Audit Says FBI's Watchlist Riddled With Errors

Printer-friendlyPrinter-friendly EmailEmail
Date: 
June 8, 2009

On May 6, 2009 yet another audit, this time from the Department of Justice's Office of Inspector General (OIG), has documented the high error rate and dysfunction of the government's central terrorist watchlist. In response the ACLU has called for Congressional oversight, and Sen. Patrick Leahy (D-VT) called the situation "unacceptable." The audit may spark action on legislation passed by the House of Representatives and pending in the Senate that would provide redress procedures for people wrongly placed on watchlists. The audit also raises significant questions for U.S. nonprofits, since the Department of Treasury Anti-Terrorist Financing Guidelines for charities and USAID's proposed Partner Vetting System promote list checking. It is time to re-think the role of watchlists in counterterrorism strategy, and not just try to fix a broken system. 

OIG Audit Findings
Policy Questions Raised

 

OIG Audit Findings
Leahy, who is Chairman of the Senate Judiciary Committee, issued a comment on the audit that said, “[T]he FBI’s terrorist watchlist is often either inaccurate or incomplete. That the FBI continues to fail to place subjects of terrorism investigations on the watchlist is unacceptable. Disturbingly, today's report reveals that in 72 percent of the cases, the FBI also failed to remove subjects from the list in a timely manner."   Overall the audit revealed a 35 percent error rate and significant deficiencies in the process of adding or erasing records. It concludes with "16 recommendations to help the FBI improve its nominations to and removals from the consolidated terrorist watchlist."
 
Created in 2003, the FBI's Terrorist Screening Center is charged with compiling federal, state and local law enforcement agencies' lists of potential terrorists.   According to the audit, the watch list (as of December 2008) contained over 1.1 million names, with some people listed multiple times under different spellings. On Sept. 9, 2008, the screening center estimated there were only 400,000 individuals on the list.
The audit revealed a process so disorganized that “the actual number of individuals the FBI nominated to the terrorist watchlist since its inception is unknown.” The audit found that:

  • Inaccuracies were rampant
  • Entries were incomplete
  • Watch list records are not consistently updated or purged
  • Many entries contained information “unrelated to terrorism”

The ACLU issued a press release that said, "The audit confirms that the nation's watchlist system is massively broken", and called for Congressional oversight. 
 
According to the report, "many former subjects of FBI counterterrorism investigations were removed from the watchlist in an untimely manner. It took an average of 60 days to remove these former subjects from the watchlist." The audit determined that in eight percent of closed cases, "the FBI failed to remove subjects from the watchlist as required by FBI policy" and that "in 72 percent of the closed cases reviewed, the FBI failed to remove the subject in a timely manner."   

The OIG's audit examined 68,669 of those identities and found 24,000 were out of date, including one name that remained on the list for five years after his case was resolved and two persons who are dead. The report also identified more than 50,000 records with no explanation of why they were on the list, making it impossible to remove them. The ACLU legislative director Caroline Fredrickson said the report "strongly suggests that hundreds of thousands of people are being wrongly identified as terrorists."
 
The audit also highlighted the lengthy period for the FBI to add or modify a terrorist suspect's information. Reviewing 216 FBI terror investigations, the audit found that the FBI failed to put the names of 35 terrorism suspects on the list. Overall, 78 percent of preliminary watchlist investigations were not processed within the customary timeframe. This postponement led to at least twelve terrorism suspects who may have traveled into or out of the U.S. during the time they were not included on the list, according to the audit. Others were added too slowly to meet the FBI's own standards, an issue that "can have significant consequences for public safety," Inspector General Glenn Fine said in the report.
 
The 16 recommendations offered in the audit focus on improving the process by which names are added or removed from the watchlist, including:
 

  • Determine an accurate amount of time for the watchlist nomination process
  • Implement periodic refresher training on significant changes that occur in the nomination process and on the overall benefits of watchlists
  • Develop a policy to review justifications for retaining or modifying watchlist names from closed investigations.
  • Monitor the timeliness of watchlist removal requests to help ensure that the records are deleted in a timely manner.

 
Policy Questions Raised
The OIG report is limited to questions of the FBI's effectiveness in administering the watchlist system, and does not address the wider policy questions raised. The ACLU opened the door to a discussion about how watchlists are used in their press release responding to the report. ACLU attorney Chris Calabrese said "[W]e did not need this report to know there is a problem with the effectiveness of any terrorist watchlist that includes over a million names."
 
The effective use of data gathering involved in creating watchlists was addressed in a 2008 book from the National Research Council of the National Academy of Science. In Protecting Individual Privacy in the Struggle Against Terrorists these experts said,
 
"Modern data collection and analysis techniques have had remarkable success in solving information-related problems in the commercial sector….But such highly automated tools and techniques cannot be easily applied to the much more difficult problem of detecting and preempting a terrorist attack, and success may not be possible at all…Because the data being analyzed are primarily about ordinary, law-abiding citizens and businesses, false positives can result in invasion of privacy. Such intrusions raise valid concerns about the misuse and abuse of data…"[p.2]
 
Congress is responding to the situation. On Feb. 4, 2009 the U.S. House of Representatives passed H.R. 559, the Fair, Accurate, Secure, and Timely Redress Act, that would create a process for individuals placed on government watch lists to challenge their classification.  It is now pending before the Senate Committee on Commerce, Science, and Transportation.
 
Watchlists have caused U.S. nonprofits problems in several contexts, including:
 

  • Treasury's Anti-Terrorist Financing Guidelines: Voluntary Best Practices for U.S.-based Charities, which recommend charities check grantees, board members, key employees and senior management at all business locations against Specially Designated Nationals (SDN) terrorist watch list. A group of more than 40 charities, foundations, umbrella organizations and advisors led by the Council on Foundations has called for withdrawal of the Treasury guidelines, stating that "the revised Guidelines continue to suggest onerous and potentially harmful procedures to charities....without providing any protection from terrorist..."  Because Treasury has the power to designate a foundation or charity as a supporter of terrorism and seize its funds and assets, without adequate appeal procedures, many U.S. nonprofits have purchased computer software to check the lists as a means of preventive self-defense against Treasury action. High error rates in the lists they are checking only lead to wasted time and energy spent following up on what usually turns out to be a false positive.
  • USAID's proposed Partner Vetting System would require grant applicants to submit detailed personal information on "key individuals" to be shared with intelligence agencies, and presumably be checked against watchlists. The proposal has generated strong criticism from nonprofits, pointing out the many inaccuracies in the lists, the secrecy and lack of appeal procedures involved and the potential danger for humanitarian groups providing relief in global hot spots. The Obama administration has delayed the effective date of the rule until August 4, 2009.
  • People speaking for advocacy organizations on broad range of issues have ended up on federal lists. For example, in 2008 records obtained by the ACLU revealed a 14-month long surveillance campaign against peaceful activists by the Maryland State Police.  Eventually, the Washington Post revealed that some of the names had been entered into federal databases.  Growing information sharing between federal, state and local law enforcement agencies in "fusion centers" creates more opportunities for such inappropriate use of watchlists