FBI chief blames computers for privacy flap

In an appearance before the Senate Judiciary Committee, Mueller attempted to downplay widespread concerns about the FBI's illegal use of the letters, which came to light in an inspector general's report earlier this month. The report found that the FBI underreported the number of national security letters and concluded there was "serious misuse" of the surveillance power.

Robert Mueller

The 2001 Patriot Act dramatically expanded the power of the FBI to send the secret letters--which do not require court approval--to obtain confidential information on Americans from banks, credit card companies, credit bureaus, telephone companies and Internet service providers. (The recipient is secretly ordered to turn over logs of e-mail messages and telephone calls but not the actual contents of the communication.)

The FBI once used 3x5 index cards to track use of the letters but then switched to a more modern database operated by the bureau's general counsel. But that database has never been linked to the FBI's home-brewed "Automated Case Support," a famously archaic system with IBM terminals as a front-end that has been the subject of a series of devastating internal critiques.

What that means is the only way to transfer information from one FBI database to the other is to manually retype it--a technologically backward approach that invites delays and errors.

An "employee is responsible for taking every (national security letter) lead that is sent to OGC and manually entering the pertinent information into the OGC database," Mueller said in his testimony on Tuesday, referring to the FBI's Office of General Counsel. "Nearly a dozen fields must be manually entered, including the file number of the case in which the (letter) was issued, typically 15 digits and alphanumeric identifiers."

That, combined with other problems, led Justice Department Inspector General Glenn Fine to conclude that official reports to Congress "significantly understated" the actual number of national security letters. "We were unable to fully determine the extent of the inaccuracies because an unknown amount of data relevant to the period covered by our review was lost from the OGC database when it malfunctioned," his report said.

Mueller said the new system "will automatically prevent many of the errors." But it's not going to happen quickly: It's been in development since early 2006 and won't be in use until the end of this year, he predicted.

Sen. Dianne Feinstein (D-Calif.) told Mueller that the revelation about the misuse of national security letters implied that the "checks and balances" that were part of the Patriot Act have "melted into oblivion."

"This was a very controversial addition to the Patriot Act," Feinstein said. "There were many members that had deep concerns about this."

Illinois Sen. Richard Durbin, the Democratic whip, asked Mueller if he would agree with Congress revising the Patriot Act to permit the recipient of a national security letter to disclose its existence. There's no general rule against disclosing the receipt of a subpoena, for instance.

Mueller replied: "No, I probably would not. I would probably have to give it some thought. There has to be a presumption in national security investigations that the fact of the (request) not be disclosed." Mueller also indicated he would oppose any requirement that the FBI keep one master database of national security letters--instead of having each of the 56 field offices keep its own records.

This is not the first time the FBI's aging computers have become the subject of controversy. Former Attorney General John Ashcroft once blamed neglected, incompatible systems for hindering agents' ability to gather and share intelligence on terrorists. Internal audits have subsequently shown that the bureau has wasted over $100 million on computer upgrades that never worked.

The FBI's report to the 9/11 Commission (PDF) concluded the Automated Case Support system is "not very effective in identifying information or supporting investigations."

Instead of using a point-and-click interface, ACS is an IBM terminal-based application that uses function keys to navigate. It also lacks multimedia capabilities and the ability to save digital evidence in a convenient electronic format. An upgrade called Sentinel is supposed to be finished sometime in 2009.