WASHINGTON - The FBI improperly and, in some cases, illegally used the USA Patriot Act to secretly obtain personal information about people in the United States, a Justice Department audit concluded Friday.
And for three years the FBI underreported to Congress how often it forced businesses to turn over the customer data, the audit found.
FBI Director Robert Mueller said he was to blame for not putting more safeguards into place.
"I am to be held accountable," Mueller said. He told reporters he would correct the problems and did not plan to resign.
Sign Up and Save
Get six months of free digital access to the Lexington Herald-Leader
"The inspector general went and did the audit that I should have put in place many years ago," Mueller said.
The audit by Justice Department Inspector General Glenn A. Fine found that FBI agents sometimes demanded personal data on individuals without proper authorization. The 126-page audit also found the FBI improperly obtained telephone records in non-emergency circumstances.
The audit blames agent error and shoddy record-keeping for the bulk of the problems and did not find any indication of criminal misconduct.
Still, "we believe the improper or illegal uses we found involve serious misuses of national security letter authorities," the audit concludes.
Attorney General Alberto Gonzales, who oversees the FBI, said the problems outlined in the report involved no intentional wrongdoing. In remarks prepared for delivery to privacy officials late Friday, Gonzales said: "There is no excuse for the mistakes that have been made, and we are going to make things right as quickly as possible."
At issue are the security letters, a power outlined in the Patriot Act that the Bush administration pushed through Congress after the Sept. 11, 2001, terror attacks. The letters, or administrative subpoenas, are used in suspected terrorism and espionage cases. They allow the FBI to require telephone companies, Internet service providers, banks, credit bureaus and other businesses to produce highly personal records about their customers or subscribers - without a judge's approval.
About three-fourths of the national security letters were issued for counterterror cases, and the other fourth for spy investigations.
Fine's annual review is required by Congress, over the objections of the Bush administration.
The audit released Friday found that the number of national security letters issued by the FBI skyrocketed in the years after the Patriot Act became law.
In 2000, for example, the FBI issued an estimated 8,500 letters. By 2003, however, that number jumped to 39,000. It rose again the next year, to about 56,000 letters in 2004, and dropped to approximately 47,000 in 2005.
Over the entire three-year period, the FBI reported issuing 143,074 national security letters requesting customer data from businesses, the audit found. But that did not include an additional 8,850 requests that were never recorded in the FBI's database, the audit found.
Also, Fine's audit noted, a 2006 report to Congress showing that the FBI delivered only 9,254 national security letters during the previous year - on 3,501 U.S. citizens and legal residents - was only required to report certain types of requests for information. That report did not outline the full scope of the national security letter requests in 2005, nor was it required to, Fine's office said.
Additionally, the audit found, the FBI identified 26 possible violations in its use of the national security letters, including failing to get proper authorization, making improper requests under the law and unauthorized collection of telephone or Internet e-mail records.
Of the violations, 22 were caused by FBI errors, while the other four were the result of mistakes made by the firms that received the letters.
The FBI also used so-called "exigent letters," signed by officials at FBI headquarters who were not authorized to sign national security letters, to obtain information. In at least 700 cases, these exigent letters were sent to three telephone companies to get toll billing records and subscriber information.
"In many cases, there was no pending investigation associated with the request at the time the exigent letters were sent," the audit concluded.
In a letter to Fine, Gonzales asked the inspector general to issue a follow-up audit in July on whether the FBI had followed recommendations to fix the problems.
"To say that I am concerned about what has been revealed in this report would be an enormous understatement," Gonzales said in remarks prepared for delivery to the privacy officials. "Failure to adequately protect information privacy is a failure to do our jobs."
Senators outraged over the conclusions signaled they would provide tougher oversight of the FBI - and perhaps limit its power.
"The report indicates abuse of the authority" Congress gave the FBI, said Senate Judiciary Committee Chairman Patrick Leahy, D-Vt. "You cannot have people act as free agents on something where they're going to be delving into your privacy."
The committee's top Republican, Pennsylvania Sen. Arlen Specter, said the FBI appears to have "badly misused national security letters." The senator said, "This is, regrettably, part of an ongoing process where the federal authorities are not really sensitive to privacy and go far beyond what we have authorized."
Sen. Russ Feingold, D-Wis., another member on the panel that oversees the FBI, said the report "proves that 'trust us' doesn't cut it."
The American Civil Liberties Union said the audit proves Congress must amend the Patriot Act to require judicial approval anytime the FBI wants access to sensitive personal information. "The Attorney General and the FBI are part of the problem and they cannot be trusted to be part of the solution," said Anthony D. Romero, the ACLU's executive director.
ON THE NET
The report is at: http://www.usdoj.gov/oig/reports/FBI/index.htm
Justice Department: http://www.usdoj.gov