Today, the DOJ's Office of the Inspector General issued a long awaited report on the FBI's use of 'exigent letters' to obtain phone records. While the report has many interesting and shocking revelations, three issues jumped out at us: Post-it note process; a secret new legal theory; and the need for accountability for the telecoms.

Post-it notes. Seriously.

While we had known since 2007 that the FBI improperly sought phone records by falsely asserting emergency circumstances, the report shows the situation inside the FBI's Communications Analysis Unit (CAU) degenerated even further, sometimes replacing legal process with sticky notes.

Employees of three telecoms worked directly out of the CAU office, right next to their FBI colleagues. According to the report, even exigent letters became too much work: an FBI analyst explained that "it's not practical to give the [exigent letter] for every number that comes in." Instead, the telecoms would provide phone records pursuant to verbal requests and even post-it notes with a phone number stuck on the carrier reps' workstations.

At the time, the Electronic Communications Privacy Act allowed a telecom to provide records based on an actual emergency, where the carrier had a "reasonable belief" that "an emergency involving danger of death or serious physical injury to any person requires disclosure without delay." The bare assertion of exigent circumstances in the FBI's letters is not enough to provide the basis for a reasonable belief, let alone a telephone number on a yellow slip of paper.

In March 2006, the relevant ECPA provision was changed from "reasonable belief" to "good faith belief." It appears that the telecoms were worried that the bare assertions in exigent letters were not enough, because they "expressed concern to [Congress] that the [reasonably believes] standard was too difficult for them to meet." However, even after the change, there is no way the telecoms could have formed a good faith belief, when they were never provided any basis to do so.

New Legal Theory to Allow Phone Record Disclosure

The OIG report discusses, in heavily redacted form, discusses a new legal theory that the FBI now asserts allows telecoms to divulge phone records without legal process. Despite the Obama Administration's alleged commitment to openness and transparency, the OIG report redacts the basis for this legal theory, even redacting the statutory section number on which the FBI says it can rely.

According to the report, the DOJ's Office of Legal Counsel issued an opinion agreeing with this theory on January 8, 2010. The DOJ's “Principles to Guide the Office of Legal Counsel” states that “OLC should publicly disclose its written legal opinions in a timely manner, absent strong reasons for delay or nondisclosure.” Nevertheless, the opinion is not publicly available. We urge the Obama Administration to release this memo.

We Need Accountability for AT&T and Verizon

The ECPA is one of the cornerstones of our protection against government overreaching, providing a critical check on the power of government officials. However, since government investigations are typically secret, it only works if the telecoms hold up their end of the bargain, and refuse to violate the law when asked. Instead, one embedded telecom employee opined "it wasn't my place to police the police." This is the opposite of what the law requires.

So how can we have accountability? Rather then call out the telecoms who failed to fulfill their roles as a check on government power, the report is cagey about which telecoms were involved, cryptically referring to Companies A, B and C.

However, it is not hard to figure out the telecoms' identities. In sworn testimony to Congress, right after the initial March 2007 OIG report, FBI General Counsel Valerie Caproni testified that the three companies were AT&T, Verizon and MCI. Verizon later acquired MCI. Caproni confirmed that these were the only companies under contract to provide phone record information to the FBI.

We also know that Company A was AT&T. In 2007, Verizon and AT&T wrote to Congress to explain their role in unlawful spying, including exigent letter. Verizon said it did not have 'community of interest' information. The OIG report says that Companies B and C did not have 'community of interest' information, meaning that B and C were Verizon and its subsidiary MCI, and thus Company A is AT&T.

We urge Congress to investigate both the FBI and telecoms, including asking the hard questions to AT&T and Verizon about their complicity in an illegal program to obtain phone records with post-it notes.