UNCLASSIFIED//FOUOOffice of the Inspector General of the Intelligence Community(U) Evaluation of the National ReconnaissanceOffice Crimes Reporting ProcessReport Number IO-2013-002April 2014Important NoticeThis report contains information that the Office of the Inspector General of the Intelligence Community has determined isconfidential, sensitive, or protected by Federal Law, including protection from public disclosure under the Freedom ofInformation Act (FOIA) 5 U.S.C. § 552. Recipients may not further disseminate this information without the expresspermission of the Office of the Inspector General of the Intelligence Community personnel. Accordingly, the use,dissemination, distribution or reproduction of this information to or by unauthorized or unintended recipients may beunlawful. Persons disclosing this information publicly or to others not having an official need to know are subject topossible administrative, civil, and/or criminal penalties. This report should be safeguarded to prevent improper disclosureat all times. Authorized recipients who receive requests to release this report should refer the requestor to the Office ofthe Inspector General of the Intelligence Community.UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) Table of Contents(U) Executive Summary .................................................................................................. 4(U) Background ............................................................................................................... 8(U) Objective, Scope, and Methodology ........................................................................ 17(U) Findings................................................................................................................... 19(U) NRO did not report some admissions of potential Federal crimes andUCMJ violations made in FYs 2009 through 2012 ..................................... 19(U) NRO guidance usurped OIG statutory crimes reporting obligations........ 38(U) NRO processes affected the time to report potential crimes ................... 40(U) NRO implemented corrective actions to strengthen its crime reportingprocess ................................................................................................... 48(U) 1995 MOU provisions do not address reporting violations of some statecriminal laws .......................................................................................... 53(U) Appendix A: Federal crime reporting exemptions.................................................... 57(U) Appendix B: Laws and guidance ............................................................................. 58(U) Appendix C: NRO crimes reporting process............................................................ 63(U) Appendix D: Objectives, scope & methodology....................................................... 66(U) Appendix E: Reporting timeframes.......................................................................... 73(U) Appendix F: Summary of recommendations ........................................................... 75(U) Appendix G: Management comments ..................................................................... 77(U) Appendix H: Abbreviations ...................................................................................... 85Page 2 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) List of Tables(U) Table 1: Reportable criminal offenses identified in the 1995 MOU .......................... 10(U) Table 2: Admissions made during NRO-administered polygraphs in FYs 2009through 2012 .............................................................................................. 17(U) Table 3: Number of days for OS&CI to notify NRO OIG about admissions related tochild crimes after first notifying OGC in FYs 2009 through 2012................ 35(U) Table 4: Average number of days for NRO OGC to report potential Federal crimes inFYs 2009 through 2012 ............................................................................. 48(U) Table 5: Number of subjects, by affiliation, who made admissions of potential crimesinvolving sexual behavior in FYs 2009 through 2012 ................................. 69(U) Table 6: Number of business days from admission to OS&CI notification to OIG inFYs 2009 through 2012 ............................................................................. 73(U) Table 7: Number of business days from admission to OS&CI notification to OGC inFYs 2009 through 2012 ............................................................................. 73(U) Table 8: Average number of business days for NRO OIG to report potential Federalcrimes in FYs 2009 through 2012 .............................................................. 74(U) Table 9: Number of business days for OGC to report admissions in CY 2013 ........ 74Page 3 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) Executive Summary(U) On 10 July 2012, the McClatchy Company published an article claiming that theNational Reconnaissance Office (NRO) had not reported admissions of potential crimesthat individuals voluntarily made during NRO-administered polygraph examinations. 1(U) At the request of the NRO Director, the NRO Office of Inspector General (OIG)conducted a special review of the NRO’s polygraph program administration andexecution.2 Due to the NRO OIG’s role in the crimes reporting process, the NRO OIGrecused itself from evaluating the claims of unreported admissions of potential crimes.The NRO OIG requested that the Office of the Inspector General of the IntelligenceCommunity (IC IG) examine this matter on its behalf.(U) This is the second of two planned IC IG reports based on a review that examinedthe NRO crimes reporting process, and that was conducted in response to the NROOIGrequest, media claims, and Congressional concerns expressed by Senator Charles E.Grassley. 3 The objective of this evaluation was to assess the NRO’s compliance withlaws, policies, and procedures to identify and report admissions of potential violationsof Federal crimes made by contractors, government civilians, and military personnelduring polygraph sessions administered by the NRO in Fiscal Years (FYs) 2009through 2012. During this review, we expanded the scope to also assess how the NROhandled reporting admissions of potential violations of state criminal laws andviolations of the Uniform Code of Military Justice (UCMJ) due to the frequency of thosetypes of admissions and because the NRO is a Defense Agency whose workforceincludes personnel who are subject to the UCMJ.(U) Highlights (U) In FYs 2009 through 2012, the NRO reported most, but not all, admissionsof potential Federal crimes identified in the 1995 Memorandum ofUnderstanding: Reporting of Information Concerning Federal Crimes (hereafter,the “1995 MOU”) made during NRO-administered polygraph examinations.(U) National Reconnaissance Office Hasn’t Told Police of Crime Confession, Marisa Taylor,McClatchy Company (McClathcydc.com), July 10, 2012.12(U) NRO OIG. NRO Special Review of the NRO Polygraph Program (Project Number: 2012-006 S).(U//FOUO) Letter from the Ranking Member of the United States Senate Committee on the Judiciary tothe NRO Inspector General, August 13, 2012. See our related report: Evaluation of Media ClaimsRegarding Non-Reporting by the National Reconnaissance Office of Certain 2010 Admissions of PotentialCrimes. February 2014. (IO-2013-007).3Page 4 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOSimilarly, the NRO reported most, but not all, admissions of potential UCMJviolations. 4 (U) Unreported admissions of Federal crimes dealt primarily with possession ofchild pornography, illicit drug use or possession, and intentional omissions andfalsification of Questionnaires for National Security Positions. 5 Some unreportedadmissions, such as prostitution, were UCMJ violations that did not involveFederal crimes identified in the 1995 MOU and did not meet reportingexemptions identified in the 1995 MOU (see Appendix A). Still, otherunreported potential crimes, such as illegal drug use, could constitute either astate or a Federal criminal violation. (U) With few exceptions, Federal statutes, and IC policies do not create a legalobligation for IC elements, including the NRO, to report to DOJ or lawenforcement organizations admissions of potential violations of state criminallaws that involve imminent threat to others, such as child molestation.Separate provisions in Federal law, but not included in the 1995 MOU, requireIC employees working in certain professions, to report information aboutsuspected child abuse to appropriate local law enforcement organizations, localchild protective services, or the Federal Bureau of Investigation (FBI). 6However, most suspected child abuse crimes exist under applicable state lawsthat do not trigger an affirmative reporting obligation for IC employees underthe 1995 MOU.4(U) The 1995 MOU established the procedures for Intelligence Community (IC) elements to report to theAttorney General (AG) and to Federal investigative agencies information concerning possible Federalcrimes committed by IC employees and specific Federal crimes committed by non-employees.The 1995 MOU exempts reporting of UCMJ violations when crimes information is received by aDepartment of Defense (DOD) intelligence component, concerns a Defense intelligence componentemployee who is either subject to the UCMJ or is a civilian and has been accused of criminal behaviorrelated to assigned duties or position if the information is submitted to and investigated by DefenseCriminal Investigative Organization (DCIO) and, in cases involving crimes committed during theperformance of intelligence activities, the General Counsel (GC) provides a report to DOJ reflecting thenature and disposition of the charges.(U) The Questionnaire for National Security Positions is a standardized form used by the FederalGovernment to collect information from applicants for national security positions. The information maybe used as the basis for future investigations, security clearance determinations, and employmentsuitability determinations.56 (U) Title 42 U.S.C. § 13031 identifies requirements for “covered professionals” to report credibleinformation learned of in their official capacities, that would give reason for them to suspect that a childhas suffered an incident of child abuse, including child pornography and child molestation, to appropriatestate and local authorities. Professions that are “covered” for purposes of this reporting requirementincluding psychologists, psychiatrists, and law enforcement personnel. Since becoming a DesignatedFederal Entity under the Inspector General Act of 1978 in October 2010, the NRO OIG also considers itsInvestigations staff to be covered professionals who have an obligation to report suspected child abuse toappropriate authorities pursuant to 42 U.S.C. § 13031.Page 5 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO (U) Still, no Federal statute, IC policy, or NRO guidance precludes IC officialsfrom immediately reporting to law enforcement organizations admissionsinvolving potential violations of state criminal laws or UCMJ violations whenthose admissions provide reasonable grounds for officials to believe animminent danger to others may exist. Yet, absent a legal obligation to reportsuch crimes, in FYs 2009 through 2012, the NRO chose not to report to DOJ,law enforcement organizations, or DOD all admissions made during polygraphexaminations of potential state criminal laws that involved imminent threats,such as child molestation. (U) We determined that in FYs 2009 through 2012 the NRO did not report someadmissions of potential crimes because:• (U) the 1995 MOU that established crimes reporting procedures for ICelements, permitted those GCs to not report Federal crimes that theyconsider to be relatively minor offenses if DOJ concurs.• (U) the 1995 MOU, IC policy, and NRO guidance are silent with regard toreporting non-Federal crimes.• (U) the 1995 MOU implies, but does not clearly state that IC elements mustreport all UCMJ violations to DCIOs. Therefore, the NRO OGC did notroutinely report those violations.• (U) NRO did not have documented processes to ensure consistent reportingto military commanders and appropriate Department of Defense (DOD)investigative organizations of admissions of potential crimes made bymilitary personnel.• (U) the former NRO General Counsel (GC) and former Associate GeneralCounsel (AGC) provided inconsistent and inaccurate advice regardingreportable admissions of potential crimes. (U) Moreover, internal NRO processes and policies lengthened the time for theNRO OGC to report admissions of potential crimes to DOJ in FYs 2009 through2012. During that time, notification to the OIG of admissions of potentialcrimes was delayed or did not consistently occur, thereby limiting the ability ofthe NRO OIG to report to law enforcement organizations violations of statecriminal laws, such as child molestation. (U) Under the leadership of the current NRO Director, in July 2012, the NRObegan to proactively implement corrective actions to address some deficienciesit identified in its policies and processes for reporting admissions of potentialFederal crimes. The actions strengthened internal and external coordinationand facilitated identification, referral, and reporting of potential crimes.However, the NRO still has not included all of those changes in its internalPage 6 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOguidance to ensure that those corrective actions continue. Therefore, we aremaking recommendations to strengthen the NRO crimes reporting process. (U//FOUO) Following a March 2014 discussion with IC IG staff, the NRODirector issued a Policy Note, Reporting of Specified State Criminal Laws,establishing an internal Special Investigations Activity (SIA) within the NROOffice of Security and Counterintelligence. The SIA’s function is to promptlyreport possible violations of specified state criminal laws, including crimesagainst children, to local law enforcement authorities and serve as the liaisonbetween the NRO and local law enforcement agencies. The Policy Note directsNRO personnel to report possible crimes involving imminent threat or seriousbodily injury to another human being immediately to the activity if theinformation is obtained in the performance of official duties. (U) Discussions with several IC elements identified inconsistent practices withinthe IC for reporting admissions of non-Federal crimes and UCMJ violations thatpose an imminent threat to others, such as sexual molestation. In a separateadvisory letter to the DNI, the IC IG suggested—and the DNI concurred—development of an IC-wide policy to address those inconsistencies. 7(U) Management comments and our response(U) The NRO concurred with the 13 recommendations made in this report. In itsconsolidated response, the NRO Office of General Counsel (OGC), Office of Securityand Counterintelligence (OS&CI), and OIG provided additional information to clarifycurrent actions and information contained in the report. We incorporated thisinformation, as appropriate. In addition, based on comments received from the OIG,we revised recommendation number three.(U) Subsequent to completion of our work, the NRO implemented guidance or madechanges to its crimes reporting process, thereby satisfying several recommendationsmade in this report. In those instances, we incorporated the information in this reportand closed the relevant recommendations. See Appendix G for the NRO’s officialcomments.(U) IC-Wide Issues Related to Polygraphs and Crimes Reporting Processes. IC IG. March 2014.(IO-2014-002).7Page 7 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) Background(U) Federal crimes reporting requirements(U) As both a Defense Agency and an IC element, the NRO must comply with Federalrequirements for reporting potential Federal crimes including some violations of theUCMJ of which NRO personnel 8 become aware while conducting their official duties.9Pursuant to 28 U.S.C. § 535(b)[a]ny information, allegation, or complaint received in a department or agency ofthe executive branch of government relating to violations of Title 18 involvingGovernment officers and employees shall be expeditiously reported to theAttorney General by the head of the department or agency, unless—(1) the responsibility to perform an investigation with respect thereto isspecifically assigned otherwise by another provision of law; or(2) the Attorney General directs otherwise with respect to a specifiedclass of information, allegation, or complaint. 10(U) In addition to an obligation for individual Federal employees to report potentialFederal crimes, provisions in Executive Orders (E.O.) require heads of agencies toreport potential Federal crimes to DOJ. For IC elements, E.O. 12333 Section 1.6(b) 11also requires IC senior officials toreport to the Attorney General possible violations of Federal criminal laws byemployees and of specified Federal criminal laws by any other person asprovided in procedures agreed upon by the Attorney General and the head ofthe department or agency concerned, in a manner consistent with the8 (U) NRO personnel include government civilians, contractors, and military personnel. In January 2014,the NRO revised its definition of an employee to correspond to the definition in the 1995 MOU. The1995 MOU defines an “employee” as “(1) a staff employee, contract employee, asset, or other person orentity providing services to or acting on behalf of any agency within the IC; (2) a former officer or employeeof any agency within the IC for purposes of an offense committed during such person’s employment, andfor purposes of an office involving a violation of 18 U.S.C. § 207 (conflict of interest); and (3) any otherGovernment employee on detail to the Agency.” NRO Instruction-80-2-1, Federal Crimes Reporting,22 January 2014.9(U) IC elements must report information about potential Federal crimes. Only Federal prosecutors inDOJ or DOD may determine whether a state crime may be assimilated as a Federal crime under theFederal Assimilative Crimes Act or Article 134 of the UCMJ. See 18 U.S.C. § 13 and 10 U.S.C. § 934.According to the Judge Advocate General (JAG) assigned to the NRO OGC, all violations of the UCMJ areFederal crimes. By extension, therefore, the NRO OGC should report all violations of the UCMJ to therelevant military service, JAG, and DCIO for disposition in accordance with the 2007 MOU between DOJand DOD Relating to the Investigation and Prosecution of Certain Crimes and the UCMJ.10 (U) Title 28 U.S.C. § 535(b) (2006). Title 18 of the United States Code is the criminal and penal code ofthe Federal Government of the United States and codifies Federal crimes. Title 18 outlines the elementsof several Federal and criminal procedures including terrorism; fraud; false statements; and sexualexploitation and other abuses of children, such as child pornography.11 (U) In a revision to E.O.12333, that is cited in the Memorandum of Understanding: Reporting ofInformation Concerning Federal Crimes, paragraph 1.7(a) was renumbered as section 1.6(b).Page 8 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOprotection of intelligence sources and methods, as specified in thoseprocedures.12(U) In 1995, the Attorney General (AG) and heads of IC elements issued the1995 MOU. The 1995 MOU established the procedures for IC elements to report tothe AG and to Federal investigative agencies information concerning possible Federalcrimes committed by IC employees and specific Federal crimes committed by nonemployees. Under the 1995 MOU, IC Offices of General Counsel and Offices ofInspector General share responsibilities for receiving reports of Federal criminalinformation concerning IC elements. The 1995 MOU delegates authority to the GC todetermine information that must be reported to the National Security Division of DOJor to Federal investigative agencies.(U) Reportable crimes(U) The 1995 MOU identifies and differentiates among reportable offenses committedby IC employees and non-employees. The 1995 MOU requires IC employees to reportto the GC or OIG facts or circumstances learned while performing their official dutiesthat indicate that an employee or non-employee of an IC element has committed, iscommitting, or will commit a violation of Federal criminal law identified in the 1995MOU. Reportable offenses include, but are not limited to, intentional serious physicalharm (such as sexual assault), violent crimes, and any offense, that “if committed inthe presence of a reasonably prudent and law-abiding person, would cause thatperson to immediately report the conduct directly to the police.” However, the1995 MOU is silent with regard to IC employees’ reporting obligations of potentialnon-Federal state criminal laws. Table 1 summarizes reportable offenses identified inthe 1995 MOU.12 (U) E.O. 12333, § 1.7(a), 46 FR 59941 (1981). Also, under E.O. 12968, IC employees who hold securityclearances are encouraged, although not obligated, to report any information that raises doubts as towhether another employee’s continued eligibility for access to classified information is clearly consistentwith national security. Information or allegations of suspected criminal violations are considered as partof a department’s or agency’s determination of an employee’s continued eligibility for access to classifiedinformation. See E.O. 12968 § 6.2 (b), Employee Responsibilities, 60 FR § 40245 (1995).Page 9 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) Table 1: Reportable criminal offenses identified in the 1995 MOUThis table is UnclassifiedEmployees••••Reportable criminal offensesNon-employeesViolent crimesAny offense “if committed in thepresence of a reasonably prudentand law-abiding person, wouldcause that person to immediatelyreport the conduct directly to thepolice”Title 18 violationsCrimes identified as reportablewhen committed by nonemployees••••••••Intentional infliction or threat of death or seriousphysical harmActs of terrorism and other crimes likely to affectthe national security, defense, or foreignrelations of the U.S.Crimes involving foreign interference with theintegrity of the U.S. government institutions orprocessesUnauthorized electronic surveillance or access tocomputer systemsViolations of U.S. drug lawsMoney launderingSerious felony offenses that “if committed in thepresence of a reasonably prudent and lawabiding person, would cause that person toimmediately report the conduct directly to thepolice”Conspiracy or attempt to commit a reportablecrime(U) Source: Memorandum of Understanding: Reporting of Information Concerning Federal Crimes, 1995(U) Certain violations of Intelligence Community Directive (ICD) 704 and its associatedIntelligence Community Policy Guidance (ICPG), that govern eligibility for access toclassified information, may also rise to the level of a Federal crime and therefore wouldbe reportable under the 1995 MOU.13 Those violations include, but are not limited to:• sexual behavior of a criminal nature,• personal conduct involving deliberate concealment, omission, or falsification ofrelevant facts from any personnel security questionnaire,• deceptive or illegal financial practices,• illegal drug possession or distribution, and• other criminal activity.13 (U) ICD 704, Personnel Security Standards and Procedures Governing Eligibility for Access to SensitiveCompartmented Information and Other Controlled Access Program Information, 1 October 2008 andIntelligence Community Policy Guidance Number 704.2, Personnel Security Adjudicative Guidelines forDetermining Eligibility for Access to Sensitive Compartmented Information and Other Controlled AccessProgram Information, 2 October 2008. ICD 704 established Director of National Intelligence personnelsecurity policy governing eligibility for access to Sensitive Compartmented Information and informationprotected within other controlled access programs. ICPG 704.2 identified several factors that are alsoviolations of Federal criminal laws and that Federal agencies consider when evaluating individuals foraccess to classified information.Page 10 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) In addition to specifying reportable crimes, the 1995 MOU also identifies specificconditions that exempt reporting of potential Federal crimes. See Appendix A forreporting exceptions.(U) Reporting requirements for information on suspected child abuse(U) Separate provisions in Federal law, but not included in the 1995 MOU, identifyrequirements for “covered professionals” to report credible information of suspectedchild abuse including child pornography and child molestation to appropriate stateand local authorities. 14 Title 42 U.S.C. § 13031 identifies several professions that are“covered” for purposes of this reporting requirement including psychologists,psychiatrists, and law enforcement personnel. 15(U) Under 42 U.S.C. § 13031:a person who, while engaged in a professional capacity or activity described…on Federal land or in a Federally operated (or contracted) facility, learns offacts that give reason to suspect that a child has suffered an incident of childabuse, shall as soon as possible make a report of the suspected abuse tothe…[appropriate agency].(U) However, unless crimes information provides a basis to apply the Federaljurisdiction of the United States, most suspected child abuse crimes are prosecutedunder applicable state laws that do not trigger an affirmative reporting obligation forIC employees under the 1995 MOU.16 Title 42 U.S.C. § 13031 also requires coveredIC employees who, in their official capacities, learn of facts that would give reason forthem to suspect that a child has suffered an incident of child abuse, to report theinformation to the appropriate local law enforcement organizations, local childprotective services, or the FBI. A covered professional who is identified in14 (U) Title 42 U.S.C. § 13031(a) and (c) define “child abuse” as the physical or mental injury,sexual abuse or exploitation, or negligent treatment of a child to include sexual molestation andchild pornography.15 (U) Title 42 U.S.C. § 13031(b)(2) & (6). While each IC element should identify those “coveredprofessionals” within its respective organization, psychologists, psychiatrists, and law enforcementpersonnel are among the more common professionals within IC elements that are required to meet thisreporting requirement. Under the Inspectors General Act of 1978, OIG investigators are considered“law enforcement personnel” and therefore are “covered professionals” with an obligation to reportsuspected information of child abuse to appropriate authorities pursuant to 42 U.S.C. § 13031.16 (U) Title 18 U.S.C. § 7. For example, if the information states that suspected child abuse is conductedon a Federal installation, on Federal property, or by a member of the Armed Services, then Federaljurisdiction may attach. An NRO GC legal determination is required to ensure that appropriate mattersare reported.Page 11 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO42 U.S.C. § 13031 and who fails to report suspected child abuse is subject to Federalcriminal penalties under 18 U.S.C. § 2258.17(U) Department of Defense policies and NRO crimes reporting guidance(U) DOD guidance 18 requires DOD organizations, including the NRO, that conductpolygraph examinations to report admissions of a serious criminal nature and mattersinvolving counterintelligence, law enforcement, or security information developedduring the course of a polygraph examination to appropriate authorities. In addition,Article 134 of the UCMJ identifies conduct that is punishable for military personnelwho act in a manner that is prejudicial to good order and discipline or that discreditsthe Military Services. Such conduct includes patronizing prostitutes, illicit drug use,and child abuse.(U//FOUO) As of August 2009, the NRO required its personnel to notify the OGC orOIG of possible violations of Federal criminal laws when such activities related to NROfunds, programs, property, operations, or activities and of which they become awarewhile performing their official duties. 19 In May 2012, the NRO issued a writteninstruction that formalized existing practices requiring its security personnel toprovide information obtained during the adjudicative process to the NRO OGC, OIG, orCounterintelligence Division (CID) within the Office of Security and Counterintelligence(OS&CI) when it was determined that an individual committed or had knowledge of aFederal crime.20 In June 2013, the NRO issued a directive formalizing the OGC’sresponsibility to expeditiously notify the AG whenever the GC has reasonable groundsto believe a violation of Federal criminal law occurred. 21(U) Appendix B summarizes selected laws and guidance related to crimes reporting inthe IC, DOD, and NRO.17 (U) Title 18 U.S.C. § 2258. Failure to report suspected child abuse may result in a criminal fine orimprisonment of less than one year or both.(U) DOD Directive 5210.48, Polygraph and Credibility Assessment Program, (25 January 2007);DOD Instruction 5210.91, Polygraph and Credibility Assessment Procedures, (12 August 2010); andDOD Instruction 5525.07, Implementation of the Memorandum of Understanding Between the Departmentsof Justice and Defense Relating to the Investigation and Prosecution of Certain Crimes, (18 June 2007).1819 (U) Oversight Corporate Business Process Instruction, Obligation to Report Evidence of Possible Violationsof Federal Criminal Law and Illegal Intelligence Activities, 80-3 (August 2009).2021(U//FOUO) NRO.(U) NRO Directive 80-2, NRO Office of General Counsel Framework. 18 June 2013.Page 12 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) Crimes reporting roles and responsibilities for NRO officials(U) Within the NRO, the OS&CI, OGC, and OIG have responsibilities for identifying,referring, and reporting potential violations of Federal criminal laws. 22 NRO guidancerequires OS&CI to collect and adjudicate polygraph-derived information and to referinformation about potential violations of criminal law to the NRO OGC, OIG, or CID,or to report the crimes information to other government organizations.(U) Office of Security and Counterintelligence(U//FOUO) Within OS&CI, the Personnel Security Division (PSD) processes personnelsecurity and access requests for NRO-sponsored personnel. Within PSD, thefollowing branches and staff have responsibilities related to crimes reporting:•(U//FOUO) Polygraph Management Branch (PMB)•(U//FOUO) Adjudications Branch (AB)•(U//FOUO) Special Actions Staff (SAS)22 (U) For purposes of this report, we use the term “refer” when discussing notification of admissions ofpotential crimes that are shared internally with other NRO components. We use the term “report” whendiscussing notification made to external organizations, such as DOJ.Page 13 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) Office of General Counsel(U) The NRO Director designated the NRO OGC as responsible for reviewingadmissions of possible criminal acts and violations of Federal criminal law not relatedto NRO funds, programs, property, operations, or activities. 23 In accordance withE.O. 12333 crimes reporting procedures and the 1995 MOU, OGC is responsible forreporting potential Federal crimes to DOJ or law enforcement organizations when theOGC determines that a reasonable basis exists to believe that a Federal crime was, isbeing, or would be committed.(U) Office of Inspector General(U) In 2009, the NRO Director designated the NRO OIG as responsible for conductingpreliminary investigative inquiries into potential criminal acts and violations of Federalcriminal law that involve NRO funds, programs, property, operations, or activities.24At that time, the NRO OIG was not yet subject to requirements in the InspectorGeneral Act of 1978 (IG Act) that requires expeditious reporting to the AG wheneverthe IG has reasonable grounds to believe there has been a violation of Federal criminallaw. 25 On 7 October 2010, the NRO OIG became a Designated Federal Entity underthe IG Act. As a result, as of October 2010, NRO OIG has had a statutory obligation toreport violations to the AG and may also report crimes information to DCIOs and otherinvestigative agencies, including those at the state and local levels. 26 In July 2012,the OIG Investigations staff became the NRO point of contact for providing informationto DOJ or law enforcement organizations about child abuse allegations, includingmolestation, that OGC referred to DOJ. The NRO OIG documented this responsibilityin its investigations manual in February 2014.(U) Reporting process(U//FOUO) During the adjudicative process, if AB determines that an individualcommitted or had knowledge of an unreported Federal crime, AB forwards theinformation to SAS, which then prepares a notification letter containing information23 (U) Id. and NRO Directive 80-2, NRO Office of General Counsel Framework, Business Oversight Function80, 18 June 2013.24 (U) NRO Oversight-80, Obligation to Report Evidence of Possible Violations of Federal Criminal Law andIllegal Intelligence Activities, Instruction 80-3. August 2009.25(U) 5 U.S.C.A. App. 3 § 4(d).(U) DOD Instruction 5505.3, Initiation of Investigations by Defense Criminal Investigative Organizations,(24 March 2011) defines DCIOs as the U.S. Army Criminal Investigative Command, Air Force Office ofSpecial Investigations, Naval Criminal Investigative Service and Defense Criminal Investigative Service.A Military Criminal Investigative Organization (MCIO) includes all of the DCIOs with the exception of theDefense Criminal Investigative Service.26Page 14 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOabout the unreported crime; fraud, waste, or abuse of government resources; orcounterintelligence concerns. 27 SAS disseminates the letter to appropriate NRO officesfor assessment or possible investigation and may notify external Federal organizationsthat have an “adjudicative interest” in the individual.(U//FOUO) If an admission involves potential danger to another person, risk tonational security, or serious criminal offenses and requires action to prevent danger toindividuals, facilities, systems, or national security, OS&CI may notify OGC, OIG, andCID via telephone within 24 hours of the admission and prior to completion of theadjudications process. 28 However, in FYs 2009 through 2012, referral to OGC andOIG generally did not occur until the adjudications process was complete.29 OS&CIofficials may notify other authorities, relevant NRO program offices or companies, andconsult with the NRO OS&CI staff psychologist or NRO employee assistance program.SAS must notify adjudicative organizations at other government agencies aboutadverse actions taken by the NRO.(U) Once notified by OS&CI, OIG and OGC may notify DOJ, law enforcementorganizations, or other agency OIGs about the admissions of potential Federal crimesor violations of the UCMJ. Appendix C describes the NRO process for reporting(U//FOUO) In November 2013, OS&CI revised its procedures for referring information about potentialFederal crimes to the OGC, OIG, and CID and for reporting information externally. Procedural changesno longer require OS&CI to make referrals when it is determined that an individual only “had knowledgeof” an unreported crime. In addition, if it is determined during the adjudicative process that an individualmay pose a counterintelligence threat or risk, then AB, not SAS, refers available information to CID.AB also tracks the status of those referrals.27(U//FOUO) The NRO formalized existing practices in an NRO PSD directive, Immediate AdjudicativeAction (22 August 2013). Admissions requiring immediate adjudicative action include suicidal thoughts;current child abuse or molestation by the subject or known about by the subject; prior child abuse ormolestation by the subject or known about by the subject if a minor child is still accessible to theperpetrator; obstruction of justice or bribery of U.S. officials or witnesses in U.S. proceedings; imminentthreat of serious bodily injury or unlawful harassment or intimidation against an individual; denials orviolations of civil or human rights; threats to the President of the United States or other U.S. Governmentofficials or candidates for election to national office; disclosures of classified information that endangerongoing operations and/or those involved in such operations; deliberate unauthorized removal andstorage of classified information; and unofficial contact with foreign intelligence officers or crimes,including acts of terrorism, that are likely to affect the national security, defense, or foreign relations ofthe United States.28(U//FOUO) In November 2013, OS&CI revised its procedures for referring admissions of potentialFederal crimes to the OGC, OIG, and CID, and reporting information externally. The written guidancenow includes procedures for referring admissions of potential crimes made by military personnel, use of agroup email to refer admissions of potential crimes simultaneously to OGC and OIG, and a requirement torefer all potential criminal activity falling within Federal guidelines within 10 business days aftercompletion of investigative actions. We did not evaluate OS&CI’s compliance with this policy as it wasimplemented after the timeframe of our evaluation.29Page 15 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOadmissions made by civilians and military personnel in effect in FYs 2009 through2012 and new practices implemented in 2012.(U) Admissions of potential crimes made during NRO-administeredpolygraphs(U) In FYs 2009 through 2012, the NRO administered 44,493 polygraph sessions to31,122 individuals.30 Sixty-seven percent (21,144) of those individuals did not makeadmissions of potential Federal criminal acts or violations of ICD 704 and itsassociated implementing policy guidance.31(U) We used data obtained from the NRO’sdatabase to identify admissions involving potential violations of ICD704 or Federal criminal laws.32 We identified 19,830 admissions of potential violationsof ICD 704 or of Federal criminal law made in FYs 2009 through 2012 duringNRO-administered polygraph examinations. Following completion of polygraphexamination sessions, NRO polygraph examiners categorized admissions inusing the 13 guidelines identified in ICPG 704.2, Annex A of the AdjudicativeGuidelines for Determining Eligibility for Access to Sensitive CompartmentedInformation. Absent review by OGC of each security file and admission, it is notpossible to determine, usingdata, the actual number of admissions of potentialFederal crimes made in FYs 2009 through 2012. Therefore, the number of admissionsshown in Table 2 that are potential Federal crimes and reportable under the1995 MOU may be over-inclusive.(U) Table 2 summarizes the number and types of admissions made during polygraphsadministered by the NRO in FYs 2009 through 2012.30 (U) The NRO may administer multiple polygraph sessions to a single individual. Therefore, the numberof polygraph sessions does not equate to the number of individuals who were administered polygraphs bythe NRO.(U) ICPG 704.2, Personnel Security Adjudicative Guidelines for Determining Eligibility for Access toSensitive Compartmented Information and Other Controlled Access Program Information, 2 October 2008.3132 (U)is the NRO’s authoritative database used to verify approvals of personnel security accesses.Thedatabase contains personnel, investigative, adjudicative, polygraph, and other security-relatedinformation on individuals who had, have, or are currently pending access to NRO programs. Thedatabase includes information on admissions made by individuals who voluntarily self-terminated theclearance process. For each completed examination, the polygraph examiner populates thedatabase to identify the examination dates and session results, among other information.Page 16 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) Table 2: Admissions made during NRO-administered polygraphs in FYs 2009through 2012This table is unclassifiedType of potential violationNumber of admissionsPercent of all admissionsICD 704a12,39963Federal criminal lawbTotal7,43119,83037100(U) Source: IC IG analysis of NRO data(U) Notes: a Not all admissions related to potential violations of ICD 704 are reportable crimes under the1995 MOU. For example, admissions including outside activities; alcohol abuse; psychologicalconditions; inadvertent removal or disclosure of classified information; financial considerations; andminor security violations such as password misuse are neither crimes nor reportable under the1995 MOU. However, IC elements consider such admissions when making determinations whether togrant or continue eligibility for a security clearance.(U)b Admissions of potential Federal criminal law include: criminal activity; deliberate damage togovernment sponsored information systems, deliberate misuse of government defense systems orinformation systems; deliberate provision of classified information to unauthorized persons; deliberateremoval of classified materials to unauthorized locations; fraud to include intentional falsification ofdocumentation; involvement with terrorism; involvement with foreign governments or foreign intelligenceservices; general or security concerns, sexual misbehavior, and the use, possession, or sale of illegaldrugs or narcotics. We calculated the number of admissions that are potential violations of Federalcriminal law using the NRO’s self-categorization of admissions inand reportable crimes in the1995 MOU. However, the number of admissions of potential violations of Federal criminal law may beover-inclusive because not all potential violations are necessarily actual crimes.(U) According to OS&CI officials, during the first half of Calendar Year (CY) 2013, theNRO administered 3,069 polygraph sessions to 2,709 individuals. Less thanone percent of those individuals made admissions of potential Federal crimes orviolations of ICD 704.(U) Objective, Scope, and Methodology(U) Objective(U) The objective of this evaluation was to assess NRO’s compliance with laws, policies,and procedures to identify and report admissions of potential violations of Federalcrimes made by contractors, government civilians, and military personnel duringpolygraph examination sessions administered by the NRO in FYs 2009 through 2012.During this review, we expanded the scope to also assess how the NRO handledreporting admissions of violations of state criminal laws and violations of the UCMJdue to the frequency of those types of admissions and because the NRO is a DefenseAgency whose workforce includes personnel who are subject to the UCMJ.Page 17 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) Scope(U) We focused on admissions of potential crimes made by contractors, governmentcivilians, and military personnel assigned to the NRO or for whom the NRO wasassessing eligibility to access classified information. We limited our analysis toNRO-administered polygraph examinations in FYs 2009 through 2012 and admissionsof potential crimes that OS&CI referred to OGC or OIG from 1 January to 17 June2013. For CY 2013, we reviewed only those security files for individuals whom OS&CIidentified as having made admissions of potential crimes. We did not independentlyverify whether there were additional admissions of potential crimes made during thistime that OS&CI did not refer to OGC or OIG.(U) Methodology(U) To determine whether the NRO reported admissions in accordance with Federallaws and other guidance, we reviewed Federal statutes and regulations, E.O.s, ICDs,and NRO and DOD policies in effect between 2009 and 2013 and related to reportingpotential violations of Federal and state criminal laws, as well as violations of ICD 704and the UCMJ. We also interviewed NRO officials who were responsible for identifyingand reporting admissions of potential criminal violations made by NRO personnel andapplicants during polygraph examinations.(U) We analyzed data obtained from. We supplemented that data withinformation obtained from the NRO OIG and OGC regarding admissions that OS&CIreferred to them in FYs 2009 through 2012. We consulted with NRO officials toresolve discrepancies in the data. Using those data, we selected two samples foranalysis. One sample consisted of security information for 269 randomly selectedindividuals who participated in NRO-administered polygraph examinations inFYs 2009 through 2012. We are 90 percent confident, with a margin of error of+/- 5 percent, that the results of this sample are representative of all polygraphexamination sessions administered by the NRO in FYs 2009 through 2012. We alsoselected and reviewed security files for 106 individuals who made admissions relatedto “sexual behavior” during NRO-administered polygraph examinations in FYs 2009through 2012. 33 While the results of this sample should not be consideredrepresentative of all admissions of sexual behavior made during that time, the results33 (U) The IC uses 13 guidelines to categorize admissions when determining whether to grant or revokeaccess to classified information. “Sexual behavior” is one of those guidelines. “Sexual behavior” includesdeviant or criminal sexual behavior such as viewing child pornography, child molestation or abuse, rape,bestiality, patronizing prostitutes, and human trafficking. It also includes a pattern of compulsive,self-destructive or high-risk behavior that the person is unable to stop and that may be symptomatic of apersonality disorder or that reflects lack of discretion or judgment.Page 18 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOprovide insight into how the NRO referred and reported those potential crimes. 34 Inaddition, we analyzed admissions made by 78 individuals that the NRO OIG and OGCreported to DOJ or law enforcement organizations in FYs 2009 through 2012.(U//FOUO) To assess the NRO’s compliance with self-identified corrective actionsimplemented since July 2012 for reporting potential crimes, we reviewed admissions ofpotential crimes that OS&CI referred to OGC, OIG, or both NRO components duringthe first half of CY 2013.(U) See Appendix D for additional information about our scope and methodology.(U) Findings(U) NRO did not report some admissions of potential Federal crimes and UCMJviolations made in FYs 2009 through 2012(U) In FYs 2009 through 2012, the NRO reported most, but not all, admissions ofpotential Federal crimes made during NRO-administered polygraph sessions. Duringthat time, the NRO also did not report all admissions of potential violations of theUCMJ, that according to the NRO JAG, constitute Federal crimes. According to theNRO JAG, UCMJ violations constitute Federal crimes. The lack of documentedpractices combined with inconsistent and inaccurate advice given by former seniorOGC officials resulted in the NRO not reporting some admissions of potential crimes toDOJ or appropriate Federal investigative agencies. In addition, discrepancies betweenDOJ and UCMJ reporting expectations and practices and reporting requirementsunder the 1995 MOU created confusion regarding the necessity to report certaincrimes and to whom.34 (U) Not all sexual behavior issues involve criminal behavior. Thus, if an individual makes an admissionto a polygraph examiner involving sexual behavior that is not a Federal crime, then there is no need toreport the information, under the 1995 MOU, to DOJ for action. Although Federal statute, IC policy, andNRO guidance do not preclude the NRO from doing so, NRO OGC officials asserted, “the NRO has no[legal] obligation to report non-Federal crimes to law enforcement authorities.” In March 2014, theNRO Director established an internal activity within OS&CI with responsibility for promptly reporting tolocal law enforcement organizations possible specified violations of state criminal laws specificallyinvolving crimes against children. The NRO Director also instructed all NRO personnel to report possiblecrimes against children immediately to “the activity” if the information is obtained in the performance ofofficial duties.Page 19 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOA. (U) NRO did not report some admissions of potential Federal crimes(U) In FYs 2009 through 2012, the NRO reported most, but not all, admissions ofpotential Federal crimes that individuals made during NRO-administeredpolygraph examinations. The 1995 MOU and NRO guidance require the NRO OGCto report potential violations of Federal criminal law to DOJ. DOD guidance, towhich the NRO is subject as a Defense Agency, requires reporting of potentialcrimes and violations of the UCMJ to DCIOs, military commanders, or JAGs.However, we determined that the NRO did not report three percent of admissionsthat involved possession of child pornography—a Federal crime—and were madeduring NRO polygraphs administered during those Fiscal Years. 35(U) We also analyzed admissions categorized inas related to “sexualbehavior” that were made by 106 individuals during NRO-administered polygraphexaminations in FYs 2009 through 2012. 36 Thirty of those 106 admissionsinvolved child pornography or child abuse. Although the NRO did not report10 percent (3) of those 30 admissions, OS&CI usually suspended the individuals’accesses to classified information—and therefore, employment with the IC—as partof the adjudicative process. 37(U) Other types of potential Federal crimes that the NRO regularly did not report inFYs 2009 through 2012 included recreational illicit drug use or possession, andintentional falsification of Questionnaires for National Security Positions. Accordingto the current NRO AGC, OGC usually does not report personal use of controlled(U) We are 90 percent confident, with a margin of error of +/-5 percent, that the results of the sample of269 individuals is representative of all admissions made by all individuals who participated inNRO-administered polygraph examinations in FYs 2009 through 2012.3536 (U) We selected this sample for analysis because of the claims in an article published by the McClatchyCompany and Congressional concerns that focused on the reporting by the NRO of admissions ofpotential crimes related to child abuse. Although the findings from this sample are not representative ofall admissions of potential crimes involving “sexual behavior” made in FYs 2009 through 2012, thesample provides insight into how the NRO referred and reported those types of admissions and suggeststhat the NRO did not report all admissions that it potentially should have reported. The 106 casesincluded both criminal and non-criminal offenses related to “sexual behavior.” Non-criminal behaviorincludes sexual contact with foreigners and sexual addictions and disorders that could make anindividual susceptible to undue influence or coercion. Thirty of the 106 cases involving sexual behaviorincluded admissions involving possession of child pornography or child abuse, which are criminaloffenses.37 (U) Title 18 U.S.C. § 2258 defines child exploitation as including child pornography and prostitution.Child molestation usually exists as a state crime. While several provisions of Title 18 Chapter 109A,Sexual Abuse, prohibit sexual offenses against children, the Federal jurisdiction of the U.S. is limited tothe special maritime and territorial jurisdiction of the U.S. Unless there is evidence that meets thisjurisdictional requirement for a Federal crime (e.g., abuse occurred in a Federal facility), most suspectedchild abuse crimes are prosecuted under applicable state laws that do not trigger an affirmative reportingobligation for IC employees under the 1995 MOU. See 18 U.S.C. § 7.Page 20 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOsubstances even though use or possession is a reportable Federal crime under the1995 MOU. The 1995 MOU permits agency GCs to not report “relatively minoroffenses” that would normally be reportable under the MOU if DOJ generallyconcurs with the overall categorization of that type of potential crime. A DOJofficial indicated that those types of admissions are common enough that it wouldbe burdensome to prosecute, particularly if the quantities involved are de miminis.(U) Also, in FYs 2009 through 2012, neither OS&CI nor OGC routinely informedthe OIG of potential admissions of Federal crimes or crimes involving child abuseunder the belief that there was no requirement for OS&CI or OGC to do so. OS&CIand OGC officials usually limited OIG notification to potential crimes involvingwaste, fraud, or abuse of NRO funds, programs, property, operations, or activities.In addition, according to documentation in NRO security files for individuals whomade reportable admissions of child abuse (including child pornography, sexting,and child molestation), in FYs 2009 through 2012, the former NRO AGC and GCdeclined to notify DOJ of some of those admissions. In one case, those formerofficials asserted that the NRO was not [legally] obligated to report the admissionsof potential crimes because the statute of limitations had expired, and DOJ wouldnot be interested because the potential crimes were dated. 38(U//FOUO) In another case, the former AGC initially declined to report admissionsmade by a contractor who worked as a Security Officer at an NRO contractorfacility. The admissions involved child sexual molestation, sexting, and viewingonline nude images of girls whom the contractor believed to be under the age ofeighteen. In an email to OS&CI, the former AGC explained his decision not toreport the information to DOJ:...doubt we have enough to interest the FBI, especially since we don’t have thelast name or address and the alleged victim is fourteen years old and fullycapable of calling the police herself.(U//FOUO) Despite OGC’s initial assessment that it lacked information to make areport to DOJ, OS&CI continued to believe this admission should be formallyreferred to OGC and reported to DOJ with a copy of the report letter sent to theNRO OIG. Following OGC’s decision not to report the admission to DOJ, OS&CIshared the information with the NRO OIG which investigated the admissions in38 (U) When we became aware of admissions that were not reported, we notified the NRO OIG and OGC.Pursuant to 18 U.S.C. § 3283 (2012), the Federal statute of limitations does not exist for crimes involvingthe sexual abuse of children if the child is still alive. United States Code states “no statute of limitationsthat would otherwise preclude prosecution for an offense involving the sexual or physical abuse, orkidnapping, of a child under the age of 18 years shall preclude such prosecution during the life of thechild, or for ten years after the offense, whichever is longer.”Page 21 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOconjunction with DCIS. 39 OIG and DCIS determined the identity of the victim, thatthe child molestation was not an isolated incident as the individual had originallyclaimed, and that the individual maintained continuing contact with the childthereby placing her in potential continued harm. OIG shared this information withthe former AGC, who subsequently reversed his decision not to report the potentialcrimes to DOJ.(U//FOUO) At that time, the former AGC stated:Both of these facts will be critical to a Justice Department determination in thiscase and should be mentioned in the referral letter. Additionally, these two newfacts mean that we should get the letter to the Justice Department as soon aspossible so that they can pursue the case before the girl is further victimized by[the subject].(U) While OGC eventually reported this admission to DOJ, reporting took almostfive weeks from the date when OS&CI first informed OGC of the admission.Without OS&CI’s initiative to inform the OIG of the admission, OGC would nothave reversed its decision to report the admission to DOJ.(U) In neither case did the former NRO AGC or GC state that the NRO did not havea legal obligation to report to state and local authorities child molestation becausethat behavior is not a Federal crime.(U) With few exceptions, Federal statutes and IC policies do not create a legalobligation for IC elements, including the NRO, to report to DOJ or law enforcementorganizations admissions of potential violations of state criminal laws, such aschild molestation. 40 However, nothing in Federal statute, IC policy, or NROguidance precludes NRO officials from voluntarily and immediately reporting to law39(U) DCIS had jurisdiction over criminal matters at the location where the contractor worked.40 (U) Title 42 U.S.C. § 13031 identifies requirements for “covered professionals” to report credibleinformation of suspected child abuse including child pornography and child molestation to appropriatestate and local authorities. Professions that are “covered” for purposes of this reporting requirementinclude psychologists, psychiatrists, and law enforcement personnel. In accordance with DODInstruction 5525.07, Implementation of the Memorandum of Understanding (MOU) between theDepartments of Justice (DOJ) and Defense Relating to Investigations and Prosecution of Certain Crimes(18 June 2007) most Federal crimes committed outside a military installation by persons subject to theUCMJ that normally are tried by court-martial will be investigated and prosecuted by DOD withimmediate notice of significant cases to the appropriate DOJ investigative agency. In some instances,information of a state crime allegedly committed by an individual who is subject to the UCMJ may also bereported if the violation could be assimilated as a Federal crime under the Federal Assimilative Crimes Actor Article 134 of the UCMJ. See 18 U.S.C. § 13 and 10 U.S.C. § 934. Therefore, in some cases,information of a violation of a state crime is reportable in accordance with Federal criminal reportingrequirements.Page 22 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOenforcement organizations admissions involving potential violations of statecriminal laws that they have a reasonable basis to believe create an imminentdanger to others.(U) Yet, according to current NRO OGC officials, “OGC has no [legal] obligation toreport those crimes to DOJ.” NRO OGC officials emphasized that they were notlegally obligated in FYs 2009 through 2012—nor are they currently legallyobligated—to report child sexual abuse to DOJ or law enforcement organizationsbecause child abuse is a state crime, not a Federal crime. Therefore, they generallychose not to report those crimes unless the admissions also involved Federalcrimes such as possession of child pornography. Furthermore, OGC officialsstated that they have no [legal] obligation to inform the OIG of admissions of childsexual abuse because the authority of the OIG is limited to fraud, waste, andabuse involving NRO funds, programs, property, operations, or activities.(U) OIG officials stated that in the absence of a legal obligation and formalmechanism for NRO OGC to report to law enforcement admissions of potentialstate criminal laws involving an imminent threat to others, the OIG provisionallyassumed the reporting function. However, as we discuss later in this report, theOIG was not consistently informed about all such potential crimes prior toJuly 2012, and was unable to effectively fulfill this function in FYs 2009 through2012.(U) While NRO OGC officials assert that they “have no [legal] obligation to reportnon-Federal crimes such as those involving child sexual abuse,” currentOGC officials recognize that possession of child pornography is a Federal crime andis reportable pursuant to the 1995 MOU. As we previously discussed, in FYs 2009through 2012, reporting of child pornography was inconsistent. However, as ofJuly 2012 it is the practice of current OGC leadership to report all admissionsinvolving possession of child pornography to DOJ regardless of when the allegedactivity occurred. According to a current NRO AGC, OGC made this change to itsreporting practices after discussions with DOJ officials. DOJ officials confirmedthat no statute of limitations exists for reporting potential crimes involving childpornography. In addition, the NRO OGC and OS&CI implemented a process inDecember 2012 to simultaneously notify the OIG of potential admissions of allcrimes.(U) Our limited review of admissions referred by OS&CI during CY 2013 indicatesthat NRO is complying with its new practices and 1995 MOU reportingrequirements. However, at the time of our review, neither the NRO OGC nor OIGPage 23 of 86UNCLASSIFIED//FOUOhad formally documented these practices in Written guidance or operatinginstructions.? Unless practices are formally documented and shared with NROcomponents with responsibility for identifying, referring, or reporting potentialFederal crimes, the NRO risks deviation from those practices and admissions ofUCMJ violations and potential crimes may not be reported. Furthermore,documenting practices in Written guidance and operating instructions provides aformal basis for the OIG to leverage existing relationships with local lawenforcement and independently report potential crimes if they believe reporting isnecessary, even when OGC declines to report information about a potential crime.(U) 1. (U) We recommend review all admissions in its?database that are categorized as ?sexual behavior,? and notify boththe NRO OIG and OGC of any admissions involving possession ofchild pornography made in FYs 2009 through 2012 that OGC orOIG did not report. If discovers admissions involving childmolestation or other violations of state criminal laws that pose animminent danger to others, We recommend that informboth OGC and OIG even though those crimes may not be Federalcrimes .2. (U) We recommend OGC report any admission related to childpornography of which OGC was informed and did not report toDOJ and, when appropriate, to DCIOs and military commanders,regardless of the admission date.3. (U) We recommend OIG report any subsequent admissions ofviolations of Federal or state criminal laws that pose an imrninentthreat to others, including child sexual abuse regardless of theadmission date if the allegation has not been otherwise addressedby the OIG.41 (U) On 22 January 2014, the OGC issued NRO Instruction 80-2-1, Federal Crimes Reporting, thatdocuments its procedures for reporting admissions of potential Federal crimes allegedly comrnitted byemployees, including civilians, contractors, detailees, and military personnel.Page 24 of 86UNCLASSIFIED//FOUO(U) Management Comments:(U) The NRO OS&CI, OGC, and OIG concurred with these recommendations, andprovided additional clarifying information that is included in this report, asappropriate.(U) In its official response to this report, the NRO suggested that we overstated thenumber of cases involving “sexual behavior” that the NRO had not reported yetshould have in FYs 2009 through 2012. We agree with the NRO that not alladmissions related to “sexual behavior” are reportable crimes even though suchadmissions may rise to a level where OS&CI would revoke or suspend anindividual’s access to classified information. However, the admissions that formedthe basis for our assessment were limited to possession of child pornography orchild sexual abuse. While our assessment is accurate, we added clarifyinglanguage to the report. The NRO did not report 10 percent (3 admissions) of the30 admissions involving child pornography or child abuse to DOJ or other lawenforcement organizations. In some instances, OS&CI had referred the cases toOGC, but OGC officials informed OS&CI that the admissions were not of interest toDOJ or that the statute of limitations had expired. The NRO stated in its officialcomments that “OGC management has reported all child pornography cases(old and new) which have come to its attention and will continue to do so in thefuture.” Beginning in July 2012, DOJ informed the NRO OGC that all admissionsinvolving child pornography—regardless of when the alleged activity occurred—should be reported to DOJ. To our knowledge, since then, OGC has reportedadmissions involving child pornography of which it is aware.(U) The OIG also commented on recommendation 3 suggesting we revise therecommendation to more accurately reflect that the OIG “does not possess anyalleged cases involving threats to children or others that were not properlyaddressed, nor does OIG have cases where it relied on OS&CI to take action in lieuof OIG.” We revised the recommendation accordingly. See Appendix G for theNRO’s complete comments.Page 25 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOB. (U) NRO Did Not Report All Admissions of UCMJ Violations(U) DOD policies and Military Service-level guidance require the NRO OGC to reportpotential violations of the UCMJ to DCIOs and military commanders. The1995 MOU indirectly reinforces this expectation. However, no comparablereporting requirement exists in IC policies and none existed in NRO guidance untilJanuary 2014. In FYs 2009 through 2012, the NRO did not report all admissionsof UCMJ violations that military personnel made during NRO-administeredpolygraph examinations. Those admissions included patronizing prostitutes; useor possession of illicit drugs; child molestation; and intentional omissions andfalsification of Questionnaires for National Security Positions. According toNRO officials, they did not report those potential UCMJ violations because:• no requirements exist in IC and NRO guidance to do so;• OS&CI lacked training instructing them to notify OGC of such admissions; and• confusion existed within OS&CI and OGC about the process to reportUCMJ violations.(U) IC and NRO Policies Do Not Address Reporting of UCMJViolations(U) DOD policies and Military Service-level guidance require reporting of potentialcriminal violations to DCIOs as well as military commanders. Specifically,DOD Instruction 5505.3 and the Military Service-level guidance require militarycommanders to ensure that criminal allegations or suspected criminal allegationsinvolving persons affiliated with the DOD or any property or programs under itscontrol or authority are referred to the appropriate DCIO, MCIO, or lawenforcement organization. 42 Moreover, 28 U.S.C. § 535 requires that anyinformation, allegation, or complaint relating to violations of Federal criminal lawand involving Government officials and employees be reported expeditiously toDOJ.42 (U) DOD Instruction 5505.03, Initiation of Investigations by Defense Criminal InvestigativeOrganizations, (24 March 2011); DOJ-DOD MOU, Reporting of Information Concerning Federal Crimes,(August 1995); and Air Force Instruction 71-101 Volume 1 “Criminal Investigative Program”(8 April 2011). Department of the Navy Instruction 5430.107, “Mission and Functions of the NavalCriminal Investigative Service” (28 December 2005) requires Department of the Navy commands andactivities to immediately refer to the Naval Criminal Investigative Services any incidents of actual,suspected, or alleged offense punishable under the UCMJ, or similarly framed Federal, state, local, orforeign statutes, by confinement for a term of more than one year. Army Regulation 195-2 “CriminalInvestigative Activities” § 1-7(b)(1) (6 September 2011) requires commanders to ensure criminal incidentsor allegations are reported whenever an Army interest exists or that involve persons subject to the UCMJ,civilian employees and DOD contractors if related to their assigned duties or position, Governmentproperty is under Army jurisdiction, or those incidents occurred in areas under Army control are reportedto installation law enforcement activity.Page 26 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) The exception to this requirement occurs when DOD is responsible forinvestigating the matter under the UCMJ or as otherwise provided by law oragreement such as in DOJ-DOD MOU, Reporting of Information Concerning FederalCrimes. The 1995 MOU indirectly reinforces the expectation that IC elements willreport information about UCMJ violations by exempting from reporting any crimeinformation received by a DOD intelligence component concerning a DODintelligence component employee when crimes information is submitted to andinvestigated by the appropriate DCIO. However, absent a comparable reportingrequirement in IC policy or NRO guidance, OS&CI officials did not refer alladmissions made by military personnel during NRO-administered polygraphexaminations in FYs 2009 through 2012. Those admissions included patronizingprostitutes, illicit drug use or possession, child molestation, and intentionalomissions and falsification of information on Questionnaires for NationalSecurity Positions.(U) During this review, the NRO OGC began developing an Instruction that, onceissued, would require the OGC Judge Advocate General (JAG) to review OS&CIreferrals to determine whether a UCMJ violation exists, and if so, to report theinformation to the appropriate commander and military legal office for dispositionby the military. Concurrently, an NRO OGC attorney would evaluate the referral todetermine whether a Federal crime may have been committed and should bereported to DOJ. 43 The NRO OGC issued this instruction on 22 January 2014 andincorporated a recommendation we made in a prior report.44 The recommendationdirected the NRO OGC to formally document in NRO guidance a process forreporting admissions of potential crimes and UCMJ violations made by militarypersonnel.(U) OGC did not instruct OS&CI officials to report UCMJviolations(U//FOUO) In FYs 2009 through 2012, OGC did not instruct OS&CI to refer toOGC admissions made by military personnel during NRO-administered polygraphswhen those admissions may be violations of the UCMJ. During that time, OS&CI’straining focused on referring felony crimes, imminent threats, child pornography,child abuse, spouse abuse, tax evasion, and fraud. Each of those potential crimesis reportable as a Federal crime pursuant to the 1995 MOU.43(U) NRO Business Function Instruction 80-2-1, Federal Crimes Reporting. 22 January 2014.(U) Evaluation of Media Claims Regarding Non-Reporting by the National Reconnaissance Office ofCertain 2010 Admissions of Potential Crimes (Report Number IO-2013-007). February 2014.44Page 27 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) The NRO did not include admissions involving UCMJ violations in its training,in part, because of the differing focus of the 1995 MOU and the UCMJ on actionsthat constitute reportable crimes. Although admissions related to violations of theUCMJ are not necessarily of interest to DOJ because they are not always Federalcrimes, those same admissions may be of interest to DCIOs and militarycommanders. For example, the current NRO OGC JAG expects OS&CI to referadmissions involving the intentional falsification of Questionnaires for NationalSecurity Positions by military personnel if the falsifications occurred within thefive-year statute of limitations. 45 However, in FYs 2009 through 2012, the formerNRO OGC JAG had not instructed OS&CI to report those admissions. As a result,OS&CI generally did not do so unless military personnel also made admissions ofother Federal criminal violations.(U) NRO OGC officials, however, treat similar admissions made by non-militarypersonnel differently. Title 18 U.S.C. § 1001 penalizes individuals for knowinglyand willfully making false statements on Federal Government documents, and thatcrime is reportable to DOJ under the 1995 MOU. Yet, according to NRO OGCofficials, DOJ does not expect Federal agencies to report those potential crimesunless admissions of other Federal crimes are also present. Both OGC and OS&CIofficials stated that the omission and falsification of information on Questionnairesfor National Security Positions is a common occurrence. As a result, the NRO OGCexercised its authority under the 1995 MOU, with DOJ concurrence, and advisedOS&CI not to refer those admissions to OGC unless admissions of other Federalcrimes are also made.(U) Because the NRO OGC has not provided training or guidelines to OS&CIregarding which admissions of UCMJ violations warrant referral to OGC, thepotential exists that OS&CI may not refer certain reportable admissions to OGC orOIG because they are not aware of requirements to do so. In fact, the Chief of ABand some staff were not aware of OGC decisions made in 2013 regarding the typesof admissions that OGC wants referred to it when military personnel makeadmissions of UCMJ violations.(U) Reporting requirements for patronizing prostitutes(U) According to the current NRO OGC AGC, the NRO does not report to DOJadmissions related to patronizing prostitutes when there is no evidence of ties tohuman trafficking because patronizing prostitutes generally does not constitute a45(U) Willfully making false official statements is punishable under Article 107 of the UCMJ.Page 28 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOFederal offense.46 Yet, under Article 134 of the UCMJ, patronizing prostitutes is acrime whether or not the act involves human trafficking. Also, 18 U.S.C. § 1384makes engaging in prostitution or soliciting prostitutes a Federal misdemeanorwhen the activity occurs near a military or Navy establishment. 47 Therefore, theNRO should be reporting to DCIOs and the military chain of command admissionsof patronizing prostitutes made by military personnel. We identified eight militarypersonnel in our combined samples 48 who made admissions during NROadministered polygraph examinations in FYs 2009 through 2012 of patronizingprostitutes. The NRO reported none of those admissions to DCIOs or militarycommanders.(U) Reporting Requirements for illicit drug use, possession, orsales(U) Both Article 112(a) of the UCMJ and the 1995 MOU specifically identify illicitdrug use, possession, and sales as a reportable Federal crime. Moreover,50 U.S.C. § 3325 requires any IC employee who has knowledge of a fact orcircumstance that reasonably indicates that an employee, agent, or asset of anIC element is involved with the illegal manufacture, purchase, sale, transport, anddistribution of drugs to report that information. However, as previously discussedin this report, the NRO typically does not report de minimus illicit drug use,possession, or sales because DOJ concurred with the NRO GC determination thatde minimus illicit drug use, possession, and sales meet the 1995 MOU exceptionsfor reporting. Therefore, reporting requirements among the 1995 MOU, Federalstatute, UCMJ, and actual reporting practices are inconsistent.(U) NRO reported admissions to organizations responsible foradjudicating clearances, but not always to law enforcementorganizations(U) In FYs 2009 through 2012, the NRO reported several admissions of crimesmade by military personnel to DOD organizations responsible for adjudicatingclearances. The NRO believed the adjudicative organizations would inform the46(U) See generally, 18 U.S.C. § 1581-1596.47 (U) Title 18 U.S.C. § 1384, Prostitution Near Military and Naval Establishments, places violations on thesame basis as other misdemeanors in violation of the general statutes of the United States and authorizespunishment of persons subject to military or Naval law under such law. In case the military or Navalauthorities turn the violator over to the civil authorities, the trial and punishment may be under thegeneral law.(U) The combined sample consists of 375 individuals and includes 106 individuals from our judgmentalsample as well as 269 individuals that comprise our random sample. See Appendix D for informationabout those samples.48Page 29 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOappropriate DCIOs. Because the NRO did not concurrently notify DCIOs or otherDOD law enforcement organizations, the DCIOs may not have been aware of orinvestigated admissions of UCMJ violations. For example:•(U) The former NRO AGC advised OS&CI in 2010 to refer to the Air ForceCentral Adjudication Facility (AFCAF) admissions of viewing child pornographyand engaging in child molestation made by an Air Force officer. 49 AFCAF isresponsible for granting and rescinding clearances for Air Force personnel.However, AFCAF is not a law enforcement organization or investigative entityand does not investigate potential crimes. 50 While OS&CI notified AFCAF of theadmissions, the NRO OGC did not notify the Air Force Office of SpecialInvestigations (AFOSI) that conducts criminal investigations, the militaryofficer’s commanding officer, or DOJ. A former AGC within the NRO OGCadvised NRO OGC and OS&CI officials that, based on his understanding of NROprocedures for reporting prior criminal admissions made by military personnel,AFCAF would refer the case to AFOSI. The Air Force officer who made theadmissions continued to service in the Air Force until his retirement, afterwhich he worked as a cleared contractor for the United States Army.•(U//FOUO) In 2010, the NRO debriefed an Air Force Technical Sergeant whoadmitted to deliberately misusing a government-sponsored information system.OS&CI notified the NRO OIG and informed AFCAF of the admission. However,the NRO did not report the crimes information to AFOSI or DOJ. As a result,the Air Force may not have had the opportunity to prosecute the individual orassess the impact on government information systems.•(U//FOUO) In May 2010, a contractor admitted to deliberately misusing agovernment-sponsored system; fraud; use and possession of illegal drugs; anddeliberate removal of classified information and transmittal of that informationto an unauthorized person. In December 2012, the NRO notified theDOD Central Adjudicative Facility, but did not report the crimes information toDCIOs or DOJ for potential referral to the FBI. Not only did the NRO notcomply with 1995 MOU reporting requirements, but the DCIOs and FBI may49 (U) IC IG. Evaluation of Media Claims Regarding Non-Reporting by the National Reconnaissance Office ofCertain 2010 Admissions of Potential Crimes. (Report Number IO-2013-007.) February 2014.(U) AFCAF is responsible for determining whom within the Air Force and among certain contractors iseligible to hold a security clearance and have access to Sensitive Compartmented Information (SCI).AFOSI is a Federal law enforcement and investigative agency and is responsible for conducting criminalinvestigations of a variety of serious offenses and illegal activities that undermine the mission of theU.S. Air Force or the DOD.50Page 30 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOnot have had the opportunity to investigate potential crimes and assess orcounter potential damage to military operations.•(U//FOUO) Four military officers admitted between 2010 and 2012 topatronizing prostitutes overseas. According to OS&CI and OGC officials, theNRO does not routinely notify DOJ or DCIOs of these types of UCMJ violations.Although patronizing prostitutes is not a Federal crime in most cases, and the1995 MOU does not require reporting of non-Federal crimes, patronizingprostitutes is a violation of the UCMJ, and therefore, reportable to DCIOs.(U) The lack of documented processes for referring admissions of potential crimesmade by military personnel, combined with OGC and OS&CI misunderstandingsthat the centralized adjudicative facilities would notify the DCIOs, contributed tothe NRO use of incorrect reporting procedures in FYs 2009 through 2012.(U) A draft of this report, shared with the NRO, included recommendations toaddress the lack of formal NRO guidance documenting the reporting process foradmissions and violations of the UCMJ made by military personnel. The lack ofguidance posed the risk that NRO officials might deviate from informal reportingpractices. 51 After reviewing the draft, on 22 January 2014 the NRO OGC issuedNRO Instruction 80-2-1, Federal Crimes Reporting. This instruction establishesand implements processes for the NRO OGC to report admissions of potentialcrimes committed by contractors, civilians, and military personnel (see Appendix Cfor information on the NRO reporting process). However, this instruction still doesnot require the NRO to report the crimes information to the relevant DCIO inaccordance with Military Service-level policies. According to the NRO JAG, thecommanding officer is responsible for addressing the matter based on advice fromthe Military Service’s JAG. Involvement of DCIOs is at the commanding officer’sdiscretion. However, we believe that the NRO should also notify the DCIOs inaccordance with Military service directives and instructions discussed earlier inthis report.51(U//FOUO) We contacted the Central Intelligence Agency (CIA) and National Security Agency (NSA)OGCs to learn how they handle admissions of potential Federal crimes or UCMJ violations made bymilitary personnel. The CIA OGC notifies JAGs, whereas NSA reports admissions via the military chain ofcommand and to DCIOs. Depending on the location of the alleged activity, the NSA OGC may also notifyDOJ.Page 31 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) Although the NRO OGC instruction does not require the NRO JAG to notify theDCIO of potential reportable UCMJ violations, overall the NRO instructionaddresses the majority of our concerns and mitigates the risk that the NRO maynot report UCMJ violations to the appropriate authorities.(U) RECOMMENDATION:4. (U) We recommend NRO OGC incorporate in Instruction 80-2-1 arequirement for the JAG to report admissions involving UCMJ violationsto DCIOs simultaneously with notification to the appropriate commanderand serving military legal office for military disposition.(U) Management Comments:(U) The NRO concurred with this recommendation. See Appendix G for the NRO’scomplete comments.C. (U) NRO did not provide continuous training required by the 1995 crimesreporting memorandum of understanding(U) The 1995 MOU requires IC elements to establish initial and continuing trainingto ensure that employees who are engaged in the review and analysis of collectedintelligence are knowledgeable and compliant with the provisions of the MOU.While the NRO provides initial training to its adjudicators, it has not providedmandatory, periodic training in accordance with the 1995 MOU.(U) When OS&CI updated training documentation in 2013, it did not coordinate thetraining with the OIG to ensure inclusion of current roles and responsibilities forthe crimes reporting process. For example, training materials do not explain thatas of July 2012, following OGC notification to DOJ, the OIG acts as the point ofcontact to respond to DOJ requests for information related to child sexual abuseissues. Training materials also do not discuss the OIG legal obligation under42 U.S.C. § 13031 to report potential Federal crimes involving child molestation.Because OGC does not have a legal obligation to report those crimes to DOJ, andthe 1995 MOU does not require reporting of non-Federal crimes or acknowledgereporting requirements under 42 U.S.C. § 13031, OS&CI officials may not notifythe OIG when individuals admit to violating state criminal laws that pose animminent danger to others, such as child molestation.(U) The NRO Assistant Inspector General for Investigations believes thatmandatory, periodic training allows the OIG to educate adjudicators and polygraphPage 32 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOexaminers about changes to referral processes and reportable crimes as well asshare the results of their work. Moreover, periodic training would help establishrelationships between OIG Investigators and OS&CI polygraph examiners thatwould encourage polygraph examiners, with the consent of their management, tocontact OIG Investigators on those occasions when an individual admits topossessing evidence of a crime or involvement in an ongoing crime that involvesimminent harm to others. Neither polygraph examiners nor NRO OIG investigatorshave custodial authority; therefore, they are unable to detain an individual even ifthat person admits to a crime. In such cases, it is critical that OS&CI contact theOIG during the polygraph examination to permit the OIG to notify local lawenforcement who can act.(U) As discussed, differences exist between the types of admissions that DOJ andmilitary investigative organizations expect and want to receive. Withoutmandatory, periodic training that addresses such differences, the potential existsthat OS&CI staff may not refer certain reportable admissions to OGC or OIGbecause they are not aware of requirements to do so. Furthermore, opportunitiesto thwart recent, ongoing, or planned crimes or collect evidence may be missed ifpolygraph examiners and adjudicators are unaware of whom to contact to facilitatelaw enforcement response.(U) RECOMMENDATION:5. (U) We recommend OGC and OIG provide mandatory, periodictraining to OS&CI polygraph examiners and adjudicators. Thetraining should address the broad types of potential crimes andUCMJ violations that OS&CI officials should refer to OGC and OIGand identify points of contact within both NRO components.(U) Management Comments:(U) The NRO concurred with this recommendation. See Appendix G for the NRO’scomplete comments.D. (U) Notification to NRO OIG was delayed or did not occur inFYs 2009 through 2012(U//FOUO) In September 2010, the National Security Agency (NSA) OIG reviewedNRO OIG operations as part of a routine quality control assessment. The NSA OIGidentified delayed notification to the OIG of child pornography cases as a seriousinformation access issue for the NRO OIG. The NSA OIG asserted that promptPage 33 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOnotification allows for immediate referral of the matter to appropriate Federal lawenforcement organizations and lessens the likelihood that evidence of crimesagainst children will be destroyed before law enforcement has an opportunity torespond. At that time, the NSA OIG recommended that the NRO establish aprocess for OS&CI to notify OGC and the NRO OIG Investigations staffsimultaneously of admissions of potential criminal conduct and violations ofFederal law involving child pornography. 52 However, the NRO did not change itspractices until two years later. The OGC did not document those practices inwritten guidance until January 2014.(U//FOUO) Our work validated the NSA OIG findings. In FYs 2009 through 2012,OS&CI notified the OIG of 68 percent of admissions related to child pornographyand molestation that the NRO reported to DOJ. In most cases, OS&CI notifiedOGC of the admissions before notifying the OIG. Although OS&CI notified the OIGon the same day in some instances, in other instances, the OS&CI either did notnotify the OIG or did so after a significant period of time had passed. According toa senior OS&CI official, until approximately 2010, OS&CI was not aware of aninternal agreement between the OIG and OGC requiring OS&CI to notify the OIG ofadmissions related to potential Federal crimes involving children. OS&CI officialsbegan to routinely notify the OIG when the NRO instituted a simultaneousnotification process in 2012.(U) Table 3 summarizes the number of days in FYs 2009 through 2012 that OIGwas notified after OGC.(U//FOUO) NSA Memorandum for Inspector General National Reconnaissance Office, Letter ofObservations: Quality Assessment Review of the Investigative Operations of the Office of Inspector General,National Reconnaissance Office, June 7-11, 2010. NSA issued the report on 1 September 2010.52Page 34 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) Table 3: Number of days for OS&CI to notify NRO OIG about admissionsrelated to child crimes after first notifying OGC in FYs 2009 through 2012This table is Unclassified//For Official Use OnlyAdmissionChildpornographyChildmolestationChildmolestationandpornographyNotinformed9Sameday43311061120213031Number of Days31- 41- 5140506011361707180819091+111111(U) Source: IC IG analysis of data provided by NRO OGC and OIG(U) Note: The table does not include data for admissions made in FYs 2009 through 2012 that theNRO OGC should have, but did not, report to DOJ. For example, the data do not include one instancewhen OS&CI did not notify the NRO OIG until two years after a military officer admitted to viewingchild pornography. The OIG reported the admission to the FBI and local law enforcement within 48hours of notification by the NRO OGC. The table also does not reflect that OS&CI notified the OIGbefore OGC for six admissions related to child pornography and child molestation.(U) In July 2012, OS&CI implemented a process to notify OGC and OIGsimultaneously via email of admissions of potential criminal conduct involvingchild pornography. The NRO also designated the OIG as the point of contact torespond to external agency and law enforcement requests for information aboutchild pornography admissions. While this arrangement permits the OIG to useexisting relationships with law enforcement, both the NRO OIG Counsel andAssistant Inspector General for Investigations stated that another NRO componentcould also fulfill this role. NRO OGC, OIG, and OS&CI officials stated that they areconsidering establishing an office within OS&CI that would assume the currentOIG liaison function with local law enforcement regarding crimes. However, theNRO does not have the resources or funds to establish or staff this office. Until theNRO establishes this office, the OIG Assistant Inspector General for Investigationsplans to continue liaising with local law enforcement and report potentialnon-Federal crimes, such as child molestation, which the NRO OGC has no legalobligation to report under Federal statutes.(U) Prior to July 2012, no practice or process existed within the NRO for OGC orOS&CI to notify the NRO OIG of crimes not related to fraud, waste, or abuse ofNRO funds, programs, property, operations, or activities. However, since the NRObecame a Designated Federal Entity in October 2010, the NRO OIG has had astatutory obligation to report expeditiously to the AG whenever the IG hasPage 35 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOreasonable grounds to believe there has been a violation of Federal criminal law. 53Moreover, because OIG investigators are “covered professionals” in their roles aslaw enforcement officers, they have a legal obligation under 42 U.S.C. § 13031 toreport to law enforcement agencies all admissions involving child sexual abuse ofwhich OIG investigators become aware while conducting their official duties.(U) In the absence of legal obligation or formal process for OGC to reportnon-Federal crimes to DOJ or law enforcement, the OIG has assumed, with OGCconcurrence, the liaison function with law enforcement authorities. Yet, both anOS&CI operating instruction and OGC guidance limit notification to the OIG topotential Federal crimes involving fraud, waste, or abuse of NRO funds, programs,property, operations, or activities.(U//FOUO) Our review of 32 admissions that NRO reported during CY 2013 foundthat since July 2012 the NRO OS&CI is simultaneously referring admissions ofpotential crimes to OGC and OIG, by email. During the first six months ofCY 2013, NRO OIG and OGC reported to appropriate authorities, within four daysof notification by OS&CI, 11 of the 14 admissions involving possession of childpornography or engaging in child molestation. OGC and the OIG reported theremaining three admissions within eight days of receiving notification from OS&CI.OS&CI also simultaneously referred to OGC and OIG all 18 admissions ofnon-child crimes that the NRO OGC reported to DOJ during the first half ofCY 2013. In addition, OGC now identifies the OIG in written reports sent to DOJas the NRO point of contact for additional information on admissions made by NROemployees related to child pornography and child-crimes.(U) In January 2014, the NRO OGC issued guidance requiring concurrentnotification to the NRO OGC and OIG when OS&CI refers potential Federal crimes.However, OGC has not issued standard operating procedures that identify the OIGas the point of contact to respond to DOJ requests for information about potentialcrimes involving child abuse. Also, when we completed our review, the NRO OIGhad not updated its internal operating instructions or finalized changes to itsinvestigations manual to reflect this role. Therefore, the risk exists that thesepractices will not continue.(U) Since completion of our review, OGC issued NRO Instruction 80-2-1.The instruction identifies the circumstances and processes for concurrentlyreferring admissions of potential crimes and UCMJ violations to OGC and OIG.(U) Despite this progress, the OGC has yet to incorporate the OIG responsibility inOGCs standard operating instructions or to make a determination whether the53(U) 5 U.S.C. Appendix 3 § 4(d).Page 36 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOOGC should report potential crimes to DOJ when the OIG expresses an interest inan admission. Therefore, we are repeating and expanding upon a recommendationthat we made in our recent report Evaluation of Media Claims Regarding NonReporting by the National Reconnaissance Office of Certain 2010 Admissions ofPotential Crimes. 54(U) RECOMMENDATIONS:6. (U) We recommend that the OGC incorporate the OIG’s role asthe NRO point of contact for child related crimes reported toDOJ or external law enforcement organizations in its standardoperating procedures and clarify the OGC’s role for reportingto DOJ potential crimes even when the OIG has expressed aninterest in an admission.7. (U) We recommend that the OIG incorporate into and finalizeits investigations manual and operating instructions thataddress crimes reporting the OIG role as the NRO point ofcontact for responding to DOJ or external law enforcementorganization requests for information about child relatedcrimes.(U) Management Comments:(U) The NRO concurred with these recommendations. On 4 February 2014, theNRO OIG updated its investigations manual and internal OIG operating proceduresfor crimes referrals. The OIG documented its legal responsibility to investigateallegations of possible fraud, waste, and abuse in NRO operations and toinvestigate other matters as directed by the NRO IG. In addition, the manualacknowledges the NRO OIG authority, as a Designated Federal Entity, toinvestigate matters that may raise questions concerning the possible violation ofFederal criminal law that has a nexus to the NRO and is within the NRO OIG’sjurisdiction as authorized by the IG Act, as amended. Moreover, the manualidentifies the OIG Investigations Staff as the NRO point of contact for providinginformation about child abuse allegations, including molestation, that OGC hasreferred to DOJ or to the OIG for investigation. Finally, the OIG stated in itsinternal policy that even if the “OIG expresses interest, OGC still has an obligation54(U) February 2014.Page 37 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOto report the matter to DOJ.” These actions satisfy recommendation 7 of thisreport. We consider this recommendation closed. See Appendix G for the NRO’scomplete comments.(U) NRO guidance usurped OIG statutory crimes reporting obligations(U) Nothing in NRO guidance or the 1995 MOU may usurp the OIG’s statutoryobligation under the IG Act for reporting information about Federal crimes. 55Under the IG Act, to which the NRO OIG has been subject since October 2010, theNRO OIG has a statutory and affirmative obligation to report expeditiously to the AGwhenever the IG has reasonable grounds to believe there has been a violation ofFederal criminal law. 56 Moreover, as previously discussed, NRO OIG Investigationsstaff members are “covered professionals” in their role as law enforcement officers.Therefore, they have a legal obligation under 42 U.S.C. § 13031 to report to lawenforcement agencies admissions of potential crimes involving child sexual abuse andof which OIG investigators become aware while performing their official duties.(U) The IG Act does not limit the OIG’s affirmative reporting obligation to reportcriminal activity solely to those admissions of potential crimes related to NRO funds,programs, property, operations or activities. Furthermore, the 1995 MOU implies thatthe OIG should be receiving reports about potential crimes and reporting to DOJ orFederal investigative agencies crimes information of which OIG officials become awarewhile performing their official duties. Specifically, the 1995 MOU exempts fromreporting any criminal information previously reported to the IG based on theunderstanding that the IG is already reporting such information to the AG. Moreover,the 1995 MOU states that the reporting obligations it creates do not alter any crimesreporting procedures between OIGs and DOJ.(U) Therefore, the OIG should be informed of any potential Federal crime committed byNRO employees or prospective employees regardless whether the potential crimeinvolved fraud, waste, or abuse of NRO funds, programs, property, operations, oractivities. However, both an OS&CI operating instruction and OGC instruction limitednotification to the OIG to Federal crimes involving fraud, waste, or abuse of NROfunds, programs, property, operations, or activities. Specifically, NRO Instruction80-3 limited the OIG’s authority to conduct preliminary investigative inquiries intopotential criminal acts and violations of Federal criminal law that involve NRO funds,55 (U) Manhattan Gen. Equip. Co. v. Comm'r of Internal Revenue, 297 U.S. 129, 134 (1936) (“A regulationwhich ... operates to create a rule out of harmony with the statute is a mere nullity.”)56(U) 5 U.S.C. Appendix 3 § 4(d).Page 38 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOprograms, property, operations, or activities. 57 Under the instruction, the OGC wasresponsible for reporting all other violations of Federal criminal law to the AG.Therefore, NRO guidance erroneously usurped the statutory obligations of the OIG toreport crimes to the AG. In June 2013, the NRO issued Directive 80-2, NRO Office ofGeneral Counsel Framework, that superseded NRO Instruction 80-3 and rectified theerroneous usurping of NRO OIG authority that was in effect until that time.(U//FOUO) However, in November 2013, when OS&CI revised an operating instructionthat provides guidance for referring information about potential crimes to the OIG,OS&CI continued to limit referrals to the OIG to fraud, waste, and abuse violationsagainst the government. This practice may be inconsistent with the OIG’s reportingobligations under the IG Act and 42 U.S.C. §13031. Although the OIG may be madeaware of other potential crimes via its inclusion in an email distribution list used bythe NRO to concurrently notify OGC and OIG about potential crimes, the operatinginstruction implies that the OIG may not be consistently informed if the issue is notrelated to fraud, waste, or abuse of government funds and resources. As a result, theOIG's ability to report Federal crimes, such as child pornography, and non-Federalcrimes, such as child molestation, to local law enforcement will be restricted. Also,the operating instruction further inhibits the OIG's ability to fulfill its function as thedesignated NRO point of contact to provide information to DOJ or other lawenforcement agencies that request information following OGC reports of child-relatedcrimes.(U) To preserve its independence, only the OIG can determine whether reasonablegrounds exist that warrant reporting of potential Federal crimes or place restrictionson the types of crime information provided to it. Therefore, ensuring that OS&CI andOGC notify the OIG of admissions of potential crimes is paramount. If the NRO OIG isnot notified of potential admissions of Federal crimes or not notified in a timelymanner, then the OIG cannot fulfill its responsibilities in accordance with the IG Actor 42 U.S.C. § 13031 and potentially 18 U.S.C. § 2258.(U) RECOMMENDATION:8. (U) We recommend OS&CI revise its operating instructions andguidance to eliminate restrictions on the types of potential crimesreferred to the OIG.57 (U) National Reconnaissance Office Instruction 80-3, Obligation to Report Evidence of Possible Violationsof Federal Criminal Law and Illegal Intelligence Activities. August 2009.Page 39 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) Management Comments:(U) The NRO concurred with this recommendation. The NRO added that OS&CI iscurrently referring, via email to the NRO Crimes Referral Working Group,admissions of potential Federal crimes in addition to some violations of statecriminal laws involving certain threats to individuals that could result in seriousbodily injury or harm. The NRO Crimes Referral Working Group includes OGC andthe OIG.(U) The NRO also commented that 42 U.S.C § 13031 “does not create an obligationon non-covered professionals to report crimes to covered professionals so that thecovered professionals’ duty to report is triggered per 42 U.S.C. § 13031. As such,even though OS&CI currently and voluntarily reports violations of state criminallaws involving child abuse to OIG and OGC via the Crimes Referral Working Groupemail, it is not required to do so per 42 U.S.C. § 13031.”(U) We agree with the NRO that non-covered professionals are not required toreport crimes to covered professionals. Reporting requirements pursuant to42 U.S.C. § 13031 for covered professionals, such as NRO OIG investigations staffmembers, activate when those professionals become aware of certain crimes.So long as OS&CI continues its practice to inform the OIG of potential crimes notlimited to fraud, waste, or abuse of NRO resources, the OIG should be able to meetits reporting requirements under 42 U.S.C. § 13031. However, OS&CI’sNovember 2013 operating instruction that provides guidance for referringinformation about potential crimes to the OIG, limits referrals to the OIG to fraud,waste, and abuse violations against the government. Therefore, the guidance isinconsistent with current NRO referral practices. We believe OS&CI shouldcontinue to inform the OIG of admissions of potential crimes not limited to fraud,waste, or abuse of NRO resources, so the OIG is able to meet its reportingrequirements under 42 U.S.C. § 13031. The 28 March 2014 NRO Director’sestablishment of a Special Investigations Activity within OS&CI, and charge to thatactivity to promptly report possible violations of state criminal laws involving animminent threat or serious bodily injury to another human being to local lawenforcement agencies, does not negate the responsibility of covered professionalswithin the OIG who learn of certain crimes to report those crimes pursuant to42 U.S.C. § 13031. See Appendix G for the NRO’s complete comments.(U) NRO processes affected the time to report potential crimes(U) In FYs 2009 through 2012, internal NRO processes and personnel leavepractices negatively affected the time for the NRO to refer and report admissions ofpotential crimes. Although 28 U.S.C. § 535(b) and the 1995 MOU require“expeditious” or “timely” reporting of potential crimes, OS&CI usually refrainedfrom formally referring admissions of crimes to OGC, OIG or other Federal agenciesPage 40 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOuntil the adjudications process was complete. Therefore, individuals couldcontinue the criminal activity or tamper with or destroy evidence in the interim.The NRO implemented changes in August 2013 to expedite referrals to OGC andOIG of certain crimes requiring immediate action to prevent danger to individuals,facilities, systems, or national security.A. (U) Intertwined adjudications and crimes referral process delaysreferral and reporting of potential crimes(U) Title 28 U.S.C. § 535(b) and the 1995 MOU require “expeditious” or “timely”reporting of possible violations of Federal criminal laws, but do not define whatconstitutes “timely” or “expeditious.” Excluding “high-interest” admissions thatrequire immediate adjudicative decisions to prevent danger to individuals, facilities,systems, and national security, in FYs 2009 through 2012, OS&CI routinelycompleted the adjudicative process prior to formally referring an admission of apotential crime to OGC or OIG. The adjudicative process may include:••••multiple polygraph sessions often occurring weeks or months apart forscheduling reasons;multiple quality assurance reviews;AB review of admissions and supporting evidence; andinvestigations by the NRO CID.(U) Each of those actions is a necessary aspect of the adjudicative process. Still,those actions took time to complete and ultimately lengthened the time beforeOS&CI referred admissions of potential crimes to OIG or OGC. However, nothingin NRO policy precluded OS&CI from notifying OGC or OIG of an admission priorto completion of the adjudicative process. In fact, in August 2013 OS&CIformalized guidance on its processes to notify OGC and OIG when action isrequired to prevent danger to individuals, facilities, systems, or national security.However, in FYs 2009 through 2012 OS&CI took an average of 106 days to refer anadmission of a potential crime to OIG and 95 days on average to refer admissionsto OGC.(U//FOUO) In November 2013, OS&CI updated its referral procedures to requireAB to refer all potential criminal activity falling within Federal guidelines within10 business days after completion of all investigative actions. According to anOS&CI official, this change permits OS&CI to immediately report certain types ofadmissions prior to completion of the adjudication process. While this changeshould facilitate more timely referrals to OGC and OIG, it likely will notsignificantly shorten the overall time for OS&CI to refer admissions of potentialcrimes because AB must still complete the investigative process prior torecommending referral to OGC, OIG, CID, or other Federal government personnelPage 41 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOsecurity entities that have an “adjudicative interest.” Moreover, OGC and OIGofficials advised us that they do not report information to DOJ or law enforcementuntil OS&CI formally notifies them.(U//FOUO) Since 2009, OS&CI PMB has had a goal to notify AB within 24 hours ofan individual making a high-interest admission. The goal for referring all otheradmissions to AB is three days. However, PMB does not track its performanceagainst those internal goals. According to the Director/PMB, tracking timelinessbased on data inwould prove inaccurate because PMB may informally notifyOGC or OIG via telephone calls and emails thatdoes not capture.(U) Once formally notified, both NRO OGC and OIG reported relevant admissions toDOJ or other law enforcement organizations. The average number of days for bothOIG and OGC to report admissions of potential crimes decreased significantly fromFYs 2009 to 2012. The average number of days for the NRO OIG to reportpotential crimes decreased from 20 days in FY 2009 to 13 days in FY 2012, whilethe average number of days for the NRO OGC to report potential crimes decreasedfrom an average of 226 days in FY 2009 to 62 days in FY 2012.(U//FOUO) During the first half of CY 2013, the NRO reported admissions in amore timely manner as a result of process changes. During that time, the averagenumber of days for the NRO OGC and OIG to report an admission was three days.(See Appendix E for information on reporting times in FYs 2009 through 2012 andCY 2013.)(U) RECOMMENDATION:9. (U) We recommend OS&CI, in conjunction with OGC andOIG, separate the crimes referral and adjudications processesto permit OS&CI to formally refer to OGC and OIG, andreport to law enforcement organizations admissions prior tocompletion of the adjudication process, even when thatadmission is not a high-interest admission.(U) Management Comments:(U) NRO concurred with this recommendation stating it will update its guidance torequire referral of cases prior to final adjudication when admissions involve Federalcrimes and certain violations of state criminal laws including imminent threat,danger, or serious bodily injury to another person. See Appendix G for the NRO’scomplete comments.Page 42 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOB. (U) NRO process gives OS&CI responsibility for legaldeterminations(U) OS&CI’s responsibility for determining whether an admission meets criteria fornotifying OGC or OIG effectively delegates a legal decision to OS&CI and may conflictwith the GC’s responsibility for determining when an admission is reportable.Both the 1995 MOU and NRO guidance task OGC with making legal determinationsand reporting potential crimes to DOJ. Yet, an OS&CI official told us that based oninformal advice by the former AGC, OS&CI does not consult with OGC or OIG on everyadmission of a potential crime and whether to refer those admissions. According toboth OIG and OGC officials, nuances of law and varying county and state criminallaws make establishing specific thresholds that OS&CI can use to determine whichadmissions of potential crimes OS&CI should refer to OGC and OIG almostimpossible.(U) Although OIG and OGC officials applauded OS&CI’s willingness to contact them forguidance on when an admission may be reportable, the potential exists for OS&CIstaff to make inaccurate determinations of what constitutes reportable crimes. In fact,OS&CI officials acknowledged that they are not always aware of the types of potentialcrimes that should be referred to OGC and OIG. We believe that this confusionextends to referring UCMJ violations because OGC has not informed OS&CI about theneed to refer those violations for OGC consideration.(U) The success of the NRO referral and reporting process depends on OS&CI officialscorrectly identifying admissions of potential crimes and accurately determining whenan admission of a potential crime warrants referral to OGC and the OIG. 58 Thus, theNRO has effectively delegated legal determinations to OS&CI staff. When the OGC andOIG are not made aware of admissions involving potential crimes, they cannot reportthem.(U) During our review, we observed that in 2013 OS&CI began to refer admissions ofpotential crimes that were made as early as 2010 to OGC and OIG. The OIGattributed retroactive reporting to improved working relationships between OS&CI,(U//FOUO) The results of polygraph examinations are reported as either “no significant physiologicalresponse,” “no opinion,” or “significant physiological response.” Polygraph examiners58Page 43 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOOIG, and OGC as well as media and Congressional focus on NRO crimes reportingprocesses.(U) NRO officials in the OGC, OIG, and OS&CI agree that involving OGC earlier in thereferral process by embedding within OS&CI an attorney with responsibility forreviewing all admissions of potential crimes and UCMJ violations could be beneficial.Potential benefits include:•••••(U) mitigating the possibility that OS&CI inadvertently may not refer anadmission to OIG or OGC;(U) ensuring that certain behaviors are uniformly identified as potentialcriminal acts or UCMJ violations;(U) providing additional assurance that OS&CI refers admissions to allstakeholders with adjudicative and criminal investigative interests;(U) ensuring that changes in reporting requirements are expeditiouslyimplemented; and(U) reducing the number of days to report potential crimes to DOJ or otherlaw enforcement organizations.(U) We compared the NRO crimes reporting process with the NSA’s process.Notably, the NSA separates the adjudication and crimes reporting processes.According to NSA Security officials, they do not wait to complete the adjudicationsprocess before notifying OGC of admissions of potential crimes, especially whenadmissions involve potential danger to another individual. According to an NSAOGC official, the reporting delay that would likely occur if OGC waited for anadjudicative decision would be too long. 59(U) Although OGC has designated an attorney to act as the focal point for OS&CIlegal matters, reliance on AB and SAS to determine which admissions are referredto OGC and OIG continues to raise concerns that OS&CI is making de facto legaldecisions.(U) We did not obtain information on the average number of days for NSA to make adjudicativedecisions when individuals made admissions of potential crimes.59Page 44 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) RECOMMENDATION:10. (U) We recommend OGC embed an attorney within OS&CI. Theattorney should be responsible for reviewing admissions of certainbehaviors to ensure they are uniformly identified as potential crimesand UCMJ violations for potential reporting separate from theadjudications process.(U) Management Comments:(U) NRO concurred with this recommendation, and stated that it does not have theresources to devote a full-time attorney to OS&CI at this time. While we agree withthe staffing constraint identified by OGC, we continue to believe that reliance onAB and SAS to determine which admissions are referred to OGC and OIG raisesconcerns that OS&CI is making de facto legal decisions. See Appendix G for theNRO’s complete comments.C. (U) OS&CI practices contributed to lengthier processing times(U) OS&CI’s Polygraph Management Branch (PMB) administers polygraphexaminations to NRO-sponsored individuals. Since 2009, PMB has requiredpolygraph examiners and team chiefs to process polygraph examination reportswithin five working days for routine cases and within three working days forhigh-interest admissions or specific interest polygraphs. However, we determinedthat Quality Assurance (QA) procedures and staffing practices contributed tolengthier processing times for some admissions of potential crimes.(U//FOUO) According to the QA Executive Officer, QA officers and team chiefswork four 10-hour days each week. Therefore, no one who can review high-interestadmissions that may require attention before the following week, is in the office onFridays. The QA Executive Officer stated that although PMB implemented thisleave policy to accommodate the desire of its staff, the approach has delayedQA reviews. OS&CI officials stated that following discussions with IC IG staff aspart of this evaluation, in October 2013, OS&CI eliminated the four 10-hour dayschedule and adjusted work schedules so that there is coverage every Friday.(U//FOUO) We identified several instances when an individual made ahigh-interest admission, yet processing was delayed due to staff who were on leave.For example, during a routine NRO polygraph a contractor admitted to molesting achild. According to the QA Executive Officer, PMB notified AB of the admission onPage 45 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOthe same day as it was made, however an 11-day delay occurred from the date ofadmission to the date when QA sent its official report to AB for adjudication andpossible referral to OIG and OGC. According to the QA Executive Officer, five daysof the delay were due to review by a PMB team chief. QA took another six days tocomplete its review of the polygraph session. A flex-day, holiday, and an ongoingspecial investigation further contributed to the delay notifying AB. However, theExecutive Officer experienced difficulty identifying the specific reasons forQA delays because this information was not documented in the polygraphtechnical report or in. In another instance, an individual made anadmission involving child pornography. The QA review took one month, but theExecutive Officer was unable to explain the reason for the lengthy review. The dayafter QA completed its review, QA forwarded the admission to AB. Given that bothof those admissions qualified as high-interest reports, in accordance with its policy,PMB should have notified AB within 24 hours of when the admissions were made.(U//FOUO) NRO’s practice has been for the Executive Officer, who also serves asthe Chief of Quality Assurance for PMB, to approve each Specific Issue Polygraph(SIP) that QA reviewed before forwarding the file to AB. 60 The Chief usually doesnot review polygraph examinations that are not SIPs. Because no staff member isdesignated to act as a back-up when the Executive Officer is absent, QA does notsend admissions made during SIPs to AB until the Executive Officer returns andreviews the files. According to the Executive Officer, past delegation of the reviewfunction resulted in problems. Therefore, PMB/QA discontinued the practice ofdesignating a back-up reviewer.(U) In addition, the PMB quality assurance process caused delays referring somecases. As part of its quality control process, the PMB QA staff randomly selected atwo-week period and reviewed all work products submitted during that time by aspecific team or field office. During FY 2013, those reviews revealed extensiveprocessing delays resulting from misplaced cases, examiners not processing caseswithin five working days, not making edits within the required three days, or notcompleting retesting within twenty-one days. PMB/QA also determined that teamchiefs took significant time to conduct required reviews. In one case, it took twelvebusiness days before the team chief conducted the first review and another monthafter the last polygraph session before QA received the case for processing and wasable to forward the case to AB.60 (U) The NRO administers specific interest polygraph examinations to assist in resolving specificICD 704 issues or concerns. As a general rule, all government and contractor personnel sponsored by theNRO for SCI access or for access to the NRO information systems must complete, or have completed, acounterintelligence security polygraph prior to authorization for access.Page 46 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) According to the PMB/QA Executive Officer, as a result of discussions withIC IG staff during this review, PMB/QA modified how it identifies, tracks, andprioritizes cases to shorten the time before cases are forwarded to AB.In June 2013, PMB informed its staff via email that each team chief is responsiblefor directly notifying AB whenever PMB processes certain types of cases regardlessof the type of polygraph examination that was conducted. According to NROofficials, this process effectively eliminates time-consuming quality assurancereviews by the Executive Officer at headquarters. Direct notification to AB mustoccur within 24 hours when:•High-interest information is obtained. This information includes, but is notlimited to, child or spousal abuse, child pornography, felony crimes,imminent threats, tax fraud or evasion, serious criminal offenses, and issuesimpacting national security such as espionage or compromise of classifiedinformation;•(U//FOUO) PMB incorporated those changes into its Case AdministrationProcedures in November 2013. The intent of this process is to alert AB of incomingcases that may require expedited processing by AB. PMB also expects the processto assist it to track its processing timeliness. We did not evaluate the effectivenessof those changes as they were implemented after we completed our work.(U) RECOMMENDATION:11. (U) We recommend the Chief/PMB cross-train an individual toact as a backup when the Executive Officer is out of the officefor an extended period.(U) Management Comments:NRO concurred with this recommendation, noting that the June 2013modifications to its quality assurance process effectively eliminates timeconsuming quality assurance reviews by the Executive Officer at headquarters.Page 47 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOAs a result, we consider this recommendation closed. See Appendix G for theNRO’s complete comments.D. (U) OGC reporting of potential crimes was lengthy in FYs 2009 through2012(U) OGC also experienced significant delays reporting potential crimes in FYs 2009through 2012. For those fiscal years, we identified 76 occurrences when it tookOGC more than a week to notify DOJ of an admission of a potential Federal crime.During that time, OGC reported to DOJ only one admission in under a week.Lengthy delays in reporting are a concern, particularly when admissions involveserious offenses that pose an imminent threat to others. As mentioned previouslyin this report, the risk exists that a crime may continue or that individuals mayalter or destroy evidence in the interim between an admission and reporting.(U) Table 4 shows the average, median, and range for the number of days OGCtook to report admissions of potential Federal crimes to DOJ in FYs 2009 through2012.(U) Table 4: Average number of days for NRO OGC to report potential Federal crimesin FYs 2009 through 2012This table is Unclassified//For Official Use OnlyFiscalYearFY 2009FY 2010FY 2011FY 2012TotalNumber ofsubjects212621977Average22612610362139Median12575633178(in days)a(U) Source: IC IG analysis of NRO data(U) Note: a Number of days was rounded to the nearest whole number.Range27 to 1,11424 to 7045 to 31212 to 2195 to 1,114(U) During the first half of CY 2013, the average number of days for OGC to reportadmissions declined to three days, indicating that OGC is more expeditiouslyreporting potential crimes to DOJ.(U) NRO implemented corrective actions to strengthen its crime reportingprocess(U) Under the leadership of the current NRO Director, in July 2012, the NRO beganto proactively implement corrective actions to address deficiencies that itdiscovered in its policies and processes for identifying and reporting admissions ofFederal crimes made during polygraph examinations. Congressional interest andPage 48 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOthe McClatchy Company claims of non-reporting of certain egregious admissionsdrove the NRO to focus on strengthening internal and external coordination tofacilitate the identification, referral, and reporting of potential crimes as well asimproving tracking of reported admissions. In addition, in March 2014 followingdiscussions with IC IG staff, the NRO Director established an internal activity topromptly report possible violations of specified state criminal laws, includingcrimes against children, to local law enforcement authorities and serve as theliaison between the NRO and local law enforcement agencies.A. (U) Internal coordination(U) Prior to July 2012, the NRO did not have strong processes to facilitate timelycommunication and sharing of information about admissions of potential crimesamong NRO stakeholders involved in the crimes referral and reporting process.The NRO implemented the following changes beginning in 2012:•(U) OS&CI concurrently refers to NRO OIG and OGC admissions of potentialFederal crimes. In January 2013, the NRO implemented the NSArecommendation to establish a process whereby OS&CI notifies NROOIG/Investigations concurrently with OGC when admissions of potentialcriminal conduct involve child pornography. The NRO created an emaildistribution list to facilitate simultaneous notification of OIG and OGCpersonnel regarding all criminal referrals from OS&CI, and did not limit theuse of the email notification to admissions involving potential childpornography. In addition, OGC now copies OIG on all notification letters itsends to DOJ. Previously, OGC copied the OIG only when admissions ofpotential crimes involved child sexual abuse, and notification was not aconsistent practice. In November 2013, OS&CI incorporated this changeinto its referral procedures.•(U//FOUO) OGC documents and communicates decisions and reasons notto report admissions of potential crimes. The AGC now informs the GC,OIG, and OS&CI when deciding not to report to DOJ an admission of apotential Federal crime. Previously, the AGC informed only OS&CI thatOGC had determined that notification to DOJ was unnecessary. InNovember 2013, OS&CI updated its written procedures requiring SAS todocument when OGC determines that no report to DOJ is necessary.Page 49 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO•(U//FOUO) OGC tracks OS&CI referrals of admissions. OGC tracks thenames of individuals whom OS&CI refers, even when OGC does not reportthe individuals to DOJ. The sheet includes reasons that OGC declined toreport admissions to DOJ. Previously, OGC tracked only information foradmissions that it reported to DOJ and did not consistently track reasonsfor declining to send the information.•(U//FOUO) OS&CI formalized process to refer high-interest admissions toOGC and OIG immediately. As previously discussed, in August 2013,OS&CI established policies and procedures to refer to OGC and OIGadmissions that involve threats to individuals, facilities, systems, andnational security within 24 hours as opposed to waiting to complete theadjudicative process. 61 Immediate referrals include, but are not limited to,– admissions of current child abuse or molestation by an individual orwhen known about by the individual; 62– past child abuse or molestation by an individual or when known aboutby an individual if a minor child is still accessible to the perpetrator;–that endanger ongoing operationsand/or those involved in such operations;–and–or crimes that arelikely to affect United States national security, defense, or foreignrelations.(U//FOUO) In November 2013, OS&CI revised its procedures for referring potentialcrimes information to the OGC, OIG, and CID, and reporting that informationexternally. The written guidance now includes procedures for referring admissionsof potential crimes by military personnel, use of a group email to refer admissionsof potential crimes simultaneously to OGC and OIG, and a requirement to refer allpotential criminal activity falling within Federal guidelines within ten businessdays after completion of investigative actions.(U//FOUO) Following a March 2014 discussion with IC IG staff, the NRO Directorissued a Policy Note, Reporting of Specified State Criminal Laws, establishing aninternal SIA within OS&CI. The SIA’s function is to promptly report possible61(U) NRO Personnel Security Division. Immediate Adjudicative Actions. 22 August 2013.62 (U) Although OS&CI requires its personnel to immediately refer to OIG and OGC of admissionsinvolving child molestation, Federal law, IC policy, and NRO guidance do not require the OGC to report toDOJ or Federal investigative organizations those referrals that involve violations of state criminal lawssuch as child molestation. According to the current AGC, OGC may voluntarily report crimes informationrelated to child molestation, although the NRO OGC “has no [legal] obligation to do so.”Page 50 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOviolations of specified state criminal laws, specifically crimes against children, tolocal law enforcement authorities and serve as the liaison between the NRO andlocal law enforcement agencies. The Policy Note also directs NRO personnel toreport possible crimes against children immediately to the SIA if the information isobtained in the performance of official duties. However, the new SIA will notnecessarily include an embedded attorney who possesses the legal expertise todecode which admissions should be referred to local law enforcement. In addition,officials within the new SIA likely will not be covered professionals under 42 U.S.C.§ 13031. Therefore, we, and the NRO OIG, believe it is important that OS&CI andOGC continue to inform the NRO OIG of admissions involving potential violationsof state criminal laws involving child abuse and the admissions that the activitydecides to report.(U) We believe those changes will strengthen situational awareness, coordination,oversight, clarify reporting obligations, and expedite reporting of egregious crimes.B. (U) External coordination(U) Beginning in July 2012, the NRO implemented several changes to strengthencoordination with DOJ by:•(U//FOUO) addressing notification letters to specific recipients. OGC begansending unclassified notification letters via email to specific individualswithin the DOJ Criminal and National Security Divisions. This processreplaced faxing classified letters to the DOJ Criminal Division withoutidentifying a specified recipient.•(U//FOUO) providing personally identifying information about individualswho made admissions in notification letters to DOJ. OGC modifiednotification letters to include personally identifying information such as thefull name, social security number, date of birth, and last known address ofthe individual who made an admission of a potential Federal crime.Previously, the NRO did not include this information. Previously, OGC useda naming convention that required the recipient to contact the NRO forinformation about the individual who made the admission.•(U//FOUO) designating the NRO OIG as the point of contact to respond torequests from DOJ on all child-related notifications of potential crimes thatOGC reports to DOJ. OGC remains the DOJ point of contact for all othertypes of potential crimes reported by OGC to DOJ.Page 51 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO•(U//FOUO) incorporating a statement in notification letters to DOJregarding NRO OIG intent to open investigations if DOJ does not respond toNRO stating its intent to investigate potential crimes. If DOJ does not notifythe NRO within ten calendar days of receiving a report from OGC that DOJintends to pursue the issue, then the NRO OIG may open its owninvestigation. According to the DOJ attorney who receives NRO reports ofpotential crimes, the NRO OIG should not wait for a response from DOJ ifthe OIG feels that it should conduct an investigation.•(U) including a statement in notification letters alerting DOJ to potentialviolations of state criminal laws, when applicable. According to NROofficials, in December 2012 OGC began including a statement in notificationletters to DOJ stating that admissions included potential violations of statecriminal law and may be shared with local authorities for lead purposes.We believe inclusion of this statement facilitates information sharing withlocal and state law enforcement. Moreover, addressing reporting of potentialviolations of state criminal laws, although no Federal requirements or ICDsestablish requirements for IC elements to report such crimes, is animprovement.(U) We believe those changes should help to ensure receipt of written reports by thecorrect DOJ and law enforcement organizations and reduce reliance on DOJ tocoordinate or disseminate information internally. Also, the changes should reducethe time needed for DOJ to obtain information for investigation and potentialprosecution of potential crimes. The DOJ attorney assigned to receive crimesreports from the NRO supports the changes.(U) However, the NRO OGC has not similarly incorporated all of the changes madesince 2012 in its written operating instructions. For example, OGC has yet toidentify the OIG as the point of contact for DOJ inquires following OGC reports ofchild related potential crimes. Also, OGC guidance does not require inclusion of astatement alerting DOJ to potential violations of state criminal laws in its reportsto DOJ. Therefore, the risk exists that the practices will not continue.(U) RECOMMENDATION:12. (U) We recommend OGC incorporate changes implementedsince July 2012 into official operating instructions andguidance.Page 52 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) Management Comments:(U) NRO concurred with this recommendation. Based on prior discussions with theIC IG, both OGC and OIG incorporated changes to NRO Instruction 80-2-1 and theOIG Investigations Manual and Operating Instruction respectively, as noted by theNRO in its official comments to this report. However, as we state in this report,OGC has yet to incorporate all changes in its operating instructions. For example,Instruction 80-2-1 does not identify the OIG as the point of contact for DOJinquiries following OGC reports of child related potential crimes, or requireinclusion of a statement alerting DOJ to potential violations of state criminal lawsin its reports to DOJ. Therefore, the risk exists that the practices will not continue.See Appendix G for the NRO’s complete comments.(U) 1995 MOU provisions do not address reporting violations of some statecriminal laws(U) The 1995 MOU established procedures by which each IC element is obligated toreport to the AG and to Federal investigative agencies information concerning possibleFederal crimes committed by IC employees and non-employees.63 However, the1995 MOU is silent with regard to the obligation of IC element officials to reportpotential violations of state criminal laws. The Military Services require reporting ofviolations of crimes to DCIOs.A. (U) Requirements for Federal agencies to report violations ofstate criminal laws(U) The 1995 MOU requires IC employees to report information that reasonablyindicates that an IC employee has committed, is committing, or will commit aviolation of Federal criminal law. 64 However, while the MOU is silent with regard toIC employees’ reporting obligations of potential violations of state criminal laws, the1995 MOU does allow IC element GCs to use their discretion to report possiblecriminal activity to state or local authorities in conjunction with reporting to DOJ.While the 1995 MOU does not establish clear requirements for Federal agencies toreport violations of state criminal laws, the MOU contains provisions that implyIC elements should report such crimes. Specifically, the 1995 MOU states that itsprocedures are not intended to affect whether an intelligence agency reportsactivities that appear to constitute a crime under state law to state or localauthorities. If an intelligence agency considers it appropriate to report to state or63(U) Title 28 U.S.C. § 535(b) (2006).64(U) Memorandum of Understanding: Reporting of Information Concerning Federal Crimes. 1995.Page 53 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOlocal authorities possible criminal activity that may implicate classified informationor intelligence sources or methods it should inform DOJ.(U) According to senior NRO OGC officials, the NRO has no specific writtenguidance concerning the reporting of admissions of potential violations of statecriminal laws. However, under the IG Act, when made aware of any crime,including violations of state criminal laws, the NRO OIG must report imminentthreats of harm or injury to another person—including those that fall outside of itsjurisdiction—to local law enforcement. Also, the Military Services expectcommanders to report to MCIOs, DCIOs, or law enforcement organizations criminalallegations or suspected criminal allegations involving persons affiliated with theDOD or any programs under their control or authority.(U) In FYs 2009 through 2012, OS&CI usually referred admissions that involvedpossible violations of both state and Federal criminal laws to OGC and/or OIG.When individuals made admissions that potentially violated only state criminallaws, OS&CI was unlikely to refer those admissions to OGC or OIG. For example,OS&CI did not usually refer admissions involving illicit drug use or possession toOIG or OGC. According to an OS&CI official, the former AGC instructed OS&CIthat it was not necessary to refer those types of admissions due to the frequencywith which individuals made those admissions. Moreover, the 1995 MOU permitsGCs to use their professional judgment not to report relatively minor offenses towhich the 1995 MOU normally applies when the DOJ concurs with that opinion.According to OGC and OS&CI officials, admissions of illicit drug use andpossession generally involve de minimus amounts and, therefore, are addressed viathe adjudicative process.(U) In FYs 2009 through 2012, OS&CI did not refer to OGC or OIG all admissionsmade by military personnel that involved violations of the UCMJ particularlyadmissions of illicit drug use, patronizing prostitutes, and child abuse. However,OS&CI considers admissions of UCMJ violations when adjudicating securityclearances and access to NRO systems and facilities.(U) In December 2012, OGC began including a statement in some of its notificationletters to DOJ advising that “information concerning possible violations of statecriminal law may be passed to local authorities for lead purposes only, withoutattribution to NRO.” However, OGC has not incorporated this statement into itsstandard operating instruction.B. (U) Reporting requirements for admissions of suspected childabuse(U) Several provisions in law identify requirements for reporting child abuse,including child pornography and child molestation. While 18 U.S.C.Page 54 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOChapter 109A, Sexual Abuse Crimes, prohibits sexual offenses against children, theFederal jurisdiction of the United States is limited to the special maritime andterritorial jurisdiction of the United States. Therefore, unless evidence satisfies thejurisdictional requirement for a Federal crime, most suspected child abuse crimesare prosecuted under applicable state laws. Those laws do not trigger anaffirmative reporting obligation for IC employees pursuant to the 1995 MOU. 65However, certain IC employees, known as “covered professionals,” are subject toFederal requirements to report information of suspected child abuse to appropriateauthorities. Those professionals include psychologists, psychiatrists, and lawenforcement personnel. Pursuant to 42 U.S.C. § 13031,a person who, while engaged in a professional capacity or activity…on Federalland or in a Federally operated (or contracted) facility, learns of facts that givereason to suspect that a child has suffered an incident of child abuse, shall assoon as possible make a report of the suspected abuse to the…[appropriateagency…designated by the Attorney General].66(U) Title 42 U.S.C. § 13031 is unclear concerning its applicability to a Federalbuilding that does not have facilities in which children are cared for or reside, suchas the NRO. Therefore, admissions of child abuse made during NRO polygraphexaminations may not meet Federal reporting requirements. However, given theseverity of the potential crimes and potential for harm to others, the statutoryapplication of the reporting requirements should be construed broadly, accordingto the Office of Legal Counsel. 67(U) Despite these reporting obligations, when NRO officials reviewed polygraphadmissions of suspected child abuse in FYs 2009 through 2012, the NRO did nothave policies articulating the reporting requirements for NRO covered professionalsto report such information in accordance with 42 U.S.C. § 13031. The lack ofpolicies potentially contributed to failures to report those admissions. Moreover,the NRO did not have policies encouraging all NRO employees to report informationof suspected child abuse to NRO “covered professionals.” According to the NROOGC, “Federal employees are not [legally] obligated to report suspected child abuseto covered professionals.” Therefore, the only affirmative reporting obligationsknown to NRO OS&CI, OGC, and OIG personnel prior to 7 October 2010 were forinformation involving violations of Federal crimes, which would not include the65(U) Title 18 U.S.C. § 7.66(U) Title 42 U.S.C. § 13031(a).67(U) See Op. O.L.C. WL 5885536 (2012).Page 55 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOmajority of child abuse allegations involving sexual molestation, as those generallyexist as violations of state criminal laws.(U) RECOMMENDATION:13. (U) We recommend the Director/NRO issue guidance encouraging allNRO employees to report to the OIG, OGC, and OS&CI crimescommitted by NRO employees that pose an imminent threat to others,such as child molestation.(U) Management Comments:(U//FOUO) NRO concurred with this recommendation. In an Office of the DirectorPolicy Note, Reporting of Specified State Criminal Laws, (28 March 2014), theDirector of the NRO established the SIA within OS&CI. The SIA’s function is topromptly report possible violations of specified state criminal laws, specificallycrimes involving an imminent threat or serious bodily injury to another humanbeing, to the local law enforcement authorities. In addition, the policy note advisesNRO personnel to report those crimes immediately to the SIA within OS&CI if theinformation is obtained in the performance of official duties. For purposes of thepolicy, NRO personnel include NRO contractors, civilians, and military personnelwho support NRO activities.(U//FOUO) The Director of National Intelligence plans to issue IC-wide policyregarding reporting of state criminal laws to local law enforcement. The Director ofthe NRO will amend the policy note as appropriate.(U//FOUO) We consider the NRO Director’s policy to constitute significant progressto address reporting of violations of state criminal laws that pose an imminentthreat to others, particularly children. See Appendix G for the NRO’s completecomments.Page 56 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) Appendix A: Federal crime reporting exemptions(U) The Memorandum of Understanding: Reporting of Information Concerning FederalCrimes (1995) identifies specific exemptions for reporting of potential Federal crimes,including:•••••••reported to an IG previously 68;alleged to have occurred more than ten years prior to the date when the crimesbecame known to the agency and are not part of a continuing pattern ofbehavior, unless the information is related to homicide or espionage;collected and disseminated to it by another department, agency, ororganization, so long as the receiving agency does not uncover additional crimesinformation during its analysis. If the agency has a reasonable basis to believethe alleged criminal activities that occurred more than ten years ago relate to,or are part of, a continuing pattern of criminal activities that continued withinthat ten-year interval, then the agency must report that information;received by a DOD intelligence component and concerns a Defense intelligencecomponent employee who is subject to the UCMJ or a civilian who is accused ofcriminal behavior related to their duties or position. This exemption appliesonly when the information is submitted to and investigated by the appropriateDefense Criminal Investigative Organization (DCIO). When the crimes werecommitted during the performance of intelligence activities, the GC mustprovide information to DOJ explaining the nature and disposition of thecharges;collected by an intelligence component of a department that also has a lawenforcement organization and the information involved non-employee crimesidentified in the 1995 MOU. To meet the reporting exemption, the department’slaw enforcement organization must have jurisdiction to investigate, and thedepartment must submit the information to its law enforcement organizationfor investigation and handling in accordance with its policies and procedures;involves crimes against property in the amount of $1,000 or less if committedby non-employees, or $500 or less if committed by an employee; orde minimus or a relatively minor offense in the opinion of the GC, and the AGconcurs that the crimes do not warrant reporting.(U) IGs are required to report to the AG whenever there are reasonable grounds to believe there hasbeen a violation of Federal criminal law. See IG Act, as amended, 5 U.S.C. App. 3 §4. Nothing in the1995 MOU may alter this reporting requirement nor an employee’s obligations, either by statute or byagency regulation, to report potential criminal behavior to the IG. If an IG determines that the reportedinformation is not subject to its jurisdiction and that the information may be reportable under the1995 MOU, the IG may forward the information to DOJ or to the agency’s GC for a determination whetherthe 1995 MOU requires reporting of the information to DOJ in accordance with the 1995 MOU.68Page 57 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) Appendix B: Laws and guidance(U) This appendix identifies and summarizes selected laws, executive orders, and otherguidance in effect in FYs 2009 through 2012 and during Calendar Year 2013 and thatgovern crimes reporting at the NRO.(U) Laws•(U) Title 18 of the United States Code is the criminal and penal code of theFederal Government of the United States. It deals with Federal crimes andcriminal procedures to include the reporting of child abuse by certain personswho, while engaged in a professional capacity or activity on Federal land or in aFederally operated (or contracted) facility learns of facts that give reason tosuspect that a child has suffered an incident of child abuse.•(U) Title 28 U.S.C. § 535(b) requires that the head of a department or agencyexpeditiously report any information, allegation, or complaint received relatingto violations of Title 18 involving government officers and employees to the AG.Exceptions exist when (1) the responsibility to perform an investigation isotherwise assigned by another provision of law; or (2) the AG directs otherwisewith respect to a specified class of information, allegation, or complaint.•(U) Title 42, Chapter 132, § 13031, Subchapter IV—The Public Health andWelfare, Victims of Child Abuse Reporting Requirements requires certain personswho engage in a professional capacity or activity on Federal land or in aFederally operated or contracted facility, and learn of facts that give reason tosuspect that a child has suffered an incident of child abuse, make a report ofthe suspected abuse to the designated agency as soon as possible. Thoseprofessionals include law enforcement personnel. Title 42 U.S.C. § 13031(c)(1)further explains that the term ‘sexual abuse’ includes the employment, use,persuasion, inducement, enticement, or coercion of a child to engage in, orassist another person to engage in, sexually explicit conduct or the rape,molestation, prostitution, or other form of sexual exploitation of children, orincest with children.•(U) The Inspector General Act of 1978, as amended, requires the IG toexpeditiously report to the AG whenever the IG has reasonable grounds tobelieve there has been a violation of Federal criminal law.Page 58 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO•(U) Uniform Code of Military Justice, 64 Stat. 109, 10 U.S.C. Chapter 47 is thefoundation of military law in the United States. The UCMJ applies to activeduty and reserve military members of the United States Air Force, Army, CoastGuard, Marine Corps, and Navy. Cadets and midshipmen at the States militaryacademies and retired members of the uniformed services who are entitled toretirement pay are also subject to the UCMJ. General Article 134(10 U.S.C.A. § 934 ) states that military personnel are subject to the UCMJjurisdiction for violations of state and Federal crimes that could prejudice thegood order and discipline in the armed forces, bring discredit upon the armedforces, and crimes and offenses not capital.(U) Executive orders•(U)Executive Order (E.O.) 12333, as amended, requires heads of IC elements toreport possible violations of Federal criminal laws by employees and of specifiedFederal criminal laws by any other person to the AG. Crimes are to be reportedin compliance with procedures agreed upon by the AG and the head of thedepartment, agency, or establishment concerned and consistent with theprotection of intelligence sources and methods.•(U) E.O. 12968 encourages employees with access to classified information toreport any information that raises doubts as to whether another employee’scontinued eligibility for access to classified information is clearly consistentwith the national security.(U) Intelligence community guidance•(U) Memorandum of Understanding: Reporting of Information Concerning FederalCrimes (1995) applies to all organizations and agencies within the IntelligenceCommunity (IC). The MOU requires employees of an IC element to report to theGeneral Counsel or IG facts or circumstances that reasonably indicate that anemployee has committed, is committing, or will commit a violation of Federalcriminal law. The MOU requires IC elements to report information concerningpossible Federal crimes by employees of an intelligence agency or organization,or violations of specified Federal criminal laws by any other person, when theinformation is collected by the IC element during its performance of itsdesignated intelligence activities as defined in E.O. 12333 §§ 1.8-1.13. TheMOU also requires IC elements to develop internal procedures and establishinitial and continuing training to ensure that its employees engaged in thereview and analysis of collected intelligence are knowledgeable and incompliance with the MOU.Page 59 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO•(U//FOUO) Memorandum of Agreement (MOA) between the Secretary of Defenseand the Director of National Intelligence Concerning the National ReconnaissanceOffice (2010) identifies the NRO as a defense agency and an element of the IC.(U) DOD guidance•(U) DOD 5240-R.1, DOD Procedures Governing the Activities of DOD IntelligenceComponents that Affect United States Persons (December 1982), Chapter 12applies to the provision of assistance by DOD intelligence components to lawenforcement authorities. It authorizes cooperation with law enforcementauthorities to investigate or prevent clandestine intelligence activities by foreignpowers, international narcotics activities, or international terrorist activities; toprotect DOD employees, information, property, and facilities; and to prevent,detect, or investigate other violations of law. It also authorizes DOD intelligencecomponents to provide to law enforcement incidentally acquired informationreasonably believed to indicate a violation of federal, state, local or internationallaw.•(U) DOD Instruction 5525.07, Implementation of the Memorandum ofUnderstanding (MOU) Between the Departments of Justice (DOJ) and DefenseRelating to the Investigation and Prosecution of Certain Crimes, (18 June 2007)establishes policy for DOJ and DOD with regard to the investigation andprosecution of criminal matters over which the two departments havejurisdiction. The MOU delineates when DOJ or DOD will investigate certaintypes of crimes. For example, the DOD investigative agency concerned willinvestigate crimes committed on a military installation or when committed by aperson subject to the UCMJ. In those instances, the concerned militarydepartment also prosecutes those crimes, and DOD provides immediate noticeto DOJ of significant cases in which an individual subject and/or victim is not amilitary member or dependent. When a crime occurs on a military installationand there is reasonable basis to believe that some or all of the individuals whocommitted the crime are not subject to the UCMJ, then the DOD investigativeagency immediately notifies the appropriate DOJ investigative agency unlessDOJ has relieved DOD of the reporting requirement for that type of class ofcrime.•(U) Directive-Type Memorandum (DTM) 08-052—DOD Guidance for ReportingQuestionable Intelligence Activities and Significant or Highly Sensitive Matters(17 June 2009) applies to defense agencies and all other organizational entitiesin the Department of Defense. The DTM requires reporting to the Assistant tothe Secretary of Defense for Intelligence Oversight of any intelligence activitythat has been or will be reported to the AG, or that must be reported to the AGas required by law or other directive, including the 1995 MOU.Page 60 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO•(U) Air Force Instruction 71-101, Volume 1, Criminal Investigations Program(8 April 2011) requires commanders and directors at all levels to ensure thatcriminal allegations or suspected criminal allegations involving personsaffiliated with the DOD or any property or programs under their control orauthority are referred to the appropriate military criminal investigative or lawenforcement organization.•(U) SecNavInst 5430.107, Mission and Functions of the Naval CriminalInvestigative Service (28 December 2005) sets forth the authority,responsibilities, mission, and functions of the Naval Criminal InvestigativeService (NCIS). The Instruction requires Department of Navy commands andactivities to immediately refer to NCIS any incidents of actual, suspected, oralleged offenses that are punishable under the UCMJ or similarly framedfederal, state, local, or foreign statutes by confinement for a term of more thanone year.•(U) Army Regulation 195-2, Criminal Investigative Activities, (15 June 2009)requires commanders to report known or suspected criminal activity to theU.S. Army Criminal Investigative Command. The regulation citesTitle 28 U.S.C. § 535 that requires any information, allegation, or complaintrelating to violations of Federal criminal law, involving government officials andemployees to be reported expeditiously to DOJ, unless the responsibility toinvestigate the matter is conferred upon the DOD or as otherwise provided bylaw or agreement with the Attorney General.(U) NRO guidance•(U//FOUO) NRO Corporate Business Process 80, Oversight (November 2010)defines the scope, authorities, and responsibilities specific to oversight for theOGC and OIG. The Corporate Business Process instructs the IG to directlyreport to appropriate law enforcement authorities information concerningviolations of Federal criminal laws within the IG’s jurisdiction and inaccordance with E.O. 12333 and DOD Instruction 5505.02.•(U) NRO Corporate Business Practice Instruction (80-3) Obligation to ReportEvidence of Possible Violations of Federal Criminal Law and Illegal IntelligenceActivities (August 2009) established procedural guidance for NRO personnel toreport any possible violations of Federal criminal law or illegal activities thatrelate to NRO funds, programs, property, operations, or activities. Under theCorporate Business Practice Instruction, the NRO OIG is responsible forreporting evidence of possible violations of Federal and criminal law to theDepartment of Justice, Criminal Investigative Service, or other appropriate lawenforcement agencies. The NRO OGC was responsible for immediatelyPage 61 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOreporting allegations of evidence concerning possible violations of Federalcriminal law not related to NRO funds, programs, property, operations, oractivities.•(U//FOUO) NRO Business Function 80, Oversight, (April 2012) supersedes andreplaced NRO Corporate Business Process 80 and describes the overarchingroles of the OGC and OIG with regard to oversight.•(U//FOUO) NRO Directive 80-2, NRO Office of General Counsel Framework,(June 2013) defines the scope, authorities, and responsibilities specific to NROBusiness Function 80, Oversight. This directive designated the NRO GC as theexclusive authority for the expeditious notification to the AG whenever the GChas reasonable grounds to believe there has been a violation of Federal criminallaw. The directive also requires all NRO personnel to report to the GC anypossible violation of state or Federal criminal laws learned in the course of theirofficial duties in accordance with E.O. 12333 § 1.6(b); DOD 5240.1-R sectionsC.12.2.2 and 15.3.3.3; and 28 U.S.C. § 535.•(U//FOUO) NRO Polygraph Support Division, Referral Program Procedures,(22 November 2013) updates existing procedures to include procedures forreferring admissions of potential Federal crimes made by military members toOGC for potential reporting to military leadership.•(U) NRO Instruction 80-2-1, Federal Crimes Reporting, (22 January 2014)establishes procedures for reporting potential Federal crimes made bycontractors, civilians, and military personnel.•(U//FOUO) National Reconnaissance Office Polygraph Management BranchCase Administration Procedures (20 November 2013) identifies behaviorsrequiring immediate reporting by personnel assigned to OS&CI’s PolygraphManagement Branch to the Polygraph Support Division to prevent danger toindividuals, facilities, systems, or national security.•(U//FOUO) Office of the Director Policy Note, Reporting of Specified StateCriminal Laws, (March 2014) establishes an internal activity within OS&CI.The SIA’s function is to promptly report possible violations of specified statecriminal laws, specifically crimes against children, to local law enforcementauthorities and serve as the liaison between the NRO and local law enforcementagencies. The Policy Note directs NRO personnel to report possible crimesagainst children immediately to the SIA if the information is obtained in theperformance of official duties.Page 62 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) Appendix C: NRO crimes reporting process(U//FOUO) Prior to 2013, the NRO had no formal written guidance describing theprocess for OS&CI to refer and OGC or OIG to report potential crimes to DOJ or otherFederal investigative entities. The NRO also lacked written procedures explaining theprocess to report admissions of potential crimes or UCMJ violations made by militarypersonnel. In November 2013, OS&CI developed written procedures describing theprocess for referring admissions of potential crimes, including admissions made bymilitary personnel. On 22 January 2014, the NRO OGC issued written guidancespecifying those procedures. In February 2014, the NRO OIG updated its investigativemanual and operating instructions.(U) NRO process for reporting admissions of potential crimes by civilians(U) FYs 2009 to 2012(U//FOUO) Prior to 1 May 2012, the NRO had no written guidance describing theprocess for OS&CI to refer and OGC and OIG to report potential crimes to DOJ orother Federal investigative entities. In practice, OS&CI referred to OGC admissions ofpotentially reportable crimes usually by email. OGC reviewed those referrals todetermine whether a Federal crime may have been committed and whether the crimesinformation should be reported to DOJ. If OGC determined a reportable Federal crimewas committed, OGC assigned a “John Doe” number to the case and used thisanonymous identifier to ensure the recipient did not have personally identifyinginformation about the individual who made the admission. 69 OGC then sent aclassified fax to DOJ and copied OS&CI on the report. If OGC decided not to report anOS&CI referral, OGC also informed OS&CI of its decision.(U) During this time, OS&CI did not consistently refer to the OIG all admissions ofpotential crimes because they were not aware of the requirements to do so. As aresult, generally, notification was limited to admissions involving fraud, waste, orabuse of NRO programs, operations, funds, property, or activities.(U) FY 2012 to present(U) Beginning in July 2012, the NRO implemented new referral and reporting practicesthat it documented in its written guidance in January 2014. In October 2013, theNRO began drafting an instruction documenting OGC reporting practices OGC has69(U) The “John Doe” number is a naming convention that consists of “John Doe” in lieu of anindividual’s name followed by the year of the report and the number of the referrals made during thecalendar year. For example, John Doe 10-03 indicates that the individual made reportable admissionsduring 2010 and that this was the third report, but first for this individual, that OGC sent to DOJ during2010.Page 63 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOused since July 2012. 70 Also, in November 2013, OS&CI updated its guidance toreflect its process for referring admissions of potential crimes to OGC and OIG.(U) Following notification of the potential Federal crime, the AGC reviews the referral todetermine whether a Federal crime may have been committed and should be sent tothe DOJ for further consideration. If the referral is not reported to DOJ, the AGCnotifies OS&CI and OIG via email and documents the rationale for declining to reportthe crimes information. SAS documents in its security files when OGC determines areport to DOJ is not necessary. If the AGC determines the crimes information shouldbe reported to DOJ, the attorney informs the OIG and OS&CI by email. SAS maintainsa copy of the signed written report to DOJ in its security file.(U) At the time, OGC assigns a unique identifier, consisting of the calendar year andthe individual’s last name, to the case in lieu of using a John Doe number. The NROGC reviews and approves the report to DOJ. OGC sends the report via email to theAssistant Attorney General, National Security Division; the Assistant Attorney General,Criminal Division; and to OS&CI. OGC copies the OIG as well to permit the OIG tofulfill its reporting requirements under the IG Act and 42 U.S.C. § 13031.(U) OGC maintains both an electronic and hard copy of the notification and logs thereport in a master OGC Crimes Referral Spreadsheet.(U) NRO process for reporting admissions of potential crimes by militarypersonnel(U) FYs 2009 to 2012(U) Between FYs 2009 and 2012, OGC did not have a formal consistent practice toreport admissions of potential Federal crimes or UCMJ violations by militarypersonnel. When a military member made an admission of a Federal crime or UCMJviolation, OS&CI and OGC consulted with each other to determine the best approachand points of contact to whom to report the potential crimes or UCMJ violation.(U) FY 2012 to present(U) Beginning in July 2012, the NRO OGC established new referral and reportingpractices that it documented in official written guidance on 22 January 2014.71 InNovember 2013, OS&CI revised its guidance to reflect its process for referringadmissions of potential crimes to OGC and OIG. According to the instruction, when amilitary member makes an admission of a potential Federal crime or reportable UCMJ70(U) NRO Instruction 80-2-1, Federal Crimes Reporting.71(U) Ibid.Page 64 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOviolation, OS&CI notifies both OGC and the OIG via an email that includes an initialreferral letter summarizing the potential Federal crime and UCMJ violation.(U) Following notification by OS&CI, the OGC Military Judge Advocate General (JAG)reviews the referral to determine whether there is a UCMJ violation necessitatingreporting through military command channels. Simultaneously, the AGC reviews thereferral to determine whether a Federal crime may have been committed and whethera report should be sent to DOJ. If the JAG or AGC determine the admission does notneed to be reported, then OGC notifies the OIG and OS&CI by email and explains itsrationale for declining to report the admissions. SAS documents in its files when OGCdetermines a report to DOJ is not necessary.(U) However, if the AGC determines the information should be reported to DOJ, thenreporting is done in accordance with the NRO process for reporting admissions ofpotential crimes by civilians previously described in this report. If the JAG determinesthe information should be reported to the military command, the JAG notifies OS&CIand OIG simultaneously via email. Additionally, the JAG contacts the appropriateNRO military point of contact to coordinate the referral and requests the NRO militarypoint of contact to identify the relevant commander who should receive the report. 72After the NRO GC reviews the letter, the NRO JAG sends the notification letter to theappropriate commander and serving military legal office to report the matter formilitary disposition.(U) Similar to the process used to report admissions of potential crimes made bycivilians, the NRO OGC assigns a referral number and also emails a copy of the letterto the Assistant Attorney General, National Security Division; the Assistant AttorneyGeneral, Criminal Division; and to OS&CI, which maintains a copy of the signedwritten report to DOJ in its security file. Additionally, OGC copies the OIG to permitthe OIG to fulfill its reporting requirements under the IG Act and 42 U.S.C. § 13031.(U) OGC maintains both an electronic and hard copy of the notification and logs theletter in its Crimes Referral Spreadsheet.(U) At the NRO, the military point of contact is the Air Force or Navy personnel element within the NROOffice of Strategic Human Capital.72Page 65 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) Appendix D: Objectives, scope & methodology(U) Objectives(U) The objective of this evaluation was to assess the NRO’s compliance with laws,policies, and procedures to identify and report admissions of potential violations ofFederal crimes made by contractors, government civilians, and military personnelduring polygraph sessions administered by the NRO in FYs 2009 through 2012.We also assessed how the NRO handled reporting of admissions of violations of statecriminal laws and violations of the UCMJ due to the frequency of those types ofadmissions and because the NRO is a defense agency whose workforce includespersonnel who are subject to the UCMJ.(U) Scope(U) We focused on admissions of potential crimes made by contractors, governmentcivilians, and military personnel during polygraph examinations administered by theNRO in FYs 2009 through 2012, and admissions of potential crimes OS&CI referred toOGC or OIG between 1 January 2013 and 17 June 2013 (CY 2013). For CY 2013, wereviewed only those security files that OS&CI identified as containing admissions. Wedid not independently verify that those admissions were the only admissions made.(U) Methodology(U) To determine whether the NRO reported admissions in accordance with provisionsin Federal law and other guidance, we reviewed Federal laws, Executive Orders, ICDs,and NRO and DOD policies governing crimes reporting in effect between CYs 2009 and2013. We discussed those laws and policies and their application to reporting ofcrimes with knowledgeable NRO officials and a DOJ attorney who is responsible forreceiving NRO crimes reports from OGC. We reviewed previously issued OIG reportsrelated to the NRO polygraph and crimes reporting processes and discussedrecommendations made in those reports with NRO officials to learn whether the NROhad implemented changes and to assess the effectiveness of those changes. We alsointerviewed officials in the Offices of General Counsel, Security, and Inspector Generalat the Central Intelligence Agency and National Security Agency, as well as the OGC atthe Defense Intelligence Agency about their practices and policies for reportingadmissions of potential Federal crimes made during polygraph examinations.Page 66 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) Those discussions identified inconsistent practices within the IC for reportingadmissions of non-Federal crimes and UCMJ violations that pose an imminent threatto others, such as sexual molestation. In a separate advisory letter to the Director ofNational Intelligence, the IC IG has suggested that the DNI issue IC-wide policy toaddress those inconsistencies.73(U) Survey(U//FOUO) We designed and administered two surveys focused on OS&CI staffidentification, training, and reporting of admissions of potential crimes. We emailedthe surveys toNRO polygraph examiners and PMB staff who were responsible forconducting quality assurance of polygraph examinations, and tostaff within theAdjudications Branch (AB). In each survey, we asked respondents a series of openand close-ended questions regarding the NRO crimes reporting process, their ability toidentify admissions of potential crimes, and their understanding of the OS&CI policiesfor referring admissions of potential crimes to the NRO OGC and OIG. We alsoprovided respondents with the opportunity to provide their contact information shouldthey want to share additional information about any concerns with the NRO crimesreporting process. Three respondents to the survey sent to polygraph examiners andquality assurance officials asked that we contact them to discuss concerns they hadwith the crimes reporting process. We obtained response rates of almost 43 percenton the survey sent to PMB personnel and 30 percent on the survey sent to officials inAB. Because these surveys did not use a statistically representative samplingmethodology, the results and the comments provided by respondents should not beconsidered representative of all NRO OS&CI staff who administer or review polygraphexaminations or who adjudicate admissions of potential crimes. However, theirresponses provide insight into OS&CI staff understanding of the NRO crimes referralprocess.(U) Adjudicators who responded to the survey indicated that regardless of the length oftime they worked in AB, they were confident they could identify a reportable crime ifan individual made an admission of a potential crime during a polygraph session.Also, 69 percent of responding adjudicators agreed or strongly agreed that OS&CI isreferring admissions obtained during polygraph sessions. Respondents who indicatedOS&CI has not always referred admissions to OIG or OGC explained that admissionsof potential crimes that were not referred (1) did not meet the OGC reportingrequirements in June 2009; (2) the admission of a potential crime was previouslydeveloped by another government agency and no new information was developed(U) IC-Wide Issues Related to Polygraphs and Crimes Reporting Processes. IC IG. March 2014.(IO-2014-002).73Page 67 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOduring the NRO-administered polygraph examination warranting reporting; or (3)former NRO OGC officials advised the admission was not significant enough to reportto DOJ or the potential crime was not ongoing and, therefore, no immediate actionwas needed.(U) Analysis(U//FOUO) To determine the number of admissions of potential crimes made duringNRO polygraph examinations conducted by the NRO in FYs 2009 through 2012, weobtained and analyzed information from the NRO’s authoritative.(U)data showed that the NRO administered 44,493 polygraph sessions to31,122 individuals in FYs 2009 through 2012. We removed records for multiplepolygraph sessions associated with a single individual. We also removed records forindividuals who made admissions of potential crimes other than during polygraphexaminations because those records fell outside the scope of this evaluation.We determined that 172 individuals made admissions of potential crimes or ICD-704violations in FYs 2009 through 2012. The NRO OGC reported 78 of those individuals.The NRO OGC did not report the remaining individuals because those admissions,among other reasons were:• excluded from reporting under the 1995 MOU (see appendix B);• not Federal crimes;• no longer prosecutable because the subject who made the admission died; or• de minimus in scope.(U) We also analyzed several data samples to determine whether the NRO hadidentified, referred, and reported all required admissions of potential crimes inFYs 2009 through 2012.(U) Sample One(U//FOUO) To determine whether the NRO identified, referred, and reported allrequired admissions of potential Federal crimes and UCMJ violations made duringNRO-administered polygraph examinations in FYs 2009 through 2012, we randomlyselected 269 individuals from a population of 9,979 individuals. This sample included202 individuals who made no admissions and 67 individuals who made admissions ofpotential crimes or violations of ICD 704. We reviewed the security files for each of the269 individuals in our sample. We are 90 percent confident, with a margin of error of+/- 5 percent, that the results of this sample are representative of all NROadministered polygraph examination in FYs 2009 through 2012.Page 68 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) Sample Two(U//FOUO) To determine the extent to which the NRO reported admissions involvingchild sexual abuse, including child pornography and child molestation, wejudgmentally selected 106 of 270 individuals who made admissions duringNRO-administered polygraph examinations conducted in FYs 2009 through 2012 andeach of theduring the first half of CY 2013. 74 The NRO categorized inadmissions made by the 106 individuals as involving questionable “sexual behavior.” 75We focused primarily on this category of admission because the letter from SenatorGrassley and claims of non-reporting made in an article published by the McClatchyCompany focused on this type of admission. In addition, the types of crimes in thiscategory may pose continued imminent harm to a victim if not reported and, therefore,could constitute high-interest admissions.(U) When selecting our sample, we considered whether the individual who made theadmission was a government civilian, contractor, or member of the military.Table 5 summarizes the affiliation of individuals in the populations from which weselected our sample.(U) Table 5: Number of subjects, by affiliation, who made admissions of potential crimesinvolving sexual behavior in FYs 2009 through 2012Table is Unclassified//For Official Use OnlyAffiliationContractor/Consultant254Governmentcivilian5Military personnel(officer/enlisted)11Total270(U) Source: IC IG analysis of data provided by NRO.(U) Note: We do not break out the data by fiscal year since a single individual may have had polygraphexaminations that took place in multiple fiscal years. Also, the number of admissions does not correlateto the number of subjects because some subjects made multiple admissions of potential crimes involvingsexual behavior during polygraph examinations administered during multiple fiscal years.(U) Because of the small population, we selected as part of our sample all militarypersonnel and all government civilians who made admissions of potential crimes74(U) Judgmental sampling is a nonprobability sample method in which the researcher selects subjectsfor the study based on personal judgment about which subjects will be most representative. Judgmentalsampling design is used usually when a limited number of individuals possess the trait of interest. It isthe only viable sampling technique in obtaining information from a very specific group of people.75 (U) The IC uses 13 guidelines to categorize admissions when determining whether to grant or revokeaccess to classified information. “Sexual behavior” is one of those guidelines. “Sexual behavior” includesdeviant or criminal sexual behavior such as viewing adult or child pornography, child molestation orabuse, rape, bestiality, use of prostitutes, or trafficking in humans. It also includes a pattern ofcompulsive, self-destructive, or high-risk behavior that the person is unable to stop, that may besymptomatic of a personality disorder, or that reflects lack of discretion or judgment.Page 69 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOinvolving sexual behavior and whom OS&CI did not refer to OGC or OIG. We alsoselected records for contractors who made an admission involving “sexual behavior”that OS&CI did not refer to OGC or OIG. To determine whether OS&CI, OGC, and OIGrecords were complete and accurate, we compared OS&CI records of referrals withsimilar records independently maintained by OGC and OIG.(U) The level of detail of theinformation did not permit us to tell what type ofsexual behavior was involved in those admissions or whether the admissions werepotential Federal crimes until we reviewed the security files. We do not know whetherthe population from which we selected the 106 individuals for review was completebecause polygraph examiners and adjudicators assigncategories, such as“sexual behavior,” based on their professional judgment and whether the polygraphexamination focused on specific issues. Also, the NRO OIG expressed concerns aboutthe accuracy and completeness of data inbecause of OS&CI reliance onmanual processes and polygraph examiners’ subjective opinions when codingadmissions. Therefore, the NRO may not have identified all subjects who madeadmissions related to “sexual behavior” in. As a result, our findings from thissample should not be considered representative of all admissions of “sexual behavior”made during NRO-administered polygraph examinations in FYs 2009 through 2012and during CY 2013. However, our findings provide insight into how the NRO handledthose admissions and whether the NRO reported the potential crimes to DOJ and lawenforcement organizations.(U) Timeliness of reporting(U) To evaluate the time the NRO took to refer and report admissions of potentialcrimes, we analyzeddata for 78 admissions reported by NRO to DOJ or lawenforcement organizations in FYs 2009 through 2012. We calculated the number ofbusiness days from the date of each admission to the date that OS&CI referred theadmission to OIG or OGC. We also calculated the number of business days thatpassed between the date when OIG or OGC told us they received notification fromOS&CI and the date when OGC or OIG reported the potential violations of Federalcrimes to DOJ or other law enforcement organizations.(U) Compliance with corrective actions(U//FOUO) To assess the NRO’s compliance with self-identified corrective actionsimplemented since July 2012, we asked OS&CI to identify individuals who madeadmissions during the first half of CY 2013 and who OS&CI referred to OGC, OIG, orboth components. According to OS&CI officials, they referred information on 32individuals who made admissions of potentially reportable crimes. Twenty of thoseindividuals made admissions during prior years, yet OS&CI did not refer thoseindividuals to OGC and the OIG until CY 2013. According to OS&CI officials, OS&CIPage 70 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUOdirected adjudicators to immediately notify OGC and OIG of potential Federal crimesrather than wait until AB adjudicated the case.(U) For our analysis, we reviewed the referral memos sent by OS&CI to OGC and/orNRO OIG. We also reviewed email traffic among OS&CI, OGC, and OIG pertaining tothe admissions and data obtained by OS&CI fromthat shows the key referraland reporting dates. We also reviewed notification letters sent by OGC to DOJ or lawenforcement. We compared those records with corrective actions and processesimplemented by the NRO since July 2012. However, we did not reviewentriesto verify independently that OS&CI had identified all individuals who made admissionsof potential crimes during this time. We also did not verify that those individuals whoOS&CI identified as having not made admissions of potential crimes did not, in fact,make any admissions. Further, we did not review security files for individuals who didnot make any admissions of potential criminal acts or violations of the UCMJ duringpolygraph examinations administered by the NRO during CY 2013.(U) IC IG investigations(U) We referred to IC IG/Investigations seven admissions related to child pornographyand molestation made during NRO-administered polygraphs in FYs 2009 through2012 but that the NRO had not reported. We also referred admissions by oneindividual involving UCMJ violations including abuse of system administratorprivileges, viewing of adult pornography on an unclassified Navy information system,and patronization of prostitutes overseas. We identified those admissions during ourreview of security files. The IC IG referred the admissions to the NRO OIG for furtherreview and potential reporting to law enforcement organizations. We also informedNRO OGC and OS&CI about the unreported admissions.(U) Violations of state criminal laws(U) Due to the number of admissions of potential violations of state criminal lawsmade during NRO-administered polygraph sessions in FYs 2009 through 2012, wereviewed legislation and legal opinions governing the reporting of potential violations ofstate criminal laws by Federal agency personnel. We discussed requirements forreporting possible violations of state criminal laws with senior managers and stafffrom the NRO OS&CI, OGC, and OIG to determine their understanding of therequirements and NRO policy for reporting those potential crimes.Page 71 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) Reliability of computer-processed data(U) To assess the reliability ofand other data provided by OGC and OIG, weinterviewed officials in OS&CI, OGC, and OIG who are responsible for identifying,referring, reporting, and tracking this information. We also reviewed analysis andinterviews conducted by the NRO OIG as part of their review of NRO’s polygraphprocess. The NRO OIG expressed concerns about the accuracy and completeness ofdata inbecause of OS&CI reliance on manual processes and polygraphexaminers’ subjective opinions when coding admissions that resulted in input errorsby polygraph examiners and misleading data. To mitigate concerns about theaccuracy and completeness of the data, we verified selected dates, subject names, andadmissions inwith information contained in OS&CI’s security files. We alsocomparedand security file information with data separately maintained by theNRO OGC and OIG. We discussed discrepancies with NRO officials in OGC, OS&CI,and OIG, and updated our records accordingly. Our testing found the data wassufficiently reliable for our purposes.(U) Council of Inspectors General on Integrity and Efficiency 2012 QualityStandards for Inspections and Evaluation(U) We conducted our work in accordance with Council of Inspectors General onIntegrity and Efficiency 2012 Quality Standards for Inspections and Evaluation.Those standards require that we plan and perform our work to obtain sufficient,appropriate evidence to provide a reasonable basis for our findings and conclusionsbased on our objectives. We believe that the evidence obtained provides a reasonablebasis for our findings and conclusions based on our objectives.Page 72 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) Appendix E: Reporting timeframes(U) This appendix summarizes the average number of business days in FYs 2009through 2012 for OS&CI to refer admissions of potential crimes to OGC and OIG andfor OIG and OGC to report those admissions. This appendix also summarizes theaverage number of business days for OGC and OIG to report admissions of potentialFederal crimes during the first half of CY 2013.(U) Table 6: Number of business days from admission to OS&CI notification to OIG inFYs 2009 through 2012This table is Unclassified//For Official Use OnlyFiscalYearFY 2009FY 2010FY 2011FY 2012TotalNumber ofsubjectsAverage61512437901339853106Median(in days)7592612987Range1721201917tototototo199295316134316(U) Source: IC IG analysis of NRO data.(U) Notes: Days are rounded to nearest whole number.(U) Because OS&CI did not refer all admissions of potential crimes made in FYs 2009 through 2012 to theOIG, the total number of individuals in Table 7 does not match with Table 6.(U) Table 7: Number of business days from admission to OS&CI notification to OGC inFYs 2009 through 2012This table is Unclassified//For Official Use OnlyFiscal YearFY 2009FY 2010FY 2011FY 2012TotalNumber ofsubjects212622978Average115871036095Median(in days)8356622755Range18 to 27816 to 2971 to 30912 to 2171 to 309(U) Source: IC IG analysis of NRO data(U) Notes: Days are rounded to the nearest whole number.(U) Because OS&CI did not refer all admissions of potential crimes made in FYs 2009 through 2012 to theOIG, the total number of individuals in Table 6 does not match with Table 7.Page 73 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) Table 8: Average number of business days for NRO OIG to report potential Federalcrimes in FYs 2009 through 2012This table is Unclassified//For Official Use OnlyFiscal YearFY 2009FY 2010FY 2011FY 2012TotalNumber ofsubjectsAveragea1822208682029341326Median00100(in days)cRangeb00000tototototo314134223100223(U) Source: IC IG Analysis of NRO data(U) Notes:(U) a The time to report an admission was calculated as the number of days between the date that OIGwas notified of an admission to the date that the OIG reported the admission to DOJ or other lawenforcement organization.(U) b “0” number of days indicates same day reporting.(U) c Number of days was rounded to the nearest whole number.(U) Table 9: Number of business days for OGC to report admissions in CY 2013This table is Unclassified//For Official Use OnlyNumber of subjects whomade reportable admissions27Average3Median(in number of days)2Range1 to 9(U) Source: IC IG analysis of NRO data(U) Note: The time to report an admission was calculated as the number of days between the date thatOS&CI referred an admission to OGC or OIG and the date that OGC or OIG reported the admission toDOJ or other law enforcement organizations.Page 74 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) Appendix F: Summary of recommendations(U) This appendix summarizes the report recommendations.1. (U) We recommend OS&CI review all admissions in itsdatabase that arecategorized as “sexual behavior,” and notify both the NRO OIG and OGC of anyadmissions involving possession of child pornography made in FYs 2009through 2012 that OGC or OIG did not report. If OS&CI discovers admissionsinvolving child molestation or other violations of state criminal laws that posean imminent danger to others, we recommend that OS&CI inform both OGCand OIG even though those crimes may not be Federal crimes.2. (U) We recommend OGC report any admission related to child pornography ofwhich OGC was informed and did not report to DOJ and, when appropriate, toDCIOs and military commanders, regardless of the admission date.3. (U) We recommend OIG report any subsequent admissions of violations ofFederal or state criminal laws that pose an imminent threat to others,including child sexual abuse regardless of the admission date if the allegationhas not been otherwise addressed by the OIG.4. (U) We recommend that the NRO OGC incorporate in Instruction 80-2-1 arequirement for the JAG to report admissions involving UCMJ violations toDCIOs simultaneously with notification to the appropriate commander andserving military legal office for military disposition.5. (U) We recommend OGC and OIG provide mandatory, periodic training toOS&CI polygraph examiners and adjudicators. The training should addressthe broad types of potential crimes and UCMJ violations that OS&CI officialsshould refer to OGC and OIG and identify points of contacts within both NROcomponents.6. (U) We recommend that the OGC incorporate the OIG’s role as the NRO pointof contact for child related crimes reported to DOJ or external law enforcementorganizations in standard operating procedures and clarify the OGC’s role forreporting to DOJ potential crimes even when the OIG has expressed an interestin an admission.7. (U) We recommend that OIG incorporate into and finalize its investigationsmanual and operating instructions that address crimes reporting the OIG roleas the NRO point of contact for responding to DOJ or external law enforcementorganization requests for information about child related crimes.Page 75 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO8. (U) We recommend OS&CI revise its operating instructions and guidance toeliminate restrictions on the types of potential crimes referred to the OIG.9. (U) We recommend OS&CI, in conjunction with OGC and OIG, separate thecrimes referral and adjudications processes to permit OS&CI to formally referto OGC and OIG, and report to law enforcement organizations admissions priorto completion of the adjudication process, even when that admission is not ahigh-interest admission.10. (U) We recommend OGC embed an attorney within OS&CI. The attorneyshould be responsible for reviewing admissions of certain behaviors to ensurethey are uniformly identified as potential crimes and UCMJ violations forpotential reporting separate from the adjudications process.11. (U) We recommend the Chief/PMB cross-train an individual to act as abackup when the Executive Officer is out of the office for an extended period.12. (U) We recommend OGC incorporate changes implemented since July 2012into official operating instructions and guidance.13. (U) We recommend the Director/NRO issue guidance encouraging all NROemployees to report to the OIG, OGC, and OS&CI crimes committed by NROemployees that pose an imminent threat to others, such as child molestation.Page 76 of 86UNCLASSIFIED//FOUOUNCLASS I FIE (U) Appendix G: Management commentsNATIONAL RECONNAISSANCE OFFICE14575 Lee Roadchanu1y,vA 201514115 28 March 2014MEMORANDUM FOP INSPECTOR GENERAL OF THE INTELLIGENCE COMMUNITYSUBJECT: (U) Status of Implementation Plans for RecommendationsContained in the Special Review of NationalReconnaissance office Crimes ReportingProcess (IC Evaluation of the National Reconnaissance OfficeCrimes Reporting Process (r0?2013-C02)IU) This memorandum addresses tne status of 13 recommendationsfound in the subject Special Review conducted at the NationalReconnaissance Office (NRO). The consolidated input of the Office ofSecurity and Counterintelligence IOSLCI). the Office of InspectorGeneral 4016) and Office of Genera; Counsel (OGC) are provided below.1. (U) No roconlsond OSGCI review all admissions in its ?databasethat are categorised as ?sexual behavior," and notify both tho NRO 018and OGC or any admissions involving possession of child pornographymade in FY: 2009 through 2012 that OGC or 016 did not report. IfOSGCI discovers admissions involving child molestation or other statscrinos that pose an imminent dsngor to othors, no roconnond OSGCIinform both OGC and OIG even though those crimes may not be Fedoralcrinos.(U) Response: concur with Comment(U) The first paragraph on page 20 states although the NRC didnot report 10 percent of admissions related to ?sexual behavior,"0SsCl usually suspended the individuals? accesses to classifiedinformation. This makes it sound as if the NRC failed to reportcertain criminal sexual behavior admissions which is inaccurate.Not all admissions related to ?sexual behavior" arereportable crimes even thouqh such admissions may rise to a Levelwhere OSLCI would revoke or suspend an xndividual's access toclassified information- Per lntelliqence Community Directive (ICD)704, Section D, while sexual abuse may involve a criminal offense, itmay also indicate a personality or emotional disorder. involve lack ofjudgment or discretion. or could involve actions that may subject anindividual to undue influence or coercion. For example, if anindividual has multiple sexual contacts with foreign nationals, OSSCImight suspend the individual's access for sexual behavior due to unduePage 77 of 86UNCLASS I FIE SUBJECT: Status of implementation Plans for RecommendationsContained in the Special Review of NationalReconnaissance Office Crimes ReportingProcess EEC influente Or Coercion: however. it would not report this sexualbehavior as a crime because having sex with foreign nationals is not acrime. Similarly, sex addictions and disorders are not reportablecrimes: however, 055C: may still revoke or suspend an individual?saccess to classified information based on sexual behavior per IE3 T?e.In sum, not all admissions involving ?sexual behavior? are reportablecrimes which likely contributed to the approximate LU percent of theadmissions not being reported.2. We recommend GGC report any admission related to childpornography of which DGC was informed and did not report to DOJ and,when appropriate, to DCIDs and military commanders, regardless ?t theadmission data.Response: Contnr uith CommentCufrenL DEC management has reported all child pornographycases (old and new] wh1ch have come to its attention and will continueto do so in the future.3. We recommend GIG report any admissions of Federal or statecrimes that pose an imminent threat to others, including child sexualabuse, of which the DIG is aware and did not previously report toappropriate law enforcement authorities, regardless of the adissiondate. 016 should review its files to ensure that such information isreported regardless whether notification of the potential crimes wasmade by DSECI or another source and regardless whether the potentialcrimes are a Federal or state crime.Response: concur with Comment[Hi This recommendation makes it appear as if DIG receivedadmissions that were not properly addressed. DIG is not in possessionof any alleged cases involving threats to children or others that werenot properly addressed. nor does GIG have cases where it relied onto take action in lieu or DIG. As such. WE request thatrecommendation #3 be rewritten as follows:?We reconmend OTC report any subsequent admissions of Federal or statecrimes that pass an imminent threaL to others, including Child sexualabuse. regardless of the admission date. if the allegation has notbeen otherwise addressed by the 4. We recommend OGC incorporate in Instruction 30-1-21 arequirement for the JAG to report admissions involving UEHJ violation:dncume-n1 is 1-3 as reflected In rccommorvdaliun Page 78 of 86SUBJECT: Status of Tmplementation Plans for RecommendationsContained in the Special Review of NationalReconnaissance Oftice Crimes ReportingProcess (1: to BEIGE simultaneously with notification to the appropriate Comanderand serving military legal office tor military disposition.Response: Coneur5- He recomend OGC and DIG provide mandatory, periodic trainingt? 05551 P?1?QriPh examiners and edjudioators. The training shouldaddress the broad type: of potential crimes and UCHJ violations thatDSSCI officials should refer to DEC and DIG and identify points ofcontacts within both NED Response: Conctr6. W6 raeomend QGC incorporate the role as the HBO pointof contact for child related crimes reported to DOJ or external lawenforcement organizations in atandard operating procedures and clarifythe role for reporting to DDJ potential crimes even when the DIGhas expressed an interest in an Response: CenterT. We recommend DIG include in its inveatigationa manual andoperating instructions that address crimes reporting the DIG role asthe HBO point of contact for responding to request: from DOJ orexternal law enforcement organizations for information about childrelated crimes.Response: EoneurB. we recommend OSECI revise its operating instructions andguidance to eliminate restrictions on the types of potential orimeareferred to the GIG.Response: concur with Comment[Hi U?a?l is currently reporting Federal crimes. in addition tosone state crimes involving certain threats to individuals that Couldresult in serious bodily injury or harm, to the MRS Crimes ReferralWorking Group via e-mail which includes GE: and members of the GIG.Cases involving fraud. waste. and abuse are forwarded directly to the025 via an DIG group e-mail address.Also, #2 5 13032 is a statute that applies to specific?covered professionals" such as doctors, dentists. nurse?. and lawenf?rcement The statute requires these covered indju1dual$Lo report crimes of child abuse to the appropriate authorities whenthe covered individual learns of such child abuse ?while engaged in aprofessional capacity ?r activity . . . on Federal land or in aI F1 ED Page 79 of 86SUBJECT: (U1 Status of Implementation Plans for RecommendationsContained in the special Review of NationalReconnaissance Office Crimes ReportingProcess Federal operated facility." See 42 U.S.C. l3U3l(al. If the coveredindividual fails to make such a report, he?she may he federallyprosecuted for failure to report, on page 36. the report indicatesthat revised operating instruction may be ?inconsistent withthe DIG's reporting obligations under . . . 42 U.S.C. 13031."However. d2 U.S.C. 13011 does not create an obligation on non-covered professionals to report crimes to covered professionals sothat the covered professionals? duty to report is triggered per :2U.S.C. As such. even though DSSCI currently and voluntarilyreports state crimes involving child abuse to GIG and DEC via theCrimes aeferral Working Group e-mail, it is not required to do so per42 U.5.C. 5 13931.9. We recommend DSECI, in conjunction with D66 and BIG, separatethe crimes referral and adjudications processes to permit OSECI toformally refer to DEC and and report to law enforcementorganisations an admission prior to completion of the adjudicationprocess, even when an is not a high interest (U1 Response: Concur with Commentr,u] oeici is currently updating its Referral torequire that Federal crimes and certain state crimes involving animminent threat. danger or serious bodily injury to a person. hereferred prior to the final adjudication. However, completion of theinvestigative process is sometimes critical because it ensures thatall reportable information is accurately provided to DGC. Casesmeeting the threshold for immediate action will still be completedwithin 2G hours of the admission and all such cases will he referredprior to the final adjudication.(L1) Also, in November 2313, Personnel Security DiviSicur1 issuedupdated procedures requiring crime referrals to be completed within 15days of completion of investigative activity. GSECI will update theReferral Instruction to require referral of cases prior to finaladjudication.we recommend OGC embed an attorney within DSECI. Theattorney should be responsible for reviewing of hehlviorlto ensure they are uniformly identified as potential crimes and UCHUviolations for potential reporting separate fro the adjudicationsprocess.to] Response: concur with Comment(U: The NRC currently has just attorneys. as the IntelligenceCommunity I: correctly notes at the top of page 33 in SpecialRev1ew, given the size of this staff. the MEG does not have thePage 80 of 86UNcLAssiFiED%+seoeSUBJECT: [Uh Status of Implementation Plans for RecommendationsConLained in the Special Review of NationalReconnaissance Office Crimes ReportingProcess resources to devote a full?time attorney to this activity at thistime.11- [31 We recommend the ChieffPH cross-train in individual to notas a backup when the Executive Officer in out of the office for anextended period.(U1 Response: Concur with CommentIUJ In June ZUL3, the Polygraph Management Branch modified itsQuality Assurance process. All cases are forwarded toBranch by the field supervisor. This effectivelyeliminated the time consuming on reviews by the Executive officer atHeadquarters.12. (LT) We recommend UGC incorporate changes implemented since July2D12 into ofiiciel operating instructions and guidance.[Di Response: Concur with Comment{Uh While recommendation 12 pertains solely to GSC, I note bothDEC and GIG incorporated changes to NBC Instruction 8D?2?l andthe Investigations Hanuai and Gperatinq Instructions [0163 based onprevious consultation and discussions with the Intelligence Communityduring the Special Review.13. He recommend the issue guidance encouraging allHRD employees to report to the GIG, 0GB. and OSECI crimes committed byNRO employees that pose an imminent threat to others, such as childmolestation.(U1 Response: Concur with Comment1 issued a Policy Note to the entire workforce toannounce the establishment of a Special Investigations activity ESIRJoffice within the age Attachment: Reporting Possible violationsof Specified State Criminal Laws. 38 Karen E?li. SIA's function willbe to report possible violations cf state criminal laws.s?ecificallv crimes involving an imminent threat or serious bodilyinjury to another human being. to local law enforcement authorities.Moreover. this Policy Note advises NRO personnel to report possiblecrimes, specificallv crimes involving an imminent threat or seriousbodily injury to another human being to the BIA if the information isobtained in the performance of their official duties. I note that theDIG. in coordination with GSECI and OEC. has been voluntarilyreporting such crimes to local law enforcement in the past.Page 81 of 86SUBJECT: Status of Implementation Plans for RecommendationsContained in the Special Review of NationalReconnaissance Office Crimes ReportingProcess tic In closing, while the comments which follow do not correspondspecifically with the aforementioned recommendations, I offer them foryour consideration:1. The Special Review alleges the former NR3 GeneralCounsel and former Associate General Counsel provided inconsistent andinaccurate advice regarding reportable admissions of potential crimespage 6, l9, 20, 21%. i note these two individuals servedhonorably during their tenure here at the MR0 and are now retired.2. Current DEC management has made great stridescollaborating With the NRO DIG. and Office of Strategic HumanCapital to put crime reporting procedures in place that are compliantwith the 1995 Memorandum of Understanding (MOD), ?Reporting ofInformation Concerning Federal Crimes.? Additionally, after my4 March 2014 meeting with you, I directed the in consultationwith the GIG and to draft a Director's Policy Note for me toexecute regarding reporting of specified state criminal laws. ThisPolicy Note has been signed, resolving footnote 34.3- Table 2 on page 1? lists there were ?,43ladmissions of Federal criminal law violations. The ?source? of thisis IE analysis of NRO data." There is no indication that an IC IGattorney conducted a legal review of each admission to confirm thatany rose to the level of a Federal criminal offense. Given this, Iwould request an in?depth legal review be conducted before any suchclaim is made.4. In: Page 21 contains a reference to a 14-year-oldvictim of a crime against children. Upon further discussion betweenmy DEC and your Senior Advisor on Intelligence Oversight on 27 Marchit is my understanding the Special Review will be modified toinclude additional information clarifying the issue as outlined in thereferral, John Doe C9-C6. to the Department of Justice made on 19 Hay2009.5. [Hi ?n page 22, it is accurate that NRO DEC has nolegal obligation to report non?Federal crimes; however. possession Ofchild pornography is a Federal crime and is therefore reportablepursuant to the 1995 HUD. To imply otherwise makes it sound as if OCC?thought? or was "treating" child pornography like a non?Federaloffense which is inaccurate.Page 82 of 86SUBJECT: (U) Status of Implementation Plans for RecommendationsContained in the Special Review of NationalReconnaissance Office Crimes ReportingProcess (IC (UI Questions concerning our response may be directed to NRO OGCvia its secure phone numberAttachment:Office of the DirectorPolicy Note, Reporting PossibleViolations of Specified StateCriminai Laws, 28 March 2014cc:Senior Advisor on IntelligenceOversightOffice of Inspector General,National Reconnaissance OfficeOffice of Security andCounterintelligence.National Reconnaissance OfficeBetty J. SappPage 83 of 86NEHUNALRECUHNAESAHCEDFHCE1l5?5LeeRnadChantilly, VA 211151-1715Office of the Director Policy NoteNuhir 2014-01 22 ?jzch 2011REPORTING POSSIBLE VIDLRTIDHS OF SPECIFIED STATE CRIMEHEL LANEI am establishing a Special Investigations Activity[Sin] within the Office of Security and Counterintelligence function is to report possible violations of statecriminal laws, specifically crimes involving an imminent threat orserious bodily injury to another human being, to local lawenforcement. The Sin will also serve as the liaison between theNational Reconnaissance Dffice and the local law enforcementagency. SIR criminal reports will include details of all allegations.complaints, or information; will be for lead purposes only: and willnot he used solely as the basis for a criminal prosecution.Personnel at the NED are to report possible crimesinvolving an imminent threat or serious injury to another human beingimmediately to OSLCIESIA, if the information is obtained in theperformance of official duties. For purposes of this policy. all civilians, and militarypersonnel who support NED activities. The report shall include abrief description of the incident.All affected internal governance documentation shall beupdated in accordance with the above within 30 days.I anticipate the ?ffice of the Director of Nationalintelligence will soon publish Intelligence Community (IC}?wideguidance regarding reporting of state criminal laws to local lawenforcement. The Men's policies will be updated in accordance withany such guidance.Betty J. SappDirectorPage 84 of 86UNCLASSIFIED//FOUO(U) Appendix H: Abbreviations(U) ABAdjudications Branch(U) AFCAFAir Force Central Adjudications Facility(U) AFOSIAir Force Office of Special Investigations(U) AGAttorney General(U) AGCAssistant General Counsel(U)(U) C.A.A.F.U.S. Court of Appeals for the Armed Forces(U) CIDCounterintelligence Division(U) CYCalendar Year(U) DCIODefense Criminal Investigative Organization(U) DNIDirector of National Intelligence(U) DODDepartment of Defense(U) DODCAFDepartment of Defense Central Adjudications Facility(U) DOJDepartment of Justice(U) E.O.Executive Order(U) FBIFederal Bureau of Investigation(U) FYFiscal Year(U) GCGeneral Counsel(U) ICIntelligence Community(U) ICDIntelligence Community Directive(U) IC IGInspector General of the Intelligence Community(U) ICPGIntelligence Community Policy Guidance(U) IGInspector General(U) JAGJudge Advocate GeneralPage 85 of 86UNCLASSIFIED//FOUOUNCLASSIFIED//FOUO(U) MCIOMilitary Criminal Investigative Organizations(U) MOUMemorandum of Understanding(U) NCISNaval Criminal Investigative Service(U) NRONational Reconnaissance Office(U) NSANational Security Agency(U) OGCOffice of General Counsel(U) OIGOffice of Inspector General(U) OLCOffice of Legal Counsel(U) OS&CIOffice of Security and Counterintelligence(U) PMBPolygraph Management Branch(U) PSDPersonnel Security Division(U) QAQuality Assurance(U) SCISensitive Compartmented Information(U) SASSpecial Actions Staff(U) SIASpecial Investigations Activity(U) SIPSpecial Issue Polygraph(U) UCMJUniform Code of Military Justice(U) U.S.C.United States CodePage 86 of 86UNCLASSIFIED//FOUO