The U.S. government maintains a consolidated terrorist watchlist as a key component of its counterterrorism efforts. This list, maintained by the Federal Bureau of Investigation’s (FBI) Terrorist Screening Center (TSC), was created by merging previously separate watchlists maintained by different agencies throughout the federal government. The consolidated terrorist watchlist is updated daily with new or revised information on known or suspected terrorists. This information is obtained by a variety of government agencies, including law enforcement agencies in the Department of Justice (DOJ).
As part of a coordinated review by other Offices of Inspector General (OIG) in the Intelligence Community, this DOJ OIG audit examined the DOJ’s nomination of known or suspected terrorists to the consolidated terrorist watchlist. The objectives of this audit were to determine whether: (1) DOJ’s processes and standards for nominating individuals to the consolidated watchlist are consistent, are articulated in policy or other guidance, and are understood by nominators; (2) DOJ components have quality control processes to help ensure nominations are accurate, understandable, updated with new information, and include all individuals who should be placed on the watchlist based on information available to the agencies; (3) the responsibility for watchlist nominations is clear, effective, and understood; (4) nominators receive adequate training, guidance, or information on the nominations process; (5) DOJ components maintain records of their nominations, including the source of the nomination and what information was provided; and (6) DOJ organizations with terrorism, counterterrorism, and domestic counterterrorism information in their possession, custody, or control appropriately participate in the nominations process.
Our audit was conducted in conjunction with other OIGs who examined similar issues at other agencies in the Intelligence Community. This interagency effort, led by the OIG for the Office of the Director for National Intelligence (ODNI), sought to examine watchlist nomination activities throughout the Intelligence Community. Among the other OIGs who participated in this coordinated effort were the OIGs from the Departments of State, Treasury, Energy, and Homeland Security; and the Central Intelligence, Defense Intelligence, National Geospatial-Intelligence, and National Security Agencies. We reviewed the nomination process within DOJ, while these other OIGs reviewed the processes within their respective agencies. The ODNI OIG coordinated this review and compiled the results of the separate reviews.
To accomplish the objectives of our review within DOJ, we interviewed over 100 DOJ employees and officials at both the headquarters and field office levels of various DOJ components.1 These components included the FBI; Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF); Drug Enforcement Administration (DEA); Federal Bureau of Prisons (BOP); U.S. Marshals Service (USMS); DOJ National Security Division (NSD); and United States National Central Bureau (USNCB) – the U.S. liaison with the International Criminal Police Organization (INTERPOL). We also interviewed personnel at the TSC and the National Counterterrorism Center (NCTC), which is a component of the ODNI. In addition to these interviews, we reviewed the policies and processes concerning terrorist watchlisting at the various components and we performed testing of FBI watchlist nomination packages.
We performed our audit in accordance with Government Auditing Standards issued by the Comptroller General of the United States, and accordingly, included such tests of the records and procedures that we considered necessary. Our audit covered policies, procedures, and practices in place at the time of our field work, June 27, 2007, through October 23, 2007.
OIG Results in Brief
Overall, our review determined that the FBI is the only DOJ component that formally nominates known or suspected terrorists for inclusion on the consolidated terrorist watchlist. The FBI processed 3,417 standard watchlist nominations in calendar year 2005, 2,568 nominations in 2006, and 2,255 in 2007, as of November 29, 2007. Our review found that FBI personnel understood the FBI’s responsibilities regarding the watchlisting process, and the FBI had developed and articulated in policy formal processes for nominating known or suspected terrorists to the watchlist, had instituted sound record management procedures for its standard watchlist nominations, and had provided basic training on the watchlist nomination process to its staff.
We also determined that the FBI established criteria and quality controls to assist in developing proper and accurate watchlist nominations. However, we found that the FBI was not always providing updated nominations when new information became known about a nominated individual. We also found that the FBI was not always removing records from the watchlist when it was appropriate to do so. Moreover, FBI headquarters officials reported that watchlist nomination submissions from field offices were often incomplete or contained inaccuracies, which caused delays in the processing of nominations. We concluded that the FBI should require its Supervisory Special Agents (SSA) to review all nominations submitted by their case agents for accuracy and completeness. These individuals should also be responsible for helping to ensure that case agents create nominations for all individuals that meet the FBI’s threshold for nomination. Such action would improve the accuracy and timeliness of watchlist nomination submissions and help prevent the omission of an appropriate nomination.
Additionally, we were informed that FBI field offices had, at times, bypassed FBI headquarters and submitted nominations directly to NCTC. This could result in the watchlisting of individuals without an FBI quality review and could also affect the completeness of the FBI’s records that are maintained to support its watchlist nominations.
In addition to its watchlist nomination activities, the FBI prepares terrorist-related intelligence reports that it disseminates throughout the Intelligence Community. Although the FBI did not intend for these reports to be official nominations, NCTC officials informed us that they considered this information from the FBI to constitute official watchlist nominations. As a result, NCTC created watchlist records from these reports and sourced them to the FBI. However, because the FBI was not aware of this NCTC practice, the FBI was not monitoring the records to ensure that they were updated or removed when necessary.
Although the FBI is the only DOJ component that officially nominates individuals for inclusion on the consolidated terrorist watchlist, other DOJ components – such as the ATF, BOP, DEA, USMS, and USNCB – have the potential to obtain terrorist-related information through their day-to-day operations. These DOJ components are required to share terrorism information with the FBI. Our review found that these DOJ components have established processes to share such information with the FBI. However, with the exception of the USNCB and certain sharing processes at the DEA, these DOJ components were generally sharing information in an informal manner, and not all had documented their policies requiring information sharing. In addition, at least one component (ATF) did not categorize criminal activity as being terrorism-related in a manner similar to the FBI, most notably in cases of domestic terrorism. As a result, the potential exists for terrorism information to not be shared with the FBI and for terrorists to not be watchlisted.
In addition to sharing terrorist information with the FBI, the DEA and USNCB were participating in some information sharing initiatives within the Intelligence Community, including with NCTC, that were being interpreted by NCTC as watchlist nomination requests. As a result, NCTC’s database included watchlist records that were sourced to the DEA and USNCB. However, neither the DEA nor the USNCB were aware that this was occurring or that watchlist records had been sourced to them. Therefore, the DEA and USNCB were not performing any activities to ensure that the watchlist records were updated or removed when necessary. As a result, these records have the potential to become outdated. Both the DEA and USNCB officials told us when we brought this issue to their attention that they would coordinate with NCTC to ensure proper handling of these records.
Finally, we found that although DOJ components are heavily involved in watchlisting and actively share terrorist information, these activities have been developed independently and are not coordinated by DOJ. We believe that DOJ should consider promulgating policy related to nominations to the consolidated terrorist watchlist and the sharing of information that might result in such a nomination. Although each DOJ component could continue its current initiatives to share information related to known or suspected terrorists and the FBI could continue to make its nominations, such a policy would provide a standardized framework within which all DOJ components would operate. Further, if all Department components operated within a standardized framework, others in the Intelligence Community, such as NCTC, would have a better ability to understand the intent of, and act appropriately upon, the information received from DOJ components.
As a result of our review, we have made seven recommendations to DOJ and to individual components to help improve the watchlist nomination policies, processes, and practices. These recommendations include establishing DOJ-wide watchlisting guidance, enhancing FBI watchlisting policies, and ensuring the correct sourcing of watchlist records that result from information shared by DOJ components.
Our findings are discussed in more detail in the following sections. First, we provide a brief background of DOJ nomination activities, then discuss the FBI’s nomination of known or suspected terrorists to the consolidated terrorist watchlist. Our discussion on DOJ terrorist information- sharing practices follows.
Overview of DOJ Watchlist Nomination Activities
Homeland Security Presidential Directive-6 (HSPD-6) mandated the U.S. government to develop the consolidated terrorist watchlist. This directive requires law enforcement and intelligence agencies with terrorist information in their possession, custody, or control to appropriately share such information for purposes related to the consolidated watchlist of known or suspected terrorists. A subsequent Memorandum of Understanding signed by the Attorney General, the Director of Central Intelligence, and the Secretaries of Homeland Security and State requires information on international terrorists to be shared with NCTC and purely domestic terrorism information to be shared with the FBI.2 The procedure for submitting information on individuals for inclusion on the watchlist is referred to as the “nomination process.”
According to the Code of Federal Regulations, the FBI shall “exercise lead agency responsibility in investigating all crimes for which it has primary or concurrent jurisdiction and which involve terrorist activities or acts in preparation of terrorist activities within the statutory jurisdiction of the United States.” The Code of Federal Regulations also states, “if another [non-FBI] federal agency identifies an individual who is engaged in terrorist activities or in acts in preparation of terrorist activities, that agency is requested to promptly notify the FBI.” 3 Therefore, DOJ components such as the ATF, BOP, DEA, USMS, and USNCB that have the potential to acquire terrorist information through their operations are required to share with the FBI information related to domestic or international terrorists with a nexus to the United States.4
FBI Watchlist Nominations Processes
The FBI is the only DOJ component that officially nominates known or suspected terrorists to the consolidated terrorist watchlist. The FBI has formal processes and policies that document the FBI criteria for watchlist nominations, the methods for effecting nominations, requirements for updating watchlist records when new information is obtained, and removing watchlist records when it is determined that an individual should not be watchlisted. The FBI’s watchlisting policies were developed internally and pertain only to the FBI, not to other DOJ components or any external agencies that are involved in watchlisting matters. The FBI uses several different methods to accomplish its nominations depending on the source and type of terrorist information involved.
Nominations of Investigative Subjects
In general, individuals who are subjects of ongoing FBI counterterrorism investigations are nominated to TSC for inclusion on the watchlist, including persons who are being preliminarily investigated to determine if they have links to terrorism. FBI policy requires the responsible case agent to forward a complete nomination package to the Terrorist Review and Examination Unit (TREX) in FBI headquarters. This package should include an initial case opening electronic communication, a copy of a notice of initiation that is directed to DOJ headquarters, and an FBI watchlist nomination form.5
For international terrorist nominations, TREX is responsible for reviewing and approving the nomination. It then forwards the nomination to NCTC. NCTC performs its review of the nomination and submits it to the TSC for inclusion in the consolidated terrorist watchlist. In cases of domestic terrorist nominations, TREX will send the nomination directly to the TSC.
The following graphic provides a basic illustration of the FBI’s watchlist nomination process for international and domestic terrorist nominations.
Watchlist Nomination Process
FBI Investigative Subjects
|Source: OIG analysis of FBI watchlist process|
Quality Control Weaknesses
While the FBI has developed a process and criteria for nominating subjects of terrorism investigations to the consolidated terrorist watchlist, we concluded that the FBI could improve controls for ensuring the quality and timeliness of its watchlist nominations. We found that FBI policy did not require its field offices to perform reviews of the watchlist nomination form generated by case agents. As a result, a majority of the SSAs we interviewed were not reviewing the nomination forms created by their case agents. In addition, TREX officials reported that nomination packages from case agents were often incomplete and analysts were often required to follow-up with the agents to receive sufficient information, thus delaying the processing of nominations. In some instances we found that TREX had not received a nomination package for up to 4 months after the case was opened even though FBI policy requires the case agent to notify TREX within 10 days of the initiation of the investigation.
The Assistant Director of the FBI Counterterrorism Division, TREX management, and Assistant Special Agents in-Charge (ASAC) told us that field office SSAs should be reviewing the nomination forms for content and accuracy. They noted that a quality control review at that level helps ensure that watchlist nomination information is accurate and sufficient before leaving the field office, providing more accurate watchlist information to use in screening for terrorists. Additionally, FBI officials believed this control would help reduce processing delays caused by incorrect watchlist information identified by FBI personnel further along in the nomination process.
Moreover, until recently the FBI did not have procedures to ensure all subjects of terrorism investigations were nominated to the watchlist as required by FBI policy. FBI headquarters recently instituted procedures to review information in the FBI’s Automated Case Support (ACS) system to identify any open terrorist cases for which it did not receive a nomination package. In addition to this practice, we believe nomination omissions could be significantly reduced if FBI field offices were required to perform regular reviews to ensure that all terrorism subjects in cases under their control have been nominated in a timely fashion and in accordance with FBI policy.
Failure to Modify and Remove Watchlist Records
According to HSPD-6, each nominating agency involved in the watchlist process is responsible for, on an ongoing basis, providing terrorist information in its possession, custody, or control, thus ensuring watchlist information is current, accurate, and complete. Additionally, nominating agencies should generally provide information to remove an individual from the watchlist when it is determined that no nexus to terrorism exists. During the course of an investigation, the FBI may acquire additional identifying information on watchlisted subjects. FBI policy includes requirements for updating and removing watchlist records of investigative subjects and states that it is “essential” that this additional information be used to enrich an existing record. To accomplish watchlist record revisions, the FBI uses the same process for initially nominating an investigative subject to the terrorist watchlist.
However, several FBI personnel informed us that the modification of watchlist records is not being performed on a regular basis. NCTC personnel also stated that they see very few modification requests from the FBI. Moreover, many of the FBI employees with whom we spoke were not aware of the standards for determining when a modification of the watchlist record is necessary. As a result, certain watchlist records are likely missing useful information.
Additionally, TREX and TSC personnel stated that FBI field offices are not always requesting the removal of watchlisted individuals when closing an investigation. While there are circumstances allowing the FBI to maintain a watchlist record on individuals for whom it has closed an investigation, TREX and TSC officials believed that often individuals inappropriately remained watchlisted because the case agents did not file the paperwork necessary to effect their removal.
The FBI’s process for nominating known or suspected terrorists of FBI investigations involves manually entering watchlist information at multiple points in the process. For international terrorist nominations, an FBI case agent first manually enters the information into an electronic FBI watchlist nomination form. Second, FBI personnel at TREX enter the same basic watchlist information into the Violent Gang and Terrorist Organization File (VGTOF) of the National Crime Information Center system.6 Third, FBI personnel at NCTC enter watchlist information into the Terrorist Identities Datamart Environment (TIDE), which is then exported electronically to the terrorist screening database maintained by the TSC. Essentially, the FBI is entering the same basic watchlist data three times during this nominations process. Similarly, domestic terrorist nominations are manually entered twice. A case agent first enters the watchlist information on the watchlist nomination form, and then FBI personnel at the TSC enter the same basic information into the consolidated terrorist watchlist database.
FBI officials recognized that these multiple entries may lead to watchlisting errors and informed us that efforts are currently underway to address this issue. We agree that the risk of data-entry error increases with each entry and we recommend that the FBI determine whether its watchlist processes – both its international terrorist and domestic terrorist nominations – could be streamlined to reduce the number of times watchlist information must be manually entered.
Nomination of Non-Investigative Subjects
In addition to nominating subjects of its terrorist investigations, the FBI has a formal process for nominating to the watchlist known or suspected international terrorists who are not subjects of FBI investigations. FBI policy states that an FBI entity wanting to nominate an individual must provide the FBI Counterterrorism Division a memorandum containing information to support nominating the individual for inclusion on the consolidated terrorist watchlist even though it is not formally investigating the individual. The Counterterrorism Division is then responsible for submitting a request to NCTC to nominate the individual for watchlisting.
However, the FBI policy governing the nomination of known or suspected international terrorists not under FBI investigation does not describe procedures or mechanisms for modifying or removing watchlist records created by this process. Additionally, the FBI policy does not define quality control procedures to help ensure the accuracy and completeness of the information submitted to NCTC for watchlist nominations. While the FBI policy describes the process for nominating non-investigative subjects to the consolidated terrorist watchlist, it does not identify entities or procedures to be used in conducting a review of the information. In contrast, the FBI’s policies for nominating its investigative subjects include quality control procedures and mechanisms to help ensure watchlist records are modified and removed as appropriate. We believe the FBI needs to develop quality control procedures and describe mechanisms or procedures to modify or remove watchlist records for non-investigative subject nominations.
In addition, although the FBI has a formal process for nominating non-investigative subjects to the watchlist, when we discussed this process with a Counterterrorism Division section manager responsible for receiving such information and forwarding nomination requests to NCTC, we were informed that the section had not received any such nomination requests. When we discussed this issue with an NCTC official, we learned that NCTC is receiving nominations for non-investigative subjects directly from FBI field personnel. Because this nomination practice is not covered in FBI policy, there are no requirements for FBI personnel to ensure that any resulting watchlist records are updated or removed as appropriate. There is likewise no mechanism to ensure that the nominations directly passed to NCTC by field personnel are appropriate and that the information is complete and accurate.
The weaknesses described above indicate that the potential exists for the watchlist nominations to be inappropriate, inaccurate, or outdated because watchlist records are not appropriately generated, updated or removed as required by FBI policy. Accurate and current identifying information is critical for identifying suspected terrorists during screening practices, lowering the risk to frontline screening personnel, and reducing misidentifications of innocent individuals who are not suspected terrorists. Moreover, watchlist records on individuals determined to have no nexus to terrorism should be removed from the database to improve the accuracy of the list and to reduce the risk that innocent individuals will be stopped or detained as a result of outdated watchlist records.
FBI Terrorist Watchlist Training
The FBI provides formal training on the watchlist nominations process to various FBI personnel, and it includes instructions on the FBI watchlist protocols on the TREX website on the FBI Intranet. New FBI agents receive comprehensive instruction on the FBI’s watchlist process and nomination requirements during the standard New Agent Training course. The FBI also informed us that it was providing further instruction on the consolidated terrorist watchlist during its newly implemented agent refresher course, which is provided to agents who have been employed with the FBI between 6 months and 3 years. Additionally, newly appointed Special Agents in Charge receive a tutorial on the watchlist process before reporting to their new assignment. FBI Legal Attachés receive instruction on the watchlist process during FBI Legal Attaché conferences. Further, field office personnel told us during interviews that the TREX Intranet site is a good reference source for agents to use when completing and submitting a watchlist nomination to TREX. Other FBI personnel noted that agents and task force officers regularly receive on-the-job training from experienced FBI agents, which can include instruction on the FBI’s watchlist nomination procedures.
Through its counterterrorism training program, the FBI has also provided instruction on the watchlist nomination process to experienced FBI agents and non-FBI Joint Terrorism Task Force (JTTF) members.7 However, several veteran FBI field agents informed us that they still had not received formal training on the watchlist process. Similarly, non-FBI JTTF personnel we interviewed told us that they had not received any formal training on the nomination process even though they may be given lead agent responsibility for or be assigned to a JTTF terrorism case. Also, as previously noted, despite the training some field personnel did not follow FBI watchlist nomination procedures. For example, some FBI personnel failed to modify or remove watchlist records when appropriate, while others bypassed FBI headquarters and submitted nominations directly to NCTC. Therefore, we believe more formalized instruction on the watchlist nomination process is warranted.
Several FBI personnel we interviewed believed that more regular refresher training on the nomination process would be beneficial. FBI management at TREX stated that such training would help reduce the number of errors that TREX personnel find on watchlist nomination forms. Formalized training on the nomination process could also help heighten the awareness that watchlist records must be modified and removed when necessary.
FBI Watchlist Record Retention
To determine if the FBI retained records of its watchlist nominations, including the source of the nomination and the information contained in the nomination, we reviewed FBI policy and documentation maintained by the FBI. We found that the FBI has sound procedures for maintaining records on terrorist watchlist nominations for its investigative subjects. According to FBI officials, TREX retains records of all of its terrorist watchlist nominations in hardcopy and electronic formats. These files should include the watchlist nomination form, approved internal communication from the field office justifying and authorizing the case opening, and the notice of initiation memorandum.
We reviewed a sample of watchlist nomination hardcopy and electronic files, including those in the FBI’s Automated Case Support system and confirmed that these documents were included. Additionally, we observed that FBI field office hardcopy case files included some or all of these documents. Therefore, we concluded that the FBI was adequately retaining records of its watchlist nominations for its investigative subjects, including the source of the nomination and the information contained in the nomination.
However, we were told by a TREX supervisor that sometimes TREX processes nominations without all of the required documents. Therefore, watchlist records maintained at TREX for these nominations may not contain all the documents outlined in FBI policy.
In addition, as described above, the FBI’s policies and practices for nominating non-investigative subjects to the watchlist are less structured and centralized than those for investigative subjects. Therefore, we are concerned that the FBI’s maintenance of documents supporting watchlist records for non-investigative subjects is decentralized and not being maintained.
DOJ Terrorist Information Sharing
In October 2005, the President issued Executive Order 13388, which requires agencies possessing or acquiring terrorism information to promptly provide access to that information to agencies with counterterrorism functions.8 Additionally, in 2003 a Memorandum of Understanding signed by the Attorney General, the Director of Central Intelligence, and the Secretaries of Homeland Security and State required that information on international terrorists be shared with NCTC and purely domestic terrorism information be shared with the FBI. As a result, DOJ components such as the ATF, BOP, DEA, FBI, USMS, and USNCB that have the potential to acquire terrorist information through their operations are required to share such information with other agencies for purposes related to the consolidated terrorist watchlist.
To examine DOJ’s involvement in terrorist watchlisting, we interviewed officials at the FBI, DEA, ATF, NSD, USMS, USNCB, and BOP. NCTC and FBI officials informed us that in addition to the FBI’s watchlist nomination practices, the FBI also has processes to share terrorist information with appropriate agencies. Officials at each of the other DOJ components reported that they have not been formally involved in any watchlist nominations. However, as described below, each of these components reported that they share terrorist information with other agencies with a counterterrorism mission.9 Through the sharing of terrorism information with the FBI, DOJ components also allow the FBI the opportunity to assess potential terrorist threats and to nominate known or suspected terrorists to the U.S. government’s consolidated terrorist watchlist.
FBI Terrorist Information Sharing
FBI domestic field offices have intelligence groups that generate Intelligence Information Reports to share terrorism information within the FBI and with agencies in the Intelligence Community, including NCTC. However, NCTC officials told us that NCTC treated these documents as official watchlist nomination requests. Moreover, the resulting records created by NCTC identify the FBI as the source of the nomination. When we raised this issue with FBI officials, they stated that they were not aware of this NCTC practice. Because the FBI was not aware that such watchlist records were created, it was not modifying or removing these watchlist records as necessary. Additionally, because the FBI did not consider these reports to be watchlist nominations, they were not reviewing them to ensure that all nomination-related information was complete and accurate. Therefore, we believe that there is a significant potential for records created in this manner to be inaccurate or become outdated.
The FBI has developed procedures to assist the Department of Defense (DOD) in the sharing of information related to military detainees in Afghanistan and Iraq. According to FBI officials, the DOD did not have the capability of incorporating fingerprints for these detainees into a system used in the watchlisting process. Therefore, the FBI’s Criminal Justice Information Services Division (CJIS) Intelligence Group processes DOD-obtained fingerprints and then passes the related information on the individual to NCTC.10 According to CJIS officials, the FBI considers itself a conduit in processing a DOD watchlist nomination and does not consider itself to be the nominating agency for these subjects. However, NCTC officials informed us that when it receives such records, they are sourced to the FBI. If these records have enough information to qualify for watchlisting, NCTC processes the FBI-sourced record as a nomination. Therefore, these records also have the potential to become stale because the FBI – identified as the source agency – is not in a position to, and does not monitor the records to ensure that they are accurate and current. We believe that the FBI, NCTC, and DOD should coordinate their actions to ensure that watchlist records created through this process are sourced to the correct agency.
Other DOJ Information Sharing
As previously noted, the FBI is the lead agency responsible for investigating terrorist activities within the statutory jurisdiction of the United States. Other federal agencies that identify terrorists or terrorist activities are required to promptly notify the FBI. Through the sharing of terrorism information, DOJ components allow the FBI to assess potential terrorist threats and nominate known or suspected terrorists to the U.S. government’s consolidated terrorist watchlist.
Drug Enforcement Administration
The DEA is responsible for “the development and implementation of a concentrated program throughout the federal government for the enforcement of Federal drug laws and for cooperation with State and local governments in the enforcement of their drug abuse laws.”11 The DEA notes that, while not having a formal counterterrorism mission, there is often a nexus between drugs and terrorism. For example, in November 2005 the DEA reported in an internal communication that almost half of the 41 foreign terrorist organizations identified by the State Department had ties to some aspect of drug trafficking.
Although the DEA acknowledges a nexus between drugs and terrorism, DEA officials informed us that the agency does not officially nominate individuals for inclusion on the consolidated terrorist watchlist. According to DEA officials, they had not received any guidance directing the DEA to formally nominate to the watchlist all individuals who the DEA had identified as being associated with drug trafficking activities carried out by foreign terrorist organizations on the State Department’s list of foreign terrorist organizations.
The DEA has developed policies and processes for sharing terrorism information with other agencies. DEA policy requires all terrorism information to be shared with the DEA’s Special Operations Division (SOD), the local JTTF, and the local FBI field office. DEA’s foreign offices are also instructed to immediately pass terrorism information in country to the FBI and other U.S. agencies when appropriate. In addition, the DEA has established a program at its headquarters designed to gather information from DEA activities for sharing with the U.S. Intelligence Community. The DEA Reports Officer Program was designed to review DEA investigative reports and intelligence communications developed by DEA field personnel and to develop summary reports of useful information for dissemination to appropriate Intelligence Community agencies, including the FBI and NCTC.
Our discussions with DEA field office personnel found that the process for sharing terrorism-related information was well understood by DEA domestic field office management. In each DEA field office we visited, DEA personnel informed us that they passed terrorism information to the local FBI office and the JTTF, as well as to the DEA’s SOD. We reviewed documents from the Reports Officer Program that indicated that the DEA was formally sharing terrorism-related information with the Intelligence Community. Although the SOD and Reports Officer Program share information in a formal manner – usually through cables sent to agencies in the Intelligence Community or through the DEA’s participation on the National Joint Terrorism Task Force (NJTTF) – the terrorism information relayed to the local FBI offices and JTTFs is shared in a less formal manner.12 According to DEA personnel in the field offices we visited, terrorism-related information may be shared through telephone calls or through face-to-face conversations. We were also informed that DEA personnel did not maintain records of information shared in this manner.
The following diagram demonstrates the basic DEA process for reporting and sharing terrorism information.
Source: OIG analysis of the DEA information sharing process
DEA-Sourced Watchlist Nominations – DEA headquarters and field personnel stated that the DEA was not involved in the watchlist nomination process. However, despite DEA’s belief that it was not involved in the watchlist nomination process, we found that NCTC is creating watchlist nominations from DEA intelligence documents that contain information on known or suspected terrorists. Further, NCTC is sourcing such nominations to the DEA. As of October 2007, NCTC reported that 40 records in its database were sourced to the DEA. DEA officials were not aware that this was occurring and believed that the agency had no formal role in the watchlist nomination processes. When we discussed this with senior DEA officials, they informed us that they would coordinate with NCTC to ensure that NCTC officials understood that the DEA’s activities were intended as information sharing efforts and not intended as formal nominations to the watchlist.
Moreover, because it did not know that it “owned” watchlist records, the DEA had not been submitting information to modify or remove these watchlist records when necessary. We believe the DEA and NCTC need to coordinate responsibility for modifying and removing the DEA-sourced nominations from the consolidated terrorist watchlist.
Bureau of Alcohol, Tobacco, Firearms and Explosives
The mission of ATF is to “investigate, administer, and enforce the laws related to alcohol, tobacco, firearms, explosives, and arson.” In addition to those specific functions, ATF can perform any other function “related to the investigation of violent crime or domestic terrorism” as may be delegated by the Attorney General.13 Though ATF does not have a specifically defined counterterrorism function, its investigations can involve, or lead to, the discovery of terrorist information.
According to ATF officials, they have not submitted any terrorist watchlist nominations. However, ATF officials stated that they share information that they deem to be terrorism-related with the local FBI field office or JTTF. At the field office level we were told that information was shared with the FBI in an informal manner, usually by telephone, e-mail, or face-to-face conversation. In addition, through its participation on the NJTTF, ATF shares information with, and receives information from, the various member agencies. ATF does not maintain documentation of the information that is shared in this manner.
However, ATF officials informed us that they often disagree with the FBI as to what constitutes domestic terrorism. These ATF officials stated that if ATF determines that an act is purely criminal and falls within ATF jurisdiction, ATF will independently investigate the matter regardless of whether the FBI would deem the case to be domestic terrorism. ATF officials suggested that there was a lack of clarity, consistency, and understanding of the definitions of terrorism and terrorist acts among law enforcement agencies.
Therefore, in some circumstances ATF is not sharing potential domestic terrorism information with the FBI. As a result, the possibility exists for individuals with a nexus to terrorism to not be placed on the consolidated terrorist watchlist.
We recommend that ATF and the FBI agree on sharing terrorism information for use in the consolidated terrorist watchlist, to include what activities would result in terrorism information sharing. Further, ATF should ensure that ATF personnel are trained in how to identify such activities.
United States Marshals Service
Two of the primary missions of the USMS are the protection of the federal judiciary and fugitive apprehension.14 USMS personnel told us that these responsibilities can lead to the discovery of terrorism‑related information.
According to USMS officials, when the USMS encounters a credible threat during a threat investigation, USMS policy requires that such information – with or without a nexus to terrorism – be passed to the local FBI office. The USMS follows the same process if it obtains possible terrorism information during a fugitive investigation. Our interviews of USMS headquarters officials and field office staff indicated that the USMS is sharing information with the FBI and the process for sharing such information is understood by USMS personnel. However, although the USMS shares information at the national level through its participation on the NJTTF, similar to our findings at the DEA and ATF, we found that the USMS process for sharing information at the field level has not been formalized.
United States National Central Bureau
Unlike the other DOJ components discussed above, the USNCB is not an investigative law enforcement organization. The mission of the USNCB is to facilitate international law enforcement cooperation as the United States’ representative to the International Criminal Police Organization (INTERPOL). The USNCB’s major function is to transmit information between the United States and other INTERPOL member countries, including requests for assistance and information involving patterns and trends of criminal activities.
When we initially spoke with officials from the USNCB, they informed us that, although the USNCB currently has several initiatives through which it shares with the U.S. intelligence community potential terrorism information that it obtains, it had no formal role in the watchlist nomination process. However, as with the DEA, officials at NCTC informed us that nominations had been created from information provided by the USNCB and these nominations are being sourced to the USNCB without its knowledge. As a result, these records are not being monitored for modification and removal when necessary. When we informed USNCB officials that since December 2003 about 350 nominations had been created and sourced to the USNCB, USNCB officials responded that it was acceptable for NCTC to create watchlist nominations from information the USNCB provided. These officials also stated that they would follow up on the matter because they did not intend for their actions to be considered formal watchlist nominations originating from USNCB. Rather, they considered their efforts to be information sharing initiatives appropriate to their role as a liaison with INTERPOL. The USNCB officials also stated that their role as a liaison office – as opposed to an investigative law enforcement agency – dictated that their efforts be limited and not include any efforts to investigate the significance or credibility of the information received and disseminated. Accordingly, we recommend that the USNCB coordinate with NCTC to clarify the responsibility for modifying and removing these USNCB-sourced watchlist records.
Federal Bureau of Prisons
Like the USNCB, the BOP is not an investigative law enforcement agency. However, the BOP plays an important role in the collection, analysis, and sharing of terrorism-related information through its monitoring and analysis of inmate communications. In recent years, the BOP has developed several initiatives designed to contribute to the U.S. government’s counterterrorism efforts. For example, through its participation on the NJTTF, the BOP has worked with the FBI in the establishment of the Correctional Intelligence Initiative.15 In addition, the BOP created a Counter Terrorism Unit, which is responsible for tracking and monitoring the international and domestic terrorists within the BOP system, including analyzing inmate correspondence and financial transactions. Through this monitoring, the BOP Counter Terrorism Unit often obtains information or intelligence about terrorist organizations and activities. According to BOP officials, the BOP shares such information with the FBI through its contact with the NJTTF and with local FBI agents. In addition, an FBI agent has been detailed to the BOP Counter Terrorism Unit to facilitate information sharing.
In our discussions with BOP personnel, we found that they understood BOP processes and procedures for sharing terrorism-related information and that BOP personnel were sharing information with the FBI. However, as with the other DOJ information sharing components, we found that the process by which this information is shared has not been formalized. In addition, we found that the BOP’s ability to identify inmates with potential ties to terrorism, particularly in instances of domestic terrorism and cases in which an inmate had been convicted of non-terrorism related charges, had not been fully developed.
DOJ Oversight of Watchlisting and Information Sharing
In general, while DOJ components share terrorist information and provide watchlist information, these activities have been developed independently and are not coordinated by the Department. DOJ’s National Security Division (NSD), which was created in March 2006, is now responsible for overseeing the development, coordination, and implementation of Department policy with regard to intelligence, counterintelligence, and national security matters. Further, NSD is responsible for participating in the systematic collection and analysis of information relating to terrorism investigations and formulating legislative initiatives, policies, and guidelines relating to terrorism.16
We discussed DOJ watchlisting and information sharing activities with NSD officials. These officials stated that NSD has no formal role in the watchlist nomination process. Officials further stated that because NSD is primarily a consumer of information from other DOJ components, such as the FBI, they had not considered whether Department policy on the watchlist nomination process and related information sharing activities was necessary. These officials also noted that NSD does not have the authority to promulgate guidance or policy to other DOJ components without specific direction from the Office of the Deputy Attorney General. Therefore, they said that NSD had not become involved in matters related to terrorist watchlist nominations or related information sharing policies and practices.
In the absence of DOJ oversight and coordination, the FBI has developed policies and processes to nominate individuals to the consolidated terrorist watchlist and other DOJ components have developed processes concerning the sharing of terrorist information. Yet, none of the other components have formalized their information sharing practices and only some of them have documented their policies requiring information sharing. We believe that informal information sharing processes create a greater risk that terrorism information is not shared fully, accurately, and timely and that the information has not been acted upon in an appropriate manner.
We therefore recommend that DOJ consider promulgating general policy related to nominations to the consolidated terrorist watchlist and the sharing of information that might result in such a nomination. Such policy could identify nomination thresholds and information sharing criteria and require the formalization of watchlist nomination and information sharing activities. Although each DOJ component would continue its current initiatives to share information related to known or suspected terrorists and the FBI would continue to make its nominations, such a policy would provide an overall framework within which DOJ components would operate. Further, if all DOJ components operated within a standardized framework, others in the intelligence community, such as NCTC, would have a better ability to understand the intent of, and act appropriately upon, the information provided.
The FBI is the only DOJ component that formally nominates known or suspected terrorists for inclusion on the consolidated terrorist watchlist. We found that the FBI had established a formal watchlist nomination process with quality controls built into the process, FBI personnel understand their agency’s role in the watchlist nomination process, the FBI provides formal training and basic instruction on its watchlist nomination process, and the FBI generally has sound record management procedures for its watchlist nominations.
However, we found weaknesses in the FBI’s watchlist nomination policies, such as insufficient field office review of nomination packages for investigative subjects. In addition, there is no requirement to modify and remove, when necessary, watchlist records of non-investigative subjects. Accordingly, we are recommending that the FBI improve its quality control structure by requiring field office review of watchlist nominations to ensure accuracy and timeliness as well as developing policy for modification and removal of watchlist nominations of non-investigative subjects.
Additionally, our review revealed deficiencies in the FBI’s practices related to submitting, modifying, and removing watchlist nomination records. For example, we found that FBI field offices bypass FBI headquarters and submit nominations for non-investigative subjects directly to NCTC. This practice does not have sufficient controls to ensure the appropriateness or accuracy of the nomination. We also found significant delays in the processing of watchlist nomination packages. Further, we found that the FBI generally has sound record management procedures for its watchlist nominations, although we identified instances outside the FBI’s standard nominations procedures that may cause FBI records to be incomplete.
We intend to continue our review of the FBI’s watchlist nomination practices and perform more in-depth analysis of FBI files to further assess the identified quality control weaknesses. For example, we intend to determine if subjects of open FBI cases are appropriately and timely watchlisted and that these records are updated with new identifying information as required. We also plan to examine the extent to which the FBI is watchlisting individuals for which it does not have an open investigation and if subjects of closed FBI investigations are appropriately removed from the watchlist in a timely manner. In addition, we also plan to review watchlist nomination files and determine the extent and effect of nomination package delays and omissions.
In addition to its responsibilities as DOJ’s only nominating component, the FBI also engages in intelligence sharing initiatives. However, unbeknownst to the FBI, when NCTC receives FBI reports generated through these initiatives, NCTC treats them as formal nominations. Because these records were sourced to the FBI without the FBI’s knowledge, watchlist record modifications and removals were not being processed as required. We also found that the DEA and USNCB engaged in similar information sharing initiatives which resulted in the creation of watchlist records by NCTC. We believe that there is a significant potential for records created in this manner to be inaccurate and become stale. We therefore recommend that the FBI, DEA, and USNCB ensure the correct sourcing of watchlist records involving information shared by their agencies.
Although the FBI is the only DOJ component that officially nominates individuals to the terrorist watchlist, other DOJ components obtain terrorist- related information through their operations. Our review revealed that these components have established processes to share such information with the FBI. However, with the exception of the USNCB and certain processes at the DEA, all of the components were sharing information in an informal manner, and only some components had documented their policies requiring information sharing. In addition, the potential exists for terrorism information to not be shared with the FBI and for individuals to not be watchlisted because at least one component, ATF, did not categorize criminal activity as being terrorism-related in a manner similar to the FBI.
Finally, our review found that these nominating and information sharing initiatives have been developed independently and are not coordinated by DOJ. In the absence of DOJ coordination and oversight, the FBI had developed its own policies and processes to nominate individuals to the consolidated terrorist watchlist, and other components had developed their own processes concerning the sharing of terrorist information. However, with the exception of the USNCB, and certain sharing practices at the DEA, we found that none of the components had formalized their information sharing practices and only certain components had documented their policies regarding information sharing.
We believe that informal information sharing processes create a greater risk that terrorism information is not passed fully, accurately, and timely and that information is not acted upon in an appropriate manner. We therefore recommend that DOJ consider promulgating general policy related to watchlist nomination processes and the sharing of information that might result in a nomination. Such policy could identify nomination thresholds and information sharing criteria, or require formalization of watchlist nomination and information sharing activities. Although each DOJ component would continue its current initiatives to share information related to known or suspected terrorists and the FBI would continue to make its nominations, such a policy would provide an overall framework within which all DOJ components would operate. Further, if DOJ components operated within a standardized framework, others in the Intelligence Community, such as NCTC, would have a better understanding of the intent of, and act appropriately upon, information provided.
We recommend the Department of Justice:
Promulgate general policy related to nominations to the consolidated terrorist watchlist and the sharing of information among DOJ components that might result in such a nomination, potentially including identifying nomination thresholds and information sharing criteria, and requiring formalization of watchlist nomination and related information sharing activities.
We recommend the FBI:
Modify its written policy to require field office SSAs to review the nomination form for sufficient and accurate information prior to submission of the nomination form to FBI headquarters.
Determine whether its watchlist processes for both its international terrorist and domestic terrorist nominations could be streamlined to reduce the number of times watchlist information must be manually entered.
Improve the policies concerning non-investigative subjects that the FBI nominates to the consolidated terrorist watchlist, including adding a requirement for the modification and removal of non-investigative subjects from the watchlist.
Ensure that all appropriate individuals, including JTTF personnel and veteran FBI agents, receive adequate training related to the FBI’s watchlist nominations process.
We recommend the FBI, DEA, and USNCB:
Ensure the correct sourcing of watchlist records involving information shared by their agencies and clarify responsibility for keeping these records accurate and up-to-date.
We recommend the FBI and ATF:
Reach agreement on sharing terrorism information for use in the consolidated terrorist watchlist, to include what activities would result in terrorism information sharing. Further, ATF should ensure that ATF personnel are trained in how to identify such activities.
- DEPARTMENT OF JUSTICE OFFICE OF THE DEPUTY ATTORNEY GENERAL RESPONSE
- FEDERAL BUREAU OF INVESTIGATION RESPONSE
- DRUG ENFORCEMENT ADMINISTRATION RESPONSE
- U.S. NATIONAL CENTRAL BUREAU of INTERPOL RESPONSE
- BUREAU OF ALCOHOL, TOBACCO, FIREARMS AND EXPLOSIVES RESPONSE
- OFFICE OF THE INSPECTOR GENERAL ANALYSIS AND SUMMARY OF ACTIONS NECESSARY TO CLOSE THE REPORT
International Terrorism is defined by the U.S. Criminal Code as activities that (A) involve violent acts or acts dangerous to human life that are a violation of the criminal laws of the United States or of any State, or that would be a criminal violation if committed within the jurisdiction of the United States or of any State; (B) appear to be intended (i) to intimidate or coerce a civilian population, (ii) to influence the policy of a government by intimidation or coercion, or (iii) to affect the conduct of a government by mass destruction, assassination, or kidnapping; and (C) occur primarily outside the territorial jurisdiction of the United States, or transcend national boundaries in terms of the means by which they are accomplished, the persons they appear intended to intimidate or coerce, or the locale in which their perpetrators operate or seek asylum. The U.S. Criminal Code defines domestic terrorism as activities that (A) involve acts dangerous to human life that are a violation of the criminal laws of the United States or of any State; (B) appear to be intended (i) to intimidate or coerce a civilian population, (ii) to influence the policy of a government by intimidation or coercion, or (iii) to affect the conduct of a government by mass destruction, assassination, or kidnapping; and (C) occur primarily within the territorial jurisdiction of the United States. 18 U.S.C. 2331 (2007).
The U.S. Criminal Code does not differentiate between international and domestic terrorism based solely on the geographic location of an individual. The distinction is made based on the types and origins of the terrorist activities involved. An example of a purely domestic terrorist event is Timothy McVeigh’s bombing of the Oklahoma City Federal Building. The events of September 11, 2001, represent an international terrorist event.
VGTOF contains a relevant subset of the consolidated terrorist watchlist for law enforcement to use in daily screenings of persons of interest. In our September 2007 report on the Terrorist Screening Center we noted that entering international terrorist information into VGTOF before submitting the nomination to NCTC caused inaccuracies and inconsistencies in watchlist records. Department of Justice, Office of the Inspector General, Follow-up Audit of the Terrorist Screening Center, Audit Report 07-41, September 2007.
The Joint Terrorism Task Forces (JTTF) are FBI-led multi-agency task forces. The JTTFs are located in more that 100 cities in the United States and are made up of FBI Special Agents, state and local law enforcement, and representatives from other government agencies. The JTTFs’ responsibilities are to prevent, detect, deter, and investigate attacks perpetrated by domestic and international terrorists in that JTTF’s region.
The National Joint Terrorism Task Force (NJTTF) is a multi-agency task force led by the FBI. It includes representatives from ATF, BOP, DEA, USMS and 37 other government agencies and critical industries. The NJTTF coordinates the sharing of terrorism threats and intelligence, coordinates special information and intelligence gathering initiatives, and provides logistical and training support to the JTTFs. NJTTF task force members receive and review information from their agencies and items of interest are shared with other member agencies as appropriate.
The Correctional Intelligence Initiative is an FBI-led initiative, coordinated through the NJTTF, designed to deter, detect, and disrupt radicalization efforts within federal, state, local, and tribal prison systems in the United States.