Review of the Terrorist Screening Center
(Redacted for Public Release)

Audit Report 05-27
June 2005
Office of the Inspector General


Executive Summary


On September 16, 2003, the President signed Homeland Security Presidential Directive-6 (HSPD-6), requiring the establishment of an organization to "consolidate the Governmentís approach to terrorism screening and provide for the appropriate and lawful use of Terrorist Information in screening processes." Specifically, the Attorney General was directed to create a new organization to consolidate terrorist watch lists and provide 24-hour, 7-day a week operational support for federal, state, local, territorial, tribal, and foreign government as well as private sector screening across the country and around the world.1 As a result of this presidential directive, the Terrorist Screening Center (TSC) was created. As of the end of fiscal year (FY) 2004, the TSC was a $27 million organization with approximately 175 staff.

The Office of the Inspector General (OIG) initiated this audit to examine whether the TSC: 1) has implemented a viable strategy for accomplishing its mission; 2) is effectively coordinating with participating agencies; and 3) is appropriately managing terrorist-related information to ensure that a complete, accurate, and current consolidated watch list is developed and maintained.2

Identifying the Need for a Screening Agency

Prior to the establishment of the TSC, the federal government relied on information from numerous separate watch lists maintained at a variety of federal agencies to prevent terrorists from obtaining visas or entering the United States illegally, and to track suspected terrorists within U.S. borders. In 2002, the President and Congress recognized this fragmentation and called for the consolidation of terrorist information to unify the governmentís counterterrorism efforts.

In July 2002, the President issued the National Strategy for Homeland Security, which created a "comprehensive plan for using Americaís talents and resources to enhance our protection and reduce our vulnerability to terrorist attacks."3 One aspect of the Presidentís strategy was for the FBI to create a consolidated terrorism watch list that would serve as a central point for information about individuals of investigative interest. This list was seen as an answer to the uncoordinated and ad hoc approach that the U.S. government was then pursuing.

In addition, the 9/11 Congressional Joint Inquiry Committee reported in December 2002 that the U.S. government was not adequately collecting and integrating terrorism-related information from all domestic and foreign sources. As a result, the Joint Inquiry also recommended the creation of a national watch list center to facilitate the appropriate collection, declassification, and sharing of information on known or suspected terrorists.

In April 2003, the Government Accountability Office (GAO) issued a report identifying 12 separate watch lists used for various purposes.4 The following table lists the systems identified by the GAO.

TERRORIST-RELATED WATCH LISTS IDENTIFIED BY THE
GOVERNMENT ACCOUNTABILITY OFFICE IN APRIL 20035
  Description Agency
1 TIPOFF System Department of State (DOS)
2 Violent Gang and Terrorist Organizations File (VGTOF) FBI
3 Interagency Border Inspection System (IBIS) Department of Homeland Security (DHS)
4 National Automated Immigration Lookout System (NAILS) DHS
5 Consular Lookout and Support System (CLASS) DOS
6 No-Fly List DHS
7 Selectee List DHS
8 Integrated Automated Fingerprint Identification System (IAFIS) FBI
9 Automated Biometrics Identification System (IDENT) DHS
10 Warrant Information Network U.S. Marshals Service
11 Top Ten Fugitives Department of Defense, U.S. Air Force
12 Interpol Terrorism Watch List Department of Justice (DOJ)
Source: GAO Report Number GAO-03-322

Establishing the TSC

In a September 2003 news release announcing the signing of HSPD-6 and the creation of the TSC, the White House directed that the organization to consolidate watch lists should begin operations by December 1, 2003. Following the issuance of HSPD-6, the Attorney General, the Secretary of Homeland Security, the Secretary of State, and the Director of Central Intelligence signed a Memorandum of Understanding (MOU) entitled "Integration and Use of Screening Information to Protect Against Terrorism." The MOU, dated September 16, 2003, designated the FBI as the lead agency responsible for administering the TSC.

The MOU provided details related to the watch list consolidation effort, including the data that should be included and the cooperation required from the participating agencies. The MOU and HSPD-6 also mandated that federal agencies continually provide the FBI with domestic terrorism information, defined as information about U.S. persons with no connection to foreign intelligence, counterintelligence, or international terrorism. In addition, the agencies were required to provide, on an ongoing basis, the Terrorist Threat Integration Center (TTIC) with all other terrorist information in their custody or control. In turn, the FBI and TTIC were to provide domestic and international terrorist information to the TSC for consolidation.6 The goal was to create a unified, unclassified terrorist watch list, not to replace existing watch lists. Federal agencies were expected to continue gathering and developing terrorist information and to maintain separate systems to fulfill their distinctive missions.

Standing-up the TSC

In October 2003, the Attorney General appointed the Director of the TSC, and within one month two deputy directors were brought on board. An additional deputy director arrived in December 2003. TSC management initially developed working groups with participating agencies to establish an initial planning document detailing how the new organization would function. Also, the TSC designed a process flow chart to illustrate how terrorist information should be received, shared, and ultimately consolidated into an unclassified database.

The TSCís initial planning document stated that personnel detailed from the DOJ, DOS, DHS, and other agencies would make up the staff at the TSC. These individuals would represent their respective Departments while supporting the functions of the TSC and reporting to the TSC Director.

Initial Operating Capability

In accordance with the Presidentís mandate, the TSC began operating on December 1, 2003, as the primary point of contact for screening individuals with ties to terrorism. The TSCís initial capabilities were limited, and its primary operations consisted of maintaining a 24-hour, 7-day-a-week call center staffed with personnel temporarily assigned to the TSC from agencies such as the FBI and the DHS.7 Although TSC staff had begun developing the first consolidated watch list, it was not ready to be used for screening purposes by December 1. Instead, the TSCís protocol was to separately query a variety of existing agency watch listing systems, including: 1) Transportation Security Administrationís No Fly and Selectee lists; 2) TIPOFF; 3) the FBIís National Crime Information Center (NCIC), namely the Violent Gang and Terrorist Organizations File (VGTOF); and 4) the Treasury Enforcement Communications System (TECS), which includes the Interagency Border Inspection System (IBIS) and the National Automated Immigration Lookout System (NAILS).

The Consolidated Watch List

A major challenge for the TSC was to integrate different types of information in varying formats from agenciesí existing systems into a comprehensive index of watch listed individuals. The new system would ultimately need to provide real-time connectivity to users and be able to incorporate evolving technology, such as advanced name-search capability and biometric data.

To meet this goal, TSC officials and partner agency members formed a working group to define existing database structures and determine the basic functionality and future uses of the planned consolidated database. As a result of the identification of several barriers to the timely implementation of the consolidated database (such as differences in legacy systems and a shortage of qualified employees or contractors), the TSC divided the creation of the consolidated database, which was named the Terrorist Screening Database (TSDB), into three phases: 1) TSDB 1A, 2) TSDB 1B, and 3) Advent TSDB.

TSDB 1A

The TSDB 1A database, which became operational on March 12, 2004, and was discontinued on April 1, 2005, was created using proprietary software owned by a contractor. According to TSC officials, they chose this approach in an effort to consolidate the information in the most expedient way possible. The TSDB 1A was populated with data received directly from the individual supporting agenciesí watch list systems. According to TSC officials, they recognized that this consolidation effort caused some names that appeared on multiple watch lists to be present in the database many times.

This database was manually updated on a daily basis using diskettes of new or revised information from participating agencies. While operating, the entire TSDB 1A database was overwritten each day when the new data file was loaded. Given the design of the TSDB 1A database, this overwriting was the only method to update the terrorist-related information. However, this process eliminated the ability to retrieve historical data from the system. In addition, the TSDB 1A could not automatically export data to the participating agencies. Rather, TSC staff was required to send manual update files to participating agencies using diskettes.

TSDB 1B

The TSDB 1B came on-line in June 2004 in a parallel environment with the 1A database.8 In this second phase of developing the consolidated database, the TSC sought to improve connectivity between the TSDB and other databases. In creating TSDB 1B, the TSC obtained batches of records primarily from the FBI and NCTC.

On April 1, 2005, the TSC stopped using TSDB 1A, and the 1B database became the single consolidated watch list. In contrast to the TSDB 1A, the 1B database can communicate with the participating agencies' systems and provides for the electronic exchange of data. As a result, since its creation, the TSDB 1B system has been used to export records to the databases of the various participating agencies. In addition, unlike the 1A database, the TSDB 1B is updated only with additions, deletions, and modifications to the existing records in the database, and therefore the system retains a history of all changes made.

Advent TSDB and the Future of the Consolidated Database

In the next phase of its development of the consolidated database, Advent TSDB, the TSC plans to establish automatic, real-time connectivity with participating agency databases. However, most of the supporting agency database systems cannot currently accommodate this type of connection and will need to upgrade their systems. While the TSC expects that it will take years to fully implement this plan, the first segment (real-time connectivity with the FBIís NCIC) is planned for completion in FY 2005.

Also, in FY 2005 the TSC expects to receive biometric data from NCTC and export that data to NCIC. This process is not expected to be fully mature for some time and, in its initial phase, will allow for only text fields to be shared. TSC officials stated that graphic files, such as a picture of biometric data, can be made available in the TSDB 1B system, but this information would not be searchable. TSC officials said development of a plan to incorporate data into the TSDB database in this way is expected to be complete by spring 2005.

Evolution of IT Management

While the TSDB is constantly evolving, we found that the TSCís management of its information technology (IT), a critical part of the terrorist screening process, has been deficient. From its inception, the TSCís IT Branch Ė staffed with numerous contractors Ė did not have strong, effective, and focused leadership over the agencyís IT functions. In addition, the TSC has experienced significant difficulty in hiring qualified staff with adequate security clearances to perform IT functions.

The TSC did not establish a formal technical advisory group until June 2004 and in August 2004 hired its first Chief Information Officer (CIO). Unfortunately, many major IT decisions had been made prior to this time, such as the creation and implementation of TSDB 1A and 1B and various support systems, as well as the establishment of controls and standards for operating and administering these systems. The TSC CIO acknowledged that the TSC has been operating in an immature IT environment since its inception. He told us that the need to expeditiously create a consolidated database hindered systems planning. He further stated that the IT Branch was understaffed and had not been sufficiently focused on establishing controls to ensure data integrity.

Content of the Consolidated Watch List

Each record within the consolidated watch list is designed to contain information about the law enforcement action to be taken when encountering an individual on the watch list, which provides insight into the level of threat posed by that individual. This information is conveyed through a "handling code" that provides law enforcement personnel with instructions on what to do when a suspected terrorist is encountered. These handling codes are defined as follows:

HANDLING CODE DEFINITIONS

 

[SENSITIVE INFORMATION REDACTED]

 

Source: The Terrorist Screening Center

To gain a general understanding of the distribution of individuals on the watch list, we reviewed a sample of 109,849 records in the TSDB 1B database and found that the vast majority of watch listed individuals were included in the two lowest categories.9 As depicted in the following graph, approximately 75 percent of the records we reviewed were categorized at handling code 4 (the lowest handling code), and 22 percent were categorized at the second to lowest level, handling code 3.10 Only 318 records of the 109,849 records in the watch list subset that we reviewed were categorized at the two highest levels, handling codes 1 and 2. This means that the records for the overwhelming majority of watch listed individuals indicated that encounters with these persons required the lowest levels of law enforcement response and that these individuals [SENSITIVE INFORMATION REDACTED].

Watch Listed Persons by Handling Code
(Based on the subset of 109,849 records reviewed11)
.18% (193) Handling Code 1; .11% (125) Handling Code 2; 22.04% (24,210) Handling Code 3; 74.64% (81,994) Handling Code 4; .31% (336) No Handling Code; 2.72% (2,991) Other.
Source: TSC Management

We asked the TSC Director about the content of the TSCís consolidated watch list. She informed us that, to err on the side of caution, individuals with any degree of a terrorism nexus were included on the consolidated watch list, as long as minimum criteria was met (i.e., the personís name was partially known plus one other piece of identifying information, such as the date of birth). The Director further explained that one of the benefits of watch listing individuals who pose a lower threat was that their movement could be monitored through the screening process and thereby provide useful intelligence information to counterterrorism investigators. In addition, she stated that lower-threat level individuals can have associations with higher-threat level terrorists, and watch listing lower-threat individuals may lead to uncovering the location of other watch list individuals.

TSC Operations

The TSCís FY 2004 budget consisted of contributions totaling about $27 million from four participating agencies. As of November 2004, the TSC had 177 staff members, which included permanent and detailed personnel. Also, as detailed in the following staffing chart, contract personnel made up 61 percent of the total TSC staffing.

FY 2004 TSC Funding Allotments
by Department
TSC Staffing Level by Agency
as of November 9, 2004
DOJ: $14,121,000; DHS: $7,884,000; TTIC: $3,741,000; DOS: $1,589,000. Contractors: 61%; DOJ/FBI: 25%; DHS: 11%; USPS: 1%; DOS: 1%; DOD: 1%.
Purple: DOJ/FBI; Maroon: DHS; Yellow: DOS; Aqua: TTIC. Purple: DOJ/FBI; Maroon: DHS; Yellow: DOS; Aqua: DOD; Light Purple: USPS; Green: Contractors.
Source: FBI Budget Formulation Office and the TSC Administrative Unit

In FY 2005, the TSCís budget of $29 million was incorporated into the FBIís overall appropriation. This eliminated the need to transfer funds between agencies.

The TSC Call Center

The basic tasks performed by call center staff ó fielding inquiries, researching terrorist information, and facilitating the identification and apprehension of terrorists ó remain the same as the functions performed at the point of the TSCís initial operating capability on December 1, 2003. However, the creation of the consolidated watch list has allowed the call center staff to begin its research with a single database Ė the TSDB.

The consolidated information within the TSC database is searchable by law enforcement and intelligence officials across the country and around the world.12 Names are searched in supporting agency databases during encounters at ports-of-entry or by federal, state, or local law enforcement agencies. When a name appears to be a match against the terrorist watch list, requestors receive a return message informing them of the preliminary match and are directed to call the TSC. When a call is received, TSC call center staff assist the caller in identifying the subject. To do this, the call screeners search the TSDB to determine if an identity match exists. In addition, they search supporting agency databases to locate any additional information that may assist in making a conclusive identification. The caller is immediately informed of any negative search results (i.e., the subject of the call does not match the identity of an individual on the watch list). The following diagram displays the process of handling hits against the watch list.

CALL SCREENING PROCESS FLOW13

 

[Not Available Electronically]

 

Source: The Terrorist Screening Center

If the subject is positively identified or the match attempt is inconclusive, the TSC call screener forwards the call to the FBIís Counterterrorism Watch Unit (CT Watch), the FBIís 24-hour global command center for terrorism prevention operations. CT Watch is then responsible for coordinating the law enforcement response to the encounter, including making further attempts to establish positive identity and, if necessary, deploying agents to take appropriate action. For every inquiry that TSC call screeners refer to CT Watch, the TSC screeners are responsible for obtaining feedback on the disposition of the encounter, such as whether or not the subject was arrested, questioned, or denied entry into the United States.

According to State Department officials at the TSC, when a person overseas applies for a visa, U.S. government officials search the CLASS database, which receives watch list information from the TSC. If this search reveals a possible identity match with an individual recorded in the TSDB, the official will send the TSC a cable (a secure, electronic communication). A State Department representative at the TSC will review the cable along with information within supporting agency databases to determine if the person requesting a visa is an individual with ties to terrorism. This information will be used by the U.S. government officials overseas to either issue or deny the visa application.14

Database Accuracy and Completeness

Although we found that the TSC had successfully created and deployed a consolidated watch list database, we also determined that the TSC could not ensure that the information in that database was complete and accurate. We found instances where the consolidated database did not contain names that should have been included on the watch list. In addition, we found inaccurate information related to persons included in the database.

We split our review of the terrorist watch list into two separate tracks. First, we analyzed the database as a whole, including identifying duplicate records, available fields of information, and handling instructions applied to individuals on the watch list. Second, we performed testing of the accuracy and completeness of individual records within the database. In this second track, we also identified a sample of known terrorist names and determined whether those individuals were on the watch list.

Overall Review of the Consolidated Databases

We first reviewed the TSDB 1A and 1B to gain an overall understanding of the databases. This review included the records that each database maintained, the structure for each record, and the categories and handling instructions assigned to individual terrorist records.15

Database Records Ė As of January 2005, the TSDB 1A and 1B included a total of 455,002 and 237,615 records, respectively. Since both databases were maintained and updated simultaneously, theoretically both should have had the same number of records. However, TSDB 1A had 217,387 more records than TSDB 1B. Primarily, this difference resulted from the TSCís decision, in its early days of operation, to accept less than optimal data in order to quickly develop a comprehensive database.16 In implementing TSDB 1B in June 2004, officials at the TSC have had more of an opportunity to identify data errors and duplications in the databases, although discrepancies found during our review indicate that the TSDB 1B also is not free of errors or duplication. Because the TSDB 1B now represents the single consolidated watch list, it is crucial that the 1B database contain all unique known or suspected terrorist records.

TSC officials informed us in March 2005 that they had successfully addressed the significant difference we had identified in record counts between the databases. They reported that they reduced the difference to about 40,200 records existing in TSDB 1A but not in TSDB 1B. This group of records has undergone initial review and the TSC stated that it consists of 39,000 records awaiting additional vetting by NCTC and 1,200 that will require manual correction at the TSC.

Duplicate Records Ė We reviewed the TSDB 1B and found 31 duplicate records.17 TSC officials could not explain why TDSB 1B contained duplicate records. However, based on our observations and analysis, one probable cause was the transfer of duplicate information from NCTC to the TSC. Although the number of duplicates we identified was relatively small, duplicate records within the TSDB can be time-consuming and possibly confusing for call screeners when they research an individual. For example, the screener could mistakenly rely on one record while a second, more complete record may be ignored. Also, if update information was transferred for a record in the TSDB 1B that had duplicate entries, one of the duplicate records could be updated while the other might not.

Descriptive Categories Ė The international terrorist records that come to the TSC from NCTC include a reference to how the individual is associated with international terrorism. This reference, called an Immigration and Nationality Act (INA) code, must be one of 25 prescribed codes, and controls exist to ensure that each record has just one code assigned. The INA codes include categories such as: "Member of a Foreign Terrorist Organization," "Hijacker," and "Has Engaged in Terrorism." These INA codes are split into two primary types Ė individuals who are considered armed and dangerous and those who are not.

For records in the TSDB 1B, we compared the INA codes to the databaseís handling codes to determine if the two were consistent. We found records with handling codes that did not correspond to the level of threat that could be posed by the individual based on the descriptive category. Specifically, we identified at least 31,954 records with INA codes that were categorized as "armed and dangerous" but had handling instructions that were applicable for individuals at the lowest handling code, which does not require the encountering law enforcement officer to contact the TSC or any other agency. The INA codes for some of these records described these individuals as: 1) having engaged in terrorism; 2) likely to engage in terrorism if they enter the United States; 3) hijacker; 4) hostage taker; 5) [SENSITIVE INFORMATION REDACTED]; and 6) user of explosives or firearms. At the time of our field work, TSC officials could not explain this apparent mismatch. This situation, which represents a weakness in the database and places front-line law enforcement officers in a vulnerable position, should be addressed as quickly as possible.

Missing Handling Codes Ė According to TSC officials, all records in the consolidated watch list should be assigned a handling code. Based on our review, we found that 336 records in the TSDB 1B did not have any handling codes assigned. Of these records, at least 160 were described as armed and dangerous, according to the designated INA codes.

Necessary Field Improvements Ė During our review of records, we also noted improvements that could be made to the watch list record fields. For example, we found no separate fields were specifically designated to identify an individualís [SENSITIVE INFORMATION REDACTED] or [SENSITIVE INFORMATION REDACTED]. In addition, the TSC directed the FBI to assign one of three possible INA codes to all domestic terrorist records that were included in the consolidated watch list. All three INA codes provided descriptions specifically related to international terrorism, but they did not adequately describe domestic terrorism. We believe that more specific descriptions of domestic terrorist activities should be developed and applied to domestic terrorist records so that law enforcement officers can respond with better information to such a watch listed individual.

Testing of Individual Database Records

Missing or incomplete terrorist records could have significant consequences because known terrorists may go undetected if they attempt to enter the United States or are stopped by local police for a traffic violation. We reviewed the information contained within the consolidated watch list to determine whether the data was completely and accurately consolidated. Specifically, we selected judgmental samples from the source databases to determine if the unclassified information from those databases was accurately transferred to and displayed in the TSDB 1A and 1B. Our testing also included searching the TSDB 1A and 1B for records of known or suspected terrorists to ensure they were included in the consolidated database.

Missing or Inaccurate FBI Domestic Terrorist Records Ė We judgmentally selected a sample of 59 records (for 58 individuals) from a universe of 104,116 FBI domestic terrorist records as of August 2004. We traced our sample of records forward to the TSDB 1A and 1B to determine whether each record was included in the consolidated database and whether all pertinent, unclassified information was contained in each TSDB. We identified 8 FBI records (or approximately 13 percent of the sample we reviewed) that were not included in the TSDB 1B. FBI officials informed us that two of these records existed on an updated file that ultimately never was sent from the FBI for inclusion in the TSDB because the primary individual responsible for sending the file was out of the office and nobody filled in to assume that personís duties. The remaining six missing records resulted from technical difficulties in uploading the FBI data into the NCTC database.

Our analysis also revealed that important and relevant information within the 59-sampled FBI records was not always included in the records within the TSDB, and in some instances the information included in the TSDB was incorrect. Specifically, the source FBI database contains a miscellaneous text field that, while not searchable because of its format, can provide important data. For example, the miscellaneous field of one FBI record we reviewed contained data indicating that the subject was not a U.S. citizen, while the TSC record indicated the opposite. Conflicting information can confuse or misinform screeners and contribute to the misidentification of an innocent person or the inappropriate release or admittance of a dangerous individual.

Missing or Inaccurate NCTC International Terrorist Records Ė We judgmentally selected a sample of 51 records (all for separate individuals) from a universe of 185,628 NCTC international terrorist records as of August 2004. We traced this sample of records forward to determine if the record was included in the consolidated database and if all pertinent, unclassified information set for inclusion in the TSDB was present.

We identified two records missing from the TSDB 1A that appear to have been the result of record deletion, although no history was maintained in the 1A database to verify this. In addition, 3 records from our sample of 51 were missing from the TSDB 1B. We also found that 12 records in our sample of 51 contained inaccuracies in record content between the information contained within NCTCís database and the information in the TSDB 1A and 1B. These inaccuracies included incorrect information regarding the biographical data of watch listed individuals. TSC officials could not provide an explanation for these inaccuracies.

Inclusion of Known Terrorists in the TSDB Ė We also performed testing on the TSDB 1A and 1B to determine if publicly known terrorists were included in the consolidated database. We selected a total of 39 names: 14 from news articles, 19 from the FBIís Most Wanted list, and 6 from the Department of Stateís List of Terrorists under Executive Order 13224. Our analysis found that 38 of the 39 names were included in both versions of the TSDB. The remaining name was included in TSDB 1A but not in TSDB 1B. This name originated from the Department of State and the individual was identified in the 1A database as armed and dangerous. TSC officials did not know why this name was not in the TSDB 1B.

TSCís Management of its 24-hour Call Center

We examined the management of the TSCís call center, which provides law enforcement agencies with around-the-clock access to consolidated information regarding known or suspected terrorists. The demand for expedited response times from the call center results in a fast-paced environment where data quality and system controls are crucial to safeguard the information available on the supporting databases (some of which may be classified), to ensure the accuracy of the data entry into the unclassified systems, and to maximize the quality of communication provided to TSC customers. We evaluated the centerís operations and found areas in need of improvement.

As part of our testing, we selected for evaluation a judgmental sample of 30 calls to the call center. For each encounter, we traced the communication and activities of all parties involved from the time the call was received at the TSC until the final recorded disposition of the encounter. We gathered documentation from the TSC call center, the FBI CT Watch, and the field personnel responsible for performing necessary follow-up on the encounter.

Generally, we found good communication between the TSC and all the agencies involved, including CT Watch and agencies that called the TSC. However, we identified some exceptions where coordination could have been improved. For example, in one case better coordination between agents handling an encounter could have prevented an instance where an individual was permitted to board a domestic flight despite being on the TSA No-Fly list.

We also identified several instances where the information on calls received was not being appropriately entered into the TSC system used to track encounter information, an unclassified system called the Encounter Management database. We found that data was sometimes entered into the wrong fields and at times transposed, resulting in search errors and poor data integrity. Additionally, discrepancies existed between the data available from the TSC and that of the FBI CT Watch. Examples included different times for calls being forwarded and received, different flight times on subjects due to arrive in the United States, and no resolution of the encounter recorded in the TSCís Encounter Management database. We attributed missing resolution detail to the lack of a status field in the Encounter Management database that would track the work flow and determine the calls requiring follow-up action. Although this encounter information does not affect the most important activity within the call center ó screening inquiries ó it does lessen the value of the information available on historical encounters. This data can be a valuable by-product of the call center activity because it can assist TSC management in evaluating the effectiveness of the organization and is also a potential source of terrorism-related intelligence.

Reliance on Detailees

Due to its rapid start-up and the need for personnel with adjudicated security clearances, the TSC has been heavily dependent upon staff detailed from participating agencies. These detailees generally work at the TSC approximately 60 to 90 days. This rapid personnel turnover increases the amount of training needed and reduces the number of screeners who are completely familiar with their duties.

Officials at the TSC stated that having detailees who can apply their investigative skills to assist callers is important to the mission of the TSC. They said the preferred arrangement would be to have staff assigned from various federal law enforcement and intelligence agencies in increments of 90 days or more. TSC management also stated that current law enforcement experience helps TSC screeners understand what the caller is experiencing and identify when the information provided presents an investigative concern. However, we found that some detailed staff members came to the TSC directly from their initial law enforcement training or post-military service and had little experience in law enforcement or intelligence work. In addition, the regular rotating of staff hampers the TSCís ability to provide seasoned personnel that have experience as TSC call screeners. Using inexperienced screeners also results in difficulties when relaying information to CT Watch staff. For example, we were informed that special agents at the FBIís CT Watch often ask to speak to a call center shift supervisor because the initial screener has not done an adequate job of conveying the appropriate information.

Training Call Center Staff

We identified several weaknesses in the training of call center personnel. Because some of the call center managers are detailees, the TSC has had difficulty developing and implementing standard oversight procedures. In addition, at times incorrect instructions were provided to call center staff. For example, we were shown a manual that incorrectly directed screeners to search a particular database. Although this was later corrected, it illustrates weaknesses in the management of the call center.

Among other issues, the training provided to call screeners needs to stress the necessity for a thorough search of the supporting system records to ensure that all pertinent information is relayed to the FBI CT Watch. For example, we identified an instance where an individual for whom there was significant derogatory information in the NCTCís database was allowed to enter the country. The individual in question was on the watch list because it was believed that the subject posed a threat as a financial supporter of terrorism, and the individual was being considered for visa revocation. This person was allowed into the United States and the FBI took no follow-up action. Neither the TSC (including State Department officials detailed to the TSC) nor the FBI Counterterrorism Division could explain why no further actions were taken to check the status of the individualís visa revocation. The NCTCís database noted that the individualís visa was revoked three months after this individual was allowed to enter the United States, but there was no indication that this person had subsequently left the country. According to State Department officials at the TSC, the situation described above was an unusual circumstance and does not reflect the manner in which visa revocations are normally handled. While we recognize that many parties did not take proper action to resolve this situation, the TSC is the vital link for making such information available to those who need it.

Other Management Issues in the Call Center

Currently, the call screeners use a manual process to record information from callers and to forward that information to CT Watch. When a call is forwarded or is considered a negative match with no further action required, the call screener enters the data onto a form and then enters it into the Encounter Management database. This redundant data entry is susceptible to transposition errors, missed data, and other data inaccuracies.

In addition, screeners have access to information in a variety of supporting databases. This data may be classified at the Confidential, Secret, Top Secret, or other level. We found at least four instances in which information that was identified as being classified was entered into an unclassified TSC database used to track information about calls received. While this material may contribute to the detail of the encounter, it is important to ensure that controls are in place to prevent entry of classified information into the TSCís unclassified databases.

Further, the TSC does not have an automated system for tracking the amount of time that elapses between when the TSC receives a call, when the call is forwarded to the FBI for further action, when the caller receives specific instructions, and when an encounter is fully resolved and feedback is provided to the FBI and the TSC. We believe that the TSC would benefit from regularly tracking and monitoring calls to ensure that information is being provided to callers in a timely manner and to identify possible process improvements.

Strategic Needs of the TSC

The TSC has made significant progress in consolidating the U.S. governmentís approach to terrorist screening. In looking to the future, however, we identified several areas requiring action by TSC management to ensure that the organization fully carries out its important mission.

Strategic Planning

The TSC has no formal strategic plan by which to guide its progress, staffing, organizational structure, and future planning. TSC managers have indicated they are working on developing a strategic plan, but no formal document had been developed by the end of our field work. We believe that strategic planning efforts will assist the TSC in addressing the most significant weaknesses that we identified Ė namely, watch list errors and omissions, deficiencies in the management of the call center, and the immaturity of its information technology environment. A strategic plan would also help the TSC identify which improvements are most critical.

In addition, the TSC Director informed us that because the organization is relatively new, it has not yet established a formal procedure for evaluating the effectiveness of its performance. This kind of self-evaluation is important for ensuring that weaknesses are identified and corrected.

Continuity of Operations Planning

The TSC recently developed a Continuity of Operations Plan, Emergency Action Plan, and Disaster Recovery Plan. Because we did not receive any of these plans until after we had concluded our audit field work, we were unable to assess whether they had been effectively implemented. We were also unable to examine whether the TSC had tested equipment, trained employees, and performed exercises in accordance with the applicable plans.

Based on our reading of the plans, however, we have significant concerns that certain logistical and functional obstacles to successful continuity of operations have not been addressed, including access to the consolidated database at the TSCís back-up location, offsite storage of data, and the existence of alternative systems equipped to run the TSDB software and export the data to supporting agency databases. [SENSITIVE INFORMATION REDACTED]

Information Sharing

The creation of the TSC established a new approach to the sharing of terrorist watch list information. As a result, the TSC has initiated an outreach program that targets various federal agencies to inform them of the TSCís mission and determine what additional screening methods can be implemented. However, the TSC does not currently share information directly with the private sector. The DHS was charged with developing guidelines to accomplish this task, but as of March 2005, no guidelines had been developed.

OIG Conclusion and Recommendations

On December 1, 2003, the TSC began operating as the nationís centralized terrorist screening center, serving as the single point of contact for law enforcement authorities requesting assistance in the identification of individuals with possible ties to terrorism. The TSCís efforts in standing itself up within approximately 75 days of the Presidentís mandate, establishing a 24-hour call center, and implementing a consolidated terrorist watch list within 6 months of its start date is a significant achievement. However, as a new and growing organization, the TSC has experienced many challenges, including difficulties in pulling together fragmented terrorist watch list information, an immature IT environment, and a transitory work force. In an effort to establish the call center and consolidate terrorist watch lists, planning at the TSC has taken a back seat to daily operations.

Our audit found various areas of TSC operations needing improvement. The creation of the consolidated database, a phased approach that continues to evolve, has weaknesses that need to be addressed. Database controls and improved search capabilities are necessary to ensure that watch list data is safeguarded, database history is retained, and call screeners are able to readily identify within the TSDB individuals encountered. Procedures for verifying the completeness and accuracy of records within the TSC database need to be enhanced to ensure that records are included in a timely manner, all record information consolidated into the database is complete and accurate, and measures are taken to ensure any missing, conflicting or duplicate information is identified and resolved on a regular basis. Further, a lack of sufficient training, oversight, and general management of the call screeners has left the activities of the call center vulnerable to procedural errors, poor data entry, and untimely responses to callers.

To assist the TSC in improving its operations, we have provided 40 recommendations in the following areas: database improvements, data accuracy and completeness, call center management, operational planning, coordination between participating agencies, and staffing. The specific recommendations are detailed throughout the report.



Footnotes

  1. "Screening" refers to a process that may include, but is not limited to, government officials searching for available information on an individual in various databases. For example, a person may go through a screening process when: 1) applying for a visa, 2) attempting to enter the United States through a port of entry, 3) being stopped by a local law enforcement officer for a traffic violation, or 4) attempting to travel internationally on a commercial airline.

  2. Appendix I contains detailed information on the audit's objectives, scope, and methodology.

  3. Office of Homeland Security, National Strategy for Homeland Security (July 2002).

  4. Information Technology: Terrorist Watch Lists Should Be Consolidated to Promote Better Integration and Sharing, Government Accountability Office (GAO-03-322, April 2003).

  5. A complete listing of the acronyms used in this report is found in Appendix II.
  6. The Terrorist Threat Integration Center was established on May 1, 2003, to develop comprehensive threat assessments through the integration and analysis of terrorist information collected domestically and abroad by the U.S. government. On August 27, 2004, the President signed an Executive Order establishing the National Counterterrorism Center (NCTC), to which all functions and activities of the TTIC were transferred. Regardless of the time period being discussed, all future references to this organization in our report will use the acronym NCTC.
  7. Throughout this report, we refer to this operation as the "call" center. However, inquiries related to some activities, such as visa applications processed through the State Department, are handled through various modes of communication.
  8. Despite the TSDB 1B coming online, TSC officials had concerns about the completeness of the records in the TSDB 1B and decided to run the TSDB 1A and 1B in parallel until these concerns could be fully addressed. Our review did reveal significant differences in the number of records between TSDB 1A and 1B. This is discussed further in the report in Chapter 7.
  9. Our sample consisted of all records in the TSDB 1B database that were eligible for sharing with the FBIís VGTOF as of October 7, 2004. The VGTOF system is queried by most federal, state, and local law enforcement officers because it is part of the National Crime Information Center (NCIC). This universe of 109,849 records represented 53 percent of the total of 207,553 records in the TSDB 1B. We selected these records for review in consultation with TSC IT staff.
  10. Records for individuals categorized as a handling code 4 often do not have enough identifying information to categorize the individual at a higher handling code. In addition, individuals at a handling code 4 level could be associates of a suspected terrorist and therefore may not pose a direct terrorist threat.
  11. The "Other" handling codes refer to one record in the subset of 109,849 records that was transferred to the TSDB 1B from the TIPOFF database with a non-existent handling code (handling code 5). The TSC informed us that this record has been corrected. The remaining 2,990 records [SENSITIVE INFORMATION REDACTED].
  12. Although other agencies cannot connect directly to the TSDB, the TSC exports records within its consolidated database to all supporting agency databases eligible to receive the data.
  13. This diagram depicts the general process for call screening. There can be variances based on the type of encounter, such as a border inquiry that would require the border patrol agent to first call the Department of Homeland Securityís call center (the National Targeting Center), which in turn would contact the TSC.
  14. The State Departmentís visa application review activities represent, in general, a process that existed prior to the creation of the TSC and continues to be conducted by DOS personnel. Our review of TSC activities focused on domestic and border processes and encounters.
  15. Where possible, we reviewed both the TSDB 1A and TSDB 1B because, at the time of our testing, both databases were in use at the TSC.
  16. TSC managers stressed that the TSDB 1A consolidation effort included all records from all sources with known duplications and inconsistencies. According to them, the purpose was to consolidate the data while attempting to ensure that no name was left off the list. The TSC created the TSDB 1B, in part, to address the problem of flawed and duplicative data, which is why TSDB 1B includes some of the records from TSDB 1A but not all.
  17. We did not perform similar tests for duplication in the TSDB 1A because TSC officials explained that 1A was developed by a contractor whose contract had already ended. No one at the TSC had knowledge of the database structure in order to perform our requested queries, and contractors engaged in other major TSC developments would have needed to expend significant time to learn the database structure.



Previous Page Back to Table of Contents Next Page