The Exigent Letter OLC Opinion

Update: Bob Schacht asked for more context, so here goes. This IG Report was the third DOJ’s Inspector General, Glenn Fine, has done on the FBI’s use of National Security Letters and “exigent letters,” though this is the first to focus almost exclusively on exigent letters. In 2003, the FBI installed representatives of AT&T and (later) Verizon and MCI onsite, with computers hooked up to their respective companies’ databases. Rather than using a subpoena or a National Security Letter to get phone records from them (both of which would have required a higher level of review), the FBI basically gave them a boilerplate letters saying it was an emergency (thus the “exigent”) and could they please give the FBI the phone data; the FBI promised grand jury subpoenas to follow. Only, in many cases, these weren’t emergencies, they never sent the grand jury subpoenas, and many weren’t even associated with investigations into international terrorism. In other words, FBI massively abused this system to get phone data without necessary oversight. Fine has been pressing FBI to either establish some legal basis for getting this data or purging it from FBI databases for three years, and they have done that with some, but not all, of the data collected. But the FBI has tried about three different ways to bring this practice into conformity with legal guidelines, all unpersuasive to Fine. The OLC opinion is the most recent of these efforts.

I’ve been very slowly trudging through the DOJ IG Report on Exigent letters. My notes on it are here and a timeline of key dates is here. In this post, I’m going to look more closely at the content of passages in the IG Report referring to a January 8, 2010 OLC opinion relating in some way to telephone records. The OLC opinion was first reported by Ryan Singel in this post. Discussion of it starts on PDF page 276 of the report. In a follow-up post, I will contextualize this close reading with other material from the report.

What follows is the entire text of sections relating to the OLC opinion (in blockquote) interspersed with my comments. Because the footnotes provide the only context for many of the redacted paragraphs, I put them immediately after the paragraphs invoking them.

My preliminary conclusions on this are:

  • As I will explain at length later, this OLC opinion may not relate exclusively to the use of exigent letters, not least because Inspector General Glenn Fine appears worried the FBI will use it prospectively, not just to retroactively rationalize abuses from the past.
  • Fine appears to disagree whether the FBI has represented what it was doing with exigent letters honestly in its request for an opinion to the OLC. This is at least the second time they have done so, Fine alleges, in their attempts to justify these practices. In this case, the dispute may pertain to whose phone records they were, what was included among them, and whether they pertained to an ongoing investigation.
  • My guess is that the OLC opinion addresses whether section 2701 of the Stored Communications Act allows electronic communication providers to voluntarily provide data to someone above and beyond the narrow statutory permission to do so in 2702 and 2709 of the Act.
  • Whatever the loophole FBI is exploiting, it appears to be a use that would have no protections for First Amendment activity, no requirement that the data relate to open investigations, and no minimization or reporting requirements. That is, through its acquisition of this OLC opinion, the FBI appears to have opened up a giant, completely unlimited loophole to access phone data that it could use prospectively (though the FBI claims it doesn’t intend to). Much of Fine’s language here is an attempt to close this loophole.

Here’s the discussion.

After reviewing a draft of this report, the FBI also asserted for the first time that as a matter of law the FBI is not required to serve NSLs to obtain “records associated [half line redacted]” in national security investigation. According to the FBI, the majority of exigent letters and other informal requests discussed in this report were for telephone records [one line redacted] the FBI could have obtained these records without any legal process or qualifying emergency through voluntary production by the communications service providers. 278

278 We disagree with the FBI’s statement that the majority of exigent letters and other information requests discussed in this report were for telephone records [several words redacted] In fact, we determined, based on the FBI’s records, that the majority of its exigent letter requests for for toll billing records associated [half line redacted] We were unable to reach a conclusion concerning the percentage [half line redacted] requested through information means other than exigent letters, because the records for these requests (some of which were oral or written on post-it notes) are incomplete and therefore unreliable.

Elsewhere, Fine tells us FBI provided comments to a draft of the report as early as July 2009, so they–and OLC–have had some time to work on this memo. It’s important to keep that in mind, though, that there may be additional context to the OLC memo, it may serve to do more than just justify the FBI’s abusive use of exigent letters. Given the possible timing the question and the response, for example, it might also be a response to Najibullah Zazi’s arrest.

These two passages make a few things clear. First, after trying a number of other different methods to justify the access of phone records without proper legal process, the FBI started asserting that they could do so in some circumstances with no legal process.

This is also where the disagreement as to what the content of the exigent letters arises. FBI says the majority qualified as something, Fine says they do not. Three guesses for what the dispute is about: whether the phone records came from someone definitely associated with an investigation, whether these were toll records or something else, and whether they were the particular carrier’s own call data, or another carrier’s. An earlier OLC opinion associated with the exigent letters focuses on defining toll records, so it may be the FBI, to try to get around the restrictions in that opinion, decided to claim these weren’t toll records.

[One line redacted]

This line must introduce the statutory basis on which FBI is making the case.

[One 9 line paragraph long citation and a reference to footnote 279 redacted]

279 The Stored Communications Act, codified in Chapter 121 of Title 18 at 18 USC 2701-2712, was enacted in 1986 as part of the ECPA. The Stored Communications Act contains the relevant NSL and other FBI access to toll billing records provisions at issue in this report.

This long citation must be the passage of the Stored Communications Act that the FBI is now citing as their authority to do this. Julian Sanchez makes a strong argument that the loophole in question is from section 2702, which covers the acceptable examples of voluntary disclosure. But I wonder whether they’re not just relying on 2701(c)(1), which states that access to stored communications is not illegal with respect to “conduct authorized … by the person or entity providing a wire or electronic communications service.” That is, my guess is that the FBI and OLC are saying that the Stored Communications Act allows telecoms (who, of course, may be immunized under other statutes) to give others phone data with absolutely no limitations.

The FBI did not rely on this section when it requested and obtained the records discussed in this report. However, after reviewing a draft of the OIG report the FBI asked the Office of Legal Counsel (OLC) for a legal opinion on this issue. 280 When making the request for an OLC opinion, the FBI stated that [three lines redacted]

280 The FBI presented the issue to the OLC as follows: “Whether Chapter 121 of Title 18 of the United States Code applies to call detail records associated [2.5 lines redacted]

This section does confirm that the request for an OLC opinion was at least partly a response to the draft of this IG report. In both the text and the footnote, there’s a 3 line redaction that must show how FBI described what they were doing with these records. Note the use of “call detail records” in the footnote, as opposed to “toll records.” They may be using that language to avoid very specific language about toll records elsewhere, including in an earlier OLC opinion that was fairly restrictive about what the FBI could use.

On January 8, 2010, the OLC issued its opinion, concluding that the ECPA “would not forbid electronic communications service providers [three lines redacted]281 In short, the OLC agreed with the FBI that under certain circumstances [~2 words redacted] allows the FBI to ask for and obtain these records on a voluntary basis from the providers, without legal process or a qualifying emergency.

281 [Entire footnote of 7.5 lines redacted]

Note that Fine made some kind of response to the language OLC used in its opinion at footnote 281. Given the evidence that he disagrees with the FBI’s characterization of what they’re doing, it may be a comment on the OLC’s use of what he sees as misleading language from the FBI.

It is important to note that the FBI acknowledged in its July 2009 comments to a draft of this report that it had never considered or relied upon [several words redacted] when it obtained any of the telephone records at issue in this report. Moreover, it cannot be known at this point whether any provider would have divulged such records based on [several words redacted] alone, and without the FBI’s representation to the provider that an NSL or other compulsory legal process would be served.

Over the last 9 years, the FBI changed its rationale several times for what it was doing with exigent letters. This passage reflects that process. As with earlier excuses, the FBI was providing excuses they didn’t use contemporaneously, including claiming that telecoms turned over data voluntarily even though they had been given a letter promising a subpoena, meaning documentation exists to show it was mandatory. In both this IG Report and an earlier one, Fine takes them to task for claiming a justification retroactively, particularly where they claimed phone companies worked voluntarily.

For the reasons discussed below, we believe the FBI’s potential use of [several words redacted] to obtain records has significant policy implications that need to be considered by the FBI, the Department, and the Congress.

Here, I think Fine is trying to call attention to the larger issue, what FBI intends to do with US person call data.

[5 line paragraph redacted]282

282 [Entire footnote of 3 lines redacted]

[9 line paragraph redacted]283

283 The FBI has stated that it does not intend to rely on [one line redacted] However, that could change, and we believe that appropriate controls on such authority should be considered now, in light of the FBI’s past practices and the OLC opinion.

I think the original 9 line paragraph, deals with how outrageous this new claim is, with the footnote explaining why Fine is concerned even though the FBI claims it won’t use this opinion prospectively.

[8 line paragraph redacted, including reference to footnote 284]285

284 Under 18USC 2709(b) the FBI may only use NSLs to obtain such records upon the certification that the records sought are relevant to an authorized counterterrorism or counterintelligence investigation. In the voluntary context, the FBI may request and obtain such records under 18USC2702(c)(4) only if “the provider, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of information relating to the emergency.

285 For example, requests for voluntary disclosure under the emergency circumstances provisions of the ECPA NSL statute must be approved at a level not lower than an Assistant Special Agent in Charge in a field office and a Section Chief at Headquarters. See FBI OGC Electronic Communication (EC) to all Divisions (March 1, 2007), at 4. The EC also advises that approval of such requests must be in writing, even if the initial approval was oral. The rank of the approving official for NSLs is set by statute at Special Agent in Charge in field officers and Deputy Assistant Director at Headquarters. See 18 USC 2709(b).

These two footnotes are one of the reasons I think the FBI might be relying on 2701(c)(1). Both of these footnotes deal with requirements that appear elsewhere in the Stored Communications Act. My theory is that Fine was showing how 2791(c)(1) can’t be considered to apply generally, since there are such specific rules limiting voluntary disclosure elsewhere. That is, Fine seems to be saying, “if the voluntary emergency disclosure is so specific, then how can it be that Congress would at the same time include a non-specific voluntary disclosure with none of those requirements on it?”

[10 line paragraph redacted, including reference to footnote 286]287

286 Under ECPA NSL statute, the FBI is required to report to certain congressional committees, on a semiannual basis, concerning all NSL requests made under Section 2709(b). See 18USC 2709(e).

287 Moreover, other collections of similar types of records for intelligence activities contain statutorily mandated approval, minimization, and reporting requirements. For example, the FISA business records provisions provide useful comparisons as to how such intelligence activities are regulated, [half line redacted] Under these provisions, the FBI may apply to the FISA Court for an order requiring the production of business records and other tangible things “to obtain foreign intelligence information not concerning a United States person.” See 50 USC 1861. By statute, use of this authority is subject to extensive Attorney General-approved minimization procedures governing how information acquired concerning US persons must be retained and disseminated. Id at 1861(g). The FBI is subject to comprehensive congressional reporting requirements as to all orders it obtains, [half line redacted] Id at 1862.

Here, again, Fine seems to be saying it is impossible to imagine that Congress would have approved this generalized voluntary disclosure without further restrictions on it. He shows how generalized access to similar records in non-emergency situations (that is, under Section 215) require much greater levels of Congressional oversight, reporting, and minimization. Note, this discussion may be particularly relevant in cases where the FBI has not purged records collected illegally from its databases. While they have done so for a significant number of records collected without proper legal process, they did not do so for some of the community of interest data that AT&T collected.

[7.5 line paragraph, followed by 10.5 line paragraph redacted, including references to footnotes 288, 289, 290]

288 As discussed in this report, under the ECPA NSL statute, the FBI may only seek toll billing records when relevant to an authorized counterterrorism or counterintelligence investigation, provided that the investigation of a US person is not conducted solely on the basis of activities protected by the First Amendment to the Constitution. See 18 USC 2709(b). Provisions in the FISA statute similarly protect US persons with respect to FBI applications to the FISA Court seeking orders to produce business records (50USC1861(a)(2)(B)) and to conduct electronic surveillance (50 USC 1805(a)).

Here, Fine appears to be pointing out another danger of a generalized voluntary disclosure practice: the ability to get records from anyone, not just those with some connection to a CT/CI investigation, and not people based on activities protected under the First Amendment.

289 We recognize that the FBI’s Domestic Investigations and Operations Guide (DIOG) and Executive Order 12,333, as amended, contain restrictions on how the FBI can collect, use, and disseminate intelligence, particularly with respect to the privacy and civil liberties of US persons. However, these constraints are not statutory.

Here, Fine seems to be responding to the FBI’s assurances that it would not abuse such a generalized search ability, because of DIOG and EO 12333. But since those are not statutory constraints, they carry neither permanency (we know Bush pixie dusted 12333 without telling anyone, for example) nor penalties for abuse.

290 [Entire footnote of 3 lines redacted]

In sum, the potential use of [several words redacted] by the FBI has important policy implications for [1.5 lines redacted] We believe that [several words redacted] creates a significant gap in FBI accountability and oversight that should be examined closely by the FBI, the Department, and Congress.

It is also important to recognize that the FBI advanced the [several words redacted] only after OIG found repeated misuses of its statutory authority to obtain telephone records through NSLs or the ECPA’s emergency voluntary disclosure provisions. We believe that, given the abuses described in this report, it is critical for the Department and Congress to consider appropriate controls on any use by the FBI of its authority to obtain records voluntarily [half line redacted]

The OIG therefore recommends that the FBI and the Department consider how the FBI may use [several words redacted] when seeking telephone billing records, particularly with respect to [1.5 lines redacted] We also recommend that the Department notify Congress of this issue and of the OLC opinion interpreting the scope of the FBI’s authority under it, so that Congress can consider [several words redacted] and the implications of its potential use.

Having made his argument that the use of this loophole is terribly dangerous and prone to abuse, Fine argues that DOJ must tell Congress about it so they can close the loophole.

Of course, DOJ promptly took that caution and redacted the hell out of it so people couldn’t know just how unprotected their privacy was. You get the feeling that DOJ wants this loophole kept open?

  1. bobschacht says:

    Thanks for this fantastic bit of parsing. But for us peasants out here in EW land who are not as well informed as you, I would be grateful if you would explain just what the heck an “exigent letter” is, and what is its legal and administrative significance? That would help a lot, and I’ll bet I’m not the only one who is wondering.


    Bob in AZ

  2. earlofhuntingdon says:

    Section 2701(c)(1) appears to be designed to permit the telecoms provider access to its own data, not freely to transmit it to another person. The authorization referred to in that section would have to be done via other statutory authority.

      • emptywheel says:

        And definitely check out Julian Sanchez’ post on this, which is sort of the reverse of my guess:

        My current best guess, based on what little we know, is this. The SCA refers to, and protects from disclosure to any “government entity,” the records of “customers” and “subscribers.” But telecommunications firms may often have records about the calling activity of people who are not the customers or subscribers of that company. For example, reciprocal agreements between carriers will often permit a phone that’s signed up with one cell provider to make use of another company’s network while roaming. When these outside phones register on a network, that information goes to a database called the Visitor Location Register. You could imagine a clever John Yoo type arguing that the SCA does not cover information in the VLR, since it does not constitute a “subscriber” or “customer” record. Of course, it beggars belief to think that Congress intended to allow such a loophole—or, indeed, had even considered such technical details of cell network architecture.

      • PJEvans says:

        I’m wondering if, when the telecoms bring it up, the FBI gives them an interpretation that favors the telecoms giving them all the data.

        • emptywheel says:

          But then, what do the telecoms care? So long as they can tie to this to the warrantless wiretap program, they get immunity!

          They care about having legal docs in 2006. But apparently they’re okay with this crap.

          • bmaz says:

            They don’t give a flying fuck in the least, so long as it is patently legal, or they are indemnified/immunized from liability, and they can charge for it. And this does not just come from the last eight years warrantless wiretapping mess, it is the history effectively since the advent of the telephone. Any experienced criminal defense attorney that has defended large drug and money laundering conspiracies involving wiretaps, can attest to this.

  3. earlofhuntingdon says:

    Another reason – from Rahm’s pinched political perspective – why he would work hard to keep Dawn Johnsen out of the OLC. Her team’s legal opinions would likely agree more with Fine’s view of the law than the FBI’s. As it is, the OLC is leaderless, with a few top staff contending for the role internally, by appeals to others in more senior posts in the DoJ, and possibly by appeals to top WH staff, whom they think will make the ultimate call. All a very Rovian, even Chinese, way to run a bureaucracy. It’s no way to run the people’s law firm.

    • klynn says:

      Well stated. I quite agree.

      …As it is, the OLC is leaderless, with a few top staff contending for the role internally, by appeals to others in more senior posts in the DoJ, and possibly by appeals to top WH staff, whom they think will make the ultimate call. All a very Rovian, even Chinese, way to run a bureaucracy. It’s no way to run the people’s law firm.

      (my bold)

      So what is the constant between the Administrations to create this “way” to run a democracy?

      • PJEvans says:

        A deep, deep desire to cover their rear ends, because they know that a lot of what they’ve been doing is not merely illegal, but seriously unconstitutional, and that when people find out the full scale of their activities, there will be pitchforks and torches.

  4. NorskeFlamethrower says:


    Citizen emptywheel and the Firepup Freedom Fighters:

    Sister Marcy you get another Oakleaf Cluster for your Norskie Medal of Citizenship. But for us out here who are still dependent upon naive assumptions about the Constitution and expectations of privacy by US citizens, what am I missing here? Just whose ass is bein’ covered with all this legal back and forth between the OLC and the non-elected professional government? Is it the FBI and the security services? Is it the corporations and the degree to which they have been initiating this stuff for their own purposes? Is it the professional political class and encumbants who may very well be vulnerable if all this shit sees daylight? Is it all of the above? I expect a certain level of corruption within the security services and the professional government in order for there to be continuity between political administrations but this is just insane!


    • MadDog says:

      A point I’ve made in the EW post preceeding this:

      Which brings me back to a point I think I made back in the days of The Next Hurrah:

      Company A’s (AT&T?) community of interest work for the government was done by its own staff using its own gargautanly massive databases with its own highly sophisticated datamining applications.

      I reiterate that I don’t believe the NSA could have hit the ground running after 9/11 with its own terrorist snipe hunt through the Telco data. The masses of Telco data, and the highly sophisticated tools to analyze it would have taken many, many person-years of development and testing, and the NSA just didn’t have the luxury of that time.

      In order to hit that ground running, the NSA would have had to “partner” with the Telcos. Basically deputizing them as junior G-men and forming them into a officially sanctioned, government-deputized terrorist posse.

      So I’m still betting one of the reasons for the retroactive immunity given to the Telcos was not just or only because the Telcos gave away all our data to the government, but instead or in addition to, was because the Telcos were deputized as junior G-men and actively providing the analysis for and targeting of “suspects” themselves.

      • NorskeFlamethrower says:

        Citizen MadDog:

        I think yer on ta sumpthin there Brother Dog! But it still begs the question of why they even bother to respond to the OLC and IG letters…there still must be some “hangout” or liability among the gangsters with a Justice Department that ain’t hooked. All a this leads me to some hope that there is still life in the Constitution and politics in this country.

      • bmaz says:

        Once again, I caution not to further the meme that retroactive immunity was for the telcos; it almost certainly was not for them at all, but rather the governmental co-conspirators. There is simply not one chance in hell that the telcos and their jacked up super experienced and extremely competent legal departments did all that with the hope, lick and a promise that they might, possibly, be given retroactive immunity by Congress down the road. Anybody that believes that is nuts. They demanded and received indemnification; bet on it. Heavily.

        • MadDog says:

          Your memory is working better than mine. *g*

          Having re-read your post (and all the comments including mine), I’ll agree with you that indemnification was a done deal prior to the Telcos undertaking the work (mostly).

          That said, if my memory serves me correctly (not a betting proposition for faint of heart), I seem to remember that the actual retroactive immunity provision passed into law specifically was for civil actions (after some Googling, I read the actual FISA Amendments Act of 2008 to confirm just that).

          So clear something up for me Counselor. Civil actions and the negation of them per the actual law from page 34:

          …may not lie or be maintained in a Federal or State court against any person for providing assistance to an element of the intelligence community, and shall be promptly dismissed…

          This does not seem to me prevent government actors from being charged with violations of the law, nor does it seem to prevent the same charges against Telcos.

          The FISA Amendments Act of 2008 seems to only prevent private parties from taking civil actions against the persons in the quote above, and attempting to gain damages for these acts.

          I’m not suggesting the supine Obama Adminstration would ever bring charges against the malefactors; just that the possibility for such has not been extinguished.

          • bmaz says:

            Let me further refresh your recollection on the thought that there could ever be criminal prosecutions for that which the Federal government and Congress has mandated cannot even constitute freaking civil liability.

            The thought is absurd on its face.

            Seriously, the burden of proof in criminal cases is beyond a reasonable doubt, an extremely high standard. How in the world do you think a jury can possibly find guilt beyond a reasonable doubt on conduct that has been determined by the United States Congress to not even merit civil liability, where the burden of proof is preponderance of the evidence, a very low threshold?

  5. bigbrother says:

    People like Fine are a breath of hope in a rotted system. Thanks for spelling out the latest violation of our Constitutional rights. Holder, Emmanuel and Obama seem to be marching to the beat of a different drummer to put it nicely.
    This would make a good Rachel Maddow Show. You know transparent government and citizens rights.