The Encase CaseBy Deborah Gage | Posted 2002-09-11 Email Print
WEBINAR: On-demand webcast
Next-Generation Applications Require the Power and Performance of Next-Generation Workstations REGISTER >
Online exclusive: Despite the shock of Sept. 11, the Federal Bureau of Investigation has been slow to adopt off-the-shelf technology that could help recover key data about future terrorism threats.
The Encase Case
Citing the six-month backlog in evidence gathering, former FBI Director Louis Freeh in February 2000 requested $2.8 million to continue developing ACES, the alternative to Encase. The FBI believes that using outside source-code risks compromise by foreign agents who could insert back doors in the code that transmit classified information.
But in a separate letter sent in April 2002, to Attorney General Ashcroft, Rep. Adam Schiff, the California Democrat representing Guidance's district, claimed that ACES had not kept pace with modern technology and that the FBI had canceled it. Schiff served in the Los Angeles U.S. Attorney's office and in 1990 prosecuted Richard Miller, the first FBI agent to be indicted for spying for the Soviet Union.
Schiff claimed that the FBI's pursuit of ACES "while superior, cost-effective software was commercially available" might be partially responsible for the backlog.
At the same time, FBI agents in the field were using Encase without permission, according to sources close to the bureau, shifting funds to find the money to buy software licenses and training from Guidance Software.
Greg Motta, an attorney in the FBI's Office of General Counsel, declines to discuss the specifics of Zwillinger's letter, although he says there is a "timeliness issue" with Zwillinger's accusations. Motta says the FBI is not prohibiting agents from using Encase, even though the software is not internally tested and approved.
"Our protocol indicates that when one of the internally validated tools is not operating properly, examiners are allowed to use nonvalidated tools so long as they verify the results," Motta says. "The FBI has a collaborative process for testing and evaluating products that transcends any one individual and that we are constantly re-evaluating."
Motta also disputes Schiff's contention that ACES has been discontinued. "ACES is like Microsoft Windowsthere are a bunch of applications thrown in. The degree to which the FBI needs to document examinations is sometimes far in excess of what the local police department [i.e. Encase users] would want."
Zwillinger counters that he is "encouraged" that the bureau is softening on its devotion to developing the same or similar technology in-house. "They say now they are completely open-minded, and are evaluating the use of Encase in the future. Given the challenges posed by increasing cyberthreats and immense quantities of computer evidence, the FBI seems to be refocusing on the nature of its mission."
Chiaradio, however, says that until a couple of years ago, agents routinely developed their own code or shifted funds to conceal purchases of unsanctioned hardware and software.
"Agents, out of frustration at not getting the right automation support, improvised and overcame," he says. "That's why the FBI has 42 investigative stovepipe applications." ACS, for example, is one of five main FBI investigative application systemsonly in April did agents get minimal searching capabilities across four of them.
One former agent who asked not to be named says that "caring public servants" in the FBI are hamstrung by federal budget cycles, government procurement rules that require agencies to plan purchases years in advance, and the impossibility of developing software fast enough to keep up with private industry.
"A headquarters guy like Pollitt would be in a position of having to say what's best for the FBI as an institution," the agent says. "But in today's investigations, it's hard to wait for something perfect if anything is offered in the meantime. 'Perfect' becomes the enemy of 'good.' "
FBI Director Robert Mueller, like his predecessor Louis Freeh, is bringing in what Chiaradio calls "a straighter army"people like Wilson Lowery, who replaces Chiaradio and who carried out former IBM CEO Lou Gerstner's blueprint for transforming IBM from a company with 150 separate financial systems into one with common processes; Darwin John, CIO, who spent 12 years managing IT systems for the Mormon Church and who replaces Bob Dies, hired by Freeh to join the bureau in July of 2000 from IBM; and Sherry Higgins, Trilogy Systems Advisor, who has served as both the CIO and CTO of Lucent.
In August, Higgins testified before a Senate Judiciary subcommittee on the progress of Trilogy, the FBI's latest plan to upgrade its information systems, for which Congress in November 2000 allocated $379 million. Funding has since been increased.
In its current form, Trilogy will provide PCs, printers and scanners for every FBI office, upgrade some FBI networks, improve security, and migrate data from the FBI's five investigative applications into a single Virtual Case File. This will allow agents to use a standard Web browser to submit and track documents (including multimedia files), search the FBI's entire data warehouse with one query, and possibly mine data from other agencies as well.
Astonished senators who watched Higgins use function keys to navigate through 12 green screens to get to a document in ACS demanded to know why Trilogy can't be completed before June 2004. But Higgins has slowed portions of Trilogy by about 15 months since she joined the FBI in March. The Webster Commission said the FBI was trying to move Trilogy so fast, it could not possibly integrate good security into the system.
Guidance President John Patzakis, meanwhile, declines to comment on the FBI, saying Guidance hopes to work with all federal agencies to ensure that the best possible forensic tools are available, whether from inside the governmentor outside.
Additional reporting by John McCormick and Elizabeth Bennett