The audit blames agent error and shoddy record-keeping for the bulk of the problems and did not find any indication of criminal misconduct.
Still, "we believe the improper or illegal uses we found involve serious misuses of national security letter authorities," the audit concludes.
One can only conclude from this that "serious misuses of national security letter authorities" aren't considered criminal. That's an enormous flaw to begin with.
Over the entire three-year period, the audit found the FBI issued 143,074 national security letters requesting customer data from businesses.
140,000? All claimed to have a significant relationship to "national security"? I'm incredulous.