◆ SpookStack

a judgmental sample and the size was chosen because the audit was extremely labor mtensive. We do not suggest that the sample was not a fair sample (although it was not random), but only that it is questionable from a statistical standpomt to attempt to extrapolate from a very small sample to an entire population. Moreover, there was wide variation in the number of purported unreported violations from different field offices. The OIG found 8 potential violations that were unreported in files in both the Philadelphia and Chicago field offices, but only 2 unreported potential violations from files in New York and 4 from San Francisco. We are doing additional follow-up work, but the wide variance between field offices may be a function of the very smal! sample, or it may indicate that the percentages of potential errors detected are not constant across all field offices. Setting aside questions about whether the sample is representative, I urge you to look closely at the numbers before arriving at the conclusion that there is a systemic problem concerning the use of NSLs. Of the 293 NSLs the OIG examined, 22 (7%) were judged to have potential unreported JOB violations associated with them. Moreover, of that 7%, 10 - or almost 50% ~ were third party errors -- that is, the NSL recipient provided the FBI information we did not seek. Only 12 of the NSLs examined - 4% - had mistakes that the OIG righttully attributes to the FBI. Examining the 12 potential errors that were rightfully attributed to the FBI reveals a continuum of seriousness relative to the potential impact on individual rights. Four (or just over 1% of the sample) were serious violations. Specifically, two of the violations involved obtaining full credit reports in counterintelligence investigations (which is not statutorily authorized), one involved issuing an NSL when authorization for the investigation to which it related had Japsed, and one involved issuing an NSL for information that was arguably content, and therefore not available pursuant to an NSL. (In the latter case, the ISP on which the NSL was served declined to produce