What's worse? The fact that the FBI lost 11 laptops a month for two years, or the fact that it does not even know what was on them

Today the U.S. Department of Justice (DOJ) released a report on an audit that it had been conducting on the FBI for nearly the past six years (PDF). The investigation was started when members of the FBI were made aware that weapons and laptops containing sensitive and classified information had been lost or stolen. The investigation was initially started by the Office of the inspector General (OIG) over the control of weapons and laptop computers with several other government bodies such as the Drug Enforcement Administration (DEA) and the United States Marshal Service (USMS).

Initial data from early audits revealed that the FBI count not account for 317 laptops that were lost, missing or stolen over a 28 month period. Details in the report revealed that the FBI did not report the missing or stolen laptops to the DOJ and that the information on the computers was not entered into the National Crime Information Center (NCIC) database. The report also revealed that people aware of the missing laptops did not report the incidents in a timely manner and investigations were not launched in an attempt to find and retrieve the laptops.

Since 2001, the DOJ's second audit on the FBI reported that 160 laptops were unaccounted for during a 44 month period. This follow-up report concluded that the number of stolen laptops declined while cases for missing laptops increased.

Since the laptops were already gone, the FBI could not determine whether or not the laptops had critically sensitive information on them.

The FBI's security division had very limited information about the missing laptops.  During the 44 month follow up audit, only 8 of the 160 missing notebooks were reported correctly.  The FBI's security division later revealed that some of the laptops contained the following:
  • Software for creating identification badges
  • Information and software used to process surveillance digital imaging
  • Security plans for access control systems
  • Names, addresses and phone numbers of FBI personnel
  • Sensitive but unclassified data
The DOJ report also indicated that the missing laptops occurred over several different FBI divisions, including its counterterrorism division, cyber crime division and counter-intelligence division. According to the report:
We believe that the FBI was lax in adhering to its own policies of reporting the contents of lost or stolen laptop computers. The FBI has to be more diligent in ensuring that it responds appropriately and aggressively to each laptop loss.
While some of the missing laptops were eventually found, the majority of the laptops are still missing today, and there is little hope that they will show up again. In high-security organizations like the FBI, a large number of laptops still go missing or get stolen, which spells trouble for large companies that try to keep an eye on their assets.

In conclusion, the DOJ states:
The FBI failed to give sufficient priority to property management. Periodic inventories of accountable property were not conducted, departing employees did not always return all property that had been issued to them, and the destruction of outdated, damaged, or excessed laptop computers was not adequately documented. Additionally, while the FBI documented the disposal of laptop computers, it did not adequately document that all sensitive or classified information had been sanitized prior to their disposal.

"What would I do? I'd shut it down and give the money back to the shareholders." -- Michael Dell, after being asked what to do with Apple Computer in 1997

Latest Blog Posts

Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki