◆ SpookStack

Pursuant to the Right to Financial Privacy Act and the Fair Credit Reporting Act, we also have the authority to issue different types of national security letters. The authority to issue an NSL hies at a senior level within the FBI. It can only be issued by an official who ranks not lower than special agent in charge or deputy assistant director. All such officials are career government employees. And before an NSL can be issued, such employees must certify that the information sought is relevant lo an authorized national security investigation. As directed by Congress, in connection with the I.G.'s report, we endeavor to deciassify as much information as possible, in order to maximize the transparency of our use of this important national security tool. To that end, for the first time, the public has a real sense of the frequency with which the FHI uses national security letters. In the period covered by the report, the number of NSL requests -- that's not letters; remember that one letter can have multiple requests -- has ranged from approximately 40,000 to 60,000 per year. And we have requested information on fewer than 20,000 persons per year. For a variety of reasons that will be discussed below, those numbers are not exact. Nevertheless, for the first time, the public can get a sense of the order of magnitude of these requests. There are three findings by the [.G. that were particularly disturbing to me, and it ts those three findings that I wish to address at some length this morning: first, inaccurate reporting to Congress, second, the use of so-called exigent letters, and third, violations of law and policy with respect io the usage of NSLs. I arm particularly distressed by the fact that the LG. found significant inaccuracies in the numbers that we report to Congress. The responsibility io gather the data for congressional reporting lies with my division, and we did not do an acceptable job. The processes we put in place for tabulating NSLs were inadequate, and we had no auditing process in place to catch errors. Although we realized we had a problem prior to the L.G.'s report and we're working on a technological solution, that realization came later than it should have, and for that I bear responsibility. CAPRONI: At some point several years before I arrived at the FBI, our process for congressional reporting shifled from a totally manual process to a stand-alone database. While the OGC database was a giant technological step forward from 3x5 index cards, it quickly became an unacceptable system given the increase in our use of national security letters since SALT. The OGC database is not electronically connected to ACS, the system from which we derive the data, Instead, there's a manual interface between ACS and the database: An OGC employee is responsible for taking every NSL tead that ts sent to OGC and manuaily entering the information inte our database. Nearly a dozen fields must be manually entered, including the file number of the case in which the NSL was issued, which is typically at least 15 digits and letters. Needless to say, human error creeps in.