Anonymous ID: b59ca1 Feb. 12, 2019, 2:56 p.m. No.5146816   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>5146802

PROCEDURAL REFORM RECOMMENDATION FOR THE FEDERAL BUREAU OF INVESTIGATIONSYNOPSISThe Federal Bureau of Investigation (FBI), Enterprise Security Operations Center (ESOC) uses a commercial, off-the-shelf, automated application to wirelessly collect text messages sent to or from FBI-issued mobile devices. The application is supposed to collect the messages and store them so they are retained by ESOC. ESOC would then have the ability to produce text messages during the discovery process of criminal and civil matters, as well as for internal investigations. During the Office of the Inspector Generalโ€™s (OIG) work that resulted in the report, A Review of Various Actions by the Federal Bureau of Investigation and Department of Justice in Advance of the 2016 Election, https://www.justice.gov/file/1071991/download(Pre-election Review), the OIG found issues with the reliability of the collection application. In addition, unknown to the FBI, the OIG found that FBI text messages were saved toa database on the devices, some of which were not captured by the collection application. The OIG identified this, and other concerns, as security vulnerabilities. The OIG described these issues in its Report of Investigation: Recovery of Text Messages from Certain FBI Mobile Devices, https://oig.justice.gov/reports/2018/i-2018-003523.pdf, in which we stated that the OIG would be submitting a procedural reform recommendation to the FBI relating to the retention of electronic communications. We are now doing so.

Anonymous ID: b59ca1 Feb. 12, 2019, 2:58 p.m. No.5146847   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>6859 >>6925 >>7027 >>7102

>>5146802

Recommendations from the report.

 

>1.Amend the existing FBI Policy Directive to formally designate an entity to be responsible for text message collection and retention.

 

>2.Conduct additional research and testing of the current collection tool application with the mobile devices deployed by the FBI or seek by other means, in coordination with the collection toolโ€™s vendor, to improve reliability of collection and preservation of text messages sent to and from FBI-issued devices, with a goal of 100 percent text message collection and preservation, to the extent technically feasible.

 

>3.Conduct additional research and testing, or seek by other means, prior to procurement of any new collection tool to be used by the FBI to collect and preserve text messages sent to and from FBI-issued devices, with a goal of 100 percent text message collection and preservation, to the extent technically feasible.

 

>4.Coordinate with the collection tool vendor to ensure that data collected by the tool and stored on the device is saved to a secure or encrypted location.

 

>5.Verify and address the security vulnerabilities identified by the Subject Matter Expert with whom the OIG consulted, which have been provided to the FBI. Current and future mobile devices and data collection and preservation tools should be tested for security vulnerabilities in order to ensure the security of the devices and the safekeeping of the sensitive data therein.