Can We Do Without National Security Letters?

One of the more radical recommendations included in the report from President Obama’s Surveillance Review Group is the proposal to require judicial approval for National Security Letters, which can be used to compel the production (under gag) of an array of financial and communications records, and at present can be issued on the say-so of the Special Agent in Charge of any of the FBI’s 56 field offices. Though this recommendation has attracted relatively little public comment, it is unsurprising to read in a recent article in the Los Angeles Times that it “has sparked the most push-back from national security officials.”

Though the review group does not frame it in these terms, their proposal  amounts to the de facto elimination of NSLs, whose distinctive feature is precisely the absence of any advance judicial approval. Without that feature—especially following a 2008 OLC memo limiting their applicability to electronic communications transactional records—they would be a conspicuously inferior form of 215 order, requiring the same process, but applicable only to a more limited domain of records. Deprived of that key selling point, agents would almost certainly abandon NSLs in favor of 215 orders and conventional grand jury subpoenas.

As the Review Group itself acknowledged, this would be a dramatic change given the incredible volume of letters issued each year. Indeed, the LA Times actually undercounts them: It notes that over 15,000 NSLs were issued for data on US persons in 2012, but this excludes NSLs that requested only “basic subscriber information,” which the Review Group identifies as a primary use of the tool.  Ben Wittes argues at Lawfare  that this makes prior judicial approval infeasible for NSLs—which sounds plausible if you assume both that “judicial approval” means “approval by the current FISC” and that this volume of collection is, in fact, necessary for the FBI to carry out its security mission.

But the evidence for that premise is fairly thin on the public record.  Once you get locked into a serious collection, as Hunter S. Thompson observed, the tendency is to push it as far as you can, and it seems at least as plausible to suppose that when communications and financial records can be vacuumed up subject to a vague and permissive standard with little in the way of external checks, investigators will tend to err on the side of overcollection.  Former top FBI attorney Michael Woods (Quoted in Eric Lichtblau’s Bush’s Law) has summarized the ethos that led to the massive explosion of NSLs issued in the aftermath of the 9/11 attacks:

All of a sudden, every lead needed to be looked at. The atmosphere was such that you didn’t want to be the guy who overlooked the next Moussaoui. . . . If you’re telling the FBI people over and over you need to be preemptive, you need to get out there before something happens, you’re pushing people toward a fishing expedition. We heard over and over again, connect the dots, and we were pushing the envelope and doing things that, in the old days, would have seemed beyond the pale.

That is certainly an understandable initial reaction, but at this point it seems fair to question whether the use of such an invasive tool is really necessary as a means of checking out every possible lead.  When NSL authority was initially expanded, after all, the requirement that records obtained be relevant to an “authorized investigation” was understood to refer to full investigations, predicated on “specific and articulable facts” providing “reasonable grounds” to believe some real national security threat exists. The guidelines were only later, in 2003, altered to allow their use in “preliminary” investigations based on “information or allegations” suggesting a possible threat—and before long, such investigations accounted for the majority of NSLs issued.

If the inability to chase down a sufficient number of thin leads had been at the root of the failure to detect the 9/11 plot, this might well be a reasonable response, but the evidence is fairly overwhelming at this point that this was not the case.  The problem, rather, was a failure to “connect dots” by sharing information about known threats across agencies, rather than insufficiently promiscuous collection of dots.  Needless to say, the vast majority of the thousands of Americans whose information is collected pursuant to NSLs are not, in fact, terrorists—nor, in all likelihood engaged in criminal wrongdoing of any kind. So if the objection is that such large-scale use of NSLs to collect data about Americans is likely to be infeasible when advance approval is required, one good answer might be: Yes, that is the point.  Candidate Barack Obama presumably thought so when he declared his intention to put an end to the use of “National Security Letters to spy on citizens who are not suspected of a crime.”

NSL authorities have already given rise to misuses the Justice Department’s Inspector General characterized as widespread and serious—but the disclosure of the FISC opinions authorizing bulk collection of metadata under Section 215 of the Patriot Act adds further grounds for concern.  The “relevance” standard that the FISC construed to permit huge volumes of irrelevant records as a means of sifting through them for a minuscule fraction of relevant ones, after all, is the same standard found in the NSL statutes.  The FISC, to be sure, stressed the many extrastatutory safeguards it had imposed on the NSA’s metadata programs in order to limit the invasion of innocent Americans’ privacy, but the presence or absence of those safeguards cannot really bear on the threshold question of whether the records obtained are “relevant.” Would any FBI agent be so bold as to issue an NSL for the records of all subscribers at a major cell carrier?  Almost certainly not, at least in the current climate. But with this broad understanding of “relevance” now on the record, and being openly defended by the Justice Department, it is easy to imagine smaller scale fishing expeditions operating on the same theory—perhaps applying to all users of a particular Web site or online service.

Finally, it bears noting that the courts may well force the administration’s hand if it does not undertake its own reforms.  One court has already held that NSLs, with their presumptive gag orders, violate the First Amendment—though that ruling has been stayed pending appellate review. So it is at least an open question whether they can survive in their current form whether or not the administration is eager for reform. Fortunately, there is little reason to think that intelligence agencies would be hobbled if deprived of a tool relatively little used before the passage of the Patriot Act, or that the use of intrusive methods to “check out” Americans by the tens of thousands is essential to protecting American security.

All that said, I will suggest one slightly less radical possible reform that I floated in my 2011 Cato Policy Analysis on Patriot Act authorities. NSLs could be restricted to “basic subscriber information” (or, in the case of financial records, basic account-holder information) for suspected foreign agents and their direct (“one-hop”) contacts. This would not, in itself, obviate the First Amendment defects of NSLs, nor would it entirely address privacy concerns, to the extent that this would still enable their use to identify anonymous online speakers or reveal networks of expressive association.  It would, however, have the advantage of providing easier access to the minimum identifying information needed to determine, using open source intelligence, which leads might merit further scrutiny without simultaneously creating an unnecessarily large stockpile of more sensitive transactional records.  If both basic identifying information and detailed records are subject to the same showing, after all, investigators will have an incentive to frame their requests to the courts broadly, in order to avoid having to go back a second time for the subset of subjects deemed to warrant further scrutiny.

If the NSL gag provisions can be weakened sufficiently to pass First Amendment muster, such a compromise solution might represent the elusive “balance” between privacy interests and the need to quickly evaluate leads in the initial phases of investigations. But the burden should be on the intelligence community to establish that even more limited authority is genuinely necessary.  The absence of broad NSL powers prior to the Patriot Act does not appear to have been a major factor in the failure to detect the 9/11 attacks, and the public has not been made aware of any cases where such easy access to sensitive information has enabled the discovery of some plot or terror cell that would otherwise have gone undetected. The claim that the FBI cannot investigate effectively without a tool that has existed in its current form for roughly a decade should be seen as an extraordinary one—demanding equally extraordinary evidence before we accept it. 

About the Author(s)

Julian Sanchez

Senior Fellow at the Cato Institute, contributing Editor for Reason magazine. Member of the editorial board at Just Security. You can follow him on Twitter (@normative).