Skip to main content

Information Sharing: Additional Actions Could Help Ensure That Efforts to Share Terrorism-Related Suspicious Activity Reports Are Effective [Reissued on March 26, 2013]

GAO-13-233 Published: Mar 13, 2013. Publicly Released: Mar 13, 2013.
Jump To:
Skip to Highlights

Highlights

What GAO Found

The Department of Justice (DOJ) has largely implemented the Nationwide Suspicious Activity Reporting Initiative among fusion centers--entities that serve as the focal point within a state for sharing and analyzing suspicious activity reports and other threat information. The state and local law enforcement officials GAO interviewed generally said the initiative's processes worked well, but that they could benefit from additional feedback from the Federal Bureau of Investigation (FBI) on how the reports they submit are used. The FBI has a feedback mechanism, but not all stakeholders were aware of it. Implementing formalized feedback mechanisms as part of the initiative could help stakeholders conduct accurate analyses of terrorism-related information, among other things.

The technical means that federal, state, and local entities use to collect and share terrorism-related suspicious activity reports--Shared Spaces servers that DOJ provides to most fusion centers and the FBI's eGuardian system--provide many overlapping or duplicative services. For example, both systems provide a national network for sharing the reports and tools to analyze them. The federal government is aware that duplication exists but supports both systems to enable fusion centers to control information on individuals, consistent with the centers' privacy requirements, and facilitate the FBI's investigative needs. However, the FBI was concerned that supporting two systems introduces risks that it will not receive all reports. For example, at the time of our review, many fusion centers were choosing not to automatically share all of their reports with the FBI's system--although they may have shared reports via phone or other means--and DOJ had not fully diagnosed why. In its March 2013 letter commenting on a draft of this report, DOJ stated that it had made progress on this issue. DOJ also had not formally tested the exchange of information between the two systems to ensure that the exchanges were complete. Taking additional steps to mitigate the risks that reports are not fully shared could help DOJ ensure that the FBI receives all information that can support investigations.

Stakeholders GAO interviewed generally reported that training fully or partially met objectives, such as making law enforcement more aware of the initiative. DOJ has mechanisms to assess the analyst training to help ensure that analysts have the information they need to review and share reports. However, DOJ had not fully assessed its training provided to officers on the front line, which could help ensure that officers receive sufficient information to be able to recognize terrorism-related suspicious activity. DOJ has provided training to executives at 77 of 78 fusion centers, about 2,000 fusion center analysts, and about 290,000 of the 800,000 line officers. DOJ is behind schedule in training the line officers but is taking actions to provide training to officers who have not yet received it.

DOJ and other agencies collect some data to assess the performance of the Nationwide Suspicious Activity Reporting Initiative--such as the number of reports submitted and resulting FBI investigations. These data show that stakeholders were increasingly submitting and using terrorism-related reports. However, DOJ had not yet established plans and time frames for implementing measures that assess the homeland security results achieved by the initiative and thus lacked a means for establishing accountability for implementing them.

Why GAO Did This Study

In 2007, DOJ and its federal partners developed the Nationwide Suspicious Activity Reporting Initiative to establish a capability to gather and share terrorism-related suspicious activity reports. GAO was asked to examine the initiative's progress and performance. This report addresses the extent to which (1) federal agencies have made progress in implementing the initiative, and what challenges, if any, remain; (2) the technical means used to collect and share reports overlap or duplicate each other; (3) training has met objectives and been completed; and (4) federal agencies are assessing the initiative's performance and results. GAO analyzed relevant documents and interviewed federal officials responsible for implementing the initiative and stakeholders from seven states (chosen based on their geographic location and other factors). The interviews are not generalizable but provided insight on progress and challenges.

Reissued on March 26, 2013

Recommendations

GAO recommends that DOJ implement formalized mechanisms to provide stakeholders feedback on the suspicious activity reports they submit, mitigate risks from supporting two systems to collect and share reports that may result in the FBI not receiving needed information, more fully assess if training for line officers meets their needs, and establish plans and time frames for implementing measures that assess the homeland security results the initiative has achieved. DOJ agreed with these recommendations and identified actions taken or planned to implement them.

Recommendations for Executive Action

Agency Affected Recommendation Status
NSI Program Management Office To help ensure that the NSI is effectively implemented and that investments are achieving desired results, the NSI Program Management Office (PMO) should, in consultation with the Program Manager for the Information Sharing Environment (PM-ISE), FBI, fusion centers, and other relevant stakeholders, implement formalized mechanisms as part of the NSI to provide stakeholders feedback on the SARs they submit, consistent with the PM-ISE recommendation, and inform stakeholders of these mechanisms.
Closed – Implemented
In March 2013, we reported on progress that the Department of Justice (DOJ) and other federal entities had made in implementing the Nationwide Suspicious Activity Reporting Initiative (NSI) and what challenges remain. We found that state and local law enforcement officials we interviewed generally said that the initiative's processes worked well, but that receiving additional feedback on the terrorism-related suspicious activity reports (SAR) the law enforcement partners submit--such as whether the Federal Bureau of Investigation (FBI) had received the SARs, whether the FBI was investigating the SARs, or what the outcomes of investigations had generated--would help the partners better contribute to the NSI. The FBI had established a mechanism to provide feedback on SARs it received, but not all stakeholders we interviewed were aware of or had access to this mechanism. As a result, we recommended that the NSI Program Management Office--at the time within DOJ's Office of Justice Programs, Bureau of Justice Assistance, but since transitioned into the mission sets of the FBI and Department of Homeland Security (DHS)--implement formalized mechanisms to provide NSI stakeholders with feedback on the SARs they submit and inform stakeholders of these mechanisms. In January 2014, the NSI adopted the FBI's SAR sharing platform--including its feedback mechanism--as its sole platform for sharing terrorism-related SARs. The FBI reported that during user training for this platform, they advise participants of the automatic feedback mechanism. These actions address the intent of our recommendation.
NSI Program Management Office To help ensure that the NSI is effectively implemented and that investments are achieving desired results, the PMO should, in consultation with the PM-ISE, FBI, fusion centers, and other relevant stakeholders, develop or enhance existing mechanisms to assess the line officer training in order to ensure that it meets training objectives and identify and make improvements.
Closed – Implemented
In March 2013, we reported on the extent to which training for the Nationwide Suspicious Activity Reporting Initiative (NSI) had met objectives and the NSI Program Management Office (PMO)--at the time within DOJ's Office of Justice Programs, Bureau of Justice Assistance, but since transitioned into the mission sets of the Federal Bureau of Investigation and Department of Homeland Security (DHS)--had assessed the training, among other things. Stakeholders we interviewed generally reported that training fully or partially met objectives, such as making law enforcement more aware of the initiative. DOJ also had mechanisms to assess the analyst training to help ensure that analysts have the information they need to review and share terrorism-related suspicious activity reports (SAR). However, we found that DOJ had not fully assessed the training it provided to officers on the front line, which could help ensure that officers receive sufficient information so that they are able to recognize terrorism-related suspicious activity. As a result, we recommended that the NSI PMO take steps to assess the line officer training to ensure it was meeting its training objectives. In June 2013, the NSI PMO formally implemented a survey instrument, accessible via a web-link, to help the office measure the long-term value of the SAR training provided to line officers. Further, the NSI PMO developed a second online survey to assess the effectiveness of line officer training that supplements the first survey and is automatically sent to participants 3 months following the completion of their initial training. These actions address the intent of our recommendation.
NSI Program Management Office To help ensure that the NSI is effectively implemented and that investments are achieving desired results, the PMO should, in consultation with the PM-ISE, FBI, fusion centers, and other relevant stakeholders, establish plans and time frames for developing and implementing a performance management plan, including measures that assess what difference Information Sharing Environment-Suspicious Activity Report (ISE-SARs) are making and the homeland security results achieved.
Closed – Not Implemented
In 2013, we reported, among other things, that the Nationwide Suspicious Activity Reporting Initiative (NSI) Program Management Office (PMO)--at the time within the Department of Justice's Office of Justice Programs, Bureau of Justice Assistance, but since transitioned into the mission sets of the Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS)--the FBI, and DHS had undertaken efforts to collect data on the number of terrorism-related suspicious activity reports (SAR) that were submitted by state and local agencies, FBI investigations initiated based on these SARs, and the potential usefulness of SARs in analyzing threat trends. However, we found that the federal entities did not have a performance measurement plan or performance data that tracked results-oriented outcomes of SARs--such as arrests, convictions, or thwarted threats--and demonstrated what difference the SARs have made in enhancing homeland security. In May 2014, the FBI and DHS reported that they had implemented an enhanced results-oriented monthly metric report. However, this report did not include measures that assess the difference SARs are making or the homeland security results achieved. In August 2017, FBI officials reported that connecting SARs with outcomes such as arrests, convictions, or thwarted threats is not currently possible without manual examination of cases across multiple FBI information technology systems. Further, the officials stated that building the capacity to make these connections electronically is not a priority for the FBI. Therefore, GAO is closing this recommendation as not implemented.
Department of Justice To mitigate risks associated with having two systems for collecting and sharing ISE-SARs, the Attorney General should task the PMO and FBI to identify individual fusion centers' concerns that prevent them from always submitting ISE-SARs to eGuardian consistent with the Deputy Attorney General's December 2011 memorandum, and establish steps to address these concerns--as well as time frames for implementing the steps.
Closed – Implemented
In March 2013, we reported on the extent to which the technical means that federal, state, and local entities used to collect and share terrorism-related Suspicious Activity Reports (SAR)--Shared Spaces servers that the Department of Justice (DOJ) provided to most fusion centers and the Federal Bureau of Investigation's (FBI) eGuardian system--overlapped or duplicated each other and any risks that this overlap or duplication introduced. We found that having two systems for collecting and sharing terrorism-related SARs introduced the risk that the FBI would not receive all potential threat information. This is because many fusion centers had decided not to automatically share all of their SARs with the FBI's eGuardian system. As a result, we recommended that the Attorney General task the Nationwide Suspicious Activity Reporting Initiative (NSI) Program Management Office (PMO)--at the time within DOJ's Office of Justice Programs, Bureau of Justice Assistance, but since transitioned into the mission sets of the FBI and Department of Homeland Security (DHS)--and the FBI to identify fusion centers' concerns that prevented them from always submitting SARs to eGuardian, and establish steps to address these concerns--as well as time frames for implementing the steps. In January 2014, the NSI adopted the FBI's eGuardian system as its sole platform for sharing terrorism-related SARs. The FBI reported that it enhanced eGuardian, bolstered outreach, and improved training materials to address fusion centers' concerns. According to the FBI, all fusion centers are using eGuardian (renamed the NSI Shared Data Repository) or have arrangements to either (1) have another fusion center enter SARs to the platform on their behalf or (2) work directly with the FBI to share and report SARs (SARs shared with the FBI are entered into Guardian--the FBI's classified counterterrorism system--and unclassified information in Guardian is generally shared with eGuardian). These actions address the intent of our recommendation.
Department of Justice To mitigate risks associated with having two systems for collecting and sharing ISE-SARs, the Attorney General should task the PMO and FBI to develop and implement testing criteria and plans based on technical requirements, consistent with best practices--considering the cost and complexity of the testing, and criticality of the interconnection to the agencies' missions--to help ensure that the automatic exchange of data between Shared Spaces and eGuardian is complete and accurate.
Closed – Implemented
In March 2013, we reported on the extent to which the technical means that federal, state, and local entities used to collect and share terrorism-related Suspicious Activity Reports (SAR)--Shared Spaces servers that the Department of Justice (DOJ) provided to most fusion centers and the Federal Bureau of Investigation's (FBI) eGuardian system-- overlap or duplicate each other and any risks that this overlap or duplication may introduce. We found that DOJ and the FBI had modified the technical capabilities of their respective SAR sharing systems to enable electronic exchanges of SARs, but they had not tested the data exchanges in accordance with best practices for systems engineering. This resulted in the systems being vulnerable to exchanging incomplete or inaccurate data. As a result, we recommended that the Attorney General task the Nationwide Suspicious Activity Reporting Initiative (NSI) Program Management Office--at the time within DOJ's Office of Justice Programs, Bureau of Justice Assistance, but since transitioned into the mission sets of the FBI and Department of Homeland Security (DHS)--and the FBI to develop and implement testing criteria and plans based on technical requirements consistent with best practices to help ensure that the automatic exchange of data between Shared Spaces and eGuardian was complete and accurate. In January 2014, the NSI adopted the FBI's eGuardian system (renamed the NSI Shared Data Repository) as its sole platform for sharing terrorism-related SARs. As a result, there is no longer a technical requirement to exchange data between two systems, eliminating any associated risks. These actions address the intent of our recommendation.

Full Report

Office of Public Affairs

Topics

Combating terrorismFederal agenciesInformation accessInformation managementInformation systemsLaw enforcementLaw enforcement information systemsReporting requirementsSecurity threatsTerrorismStakeholder consultations