Return to the USDOJ/OIG Home Page |
The Federal Bureau of Investigation's
Control Over Weapons and Laptop Computers
Report No. 02-27
August 2002
Office of the Inspector General
The FBI, which is the principal investigative arm of the Department of Justice, has investigative jurisdiction over violations of more than 200 categories of federal crimes, including counterterrorism, drugs/organized crime, foreign counterintelligence, violent crimes, and white-collar crimes. The FBI employs approximately 11,000 Special Agents and 15,000 support personnel assigned to FBI Headquarters in Washington, DC; 56 field offices across the United States; the Training Academy at Quantico, VA; and 47 overseas offices.
As of August 2001, the FBI reported an inventory of approximately 50,000 weapons and 15,000 laptop computers to assist its employees in performing their law enforcement mission.
Weapons used by the FBI include revolvers,1 semi-automatic pistols, rifles, carbines, shotguns, tear gas guns, and submachine guns. Within the FBI’s property records the term "weapons" includes not only those handguns and shoulder weapons used operationally, but also certain items called "red handles" that are used for training purposes.2 In this report, we generally treat functional weapons and "red handles" separately.
The Department’s Security and Emergency Planning Staff (SEPS), an office within the Justice Management Division, maintains records of the number of laptop computers each Department component has authorized for processing classified information. Classified information or national security information (NSI) is information, which if disclosed, could cause harm to the national security or foreign relations of the United States.3 On September 28, 2000, the FBI reported to SEPS that there were 10,003 total laptop computers in the FBI and their security level was as follows: 5 Top Secret; 8,000 Secret; 1,711 unclassified; and 287 miscellaneous (damaged, no hard drive, unusable).4
FBI policy states that all laptop computers
are authorized to process classified information up to and including Secret/Collateral within the U.S. and its territories and can be connected to the FBI Secure Network (FBINET). The processing of Top Secret and SCI [Sensitive Compartmented Information] information is not authorized on portable microcomputers without written authorization by the FBI's SPM [Security Programs Manager].5
It is important to note that classified information is not the only information that needs to be protected from unauthorized disclosure. The FBI Security Handbook states in part:
Sensitive information is information that, if disclosed, could adversely affect the ability of the FBI to accomplish its mission. Examples of sensitive information might be the identity of undercover agents, names of people under investigation, tax return information, or personal data on individuals. While not directly affecting the national security of the United States, unauthorized disclosure of sensitive information can endanger people, hamper investigations, misdirect resources, and cause embarrassment. All FBI information is considered sensitive and must be protected from unauthorized disclosure.6
Property Management Guidelines
Office of Management and Budget Circular A-1237 requires federal agencies to: (1) establish a management control system that provides reasonable assurance that assets are safeguarded against waste, loss, unauthorized use, and misappropriation; and (2) ensure that transactions are promptly recorded, properly classified, and accounted for in order to prepare timely accounts and reliable financial and other reports. The Justice Property Management Regulations8 require Department components to issue detailed operating procedures to protect federal property against fraud, waste, and abuse.
The FBI guidelines for the general management of property are contained in its:
According to these guidelines, FBI employees are responsible for the proper and reasonable care and safeguarding of property assigned to them or located in their work area. An employee whose negligence causes the loss of FBI property may be subject to disciplinary action.
Property Definitions – The FBI’s Accountable Property Manual classifies property into three principal categories: capitalized; accountable (or "nonexpendable"); and expendable.
Property Management Personnel– According to the Accountable Property Manual, the Chief of the Property Procurement and Management Section of the Finance Division is the sole Property Management Officer (PMO) for the FBI. The PMO’s duties
include, but are not limited to: the overall administration, coordination, and control of the FBI’s Property Management Program; ensuring that adequate systems exist and are documented for accountability of property within the FBI; and to communicate and monitor internal controls of the FBI for maintaining adequate property accountability.
The Special Agent in Charge or the appropriate Assistant Director is the Accountable Property Officer for each field office or Headquarters Unit. The Accountable Property Manual states that the responsibilities of these officials
include, but are not limited to: coordinating the property management program within his/her office; providing required leadership and guidance to ensure effective internal control procedures within the office are in compliance with the requirements of the FBI; ensuring property records are created; and ensuring the property management program within their office is in compliance with the FBI’s Property Management Program.
To assist them in the performance of their duties, these Accountable Property Officers may designate one or more Property Custodians and/or Supply Technicians, depending on the size and complexity of the office. In addition, the Accountable Property Manual states,
each employee of the Department of Justice who has use of, supervises the use or has control of Government property is responsible for that property. Each employee is obligated to properly care for, handle, use and protect Government property issued to or assigned for the employee’s use at or away from the office.10
Automated System – The FBI employs the automated Property Management Application (PMA) "to properly and accurately account for all property that the FBI acquires, transfers, and retires." 11 The PMA uses a variety of data fields to identify each item, including a barcode number assigned by the FBI, the serial number, the cost center code for the office where the item is located, a description of the item, and other necessary information. The PMA also records a cost center code (0299) for all items assigned to individual employees rather than an office. Finally, the PMA can generate a "Property Charged Out" report that documents all accountable property assigned to each active and separated employee.
The FBI’s Firearms Training Unit (FTU) supplements the PMA with index cards for each weapon in inventory. Like the PMA, the index cards document the serial number, barcode number, initial assignment, and final disposal of weapons, but the index cards also track certain information that PMA was not designed to record. For example, the index cards track the repair history of all weapons.
Automated Data Processing General Controls – The OIG audited the FBI’s automated data processing general controls in 1990. The audit found that the FBI could not "account for over 2,000 pieces of ADP equipment some of which may contain sensitive data."12 The OIG recommended that the FBI "locate or reconcile" the ADP equipment in question. In response, the FBI reported that "all FBI organizational entities" had reviewed the "items assigned which were listed on the FBI inventory" as unaccountable property. As of July 23, 1990, the FBI stated that only 74 items, valued at $188,249, remained unaccounted for. According to the FBI, the discrepancies originally noted by the auditors had resulted from a variety of causes, including duplicate entries in the property system, transposed serial numbers, miscoding of items, erroneously listing surplus items as unaccountable while they were pending disposal, and "rapid deployment of ADP equipment critically needed to support the investigative mission."
FBI Property Management – The OIG previously audited the FBI’s management of property in 1992.13 That audit found material weaknesses in "the FBI’s system of inventory and administrative controls in the property management cycle." The OIG recommended that the FBI "locate and account for all items reported as unaccounted for," reconcile and update the inventory, and take numerous other corrective measures. In response, the FBI reported that it had accounted for 32 of 40 items previously reported as unaccounted for in one category, and 663 of 799 items previously reported as unaccounted for in another category.
FBI Annual Financial Statement – The Chief Financial Officers Act of 1990, as amended by the Government Management and Reform Act of 1994, requires 24 agencies of the Executive Branch and other agencies designated by the Office of Management and Budget to prepare and have audited organization-wide annual financial statements. The Inspectors General of the various departments are responsible for these audits but they may contract with independent public accountants to conduct them. In their reports for fiscal years 1999, 2000, and 2001, the independent auditors who performed audits of the FBI’s financial statements identified material weaknesses in the area of property management. They specifically reported the FBI needs to improve its procedures related to the timely and accurate recording, reconciliation, and reporting of property and equipment in the PMA, the subsidiary record-keeping system that supports amounts reported in the annual financial statements.14
We obtained from the FBI a listing dated July 11, 2001, of weapons and laptop computers identified by the FBI as either lost or stolen. We also asked the FBI to inventory all weapons and laptop computers and report the results to us as of September 30, 2001. For various reasons, including the terrorist attacks of September 11, 2001, the FBI was unable to complete this task until much later. The FBI conducted an inventory, in stages, of all accountable property. The inventory of property charged to the various FBI divisions was completed on January 31, 2002, and the inventory of property issued to individual employees was completed on March 31, 2002.15
Our audit focused on the period from October 1, 1999 through January 31, 2002. During this period, the FBI reported property losses of 212 weapons, 142 "red handles," and 317 laptop computers.16 Although our audit focused principally on those losses, we also reviewed certain losses that occurred outside this period to gain an understanding of the magnitude of the conditions noted in this report. We reviewed the circumstances surrounding each loss and assessed the FBI’s actions to report and investigate those losses. Further, we looked for indications that the lost property resulted in physical harm to the public or compromised national security or investigative information. Our conclusions from the above analyses are presented in Finding I, and Appendices II and III contain a summary of our results.
We also reviewed the FBI’s management controls over the purchase, receipt and assignment, inventory, and disposal of FBI-issued laptop computers and weapons. We assessed these controls by reviewing property management activities at FBI Headquarters and four selected field locations.17 At each site we: (1) evaluated relevant property management controls; (2) reviewed documentation practices; and (3) physically inspected property. We also tested, on a sample basis, the accuracy and completeness of the property records. The results of the above analyses are presented in Finding II; Appendix VI shows the geographic distribution of the sampled property.
TOP SECRET –Applied to information, the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security that the original classification authority is able to identify or describe.
SECRET –Applied to information, the unauthorized disclosure of which reasonably could be expected to cause serious damage to the national security that the original classification authority is able to identify or describe.
CONFIDENTIAL – Applied to information, the unauthorized disclosure of which reasonably could be expected to cause damage to the national security that the original classification authority is able to identify or describe.
Additionally, there is a category of information known as "Sensitive Compartmented Information" (SCI), or "Codeword," which is afforded more stringent protection because of its extreme sensitivity. Access to SCI is closely controlled and is granted only after a need for such access has been clearly established. (U.S. Department of Justice, Security and Emergency Planning Staff, Classified National Security Information: Reference Booklet, June 1998, pp. 1 and 3)