The Bureau of Alcohol, Tobacco, Firearms and Explosives’ and Federal
Bureau of Investigation’s Arson and Explosives Intelligence Databases
Audit Report 05-01
Office of the Inspector General
The two principal federal agencies responsible for compiling data related to arson and explosives incidents in the United States are the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) and the Federal Bureau of Investigation (FBI). To collect such data, the ATF created the Arson and Explosives National Repository (Repository) and the FBI created the Bomb Data Center (BDC). Over each of the past 3 years, the ATF received about 1,800 reports of arson and 700 reports of bombing incidents. During that same time, the FBI received about 900 reports of bombing incidents annually.1
Both the ATF’s Repository and the FBI’s BDC maintain databases that collect and disseminate information for statistical analysis and research, investigative leads, and intelligence. The databases maintained by the Repository are the Arson and Explosives Incident System (AEXIS) and the Bombing Arson Tracking System (BATS). In addition, the ATF maintains N-Force, a case management system that is available only to ATF law enforcement personnel. The database maintained by the FBI’s BDC is the Automated Incident Reporting System (AIRS), which is accessible through Law Enforcement Online (LEO).2
Information in these databases help investigators identify suspects, case-specific similarities regarding explosive and incendiary device construction, methods of initiation, types of fuels and explosives used, and methods of operation in explosives or arson cases. The databases are also designed to help investigators link thefts of explosive materials with criminal misuse of the explosives. Lastly, the databases can assist federal, state, and local law enforcement and fire agencies track criminal cases involving arson and explosives.
Scope of Office of the Inspector General Audit
The Office of the Inspector General (OIG) audited the operation of the ATF’s and the FBI’s databases that compile information on arson or bombing incidents. Our audit objective was to examine overlap between the systems and evaluate whether the Department of Justice (Department) has efficiently and effectively collected, and made available to the federal, state, and local law enforcement community, information involving arson and the criminal misuse of explosives.
We focused on the ATF and the FBI database systems and their policies and procedures to collect and disseminate arson and explosives data. We visited ATF Headquarters in Washington, D.C.; the FBI’s BDC in Quantico, Virginia; Louisiana State University (LSU) in Baton Rouge, Louisiana, where contract staff enter data into the FBI’s database; the Glendale, Arizona, Fire and Police Department; and the Maine State Fire Marshals Office in Gardiner, Maine.3
We interviewed ATF and FBI officials who manage the database systems; LSU contract staff; and representatives of 48 federal, state, and local field offices and the United States Fire Administration concerning the operation and use of the databases. We also reviewed system controls and data entry and retrieval procedures, and we performed tests of system accuracy and timeliness.
Duplication of Effort
We found that the Department has not efficiently and effectively collected and made available to the federal, state, and local law enforcement community information relating to arson and the criminal misuse of explosives. Specifically, the similar responsibilities of the ATF and the FBI in compiling data have resulted in duplication of effort, confusion and duplicate reporting of incidents by state and local agencies, and a lack of uniformity in the reporting process. The overall purposes of the ATF and the FBI databases are similar, and many data fields in each system are identical. As a result, customers do not have a single, comprehensive source for obtaining intelligence information on arson and explosives matters to assist in their investigations. This condition stems partly from statutory and regulatory overlap concerning the responsibility to compile data, and also because of a lack of agreement between the ATF and the FBI on how to ensure that duplication is avoided.
On January 14, 2004, we briefed Office of the Deputy Attorney General (ODAG) officials about the results of our audit work. In March 2004, the Attorney General directed the ATF and FBI to identify options and make recommendations concerning the possible merger of their databases. The ODAG was to review the ATF’s and FBI’s recommendations and report to the Attorney General. On July 6, 2004, we advised the ODAG that we had not seen any changes in the conditions we described in our January briefing.
On August 11, 2004, the Attorney General directed: 1) the ATF and the FBI to consolidate all of the Department’s arson and explosives incidents databases, including, but not limited to, the ATF’s BATS, and the FBI’s AIRS, into a single database; and 2) that all consolidated arson and explosives incident databases be maintained by the ATF (See Appendix VI for details of the Attorney General’s August 11, 2004 directive). On the basis of our analysis of the strengths and weaknesses of each system, we are recommending what features the consolidated system should have. Implementation of our recommendations will eliminate duplication of effort, ensure consistency in reporting practices, and facilitate sharing of intelligence among law enforcement agencies.
We tested the accuracy of a sample of the intelligence information in the ATF’s AEXIS and BATS databases and the FBI’s AIRS database by comparing a sample of database output to source documents. Although we found errors in both the ATF and the FBI systems, the ATF’s databases were much more reliable than the FBI system with respect to data accuracy.
ATF. Our review of the AEXIS database found a total of 10 errors among the 1,584 data fields (0.6 percent) we tested.4 Our review of the BATS database found 3 errors among the 244 data fields (1.2 percent) we tested. The errors occurred because data from source documents was not entered into the system correctly. These errors were not detected by the ATF’s system for sampling a percentage of output documents for accuracy. Some of the errors in AEXIS occurred because the selection of options within the AEXIS drop-down menus was too limited and the available options did not adequately describe information included on source documents.
FBI. Our review of the AIRS database found a total of 730 errors among the 7,481 data fields (9.8 percent) we tested. The BDC and contract staff who entered the data stated that many errors occurred because a feature within the AIRS automatically completes certain fields based on outdated information entered previously into LEO. Additionally, contract staff stated that data was lost when the BDC upgraded the system, and the BDC’s management controls were insufficient to detect or prevent the errors.
Timeliness of Data Entry and Responsiveness to Customers
To test the timeliness of data entry and responsiveness to customer requests, we: 1) examined a judgmental sample of data submitted by contributing agencies to determine how quickly it was entered into the ATF’s AEXIS and the FBI’s AIRS databases, and 2) surveyed a sample of agencies to determine how quickly the ATF and the FBI responded to their inquiries. We found that data in the ATF’s AEXIS system was more current than data in the FBI’s AIRS system, and we found significant weaknesses in the AIRS data entry process. We also found that the ATF and the FBI responded fairly quickly to requests from outside customers, but neither had implemented controls to track the timeliness of its responses.
ATF. The ATF’s staff stated that information is entered into the AEXIS database as soon as it is received. However, we could not verify this because the ATF did not date stamp documents and the AEXIS database did not have automated indicators to show when data is entered.
The ATF did not record the dates of outside requests for intelligence information or the dates of its responses. However, the requesting agencies we surveyed provided favorable ratings on the ATF’s timeliness. According to our interviews with agencies submitting requests to the ATF, 7 agencies indicated they received information they requested from the ATF immediately, 2 within 1 day, 13 within a week, and only 1 in a week or more.
FBI. Similar to the ATF, the FBI’s BDC staff and contract LSU data entry staff did not date stamp source documents used to populate the AIRS database. Further, the FBI had no indicators to determine when the documents were entered into the system. However, we found a large backlog of source documents containing data that had not been entered into AIRS by contract LSU staff. In August 2003, data from at least 5,745 Activity Reports and 770 Incident Reports were more than 4 years old and still had not been entered into the system. This occurred because the BDC accumulated reports without entering them into the system or sending them to LSU to be entered. According to LSU staff, as of July 2004 the backlog has been eliminated.
As with the ATF, the FBI did not record the dates of outside requests for intelligence information or the dates of its responses. Again, agency officials provided favorable ratings on timeliness. According to our surveys of agencies submitting inquiries to the FBI, three agencies indicated they received the information they requested from the FBI immediately, two within a day, four within a week, and only one in a week or more.
The details of our work are contained in the Findings and Recommendations section of the report. Our audit objectives, scope, and methodology are contained in Appendix I.