In response to last month’s mass shooting in Orlando, Congress has been debating various proposals to combat home-grown terrorism. You’ve probably heard the most about measures to restrict gun purchases. But here’s what you may have missed: Lawmakers are also pushing to expand the FBI’s surveillance powers. And in a big way.
Sens. John McCain (R-Ariz.) and Richard Burr (R-N.C.) offered an amendment eight days after the Orlando shooting that would allow FBI agents — without a court order — to capture a person’s email logs, IP address and Internet browsing history. To obtain a user’s records from a service provider, FBI investigators would need only their field supervisor to issue an administrative subpoena, known as a national security letter (NSL).
The McCain-Burr amendment fell just two votes short of the 60 needed for final action. But the Senate will very likely try again. Senate Majority Leader Mitch McConnell (R-Ky.) has reserved the option to reintroduce the McCain-Burr amendment at a later date. Two other Senate bills under consideration contain nearly identical language.
So will the United States authorize the FBI to monitor Internet and email activity at its own discretion?
What are national security letters, and how are they used?
Currently, in both espionage and terrorism cases, federal agents can use NSLs to obtain bank statements, phone billing records, credit reports and certain other files that are held by third parties. (In criminal cases, agents can obtain such items using grand jury subpoenas.)
Authorities often use national security letters in the early stages of an investigation. With the information they obtain, the FBI determines whether a possible suspect has contact with known foreign agents. The FBI also uses the information as evidence when seeking warrants for physical searches or electronic surveillance.
The FBI currently issues NSLs in at least one-third of all espionage, terrorism and cybersecurity cases, amounting to about 20,000 per year. It issued more than 300,000 of them in the last decade.
Authorities sometimes use NSLs when they have to sift through many long-shot suspects. For example, they have gathered phone billing records on everyone whose car was parked at a hotel where a suspected terrorist had a room. This way, an agent can take a quick peek at large numbers of low-value suspects without investing much time or effort.
How long have national security letters been so easy to get?
Since Congress passed the USA Patriot Act in 2001. Before the attacks of Sept. 11, 2001, investigators could obtain a letter only if they presented evidence that the intended target was a foreign agent. Only two senior officials, the FBI director and his designee, could grant the requests. As a result, it often took investigators a year or more to obtain a letter — which discouraged the letters’ use.
With the Patriot Act, Congress lowered the evidentiary requirement for NSLs and expanded from two to 58 the number of officials who could grant letters. Today, all special agents in charge of FBI field offices can sign off on requests.
Have there been allegations that the FBI abuses national security letters?
Certainly this is what congressional investigations and civil society advocates have found. One privacy advocate contends that “the FBI has massively overused and abused NSLs more than almost any other surveillance authority.”
The act Congress passed in 1986 that allowed the FBI to issue NSLs provided few rules on how the FBI should process and store data collected from the letters. Agents, in effect, could keep all records indefinitely, even after they had decided a target was not a spy or terrorist. Initially, the Justice Department set up guidelines, known as “minimization procedures,” that required agents to discard all nonrelevant information.
After 9/11, the George W. Bush administration dropped the minimization procedures and let the FBI stockpile all data gathered with NSLs. The captured records were stored in searchable databanks and made accessible to thousands of FBI agents and other personnel. Between 2003 and 2005, the FBI kept private data on nearly 25,000 U.S. persons — the vast majority of whom certainly had no connection to terrorist organizations.
Later Congress ordered the Justice Department’s inspector general to conduct independent audits of the program. The inspector general concluded that, during the Bush years, the FBI’s use of national security letters resulted in widespread violations of privacy rights.
What types of privacy violations did the Inspector General find?
Generally, the legal breaches fell into three categories:
- issuing NSLs for investigations that had already concluded;
- collecting private records on the wrong person; and
- using an NSL to obtain information that required a court order.
The audits found that many FBI missteps were caused by sloppiness and confusion over statutory requirements. But some violations were deliberate. In one case, investigators used an NSL to obtain files that a court had specifically ruled off limits.
Has Congress passed any major national security letter reforms?
No — for two reasons.
First, for much of the Bush presidency, Congress was unaware of how aggressively the FBI was using NSLs. As we detail in an article, Congress had failed to include reporting requirements on the use of national security letters when it first passed the USA Patriot Act. So it had no way to evaluate the letters’ investigative effectiveness or harm to privacy.
Only when a Washington Post investigation revealed in late 2005 that authorities were issuing NSLs in unprecedented numbers did lawmakers order an audit. The audit findings, confirming the Post’s report, emerged near the end of Bush’s second term.
Second, in the first years of the Barack Obama presidency, the Democratic Congress refrained from passing reforms to avoid friction with the president. Democratic legislators drafted bills to impose minimization procedures on NSLs and require authorities to discard irrelevant information. But even though Democrats controlled both Congress and the White House, the bills died in committee.
Why? Far from welcoming new restrictions, President Obama and his administration wanted to expand the use of NSLs. Facing resistance from the president, congressional Democrats dropped the issue.
Eventually, the Obama Justice Department issued administrative rules that imposed minimization requirements. Whether these are as strong as the proposed laws may have been, we cannot know. The public has been unable to assess these rules because they are classified. But an executive branch review group that evaluated the procedures in 2013 found them inadequate.
Do current NSL bills include safeguards against abuse?
The debate on permitting the use of NSLs to seize email and Internet logs has focused mostly on the pros and cons of facilitating investigators’ access.
Supporters argue that authorities need to be able to swiftly get online records to monitor terrorist groups and identify individuals who frequent radical websites. If agents continue to be bogged down with lengthy court procedures to get email and Internet records, this argument goes, they won’t be able to prevent attacks on civilians.
Opponents point out that phone and email records, even without message contents, can enable investigators to make inferences about sensitive matters. Online search histories can reveal embarrassing personal details. They argue that investigators could use such data to bully protesters, activists and even elected officials — all of which has happened in the FBI’s history.
In this debate, few people have noted that minimization procedures — which, remember, simply say that irrelevant records must be discarded — could reduce the risk of abuse. It is one thing for an innocent individual to have his or her email records checked for contacts with an identified terrorism suspect. The real problem comes if these records are kept indefinitely for federal investigators to use for any purpose, benign or not.
But the bills now before Congress, like existing law on NSLs, don’t include minimization procedures.
What happens if nothing passes?
Even if the McCain-Burr amendment and other similar proposals are abandoned, privacy advocates will not declare victory. There has been no evidence that the 2013 executive branch review has prompted the Justice Department to tighten its classified minimization procedures — which means that some unknown number of Americans’ personal records are stored with the FBI.
Indeed, one of the rules was leaked recently. It permits agents to use NSLs to obtain phone records to identify journalists’ confidential sources. How many NSLs have targeted reporters? We have no way to know.
Here’s the problem with minimization rules imposed administratively instead of by Congress: They depend on the president’s sufferance. Given Donald Trump’s cavalier dismissal of civil-liberties concerns, one would expect a Trump administration to swiftly delete Obama’s minimization procedures. But any president eager to defeat security threats could ignore or curtail their scope.
If Congress really wants to prevent the FBI from using national security letters to collect and keep private records at its own discretion, as broadly as it wishes, for any purpose, it must write minimization requirements into law.
Will Congress be willing to impose any such constraints on counterterrorism investigators?
William Bendix is assistant professor of political science at Keene State College.
Paul J. Quirk is professor and Phil Lind Chair in U.S. Politics at the University of British Columbia.
Save
Save