Review of the Terrorist Screening Center
(Redacted for Public Release)
Audit Report 05-27
Office of the Inspector General
The TSC call center employs call screeners who respond to queries from law enforcement, border, and intelligence agencies 24 hours a day, 7 days a week. As noted in Chapter 6, the TSC call center received an average of 85 calls per day in January 2005. To successfully meet their responsibilities, screeners need access to each supporting agency database in order to thoroughly perform searches and provide the most accurate response to the caller.
The demand for expedited response times promotes a fast-paced environment where high-quality data and effective database controls are crucial to safeguard the information available on the supporting databases, the data entered into the unclassified systems, and the quality of communication provided to TSC customers. As a result, call center staff need quality, on-going training to effectively accomplish their mission.
The TSC call center contains terminals connected to different agency databases, all of which can be accessed by the call screeners. These databases include TIPOFF, VGTOF, and TECS/IBIS/NAILS. State Department representatives who are co-located in the call center (but do not screen calls) also have access to CLASS, in addition to TIPOFF. The existence of such a large number of classified and unclassified databases in such a close environment underscores the need for strong controls. During the initial operations of the TSC, a limited number of call center staff had access to all of the supporting agency databases because security clearances had not been granted and because agencies had not yet approved additional staff for access to their databases.
Screeners routinely query names against the TSDB to check for any "hits," or matches within the database. They also use another database, called the Encounter Management Application (EMA), to record the details of all incoming calls to the call center, including what information they received from the caller, whether the information resulted in a match against the information in the TSDB, whether the caller was forwarded to CT Watch staff for further action, and the final disposition of the call.
Encounter Management at the TSC
The TSC uses the EMA, an Oracle-based program, to manage the data related to the calls received at the TSC regarding possible terrorism-related encounters. The EMA generates daily status reports of call information, which is reviewed by the TSCís Tactical Analytical Team to identify patterns or threatening circumstances. If any such patterns are identified, the TSC forwards this information to the appropriate intelligence agencies for further review.
The EMA was implemented in July 2004 to replace separate Oracle and Microsoft Access databases previously used by the TSC. Soon after the creation of the original Oracle database, TSC managers realized that the system required specialized programming to generate reports using the data it contained. Without these reports, tracking the various encounters with suspect individuals would have been difficult, and the opportunity to share the data with participating agencies would have been minimal. TSC officials told us that modifying the original Oracle database would have required IT personnel to divert their attention away from creation of the TSDB, which was not a viable option.
As a result, the TSC created a Microsoft Access Encounter Management database containing a duplicate set of the Oracle data, but with the ability to generate reports on daily, weekly, monthly, and cumulative call activity. In addition, this database generated detailed reports on: the calls received by state and local law enforcement; calls related to airline inquiries; the positive, negative, and inconclusive results from calls sorted by category; and reports on how many calls were referred to CT Watch. These standardized reports have been incorporated into the new EMA system.
We obtained a copy of the Microsoft Access Encounter Management database and selected a judgmental sample of 30 encounters occurring within the jurisdiction of the FBIís Chicago Field Office from the inception of the TSC on December 1, 2003, to July 25, 2004. For each encounter, we traced the communication and responsibilities of all parties involved from the time the call was received at the TSC. We gathered documentation from the TSC call center, the FBIís CT Watch, and the JTTF and Airport Liaisons attached to the FBI Chicago Field Office. While we found good communication between the agencies involved, we identified exceptions where coordination between agents handling an encounter could be improved. For example, in one of our sample encounters an individual was permitted to board a domestic flight despite being on the No-Fly list. In this case, CT Watch contacted previous and current case agents, who had conflicting information with regard to whether the individual was a threat to civil aviation. The CT Watch log did not reflect any further activity related to this matter, and the individual was allowed to board the aircraft. The local JTTF had no record of being contacted regarding this encounter.
In addition, we found poor quality controls in the supervision of TSC call screeners and poor data entry into both the Encounter Management database and the CT Watch Log.63 Specifically, we identified several instances where the information recorded on hard-copy Call Intake Forms was not appropriately transferred into the Encounter Management database. Examining the information transferred, we found data transposed and entered into wrong fields. Additionally, discrepancies existed between the data recorded by the TSC and that of the FBIís CT Watch. Examples of this include different recorded times of calls being forwarded and received, different flight times on subjects due to arrive in the United States, different contact persons for the applicable cases, and often little or no resolution of the encounter recorded in the TSCís Encounter Management database. We attributed the missing resolution detail to the lack of a status field in the TSCís Encounter Management database that supervisors could use to track the work flow and easily determine calls requiring follow-up action.
Currently, the TSC relies heavily on personnel provided by participating agencies for short periods of time. These individuals generally have a tour of duty lasting approximately 60 to 90 days. This results in rapid personnel turnover that, in turn, significantly increases the amount of training needed and by its nature results in a less experienced screener workforce.
Officials at the TSC stated that rotating staff is important to the mission of the TSC. According to TSC officials, the desired arrangement would be to have staff loaned to the TSC from federal law enforcement and intelligence agencies for 90 or more days to enable them to apply their investigative skills in assisting callers. TSC managers stated that having law enforcement experience helps the screener understand what the caller is experiencing, and helps them identify when the information provided presents an investigative concern. However, we found that some detailed staff members came to the TSC directly from their initial law enforcement training or post-military service and had little experience in law enforcement or intelligence work. In addition, the regular rotating of staff hampers the TSCís ability to provide seasoned personnel that have experience as TSC call screeners. Using inexperienced screeners also results in difficulties when relaying information to CT Watch staff. For example, we were informed that special agents at the FBIís CT Watch often ask to speak to a call center shift supervisor because the initial screener has not done an adequate job of conveying the appropriate information.
As previously discussed, training within the call center is a critical issue due to the constant turnover of non-permanent personnel. The TSC needs to repeatedly conduct clear and thorough training in order to ensure that calls are properly handled, database access is contained to appropriate use only, and data entry is completed securely.
During the course of our field work, we identified weaknesses in the training of call center personnel. First, because some of the call center managers are also on short-term loan from other agencies, the TSC has experienced difficulty in establishing a consistent, well managed training program with centralized oversight. In addition, we found that call center employees received sporadic and, at times, inaccurate training. For example, a call center manager we interviewed was unable to identify specific individuals tasked with providing training to all employees for each call center shift. Further, call center management was unable to provide assurances that screeners, while receiving training regarding the TSDB 1B system when it became operational, were told that they should continue using the TSDB 1A database for primary call screening. Training in this regard was important because the 1B database was still considered to be in a preliminary status and the TSDB 1A remained the primary call center database until the TSC discontinued it in April 2005. Based on our observation, TSC staff updated the training manual to specify the primary screening database.
The training provided to call screeners also needs to address the necessity of thoroughly searching the supporting system records in order to ensure that all pertinent information is relayed to the FBIís CT Watch for follow-up action. During the course of our review, we identified an encounter with an individual for which significant derogatory information existed in the TIPOFF database. Our review of the TSC Encounter Management database and the CT Watch Log showed no indication that this important information contained in the TIPOFF database was relayed to CT Watch for consideration and action. The individual in question was on the watch list because of concerns that the individual was a financial supporter of terrorism and was being considered for visa revocation based on the derogatory information. However, the individual was allowed to enter the United States, and the FBI took no follow-up action. Neither the State Department, TSC, nor CT Watch could provide adequate explanation as to why no further actions were taken to check the status of the individualís visa revocation or to contact the FBI for further review. Department of State representatives at the TSC informed us that the initial visa revocation packet was lost. However, when the packet was resubmitted three months after the encounter, the subjectís visa was revoked within one week.
According to State Department officials at the TSC, the situation described above was an unusual circumstance and does not reflect the manner in which visa revocations are normally handled. While we recognize that many parties were remiss in not taking proper action to resolve this situation, the TSC is the primary organization with responsibility to identify such information and make it available to those who need it.
Timeliness is critical when law enforcement encounters an individual, possibly a terrorist suspect, on the side of the road or when a plane is about to land in the United States and a potentially dangerous individual is on board. Neither the TSC nor CT Watch maintain records on the time that elapses between the key events of an encounter ó for example, when the TSC receives a call; when the call is forwarded to CT Watch; and the amount of time before instructions are provided to the caller, the call is resolved, and feedback is provided. A CT Watch official estimated that the response time, in general, has decreased from an average of about 45 minutes per traffic stop to approximately 20 minutes.
During our review of the Encounter Management database, we found that on many occasions more than an hour elapsed between the time a call was received in the TSCís call center and the time the call was referred to CT Watch for further action. Additionally, we found that calls had been received prior to a plane landing in the United States, but no contact was made with CT Watch or DHSís National Targeting Center until after the individual had been allowed to depart the aircraft. It is critical to ensure that no unnecessary delay occurs on any encounter.
We understand that the number of actions and queries the call screeners are required to perform affects the amount of time needed to resolve a call. However, we believe the TSC would benefit greatly from regularly tracking and monitoring these times to ensure that call screeners are responding to callers in a timely and useful fashion. Such tracking could also identify process improvements that can be implemented to save precious time.
Currently, call screeners use a manual Call Intake Form to record the information provided by a caller and then forward that information to CT Watch. When a call is forwarded to CT Watch or is considered a negative match with no further action required, the call screener enters the data from the form into the unclassified Encounter Management database. This redundant data entry is susceptible to transposition errors, missed data, and data inaccuracies. TSC managers informed us that they are taking steps to automate this process so manual Call Intake Forms will not be necessary.
When call screeners identify useful information in a supporting system, that information may be classified at the Confidential, Secret, Top Secret, or other level, depending on the source database for the information. This supporting material, while helpful, may inadvertently make its way into the TSCís unclassified databases and it is important to ensure that proper controls are in place to prevent this from happening.
We identified an incident where a classified portion of the CT Watch Log, which was appropriately marked, was copied verbatim by a TSC call screener into the unclassified Encounter Management database resolution. According to DOJ regulations, classified information must be appropriately marked and those markings must be carried forward to any newly created documents.
Upon our discovery of this incident, we immediately discussed our concerns with TSC officials, who informed us that classified material had been entered into the unclassified TSC Encounter Management database on at least three prior occasions. While the paragraph we identified ultimately was downgraded to unclassified by the FBI Security Complaints Division, the prior incidents all involved information that was ultimately decided to be classified as national security information. According to the information available, the corrective measures taken were limited to removing specific pieces of classified information from the database. Even with the frequency of such events occurring, TSC staff did not conduct a search for any additional classified information. None of the TSC officials available could provide complete information about these prior security incidents, including how they were first identified, because many of the individuals involved were assigned to the TSC on a temporary basis and were no longer detailed there. In our discussions with TSC managers about these issues, the officials expressed the need for a full-time security officer to replace the current individual detailed from the FBI.
It is evident from our review that certain functions in the encounter management process are causing a duplication of efforts. Upon the referral of an encountered individual for further review, CT Watch routinely re-checks all databases previously searched by the TSC call screener. CT Watch officials stated that this was necessary because of incomplete searches and inaccuracies in the data recorded by TSC call screeners in the early days of the TSCís existence. Because the result of these errors could ultimately result in an incorrect identity match, CT Watch saw the need to ensure the information was correct. While this appears to have been a necessary procedure to follow in order to ensure accurate information was provided to the caller, CT Watch officials have recently indicated that the quality of information they receive from the TSC call screeners has greatly improved and their current checks rarely reveal inaccuracies. However, all databases continue to be re-searched by CT Watch. This increases the amount of time CT Watch call screeners spend working on a particular encounter, and could potentially cause a time delay for the caller in the field. Upon the initial deployment of real-time connectivity to the TSDB, it would be advantageous to reduce the amount of duplication between the TSC and CT Watch call center procedures.
In addition to the duplication of efforts within the FBI, we identified further duplication between the TSC and the DHS. The NTC is the CBPís 24 hour, 7-day a week call center that provides operational support of the CBPís anti-terrorism efforts. Primarily staffed with personnel from within the DHS, the NTC assists both the TSC and CT Watch in the identification and apprehension of persons named within the TSDB. When an inspector or agent on the border queries the IBIS database (thereby also querying NCIC) on a particular encounter with an individual, they receive a response back informing them to call the NTC if the name of the individual is on the terrorist watch list. The NTC then calls the TSC to initiate the full screening process. TSC searches the individual in accordance with its customary procedures and passes any positive or inconclusive search results to CT Watch for further action. CT Watch then contacts NTC, which in turn contacts the agent on the border. We believe that this process results in a duplication of efforts and the efficiency of the process thereby suffers.
When a person has been encountered and call screeners find that the individual has mistakenly been identified as a hit against the consolidated watch list, the incident (or misidentification) is documented, reviewed by management, and provided to the TSCís Quality Assurance team for further action. The Quality Assurance team is to review the information and coordinate with the agency that nominated the record for inclusion in the database to determine what actions are needed to resolve the misidentification, including the possibility of removing a name from the TSDB.
According to TSC officials, the organization has recently established a process to accept referrals from other agencies of complaints or inquiries from individuals who are having difficulty in a screening process that may be related to the consolidated terrorist watch list. According to this process, the TSC Quality Assurance staff researches each individual case to determine if the individual is a misidentified person Ė that is, an individual who is mistaken for a watch listed person but is not actually a known or suspected terrorist. TSC managers reported that they are working with each screening agency to develop procedures for the various screening processes to help misidentified persons.
However, we found that these processes had not been articulated in a formal, written document clearly defining the protocols to be followed by TSC staff when addressing misidentification issues. Because of the serious impact of possible misidentifications, we believe the TSC should formally articulate procedures for handling misidentifications and train its staff on the proper way to manage these occurrences.
Screeners in the TSC call center respond to queries from law enforcement, border, and intelligence agencies 24 hours a day, 7 days a week. These screeners access multiple systems and a wide array of data and have direct responsibility for providing accurate information to front-line officers expeditiously. However, management of the call center and its staff is in need of improvement. It is essential that the TSC provide adequate training to these individuals and we feel that the execution of this function has been lacking. We observed instances in which TSC call center staff did not relay important information to CT Watch or other responding law enforcement agents. In addition, call center staff appear to be insufficiently trained in the proper handling of classified national security information and entry of information into the TSC Encounter Management database.
We recommend that the TSC: