the meeting was to discuss the umbrella file proposal. Youssef told her at the meeting that umbrella files were not needed because the CAU did not have many emergency situations in which requests were made without open national security investigations. 197 The Assistant General Counsel told us that Youssef came to the meeting with a "different agenda." which was to discuss that the CAU needed the operational units to respond to the CAU's requests for NSLs. She said that Youssef stated at the meeting that the CAU needed the CTO operational units "to understand that they need to issue these NSLs promptly when they are asked." Youssef acknowledged to us that he had told the Assistant General Counsel at the meeting that emergencies were "few and far between" and that umbrella files were not needed. Youssef told us, however, that in this comment to the Assistant General Counsel he was addressing only instances in which there was "absolutely no predication, no case open, nothing." He estimated that CAU personnel requested records for such emergencies only 10 or 12 times over a period of "several months." but said he could not tell us for sure how often such emergencies occurred. Youssef told us that at the meeting he emphasized that the CAU was attempting to address the "significant backlog" of legal process owed to the on-site providers. He said he explained that the CAU was not obtaining the legal process from the operational units and that "this is going to kill us." Youssef told us that he did not mention at the meeting how many requests for legal process were outstanding. 198 He also said that at the time of the 196 Youssef told us that several months earlier he had discussed with the Assistant General Counsel that he would like to have NSLB attend a meeting with him and the CTD operational units'leadership. 197 In an e-mail to Youssef dated October 21, 2005, the Assistant General Counsel wrote that Youssef had stated at the meeting that emergency requests were "few and far between" and that umbrella files were no longer needed.. 198 None of the other attendees from Headquarters' operational units recalled that backlogs were discussed at the meeting. Additionally, the Assistant General Counsel's contemporaneous e-mail summarizing the meeting made no reference to any discussion of the backlog problem. 158 meeting he was aware only that Company B had outstanding record requests that were not covered by legal process. Youssef said that at the meeting the operational units agreed to issue NSLs prior to future requests for telephone records, except for "extreme cases where it is an emergency." He also said that an agreement was reached that the CTD operational units would provide the NSLs upon request from CAU personnel. In fact, beginning in November 2005, the number of exigent letters issued by the CAU to the on-site providers decreased significantly. The Assistant General Counsel e-mailed Youssef on October 21,2005, to confirm Youssers statement in the meeting that "there no longer seemed to be a need to create umbrella files, as we had previously discussed." We found that the umbrella file proposal was not pursued after this. I. The CAU Efforts to Reduce the Backlog Beginning shortly before and continuing after the September 26, 2005, meeting, Youssef and CAU personnel made various additional efforts to obtain after-the-fact legal process for the backlogged record requests. On October 5, 2005, Youssef convened an "all-hands" CAU meeting in which he encouraged CAU personnel to ensure that all outstanding requests for records from the three on-site communications service providers were covered by legal process. Contemporaneous e-mails also show that on September 6, 2005, and October 26, 2005, Company B and Company C sent to CAU personnel spreadsheets listing the record requests that still required legal process. In subsequent e-mails to CAU personnel, Youssef assigned these telephone numbers to the pertinent CAU teams and instructed the team leaders to contact the relevant FBI field divisions and the CTD operational units to address the backlog of after-the-fact NSLs. He referred to this task as "a priority matter." The Assistant General Counsel told us that after the September 2005 meeting she followed up with Youssef in e-mails and telephone conversations to see what the NSLB could do to assist Youssef and the CAU in ensuring that the operational units provided the necessary NSLs. She also asked what instructions he would like the FBI OGC to give the CTD operational units and the field on that subject. She said that Youssef did not respond in writing to her e-mail message, but later spoke with her and 159 said that there were "no problems" and that he would let the NSLB know if they needed help.'•• On January 5, 2006, the Company B on-site employee again sent an e-mail to Youssef and CAU team leaders with a spreadsheet of telephone numbers for which Company B still had not received legal process. The Company B employee stated in the e-mail that since he had sent the previous spreadsheet in September 2005, he had only received "one to two NSLs" and that the spreadsheet contained "a few additional cases." On February 7, 2006, the Assistant General Counsel sent an e-mail to Youssef, with the subject line "Issuance of NSLs - Follow up," in which she inquired about the status of the CAU's issuance of NSLs. She wrote: The last we talked, in November, 2005, we understood that there was going to be an effort by [CTD operational units] to get these NSLs out and that you would be requesting these NSLs in advance of getting the information when you were not given enough information to go on .... We haven't heard from you in awhile and I wanted to make sure that there was nothing that needed to be done on our part to assure that these NSLs were being issued in a timely manner and they were being issued based on enough information to assure relevance to an authorized investigation. On February 10, 2006, Youssef responded bye-mail: We are actually making some reasonable headway in getting the NSLs. Our telecom reps are very happy with the results. If we run into any resistance, 111 definitely reach out to you for assistance and backing. Youssef told us that when he informed the Assistant General COllilsel that NSLs were being issued in a timely fashion, he was referring not to after-the-fact NSLs covering the backlogged record requests, but rather to after-tbe-fact NSLs issued to cover new exigent letters being used by CAU personnel. 199 The Assistant General Counsel also sent an e-mail message to Youssef on November 18, 2005, in which she wrote, "/w]e haven't seemed to be able to get in touch" and asked whether the CAD was obtaining the information it needed from requesters of "emergency telephone information" to ensure predication for the issuance of NSLs. 160 Youssef also told us that he did not then inform the Assistant General Counsel of the problems the CAU was facing regarding the backlogged record requests because he knew the process of obtaining after-the-fact NSLs for backlogged numbers would "take some time," and he wanted to "give it another two or three months." However, CAU personnel told us that the CAU had little success in obtaining after-the-fact legal process for the backlogged items. Youssef also told us that the CAU's work to address the backlog from September 2005 to May 2006 ultimately was "an exercise in futility." CAU SSAs told us that the original requesters were not motivated to provide after-the-fact legal process after they had received the records from the CAU. In addition, one SSA noted that occasionally cases were closed between the time the exigent letter was served and the requesting unit was contacted for an after-the-fact NSL. To determine how successful the CAU was in obtaining legal process, we reviewed spreadsheets that Company B and Company C gave to CAU personnel at various times during this period. In January 2005, September 2005, January 2006, and May 2006, the on-site Company B employee provided information and spreadsheets to CAU personnel regarding telephone records requests for which Company B still had not received legal process. 200 Based on our review of that material, we determined that the CAU obtained after-the-fact legal process for only approximately 25 percent of the requests that were pending from January 2005 to September 2005, and for approximately 30 percent of the requests for process that were pending from September 2005 through April 2006. The Company B employee's spreadsheets also showed that the number of telephone numbers that had been _ and that required after-the-fact legal process declined considerably between September 2005 and April 2006. ' The spreadsheets prepared by the on-site Company C employee also showed that the CAU had similar rates of obtaining after-the-fact legal process for requests previously made to Company C, and also illustrated a decrease over time in the number of telephone record requests requiring after-the-fact legal process. 200 Company A did not provide similar information to the CAU, and we were therefore unable to determine how many telephone numbers Company A had _ without legal process or how often CAU personnel were able to obtain after-the-fact legal process for its previous record requests to Company A from 2003 to mid-2006. 161 We also determined that ITOS-I management learned sometime in 2006 that the CAU needed NSLs to cover the information previously given to the FBI by the on-site providers. Michael Heimbach, an Assistant Section Chief for ITOS-I from February 2003 to March 2004 and a Section Chief for ITOS-I from March 2005 to January 2007, told us that he first became aware of a backlog of NSLs in the latter part of 2006. He said he learned at that time that the CAU needed ITOS to issue NSLs for over 100 telephone numbers. Heimbach told us that he assigned personnel in ITOS "to figure this out ... we got to get it right. We have to fix whatever is wrong." We found that between February and May 2006, a CAU SSA informed an ITOS-I Assistant Section Chief that there was a backlog of NSLs which ITOS-I "owed" for records acquired in exigent circumstances. When the Assistant Section Chief briefed Heimbach, Heimbach assigned her to oversee the response of ITOS-I to the issue of the CAU's backlog. She told us that she convened two meetings with her Unit Chiefs and a CAU SSA who had the list of telephone numbers that required NSLs, and she instructed the Unit Chiefs to work with the pertinent field divisions to ensure that NSLs were issued. However, as described below, the backlog was addressed in another manner beginning in May 2006 when the CAU SSA drafted and CTD Deputy Assistant Director (DAD) Billy signed a blanket NSL to cover the outstanding Company B record requests. J. OIG Analysis of FBI Attempts at Corrective Actions From 2003 through October 2006 In sum, as described above and further discussed in Chapter Five of this report, we found that the FBI repeatedly failed to take steps to ensure that the CAU complied with the ECPA when obtaining subscriber and toll billing records information from the on-site communications service providers. When Glenn Rogers became CAU Unit Chief in 2003, he learned about and used an exigent letter provided by the Company A analyst. He said he relied on the Company A analyst's representation that the letter had been approved by FBI and Company A attorneys. However, Rogers did not seek any guidance about the use of these letters or confirm with FBI OGC attorneys that they were appropriate. Also, we believe Rogers failed to take appropriate steps to ensure that timely legal process was obtained as promised after exigent letter requests were made. This failure resulted in the development of a significant backlog of records requests for which there was no legal process. From the beginning of his tenure as CAU Unit Chief in 2003 until just prior to his promotion to CTD Assistant Section Chief in November 2004, Rogers also failed to develop or implement any system for tracking FBI requests for records or other information from the on-site providers. 162 We concluded that after Bassem Youssef became the CAU Unit Chief in November 2004, he took some steps to address the backlog of requests for legal process from the on-site providers relating to exigent letters. However, Youssef terminated the CAU's Tracker Database in February 2005 after complaints from CAU staff that the system was "cumbersome." Youssef said that at the time he terminated use of the database, he did not know that the CAU was obtaining records prior to service of legal process. However, even after the time he acknowledged learning about the Company B backlog he did not implement a process to maintain an accurate record at· the time they were made of the nature, number, and origin of the requests to the on-site providers whether communicated by exigent letter, by telephone, bye-mail, on pieces of paper, or through sneak peeks. The failure to maintain such records was an internal control problem that greatly complicated the FBI's later efforts to determine whether it had a basis to retain the records. In addition, contrary to his suggestion, Youssef was not the first FBI official to raise the issue of exigent letters to NSLB attorneys. We found that NSLB attorneys, including Thomas, learned about the exigent letters practice in December 2004. Further, we found that when Youssef first spoke with the Assistant General Counsel on March 11,2005, about streamlining the NSL process, the Assistant General Counsel already was aware that the CAU was obtaining records pursuant to exigent letters prior to service of legal process. In fact, Youssef told us that he did not learn that exigent letters were used by the CAU to obtain records from the on-site providers, or that there was a significant backlog of promised legal process, until some time after this meeting. 201 We concluded that several factors contributed to the FBI's failure to timely and effectively address the use of exigent letters. First, CAU Unit Chief Rogers and his CTD supervisors approved the use of exigent letters without first consulting FBI attorneys. 201 Mter reviewing a draft of this report, Youssefs attorney stated that at the March 11,2005, meeting, Youssef was the fIrst to tell the Assistant General Counsel that the CAU's receipt of records without legal process was wrong but that the Assistant General Counsel did not provide him with any guidance or instruction to address the problem. As we describe in this chapter, however, the Assistant General Counsel was already aware of and concerned about the exigent letter problem before she met with Youssef, had already made suggestions to her supervisors about the need for opening preliminary investigations to support issuance of NSLs, and after the March 11 meeting provided guidance and instruction to Youssef as she learned more about the exigent letter practice and attempted to address it. 163 Second, the CAU failed to maintain an accurate record at the time they were made of the nature, number, and origin of the requests to the on-site providers whether communicated by exigent letter, by telephone, by e-mail, on pieces of paper, or through sneak peeks. Third, the CAU received a steady stream of requests, often in major threat situations, from senior headquarters officials and field personnel, who expected - and came to rely upon - prompt responses. As a result, using exigent letters and other informal requests, the CAU quickly developed a backlog of record requests for which it had obtained records but not provided the promised legal process. Fourth, all three on-site providers accepted exigent letters and other informal requests as a basis for providing subscriber and toll billing records information, and other calling activity information covered by the ECPA. Fifth, we found that senior CTD managers assumed that its operational units were acquiring information from the on-site communications service providers through the CAU by lawful means. It was not until early 2006 that a CTD ITOS Assistant Section Chief learned about the backlog of promised legal process from the CAU and directed her Unit Chiefs to address the problem by obtaining the approval ECs and after-the-fact NSLs from the pertinent field divisions. Sixth, we determined that when NSLB attorneys learned about the CAU's acquisition of records without legal process, induding the use of exigent letters, they did not stop the practice or at a minimum ensure that CAU personnel were trained on the methods by which the FBI is authorized to obtain telephone toll billing records and subscriber information in various types of investigations. Instead, the attorneys themselves became involved in issuing after-the-fact NSLs to cover records previously obtained through the use of exigent letters. Further, while the NSLB made resources available to the CAU regarding the use of NSLs, NSLB attorneys did not believe that they could assist the CAD until umbrella files (preliminary investigations from which the NSLs could be issued) were implemented. However, the initiative to create umbrella files languished for nearly 9 months and ultimately was rejected, and the designated NSLB attorneys did not receive requests for assistance from the CAD. Although NSLB attorneys were aware that the CAU was still obtaining records without legal process, they failed to terminate the exigent letters practice. Rather, the NSLB allowed the CAU's use of exigent letters in what they believed were emergency situations, and focused on the umbrella file proposal as a way to link telephone numbers listed in exigent letters and after-the-fact legal processes to open national security investigations. 164 Seventh, the NSLB provided advice to the CAU about the use of the exigent letters that was inconsistent with the ECPA NSL statute. In April 2005, the Assistant General Counsel sent an e-mail to Youssef in which she advised that exigent letters should be used by the CAU "only if it is clear ... that the requester cannot await an NSL." This advice was inaccurate because the ECPA does not authorize the FBI to obtain toll billing records from communications service providers unless it first serves compulsory legal process such as an NSL or the provider makes a voluntary production pursuant to Section 2702's emergency disclosure provision. Even if the letter were interpreted as seeking voluntary production, the advice that the letter could be used "when there really are exigent circumstances ... only if it is clear... that the requester cannot await an NSL" would allow use in circumstances that did not meet Section 2702's standard. The NSLB's erroneous advice was forwarded by Youssef to all CAU personnel. Neither the Assistant General Counsel's immediate supervisor nor NSLB Deputy General Counsel Thomas - who were both informed that Youssef was circulating the e-mail containing her advice to the entire unit - corrected this inaccurate advice. K. FBI Issues 11 Improper Blanket NSLs in May to October 2006 This section of our report describes the FBI's ineffective attempts at corrective action from May through October 2006. regarding the exigent letter practice and the backlog of record requests for which the FBI had not yet served legal process. During this period, the NSLB reaffirmed its flawed approval of the use exigent letters with the promise of future legal process. In addition, the FBI issued 11 improper blanket NSLs prepared by CAU personnel and signed by senior CTD officials to "cover" the records it had previously received through exigent letters and other informal requests. 1. Youssef Proposes Policy and Procedures for Service of NSLs On May 10, 2006, Youssef e-mailed the CAU's draft of a guidance EC containing proposed procedures for the CAU's use in obtaining records from the on-site communications service providers to an FBI OGC attorney for review. The draft guidance stated that in exigent circumstances the CAU could obtain records from the on-site providers using exigent letters and then issue after-the-fact NSLs. The draft stated specifically that the CAU would issue exigent letters "in crisis situations where there is a specific 165 threat to the United States or its allies, both domestically or overseas, and loss of life and property are imminent. "202 On May 18, 2006, Youssef forwarded the draft EC to NSLB Deputy General Counsel Thomas. On May 19, 2006, the Assistant General Counsel reviewed the draft EC and recommended minor changes. These changes were incorporated into a draft EC dated May 19,2006, but this draft was never finalized or distributed. However, in May 2006 this OIG review became known within the FBI, and the number of exigent letters issued dropped significantly thereafter. 2. NSLB Revises Model for Exigent Letters but Approves Their Continued Use On May 19, 2006, in connection with her review of the draft EC, the Assistant General Counsel asked a CAU SSA to send her copies of the exigent letters that were being issued by the CAU. The SSA sent copies of exigent letters, one for each provider, to the Assistant General Counsel that day by e-mail. 203 This was the first time she or any attorneys in the FBI OGC had reviewed the text of an exigent letter. On May 26, 2006, the Assistant General Counsel responded to the CAU SSA by sending him revised model exigent letters, stating the new letters should be used "[p]ronto." She revised the exigent letters to state that NSLs, rather than grand jury subpoenas, would be forthcoming. The SSA e-mailed the revised exigent letters to all CAU personnel. The Assistant 202 Mter reviewing a draft of this report, Youssefs attorney stated that this draft guidance set forth the "proper definition of 'exigent circumstances m and, if adopted, would have brought the exigent letter practice into compliance with the law. We found that the draft guidance's reference to imminent loss of life was much closer to the standard set forth in Section 2702(c)(4)'s emergency voluntary disclosure provision than the Assistant General Counsel's earlier guidance and we believe it likely would have resulted in a further decrease in the use of exigent letters if adopted. However, the draft also described procedures that would have continued the flawed practice of promising compulsory legal process to obtain the records through exigent letters. 203 In the May 19,2006, e-mail from the Assistant General Counsel to the SSA, which copied Youssef, the Assistant General Counsel stated that she was not sure that she had ever seen an exigent letter and asked to see one. Later that day the SSA forwarded to her copies of exigent letters, one for each of the three on-site providers, again copying Youssef. The SSA who sent the letters to the Assistant General Counsel told us that he could not recall whether he e-mailed the letters in response to her request or at Youssefs direction. Youssef asserted to us that he had asked a CAU SSA to send an exigent letter to the Assistant General Counsel for review in April or May 2006. The e-mail from the CAU SSA to the Assistant General Counsel did not indicate that Youssef or anyone else in the CAU was concerned about its contents. 166 General Counsel told us that her intent was to make sure that if the CAU was "going to use exigent letters at all, this [the revised letter] is the document [they] need to use."204 On June 15,2006, the Assistant General Counsel forwarded a copy of the revised exigent letter to Thomas, her immediate supervisor and other FBI OGC attorneys, and she informed them that she had drafted similar exigent letters for each of the on-site providers. The e-mail stated that she had changed the letter that the CAU had been using, which referred to a grand jury subpoena and not an NSL. Thomas did not object to the revised exigent letter. She told us that she did not recall receiving the e-mail and that she had no recollection of the e-mail. 3. Three Blanket NSLs (May, July, and September 2006) On May 17, 2006, the OIG interviewed the Assistant General Counsel in connection with our first NSL review. During the interview, she told us about the CAU's use of exigent letters. This was the first time we questioned her, or anyone else in the FBI, about exigent letters. Following the interview that same day, the Assistant General Counsel sent an e-mail to Youssef with copies to other CTD and NSLB personnel. The e-mail stated that the Assistant General Counsel had discussed with the OIG the difficulty that the CAU had experienced in obtaining prompt issuance of NSLs to the on-site communications service providers after receipt of records. She wrote that she had represented to the OIG, "as you have represented to me, that the problem appears to be resolved" and that the operational units were issuing the NSLs. Youssef acknowledged receipt of the e-mail the following day, May 18, writing, "thank you for volunteering our names." He added in the e-mail that he was only kidding and that "an [OIG] interview would be welcome at any time." 204 Like the original exigent letter, the revised model exigent letter promised future legal process, which we concluded circumvented the ECPA's requirements that either (1) the FBI issue legal process in advance of obtaining records, or (2) the provider produce records voluntarily in circumstances satisfying Section 2702's emergency voluntary disclosure provision. 167 On May 18, shortly after Youssef sent his response to the Assistant General Counsel's e-mail regarding her interview with the DIG, a CAU SSA asked the on-site Company B and Company C employees to send him lists of records requests for which legal process had not been provided. Both providers responded that day with lists of records requests for which they had not received legal process. Youssef told us that because the Assistant General Counsel had informed him about the DIG investigation, he may have asked about the efforts to address the backlog and that may have prompted the May 18, 2006, e-mails from the Company B and Company C on-site employees attaching the lists of telephone numbers. As described below, the telephone numbers the providers identified were subsequently incorporated into blanket NSLs the FBI issued to Company B and Company C to "cover" or "validate" _ or records provided to the CAU for which the providers had not received NSLs or other legal process. Additionally, in July and September 2006, Company A provided to the CAU lists of record requests that still required legal process, and in September 2006 the FBI issued another blanket NSL to Company A to cover its outstanding requests for legal process. However, as summarized in Table 4.1 and detailed more fully in the following sections, these three blanket NSLs issued to the on-site communications service providers were deficient. The ECPA does not authorize the FBI to issue retroactive legal process for ECPA-protected records. Moreover, using blanket NSLs to "cover" the previously obtained records would not cure any prior violations of the ECPA that occurred when the FBI sought and received records without prior legal process and in the absence of a qualifying emergency. In addition, all three of these blanket NSLs were used to cover many telephone numbers not relevant to national security investigations (which include counterterrorism and espionage investigations), did not contain the required certifications regarding non-disclosure, and did not state that they related to records that had already been provided to the FBI. 168 TABLE 4.1 Three Blanket NSLs Issued by the CTD in 2006 U ril I g- o 1 NSL Date 05/12/06 Recipient Company B Signer DAD Billy 192 48 2 07/05/06 Company C A/DAD Heimbach 35 7 3 09/21/06 Company A A/DAD Love 700 120 (approx.) a. Z Company B May 12 NSL The first blanket NSL that addressed the backlog of records requests, dated May 12, 2006, was issued to Company B around May 23,2006. 205 It was signed by Joseph Billy, Jr., then a CTD Deputy Assistant Director (DAD).206 The blanket NSL contained as an attachment the list supplied by the on-site Company B employee on May 18, 2006, of 192 telephone numbers. The on-site Company B employee told us that those were all the telephone numbers for which Company B needed legal process at that time. The list included numbers that CAU personnel had asked Company B to during the period September 2004 to April ~suant to exigent _ letters (some of which had been provided after t h e _ . The CAU SSA who drafted the Company B May 12 NSL said that it was his idea to create the blanket NSL. He said the on-site communications service providers' employees were complaining to him and others on his team that they were owed NSLs for a lot of numbers they had previously _ at the FBI's request. The SSA told us that his idea was to draft 205 We refer to this NSL as the Company B May 12 NSL which was the date on the NSL, even though it was not signed until after May 23,2006. 206 Billy became the Assistant Director of the CTD on October 15,2006, and remained in that position unW his retirement from the FBI in March 2008. 169 one NSL for then-DAD Billy's signature. The SSA told us that he discussed his idea with Youssef and that Youssef agreed with the proposal. The SSA also stated that when Youssef agreed with the concept, he appeared "quite giddy about getting the books cleared up.' Youssef also said to us that this SSA proposed to him the idea of the Company B May 12 NSL. Youssef stated that the SSA told him he had discussed the issue of obtaining individual after-the-fact NSLs with the CTD operational unit and had been told that it would "take forever" to get the NSLs. Youssef added that the SSA told him that if all the telephone numbers were put in one NSL. Billy would sign it. Youssef said to us that at first he resisted the idea because he did not want to create a precedent of having the CAU draft NSLs, since that was the operational unit's job. However, he said that the SSA suggested that they draft the NSL "to be cooperative," and therefore Youssef agreed. Youssef also stated that within a few weeks or maybe a month or two from that conversation the SSA informed Youssef that the NSL had been signed. The SSA told us that he used as a model for the blanket NSL, a copy of an NSL provided by a CAU Intelligence Analyst on his team. He said the process of drafting the NSL and getting it signed took about 2 weeks. The SSA later learned that the NSL that he used as a model was outdated and did not contain the certification required by the USA PATRIOT Improvement and Reauthorization Act of 2005 (Patriot Reauthorization Act) concerning imposition of non-disclosure and confidentiality requirements on NSL recipients. 207 The Company 8 May 12 NSL also was not accompanied by any approval EC. An approval EC is the document routinely generated by FBI agents seeking approval to issue NSLs. FBI policy requires approval ECs to describe the underlying national security investigation to which the NSL relates and, in the case of NSLs seeking telephone records, the relevance of the telephone number to that investigation. The SSA told us that he did not prepare or ask others to prepare an approval EC for the Company B May 12 NSL because he did not think it was necessary. Youssef also told us that 207 Section 116 of the USA PATRIOT Improvement and Reauthorization Act of2005, Pub. L. No. 109-177, 120 Stat. 192 (2006) states that if the FBI seeks to impose non-disclosure and confidentiality obligations on NSL recipients, the FBI Director or his designee must certify that disclosure of the FBI's demand for information might result in danger to the national security of the United States; interference with criminal, counterterrorism, or counterintelligence investigations; interference with diplomatic relations; or danger to the life or physical safety of any person. 170 when the NSL was drafted he was unaware that an approval EC was necessary. The CAU SSA who drafted the Company B May 12 NSL told us he did not discuss it with any FBI aGC attorney. He said he also did not know there was an NSLB attorney who would draft an NSL for him. Neither Youssef, who was aware of the NSLB's outstanding offer of assistance, nor anyone else in the CAU or CTD notified the FBI aGC about the blanket NSL. Billy acknowledged to us that his signature appeared on the Company B May 12 NSL. However, he said he did not recall signing the NSL, did not know the SSA who prepared the document, and did not recall ever meeting him. Billy stated that over the course of his FBI career he had signed hundreds of NSLs. He also said that his normal practice was to rely on an approval EC to adequately describe the predication for the requested records. In response to our questioning, Billy said he did not rule out the possibility that over the course of his FBI career he had signed an NSL without an approval EC, but he stated that such a case would be an exception and that he believed he would have received sufficient facts to ensure that the NSL was properly predicated. Billy also said that he knew that NSLs were authorized only in instances in which there was an open preliminary or full national security investigation and that the requested records had to relate to that open investigation. We found several defects with this NSL. First, this NSL was served after-the-fact. As noted previously, there is no provision in the ECPA authorizing the issuance of retroactive legal process. Second, this NSL was defective under the ECPA because 39 of the 192 telephone numbers included in the Company B May 12 NSL were relevant to FBI domestic terrorism investigations, and 5 related to FBI criminal investigations. However, the ECPA and the Attorney General's NSI Guidelines authorize the use of NSLs only in international terrorism or espionage investigations. Therefore, the use of this NSL to cover previously obtained records for telephone numbers relevant to domestic terrorism and criminal investigations violated the ECPA NSL statute, the Attorney General's NSI Guidelines, and FBI policy. Third, the NSL did not contain the certification required by the Patriot Reauthorization Act and the ECPA for NSLs imposing non-disclosure and confidentiality obligations on the recipient. Fourth, this NSL also failed to comply with FBI policy requiring that it be accompanied by an approval EC establishing the predication for the request and the relevance of the telephone records sought to an authorized 171 national security investigation. The FBI also relies on approval ECs to generate required reports to Congress on NSL usage. Finally, the NSL did not disclose that the FBI had previously asked Company B to _ these records or that Company B had done so and had provided responsive records. b. Company C July 5 NSL A second blanket NSL, dated July 5, 2006, was issued by the CTD to Company C.20' This NSL was prepared by the same CAU SSA who prepared the Company B May 12 NSL. As described above, on May 18, 2006, the Company C employee sent to a CAU SSA a list of telephone numbers for which Company Chad previously delivered records to the FBI without legal process. This list contained 70 unique telephone numbers. The SSA who drafted the Company C July 5 NSL requested that the Company C employee omit from this list telephone numbers related to any criminal investigations. In response, the Company C employee gave the SSA an amended list on July 5, 2006. that excluded telephone numbers associated with criminal and counterintelligence investigations. The amended list consisted of 35 telephone numbers for which CAU personnel had asked Company C to provide records from September 2004 to April 2006. The SSA attached the amended list to the Company C July 5 NSL. Michael Heimbach, then a Section Chief for the ITOS-I of the CTD, signed the July 5 blanket NSL. At the time he was temporarily assigned as an Acting Deputy Assistant Director (Acting DAD) of the CTD.209 Heimbach signed the NSL as Acting DAD. At the time Heimbach signed this NSL, the FBI had not issued guidance on whether FBI personnel selVing as Acting DADs were authorized to sign NSLs. The FBI aGC later issued guidance on June 1, 2007. stating that Acting Deputy Assistant Directors are not authorized to sign NSLs.210 However. on January 16. 2009, the Department's Office of Legal Counsel (OLC), in response to a request for a legal opinion by the FBI General Counsel Caproni, opined that Acting DADs 208 We refer to this as the Company C July 5 NSL. 209 In January 2007, Heimbach became a SAC in the FBI's Washington Field Office. Since April 2008 Heimbach has been the CTD Assistant Director. 210 Because the FBI did not formalize this guidance until June 2007, the FBI Office of Professional Responsibility (FBI OPR) decided to take no disciplinary action against any Acting Deputy Assistant Director who signed NSLs without authorization. 172 (and certain other acting officials) are authorized to sign NSLs under three of the NSL statutes, including the ECPA NSL statute, 18 U.S.C. § 2709. Caproni notified the OIG in March 2009 that the FBI is revising its June I, 2007, guidance in light of the Ole opinion. On July 5, 2006, the SSA who prepared the NSL sent an e-mail to the Company C employee stating, "I have the signed NSL cleaning up all the past #'s requested for Company C." Youssef, who was copied on the e-mail, responded to the SSA, "this is good." On July 7, 2006, the Company C employee acknowledged receiving the NSL in an e-mail that he sent to the SSA and Youssef. Youssef told us that he did not recall knowing at the time that the SSA drafted the July 5 Company C NSL, but that it did not surprise him. Youssef said he had discussed other blanket NSLs with the SSA for two major operations. He also stated that he could not recall what was in his mind when he wrote in his July 5, 2006, e-mail to the SSA, "[t]his is good," in response to being informed that the Company C July 5 NSL had been signed. Heimbach told us that he signed the NSL but could not recall how the NSL came to him, who brought it to him, and to whom he returned it. Heimbach said that an NSLB attorney, whose name he could not recall, had assured him that he was authorized to sign the NSL as an Acting DAD. However, he stated that he did recall contacting any NSLB attorney prior to signing the NSL to ensure that he was authorized to sign as an Acting CTD DAD.211 Heimbach told us that he learned sometime after he signed the Company C July 5 NSL that he was not authorized to sign NSLs as an Acting DAD.2l2 The SSA also told us that sometime after Heimbach signed the NSL, Heimbach mentioned at a section meeting that he had learned that he was not authorized to sign NSLs and advised CXS personnel that NSLs should not be brought to him for signature. The Company C July 5 NSL was not accompanied by an approval EC. Heimbach told us his practice was that he would not sign an NSL without an accompanying EC establishing and documenting the predication for the 211 The SSA who prepared the NSL told us that he asked Heimbach to sign the NSL and that Heimbach immediately signed it with no discussion. 212 An NSLB attorney told us that she believes that in early August 2006 Heimbach asked her whether another CTD Acting DAD, Arthur Cummings, II, was authorized to sign NSLs. This attorney said she told Heimbach that Acting DADs were not authorized to sign NSLs. 173 NSL and the relevance of the telephone numbers to an open national security investigation. Heimbach said that he assumed he was told when he signed this NSL that the approval EC was being prepared or had already been prepared. As was the case with the Company B May 12 NSL, no CAU or CTD personnel sought legal guidance from any FBI aGC attorney regarding the content of the Company C July 5 NSL. We found several defects with this NSL. First, as was the case with the Company B May 12 NSL, the NSL was served after-the-fact, which is not authorized by the ECPA. Second, the NSL included seven telephone numbers relevant to domestic terrorism investigations for which NSLs are not an authorized technique under the ECPA NSL statute or the Attorney General's NSI Guidelines. Third, although the NSL imposed a non-disclosure and confidentiality obligation on Company C. the NSL did not contain the certification required by the Patriot Reauthorization Act and the ECPA for such NSLs. Fourth, the NSL was not accompanied by the required approval EC establishing the predication for the request and the relevance of the records sought to an authorized national security investigation. Finally, the NSL did not disclose that the FBI had previously asked Company C to _ these records or that Company C had already done so and had provided responsive records. c. Company A September 21 NSL The third blanket NSL, dated September 21, 2006, was issued to Company A.213 It was prepared by the CAU's Primary Relief Supervisor. 214 The NSL listed 700 telephone numbers that CAU personnel had asked Company A to _ between May 2003 and January 2006. Some of these numbers were provided in response to e~ters. and some of the exigent letters had been issued after the _ . 2 1 5 213 We refer to this as the Company A September 21 NSL. 214 We call this SSA the Primary Relief Supervisor because Youssef referred. to him in this capacity in his annual perfonnance evaluations. 215 The telephone numbers listed on this NSL were relevant to various FBI investigations, including international terrorism investigations. However, others related to domestic terrorism investigations and criminal investigations such as fugitive cases, alien smuggling, securities fraud, arson, illegal narcotics, and bank robbery. 174 The Primary Relief Supervisor stated that Youssef had assigned him to work with Company A on the outstanding telephone numbers. He said that he worked directly with the Company A analysts to obtain a spreadsheet of numbers for which legal process was outstanding, and he also sought guidance from the SSA who had drafted the Company B May 12 NSL. On July 28, 2006, a Company A analyst sent a preliminary list of 213 telephone numbers to the Primary Relief Supervisor. The Company A analyst took approximately 3 months to compile the final comprehensive list, which identified 700 telephone numbers. The Primary Relief Supervisor then drafted the Company A September 21 NSL and attached the list of 700 numbers. He said that in drafting the NSL he likely used a "pony" (or model NSL) given to him by the SSA who had drafted the Company B May 12 NSL. Youssef told us that he was not aware at the time that the Company A September 21 NSL had been issued, and that he learned about it later in connection with the DIG investigation. This NSL was not accompanied by an approval EC, which is required by FBI policy to document that the requested records are relevant to an authorized national security investigation. The Primary Relief Supervisor told us that he did not know that an approval EC was required for an NSL. The NSL was signed by Jennifer Smith Love, who was then a CXS Section Chief, temporarily assigned to serve as an Acting CTD DAD.216 Love told us that she recognized her signature on the Company A September 21 NSL but could not recall any details surrounding this NSL, including who gave it to her. Love told us that at the time she signed the NSL she was unaware that an approval EC was required. Like the Company B May 12 and Company C July 5 NSLs, the Company A September 21 NSL was defective in several respects. First, the Company A September 21 NSL was served after-the-fact. Second, the NSL included 134 telephone numbers that were relevant to criminal and domestic terrorism investigations for which NSLs are not an authorized technique under the ECPA NSL statute or the Attorney General's NSI 216 In December 2006, Love was promoted to be a Special Agent in Charge in the FBI's Washington Field Office. In June 2008 Love became the SAC of the FBI's Richmond Field Division. 175 Guidelines. Third, although the NSL imposed a non-disclosure and confidentiality obligation on Company A, the NSL did not contain the certification required by the Patriot Reauthorization Act and the ECPA for such NSLs. Fourth, the NSL was not accompanied by the required approval EC establishing the predication for the request and the relevance of the records sought to an authorized national security investigation. Finally, the NSL did not disclose that the FBI had previously asked Company A to _ these records or that Company A had already done so and in many instances had provided responsive records. d. Timellne Regarding Three Improper Blanket NSLs Diagram 4.1 (next page) illustrates the timeline of the three blanket NSLs just described, including the time period in which records were without legal process pursuant to exigent letters or other initially _ infonnal requests, the dates of the blanket NSLs issued to cover these requests, and the date of three correcting NSLs (described later in this chapter) issued by the FBI to address the records identified in the three improper blanket NSLs. 176 DIAGRAM 4.1 Timeline of Requests Made and by the Three On-Site Communications Service Providers Addressed by Three Blanket NSLs, and Subsequent Corrective Actions 2008 JFMAMJJA Company (700) , Blanket NSL May-Oa Revised NSL l Jan-06 Sep-06 Aug-OB , Blanket NSL Company B (192) l 8ep-04 Apr-06 May-06 Blanket NSL Company C (35) Apr-06 Sep-04 Total=927 • , Date range for Blanket NSLs Issued Revised NSL Issued Revised NSL ithout legal process (SIINF) 177 l JuI-06 Jun-OB , Revised NSL Mar-OB 4. Eight Additional Blanket NSLs in 2006 We determined that CAU personnel drafted and CTD senior officials signed eight additional improper blanket NSLs between August and October 2006 related to major FBI operations. Together, these eight blanket NSLs were issued to cover the FBI's previous requests to the communications service providers without accompanying NSLs for on calling records and other information on over 1,500 telephone numbers. All of these eight NSLs were served after-the-fact, although the ECPA does not authorize retroactive legal process. Five of the NSLs also failed to comply with the ECPA certification requirement for NSLs imposing non-disclosure and confidentiality obligations on the recipients. The eight NSLs also were issued without approval ECs in violation of FBI policy and failed to disclose that the FBI had already acquired the records. The additional deficiencies in these eight blanket NSLs are summarized in Table 4.2 and described in more detail in this section. TABLE 4.2 Eight Blanket NSLs Issued by the CTD in Connection with FBI Operations Y and Z . o ~ ...... i~ o I:l e el: .. 0 u.a u c:a. c:a." CIlI. 'S ';-'S ~lIo1I U Date Recipient Company B 1 08/24/06 2 08/24/06 Company C 3 08/25/06 Company A 4 09/19/06 Company A 5 09/19/06 Company C Signer A/DAD Cummings* A/DAD Cummings* A/DAD Cummings* A/DAD Cummings* A/DAD Cummings* i~i . .a Ii>\'s U 'l:lI 0 .!! "'l:lIl! uClll,a u oS ., ..::s CIlI • . ..=~i ~ e _U 0u c::- 'to! u'l:ll .!l'l:ll u .. .. 0 U a :i g 'l:lI u l:• & ....0 's..:I .!~ -to= .u, oral ~i o 0 u .. "c:a. .!=- 72 ...J ...J ...J 5/04/07 5/04/07 610 ...J ...J ...J 3/07/08 3/07/08 735 ..J ...J ...J 3/07/08 3/07/08 107 ...J ...; ...J 5/04/07 5/04/07 73 ...J ...; ...J 5/04/07 5/04/07 178 . 0 0 .... U o s:I .. 0 41 6 10/20/06 Recipient Company A Signer Assistant Director Billy 7 10/20/06 Company B 8 10/20/06 Company C Date ~ e 41 41 o ~.sas fIl .... '1:1 i2~t u u o.U a~a ase; i::i '1:1 0." U as .... '8 ~:I .!'1:1 U .. .. 0 ~J ~ ~ 445 ..J ..J Assistant Director Billy 445 ..J ..J Assistant Director Billy 445 ..J ..J ..U ,gs:I ..U .... ::s as IIll 5~ t.!l u'1:I U I s:I ~ ~ 41 .t.... '1:1 41 U to Ofll -S ....& 0 ~i o 0 41 .. .5~ .... 0. ~~ None required per FBI OGC None required per FBI OGC None required per FBI OGC ~~ 4/13/07 4/13/07 4/13/07 *Cummmgs signed the NSLs as SAC. Yellow = Operation "Y" blanket NSLs Turquoise = Operation "Z" blanket NSLs a. Five Blanket NSLs in Connection with Operation "Y" The CAU SSA who drafted the Company B May 12 and Company C July 5 blanket NSLs also drafted five other blanket NSLs in August and September 2006. All five of these additional blanket NSLs listed telephone numbers r e ~ o rFBI counterterrorism operation that was initiated in _ which we refer to as Operation Y.217 We were told that CAU employees told the three on-site communications service providers when Operation Y first began that the FBI was undertaking a significant operation that would generate many requests for _ of telephone records, and that after-the-fact NSLs listing multiple telephone numbers would be prepared to cover the requests for these records. Youssef told us that he could not recall whether he or someone else from the CAU informed the providers about the anticipated requests for Operation Y. He told us that the plan was for the Headquarters operational unit to prepare after-the-fact NSLs. We determined that, with few exceptions, records requests relating to this operation were 217 The name of this operation is classified. 179 communicated to the on-site communications service providers by informal means other than exigent letters, such as bye-mail. CAU personnel made requests for telephone records related to this investigation for a 6-week period. The Company B on-site employee told us that he was informed by CAU personnel that Operation Y involved "something big going on ... and it could be another 9/ 11." One Company A analyst told us that he received no briefmg from the C A U ~ o nY, and a second Company A analyst told us he had _ for the FBI for this case for several weeks without even being aware that the _ he was conducting were associated to Operation Y. Arthur A. Cummings III, then a SAC in the FBI's Washington Field Office but temporarily assigned as an Acting Deputy Assistant Director (DAD) in the CTD, signed the following five blanket NSLs relating to Operation Y, none of which had approval ECs: • August 24,2006, NSL to Company B listing 72 telephone numbers (Company B August 24 NSL); • August 24,2006, NSL to Company C listing 610 telephone numbers (Company C August 24 NSL); • August 25, 2006, NSL to Company A listing 735 telephone numbers (Company A August 25 NSL); • September 19, 2006, NSL to Company A listing 107 telephone numbers (Company A September 19 NSL); and • September 19,2006, NSL to Company C listing 73 telephone numbers (Company C September 19 NSL). As a SAC in the Washington Field Office, Cummings was authorized to sign NSLs.218 Cummings acknowledged that the NSLs contained his signature and said that he specifically recalled signing the Company C August 24 and Company A August 25 NSLs because they included many telephone numbers. He said that he had no specific recollection of signing 218 In November 2006, Cummings became a DAD in the CTD, and in January 2008 became the Executive Assistant Director for the FBI's National Security Branch. 180 any of the other three blanket NSLs. Cummings said that he believed that each of the NSLs had approval ECs because it was his practice to ensure that NSLs always had approval ECs. Cummings told us that prior to signing any NSLs while assigned as an Acting DAD he asked an NSLB attorney whether he was authorized to sign NSLs in that capacity. He stated that the NSLB attorney told him that although he was not authorized to sign NSLs as an Acting DAD, since he was "formally" a SAC at the time he was authorized to sign NSLs in his capacity as a SAC. 219 Cummings stated that other than signing NSLs, he perfonned no other duties as a SAC while temporarily assigned as an Acting DAD for the CTD. The NSLB attorney with whom Cummings consulted confirmed that based on direction from her NSLB Unit Chief, she had advised Cummings that he was authorized to sign NSLs as a SAC. 220 We determined that all five Operation Y NSLs were defective. First, the NSLs were served after-the-fact. Second, although the NSLs imposed non-disclosure and confidentiality obligations on Company A, the NSLs did not contain the certifications required by the Patriot Reauthorization Act and the ECPA for such NSLs. Third, the NSLs were not accompanied by approval ECs establishing the predication for the requests and the relevance of the records sought to authorized national security investigations. Finally, the NSLs also did not disclose that the FBI had previously asked the providers to _ these records or that the providers had already done so and in many instances had provided responsive records. 219 As noted above, at the time the FBI had no written guidance on the authority of acting FBI officials to sign NSLs. 220 NSLB Deputy General Counsel Thomas told us she was not sure whether this advice was correct. She stated, "the issue would be if you are an Acting DAD, then you have left the current (SACl position." She added that her advice would have been to have the NSLs sent to her instead of having Cummings sign them because, "we do not need to go down that legal road." As noted previously, the FBI OGC issued guidance on June 1,2007, stating that Acting Deputy Assistant Directors are not authorized to sign NSLs. However, on January 16, 2009, the Department's Office of Legal Counsel opined that Acting DADs are authorized to sign NSLs under three of the NSL statutes, including the ECPA NSL statute. 181 b. Three Blanket NSLs in Connection With Operation "Z" The FBI issued three more blanket NSLs in October 2006, one to each of the three on-site communications service providers, in connection with a different major FBI counterterrorism investigation, which we refer to as Operation Z.221 In connection with 0 eration Z, the CAU was rovided tele hone numbers recovered . Youssef advised CAU personnel of the investigation bye-mail on stating that "[w]e anticipate numerous requests for telephone exploitation and I want us to be ready." He also asked for a CAU "volunteer to head this project." Four days later, on the CAU began asking the on-site providers to provide records for groups of telephone numbers related to this operation. The CAU Primary Relief Supervisor told us that at Youssefs direction he issued three exigent letters dated one to each of the three on-site providers. These exigent letters listed telephone numbers relating to Operation Z. The exigent letters, which were sent to the three on-site providers bye-mail, each contained an attachment listing the same 48 telephone numbers. From through October 20,2006, the CAU asked for, and in many instances received, toll billing and other records on 397 additional telephone numbers relating to this operation. Almost all of these _ were requested without exigent letters. Youssef stated that he did not recall directing the Primary Relief Supervisor to issue exigent letters at the start of Operation Z, but that he would not be surprised if exigent letters had been issued because that was how the CAU regularly operated. Youssef said that he was not aware that only one exigent letter was issued to each provider, with _ on additional telephone numbers later requested without even exigent letters. A CAU Intelligence Analyst who worked on Operation Z told us that she volunteered to be the coordinator of telephone analysis requests that the CAU would receive in connection with this operation. She maintained a contemporaneous log of the telephone numbers that the CAU gave to the 221 The name of this operation is classified. 182 three on-site providers to _ in connection with this operation. She said that in late October 2006, the Primary Relief Supervisor directed her to Using her compile a list of all telephone numbers that had been _ log, the Intelligence Analyst prepared a list of 445 telephone numbers and gave it to the Primary Relief Supervisor. The Primary Relief Supervisor then prepared a blanket NSL for each of the three on-site providers, attaching the list of 445 telephone numbers to each NSL. He said that he gave the NSLs to Youssef or Youssers immediate supervisor for Billy to sign, and that the NSLs were signed on or around October 20, 2006. Billy confirmed his signature was on all three NSLs, although he said he could not recall signing them. He said he recalled the case and that NSLs were issued. He also told us that signing NSLs without approval ECs was "completely outside" his practice. Youssef told us that he was not involved with the Operation Z NSLs. He said that the Primary Relief Supervisor was the CAU point of contact with the CTD operational unit for Operation Z. Youssef also said that he did not recall that the Primary Relief Supervisor had drafted the three blanket NSLs for Operation Z and said he also did not recall whether he had provided the NSLs to Billy for signature. Youssef told us that he recalled one instance in which he had provided NSLs to Billy for signature but did not think it related to Operation Z. Youssef said that Billy asked him what case the NSLs were associated with but did not ask for any approval ECs. The Primary Relief Supervisor stated that he did not draft approval ECs to accompany the NSLs because he believed they were being prepared by the CTD operational unit involved with Operation Z. He also told us that when he drafted the Company A September 21 NSL, he did not know that approval ECs were required, but he knew that a CTD operational unit was responsible for preparing ECs for the Operation Z NSLs. We determined that all three Operation Z NSLs were defective. First, the NSLs were served after-the-fact. Second, the NSLs were not accompanied by approval ECs establishing the predication for the requests and the relevance of the records sought to authorized national security investigations. Finally, the NSLs did not disclose that the FBI had previously asked the providers to _ these records or that the providers 183 had already done so and in many instances had provided responsive records. 222 As described in the next section, the FBI later drafted an approval EC dated April 13, 2007, documenting the predication for these three blanket NSLs. We found a draft version of this EC stating that the records were obtained in exigent circumstances. However, the final signed EC did not contain that statement. In an e-mail dated April 30, 2007, from the Assistant General Counsel to NSLB Deputy General Counsel Thomas relating to the issuance of the EC, she told Thomas that the Unit Chief of the operational unit responsible for Operation Z "was not willing to put in [the approval Eel that it was an exigency, and he was not even willing to say that CAU thought it was an exigent circumstance because he didn't think CAU could believe that." The Unit Chief and an SSA of the operational unit responsible for Operation Z told us that they believed the telephone records requested by the CAU for this operation were not _ under exigent circumstances. In addition, Youssef said that the telephone records that the CAU obtained from the on-site providers in Operation Z were of "very high intelligence value as opposed to a known threat." 5. OIG Analysis of 11 Improper Blanket l'ISLs In sum, we concluded that the FBI's attempt to address the backlog of records requests awaiting legal process by issuing blanket NSLs was ill-conceived, legally deficient, contrary to FBI policy, and poorly executed, and these blanket NSLs created more problems than they solved. First, as described at the beginning of this Chapter, the ECPA does not authorize the FBI to issue retroactive legal process to cover previously acquired records or information. Moreover, issuance of retroactive legal process did not cure any prior violations of the ECPA that occurred when the FBI sought and received records without prior legal process and in the absence of a qualifying emergency. 222 In addition to the Operation Y and Z blanket NSLs discussed in this section, the CAU used the same practices in support of other counterterrorism investigations. For exam~er-the-fact NSLs and 3 after-the-fact grand jury subpoenas were used to cover _ _ and the acquisition of records for more than 950 telephone numbers that were relevant to 2 other counterterrorism operations in 2005 and 2006. The FBI served legal process between 2 weeks and 6 months after receipt of the records. In many instances, records were provided in response to requests communicated bye-mail and other informal means. We found only a few exigent letters associated with these requests. 184 Beyond this threshold legal problem, we found that the three blanket NSLs to the three on-site communications service providers in 2006 to cover the backlog of records requests listed telephone numbers that were relevant to many different FBI investigations, including criminal and domestic terrorism investigations for which NSLs are not an authorized technique under the ECPA and the Attorney General's NSI Guidelines. Accordingly, the signers of the NSLs could not certifY, as required by the ECPA, that the records sought were relevant to "an authorized investigation to protect against international terrorism or clandestine intelligence activities" and that any investigation of a U.S. person was "not conducted solely on the basis of activities protected by the first amendment to the Constitution of the United States."223 Also, these NSLs were issued without the required approval ECs, in violation of FBI policy. Without approval ECs to capture the records identified in these NSLs, the FBI did not collect data necessary to include in required periodic reports to Congress on NSL usage. The eight blanket NSLs issued in connection with Operations Y and Z also failed to comply with FBI internal policy because they were issued without accompanying approval ECs. Additionally, the three blanket NSLs to Company A, Company B, and Company C to cover the backlog of records requests and the five Operation Y NSLs did not contain the required ECPA certification for NSLs imposing confidentiality and non-disclosure obligations on the recipients. Finally, none of the 11 blanket NSLs stated that the FBI had already acquired the records, in some instances more than 3 years earlier. While we developed no evidence suggesting that the communications service providers who received these NSLs were misled, we nonetheless believe that the NSLs should have stated that the FBI had already acquired the records. The FBI later made this disclaimer in various corrective NSLs issued in 2008 and 2009. We believe it should have done so in these 11 blanket NSLs as well so that the NSLs would be fully accurate and would not mislead anyone who subsequently reviewed these NSLs. II. The FBI's Corrective Action Since November 2006 We describe in this section the FBI's attempts at corrective action beginning in November 2006, after the FBI aGC learned that the CTD had 223 See 18 U.S.C. § 2709(b). As discussed below, the FBI did not complete until March 2009 its review of all the telephone numbers listed in these three NSLs and issue revised NSLs for the telephone numbers that were relevant to national security investigations. 185 issued blanket NSLs without approval ECs. These efforts included the CTD's preparation of draft memoranda reporting possible intelligence violations to the FBI OGC; the FBI OGC's notification to the President's Intelligence Oversight Board (lOB) of an intelligence violation; the issuance of new guidance in March 2007 clarifying the FBI's authority to request telephone subscriber and toll billing records information; mandatory NSL training for FBI employees; relocation of the communications service providers' employees; and the FBI's analysis of whether it will retain records acquired in response to exigent letters and the blanket NSLs. A. FBI OGC Learns of Blanket NSLs As described above in connection with the Company B May 12 NSL, the Assistant General Counsel sent an e-mail to Youssef and other CTD and NSLB personnel regarding what she had told the OIG during her May 17, 2006, interview concerning problems the CAU had experienced in issuing NSLs. The Assistant General Counsel sent Youssef a follow-up e-mail on August 2, 2006, in which she asked Youssef whether there was any backlog of requests for which the FBI had received information but not yet issued an NSL. In his e-mail response dated August 3, 2006, Youssef stated that Billy had signed a "blanket NSL" for the "backlogged requests. "224 On August 3 and on August 8, 2006, the Assistant General Counsel sent e-mails to Youssef requesting a copy of the NSL and approval EC that Youssef said Billy had signed in his August 3 e-mail but she received no reply from Youssef. NSLB attorneys took no further action regarding the Company B May 12 NSL until November 2006. On November 7,2006, in connection with a meeting FBI General Counsel Caproni had scheduled that day with the OIG concerning a draft of our first NSL report, the Assistant General Counsel forwarded Youssefs August 3, 2006, e-mail about the Company B May 12 NSL to Caproni. The Assistant General Counsel wrote to Caproni. "I presume that Bassem [Youssef] told OIG about it so I thought you ought to know about it." Caproni forwarded the e-mail to Billy and asked him whether he recalled signing a blanket NSL. Billy responded that he did not recall "signing anything blanket.' On November 8, 2006, Caproni forwarded Billy's response to the Assistant General Counsel and asked her whether she could "unravel this." Also on November 8, the Assistant General 224 Although Youssefs e-mail did not further describe this NSL. Youssef told us that he was referring to the Company B May 12 NSL. 186