I am pleased to be here today to discuss our recent experiences with the Federal Bureau of Investigation (FBI) related to access to the data, documents, and personnel that we have requested in doing our audit work for the Congress. Concern about access to records and people at the FBI is not a new topic for us. Indeed, in July 1991 we testified on access problems that we had at the Justice Department, most of which involved the FBI. Although Congress has not asked us to do a significant body of work at the FBI, we believe that there are many areas where we can make a contribution to improving the agency’s activities and its management of them.
Testimony Before the Committee on the Judiciary
United States Senate
United States General Accounting Office
GAO’S WORK AT THE FBI
Access to Data, Documents, and Personnel
Statement of Norman J. Rabkin
Tax Administration and Justice Issues
Let me start by outlining our statutory right of access to agency records, including those at the FBI, and follow with some examples from our recent experience. Most of these examples are related to specific access problems. I also want to note some positive experiences as well, because although not the norm, we want to present a fair picture.
In summary, the Congress has given us broad authority to access the FBI’s data, documents, and personnel in order to conduct our audits, evaluations, and investigations. This is the same authority we rely on to perform our work at all federal agencies. While things go smoothly on occasion, on many other occasions our access at the FBI has been difficult, resulting in us having to follow cumbersome procedures to meet with Bureau officials and get basic information about their programs and activities. We have had access issues in a number of agencies over the years. However, across law enforcement-related agencies, FBI access issues have been the most sustained and intractable.
Over the past 5 years, we have issued about 50 products that include information related to the FBI’s operations and activities. In only about 10 cases, however, has the FBI been the focus of this work. For example, our report on the National Infrastructure Protection Center (NIPC), located within the FBI, describes its progress in developing national capabilities for analyzing cyber threats and vulnerability data and issuing warnings, enhancing its capabilities for responding to cyber attacks, and establishing information-sharing relationships with government and private-sector entities.1 More often, our work includes the FBI as one of multiple agencies that are the subject of a given review. For example, last year we reviewed security protection for agency officials and the FBI was but one of 30 agencies that we covered.
1 NIPC was established in 1998 as an outgrowth of the FBI’s Computer Investigations and Infrastructure Assessment Center and is located in the FBI’s Counterterrorism Division. The NIPC director and most of the analysts are FBI staff. Other staff are detailees from other federal agencies and from international partners such as Canada.When we initiate work with federal agencies we formally notify key officials about the planned review and meet with them to discuss the objectives of our work. At that meeting we try to determine which agency officials we should interview and what documents or data the agency has that may pertain to our work. At the FBI (and at other agencies), a designated liaison acts as our contact for arranging meetings and access to documents. With few exceptions, we work through the FBI liaison rather than contacting FBI officials directly.
In the course of our work across almost all federal agencies, we routinely receive large amounts of information, some of it highly sensitive. We are careful to guard the security of this information in a manner that meets or exceeds the safety standards established by the source agencies. We have an excellent record in relation to safeguarding sensitive and classified information.
We have broad statutory right of access to agency records in order to conduct audits and evaluations. Under 31 U.S.C. 716(a), federal agencies are required to give us “information…about the duties, powers, activities, organization, and financial transactions of the agency.” This statute applies to federal agencies, including those performing law enforcement functions (such as the FBI), and does not exempt law enforcement information from our access authority. If agencies do not make this information available in a reasonable time, we have the authority to demand access. We do this by sending the head of the agency a letter stating our authority and our reasons for needing the information. The agency has 20 days to respond, after which the Comptroller General may file a report with the President, the Director of the Office of Management and Budget (OMB), the head of the agency, and the Congress. If the agency still has not granted us access within another 20 days, the Comptroller General can bring suit in federal district court unless (a) the records relate to activities the President has designated as foreign intelligence or counter-intelligence activities, (b) the records are specifically exempt from disclosure by statute, or (c) the President or the OMB Director certifies that the information being requested is covered by one of two exemptions listed in the Freedom of Information Act (FOIA),2 and that disclosure reasonably could be expected to impair substantially the operations of the government. (See 31 U.S.C. 716(d).)
2 2 The two relevant FOIA exemptions are exemptions 5 and 7. Exemption 5 (contained in 5 U.S.C. 552(b)(5)) exempts from public disclosure inter-agency or intra-agency memorandums or letters which would not be available by law to a party other than an agency in litigation with the agency. Exemption 7 (contained in 5 U.S.C. 552(b)(7)) exempts from public disclosure records or information compiled for law enforcement purposes, but only to the extent that the production of such law enforcement records or information (A) could reasonably be expected to interfere with enforcement proceedings; (B) would deprive a person of a right to a fair trial or an impartial adjudication; (C) could reasonably be expected to constitute an unwarranted invasion of personal privacy; (D) could reasonably be expected to disclose the identity of a confidential source…; (E) would disclose techniques and procedures for law enforcement investigations or prosecutions or would disclose guidelines for law enforcement investigations or prosecutions if such disclosure could reasonably be expected to risk circumvention of the law; or (F) could reasonably be expected to endanger the life or physical safety of any individual.In the past, we issued a demand letter to the FBI requiring it to provide us with information in accordance with our statutory authority. In that instance the FBI ultimately complied with our request. However, the use of our statutory enforcement authorities can be adversarial and time-consuming. We prefer to work out arrangements that will serve us well in all our work with the FBI and, therefore, enable us to respond promptly and completely to congressional requests.
In that spirit, in March 2000 we met with FBI officials to discuss numerous specific access issues and to try to work out more efficient arrangements to complete our work. At that meeting, and in a subsequent letter from the Assistant Director of the FBI’s Office of Public and Congressional Affairs, the FBI pledged to do a better job in providing us access to records and people. As you will see from the recent examples cited in this testimony, our access problems have not been resolved.
The types of recent access problems fall into several categories and sometimes overlap. One of our greatest problems is delay. This relates to both receiving documents that we have requested and arranging meetings with FBI officials. We have experienced significant delay in an engagement we are just finishing — a review requested by Senator Fred Thompson when he was the chairman of the Senate Governmental Affairs Committee. The focus of that review is the FBI’s coordination of foreign counterintelligence investigations, where criminal violations are implicated, with other components within the Justice Department, most notably the Criminal Division. Although this is a very sensitive subject, our work focused on coordination policies and procedures and the FBI’s adherence to them, not on the decisions regarding the investigations or the intelligence they produced. A work log maintained for this job indicates that 112 days elapsed from when a written list of questions was delivered to the FBI to the delivery of its response.3 During this almost 4-month period, we contacted the FBI at least 15 times to inquire about the status of the response.
3 Due to our experience on FBI reviews, we have urged our staff to keep detailed records of their requests for data or meetings, the FBI’s responses to those requests, and subsequent contacts when the agency does not respond in a timely manner.In another case, we experienced delays in receiving documentation for our work requested by Rep. Christopher Shays, Chairman of the House Government Reform Subcommittee on National Security, Veterans’ Affairs, and International Relations, and Rep. Ike Skelton, Ranking Minority Member of the House Committee on Armed Services. The request concerned coordination between the FBI and several other federal agencies. The issue again was very sensitive, and the report was classified. Beginning in May 1999, we had asked the FBI to produce documents showing administrative guidance it had issued on these activities, the process by which these activities were approved, the timing and duration of specific activities, and evidence of interagency coordination. FBI officials told us they would locate and gather the documents for us. In December 1999, after senior GAO executives intervened, the FBI provided us a minimal and incomplete summary – not copies of original documents. In February 2000 — 9 months after our initial request – FBI officials told us they had no documentation or other records on the activities.
In other examples, we experienced delays in receiving documents related to our work on reports entitled, Gun Control: Implementation of the National Instant Criminal Background Check System and Combating Terrorism: Federal Agencies’ Efforts to Implement National Policy and Strategy, among others. Needless to say, these delays affected our ability to do our work efficiently and adversely affected our ability to provide timely information and advice to the Congress by postponing the issuance of our reports.
Setting up meetings with FBI officials can also be a lengthy process. While the FBI has told us that its goal is to organize meetings within 2 weeks, elapsed time from meeting request to actual meeting for 3 of the 4 meetings on a current job took 35 days, 41 days and 124 days. In the last case, when the meeting finally took place, the FBI sent substitutes for the official who was originally expected to attend the meeting. In these cases and in many more, the failure of the then FBI liaison and the liaison’s superiors to return telephone calls concerning the status of our request added to our frustration and inefficiency.
Another problem relates to the quality of documentation the FBI provides. In our recent work related to the NIPC, requested by Senator Jon Kyl, then Chairman, and Senator Dianne Feinstein, then Ranking Member, of the Subcommittee on Technology, Terrorism, and Government Information, we encountered numerous occasions in which the FBI was only able to provide us with unsigned and undated printouts of documents we requested rather than final signed versions. Another case related to our work that resulted in the classified report mentioned earlier. The FBI sent us an “unofficial” document without letterhead, signature, date, or cover letter. This presents problems for ensuring that the information represents the official position of the agency and when the position became effective.
FBI officials in some cases have not been forthcoming with the types of details that would provide a richer picture of the issues we are auditing. In the case of our NIPC work, the FBI gave us a great deal of detailed information, much of which reflected favorably on its program, after receiving a draft of our report. Had this information been provided earlier - when we originally asked for it - we could have done a more efficient job in conducting our audit work and drafting our initial report.
While infrequent, in some cases the FBI has denied us access to the information we have requested. For the most part, the information requested has been no more sensitive than information we routinely receive from other agencies during our work. For example, for our work related to federal teams that respond to chemical, biological, radiological, and nuclear terrorist incidents (requested by Rep. Ike Skelton, the Ranking Minority Member of the House Armed Services Committee), the FBI refused to provide us with information on the missions, budget, and resources of its response teams. The FBI said that providing the information to us would jeopardize the teams’ operational security, even though the information was unclassified.
Although we could have acted to enforce our request for this information through the statutory mechanisms described earlier, we decided to drop the FBI from the scope of our review. We needed to provide our client a composite picture of all federal agencies involved in this effort (we reported on 8 such agencies) and did not want to delay our report waiting for information from one agency.
We have had some assignments involving the FBI in which access was not problematic. For a review of federal funding of the Los Angeles, Atlanta, and Salt Lake City Olympic Games, for example, a request for information about the types of projects and activities the FBI was funding was answered in a timely and cooperative manner. Similarly, information for a review of computer security expenditures was provided with only minimal delays. Finally, although there were some delays in scheduling meetings and gaining access to documents, work on improving counterterrorism operations was not significantly delayed because other tasks could be completed while waiting for the requested information. Our staff on this assignment did not consider access a problem.
Although our examples of reviews that encountered access problems span a large number of assignments, in these assignments as well there are examples of good cooperation in providing information. The team working on the NIPC engagement, for example, found that field agents provided detailed and useful information when they were interviewed and that access improved during our review. We also note that for one meeting on our current foreign counterintelligence coordination assignment, a meeting was held the day after it was requested.
While over time we have experienced access-to-records problems at different federal agencies, our experience at the FBI is by far our most contentious among law enforcement agencies. The FBI’s reluctance to consistently honor our statutory rights of access has forced us to expend significant energy and resources. The FBI has also limited our ability to respond to our clients – congressional committees and individual Members of Congress – in a timely and efficient way.
We recognize that the FBI’s responsibility to investigate criminal activity carries with it a set of imperatives that limits its discretion to disseminate certain types of information, to protect the rights of the accused and the integrity of the investigative process. We believe, however, that these imperatives do not exempt the FBI from congressional oversight. The FBI can and should provide a much wider range of information about its activities to the Congress and to us.
A partially informed Congress cannot provide adequate oversight, balance competing interests fairly, resolve issues effectively, or deliberate soundly.
Mr. Chairman, this concludes my prepared statement. I would be pleased to answer any questions you may have.