J. Bradley Jansen testimony “FBI Guidelines”Staff briefingHouse Judiciary CommitteeJune 26, 2002Data-related questions regarding FBI Guidelines changes prepared by the FreeCongress FoundationBackground: Attorney General John Ashcroft inherited a data management crisisthat threatens our National Security. The inability of the Federal Bureau ofinvestigation to “connect the dots” as well as the problems identified in theWebster Report concerning the FBI double agent Robert Hansen were both symptoms ofthat data management crisis. Information overload is the root cause.Data integrity refers to preserving the validity of data within an organization.This is achieved by ensuring the data is accurate and relevant. There is aninverse relationship between quantity and quality of data within an organization.As the amount of data increases the quality and accuracy diminishes due tostorage, transfer, human error, bugs and viruses, etc.The Department of Defense defines Information Security as: (DOD) Informationsecurity is the protection of information and information systems againstunauthorized access or modification of information, whether in storage,processing, or transit, and against denial of service to authorized users.Information security includes those measures necessary to detect, document, andcounter such threats. Information security is composed of computer security andcommunications security (also called INFOSEC).Common security breaches occur within an organization by authorized users.Policies and Procedures need to be in place and enforced to ensure these securitybreaches are detected and stopped.Questions: The FBI suffers from information overload and its inability both tomake good intelligence of the raw data available. What resources are going to bedevoted to correct this problem?Since the new Guidelines permit the use of “publicly-available” information, whatefforts are going to be made to verify the accuracy of that data? Under whatcircumstances/conditions will agents be relying on information of dubiousaccuracy? (anyone who has checked their credit report understands this)The Report on Financial Privacy, Law Enforcement and Terrorism by the ProsperityTask Force on Information Exchange and Financial Privacy (May 2002) outlined manyproblems related to sharing of too much information without adequate controls totoo many countries. With what countries and under what circumstances are wesharing information? What controls exist on those information exchangearrangements? Since Syria, Cuba, Libya, China, Iran, Iraq and other countries areInterpol members and share in the international information exchange system, whatsteps is the DoJ taking to limit the use of the new information collected into theFBI databases?Since the new Guidelines do not require approval of the FBI headquarters forrenewal of preliminary inquiries, how will the FBI be able to “connect the dots”if the left hand won’t know what the right is doing? Will preliminary inquiryrenewals require notification to headquarters? What procedures will beestablished to review those renewals?What audit trails is the FBI instituting on datamining? What controls are being