Semiannual Report to Congress
October 1, 2005-March 31, 2006
Office of the Inspector General
The FBI investigates counterterrorism, foreign counterintelligence, civil rights violations, organized crime, violent crime, financial crime, and other violations of federal law. FBI Headquarters in Washington, D.C., coordinates the activities of approximately 29,500 employees in 56 field offices, approximately 400 satellite offices, and 59 foreign liaison posts that work abroad on criminal matters within the FBI's jurisdiction.
In March 2005, the FBI announced plans to develop the Sentinel case management system to replace the failed Virtual Case File effort. The main goal of Sentinel is to enable the FBI to move from a paper-based reporting system to an electronic records system and maximize the FBI’s ability to use and share the information in its possession. During this reporting period, the OIG’s Audit Division completed an initial audit of the Sentinel project. This audit, the first in a series for the multi-phase project, focused on the FBI’s pre-acquisition planning, including its approach to developing the system, management controls over the project, IT management processes, contracting processes, and funding sources.
The OIG found that the FBI has taken important steps to prevent the types of problems encountered in the Virtual Case File project. In reviewing the management processes and controls the FBI has applied to the pre-acquisition phase of Sentinel, the OIG found that the FBI has developed IT planning processes that, if implemented as designed, can help the FBI successfully complete Sentinel.
The FBI also has made significant improvements in its ability to plan and manage a major IT project. For example, the FBI established sound ITIM processes, developed a more mature Enterprise Architecture, and established a Program Management Office (PMO) specifically for the Sentinel project.
However, we identified several concerns about the project that require action and continued monitoring: 1) the incomplete staffing of the PMO, 2) the FBI’s ability to reprogram funds to complete the second phase of the project without jeopardizing its mission-critical operations, 3) Sentinel’s ability to share information with external intelligence and law enforcement agencies and provide a common framework for other agencies’ case management systems, 4) the lack of an established Earned Value Management process, 5) the FBI’s ability to track and control Sentinel’s costs, and 6) the lack of complete documentation required by ITIM.
The OIG made seven recommendations regarding these concerns. The FBI concurred with all of the recommendations.
The OIG issued a report on the FBI’s conduct in connection with the identification of a fingerprint found on evidence from the March 2004 terrorism attack on commuter trains in Madrid, Spain, that killed almost 200 people and injured more than 1,400. FBI fingerprint examiners erroneously concluded that the fingerprint found on a bag of detonators belonged to Brandon Mayfield, an attorney in Portland, Oregon. As a result of the misidentification, the FBI initiated an investigation of Mayfield that resulted in his arrest as a material witness. Mayfield was released 2 weeks later when the Spanish National Police identified an Algerian national as the source of the fingerprint on the bag. The FBI Laboratory subsequently withdrew its fingerprint identification of Mayfield.
During its review, the OIG’s Oversight and Review Division found several factors that caused the FBI’s fingerprint misidentification. The unusual similarity between Mayfield’s fingerprint and the fingerprint found on the bag (referred to as LFP 17) confused three experienced FBI examiners and a court-appointed expert. However, we also found that FBI examiners committed errors in the examination procedure, and the misidentification could have been prevented through a more rigorous application of several principles of latent fingerprint identification. For example, the examiners placed excessive reliance on extremely tiny details in the latent fingerprint under circumstances that should have indicated that these features were not a reliable support for the identification. The examiners also overlooked or rationalized several important differences in appearance between the latent print and Mayfield’s known fingerprint that should have precluded them from declaring an identification. In addition, we determined that the FBI missed an opportunity to catch its error when the Spanish National Police informed the FBI on April 13, 2004, that it had reached a “negative” conclusion with respect to matching LFP 17 to Mayfield’s fingerprints.
Although the OIG determined that religion played no role in the FBI examiners’ initial conclusions, we found that by the time the Spanish National Police issued its “negative” conclusion, Laboratory examiners had become aware of information about Mayfield obtained in the course of the Portland Division’s investigation, including the fact that he had acted as an attorney for a convicted terrorist, had contacts with suspected terrorists, and was Muslim. We believe that these factors likely contributed to the examiners’ failure to sufficiently reconsider the identification after the Spanish National Police raised legitimate questions about it.
We also found that certain facts in affidavits the FBI submitted to the U.S. District Court for the District of Oregon to obtain a material witness warrant and search warrants were misleading. The affidavits contained several inaccuracies and provided an ambiguous description of a meeting between the FBI and the Spanish National Police that led the Court to incorrectly believe that the Spanish National Police agreed with the FBI’s identification of Mayfield.
The OIG did not find evidence that the FBI misused any of the provisions of the Patriot Act in conducting its investigation of Mayfield. However, the increased information sharing permitted by the Patriot Act amplified the consequences of the FBI’s fingerprint misidentification.
We made a series of recommendations to help the FBI address the Laboratory issues raised by the Mayfield case. The FBI Laboratory is planning to adopt new procedures that are consistent with a majority of our recommendations.
The protection of our nation’s seaports and related maritime activities is a shared responsibility among the U.S. Coast Guard, U.S. Customs and Border Protection, and FBI. The FBI, as the lead federal agency for preventing and investigating terrorism, has an overarching role in helping secure the nation’s seaports. The FBI’s responsibilities are part intelligence and part law enforcement, including assessing the threat of maritime-based terrorism; gathering, analyzing, and sharing information on maritime threats; and maintaining well-prepared tactical capabilities to prevent or respond to maritime-based terrorism.
During their review of the FBI’s efforts to prevent and respond to maritime terrorism, the OIG’s Audit Division found that since the September 11, 2001, terrorism attacks the FBI has taken steps to enhance its capability to identify, prevent, and respond to terrorism attack at seaports. For example, the FBI has created a centralized maritime security program at FBI Headquarters and, in addition to its counterterrorism tactical teams, has placed enhanced maritime SWAT teams in FBI field offices. In addition, most of the FBI’s 56 field offices have Maritime Liaison Agents responsible for coordinating with other federal agencies on maritime security. However, we found that the FBI does not always assign these agents according to the threat and risk of a terrorism attack on a given seaport. For example, an FBI field office with six significant seaports in its territory has only one maritime liaison agent, while another FBI field office with no strategic ports in its area has five maritime liaison agents.
The OIG also identified several actions the FBI should take to enhance seaport security, including increasing coordination with other agencies who share responsibility for maritime security, assessing the threat and risk of maritime terrorism compared to other terrorism threats, and improving the database that the FBI uses to collect and manage data concerning the number of suspicious incidents or terrorism threats involving seaports.
The OIG review found that the FBI and the Coast Guard have not yet resolved issues regarding their overlapping responsibilities, jurisdictions, and capabilities to handle a maritime terrorism incident. Because the FBI and the Coast Guard share the responsibility for ensuring the safety of U.S. seaports, the FBI needs to come to an agreement with the Coast Guard on each agency’s respective roles and authorities.
We also found that the FBI has failed to conduct a threat assessment that indicates where seaports rank among the likely targets of terrorism. This lack of assessment has hampered the FBI’s ability to compare the likelihood of various threats and make informed decisions about resource allocation. In addition, we found that the FBI database used to collect information on terrorism threats and suspicious incidents at seaports cannot be easily searched to identify trends in maritime-related suspicious activities or threats. Moreover, the FBI has not ensured that FBI offices enter all required information into this database.
Our report provided 18 recommendations to enhance the FBI’s efforts to secure U.S. seaports, including: resolve potential role and incident command conflicts in the event of a maritime terrorism incident through joint exercises and, if necessary, a revised and broadened memorandum of understanding with the Coast Guard; assign Maritime Liaison Agents to critical seaports based on an assessment of the threat and risk of a terrorism attack; assess the threat and risk of maritime terrorism compared to other terrorism threats; and focus intelligence reporting to more comprehensively address potential maritime-related terrorism targets and methods. The FBI agreed with the recommendations of this report.
Enacted in 1994 at the beginning of the rise in wireless telecommunications, the Communications Assistance for Law Enforcement Act (CALEA) sought to help law enforcement agencies continue to conduct electronic surveillance amid changing technology. CALEA requires telecommunications carriers to modify their services and equipment to accommodate law enforcement’s need to perform electronic surveillance. The legislation appropriated $500 million to reimburse carriers for their costs.
A review by the OIG’s Audit Division found that CALEA implementation has faced several challenges since its enactment over a decade ago. The most formidable challenge has been the rapid growth of new technologies, such as Internet telecommunications and wireless communications, and whether these new technologies fall under the legislation. After 10 years and over $450 million invested, t he FBI estimates that only 10 to 20 percent of the wireline switches (a telephone company device that “makes the connection” when a call is placed) and approximately 50 percent of the pre-1995 and 90 percent of the post-1995 wireless switches, respectively, have CALEA software activated.
Delays in CALEA implementation have been due in large part to the time consuming development of electronic surveillance standards and extended negotiations over software activation agreements. Initial CALEA standards took 10 years to develop and implement because of litigation. However, litigation regarding CALEA continues today. In addition, the FBI has ongoing negotiations with two wireline carriers to deploy CALEA software on pre-1995 wireline equipment. According to law enforcement officials, technological innovation and time delays in implementing CALEA software have significantly handicapped their efforts to conduct wiretaps. Without changes in existing CALEA requirements and how the FBI exercises its responsibilities, the OIG concluded that the goals envisioned by Congress in 1994 will not be achieved.
We made 6 recommendations regarding the FBI’s responsibility for CALEA implementation, including improving communications between law enforcement and carrier representatives, collecting and monitoring data regarding CALEA compliance, and revisiting current plans for the remaining $45 million in CALEA funding. The FBI concurred with all of our recommendations.
The FBI’s Combined DNA Index System (CODIS) includes a national information repository that permits the storing and searching of DNA specimen information to facilitate the exchange of DNA information by law enforcement agencies. During this reporting period, the OIG’s Audit Division audited several state and local laboratories that participate in CODIS to determine if they comply with the FBI’s Quality Assurance Standards (QAS) and National DNA Index System (NDIS) requirements. We also evaluated the accuracy and appropriateness of the data that participating federal, state, and local laboratories have submitted to the FBI. Below are two examples of findings reported in our audits:
During this reporting period, the OIG received 671 complaints involving the FBI. The most common allegations made against FBI employees included waste or misuse of government property, job performance failure, and misuse of a credit card. The OIG opened 17 cases and referred 634 allegations to the FBI’s Inspection Division for investigation.
At the close of the reporting period, the OIG had 44 open cases of alleged misconduct against FBI employees. The criminal investigations cover a wide range of offenses, including the improper release of information, theft of government funds, and fraud. The administrative investigations include serious allegations of misconduct and allegations against high-level employees. The following are examples of cases involving the FBI that the OIG’s Investigations Division investigated during this reporting period:
At the request of the FBI Director, the OIG initiated an investigation of an FBI shooting incident in Puerto Rico that resulted in the death of Filiberto Ojeda Rios. Ojeda was a founder and leader of Los Macheteros, a pro-independence organization in Puerto Rico. Ojeda was arrested in 1985 in connection with a major bank robbery in Connecticut, but had been a fugitive since fleeing in 1990 while released on bail. During the FBI’s attempt to arrest Ojeda at a rural residence in western Puerto Rico on September 23, 2005, an FBI agent was wounded and Ojeda was shot and killed. The OIG is examining the circumstances surrounding the shooting and the FBI’s entry into the residence.
The OIG is reviewing FBI employees’ observations and actions related to alleged abuse of detainees at Guantanamo Bay, Iraq, and Afghanistan. The OIG is examining whether FBI employees participated in any incident of detainee abuse in military facilities at these locations, whether FBI employees witnessed incidents of abuse, how FBI employees reported observations of abuse, and how those reports were handled by the FBI and the Department.
At the request of the FBI Director, the OIG is reviewing the FBI’s performance in connection with the handling of Katrina Leung, an asset in the FBI’s Chinese counterintelligence program who had a long-term intimate relationship with her FBI handler, former Special Agent James J. Smith. The OIG is examining a variety of performance and management issues related to the FBI’s handling of Leung.
As required by the USA Patriot Improvement and Reauthorization Act of 2005, the OIG is reviewing the FBI’s use of authorities modified under the Patriot Act to obtain business records for foreign intelligence purposes and to issue National Security Letters. Our review will examine the effectiveness of these investigative tools and identify any noteworthy circumstances related to their use. We also will examine what information was collected, retained, and analyzed, and how it was used and disseminated; any procedural delays that may have harmed national security; and any impediments that may have prevented the FBI from making full use of the authorities under the Patriot Act.
The OIG is conducting a follow-up review of the FBI’s progress in implementing recommendations contained in our August 2003 report entitled, “A Review of the FBI’s Performance in Deterring, Detecting, and Investigating the Espionage Activities of Robert Philip Hanssen.” The OIG report made 21 recommendations to help the FBI improve its internal security and enhance its ability to deter and detect espionage. The Hanssen follow-up review will assess the FBI’s response to recommendations in the report.
In August 2002, the OIG issued several audit reports on the control of weapons and laptop computers by various Department components. These reports detailed significant lapses in the control of weapons and laptops, particularly in the FBI. Our follow-up audit will focus on the FBI’s efforts to take corrective action on the recommendations in our original audit report.
As a follow-up to our 2001 report on CODIS, which was described in our September 2001 Semiannual Report to Congress, the OIG is analyzing findings from DNA laboratory audits – both OIG-conducted audits and external quality assurance audits – to determine if they reveal global trends and vulnerabilities. We also are assessing the adequacy of the FBI’s administration of CODIS, including its oversight of the national DNA database, and evaluating its implementation of corrective actions in response to the original report.