January 16, 2007

The Honorable Glenn A. Fine
Office of the Inspector General
United States Department of Justice
Room 4322
950 Pennsylvania Avenue, N.W.
Washington, D.C. 20530

SUBJECT: RESPONSE TO OIG REPORT ON TERRORISM STATISTICS

Dear Mr. Fine:

This letter is submitted by the Federal Bureau of Investigation (FBI) in response to the audit report by the Office of Inspector General (OIG) entitled, The Department of Justice's Internal Controls over Terrorism Reporting (hereinafter the Report).

The FBI appreciates the opportunity to comment and agrees fully with OIG that the FBI must collect and maintain accurate statistics on the important national security work being done at FBI Headquarters (FBIHQ) and in our Field Offices and Legats around the globe. Before we address the specific points raised in the Report, we offer some general comments applicable to all ten statistics reviewed by OIG.

First, since the period examined by the Report, the FBI has modified and improved substantially the systems and internal controls related to terrorism reporting. Please bear in mind that following September 11, 2001, the FBI underwent a substantial reorganization and restructuring, and many of the apparent weaknesses in statistical reporting discussed in the Report occurred during, and were an outgrowth of, that reorganization and restructuring. The backbone of the FBI's statistical reporting system is the case management and supporting information technology systems. As you are aware, these systems as a whole are being upgraded as part of our Sentinel project and were not originally designed to capture and report on the enhanced requirements developed as part of the FBI's reorganization and restructuring after September 11, 2001. The FBI recognized this challenge in 2002 and began a concentrated effort to build supporting systems that capture and report on the organization's upgraded intelligence mission and to embed additional internal controls. The FBI has made significant progress in the development and implementation of these systems.

Also since the time period examined by the Report, the FBI has made significant strides in the development of a new central management information system known as COMPASS. COMPASS accumulates statistical accomplishments from various stand alone systems and presents the information in a unified format and is available to all senior managers at FBIHQ and our Field Offices. COMPASS is one illustration of the FBI's commitment to improve and share statistical reporting with our senior managers. The bulk of the information captured in COMPASS is used internally to identify trends and evaluate progress against our defined strategic objectives. Over the past 12 months extensive efforts have been made to redefine performance metrics that illustrate the FBI's achievements against strategic outcomes.

Many of the performance metrics currently under development will require new information collection systems and this OIG report reinforces the need to clearly define policy and process for the collection, verification and reporting of metrics.

1. (U) Number of Terrorism Related Convictions

In reviewing the FBI's calculation of terrorism-related convictions in FY 2004, the Report states that the convictions are overstated because the FBI initially coded the investigative cases as terrorism-related when the cases were opened, but did not recode cases based on the actual conviction that resulted from the investigation. While we agree that a case must have a terrorism nexus to be properly coded as terrorism-related, we do not agree that it must result in a charge or conviction for a terrorism offense. To require the ultimate charge to be a terrorism offense and to be coded as such would be at odds with the FBI's post 9/11 mission to prevent, disrupt, and defeat terrorist operations before they occur. In pursuit of this mission the FBI's counterterrorism strategy focuses resources at the detection, penetration and dismantlement of terrorist enterprises. The law enforcement and intelligence communities recognize that operatives of terror networks are often involved in precursor crimes such as illegal immigration, passport and identity forgery, financial fraud and robbery to facilitate the movement of people, fund operations, and procure weapons and explosives. The need to pursue criminal activity by terrorists to fund their operations also provides the opportunity for detection and disruption of planned attacks. Law enforcement officials with expertise on counterterrorism are in the best position to pursue these precursor crimes and link them potentially to a terror financing operation. Today, the Joint Terrorism Task Forces (JTTFs) represent those law enforcement and intelligence officials with the expertise to pursue these types of investigations.

The FBI has created over 100 JTTFs across the country, including at least one in each of the FBI's 56 field offices. The JTTFs, which consist of FBI Special Agents, other federal agents, and state and local law enforcement officers, have a two-fold mission: (1) to prevent terrorist attacks before they occur and (2) to mount an immediate investigative response when an act of terrorism has occurred. In order to prevent terrorist attacks from occurring, the JTTFs aggressively investigate and prosecute individuals and groups who may pose a threat to U.S. persons and interests. For a variety of reasons, often these prosecutions do not yield convictions on terrorism offenses. However, this does not mean that the efforts of the JTTFs are not terrorism-related. In each case, the FBI's management team must evaluate the value of successful intelligence collection designed to detect, penetrate and dismantle terror networks before they act. This evaluation often leads to a law enforcement action to pursue, for instance, a false statement or immigration charge as the best way quickly to disrupt a potential terrorist plot and resolve a properly predicated terrorism investigation. In other cases, the intelligence cost in presenting all known evidence against an individual outweighs the benefit of pursuing terrorism offenses. In either circumstance, the efforts of the JTTFs are by their nature terrorism related, and for this reason, the FBI disagrees with the OIG's suggestion that the FBI should recode investigations that the JTTFs handle based on the type of criminal charges ultimately filed at the conclusion of the case.

The OIG Investigative Sample

The OIG shared with the FBI its audit sample in regards to the classification of terrorism convictions. It is important to note that the entire sample involves cases classified by the FBI as domestic terrorism investigations. Indeed, there were no international terrorism investigations within the sample pool.

The sample pool of 206 convictions involved the work of seven FBI field offices. Within the sample pool, the Report identified 65 convictions that could not be supported as terrorism-related. Within this sample, 23 of the 65 convictions challenged by the OIG represent the outcome of 12 investigations into Fraud and Related Activity involving Passports, VISAs and Identity Documents. These investigations did involve individuals and groups involved in the trafficking of fraudulent documents. Upon review, these investigations did not have a direct tie to known domestic terrorism groups, although the follow-on prosecutions did focus on violations of the False Identification Crime Control Act of 1982. This error appears to have been caused by a lack of understanding and clear program guidance on the pursuit of violations involving the False Identification Crime Control Act of 1982. The FBI has provided greater oversight to its field offices involving all domestic terrorism investigations and has strengthened controls over the classification of these investigations.

Of the 65 convictions challenged by the OIG, 33 convictions involve five investigations of criminal activity associated with domestic terrorism. One of the investigations involved a group of self-proclaimed white supremacists. The investigation focused on fully identifying and disrupting the members of this organization whose declared mission was to train and prepare for future violent race conflicts. This investigation led to the successful prosecution of 29 members and the disruption of this organization. Each of these white-supremacist gang members was prosecuted for illegal narcotics distribution. The remainder of the sample pool included one investigation predicated on letters sent to a Federal District Court Judge stating the letters were contaminated with Anthrax and a second investigation was predicated on a report of missing vials of Yersinia Pestis bacteria. Both investigations led to prosecutions of individuals who fabricated a threat to the public. The FBI does not agree that the results of these domestic terrorism investigations should be reclassified because a terrorism charge was not used by the prosecutors. The seven remaining prosecutions challenged involve duplications and appear to be clerical errors.

In 2004 and 2005, the FBI's Counterterrorism Division provided field offices with additional policy guidance on the investigations of matters within the Domestic Terrorism Program. Today fraud cases involving passports, VISAs and identification documents would not be pursued within the Domestic Terrorism Program without predication involving a domestic terrorist connection. In the past year, FBIHQ has initiated case file reviews involving the Domestic Terrorism investigative portfolio to ensure compliance with policy. This additional oversight of domestic terrorism criminal investigations provides improved internal controls to ensure proper predication and greater collaboration on the timely and successful resolution of these cases. In the future greater effort will be made to differentiate between International and Domestic Terrorism statistics.

Internal Controls over Case Initiations

Examination of the detailed process for initiation of a counterterrorism investigation further demonstrates the internal controls exercised by the FBI to properly classify as terrorism-related all convictions obtained through the investigative efforts of JTTFs. The FBI has an established process for the initiation of counterterrorism operations. This process conforms as appropriate to the Attorney General's Guidelines for National Security Investigations and the Attorney General's Guidelines for Criminal Investigations.

The FBI's Case Initiation Process

Upon receipt of information that points to an allegation or suspicion that an individual or group potentially is involved in activity in support or execution of a terror plot, Special Agents, Task Force Personnel, Intelligence Analysts and/or professional support personnel, and a Field Supervisory Special Agent review the information in order to conduct a threat assessment and to determine whether to initiate an investigation. Often, the Special Agent in Charge or the Assistant Special Agent in Charge in the Field Office will review these new case initiations for compliance with FBI standards and situational awareness requirements.

Headquarters Approval

Within 10 days of initiating the investigation, the field office must transmit a summary of the predication to FBIHQ for review by substantive investigative supervisors.

If these supervisors determine that a terrorism nexus does not exist, FBIHQ will advise the field office to reclassify the investigation and to move the case to a more appropriate investigative team. Once FBIHQ agrees that the information properly warrants a terrorism investigation, the JTTF conducts its investigation with the primary purpose being to detect, penetrate, and disrupt terrorist networks and enterprise efforts. At the time that FBIHQ concurs with the appropriate predication of each investigation the opening communication is transmitted to the Department of Justice for review. After evaluating the totality of the investigative findings, the FBI will pursue criminal charges as appropriate. Regardless of the nature of the criminal charges, given the mission of the JTTFs and the requirement of a terrorism nexus to JTTF investigations, the FBI correctly classifies as terrorism-related any conviction that results from an appropriately predicated counterterrorism investigation and the work of counterterrorism agents.

Enhanced Controls

In an effort to enhance the internal controls and improve centralized management of investigations, the Counterterrorism Division last year implemented a case review process. This process involves an FBIHQ review of each pending investigation every 90 to 120 days. This review looks at investigative findings and facilitates a discussion with each field office on their investigative plan and effort to mitigate any potential threat to national security.

2. (U) Intelligence Information Reports

The OIG Report next examined the tracking of Intelligence Information Reports (IIRs) issued by the FBI in FY 2003 and FY 2004. IIRs represent an intelligence report in the form of an electronic teletype message that provides for timely dissemination of unevaluated, raw intelligence within the US intelligence and federal law enforcement communities. The FBI believes that the statistics reviewed by the IG demonstrate that adequate internal controls existed in FY 2003 and 2004. Specifically, OIG determined that the FBI reported issuing 1,731 IIRs in FY 2003, while the OIG found support for 1,638. Thus, according to the Report, the FBI overstated by 93, or 5.7%. For FY 2004, the OIG indicates that the FBI reported issuing 2,622 IIRs, with support found by the OIG for 2,679, yielding an underreporting of 57, or 2.1%. Viewed together, the FBI reported issuing 4,353 IIRs in FY 2003 and FY 2004, while the OIG found support for 4,317, an overstatement of 36, or less than 1%. More importantly, however, the FBI's system for tracking the number of IIRs issued has improved since FY 2004.

Prior to September 11, 2001, the FBI's Counterterrorism Program had produced very few IIRs, and there was no formal process for the collection and dissemination of IIRs prepared by FBI field offices. Beginning in 2002, the FBI began to create an embedded intelligence process across all investigative programs. This restructuring was advanced with the creation of the Directorate of Intelligence in February 2005, as part of the FBI's National Security Branch. The mission of the Directorate of Intelligence is to embed the intelligence cycle within the FBI and to create the supporting infrastructure necessary to successfully execute the intelligence mission.

Since FY 2004, the last period that the OIG examined, the FBI has instituted a system for more accurately measuring and recording IIR dissemination. Since the period examined by the Report, the FBI has created the Intelligence Report Disseminations System (FIDS), an automated tracking system that electronically connects all FBI Field Offices and FBIHQ. FIDS transmits IIR documents between the participants in the IIR process and allows them to track the progress of IIRs. FIDS became operational on November 15, 2004, which is beyond the period under review by the OIG. Additionally, in 2006, the FBI developed an accurate, viable performance measure which counts IIR dissemination by its messaging system. This metric was not in use in FY 2004, but now reports on a monthly basis IIR dissemination by investigative program, including the Counterterrorism Program. This metric is now used by the FBI to report IIR statistics to external authorities for all program areas, and supersedes the "number of IIRs issued" data reported by individual programs. Accordingly, although the FBI believes that review of the statistics for FY 2003 and FY 2004 indicates that certain controls existed to track the number of IIRs disseminated, the FBI has improved considerably its systems of internal controls in this area, demonstrating the FBI's commitment to the accurate reporting of statistical accomplishments.

3. (U) Intelligence Assessments

The OIG's analysis of Intelligence Assessments (IAs) focused on those issued during FY 2004. At that time, each investigative division was responsible for tracking production of its own Intelligence Assessments (IAs). Since late 2006, the Directorate of Intelligence has assumed responsibility for tracking the approved production of IAs. The Directorate of Intelligence has a dedicated unit, the Strategic Analysis and Production Unit (SAPU), which acts as a focal point for collection of statistics on IA production, as opposed to allowing individual divisions to define production across multiple elements. We therefore believe that the FBI has now implemented a system that improves our internal controls and consistently and accurately tracks IAs produced.

4. (U) Intelligence Bulletins

The OIG's analysis of Intelligence Bulletins focused on those issued in FY 2004. As indicated in the Report, the FBI changed the formal Standard Operating Procedures in June of 2004 (the Report indicates that changes occurred in 2006). As a result of these new procedures, on August 6, 2004, the FBI began publishing in the header of each new Intelligence Bulletin the sequentially issued number for each publication. As of December 26, 2006, the FBI had issued 232 Intelligence Bulletins. The FBI believes that the new procedures have strengthened the internal controls used to track the number of Intelligence Bulletins issued by the FBI and has eliminated the problems that existed in FY 2004.

5. (U) Intelligence Products Produced/Disseminated

The FBI's FY 2004 statistic providing the number of intelligence products produced/disseminated to the United States Intelligence Community (and appropriate federal agencies) involved several errors on our part. This statistical measure was poorly worded and led to confusion about what it was actually intended to measure and report. For this reason, this was the only time the measure was used. The FBI has not repeated its use in subsequent years. We recognize that we did not develop a clear, well-defined metric to capture what was initially intended to be reported. In the future, our new reporting systems and closer oversight will help prevent such errors from reoccurring.

6. (U) Terrorist Threats

The Report also examined the FBI's tracking of the number of terrorist threats received in FY 2003 and FY 2004. The FBI acknowledges that its internal controls were not optimal during this period. While the Report indicated that since September 2004, the FBI has utilized the Guardian Threat Management System (Guardian) to track terror threats, the Report does not capture the full extent of the FBI's improved threat tracking capabilities since September 11.

Before 9/11, no central collection system for threats existed within the FBI. After 9/11, Director Mueller established a policy requiring an FBI response to all terrorism threats and mandating that the FBI pursue each threat to a logical conclusion. Concurrently, the Director also created CT Watch within the Counterterrorism Division to serve as a situational awareness center with an operational capacity to oversee the resolution of threats. During 2002, FBIHQ learned of threats through (1) field office reporting in the form of an Urgent Report to FBIHQ, (2) less formal communications between field offices and FBIHQ, and (3) threat reporting supplied by the Intelligence Community. The FBI recognized that this process, which represented only the most significant threats and suspicious activity as evaluated by FBI field office management, was inadequate. Thus, during 2003, the Counterterrorism Division began a concentrated effort to establish a centralized reporting system to capture potential terrorism threats and suspicious activity. This culminated in the release of the Guardian System in July 2004.

With Guardian, the FBI has mandated all field offices to enter threats and suspicious activity in a near-real time manner. In addition to collecting threat and suspicious activity reporting, Guardian also serves as a repository for the investigative steps and investigative results achieved by each field office. The FBI deployed an improved version of Guardian (version 2.0) in the fall of 2006, and it serves as a continuation of a centralized threat management system with enhanced metrics and tracking capabilities. Since July 2004, the FBI has captured over 80,000 threats and suspicious activities reports in Guardian and Guardian 2.0. Moreover, the FBI has created the Threat Resolution Unit within the National Threat Center Section, whose sole mission is the review and oversight of efforts to collect and resolve counterterrorism threats. Thus, the FBI's system for tracking terrorist threats has improved markedly since FY 2004, which is the last period that the OIG reviewed.

7. (U) Terrorist Threats to Transportation and Facilities and 8. (U)
Terrorist Threats to People and Cities

As with Category 6, Terrorist Threats, the FBI acknowledges that its internal controls regarding the tracking of threats to transportation and facilities as well as to people and cities were not optimal during the period that OIG reviewed. However, the development and implementation of Guardian and Guardian 2.0, which occurred after FY 2004, provides significant internal controls, and demonstrates the FBI's commitment to maintaining accurate records and statistics. The Guardian 2.0 application provides additional guidance on the categorization of threats and the field office selections are review by FBIHQ daily.

9. (U) Counterterrorism Threat Assessments

The OIG's analysis identified a clerical error that resulted in the overstatement of 12 Threat Assessments in FY 2004. Threat assessments actually produced in 2003 were included by mistake in the statistics for FY 2004.

10. (U) Presidential Terrorist Threat Reports

The OIG's analysis identified a clerical error involving the reporting of Presidential Terrorist Threat Reports in FY 2004. This statistic appears to have involved the reporting of calendar year figures rather than fiscal year figures. As part of the evolution of the national intelligence reporting process, Presidential Terrorist Threat Reports are now produced as a community product by the National Counterterrorism Center and are now labeled as National Terrorism Bulletins.

Recommendations

All of the OIG's recommendations below outline important and necessary controls for the accurate reporting of terrorism statistics. Indeed, the FBI believes that the steps taken since 9/11, as outlined above, reflect our agreement with and adoption of most of the IG's recommendations. As described above, as part of the FBI's substantial reorganization and restructuring after September 11, 2001, the FBI has made improvements to its statistical reporting systems, specifically the case management and supporting information technology programs. Thus, the FBI believes that its internal controls over terrorism statistics today are much improved over the controls that existed in FY 2003 and FY 2004, the period on which the OIG Report focused. With that in mind, the FBI responds to the recommendations below as follows:

1. Establish and document internal control procedures for gathering, verifying, and reporting terrorism-related statistics.

Although the FBI agrees with the OIG on the importance of internal controls, a portion of the OIG Report concerns the definition of a terrorism-related conviction. As discussed above, the FBI believes that its current system of classifying as terrorism-related all convictions that arise from investigations that have a terrorism nexus is appropriate. There were isolated exceptions noted by the OIG involving investigations of passport, VISA and identification fraud originally captured within the Domestic Terrorism Program. Improved oversight at FBIHQ and enhanced policy guidance have strengthened the internal controls and will limit these instances in the future.

The FBI has established and documented internal control procedures for gathering, verifying, and reporting terrorism-related statistics. In the development and improvement of our information systems we will continue to ensure that audit functions exist and that statistical reporting will provide adequate details for review and analysis.

2. Maintain documentation to identify the source of all terrorism-related statistics reported in official operational documents such as budget requests, performance plans, statistical reports, and others.

The FBI will establish a process of maintaining supporting documentation identifying the original source of terrorism-related statistics. The Counterterrorism Division and the Finance Divisions will work together to establish a formal process to maintain supporting documentation and establish appropriate record retention policy.

3. Maintain documentation of the procedures any systems used to gather or track the statistics reported.

As noted in the response above the Counterterrorism and Finance Divisions will establish a process to maintain the supporting documentation which will provide an audit trail on the systems utilized and any unique procedures followed to accumulate the data.

4. Maintain documentation of the methodologies and procedures used to verify the accuracy of the statistics reported.

The FBI documentation of the methodologies and procedures used to verify statistical accuracy rests with the entities that have program oversight of the systems that capture the data. Much of the process for reviewing statistical accuracy centers on the trend analysis conducted in the field and at FBIHQ which identifies anomalies for further review. The FBI will continue this process. One of the internal controls exercised by the FBI involves the formal Inspection Process which conducts tests of transactions to include statistical reporting. In the past the Inspection Division has identified shortcomings by entities reporting statistical accomplishments.

5. Ensure that terrorism-related statistics are not reported unless evidence is maintained to support the statistics.

This is a basic premise of statistical reporting, with which the FBI fully agrees. Consistent with the improved controls as described above, the FBI will not report statistics which can not be supported.

Sincerely,

Willie T. Hulon
Executive Assistant Director
National Security Branch

MEMORANDUM

DATE:	January 17, 2007
TO:	Guy K. Zimmerman Assistant Inspector General for Audit
FROM:	Michael A. Battle Director Executive Office for United States Attorneys
SUBJECT:	Response to OIG Report on Terrorism Statistics

This memorandum is submitted by the Executive Office for United States Attorneys (EOUSA) in response to the audit report by the Office of Inspector General (OIG) entitled, "The Department of Justice’s Internal Controls over Terrorism Reporting."

EOUSA appreciates the effort that the OIG put into this review and the courtesies extended by the OIG staff during the course of the review. We acknowledge that the report has raised important issues regarding what constitutes an "anti–terrorism case." EOUSA respectfully objects, however, to the report’s general depiction of EOUSA’s terrorism statistics as "inaccurate" or "unsupported." OIG’s findings rest largely on its new interpretation of EOUSA’s anti–terrorism coding definition, not on a finding that data were carelessly or perfunctorily recorded. Apart from the definitional issue, EOUSA also has concerns about the methodology of the report and some of the factual assertions arising therefrom.

EOUSA fully agrees with OIG that EOUSA must provide the clearest possible statistical picture of the important terrorism and anti–terrorism work being done by the United States Attorneys’ Offices around the country. Toward that end, EOUSA will rename its anti–terrorism program category code, and will modify and clarify its definition, in order to eliminate any misunderstanding regarding its meaning.¹ In addition, EOUSA will review its internal controls in order to determine what improvements can be made.

OIG’s Finding That EOUSA’s Statistics Are "Inaccurate" or "Unsupported" Is Based Primarily on OIG’s New Interpretation of the Anti–Terrorism Program Category Code.

OIG interprets EOUSA’s anti–terrorism program category code to require that defendants in anti–terrorism cases have an identifiable link to terrorist activity.² Neither EOUSA nor the United States Attorneys’ Offices, the primary drafters and users of the anti–terrorism coding definition, have ever required such a link.

OIG’s interpretation would essentially limit the anti–terrorism program code to cases charging non–terrorism crimes against defendants who have an identifiable link to terrorist activity. Such cases are currently included within the anti–terrorism case definition. But the definition was intended to capture a much broader group of proactive cases that have been affirmatively and intentionally brought to deter and prevent terrorism, particularly in areas of critical infrastructure vulnerability, regardless of whether the defendant has any links to terrorist activity.

OIG’s interpretation is simply that – its interpretation. It is not the interpretation that the drafters intended or the users of the anti–terrorism code have employed.³

More importantly, however, OIG seems not to grasp the fundamental purpose of an anti–terrorism case or the need for such a code. A properly coded anti–terrorism case is brought specifically to deter potential terrorism, particularly in areas of critical infrastructure vulnerability. The fact that the defendants who are ultimately prosecuted may not have ties to terrorist activity is irrelevant to the coding of the case. It is the deterrent effect of the prosecution on potential terrorists that justifies the anti–terrorism case label.

Following the September 11th attacks, it has become clear that airports, subway stations, and bus and train depots are vulnerable to terrorist activity. Other infrastructure weaknesses include an insufficiently secure visa and passport documentation system that has allowed easy access to this country by fraudulent means. Cases that are specifically brought in order to deter potential terrorist activity in these and other areas are properly coded as anti–terrorism, even if the defendant is not a terrorist or linked to terrorist activity.

Operation Tarmac, discussed on page 39 of the OIG report, is a good example of the type of initiative that should properly be coded as anti–terrorism. Operation Tarmac was an affirmative, national initiative in which the FBI and other investigative agencies reviewed employment documentation and alienage status of airport employees at regional airports across the country. Most criminal cases resulting from Operation Tarmac and other similar initiatives have resulted in prosecutions for immigration violations and identity theft, and the vast majority of these defendants had no ties to terrorist activity. Yet hundreds of these cases were brought around the country specifically to deter potential terrorists from infiltrating regional airports.

OIG’s exclusion of Operation–Tarmac–type cases from EOUSA’s anti–terrorism code takes no account of their valuable deterrent effect. This exclusion is particularly ironic because in January 2003, the GAO issued a report—GAO–03–266—that reviewed EOUSA’s terrorism statistics and confirmed that Operation–Tarmac–type cases were properly coded as anti–terrorism cases. In its report, the GAO criticized EOUSA for having too many cases coded as outright terrorism when they should be coded as anti–terrorism cases because they "did not result in terrorism–related convictions." GAO Report, 03–266, at 13. The report then stated:

EOUSA policy guidance described antiterrorism conviction cases as those resulting from efforts on the part of DOJ to prevent or disrupt a potential or actual terrorist threat even where the offense is not obviously a federal crime of terrorism that would be coded under one of EOUSA’s terrorism–related classification codes. For example, the conviction of a defendant arrested and subsequently convicted for identity fraud during a sweep of an airport, as part of a DOJ effort to prevent or disrupt terrorist activity, would be counted as an antiterrorism conviction.

GAO Report, 03–266, page 13, note 19. Italics added.

Thus, when it had the opportunity as part of its review, GAO chose to confirm, rather than dispute, EOUSA’s interpretation of its anti–terrorism code. OIG’s interpretation of the anti–terrorism code therefore differs not only from EOUSA’s and that of the USAOs, but with the GAO’s interpretation as well.

Notwithstanding, in an effort to ensure greater clarity about the purpose and scope of the anti–terrorism category code, EOUSA shall rename the code and will, after a prompt but thorough internal discussion of the issue, modify the definition to make it more transparent.

OIG deems EOUSA’s statistics "inaccurate" in large measure because they exclude Operation Tarmac cases, and cases from similar initiatives around the country, from the anti–terrorism definition. If such cases were included in OIG’s interpretation, EOUSA expects that its statistics would otherwise be deemed substantially accurate. EOUSA’s follow–up work in response to OIG’s initial draft confirms this.

Upon receipt of OIG’s initial draft of this report, EOUSA asked for and received, in August 2006, a list of all cases that OIG considered inaccurate or unsupported. In the three weeks that OIG allotted for this follow–up effort, EOUSA went back to the eight USAOs from which the cases originated and asked them to identify whether any of those cases, (1) were referred by the JTTF; (2) were undertaken as part of an affirmative, proactive operation or initiative, consistent with a pre–existing, planned strategy in the district to deter or prevent terrorism; or (3) had defendants who had classified links to terrorist activity.

EOUSA inquired about these three criteria because if any of them exist, EOUSA would consider the case to be properly coded as an anti–terrorism case. First, a case brought by FBI’s Joint Terrorism Task Force, regardless of whether the defendant has verifiable links to terrorist activity, is going to be, by definition, part of a proactive effort to prevent terrorism because that is what the JTTF does.⁴ Second, even if the JTTF is not involved, but the case is legitimately part of a national or district–wide, pre–existing strategy to prevent terrorism, the case should be coded as an anti–terrorism case. Third, because the OIG had said it did not plan to review any classified information, EOUSA wanted to be sure that any such classified links were at least identified.

The results showed that overall, 81 percent of the cases that OIG considered unsupported or inaccurate met at least one of these three criteria. Once these cases are considered to be accurately coded, even assuming that all the remaining cases are inaccurately coded, then the overall number of supported cases for most statistics would be well over 90 percent, a level that OIG considers to be within normal statistical limits.

EOUSA’s analysis covered not only the cases that were coded as anti–terrorism, but the majority of "terrorism–related" cases found in statistic number 3 as well. The "terrorism–related" cases in statistic 3 are comprised of a majority of anti–terrorism cases as well as a smaller number of terrorism hoaxes and terrorism financing cases, each of which have their own separate program category code.⁵

Finally, the OIG report expresses concern that EOUSA’s definition of its anti–terrorism code would "permit[] criminal cases arising from virtually any federal law enforcement effort, including immigration violations or border enforcement activities, to be categorized as anti–terrorism regardless of the actual circumstances." Report at xiii; see also Report at 38–39. OIG’s fear is unfounded. First, this has not occurred and the OIG report does not show or purport to show that such a thing has occurred. Indeed, in FY 2002, the year the anti–terrorism code was introduced, immigration case filings totaled 13,676. The very next year, FY 2003, immigration case filings jumped to 16,621, a 21 percent increase. Last year, in FY 2006, immigration filings were up to 17,686. Thus, immigration case filings have not been converted into anti–terrorism cases, but have continued to be coded separately.

Second, EOUSA has previously made clear to the OIG in writing its position that "a properly coded anti–terrorism case [must] be part of a proactive initiative or operation that is driven by a pre–existing strategy or goal which is reasonably designed to prevent or disrupt terrorism. Reactive, or arrest–generated cases in such areas as immigration or document fraud are not generally going to be coded as anti–terrorism cases." EOUSA Memo to OIG, September 2006, at 7–8. Thus, a typical border/immigration case, that is, a reactive, arrest generated case arising from the arrest of an illegal alien who has illegally entered or re–entered the country, has not been and will not be, without more, coded as an anti–terrorism case. Rather, a case arising from a planned investigative effort designed specifically to deter potential terrorist activity at areas of critical infrastructure vulnerability would be coded as anti–terrorism, even if the resulting cases were brought against defendants who did not have links to terrorist activity.⁶

Methodology Concerns

EOUSA found certain aspects of the methodology used in the OIG review to be inscrutable. First, regardless of the definitional issue discussed above, we believe that the OIG report is inaccurate, or at best misleading, when it states that "EOUSA and the USAOs could not accurately support the 11 EOUSA and USAO statistics we reviewed." Report at ix. By the Report’s own admission, that is untrue. The chart on pages x and xi show that, for three of the eleven statistics (#5, 6, and 7), and four of the nineteen subcategories (adding #1.a.), the "number supported"exceeded the number reported. In other words, EOUSA was under–reporting. Under–reporting does not mean that the statistics were "not accurately supported." There was, in fact, support for each statistic reported. Thus, even apart from the pivotal issue of the proper interpretation of the anti–terrorism definition, at a minimum, only eight of EOUSA’s eleven statistics should be portrayed as "unsupported."

Second, as described above, the primary issue in the report turns on OIG’s new interpretation that the defendant in an anti–terrorism case must have a link to terrorist activity in order for the case to be properly coded. Yet nowhere does the report identify the criteria by which OIG judges whether such a link to terrorism exists. The report appears to be based on OIG’s subjective views as to whether an appropriate terrorism link exists.

The report states that OIG "looked for and accepted any evidence of a reasonable terrorism linkage." Report at 39; see also Report at xiii. Yet the report fails to accept that an investigation or case referred by the JTTF must, by definition, involve either terrorist activity or the prevention of terrorist activity. The JTTF’s mission is to prevent terrorist attacks before they occur and to investigate actual acts of terrorism. Indeed, the report concedes that the "JTTFs’ focus originate[s] in concerns regarding terrorism" (Report at xii). But why a case referral from the JTTF is not by itself sufficient to code a matter or case as anti–terrorism is never explained.

The report also notes that it sought to "test the extent to which JTTF–referred cases consistently had a link to terrorism" by requesting additional documentation on 21 JTTF–referred cases. Report at 38. OIG determined that 13 of the 21 sample cases did not have an appropriate link to terrorism, but the basis on which this judgment was made was not identified.

Third, OIG reports that for a small percentage of cases in statistics 1, 2, 3, 4, 8, 9, and 10, the USAOs either erroneously reported certain statistical measures or "could not provide documentation" to support the reported data. But OIG did not discuss or share with EOUSA the actual case documentation it received from the USAOs that OIG used to support such findings. Thus, these findings are not subject to transparent review.

For instance, the report asserts in statistic number 1 that "either [certain] cases were not filed in the year reported or the USAOs could not provide documentation to show the cases were filed in the year reported." Report at 46. The report does not identify which basis is relied upon for which case, and EOUSA is not confident that either assertion is factually accurate. On one hand, the assertion implies that the USAOs did not have a copy of the charging document in every case examined. But to the extent OIG did not obtain a copy of the charging document for each case, we believe such a failure must result from a lack of communication with the USAOs, not because the USAOs do not have a copy of this most critical, public document, which is necessary for any prosecution to go forward.

On the other hand, to the extent that OIG compared the "case date" field in LIONS with original documents evidencing the actual date that a charging instrument was filed in court, it would not be uncommon for the two dates to differ, and that difference should not be used to assert that a case or data entry was inaccurate or unsupported. This is because the LIONS "case date" field shows when the data was entered into the LIONS database, i.e., the date that the docketer literally sat down at the computer and entered the data. A separate data field shows the actual date that the indictment or other charging instrument was filed in court. We are unaware if OIG was aware of this difference, and we are unaware of any discrepancy between the true date the case was filed in court and such data in LIONS.⁷

Similarly, we note that there are appropriate and understandable differences in the LIONS data between the "disposition date" and the "sentencing date," but that it was not clear which date OIG used to compare against the actual date of the sentencing. In short, again, further communication between OIG and the USAOs or EOUSA, as well as a review by EOUSA of the actual case data that OIG relied upon, could have resolved these issues.

Finally, although much of EOUSA’s section of the report is comprised of narrative discussions of individual cases, OIG has never identified the particular cases that go with each narrative discussion. Thus, it is impossible to reply to the cited examples on a case–by–case basis.

Recommendations

All of OIG’s recommendations below outline important and necessary controls for the accurate reporting of terrorism statistics. However, EOUSA believes that it has been and is now in compliance with most of the recommendations. As described above, the thrust of OIG’s report as to EOUSA turns on the definition of the anti–terrorism code. It is not clear to EOUSA how tighter controls on reporting procedures would have changed the coding of the anti–terrorism statistics that OIG believes are miscoded. With that in mind, EOUSA responds to the recommendations below as follows:

1. Establish and document internal control procedures for gathering, verifying, and reporting terrorism–related statistics.

EOUSA agrees with this recommendation but believes that it is already complying with it. As noted in the report, United States Attorneys are already required to certify twice yearly that the LIONS data in their district is correct. There are a variety of tools available to ensure that the LIONS data is correct. Primary among them is the Unites States Attorneys ’ Procedure (USAP) 3–16.130.001, which was updated most recently in September, 2006. This USAP requires each United States Attorney to certify twice a year, on April 1 and October 1, that the LIONS data entered by that office is complete and accurate. The procedure applies to all USAO employees who have responsibilities for case coding and data entry, including docket personnel, system managers, secretaries and line attorneys and their supervisors. The procedures also include the "case certification by events" tool, the Alcatraz Case Certification report, the AUSA workload reports, and the Alternate District Reporting Method.⁸ Although OIG asserts that these controls are insufficient (Report at 36), it was not a failure of these controls that caused the vast majority of the anti–terrorism statistics to be miscoded. Rather, as discussed above, that was primarily caused by a difference of opinion over how to interpret the anti–terrorism code. EOUSA will, however, within the next three months review these controls to determine if there are improvements that can be made.

2. Maintain documentation to identify the source of all terrorism–related statistics reported in official operational documents such as budget requests, performance plans, statistical reports, and others.

EOUSA already currently maintains documentation to identify the source of terrorism–related statistics. Please see the response to recommendation one above.

3. Maintain documentation of the procedures and systems used to gather or track the statistics reported.

EOUSA already currently maintains documentation of the procedures used to gather or track statistics. Please see the response to recommendation one above.

4. Maintain documentation of the methodologies and procedures used to verify the accuracy of the statistics reported.

EOUSA already currently maintains documentation of the methodologies and procedures used to verify statistical accuracy. Please see the response to recommendation one above.

5. Ensure that terrorism–related statistics are not reported unless evidence is maintained to support the statistics.

This is a basic premise of any statistical reporting, and EOUSA fully agrees with it. Please see the response to recommendation one above.

6. Establish and implement procedures to recode transactions in the LIONS system when investigations that began as terrorism–related investigations do not link the case defendants to terrorist activity.

EOUSA agrees that if the basic character of a given case changes over the course of its investigation and/or prosecution, and if it would be inaccurate to report the case under the code it was originally reported under, then the case should be recoded. However, EOUSA does not see such situations arising very often. A defendant who once had links to terrorist activity will always have or have had those links. Also, EOUSA would need to receive from the USAOs a notice of change of code at some point prior to the close of the fiscal year in which the case was finally terminated, since at that point the statistical recording of the case is finalized.

The question is what to do with cases where the defendant never had links to terrorism. As indicated above, prior to this report, EOUSA and the USAOs were clear that such cases could properly be coded as anti–terrorism cases so long as the case was brought as part of a pre–existing operation, initiative or strategy legitimately intended to prevent terrorism in areas of infrastructure vulnerability, or was otherwise referred to the USAO by the JTTF. Given OIG’s concern, however, EOUSA will modify and clarify its anti–terrorism code to eliminate any confusion as to its meaning. Further, because certain anti–terrorism statistics are included in Department budget requests,⁹ EOUSA will work with all necessary Department components to ensure that any reporting of anti–terrorism statistics is labeled in as clear a manner as possible.

1. In renaming and modifying its anti-terrorism code, EOUSA does not plan to create a program code solely for those defendants who have links to terrorist activity, but who are investigated and/or charged with non-terrorism charges. EOUSA sees significant problems with a program code devoted solely to such cases and defendants.

2. Program category codes are used to label cases so that they can be sorted and compiled by EOUSA for statistical purposes. EOUSA collects data on all criminal cases investigated and charged by each of the 94 United States Attorneys’ Offices. Case data are entered from each individual United States Attorney’s Office and are sent to a centralized database at EOUSA known as LIONS (Legal Information Office Network System).

3. EOUSA introduced the anti–terrorism program category code in August 2002. The code, which was defined by EOUSA and the Criminal Division, was intended to create a label for those investigations and cases undertaken to disrupt or prevent terrorism, which was then and is now the Department’s highest priority. The definition is as follows:

   Any matter or case where the underlying purpose or object of the investigation is anti–terrorism related (domestic or international). This program category is meant to capture United States Attorney Office activity intended to prevent or disrupt potential or actual terrorist threats where the offense conduct is not obviously a federal crime of terrorism. To the extent evidence or information exists, in any form, reasonably relating the case to terrorism or the prevention of terrorism (domestic or international), the matter should be considered "anti–terrorism." For example, a case involving offenses such as immigration violations, document fraud, or drug trafficking, where the subject or target is reasonably linked to terrorist activity, should be considered an "anti–terrorism" matter or case. Similarly, a case of identity theft and document fraud where the defendant’s motivation is to obtain access to and damage sensitive government facilities should be considered "anti–terrorism." [Underline in original.]

   In drafting and employing the code, we have operated with the understanding that the definition includes cases that are brought to prevent and disrupt potential terrorist activity, whether or not the target or defendant is linked to terrorist activity. Given the emphasis (underlining) on the first sentence, it is fair to say that the focus of the coding decision is on the purpose of the investigation or case, not on the target or defendant. The definition nowhere states that a defendant must have links to terrorist activity.

   OIG’s interpretation focuses on the examples rather than the general rule. Although the examples do discuss the nature or motivation of the defendant, the examples are merely that, permissible examples. They do not supersede, in our view, the general rule stated in the first three sentences, particularly where the rule itself explicitly states that it is intended to capture conduct that is not obviously a federal crime of terrorism.

   Interestingly, the OIG report does state that "a case or defendant must have some identifiable link to terrorism to be categorized as an ‘anti–terrorism’ case." Report at 38, italics added. EOUSA could agree with that statement were it intended to include the deterrent purpose for which a case is brought. But it is clear that OIG did not accept cases "where the investigation showed that the subject or target had no link at all to terrorist activity," regardless of the deterrent purpose of the case. Report at 39, italics added.

4. There are more than 100 FBI Joint Terrorism Task Forces (JTTFs) across the nation, including at least one in each of the FBI’s 56 field offices. Sixty-five JTTFs were created after September 11, 2001. The JTTFs include FBI special agents, other federal agents, and state and local law enforcement officers. The JTTFs have a two-fold mission: to prevent terrorist attacks before they occur and to mount an immediate investigative response when an act of terrorism has occurred. The prevention phase involves collecting, analyzing, and utilizing intelligence gathered on groups or individuals whose presence may threaten U.S. persons or interests, to prevent a terrorist act from occurring.

5. The interpretation of the anti–terrorism definition does not affect statistic numbers 2 and 7, which relate only to terrorism convictions and terrorism trials, respectively. EOUSA agrees that the defendants in any terrorism–coded case must absolutely have an identifiable link to terrorist activity. Our review of the terrorism cases in statistic 2 showed that a number of these convictions were coded as terrorism cases when they could have been coded as anti–terrorism. We note, however, that the overstatement in statistic 2 is much less than it is for any of the other statistics, and is a deviation just over 10 %. For statistic number 7, terrorism trials occurring in FY 2001, we note that the total sample there was four terrorism trials, and there was a failure to report one of the four. Such an error is a simple one–time reporting error, resulting in an under–reported, not over–reported, statistic.

   Certain other anti–terrorism statistics that were generated in FY 2002, numbers 1a, 5, and 6, were also under–reported because, as explained in the OIG report, the anti–terrorism code was introduced one month prior to the close of the fiscal year, and despite EOUSA’s request to the USAOs to re–code cases by the close of the fiscal year, that effort took longer than one month and the updated responses could not be included in the year–end data that went into the Annual Report.

6. We note that the report mistakenly asserts on page 39 that an EOUSA official told OIG that "EOUSA could also properly code as anti–terrorism all cases arising from any illegal immigrants arrested crossing the southwest border into the United States, but have not done so." As discussed above, that is not, and never has been, EOUSA’s position. OIG apparently misunderstood the remark, which was intended to convey exactly the opposite of what OIG has reported.

7. In order to report data on an annual basis, EOUSA protocol requires that case data be cut off at the temporal close of the fiscal year. Data that is entered after the close of the fiscal year that relates to events that occurred in the previous fiscal year, such as the actual filing of charges in court, are not included as part of the previous fiscal year ’s data. This is the standard used in most annual data systems. Were it otherwise, there would be no finality to annual "year end" data. A USAO could always go back and change the previously compiled totals for a prior fiscal year. That is why the "case date" field is used when providing annual data.

8. USAOs are also provided with a 637 page LIONS User’s Manual that outlines in detail the appropriate ways to enter data into the LIONS system.

9. Statistics for the number of terrorism and anti–terrorism defendants charged, the number of terrorism and terrorism–related convictions obtained, and the number of terrorism and anti–terrorism defendants sentenced, have been included in recent Department budget requests since FY 2004.

JAN 16 2007

Glenn Fine
Inspector General
Department of Justice
Washington, DC 20530

Re: Response to the Office of the Inspector General’s Report on the Department of
Justice’s Internal Controls over Terrorism Reporting in Regard to Statistics
Maintained by the Criminal Division

Dear Mr. Fine:

Thank you for the opportunity to provide comments on the Office of the Inspector General (“OIG”) Report on the Department of Justice’s Internal Controls over Terrorism Reporting (“the Report”). We share your interest in ensuring that the Department accurately accounts and reports its investigations and casework related to terrorism and terrorist threats.

Here, we address only that portion of the Report that discusses statistics maintained by the Criminal Division.¹ We do not address issues or recommendations directed to the Executive Office of United States Attorneys or to the Federal Bureau of Investigation.

1. The Criminal Division Had Documentation To Support Its Reporting.

We agree with the Report’s conclusion (at 73) that “[t]he Criminal Division provided documentation to support that all the transactions tested were terrorism-related.” The chart on pages xv and 75 similarly shows that eight of nine reported subcategories of statistics were fully “[s]upported.” The Criminal Division provided supporting documentation that matched or, in some instances, exceeded the number of incidents reported. In other words, according to the Report, the Criminal Division either accurately stated or understated the number of terrorism-related defendants, cases, or matters in all but one subcategory (namely, 5.a.). For that one subcategory, the shortfall in documentation was “minor” according to the Report itself (page 81); the Criminal Division reported there were over 50 “material support to terrorism cases and matters participated in or coordinated as of 1-31-03,” but provided documentation for 49. As the chart reflects, all of the other statistics in that category – “material support to terrorism cases and matters” – were fully supported.

Given these facts, we respectfully disagree with the conclusions found elsewhere in the Report that the Criminal Division’s statistics were “unsupported.” For instance, on page v, the chart says that the number of Criminal Division statistics “[n]ot [s]upported” was “5 of 5.” That is directly contradicted, however, ten pages later in the Report on page xv, and again on page 75. The “total[]” number of “not supported” statistics (at iv and v) is also incorrect, as a result. Assuming that the Report’s characterization of the EOUSA and FBI statistics is correct, the total number of unsupported statistics among all three components is at most 19 of 26.

Likewise, in summarizing the Report’s conclusions, the OIG writes, “[i]n general, we found that the Department components... could not support... its terrorism-related statistics.” (at xvii). See also at 83 (“[T]he Department and its components could not support... terrorism-related statistics accurately.”) Although we understand the desire to generalize, we believe the Report’s attempt to do so creates a misimpression in this case because again, by the Report’s own admission, the Criminal Division fully supported its statistics in all but one of nine subcategories of statistics.

2. The Criminal Division Underreported Some of Its Terrorism-Related Statistics

We do not dispute the Report’s conclusion that the Criminal Division inaccurately understated six of the nine subcategories of reported statistics. (See pp. xv and 75). As noted above, there was a “minor” overstatement with respect to one subcategory (5.a.), and the remaining two subcategories were reported accurately (3.a. and 5.b.).

Although, as the Report recognizes, two of six understatements were only “minor” (at 76 and 82), we agree that improvements in the collection and reporting of statistics are needed to help prevent understatements in the future. The Report concluded that certain subcategories of statistics were understated “primarily because the database used to track the statistics was incomplete and not kept up-to-date” (at xv). That should not occur, and we fully agree that better internal controls and procedures are warranted. As discussed in greater detail below, we have already taken steps to institute these improvements.

Given the Report’s findings on understatements and the apparent cause for those understatements (namely, that the relevant database was not always updated when new terrorism matters arose), we respectfully, but emphatically, disagree with the Report’s conclusion (at xvii and 83) that the Division “could easily and unintentionally misreport in the opposite direction” to overstate terrorism statistics. That is not correct, and the Report provides no support for this troubling conclusion.

We do not believe, given our system, that the Division could unintentionally report a terrorism-related matter that had no basis in fact. Each matter is documented extensively. As we explained to the OIG audit team, the Counterterrorism Section coordinates extensively with the United States Attorneys’ Offices on terrorism-related matters, in accordance with a January 2005 directive from the Deputy Attorney General and as recently incorporated into the United States Attorney’s Manual. This coordination includes specific notification, consultation, and approval requirements that obligate the United States Attorneys’ Offices to apprise and discuss with the Counterterrorism Section specific actions and milestones with respect to terrorism investigations and prosecutions. For each approval requirement, the Counterterrorism Section prepares a written memorandum to the Office of the Assistant Attorney General that analyzes the requested action and provides a recommendation. Copies of these memoranda are maintained in the files of the Counterterrorism Section and serve as record of decisions and a source of information on terrorism matters. Much of this coordination is accomplished through the Anti-Terrorism Advisory Council Coordinators in each U.S. Attorney’s Office and their counterparts in the Counterterrorism Section, the National Anti-Terrorism Advisory Council Coordinator and the Regional Coordinators. These individuals form a nationwide network which provides, among other things, a mechanism for exchanging and transmitting information on terrorism cases and investigations. Through this network, the Counterterrorism Section obtains current reporting on a daily basis of significant litigation events in terrorism cases. This information is reported to Department officials and circulated back out to prosecutors in the field through a Daily Report, which serves as another repository of information that forms the basis for our terrorism statistics. In addition, for cases in which a Counterterrorism Section prosecutor is involved, a record is opened in the Criminal Division’s Automated Case Tracking System (ACTS), which serves as another data source. This is supplemented by more detailed case summaries maintained by the Counterterrorism Section which consist of more detailed case profiles on specific significant terrorism cases. The Counterterrorism Section also established procedures relative to the international terrorism and terrorism-related cases database when it assumed responsibility for this function from the Office of the Assistant Attorney General for the Criminal Division. These procedures are set forth in a Circular dated January 6, 2006, and revised on August 8, 2006, copies of which were supplied to the OIG.

Documentation of this kind must exist – and the Report found did exist – for each of the reported statistics. While it is true that there were particular terrorism-related matters that were documented but went unreported, it does not follow as a matter of logic or fact that the converse is therefore also true – that a terrorism-related matter could be reported unintentionally but neither exist nor have documentation. We urge the OIG to delete this unsupported finding.

We also take issue with the OIG’s conclusion (at 83) that “The extensive efforts required by the Criminal Division to reconstruct reported statistics demonstrates that the Division had no effective reporting system....” See also Report at xvii (“the Division had no accurate basis for its reported numbers”). While we concede that the reported statistics have not been maintained according to audit standards and the supporting documentation was therefore not readily available, the fact that this data could be successfully reconstructed actually demonstrated that there were systems in place, and that these systems could effectively provide the basis for the Division’s reported numbers.

3. The OIG Should Correct Its Inaccurate and Potentially Misleading Statements

The Report contains other imprecise or inaccurate statements that we urge the OIG to consider revising, in particular,

• Repeated statements that the Criminal Division statistics were “inaccurate” and “flawed” (at xv, xvi, xvii, 71, 72, 74, 76, 79, 83), will likely lead readers to infer that the statistics were inflated. That, of course, would be incorrect. Eight of the nine reported statistics were either accurate or understated. The one overstatement was, according to the Report, “minor.”

• In an attempt to summarize the Department’s shortcomings in its terrorism reporting, the Report lumps all the statistics from FBI, EOUSA, and Criminal Division together and makes the broad statement (at v and 13) that the statistics could not be supported for three reasons: the components (1) could not provide support for the numbers reported for the statistics; (2) could not substantiate the terrorism link; and (3) could not provide documentation of the time period represented. When questioned about the application of these generalizations to the Criminal Division, the OIG conceded that (2) did not apply to the Criminal Division but claimed that (1) and (3) applied at the outset of the audit. Thus the OIG refused to alter this erroneous statement. Yet, elsewhere in the Report the OIG clearly found that none of these applies to the Criminal Division. To the contrary, the OIG found at the conclusion of the audit that the Criminal Division provided documentation that the numbers reported were supported and, in fact, support was provided to show that the Division understated the numbers reported. Report at 72. Further, the OIG found that the Criminal Division established a link to terrorism in all cases that the OIG tested. Report at 73. And, the OIG’s final reconciliation established that the Criminal Division documented the time period represented with one minor variance. Report at 75. Thus these reasons are almost entirely inapplicable to the Criminal Division: the Division was able to provide support for all cases it reported; the Division supported a terrorism link in all cases; and the Division provided documentation as to the appropriate time period for all but 2 out of nearly 400 reported cases, hardly statistically significant.

• The Report makes much of the fact that the Criminal Division twice produced documentation to support the reported statistics – once in March 2006 and once in August 2006. As you know, the Criminal Division needed a second effort to document the statistics because the documentation to support the statistics had to be reconstructed from a variety of sources; it was not readily available, as it admittedly should have been. That said, the August 2006 reconciled documentation is entirely valid. No one has suggested otherwise, and it is unfortunate that the Report the interim documentation and reconciliation. In addition, the Report tells only half the story of the reconciliation process. If the OIG believes it is necessary to account for each step in reconstructing the data, the Report should state that the Counterterrorism Section was fully engaged in working through this reconciliation process with the OIG, pointing out to the OIG staff when the OIG double counted certain cases, when they failed to count cases of a continuing nature because a single milestone in the case had been reached, and when they confused a case and a matter. A full understanding of the audit and reconciliation process must credit the efforts by the Counterterrorism Section to supply the OIG with all the materials they requested and educate them on each criminal investigation and prosecution so that they could properly evaluate those materials in the context of the audit.

We urge the OIG to correct these deficiencies in the Report.

4. Recommendations

We agree that improved controls will improve our ability to readily substantiate the statistics reported. As we discuss in greater detail below, these improved controls are now in place. Consequently, we believe the Department has satisfied the recommendations in the report in regard to the Criminal Division statistics and that no further action in this regard is required.

Recommendation 1.	Establish and document internal control procedures for gathering, verifying, and reporting terrorism-related statistics.
Response:	The Counterterrorism Section concurs with this recommendation, subject to the following comments. As discussed above, the Criminal Division had existing procedures for gathering, verifying and reporting terrorism-related statistics which it discussed with the OIG auditors, even though this information is largely absent from the Report. These procedures were set forth, in part, in a Counterterrorism Section (CTS) Circular on Terrorism Statistics and in material discussing specific Performance Measures, which was provided to the OIG. These mechanisms were supplemented by gathering information through telephone and email requests and responses to and from terrorism prosecutors in U.S. Attorneys’ Offices around the country through the communication network established by the Anti-Terrorism Advisory Council Coordinators in the field and the National and Regional Coordinators in the Counterterrorism Section. We believe there was nothing haphazard about this system, which resulted in daily reporting of terrorism litigation events in the CTS Daily Report, a fundamental mechanism by which Department leadership is kept current on such matters. Nevertheless, we have made improvements to these reporting mechanisms that have resulted in more accurate and up-to-date statistics. We have revised both our Circular on Terrorism Statistics and our Performance Measures. A copy of the revised Circular was previously provided to the OIG, and we are transmitting a copy of the revised Performance Measures by separate cover.
Recommendation 2.	Maintain documentation to identify the source of all terrorism-related statistics reported in official operational documents such as budget requests, performance plans, statistical reports, and others.
Response:	The Counterterrorism Section concurs with this recommendation and intends to maintain documentation in a more readily available manner to identify the source of the statistics it reports.
Recommendation 3.	Maintain documentation of the procedures and systems used to gather or track the statistics reported.
Response:	The Counterterrorism Section concurs with this recommendation and intends to maintain such documentation.
Recommendation 4.	Maintain documentation of the methodologies and procedures used to verify the accuracy of the statistics reported.
Response:	The Counterterrorism Section concurs with this recommendation. It will rely primarily on the methodologies and procedures set forth in the recently updated Circular on Terrorism Statistics which has been supplied to the OIG. The additional systems described above will serve as back-up for the international terrorism and terrorism-related cases database.
Recommendation 5.	Ensure that terrorism-related statistics are not reported unless evidence is maintained to support the statistics.
Response:	The Counterterrorism Section agrees that terrorism-related statistics should not be reported unless evidence is maintained to support the statistics.

Thank you again for the opportunity to provide comments to the Report.

Sincerely,

Alice Fisher
Assistant Attorney General
Criminal Division

Kenneth L. Wainstein
Assistant Attorney General
National Security Division

1. We note that the Criminal Division statistics, which were originally maintained by the Office of the Assistant Attorney General of the Criminal Division and subsequently transferred to the Counterterrorism Section, have been maintained by the National Security Division since October 28, 2006, when the Division was established and incorporated the Counterterrorism Section.