SurveillanceFrom 2012 to 2014, FBI submitted 561 Section215 applications: DOJ OIG

The Department of Justice (DOJ) Office of the Inspector General (OIG) last week released a June 2016 report examining the FBI’s use of the investigative authority granted by Section 215 of the Patriot Act between 2012 and 2014.

Section 215 is often referred to as the Foreign Intelligence Surveillance Act (FISA) “business records” provision. DOJ IG says that the report, which was mandated by the USA Freedom Act of 2015, is the DOJ OIG’s fourth review of the FBI’s use of FISA business records. Three previous reports issued in March 2007, March 2008, and May 2015 addressed the FBI’s use of Section 215 authority between 2002 and 2009. A classified version of the report released publicly last week was submitted to Congress and DOJ leadership when it was completed in June, and was being released publicly upon completion of a classification review by the FBI and the intelligence community.

The report released last week notes that from 2012 through 2014 the DOJ, on behalf of the FBI, submitted 561 Section 215 applications to the FISA Court, all of which were approved. DOJ OIG found that while the number of business records orders obtained by the FBI increased significantly between 2007 and 2012 — an increase that was largely driven by the refusal of several communications providers to produce electronic transactional records in response to FBI National Security Letters — the number of Section 215 orders peaked in 2012 with 212 orders and has declined annually since that time. DOJ OIG further found the orders were used far more frequently in counterintelligence cases than as a counterterrorism or cyber tool.

The report also analyzes the timeliness of the Section 215 process, both generally and at each stage of the approval process. The OIG found that the median time needed to obtain business records orders during the report’s review period, from initiation of a request by a field office until issuance of the order by the FISA Court, was 115 days. Agents described the process to the OIG investigators as lengthy and said the delay in obtaining orders often had a negative impact on their investigations, a point emphasized in particular by agents who conduct cyber investigations. However, agents also told the investigators consistently that Section 215 orders continued to be a valuable investigative tool. As with the OIG’s previous reviews, the majority of agents the investigators interviewed did not identify any major case developments that resulted from use of the records obtained in response to the orders, but told the investigators that the material produced was valuable as a building block of their investigations. In at least two cases, agents interviewed told the OIG investigators that the records obtained in their investigation provided valuable information that they would not otherwise have been able to obtain. In other instances, case agents told the investigators that they used the information obtained under Section 215 to exculpate a subject and close the investigation.

The report released last week also examines three compliance incidents that affected numerous business records orders between 2012 and 2014. These incidents included the systemic overproduction of full and partial e-mail subject lines by two providers, a system-wide error in an FBI database, and a third incident the details of which remain mostly classified.

The report also examines the progress the DOJ and FBI have made addressing three recommendations in the OIG’s March 2008 and May 2015 reports concerning minimization procedures for information obtained under Section 215 authority. In the 2008 report, the DOJ OIG recommended that the DOJ implement final minimization procedures, develop procedures for reviewing materials received in response to business records orders to identify overproduced information, and develop procedures for handling overproductions. In our May 2015 report, the OIG recognized that the DOJ had adopted final procedures implementing the OIG’s recommendations, but the OIG also identified several terms used in the procedures that the OIG believed required clarification. Based on the information obtained during this current review, the OIG concluded that the DOJ and the FBI made these clarifications and the IG therefore has closed the recommendations.

The report released last week makes one new recommendation: based upon the concerns expressed by agents about the time needed to obtain Section 215 orders, the OIG recommends that the FBI and the DOJ continue to pursue ways to make the business records process more efficient, particularly for applications related to cyber cases. The FBI and the DOJ agree with this recommendation.