April 11, 2007
Testimony of Suzanne E. Spaulding Before the U.S. Senate Judiciary Subcommittee on The Constitution "Responding to The Inspector General's Findings of Improper Use of National Security Letters by the FBI"
April 11, 2007
Chairman Feingold, Ranking Member Brownback, and Members of the Committee, thank you for inviting me to participate in today's hearing regarding appropriate follow up to the Report of the Department of Justice Inspector General (IG) on the Federal Bureau of Investigation's (FBI's) use of National Security Letters (NSLs).
I would like to begin my testimony today by emphasizing that I have spent over twenty years working on national security issues, starting in 1984 as Senior Counsel to Senator Arlen Specter of Pennsylvania. Over those two decades, in my work at the Central Intelligence Agency, at congressional intelligence oversight committees, and as Executive Director of two different commissions on terrorism and weapons of mass destruction, I developed a strong sense of the seriousness of the national security challenge that we face and deep respect for the men and women in our national security agencies, including the FBI, who work so hard to keep our nation safe.
We owe it to those professionals to ensure that they have the tools they need to do their job. Equally important, they deserve to have clear guidance on just what it is that we want them to do on our behalf -- and how we want them to do it. Clear rules and careful oversight provide essential protections for those on the front lines of our domestic counterterrorism efforts. Unfortunately, it appears both were lacking in the implementation of national security letter authorities.
As important as it is to examine the lessons learned from the IG Report, however, I would urge the Congress not to stop there but, rather, to take a broader approach. The various authorities for gathering information inside the United States, including the authorities in the Foreign Intelligence Surveillance Act (FISA), should be considered and understood in relation to each other, not in isolation.
One example is the requirement in Executive Order 12333, and picked up in the FISA surveillance provisions, to use the "least intrusive collection techniques feasible." The appropriateness of using FISA electronic surveillance to eavesdrop on Americans should be considered in light of other, less intrusive techniques that might be available to establish whether a phone number belongs to a suspected terrorist or the pizza delivery shop. It's not the "all or nothing" proposition often portrayed in some of the debates.
The IG Report notes that the Attorney General guidelines also cite the requirement to use the least intrusive techniques feasible but that there is not sufficient guidance on how to apply that in the NSL context or in conjunction with other available collection techniques. This is just one example of the need for a broader examination of domestic intelligence tools.
I would urge Congress to undertake a comprehensive review of all domestic intelligence collection, not just by FBI but also by the other national security agencies engaged in domestic intelligence collection, including the Central Intelligence Agency, the Department of Defense, and the National Security Agency. A Joint Inquiry or Task Force could be established by the Senate leadership, with representation from the most relevant committees (Judiciary, Intelligence, Armed Services, and Homeland Security and Government Affairs), to carefully examine the nature of the threat inside the US and the most effective strategies for countering it. Then Congress, and the American public, can consider whether we have the appropriate institutional and legal framework for implementing those strategies with adequate safeguards and oversight.
In the meantime, I know that this committee will be looking closely at the problems identified by the IG Report and the potential need for legislation. Even in this context, I would urge a broad focus, not just on the specific problems in the Report but on national security letter authorities generally. The IG Report notes that the Patriot Act "significantly expanded the FBI's preexisting authority to obtain information through national security letters." (Report at p. x.) These changes were not subject to the sunset provisions and so were not included in the review and debate that took place last year in the Congress and the American public. I hope this Report will prompt that overdue examination.
Three changes in particular need to be carefully reconsidered. The first is the standard for issuing national security letters, which moved from the need to show specific facts providing a reason to believe that the records pertain to an agent of a foreign power, to the far broader standard that the records are merely "relevant to an investigation to protect against international terrorism." As the IG notes, this allows the government to get information about individuals who are not themselves the subject of an investigation--"parties two or three steps removed from their subjects without determining if these contacts reveal suspicious connections." (Report at p. xlii.)
In fact, the most tenuous of connections would seem to suffice for this NSL standard. For example, it's not clear why an "investigation to protect against international terrorism" couldn't justify demanding information about all residents of, say, Dearborn, Michigan, so that you could run them through some logarithmic profile to identify "suspicious" individuals. In fact, Congress should examine the facts surrounding the 9 NSLs in one investigation that were, according to the IG Report, used to obtain information regarding over 11,000 different phone numbers.
Data mining is a term that refers to many different kinds of data exploitation efforts and many of those efforts are essential intelligence and law enforcement tools. However, data mining also raises a host of issues that should be carefully considered and addressed. These issues have not been addressed in the NSL context and NSLs should not become a mechanism for gathering vast amounts of information about individuals with no known connection to international terrorism for purposes of data mining.
At least as troubling is the provision in the Patriot Act that allows the government to demand not just identifying information of the kind provided for in the other NSL statutes but full credit reports and all other information that a credit bureau has on individuals. This more intrusive authority was actually granted not just to FBI but to any agency "authorized to conduct investigations of, or intelligence or counterintelligence activities or analysis related to , international terrorism." (15 USC 1681v) This would include CIA, NSA, and DOD.
Given the problems uncovered in the FBI's use of NSL authorities, Congress clearly needs to thoroughly examine how this authority is being used by these additional agencies and departments less accustomed to the sensitivities inherent in gathering information inside the United States against US citizens. I would urge Congress to consider restricting this authority to the FBI only, as with the other NSL authorities. This not only reduces the likelihood of multiple agencies requesting the same information, it will encourage greater coordination, cooperation, and collaboration.
The Patriot Act also moved the authority to approve NSLs from senior officials in Washington down to all 56 Special Agents in Charge (SACs) of the various field offices. As a result, the legal review of these NSLs comes from attorneys in the field who work for those SACs. The IG Report found that this "chain of command" has significantly undermined the independence of those lawyers and led some to believe they cannot challenge the legal basis for NSLs sought by the agents. (Report at xliii.)
Nor do the attorneys in FBI's Office of General Counsel seem to fare much better. The IG reported on at least one instance where facts were misrepresented to the FBI General Counsels office and guidance provided by counsel was ignored. This was in the context of the "certificate letters" that the Terrorist Financing Operations Section (TFOS) of the FBI improperly issued instead of the legally required NSLs to obtain financial records from a Federal Reserve Bank concerning nearly 250 individuals. When the National Security Law Branch (NSLB) at FBI learned about this, the TFOS Acting Assistant Section Chief misrepresented key facts to the Assistant General Counsel and ignored the lawyer's admonitions to change procedures to comply with the law. The Report does not indicate whether any disciplinary action was ever taken against the TFOS official.
In order to ensure more independent and consistent oversight of the NSL process, Congress should consider a suggestion made by David Kris, who was the Associate Deputy Attorney General and Director of the Executive Office for National Security at DOJ from 2000 to 2003, to transfer FBI's NSL authority to attorneys in the Department of Justice National Security Division, at headquarters and in the field. Mr. Kris notes that grand jury subpoenas are issued by DOJ lawyers (nominally by the grand jury itself). In fact, he points out, by law or rule many of the most effective investigative techniques in the criminal context-- including subpoenas, searches, surveillance, and certain undercover operations--require DOJ's participation.
DOJ has not had this same productive working relationship with national security investigators at FBI because of the legacy of "the wall." Yet, in this area of domestic intelligence collection, the oversight of DOJ attorneys may be most important. Now that the wall has been dismantled, Congress should consider ways in which the new National Security Division can more directly work with FBI national security investigators, including having the authority to issue NSLs.
With regard to the specific findings and recommendations of the IG Report, let me first emphasize that the FBI and DOJ are to be commended for having welcomed this as an important wake-up call and initiating changes to address some of the problems identified, particularly with regard to the "exigent circumstance" letters.
Another area requiring clearer guidance is data retention. The Report notes that, "The FBI has not issued general guidance regarding the retention of [NSL] information." (Report at 27) This is particularly troubling with regard to targets that cannot be linked to international terrorism. According to the IG, "neither the Attorney General's NSI Guidelines nor internal FBI policies require the purging of information derived from NSLs in FBI databases, regardless of the outcome of the investigation. Thus, once information is obtained in response to a national security letter, it is indefinitely retained and retrievable by the many authorized personnel who have access to various FBI databases." (Report at p. 110.)
The Office of the Director of National Intelligence (ODNI) and the DOJ's Chief Privacy and Civil Liberties Officer have convened a working group to examine how NSL-derived information is used and retained by the FBI. Congress should follow the work of this committee very closely and ensure that retention policies reflect an appropriate risk management strategy that recognizes the danger of government accumulating and retaining for long periods of time retrievable databases of information about innocent people.
Purging NSL information that turns out to be irrelevant, inaccurate, or improperly acquired, however, can only be accomplished if it is tagged as it moves through the system and makes its way into various databases and intelligence products. The IG Report recommends measures to enable tagging of NSL information used in intelligence products and in criminal proceedings. (Report Recommendation #6.) These measures should be mandatory.
In closing, Mr. Chairman, I want to commend the committee for holding this hearing and urge, again, that the lessons learned on NSLs lead to a broader examination of intelligence collection inside the United States. Nearly 6 years after 9/11, it is time to more carefully craft an effective and sustainable framework for this long-term challenge, rather than relying on a patchwork built on fear and in haste. We owe it to the men and women who undertake this vital and sensitive work on our behalf.