Cybertelecom
Cybertelecom
Federal Internet Law & Policy
An Educational Project
ECPA: National Security Letters &
Exigent Letters
Dont be a FOOL; The Law is Not DIY

Congress authorized the FBI to gain individual's transactional records and subscriber records from communications service providers pursuant to 18 USC § 2709, known as National Security Letters. The information sought may include subscriber information, toll billing records information, or transactional records. The information sought must be "relevant" to an authorized investigation. "to protect against international terrorism or clandestine intelligence activities."

Rule:

Similar NSL provisions can be found in the Right to Financial Privacy Act, the National Securities Act (whistle blowers) and the Fair Credit Reporting Act.

Pursuant to Patriot Act amendments, the information in question need not pertain to a foreign power or agent of a foreign power - but the NSL request must "be relevant to an investigation to protect against international terrorism or foreign spying." [CRS p. 4 2009]

During the period covered by our review, the ECPA and Attorney General's Guidelines for FBI National Security Investigations and Foreign Intelligence Collection (NSI Guidelines) authorized the use of national security letters (NSL) only during investigations of international terrorism or espionage upon the written request of a Special Agent in Charge or other specially delegated senior FBI official. In order to open such investigations, the FBI must satisfy certain evidentiary thresholds, which are documented in FBI case files and approved by supervisors. If case agents want to issue NSLs. FBI policies require a 4-step approval process. Case agents must secure the approval of the case agent's supervisor, an Assistant Special Agent in Charge, the field office's Chief Division Counsel, and the Special Agent in Charge (or equivalent supervisors and attorneys at FBI Headquarters) who signs the NSL. FBI personnel authorized to sign NSLs are all members of the Senior Executive Service. [FBI OIG 2010, p. 10]

The FBI initiated a short cut to NSLs known as Exigent Letters which were to be used in emergencies.

"Both USA PATRIOT Act reauthorization statutes—P.L. 109-177(H.R. 3199) and P.L. 109-178 (S. 2271)—amended each of the NSL statutes. They

NSLs contain a Gag Rule provision. 18 USC § 2709(c). Sec. 2709 was amended to clarify the gag rule, including that the recipient of an NSL can consult their attorney. "A breach of a confidentiality requirement committed knowingly and with the intent to obstruct an investigation or related judicial proceedings is punishable by imprisonment for not more than five years and/or a fine of not more than $250,000 (not more than $500,000 for an organization)." [CRS p. 4 2009]

Judicial Review

According to the Congressional Research Service: "In addition to authority to review and set aside NSL nondisclosure requirements, the federal courts also enjoy jurisdiction to review and enforce the underlying NSL requests. Recipients may petition and be granted an order modifying or setting aside an NSL, if the court finds that compliance would be unreasonable, oppressive, or otherwise unlawful.72 Subpoenas issued under the Federal Rules of Criminal Procedure may be modified or quashed if compliance would be unreasonable or oppressive.73 The Rule affords protection against undue burdens and protects privileged communications.74 Compliance with a particular NSL might be unduly burdensome in some situations, but the circumstances under which NSLs are used suggest few federally recognized privileges. The Rule also imposes a relevancy requirement, but in the context of an investigation a motion to quash will be denied unless it can be shown that "there is no reasonable possibility that the category of materials the Government seeks will produce information relevant" to the investigation.75 The authority to modify or set aside a NSL that is unlawful affords the court an opportunity to determine whether the NSL in question complies with the statutory provisions under which it was issued. On the other hand, the court's authority may be invoked to enforce the NSL against a recalcitrant recipient and failure to comply thereafter is punishable as contempt of court.76

72 28 U.S.C. 3511.
73 F.R.Crim.P. 17(c)(2).
74 2 WRIGHT, FEDERAL PRACTICE AND PROCEDURE §275 (Crim. 3d ed. 2000).
75 United States v. R. Enterprises, Inc., 498 U.S. 292, 301 (1991).
76 28 U.S.C. 3511(c)." [CRS p. 10 2009]

Controversy

The use of NSL and Exigent Letters have been the subject of lawsuits and three FBI Office of the Inspector General Reports.

Exigent Letters

ECPA prohibits government access to customer communications records (transaction records) except where the government has a grand jury subpoena or an NSL.

After 9/11, in emergency (exigent) circumstances, the NY FBI Office adopted a practice which has come to be known as exigent letters. In 2003, this practice was adopted by FBI HQ. The FBI would provide an exigent letter to one of three cooperating telephone carriers, which would be followed up by a subpoena. The FBI Communications Analysis Unit issued a memo in 2003 describing exigent letters as follows:

Through liaison developed by the unit, in exigent circumstances the CAU is able to obtain specialized toll records information for international and domestic numbers which are linked to subjects of pending terrorism investigations. Appropriate legal authority (grand jury subpoena or NSL) must follow these requests. [Memo 2003]

An FBI OIG has issued three reports reviewing the use of exigent letters and has concluded

[B]y using exigent letters to acquire information from three communications service providers prior to serving NSLs or other legal process, the FBI circumvented the requirements of the Electron Communications Privacy Act (ECPA) NSL statute and violated the Attorney General's Guidelines for FBI National Security Investigations and Foreign Intelligence Collection (NSI Guidelines), and internal FBI policy. [OIG Report 2010 p 2]

No authority, not ECPA or internal guidelines authorized using this shortcut with the promise of "legal process to follow." [OIG Report 2010 p 11]

Facts Alleged:

Litigation :

EFF: "News reports in December 2005 first revealed that the National Security Agency (NSA) has been intercepting Americans' phone calls and Internet communications. Those news reports, plus a USA Today story in May 2006 and the statements of several members of Congress, revealed that the NSA is also receiving wholesale copies of their telephone and other communications records. All of these surveillance activities are in violation of the privacy safeguards established by Congress and the U.S. Constitution.

The evidence also shows that the government did not act alone. EFF has obtained whistleblower evidence [PDF] from former AT&T technician Mark Klein showing that AT&T is cooperating with the illegal surveillance. The undisputed documents show that AT&T installed a fiberoptic splitter at its facility at 611 Folsom Street in San Francisco that makes copies of all emails, web browsing, and other Internet traffic to and from AT&T customers, and provides those copies to the NSA. This copying includes both domestic and international Internet activities of AT&T customers. As one expert observed, "this isn't a wiretap, it's a country-tap."

EFF is fighting these illegal activities on multiple fronts. In Hepting v. AT&T , EFF filed the first case against a telecom for violating its customers' privacy. In addition, EFF is representing victims of the illegal surveillance program in Jewel v. NSA , a lawsuit filed in September 2008 against the government seeking to stop the warrantless wiretapping and hold the government officials behind the program accountable." EFF NSA Spying

Law: 18 USC § 2709

(a) A wire or electronic communication service provider shall comply with a request for subscriber information and toll billing records information, or electronic communication transactional records in its custody or possession made by the Director of the Federal Bureau of Investigation under subsection (b) of this section.

(b) Required Certification.- The Director of the Federal Bureau of Investigation, or his designee in a position not lower than Deputy Assistant Director at Bureau headquarters or a Special Agent in Charge in a Bureau field office designated by the Director, may-

(1) request the name, address, length of service, and local and long distance toll billing records of a person or entity if the Director (or his designee) certifies in writing to the wire or electronic communication service provider to which the request is made that the name, address, length of service, and toll billing records sought are relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities, provided that such an investigation of a United States person is not conducted solely on the basis of activities protected by the first amendment to the Constitution of the United States; and

(2) request the name, address, and length of service of a person or entity if the Director (or his designee) certifies in writing to the wire or electronic communication service provider to which the request is made that the information sought is relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities, provided that such an investigation of a United States person is not conducted solely upon the basis of activities protected by the first amendment to the Constitution of the United States.

(c) Prohibition of Certain Disclosure.-

(1) If the Director of the Federal Bureau of Investigation, or his designee in a position not lower than Deputy Assistant Director at Bureau headquarters or a Special Agent in Charge in a Bureau field office designated by the Director, certifies that otherwise there may result a danger to the national security of the United States, interference with a criminal, counterterrorism, or counterintelligence investigation, interference with diplomatic relations, or danger to the life or physical safety of any person, no wire or electronic communications service provider, or officer, employee, or agent thereof, shall disclose to any person (other than those to whom such disclosure is necessary to comply with the request or an attorney to obtain legal advice or legal assistance with respect to the request) that the Federal Bureau of Investigation has sought or obtained access to information or records under this section.

(2) The request shall notify the person or entity to whom the request is directed of the nondisclosure requirement under paragraph (1).

(3) Any recipient disclosing to those persons necessary to comply with the request or to an attorney to obtain legal advice or legal assistance with respect to the request shall inform such person of any applicable nondisclosure requirement. Any person who receives a disclosure under this subsection shall be subject to the same prohibitions on disclosure under paragraph (1).

(4) At the request of the Director of the Federal Bureau of Investigation or the designee of the Director, any person making or intending to make a disclosure under this section shall identify to the Director or such designee the person to whom such disclosure will be made or to whom such disclosure was made prior to the request, except that nothing in this section shall require a person to inform the Director or such designee of the identity of an attorney to whom disclosure was made or will be made to obtain legal advice or legal assistance with respect to the request under subsection (a).

(d) Dissemination by Bureau.- The Federal Bureau of Investigation may disseminate information and records obtained under this section only as provided in guidelines approved by the Attorney General for foreign intelligence collection and foreign counterintelligence investigations conducted by the Federal Bureau of Investigation, and, with respect to dissemination to an agency of the United States, only if such information is clearly relevant to the authorized responsibilities of such agency.

(e) Requirement That Certain Congressional Bodies Be Informed.- On a semiannual basis the Director of the Federal Bureau of Investigation shall fully inform the Permanent Select Committee on Intelligence of the House of Representatives and the Select Committee on Intelligence of the Senate, and the Committee on the Judiciary of the House of Representatives and the Committee on the Judiciary of the Senate, concerning all requests made under subsection (b) of this section.

(f) Libraries.- A library (as that term is defined in section 213(1) of the Library Services and Technology Act ( 20 U.S.C. 9122 (1) ), the services of which include access to the Internet, books, journals, magazines, newspapers, or other similar forms of communication in print or digitally by patrons for their use, review, examination, or circulation, is not a wire or electronic communication service provider for purposes of this section, unless the library is providing the services defined in section 2510 (15) ("electronic communication service") of this title.

References

News