Weaknesses Found in FBI Data Collection Application

Justice’s OIG recently released the Procedural Reform Recommendation for its investigation into a set of missing text messages related to a Pre-election Review. The investigation found deficiencies in the FBI’s commercial off-the-shelf, automated application located at its Enterprise Security Operations Center (ESOC), as well as other security vulnerabilities.  

Background

In response to a request regarding a gap in text messages collected between December 2016 and May 2017, the OIG investigated mobile devices for two FBI employees. The inspection included Samsung Galaxy S5 and S7 and Apple iPhone devices. FBI policy dictates that employees must use agency-issued email and devices related to investigative activity at all times. While the policy does not necessarily label ESOC as a repository for e-communications, FBI policy does point employees to ESOC when trying to retrieve previous communications.

During the investigation, the OIG was informed that a technical refresh took place in 2017 with Galaxy S5 phones phased out by Galaxy S7s. Among other reasons, the refresh occurred due to known failures by the collection application to retrieve 20% of text messages from FBI employees. A newer version of the application was also implemented in March 2017 to help remedy the situation. However, the OIG found that errors and misconfiguration occurred during the initial set up of the updated collection application. Additionally, hardware complications such as poor to no cellular services, and software and operating system updates also contributed to the interruptions faced by the collection application’s ability to collect text message data. As of November 2018, even with the updated application tool, 10% of text messages from FBI employees are not properly collected by the tool.  

Findings

The OIG used its own forensic extraction tools to retrieve the text messages. As a result, approximately 9,311 text messages were recovered from one of the employee’s Galaxy S5 and another 10,760 text messages from the other employee’s S5 during the identified failed collection period.

Moreover, during its investigation, the OIG found a database that appeared to retain a copy of the text messages shortly after the phones were issued through the day the phones were no longer connected to the service provider. The OIG was able to extract 74,385 lines of text messages from one phone’s database and 52,395 lines of text messages from the other. The OIG noted that there were some messages from the data that had not been collected by the FBI’s collection system and some messages collected but not found in the database. The OIG was unable to identify patterns to the missed text messages by both sources.

Contractor Implications

Among recommendations to revisit policy to officially designate ESOC or another entity as the agency’s collection and retention location, the OIG also calls for improvements to the current collection tool application. Specifically, the OIG instructs the FBI to “conduct additional research and testing” of the current collection tool application, or any future new collection tool, to reach 100% of text message collection. In response to the report, the FBI acknowledged that it continues to experience failures with the collection tool. The agency states that it is seeking to work with “vendors, device manufacturers and carriers to develop solutions and backstops to device-based collection.” Contractors with related capabilities and solutions may find opportunities with the FBI to assist in their text message collection and retention processes.