The Bureau of Alcohol, Tobacco, Firearms and Explosives’ and Federal
Bureau of Investigation’s Arson and Explosives Intelligence Databases
Audit Report 05-01
Office of the Inspector General
The two principal federal agencies responsible for collecting data related to explosives incidents in the United States are the Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF) and the Federal Bureau of Investigation (FBI). These two agencies collect and compile information supplied by federal, state, and local law enforcement agencies regarding arson and the illegal use of explosives. The ATF received about 1,800 reports of arson and 700 reports of bombing incidents over each of the past 3 years. (On August 19, 2004, FBI officials commented that many of the reports claimed by the ATF were furnished by the FBI and were already entered into the FBI’s database.) The FBI received about 900 reports of bombing incidents annually during that period. The FBI does not normally receive and record incidents involving only arson.
To collect such data, the ATF operates the Arson and Explosives National Repository (Repository) and the FBI operates the Bomb Data Center (BDC). The Repository and the BDC both maintain databases that collect and disseminate information used for statistical analysis and research, investigative leads, and intelligence. The information contained in these databases is available to federal, state, and local law enforcement agencies to assist them with their investigations of arson, bombing, and explosive incidents. The databases maintained by the ATF’s Repository are the Arson and Explosives Incident System (AEXIS) and the Bombing Arson Tracking System (BATS). The database maintained by the FBI’s BDC is the Automated Incident Reporting System (AIRS).
Until March 2003, the ATF was within the Department of the Treasury. With the passage of the Homeland Security Act of 2002, the regulatory and revenue collecting functions relating to alcohol and tobacco were realigned within the newly created Alcohol and Tobacco Tax and Trade Bureau of the Department of the Treasury. The ATF was transferred as a bureau to the Department of Justice (Department), where it has the following responsibilities:
On September 30, 1996, Public Law 104-208 (110 Stat. 3009), the Omnibus Consolidated Appropriations Act of 1997 (Act), was enacted. The Act amended the Federal Explosives laws in Title 18, United States Code (U.S.C.), Chapter 40. As amended, section 846(b) authorizes the Secretary of the Treasury to establish a national repository of information on incidents involving arson and the suspected criminal misuse of explosives. This section also requires all federal agencies having information concerning such incidents to report the information to the Secretary. This includes information regarding arson and explosives incidents investigated by a federal agency, as well as other sources (e.g., a state or local agency) and criminal dispositions, if any. In addition, the law provides that the repository will contain information on incidents voluntarily reported to the Secretary by state and local authorities. The Secretary gave the ATF the responsibility to establish the Repository.
AEXIS. In 1975, the ATF Headquarters Explosives Division established a database of explosives incidents known as the Explosives Incidents System (EXIS). With the addition of arson incidents to the database in 1998, EXIS was appropriately renamed the Arson and Explosives Incident System (AEXIS). As set forth in Title 18 U.S.C. 846(b), all federal agencies are required to report information concerning explosives and arson incidents to the ATF’s Repository. Although state and local submissions are voluntary, many such law enforcement agencies routinely submit information to the Repository.
Data used to populate the AEXIS system originates from law enforcement agencies. The predominant contributor is the ATF itself. Data is also contributed by state and local law enforcement agencies. The Repository’s policy is to accept only data that is specific to fire, arson, bombings, and other criminal misuse of explosives, such as theft and recoveries of explosive materials.
ATF agents, field staff, and outside law enforcement agencies also request data from Repository staff. In most cases, requests for information on arson and explosives cases are made in writing. The Repository also receives written requests from the general public, academia, and professional associations, but information released to such requestors is limited to general statistical data.
According to ATF staff, more than 100,000 reports have been entered into the EXIS and AEXIS databases since their creation in 1975. Data from ATF agents, which accounts for most of the data in AEXIS, is automatically transferred and manually accepted into AEXIS from N-Force, a case management system that is available to ATF staff. The N-Force system is designed as a single point of data entry system. Case information is entered once, and can be used in multiple areas throughout the system. In addition, N-Force automatically generates and formats reports and forms by extracting data previously entered into the system. The AEXIS Incident Reports derived from N-Force include the following data:
Nature of Incident: Bombing, attempted bombing, recovery of explosive devices (IED), accidental explosion, hoax device, theft of explosives, recovery of explosives, and lost or missing explosives.
Reporting Agency Data: Agency name, address, telephone number, and department case number.
Incident Data: Date, time, address, target, structure, motive, entry method, device delivery, dollar loss, incident involvement, suspects (name, social security number, birth date), and arresting agency.
Device Data: Component type, common name, brand name, component use, manufacturer, country, material, quantity (amount, units, model number, length, width, diameter, color, height, percent, and leg wire length).
In addition, AEXIS provides the ATF with the following features:
Access to AEXIS is given to all Repository employees designated as authorized users. Each user must be cleared for top-secret accessibility by the ATF headquarters. However, only certain designated personnel have administrator privileges, which allow them to change information already in the system. Passwords are required at all levels of entry into the AEXIS system, including the web-based versions.
ATF officials stated that at the headquarters level, the ATF's Information Services Division receives reports of any unauthorized access attempts from within the ATF and from outside hackers. We observed that all computer hardware, including servers, is located in secure areas that are locked and accessible to only the ATF authorized personnel.
Bomb Arson Tracking System (BATS). BATS is a new ATF database designed to serve the ATF and the nation’s fire and investigative agencies by providing a comprehensive system for reporting and sharing information on bombing and arson incidents. Similar to AEXIS with regard to the type of information it collects, BATS is unique in that it is accessible to its users on-line. At the time of our review, BATS was in the pilot phase and was deployed only to the Maine State Fire Marshals Office and the Glendale, Arizona Fire and Police Department. When BATS is fully deployed, the ATF expects that law enforcement agencies will be able to share real-time information in a secure system dedicated to fire and post-blast incidents. According to the ATF, BATS will also offer bomb squad staff the ability to see real-time data about improvised explosive and incendiary devices being used nationwide. At the time of our review, ATF staff said the system contained about 900 reports. They also said that BATS will eventually be used instead of AEXIS, although a specific timetable had not been established.
DFuze. DFuze is a stand-alone system that will enable international law enforcement and allied government organizations to collect, store, retrieve, and print data related to a particular incident, explosive device, perpetrator, group involved, and method of bomb delivery. Each organization will be able to populate the system with its own data and intelligence, as well as have the ability to share this data with other agencies when needed.
Implementation of the DFuze system began in June 2004; as of July 2004 the system has been populated with incidents of international origin. In addition, DFuze contains technical reference information related to national and international arson and explosives. As of late June 2004, about 930 records and 2,275 technical and media references had been entered in the system. A total of seven licensed users were authorized to use the system. The authorized users consisted of individuals from the ATF National Repository and the ATF’s Colombia and Mexico offices.
The data fields within DFuze are designed to give different countries’ organizations the ability to translate data field labels into their own language and to create additional records while retaining the core database structure. Data fields are standard to all versions of DFuze used within the international community and are designed to ensure consistency.
DFuze provides investigators and analysts with built-in tools for imaging, record transmission and receipt, high-speed data search, multi-media intelligence management, and the ability to hard copy reports. Further, DFuze offers a multilingual user interface whereby menus are translated to the language selected by the end user.
Pursuant to 28 U.S.C. 534, the Attorney General is responsible for acquiring, collecting, and classifying crime records and related information. The Uniform Federal Crime Reporting Act of 1988 clarified the obligations of the Attorney General, FBI, and other federal agencies. This Act recognizes that the FBI “compiles nationwide criminal statistics for use in law enforcement administration, operation, and management and to assess the nature and type of crime in the United States.” It also provides that “the Attorney General shall acquire, collect, classify, and preserve national data on federal criminal offenses as part of the Uniform Crime Reports” (UCR) authorized under 28 U.S.C. 534. The Act further specifies that “the Attorney General may designate the Federal Bureau of Investigation as the lead agency for purposes of performing the functions authorized by this section” and requires that:
All departments and agencies within the federal government (including the Department of Defense) that routinely investigate complaints of criminal activity shall report details about crime within their respective jurisdiction to the Attorney General in a uniform manner and on a form prescribed by the Attorney General.
This statutory requirement has been supplemented by Attorney General regulations published at 28 C.F.R. 0.85(f), which provide that the Director of the FBI “shall…operate a central clearinghouse for police statistics under the Uniform Crime Reporting Program.”
Like the ATF’s Repository, the FBI’s Bomb Data Center (BDC) also provides a system for collecting data related to arson and bombing incidents. According to FBI staff, the BDC’s system contained data from over 72,000 reports as of April 2004.5b
According to FBI officials, since 1972 the BDC has collected and reported bombing information to public safety agencies and other interested parties. The BDC also provides technical training in explosive device recognition and handling to all public safety bomb disposal personnel.
The BDC is now responsible for a wider range of duties, including:
Automated Incident Reporting System (AIRS). The BDC contracted with Louisiana State University (LSU) as part of the Law Enforcement Online (LEO) project to develop AIRS. The AIRS database is designed to give law enforcement agencies the capability to report incidents online through LEO involving explosive and incendiary bombings, hoax bombs, recoveries of explosives, military ordnance and improvised explosive devices. In its September 23, 2004, response to the draft report, FBI officials said the FBI implemented the COBRA system in 1998 as part of an FBI program to equip state and local bomb squads recognize and detect materials involving weapons of mass destruction. According to the FBI, accredited bomb squads have had the ability to enter data directly into AIRS since 1999. However, the BDC advised us on October 1, 2004, that COBRA data had not yet been entered into the AIRS database.
The FBI also contracted with LSU to perform data entry of Incident and Activity Reports into the BDC’s AIRS database. In July 2002, LSU personnel began providing data entry support via AIRS’ online system in LEO to assist the BDC to eliminate its backlog of Incident and Activity Reports. According to BDC staff, as reporting agencies acquire access to LEO they will eventually be authorized to enter data directly into AIRS.
Within LEO there are several layers of passwords needed to access the system. After non-FBI agencies receive approval from the BDC, the agencies are allowed access to statistical information available in the database as a read-only user. Unauthorized attempts to access either the AIRS or LEO systems are monitored by the information technology division at FBI headquarters. All AIRS-capable computers are located in the BDC office, which is secured from outside access.
Explosives Reference Tool (EXPeRT). According to FBI officials, EXPeRT is a Windows-based system being developed to meet the FBI’s current and future forensic and technology needs. The system will permit immediate online search and retrieval of case documentation and reference material to aid examiners in forensic examinations.
The EXPeRT database will include all FBI forensic examination reports pertaining to cases involving explosives, rather than bombing Incident Reports or preliminary information. It will include only FBI forensic analyses and reported results that have undergone FBI peer review. According to FBI officials, an unclassified version of the database will be available to state and local crime laboratories in fiscal year (FY) 2005.