To the FBI IT incompetence beats misleading Congress
When FBI Director Robert Mueller testified before the Senate Judiciary Committee over the underreported of "national security letters" he had two choices: Tell senators that the FBI deliberately downplayed the number of letters or claim IT incompetence.
IT incompetence won hands down. And given the FBI's history with technology implementations Mueller didn't have to stretch at all.
National security letters, or NSLs, are used to get electronic communications, phone records and financial information for investigations. The flap over the FBI's use of NSLs and privacy surfaced in a Justice Department audit, but one big issue that remains is the FBI's technology management.
Mueller went the blame the FBI's information management route in his testimony, but isn't that just as damning? In his testimony Mueller told senators the following:
"There are a substantial number of requests, but we are not collecting information on hundreds of thousands of Americans. The process for tabulating NSLs simply did not keep up with the volume. Although we came to that realization prior to the OIG report and are working on a technological solution, that realization came later than it should have."
Comforting. So now we have to pin our hopes on yet another FBI project being implemented correctly by the end of 2007. A few excerpts from Mueller's testimony:
"The tracking of NSLs for congressional reporting purposes resides in a standalone Access database. This database is referred to in the OIG report as the OGC database. While the OGC database was a major technological step forward from three-by-five index cards once used to track NSLs, it is not an acceptable system given the significant increase in use of NSLs since 9/11.
First and foremost, the OGC database is not electronically connected to the Automated Case Support system (ACS), the system from which we derive the data. Instead, there is a manual interface between ACS and the OGC database. An OGC employee is responsible for taking every NSL lead that is sent to OGC and manually entering the pertinent information into the OGC database. Nearly a dozen fields must be manually entered, including the file number of the case in which the NSL was issued (typically 15 digits and alphanumeric identifiers).
Approximately a year ago, we recognized that our technology was inadequate and began developing an automated system to improve our ability to collect this data. The system, in addition to improving data collection, will automatically prevent many of the errors in NSLs that we will discuss today. We are building an NSL system to function as a workflow tool that will automate much of the work that is associated with preparing NSLs and the associated paperwork.
The NSL system is designed to require the user to enter certain data before the workflow can proceed and requires specific reviews and approvals before the request for the NSL can proceed. Through this process, the FBI can automatically ensure that certain legal and administrative requirements are met and that required reporting data is accurately collected. For example, by requiring the user to identify the investigative file from which the NSL is to be issued, the system will be able to verify the status of that file to ensure that it is still open and current (e.g. request date is within six months of the opening or an extension has been filed for the investigation) and ensure that NSLs are not being requested out of control or administrative files.
The system will require the user to separately identify the target of the investigative file and the person whose records are being obtained through the requested NSL, if different. This will allow the FBI to accurately count the number of different persons about whom we gather data through NSLs. The system will also require that specific data elements be entered before the process can continue, such as requiring that the target's status as a United States person or non-United States person be entered. The system will not permit requests containing logically inconsistent answers to proceed.
The NSL system is being designed so that the FBI employee requesting an NSL will enter data only once...
We began working with developers on the NSL system in February 2006 and we are optimistic that we will be able to pilot it this summer and roll it out to all field offices by the end of the year. At that point, I will be confident the data we provide to Congress in future reports is as accurate as humanly possible."
In the meantime, the FBI is correcting its databases with the proper number of NSLs with manual reviews and random sampling.