Semiannual Report to Congress

October 1, 2006-March 31, 2007
Office of the Inspector General

Federal Bureau of Investigation

FBI logo The FBI investigates counterterrorism, foreign counterintelligence, civil rights violations, organized crime, violent crime, financial crime, and other violations of federal law. FBI Headquarters in Washington, D.C., coordinates the activities of approximately 29,500 employees in 56 domestic field offices, approximately 400 satellite offices, and 59 foreign liaison posts that work abroad on criminal matters within the FBI’s jurisdiction.

Reports Issued

The FBI’s Use of National Security Letters

On March 9, 2007, as required by the Patriot Reauthorization Act, the OIG issued a report examining the FBI’s use of national security letters (NSL). Under five statutory provisions, the FBI can use NSLs to obtain – without a court order – records such as customer information from telephone companies, Internet service providers, financial institutions, and consumer credit companies. The Patriot Act broadened the FBI’s authority to use such letters by lowering the threshold standard for issuing them, allowing the special agents in charge of FBI field offices to sign NSLs, and permitting the FBI to use NSLs to obtain full credit reports in international terrorism investigations. The Patriot Reauthorization Act directed the OIG to review the FBI’s use and effectiveness of NSLs, including any improper or illegal uses of these authorities.

Our review, which covered the period from 2003 to 2005, found that the FBI’s use of NSL authorities has increased in the years since the enactment of the Patriot Act in October 2001. In 2000, the last full year prior to the Patriot Act’s passage, the FBI issued approximately 8,500 NSL requests. After the Patriot Act was passed, the FBI dramatically increased its use of NSLs, issuing approximately 39,000 NSL requests in 2003, 56,000 in 2004, and 47,000 in 2005, according to the database the FBI maintains for the purpose of reporting its NSL usage to Congress. In total, during the 3-year period covered by our review, the FBI issued more than 143,000 NSL requests. However, the OIG concluded that these statistics, which were based on information from the FBI’s database, significantly understated the total number of NSL requests issued by the FBI because the database was inaccurate and did not include all NSL requests. For example, our examination of case files at 4 FBI field offices found approximately 22 percent more NSL requests in case files we examined than were recorded in the database for those same files.

Our review also examined the effectiveness of NSLs, which are used by the FBI for various purposes, including developing evidence to support applications for orders issued under the Foreign Intelligence Surveillance Act (FISA), developing links between subjects of FBI investigations and other individuals, providing leads and evidence to allow FBI agents to initiate or close investigations, and corroborating information obtained by other investigative techniques. FBI personnel told the OIG that they believe NSLs are indispensable investigative tools in many counterterrorism and counterintelligence investigations.

As directed by Congress, the OIG also examined whether there was any improper or illegal use of NSL authorities. The OIG found that from 2003 to 2005 the FBI identified 26 possible intelligence violations involving its use of NSLs. The possible violations included issuing NSLs without proper authorization, making improper requests under the statutes cited in the NSLs, and conducting unauthorized collection of telephone or Internet e-mail transactional records. In addition to the possible violations reported by the FBI, our review of 77 FBI case files and 293 NSLs in 4 field offices found an additional 22 possible violations. They included improper requests under the pertinent NSL statute and unauthorized collection, due either to FBI or third party error.

The OIG review also identified more than 700 instances in which the FBI improperly obtained telephone toll billing records and subscriber information from 3 telephone companies by issuing “exigent letters” signed by personnel in the FBI’s Counterterrorism Division rather than by issuing NSLs. These exigent letters stated they were being issued due to exigent circumstances and the FBI was in the process of obtaining subpoenas for the information. However, the OIG found that the exigent letters were sometimes sent when there was no emergency; that in some instances there were no underlying national security investigations, or documentation of such investigations, tying the exigent letter requests with pending investigations; and that subpoenas had not in fact been submitted to the USAOs’ as represented in the letters.

The OIG’s review recognized the significant challenges the FBI faced during the period covered by the review and the major organizational changes it was undergoing in that period. Nevertheless, the OIG concluded that the FBI engaged in serious misuse of NSL authorities and in several instances acquired information it was not lawfully authorized to obtain under NSL statutes, such as obtaining consumer full credit reports in counterintelligence investigations.

The OIG made 10 recommendations to the FBI relating to its use of NSLs, including improving its database to ensure that it captures timely, complete, and accurate data on NSLs; issuing additional guidance to field offices to assist in identifying possible intelligence violations arising from the use of NSLs; and taking steps to ensure that it employs NSLs in accordance with the requirements of NSL authorities, Department guidelines, and internal policy. The FBI concurred with all of our recommendations and agreed to implement corrective actions.

The FBI’s Use of Section 215 Orders

On March 9, 2007, as required by the Patriot Reauthorization Act, the OIG also issued a report on the FBI’s use of Section 215 orders to obtain business records. Section 215 of the Patriot Act allows the FBI to seek an order from the Foreign Intelligence Surveillance Court to obtain “any tangible thing,” including books, records, and other items from any business, organization, or entity if the item is for an authorized investigation to protect against international terrorism or clandestine intelligence activity.

Section 215 did not create any new investigative authority but instead significantly expanded existing authority by broadening the types of records that can be obtained and lowering the evidentiary threshold to obtain an order. Public concerns about the scope of this expanded authority centered on the FBI’s ability to obtain library records. However, the OIG review found that the FBI did not obtain Section 215 orders for any library records during the 2002 to 2005 period covered by our review.

Our review found that from 2002 to 2005 the Department, on behalf of the FBI, obtained a total of 21 “pure” Section 215 applications – requests for any tangible item that were not associated with any other FISA authority. In addition, the Department obtained 141 “combination” Section 215 requests that were added to a FISA application for pen register/trap and trace orders to obtain subscriber information.

Our review did not identify any instances involving improper or illegal use of pure Section 215 orders. We found no instance in which the information obtained from a Section 215 order resulted in a major case development, such as disruption of a terrorist plot. We also found that little of the information obtained through Section 215 orders had been disseminated to intelligence agencies outside the Department. However, FBI personnel said they believe the kind of intelligence gathered from Section 215 orders was essential to national security investigations, and the importance of the information was sometimes not known until much later in an investigation – for example, when the information was linked to some other piece of intelligence. FBI officials and Department attorneys stated that Section 215 authority had been useful because it was the only compulsory process for certain kinds of records that could not be obtained through alternative means, such as grand jury subpoenas or NSLs.

The OIG review also found that the FBI had not used Section 215 orders as effectively as it could have because of legal, bureaucratic, or other impediments to obtaining these orders. For example, after passage of the Patriot Act neither the Department nor the FBI issued implementing procedures or guidance on the expansion of Section 215 authority. In addition, we found significant delays within the FBI and the Department in processing requests for Section 215 orders. Finally, we determined through our interviews that FBI field offices did not fully understand Section 215 orders or the process for obtaining them.

Sentinel Audit: Status of Development of the FBI’s New Case Management System

The OIG’s Audit Division issued the second in a series of reports auditing the FBI’s ongoing development of its Sentinel IT project, which is intended to upgrade the FBI’s case management system and create an automated workflow process.

Our second Sentinel audit found that the FBI has made significant progress in addressing several important areas reported in our first audit of Sentinel, such as: 1) adequately staffing the Sentinel Program Management Office; 2) requiring that Sentinel meet a new joint Department and DHS information sharing standard, which will allow Sentinel to communicate with other systems built to the standard; 3) establishing an Earned Value Management system to monitor Sentinel’s project costs and schedule; 4) establishing layers of review, approval, and reporting for Sentinel spending; and 5) completing plans for the independent verification and validation of Sentinel’s software to ensure that it will perform as intended.

However, our current audit identified several issues that the FBI must continue to address as the Sentinel project continues through its first phase of development and enters its more challenging and higher-risk second phase in 2007. We found that the FBI has taken a positive step by establishing a risk management plan that identifies the significant risks associated with the Sentinel project. Yet the contingency plans, and the triggers for activating such plans, exist for only 3 of the 20 identified risks being monitored. With respect to project risks, we viewed the FBI’s ability to successfully migrate data from its antiquated Automated Case Support system to Sentinel as a potentially significant challenge. Another significant challenge will be ensuring that Sentinel’s software configuration allows all components of the system to work together seamlessly.

The OIG report contained five recommendations that focus on further reducing risks to the Sentinel project, including updating the estimate of total project costs as actual cost data becomes available, developing contingency plans for significant project risks, and filling vacancies in the Sentinel Program Management Office. We will continue to monitor and periodically issue audit reports throughout the four phases of the Sentinel project in an effort to monitor the FBI’s progress and identify any emerging concerns.

The FBI’s Control Over Weapons and Laptop Computers

The OIG’s Audit Division completed a follow-up audit of the FBI’s efforts to improve controls over its weapons and laptop computers. The FBI, which maintains more than 52,000 weapons and 26,000 laptops, reported 160 lost or stolen weapons and 160 lost or stolen laptops during a 44-month period from February 2002 through September 2005. This represented a decrease from our prior audit report, issued in 2002, when the FBI reported 354 weapons and 317 laptops lost or stolen during a 28-month period.

While the FBI has made progress in reducing the rate of loss for weapons and laptops, we identified at least 10 of the 160 missing laptops containing sensitive or classified information, 1 of which contained personally identifiable information on FBI personnel. Even more troubling, we found that the FBI could not determine whether 51 additional lost or stolen laptops contained sensitive or classified information. Seven of these 51 laptops were assigned to the Counterintelligence or Counterterrorism Divisions, both of which handle sensitive information related to national security. Without knowing the content of these lost and stolen laptops, it is impossible for the FBI to determine the extent of the damage these losses might have had on its operations or on national security.

Our review also found that, after our 2002 audit, the FBI improved its controls by establishing deadlines for reporting lost and stolen weapons and laptops, entering those losses into the National Crime Information Center (NCIC), and referring the losses for investigation. However, the FBI did not consistently follow these procedures. For example, we found that many of the forms that were used to report both gun and laptop losses were missing critical information such as the date of the loss; whether the loss was entered into NCIC; whether the FBI unit responsible for investigating the loss had been notified; and in the case of laptops, whether they contained sensitive or classified information. We also found that when some of the lost or stolen laptops were identified as containing sensitive or classified information, the FBI examined only a few of those losses to determine the damage they may have had on the FBI’s operations and national security.

In addition, our audit determined that the FBI submitted late and inaccurate reports to the Department with respect to losses of its weapons and laptops, did not adequately document its disposal of excess laptops and hard drives to ensure that all sensitive or classified information had been sanitized prior to disposal, and failed to consistently ensure that departing employees returned their assigned weapons and laptops prior to leaving the FBI.

We made 13 recommendations to the FBI to improve its management controls over weapons and laptops. The FBI agreed with most of our recommendations and outlined a plan for taking corrective action to address all of our recommendations.

The FBI’s Response to Congressman Foley’s E-mails to a Page

The OIG issued a special report examining the FBI’s initial response to e-mails sent by Congressman Mark Foley to a former page with the House of Representatives. The e-mails were forwarded to the FBI in July 2006 by the advocacy group Citizens for Responsibility and Ethics in Washington (CREW). Five of the e-mails were written by Foley to the former page and contained statements that, at a minimum, could be described as unusual between an adult in a position of authority and a juvenile. Three additional e-mails were exchanges between the former page and a House of Representatives employee in which the former page expressed his concern about the nature of Foley’s e-mails. Foley resigned from Congress on September 29, 2006, after the e-mails and more explicit instant messages became public.

The OIG found that when the FBI initially received these e-mails, it reviewed them and decided not to investigate them further. This decision was made by an FBI Supervisory Special Agent after consulting with other FBI divisions, including the Crimes Against Children and Adult Obscenity Squad and the Cyber Crimes Squad, mainly because the e-mails were not “sexually explicit” and did not contain “ language of persuasion or enticement to engage in any type of activity, criminal or otherwise.” We concluded that the Supervisory Special Agent’s decision not to open an investigation fell within the range of discretion that she was afforded in her position as a supervisor and did not constitute misconduct.

However, we also determined that the e-mails provided enough troubling indications on their face, particularly given the position of trust and authority that Foley held with respect to pages, that the FBI should have, at the least, taken some follow-up steps, such as interviewing the former page; notifying House of Representatives’ authorities in charge of the page program about the concerns expressed by the former page; or sharing its decision to decline the investigation with CREW, who was relying on the FBI to pursue the matter and, as a result, had not notified anyone else about the e-mails.

As part of our review, we also examined inaccurate statements reported in the media attributed to FBI and Department officials when the e-mails became public. In particular, reports that the FBI and the Department stated that CREW had provided heavily redacted e-mails and refused to provide information about the source of the e-mails – which was the reason the FBI did not at the time take further action – were not correct. We attributed these inaccuracies to a misinterpretation of the description of events that was disseminated within the FBI and the Department regarding the FBI’s actions in response to the e-mails it received in July.

CODIS Audits

The FBI’s Combined DNA Index System (CODIS) includes a national information repository that permits the storing and searching of DNA specimen information to facilitate the exchange of DNA information by law enforcement agencies. During this reporting period, the OIG’s Audit Division audited several state and local laboratories that participate in CODIS to determine if they comply with the FBI’s Quality Assurance Standards (QAS) and National DNA Index System (NDIS) requirements. Additionally, we evaluated whether the laboratories’ DNA profiles in CODIS databases were complete, accurate, and allowable. Below is an example of our findings:


During this reporting period, the OIG received 852 complaints involving the FBI. The most common allegations made against FBI employees were Intelligence Oversight Board Violations, waste, misuse of government property, and job performance failure. The OIG opened 15 cases and referred other allegations to the FBI’s Inspection Division for its review.

At the close of the reporting period, the OIG had 31 open criminal or administrative investigates of alleged misconduct relating to FBI employees. The criminal investigations cover a wide range of offenses, including improper release of information, other official misconduct, and fraud. The administrative investigations involve serious allegations of misconduct. The following are examples of cases involving the FBI that the OIG’s Investigations Division handled during this reporting period:

Ongoing Work

The FBI’s Use of National Security Letters in 2006

As required by the Patriot Reauthorization Act, the OIG is continuing to review the FBI’s use of NSLs in 2006. We also are monitoring the FBI’s corrective action taken in response to our March 2007 report regarding the use of these authorities in prior calendar years.

The FBI’s Use of Section 215 Orders in 2006

As required by the Patriot Reauthorization Act, the OIG is continuing to review the FBI’s use of Section 215 orders in 2006 to obtain business records.

Sentinel: Status of the FBI’s Case Management System

The OIG is conducting its third audit in a series of reports examining the FBI’s ongoing development of its Sentinel case management project. Our third audit of Sentinel is assessing the overall status of the Sentinel project and whether the first two phases of the project are meeting budget, schedule, and performance expectations. We also are evaluating whether the FBI’s management controls and provisions of the Sentinel contract provide reasonable assurance that it will be completed successfully and efficiently, and determining the status of the FBI’s efforts to resolve the concerns discussed in our previous reports.

FBI Reports of Alleged Abuse of Military Detainees

The OIG is reviewing FBI employees’ observations and actions regarding alleged abuse of detainees at Guantanamo Bay, Abu Ghraib prison, and other venues controlled by the U.S. military. The OIG is examining whether FBI employees participated in any incident of detainee abuse, whether FBI employees witnessed incidents of abuse, whether FBI employees reported any abuse, and how those reports were handled by the FBI. In addition, the OIG is assessing whether the FBI inappropriately retaliated against or took any other inappropriate action against any FBI employee who reported any incident of abuse.

Follow-up Examining Hanssen Review Recommendations

The OIG is completing its follow-up review of the FBI’s progress in implementing recommendations contained in our August 2003 report entitled, “A Review of the FBI’s Performance in Deterring, Detecting, and Investigating the Espionage Activities of Robert Philip Hanssen.” Our previous report made 21 recommendations to help the FBI improve its internal security and enhance its ability to deter and detect espionage. The Hanssen follow-up review is assessing the FBI’s response to recommendations in the report.

Follow-up Review of the Terrorist Screening Center

A June 2005 OIG audit report assessed the Terrorist Screening Center’s consolidated terrorist watch list database and computer systems, as well as staffing, training, and oversight of the Call Center. In this follow-up review, we are auditing the Center’s efforts to ensure the quality of the information in the watch list database and its attempts to minimize the impact for individuals incorrectly identified as watch list subjects.

The FBI’s Efforts to Combat Crimes Against Children

The OIG is auditing the FBI’s ability to effectively meet the goals of its Crimes Against Children program. We are assessing the FBI’s efforts to establish or enhance initiatives designed to decrease the vulnerability of children to acts of sexual exploitation and abuse; develop a nationwide capacity to provide a rapid, effective, and measured investigative response to crimes involving the victimization of children; and enhance the capabilities of state and local law enforcement investigators through training programs, investigative assistance, and task force operations.

The FBI’s Progress in Hiring, Training, and Retaining Intelligence Analysts

The OIG issued a report in May 2005 examining the FBI’s efforts to hire, train, and retain intelligence analysts. This follow-up audit examines the FBI’s continuing efforts to develop its intelligence analyst corps and the FBI’s progress in implementing the recommendations we made in our prior audit.

The FBI’s Efforts to Resolve Terrorist Threats and Suspicious Incidents

FBI guidance requires that terrorist threats and suspicious incidents be reported to its National Threat Center Section and resolved through investigation. Threats and suspicious incidents also are recorded in the FBI’s Guardian database, which allows users to enter, assign, and manage terrorism threats and suspicious activities while simultaneously allowing field offices and Joint Terrorism Task Force members to view this information. Among other issues, the OIG is assessing the process and guidance for recording, resolving, and sharing information on terrorist threats; the FBI’s compliance with the proper recording and resolution of threats; and the status of the FBI’s IT tools for tracking the resolution of such threats.

« Previous Table of Contents Next »