According to the new DOJ IG report on FBI’s use of NSLs, there are some Internet companies that have been refusing NSLs for some data since 2009 (this discussion appears on pages 71- 73).

The decision of these [redacted] Internet companies to discontinue producing electronic communication transactional records in response to NSLs followed public release of a legal opinion issued by the Department’s Office of Legal Counsel (OLC) regarding the application of ECPA Section 2709 to various types of information. The FBI General Counsel sought guidance from the OLC on, among other things, whether the four types of information listed in subsection (b) of Section 2709 — the subscriber’s name, address, length of service, and local and long distance toll billing records — are exhaustive or merely illustrative of the information that the FBI may request in an NSL. In a November 2008 opinion, the OLC concluded that the records identified in Section 2709(b) constitute the exclusive list of records that may be obtained through an ECPA NSL.

Although the OLC opinion did not focus on electronic communication transaction records specifically, according to the FBI, [redacted] took a legal position based on the opinion that if the records identified in Section 2709(b) constitute the exclusive list of records that may be obtained through an ECPA NSL, then the FBI does not have the authority to compel the production of electronic communication transactional records because that term does not appear in subsection (b).

For a number of reasons I wonder whether this pertains to Internet searches, rather than email communication.

In any case, because the Internet companies have apparently been successful at refusing these NSLs (there’s zero discussion in the unredacted section of court challenges, but they must have happened), FBI has been getting Section 215 orders instead. As a result, the bulk of the Section 215 orders in recent years have been for these kinds of Internet transaction records.

In the absence of a legislative amendment to Section 2709, [2.5 lines redacted]. [Deputy General Counsel of FBI’s National Security Law Branch] Siegel told us that the process of generating and approving a Section 215 application is similar to the NSL process for the agents and supervisors in the field, but then the applications undergo a review process in NSLB and the Department’s National Security Division, which submits the application to the Foreign Intelligence Surveillance Court (FISA Court). According to Siegel, a request that at one time could be accomplished with an NSL in a matter of hours if necessary, now takes about 30-40 days to accomplish with a standard Section 215 application.

In addition to increasing the time it takes to obtain transactional records, Section 215 requests, unlike NSL requests, require the involvement of FBI Headquarters, NSD, and the FISA Court. Supervisors in the Operations Section of NSD, which submits Section 215 applications to the FISA Court, told us that the majority of Section 215 applications submitted to the FISA Court [redacted] in 2010 and [redacted] in 2011 — concerned requests for electronic communication transaction records.

The NSD supervisors told us that at first they intended the [3.5 lines redacted] They told us that when a legislative change no longer appeared imminent and [3 lines redacted] and by taking steps to better streamline the application process.

We asked whether the disagreement and uncertainty over electronic communication transactional records has negatively affected national security investigations. An Assistant General Counsel in NSLB told us that the additional time it takes to obtain transactional records through a Section 215 application slows down national security investigations, all of which he said are time-sensitive. He said that an investigative subject can cease activities or move out of the country within the time-frame now necessary to obtain a FISA order. [my emphasis]

And bizarrely, the IG report doesn’t discuss the pending USA Freedom legislation — not even what appears retrospectively like HPSCI’s effort to turn this kind of production into programmatic orders.

There’s still a lot I don’t get from this discussion. But the explanation that the explosion of 215 orders (remember — with their attached minimization procedures) since 2009 stems from a couple of Internet companies sure is interesting.

Update: Page 124 reveals what the Administration wanted ECPA to include.

The proposed amendment would authorize the FBI to obtain name, address, local and long distance connection records (or sessions times and durations), length and types of service, telephone or instrument number (or other subscriber number or identity, including any temporarily assigned network address), means and source of payment (including credit card or bank account number), and records identifying the origin, routing, or destination of electronic communications.