FBI Releases Results of OIA FISA Query Audit
On May 11, the FBI’s Office of Internal Auditing (OIA), which focuses on evaluating our Foreign Intelligence Surveillance Act compliance and recommending reforms, announced the results of their initial audits regarding the FBI’s querying of information collected under FISA.
This is the first public report that documents the FBI’s compliance rate following a series of extensive reforms surrounding the FBI’s use of Section 702 that Director Wray implemented in 2021 and 2022. All compliance and oversight reports previously made public covered periods predating those reforms.
Based on OlA's second, post-reform audit, the FBI had a 96% compliance rate for FISA queries, a 14% improvement from OIA’s first baseline audit, which was conducted before the reforms.
This audit report demonstrates not only the extent to which the FBI’s reforms have had their intended positive effect but also our ongoing commitment to improving compliance by evaluating, identifying, and implementing new reforms.
Based on the audit’s seven major observations, OIA provided 11 compliance recommendations, all of which Director Wray has accepted and directed his leadership team to implement immediately—and, where feasible, to go beyond the recommendations.
The FBI’s access to Section 702 authorities is an integral part of protecting the American people from foreign adversaries and countering the future unforeseen threats they will bring to the homeland from overseas.
The FBI is determined to remain good stewards of this valuable national security tool—a determination shared by Director Wray, his leadership team, and the FBI employees who use this tool every day to do their important work.
To view the previously released FISA Query Guidance documents:
- FBI Releases FISA Query Guidance (press release)
- FBI FISA Query Guidance (vault.fbi.gov)
- FBI FISA Query Guidance Nutshell (vault.fbi.gov)
For more general information on FISA:
Background Information: May 2023 Office of Internal Auditing FISA Query Report
Director Wray has undertaken a multi-year effort to analyze the root causes behind any noncompliance surrounding our use of 702 information and institute fixes.
These efforts, at multiple levels, include:
- Standing up a whole new Office of Internal Auditing focused on FISA compliance,
- Changes in our database systems to prevent inadvertent queries,
- Enhanced training, and
- New oversight and preapprovals prior to running batch queries or sensitive queries.
The compliance and oversight reports that have been made public so far predate these significant reforms.
- Because of how they are compiled, most of these reports do not tell the American people how often the FBI gets it right—how often our employees are properly querying our 702 and FISA collections to fulfill our unique national security mandate to protect the homeland.
OIA finalized their query audit report—focusing on the FBI's compliance when querying our FISA collection—both 702 and traditional FISA. This audit post-dates the significant reforms we have put in place.
- This audit report includes both the results from the first and second audit.
- Due to the magnitude of changes that the FBI made in the interim to our 702 compliance processes, OIA determined that the best way to determine the efficacy of these changes was to consider both the pre- and post-date audit analysis and generate a single report.
- Based on OlA's sampling and analysis, the FBI had a 96% compliance rate for meeting the standard to properly query our FISA collection.
- This is a 14-percentage-point improvement from OlA's first audit, which analyzed a time period before many of our significant reforms were enacted.
- OlA's first query audit was from April 2020 to March 2021 and found that the FBI had an 82% compliance rate.
- OlA's first query audit was before we put in place some of the reforms, including:
- (i) requiring FBI personnel to explicitly opt-in to searching raw FISA data;
- (ii) instituting “attorney" pre-approval for batch job queries with greater than 100 query terms;
- (iii) instituting pre-approval for sensitive queries, in some cases requiring queries to be personally approved by the Deputy Director;
- (iv) new query training and ensuring within our systems that all users can access FISA databases only after they have completed all required training.
