J.

Bradley Jansen testimony “FBI Guidelines”

Staff briefing
House Judiciary Committee
June 26, 2002

Data-related questions regarding FBI Guidelines changes prepared by the Free

Congress Foundation

Background: Attorney General John Ashcroft inherited a data management crisis

that threatens our National Security. The inability of the Federal Bureau of
investigation to “connect the dots” as well as the problems identified in the
Webster Report concerning the FBI double agent Robert Hansen were both symptoms of
that data management crisis. Information overload is the root cause.

Data integrity refers to preserving the validity of data within an organization.

This is achieved by ensuring the data is accurate and relevant. There is an
inverse relationship between quantity and quality of data within an organization.
As the amount of data increases the quality and accuracy diminishes due to
storage, transfer, human error, bugs and viruses, etc.

The Department of Defense defines Information Security as: (DOD) Information

security is the protection of information and information systems against
unauthorized access or modification of information, whether in storage,
processing, or transit, and against denial of service to authorized users.
Information security includes those measures necessary to detect, document, and
counter such threats. Information security is composed of computer security and
communications security (also called INFOSEC).

Common security breaches occur within an organization by authorized users.

Policies and Procedures need to be in place and enforced to ensure these security
breaches are detected and stopped.

Questions: The FBI suffers from information overload and its inability both to
make good intelligence of the raw data available. What resources are going to be
devoted to correct this problem?

Since the new Guidelines permit the use of “publicly-available” information, what
efforts are going to be made to verify the accuracy of that data? Under what
circumstances/conditions will agents be relying on information of dubious
accuracy? (anyone who has checked their credit report understands this)

The Report on Financial Privacy, Law Enforcement and Terrorism by the Prosperity
Task Force on Information Exchange and Financial Privacy (May 2002) outlined many
problems related to sharing of too much information without adequate controls to
too many countries. With what countries and under what circumstances are we
sharing information? What controls exist on those information exchange
arrangements? Since Syria, Cuba, Libya, China, Iran, Iraq and other countries are
Interpol members and share in the international information exchange system, what
steps is the DoJ taking to limit the use of the new information collected into the
FBI databases?

Since the new Guidelines do not require approval of the FBI headquarters for
renewal of preliminary inquiries, how will the FBI be able to “connect the dots”
if the left hand won’t know what the right is doing? Will preliminary inquiry
renewals require notification to headquarters? What procedures will be
established to review those renewals?

What audit trails is the FBI instituting on datamining? What controls are being
implemented to limit abuse of information by authorized users? How is the FBI
working to prevent and detect the next Robert Hansen with all of the new
information available?