Review of the Terrorist Screening Center
(Redacted for Public Release)
Audit Report 05-27
Office of the Inspector General
The TSC has successfully created a consolidated database of unclassified watch list information from supporting agency systems. However, the accuracy and completeness of the information contained in the database is as critical as the consolidation effort itself. There is little room for error because a single name omitted from the TSDB could result in a suspected terrorist successfully applying for a visa, being admitted to the United States, or failing to be identified when stopped for a traffic violation.
One of the TSCís primary goals under HSPD 6 was to maintain thorough, accurate, and current information. Although the TSC does not create terrorist-related information, it is responsible for ensuring that all necessary terrorist-related information maintained by NCTC and the FBI is transferred to the TSC and accurately maintained in its consolidated database.
Our review of the accuracy and completeness of the terrorist watch list was divided into two separate tracks. First, we analyzed the consolidated database as a whole, including a review of the number of records in the database, any duplication that existed within those records, the fields of information available for screeners to view on the TSDB 1A and 1B screens, and the population of those fields within the databases. We also reviewed the descriptive categories and handling instructions that are applied to each record within the database. Second, we tested individual records within the database for accuracy and completeness. This included reviewing a sample of FBI and NCTC records from the respective agency databases (i.e., VGTOF and TIPOFF) and tracing them forward to the TSDB 1A and 1B to determine if complete and accurate information was carried forward into the TSDBs. Additionally, we reviewed a sample of the forms FBI agents use to nominate individuals for inclusion in the consolidated database, and traced those forms to the TSDB to determine if the individuals were, in fact, included in the database and that the information was accurate. We also checked known terrorist names against the TSDB 1A and 1B to determine whether those individuals were in the database.54
We first reviewed the TSDB 1A and 1B to gain an overall understanding of its contents. This included reviewing the number of records that each database maintained and the structure for each record. In addition, we analyzed the types of categories and handling instructions assigned to individual terrorist records. Our review found several problems, including inconsistent record counts, duplicate records within the consolidated database, limited identifying information shown to screeners on the TSDB 1A and 1B screens, lack of needed fields within the TSDB, and weaknesses related to the instructions for handling encountered individuals as well as the descriptive information related to the type of threat posed by subjects in the database.
On October 22, 2004, NCTC officials estimated that there were approximately 170,000 unique individuals who were known to the U.S. government as known or suspected terrorists or as having ties to terrorism. As of January 2005, the TSDB 1A and 1B included a total of 455,002 and 237,615 active records, respectively. Both databases include unique individuals and aliases. Since both databases were maintained and updated simultaneously, theoretically both should have had the same number of records. However, as indicated above, we found a difference of 217,387 records between the two databases in January 2005.
According to TSC officials, this disparity resulted from the immediate need during the earliest days of the TSC to develop a comprehensive database (TSDB 1A) of potentially high-risk suspects. Accepting records directly from numerous databases resulted in duplicate records being imported into the TSDB 1A. Further, TSC officials said the complex task of consolidating large and often incompatible data systems required accepting less than optimal data. For example, in creating the TSDB 1A, the TSC imported records directly from the Treasury Enforcement Communications System (TECS), thereby receiving records that were unique to TECS and were not included in its sub-systems Ė the Interagency Border Inspection System (IBIS) or the National Automated Immigration Lookout System (NAILS). These unique TECS records were not included in the 1B database because, according to TSC staff, they had not been provided to NCTC and there was significant concern about the quality of the records.
TSC officials informed us in early March 2005 that they had successfully addressed the significant difference in record counts between the TSDB 1A and 1B. They reported that they reduced the difference to about 40,200 records existing in TSDB 1A but not in TSDB 1B. This group of records has undergone initial review and the TSC stated that it consists of 39,000 records awaiting additional vetting by NCTC and 1,200 that will require manual correction at the TSC.
The use of unique identifying numbers in a database is an important internal control for minimizing duplicate records. According to TSC officials, both the TSDB 1A and 1B assigned unique identifying numbers for every record added to the databases. Likewise, TIPOFF records, including all aliases, each have a separate unique identifier.
However, the VGTOF database assigns a distinct record number to each individual in the database, and known aliases or varying identifying information for the individual are recorded within the original record. When included in the TSDB, a new record is created for every combination of identifying information contained on a VGTOF record. For example, two dates of birth listed on one VGTOF record for an individual would be included in the TSDB as two records Ė one for each date of birth. As a result, both of these records in the TSDB will show the same VGTOF number, while each will have a unique TSDB record number.
The TSDB should not contain multiple records with the same TIPOFF or TSDB record number; however, it is possible to have multiple records with the same VGTOF number. Further, each record within the TSDB should represent a unique combination of identifying information for an individual. For example, an individual who [SENSITIVE INFORMATION REDACTED] would have two records, each with the same [SENSITIVE INFORMATION REDACTED]; however, the [SENSITIVE INFORMATION REDACTED] would be different. The TSDB should not contain multiple records with completely identical identifying information. In addition, because aliases refer to the same individual, the databases to which an individualís record should be exported (e.g., CLASS, IBIS, VGTOF) and the instructions regarding how the individual is to be handled should be the same.
Duplicate records within the TSDB can cause a time-consuming and possibly confusing experience for screeners when researching a specific individual. The call screener can mistakenly rely on one record while a second, more complete record may be ignored. This can result in important information being missed. Also, if update information is transferred for a record in the TSDB 1B that has duplicate entries, then one of the duplicate records may be updated while the other may not. This situation would result in two identical record numbers containing different information.
We attempted to determine whether duplicate records existed within the TSDB 1B.55 Although we did not identify duplicate TSDB 1B numbers, we did find duplicate records. We found 31 records that had duplicate information in five core identifying fields [SENSITIVE INFORMATION REDACTED]. Of these, 15 records also had duplicate TIPOFF record numbers.
Our review of the duplicate records revealed that six contained different information describing the individualsí association with terrorism. For example, for one set of duplicates one record reflected that the person was "Likely to Engage in Terrorism if Enters in U.S." while the other record reflected that the same individual "Provides Support, Safehouse, Weapons, Funds, ID, etc." An additional 16 records had either conflicting or missing handling instructions. These descriptions and instructions are used by the front-line law enforcement officers to assess and determine the level of threat posed by the individual encountered and help to protect the safety of these officers. Therefore, it is essential that this information be accurate and consistently applied to all records related to one individual.
In addition to the 31 duplicate records, we found 4 records for which the "unique" TIPOFF record number was duplicated, but for which the 5 core fields were not all the same. The TSC could not explain how this occurred.
In our review of the duplicate records, we also identified instances where instructions for which database a record was to be included were omitted, conflicted, or not applied. For example, on multiple occasions records nominated for inclusion on the TSA No-Fly list were not forwarded to that list. However, associated records (such as aliases) that similarly were nominated for the No-Fly list were, in fact, included on the list.
Overall, the TSC could not explain why duplicate records existed in the TSDB 1B. Based upon our observations and analyses, one probable cause for some of the duplicative information was the transfer of the FBIís data on international terrorist records from the VGTOF to NCTC. At the time the TSC established the consolidated database, NCTC was not receiving international terrorist records from the FBI because the agencies had not yet come to agreement on the terms of information sharing. As a result, to implement and maintain the most accurate and comprehensive database of terrorist information, TSC officials decided to include international terrorist information directly from the FBI. When the FBI later transferred its international terrorist records to NCTC, the volume of data, coupled with the excessive manpower required to review each record, precluded NCTC from reviewing each record to ensure that it did not forward any duplicate or outdated records to the TSC. TSC officials indicated that they plan to address this issue by manually reviewing and deleting any duplicate records that have been created as a result of this process and updating any outdated information. We believe that the TSC should regularly perform queries of its consolidated watch list database to ensure duplicate records are not being created.
Although we had been informed that the TSDB 1B was created with information solely from the FBI and NCTC, we found five records in the database that were not derived from the NCTC or FBI databases. IT contractors at the TSC could not explain why these records were included in the 1B database if they did not come from either of the primary source systems. This is significant because the TSDB is an index of summary information owned by other agencies, and it must be able to identify the source of records in order to obtain necessary supporting information and appropriately assist law enforcement. TSC managers said they would look into this matter, but as of March 2005 had not provided an explanation for this situation.
For each of the international terrorist names included in the two TSC databases, an Immigration and Nationality Act (INA) code is assigned by NCTC that provides a description of how a specific individual is associated with international terrorism. There are 25 different INA codes that can be assigned to each international terrorist record in TIPOFF, but the system includes controls to ensure that only one INA code is assigned; 8 of the codes indicate that the individual should be considered armed and dangerous. This data is subsequently transferred to the TSC for inclusion in the consolidated databases. The following table displays the distribution of records in the TSDB 1B according to the INA code.
In reviewing the descriptions of the 25 INA codes, we found that they do not appear to be mutually exclusive and that a suspected terrorist may fit more than one category. The TSDB does not allow for more than one INA code to be applied to each record. Consequently, this restriction may limit the amount of descriptive information available on particular records in the consolidated database.
Records originating from the FBI do not contain INA codes because the categories were developed for the purpose of assigning an identifier to aliens. In an effort to make TSDB record structures consistent for both foreign and domestic records, the TSC directed the FBI to assign one of three possible codes to the data it sent to the TSC. The FBI developed a program that automatically assigns one of the three INA codes to a domestic terrorist record based on the existing handling instructions. This automated process occurs every time new domestic terrorist records are transferred to the TSC. The Director of the TSC explained that the purpose of assigning an INA code to domestic terrorist records entered into the TSDB 1B was to have a single standardized method for identifying the type of terrorist threat presented by each subject in the database.
In our opinion, the three codes currently being used do not provide an adequate description of domestic terrorist activities. We recognize the TSCís objective of standardizing the use of descriptive codes, but using descriptions more applicable to international terrorist activities to describe domestic terrorist activities diminishes the usefulness of the coding system. Instead, we believe that specific descriptions of domestic terrorist activities should be developed and applied to domestic terrorist records.
As noted previously, one of the benefits from the TSCís efforts to develop the TSDB is that the sharing and consolidation of all available watch list information puts law enforcement personnel in a better position to take appropriate action when individuals are identified. The TSC has attempted to provide law enforcement personnel with the necessary handling instructions for individuals whose names appear in the consolidated database. According to TSC officials, all records in the consolidated watch list database should have a handling code assigned.56 FBI agents nominating a record for inclusion in the VGTOF and other databases assign a handling code based on the information available about the individual, including whether a valid arrest warrant exists or if the person is considered armed and dangerous. For international terrorist records received from NCTC, the TSC assigns a handling code based on the designated INA code, the extent of identifying data available, and any other information that may be related to how the individual should be treated.
Missing Handling Codes
Based on our review, we found that 336 records in a subset of 109,849 did not have a handling code assigned.57 Of these records, at least 160 of the individuals were described as armed and dangerous, according to the designated INA codes. It is important that the appropriate handling code be assigned to each record so that law enforcement officers are adequately protected.
INA Codes vs. Handling Codes
For records in the TSDB 1B, we compared the INA codes to the handling instructions in the database to determine if the two corresponded. In our small sample of VGTOF records, we found several instances where records had handling instructions that did not correspond to the level of threat indicated by the descriptive category. For example, we identified at least 19 instances where records were categorized with INA codes designated as "armed and dangerous" but the records had handling instructions that were applicable for individuals requiring the lowest level of law enforcement response.58 In addition, we found 12 instances where INA code 5, a designation applied to group members not considered to be armed and dangerous, was applied to handling codes 1 and 2, which require the highest level of safety precautions due to the more significant threat the subjects may present.
We found that the INA codes were misapplied because of a problem with the FBIís programming language used to transfer records from VGTOF to TSDB 1B. For each VGTOF record sent to the TSC for inclusion in the TSDB, the TSC requested that the FBI assign an INA code based on the previously assigned handling code. The TSCís protocol for assigning handling codes to records with pre-existing INA codes stated that if a subject was issued a non-armed and dangerous INA code, then a handling code 4 was to be applied, which is representative of the lowest level of law enforcement response. According to FBI officials, the opposite message was communicated for assigning INA codes to records with pre-existing handling codes. FBI officials stated that they were told to apply an armed and dangerous INA code to records designated handling code 4 and a non-armed and dangerous INA code as a default to all other handling codes. When notified of our concerns, the TSC Quality Assurance staff acknowledged that the wrong INA codes had been applied to the VGTOF records, and the Director of the TSC informed us that she would look into this matter.
The results of this test led us to perform a search on the entire 1B database to determine the general consistency between INA and handling codes. We found at least 31,954 records with INA codes that were categorized as "armed and dangerous" but had handling codes conveying instructions applicable for individuals at the lowest level, which does not require the encountering law enforcement officer to contact the TSC or any other agency. As shown in the following table, the INA codes for some of these records described these individuals as: 1) having engaged in terrorism; 2) likely to engage in terrorism if they enter the United States; 3) hijacker; 4) hostage taker; 5) [SENSITIVE INFORMATION REDACTED]; and 6) user of explosives or firearms.
At the time of our field work, TSC officials could not explain this apparent mismatch, but informed us that they would look into this matter. This situation, which represents a weakness in the database and places front-line law enforcement officers in a vulnerable position, should be addressed as quickly as possible.
During our review, we found that records in the TSDB 1A contained different identifying fields than records in the TSDB 1B. The following table compares the available fields for a given record in each database.
TSC officials explained that they are working to increase the available fields in the 1B database. As discussed in Chapter 5, TSDB 1B was programmed to include additional information fields, such as specific biographical data, but these fields have not yet been enabled.
In addition, during our testing of the TSDB 1A database, we found that for domestic terrorist records, certain fields of information were all consistently omitted from the screen display even though this data was maintained in the database. Therefore, although the TSDB 1A was capable of displaying eight possible fields of information, as few as three were often displayed. This left the screeners with limited data to make initial determinations of potential matches. TSC IT personnel were previously unaware of the limited screen information and said that the screen interface was not programmed correctly to display all of the information to screeners. The TSCís failure to recognize this shortcoming is another example of the weaknesses in IT management, which were discussed in Chapter 5.
In our review of the TSDB 1B, we found that there were no separate fields specifically designated to identify [SENSITIVE INFORMATION REDACTED]. This type of information is important when attempting to verify the identity of an individual. Currently, the [SENSITIVE INFORMATION REDACTED] field in the 1B database is closely related to the [SENSITIVE INFORMATION REDACTED] field. [SENSITIVE INFORMATION REDACTED] We found this use of the [SENSITIVE INFORMATION REDACTED] field for recording the [SENSITIVE INFORMATION REDACTED] of an individual to be inconsistent with the title of the field. The fact that one database field can reflect two very different sets of information makes the field vulnerable to errors. In addition, the information is subject to misinterpretation by screeners who are using the information in the data fields to identify potential terrorists. We believe that this dual usage of the [SENSITIVE INFORMATION REDACTED] field should be corrected with separate fields that specifically identify the [SENSITIVE INFORMATION REDACTED].
We reviewed the information contained in the TSDB 1A and 1B to determine whether the databases were complete, accurate, and properly consolidated. Using formulated queries, names of known or suspected terrorists, and judgmental samples pulled from the two primary supporting databases, we assessed the completeness and accuracy of the information contained within the consolidated database, the timeliness of the information consolidated, and other issues related to the database.
To perform our tests of TSDB 1A and 1B records, we selected judgmental samples from the TIPOFF and VGTOF databases and traced them forward to the consolidated database, verifying whether the unclassified information contained in the source records was accurately transferred to and displayed in the TSDB 1A and 1B. We also performed testing on nominated additions, modifications, and deletions from the FBI to determine the timeliness of the resultant actions and to assess the completeness and accuracy of the changes made. Further, we searched selected known or suspected terrorist names in the TSDB to ensure they were included in the consolidated database. The results of our findings are discussed below.
To verify the completeness and accuracy of VGTOF records maintained within the TSDB 1A and 1B, we judgmentally selected a sample of 59 records (for 58 individuals) from a universe of 104,116 VGTOF records as of August 2004. Our sample of records was traced forward to the 1A and 1B databases to ensure that each record was included in the consolidated database and that all pertinent, unclassified information intended for inclusion in the TSDB was present. Our analysis found all 59 records contained in the TSDB 1A. However, eight of these records, all for different individuals, were missing from the TSDB 1B. In addition, 5 records in our sample of 59 contained inaccuracies in record content between the information contained within the VGTOF database and information in the TSDB 1B. The omissions and inaccuracies of these records resulted from problems in a number of different areas and are explained in detail in the following sections.
VGTOF File Not Sent to the TSC
On a daily basis, the TSC receives updated files from VGTOF for inclusion in the TSDB 1B. During our testing of the 59 sample records, we identified 2 VGTOF records that were not included in the 1B database. We contacted the FBIís Criminal Justice Information Services (CJIS) Division, who informed us that these records existed on a June 11, 2004, update file that ultimately was never sent to the TSC.59 CJIS officials said this resulted from a lack of back-up coverage when the individual normally responsible for sending the update file to the TSC was out of the office. Upon closer examination of the update file that was not sent to the TSC, we found that the file contained 12 new records (representing 6 separate persons, 2 of whom were in the records we identified as missing from the database) and 8 modifications to existing records (representing the records of 4 separate persons).
Technological Difficulties with NCTC
As previously discussed, HSPD 6 directed that all terrorist information in the possession of the U.S. government, with the exception of purely domestic terrorist information, must be provided by federal departments and agencies to NCTC for inclusion into its database. The MOU resulting from HSPD 6 called for NCTC to serve as the primary data source for the TSCís consolidated database, with the exception of purely domestic terrorist information that would be provided by the FBI. As a result, NCTC took control of the State Departmentís TIPOFF database in November 2003 to serve as the central repository for all international terrorist information. However, because the FBI possessed international records prior to the establishment of NCTC, it was necessary for NCTC to obtain this data from the FBI. This data, originally housed in the FBIís VGTOF database, was sent electronically to NCTC for inclusion in the TIPOFF database. The records subsequently would be sent electronically to the TSC for inclusion in the TSDB.
The NCTC experienced a number of technical difficulties in uploading the VGTOF data file into TIPOFF. As a result, the information was delayed from inclusion in the TSDB 1B for approximately one month. We identified a total of 6 records from our sample of 59 that were not included in the TSDB 1B for this reason. A second search for these records a month later found that all but one of the records had been added to the database. One record remained unaccounted for, and the TSC could provide no explanation as to why this record was missing from its database. When we questioned TSC officials about NCTCís difficulties, they expressed little knowledge of the problem. As a receiver of such vital information, the TSC needs to establish procedures to identify potential barriers to the timely receipt of these important terrorist records. We estimate that the NCTC uploading difficulties may have affected a total of 20,000 records, a significant number of records for which the TSC does not have a suitable level of assurance.60
Missing or Conflicting VGTOF Data
Our analysis further revealed that important and relevant information within the 59 sampled VGTOF records was not always included on records in the TSDB. In other instances, the information was incorrect. Specifically, VGTOF contains a miscellaneous text field that, while not searchable because of its format, often provides important identifying information that could be missed by the TSC or information that conflicts with the TSC record information. One VGTOF record within our sample contained information in the miscellaneous field indicating that the subject was not a U.S. person, while the TSC record indicated that the subject was a U.S. person. Conflicting information such as this can confuse screeners and possibly contribute to the misidentification of an innocent person, or the inappropriate release or admittance of a dangerous individual.
Two additional records within our sample included text in the miscellaneous field identifying the subjects as [SENSITIVE INFORMATION REDACTED]. However, the TSDB 1B records showed the individuals as U.S. persons with no additional information provided. TSC and CJIS officials also attributed this situation to the programming of the TSDB 1B database. As previously reported, the [SENSITIVE INFORMATION REDACTED] field in the TSDB 1B database is closely related to the [SENSITIVE INFORMATION REDACTED] field. The two sample records mentioned above did not contain a [SENSITIVE INFORMATION REDACTED], and therefore should have reflected the individuals as [SENSITIVE INFORMATION REDACTED].
Another sampled VGTOF record identified a [SENSITIVE INFORMATION REDACTED] in the miscellaneous column that was not reflected in the TSDB record. CJIS officials explained to us that [SENSITIVE INFORMATION REDACTED] were erroneously entered into the miscellaneous field instead of the [SENSITIVE INFORMATION REDACTED] field when FBI field agents entered the data directly into VGTOF. As a result, unless the TSC specifically searches the miscellaneous text field, any information that was incorrectly entered into the miscellaneous field will be missed. The TSCís assumption of responsibility for the VGTOF file records in August 2004 should reduce similar data entry errors because FBI field personnel no longer have the ability to directly enter information. However, the TSC will need to ensure that past data entry problems do not limit the amount or quality of data contained within the TSDB records.
One record within our sample of VGTOF records showed text in the miscellaneous field that stated the individualís reported biographical data may not be accurate. TSC screeners may miss such important information unless the TSC establishes procedures to require review of the miscellaneous text field of each VGTOF record in order to identify such potentially useful information.
TSC-Identified VGTOF Errors
We were informed during initial interviews with the TSC Chief of Operations that, upon establishment of the TSC call center, the VGTOF data was tested for accuracy and was found to possess a 40 percent error rate based on a sample of 20 records. Errors were said to exist mainly in the handling codes, and we were told that NCIC was responsible for fixing the problem. At the time, the VGTOF database contained approximately 15,000 names. While we did not perform this test, we considered this information when we performed our own testing of the VGTOF database to assure that an accurate representation of the information contained in the database was reported. TSCís Chief of Operations at the time of our inquiry informed us that the FBIís Counterterrorism Division had been informed of the problem and the FBI issued an Electronic Communication directing its field offices to immediately "clean-up" the record information.
However, we learned later from the TSC Quality Assurance staff that no follow-up action had been taken by the TSC to ensure the VGTOF data had been corrected. In our opinion, the TSC needs to follow up to ensure that other FBI units have taken the necessary steps to correct erroneous information.
To determine the completeness and accuracy of TIPOFF records maintained within the TSDB 1A and 1B, we judgmentally selected a sample of 51 records (all separate individuals) from a universe of 185,628 TIPOFF records as of August 2004. Our sample was traced forward to the 1A and 1B databases to ensure that each record was included in the consolidated database and that all pertinent, unclassified information was present. From our analysis, we found that 2 of the 51 records were missing from the TSDB 1A. This appeared to result from record deletion, although as stated previously the 1A database does not maintain an audit trail of changes. In addition, 3 records from our sample of 51 were missing from the TSDB 1B. We also identified that 12 records in our sample contained inconsistent information when compared against the records in TSDB 1A and 1B. The omissions and inaccuracies of these records resulted from a variety of problems that are discussed in the following sections.
TIPOFF Records Missing from TSDB
Our review of the TIPOFF records traced to the consolidated database identified active records in TIPOFF that had been deleted from the TSDB 1B, as well as active TIPOFF records that had never been included in the 1B database. Because the entire contents of TSDB 1A were overwritten on a daily basis, no history was retained in the 1A database to determine if the records deleted from 1B had ever existed within 1A.
TIPOFF records sent to the TSC marked for deletion from the consolidated database often result when an individual no longer is considered a threat to the U.S. government. When a record is sent for deletion, the TSC nominations staff receives a prompt on the electronic NCTC file to delete the record. However, NCTC retains the original record in its system but deactivates the record by excluding it from the TSDB and other supporting systems. Our review of a sample of the TIPOFF records revealed two records that were not in the TSDB 1B but did reflect, through the historical information available, that the records had been included in the 1B database in the past. Each of these records was appropriately denoted as being exempt for inclusion in the TSDB.
Records missing from the TSDB that were active within the TIPOFF database and which had been marked for inclusion in the TSDB require further examination. We identified three such instances of active TIPOFF records that should have been included in the TSDB. In these three instances, the TSDB 1B did not contain a history of the records ever being included in the 1B database. Officials at the TSC informed us that they are unsure of the reason why these TIPOFF records were missing from the TSDB 1B.
To maintain a complete and accurate subset of all terrorism watch list related information, the TSDB must contain all records possessed by the U.S. government related to individuals who may pose any level of terrorist threat. A record not passed to the TSC for inclusion in the database and other supporting systems creates vulnerability should that individual be encountered and contributes to the incomplete status of the TSDB.
Missing or Conflicting TIPOFF Data
Our trace of the TIPOFF records within the TSDB revealed a number of discrepancies in the content of record data within the two databases. Again, we identified errors related to the [SENSITIVE INFORMATION REDACTED] field in the TSDB 1B database being closely related to the [SENSITIVE INFORMATION REDACTED] field. For one record in our sample, [SENSITIVE INFORMATION REDACTED]. However, upon our review of this record in the TSDB 1B database, we identified that [SENSITIVE INFORMATION REDACTED].
We also identified two instances where a TSDB 1A and/or 1B record did not accurately reflect important identifying information contained in the source TIPOFF record. Specifically, one TIPOFF record in our sample showed the particular individual as a male with no listed date of birth who had an INA code 89, "Lost/Stolen Passports." The related TSDB 1B record showed this individual as a female with a date of birth who had an INA code 5, "Group Member." The TSDB 1A record for this individual showed the individual with the same date of birth and a description of "FTO Member," short for Foreign Terrorist Organization Member.61 The second instance mentioned showed a TIPOFF record with an INA code 2, "Any Other Unlawful Activity," while the related TSDB 1B record was applied an INA code 89, "Lost/Stolen Passport." No warning was shown in the 1A database for this record.
Additionally, we found nine instances where no warning was reflected on the TSDB 1A screen for TIPOFF records within our sample. Of those instances, seven records had no handling code either.
Such a large database requires significant controls to ensure that the information contained within the system maintains the highest level of integrity, both in its completeness and accuracy, as well as its ability to provide users with the most current information available. We feel that the TSDBs display several vulnerabilities in controls over data validity and integrity.
The FBIís Terrorist Watch and Warning Unit (TWWU) receives requests from FBI field agents to include an individual with ties to terrorism into the appropriate federal databases. These requests are provided on nomination forms, which indicate whether the request is an initial submission, a supplement to the initial submission, or a request for removal from the databases. We selected for review nine nomination forms based on TWWU completed activity and the type of requests made.
From our analysis of this limited number of transactions, we determined that nominations to the consolidated database could be untimely, sometimes resulting in delays of up to 45 days. The delay in entering this information into the consolidated database presents a vulnerability to the screeners in correctly identifying an individual, and contributes to the incompleteness and inaccuracy of the database as a whole. In addition, the TWWU is making errors in the delivery of the nomination forms to the appropriate agency for inclusion into the applicable database. For example, one form was submitted to the TWWU on August 26, 2004, to nominate an individual related to domestic terrorism for inclusion in the VGTOF database. This nomination form was reviewed by the TWWU and, instead of being provided to the TSC for data entry into the VGTOF database, the form was incorrectly provided to NCTC. The NCTC mistakenly included this purely domestic matter into the TIPOFF database. On September 9, 2004, the TSC received NCTCís regular electronic file of updated records and uploaded this particular record into the TSDB. On October 1, 2004, the day we identified this error, NCTC sent its regular electronic update file with a deletion prompt for the record. As a result, the record was deleted from the TSDB. At that time, the TSC Nominations Unit staff called the TWWU to request the nomination form so they could appropriately enter the record into the VGTOF database from which they would correctly upload the record into the TSDB. This example shows that these errors can cause a lengthy delay in the inclusion of terrorist records in the TSDB and supporting databases. These mistakes can cause incompleteness in the consolidated database, which can create a security vulnerability.
We performed limited testing on the TSDB 1A and 1B to determine if publicly known terrorists were included in the consolidated database. We selected for our review a total of 39 names: 14 from news media accounts, 19 from the FBIís Most Wanted list, and 6 from the DOSí List of Terrorists under Executive Order 13224. We searched both TSDB 1A and TSDB 1B for these 39 names. Our analysis concluded that 37 of the 39 names were in both the TSDB 1A and 1B. Of the two remaining names, one was recorded accurately in the 1A database but contained significant spelling variations in 1B; the other name was included only in TSDB 1A where the individual was identified as armed and dangerous. These latter two names both originated from the DOSí List of Terrorists under Executive Order 13224. TSC officials said they regularly checked their database against names reported in the news, broadcast on television, or included on lists such as the FBIís Most Wanted.
Our review of the 39 known terrorist names also revealed that TSDB records for five of the individuals were not marked for export to the appropriate receiving databases. It is critical that the TSC develop strong controls to ensure that each name in the TSDB is appropriately marked for export to the relevant supporting systems so necessary actions are taken if the individual encounters a law enforcement officer. The omission of a watch listed name on any one of the applicable supporting databases could result in a failure to identify and detain a potential terrorist in the United States.62
The TSC maintains information from an array of organizations to fulfill its mandate to maintain a complete, accurate, and thorough consolidated database of terrorist information. Our review of the consolidated watch list identified a variety of issues that contribute to weaknesses in the completeness and accuracy of the data, including variances in the record counts between TSDB 1A and 1B, duplicate records, missing or inappropriate handling instructions or categories, missing records, and inconsistencies in identifying information between TSDB and source records.
The TSC must establish a mechanism for regularly testing the information contained within the consolidated databases. A database containing such vast amounts of information from multiple government agencies cannot be maintained successfully without standard procedures to ensure that the information being received, viewed, and shared is of the utmost reliability.
We recommend that the TSC: