A report entitled A Review of the Federal Bureau of Investigation's Use of Exigent Letters and Other Informal Requests for Telephone Records (.pdf) from the Department of Justice Office of the Inspector General (OIG) indicates that between 2003 and 2005, FBI routinely "circumvented the requirements of the Electronic Communications Privacy Act (ECPA)" by using so-called "exigent letters" to obtain telephone call data from telecommunications companies. The ECPA, 18 USC Sec. 2702, provides that service providers will not provide customer data to government authorities, absent a national security letter signed by the Director of the FBI or a subpoena.
The 700+ "exigent letters" examined by the OIG became common after the terrorist attacks on September 11, 2001. In reaction to the attacks, a telecommunications company (referenced as "Company A" in the report) provided a "fraud detection analyst" to the FBI's New York field office to access telephone records in response to subpoenas from the U.S. Attorney's Office. Apparently, over time the Company A analysts began to provide the requested customer data in response to "placeholder" letters signed by FBI special agents while the grand jury subpoenas were in the process of being obtained. These letters, which claimed "exigent circumstances" and requested the production of customer data before the submission of a subpoena, became known as "exigent letters." When the FBI's investigation moved to Washington, D.C., three service providers moved analysts into the FBI's offices to respond to the requests for telephone data covered by the ECPA.
Observations from the OIG report include:
- The "concept of using exigent letter originated as a time-saving technique" in the wake of 2001 terror attack, but over the years the embedding of service provider analysts with the FBI "led to a culture in which exigent letters and other even less formal and equally inappropriate requests for information became the [FBI Communication Analysis Unit's] accepted and customer method of conducting business."
- Some letters called for the production of thousands of telephone numbers and customer transaction data.
- OIG concluded that exigent letters were issued and customer records were obtained even though the "circumstances . . . were not exigent," including "media leak investigations . . . and other investigations that did not include exigent or life-threatening circumstances."
- The FBI special agent responsible for signing over 100 exigent letters told OIG investigators "that the communications service providers' employees often gave him exigent letters to sign after he had already been given the requested records -- and he simply signed the letters. This SSA also said that while he realized the exigent letters inaccurately states that grand jury subpoenas had been submitted, he signed the letter because he 'thought it was all part of the program coming from the phone companies themselves[.]'"
- Another FBI special agent responsible for a large number of the letters told the OIG that the telecommunications analyst from "Company A" informed him about the letters and told him that the letters had been approved by legal counsel.
- When asked, the FBI unit chief described the exigent letters as "standard operating procedure."
- Telecommunications company analysts interviewed by the OIG described pressure from the FBI to accept the "placeholder" exigent letters. One noted: "personally, it wasn't my place to police the police."
- FBI sought court orders under the Foreign Intelligence Surveillance Act (FISA) using customer data obtained through exigent letters in violation of the ECPA. Howeveragents mischaracterized how the FBI had obtained the data -- suggesting that the data had been properly produced in response to a national security letter or subpoena.
- OIG "found that numerous, repeated, and significant management failures led to the FBI's use of exigent letters and other informal requests for telephone transactional records over an extended period of time."