Legal Digest 

Important Investigative Tools for Joint Terrorism Task Force Officers

By David J. Gottfried, J.D. 
Cleanup crews in New York begin the process of clearing the debris of the late World Trade Center towers.

The attacks on 9/11 profoundly changed the United States. In the aftermath, significant efforts began focusing on identifying and correcting deficiencies in U.S. defenses, including counterterrorism and counterintelligence practices. The nature of the 9/11 attacks and the continuing threat posed by international terrorists required law enforcement and intelligence agencies to change their approach to terrorism investigations.

Agencies learned that they no longer can operate separately in a vacuum. Instead, they need to share information across agency boundaries to counter the threat. In this regard, change has been widespread, improving the relationship between federal, state, and local agencies, including the interaction between federal agencies and local police departments. An example of the latter is the expansion of Joint Terrorism Task Forces (JTTFs). While JTTFs date back to 1980, the National Joint Terrorism Task Force (NJTTF) was established shortly after 9/11. The national program exists in every state, and as of October 2012, approximately 1,650 full- and part-time task force officers (TFOs) are assigned to JTTFs. 

In the aftermath of 9/11, preventing terrorism also has become a top priority with investigative efforts focused on detecting and disrupting terrorist plots before terrorists carry them out. To this end, investigators need to identify terrorists and operatives during the planning stage. Critical to disrupting terrorist activity at the early stage is the need to access certain types of information that can help identify the terrorists. These details focus on two essential ingredients in most terror plots—money and conspirators. Access to minimally intrusive historical information about individuals’ finances and with whom they associate often proves critical in detecting and disrupting a terrorist attack.1 Investigators need access to these important details, which usually reside in the hands of third parties, like banks and communications service providers, and in a way that does not alert subjects and their associates.

The national security letter (NSL) is a tool authorized by Congress that allows FBI investigators access to limited types of historical information. An NSL is a written demand for specific types of entities to provide records or information relevant to an FBI national security investigation. NSLs are not court orders, so courts are not involved in its issuance. 

Assistant General Counsel Gottfried is a legal instructor at the FBI Academy.
Assistant General Counsel Gottfried is a legal instructor at the FBI Academy.

Historical Background

The statutes authorizing NSLs are not new and over the years have undergone numerous changes brought about by Congress’ response to terrorist attacks and constitutional challenges. For decades various federal statutes have authorized the FBI to issue NSLs seeking production of limited types of records in furtherance of an FBI national security investigation. In each statute, Congress attempted to balance the privacy interests of individuals against the government’s need for information relevant to an open investigation. NSLs require recipients to provide promptly the information sought by the FBI and to do so without revealing the existence of the government’s request. For nearly two decades, the legitimacy or constitutionality of these requests were not legally challenged.  

The first statute to authorize NSLs was the Right to Financial Privacy Act (RFPA).2 Originally passed in 1978, RFPA allows the government to obtain limited banking records from financial institutions identified by the statute as banks, brokerage houses, casinos, insurance companies, automobile dealerships, credit unions, real estate companies, travel agencies, and pawn shops.3

Congress increased NSL authority for federal investigators to obtain a consumer’s credit report in the Fair Credit Reporting Act (FCRA).4 In international terrorism investigations, the government may obtain all information (e.g., a full credit report) relating to an identified consumer.5 For national security investigations dealing with clandestine intelligence activities, Congress limited the scope of the obtainable information to only a consumer’s name, address, former residences, and current and past employers.6

The intelligence value of historical information relating to communications is reflected in the Electronic Communications Privacy Act (ECPA) authorizing the use of NSLs for a broad range of historical records relating to communications.7 Such NSLs seek, for example, the subscriber information (e.g., name, address, and length of service) of a particular customer.  Other records obtainable with such an NSL include toll billing records and electronic communication transactional records. 

Core Concepts

NSLs are authorized by different statutes. However, they share the same general core components.

Certification Requirement

Specific federal officials certify that NSLs meet the statutory requirements governing their specific type and approve them. The level of official who can sign NSLs changed significantly after 9/11, leading to more widespread use.

Legal Standard

NSLs must specify that the legal standard as described in the specific statutory provision has been met. As originally drafted, the NSL statutes required the FBI to certify that there were “specific and articulable facts giving reason to believe that the person or entity to whom the information sought pertains to a foreign power or an agent of a foreign power.”8 This requirement often prohibited the FBI from using NSLs to develop evidence at the early stage of an investigation—precisely when most useful. Following 9/11, Congress changed the legal standard required for NSLs to a more general “relevance” standard.

Limited Scope

The types of records an NSL may request are limited to only those within the scope of the statutory authorization. For example, NSLs are issued only to telephone companies, Internet service providers (ISP), consumer credit reporting agencies, and financial institutions. The information sought must be historical in nature, and the acquisition of content (e.g., actual telephone conversations) is expressly prohibited.

“In the aftermath of 9/11, preventing terrorism...has become a top priority....”

Nondisclosure Requirement

Historically an NSL automatically included a nondisclosure provision prohibiting the recipient of the NSL from disclosing its existence to other parties. The rationale behind this prohibition was tied to the NSL’s national security purpose and the secret, typically classified environment in which such intelligence-gathering activities take place. However, recently the use of nondisclosure provisions and their impact on the recipient of the NSL have been the subject of litigation and congressional action.

Limitations on Dissemination of Information

There are safeguards in place with respect to the dissemination of NSL-derived information. ECPA and RFPA permit dissemination only if the information clearly is relevant to the responsibilities of the recipient agency, and FCRA allows for the dissemination of the identity of financial institutions and consumer identifying information to other federal agencies only as necessary for the approval or conduct of a foreign counterintelligence investigation.9

A view of the 9/11 Memorial fountain in New York City.

“The statutes authorizing NSLs are not new and over the years have undergone numerous changes....”

Evolution of NSLs in the Post-9/11 Era

National security letters (NSL) long have served as valuable tools for the FBI in its counterintelligence and counterterrorism investigations. As the nature of the terrorism threat has evolved, especially after the events on 9/11, Congress modified the statutory provisions governing NSLs so that they would become an even more effective tool in facing the complexity of the existing threats.

USA Patriot Act Amendments

Less than two months after the 9/11 attacks, Congress expanded the FBI’s authority to issue NSLs by enacting Section 505 of the Uniting and Strengthening America by Providing Tools Required to Intercept and Obstruct Terrorism Act of 2001 (Patriot Act).10

The Patriot Act eliminated the requirement to certify the existence of “specific and articulable facts” showing a connection to a foreign power or agent of a foreign power as a precondition to issuing an NSL. The amendments replaced that requirement with the need to certify that the information sought is “relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities.” This represents a dramatic expansion of scope from the more limited foreign power (most commonly a foreign government or group engaged in international terrorism) or agent of a foreign power (someone who works for or on behalf of a foreign power) to merely anything relevant to any investigation involving international terrorism or spying.11 Another change brought about by the Patriot Act allows a special agent in charge, in addition to an assistant director and some deputy assistant directors at FBI Headquarters, to issue NSLs.12 Congress also recognized that in a post-9/11 world, government officials need a streamlined system for issuing NSLs.

Because the NSLs require documentation of the facts supporting the “agent of a foreign power” predicate and because they require the signature of a high-ranking official at FBI headquarters, they often take months to be issued. This is in stark contrast to criminal subpoenas, which can be used to obtain the same information, and are issued rapidly at the local level. In many cases, counterintelligence and counterterrorism investigations suffer substantial delays while waiting for NSLs to be prepared, returned from headquarters, and served. The section [505 procedures] would streamline the process of obtaining NSL authority.13

Legal Challenges

The modifications enacted by the Patriot Act resulted in an increased use of NSLs. Shortly thereafter, various groups brought legal actions challenging the constitutionality of the government’s use of NSLs. The first legal challenge was in 2004 in Doe v. Ashcroft.14 On behalf of an Internet service provider (ISP), the American Civil Liberties Union (ACLU) filed suit in the southern district of New York alleging that the NSL provision in the Electronic Communications Privacy Act (ECPA) violated the ISP’s First and Fourth Amendment rights. Central to the case was the assertion that the NSL constituted a search under the Fourth Amendment and that the nondisclosure provision contained in the NSL violated First Amendment free speech rights.

The court rejected the Fourth Amendment claim, citing a longstanding Supreme Court precedent stating that when an individual voluntarily gives certain information to a third party, the individual no longer has a reasonable expectation of privacy in that same information. Accordingly, when the government acquires the information from the third party, the individual about whom the information pertains suffers no infringement on his or her Fourth Amendment rights.15

The First Amendment argument was more problematic. The plaintiff in Doe argued that the nondisclosure provision violated the company’s free speech rights (i.e., to make known publicly that the FBI had requested information about a particular named customer). The district court agreed with the plaintiff, holding that the nondisclosure provision was unconstitutional. The government appealed, and while the appeal was pending before the court of appeals, Congress amended the NSL statutes to address the nondisclosure requirement.

A view of the memorial plaque at the 9/11 Memorial in New York City.

2006 Amendments

Congress passed the USAPATRIOT Act Additional Reauthorizing Amendments Act of 2006, which contained changes to the NSL nondisclosure provisions.16 As amended, the statutes now allow an NSL recipient to consult with an attorney and to challenge the NSL in court if it is believed that responding to the NSL was “unreasonable, oppressive, or otherwise unlawful.”17

In addition, the amendments no longer allow for the automatic inclusion of nondisclosure provisions in all NSLs. Instead the official who approves the NSLs must certify that disclosing the request “may result [in] danger to the national security of the United States; interference with a criminal, counterterrorism, or counterintelligence investigation; interference with diplomatic relations; or danger to the life or physical safety of any person.”18 Only with such a certification may the FBI include a nondisclosure provision. Congress also allows the recipient to reveal the NSLs to anyone who must be told in order to comply with the request, and the NSL statutes also indicate that the government can compel the recipient to identify all persons to whom such disclosure has been or will be made, with the exception of any attorney consulted for advice about complying with the NSL.19

The 2006 amendments also allow the recipient to challenge the nondisclosure provision in court.20 If the recipient makes such a challenge within one year of the request, the government may recertify the danger of disclosure, and the court must treat the recertification as conclusive absent a showing of bad faith.21 Subsequent litigation in the Second Circuit Court of Appeals ruled that the recipient merely must inform the FBI about the wish to challenge the nondisclosure provision and that the government holds responsibility to initiate judicial review.22 Also, the 2006 amendments provide a mechanism for the FBI to enforce compliance with the NSL by authorizing the attorney general to petition for a court order compelling the NSL recipient to comply with the request and allowing the court to punish any noncompliance with contempt sanctions.23

Oversight of the Government’s Use of NSLs

Given that the government may issue an NSL without court involvement, Congress envisioned the need for oversight and began requiring periodic reports on each statute’s use.24 The 2006 amendments went further, requiring the attorney general to report annually and publicly to Congress certain information regarding the use of NSLs (e.g., the number of U.S. persons who were the subject of NSLs). Congress also directed the U.S. Department of Justice’s inspector general to conduct an audit detailing the “specific functions and particular characteristics of the NSLs issued” and commenting on “the necessity of this law enforcement tool.”25


The use of NSLs has proven essential in a post-9/11 world. The necessity to prevent another terrorist attack requires the government to have an effective tool by which it legally can obtain certain information early in national security investigations to help detect and disrupt terrorist plots and the activities of spies.

Law enforcement officers of other than federal jurisdiction who are interested in this article should consult their legal advisors. Some police procedures ruled permissible under federal constitutional law are of questionable legality under state law or are not permitted at all.


1 As opposed to “real-time” information, which is outside of the scope of an NSL.

2 See 12 U.S.C. § 3401 et. seq. See also Bank Secrecy Act, 31 U.S.C. § 5312.

3 12 U.S.C. § 3414 as amended by USAPATRIOT Act, Pub. L. No. 107-56, section 505.

4 See 15 U.S.C. §§ 1681u and 1681v.

5 See 15 U.S.C. § 1681v.

6 See 15 U.S.C. § 1681u.

7 See 18 U.S.C. § 2709.

8 18 U.S.C. § 2709(b).

9 See 18 U.S.C. § 2709(d); 12 U.S.C. § 3412(a); and 15 U.S.C. § 1681(u).

10 Pub. L. No. 107-56. See also Terrorism Prevention Reauthorization Act of 2005, Pub. L. No. 109-177.

11 See 50 U.S.C. § 1801(a); and 50 U.S.C. § 1801(b).

12 Currently, the issuance of an NSL may be approved by the director or those he has designated, which includes the deputy director; executive assistant director (EAD) and associate EAD for the National Security Branch; assistant directors and deputy assistant directors for the Counterintelligence Division, Counterterrorism Division, Cyber Division, and Weapons of Mass Destruction Directorate; general counsel; deputy general counsel; National Security Law Branch; assistant director in charge in the New York, Washington, and Los Angeles field divisions; and all special agents in charge.

13 Hearing before the H. Comm on the Judiciary, 107th Cong. 57 (2001).

14 See Doe v. Ashcroft, 334 F. Supp 2d 471 (S.D.N.Y. 2004).

15 See California v. Greenwood, 486 U.S. 35 (1988); and United States v. Miller, 425 U.S. 435 (1976).

16 See Pub. L. No. 109-178.

17 18 U.S.C.§ 3511(a).

18 Id. § 2709c.

19 See H.R. Rep. No. 109-133, at 95-96 (2005).

20 18 U.S.C. § 3511(b).

21 18 U.S.C § 3511(b)(2). The attorney general, deputy attorney general, the assistant attorney general for National Security, and the director of the FBI may make this certification.

22 Doe v. Mukasey, 549 F. 3d 861 (2008).

23 Id. § 3511(c).

24 See, for example, 18 U.S.C. § 2709(e); 15 U.S.C. § 1681(v)(f); and 15 U.S.C. § 1681(u)(h). These mandate on a semiannual basis that the director of the FBI shall fully inform the Permanent Select Committee on Intelligence of the House of Representatives, the Select Committee on Intelligence in the Senate, the Committee on the Judiciary of the House of Representatives, and the Committee on the Judiciary of the Senate concerning all requests made under…this section.

25 H.R. Rep. No. 109-333, at 97.