The FBI’s FISA Mess
The inspector general’s latest report on FISA implementation at the FBI is not as bad as it looks, but it’s not good either.
Published by The Lawfare Institute
in Cooperation With
If you only read the executive summary of the Justice Department inspector general’s latest report on the FBI’s handling of FISA applications, the headlines the report has generated make sense. “Justice Department inspector general finds 'widespread' failures in FBI surveillance requests,” says U.S.A Today. The Washington Post put it in a slightly wonkier fashion: “Inspector general finds ‘widespread’ problems in FBI’s FISA applications.”
Inspector General Michael Horowitz invited such dire headlines with the manner in which he wrote his executive summary, which fails in important respects to reflect the body of the report it precedes. The report describes a large volume of mostly technical mistakes, none of which affected the adjudication of any surveillance application.
But as Horowitz characterizes things in the executive summary, “On March 30, 2020, the OIG issued to the FBI and DOJ a [memorandum] informing officials that our audit work to date had identified apparent errors or inadequately supported facts in each of the 25 FISA applications for which we were able to review the supporting Woods File, and that the FBI could not locate the original supporting Woods File for four applications.” He continues:
Thereafter, the Department and FBI notified the FISC that the 29 applications contained a total of 209 errors, 4 of which they deemed to be material. . . . Further, the OIG identified an additional 209 instances of Woods Procedures non-compliance because the Woods File did not include documentation supporting those statements of fact in the FISA applications as required by FBI policy, and was located only later, after FBI searches of its other holdings.
After receiving our initial findings in March 2020, the FBI conducted an inventory of all Woods Files for each FISA application associated with dockets from January 2015 to March 2020. Based on FBI documentation, we determined that out of the more than 7,000 FISA applications during that time, there were at least 183 instances (including the 4 that the OIG previously identified) where the required Woods File was missing, destroyed, or incomplete at the time of the FBI’s inventory. Given the FBI’s reliance upon its Woods Procedures to help ensure the accuracy of its FISA applications, we believe the missing Woods Files represent a significant lapse in the FBI’s management of its FISA program.
Following the fiasco of the Carter Page FISA applications, these are alarming-seeming numbers: hundreds of errors, nearly two hundred missing Woods files, and widespread violations of the so-called Woods procedures, which are designed to make sure that every factual statement in a FISA application is both accurate and precisely documented.
The body of the report, however, is significantly less alarming than the executive summary would lead one to expect. Unlike similar the review conducted for the handling of the Carter Page case, this report does not show errors of a type that could plausibly mislead the Foreign Intelligence Surveillance Court. Indeed, the errors the inspector general reveals are almost all of a technical nature—not of a sort that either reveals political bias or implies that civil liberties violations or improper surveillance are taking place.
The inspector general’s latest report is important because, well, technical compliance in a process like FISA is always important. Tolerating sloppiness today leads to tolerating cutting corners tomorrow—and that leads to corners being cut for all kinds of reasons. Worse, it threatens to undermine the civil liberties protections the process is meant to enforce. So it is right and proper for the inspector general to zero in on the imperfections in the Woods process and for the FBI to endeavor to fix the problems he has identified.
But it’s important not to confuse the sort of technical errors that this report identifies with mistakes that actually would, intentionally or not, cause the court to approve surveillance in the absence of probable cause. The inspector general here has identified flaws in a system of prophylactic measures that prevents bad information from going to the court. What he has documented is certainly of concern, but it is of concern because it could lead to the FBI’s misinforming the court on material matters, not because it did.
This audit arose in the wake of the inspector general’s earlier reporting on the flaws in the Carter Page FISA application and the associated renewal applications during the Crossfire Hurricane investigation. (In parallel, the FISC itself has initiated oversight proceedings that require the government to conduct a compliance review, create and implement a remedial plan, and submit to it regular reports of its ongoing compliance efforts.) In the December 2019 report, the inspector general identified seven inaccuracies and omissions in the original October 2016 application. He also found that not only had the government failed to correct those seven errors or omissions in the subsequent renewal applications in January, April, and June 2017, it had also introduced ten additional errors. The Justice Department later informed the FISC that two of the FISA renewal applications for Page had “insufficient predication to establish probable cause to believe that Page was acting as an agent of a foreign power.” As a result of the material misstatements and omissions, the Justice Department said, the authorizations the FISC had granted on the basis of those two applications were invalid.
The volume of errors dredged up by the December 2019 report led many commentators, Republicans in particular, to argue that the explanation for the mistakes lay in the supposed political bias of the FBI, though the inspector general said specifically that his review “did not find documentary or testimonial evidence that political bias or improper motivation influenced the FBI’s decision to seek FISA authority on Carter Page.”
This raised a different possibility—and in some ways a scarier one: Perhaps the problem with the Carter Page FISA wasn’t a supposed FBI vendetta against Page himself or Donald Trump and his campaign but instead reflected the mistakes in the regular order in the handling of FISA applications. Perhaps these sorts of errors reflected the normal course of business, and the FBI was misleading the court regularly, in cases having to do with targets not named Carter Page.
The current audit, at least at first, seemed to support this theory of the case. At the time of the inspector general’s memo back in March 2020—which was a kind of interim report in the current investigation—one of us summarized things as follows:
the emerging answer may be something of a worst-case scenario. No, it’s not political spying on the Trump campaign or anything like that. Notwithstanding the idiotic Justice Department statement on Tuesday—which claimed that the FBI’s FISA abuse “resulted in one of the greatest political travesties in American history”—there’s still no evidence of political abuse of FISA. Rather, the problem is a far more general one: It appears that the facts presented in a lot of FISA applications are not reliably accurate.
But the results of the full audit are, the executive summary notwithstanding, not quite that bad. To be clear, they are not good. They certainly show that there’s work to do. But they don’t suggest that the FBI is misleading the court on a regular basis.
Before going into what the inspector general actually found, let’s pause a minute over the so-called Woods Procedures. Issued in 2001 in response to the FISC’s identification of errors in earlier FISA applications relating to counterterrorism investigations, the Woods Procedures were designed to ensure that information in FISA applications was “scrupulously accurate.” They include a mandate that every fact asserted in a FISA application be verified with supporting documentation, which the FBI must compile and maintain in what is known as a Woods File. FBI case agents sign forms attesting to the accuracy of the facts and the completeness of the Woods File as part of every FISA application.
The report released last week documents numerous failures of compliance with the Woods Procedures and a number of errors that arose in FISA applications as a result. Over the course of the inspector general’s investigation, more than 400 instances of failure to comply with Woods Procedures were identified in the 29 applications under review. About half of those instances related to inadequate supporting documentation in the Woods File itself; although supporting documentation did exist elsewhere, it hadn’t been added to the Woods File. The rest of the compliance failures, though, did result in errors in the actual FISA applications submitted to the court.
The report also documents failures to maintain Woods files in the first place. The inspector general’s original 2019 review of 29 applications found four instances of missing Woods Files. The FBI subsequently conducted an audit of the more than 7,000 FISA applications that had been authorized between January 2015 and March 2020. There were at least 179 instances where the Woods File was incomplete or missing entirely.
But critically, unlike in the Page case, these errors did not result in the court being misled on material matters. Of the 209 errors identified in the 29 FISA applications under review, only four were deemed material—that is, only four were “relevant to the outcome of the [FISC’s] probable cause determination.” A court-ordered evaluation of those four applications, though, concluded that none of the errors actually did impact the FISC’s probable cause determinations. In other words, unlike the Carter Page renewal applications, none of the approved applications would have been rejected but for the errors they contained.
So what were all of these errors? The four material errors, which were present in three separate applications relating to different targets, included, as the report puts it:
- Failing to include context to inform the reader of the application that certain remarks the target made about a particular organization were made, according to evidentiary support, to provoke a response from law enforcement personnel. Instead, the application simply stated that the target expressed support of the referenced organization.
- Describing the target’s support for a specific group, where the evidence in the Woods File instead indicated the target supported a specific cause.
- Describing that the target used a financial account as of a certain date. [The Department] stated that it was not evident from the supporting documentation how recently the government had confirmed the target’s use of the financial account, and certain evidence on the target’s use of the financial account was several years prior to the date included in the application.
- Failing to include the required reliability statement for one of two CHSs [Confidential Human Sources] referenced in the application.
As for the rest, Figure 3 on page 12 of the report summarizes the nature of the 205 non-material errors. Three categories seem to reflect mere sloppiness: instances where a factual assertion was supported by the Woods File but the application cited the wrong document in support; typographical errors that did not change the meaning of the factual assertion; and non-material inconsistencies between dates reported in the application and dates in the associated supporting document.
A table from page 12 of the Inspector General's report.
Two categories are more troubling in nature: factual assertions deviating from supporting documentation, and factual assertions that may be accurate but for which the Woods File did not contain documentary support. For both categories, the Justice Department and the FBI concluded that the errors did not affect the outcome of the application.
Even the 183 missing Woods files look a little less dire in full context. For one thing, a Woods file is missing in only .03 percent of the 7,000 cases involved in the inventory conducted. More importantly, the report gives at least a partial explanation for why this might have happened:
we found that FBI case agents compile Woods Files in various ways. For example, some FBI case agents create a separate hardcopy Woods File for each FISA application, including individual files for an initial application and each subsequent renewal application. In contrast, other FBI personnel described the process of “cannibalizing” a Woods File, which involves maintaining one Woods File that contains documentation to support an initial application and the subsequent renewal applications. FBI personnel told us that the statements of fact in renewal applications are often the same as those from each preceding application, which indicated to us that it was more efficient, in some instances, for FBI case agents who preferred this method to maintain one Woods File to support multiple related applications. However, in some instances, this method involved removing supporting documentation from the Woods File if the associated statement of fact was no longer in the most recent FISA application, which would cause problems if someone were using the derivative Woods File to find the supporting documentation for the statement of fact in an earlier application. Multiple FBI personnel from field offices we visited expressed the desire for a policy that details a single, uniform process for assembling a Woods File and cross-indexing to the facts in the application.
Having a practice this non-standardized is certainly not good, but it falls into the category of a lack of important procedural controls, not of scandalous misleading of a federal court.
The bottom line is that after a nearly two-year review, the inspector general’s team found no evidence of politically-motivated misrepresentations to the FISC, nor did it find evidence of intentional abuse by the FBI or the Justice Department of any kind. It revealed, rather, a pattern of sloppiness that led to too many technical errors.
This is a significant problem that should not be overlooked. As the inspector general wrote in the report:
While we recognize the inevitability of occasional human error, mistakes of any magnitude demonstrate flaws in the process upon which the FBI, NSD, and the FISC rely to ensure accuracy and safeguard civil liberties. If the FBI falls short of its own standards for accuracy, it risks impinging on the civil liberties of U.S. persons, and adversely affecting its credibility with the FISC, Congress, and the public, which in turn could lead to restrictions or even revocation of its authorization to use this important investigative tool in support of its national security mission.
The FISA process should demand scrupulous compliance precisely because the stakes are so high. The powers conferred on the government are enormous on the theory that they are essential to protect national security. The proceedings are by their nature secretive, concealed not only from the public but also from the adversarial process otherwise so central to our legal system. And the possible violations of individuals’ privacy and constitutional rights are extremely serious. As the FISC has repeatedly said, it is for these reasons that Congress created the FISA process: “to provide an external check” on the executive branch; it is also why the FISC demands from the government a “heightened duty of candor.” So the kinds of errors the inspector general found—even if not demonstrative of political bias or abuse of the system—are not tolerable.
But the inspector general’s dialogue with the FBI and the Department is not happening in isolation; the inspector general is not the only one overseeing these efforts. Everything the FBI and the Department are doing is being reported to the FISC in formal legal filings and under sworn declarations. The FISC has issued several orders demanding detailed explanations of the efforts underway, dictating additional actions to be taken and requiring regular reporting. So the ongoing reforms are not just an internal executive branch matter; it is all being conducted under the supervision of Article III judges.
The FBI and the Department of Justice began efforts to deal with the problems identified by the inspector general long before the release of this most recent report. Concurrently with the audit of the Crossfire Hurricane applications in which the inspector general had identified errors, the FBI and the Department began a process of reviewing and improving internal procedures and practices. Their remedial actions generally fall into three categories: “improvements to procedures for preparing FISA applications,” “improvements to training and other efforts to institutionalize the importance of accuracy and completeness,” and better “oversight.”
The interplay between the various parties is evident in both the inspector general report and the filings with the FISC. In response to the initial 2019 inspector general report on the Crossfire Hurricane FISA applications, the FBI director ordered more than 40 corrective actions, including 12 specific to the FISA process relating to documentation, supervision, file maintenance, training and audits. In parallel, the FISC ordered the government to review the 29 FISA applications for which the inspector general had identified errors, both to correct the record and to determine what had gone wrong, and report its plans for ensuring complete factual accuracy. The FISC subsequently appointed an amicus, Lawfare Contributing Editor David Kris, to assist it in evaluating the government’s plan; Kris then issued additional recommendations, which the government largely accepted. A few months later, the inspector general issued a Management Advisory Memorandum compiling audit conclusions and expressing concerns about FBI practices and Department oversight. Since then, the government has filed at least ten updates detailing its compliance with court orders, the most recent of which was on August 30, 2021, and has exchanged numerous letters with the inspector general, some of which are collected in the most recent report.
Both the FISC’s orders and the government’s responses are highly detailed, even sometimes technocratic. Here’s non-exhaustive list of what the government has done to comply with the FISC’s orders so far:
- It detailed how the FBI was enhancing its protocols to ensure accuracy in FISA applications, including which internal guidance documents it was revising and how, as well as the dates on which the changes took effect.
- It developed new or revised trainings and tests, including a case study training module based on the 2019 inspector general’s report and a training focused on “FISA process rigor and steps FBI personnel must take.” Summaries of each training were submitted to the court, as were various updates on implementation.
- It provided regularly-updated descriptions of “planned or implemented technological improvements to the process of preparing FISA applications or verifying the information contained in FISA applications,” which included highly technical details; there have been at least seven updates since the first filing.
Likewise, both the inspector general and the government are fairly detailed in their communications, particularly with regard to Woods Procedures, accuracy reviews, and messaging to personnel about the importance of scrupulous compliance with FISA processes. The latter issue has been the subject of some unusual contention; after the inspector general expressed continued concern about messaging, the Department’s National Security Division responded that it “does not agree with the factual foundation” for his concern and argued that he should treat the issue as resolved.
Whether all these steps prove adequate will be determined over time in an interactive conversation between the FISC, the FBI, the inspector general, and, inevitably, Congress. It is a critical conversation, and it is critical that it respond to the real problems the FISA process faces.