FBI Should Tighten Monitoring of Employee Texting, Watchdog Says

The FBI needs to improve its ability to forensically examine and retrieve employee text messages sent on official devices, a watchdog recommended.

The short memo from Justice Department Inspector General Michael Horowitz’s office was released on Tuesday as a follow-up to the IG's lengthy and politically sensitive investigation of the bureau’s handling of probes of both major-party candidates during the 2016 presidential campaign.

The FBI’s Enterprise Security Operations Center uses a commercial, off-the-shelf application to allow forensics specialists to recapture employee data from agency-issued smartphones. The controversy arose last year when the inspector general was attempting to reconstruct text messages from the Samsung Galaxy S5 phones used by since-terminated FBI employees Peter Strzok and Lisa Page, whose anti-Trump comments shared in the context of their extramarital affair became a disputed portion of the drama surrounding special counsel Robert Mueller’s investigation of possible ties between President Trump’s campaign and the Russian government.

During an earlier probe, the inspector retrieved several months’ worth of text messages that the operations center’s automatic collection system had missed, flagging the situation as a security vulnerability. “The FBI informed the OIG that it was aware that there were deficiencies in its collection application and that it was changing the model of the mobile device issued to FBI employees as part of a regular technical refresh and to mitigate the problem,” the new report noted.

“However, the OIG later learned that, even after upgrading to new devices, the data collection tool utilized by the FBI was still not reliably collecting text messages from approximately 10 percent of more than 31,000 FBI-issued mobile devices,” the report said. 

The earlier investigation also uncovered a database on the mobile devices containing a plain text repository of a substantial number of text messages sent and received by those devices of which the operations center was unaware. Other vulnerabilities in the FBI’s system were flagged by a subject-matter specialist consulted by the IG.

The IG also faulted the wording of the bureau’s current directive designating the operations center as the repository for text messages, noting that “there is no specific policy that requires” it to collect and retain text messages.

The IG made five recommendations. They include amending the current directive to designate an “entity” to be responsible for text message collection and retention; conducting additional research on the current collection tool’s vendor to improve reliability aimed at a 100 percent collection rate; coordinating with the vendor to save the data on a secure or encrypted location; and verifying and addressing the newly flagged security vulnerabilities.