Follow-up Audit of the Terrorist Screening Center

Audit Report 07-41
September 2007
Office of the Inspector General


Prior to the establishment of the Terrorist Screening Center (TSC), the federal government relied on at least a dozen separate terrorist watchlists maintained by different federal agencies. The TSC was created by Homeland Security Presidential Directive-6 (HSPD-6), signed on September 16, 2003. In that directive, the TSC was required to integrate the existing U.S. government terrorist watchlists and provide 24-hour, 7-day a week responses for agencies that use the watchlisting process to screen individuals who, for example, apply for a visa, attempt to enter the United States through a port-of-entry, attempt to travel internationally on a commercial airline, or are stopped by a local law enforcement officer for a traffic violation. HSPD-6 mandated that the TSC achieve initial operating capability by December 1, 2003.

The TSC is a multi-agency organization administered by the Federal Bureau of Investigation (FBI). Following the issuance of HSPD-6, the Attorney General, the Director of Central Intelligence, and the Secretaries of the Department of Homeland Security (DHS) and the Department of State (State Department) entered into a Memorandum of Understanding (MOU) describing the new organization and the level of necessary cooperation, including the sharing of staff and information from the four participating agencies. The MOU stipulated that the Director of the TSC would report to the Attorney General through the FBI and required that the Principal Deputy of the TSC be an employee of DHS. Since fiscal year (FY) 2004, the participating agencies have shared responsibility for funding and staffing the TSC, and for FY 2007 the TSC has a budget of approximately $83 million and 408 positions.20

In June 2005, the Department of Justice (DOJ) Office of the Inspector General (OIG) issued an audit report that examined the TSC’s operations from the time of its inception.21 The OIG reported that although the TSC had made significant strides in becoming the government’s single point-of-contact for law enforcement authorities requesting assistance in identifying individuals with possible ties to terrorism and had developed a consolidated terrorist watchlist database, the TSC had not ensured that the information in that database was complete and accurate. For example, we found instances where the consolidated database did not contain names that should have been included on the watchlist. In addition, we found inaccurate or inconsistent information related to persons included in the database. In that review, we also found problems with the TSC’s management of its information technology (IT), an integral part of the terrorist screening process.

TSC officials attributed some of these deficiencies to the immediate need during the earliest days of the TSC to develop a comprehensive database of potentially high-risk suspects. TSC officials explained that blending different types of data in various formats from multiple sources with varying technological infrastructures had resulted in data inconsistencies and inaccuracies. In addition, technology challenges and frequent record additions, deletions, and modifications affected the TSC’s ability to ensure the quality of the watchlist data. Our report included 40 recommendations to the TSC addressing areas such as database improvements, data accuracy and completeness, and staffing.

The purpose of our current follow-up review of the TSC was to determine if accurate and complete records are disseminated to and from the watchlist database in a timely fashion, as well as to assess the TSC’s current processes for ensuring the quality of the known or suspected terrorist information. Further, we examined the TSC’s efforts to minimize the impact on individuals misidentified as watchlist subjects.

Purpose of the Consolidated Watchlist

One goal of the nation’s counterterrorism efforts is to identify suspected terrorists and keep them out of the United States and from harming U.S. citizens both at home and abroad. An essential element of these efforts is the maintenance of a consolidated watchlist containing the names of known and suspected terrorists. This consolidated watchlist should include the most current and complete information and not contain inaccurate, inconsistent, or inappropriate information. Further, similar names and limited information in the watchlist can impair a frontline screening agent (such as a border patrol officer, visa application reviewer, or local police officer) from distinguishing between a suspected terrorist and a mistakenly identified individual. Deficiencies in the terrorist watchlist information also increase the opportunity for a terrorist to go unnoticed or not be properly handled when encountered. Additionally, inadequate information increases the possibility of individuals being misidentified as terrorist watchlist subjects and thereby being detained for more rigorous screening procedures.

Overview of Watchlist Nomination and Screening Processes

When a law enforcement or intelligence agency has identified an individual as a potential terrorist threat to the United States and wants that individual watchlisted, the source agency must nominate that person for inclusion in the consolidated watchlist maintained by the TSC. Similarly, as additional information is obtained that either enhances the identifying information or indicates that the individual has no nexus to terrorism, the record should be either updated or deleted.

All nominations from source agencies to the consolidated watchlist are vetted through the FBI or the National Counterterrorism Center (NCTC).22 Analysts at NCTC or the FBI review the nomination information and decide whether or not the person is an appropriate candidate for inclusion on the consolidated watchlist. This review includes an evaluation of the information supporting the nomination, an examination of the quality and accuracy of the identifying information, and an examination of whether sufficient identifying information is available.23 The FBI and NCTC are responsible for providing the TSC an unclassified subset of identifying information for individuals known or suspected to be or have been involved in activities related to terrorism.24

The TSC shares the terrorist information contained in its Terrorist Screening Database (TSDB) by exporting or sending data “downstream” to other screening systems, such as the State Department’s Consular Lookout and Support System (CLASS), DHS’s Interagency Border Inspection System (IBIS), the Transportation Security Administration’s (TSA) No Fly list, the FBI’s Violent Gang and Terrorist Organization File (VGTOF) within its National Crime Information Center (NCIC) system, and others.25 Watchlist information is then available for use by U.S. law enforcement and intelligence officials across the country and around the world.

Personnel working for these organizations routinely encounter individuals as part of their regular duties during various government processes. For example: (1) DHS agents of the U.S. Customs and Border Protection (CBP) agency examine individuals at various U.S. ports-of-entry and search IBIS to determine if a person can be granted access to the United States, (2) State Department officials process visa applications from non-U.S. citizens wishing to visit the United States and search CLASS to determine if the individual should be granted a U.S. visa, and (3) state and local law enforcement officers review the identifying information of individuals encountered through the criminal justice system and query the FBI’s NCIC system. In turn, these databases contain terrorist watchlist records so that the federal, state, and local law enforcement screening agents can identify persons that the U.S. government has determined are known or suspected terrorists.

An overview of the flow of watchlist information from nominating agencies to the TSC and ultimate distribution to downstream screening databases is displayed in Exhibit 1-1.

Terrorist Watchlist Dataflow Diagram

[Image Not Available Electronically]

Source: The National Counterterrorism Center

Screening Activities and Hits Against the Terrorist Watchlist

When a name appears to be a match against the terrorist watchlist, requestors receive a return message through their database informing them of the preliminary match and directing them to call the TSC. When a call is received, TSC staff in the 24-hour call center assist in confirming the subject’s identity.

To do this, the TSC Call Center staff search the TSDB and supporting databases to locate any additional information that may assist in making a conclusive identification. The caller is immediately informed of any negative search result – such as the subject of the inquiry does not match the identity of an individual on the watchlist.

In general, if the subject is positively identified as a watchlist hit or the match attempt is inconclusive, the TSC call screener forwards the call to the FBI’s Terrorist Screening Operations Unit (TSOU), the FBI’s 24-hour global command center for terrorism prevention operations. The TSOU is then responsible for making further attempts to confirm the subject’s identity and, if necessary, coordinating the law enforcement response to the encounter, including deploying agents to take appropriate action.

Not all encounters are face-to-face. According to State Department officials at the TSC, when a person located overseas submits an application for a visa, State Department officials search the CLASS database, which receives watchlist information from the TSC. If the search reveals a possible identity match with an individual recorded in the TSDB, the official sends the TSC a cable (a secure, electronic communication). A State Department representative at the TSC reviews the cable along with information from supporting agency databases to determine if the person requesting a visa is an individual with ties to terrorism. This information is then used by U.S. government officials overseas to either process or deny the application.

TSC Encounter Management

To manage information related to “hits” or possible matches against the watchlist, called “encounters,” the TSC uses a software application, called the Encounter Management Application (EMA). This system was implemented in July 2004 and includes a record of all encounters since the inception of the TSC. EMA contains the details of all incoming calls, including information about the inquiring law enforcement agency, the databases the TSC staff searched and the information obtained from these systems, the status of the TSC’s efforts to confirm an identity match against a watchlist record (i.e., positive, negative, or inconclusive), whether the caller was forwarded to TSOU for further action, and the final disposition of the call. For every inquiry that TSC call screeners refer to the TSOU, the TSC screeners are responsible for obtaining feedback on the disposition of the encounter, such as whether the subject was arrested, questioned, or denied entry into the United States.

EMA provides the TSC with the ability to generate detailed statistics and prepare reports for analysis. Daily status reports are generated from EMA identifying the specific call information, which is reviewed by the TSC’s Tactical Analytical Team to identify patterns or threatening circumstances. If any such patterns are identified, the TSC forwards this information to the appropriate intelligence and law enforcement agencies for further review.

As of April 2007, the TSC Call Center had recorded nearly 97,000 watchlist encounters referred by screening agencies since its creation in December 2003. More than 50 percent of this total resulted in a positive identity match. As shown in Exhibit 1-2, 60 percent of the total calls received by the TSC Call Center originated from the U.S. Customs and Border Protection agency.

Watchlist Encounters Referred to
the TSC Call Center by Organization

(December 1, 2003, through April 30, 2007)
Referring Agency Number of
Percent of
DHS – CBP 58,266 60
Other Federal 19,965 21
State and Local 17,967 19
Foreign Government 513 <1
Total 96,711 100%
Source: The Terrorist Screening Center

Number of Terrorist Watchlist Records

Since the creation of the TSC in December 2003, the number of records in the consolidated U.S. government watchlist of known or suspected terrorists has significantly increased. We compiled a summary of available database size information, which illustrates the continued growth of the watchlist.

According to TSC officials, there were approximately 150,000 records in the TSDB in April 2004.27 TSC data indicate that by July 2004 the number of records had increased to about 225,000 records, representing approximately 170,000 unique terrorist identities. Eighteen months later, in February 2006, the TSC reported that the database contained approximately 400,000 records. Most recently, information we obtained from the TSC indicates that the TSDB contained a total of 724,442 records as of April 30, 2007. The vast majority of these records are international terrorist records – less than 1 percent of records related to the identities of suspected domestic terrorists. As shown in Exhibit 1-3, the number of watchlist records contained in the TSDB has more than quadrupled since its inception in 2004.

Number of Terrorist Watchlist Records

[Image Not Available Electronically]

Source: OIG analysis of Terrorist Screening Center data

Handling Instructions

Each record within the consolidated watchlist database is designed to contain information about the law enforcement action to be taken when encountering an individual on the watchlist. This information is conveyed through two separate “handling codes” or instructions – one handling code for the FBI and one for the DHS.

FBI Handling Codes - each individual nominated for inclusion in the FBI’s screening database, National Crime Information Center’s (NCIC) Violent Gang and Terrorist Organization File (VGTOF), is assigned a code used to provide instruction for handling the individual. These codes are assigned based on whether there is an active arrest warrant, a basis to detain the individual, or an interest in obtaining additional intelligence information regarding the individual.28 Following are the definitions for each code.

All records in the consolidated watchlist database that are eligible for export to VGTOF should have a handling code assigned. Based on our review, we determined that all eligible records contained in the TSDB contained a VGTOF handling code. As depicted in Exhibit 1-4, the majority of the records in the TSDB are designated as Handling Code 3.

Distribution of VGTOF Handling Codes
(as of March 6, 2007)29

Handling Code 1 - 8,701/2.1%; Handling Code 2 - 2,270/0.5%; Handling Code 3 - 404,647/96.8,%; Other - 2,555/0.6%.

Source: The Terrorist Screening Center

DHS Handling Instructions – each individual nominated for inclusion in the DHS’s screening database is assigned one of three codes that provide instructions to law enforcement officials at ports-of-entry. According to TSC officials, each instruction requires the individual to receive additional screening. However, one code provides a less intrusive method for handling known or suspected terrorists because the law enforcement officer is directed to not meet the individual at the arriving plane and not alert the subject of his or her possible watchlist status. Based on our review, we determined that all eligible records in the TSDB contained an IBIS handling instruction. As shown in Exhibit 1-5, approximately 5 percent of the records in the TSDB that are eligible for export to IBIS are designated with this special handling instruction.

Distribution of IBIS Handling Instructions
(as of April 30, 2007)

Standard - 676,533/95%; Special - 34,623/5%; Lost or Stolen Passport - 2,836/0%.

Source: The Terrorist Screening Center

OIG’s Audit Approach

The objectives of this OIG audit were to: (1) determine if accurate and complete records are disseminated to and from the watchlist database in a timely fashion; (2) review the TSC’s efforts to ensure the quality of the information in the watchlist database; and (3) assess the TSC’s efforts to address complaints raised by individuals who believe they have been incorrectly identified as watchlist subjects.

To accomplish these objectives, we interviewed more than 45 TSC officials, including the Director, the former Acting Director and Deputy Directors, as well as officials at NCTC, the FBI, and DHS. In addition, we interviewed participating agency representatives and toured facilities to ensure that we obtained a detailed understanding of the working relationships utilized, assistance provided, and communication flow during the terrorist screening process.

To evaluate the accuracy and completeness of the consolidated watchlist, we divided our review into two separate tracks. First, we analyzed the consolidated database as a whole, including a review of the number of records in the database, any duplication that existed within those records, and the associated watchlist processes. Second, we tested individual records within the database for accuracy and completeness. This included reviewing a sample of FBI and other government agency nominated domestic and international terrorist records and tracing these records to the TSDB to determine if the individuals were included in the database and that the information was accurate, complete, and consistent. In addition, we also checked whether known terrorist names were in the database.

To assess the TSC’s efforts to ensure the quality of the information in the watchlist database, we examined the TSC’s quality assurance activities and reviewed records subjected to these processes. We also examined the timeliness of the TSC’s efforts to resolve matters arising from its review of the accuracy and completeness of the data. This included an evaluation of the TSC’s progress to conduct a system-wide, record-by-record review and to improve its quality control processes as a result of recommendations in our previous audit.

To fulfill our third objective, we examined the TSC’s policies and procedures for handling inquiries related to individuals who raised complaints following their involvement in a screening encounter. This process is referred to as redress. We evaluated the TSC’s efforts to coordinate redress response efforts with other participating agencies, reviewed a sample of redress inquiries, and assessed the timeliness of the TSC’s responses to redress inquiries.

Detailed information regarding our audit objectives, scope, and methodology is contained in Appendix I.

  1. As of June 2007, the TSC had 323 personnel on board.

  2. Department of Justice, Office of the Inspector General, Review of the Terrorist Screening Center, Audit Report 05-27, June 2005.

  3. As stated in the TSC MOU, source agencies responsible for U.S. counterintelligence, counterterrorism, and law enforcement provide information to the FBI and NCTC on suspected or known terrorists who are nominated for inclusion on the consolidated terrorist watchlist maintained by the TSC. The FBI is responsible for submitting to the TSC all domestic terrorist identity nominations, and NCTC is responsible for international terrorist identity nominations. While the FBI is a source agency for domestic and international terrorist information; it forwards relevant information to NCTC on suspected or known international terrorists. Domestic terrorist information is defined as information about U.S. persons that has been determined to be purely domestic terrorism information with no link to foreign intelligence, counterintelligence, or international terrorism.

  4. The TSC’s general criterion for including a record on the consolidated watchlist is that the nominating agency must have provided evidence of a nexus to terrorism. From a data perspective, the minimum criteria for inclusion of a terrorist identity into the TSDB are that the record contains at least a partial name (e.g., given name, surname, or both) and at least one additional piece of identifying information (e.g., date of birth).

  5. The TSC also has an emergency nomination process, which is used when there is an imminent threat and a watchlist record needs to be highlighted or created quickly. Under the emergency process, a requesting agency informs the TSC directly and the TSC adds the individual to the consolidated watchlist. The TSC then forwards all the information gathered on the subject to NCTC for subsequent additional vetting and creation of a record at NCTC.

  6. NCIC is a nationwide information system maintained by the FBI that provides the criminal justice community with immediate access to information on various law enforcement data, such as criminal history records and missing persons. The FBI’s Criminal Justice Information Services Division is responsible for managing the NCIC database. A description of each of the downstream screening systems is contained in Appendix II.

  7. A diagram providing a more detailed look at the flow of data in the U.S. government’s terrorist watchlisting process is located in Appendix III.

  8. The reported figure represents the number of records in the system. This does not equate to the number of known or suspected terrorists in the system as a single person may have multiple records to account for the use of aliases, alternate identities, and multiple identifying documents. As such, the number of records generally will be larger than the number of suspected or known terrorists on the watchlist.

  9. Practices and procedures regarding one handling code are classified Secret, and are not, therefore, discussed here.

  10. The other category relates to the handling code practices and procedures that are classified at the Secret level.

« Previous Table of Contents Next »