OIG Semiannual Report to Congress: April 1, 2007-September 30, 2007

FBI logo The FBI investigates counterterrorism, foreign counterintelligence, civil rights violations, organized crime, violent crime, financial crime, and other violations of federal law. FBI Headquarters in Washington, D.C., coordinates the activities of approximately 29,500 employees in 56 domestic field offices, approximately 400 satellite offices, and 59 foreign liaison posts that work abroad on criminal matters within the FBI’s jurisdiction.

Reports Issued

Follow-up Review of the Terrorist Screening Center

The OIG’s Audit Division completed a follow-up review of its 2005 audit of the Terrorist Screening Center (TSC), a multi-agency effort administered by the FBI to consolidate terrorist watchlists and provide 24‑hour, 7‑day a week responses for screening individuals. The follow-up audit concluded that the TSC has made improvements since our previous audit was completed, but weaknesses still existed in several watchlist processes and significant deficiencies remained in the data contained in the consolidated terrorist watchlist.

Since its creation in 2003, the TSC has made significant strides in becoming the government’s single point-of-contact for law enforcement authorities requesting assistance in identifying individuals with possible ties to terrorism. Our follow-up audit found that, since our 2005 review, the TSC enhanced its efforts to ensure the quality of watchlist data, increased staff assigned to data quality management, and developed a process and a separate office to address complaints filed by persons who said they were mistakenly included on the terrorist watchlist.

Yet, we also found that the TSC’s management of the watchlist database continued to have significant weaknesses. For example, the TSC is developing an upgraded database, but currently maintains two interconnected versions of the watchlist that are not identical and contain differing numbers of records. Our audit also identified 20 watchlist records on suspected or known terrorists that were not made available to the frontline screening agents, such as border patrol officers, visa application reviewers, or local police officers, for use during watchlist screening encounters, such as border crossings, visa processing, and routine traffic stops.

We also concluded that the TSC needed to further improve its efforts for ensuring the accuracy of the watchlist records. We found that, in general, the TSC’s actions to review records as part of its special projects, such as the special review of the Transportation Security Administration’s No Fly list, successfully improved the quality of the watchlist data. In contrast, our examination of 105 records subject to routine quality assurance reviews by the TSC found that 38 percent of the records we tested contained errors or inconsistencies that were not identified through the TSC’s routine quality assurance efforts.

The OIG also expressed concern that the TSC’s ongoing quality assurance review of the watchlist will take longer than projected. In April 2007, during our audit the TSC continued to conduct a record-by-record review of the consolidated watchlist and anticipated that all watchlist records would be reviewed by the end of 2007. However, the watchlist database has increased by more than 20,000 records per month and contained over 700,000 records as of April 2007. Given this growth and the time it takes for the TSC’s quality assurance process, the TSC is underestimating the time required to sufficiently review all watchlist records for accuracy.

The OIG made 18 recommendations to help the FBI improve TSC operations and the quality of its watchlist data, including incorporating elements from the TSC’s special project quality assurance reviews to its routine quality assurance review process, developing comprehensive standard operating procedures for quality assurance procedures, and resolving weaknesses in the watchlist data. The FBI agreed with the recommendations and reported that the TSC has begun taking corrective action.

Follow-up Review Examining Hanssen Review Recommendations

The OIG’s Oversight and Review Division issued a follow-up report examining the FBI’s progress in responding to recommendations made in the OIG’s August 2003 review of the FBI’s handling of Robert Hanssen, the most damaging FBI spy in U.S. history. Over a 20-year period, Hanssen compromised some of the country’s most important intelligence and military secrets, including the identities of dozens of human sources, at least three of whom subsequently were executed. Hanssen pled guilty to espionage charges and was sentenced to life imprisonment in May 2002.

Our 2003 review concluded that Hanssen escaped detection because of longstanding systemic problems in the FBI’s counterintelligence program and a deeply flawed internal security program. We made 21 recommendations to help improve the FBI’s internal security and its ability to deter and detect espionage.

Our follow-up report found that the FBI has made significant progress implementing most of our recommendations, such as enhancing its coordination with the Department on counterintelligence investigations; improving source recruitment, security, and handling; and addressing various security deficiencies in FBI policies and practices identified in the original Hanssen report. However, the FBI still has not fully implemented several critical recommendations, and its progress in other areas has been uneven and requires further attention. For example, we determined that the FBI has not established a central repository to receive, collect, store, and analyze derogatory information concerning FBI employees. Similarly, the FBI’s progress in implementing the OIG recommendation to improve its background reinvestigation program has been mixed.

We also found that, despite its response to our original report, the recent conviction of FBI intelligence analyst Leandro Aragoncillo on espionage-related charges revealed mixed progress in the FBI’s actual implementation of our recommendations as well as its efforts to establish a reliable and effective internal security program throughout the FBI. Aragoncillo, who worked at the FBI from July 2004 until September 2005, was arrested on charges of passing classified documents and information to current and former Philippine government officials. After pleading guilty to four federal charges, including transmission of national defense information, Aragoncillo was sentenced to 10 years in prison in July 2007. In examining the Aragoncillo case, we found that, like Hanssen, Aragoncillo exploited vulnerabilities in the FBI’s automated case management system. In addition, the Aragoncillo case highlighted deficiencies in the FBI’s efforts to establish an internal security program that effectively detects improper or suspicious employee activity and provides that information to personnel with counterespionage expertise. We concluded that the circumstances surrounding Aragoncillo’s activities and the FBI’s response to them are stark reminders of the vulnerabilities that persist within the FBI’s security program and the need to address these vulnerabilities. We believe that full implementation of our Hanssen report recommendations can help the FBI in this effort.

In response to our follow-up review, the FBI agreed to take steps to fully implement two of the most important recommendations intended to improve its performance in detecting an FBI penetration. The FBI agreed to establish a new unit solely dedicated to determining whether the FBI has been penetrated – a recommendation the FBI previously disagreed with. This unit should improve the FBI’s ability to proactively review compromised operations and anomalous personnel security information that suggest an FBI penetration. The FBI also agreed to fill a senior operational position in its Counterespionage Section with a representative from the Central Intelligence Agency or elsewhere in the Intelligence Community. We believe implementing this recommendation can help ensure impartiality and an objective evaluation of source information and other evidence of a possible FBI penetration – factors our original report concluded were lacking when the FBI was searching for the source of what turned out to be Hanssen’s espionage.

Sentinel III: Status of the FBI’s Development of its Case Management System

The OIG issued its third in a series of audit reports examining the FBI’s ongoing development of its Sentinel case management project. The $425 million Sentinel program, which follows the FBI’s unsuccessful attempt to develop a modern case management system (Virtual Case File), is intended to move the FBI to an electronic case management system and provide an automated workflow process by December 2009.

Our first audit on Sentinel, released in March 2006, highlighted several concerns about the FBI’s progress on Sentinel. Our second audit, issued in December 2006, found that the FBI made progress in addressing most of the concerns highlighted in our first review.

Our current audit focused on the completion of the first of the FBI’s planned four-phase implementation of various Sentinel capabilities over a 45-month period. Phase 1 of Sentinel, implemented in June 2007, delivered two key project components: 1) a user-friendly, web-based portal that provides access to information currently in the FBI’s antiquated Automated Case Support system; and 2) workboxes that summarize case information and allow supervisors to better manage resources and make assignments. Both of these Sentinel components should enhance FBI employees’ access to information and case management within the FBI.

We found that phase 1 was completed slightly behind schedule and its costs increased a small amount from initial estimates. We also found that one of the four deliverables initially planned for completion in phase 1 was deferred to a later phase for technical reasons. Additionally, because the FBI’s expectations for implementing a service-oriented architecture in Phase 1 were vague, we could not assess whether Phase 1 fully achieved its objectives in this area.

Our audit determined that the FBI has made progress addressing most of the concerns we identified in our two previous audits of the Sentinel project. We also found that the FBI has implemented several management controls and processes designed to help it adequately manage the development of Sentinel and bring it to a successful conclusion. However, we concluded that the FBI must make additional progress in the implementation of earned value management, risk management, and the bill of materials.

Our report contained nine new recommendations to the FBI, including to limit the scope and duration of future project phases to make them more manageable, adjust the amount of task orders to reflect changes in project requirements, include both initial and revised performance baselines in earned value management reports, improve the requirements for contract cost reporting, improve risk management and the tracking of project deficiencies, and improve the bill of materials process. The FBI agreed with our recommendations. We will continue to monitor and issue audit reports throughout the Sentinel project.

Follow-up Review of the FBI’s Efforts to Hire, Train, and Retain Intelligence Analysts

The OIG’s Audit Division completed a follow-up review of the FBI’s progress in hiring, training, and retaining intelligence analysts. Since the September 11, 2001, terrorism attacks the FBI has emphasized development of its intelligence analysis capabilities to help meet its highest priority of preventing future attacks. Our 2005 report found that the FBI hired less than 40 percent of the analysts needed to meet its hiring goal, had not determined the total number of analysts needed to support its intelligence mission, and made slow progress toward developing a quality training curriculum for new analysts.

Our follow-up review found that the FBI continued to augment the size of its intelligence analyst workforce by hiring qualified candidates. We found that the FBI increased the number of intelligence analysts by over 50 percent from September 2004 to September 2006. In our prior audit we found that intelligence analysts too often were assigned to perform routine administrative tasks rather than analytical tasks. In this follow-up review, we found that this underutilization of analysts has largely been corrected.

We also found that intelligence analysts continued to express high levels of satisfaction with their work assignments and believed that they were making important contributions to the FBI’s mission. The FBI also has begun conducting exit surveys to help further improve the hiring, training, utilization, and retention of its intelligence analysts.

Still, the FBI must make additional improvements to fully implement recommendations in our previous report. Despite the FBI’s hiring of 375 new intelligence analysts in FY 2006, it had a shortfall of 400 analysts from its funded staffing level of 2,574 analysts. In addition, we found that from FYs 2004 to 2006 the average time from when a job announcement closed until an intelligence analyst candidate entered on duty increased from approximately 19 to 31 weeks. Several FBI managers stated that the lengthy screening process may have caused candidates to lose patience and accept employment elsewhere.

Similar to our previous report, a majority of the intelligence analysts we interviewed said the training they received did not meet their expectations for helping them do their job. Additionally, we determined that the professional divide between FBI analysts and special agents remained a concern. Eighty percent of the analysts we interviewed, and all the analysts’ supervisors we interviewed, stated that special agents misunderstood the functions and capabilities of intelligence analysts at least some of the time. In our prior report, we recommended that all special agents, not just new agents, receive training on the role and capabilities of intelligence analysts. However, other than a brief exposure through one joint exercise in new analyst and new special agent training, FBI special agents have not received formal training in the function and proper utilization of intelligence analysts.

In total, 10 of the 15 recommendations in our previous report still required additional action and monitoring. We also made new recommendations to evaluate the hiring and background investigation process to identify ways to accelerate the accession of new intelligence analysts, involve intelligence managers and experienced analysts in training curriculum development efforts, and make student and supervisor evaluations of analyst training mandatory. The FBI concurred with our recommendations.

CODIS Audits

The FBI’s CODIS includes a national information repository that permits the storing and searching of DNA specimen information to facilitate the exchange of DNA information by law enforcement agencies. During this reporting period, the OIG’s Audit Division audited several state and local laboratories that participate in CODIS to determine if they comply with the FBI’s Quality Assurance Standards and National DNA Index System (NDIS) requirements. Additionally, we evaluated whether the laboratories’ DNA profiles in CODIS databases were complete, accurate, and allowable. Below are examples of our findings:

Two CODIS-participating laboratories, the Albuquerque Police Department Crime Laboratory Biological Analysis Group (APD) and the New Mexico DNA Identification System Administrative Center (NMDIS), were in compliance with the standards governing CODIS activities with the following exceptions: 1) in 1 out of 10 cases we tested where the CODIS software indicated an interstate candidate match between a known or unknown perpetrator and crime scene evidence, NMDIS did not confirm the match within the time limits specified by the NDIS requirements; 2) due to emergency egress requirements, the APD work area that housed the CODIS server was accessible to non-DNA personnel and thus did not comply with NDIS requirements for the physical security of the CODIS server; 3) APD did not comply with its quality assurance manual because the CODIS manager it designated to address the NDIS requirement for a CODIS administrator was not fully trained; 4) out of 100 forensic profiles tested, we found 1 forensic profile was incomplete because APD did not load all of the required loci into NDIS and 1 forensic profile was inaccurate because APD did not load the correct specimen number into NDIS; and 5) case files for 16 forensic profiles did not contain clear documentation that all appropriate administrative reviews were performed. Both NMDIS and APD addressed all of our findings.
The Richland County Sheriff’s Department DNA Laboratory in Columbia, South Carolina, was in compliance with the standards governing CODIS activities with the following exceptions: 1) NDIS terminals were not physically secured from unauthorized personnel as required by the memorandum of understanding; and 2) the Laboratory uploaded four forensic profiles into the State DNA Index System that were subsequently uploaded into NDIS, but the profiles were unallowable for NDIS. The Laboratory complied with our recommendations to install the requested magnetic card key reader on the door to the office space where the NDIS terminals reside to adequately secure them, review all profiles uploaded to NDIS to ensure they are allowable, and implement procedures to ensure that CODIS users review uploaded profiles when new case information is obtained from investigators.

Investigations

During this reporting period, the OIG received 903 complaints involving the FBI. The most common allegations made against FBI employees were Intelligence Oversight Board violations, job performance failure, waste, and misuse of government property. The OIG opened 18 cases and referred other allegations to the FBI’s Inspection Division for its review.

At the close of the reporting period, the OIG had 35 open criminal or administrative investigations of alleged misconduct related to FBI employees. The criminal investigations covered a wide range of offenses, including release of information, waste, and misuse of government property and personal relationships. The administrative investigations involved serious allegations of misconduct. The following are examples of cases involving the FBI that the OIG’s Investigations Division handled during this reporting period:

An investigation by the OIG’s Philadelphia Area Office determined that an FBI special agent deliberately used a false name and social security number to establish an otherwise ineligible person as a confidential informant. Subsequently, the special agent entered into an inappropriate financial relationship with the confidential informant – advancing money to the confidential informant from his personal funds to pay her rent, a 3-year fitness membership, and other items, and then reimbursing himself by withholding part of her informant payments. The investigation also determined that the special agent continued to employ and protect her as a confidential informant despite his personal knowledge that she was engaging in unauthorized criminal activity. The case was declined for prosecution. The special agent retired while under investigation.
An investigation by the OIG’s Miami Field Office determined that an FBI special agent abused prescription narcotics and used his position to obtain prescription medication. The special agent admitted during an interview with OIG investigators that he abused various types of prescription pain medication, informed pharmacists that he was an FBI special agent and showed his credentials and service weapon to prevent questioning about his prescription drug purchases, and paid cash to avoid detection by his insurance carrier. Criminal prosecution was declined in the Southern District of Florida. The FBI terminated the special agent from his position as a result of the investigation.
An investigation by the OIG’s Philadelphia Area Office determined that an FBI special agent assigned to the Newark Division submitted an official form indicating that a cooperating witness was paid $2,100 in FBI funds when, in fact, bank records and statements from the cooperating witness revealed that he only received $1,500. The USAO for the District of New Jersey declined prosecution of the special agent for theft of government funds relating to the missing $600. The special agent resigned while under investigation.
An investigation by the OIG’s El Paso Area Office determined that an FBI special agent engaged in a sexual relationship with an FBI informant and the sexual relationship likely involved some degree of coercion or intimidation. The USAOs for both the Northern and Southern Districts of Texas declined criminal prosecution of the special agent. The OIG completed its investigation and provided a report to the FBI for appropriate action.
An investigation by the OIG’s Denver Field Office determined that an FBI special agent fraudulently claimed and received reimbursement for $6,832 in lodging expenses that he did not incur. The USAO for the District of Utah declined prosecution. The OIG completed its investigation and provided its report to the FBI for appropriate action.

Ongoing Work

The FBI’s Use of National Security Letters and Section 215 Orders

As required by the USA Patriot Improvement and Reauthorization Act of 2005 (Patriot Reauthorization Act), the OIG is reviewing the FBI’s use of national security letters and Section 215 orders for business records in 2006. In the national security letter follow-up review, we also are examining the FBI’s corrective actions taken in response to our March 2007 report regarding the use of these authorities in prior calendar years. Part of the report also will discuss the results of the investigation of the FBI’s use of exigent letters.

FBI Involvement in and Observations of Detainee Interrogations in Guantanamo Bay, Iraq, and Afghanistan

The OIG is reviewing FBI employees’ observations and actions regarding detainee interregations at Guantanamo Bay, Iraq, and Afghanistan. The OIG is examining whether FBI employees participated in any incident of detainee abuse, whether FBI employees witnessed incidents of abuse, whether FBI employees reported any abuse, and how those reports were handled by the FBI.

The FBI’s Efforts to Resolve Terrorist Threats and Suspicious Incidents

FBI guidance requires that terrorist threats and suspicious incidents be reported to the FBI’s National Threat Center Section and be resolved through investigation. Threats and suspicious incidents also are recorded in the FBI’s Guardian database, which enables users to enter, assign, and manage the FBI’s response to terrorism threats and suspicious activities while simultaneously allowing field offices and Joint Terrorism Task Force members to view this information. Among other issues, the OIG is assessing the process and guidance for recording, resolving, and sharing information on terrorism threats; the FBI’s compliance with the proper recording and resolution of threats; and the status of the FBI’s IT tools for tracking the resolution of such threats.

The FBI’s Efforts to Combat Crimes Against Children

The OIG is auditing the FBI’s ability to effectively meet the goals of its Crimes Against Children program. We are assessing the FBI’s efforts to establish or enhance initiatives designed to decrease the vulnerability of children to acts of sexual exploitation and abuse; develop a nationwide capacity to provide a rapid, effective, and measured investigative response to crimes involving the victimization of children; and enhance the capabilities of state and local law enforcement investigators through training programs, investigative assistance, and task force operations.

FBI Security Check Procedures for Immigration Applicants

The OIG is examining the FBI’s criminal history verification operations and determining how FBI security check procedures impact the accurate and timely completion of immigration applications.