FBI Bureaucracy Hobbles Tech Adoption

In the same month the twin towers fell, supervisors at the FBI’s Computer Analysis Response Team ordered 83 copies of a software program that reveals the contents of images and files deleted from hard drives on personal computers, as well as visits to Web sites and the destinations of e-mail messages sent from those machines.

The software, known as Encase, had been used by several government agencies to process evidence seized during investigations of terrorist activity after Sept. 11. Earlier this year, Encase helped find the murderers of Wall Street Journal reporter Daniel Pearl. His captors had sent e-mails to government and news organizations on a computer later seized by the Pakistani police.

Encase is easy to use. Examiners attach a small cable, known as a dongle, to the parallel or USB port on a target computer or enter through the computer’s Network Interface Card. The connection allows investigators to preview the contents of a hard drive and to create a virtual image. The drive’s original data is undisturbed.

Encase is a leader in its field, according to Charles Kolodgy, research manager for International Data Corp.’s Internet Security Program. Plus, it meets court-accepted standards for technical evidence, a critical factor in prosecuting or defending a case.

But the software was not used by the analytical response unit, which investigates such computer-related crimes as child pornography. It got a cold shoulder from the FBI, which appears to prefer to build similar software itself.

Despite a six-month backlog in collecting computer-based evidence for court cases, the FBI held up the distribution of those 83 licenses, according to a letter written in February by Marc Zwillinger, a Kirkland & Ellis attorney who represents Guidance Software, Encase’s manufacturer.

By February, the chief of the team’s unit, Mark Pollitt, was trying to block Encase, according to Zwillinger’s letter, which was circulated to several government agencies and viewed by Baseline. Pollitt’s goal, according to the lawyer’s missive, was to preclude the software from being published in the FBI’s Standard Operating Procedures, which lay out which products—whether software, hardware, or guns—the FBI has tested and validated for internal use.

Meanwhile, the FBI continues to try to develop its own alternative to Encase, called the Automated Computer Examination System (ACES). Whether it is available is unknown.

Putting already-available (and already-ordered) commercial software through the wringer is one small example of the many issues the Bureau faces as it struggles to bring its information systems out of what Robert Chiaradio, a former FBI Executive Assistant Director, describes as “a 1950s-style office culture.” Chiaradio retired in June to manage KPMG Consulting’s Homeland Security practice.

Two highly critical reports released in March allege the FBI’s information systems are in complete disarray.

DOJ Inspector General Glenn Fine, who investigated the FBI’s misplacement of more than 1,000 documents related to the Oklahoma City bombing, described how multiple databases were used for tracking documents, with information kept on multiple forms that were handled in multiple ways. Procedures for numbering documents varied from field office to field office. A paper system for tracking documents competed with the FBI’s Automated Case Support (ACS), which manages case files online.

And the Webster Commission—established by Attorney General John Ashcroft in March 2001 to study the FBI’s security programs, after former agent Robert Hanssen was arrested for espionage—described how in November 2000 Hanssen took advantage of the deficiencies in ACS, which Hanssen called “criminal negligence,” to steal between 500 and 1,000 documents that he passed to the Russians. Hanssen read unrestricted descriptions of restricted documents and figured out how to write queries that circumvented “stop words,” or words that the FBI search engine was instructed not to find.

Although Hanssen was technically adept, he also found documents that the commission said should have been restricted, despite the fact that many agents did not understand how to do so. In September 2000, the commission said, the FBI discovered it was operating at least 50 computer systems, 30 of which contained classified information, and the bureau subsequently discovered several more. Hanssen compromised over 50 human sources, many of whom were imprisoned or executed.