The Federal Bureau of Investigation's Efforts to Improve the Sharing of Intelligence and Other Information
Report No. 04-10
Office of the Inspector General
FINDING 1: Impediments to Sharing Intelligence and Information
The FBI has realized that to effectively carry out its post-September 11 mission to prevent future terrorist acts, it must improve its ability to share intelligence and related information both internally and with the intelligence community, other federal agencies, and state and local law enforcement agencies. The FBI has acknowledged that it faces a number of impediments to improving its intelligence and information sharing. We have grouped these impediments into four categories: 1) information technology (IT), 2) security clearances, 3) intelligence capability, and 4) policies and procedures.
With respect to IT, the FBI has lacked secure and modern systems to electronically transfer information both within the FBI and to outside organizations. Second, security considerations have prevented the full dissemination of intelligence, especially outside the federal community, because recipients must have security clearances and a need to know the information. Also, in keeping with standard intelligence community policy, before disseminating intelligence outside the intelligence community the FBI must obtain the permission of the “owner” if the FBI is not the originator of the information.
The third obstacle affecting the FBI’s ability to disseminate intelligence and other sensitive information has been the FBI’s organization and culture as a reactive law enforcement agency. The Director is attempting to transform the FBI into an agency that can gather, analyze, and disseminate intelligence to prevent terrorist acts rather than only investigating such acts after the fact. Lastly, the FBI lacks written policies and procedures for guiding and ensuring that information is shared appropriately and an overall strategy and blueprint for managing and controlling the numerous initiatives for improving information sharing at various organizational levels. However, the FBI recently created Concepts of Operations that serve as a framework for improving key aspects of its intelligence program, including information sharing, and intends to develop the policies and procedures required to implement the plan.
In December 2002, we reported that the FBI has not effectively managed its IT because it has not fully implemented the management processes associated with successful IT investments.14 The foundation for sound IT investment management (ITIM) includes the following fundamental elements:
We reported that the FBI failed to implement these critical processes. We found that the FBI did not have fully functioning IT investment boards that were engaged in all phases of IT investment management. The FBI was not following a disciplined process of tracking and overseeing each project’s cost and schedule milestones. The FBI also failed to document a complete inventory of existing IT systems and projects, and did not consistently identify the business needs for each IT project. The FBI did not have a fully established process for selecting new IT project proposals that considered both existing IT projects and new projects.
We found that because the FBI has not fully implemented the critical processes associated with effective IT investment management, the FBI continued to spend hundreds of millions of dollars on IT projects without adequate assurance that these projects will meet their intended goals. We concluded that these shortcomings primarily resulted from the FBI not devoting sufficient management attention in the past to IT investment management.
Nearly every Section Chief and other FBI managers we interviewed for this audit stressed that the foundation for information sharing, both internally and externally, is reliable, modern, and user friendly IT systems. These same FBI managers said that the FBI’s obsolete IT systems were the greatest impediment to the FBI’s ability to efficiently and effectively disseminate information within the FBI and to other agencies. One manager detailed from the Central Intelligence Agency (CIA) to the FBI summarized the place of technology in information dissemination by saying: “Technology is the key to everything.” The FBI managers pointed out that the FBI’s ability to fully and effectively share information depends on its success in implementing the IT initiatives currently underway. Specifically, they said the success of the Virtual Case File (VCF) and the Secure Counterterrorism Operational Prototype Environment (SCOPE) components of the FBI’s Trilogy system, currently under development, are crucial to improving the FBI’s ability to share intelligence and other key information. The managers also emphasized the critical need for a secure Top Secret and Sensitive Compartmented Information Local Area Network (TS/SCI LAN) to allow for the electronic dissemination of the most sensitive and vital intelligence. These systems are discussed in further detail in Finding 2 of this report.
Inadequate information sharing within the FBI, particularly between the operational and analytical units, is also highlighted by our review of the Phoenix Electronic Communication (EC). Several of the addressees on the EC, especially at the supervisory level, did not receive it prior to September 11 due to limitations in the electronic dissemination system.
FBI officials we interviewed echoed this observation.
One Section Chief we interviewed described the vital role of IT in disseminating intelligence, saying that until the FBI’s IT weaknesses are corrected, the FBI will have an information-sharing problem. According to this official, for the past 20 years the FBI’s IT systems have been patched instead of replaced; information the FBI does share is disseminated despite the FBI’s IT systems, not because of them. According to this official, the major IT problems the FBI faces include: 1) the FBI’s antiquated investigative case management system known as Automated Case Support, or ACS, is approved for the storage and transmission of information only up to the secret level; 2) the FBI is connected to the Department of Defense (DOD) systems on a fiber optic cable, but the connection to the CIA is not fiber optic; and 3) the FBI’s ACS system is so obsolete that no other agency wants to use it. As a case management system, ACS was not designed for communicating with other agencies. Under ACS, all documents, including ECs, require handwritten signatures; therefore, all documents are physically passed from person to person as they move through the review chain. The FBI’s fundamental information-sharing problem is the inability to move classified information, especially TS and/or SCI, securely outside of the FBI. Due to the FBI’s IT limitations, even e-mails cannot be forwarded securely to the CIA. Instead, FBI personnel must print a paper version of the e-mail and provide this to their CIA counterparts.
Because the FBI does not have a system that can communicate securely with other agencies, it is forced to rely on teletypes to receive and disseminate intelligence. However, teletypes are a difficult method of communicating classified information because the information cannot easily be transferred to teletype from another type of electronic media and because teletypes are not user friendly. Further, according to several FBI managers we interviewed, incoming cables or other information from the intelligence community were often not disseminated or disseminated timely to those who needed the information for analytical or operational purposes. Information often was misdirected if the addressee had changed positions or the specific unit was not designated.
In contrast, the CIA has developed much more efficient IT systems to share intelligence information. For example, detailees from the FBI to the CIA share paper copies of FBI Form 302 investigation records with their CIA counterparts. If the CIA officials think the information is valuable, a Form 302 can be uploaded into the CIA system, making it searchable.
The efforts of the FBI to correct its IT deficiencies are discussed in Finding 2 of this report.
When the FBI disseminates intelligence and other classified information, it must ensure that only the appropriate people receive the information. Specifically, the recipients of classified information must have a need to know the information and have been granted the proper level of security clearance. Further, if the FBI is not the originator of the information, the FBI must have received permission to disseminate the information. Permission from the originator may require revision of the information to render the information unclassified or modified to protect intelligence sources and methods.
Obtaining security clearances for state and local law enforcement personnel is in itself an obstacle to disseminating information. The FBI has been working to provide clearances to state and local law enforcement officers who need the clearances. To that end, since the September 11 terrorist attacks, the FBI has issued over 800 security clearances to state and local law enforcement personnel.
The process for obtaining a security clearance is cumbersome and time consuming and a process over which the FBI has little control. The application forms are the same ones that federal employees use, including FBI agents, when applying for a security clearance. The forms are lengthy and detailed. For example, applicants are required to list their residences for the last seven years along with details on education, employment, foreign travel, and other data. After the forms are completed, background investigations are conducted on each applicant. These background investigations are mandated by Presidential Executive Order. Compounding the expense and time required to grant a security clearance to a state or local law enforcement official is the perception, according to the Police Executive Research Forum, by some state and local officials that they should not have to undergo the same background investigation process as other people who receive security clearances.17 FBI officials told us that some state and local law enforcement executives think that their position alone demonstrates their trustworthiness.
Because not all state and local law enforcement officials who need security clearances have the clearances, the FBI is often constrained from providing detailed classified information to state and local law enforcement officials. As described subsequently in this report, the FBI is disseminating information to state and local officials on an unclassified but “law enforcement sensitive” basis except for members of JTTFs, all of whom hold security clearances. FBI officials told us, however, in the event of a high priority case where there is a threat to life, the FBI would provide the pertinent information to those with a need to know by granting interim clearances to those individuals.
Security classifications may also inhibit the FBI from disseminating information. According to one FBI Section Chief, the FBI does not originate 90 percent of the intelligence it uses. The agency that originally collected the intelligence may mark it ORCON, or originator controlled. All agencies that receive this information must receive permission from the originating agency before further dissemination. Agencies usually mark a document ORCON for two reasons. First, it allows the originating agency to protect the sources and methods disclosed in the classified document. Second, it is a vehicle to allow the originating agency to control how the information or conclusions in a document are used. FBI officials with whom we spoke said they thought that some of the criticism of the FBI for not sharing raw intelligence is misplaced because the information is often controlled by another agency. The FBI works with the CIA and other intelligence agencies to have information approved for dissemination by deleting sources and methods so the FBI can disseminate intelligence more quickly. The use of “tear lines” aids in achieving this goal. Documents containing tear lines are broken into sections. Some sections contain summary information and others contain detailed information such as sources and methods. The sections containing summary information can be disseminated to those with proper clearances. The sections containing sources and methods cannot be disseminated.
Although the FBI faces a number of security-related constraints as to what information it can lawfully share with state and local law enforcement agencies, it is under increasing pressure to release as much information as possible. For example, the House Permanent Select Committee on Intelligence in its recent report on the 2004 intelligence authorization states that:
Committee members remain concerned that information sharing between the FBI and state and local law enforcement colleagues still needs improvements. The Committee strongly urges the FBI to place high priority on making additional progress on this issue.
FBI officials told us that state and local law enforcement agencies often perceive that the FBI has more information than it is willing to share. This condition leads state and local law enforcement officials to sometimes have unrealistic expectations about what information the FBI can provide. For example, when the DHS increases the threat level, FBI officials are often asked for information about the specific threat. As is reasonable, officials from state and local law enforcement agencies often want to know whether anything in their jurisdiction is being specifically targeted. FBI officials usually do not have any information about specific targets. However, FBI officials with whom we spoke said that state and local law enforcement officials often believe the FBI is withholding information when told that the FBI does not have any specific threat information. FBI officials speculated that some state and local law enforcement officials may have this misconception about the detail available concerning threat information because the officials have not been involved in the collection and dissemination of intelligence. A Police Executive Research Forum white paper quotes a law enforcement executive as saying that local law enforcement “…often presumes that federal agencies are withholding detailed, relevant, and important information. We need to work on issues of mutual trust so that we can share what information there is, while retaining necessary security and integrity.”18
FBI managers told us they are pushing their subordinates to share as much information as possible. Some managers expressed concern that the pendulum has swung too far in the FBI’s efforts at openness and the key concepts for sharing classified information are sometimes ignored by the recipients. One FBI Section Chief told us that he believes the FBI sometimes shares more information than it should and that originator control of classified information and “need to know” are important requirements that other agencies need to honor. He argued that originator control of intelligence is a valuable tool that allows limited dissemination and control at the same time. Further, he said, every intelligence organization has to be able to control its information because the free flow of information can expose investigations and put agents’ lives in jeopardy. He believes that some recipients currently may be disseminating ORCON information without permission and that some parties who receive intelligence or other sensitive information unilaterally decide to disseminate information that should go no farther than the immediate recipient.
FBI officials told us, however, that some leaks of sensitive information are the price to be paid for greater information sharing outside of the intelligence community. One official used a law enforcement sensitive FBI bulletin (discussed in Finding 3) as an example of leaks occurring when the FBI shares information. He noted that the information the FBI disseminates to the state and local law enforcement community frequently is seen or heard in the news media nearly immediately upon distribution.
The FBI Director recognized as a result of the September 11 attacks that the FBI needed to develop a greater domestic intelligence capability to meet its new priority of preventing future terrorism. The FBI has a longstanding reputation as an investigative and law enforcement agency, and the Director’s attempt to transform the FBI into a law enforcement agency with an intelligence capability to thwart terrorism represents a significant cultural change. As discussed in Finding 2, many steps toward this transformation have begun, including the establishment of an Executive Assistant Director for Intelligence, an Analysis Branch, a Terrorism Reports and Requirements Section, and a College of Analytical Studies. We heard repeatedly from FBI managers that the FBI needs to produce more intelligence products.
In our September 2002 report on the management of the FBI’s counterterrorism program, we described the need for the FBI to add professional intelligence staff to help the FBI meet a clear need for improving its ability to collect, analyze, and disseminate threat information. At that time, some FBI managers described the FBI’s analytical capability as “broken.” Others on terrorism-related commissions and in Congress have suggested that the FBI’s intelligence capability was virtually nonexistent. Specifically, the FBI had difficulty pulling information together from a variety of sources, analyzing the information, and disseminating it. In other words, the FBI lacked the ability to “connect the dots” or create a mosaic of information. Moreover, the FBI lacked the capability to prepare a strategic or “big picture” intelligence estimate or threat assessment. Our September 2002 report concluded that the FBI lacked a professional corps of intelligence analysts with a defined career path, standards for training or experience, or a system for effectively deploying and utilizing analysts to assess priority threats at either the tactical (investigative or operational) level or the strategic (long-term or predictive) level.
Until June 2002 when the CIA detailed managers and analysts to the FBI to help establish a professional intelligence function, the FBI did not have Reports Officers similar to the CIA’s Collection Management Officer. Reports Officers glean intelligence, summarize the information, and disseminate the information to those with operational responsibilities. According to the Section Chief of the FBI’s Terrorism Reports and Requirements Section, who is a CIA manager on detail to the FBI, the greatest challenge to building the FBI’s intelligence reporting capability is the hiring and training of qualified Reports Officers. The Section Chief emphasized that it is better to do the staffing right rather than quickly, and she estimated that it would take about a year to fully staff the section. At the time of our audit, in February 2003, the section had 12 Reports Officers out of an authorized staffing level of 96 FBI-wide, including field offices. Of the 12 Reports Officers on board, 5 were recent college graduates, a few were from the FBI’s Surveillance Operations Group, a few were GS-14 FBI Intelligence Operations Specialists, and 1 was a former military intelligence officer. In addition to those Reports Officers already on board, an additional 20 were undergoing background checks. According to the Section Chief, the work of Reports Officers is the type of work that people with the right fundamental skills or experience can learn. As a result, the Section Chief has focused on recent college graduates, people with government experience, and people with experience in terrorism issues.
Once hired, the new Reports Officers will need to be trained. Because the Reports Officer position is new to the FBI, the FBI needs to create a training program. At the time of our audit, the FBI Academy at Quantico did not offer appropriate training, so a new training curriculum had to be developed. The Terrorism Reports and Requirements Section Chief recognized the need for such a program and developed the framework for a Reports Officers’ training program. The plan was to contract out for the training. The Section Chief envisioned four 2-week regional classes, followed by a 30- to 60-day detail to FBI headquarters to gain a hands-on perspective. Advanced training will be needed once the section is operational for three to five years. In contrast, [CLASSIFIED INFORMATION REDACTED].
The hiring of analysts has been slowed by issues concerning security clearances and pay. Intelligence agencies throughout the government are competing for the same pool of qualified applicants.
The Section Chief of one of the International Terrorism Sections stated that the FBI’s newly created analytical capability is already aiding FBI operations. FBI officials said that in the 1990s, the FBI did not know how to do counterterrorism analysis but the current analysts program is moving forward. The analysts work for the Chief of the Counterterrorism Analysis Section, and he sets the analysts’ priorities. The FBI does not yet have a formalized system for requesting analytical products but it was working on one. While the FBI is modeling the organization and function of its analytical component on the CIA, the FBI cannot completely mirror the CIA’s analytical operations because the CIA’s IT system “pushes,” or automatically sends, information to those with a need to know. The FBI’s systems require Reports Officers and analysts to “pull,” or search for, information they need to complete an analysis or report.
When we began our audit, the FBI did not have policies or procedures to guide FBI managers and personnel in what information should be shared or disseminated, with whom the information should be shared or disseminated, and in what manner. In June 2003, the new Executive Assistant Director for Intelligence launched a 10-week initiative to develop Concepts of Operations for each of 9 core intelligence functions, including information sharing. These plans, described in more detail in Finding 2, provide a vision for reinventing the FBI’s intelligence program and correcting existing weaknesses. The Concepts of Operations also provide a framework for developing formal policy and procedures and give FBI managers guidance through broad principles for information sharing. The FBI is in the process of developing an FBI-wide enterprise architecture. In conjunction with the enterprise architecture, the FBI should develop a process map to define the current state and end state for its information-sharing processes and an implementation plan to put its Concepts of Operations into action. We believe that such a structure is necessary to ensure that the FBI’s dissemination efforts are consistent, meet the Director’s expectations, and hold personnel accountable. Several managers told us that they had been busy trying to improve the FBI’s intelligence capabilities and information sharing, and that policies and procedures would have to come later.
During the period of our audit, the process for disseminating intelligence was ad hoc and communicated orally from manager to staff. One CIA detailee characterized the informal process as disorganized, noting that information does not flow smoothly within the FBI, let alone externally. The detailee said it was a common occurrence to attend a meeting with another agency and learn about FBI-developed intelligence for the first time. As another example, the detailee noted that the CIA’s Counterterrorist Center (CTC) produces 13,000 intelligence reports a year, all of which are sent to the FBI. In the eight months the CIA detailee had been at the FBI, the detailee had not received a single CIA intelligence report. The detailee said, “Information goes into a black hole when it comes into this building.”
This official attributed the FBI’s problems in disseminating information within the FBI to two factors. First, the FBI does not have written policies or procedures for disseminating intelligence. The lack of policies and procedures may impede the effective dissemination of intelligence and prevent FBI personnel from knowing what they can expect from different components within the FBI. Second, the FBI’s information systems require a person with a need for information to search the FBI’s databases to retrieve it. In contrast, the CIA’s information systems “push” data to those whose profile meets the criteria.
The inability of intelligence agencies in general to disseminate information consistently has been recognized by other reviews. Both the Joint Inquiry that investigated the intelligence issues related to the September 11 attacks and the Gilmore Commission noted that information sharing in general is not systematic and needs more attention and oversight.19 The Staff Director of the Joint Inquiry Staff has testified that:
No one will ever know whether more extensive analytic efforts, fuller and more timely information sharing, or a greater focus on the connection between these events would have led to the unraveling of the September 11 plot. But, it is at least a possibility that increased analysis, sharing and focus would have drawn greater attention to the growing potential for a major terrorist attack in the United States involving the aviation industry. This could have generated a heightened state of alert regarding such attacks and prompted more aggressive investigation, intelligence gathering and general awareness based on the information our Government did possess prior to September 11, 2001.20
When we inquired about the flow of intelligence within the FBI, the FBI did not have a flow chart and had to prepare a narrative description of the process to address our request. The creation of an enterprise architecture and a process map would help the FBI better understand and manage its information flow.21
Enterprise architecture is the organization-wide blueprint that defines an entity’s functions and systems, including IT systems. It provides a comprehensive view – through models, narratives, and diagrams – of the interrelationships of an organization’s operations and structures and how these structures align with the organization’s mission.
In a February 2002 review of enterprise architecture used in the federal government, the GAO stated the following:22
The architecture describes the enterprise’s operations in both: 1) logical terms, such as interrelated business processes and business rules, information needs and flows, and work locations and users; and 2) technical terms, such as hardware, software, data, communications, and security attributes and performance standards. It provides these perspectives both for the enterprise’s current or “as is” environment and for its target or “to be” environment, as well as a transition plan for moving from the “as is” to the “to be” environment.
In our December 2002 report entitled, “Federal Bureau of Investigation’s Management of Information Technology Investments,” we recommended that the FBI continue its efforts to establish a comprehensive enterprise architecture. The FBI agreed with our recommendation and as of April 2003 was still working on establishing the enterprise architecture.
In September 2003 the GAO reported that the FBI does not yet have an enterprise architecture.23 According to the GAO, the FBI acknowledges the need for an enterprise architecture and has committed to developing one in the fall of 2003. However, the FBI currently lacks the means for effectively reaching this end. For example, the FBI does not have an agency architecture policy, an architecture program management plan, or an architecture program management plan.
As discussed in Finding 2, the FBI has undertaken a number of initiatives to improve its ability to share information both within the FBI and externally. A major step forward is the recent development of Concepts of Operations for the FBI’s core intelligence functions, including information sharing. These plans establish goals, provide broad principles, and lay the foundation for developing formal policies and operating procedures. Still, we believe the FBI would be better positioned to manage the changes to its information-sharing processes if it also conducted a process map for information sharing. In its Business Process Reengineering Assessment Guide, the GAO recommends that agencies complete such a map as part of their reengineering efforts:
Agencies need to develop a common understanding of the processes they use to produce their products and services before they can set about to improve them. Like large private sector organizations, agencies can have a confusing web of interconnected processes and sub-processes, many of which cut across several functional departments. It is important to define what the components of each process are, as well as the process' boundaries, dependencies, and interconnections with other processes.
As a start, the agency should map each of its core processes at a high level. High-level process mapping typically results in a graphic representation depicting the inputs, outputs, constraints, responsibilities, and interdependencies of the core processes. This high-level map provides managers and staff with a common understanding of how the processes work and how they are interconnected.
The FBI has many ongoing initiatives that affect its counterterrorism efforts. However, the FBI does not have a blueprint for either its current or intended information-sharing process. The new Concepts of Operations, while a worthwhile effort to delineate goals and provide guiding principles, do not constitute a blueprint that defines the current state and an end state for information sharing. In our judgment, such a blueprint or road map is necessary to ensure that: 1) all the processes are managed well, 2) the initiatives do not conflict or overlap, 3) each units’ information-sharing responsibilities are clear to its personnel and other FBI personnel, and 4) the FBI’s new IT systems meet the needs of those involved in the FBI’s counterterrorism efforts.
The ability of the FBI to share information across sections, units, and offices within the FBI as well as with the intelligence community and state and local law enforcement agencies is critical to the nation’s ability to prevent future acts of terrorism. The FBI has identified, and is working to correct, several of the major impediments to its ability to obtain, analyze, and disseminate intelligence and other sensitive information. These obstacles center on the need for IT improvements, a professional intelligence capability, overcoming security issues and perceptions concerning the sharing of information with state and local law enforcement agencies, and the establishment of policies and procedures for managing the flow of information. The recent development of Concepts of Operations for the key aspects of the FBI’s intelligence program, including information sharing, contributes toward a framework for the necessary policies and procedures to reinvent and institutionalize the program.
The flow of intelligence and other useful information allows everyone involved in combating terrorism to view the terrorist threat in a more complete context. For the FBI to meet its information dissemination responsibilities, it must continue to improve its analytical capabilities and its IT systems. In addition, the FBI must develop information-sharing policies, including the extent to which information can and should be disseminated to state and local law enforcement agencies.
We recommend that the Director of the FBI: