doing and planning to do. As CTD Assistant Director Billy stated to us,
"there was never a timeout period to any of this to say, okay, let's do a
check, a compliance."
The failure of FBI officials to understand the practices employed
within the CAU to obtain records from the on-site providers extended not
only to exigent letters, but also to other improper methods described in
Chapter Three this report. For example, CTD Assistant Director Billy did
not know as late as April 2007 about the FBI's improper use of hot number
_
- a service rovided b Com an A's and Com an C's on-site
providers
without
any legal process. The FBI General Counsel and the Deputy General
Counsel for the NSLB also told us they did not know that the FBI had used
hot number _
Similarly, until this OIG investigation, we found no
evidence that any responsible FBI officials or any FBI attorneys were aware
that FBI agents had used inaccurate language in FISA declarations that
attributed the FBI's acquisition of telephone records to NSLs when in fact
the records were acquired through other means. such as exigent letters and
other informal requests.
As a result of these actions. the FBI violated the statutOI}' and
Attorney General Guidelines' requirements for senior-level approval of
requests for telephone subscriber and toll billing records information and
other ECPA-protected information and the 4-step NSL approval process
established by the FBI's own policy to ensure these requests were based on
appropriate predication. As Diagram 2.2 from Chapter Two illustrates, the
FBI substituted a I-step process by which the CAU SSAs and Intelligence
Analysts signed requests for telephone records without supervisory review
by those officials authorized to approve and certify the FBI's basis for
requesting these types of records.
In sum, we believe that FBI senior leadership, senior attorneys, and
CTD supervisors failed to take adequate measures to ensure that the FBI
was obtaining telephone records from the on-site communications service
providers properly, that sufficient training was provided to the FBI
employees who obtained these records, that the new NSL powers granted to
the FBI in the Patriot Act were sufficiently monitored, and that the FBI
provided sufficient oversight on these new and intrusive authorities. The
need for these actions should have been particularly clear when FBI
attorneys learned in late 2004 and early 2005 that the FBI was acquiring
telephone records without legal process. Moreover, no one in the CAU
raised concerns about these exigent letters to higher level CTD officials or
other senior FBI managers. even when Unit Chief Rogers and some of the
agents signing exigent letters should have realized that the letters were
inaccurate on their face.

220

II.

Individual Performance

While the management failures described above explain in part how
the FBI came to use exigent letters and other informal methods for
requesting records from the on-site providers, these management failures do
not explain all the deficiencies we found in this review.
Rather, in this review we also concluded that FBI supervisors and
attorneys did not take sufficient action to oversee or prevent the use of
exigent letters and other improper requests for telephone records. We also
believe that the performance of some FBI employees who signed the letters
that were inaccurate on their face was not in accord with the high standards
expected of FBI and other law enforcement personnel. We discuss the
actions of these individuals in the sections below.

A.

CAU Unit Chief Glenn Rogers

While Rogers served as the CAU's first Unit Chief and later as CXS
Assistant Section Chief, he made several decisions that resulted in
widespread use of exigent letters without adequate legal review by the NSLB,
and also without an adequate system to track their use or document the
many less formal requests for telephone records from the on-site providers.
First, we found that in November 2003 Rogers approved an EC which
instructed CAU personnel on how to handle responsive toll billing records
obtained "[u]nder the authority of an Exigent Circumstances Letter." Yet,
Rogers made no effort to confirm, either then or later, whether these
so-called exigent letters were appropriate for use by the CAD in connection
with national security investigations. As the CAD Unit Chief, Rogers was
responsible for ensuring that the processes used by his unit were lawful and
appropriate. Rogers said that a Company A analyst told him in May 2003
that exigent letters had been used by the FBI's New York Division and that
the "lawyers" had approved the letter. His decision to rely only on a
Company A analyst's vague representations as to the propriety of using
such letters, and a reference to unnamed "lawyers," was imprudent and
Improper.
Second, we found that Rogers failed to properly discharge his duties
as CAU Unit Chief and CXS Assistant Section Chief when he signed, and
permitted his subordinates to sign, exigent letters that inaccurately stated
that subpoenas requesting the telephone records listed in the letters had
"been submitted to the U.S. Attorney's Office who will process and serve
them formally ... as expeditiously as possible." When we asked Rogers why
he signed his name to exigent letters containing these inaccurate
statements, he said:

221

The only thing I really regret is the wording in that letter. The
letter was just a placeholder and it was a bad move on my
part ... It's my fault ... I relied on a flawed piece of paper to do
that and I am sick by it. I am sickened. But I do not think the
letter is the issue. To me the issue is the exigent circumstances
and there were.
Rogers's explanation is unpersuasive. He knew the letters contained
statements that were inaccurate, yet he signed 12 exigent letters and
allowed his subordinates to sign 678 additional exigent letters during his
tenure as a supervisor in the CTD. Even if there were exigent
circumstances - and we found evidence indicating that there was not
exigent circumstances in all cases, let alone a qualifying emergency under
Section 2702 - that does not excuse an FBI employee signing his name to a
letter that contains inaccurate statements of fact.
Moreover, after at least three CAU SSAs complained to Rogers about
using exigent letters that contained inaccurate references to grand jury
subpoenas having been requested from the U.S. Attorney's Office, Rogers
told them to continue using the letters. He told one of them not to change
"a single word. Rogers should have recognized and taken immediate action
then to address the inaccurate statements in the letters. He should have
acknowledged the SSAs' concerns and, at minimum, changed the wording of
the exigent letters to make them accurate. He also should have consulted
with NSLB attorneys and asked them to review the exigent letters to
detennine if they could lawfully be used to support FBI investigations. He
did none of these things.
JJ

Third, Rogers failed to ensure that the personnel assigned to his
unit - many of whom had no prior experience in the FBI's national security
programs - received training on the authorized methods to request and
obtain telephone subscriber and toll billing records information in national
security investigations. None of the CAU SSAs we interviewed who signed
exigent letters said they had received training on the FBI's authorities under
the ECPA to obtain records pursuant to NSLs or the emergency voluntary
disclosure statute.
Fourth, Rogers did not ensure that guidance was issued which, at a
minimum, described in which situations exigent letters could be used. As a
result, CAU personnel used exigent letters and then provided after-the-fact
legal process in a wide variety of inappropriate circumstances. As described
in Chapters Two, Three, and Four of this report, these included instances in
which NSLs were not authorized under the ECPA, the Attorney General's
NSI Guidelines, or FBI policy and also when the standards set forth in the
ECPA emergency voluntary disclosure statute were not satisfied. Rogers's
authorization of the CAU's use of exigent letters to obtain thousands of

222

ECPA-protected records rather than using legal process such as NSLs or
emergency voluntary disclosure requests led to a serious abuse of the FBI's
expanded authority to issue NSLs following enactment of the Patriot
Act.
Fifth, Rogers failed to ensure that Bassem Youssef, his successor as
CAU Unit Chief, was briefed on the unit's methods and procedures,
including the specific methods the CAU used for obtaining records from the
on-site providers. Rogers told us he had objected to Youssefs selection as
Unit Chief and that he had little substantive contact with Youssef after his
appointment. Notwithstanding Rogers's objections to Youssefs selection,
Rogers should have fully briefed Youssef upon his entry on duty as Unit
Chief and should have remained engaged with Youssefs management of the
unit, including Rogers's plan to implement the Tracker Database to track
requests to the on-site providers and the need to issue follow-up legal
process.
Rogers attempted to justify his actions by stating that he regularly
reminded CAU personnel to stay current on securing the after-the-fact legal
process for the providers. He also said he sometimes spoke with personnel
assigned to CTD operational units and at least one field division about the
importance of issuing after-the-fact legal process for telephone records.
However, his efforts were not sufficient to ensure that after-the-fact legal
process was issued, and he never raised concerns about the practice to
other managers or attorneys in the FBI.
In addition, we found that Rogers's failure to clearly explain to CAU
personnel what was appropriate under the law and FBI policy led to other
lax and sloppy practices in the CAU, including sneak peeks and informal
requests for records conveyed bye-mail, telephone calls, and face-to-face
conversations.
Sixth, when Rogers was the CAU Unit Chief and also when he was the
CXS Assistant Section Chief, the CAU did not implement any system for
tracking requests to the on-site providers, or keeping copies of the exigent
letters, or ensuring that legal process was issued promptly after the records
were provided to the FBI. The CAU relied on the on-site providers rather
than its own internal controls to document requests for records and the
need for legal process. As a result, the growing backlog o f _ or
records for which the providers needed legal process went largely unnoticed
and unaddressed by FBI managers for over 3 years, until mid-2006. In
addition, once FBI managers focused on the improper actions, the lack of
documentation of these requests greatly complicated the FBI's efforts to
determine whether it had a basis for retaining these records.

223

Seventh, Rogers also did not consult with NSLB attorneys about the
use of sneak peeks and other informal requests to obtain information from
the on-site providers, or about the FBI's acquisition of calling activity
information on _
hot numbers without legal process. As Unit Chief
of the CAU, he should have consulted with NSLB attorneys about these
practices to ensure that CAU personnel followed the ECPA, the Attorney
General's NSI Guidelines, and other relevant laws, regulations, and FBI
policies governing the acquisition of telephone records.
When we questioned Rogers about these actions, he acknowledged
that after a Company A analyst first told him about exigent letters in May
2003, he allowed the use of exigent letters by CAU personnel without
issuing clear guidance regarding how they were to be issued. However,
Rogers stated that nothing was done "to hide the fact that we were getting
stuff in advance of NSLs."

Rogers also stated that from the time NSLB attorneys became fully
aware of the exigent letter practice in late 2004, the NSLB attorneys never
sought to bring their use to a halt. When we asked Rogers about a
December 2004 e-mail from the Assistant General Counsel to a CAU SSA in
which the Assistant General Counsel discussed the SSA's request for an
after-the-fact NSL, Rogers noted the Assistant General Counsel's statement
in the e-mail, "I am realistic enough to recognize that there are emergency
situations wherein we get the information on the promise of an NSL."
Rogers also told us that during the time he was the CAU Unit Chief and
later the CXS Assistant Section Chief he was never told by FBI attorneys or
CTD management that the exigent letter practice was unacceptable.
We agree that NSLB attorneys share some of the responsibility for the
improper use of exigent letters when they did not end their use after
learning about them. However, for the reasons stated above, we believe
Rogers bears a large portion of the responsibility for the CAU's improper use
of exigent letters. 254
B.

CAU Unit Chief Bassem Youssef

In evaluating Youssefs actions, we believe it is important to recognize
that when he was assigned as CAU Unit Chief in November 2004 and
Rogers became the Assistant Section Chief of the CXS (which oversaw the
CAU). Youssef inherited the improper practices initiated during Rogers's
tenure, including the use of exigent letters and other informal methods such

254

Rogers retired from the FBI in 2006.

224

as sneak peeks for requesting records from the on-site communications
service providers. Moreover. as described in Chapter Two, the CAU's use of
exigent letters was expressly approved by Rogers in an EC to CAU personnel
dated November 18, 2003. 255
We also found that when Youssef frrst carne to the CAU in November
2004 and continuing thereafter, Rogers did not adequately brief Youssef
about the CAU practices. Youssef stated that Rogers "bypass[ed]" him on
e-mails. meetings. and other information relating to the CAU operations.
Youssef also said that Rogers kept him "out of the loop" and that since
Rogers was his immediate supervisor until February 2006. Youssef was not
able to raise concerns he had about how the CAU was being run to Rogers
because Rogers was not willing to listen to his suggestions. Youssef stated
that he had a conversation with Rogers, shortly after learning about the use
of exigent letters, in which Youssef raised concerns about the practice.
Youssef stated that Rogers told him to continue using the letters, and
Youssef said he concluded that he would be insubordinate if he failed to do
so.
Youssef also asserted that he was subjected to an "incredibly hostile
work environment" from his chain of command above Rogers. As noted in
Chapter Four, Youssef asserted that both CXS Section Chief Laurie Bennett
and CTD DAD John Lewis were hostile to him and that he could not raise
any concerns to them about exigent letters. 256

255 As also described in Chapter 'IWo, the previous CAU Acting Unit Chief had
approved an EC dated January 6, 2003. distributed to FBI divisions which stated that the
CAU could obtain telephone records in "exigent circumstances" and that legal process must
follow such requests. This EC did not explicitly refer to exigent letters.
256 Mter reviewing a draft of this report, Youssef's attorney reiterated that Youssef
felt he was subjected to a hostile working environment. Youssef's attorney also stated that
because of a Title VII lawsuit Youssef fJ.J.ed against the FBI. he was involuntarily transferred
to the position of CAU Unit Chief and that many of the CAU supervisors and staff shunned
him and preferred to deal directly with Rogers. As noted here and in Chapter Four, the OIG
took into account Youssef's work environment in assessing his perfonnance.

Youssef's attorney made many other comments after reviewing a draft of this report.
We do not address all of his comments. but respond to some of the most significant ones in
this report.

225

We confirmed that Youssef was not included on some e-mails between
Rogers and the Assistant General Counsel between November 2004 and
February 2005. 257
With regard to Youssers claim that Rogers bypassed him, Rogers
acknowledged to us that he had very little interaction with Youssef when
Youssef became the CAU Unit Chief, and that Rogers never provided Youssef
with any guidance on matters involving the CAU, including exigent letters.
Rogers said:
I didn't give him any briefings. He didn't ask for any .... He
never came to me for advice. . . . The most contact I had with
him was he was constantly e-mailing me to get his admin leave
approved for his lawsuit. And that was the majority of my
interaction with him.
Rogers also said that he had recommended to the CXS Section Chief that
Youssef should not be selected for the CAU Unit Chief position because
Rogers did not think that he "had enough experience or understanding of
what [the CAUl did."
It is clear from the evidence that Rogers did not interact with Youssef

or value Youssers input into the CAU operations. We believe Rogers should
have risen above his disagreement about Youssers selection and ensured
that, working together, they managed the unit appropriately.
It is important to recognize that soon after Youssef became the CAU

Unit Chief he learned about exigent letters, that NSLB attorneys were aware
of the CAU's practice of using exigent letters, and that the NSLB attorneys
were working with CAU personnel on a process for issuing after-the-fact
NSLs more expeditiously. In addition, Youssef took steps to address the
backlogged requests for legal process. For example, in approximately April
2005, after learning from a Company B employee about the backlog of legal
process owed to that provider, he instructed CAU personnel to obtain the

257 We found that Youssef did not attend two important meetings with Rogers and
NSLB attorneys that were held on January 6, 2005, and January 26, 2005. After reviewing
a draft of this report, Youssefs attorney stated that Youssef was "excluded" from or "not
invited" to these meetings. However, Youssef told us that he knew about the meetings
before they were held. Youssefs attorney stated that Youssef could not attend them
because he was on sick leave in one case and at a deposition in his Title VII case in the
other. FBI e-mails and documents also reflect that Youssef was invited to these meetings
but did not attend. Youssef acknowledged that he made no effort afterwards to learn what
had occurred at these meetings.

226

necessary process for Company B. In October 2005 he instructed CAU
personnel to ensure that all outstanding requests for records from all three
providers were covered by legal process. Also in the fall of 2005, he worked
with the FBI aGC and representatives of the CTD operational units to
reduce the number of future records requests made prior to service of legal
process. 258
Yet, although Youssef inherited the CAU's exigent letters practice, and
NSLB attorneys condoned the use of exigent letters and after-the-fact legal
process, we nonetheless found that, in several respects, Youssers actions
contributed to the CAU's continued use of exigent letters and other informal
requests for telephone records.
First, Youssef failed to understand fully or adequately assess (in
coordination with CTD management and the NSLB) all of the methods by
which FBI personnel were obtaining records from the on-site providers.
Even though he was in charge of the CAU, Youssef did not understand the
scope of the exigent letter practice in his unit, including the routine use of
after-the-fact legal process and the other improper practices within the CAU
for obtaining telephone records. For instance, Youssef told us that apart
from two large counterterrorism operations in 2006, he was unaware that
during his tenure CAU employees had obtained records or calling activity
information for over 1,000 telephone numbers prior to service of either legal
process or exigent letters. In addition, Youssef told us he could not
approximate how many exigent letters were issued by CAU personnel over

258 In response to a draft of this report, Youssefs attorney stated that Youssef also
requested guidance from the FBI OGC regarding what constituted exigent circumstances,
and that this request prompted the Assistant General Counsel's April 26, 2005, e-mail (in
which she advised Youssef that exigent letters should be used "only if it is clear to you that
the requestor cannot await an NSL"). Yet, we determined through contemporaneous
e-mails that the Assistant General Counsel's e-mail was prompted by information she had
received from another Headquarters Unit, not from any request for guidance from Youssef.

Youssefs attorney also asserted that Youssefs actions in circulating this e-mail to
CAD personnel "were the first actions taken by any FBI manager, Unit Chief and/or
employee of the [FBII OGC to provide the CAD employees instruction" as to when an exigent
letter could be used. We note that the Assistant General Counsel wrote in her e-mail to
Youssef, "please make sure the people in your unit are instructed to ask for an NSL, and
only if it is clear to you that the requestor cannot await an NSL ... should they be done as
emergencies based on your exigent letter." Thus, while we agree that Youssef acted
appropriately in following the Assistant General Counsel's advice to instruct CAD
personnel, it appears that the first action prompting the instruction was taken by the
Assistant General Counsel, not by Youssef.

227

his own name as Unit Chief (we found that the number was 367). Youssef
also told us that he was unaware of the details of the CAU requests for
community of interest _
sneak peek requests, hot number _
and the unauthorized use of administrative subpoenas.
Second, like his predecessor Rogers, Youssef failed to establish an
adequate tracking system for exigent letters and other means by which FBI
personnel requested records from the on-site providers. Although Youssef
took steps in April and October 2005 to determine tbe scope of tbe
backlogged requests for legal process. he did not seek to maintain an
accurate record at the time they were made of the nature, number, and
origin of the requests to the on-site providers whether communicated by
exigent letter. by telephone, bye-mail. on pieces of paper, or through sneak
peeks. The failure to maintain such records was an internal control
problem tbat greatly complicated the FBI's later efforts to determine whetber
it had a basis to retain the records.
Third, Youssef himself signed one exigent letter issued to Company A
on November 21. 2005, that contained an inaccurate statement. Like
virtually all other exigent letters signed by CAU personnel, this letter stated
that a grand jury subpoena had been requested from the U.S. Attorney's
Office. This was not true. When we showed Youssef this letter, he said that
when a CAU Intelligence Analyst presented the letter to him for signature he
did not recall noticing that the letter referred to a subpoena rather than an
NSL. Youssef acknowledged that the follow-up legal process subsequently
issued to cover the numbers in the exigent letter was an NSL. He added
that he had not "closely" read the exigent letter before he signed it. Youssef
told us tbat he should have read tbe exigent letter more closely, adding tbat
he "signed this without really looking at it ... because at that time I was
aware that that is the procedure in the unit." We concluded that even if
Youssef believed that exigent letters were "the procedure in the unit." his
failure to review any exigent letter between March 2005 (when he first
learned they were used) until November 2005 was troubling. 259

259 After reviewing a draft of this report, Youssefs attorney asserted that Youssef
had to sign this exigent letter because the circumstance was a true emergency, the
statement about a grand jury subpoena to follow was simply a "placeholder" meaning that
some legal process would follow, and that it would have hanned the national security for
Youssef to take the time to determine whether the letter accurately stated that a grand jury
subpoena would follow. However, Youssef could have easily and quickly ensured the
letter's accuracy by revising it to state that legal process would follow. In addition, he could
have ensured that the letter was accurate, either before or after he signed it. Rather his
testimony was that he did not carefully review the letter and did not notice it referred to a
grand jury subpoena before signing it. Finally, we note that 367 exigent letters were signed
(Conl'd.)

228

Fourth, we found that Youssef did not adequately inform the
Assistant General Counsel that CAU personnel were having difficulty
obtaining legal process to address the backlog of record requests about
which he was aware. As described in Chapter Four of this report, Youssef
told us that he emphasized at the September 26, 2005, meeting with NSLB
attorneys and managers of a CTD operational unit that the CAU was
attempting to address the "significant backlog" of NSLs owed to the
providers. However, in late 2005 and early 2006 when the Assistant
General Counsel asked Youssef what the NSLB could do to assist the CAU
to ensure the NSLs were issued in a timely manner, Youssef replied that the
CAU was "making some reasonable headway in getting NSLs" and that the
on-site providers were "happy with the results." These comments did not
address the problem of the significant backlog of several hundred telephone
numbers for which promised legal process had not been issued. Youssef did
not at this time, or later, advise the Assistant General Counsel of the scope
of this backlog or that the CAU was having difficulty obtaining after-the-fact
legal process to address the backlog.
By not making clear to the NSLB that the CAU was having significant
difficulty in obtaining after-the-fact NSLs, Youssef contributed to an
inaccurate perception that the CAU had the exigent letter matter under
control. Because the NSLB was not informed of the full scope of the
problems, it did not provide additional resources or issue more urgent
directives in coordination with CTD officials to establish clear timetables
and oversight mechanisms to address the problem. While we believe that
NSLB attorneys were very slow in recognizing and correcting the core legal
problem with exigent letters, we also believe Youssefs understatement of the
problem contributed to the NSLB's lack of urgency in addressing the exigent
letters situation. 26o

by the CAU staff under his name, and he did not attempt to verify that the representations
in the letter were accurate.
260 In response to reviewing a draft of this report, Youssefs attorney stated that
Youssef had requested help from the FBI aGC to force the operational units to open
preliminary investigations prior to the CAU requesting records from the on-site providers,
but that the FBI aGC refused his request. Youssefs attorney cited two e-mails, dated April
5 and 12,2005, written by the Assistant General Counsel. According to Youssefs attorney,
Youssefs request to the FBI aGC to force the operational units to open preliminary
investigations, if accepted, would have "struck at the root cause of the exigent letter(s]
problem."

However, the April 5 and April 12 e-mails related to the umbrella preliminary
investigative file plan that the NSLB had proposed in January 2005. In his OIG interviews,
Youssef also portrayed the preliminary investigation suggestion as the FBI aGC's idea, not
(Conl'd.)

229

As discussed above, Youssef also asserted that he was subjected to a
hostile working environment from his chain of command above Rogers.
However, we believe that if Youssef concluded that it would be futile to raise
concerns about exigent letters with Rogers or others in the CTD chain of
command, Youssef could have, and should have, raised these concerns with
other FBI managers. He also could have taken the concerns he said he had
in 2005 about the use of exigent letters to the FBI's Inspection Division, the
FBI's Office of Professional Responsibility, the GIG, or the Department of
Justice.
In sum, we recognize that Youssef was placed in a difficult position
when he became the Unit Chief of the CAU because the use of exigent letters
and other informal means for obtaining telephone records and other
ECPA-protected information from the on-site providers had been ongoing for
several years. In addition, Rogers, who was the CAU's former Unit Chief
and who became Youssefs first-line supervisor, did not adequately brief
Youssef about the CAU practices and did not in other ways interact
appropriately with Youssef. We found that Youssef took some steps to
attempt to address the use of exigent letters. However, we concluded that
Youssef did not do all he could have. and should have, to address the
improper use of exigent letters and other informal requests for telephone
records.

C.

NSLB Deputy General Counsel Julie Thomas

As summarized in Chapter Two of this report. we found that many of
the improper practices described in this report pre-dated Julie Thomas's
appointment in October 2004 as Deputy General Counsel of the FBI OGC's
National Security Law Branch (NSLB). Before Thomas's appointment, CAU
personnel had been regularly issuing exigent letters, and CAU Unit Chief
Rogers had formally recognized exigent letters as an approved method for
getting records from the on-site providers without first serving legal
process.

his. Moreover, as described in Chapter Four, the umbrella plan was dropped because
Youssef informed the FBI aGC months later at a meeting on September 26, 2005, that
umbrella mes were not needed because emergency requests for records in cases where
there was no case already open 'were few and far between." Therefore, Youssef's testimony
does not support the assertion that forcing the operational units to open preliminary
investigations would have solved the "root cause" of the exigent letters problem, or that the
FBI aGe refused his request to get the operational units to open preliminary
investigations.

230

However, we found that after Thomas became the NSLB Deputy
General Counsel and became aware of exigent letters, she did not
adequately review and assess the legality of their use in a timely fashion,
halt their use, ensure in coordination with CTD officials that CAU personnel
understood the lawful methods for obtaining records from the on-site
communications service providers, or ensure that the NSLs that she
personally signed complied with the ECPA NSL statute.
As NSLB Deputy General Counsel, Thomas served as the principal
legal adviser to the FBI General Counsel on FBI national security issues.
After the September 11 attacks, the NSLB grew from a small unit of
approximately 10 employees to a full branch within the FBI aGC consisting
of 6 units staffed by over 70 attorneys, Special Agents, and support
personnel. The NSLB's mission was to provide legal support throughout the
FBI, including to the Counterterrorism, Counterintelligence, and Cyber
Divisions, by advising on legal issues related to national security matters,
ensuring an efficient and timely process for seeking FISA warrants,
developing and maintaining liaison relationships within the Intelligence
Community, and providing legal training on national security issues to FBI
employees.
Yet, beginning in December 2004 when the Assistant General Counsel
first informed Thomas about a "form letter" the CAU was using to obtain
records in advance of legal process, Thomas failed to directly address the
fact that these letters violated the ECPA. Even though she recognized that
there were only two authorities by which the FBI could obtain ECPA records
in national security investigations (pursuant to legal process or the
emergency voluntary disclosure statute), Thomas did not take prompt,
decisive action in December 2004 when she learned that (1) the CAU was
regularly obtaining records from the on-site providers by using a form letter
that promised future legal process, and (2) the CAU was having difficulty
obtaining after-the-fact legal process from Headquarters' operating units
and FBI field divisions regarding the records it already had received from the
on-site providers.
In particular, Thomas did not ask to review the exigent letter; did not
direct the Assistant General Counselor anyone else to review the exigent
letter; did not ensure that CAU personnel were trained on the lawful
methods for obtaining telephone records; did not review the FBI's contracts
with the three on-site communications service providers (or the underlying
contract proposals and other documents) until after the FBI received a draft
of the OIG's first NSL report; and did not determine if the CAU had issued
any guidance to its employees about the appropriate and legal way for FBI
personnel to request records from the on-site providers. Instead, Thomas
approved a recommendation from the Assistant General Counsel in January
2005 that NSLB personnel be made available to the CAU to help get NSLs

231

signed quickly after the FBI acquired records from the on-site providers in
emergency situations.
We concluded that after Thomas was given notice in December 2004
that exigent letters with the promise of future legal process were being used
to obtain ECPA-protected records, at a minimum she should have asked an
NSLB attorney to fully and promptly review with CTD's senior managers the
methods and practices used by CAU personnel to request and obtain
records from the on-site providers so that NSLB could determine if they
were legal. A careful review would also have revealed the additional
improper practices arising from the FBI's interactions with the on-site
providers, such as requesting records without legal process or even exigent
letters, sneak peeks, hot number _
and the use of administrative
subpoenas signed by a CAU SSA.
In evaluating Thomas's performance, we recognize that CAU
personnel also failed to provide infonnation to the NSLB that they should
have known was relevant to the NSLB's legal oversight. In particular, as
discussed above, CAU Unit Chief Youssef did not adequately advise the
NSLB on the extent of the backlog and the ongoing difficulties CAU
personnel were encountering in getting after-the-fact NSLs issued by field
and Headquarters divisions. These omissions affected Thomas's ability to
fully appreciate the scope of the CAU's various problems resulting from its
use of exigent letters and other improper methods to obtain telephone
records.
Similarly, CAU personnel did not infonn Thomas or other FBI
attorneys that the CAU routinely obtained ECPA-protected information from
the on-site providers by using sneak peeks. Moreover, even after FBI aGC
attorneys first were told by the CAU Primary Relief Supervisor about sneak
peeks in February 2007, they were not infonned of the extent of the
infonnation given to CAU personnel in response to such requests. As late
as 2007. when the Assistant General Counsel asked CAU personnel to
prepare a memorandum reporting as possible intelligence violations the
improper blanket NSLs she then knew about, the CAU personnel involved in
the drafting effort failed to provide accurate and complete infonnation to the
NSLB about the 11 blanket NSLs that had been drafted by CAU personnel
and signed by senior CTD officials.
Yet. we believe that these deficiencies in reporting these issues to the
NSLB do not excuse Thomas's failure to take adequate action with the
information she did have. At critical junctures throughout 2005 and 2006,
when Thomas learned more about the CAU's various practices for obtaining
records from the on-site providers, she did not take timely, decisive. and
effective actions to ensure that the CAU obtained records from the on-site

232

providers only in accordance with the ECPA and ensure that the use of
exigent letters and after-the-fact NSLs was halted.
For example, after the Assistant General Counsel informed Thomas in
an e-mail in April 2005 that the CAU may be handling requests from the
on-site providers for records as if they were emergencies when some of the
requests "were not necessarily emergencies," Thomas did not correct
inaccurate guidance that the Assistant General Counsel had given to the
CAU: that the CAU could continue to use exigent letters "only if it is clear to
you that the requestor cannot await an NSL." As described in Chapters
Four and Six of this report, this advice was inaccurate because even if the
exigent letter was construed as seeking voluntary production pursuant to
Section 2702, the advice would allow use of the letter in circumstances that
did not meet Section 2702's definition of emergency circumstances.
Thomas told us that she did not recall receiving the Assistant General
Counsel's April 2005 e-mail, but after reviewing the e-mail in August 2008
she said it was consistent with her understanding of the advice that the
NSLB was providing the CAU in 2005. Thomas said she understood that
the Assistant General Counsel's advice was "shorthand" for the "true
emergency" standard in the emergency voluntary disclosure statute (18
U.S.C. § 2702(c)(4)). However, as described above we do not believe it is
reasonable to equate the words "the requestor cannot await an NSL" with
the "danger of death or serious physical injury" standard in Section 2702.
More significantly, FBI General Counsel Valerie Caproni and the Assistant
General Counsel stated unequivocally that the FBI did not rely on that
statutory authority in approving the use of exigent letters. We concluded
that Thomas's recollection was mistaken and that 18 U.S.C. § 2702(c)(4)
was not relied upon by the NSLB during the period that the CAU issued
exigent letters.
In August 2005, Thomas missed another opportunity to correct some
of the CAU's improper practices when she failed to recognize that the
emergency voluntary disclosure statute could be used to address some of
the emergency requests coming to the CAU. At that time Thomas approved
FBI-wide guidance issued by the FBI General Counsel for obtaining the
content of communications pursuant to the ECPA emergency voluntary
disclosure provision. The new guidance reiterated the requirements of the
provision and specifically highlighted that since the disclosure was
voluntary it "should not be followed with a subpoena or other compulsory
process." Yet, even as she reviewed and approved new FBI policy for using
this emergency authority under 18 U.S.C. § 2702(b)(8) for obtaining
communications covered by the ECPA, Thomas failed to recognize a
connection between a similar emergency disclosure provision under 18
U.S.C § 2702(c)(4) relating to toll billing records under the ECPA and how
that authority related to the exigent letters practice. She again failed to halt

233

the use of exigent letters - which improperly combined a request for
voluntary production with a promise of future compulsory process - and she
also failed to identify the emergency voluntary" disclosure statute as an
appropriate alternative to exigent letters in qualifying emergencies.
In June 2006, when Thomas received an e-mail informing her that the
Assistant General Counsel had sent a new version of a model exigent letter
to the CAU in May 2006, Thomas again allowed the practice of using exigent
letters to continue. The new version of the exigent letter promised that
NSLs (rather than grand jury subpoenas) would be issued in the future.
While the revised model exigent letter corrected an inaccurate statement in
the exigent letter about grand jury subpoenas, the revised letter still did not
ensure compliance with the ECPA's requirements that either (1) the FBI
issue legal process in advance of obtaining records; or (2) the provider
produce records voluntarily in circumstances satisfying Section 2702's
emergency voluntary" disclosure provision. Consequently, the revised
exigent letter did not resolve the fundamental legal problem with the letters
under the ECPA.
In addition, we found that Thomas herself signed seven after-the-fact
NSLs in 2005. The ECPA does not authorize the issuance of retroactive
legal process, and such process would not validate an improper disclosure
of records under the ECPA. The NSLs and approval ECs also did not state
that the FBI had already acquired the records.
In evaluating Thomas's overall performance we recognized that she
was also assigned to provide legal counsel to support many high-profile
threats that the FBI addressed during the period covered by our review.
Thomas told us that she regularly was involved with "the most emergent
issues that face the intelligence community!' She said she routinely dealt
with "life and death situations" that required immediate attention. Thomas
also said that soon after she was appointed NSLB Deputy General Counsel
in the fall of 2004, she ·came to believe that the span of control of this
branch was beyond the capabilities of any human being." She said that
starting in December 2004 she had requested that Section Chief positions
be established in the NSLB to assist her, but that this did not occur until
January or February 2008.
Yet, taking all these circumstances into account, we believe Thomas
inappropriately approved the use of the exigent letters practice and
after-the-fact NSLs, did not promptly review an exigent letter or direct
another attorney to review one, did not review the providers' contracts and

234

associated documents, repeatedly missed opportunities to halt the use of
exigent letters, did not work with CTD managers to ensure CAU personnel
were properly instructed on the FBI's authorities to obtain telephone records
from the on-site providers, and signed improper after-the-fact NSLs.261

D.

NSLB Assistant General Counsel

As described in this report, the NSLB Assistant General Counsel had
the most frequent contact with CAU personnel regarding exigent letters.
She was an FBI senior line attorney who was the NSLB point-of-contact for
NSL-related policies and issues. In that position, she was consulted when
field and Headquarters personnel, including Chief Division Counsels, had
questions about NSLs. She also was responsible for drafting NSL guidance,
preparing or overseeing the preparation of NSL training materials, preparing
congressionally mandated reports to Congress on NSL usage, and
evaluating the need for legislative amendments to the FBI's NSL
authorities.
We determined that in December 2004, in connection with a request
for an after-the-fact NSL from a CAU SSA, the Assistant General Counsel
first learned that the CAU regularly used exigent letters to obtain telephone
records, that these exigent letters promised after-the-fact legal process, that
the CAU relied on field divisions to supply the after-the-fact legal process,
and that the field divisions often did not respond to the CAU's requests for
after-the-fact legal process. In response, the Assistant General Counsel
promptly and appropriately notified her immediate supervisor and NSLB
Deputy General Counsel Thomas about this information. We also found
that she consistently kept both her immediate supervisor and Thomas
informed about her interactions with the CAU concerning exigent letters and
the problems the CAU was encountering in obtaining legal process after the
exigent letters were issued. She also periodically advised CAU Unit Chief
Youssef that she and the NSLB were available to assist the CAU in working
through exigent letters problems by making NSLB resources available to
assist with promptly drafting after-the-fact NSLs.
Yet, while the Assistant General Counsel generally kept her
supervisors informed of what she learned on a timely basis, she provided
inaccurate guidance to Youssef that "we are willing to allow these requests
when there really are exigent circumstances ... only if it is clear ... that
the requestor cannot await an NSL." She also recommended to NSLB
Deputy General Counsel Thomas that the NSLB designate attorneys to

261

Thomas resigned from the FBI in December 2008.

235

assist the CAU in preparing after-the-fact NSLs more expeditiously and over
a period of nearly 9 months worked on a proposal to create "umbrella files" generic national security investigations of recurring threats - that could be
used to document in NSL approval ECs the predication for NSLs (until she
was informed that the umbrella files were not needed). When we asked her
how she justified the use of exigent letters that promised future legal
process, the Assistant General Counsel told us that the FBI had "created an
exception [to the ECPA statute] in national security circumstances where we
think it's absolutely necessary." However, the ECPA does not provide for
such an exception.
We were also troubled the Assistant General Counsel did not seek to
review a copy of any exigent letter until May 2006, more than 18 months
after first learning of their use in the CAU. We believe she should have
asked to see an exigent letter upon hearing of its use.
Even after reviewing an exigent letter, she did not recognize that the
CAU was obtaining records in violation of the ECPA. Instead of
recommending that their use be halted, in May 2006 she merely revised the
exigent letter to substitute the term "NSL" for the inaccurate reference to
after-the-fact issuance of grand jury subpoenas, and she advised the CAU
that it could continue to use the revised exigent letter. By these actions,
she allowed the FBI's improper use of exigent letters and after-the-fact NSLs
to continue. However, it is also important to note that she forwarded the
revised exigent letter to both her supervisor and Thomas, and that neither of
these supervisors objected to the Assistant General Counsel's changes or
otherwise questioned the CAU's continued use of exigent letters.
Finally, we believe the Assistant General Counsel should have
recognized that many of the exigent requests that came to the CAU qualified
for emergency voluntary disclosure requests under the ECPA. Yet, like her
immediate supervisor and NSLB Deputy General Counsel Thomas, the
Assistant General Counsel did not ensure that CAU personnel were briefed
about the circumstances in which the FBI could lawfully request voluntary
disclosure without legal process.
In sum, we concluded that based on the Assistant General Counsel's
experience in national security investigations and the position she held in
the NSLB, she should have directly confronted the legal deficiencies in use
of exigent letters and, through her supervisors in the NSLB and in
conjunction with CTD managers, ensured that the use of exigent letters
ended, which she did not do.

236

E.

General Counsel Valerie Caproni

We examined the involvement of FBI General Counsel Valerie Caproni
in the handling of exigent letters and determined that she first learned
about the CAU's use of exigent letters or other improper requests for
telephone records in late 2006, during the GIG's first NSL investigation.

The only evidence that Caproni was told anything prior to this time
that related to the CAU obtaining records before service of legal process was
a conversation that Thomas said she had with Caproni in April 2005 when
Thomas was preparing for the FBI Inspection Division's triennial inspection
of the FBI OGe. Thomas said she discussed with Caproni at the time that
the NSLB "had a problem delivering legal services' and that "[CAU
personnel] were requesting NSLs for records they had already received."
Thomas said she raised the question to Caproni whether these after-the-fact
NSLs should be reported as possible intelligence violations to the President's
Intelligence Oversight Board. Thomas said that Caproni agreed with
Thomas's assessment that "these were likely all emergency circumstances
anyway and a follow-on NSL would not be required. "262
We concluded that the information Thomas recalled sharing with
Caproni was not of sufficient detail to put Caproni on notice that the CAU
was obtaining records from the on-site providers with a promise of future
legal process. We found no evidence that Thomas informed Caproni that
the CAD was obtaining records using a letter that promised future service of
legal process.
Rather, Caproni first learned about the use of exigent letters in 2006
in response to the FBI Director's request that she assess whether the FBI
anticipated any problems with the GIG's first NSL investigation that was
ongoing at the time. Caproni asked the Assistant General Counsel in an
e-mail whether, in light of the Assistant General Counsel's recent GIG
interview, she anticipated "any problems/issues/concerns." In a reply on
June 1, 2006, the Assistant General Counsel wrote:
in emergency situations ... we have allowed CAU to get NSL
information from the le]mbedded telephone companies based
upon a letter promising a legally compelling process to be
forthcoming, and then the NSL is supposed to be issued ....

262 However, as we discuss in Chapter Four of this report, Caproni told us in earlier
interviews when we asked her if the FBI had been relying on the emergency voluntary
disclosure statute in approving the use of exigent letters, "no, we had no discussions that
these (exigent letter requestsJ- would qualify under that provision of the ECPA."

237

There had been some problems with the promptness or lack
thereof of those NSLs, as well as figuring out a [preliminary
investigation] to which to attach the NSL request. I think the
problem is resolved now but we still allow the receipt of info
without an actual NSL prior to the receipt. It is analogous to
the 2702(d) emergency but we have never premised it on that.
On July 20, 2006, NSLB Deputy General Counsel Thomas forwarded
to Caproni another e-mail from the Assistant General Counsel in which the
Assistant General Counsel reported that she had been asked in a recent
OIG interview about the CAU's practice of issuing exigent letters "in
emergency situations to get NSL infonnation." Thomas stated in her
forwarding e-mail, "[w]e have done better with this [issuing NSLs prior to
requests for records] but when we are sitting right next to the rep. its tough
to wait the 2-3 days it takes to get" the NSL. Caproni responded to Thomas,
"I think we've always done some 'paperwork to follow' requests. "263
However, Caproni said she did not see an exigent letter and was
unaware of the extent to which the FBI was using exigent letters before the
OIG showed her an exigent letter and informed her of the details of the
practice in late 2006 in connection with the OIG's interview of her in our
first NSL investigation.
We concluded that the two e-mails described above did not alert
Caproni of the extent of the problem and in fact suggested that the problem
had been "resolved." Moreover, by the time Caproni received these e-mails
the OIG investigation was ongoing within the FBI and the issuance of
exigent letters had all but stopped. Under these circumstances, we do not
believe she was on sufficient notice of the problem, in advance of the OIG
investigation, to remedy it.

263 When the DIG asked Caproni about her reference to the FBI always doing
"paperwork to follow" requests, Caproni stated that when she was an Assistant United
States Attorney there were instances in which records were obtained prior to the service of
legal process. Caproni told us, "in my experience it is not a particularly unusual
circumstance to do a paperwork-to-follow request," as long as the process comes within "a
day, or ... maybe you are going to get the records on Saturday and you are going to give
them the process on Monday." Caproni added that when she was told about the CAU
obtaining records prior to process, "[ilt did not surprise me or shock me," noting, however,
that she believed at the time that legal process was served within a day or two. Caproni
distinguished her prior experience from the sort of delays that she learned were occurring
in the CAU.

238

F.

Signers orthe 11 Blanket NSLs: Joseph Billy, Jr., Arthur
Cummings III, Michael Heimbach, and Jennifer Smith

Love
As described in Chapter Four of this report, we found that 4 senior
CTD officials signed a total of II improper blanket NSLs in 2006. Each of
these NSLs had multiple deficiencies.
We analyze below the actions of the
signed these improper blanket NSLs.

1.

fOUf

eTn senior officials who

Joseph Billy, Jr.

Joseph Billy, Jr., joined the FBI in 1978. By mid-2006, Billy had
been assigned to FBI national security investigations for about 20 years.
Billy signed 4 of the II improper blanket NSLs: the Company B
May 12 NSL and 3 Operation Z NSLs. He signed the Company B May 12
NSL when he was a CTn Deputy Assistant Director and the three Operation
Z NSLs as an Assistant Director. In both of these positions, Billy was
authorized to sign NSLs by virtue of the FBI Director's delegation of NSL
signature authority to Deputy Assistant Directors and Assistant Directors of
the Counterterrorism Division.
However, all fOUf NSLs were deficient. The Company B NSL violated
the ECPA because (1) it included telephone numbers relevant to closed
investigations and records that were relevant to domestic terrorism and
criminal investigations for which NSLs are not an authorized technique
under the Attorney General's NSf Guidelines; and (2) did not contain the
certifications required for NSLs imposing non-disclosure and confidentiality
requirements on NSL recipients.
The Company B May 12 NSL and the three Operation Z NSLs also
violated FBI policy because they were not accompanied by approval ECs.
Approval ECs are required in order to document that the records sought are
relevant to an authorized national security investigation.
Finally, all four NSLs were issued after-the-fact, and none of the NSLs
disclosed that they were issued for records that had been previously
obtained through exigent letters.
Billy told us that he did not recall signing the Company B May 12
blanket NSL or the three Operation Z NSLs, but he did not contest that his
signature was on all four NSLs. Further, although he told us that he knew
that NSLs were only authorized in instances in which there was an open
preliminary or full national security investigation, the Company B May 12
NSL included telephone numbers related to closed cases and domestic

239

terrorism and criminal investigations for which NSLs are not authorized.
Additionally, Billy told us that signing NSLs that were not accompanied by
approval ECs was "completely outside" his practice. However, we confirmed
with the CAU SSAs who drafted the four blanket NSLs that Billy signed that
none of these four NSLs were accompanied by approval ECs. While we
developed no evidence contradicting Billy's assertion that his normal
practice was to sign NSLs only if they were accompanied by approval ECs,
these four NSLs were not issued with the required approval ECs.
We concluded that in signing these four NSLs, Billy failed to take
appropriate steps to ensure that NSLs he signed complied with the ECPA,
the Attorney General's NSI Guidelines, and FBI policy. When Billy signed
these NSLs he had nearly 20 years of experience with FBI national security
investigations, and he knew the legal and policy requirements for using this
intelligence tool. Yet, he signed these NSLs either without the required
certifications or without ensuring that the requests were adequately
predicated under the ECPA by examining the approval ECS.264
2.

Arthur A. Cummings III

Arthur A. Cummings lIljoined the FBI in 1987. By mid-2006,
Cummings had worked on FBI national security investigations for about 14
years.
Cummings signed 5 of the 11 improper blanket NSLs, all of which
related to Operation Y. He signed these NSLs as a Special Agent in Charge
(SAC) for the Washington Field Office while he was temporarily assigned to
the CTD as an Acting DAD. As a SAC. Cummings was authorized to sign
NSLs by the FBI Director's delegation pursuant to 18 U.S.C. § 2704(b).

All of the Operation Y NSLs were deficient. These NSLs were issued
after-the-fact. although the ECPA does not authorize after-the-fact process.
In addition, they did not contain the certifications required for NSLs
imposing non-disclosure and confidentiality requirements on NSL
recipients. These NSLs also violated FBI policy because they were not
accompanied by approval ECs. Finally all five NSLs were issued
after-the-fact but none of the NSLs disclosed that they were issued for
records that had been previously obtained through exigent letters and other
informal requests.
J

264

Billy retired from the FBI in March 2008.

240

Cummings said that prior to signing any of the NSLs, he had spoken
with an NSLB attorney to detennine if he was authorized to sign NSLs while
serving as an Acting DAD in the CTD on temporary assignment. An NSLB
attorney confinned to us that she advised Cummings that he could sign
NSLs in his position as a SAC.
Cummings also told us that he recalled signing the Company C
August 24 and Company A August 25 Operation Y blanket NSLs, which
included many telephone numbers, but he did not recall signing the other
three Operation Y blanket NSLs. Cummings said he believed that each of
the NSLs he signed had approval ECs because it was his practice to ensure
that NSLs always had approval ECs. However, we confinned with the CAD
SSA who drafted the NSLs that approval ECs were not prepared for any of
the five Operation Y blanket NSLs. Accordingly, we detennined that
Cummings was mistaken in his belief that all the NSLs he signed were
accompanied by approval ECs.
We concluded that by signing these NSLs Cummings failed to take
appropriate steps to ensure that the NSLs complied with the ECPA, the
Attorney General's NSI Guidelines, and FBI policy. When Cummings signed
these NSLs, he had about 14 years experience in conducting FBI national
security investigations, yet he failed to ensure that the requests were
adequately predicated under the ECPA by examining the approval ECs.

3.

Michael Heimbach

Michael Heimbach joined the FBI in 1988. By mid-2006, Heimbach
had been assigned to FBI national security investigations for more than 3
years.
Heimbach signed the Company C July 5 blanket NSL. Heimbach
signed this NSL when he was a Section Chief of the International Terrorism
Operations Section 1 of the CTD, but while temporarily assigned as an
Acting DAD for the CTD. Similar to the Company B May 12 NSL signed by
Billy, this NSL violated the ECPA because it (1) included telephone numbers
relevant to closed investigations and records that were relevant to domestic
terrorism and criminal investigations for which NSLs are not an authorized
technique under the Attorney General's NSI Guidelines; and (2) did not
contain the certifications required for NSLs imposing non-disclosure and
confidentiality requirements on NSL recipients. Additionally, this NSL
violated FBI policy because it was not accompanied by an approval EC. As
mentioned previously, approval ECs are required in order to document that
the records sought are relevant to an authorized national security
investigation.

241

Finally, this NSL was issued after-the-fact, although the ECPA does
not authorize retroactive legal process, and did not disclose that it was
issued for records that the FBI had been previously obtained through
exigent letters.
Heimbach told us that prior to signing the NSL, an NSLB attorney told
him that he was authorized to sign the NSL as an Acting DAD. Heimbach
also told us that his practice was to require approval ECs to establish and
document the predication for the NSL and the relevance of the telephone
numbers to an open national security investigation. He stated that he
assumed he was told when he signed the Company C July 5 NSL that the
approval EC was being prepared or had already been prepared. However,
we confirmed with the CAU SSA who prepared the NSL and brought it to
Heimbach for signature that an approval EC was never drafted. We
therefore concluded that Heimbach was mistaken in his belief that an
approval EC was being prepared or had already been prepared.

We concluded that by signing this NSL Heimbach failed to take
appropriate steps to ensure that he complied with the ECPA, the Attorney
General's NSI Guidelines, and FBI policy. When Heimbach signed this NSL,
he had over 3 years experience in conducting FBI national security
investigations, yet he failed to ensure that the requests were adequately
predicated under the ECPA by examining the approval EC.265

4.

Jennifer Smith Love

Jennifer Smith Love joined the FBI in 1987. By mid-2006, Love had
been assigned to FBI national security investigations for about 20
months.
Love signed the Company A September 21 blanket NSL when she was
a Section Chief of the Communications Exploitation Section of the CTD but
temporarily assigned as an Acting DAD for the CTD. Similar to the
Company B May 12 NSL signed by Billy and the Company C July 5 NSL
signed by Heimbach, this NSL violated the ECPA because it (I) included
telephone numbers relevant to closed investigations and records that were
relevant to domestic terrorism and criminal investigations for which NSLs
are not an authorized technique under the Attorney General's NSI
Guidelines; and (2) did not contain the certifications required for NSLs

265 As noted above in connection with the NSL signed by Heimbach, the FBI did not
issue guidance stating that Acting DADs are not authorized to sign NSLs until June I,
2007. We agree that in the absence of clear written policy on signature authority,
Heimbach should not be faulted for signing the NSL while serving as an Acting DAD.

242

imposing non-disclosure and confidentiality requirements on NSL
recipients. Additionally, this NSL violated FBI policy because it was not
accompanied by an approval EC.
Finally, this NSL was issued after-the-fact, although the ECPA does
not authorize retroactive legal process, and did not disclose that it was
issued for records that the FBI had been previously obtained through
exigent letters and other informal requests.
Love told us that she recognized her signature on the Company A
September 21 NSL, but said she could not recall any details surrounding
this NSL, including who gave it to her. She also told us that she did not
know that NSLs required approval ECs.
We concluded that by signing this NSL Love failed to take appropriate
steps to ensure that she complied with the ECPA, the Attorney General's
NSI Guidelines, and FBI policy. When she signed this NSL Love had about
20 months experience conducting FBI national security investigations. If
Love did not know FBI policies regarding the issuance of NSLs - including
the requirement that they contain approval ECs - she should not have
signed any NSLs and should instead have sought appropriate legal
guidance.

5.

OIG Conclusion on CTD officlsls who signed improper
blanket KSLa

When Congress amended the Patriot Act in 200 I, it significantly
expanded the FBI's preexisting authority to issue NSLs. Section 505 of the
Patriot Act broadened the FBI's NSL authority by eliminating the
requirement that the information sought in an NSL must pertain to a foreign
power or an agent of a foreign power. This section of the Patriot Act
substituted the lower threshold that the information sought must be
relevant to an authorized investigation to protect against international
terrorism or espionage, provided that any investigation of a U.S. person is
not conducted "solely on the basis of activities protected by the first
amendment of the Constitution of the United States." As a consequence of
this lower threshold, the FBI can obtain information about persons who are
not subjects of FBI investigations so long as the requested information is
relevant to an authorized national security investigation.
As we described in this chapter, we believe serious, repeated
management failures by the FBI's senior leadership, the CTD, and the FBI
aGC caused the breakdown in responsibility and accountability for exigent
letters, other improper requests, and the attempts at corrective action such as blanket NSLs. However, we also believe that the CTD senior

243

individuals who signed these blanket NSLs contributed to misuses of these
authorities.
As senior CTD officials, Billy, Cummings, Heimbach, and Love were
responsible for ensuring that the NSLs they signed complied with the ECPA,
the Attorney General's NSI Guidelines, and FBI policy. While we recognize
that each of these four officials had other significant responsibilities in the
FBI and that they each worked in a high-pressure environment in
furtherance of the FBI's counterterrorism mission, we believe they should
have taken more care to ensure that the NSLs they signed complied with the
ECPA, the Attorney General's NSI Guidelines, and FBI policy.
G.

CAU Personnel

Who Signed Exigent Letters

As described in Chapter Two of this report, we determined that many
CAU employees - 2 Unit Chiefs, 15 SSAs, and 3 Intelligence Analystssigned 722 exigent letters issued by the CAU between March 2003 and
November 2006. The vast majority of these exigent letters stated:
Due to exigent circumstances, it is requested that records for
the attached list of telephone numbers be provided. Subpoenas
requesting this information have been submitted to the U.S.
Attorney's Office who will process and serve them formally to
[Company A, Company B, or Company C] as expeditiously as
possible.
As discussed above, this language came from the New York Field
Division where grand jury subpoenas signed by the U.S. Attorney's Office
were used to obtain telephone records related to the counterterrorism
investigations in response to the September 11 attacks. This practice and
the use of exigent letters were adopted by the CAU beginning in 2003.
In evaluating the accountability of the CAU employees who signed
these exigent letters, we asked the CAU employees who signed two or more
exigent letters whether they knew when they signed the letters that the
factual statements were accurate. We asked specifically whether they knew
that there were exigent circumstances associated with the requests and
whether they knew that requests for grand jury subpoenas had been
submitted to the U.S. Attorney's Office, as specifically stated in the
letters.
With few exceptions the CAU SSAs who signed the letters said they
believed exigent circumstances were present in every instance in which they
signed an exigent letter. The only exceptions to these general statements
were (1) an SSA who told us that he signed several letters when he was new
to the CAU under circumstances he was "pretty sure ... could be
questionable"; (2) another SSA who told us that he sometimes signed

244

exigent letters presented to him by the CAU Intelligence Analysts without
requiring an explanation of the details if he was busy on other projects; and
(3) CAU Unit Chief Bassem Youssef and at least two SSAs who told us they
did not read the exigent letters closely or in detail, signed it "without looking
at it," or "just glanced over it." Nearly all of the SSAs also told us that their
primal}' concern each time they signed an exigent letter was to be
responsive to the demand for telephone toll billing records as quickly as
possible in order to support critical FBI investigations.
The exigent letters also stated that requests for a specific form of legal
process - "subpoenas" - had already been submitted to the U.S. Attorney's
Office. In most cases, this was not true. As described in Chapter Four of
this report, in most cases the legal process issued after-the-fact to cover
exigent letters were NSLs issued by the FBI, not grand jury subpoenas.
However, most of the CAU SSAs we interviewed told us they did not know
whether grand jUl}' subpoenas had been requested, although some
recognized that the letters inaccurately described the process for obtaining
grand jul}' SUbpoenas.
We sought to determine whether the signers of exigent letters knew
whether the statement that requests for grand jury subpoenas had been
submitted to the U.S. Attorney's Office was false when they signed the
letters. One SSA who signed 139 exigent letters told us that although he
recognized that the exigent letters inaccurately stated that grand jul}'
subpoenas had been submitted, he signed the letters nonetheless because
he "thought it was all part of the program coming from the phone companies
themselves," and he assumed the letters were approved by the
communications service providers' attorneys.
Another SSA who signed 115 exigent letters said that he knew that
subpoenas had not been issued but signed the exigent letters anyway,
because he saw the letter used by other CAU personnel as a standard
practice and he received assurances from CAU Unit Chief Glenn Rogers that
the exigent letter was okay to use.
A third SSA who signed 98 exigent letters said he was not concerned
with the reference to subpoenas having been submitted to the U.S.
Attorney's Office, although the language "did not make senseD because it did
not correctly reflect the procedure to obtain subpoenas. This SSA said he
"didn't really have any reason to question" the letters because the letters
were accepted by the providers and were an established practice in the
CAU.
When we questioned other SSAs about their signing exigent letters
which inaccurately stated that grand jury subpoenas had already been
requested from the U.S. Attorney's Office, they said that they did not pay

245

much attention to and were not concerned about the reference to a grand
jury subpoena. Other SSAs told us that when they signed the letters they
did not know for sure what type of after-the-fact legal process would be used
by the field division or Headquarters unit that initiated the request. Others
told us that they considered the reference to grand jury subpoenas to
broadly include all categories of legal process, such as NSLs. As noted
above, a few SSAs told us that they never read the exigent letters closely
enough to notice any of the statements they contained.
As noted above, when we asked CAU Unit Chief and CXS Assistant
Section Chief Glenn Rogers why he signed, and permitted his subordinates
to sign, exigent letters containing inaccurate statements, he said he
regretted the wording of the letter, but that the letters were just a
"placeholder!' In response to a similar question, Youssef told us he should
have read the letter more closely and did not realize that the exigent letters
referred to subpoenas rather than NSLs until April or May 2006. 266
In evaluating the performance of the individual signers of the
inaccurate exigent letters, it is also important to consider several mitigating
circumstances.
First, CAU Unit Chief Rogers approved the use of exigent letters by the
CAU, and in November 2003 Rogers issued an EC to the CAU that referred
to the exigent letters as a tool for obtaining telephone toll billing records
from Company A, which was the only on-site provider at the time. As
described in Chapter Two, three SSAs who signed exigent letters told us that
they raised concerns about the wording of exigent letters to their Unit Chief
at the time, Glenn Rogers. In each instance, the SSAs said that Rogers
assured them that the letter was "standard operating procedure" and had
been approved by "lawyers." Rogers also told one SSA that he should not
change "a single word" in the letter. Although Rogers told us that he did not
recall these SSAs or anyone else coming to him with complaints about the
exigent letters, we concluded, based on the consistent testimony of the
SSAs, that this had occurred.
Second, CAU personnel were not trained on national security
investigations or NSLs when they arrived in the unit until after the OIG's
first NSL report was released in March 2007. Rather. newly assigned
personnel - most of whom had no prior experience in national security

266 However, after this time period 28 additional exigent letters were signed by other
CAU personnel with Youssef's name listed as the CAU Unit Chief, including 15 that
continued to refer to grand jury subpoenas having been requested.

246

investigations - learned the procedures for requesting and obtaining records
from the on-site providers' employees and from other CAU personnel.
Third, by late December 2004 NSLB attorneys, including NSLB
Deputy General Counsel Thomas, knew that the CAU was obtaining records
prior to sexvice of legal process based on a form letter but did not probe the
details or terminate the practice. Rather, in January 2005 NSLB attorneys
met with Rogers and a CAU SSA to discuss how the NSLB could assist in
quickly preparing NSLs after the CAU had obtained records. Thus, CAU
personnel believed that the exigent letters had been approved not only by
the CAU Unit Chiefs but by the NSLB.

Fourth, the use of exigent letters was widespread and the accepted
way of doing business in the CAU. Many CAU SSAs told us that the letters
were part of the standard practice used by the CAU. Some SSAs also
identified a particular Company A employee as having assured them that
the exigent letter practice had been approved by "attorneys," which the SSAs
said they interpreted to mean attorneys from both the FBI and Company A.
Fifth, because the CAU was an operational support unit, none of its
personnel had authority to sign NSLs. As a result, when CAU personnel
issued exigent letters to obtain records from the on-site providers, the CAU
generally depended upon the original FBI requesters in field or
Headquarters operational units to issue the after-the-fact legal process.
Due to the absence of a tracking system for after-the-fact legal process in
the CAU, the CAU SSA who signed the exigent letters would not necessarily
know what type of legal process was eventually issued or even that the
request was eventually covered by the promised legal process. Additionally,
due to turnover in the CAU, the CAU employee who signed the exigent letter
may have rotated out of the CAU when the after-the-fact legal process was
sexved on the on-site providers weeks, months, or even years later.
Sixth, grand jury subpoenas in fact were subsequently issued to cover
some of the exigent letter requests.
Finally, employees of the on-site providers accepted exigent letters as
authority for responding to FBI requests and in many instances even
drafted the exigent letters. Indeed, as described in Chapter Two of this
report, CAU SSAs told us that the providers' employees were sometimes the
first to brief them on the exigent letters practice. The role of the on-site
providers in explaining, drafting, and accepting the exigent letters, together
with the fact that these SSAs saw other personnel in the unit regularly sign
and issue the letters, led these SSAs to conclude that signing exigent letters
to initiate _
for telephone records was an appropriate business
practice within the CAU.

247

OIG Conclusion on CAU Personnel who Signed Exigent Letters
First, consistent with our standard practice, we referred the evidence
that we developed regarding the signing of these inaccurate exigent letters to
the Public Integrity Section of the Department's Criminal Division for its
determination of whether criminal prosecution was warranted. Upon
evaluating the evidence referred by the OIG, the Public Integrity Section
declined prosecution for the exigent letters matter.

We agree that the evidence was insufficient to support a criminal
prosecution. We also agree that significant mitigating circumstances,
described above, must be considered in evaluating the accountability of FBI
employees who signed exigent letters. However, we also believe that none of
these factors, alone or in combination, excuses an FBI employee for signing
an exigent letter either knowing the letter was inaccurate, not making the
effort to confirm the factual accuracy of the letter, or not raising concerns
about the letter's accuracy to FBI supervisors. Simply put, we do not
believe employees of the FBI should sign their names to letters making a
statement that is not true, even if the letters are approved by management,
sanctioned by FBI attorneys, part of an established practice, or accepted by
the recipients. When FBI employees signed exigent letters attesting to the
fact that "subpoenas have been submitted to the U.S. Attorney's Office who
will process and serve them formally" to the communications service
providers, the FBI employees who signed these letters should believe that
this is true.
We recognize that a few SSAs raised concerns about the exigent
letters to their supervisor, CAU Unit Chief Rogers, and he instructed them
to continue using the letters without changing the wording. Even in this
circumstance, we believe that FBI employees confronted with this problem
had other options than to simply sign the letters. They could have sought
further guidance from more senior managers in the FBI, either directly or
anonymously. They could have requested guidance from the FBI OGe.
They could have complained to a senior CTD official or the FBI Inspection
Division. They could have contacted the OIG. None of them took any of
these steps. Instead, they continued to sign inaccurate exigent letters. We
believe that in signing these inaccurate letters the FBI employees failed to
exercise sufficient care to ensure the letters were accurate or raise concerns
to others.
However, we also believe Rogers was most culpable for the FBI's
improper use of exigent letters. Without consulting CTD supervisors or any
FBI attorneys, Rogers took an exigent letter that had been used by the FBI's
New York Field Division and authorized its use in the CAU to support a
variety of FBI investigations. He signed exigent letters himself and
permitted his subordinates to sign hundreds of exigent letters even though

248

they contained inaccurate statements of fact on their face. In clear
derogation of his duties as a supervisor, Rogers also ignored complaints
from at least three SSAs in the unit who complained directly to him about
the inaccurate reference in the letters to grand jury subpoenas and told
them not to change a word. While this does not fully excuse the CAU
personnel who signed the letters, it is an important factor to consider when
assessing their perfonnance.

H.

FBI Personnel Involved in Media Leak Investigations

As described in Ch~hree of this report, FBI personnel were
involved with requests to _
reporters' toll billing records in three
different media leak investigations without first obtaining the required
Attorney General approval. We believe that these matters involved some of
the most serious abuses of the FBI's authority to obtain telephone
records.
First, we believe that the FBI's overall~mentfailures described
in this chapter contributed to the improper _
of reporters' records.
The FBI's failure to plan for the co-location of the providers' employees
resulted in the CAU's extensive use of exigent letters and after-the-fact legal
process beginning in 2003. The failures in planning were compounded by
the failure to train CAU personnel on the authorized means to obtain
telephone records under the ECPA and on the express limitations on the
FBI's authority to compel the production of particular subcategories of
telephone records, including subpoenas for reporters' toll billing records. As
a result, we found that requests for reporters' toll billing were handled by
the CAU SSAs and Intelligence Analysts as routine records requests. When
the CAU received these requests, no alarm bells went off and no higher-level
supervisors provided any review of these requests. Instead, the CAU SSA
and Intelligence Analyst involved in requesting or analyzing the reporters'
records obtained by the FBI said they were unaware of any special
regulation governing SUbpoenas for reporters' records.
As described below, however, in addition to these management
failures we believe several FBI personnel bore some responsibility for these
serious abuses in these media leak investigations.

1.

First Matter

In the first media leak investigation d e ~ T h r e e
(concerning classified infonnation about the _
that
appeared in Washington Post and New York Times news articles), an FBI
case agent exchanged e-mails with a CAU Intelligence Analyst about
whether the on-site providers had the capability of retrieving records of"
calling activity. Yet, in the absence of any request from the case

249

agent or others to actually obtain these records, a CAU SSA issued an
exigent letter to an on-site Company A analyst requesting the reporters'
records. The exigent letter, which also contained no date restrictions, was
issued without the knowledge of the case agent, CTD managers, or any
prosecutor. It also was issued without the required Attorney General
approval or compliance with Department regulations governing subpoenas
of the telephone toll billing records of reporters. We found that the
re orters' records were roduced to the FBI and uploaded into a _
database, where they remained for over 3 years
until the OIG identified the records in connection with this investigation and
informed the FBI and the Criminal Division of this fact.
We believe that the CAU SSA's issuance of the December 17,2004,
exigent letter for the reporter's records under these circumstances was a
serious performance failure. While exigent letters were routinely used in the
CAU during this period, the SSA showed poor judgment in this instance by
issuing an exigent letter in the absence of a request from the FBI case agent
working on the investigation. The fact that the FBI requested and obtained
reporters' records without any FBI supervisor or prosecutor knowing about
it reveals the lax, sloppy, and unsupervised manner in which CAU
personnel obtained telephone records from the on-site providers. The CAU
SSA's explanation for issuing the exigent letter - that he "had never even
read the content of these [exigent] letters," but was "just using the standard
forms I was provided" - underscores the FBI's failure to train CAU personnel
on the proper methods for requesting telephone records, the failure to
establish firewalls between FBI personnel and the providers' employees, and
the failure to ensure that CTD supervisors and FBI attorneys provided
oversight of the CAU's interactions with the providers. 267 The resulting
violations of federal regulation and Department policy were made
significantly worse because the exigent letter did not even include a date
range, and therefore the provider produced records for _
telephone calls
to and from reporters, a researcher for The Washington Post, and the 2
news bureaus, with only 3 calls that fell within the time frame the case
agent believed to be relevant to the investigation.
We also determined that the CAU Intelligence Analyst who received
and analyzed the reporters' records in response to this exigent letter was
never instructed about the special rules applicable to subpoenas for
obtaining reporters' toll billing records. However, he received at least one
e-mail prior to receipt of the records that referenced the case agent's

267 This SSA signed 115 exigent letters, the second highest number of exigent
letters signed by CAU personnel.

250

expectation that a grand jury subpoena would be forthcoming. In his e-mail
to the case agent forwarding the responsive records, the Intelligence Analyst
even recognized that a grand jury subpoena was still needed.
We also found that the case agent failed to exercise appropriate care
and attention to detail. A I ~ a CAU Intelligence Analyst sent an e-mail
to the agent on January 5, _
that attached reports containing toll
record infonnation for the reporters' telephone numbers, the case agent said
he did not open the attachments and did not realize that they included the
reporters'toll billing records. In a subsequent e-mail on March 24, _
the CAU Intelligence Analyst reminded the case agent that the January 5
e-mail contain~oductswhich reflected [Company A] toll records on
several of the _
numbers that you have targeted." We believe that
if the agent had exercised greater care when he received these e-mails, he
would have realized that the analyst had sent him reporters' telephone
records without a subpoena and without obtaining Attorney General
approval as required.
Moreover, if the case agent had realized he had received the reporters'
records and promptly alerted his supervisors, they and the Criminal
Division could have undertaken corrective measures in early ~ to
address the improper collection. Because he failed to do so, the reporters'
records remained in the
database until
June 2008, when the OIG notified the FBI of the issue.
Finall ,as detailed in Cha ter Three, the FBI
telephone records the FBI had
nse to the exi ent letter. FBI a ents

When we notified the FBI leadership in 2008 that we had discovered
that the FBI had obtained reporters' telephone records improperly and
without required Attorney General approval, the FBI appropriately notified
the affected reporters and their newspapers, as required by federal
re lation. However, in that notification the FBI did not disclose that the

In Chapter Six of this report, we recommend that the FBI assess the
information we developed in this review regarding subpoenas and other
requests for reporters' telephone records to determine whether
administrative or other personnel action is appropriate for the individuals
involved. We recommend that the FBI's assessment include a review of the

251

performance of the CAU SSA who signed the exigent letter, and the case
agent who received the records but failed to alert his supervisors or the
Assisant United States Attorney (AUSA). In addition, we recommend that
the De artment re-evaluate the policies governing the
re orters because of the significant First Amendment interests
We believe that the FBI cannot

2.

Second Matter

In the second media leak investigation discussed in Chapter Three, an
AUSA (local AUSA) and a federal prosecutor approved two grand jury
subpoenas. The FBI case agent had forwarded to the prosecutor for his use
in drafting the subpoenas text su ested b an on-site Com an A anal st,
which included re uests
When the subpoenas were issued, both the case agent and the
prosecutor knew that the target numbers had been in telephonic contact
with a reporter during the time period specified in the subpoenas. As a
result, if Company A full res onded to the sub enas the res onsive
records would include
but also the tele hone records of reporters
Yet, in the absence of Attorney General
approval or compliance with the federal regulation governing subpoenas for
reporters' toll billing records, the subpoenas were issued, records were
roduced to the FBI and the records were uploaded into a _
database.
In our investigation, we identified this problem but also determined
that in this instance no reporters' telephone records were actually provided
to the FBI.
When we investigated how these subpoenas were issued, the case
agent told us that he had merely forwarded the on-site Company A analyst's
suggested language to the prosecutor for his "consideration" and was not
"prescribing that the text be used." He said the prosecutors had made
"unequivocal statements that ... they were the legal advisors." We believe
the case agent's explanations are insufficient and that he should have
determined the meaning of
in the subpoena before
providing it as suggested text for the subpoena attachments. At a
minimum, he should have consulted with his supervisor, CAU personnel, or

252

his Chief Division Counsel about what the phrase meant in the context of
seeking telephone records in a media leak investigation.
We received conflicting evidence as to whether the case agent had
assured the prosecutor before the subpoenas were issued that use of the
language s u ~ a n yA analyst would not result in the
production of _
records. The case agent said both that he
did not recall any discussion with the prosecutor about the meaning of the
language and that he did not tell any of the prosecutors that the language in
the subpoenas or the attachments would not request telephone records of
reporters. However, the prosecutor said the case a ent had assured him
that the suggested language would not result in
telephone
records and was needed only to ensure the retrieval of
incoming and
outgoing calls between the target number and others. In addition, the
prosecutor's notes seem to corroborate his assertion that the case agent had
told him, erroneousl ,that the Ian a e in the sub oena referring to a
would not
records, which would have included the records
The prosecutor said he realized after the s u ~ e dand
responsive records were provided to the FBI t h a t _
language in the subpoenas could have resulted in the production of
reporters' records. Following consultation with Criminal Division
supervisors, the prosecutor sequestered a hard-copy of the records,
witnessed the case agent delete the electronic records from the case agent's
e-mail, and consulted with the Department's Office of Enforcement
Operations about whether the reporter should be notified in accordance
with federal regulations.
We believe the prosecutor and the Criminal Division acted responsibly
in addressing the issue once the realized that the sub oena could have
generated the reporter's records
However, to ensure that the FBI deleted all copies of the records, the
Criminal Division and the CAU should have conferred to see if additional
steps were necessary to address other FBI e-mails attaching the records.
Additionally, we believe that prosecutors who approve grand jury subpoenas
should review them carefully and ensure they understand what is being
requested. In the case of these two subpoenas, the local AUSA who was
facilitating issuance of grand jury subpoenas initialed the subpoenas,
without attachments, even though the subpoenas said on their face, "Please
see attachment." We believe that the local AUSA should not have initialed
subpoenas without reviewing and understanding the attachments.
We recommend that the FBI provide periodic guidance to FBI
personnel on the special regulations and policies governing subpoenas of

253

news reporters' toll billing records. We also recommend that the FBI, in
conjunction with Department of Justice attorneys, review Department policy
regarding responsibility for authorizing grand jury subpoenas when
prosecutors share responsibility for investigations with U.S. Attorneys'
Offices.
3.

Third Matter

In the investigation of a third media leak matter discussed in Chapter
Three, employees of Company A, Company B, and Company C _
their databases for records of telephone calls of a cellular phone number
used by a reporter. However, the government served no legal process on
any of the on-site providers authorizing the _
of the reporter's calling
activity.
We determined that prior to
a gr~ena
had been issued to Company A for toll billing records _
The subpoena was requested by an FBI Special Agent and was
_
prepared by personnel in a U.S. Attorney's Office. Although the Special
Agent said that his supervisor or one of the prosecutors associated with a
related investigation probably had directed him to have the subpoena
prepared, the FBI supervisor said he did not recall directing the Special
Agent to do so, and the prosecutors said they knew nothing about the
subpoena. 268
We determined that in res
anal st
_
on
listed in the subpoena. In e-mail
exchanges, the Special Agent informed a Company A analyst of the name
and cellular phone number of a reporter, facts explaining the relevance of
calling activity by the reporter to the investigation, and information
indic~ularphone number of the reporter was in contact
with _
of the subpoena during a articular eriod. When
the Company A analyst concluded his
of
and did
not see records of calling activity between
and the
reporter's cellular phone number, on his own he
Company A's
database for records of calling activity by the reporter's cellular phone
number. The Company A analyst downloaded and reviewed the calling
activity records but did not identify any calls between the reporter's cellular

~any A

268 As noted in Chapter Three, we found evidence that the S p e ~
supervisor participated in the interview of the person associated with _ _ _ _
prior to the issuance of the subpoena.

254

phone number and
during the specified period.
The Company A analyst reported t ~ tthat there were no
records of calling activity between _
and the reporter's
cellular hone number, but did not advise the Special Agent that he had
the
of the reporter's cellular phone number as well as •
Thereafter, the Company A analyst provided the CAU Prim
Relief
the reporter's telephone number,
_ , and a 3-day date range. Without receipt of any legal process, and
in the absence of A_tome
General approval, the Company B and Company
C on-site employees
their respective databases for both the
reporter's and the
calling activity during the 3-day t i m ~
identified by the Special Agent to the Company A analyst. 269 _
of the calling activity by the •
specified telephone numbers appear to have
been sneak peeks, a practice we describe in C ~this report. As
with the CAU's use of sneak peek~, _
were conducted
without any legal process. While _
its database for calling activity
by the reporter, Company B identified responsive records, although we
found no evidence that these records were uploaded into FBI databases.
~sor with

Thus, the Company A analyst _
Company A's records for the
reporter's calling activity without any legal process and absent a specific
request from the Special Agent or anyone in the FBI or DOJ. In our view,
this case again illustrates one of the hazards of having the providers'
employees on-site and the total absence of supervision and oversight of the
communications service providers' employees by CTD managers and FBI
attorneys. Moreover, even if the Special Agent did not specifically ask the
providers' employees to _
the reporter's calling activity, by providing
the reporter's cellular phone number and details about the calling activity of
interest to the compan_A
anal st, the Special Agent set in motion events
that led to unauthorized
for the reporter's calling activity by all
three providers and to
of the reporter's toll billing records by
Company A and Company B.
We are also troubled by the fact that the on-site employees of
Company C and in all likelihood Company B were asked by the CAU
Primary Relief Supervisor without legal process to
calling activity by
the reporter's telephone number to determine whether the reporter had been

269 The Company B
included 1 day before and 1 day after the 3-day period
provided by the Special Agent to the Company A analyst.

255

in contact with the
This is yet another example of the
improper processes and lax controls in the CAU.
In Chapter Six of this report, we recommend that the FBI assess the
information we developed in this review regarding subpoenas and other
requests for reporters' telephone records to determine whether
administrative or other personnel action is appropriate for the individuals
involved.

III.

Conclusion

As discussed in this chapter, we found serious and repeated
management failures that led to the FBI's use of exigent letters and other
improper requests for telephone records from the on-site providers.
In addition to these management failures, we identified failures on the
part of FBI supervisors and attorneys who did not take sufficient action to
avoid, prevent, or correct the improper use of exigent letters and other
informal requests for telephone records. We recommend that the FBI review
the conduct and performance of these individuals, as described in this
report, and determine whether discipline or other action with regard to each
of them is appropriate. 270

270 Several of the individuals whose performance we criticize have resigned or retired
from the FBI, including former CTD Assistant Director Joseph Billy, Jr., former CTD Assistant
Director Michael Heimbach, former CXS Assistant Section Chief Glenn Rogers, and former
NSLB Deputy General Counsel Julie Thomas.

256