The FBI seeks to protect the United States against terrorist and foreign intelligence threats, enforces the criminal laws of the United States, and provides criminal justice services to federal, state, municipal, and international agencies and partners. FBI headquarters in Washington, D.C., coordinates activities of more than 35,500 employees in 56 field offices located in major cities throughout the United States and Puerto Rico, more than 400 resident agencies in smaller cities and towns across the nation, and more than 60 international offices, called “legal attaches,” in U.S. embassies worldwide.
An OIG technical advisory report issued in October 2010 updated Sentinel’s progress since our previous report in March 2010. In this review, we found significant additional issues that we believe can affect the full and successful implementation of Sentinel. As of August 2010, after spending about $405 million of the $451 million budgeted for the Sentinel project, we found that the FBI delivered only two of Sentinel’s four phases to its agents and analysts. Moreover, we reported that the most challenging development work for Sentinel still remains.
While Sentinel has delivered some improvements to the FBI’s case management system, our report concluded it had not delivered much of what it originally intended. In July 2010, the FBI deployed Phase 2 of Sentinel, which provided the FBI’s agents and analysts with the beginnings of an electronic case management system. By July 2010 Sentinel was intended to generate and securely process 18 paperless case-related forms through the review and approval process. Yet, our review disclosed that Sentinel had the capability to generate and process only 4 of the 18 forms, and none of the 4 forms was fully automated. FBI agents and analysts were using Sentinel to generate the four forms, but still had to print the forms to obtain approval signatures, and maintain hard copy files with the required approval signatures.
Because the FBI had not finished the third and fourth phases of Sentinel, FBI agents and analysts also did not have the planned expanded capabilities to search the FBI’s case files. Nor could they use Sentinel to manage evidence, as originally intended. Sentinel also had not replaced the FBI’s obsolete Automated Case Support system, and Sentinel had not yet become the FBI’s official records repository.
In addition, because of Sentinel’s delays and cost increases, in July 2010 the FBI issued another stop-work order that directed Lockheed Martin to stop all work on the remaining phases of Sentinel – Phases 3 and 4. As of August 1, 2010, the FBI had not decided on an approach for completing Sentinel, and FBI officials did not provide the OIG with detailed descriptions of the alternatives under consideration for completing Sentinel. At that time, however, the FBI Chief Technology Officer stated that the alternatives under consideration would allow the FBI to complete Sentinel within its $451 million budget by re-using portions of successful FBI information technology projects, including Sentinel, taking advantage of technological advances and industry best practices, and increasing the reliance on FBI personnel to develop Sentinel. Yet, the Chief Technology Officer acknowledged that his estimate did not include the cost of maintaining Sentinel for 2 years after its completion – costs which had been included in all previous Sentinel budgets. In addition, an independent assessment conducted in July 2010 at the FBI’s request by an outside consultant estimated that completing Sentinel under the FBI’s current development approach would, at a minimum, cost an additional $351 million and take an additional 6 years.
In September 2010, the FBI briefed us on its new approach for completing the Sentinel project—an approach which was still evolving and had not yet been formally approved. Under this new approach, the FBI would assume direct management of Sentinel development and significantly reduce the role of Lockheed Martin in developing Sentinel.
Regardless of the new development approach, it is important to note that Sentinel’s technical requirements are now 6 years old, and there have been significant advances in technology and changes to the FBI’s work processes during that time. Our report contained three recommendations for the FBI’s consideration. First, we recommend that the FBI needed to carefully reassess whether there were new, less costly ways of achieving the functionality described in Sentinel’s original requirements, including the requirement to migrate all case data from the Automated Case Support system into Sentinel. The FBI stated that it was reexamining these issues in its new approach to Sentinel. We also recommended that in any new approach, the FBI should prioritize the remaining requirements to focus on meeting its highest priorities. Finally, our third recommendation was that the FBI should reinstitute or expand many of the project management activities that have been either limited in scope or eliminated during the course of the project, such as project health assessments, which are independent monthly analyses of Sentinel’s progress. The FBI agreed with these recommendations.
The OIG issued a report examining outside employment of the FBI DNA laboratory staff. The audit was initiated as a result of an August 2010 letter from Senator Richard Shelby of Alabama to the FBI expressing concerns about several FBI Laboratory employees who were “moonlighting” for the National Forensic Science Technology Center (NFSTC), which receives over 90 percent of its funding from Department grants. Federal regulations prohibit Department employees, including FBI employees, from engaging in outside employment that involves Department grants.
Our audit concluded that the FBI improperly permitted two of its DNA laboratory employees to work for and be paid by the NFSTC. While working for the NFSTC, the two FBI employees reviewed documents pertaining to Quality Assurance Standards audits of state, local, and other DNA laboratories that participate in the FBI’s Combined DNA Index System (CODIS), which includes FBI-managed databases of DNA profiles from convicted offenders, forensic evidence, arrestees, missing persons, and unidentified human remains. The Department provides grants to fund the NFSTC’s audits of DNA laboratories that use the CODIS databases. Therefore, it is likely that the NFSTC compensated these two FBI employees using Department grant funds.
In addition, we concluded that the FBI Laboratory should not allow its staff to be paid by outside organizations for performing any CODIS-related work, regardless of whether the organization is funded by Department grant money. Because the FBI is the custodian of CODIS and approves which federal, state, and local laboratories can participate in CODIS, we consider such outside work to be inconsistent with standards issued by the Office of Government Ethics.
Both FBI employees who worked for the NFSTC requested and received the approval from FBI Laboratory officials to engage in this outside employment. Each employee was paid about $13,625 by the NFSTC for grant-related review work from January 2009 through July 2010. The audit determined that approving officials were not aware of the extent of grant funding that the NFSTC received from the Department and were also not aware that such outside employment is prohibited regardless of the amount of grant funding provided by the Department. The FBI terminated the outside employment approval for the two employees after receiving Senator Shelby’s August 2010 letter.
The OIG also assessed the outside work of 23 other employees of FBI DNA laboratories who were approved to perform or observe Quality Assurance Standards audits of state, local, or other DNA laboratories conducted under the auspices of the NFSTC and two other organizations. The OIG found the outside work of these 23 FBI DNA laboratory employees was not improper because this work was either part of the FBI employees’ official duties and the employees were not paid by the outside organization, or the outside work occurred prior to their employment with the FBI. However, we determined that five FBI employees signed work agreements with the NFSTC that mischaracterized the relationship between the employees and the NFSTC as an employment arrangement, rather than as work performed as part of official FBI duties. Further, two employees who participated in the outside work before being hired by the FBI did not terminate their work agreements after being hired by the FBI. As a result of the audit, the agreements between the NFSTC and each of the two employees were terminated.
The report made four recommendations to the FBI, including that the FBI Laboratory establish procedures so that it does not approve any requests for staff to be paid by outside organizations for performing CODIS-related work. The FBI agreed with our four recommendations.
The FBI’s CODIS is a national information repository that stores DNA specimen information to facilitate its exchange by federal, state, and local law enforcement agencies. During this reporting period, the OIG audited state and local laboratories that participate in CODIS to determine the laboratories’ compliance with the FBI’s Quality Assurance Standards and National DNA Index System (NDIS) participation requirements. Additionally, we evaluated whether the laboratories’ DNA profiles in CODIS databases were complete, accurate, and allowable for inclusion in NDIS. Below are examples of our audit findings.
- Our audit of the Prince George’s County, Maryland, Police Department Crime Laboratory found that 19 of the 100 forensic DNA profiles we reviewed were unallowable for upload into NDIS. The laboratory removed all 19 profiles from NDIS while we were on site. In addition, we reported that the laboratory did not confirm all its NDIS matches within 30 business days as required by NDIS procedures, nor did it notify investigators of a match in a timely manner. Our audit also disclosed that the laboratory did not implement a recommendation from a previous Quality Assurance Standards review conducted by external Quality Assurance Standards reviewers. Our audit also concluded that the crime laboratory did not secure its CODIS backup data stored on an external hard drive in a locked container as required by NDIS participation requirements. We provided the FBI with six recommendations regarding the laboratory’s compliance with CODIS requirements, including that the laboratory document its profile suitability review to prevent future unallowable profiles from being uploaded to NDIS. The FBI and the laboratory agreed with all six recommendations and implemented corrective action before the final report was issued.
- Our audit of the Bexar County Criminal Investigation Laboratory located in San Antonio, Texas, did not result in deficiencies with the Quality Assurance Standards we tested. However, we found that 11 of the 100 forensic DNA profiles reviewed were unallowable for inclusion in NDIS. Nine of the unallowable profiles matched victims of crimes, and our audit disclosed that all but one of the unallowable victims’ profiles had been entered into NDIS between the middle of 2001 and the end of 2002. A laboratory official informed us that prior to December 2002 the laboratory personnel did not have a clear understanding of what was allowable in NDIS. Bexar County laboratory personnel deleted all 11 of the unallowable profiles from NDIS once we brought the profiles to their attention. However, because we were particularly concerned about the victims’ profiles that were uploaded, we provided the FBI with a recommendation that the laboratory review the DNA profiles at NDIS that were uploaded between 2001 and 2002 and remove any unallowable profiles. The FBI and the laboratory agreed with the recommendation, and as a result, an additional 86 unallowable profiles were removed from NDIS.
- Our audit found that the Austin, Texas, Police Department DNA Laboratory was generally in compliance with the Quality Assurance Standards we tested. However, the audit found that, of the sample of 100 forensic DNA profiles reviewed, 3 were not allowable for upload to NDIS because they were not forensic unknowns. An additional profile, which was not part of our sample, was also identified as unallowable as a result of our review. The 97 other forensic DNA profiles we reviewed were complete, accurate, and allowable for inclusion in NDIS. The Laboratory removed the unallowable profiles from NDIS before we completed our fieldwork.
During this reporting period, the OIG received 903 complaints involving the FBI. The most common allegations made against FBI employees were official misconduct; waste and mismanagement; and off-duty violations. The majority of the complaints received during this period were considered management issues and were provided to FBI management for its review and appropriate action.
During this reporting period, the OIG opened 12 investigations and referred 30 allegations to the FBI’s Inspection Division for action or investigation. At the close of the reporting period, the OIG had 39 open criminal or administrative investigations of alleged misconduct related to FBI employees. The criminal investigations covered a wide range of offenses, including conflict of interest, drug violations, fraud, off-duty violations, and official misconduct. The administrative investigations involved serious allegations of misconduct.
|Source: Investigations Data Management System|
The following are examples of cases involving the FBI that the OIG’s Investigations Division handled during this reporting period:
- An investigation by the OIG’s San Francisco Area Office resulted in the arrest and guilty plea in the Northern District of California of an FBI security specialist to charges of making false statements to a government agency. The investigation determined that the security specialist made false statements on her security financial disclosure form in which she stated that she owned three properties with total outstanding mortgage debt of $866,000, when in fact she owned six properties with outstanding mortgage debt totaling $2,276,000. Subsequently, five of the six properties went into foreclosure proceedings.
- In our March 2009 Semiannual Report to Congress, we reported on an investigation that led to the conviction and sentencing of retired FBI Special Agent John J. Connolly, who assisted the criminal activities of the Winter Hill Gang by supplying gang members with sensitive law enforcement information and intelligence that led directly to the murder of former World Jai Alai President John Callahan in 1982. Connolly was convicted of second-degree murder and sentenced to 40 years’ incarceration. During this reporting period, the Third District Court of Appeal, State of Florida, affirmed the murder conviction of Connolly in the Circuit Court for Miami-Dade County. The OIG’s Boston Area Office provided significant assistance with the government’s legal argument at the appellate hearing. Connolly is currently serving a 10-year federal sentence on racketeering charges. He is due to complete that sentence in June 2011 at which time it is expected he will be taken into custody by Florida officials to begin his 40-year sentence in a Florida institution.
Efforts to Combat National Security Cyber Threats
The OIG is examining the FBI’s efforts to combat cyber intrusions that threaten national security. The review assesses the development and operation of the national Cyber Investigative Joint Task Force and the capabilities of FBI field offices to investigate national security cyber cases.
The OIG initiated a review to identify the total volume of convicted offender DNA samples that remain unprocessed by the FBI laboratory and evaluate the FBI’s ongoing efforts to reduce its convicted offender backlog.
Integrity and Compliance Program
The OIG is reviewing the FBI’s Integrity and Compliance Program, which was established following a 2007 OIG report on the FBI’s use of National Security Letters. This review will evaluate how the FBI’s Program: (1) identifies risks of non-compliance with both the letter and spirit of applicable laws, regulations, rules, and policies; (2) ranks identified risks; (3) analyzes highly ranked risks; (4) mitigates risks with adequate corrective actions; (5) monitors the implementation of the corrective actions to ensure that mitigation is effective; and (6) promotes a culture of integrity and ethical compliance throughout the FBI.
Section 702 of the Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008 (Act) authorizes targeting non-U.S. persons reasonably believed to be outside the United States to acquire foreign intelligence information. As required by the Act, the OIG is examining the number of disseminated FBI intelligence reports containing a reference to a U.S. person identity, the number of U.S. person identities subsequently disseminated in response to requests for identities not referred to by name or title in the original reporting, the number of targets later determined to be located in the United States, and whether communications of such targets were reviewed. In addition, the OIG is reviewing the FBI’s compliance with the targeting and minimization procedures required under the Act.
The OIG is again examining the FBI’s use of National Security Letters (NSL) and Section 215 orders for business records. Among other issues, our review is assessing the FBI’s progress in responding to the OIG’s recommendations in prior OIG reports that examined the FBI’s use of these authorities. Our review will also evaluate the automated system the FBI implemented to generate and track NSLs in response to the deficiencies identified in our prior reports, the number of NSLs issued and 215 applications filed by the FBI from 2007 through 2009, and any improper or illegal uses of these authorities. In addition, the review is examining the FBI’s use of its pen register and trap-and-trace authority under the Act.
The OIG is examining the FBI’s management of the terrorist watchlist nominations process and encounters with watchlisted individuals.
The OIG is continuing to evaluate the FBI’s ongoing development and implementation of the Sentinel information technology project, which is intended to upgrade the FBI’s electronic case management system and provide the FBI with an automated workflow process.
Follow-up Review Examining the FBI’s Response to the Mayfield Report Recommendations
The OIG is conducting a follow-up review to determine the FBI’s progress in implementing the recommendations contained in our March 2006 report, “A Review of the FBI’s Handling of the Brandon Mayfield Case.” The report made 18 recommendations related to the FBI Laboratory Division’s Latent Print Unit and a series of systemic issues that contributed to the misidentification of a latent fingerprint associated with the 2004 terrorist attacks on commuter trains in Madrid, Spain.
Follow-up Review Examining the FBI’s Response to the Leung Report Recommendations
The OIG is conducting a follow-up review of the FBI’s progress in implementing the recommendations contained in our May 2006 report, “A Review of the FBI’s Handling and Oversight of FBI Asset Katrina Leung.” The review is examining matters concerning the FBI’s source validation process as well as FBI procedures governing agent interaction with sources.