Can the Pentagon and the CIA Issue National Security Letters?:
Over at Concurring Opinions, Daniel Solove is asking a very good question about New York Times' disclosure that the Defense Department and the CIA have been issuing National Security Letters: What provision of federal law empowers those agencies to issue National Security Letters? Several parts of the U.S. Code permit the FBI to issue National Security Letters, which are something like subpoenas; they are basically letters on FBI stationary authorized by FBI bigwigs ordering third-party record holders like banks to hand over information to the government.
The new story breaks the news that the Defense Department and CIA apparently believe they have a similar authority, and that they have been issuing their own NSLs in their own domestic investigations. Vice President Cheney has confirmed the practice. The statutory provision that the DoD/CIA are replying on seems to be an exception to the Right to Finanical Privacy Act, a law that otherewise requires legal process to obtain bank records. 12 U.S.C. 3414(a)(1) carves out an exception to this rule:
My best guess as to what is happening is something like Bruce Boyden's. First, I think the DoD and CIA reasonably read that language as letting them make voluntary requests for financial information otherwise requiring a NSL. The Times story suggests a twist, though; instead of just informally requesting information in a context that would make clear the request is voluntary, the DoD and CIA seem to be issuing their requests using letters that look a lot like "real" National Security Letters. If that's right, the government would know that the letters have no legal effect, but they would be written so as to try to trick the recipients into thinking that they do.
In particular, note that the Times story refers to the DoD/CIA letters as "noncompulsory versions" of NSLs, and reports that "Congress has rejected several attempts by the two agencies since 2001 for authority to issue mandatory letters" like those that the FBI issues. It also states that "[l]awyers at financial institutions, which routinely provide records to the F.B.I. in law enforcement investigations, have contacted bureau officials to say they were confused by the scope of the military’s requests and whether they were obligated to turn the records over." If I'm not mistaken, the answer to the lawyers' question is that they are not obligated to turn over the records. The statute seems to permit it, but I don't know of any provision that compels it.
UPDATE: I have rewritten the post since initially posting it.
The new story breaks the news that the Defense Department and CIA apparently believe they have a similar authority, and that they have been issuing their own NSLs in their own domestic investigations. Vice President Cheney has confirmed the practice. The statutory provision that the DoD/CIA are replying on seems to be an exception to the Right to Finanical Privacy Act, a law that otherewise requires legal process to obtain bank records. 12 U.S.C. 3414(a)(1) carves out an exception to this rule:
Nothing in this chapter (except sections 3415, 3417, 3418, and 3421 of this title) shall apply to the production and disclosure of financial records pursuant to requests from—(C) above was added by Section 358 the Patriot Act; the rest of the language seems to go back to the original statute passed in the 70s.
(A) a Government authority authorized to conduct foreign counter- or foreign positive-intelligence activities for purposes of conducting such activities;
(B) the Secret Service for the purpose of conducting its protective functions (18 U.S.C. 3056; 3 U.S.C. 202, Public Law 90–331, as amended); or
(C) a Government authority authorized to conduct investigations of, or intelligence or counterintelligence analyses related to, international terrorism for the purpose of conducting such investigations or analyses.
My best guess as to what is happening is something like Bruce Boyden's. First, I think the DoD and CIA reasonably read that language as letting them make voluntary requests for financial information otherwise requiring a NSL. The Times story suggests a twist, though; instead of just informally requesting information in a context that would make clear the request is voluntary, the DoD and CIA seem to be issuing their requests using letters that look a lot like "real" National Security Letters. If that's right, the government would know that the letters have no legal effect, but they would be written so as to try to trick the recipients into thinking that they do.
In particular, note that the Times story refers to the DoD/CIA letters as "noncompulsory versions" of NSLs, and reports that "Congress has rejected several attempts by the two agencies since 2001 for authority to issue mandatory letters" like those that the FBI issues. It also states that "[l]awyers at financial institutions, which routinely provide records to the F.B.I. in law enforcement investigations, have contacted bureau officials to say they were confused by the scope of the military’s requests and whether they were obligated to turn the records over." If I'm not mistaken, the answer to the lawyers' question is that they are not obligated to turn over the records. The statute seems to permit it, but I don't know of any provision that compels it.
UPDATE: I have rewritten the post since initially posting it.
DictatorshipCommissions Act. And by, um, the Fourteenth Amendment.So, in the war on terrorism, Bush thinks the executive branch may do whatever it wants regardless of whether or not Congressional authorization has been obtained.
See Dahlia Lithwick's perceptive article on the Bush Administration's quest "to establish a clunky post-Watergate dream of an imperial presidency, whatever the human cost may be" appearing on Slate's website yesterday under the title Absolut Power
But if that doesn't work, how about:
12 USC 3414
15 USC 1681v
50 USC 436
"President Bush, facing opposition from both parties over his plan to send more troops to Iraq, said he has the authority to act no matter what Congress wants."
Sigh. So which way are you going on this contradiction? Does he claim to have the authority, no matter what Congress says, or does he claim that he does not need authority to begin with?
18 USC 3511(c), added by Section 115 of Pub. L. 109-177, 120 Stat. 212-213.
Sorry to spoil the fun, Visitor Again.
When you cite a statute, could you please cite the text and explain why you think it applies? For example, I thought 18 U.S.C. 3511(c) was the mechanism by which DOJ can enforce the FBI's NSLs. Do you think it provides enforcement authority over non-FBI NSLs? Why? I don't see your argument.
Anyway, I agree that 12 USC 3414(3) authorizes the issuance of such letters because the Pentagon et al are agencies described in 12 USC 3414(a)(1). But curiously no provision, including 18 USC 3511(c), appears to require anyone to comply (although disclosure of the request is prohibited).
What's the provision that authorizes NSL's by the Pentagon? Can you quote the text?
That looks like a non-disclosure requirement. The section says that if the agency makes a certification, the third party cannot disclose the fact that the information has been given to the givernment. But where's the section saying that if the government asks for the information, the provider has to give it to the government? In other words, where is the authorization for the NSL?
3511(c) explicitly applies to NSLs under 15 USC 1681v(a) (i.e., "627(a) of the Fair Credit Reporting Act") and 50 USC 436(a) (i.e., "section 802(a) of the National Security Act of 1947"), which are available to "any government agency" with certain investigative responsibilities. If DoD and CIA are not such agencies, then they may not issue NSLs, and the compelled/voluntary question never arises. But it's pretty clear under EO 12333 that for certain investigative purposes -- e.g., force protection, counterespionage within their own ranks -- they are such agencies. And if they are such agencies, then the AG ("Qui Pro Domina Justitia Sequitur," as they say — who sues on behalf of the United States) clearly may sue to "compel compliance with the request." There's no good reason to read the AG's authority to sue to compel compliance with such requests as limited to requests by the FBI: The provisions the AG may sue to enforce are not limited to FBI, and the AG's authority to sue on behalf of federal agencies expands beyond those that report to him.
Interesting. I wonder if the catch is when you say, "If DoD and CIA are not such agencies, then they may not issue NSLs, and the compelled/voluntary question never arises." I think the thrust of the NYT article is that the DoD and CIA have taken the view that they are allowed to issue "nonmandatory" NSLs that aren't "real" NSLs. That seems to be why the article focused on the RFPA instead; I gather you agree that 3511 does not provide authority for enforcement of CIA/DoD letters issued under RFPA?
I think it's pretty clear the AG can sue to compel compliance with at least some DoD/CIA NSLs -- the ones I highlighted in my last comment -- but it appears you're right that the ones under 3414 can't be enforced judicially except if issued by FBI. (FWIW, I believe this was a drafting error during PATRIOT Act reauthorization, not an intentional choice.)
As for RFPA, I don't take the same inference from the NYT article you do -- I don't put much stock in the precise technical descriptions in the NYT, and the fact that the statement NYT chose to use from the military spokesman focused on RFPA seems more motivated by showing historical basis (RFPA NSLs came first) than by highlighting RFPA NSLs as particularly useful to DoD.
This reality-based analysis seems to have scared Visitor Again away. Shoot.
That may be right, although I'm a bit cautious: I'm not as sure as you are that the CIA and DoD count as agencies that have these authorities. (This isn't my area of law, so I don't know what the test is to determine what agencies have these authorities. Is that a statutory question? Can an executive order change that? I don't know.)
I'm not a lawyer, but it seems this raises another question. In general, financial institutions are not permitted to release information to third parties without explicit authorization from the customer or a subpoena.
If these non-compulsory NSLs do not require banks to release the information, does releasing it anyway run afoul of privacy regulations?
NSLs are explicit exceptions to those rules. Indeed, in most instances, the NSL-authorizing statutes are embedded within the very laws that provide the blanket privacy protection.
Orin:
The EO 12333 cites are:
DoD installations protection: 1.11(h)
DoD counterintelligence, including within the US: 1.11(b), (d)
CIA installations protection: 1.8(h)
CIA counterintelligence, including within the US: 1.8(a), (c).
I don't have the statutory cites, but it's my understanding that these authorizations are widely considered to be consistent with DoD and CIA's statutory authorities and responsibilities.
Visitor Again, in illeist mode, notes he has other things to do than hang around here on a Sunday. Visitor Again never said there was no statutory authorization, only that the Bush Administration's view is that it needs none for this sort of stuff.
Visitor Again's only point was that it's beside the point whether statutory authorization exists because the Bush Administration maintains it may do whatever it wants in the war on terror regardless of what Congress does, that it has inherent authority in this area. Visitor Again does not know whether or not there are statutes authorizing this, although Visitor Again would not be surprised if there were, since in the wake of 9/11, Congress passed whatever was put before it without reading it and becoming aware of what it was authorizing.
But doesn't that beg the question of whether the "NSLs" in question really are NSLs?
If my bank gets a request that it voluntarily surrender my info &does so w/out my authorization, and that's not a "real" NSL, then the bank seems to have a problem.
Though, unless the feds have an algorithm tying overdrafts to terror-related activities, I should be safe.