Audit of the Department of Justice's Handling of Known or Suspected Terrorists Admitted into the Federal Witness Security Program Audit Division 17-34 REDACTED - FOR PUBLIC RELEASE September 2017 UIILES//SSI (~) AUDIT OF THE DEPARTMENT OF JUSTICE'S HANDLING OF KNOWN OR SUSPECTED TERRORISTS ADMITTED INTO THE FEDERAL WITNESS SECURITY PROGRAM (U) EXECUTIVE SUMMARY (U) The federal Witness Security Program (WITSEC Program) was established to provide for the security, health, and safety of government witnesses whose lives are at risk as a result of their testimony against organized crime members, drug traffickers, terrorists, and other major criminals. 1 Since the WITSEC Program's inception in 1971, more than 8,700 witnesses and over 9,900 family members and other associates of witnesses have been admitted into the WITSEC Program. Within this population, there are known or suspected terrorists (KSTs) who have agreed to cooperate in major terrorism investigations and prosecutions, including the 1993 World Trade Center bombing, the 1995 Alfred P. Murrah Federal Building attack in Oklahoma City, the 1998 East Africa Embassy bombings, a 2007 plot to bomb John F. Kennedy Airport, and a 2009 plot to bomb the New York City subway system. (U) In May 2013, the Department of Justice (Department) Office of the Inspector General (DIG) issued an interim report on the Department's handling of KSTs admitted into the USMS WITSEC Program. The report included 16 recommendations to the Office of the Deputy Attorney General to improve information sharing among entities responsible for the WITSEC Program and reduce the risk to the public when admitting KSTs into the WITSEC Program. As we described in that report, we found that the Department had not identified all KSTs REDACTED - FOR PUBLIC RELEASE U//LES//SSI admitted into the WITSEC Program; lacked adequate and appropriate oversight of these individuals; did not ensure that the identities of KSTs admitted into the WITSEC Program were placed on the government's consolidated terrorist watch list, as appropriate; and did not appropriately share information with the Federal Bureau of Investigation (FBI) and other national security stakeholders, thus preventing these stakeholders from taking necessary precautions with respect to, and properly monitoring, these individuals. (U) In this report, we follow up on findings in our May 2013 report to determine whether the corrective actions taken by the FBI, USMS, and OED sufficiently addressed the risks we identified. Specifically, our objectives for this audit were to evaluate the Department's: (1) handling of KSTs admitted to the WITSEC Program; (2) practices for watchlisting and the processing of encounters with this group of WITSEC Program participants; and (3) procedures for mitigating risks to the public through restrictions placed on this high-risk group of WITSEC Program participants. We determined that since November 2015, OED and the FBI admitted two new KSTs into the WITSEC Program, and in doing so followed their protocols and appropriately coordinated with each other and the USMS. However, we also concluded that while the FBI, USMS, and OED have developed new policies and procedures to address the issues we identified in our May 2013 review, they have not sufficiently and appropriately implemented all of them. Additionally, we remain concerned that the Department has not ensured that KST information has been appropriately shared with relevant national security stakeholders, and that those responsible for monitoring these individuals have the information they need to do so effectively. (U//I=ES) Identifying and Sharing Information on KSTs in the WITSEC Program (UjjkeS) Our May 2013 report included several recommendations to improve the identification of KSTs in the WITSEC Program and the sharing of related information with national security stakeholders. In response to our 2013 report, the USMS and OED manually reviewed more than _ WITSEC Program case files to identify all potential KSTs that had been admitted into the WITSEC Program in order to ensure that their information had been appropriately shared with national stakeholders. Specifically, the USMS and OED performed separate reviews WITSEC Program case files to determine which cases i ve ng a potential nexus to terrorism. The USMS identified. individuals meeting this description and shared their true name and identifying information with OEO.2 Based on its secondary review of the USMS's results and its primary review o f _ case files, OED determined that a total of. individuals should be passed to the FBI for possible inclusion on the consolidated 2 (U) A witness true identity refers to the name the witness had when he or she was admitted to the WITSEC Program. (U) The full version of this report contains inf~rmation that the Department considered to be law enforcmeent sensitive and sensitive security information, and therefore could not be publicly released. To create this public version of the report, the Office of the Inspector General redacted (blacked out) portions of the full report. ii REDACTED - FOR PUBLIC RELEASE U//LES//SSI terrorist watchlist. The FBI subsequently added. of these individuals to the consolidated terrorist watchlist. (UllbeS) We found several deficiencies in the process OEO followed in analyzing these case files and in sharing information with the FBI. Specifically, we believe, and the FBI agrees, that OEO should have shared the information with national security stakeholders for all _individuals identified by the USMS, rather than conducting its own secondary review. If OEO had passed along all of the case file information that the USMS identified from its case file review, the FBI's counterterrorism experts - not just OEO - would have had the opportunity to evaluate whether any of the _ individuals were KSTs. Under the process used, that did not happen for a majority of the individuals. We also found that neither OEO nor the FBI was able to provide evidence of a consistent application of the criteria each used for its reviews, and both lacked adequate support for their respective determinations. (UI/tE6) In addition, OEO's sharing of information with the FBI was often marked by delay and the FBI's assessments of that information were inadequately documented. Of particular concern, we found that although the USMS began identifying to OEO individuals it believed had a potential nexus to terrorism in November 2013, OEO did not begin sending that information to the FBI for possible watchlisting until March 2014, and we found delays of weeks or months in OEO's handling of many of the individuals the USMS identified in late 2013 and early 2014. We believe that OEO should have reviewed and shared the case files identified by the USMS with the FBI in a timelier manner. We also attempted to determine what actions the FBI took to assess the information it received about potential KSTs who were admitted into the WITSEC Program. However, due to the FBI's inadequate documentation, we were unable to confirm that the FBI appropriately conducted all necessary _ checks of these individuals, and that it appropriately identified an~KSTs. (UI/t:E6) Due to our concerns, and after obtaining additional guidance from the FBI and the Department's National Security Division, OEO performed another review of the _ cases, as well as. additional_ cases with which OEO had concerns, and""uTt'imateIY shared withthe FBI another individuals who had a ntial nexus to terrorism. The FBI com leted checks on these individuals and _ checks OEO ~ not a rea y watch listed . After completing these assessments, rm ne ua s are , and added them to the consolidated terrorist watchlist. of November 2016, counting those KSTs identified during our May 2013 report, the FBI, OEO, and USMS have identified. KSTs who were previouslLadmitted into the WITSEC Program. As of November 2016, the FBI had located. of these. KSTs, and were in the process of verifying the location of the remaining individuals. I iii REDACTED - FOR PUBLIC RELEASE U//LES//SSI CUllbE6) In addition, we conducted reviews of found that the procedures to inform been admitted into the WITSEC Program were not followed. As a re na on, n response steps to ensure that _ changes authorized notifications in the future, b an not been fully incorporated into the FBI's protocols. as ken will not disrupt ose changes have (U) Counterterrorism Controls CUI/.J::E6.) We reviewed _ WITSEC Program KST case files to determine if the files contained identifying information that had not been shared with national security stakeholders. We found. identifying pieces of information, or "identifiers," that the FBI should or could have identified, shared, and included in the consolidated terrorist watch list, as well as the National Counterterrorism Center's CNCTC) classified repository of international terrorist information. Without these identifiers, the watchlist records are incomplete, thus limiting the information available to screeners at both the NCTC and Terrorist Screening Center CTSC) when their staff manage, in real time, an encounter with a KST at an airport, U.S. border, or traffic stop by local law enforcement. Based on the results of our review of these files, we believe that the FBI should conduct a similar review of the remaining WITSEC Program KST case files to ensure that all identifiers are identified, shared, and included in the watchlist. In February 2017, the FBI officials told us ­ but we have not yet confirmed - that the FBI has completed this review and added additional identifiers to the watch list. I CUI/.J::E6.) In our May 2013 report, we found that. KST WITSEC Program Secu Administration's participants who should have been on the Tran times (TSA's) No Fly List had flown commercial aviation pants w 0 s ou ram pa times on commercial aviation . As a result of the FBI, , an s co....a.,...rl\.'a response our ndings, these KSTs were added to those lists. In this audit, we reviewed the TSC's encounter records for May 2013 to November 2015 and found that KST WITSEC Program participants on the No Fly and Selectee Lists had been properly handled by being prohibited from boarding commercial flights, iv REDACTED - FOR PUBLIC RELEASE U//LES//SSI (U) WITSEC Program Administration (U//~) We identified several concerns about the administration of the WITSEC Program. For example, the USMS does not have a sufficient system to track the iden documents rovided to or collected from WITSEC pa are ues w ow pa m Program. For example, despite four termination requests in 9 months from the USMS, OEO delayed the termination of a WITSEC Program participant who had allegedly sexually assaulted five individuals in an 8­ year period, including three minors. We found this delay very troubling. (U) In this report, we make 8 new recommendations to the USMS, FBI, and OEO to further improve sharing of information on KST WITSEC Program participants with national security stakeholders and ensure that there are appropriate controls over KSTs in the WITSEC Program. In addressing these recommendations, the Department will better mitigate the risks posed by KSTs in the WITSEC Program. v REDACTED - FOR PUBLIC RELEASE U//LES//SSI (U) AUDIT OF THE DEPARTMENT OF JUSTICE'S HANDLING OF KNOWN OR SUSPECTED TERRORISTS ADMITTED INTO THE FEDERAL WITNESS SECURITY PROGRAM (U) TABLE OF CONTENTS (U) INTRODUCTION ...................................................................................... 1 (U) OIG Audit Approach ........................................................................ 2 (U) FINDINGS AND RECOMMENDATIONS ......................................................... 4 (U) The Department's Efforts to Identify KSTs in the WITSEC Program ........ 4 (U) USMS's and OEO's Manual Review of WITSEC Case Files ............. 5 (U) Not All KSTs Were Identified During the Manual Review .............. 7 (U) OEO's Untimely Sharing of Terrorism Information with the NJTTF .............................................................................8 (U) Sharing of WITSEC Program Information with the FBI ............... 10 (U) The FBI's Vetting of Terrorism Information and Handling of KSTs in the WITSEC Program ..............................................................12 (U/~) KSTs 68 and 69 Arrested on Months After Their Information was for Possible Watchlisting ....................................................13 (U) The FBI's Unsupported and Incomplete Vetting of WITSEC Information ......................................................................13 (U) Incomplete Watch list Records .................................................16 (U) Encounters of Known or Suspected Terrorists .......................... 18 (U) Processing, Tracking, and Locating KSTs in the WITSEC Program ....... 22 (U)TheUSMS'sTracking of WITSEC Program Participant's Identity Documents ..........................................................22 (U Physical Location of KSTs........................................................24 (U) Pre-Admittance Requirements ...............................................24 REDACTED - FOR PUBLIC RELEASE U//LES//SSI (U) KSTs Admitted to the WITSEC Program ...................................27 (U) Post Admittance Requirements .............................................. 27 (U//~) ................................................................. 29 (U) Issues with Terminating a KST for Criminal Misconduct ...................... 29 (U) Conclusion .................................................................................. 32 (U) Recommendations ................. ....................................................... 32 (U) STATEMENT ON COMPLIANCE WITH LAWS AND REGULATIONS .................... 35 (U) STATEMENT ON INTERNAL CONTROLS ..................................................... 36 APPENDIX 1: (U) AUDIT OBJECTIVES, SCOPE, AND METHODOLOGy .................. 37 APPENDIX 2: (U) RECOMMENDATIONS FROM THE MAY 2013 INTERIM REPORT ON THE DEPARTMENT OF JUSTICE'S HANDLING OF KNOWN OR SUSPECTED TERRORISTS ADMITTED INTO THE FEDERAL WITNESS SECURITY PROGRAM .........................................................................................39 APPENDIX 3: (U) BACKGROUND ON THE WITSEC PROGAM AND CONSOLIDATED TERRORIST WATCHLIST .............................................. 41 APPENDIX 4: (U) PRIOR OIG REPORTS ISSUED ON THE WITSEC PROGRAM, THE WATCHLIST PROCESS, AND THE TERRORIST SCREENING CENTER ........... 45 APPENDIX 5: (U) THE DEPARTMENT OF JUSTICE'S RESPONSE TO THE DRAFT REPORT .................... . ......................................................47 APPENDIX 6: (U) OFFICE OF THE INSPECTOR GENERAL ANALYSIS AND SUMMARY OF ACTIONS NECESSARY TO CLOSE THE REPORT.................... 53 REDACTED - FOR PUBLIC RELEASE U//LES//SSI (U) AUDIT OF THE DEPARTMENT OF JUSTICE'S HANDLING OF KNOWN OR SUSPECTED TERRORISTS ADMITTED INTO THE FEDERAL WITNESS SECURITY PROGRAM (U) INTRODUCTION (U) The primary goal of the federal Witness Security Program (WITSEC Program) is to provide for the security, health, and safety of government witnesses whose lives are at risk as a result of their testimony against organized crime members, drug traffickers, terrorists, and other major criminals. 1 The WITSEC Program is administered through three Department entities: (1) the Criminal Division's Office of Enforcement Operations (OEO) oversees the WITSEC Program and authorizes witness participation in the WITSEC Program, (2) the United States Marshals Service (USMS) is responsible for the protection of active WITSEC participants who are not incarcerated, and (3) the Federal Bureau of Prisons (BOP) protects WITSEC participants while they are incarcerated in federal facilities. 2 Since the WITSEC Program's inception in 1971, more than 8,700 witnesses, and over 9,900 family members and other associates of witnesses, have been admitted into the WITSEC Program. 3 1 (U) The WITSEC Program was authorized by the Organized Crime Control Act of 1970 and amended by the Comprehensive Crime Control Act of 1984. Pub. L. No. 91-452 (1970) and Pub. L. No. 98-473 (1984), respectively. 2 (U) The BOP's management of its portion of the WITSEC Program is not addressed in this report. 3 (U) OEO and USMS officials have stated that the total number of participants in the WITSEC Program is unknown. The numbers provided here are both agencies' best estimates. 1 REDACTED - FOR PUBLIC RELEASE U//LES//SSI (U) In May 2013, the Department of Justice (Department) Office of the Inspector General (OIG) issued a report on the Department's handling of known or suspected terrorists (KSTs) who were admitted into the WITSEC Program. 4 In that report, we found that the Department: (1) had not ensured that the identities of KSTs admitted into the WITSEC Program were placed on the government's consolidated terrorist watchlist as appropriate, (2) did not definitively know the total number of KSTs admitted into the WITSEC Program, (3) did not know the current location of all identified KSTs, and (4) had not ensured that information potentially relevant to national security was shared appropriately with the Federal Bureau of Investigation (FBI) and other national security stakeholders. Based on the Department's decision to admit and not share information for KSTs in the WITSEC Program with national security stakeholders, we found that proper national security precautions had not been put in place and that appropriate monitoring of these individuals did not occur. Therefore, we made 16 recommendations to the Office of the Deputy Attorney General to improve information sharing within the Department and to reduce the risk to the public when admitting KSTs into the WITSEC Program and handling them, both during and after their WITSEC Program participation. (U) OIG Audit Approach (U) The Department established policies and procedures to address each of the recommendations in our 2013 report. The purpose of this audit was to determine whether the Department's policies and procedures sufficiently addressed the risks we identified at that time. Specifically, our audit objectives were to evaluate the Department's: (1) handling of KSTs admitted to the WITSEC Program; (2) practices for watchlisting and the processing of encounters with this group of WITSEC Program participants; and (3) procedures for mitigating risks to the public through restrictions placed on this high-risk group of WITSEC Program participants. The results of our review are detailed in the Findings and Recommendations section of this report. See Appendix 1 for further discussion of the audit objectives, scope, 4 (U) U.S. Department of Justice Office of the Inspector General, Interim Report on the Department of Justice's Handling of Known or Suspected Terrorists Admitted into the Federal Witness Security Program, Report 13-23 (May 2013). See Appendix 2 for the list of 16 recommendations issued as part of the May 2013 report. (Ullt:e6) The 2015 U.S. government's Watch listing Guidance defines that a "known terrorist" is "an individual who has been (a) arrested, charged by information, or indicted for, or convicted of, a identified as a terrorist or member of a crime related to terrorism or terrorist activities. . . terrorist nization . .. "and it states that 2 REDACTED - FOR PUBLIC RELEASE UllLESjjSSI and methodology. See Appendix 3 for background on both the consolidated terrorist watchlist and the WITSEC Program. 3 REDACTED - FOR PUBLIC RELEASE U//LESjjSSI (U) FINDINGS AND RECOMMENDATIONS (UllteS) While the FBI, USMS, and OEO have developed new policies and procedures to address the issues we identified in our May 2013 review, they have not all been sufficiently and appropriately implemented. For example, we found several deficiencies with the USMS' and OEO's review of case files and documentation in WITSEC Program files, including that not all individuals having a potential nexus to terrorism were referred by OEO to the FBI's National Joint Terrorism Task Force (NJTTF) for watchlist consideration; and those that were referred were not always referred in a timely manner. We also found that the FBI insufficiently documented its assessments of individuals identified by the USMS and OEO as possible KSTs in the WITSEC Program. Based on the evidence available we believe that the FBI likel did not the assessment ra ses , as req q ons a e a equacy s assessments themselves. In addition, we determined that hundreds of KST-related identifiers were not provided by the NJTTF to the Terrorist Screening Center the (TSC) and National Counterterrorism Center (NCTC), causi consolidated terrorist watchlist records to be inco lete. (U) As a result of these and other findings described below, we remain concerned that the USMS and OEO have not appropriately shared information about KSTs in the WITSEC Program with relevant national security stakeholders and ensured that those responsible for monitoring these individuals have the information they need to do so effectively. (U) The Department's Efforts to Identify KSTs in the WITSEC Program (UIjteS) As we noted in our May 2013 report, the Department performed a review of WITSEC Program participant's criminal histories and, as of July 2, 2012, had identified KSTs who had been admitted to the WITSEC Program. In response to our recommendations in that report, the Department manually reviewed all WITSEC Program case files for any previously unidentified KSTs in the WITSEC Program. After discussing this audit's findings with the FBI, USMS and OEO officials, OEO performed another round of review of certain high risk individuals identified an additional individuals with a potential nexus to terrorism who had been admitted to the WITSEC Program. As o f _ , the FBI had reviewed the individuals' backgrounds and added ~ II III II II 4 REDACTED - FOR PUBLIC RELEASE U//LES//SSI individuals to the consolidated terrorist watchlist. In total, after accounting for the admittance of additional KSTs to the WITSEC Program and the identification of additional KSTs who needed to be added to the consolidated terrorist watch Ii there were KSTs WITSEC P artici as of 5 (U) USMS's and OED's Manual Review of WITSEC Case Files (Ullt:eS) As a result of review of their WITSEC Program case files to identify individuals with a potential nexus to terrorism who had been admitted to the WITSEC Program. 6 Based on OEO's review of its case files, OEO determined that of those WITSEC Program participants had a potential nexus to terrorism and shared this information with the FBI. These files were not reviewed by the USMS or any other entity prior to being shared with the FBI. We found that OEO consistently applied the terrorism criteria to the information in our sample of case files. II (U//teS) For the case files that the USMS our May 2013 report, the USMS and OEO performed a (U//l:ES) The Department's Efforts to Identify KSTs Admitted to the WITSEC Program Through a Manual Review of its Case Files (U//kE&) The USMS and OEO reviewed more than _ case files and identified. individuals as having a poteli'ti'a'T'iiexus to terrorism. • (U//kE&) OEO reviewed approximately_ case files and identified. individuals. • (U//kE&) The USMS reviewed alioximatelY" _ case files and identified individuals. OEO reviewed the. individuals agreeing with the USMS on • (U//kE&) OEO also reviewed an additional _ _ _ case files for individuals for whom th~ Uiiable to review and identified . (U//kE&) OEO also identified. more individuals with a potential nexus to terrorism as part of a second review of these undertaken as a result of this audit. _ individuals were determined by OEO 'to""h"aVe a potential nexus to terrorism, and. were shared with the FBI out of an abundance of caution. (U//kE&) In total, OEO shared with the FBI information on individuals whom OEO and the USMS had not . i enti. led during our May 2013 review. The FBI added" • individuals to the consolidated terrorist watchlist. 5 REDACTED - FOR PUBLIC RELEASE UIILES//SSI reviewed, which were not included in OEO's case file review, its methodology was to identify and provide to OEO any case or individual that was connected to terrorism, however remotely. To accomplish this, the USMS assessed the underlying case facts to determine if the individual had a potential nexus to terrorism as defined in 18 U.S.C. §2331. 7 The USMS conducted this analysis after receiving training from OEO intended to ensure that the two organizations were consistently applying the definitions of international and domestic terrorism. Between November 2013 and March 2014, the USMS identified and provided to OEO information on • individuals who were admitted into the WITSEC Program because the USMS determined that either their criminal history or the case facts had a potential nexus to terrorism. (UI I~) OEO officials told us that they felt the USMS was overly cautious and too inclusive in its identification of cases or individuals that had a link to terrorism or a crime that ~t be considered terrorism. Therefore, OEO performed cases identified by the USMS. OEO stated that its a secondary review of the _ secondary review was conducted to determine whether: (1) each individual's potential nexus to terrorism was consistent with the legal definitions of international and domestic terrorism and (2) to disclose the information as riate to the NJTTF for watchlist consideration. (UI I~) To illustrate the type of cases lacking a potential nexus to terrorism and therefore not shared with the FBI, OEO provided to us an exam Ie of a case where the individual committed a crime that but OEO noted that any wou ave as , which would not be considered as having a potential nexus to 7 (U) 18 U.S.c. §2331 defines international terrorism as activities with the following characteristics: (1) involve violent acts dangerous to human life that violate federal law or state law; (2) appear to be intended (i) to intimidate or coerce a civilian population, (ii) to influence the policy of a government by intimidation or coercion, (iii) to affect the conduct of a government by mass destruction, assassination, or kidnapping; and (3) occur primarily outside the territorial jurisdiction of the U.S., or transcend national boundaries in terms of the means by which they are accomplished, the persons they appear intended to intimidate or coerce, or the locale in which their perpetrators operate or seek asylum. The definition of domestic terrorism provided in 18 U.S.C. §2331 is the same as above with the exception of part 3, which states (3) occur primarily within the territorial jurisdiction of the U.S. 6 REDACTED - FOR PUBLIC RELEASE U//LES//SSI terrorism. To document its review process and decisions as to why each individual's history did or did not satisfy the definition of terrorism, OEO personnel made notes on a standardized cover page, corresponding to an individual in each cover pages where case file. We selected and reviewed a judgmental sample OEO determined the individual's information should not be passed to national security stakeholders because the case or the individual's criminal history lacked a potential nexus to terrorism. We found that OEO's notes and record keeping were inconsistent and in many instances too brief for us to understand the basis for OEO's determination. For example, some reviewers attempted to describe on the cover sheet the decision process, while others merely noted that the file was not a "T" (for "Terrorism") case, without further explanation. of. (U//-I::E6) During our audit, we identified another !liITSEC Program participant case files that had not been reviewed because case files had been could not locate. case file or case file did not archived and either _ contain enough information to make a potentialnexus to terrorism determination. OEO subsequently reviewed these files, which resulted in the identification and sharing of one more individual whom OEO determined had a potential nexus to terrorism. I (U//t:E6) Ultimately, the FBI added WITSEC Program participants to the consolidated terrorist watchlist. In addition, after reviewing our findings the FBI decided to reassess its findings for. WITSEC Program participants that the FBI did not initially place on the consolidated terrorist watch list, as well as. other individuals that OEO, upon reconSideration, determined to have a potential nexus to terrorism. As discussed in the FBI Vetti of Terrorism Information Section of this report, those reassessments identified more KSTs who had been admitted to the WITSEC Program. (U) Not All KSTs Were Identified During the Manual Review of. (UII-I::E6) To further assess OEO's review process on the case files that were not passed to the FBI, we selected a judgmental sample cases for closer examination. Specifically, we compared information within the" cases to the statutory definition of terrorism in 18 U.S.c. §2331. We found that of the . . individuals' case files contained information indicating a potential nexus to terrorism. I (UII-I::E6) We discussed these. individuals with OEO officials who told us that even though OEO erred on the Side of caution when making decisions to refer WITSEC Program participant's records to the FBI for possible watchlistin2..l,t did not believe that forwardi these individuals was warranted. However,. OEO require that OEO share information with the on a ua EC Program with a potential nexus to terrorism. After we discussed these. individuals with the FBI, the FBI requested that the 7 REDACTED - FOR PUBLIC RELEASE U//LES//SSI individuals be shared with them. The FBI also expressed concern that OEO might not have shared with the FBI information on all WITSEC Progra~hat have had a potential nexus to terrorism. We believe that OEO, _ _ , should have authorized the USMS to provide the FBI with this information. Mer""We discussed with OEO officials the particulars of the individuals that were not shared with the FBI and we conveyed the FBI's concern to OEO officials, OEO immediately authorized the USMS to share the information on the _ individuals with the FBI. Ultimately, the FBI determined that neither individuaT"'re uired inclusion on the consolidated terrorist watchlist because II (U) Based on the results of our sample review and OEO's lack of supporting documentation for its review of the case files provided by the USMS, we are concerned that OEO did not forward information to the FBI on all cases where an individual had a potential nexus to terrorism. This failure deprived the FBI from considering whether individuals with a potential nexus to terrorism should be added to the consolidated terrorist watchlist. of. (Uj jbES) In March 2016, we discussed this finding with OEO officials. OEO officials stated that based on the OIG's concerns, it undertook a thorough secondary review cases that were fla:d by the USMS as having a potential nexus to terrorism, as well as an additional ~ cases, which OEO analysts had designated as "cases in need of further review. Prior to performing this review, OEO officials stated that they obtained extensive instruction in the identification of terrorism information from the FBI and DOJ National Security Division officials. After performing this review, OEO shared information on. individuals between April 2016 and July 2016 who had a ntial nexus to terrorism. In September 2016, the NJTITF completed the checks on these individuals and determined that. do not meet e c r watchlisting. The TSC added the other _ to the consolidated terrorist watchlist. 9 I (U) OEO's Untimely Sharing of Terrorism Information with the N1TTF (U) The WITSEC Program statute states that the Attorney General shall establish an accurate, efficient, and effective system of records concerning the criminal history of persons provided protection through the WITSEC Program in ------------------------ ------- 8 REDACTED - FOR PUBLIC RELEASE UIILES{{SSI order to facilitate the sharing of WITSEC Program information, as appropriate, with the Department's law enforcement partners. Delays in the review of potential KSTs by the NJTTF and other national security stakeholders - particularly those individuals who had already been identified by the USMS as having a potential nexus to terrorism - are contrary to the language and purpose of the law, policies, and procedures governing the WITSEC Program, and unnecessarily exposes the nation to an increased security risk. (U//~) One exam concerned KST 70 the FBI since the se ua s on _ , but it was not u n t i l _ , that the NJTTF received i~O on any of the individuals in batch, and KST 70's information was not provided until _ , after KST 70's _ and after the FBI requested the information. For many of the batches, it took OED more than 6 weeks to complete its review, and for some batches it took much longer. 9 REDACTED - FOR PUBLIC RELEASE UIILES{{SSI (U) Table 1 (UII~) USMS Identified Individuals in the WITSEC Program With a Potential Nexus to Terrorism Being Shared with the FBI Date(s) the USMS Number of Individuals Identified by the 8 9 10 12 13 Sent the •• • • Number of Days It TookOEO to Complete 63 and 105 I 01/30/14 48 and 81 41 and 74 27 and 77 I I • was also passed to the NJTTF on May 8, 2014. (U) Source: The USMS and OEO (U) We believe that OEO should have reviewed and shared the case files identified by the USMS with the FBI in a timelier manner, particularly in light of the fact that, for each of those individuals, the USMS had specifically reached the conclusion that its cases had a potential nexus to terrorism. (UJ Sharing of WITSEC Program Information with the FBI (U//LE6H66I) In our May 2013 report we recommended that the Office of the Deputy Attorney General ensure that OEO authorize the USMS to disclose, and that the USMS disclose to the FBI, identification and other necessary information on KSTs 10 REDACTED - FOR PUBLIC RELEASE UIILES//SSI in the WITSEC Pro ram. We also recommended that me at report, rtment s EC Program as of July 2012, which was the most current o were information available at the time. During this audit we found that, based on our prior report's recommendations, OEO authorized the USMS to share information with the FBI on all of these KSTs. The FBI subsequently performed threat assessments on most of them.10 all of the individuals and III on, ve e KSTs identified since this current audit on . For the began who were previously admitted into the WITSEC Program, the FBI stated that were admitted only to the BOP WITSEC Program, individuals have passed away, and individuals are incarcerated because of new crimes they have committed. As of November 2016, the FBI is in the process of verifying the location of the remaining III I I •• 11 (U) Some of the individuals had already been placed on the watch list by other entities. 11 REDACTED - FOR PUBLIC RELEASE I U//LE&jj&&I (UII~) when the When we discussed this situation with OEO, an official told us that rotocols were d the FBI stated to include (U) The FBI's Vetting of Terrorism Information and Handling of KSTs in the WITSEC Program (UI /L~SIlSSI) In our May 2013 report, we recommended that the Department develop a mechanism for the FBI to review KST WITSEC Program participant case files for information that demonstrates a potential nexus to terrorism. Between March 2013 and Janua 2016 OEO relevant information for a total of individuals the NJTTF as pa . so prov ded the NJTTF access to e e re case _ . After the NJTTF's review, two of the individuals (KST 68 an were added to the consolidated terrorist watchlist. 13 Ie 12 (U//hES) KST 70's passed to the NJTTF. KST 70's KST 70's and ay 2013 audit, OED inventoried all the KSTs in t~ Program , for tracking purposes. We have used the same _ _ system refer to all KSTs. 12 REDACTED - FOR PUBLIC RELEASE U//LES//SSI (U//~) KSTs 68 and 69 Arrested on _ Nearly 5 Months After Their Information was Provided to the NJTT~chlisting owever, was n ra app m s after OEO initially referred the two individuals to the NJTTF, that KST 68 and KST 69 were added to the consolidated terrorist watchlist. On several occasions we asked the FBI to explain the reasons for the delay, but as of December 2016 we had only received a timeline of what transpired but no explanation for the delay. (U) The FBI's Unsupported and Incomplete Vetting of WITSEC Information - ------ ------- --- --------- - - ---- 13 REDACTED - FOR PUBLIC RELEASE UllLESjjSSI reviewed the KST documentation and made a determination on the necessity of a threat assessment for all individuals that OEO and the USMS shared with them and (2) whether the NJTTF assessed the risk to the public. Given the arrest of KST 68 and KST 69, . NJTTF officials told us that they believe check of each of the other individuals that OEO IJ~';"><;;;U that a threat assessment was unnecessary. the current NJTTF personnel could not prov e a v e check or some other assessment was ua ,and former NJTTF personnel could not performed for each of the remember what _ steps were performed. Additionally, we found that the NJTTF did not m~cient documentation to support the determination that each of the individuals was not: (1) a known terrorist that should be watch listed based on prior criminal history or (2) potentially involved in terrorist activity and appropriately considered a suspected terrorist. Without adequate supporting documentation, controls over the NJTTF review process were significantly weakened because the analysis performed could not be properly checked by supervisors, and important records will not be available should the need for additional investigations of the individuals later arise. (U//t:eS) We also reviewed a judgmental sample of.of the individuals passed to the NJTTF to assess whether the facts in the casetile, which included the individual's past criminal history, indicated a potential nexus to terrorism. We concluded that the facts i n . of the case files appeared to indicate a potential nexus to terrorism. However, due to insufficient supporting documentation, we were unable to determine why the NJTTF did not pass the information to the TSC. The relevant facts from these. case files included: • • (U//~) In December 2015, NJTTF, TSC, and OEO officials jointly reviewed these. individuals' criminal histories and the case files associated with each of them. These officials determined that the WITSEC-provided identities for the. individuals did not present an ongoing threat to national security because 14 REDACTED - FOR PUBLIC RELEASE U//LES//SSI , we w were in the , and as such they were not assessed at the proper time by the n on the watchlist. Had the information been provided more promptly and the determination been made to place these individuals on the consolidated terrorist watch list, additional information about these individuals may have been obtained through any subsequent encounters, thus aiding investigative and national security efforts. (UIILESI/SSI) The failure of the FBI to appropriately document the assessments and reviews upon which KST determinations are made hinders the effectiveness of the WITSEC . In n, we eve s a ons may n e requirements of Homeland Security Presidential Directive number 6 (HSPD-6) to identify all individuals that should be shared with the TSC for possible watchlisting. 15 If any of the individuals are determined to be KSTs, then certain security procedures are set in motion by the USMS to mitigate the risk to the public. Based on our findings and not including the. individuals discussed above _ , the FBI performed a new documented check on ~ovided by OEO. The ch ne hat an additional. individuals are KSTs and to the consolidated terrorist 15 (UI/LES/ISSI) HSPD-6 states "the heads of executive departments and agencies shall, to the extent permitted by law, provide to the [National Counterterrorism Center (NCTC)] on an ongoing basis all appropriate terrorist information in their possession, custody, or control." Terrorism information is specifically defined as " ... information about individuals known or appropriately suspected to be or have been in conduct constituti ration for in aid of or related to terrorism." . govern ng nce own is "an individual who has been (a) arrested, charged by information, or indicted for, or convicted of, a crime related to terrorism or terrorist activities. . . identified as a terrorist or member of a terrorist nrn .. n'7"T,nn • •• "and it states that 15 REDACTED - FOR PUBLIC RELEASE U//LES//SSI watchlist. We therefore recommend that the FBI establish policy to require documentation and maintenance of support for its KST determinations on WITSEC Program participants. (U) Incomplete Watchlist Records (U//-I:E6) Our May 2013 report recommended that the Department ascertain the identity, as well as other necessary information, on KSTs in the WITSEC Program and evaluate its practices and formalize procedures for the sharing of KST WITSEC Program participants' identity information with DOJ national security stakeholders. Further, we recommended that the TSC receive the new overnment- rovided identities of all KSTs (U//FOUO) The effectiveness of the consolidated terrorist watchlist as a law ent on the leteness enforcement and intelligence gathering tool is de and accura of the records it contains. (U//te5) During our previous review, the NJTTF was provided full access to the _ WITSEC case files, and spent over a week reviewing the files. Although thereiS'iittle documentation to demonstrate the purpose or results of the NJTTF's review, based on the information available to us, it appears that the review was conducted so that the FBI could perform threat assessments on the. KSTs identified in our prior report, and not for the purpose of identifying additional information from the files that should be provided to the TSC. of. (U//LES/lSSI) We base this conclusion, in part, on the "results of our review of a judgmental sample of the. KSTs identified in the May 2013 report. We 16 REDACTED - FOR PUBLIC RELEASE U//LES//SSI reviewed these case files to determine if they contained identifying information that fell into. of the. categories of identifiers and found. identifiers that were not included in the consolidated terrorist watchlist records. Table 2 reflects the breakdown of the. i~entifiers we found, by category. (U) Table 2 (UllbESIISSI) Identifiers Contained in USMS Records and Not Provided to the TSC at the Conclusion of the NlTTF's Reviewa ------~------ -- - - - - - --- - - - - - ­ ---------- (U) Source: _Case Files (UI/LES//SSI) When we discussed with USMS and OEO officials the omission of these identifiers from the consolidated terrorist watchlist, they agreed that the relevant identifiers should have been shared, and they subsequently provided the information to the TSC for potential inclusion in the watch list. The TSC determined that each identifier fell into one of TSC defined state e ers cou attributed to the individuals in the cases n our sam now been added to the watchlist. However, because the value to the watchlist record for _ is limited to questionable, the TSC determined that these ide~e added if they received a nomination form from the NJTTF. (Ul/kEG) Given the watch list policy, the NJTTF should have provided all of the identifiers on all KSTs in the WITSEC Program to the TSC. These identifiers include information that is useful to counterterrorism personnel to quickly and 17 REDACTED - FOR PUBLIC RELEASE U//LES//SSI accurately identify KSTs during an encounter, and avoid the temporary misidentification of innocent individuals as KSTs during encounters. reco ea wether m• . We found that the same identifiers for any entifiers were missing international terrorists contained in the case files that had not been added to the consolidated terra not been added t o . for each individual. Because this information was not added to the terrorist watch list record, the consolidated terrorist watch list and the complete, thus limiting the usefulness to national (UI j.f::E6) Our review clearly demonstrated that additional identifiers of value to the watchlist are likely to be found in the WITSEC case files and in February 2017, the FBI stated that they have _ from the WITSEC case files for KSTs in the gram an ave added them to the consolidated terrorist watch list. We therefore recommend that (UJ Encounters of Known or Suspected Terrorists 17 (U) TIDE is the U.S. government's central and shared repository of information on international terrorist identities. It is used by the intelligence community as one list for the consolidation of classified information on known or suspected international terrorists. A sub-set of sensitive but unclassified information in TIDE feeds into the one consolidated unclassified known or suspected terrorist watch list, the Terrorist Screening Database (TSDB). The TSDB contains information on all terrorists, both international and domestic. 18 REDACTED - FOR PUBLIC RELEASE U//LES//SSI (U) Figure 1 (UIILESllSSI) KST Interim Encounter Process For WITSEC Program Participants (U) Source: Terrorist Screening Center (UIIFOUO) As shown in Figure 1, encounters occur when a watchlisted individual is encountered by local, state, federal, or tribal law enforcement, homeland security, or other screening personnel, and the individual's identity matches an identity on the consolidated terrorist watch list. For example, if a watchlisted individual is encountered crossing the border or obtaining a U.S. Passport or Visa, law enforcement personnel are notified that this individual's identity information matches the identity record on the consolidated terrorist watch list. When information on a potential encounter is provided to the TSC, TSC personnel determine whether certain actions should be taken, including whether law enforcement should be notified, and whether information obtained during the encounter should be added in the consolidated terrorist watchlist record for this individual. During these encounters, key information is often obtained that may be useful to law enforcement and screening personnel, and it is often reported to other databases, such as the FBI's Known or Suspected Terrorist File in the 19 REDACTED - FOR PUBLIC RELEASE U//LES//SSI National Criminal Information Center (NCIC), which is used by local, state, tribal, and other screening agencies to identify KSTs during encounters. (U//-be6) Part of the national security infrastructure to reduce the risk of terrorist attacks is to place KSTs that are a threat to commercial aviation on the Transportation Security Administration's No Fly and Selectee Lists. KSTs on the No Fly List are denied flying within United States airspace and KSTs on the Selectee before boarding their List have to go through additional screening at the ai flight. In our May 2013 interim report, we found that of the KSTs who should times have been on the No FI List had flown (U//-bES) In the current audit, we reviewed encounters for all of the KSTs that have been admitted into the WITSEC Program between the issuance of our interim report in May 2013 and November 2015. We found that, according to TSC encounter records, KSTs in the WITSEC P m have been encountered a total of times. As shown in Table 3 20 REDACTED - FOR PUBLIC RELEASE U//LES//SSI (U) Table 3 (U//bES) Types of Encounters of KSTs Admitted into the WITSEC Program May 15, 2013 to November 5, 2015 (U) Source: TSC Encounter Records (U//hE£) The WITSEC Pro involved. KSTs admitted into the KSTs who were on t No Fly List were denied boarding or were taken. times, and the __ KSTs who were additional screening. times. 8 ver re e encounter, e a ty to an are such critical information among national security stakeholders decreases the risk of harm to the public, and to the law enforcement official or screener involved in the encounter. (U//hE£) Ensuring that any additional identifiers obtained during encounters WITSEC case files is also crucial to the appropriate are added to the _ management of the WITSEC program. We determined that encounter records were stored this shared timely and accurately with the USMS, and that the _ information in its system. -. 18 (U//hES) 21 REDACTED - FOR PUBLIC RELEASE U//LES//SSI (U) Processing, Tracking, and Locating KSTs in the WITSEC Program o eva uate process, we ew a gme sample of. KSTs admitted to the WITSEC Program who have received a new government identity, KST 70's case,lI recently admitted KSTs, and individuals with a potential nexus to terrorism with which the USMS had concerns. II (UJ The USMS's Tracking of WITSEC Program Participant's Identity Documents (U/IobES) We found that the USMS does not have a sufficient system to keep track of the ide documentation rovided to or collected from WITSEC Pro ram rtici a sepa on me e re pient leaves the WITSEC accou ng Program or passes away. In addition, until December 2013, the USMS did not ~e that USMS Inspectors complete a form to acknowledge the receipt of _ _ identification documentation collected from Program participants. (UIlobES) KST 70 is an example of the need to have a system that tracks identity documents. During our review, came our attention that KST 70 used both KST 70's true identity and new identity for _ years after KST 70 was removed from the WITSEC Program. We found that KST 70 was never formally issued a new identity, which, according to the USMS, w~ name chan . However, ~ovided a _ _ _ _ icense, and _ in KST 70's new name. was removed from the WITSEC Program _ , the USMS should have requested that KST 70 return all new-name documents. But based o n _ records, it is unknown if KST 70 was asked to return or in fact returned any documents. It was not until . ' when the USMS again requested that KST 70 . This return all new name documents, that the~eived KST 70's records reflect by is the only new identity information that _ KST 70. (UI lobES) By retaining these documents, KST 70 was able to use both identities for years. For example, KST 70 was receiving benefits in KST 70's new name while receiving _ rem 19 70's true name. KST 70 should have been receiving both the _ retirement benefits in KST 70's true name, because the new name 19 (U) We did not attempt to determine the amount of benefits KST 70 received as part of this audit. 22 REDACTED - FOR PUBLIC RELEASE U//LESjjSSI was never a legal name. We also found that KST 70 was able to use KST 70's drivers' license to help obtain additional identifications in KST 70's new name, ncluding a driver's license. In fact, KST 70 checked into a _ with that _ driver's license. We hotel the night before find it very concerning th was allowed to use both identities for such a long period of time. (U//t:E6) This lack of document oversight and the lack of an effective mechanism to ensure that WITSEC Program-issued identity documents are returned upon request increase the risk that WITSEC Program partici ants will have access to and use of multi Ie identities. We recommend that (U//t:E6) OEO officials acknowledged the concern about WITSEC Program participants retainin identification documents th should not have and th ated the 23 REDACTED - FOR PUBLIC RELEASE U//LES//SSI public of WITSEC P documents. (U) Physical Location of KSTs (U//tES) In our May 2013 interim report, we recommended that the Office of the Deputy Attorney General ensure that the USMS and FBI verify the physical locations of all KSTs previously admitted into the WITSEC Program. The Department verified the location of all the KSTs identified in the May 2013 report. As previously stated, additional KSTs were si!bseuently admitted and identified, of these additional KSTs. It is and the FBI is still in the process of locating important that the FBI locate these individua s and take appropriate ste s to miti ate a ntial secu threat. Therefore we recommend that (U) Pre-Admittance Requirements (U//-bES) In our May 2013 interim report, we recommended that the Office of the Deputy Attorney General determine the appropriate inclusion of DOJ national security stakeholders in decisions and processes for admitting and monitoring KST WITSEC Program participants. We also recommended that the USMS develop, with input from OEO and the FBI, a process to accuratel identi all KSTs when th enter the WITSEC ram. Our recommendation (U//!:e6) On July 26, 2013, OEO and the USMS finalized its protocols to enhance oversight necessary to evaluate, screen and monitor KSTs admitted to the WITSEC Program. These protocols require that, , all individuals sponsored to the WITSEC Program are compare aga consolidated terrorist watch list to ascertain whether the individual is already 24 REDACTED - FOR PUBLIC RELEASE U//LES//SSI considered a KST. 20 We found that prior to admittance OEO has been running names for newly sponsored individuals against the consolidated terrorist watch list. OEO officials stated that in order to help process potential terrorism information timely, it was in the process of hiring a management consultant to establish stronger management controls. However, based on budget restraints, OEO informed the OIG in February 2017 that it will be using internal staff to update its system. (UI/-bE£.) The protocols also require that OEO provide to the NJTTF information on KST WITSEC Program participants. In practice, OEO has also been providing the NJTTF with information on individuals with a potential nexus to terrorism so that the NJTTF can use this information in assessing whether the individuals in question should be considered a KST. Additionally, the protocols uire that OEO re uest and review a detailed risk assessment from the FBI , and solicit input from the rtme ona on rega ng Program suitability of any watch listed individual prior to making a decision to admit the individual into the WITSEC Program. In November 2015 OEO informed us that since the issuance of our interim report, only. individuals with a potential terrorism nexus have been individuals, we found that OEO admitted to the WITSEC Program. For these _ and the USMS shared information with nationTsecurity stakeholders as required; however, as described below, the NJTTF did not properly vet the WITSEC Program participants in accordance with the Department's protocol. III (U) Foreign Government Hacker - Potential Nexus to Terrorism (Ull-bE£.) We reviewed the _ case file for this WITSEC Program participant to determine whether OEO was in compliance with its pre-admittance protocols for all new Program participants and its informal process for individuals with a potential nexus to terrorism. We found that, in October 2013, OEO and the 20 (UjjbES) Specifically, as part of the suitability for the WITSEC Program evaluation process, OEO runs the identity information for each individual nst the consolidated terrorist watchlist and _ _ _ . Once approved for admitta runs the identity of the individual against the ~ terrorist watch list and information on the participant's status 25 REDACTED - FOR PUBLIC RELEASE U//LES//SSI USMS obtained the WITSEC Program threat and risk assessments completed by the sponsoring ~ March 2014, the USMS ran the individual's identities and against the consolidated terrorist watchlist and found against the _ that he was not in either database. At the same time, based on the belief that this individual had a potential nexus to terrorism, the USMS provided the WITSEC Pram artici nt's information to both the TSC and NJTTF, . Based on s, epa , we found that the NJTTF could not provide evidence of a check or documentation reflecting that the assessment was perfo , as requ red by FBI protocol. (U) A Gang Member - Potential Nexus to Terrorism (Ujj-be6) I n . 2015, an individual with a potential nexus to terrorism was admitted to the WITSEC Pro ram and disclosed to NJTTF for review. (UjjtES) In early 2015, while processing this participant's admittance information, the USMS identified the potential nexus to terrorism. On April 21, 2015, the USMS provided information on this individual to the NJTTF for review and determination as to whether the individual should be nominated to the consolidated terrorist watchlist. An NJTTF official told us that the NJTTF did not nominate this individual to the consolidated terrorist watchlist because, , the ua nexus ave een severed. However no evidence in the records we reviewed that the NJTTF performed a check and documented it, as required by FBI policy. (UjjkES) We believe the processing of these. individuals represent examples of situations where the USMS and OED properly shared information on individuals with a potential nexus to terrorism with national security stakeholders. However, we found no documentation to suggest that the NJTTF followed the FBI's protocol for vetting WITSEC Program participants with a potential nexus to 21 (U) During admission to the WITSEC Program, the threat assessment evaluates the threat to the witness for cooperating with the federal government. This threat assessment is different from the threat assessment performed by the FBI to determine if a person is a threat to national security. The risk assessment reports on potential risks to the public caused by the witness' enrollment in the WITSEC Program. 26 REDACTED - FOR PUBLIC RELEASE U//LESjjSSI terrorism, although we note that in August 2016 FBI officials told us that it performed another _ check in and determined neither individual s~to the conso st watch list. After we discussed this issue with OEO and the FBI, OEO created a detailed checklist to be used during the vetting process in order to identify a potential WITSEC Program participant's nexus to terrorism. The FBI also required that the NJTIF document its decisions on whether a WITSEC Program participant should or should not be nominated to the consolidated terrorist watchlist. (U) KSTs Admitted to the WITSEC Program (U//~) F o r . of the KSTs OEO has admitted to the WIT~am since November 2015, we found that OEO and the FBI followed its _ : (1) OEO shared these individuals' information with the NJTIF OEO uested and reviewed detailed risk assessments from the FBI m partment's , and (3) OEO soli ona ecu on regarding WITSEC Program suitability of any watchlisted individual prior to making a decision to admit the individual into the WITSEC Program. We also reviewed the admission process for these individuals to determine whether the USMS had develo to involve DOJ national stakeholders in determini (U) Post Admittance ReqUirements (UII~) In our May 2013 interim report, we recommended that the Office of the Deputy Attorney General ensure that the USMS completes the development of protocols to require USMS Inspectors to meet regularly with and maintain up­ to-date information on active WITSEC m artici nts who are also KSTs. Additionall we recommended that (UII~) We reviewed the protocols developed in response to our recommendations and found that the protocols require that national secu stakeholders, including the USMS, FBI, TSC, and OEO, meet review the KST's admittance into the WITSEC program. r indices checks uire that the USMS conduct com conduct 27 REDACTED - FOR PUBLIC RELEASE UIILES!!SSI (U//~) We discussed the implementation of these~s with OEO, meetings are USMS, TSC, and NJTTF personnel. We were told that the _ occurring as required. Participants advised that the meetings facilitated a greater amount of shari than might have occurred had they not met in person. We also reviewed the case files containi documentation related to the _ indices checks, and reports. We""fo'Li"n'dthat the USMS was pe rm ng ces r all • lOUd mentally selected partici nts where uired. We a un at for the individuals for whom were required, the USMS pe ormed the checks as re~ e rema ng individuals, we found that the USMS did not perform _ checks because, consistent with the policies, the USMS waived the monitoring requirement for these individuals because the WITSEC rsonnel. However the USMS Program participant posed a danger to the USMS still ran the individual's names against II 28 REDACTED - FOR PUBLIC RELEASE UIILES{{SSI (Ujjl::e-G) CUII-I::E6) In our May 2013 interim report, we recommended that the Department ensure that OEO authorizes the USMS to inform, and ensure the USMS does inform, the FBI whenever a KST voluntarily leaves the WITSEC ram. is relocated or is removed from the WITSEC II, (U) Issues with Terminating a KST for Criminal Misconduct KST 12 was admitted to the USMS WITSEC Pro ram Du ng our wor on report, we were een arged with inappropriate communications with a minor. During this audit, we followed up on that information and discovered that KST 12 has been charged with or accused of sexual assault-related crimes six times since enteri the WITSEC P - (U//-I::E6) The alleged sexual assaults all occurred during • CUllhES) , a 22-year-old accused KST 12 of i touching an ma ng nappropriate comments no The accusation was made to a local police department, ut we evidence that the USMS was made aware of this al tion at the time. ast USMS's attention _ on was roug to different police department investigated a similar allegation 12. USMS documentation shared with us during this audit noted 29 REDACTED - FOR PUBLIC RELEASE U//LE&//&&I that local police determined that they did not have sufficient evidence to investigate this allegation. • KST 12 allegedly ina touched and made . Since she comments to a 16-year-old mfortable with KST 12, she broug a , and KST 12 allegedly made inappropriate comments to e er 16-year-old victim nor the friend reported the incidents en . to the local police at the time. As described in the last bullet, these allegations came to the USMS's attention _ , when during a local police department's investigation of ~on against KST 12 by a woman, who was 16 at the time of the assault, came forward as a witness. USMS documentation shared with us during this audit noted that the local police determined they did not have sufficient evidence to investigate these allegations. • (U//tE6) touching an criminal cha . No • (U//tES) touching a criminal cha aware e According to USMS documentation, __ 23 (UllhES) DIG did not interview the USMS employee because 30 REDACTED - FOR PUBLIC RELEASE U//LES//SSI (U//~) From a public safety standpoint, the failure of the USMS to notify OEO and have subsequent communication with local law enforcement about this individual after being made aware of the _ incident is concerning. An OEO official told us that the allegation was the first aile ation for KST 12 for which it had been EO was notified • . :;. . ' (UII.J::.EG) After the WITSEC Program for timeframe before receivin • . . . allegation, the USMS proposed termination from the on four separate occasions within a 9 month I from OEO to terminate 31 REDACTED - FOR PUBLIC RELEASE U//LES//SSI (U) Conclusion (Ujjke6) Since our May 2013 review, the FBI, USMS, and OEO have created policies and procedures to address known risks posed by KSTs admitted into the WITSEC ram. We found that some of these new olicies have been effective. (Uj/~) However, not all of these policies and procedures have proven sufficient to address the risks sought to be mitigated, nor has the implementation been as effective as originally anticipated. We identified weaknesses in the implementation of the policies and procedures created to im rove information sha amon national securi stakeholders. (U) Recommendations (U) We recommend that: 1. 32 REDACTED - FOR PUBLIC RELEASE U//LES//SSI 2. 3. 4. (U//tE6) i. ii. iii . iv. v. 5. 6. 7. 33 REDACTED - FOR PUBLIC RELEASE 3. 34 REDACTED - FOR PUBLIC RELEASE UIILES{{SSI (U) STATEMENT ON COMPLIANCE WITH LAWS AND REGULATIONS (U) As required by the Government Auditing Standards, we tested, as appropriate given our audit scope and objectives, selected transactions, records, procedures, and practices, to obtain a reasonable assurance that the USMS's, FBI's, and OEO's management complied with federal laws and regulations, for which noncompliance, in our judgment, could have a material effect on the results of our audit. The USMS's, FBI's, and OEO's, management is responsible for ensuring compliance with applicable federal laws and regulations. In planning our audit, we identified the following laws and regulations that concern the operations of the auditees and that were significant within the context of the audit objectives: • (U) Organized Crime Control Act of 1970, • (U) Comprehensive Crime Control Act of 1984, • (U) 28 C.F.R. § 0.85 (1969), • (U) Homeland Security Presidential Directive 6, and • (U) Executive Order 13388 on Further Strengthening the Sharing of Terrorism Information to Protect Americans. (U) Our audit included examining, on a test baSiS, the USMS's, FBI's, and OEO's compliance with the aforementioned laws and regulations that could have a material effect on the USMS's, FBI's, and OEO's operations. We did so by interviewing operational staff and supervisors, requesting and reviewing OEO, USMS, and FBI WITSEC and KST records, evaluating oversight procedures, and assessing relevant internal policies and practices. Nothing came to our attention that caused us to believe that the USMS, FBI, or OEO was not in compliance with the aforementioned laws and regulations. 35 REDACTED - FOR PUBLIC RELEASE U//LE&//&&I (U) STATEMENT ON INTERNAL CONTROLS (U) As required by the Government Auditing Standards, we tested as appropriate, internal controls significant within the context of our audit objectives. A deficiency in an internal control exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to timely prevent or detect: (1) impairments to the effectiveness and efficiency of operations, (2) misstatements in financial or performance information, or (3) violations of laws and regulations. Our evaluation of the USMS's, FBI's, and OEO's internal controls was not made for the purpose of providing assurance on its internal control structure as a whole. The USMS, FBI, and OEO are responsible for the establishment and maintenance of internal controls. (Ujj-bES) As noted in the Findings and Recommendations Section of this report, we identified deficiencies in the USMS's, FBI's, and OEO's, internal controls that are significant within the context of the audit objectives and based upon the audit work performed that we believe adversely affect the Department's ability to ensure that the handling of KSTs admitted into the WITSEC Program effectively address risks to the public. In performance audits, a deficiency in internal control exists when the design or operation of a control does not prevent or detect and correct noncompliance with provisions of laws or regulations on a timely basis. Our fieldwork suggested that the process of reviewing case files to identify further KSTs in the WITSEC P ram and the process of notifying FBI of KSTs_ constitute controls that were properly designed were Significant in this audit. In addition, the USMS's a management and oversight for tracking documentation provided to and received from individuals in the process of being admitted and while partiCipating in the WITSEC Program reflects poor internal controls. (U) Because we are not expressing an opinion on the USMS's, FBI's, and OEO's internal control structures as a whole, this statement is intended solely for the information and use of the Department. The restriction is not intended to limit the distribution of the report, which is a matter of public record. However, we are limiting the distribution of this report because it contains sensitive information that must be appropriately controlled. 24 24 (U) A redacted copy of this report with sensitive information removed will be made available publicly. 36 REDACTED - FOR PUBLIC RELEASE U//LES//SSI APPENDIX 1 (U) AUDIT OBJECTIVES, SCOPE, AND METHODOLOGY (U) Audit Objectives (U) The objectives of the audit were to evaluate the Department's: (1) handling of KSTs admitted to the WITSEC Program; (2) practices for watch­ listing and the processing of encounters with this group of WITSEC Program participants; and (3) procedures for mitigating risks to the public through restrictions placed on this high-risk group of Program participants. (U) Scope and Methodology (U) We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. (U//tES) Our audit scope is from May 2013, when we issued the interim report on this topic, through 2015. To accomplish our objectives, we performed fieldwork at agencies, within the Department, tasked with handling KSTs admitted to the WITSEC program. Specifically, we conducted interviews with officials and reviewed standard operating procedures at OEO and USMS headquarters, the NJTTF and TSC of the FBI, and the NCTC to determine whether these agencies adhered to established internal controls in managing risks posed by these WITSEC Program participants. A judgmental sampling design was applied to capture numerous records. This non­ aspects of the WITSEC case files, TSDB records, and _ statistical sample design does not allow projection of the test results to the population. (U//tE6) To evaluate the adequacy of the watchlisting policy for WITSEC enti KSTs, we reviewed _ records provided by the TSC each encounter with a WITSEC Pro ram rtici nt 37 REDACTED - FOR PUBLIC RELEASE UIILES//SSI (U//bE£.) To assess the im ementation of rotocols on handling this group of WITSEC Program participants , . e·udgmentally selected. _ and interviewed ava m e FBI and USMS_. Our judgmental selection was generally based on the istory of geographic movements of the" WITSEC KSTs that we reviewed for TSDB accuracy and completeness. (U) To evaluate the Department's efforts of identifying any other WITSEC Program participants who might be KSTs, we obtained case file review records maintained by the USMS, NJTTF, and OEO. We reviewed these records to determine how the USMS and OEO assessed and referred appropriate WITSEC Program participants to the NJTTF for consideration of watchlisting, as well as the NJTTF's decision on such referrals. We judgmentally selected 46 case files to review OEO's decision not to share the individual's information with the NJTTF. 38 REDACTED - FOR PUBLIC RELEASE UIILES//SSI APPENDIX 2 (U) RECOMMENDATIONS FROM THE MAY 2013 INTERIM REPORT ON THE DEPARTMENT OF JUSTICE'S HANDLING OF KNOWN OR SUSPECTED TERRORISTS ADMITTED INTO THE FEDERAL WITNESS SECURITY PROGRAM (U) In our May 2013 report, we recommended to the Office of the Deputy Attorney General that it: • (U) Evaluate current practices and formalize procedures for the enhanced sharing of identity information with DO] national security stakeholders for known or suspected terrorists in the WITSEC Program, in light of any legal structures. • (U) Ensure that OEO and the USMS compare the true names of all WITSEC Program participants and their dependants that have been admitted into the WITSEC Program against the consolidated terrorist watchlist. • • (U//-I::E6) Ensure that OEO authorizes the USMS to provide to the TSC the "",,,',,,,,..nment­ rovided identities of all known or su d terrorists, • • • (U) Ensure that OEO authorizes the USMS to disclose and that the USMS discloses to the FBI identification and other necessary information on known or suspected terrorists in the WITSEC Program. • (U) Ensure that the USMS and FBI coordinate to verify the current physical location of all known or suspected terrorists who have been admitted into the WITSEC Program. . 39 REDACTED - FOR PUBLIC RELEASE UIILES//SSI • • (U) Determine the appropriate inclusion of DO] national security stakeholders in decisions and processes for admitting and monitoring WITSEC Program participants who are considered to be known or suspected terrorists. • • • :..~ \ ~ . (U) Ensure that the USMS completes the development of protocols to require ~ USMS Inspectors to meet regularly with and maintain up-to-date information ~ on active WITSEC Program participants who are also known or suspected .. terrorists. , ;. • (U) Develop a mechanism for the FBI to review known or suspected terrorist WITSEC Program participant case files for information that demonstrates a potential nexus to terrorism. • (UI I~) Ensure that OEO authorizes the USMS to inform and ensure the USMS does inform the FBI whenever a known or suspected terrorist., voluntarily leaves the WITSEC Program, is relocated, or is removed from the WITSEC Program. 40 REDACTED - FOR PUBLIC RELEASE U//LES//SSI APPENDIX 3 (U) BACKGROUND ON THE WITSEC PROGRAM AND CONSOLIDATED TERRORIST WATCHLIST (U) WITSEC Program and Watchlist Background (U) The WITSEC Program was authorized by the Organized Crime Control Act of 1970 and amended by the Comprehensive Crime Control Act of 1984, Pub. L. No. 91-452 (1970), and Pub. L. No. 98-473 (1984), respectively. The WITSEC Program provides for the security, health, and safety of government witnesses who are at risk of harm as a result of their testimony against organized crime members, drug traffickers, terrorists, and other major criminals. The WITSEC Program is administered through three Department entities: (1) OEO oversees the WITSEC Program and authorizes witnesses into the WITSEC Program, (2) the USMS is responsible for the protection of active WITSEC Program participants who are not incarcerated, and (3) the Federal Bureau of Prisons (BOP) protects WITSEC Program participants while they are incarcerated in federal facilities. (U) The Organized Crime Control Act of 1970, amended by the Comprehensive Crime Control Act of 1984, (the Act) states that the Attorney General is authorized to provide for the relocation and protection of potential witnesses, and their family members, who are involved in an official proceeding concerning an organized crime activity or other serious offense. The Act also states that the Attorney General shall take actions to protect the health, safety, and welfare of WITSEC Program partiCipants, including their psychological well-being and social adjustment. Among other measures, the Act authorizes the Attorney General to: (1) provide suitable documents to enable the WITSEC Program participant to establish a new identity, (2) provide housing for the WITSEC Program participant, (3) provide to the WITSEC Program participant financial assistance to meet basic living expenses, (4) assist the WITSEC Program participant in obtaining employment, and (5) provide other services necessary to assist the WITSEC Program participant in becoming self-sustaining. 41 REDACTED - FOR PUBLIC RELEASE U//LESjjSSI autho (U//keS) The Attorney General has delegated to the Director of OEO the to decide who is admitted to the WITSEC Pro ram (U) The Act requires the Attorney General to enter into a Memorandum of Understanding (MOU) with individuals participating in the WITSEC Program. As described in the Act, individuals admitted into the WITSEC Program must agree to certain requirements that are incorporated in the MOU, including: (1) not committing any crime, (2) taking all necessary steps to avoid detection of their participation in the WITSEC Program, (3) regularly informing the USMS of their current address, and (4) not traveling without USMS approval. If an individual substantially breaches the terms of the MOU or provides false information to authorities concerning the circumstances under which the participant was provided protection, the Act authorizes the Attorney General to remove that individual from the WITSEC Program. As the Attorney General's designee, the Director of OEO makes this determination to remove an individual from the WITSEC Program after 26 (U//hES) 18 U.S.C. § 3521 authorizes the Attorney General to delegate the responsibility initially to authorize witness relocation and protection only to the Deputy Attorney General, Associate Attorney General, any Assistant Attorney General in charge of the Criminal Division or National Security Division of the Department of Justice, Assistant Attorney General in charge of the Civil Rights Division of the Department of Justice (insofar as the delegation relates to a criminal civil rights case), and to one other officer or employee of the Department of Justice. The most recent delegation of this authority was made to the Director of OEO on March 18, 2011. We were provided documentation that this delegation was made to OEO since at least 1984. 42 REDACTED - FOR PUBLIC RELEASE UIILES//SSI considering the severity of the breach along with the importance of the witness's testimony. • • • • (U) Terrorist Watchlist Nomination Process (U) According to the President's National Strategy for Counterterrorism issued in June 2011, the primary goal of the nation's counterterrorism efforts is to identify suspected terrorists and prevent them from harming U.S. citizens both at home and abroad. An essential element of these efforts is the maintenance of a consolidated terrorist watchlist that contains a complete and accurate record of the names and identifying information of KSTs. The Terrorist Screening Center (TSC), which is a multiagency entity managed by the FBI, is responsible for maintaining the government's consolidated watchlist of KSTs. (U) The Department's watchlist nomination process is centralized through the FBI, which is the sole agency in the Department responsible for nominating to the watch list the Department's information on KSTs. 28 The TSC shares watch list information with other agencies by exporting or sending data "downstream" to frontline screening databases, such as the Transportation Security 28 (U) The Deputy Attorney General informed " ... all components [of the Department of Justice] to provide the FBl with all domestic and international terrorism information or terrorist identifiers so that the FBI can make appropriate nominations to the consolidated terrorist watchlist." Deputy Attorney General, Department of Justice, memorandum for the heads of Department components, Department of Justice Protocol Regarding Terrorist Watch list Nominations, October 3, 2008. 43 REDACTED - FOR PUBLIC RELEASE U//LES//SSI Administration's (TSA) No Fly and Selectee Lists and Secure Flight Program; the Department of State's Consular Lookout and Support System passport and visa modules; the FBI's NCIC system's Known or Suspected Terrorist File; the U.S. Customs and Border Patrol's (CBP) Treasury Enforcement Communications System database; and select foreign governments. (U) The consolidated terrorist watchlist information is utilized by law enforcement, screening, and intelligence officials across the country and around the world. These agencies use the watchlist information to take appropriate action when encountering a KST, including prohibiting them from boarding a commercial aircraft if the individual is on the TSA's No Fly List or subjecting the individual to increased examination of questioning if crossing the border or when stopped by local law enforcement for a traffic violation. 29 (U) The consolidated terrorist watchlist should include the most current and complete information known to the government on KSTs. If the government has information about an individual who is a threat to national security, that individual's information should be included on the consolidated terrorist watchlist to ensure that the individual is appropriately handled by law enforcement, screening, and intelligence officials. Even a single omission of a KST from the watchlist could create an opportunity for an individual to evade detection and commit terrorist attacks. 29 (U) "Encounter" means local, state, tribal, or federal law enforcement and homeland security screeners have come across a KST during normal job duties (e.g. traffic stops, checking of airplane manifests, or evaluating an application for a U.S. passport or visa). 44 REDACTED - FOR PUBLIC RELEASE UIILES{{SSI APPENDIX 4 (U) PRIOR OIG REPORTS ISSUED ON THE WITSEC PROGRAM, THE WATCHLIST PROCESS, AND THE TERRORIST SCREENING CENTER (U) The Department of Justice, Office of the Inspector General has issued several reports over the years on the government's Witness Security Program, the Department's watchlist process, and the Terrorist Screening Center. Those reports are: 1. (U) U.S. Department of Justice Office of the Inspector General, Admission into the Department of Justice's Witness Security Program by the Criminal Division, Audit Report 93-24 (September 1993). 2. (U) U.S. Department of Justice Office of the Inspector General, United States Marshals Service's Responsibilities Under the Witness Security Program, Audit Report 94-7 (November 1993). 3. (U) U.S. Department of Justice Office of the Inspector General, The Federal Witness Security Program, Criminal Division, Audit Report 02-05 (January 2002). 4. (U) U.S. Department of Justice Office of the Inspector General, United States Marshals Service Administration of the Witness Security Program, Audit Report 05-10 (March 2005). 5. (U) U.S. Department of Justice Office of the Inspector General, Review of the Terrorist Screening Center, Audit Report 05-27 (June 2005). 6. (U) U.S. Department of Justice Office of the Inspector General, Review of the Terrorist Screening Center's Efforts to Support the Secure Flight Program, Audit Report 05-34 (August 2005). 7. (U) U.S. Department of Justice Office of the Inspector General, Follow-up Audit of the Terrorist Screening Center, Audit Report 07-41 (September 2007). 8. (U) U.S. Department of Justice Office of the Inspector General, Audit of the Department of Justice Terrorist Watchlist Nomination Processes, Audit Report 08-16 (March 2008). 9. (U) U.S. Department of Justice Office of the Inspector General, The Federal Bureau of Prisons Witness Security Program, Audit Report 09-01 (October 2008). 45 REDACTED - FOR PUBLIC RELEASE U//LES//SSI 10. (U) U.S. Department of Justice Office of the Inspector General, The Federal Bureau of Investigation's Terrorist Watchlist Nomination Practices, Audit Report 09-25 (May 2009). 11. (U) U.S. Department of Justice Office of the Inspector General, The Department of Justice's Handling of Known or Suspected Terrorists Admitted into the Federal Witness Security Program, Audit Report 13-23 (May 2013). 12. (U) U.S. Department of Justice Office of the Inspector General, The Federal Bureau of Investigation's Management of Terrorist Watchlist Nominations, Audit Report 14-16 (March 2014). 13. (U) U.S. Department of Justice Office of the Inspector General, Review of Termination and Appeals Notice to Witness Security Inmate Participants, Evaluation and Inspections Report 1-2014-005 (August 2014). 14. (U) U.S. Department of Justice Office of the Inspector General, The Department of Justice's Handling of Sex Offenders in the Federal Witness Security Program, Audit Report 15-10 (March 2015). 46 REDACTED - FOR PUBLIC RELEASE APPENDIX 5 THE DEPARTMENT OF JUSTICE'S RESPONSE TO THE DRAFT REPORT u.s. Department of Justice Office of the Deputy Attorney General Office ofthe Deputy Attorney General Washington, D.C. 20530 May 5, 2017 U/ILBS LIMITBD OFFICIAL USB ONLY MEMORANDUM To: Michael E. Horowitz Inspector General U.S. Department of Justice Through: Jason R. Malmstrom Assistant Inspector General for Audit From: Armando O. Bonilla Senior Counsel to the Deputy Attorney General SUbject: Response to Draft Audit Report entitled Department ofJustice's Handling of Known or Suspected Terrorists Admitted into the Federal Witness Security Program (April 21, 2017) (U) The Department appreciates the opportunity to respond to the Office of the Inspector General's draft audit report entitled Department ofJustice's Handling ofKnown or Suspected Terrorists Admitted into the Federal Witness Security Program (DIG Audit Report). The collaborative audit process has prompted significant improvements in the Federal Witness Security Program (WitSec Program or Program). (U) Created by Congress over 40 years ago as part of the Organized Crime Control Act of 1970 to combat organized crime syndicates, the Program has played a crucial role in the protection of witnesses to violent crime, and has enabled federal investigators and prosecutors to bring to justice some of the world's most dangerous criminals. See Pub. L. No. 91-452, §§ 501-04, 84 Stat. 922, 933-34 (1970) (current version codified at 18 U.S.C. §§ 3521-28). The Program successfully has protected an estimated 18,300 participants - including innocent victim-witnesses and cooperating defendants and their dependents - from intimidation and retribution. This vital and effective prosecution tool allows the government to protect witnesses whose assistance is necessary as part of criminal investigations and whose testimony is critical to securing convictions in United States courts of law, military tribunals, and foreign prosecutions. U/ILBS LIl\UTBD OFFICIAL USB ONLY 47 REDACTED - FOR PUBLIC RELEASE U/ILES LIl\HTED OFFICIAL USE ONLY (U) Over the last 20 plus years, as the government has devoted significant resources to the prosecution of terrorism cases, the WitSec Program necessarily has included a small number of former known or suspected terrorists and their family members, as well as innocent victims and eyewitnesses. These witnesses have provided invaluable assistance to the United States and foreign governments in identifying and dismantling terrorist organizations and in disrupting terror plots. Among other investigations and prosecutions, Program participants have provided essential cooperation and testimony regarding the 1993 World Trade Center bombing and Blind Sheik prosecutions, the 1995 bombing of the Alfred P. Murrah Federal Building in Oklahoma City, the 1998 East Africa Embassy bombings, the 2000 Millennium terror plot, the 2007 plot to bomb the John F. Kennedy International Airport, and the 2009 New York City subway suicide-bomb plot. As these cases show, the WitSec Program has been a key law enforcement tool in securing cooperation from those witnesses who are necessary to the successful prosecution of cases that are integral to the government's counter-terrorism mission and to the security of the United States. (U) The Department has considered the eight recornmendations reflected in the draft OIG Report. As detailed below, the Department concurs with all eight recommendations and has made continued progress in implementing the policies and procedures necessary to warrant closure. At this time, the Department requests that the OIG close Recommendation Nos. 3-6, and 8. We will continue to provide updates on our progress on the remaining resolved recommendations. (U/I,HS) The Department concurs with this recommendation. The FBI concurs with DIG's assessment that documentation of these investigations was insufficient. 2 U/ILES LIl\HTED OFFICIAL USE ONLY 48 REDACTED - FOR PUBLIC RELEASE U/ILES LIl\UTED OFFICIAL USE ONLY (U/±:H8) The Department concurs with this recommendation. the Department recommends that this recommendation be closed. 4. (U/±:H8) Th~concurs with this recommendation. On Assistant Director _ issued a adherence to the above-referenced recomLllle:na:ancms, to all Division 3 U/ILES LIMITED OFFICIAL USE ONLY 49 REDACTED - FOR PUBLIC RELEASE U/ILES LIl\4ITED OFFICIAL USE ONLY (UA:,H8) A copy of the has been provided to the OIG Audit Team this response. Accordingly, the Department requests that this recommendation be closed. 5. 4 U/ILES LIl\4ITED OFFICIAl:. USE ONLY 50 REDACTED - FOR PUBLIC RELEASE U/ILES LIMITED OFFICIAL USE ONLY CU) Accordingly, the Department requests that this recommendation be closed. 6. (Uf1::,H8.) See response to Recommendation 5. I"'...."'..h ..... ""ni­ concurs with this recommendation. The FBI has located all authorized with 5 U/ILES LIl\41TED OFFICIAL USE ONLY 51 REDACTED - FOR PUBLIC RELEASE U//LI5S LI~nTI5D OFFICIAL USI5 ONLY (U) Accordingly, the Department requests that this recommendation be closed. I (U1f,H8) This recommendation appears to be derived from the termination ofKST 12. As noted in the OIG Audit Report, the USMS proposed termination of this witness on four separate occasions within a nine-month period, but the Director of the Program did not terminate KST 12 until it was evident that the witness had engaged in conduct that established a substantial breach of the MOU. See J.s. v. T'Kach, 714 F.3d 99 at 108 (2d Cir. 2013) (recognizing that Congress explicitly required the Director of the Program to "find a substantial breach of the participant's MOU [and . notice to the involved of the termination and the reasons for 6 U//LI5S LI~nTI5D OFFICIAl:. USI5 ONLY 52 REDACTED - FOR PUBLIC RELEASE APPENDIX 6 UIILES{{SSI (U) OFFICE OF THE INSPECTOR GENERAL ANALYSIS AND SUMMARY OF ACTIONS NECESSARY TO CLOSE THE REPORT (U) The OIG provided a draft of this audit report to the Department. The Department's response is incorporated in Appendix 5 of this final report. The following provides the OIG analysis of the Department's response and summary of actions necessary to close the report. Recommendations for the Department: 1. Resolved. The Department concurred with our recommendation. In its res nse the D artment stated (U) This recommendation can be closed when we receive documentation that th e 2. (U) Resolved. The Department concurred with our recommendation. In its the De rtment stated th 53 REDACTED - FOR PUBLIC RELEASE U//LES//SSI This recommendation can be closed when we receive evidence from _ 3. artment concurred with our recommendation. This recommendation can be closed when we receive evidence that 4. (U//YS) (U) Resolved. The Department concurred with our recommendation. In its a USMS Assistant response, the Department stated that on to all Div on personnel directing adherence Director issued a _ to this recommen~epartment provided to us a copy of the 54 REDACTED - FOR PUBLIC RELEASE U//LES//SSI s. (U)Resolved. The Department concurred with our recommendation. In its , the De rtment stated that 55 REDACTED - FOR PUBLIC RELEASE U//LESjjSSI (U)This recommendation can be closed when we receive evidence that t h e _ (U) Resolved. The Department concurred with our recommendation and in respose to this recommendation referred to its response for Recommendation 5. the D rtment refers to the ",,,,,,,,,."r, the (U)As a result, this recommendation can be closed when the des evidence that the 56 REDACTED - FOR PUBLIC RELEASE ...,<:;ILI(;,I' U//LES//SSI 7. (U)This recommendation can be closed when we receive evidence from the De artment that all KSTs have been located and the corresponding have been notified o f _ (U Resolved. The De artment concurred with our recommendation. 57 REDACTED - FOR PUBLIC RELEASE (U)Nevertheless, during the audit we reviewed As a result, this recommen ation may be closed when the Department provides evidence that 58 REDACTED - FOR PUBLIC RELEASE The Department of Justice Office of the Inspector General (DOJ OIG) is a statutorily created independent entity whose mission is to detect and deter waste, fraud, abuse, and misconduct in the Department of Justice, and to promote economy and efficiency in the Department's operations. Information may be reported to the DOJ OIG's hotline at www.justice.gov/oig/hotline or (800) 869-4499. Office of the Inspector General U.S. Department of Justice www.justice.gov/oig REDACTED - FOR PUBLIC RELEASE