1
Background

The Federal Bureau of Investigation (FBI) is undergoing a significant shift of its mission responsibilities and a reordering of its priorities. For most of its history, the FBI has been oriented primarily toward law enforcement and the investigation of criminal activities. However, in the wake of the attacks of September 11, 2001, the threat environment has changed dramatically, and the FBI’s mission has expanded to include as its top priority the detection of potential terrorism against the U.S. homeland and the interdiction of terrorist activities before they cause damage. Although the leadership of the FBI recognizes the need for upgraded information technology (IT) to enhance its ability to collect, store, search, retrieve, analyze, and share information in pursuit of its missions, the FBI has not been regarded as a sophisticated user of IT. Indeed, for many years, the FBI has been criticized for inadequate attention and competence with respect to its use of IT.

For any organization engaged in a complex set of activities, the introduction of modern IT and the concomitant reengineering of the organization’s key processes to fully exploit the technology constitute a major challenge. In the FBI’s case, this transformation is being managed under intense operational pressures: the FBI’s traditional work must continue even as new technology is introduced and a culture more comfortable with IT is evolved. Compounding this challenge is the added strain of the new focus on preventive counterterrorism, where success demands a different mind-set, different operational skills, and the exploitation of a radically expanded set of information sources.

The FBI has made significant progress in certain areas of its IT modernization program in the last year or so. For example, it has achieved the modernization of the computing hardware and baseline software on the desktops of agents and other personnel and has taken major strides forward in the deployment of its networking infrastructure. Nevertheless, in a number of key areas, the FBI’s progress has fallen significantly short of what it, and the nation, require.

Organizations should invest in IT only if such investment will improve their operational effectiveness. Therefore, the return on an IT investment must be measured in operational



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 9
A Review of the FBI’s Trilogy Information Technology Modernization Program 1 Background The Federal Bureau of Investigation (FBI) is undergoing a significant shift of its mission responsibilities and a reordering of its priorities. For most of its history, the FBI has been oriented primarily toward law enforcement and the investigation of criminal activities. However, in the wake of the attacks of September 11, 2001, the threat environment has changed dramatically, and the FBI’s mission has expanded to include as its top priority the detection of potential terrorism against the U.S. homeland and the interdiction of terrorist activities before they cause damage. Although the leadership of the FBI recognizes the need for upgraded information technology (IT) to enhance its ability to collect, store, search, retrieve, analyze, and share information in pursuit of its missions, the FBI has not been regarded as a sophisticated user of IT. Indeed, for many years, the FBI has been criticized for inadequate attention and competence with respect to its use of IT. For any organization engaged in a complex set of activities, the introduction of modern IT and the concomitant reengineering of the organization’s key processes to fully exploit the technology constitute a major challenge. In the FBI’s case, this transformation is being managed under intense operational pressures: the FBI’s traditional work must continue even as new technology is introduced and a culture more comfortable with IT is evolved. Compounding this challenge is the added strain of the new focus on preventive counterterrorism, where success demands a different mind-set, different operational skills, and the exploitation of a radically expanded set of information sources. The FBI has made significant progress in certain areas of its IT modernization program in the last year or so. For example, it has achieved the modernization of the computing hardware and baseline software on the desktops of agents and other personnel and has taken major strides forward in the deployment of its networking infrastructure. Nevertheless, in a number of key areas, the FBI’s progress has fallen significantly short of what it, and the nation, require. Organizations should invest in IT only if such investment will improve their operational effectiveness. Therefore, the return on an IT investment must be measured in operational

OCR for page 9
A Review of the FBI’s Trilogy Information Technology Modernization Program terms—more and better results, increased responsiveness and agility, and improved efficiency of operations. Maximizing the return on a major IT investment thus requires an intimate and dynamic interplay between the technology and an organization’s operational strategy, and so this report begins its discussion from the operational and strategy side. 1.1 PRELIMINARIES Information technology most effectively facilitates the “business” and “operations” of organizations when it is explicitly designed to do so, whether the organizations are profit-and-loss enterprises, not-for-profit private organizations, or government agencies. Such design requires careful specification of objectives, strategies for achieving objectives, and the processes by which strategies are realized. Effective management also requires that a set of measures of success be defined and tracked, using both outcome and process metrics. This report makes frequent use of the term “operational processes” to refer to the processes used within the FBI to accomplish its missions. (Some might prefer the term “business processes”; the meaning is the same.) The committee views the FBI as being engaged in a number of important operational pursuits that are tantamount to enterprise business objectives, even though those operational pursuits do not have profit-making goals. Thus, the FBI should engage in cost-effectiveness analyses corresponding to cost-benefit analyses in commercial enterprises that will aim to increase the return in improved operational effectiveness and efficiency that U.S. taxpayers rightly expect for bureau expenditures. In general, organizations must develop their own metrics to quantify their objectives. Among the purposes of doing so are to be able to determine the extent to which a given investment will help an organization better achieve those objectives, and to retrospectively track the returns on such investments. The committee recognizes that the ultimate goal of the FBI is the prevention of undesirable events, and in this context, meaningful quantification of that goal can be problematic. Nevertheless, it is desirable and almost always possible to establish reasonable intermediate quantifiable objectives that bear on operational efficiency, subject to the understanding that these measures reflect the underlying processes and do not become goals in and of themselves. The committee believes that many management approaches, tools, and best practices from the commercial sector are applicable to the FBI, just as they are to the Department of Defense and other government enterprises. Many of the observations and recommendations in this report are the result of the committee’s assessment of the FBI’s current approach compared with successful approaches seen by committee members in both the for-profit and the not-for-profit sectors. 1.2 MISSIONS OF THE FBI The nature of an organization’s missions and its strategy and operational objectives are the primary drivers of the kinds of information and communication it needs and the processes it must exploit. These needs in turn determine the architecture, design, and functioning of its IT systems. According to the FBI, its mission is “to uphold the law through the investigation of violations of federal criminal law; to protect the United States from foreign intelligence and terrorist activities; to provide leadership and law enforcement assistance to federal, state, local, and

OCR for page 9
A Review of the FBI’s Trilogy Information Technology Modernization Program international agencies; and to perform these responsibilities in a manner that is responsive to the needs of the public and is faithful to the Constitution of the United States.”1 The first two elements are highly operational: the investigation of criminal activity to support the prosecution of criminals (“criminal investigation” for short in this report) and the prevention of terrorism within the United States and against U.S. interests around the world (“counterterrorism” in this report). Supporting these missions and the achievement of the related operational objectives of these mission segments is a set of key processes that are used to different degrees in achieving the objectives. 1.2.1 Criminal Investigation The traditional mission of the FBI is that of an investigative agency for the Department of Justice of the United States. This mission is focused on investigating and preparing much of the information basis for the prosecution of crimes. The information developed by FBI investigators is provided to prosecutors who in turn determine if an individual will be prosecuted. The FBI can initiate a criminal investigation when facts or circumstances reasonably indicate that a federal crime has been, is being, or will be committed, and the investigation may be conducted to prevent, solve, and prosecute such criminal activity.2 As a practical matter, most investigations are reactive—that is, they are initiated in response to a specific occurrence of criminal activity. (Note that the standard for “reasonable indication” is substantially lower than that for probable cause.) Once the FBI investigative activity has been initiated, the FBI will use the resources legally at its disposal to gather relevant information related to the situation. In those instances where a criminal act may be committed in the future, preparation for that act can be a current criminal violation under the conspiracy or attempt provisions of federal criminal law or other provisions defining preparatory crimes, such as solicitation of a crime of violence or provision of material support in preparation for a terrorist crime. The standard for opening an investigation is satisfied where there is not yet a current substantive or preparatory crime, but facts or circumstances reasonably indicate that such a crime will occur in the future.3 1.2.2 Counterterrorism In the counterterrorism domain, the FBI’s objective is to prevent acts of terrorism in the United States and against U.S. persons and interests throughout the world. Accomplishing this daunting objective requires, among many other activities, accessing, analyzing, and 1   See http://www.fbi.gov/priorities/priorities.htm. 2   A step short of a full-fledged investigation is known as a preliminary inquiry, which is a step taken when the FBI receives information or an allegation not warranting a full investigation—because there is not yet a “reasonable indication” of criminal activities—but whose responsible handling requires some further scrutiny beyond the prompt and limited checking out of initial leads. Such an inquiry is intended to allow the government to respond in a measured way to ambiguous or incomplete information, with as little intrusion as the needs of the situation permit. This measured response is especially important when an allegation or information is received from a source of unknown reliability. A preliminary inquiry is intended to establish whether or not a full-fledged investigation is warranted. 3   Information on investigations and inquiries is derived from The Attorney General’s Guidelines on General Crimes, Racketeering Enterprise and Terrorism Enterprise Investigations, available at http://www.usdoj.gov/olp/generalcrimes2.pdf.

OCR for page 9
A Review of the FBI’s Trilogy Information Technology Modernization Program exchanging massive amounts of information, and close, daily coordination and cooperation among law enforcement, intelligence, and many other involved organizations.4 In this area, the role of the FBI is proactive and ongoing, and the execution of its mission is not necessarily carried out in response to any particular external event. (If a serious terrorist event has already occurred, then it is reasonable to suggest that the execution of the counterterrorism mission has not been fully successful.) There is some overlap of activities between the criminal investigation and counterterrorism missions, as discussed below, but the new emphasis on counterterrorism requires a different mind-set among some FBI staff, some new or different operational processes, and new requirements for supporting IT systems. 1.3 KEY FBI PROCESSES It is important to distinguish between missions and the key processes that support the accomplishment of those missions. In some cases, a key process supports only one mission; in others, a key process may support more than one mission. The key processes used by the FBI involve, among other things, information acquisition and the workflow of information management—how information is acquired, who must act on it, how information of all types flows within the organization, how it must be processed and analyzed, and what types of inferences must be drawn. For information-intensive missions such as criminal investigation and counterterrorism, modern IT and its proper design and exploitation are critical contributors to truly effective processes. This section describes some of the key processes within the FBI. However, the reader should keep in mind that the terminology used here reflects processes rather than organizational titles. That is, “investigation,” “intelligence,” and “information management” are meant to refer to processes or functions rather than specific offices or divisions within the FBI. 1.3.1 Investigation The investigative process is the primary process supporting the law enforcement mission. Investigation develops information from a variety of sources, including but not limited to information gathered directly by special agents or other law enforcement agencies, information obtained through informants, information obtained from other agencies such as Customs and Border Protection or local or foreign law enforcement agencies, laboratory-developed information, and publicly available information (e.g., information on the Internet or in the news). The collection and analysis of information are usually under the control of a special agent leading and directly responsible for the investigation. The information (or derivatives, such as pointers to certain collected information) is placed in centralized FBI files for appropriate dissemination and use as part of the case file. The agent or group of agents assigned to a case is the focal point of FBI criminal and law enforcement activities. The agent is responsible for carrying out the investigative task and 4   Another dimension of the counterterrorism mission is the active insertion of sympathetic parties (ranging from those who listen to those who take a more active role in disrupting) into hostile organizations such as terrorist cells. This type of activity is far more controversial as it poses nontrivial challenges to the nation’s core values, and history demonstrates that such actions can have significant political repercussions when they are undertaken within the United States. In any event, this report is deliberately silent on this dimension of the counterterrorism mission, as it is largely beyond the scope of the committee’s charge.

OCR for page 9
A Review of the FBI’s Trilogy Information Technology Modernization Program managing much of the information involved. In the case of a criminal investigation, the information developed is then conveyed to the prosecutor for decision and action. In the case of a background investigation, the information is delivered to the requesting agency. The agent is the focal point of the activity with support from administrative staff, analysts, and other FBI employees. The investigative information is organized around cases, which serve as the fundamental unit for information management. Moreover, there are a variety of legal and procedural requirements in place to ensure that developed information can be used in court to support prosecutorial activities. The FBI relies extensively on a well-developed remote tasking practice whereby an agent in one location who needs information from another area can easily transmit a request, called a “lead,” to the appropriate field office where it will be followed up by a local agent. This practice is remarkable in that it allows the organization to function on a continental scale without a tremendous cost in time and money for travel or the overhead that would be involved if headquarters had to be directly involved. Yet the process provides the personal contact that is essential to productive interviewing by FBI agents of suspects or individuals with leads. For this practice to work as effectively as it manifestly does is a testimony to the quality of training and the uniformity of culture within the FBI. Nevertheless, a thoughtful application of technology can support and enrich this practice, and make it even more effective and efficient. 1.3.2 Intelligence Intelligence processes include information collection and analytical functions. Information gathered under intelligence auspices is frequently more tentative and expansive in scope as compared with information collected under investigative auspices. Rules on information retention and use also differ in each domain. Intelligence processes are used in both law enforcement and counterterrorism missions, although the collection of information gathered under intelligence auspices is not directly aimed at the support of prosecutorial activities. Intelligence in the counterterrorism context requires that voluminous information resources from internal and external sources be logically brought together and analyzed with the goal of identifying potential threats of, or precursors to, terrorist activity. The range of sources of information that must be selectively probed and analyzed is enormous, and much of the information will be obtained not from government-owned sources but from publicly available sources, such as newspapers in foreign languages, or the Internet.5 5   To illustrate one problem, the name of an individual can be represented in multiple ways. A specific name can have different variants (e.g., with or without a middle name, nicknames, short forms, order of given and family names). An individual may be regularly identified with different name variants in different geographical locales (even within the same country). Transliterations into Western languages (e.g., of Arabic, Chinese, or Cyrillic into Roman alphabets) add another layer of complexity. Names transcribed from voice (e.g., a wiretap) may be highly ambiguous in spelling. The original material from which the name was obtained (fax, Web, e-mail, and so on) may be rendered in a multitude of computer encodings. Search engines used for intelligence purposes must be able to reconcile all of these different encodings of a name when an analyst is searching on a given name for references to a given individual. When the committee asked the FBI about this issue during briefings, the reply received was, “We intend to use Unicode to represent names.” Unicode representations deal with part of the problem (the part dealing with the ability to represent a name in its native alphabet), but not the other parts of the problem. Note that these issues also arise in criminal investigations, but to the extent that investigations relate to crimes committed by people in the United States, issues related to names rendered in non-native alphabets arise with much lower frequency.

OCR for page 9
A Review of the FBI’s Trilogy Information Technology Modernization Program Analytical functions in the intelligence process must analyze information of uncertain relevance and quality. The desired result is the distillation of conclusions that become increasingly certain as they are further aggregated and refined. Such analyses may, at different stages, result in warnings and may initiate deeper and more focused investigations that may eventually lead to prosecutions. The intelligence process generally requires that the FBI receive information from and disseminate information to local law enforcement agencies, the U.S. intelligence community, and often agencies of foreign nations. The ability to share information at multiple levels of security classification with a wide variety of collaborators is essential to the underlying intelligence process and to performance of the counterterrorism mission. Information sharing must generally proceed with much more caution in counterterrorism efforts than in most criminal investigations because of the sensitivity of information sources. Yet strong capabilities to access, manage, analyze, and communicate information across institutional boundaries are key to the analytical function at the core of the intelligence process. Sharing information requires cooperative relationships with the intelligence and law enforcement communities across jurisdictional levels from local to international. Furthermore, its success demands a framework of policy and process to ensure appropriate balance among timely access, security, and privacy rights. Trained analysts probe, tease apart, and develop new information that can identify, confirm, or exclude a hypothesis or a threat. IT should serve to facilitate mutually cooperative relationships and analytical activities. In the law enforcement mission, special agents are in the lead, and analysts supporting those agents must understand the investigative role of the bureau and the agent’s operational processes. In the counterterrorism mission, analysts are primary, and the agents supporting those analysts must understand that the primary role of analysts in counterterrorism is analogous to the role that agents play in pursuing the law enforcement mission. (For example, according to the FBI’s Office of Intelligence, special agents constitute one of the best collection mechanisms available to the intelligence community for counterterrorism work.) Most analysts have specialized expertise but must be able to easily cooperate with colleagues on diverse topics. An individual analyst at the FBI must be highly skilled in the methods and processes that are used for both the criminal and the counterterrorism missions. Analysts must be comfortable with the IT that provides the means of access to raw information and underlies tools to support the distillation, sharing, and analysis processes. 1.3.3 Information Management The investigative and intelligence processes used by the FBI are information-intensive, and the bureau has recognized that state-of-the-art information management that exploits available technology can significantly enhance the effectiveness and efficiency of these processes. Furthermore, both counterterrorism and criminal investigation are evolving in a way that spans traditional organizational boundaries in the FBI. Special agents in charge (SACs) are organized around geography. Terrorism and crime no longer respect those boundaries, and thus a bureau-wide technology deployment necessarily entails a set of systems and data that can be accessed easily across the geographic reach of the FBI’s missions. (The FBI encompasses 56 field offices in major cities in the United States, approximately 400 resident agencies (i.e., satellite offices in smaller cities and towns), and foreign posts in 52 nations.)

OCR for page 9
A Review of the FBI’s Trilogy Information Technology Modernization Program Driven initially by the need for improved support of the investigative process, the FBI has embarked on a major IT modernization program, whose main focus today is the Trilogy program. Trilogy has two major objectives. The first is the creation of a more modern end-user-oriented infrastructure, consisting of a secure wide-area network and related local area networks, together with modern workstations, printers, scanners, and a base of commercial software applications such as browsers. This infrastructure is intended to provide an enhanced platform for modern applications.6 The second objective of Trilogy is to provide enhanced support of the investigative process. This objective is the focus of the Virtual Case File (VCF) that will provide via a browser interface a user-friendly capability for agents to electronically manage case-related information critical for criminal investigation. At this writing (late March 2004), neither the infrastructure deployment nor the VCF application is complete, although significant progress has been made on both. In addition to the original two objectives, a general requirement to support the counterterrorism mission has also been placed on Trilogy, although specifications for that novel task have not been fully developed. The FBI has also embarked on the development and implementation of systems to support its intelligence functions, which are also important to the counterterrorism mission. Central to this thrust is the creation of a large data repository, referred to as the IDW, the Integrated Data Warehouse, also in its early stages. 6   As used in this report, the term “platform” refers to the computing infrastructure supporting FBI applications, specifically the combination of a type of hardware, say a PC-compatible personal computer, and specific software, such as a specific operating system, Web browser, and set of basic office applications.