WASHINGTON - The FBI improperly and, in some cases, illegally used the USA Patriot Act to secretly obtain personal information about people in the United States, a Justice Department audit concluded Friday.
And for three years the FBI has underreported to Congress how often it forced businesses to turn over the customer data, the audit found.
FBI agents sometimes demanded the data without proper authorization, according to the 126-page audit by Justice Department Inspector General Glenn A. Fine. At other times, the audit found, the FBI improperly obtained telephone records in non-emergency circumstances.
The audit blames agent error and shoddy record-keeping for the bulk of the problems and did not find any indication of criminal misconduct.
Still, "we believe the improper or illegal uses we found involve serious misuses of national security letter authorities," the audit concludes.
At issue are the security letters, a power outlined in the Patriot Act that the Bush administration pushed through Congress after the Sept. 11, 2001, terror attacks. The letters, or administrative subpoenas, are used in suspected terrorism and espionage cases. They allow the FBI to require telephone companies, Internet service providers, banks, credit bureaus and other businesses to produce highly personal records about their customers or subscribers - without a judge's approval.
About three-fourths of the national security letters were issued for counterterror cases, and the other fourth for spy investigations.
FBI Director Robert S. Mueller called Fine's audit "a fair and objective review of the FBI's use of a proven and useful investigative tool."
The finding "of deficiencies in our processes is unacceptable," Mueller said in a statement.
"We strive to exercise our authorities consistent with the privacy protections and civil liberties that we are sworn to uphold," Mueller said. "Anything less will not be tolerated. While we've already taken some steps to address these shortcomings, I am ordering additional corrective measures to be taken immediately."
Fine's annual review is required by Congress, over the objections of the Bush administration.
The audit released Friday found that the number of national security letters issued by the FBI skyrocketed in the years after the Patriot Act became law.
In 2000, for example, the FBI issued an estimated 8,500 letters. By 2003, however, that number jumped to 39,000. It rose again the next year, to about 56,000 letters in 2004, and dropped to approximately 47,000 in 2005.
Over the entire three-year period, the audit found the FBI issued 143,074 national security letters requesting customer data from businesses.
The FBI vastly underreported the numbers. In 2005, the FBI told Congress that its agents in 2003 and 2004 had delivered only 9,254 national security letters seeking e-mail, telephone or financial information on 3,501 U.S. citizens and legal residents over the previous two years.
Additionally, the audit found, the FBI identified 26 possible violations in its use of the national security letters, including failing to get proper authorization, making improper requests under the law and unauthorized collection of telephone or Internet e-mail records.
Of the violations, 22 were caused by FBI errors, while the other four were the result of mistakes made by the firms that received the letters.
The FBI also used so-called "exigent letters," signed by officials at FBI headquarters who were not authorized to sign national security letters, to obtain information. In at least 700 cases, these exigent letters were sent to three telephone companies to get toll billing records and subscriber information.
"In many cases, there was no pending investigation associated with the request at the time the exigent letters were sent," the audit concluded.
The letters inaccurately said the FBI had requested subpoenas for the information requested - "when, in fact, it had not," the audit found.
Senators outraged over the conclusions signaled they would provide tougher oversight of the FBI - and perhaps limit its power.
"The report indicates abuse of the authority" Congress gave the FBI, said Senate Judiciary Committee Chairman Patrick Leahy, D-Vt. "You cannot have people act as free agents on something where they're going to be delving into your privacy."
The committee's top Republican, Pennsylvania Sen. Arlen Specter, said the FBI appears to have "badly misused national security letters." The senator said, "This is, regrettably, part of an ongoing process where the federal authorities are not really sensitive to privacy and go far beyond what we have authorized."
Sen. Russ Feingold, D-Wis., another member on the panel that oversees the FBI, said the report "proves that 'trust us' doesn't cut it."
Justice spokeswoman Tasia Scolinos said Attorney General Alberto Gonzales "commends the work of the inspector general in uncovering serious problems in the FBI's use of NSLs."
The American Civil Liberties Union said the audit proves Congress must amend the Patriot Act to require judicial approval anytime the FBI wants access to sensitive personal information. "The Attorney General and the FBI are part of the problem and they cannot be trusted to be part of the solution," said Anthony D. Romero, the ACLU's executive director.