The IT Law Wiki


A National Security Letter (NSL) is

a simple form document[1] signed by an official of the FBI or other agencies, with no prior judicial approval, used to request and collect non-content consumer records and related information from "telephone companies, Internet service providers, consumer credit reporting agencies, banks, and other financial institutions."[2]


NSLs predate the USA PATRIOT Act. Prior to the PATRIOT Act, the FBI Director or a senior FBI Headquarters official could formally issue NSLs. The PATRIOT Act expands and decentralizes this authority by granting it to FBI field office heads (special agents in charge) as well. The PATRIOT Act increased their use by the FBI.[3] NSLs are authorized under five federal statutes:

  1. Under the Electronic Communications Privacy Act of 1986 (18 U.S.C. §2709), the FBI can obtain subscriber information for telephone and electronic communications as well as toll billing information and electronic communication transaction records. According to FBI information from 2007, this is the NSL authority most frequently used by the agency.
  2. Under the Right to Financial Privacy Act of 1978 (12 U.S.C. §3414(a)(5)) the FBI can obtain records from financial institutions. This NSL authority is used in investigations of potential terrorism financing.
  3. Under the Fair Credit Reporting Act of 1970 (15 U.S.C. §1681u), the FBI can obtain from credit reporting agencies (a) the names of financial institutions with which the subject of the NSL has an account and (b) consumer identifying information.
  4. Also under the Fair Credit Reporting Act of 1970 (15 U.S.C. §1681v), the FBI can obtain a full credit report — 15 U.S.C. §1681v was added by the USA PATRIOT Act.
  5. Under the National Security Act (50 U.S.C. §436) the FBI can obtain a variety of records related to the finances and travel of government employees. These may be obtained only in investigations involving alleged improper disclosure of classified information by such employees.

The USA PATRIOT Act eliminated any effective standard for issuing NSLs. It removed the requirement that the information being sought "pertain to" a foreign power or the agent of a foreign power. This requirement used to protect information about Americans because few are agents of a foreign government, a foreign terrorist organization, or another foreign power. Instead, today it is sufficient for the FBI merely to assert that the records are "relevant to" an investigation to protect against international terrorism or foreign espionage. The USA PATRIOT Act also eliminated the statutory requirement that agents have any factual basis for seeking records. In 2003, Congress dramatically expanded the types of "financial institutions" on which an NSL can be served to include travel agencies, real estate agents, jewelers, the Postal Service, insurance companies, casinos, car dealers, and other businesses not normally considered "financial institutions."

In addition, advances in technology have made more "digital footprints" more readily available to the government through its NSL authority. For example, the government reportedly used its NSL authority to seek casino and hotel records about hundreds of thousands of travelers who stayed in Las Vegas on a recent New Year's Eve — a data dump difficult to do and difficult to sort through without recent advances in technology.

NSLs also contain a gag order, preventing the recipient of the letter from disclosing that the letter was even issued. The gag order was ruled unconstitutional as an infringement of free speech in Doe v. Ashcroft.[4]

FBI misuse of NSLs[]

The implementation of the post-USA PATRIOT Act NSL regimen at the FBI has not been seamless. In 2007, the Department of Justice Inspector General initially reported that "the FBI used NSLs in violation of applicable NSL statutes, the Attorney General Guidelines, and internal FBI policies," although no evidence was found of criminal misconduct.[5] In a subsequent report in 2008, the Inspector General concluded that DOJ and the FBI "have made significant progress in addressing the need to improve compliance in the FBI’s use," but "it is too early to definitively state whether the new systems and controls developed by the FBI and the Department will eliminate fully the problems with NSLs that we identified."[6]

Moreover, between 2003 and 2006 some FBI personnel circumvented the NSL process, using crisis conditions as a justification. Namely, in that time period one FBI headquarters unit issued 722 "exigent letters" to obtain telephone toll records for approximately 4,400 telephone numbers in lieu of NSLs. The unit included representatives from three communications service providers. These representatives typically received the exigent letters from FBI employees working alongside them. None of the 722 exigent letters actually described the specific crises that supposedly made them necessary, and in some cases there were no emergencies.[7] FBI Chief Counsel Valerie E. Caproni stated in congressional testimony that the exigent letters were

borne out of a misunderstanding of the import of the USA PATRIOT Act's amendments to ECPA (Electronic Communications Privacy Act (18 U.S.C. § 2709)). For reasons lost in the fog of history — but no doubt partially the result of the intense pace of activity in the months following the 9/11 attacks — the FBI did not adequately educate our workforce that Congress had provided clear mechanisms to obtain records in emergency situations. Although guidance was eventually provided in August 2005, the employees who had been using exigent letters for several years simply did not recognize the applicability of that guidance to their situation.

In March 2007, the FBI ended the use of exigent letters.


  1. NSLs have been described as "form letters signed by an FBI agent." Government Relations Office & Government Relations Committee, American Association of Law Libraries (AALL), "National Security Letters," AALL Issue Brief 2007-2, at 1 (rev. Mar. 2007, Sept. 2009, Dec. 2009, and Feb. 2010).
  2. "Non–content" as it relates to telephone records, does not include the content of conversations. Rather, the FBI can request items such as customer identity, length of service, and toll records.
  3. John Solomon & Carrie Johnson, "FBI Broke Law for Years to Get Phone Records," Wash. Post (Jan. 19, 2010) (full-text).
  4. 334 F.Supp.2d 471 (S.D.N.Y. 2004) (full-text).
  5. U.S. Department of Justice, Office of the Inspector General, "A Review of the FBI Use of National Security Letters" 124 (Mar. 2007) (full-text).
  6. U.S. Department of Justice, Office of the Inspector General, "A Review of the FBI's Use of National Security Letters: Assessment of Corrective Actions and Examination of NSL Usage in 2006," at 8 (Mar. 2008) ([1]).
  7. Valerie E. Caproni, General Counsel, Federal Bureau of Investigation, "Statement Before the House Judiciary Committee, Subcommittee on the Constitution, Civil Rights, and Civil Liberties" (Apr. 14, 2010) (full-text). In addition to the 722 letters, 76 other exigent letters were signed by FBI personnel who worked outside of the headquarters unit in question. On the letters, see also U.S. Department of Justice, Office of the Inspector General, "A Review of the Federal Bureau of Investigation's Use of Exigent Letters and Other Information Requests for Telephone Records," at 19-21 (Jan. 2010) (full-text).