> t E&KZ D Ed SENSITIVE &%3 V 6HDUFKHV RI (OHFWURQLF 'HYLFHV DW 3RUWV RI (QWU\ - Redacted /$: (1)25&(0(17 6(16,7,9( :$51,1* 7KH LQIRUPDWLRQ LQ WKLV GRFXPHQW PDUNHG /(6 LV WKH SURSHUW\ RI WKH 'HSDUWPHQW RI +RPHODQG 6HFXULW\ DQG PD\ EH GLVWULEXWHG ZLWKLQ WKH )HGHUDO *RYHUQPHQW DQG LWV FRQWUDFWRUV WR ODZ HQIRUFHPHQW SXEOLF VDIHW\ DQG SURWHFWLRQ DQG LQWHOOLJHQFH RIILFLDOV DQG LQGLYLGXDOV ZLWK D QHHG WR NQRZ 'LVWULEXWLRQ WR RWKHU HQWLWLHV ZLWKRXW SULRU 'HSDUWPHQW RI +RPHODQG 6HFXULW\ DXWKRUL]DWLRQ LV SURKLELWHG 3UHFDXWLRQV VKDOO EH WDNHQ WR HQVXUH WKLV LQIRUPDWLRQ LV VWRUHG DQG GHVWUR\HG LQ D PDQQHU WKDW SUHFOXGHV XQDXWKRUL]HG DFFHVV ,QIRUPDWLRQ EHDULQJ WKH /(6 PDUNLQJ PD\ QRW EH XVHG LQ OHJDO SURFHHGLQJV ZLWKRXW SULRU DXWKRUL]DWLRQ IURP WKH RULJLQDWRU 5HFLSLHQWV DUH SURKLELWHG IURP SRVWLQJ LQIRUPDWLRQ PDUNHG /(6 RQ D ZHEVLWH RU XQFODVVLILHG QHWZRUN > t E&KZ D Ed SENSITIVE 'HFHPEHU 2,* LAW ENFORCEMENT SENSITIVE DHS OIG HIGHLIGHTS CBP’s Searches of Electronic Devices At Ports of Entry What We Found December 3, 2018 Why We Did This Audit The Trade Facilitation and Trade Enforcement Act of 2015 (TFTEA) requires U.S. Customs and Border Protection (CBP) to establish standard operating procedures (SOP) for searching, reviewing, retaining, and sharing information in communication, electronic, or digital devices at U.S. ports of entry. The TFTEA also requires the DHS Office of Inspector General to conduct three annual audits to determine to what extent CBP conducted searches of electronic devices in accordance with the SOPs. What We Recommend We made five recommendations to improve CBP’s oversight of searches of electronic devices at ports of entry. For Further Information: Contact our Office of Public Affairs at (202) 981-6000, or email us at Between April 2016 and July 2017, CBP’s Office of Field Operations (OFO) did not always conduct searches of electronic devices at U.S. ports of entry according to its SOPs. Specifically, because of inadequate supervision to ensure OFO officers properly documented searches, OFO cannot maintain accurate quantitative data or identify and address performance problems related to these searches. In addition, OFO officers did not consistently disconnect electronic devices, specifically cell phones, from the network before searching them because headquarters provided inconsistent guidance to the ports of entry on disabling data connections on electronic devices. OFO also did not adequately manage technology to effectively support search operations and ensure the security of data. Finally, OFO has not yet developed performance measures to evaluate the effectiveness of a pilot program, begun in 2007, to conduct advanced searches, including copying electronic data from searched devices to law enforcement databases. These deficiencies in supervision, guidance, and equipment management, combined with a lack of performance measures, limit OFO’s ability to detect and deter illegal activities related to terrorism; national security; human, drug, and bulk cash smuggling; and child pornography. CBP’s Response CBP concurred with our recommendations. We have included a copy of CBP’s response to our draft report at appendix A. DHS-OIG.OfficePublicAffairs@oig.dhs.gov www.oig.dhs.gov OIG-19-10 LAW ENFORCEMENT SENSITIVE LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security Washington, DC 20528 / www.oig.dhs.gov December 3, 2018 MEMORANDUM FOR: Todd Owen Executive Assistant Commissioner Office of Field Operations U.S. Customs and Border Protection FROM: Sondra F. McCauley Assistant Inspector General for Audits SUBJECT: CBP’s Searches of Electronic Devices at Ports of Entry Attached for your action is our final report, CBP’s Searches of Electronic Devices at Ports of Entry. We incorporated the formal comments provided by your office. The report contains five recommendations aimed at improving the overall effectiveness of CBP’s oversight of searches of electronic devices at ports of entry. Your office concurred with all five recommendations. Based on information provided in your response to the draft report, we consider the five recommendations resolved and open. Once your office has fully implemented the recommendations, please submit a formal closeout letter to us within 30 days so that we may close the recommendations. The memorandum should be accompanied by evidence showing completion of the agreed-upon corrective actions. Please send your response or closure request to OIGAuditsFollowup@oig.dhs.gov. Consistent with our responsibility under the Inspector General Act, we will provide copies of our report to congressional committees with oversight and appropriation responsibility over the Department of Homeland Security. We will post a redacted version of the report on our website. Please call me with any questions, or your staff may contact Donald Bumgardner, Deputy Assistant Inspector General for Audits, at (202) 981-6000. LAW ENFORCEMENT SENSITIVE LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security Background U.S. Customs and Border Protection (CBP) exercises law enforcement authority when securing the Nation’s borders and 328 ports of entry. Electronic devices, such as computers, thumb drives, and mobile phones, are subject to search at U.S. ports of entry to ensure the enforcement of immigration, customs, and other Federal laws. CBP processed more than 787 million travelers upon arrival at U.S. ports of entry in fiscal years 2016 and 2017, and searched approximately 47,400 electronic devices. In fiscal year 2016, CBP processed more than 390 million travelers arriving at U.S. ports of entry and searched the electronic devices of an estimated 18,400 of those inbound travelers (.005 percent). In FY 2017, CBP processed more than 397 million travelers and searched the electronic devices belonging to more than 29,000 of those inbound travelers (.007 percent). CBP’s Office of Field Operations (OFO) is responsible for determining the admissibility of travelers at U.S. ports of entry. OFO officers conduct primary inspections of all travelers arriving at ports of entry. During a primary inspection, OFO officers review travelers’ passports and other documents to decide whether to admit travelers to the United States or refer them for secondary inspection. During secondary inspection, an OFO officer may search a traveler’s electronic device to determine admissibility and identify any violation of laws. For instance, in March 2018, during a search of a traveler’s electronic device, officers found images and videos of terrorist-related materials. In another incident, officers found graphic and violent videos, including child pornography. CBP denied both travelers entry into the United States. A secondary inspection may involve a basic (manual) search, an advanced search, or both. The officer can make a referral for a manual search because of inconsistencies in response, behavioral analysis, or intelligence analysis. A manual search involves the OFO officer manually reviewing the information on a traveler’s electronic device. An advanced search, which OFO started as a pilot program in 2007, involves a specially trained officer connecting external equipment to the traveler’s device to copy information. The officer uploads the copied information to CBP’s Automated Targeting System (ATS) to be further analyzed against existing ATS information. CBP personnel provide real-time feedback to the OFO officer of any identified derogatory information. www.oig.dhs.gov 2 LAW ENFORCEMENT SENSITIVE OIG-19-10 LA\\' ENFORCEMENT SENSITn'E OFFICE OF INSPECTOR GENERAL Department of Homeland Security After a secondary inspection, C BP personnel analyze t h e copied information in ATS and other information provided by partner agen cies to link unlawful activities related to counterterrorism, narcotics, illicit trade, human smuggling, and special interest aliens.1 ATS is u dated as a ro riate based on CBP's anal sis. Figure 1. Comparison of Basic Manual and Advanced Searches BASIC (MANUAL) SEARCH ADVANCED SEARCH ) 1,0 ,... WO Office of Field Op eration (OFO) officers may perform a basic search with or without suspicion based upon behavioral analysis, inconsistencies in response, and intetGgence analysis. O FO officers visually inspect in forma tion stored on device to fu rther adjudicate efforts in determining admissibility or identifying violation of laws. The device is: • returned to the traveler; • detained for subject marter or technical assistance; or • seized due t o violation of law. ~ OFO office rs use external equipment w create a copy of the information and upload the copy to the Automated Targeting System, CBP reviews uploaded information The copied information is either destroyed or retained and the device Is: • returned to the traveler; • detained for subject matter or technical assistance; or • seized due to violation of law. Not AppUcabl e Source: DHS Office of Inspector General (OIG) based on CBP information The Trade Facilitation and Trade Enforcement Act of 2015, Pub. L. No. 114-125 (TFTEA), enacted on February 24, 2016, requires CBP to establish standard operating procedures (SOP) for searching, reviewing, retaining, and sharing information contained in communication, electronic, or digital devices encountered at U.S. ports of entry. CBP must review and update these SOPs every 3 years .2 CBP has issued a series of memorandums and SOPs to govern searches of e lectronic devices at ports of entry. According to CBP's SOPs, all searches of e lectronic devices require supervisory notification. In addition, according to an 1 Special interest aliens are aliens from special interest countries, which are generally defined as countries that are of concern to the national security of the United States, based on several U.S. Government reports. 2 TFTEA, § 802(a) (codified as 6 United States Code (USC) 21 l(k)(l)(A)). www.oig.dhs.gov 3 OIG-19-10 LAW ENFORCEMENT SENSITIVE LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security April 2015 memorandum, an OFO officer may only conduct an advanced search if the traveler CBP uses the TECS3 module called Inspection Operations of Electronic Media, also known as an electronic media report (EMR), to document the border searches of electronic devices. The EMR provides information of the search, such as the device details, type of search performed on the device, and the officer’s remarks of the inspection. In instances in which CBP detains or seizes an electronic device, CBP documents such incidents on CBP forms 6051D4 and 6051S,5 respectively, to demonstrate CBP’s chain of custody. The TFTEA also requires DHS OIG to conduct audits to determine whether CBP is searching electronic devices in conformity with its SOPs and to compile and report the following information: x x x x x a description of the activities of CBP officers and agents with respect to such searches; the number of such searches; the number of instances in which information contained in such devices that were subjected to such searches was retained, copied, shared, or entered in an electronic database; the number of such devices detained as the result of such searches; and the number of instances in which information collected from such devices was subjected to such searches and transmitted to another Federal agency, including whether such transmissions resulted in a prosecution or conviction.6 In this report, we present the results of our audit to determine whether CBP conducted searches of electronic devices in accordance with SOPs. Appendix B contains other information we are required to report under the TFTEA. TECS is not an abbreviation. It is the official name of the system. Detention Notice and Custody Receipt for Detained Property (CBP Form 6051D). 5 Custody Receipt for Seized Property and Evidence (CBP Form 6051S). 6 TFTEA, § 802(a) (codified as 6 USC 211(k)(5)). www.oig.dhs.gov 4 3 4 LAW ENFORCEMENT SENSITIVE OIG-19-10 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security Results of Audit During our review of a sample of border searches of electronic devices conducted between April 2016 and July 2017, we determined that OFO did not always conduct the searches at U.S. ports of entry according to its SOPs. Specifically, because of inadequate supervision to ensure OFO officers properly documented searches, OFO cannot maintain accurate quantitative data or identify and address performance problems related to these searches. In addition, OFO officers did not consistently disconnect electronic devices, specifically cell phones, from networks before searching them because headquarters provided inconsistent guidance to the ports of entry on disabling data connections on electronic devices. OFO also did not adequately manage technology to effectively support search operations and ensure the security of data. Finally, OFO has not yet developed performance measures to evaluate the effectiveness of a pilot program, begun in 2007, to conduct advanced searches, including copying electronic data from searched devices to law enforcement databases. These deficiencies in supervision, guidance, and equipment management, combined with a lack of performance measures, limit OFO’s ability to detect and deter illegal activities related to terrorism; national security; human, drug, and bulk cash smuggling; and child pornography. Searches of Electronic Devices Not Always Properly Documented OFO officers did not always properly document actions and complete the required chain of custody forms when conducting searches of electronic devices. This occurred because supervisors did not always adequately review documentation to ensure officers properly documented searches at the ports of entry. CBP Directive 3340-049, Border Search of Electronic Devices Containing Information, dated August 20, 2009, was in effect at the time of our review. According to the directive, CBP officers are responsible for completing all applicable documentation in the appropriate CBP systems of record when conducting electronic searches. Reports are to be created and updated in an accurate, thorough, and timely manner. Reports must include all information related to the search through the final disposition, including supervisory approvals and extensions when appropriate. In addition, the duty supervisor is to ensure the officer completes a thorough inspection and that all notification, documentation, and reporting requirements are accomplished. www.oig.dhs.gov 5 LAW ENFORCEMENT SENSITIVE OIG-19-10 LA\\' ENFORCEMENT SENSITn'E OFFICE OF INSPECTOR GENERAL Department of Homeland Security We reviewed 194 EMRs and identified 130 (67 percent) that featured one or more problems, which totaled 147 overall. See table 1. . Md. . CBP Elect ron1c Table 1 : Pr0 blems Ident•fi 11ed ID e 1a Report s Insufficient or Inaccurate Information Number of EMRs Vague narrative describing border search 62 Inaccurate notes or action details 31 No witnessing supervisor documented 29 Detention and Seizure Chain of Custody Forms Missing information on Forms 6051D & 6051S 7 Late Supervisory Review Review more than 7 days from incident 18 Source: OIG analysis of EMRs from CBP Without accurate and complete documentation of border searches of electronic devices, OFO cannot maintain reliable quantitative data, identify and address performance problems, and minimize the risk of electronic devices becoming lost or misplaced. Data Connections Not Consistently Disabled Prior to Searching Electronic Devices A border search of an electronic device conducted by an OFO officer should include an examination of only the information that is physically on the device, not information stored on a remote server. To avoid retrieving or accessing information stored remotely, officers should either request that the traveler disable connectivity to any network (e.g., by placing the device in airplane mode) or, in instances warranted by national security, law enforcement, officer safety, or other operational considerations, officers will disable network connectivity. However, OFO officers did not consistently disconnect electronic devices, specifically cell phones, from the network before searching them. This occurred because headquarters provided inconsistent guidance to the ports of entry on disabling electronic devices' data connections. Specifically, in April 2017, OFO issued a memo7 that claimed to reaffirm its existing policy and protocol for disconnecting electronic devices from internet access (i.e., disabling network connections) before a search.a Unless each device's network connection is disabled, OFO could potentially retrieve information from external sources, leaving the results of the border search questionable. However, Directive 3340-049, the policy at the time, did not require disabling data connections prior to conducting a search. Of the 194 EMRs we reviewed, 154 were completed prior to the issuance of the April 2017 7 Border Search ofElectronic Devices Containing Infonnation, dat ed April 13, 2017. a Disabling data connections ensures that electronic devices are limited to the data on them. www.oig.dhs.gov 6 OIG-19-10 LAW ENFORCEMENT SENSITIVE LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security memo. None of the 154 contained evidence that data connections were disabled on electronic devices searched. In addition, the April 2017 memo required OFO officers to document in the EMR whether cellular and data connections were disabled prior to conducting a search and further required supervisors to confirm connections were disabled in a statement in the EMR before approving it. Despite these requirements, OFO supervisors did not provide adequate oversight to ensure officers disabled data connections on electronic devices prior to searching them, nor did the supervisors properly review EMRs. We reviewed 40 EMRs completed after the issuance of the April 2017 memo. Even though OFO supervisors reviewed and approved EMRs, more than one-third of the EMRs (14 of 40) lacked a statement confirming that the electronic device’s data connection had been disabled. Since we began the audit, CBP has taken action to improve in this area. In October 2017, CBP completed system enhancements to their EMRs in TECS. Those enhancements include a mandatory data field to allow officers to select, rather than compose, a statement to confirm disabling a device data connection. Additionally, on January 4, 2018, CBP issued Directive 3340049A, Border Search of Electronic Devices, which supersedes Directive 3340049. Unlike the superseded directive, the newly issued directive expressly states, “Officers will either request that the traveler disable connectivity to any network (e.g., by placing the device in airplane mode); or, where warranted by national security, law enforcement, officer safety, or other operational considerations, officers will themselves disable network connectivity.” External Equipment and Data for Border Searches Not Well Managed According to the Government Accountability Office’s (GAO) Standards for Internal Control in the Federal Government, Sections 10.03 and 12.01, management is responsible for establishing physical control to secure and safeguard vulnerable assets and implement control activities through policies. However, OFO is not managing the external equipment used to conduct advanced border searches of electronic devices well. Specifically, OFO did not renew software licensing agreements for external equipment expeditiously and maintained information copied on thumb drives that should have been deleted. www.oig.dhs.gov 7 LAW ENFORCEMENT SENSITIVE OIG-19-10 LA\\' ENFORCEMENT SENSITn'E OFFICE OF INSPECTOR GENERAL Department of Homeland Security OFO Did Not Renew Software Licensing of External Equipment Expeditiously OFO purchased the tool, which is a computer triage tool that enables examination of laptop Softw are licen s ing hard drives, USB9 drives, and multimedia cards, a gree m e n ts w er e not in ohibit importation of illegal materials. The effect from Fe bruary 1, tool requires an annual license renewal that • 2 01 7 , throu gh Septe mber encompasses a warranty, support, maintenance, 12, 2017 . and software upgrades to maximize security effectiveness. We reviewed software licensing agreements of t he tool from 2016 and 2017 and found a licensing lapse. Because OFO headquarters did not renew the software licensing of the ­ tool expeditiously, licensing agreements were only in effect from January 20, 2016, through January 31, 2017; and from September 13, 2017, through September 12, 2018. According to an OFO official, there is no dedicated funding for external equipment such as t he tool because it is part of the advanced searches of electronic devices pilot program. According to the same official, due to the lack of dedicated funding and the combination of budgetary issues and other funding priorities, the initial vendor estimate he received for the purchase expired. Therefore, he had to obtain another vendor estimate, which caused a delay in promptly submitting the license renewal documentation. Without a valid software license, OFO officers could not conduct advanced searches of laptop hard drives , USB drives, and multimedia cards at the ports of entry. This deficiency limited OFO's ability to obtain evidence of criminal activity and to detect and deter illegal activities, such as child pornography. Additionally, it hinders OFO's ability to mitigate the risk of criminals entering the United States with unexamined national security or law enforcement­ related information on their laptops. OFO Does Not Always Delete Travelers' Information Copied during Advanced Searches During advanced searches, OFO officers connect external equipment to e lectronic devices and copy information onto a thumb drive; the copied information is uploaded via the thumb drive to the CBP's ATS for further analysis. According t o two OFO training officials, once an OFO officer completes an ATS u pload, he or she should immediately delete all copied information from the thumb drive, but OFO could not provide written policy or procedures related to the training officials' oral requirement. 9 Universal Serial Bus is a common interface that enables communication between devices and a host controller such as a personal computer. www.oig.dhs.gov 8 OIG-19-10 LAW ENFORCEMENT SENSITIVE LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security We physically inspected thumb drives at five ports of entry. At three of the five ports, we found thumb drives that contained information copied from past advanced searches, meaning the information had not been deleted after the searches were completed. Based on our physical inspection, as well as the lack of a written policy, it appears OFO has not universally implemented the requirement to delete copied information, increasing the risk of unauthorized disclosure of travelers’ data should thumb drives be lost or stolen. OFO Has Not Developed Performance Measures for the Advanced Searches of Electronic Devices Pilot Program According to GAO’s Standards for Internal Control in the Federal Government, management should establish activities to monitor performance measures and indicators. These may include comparisons and assessments relating different sets of data to one another so that analyses of the relationships can be made and appropriate actions taken. OFO has not developed performance measures to assess the effectiveness of its advanced searches of electronic devices pilot program. In 2007, four ports of entry used external equipment for OFO’s advanced searches of electronic devices pilot program; OFO has now expanded the pilot to 67 ports of entry. Although OFO maintains quantitative data on the number and location of advanced searches, it has not developed performance measures. One area to measure is the number of instances in which information collected from searches resulted in a prosecution or conviction, but according to OFO, it does not track this information. Without performance measures, OFO cannot evaluate the effectiveness of the pilot program. OFO will not be able to determine whether the advanced searches are achieving their intended purpose or whether the use of advanced searches should be expanded to other ports of entry. Conclusion In FY 2017, CBP searched electronic devices belonging to more than 29,000 inbound travelers. Given the number of searches, it is important that OFO ensure the searches are properly documented and that OFO officers conducting the searches are adequately overseen. Properly managing the equipment used to conduct advanced searches is also critical to make certain officers are not limited in their ability to detect and deter illegal activities. As the world of information technology evolves, techniques used by OFO must also evolve to identify, investigate, and prosecute individuals who use new technologies to commit crimes. Finally, to demonstrate OFO is meeting its security mission, developing performance measures will be essential to assess the effectiveness of OFO’s pilot program of advanced searches, which has been www.oig.dhs.gov 9 LAW ENFORCEMENT SENSITIVE OIG-19-10 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security in place for 10 years. Recommendations Recommendation 1: We recommend the Executive Assistant Commissioner for the Office of Field Operations ensure its officers properly document their actions when conducting searches of electronic devices, and supervisors provide adequate and prompt review of electronic media reports and related information. Recommendation 2: We recommend the Executive Assistant Commissioner for the Office of Field Operations ensure supervisors oversee the disabling of data connections prior to conducting searches of electronic devices. Recommendation 3: We recommend the Executive Assistant Commissioner for the Office of Field Operations ensure all equipment used during advanced searches is accounted for and all software licenses are renewed expeditiously. Recommendation 4: We recommend the Executive Assistant Commissioner for the Office of Field Operations ensure that travelers’ copied information is immediately deleted from thumb drives after successful upload to the Automated Targeting System. Recommendation 5: We recommend the Executive Assistant Commissioner of the Office of Field Operations: a) Develop and implement performance measures for the advanced searches of electronic devices pilot program. b) Evaluate the effectiveness of the pilot program to determine whether the advanced searches are achieving the program’s intended purpose. c) Work with the Commissioner of U.S. Customs and Border Protection to evaluate the performance of Office of Field Operations in the advanced searches of electronic devices pilot program and, based on the results of such evaluation, decide whether to discontinue or establish it as a permanent program of record. www.oig.dhs.gov 10 LAW ENFORCEMENT SENSITIVE OIG-19-10 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security Management Comments and OIG Analysis CBP concurred with the recommendations. Appendix A contains a copy of CBP’s management comments in their entirety. We also received technical comments and incorporated them in the report where appropriate. We consider the five recommendations to be resolved and open. A summary of CBP’s responses and our analysis follows. CBP Response to Recommendation 1: CBP concurred with the recommendation. OFO Tactical Operations Division’s (TOD) National Program Managers will provide oversight of EMRs on a monthly basis. TOD is developing a process to conduct annual Field Office reviews at the ports of entry. TOD will work with OFO’s Planning, Program Analysis and Evaluation (PPAE) Directorate to enhance and update the current self-inspection worksheet to ensure the worksheet addresses proper documentation of officer actions when conducting searches of electronic devices. CBP estimates these actions will be completed by June 30, 2019. OIG Analysis: We consider these actions responsive to the recommendation, which is resolved and open. We will close this recommendation when we receive documentation showing that CBP has begun providing oversight of EMRs on a monthly basis and developed a process for annual reviews at the ports of entry, as well as incorporated use of the self-inspection worksheet. CBP Response to Recommendation 2: CBP concurred with the recommendation. OFO is developing a process to conduct annual Field Office reviews that will observe operations and procedures in place to ensure that supervisors oversee the disabling of data connections prior to conducting a search of an electronic device. TOD will also work with OFO PPAE to enhance and update the current self-inspection worksheet to ensure the worksheet addresses proper documentation of officer actions when conducting searches of electronic devices, as well as adequate and prompt supervisory reviews. CBP estimates these actions will be completed by June 30, 2019. OIG Analysis: We consider these actions responsive to the recommendation, which is resolved and open. We will close this recommendation when we receive documentation showing that CBP has developed a process for annual Field Office reviews to oversee disabling data connections and incorporated the self-inspection worksheet. CBP Response to Recommendation 3: CBP concurred with the recommendation. OFO is developing a process to conduct annual Field Office reviews at ports of entry. The TOD National Program Managers will observe operations and procedures in place to ensure that software licenses are www.oig.dhs.gov 11 LAW ENFORCEMENT SENSITIVE OIG-19-10 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security promptly renewed annually. CBP estimates these actions will be completed by June 30, 2019. OIG Analysis: We consider these actions responsive to the recommendation, which is resolved and open. We will close this recommendation when we receive documentation showing that CBP has developed a process to conduct annual Field Office reviews to ensure that software licenses are renewed annually. CBP Response to Recommendation 4: CBP concurred with the recommendation. The TOD National Program Managers will observe operations and procedures that ensure supervisors oversee travelers’ copied information is immediately deleted from the thumb drives after successful uploads to the ATS. OFO is developing a process to conduct annual Field Office reviews at ports of entry. TOD will work with OFO PPAE to enhance and update the current selfinspection worksheet. CBP estimates these actions will be completed by June 30, 2019. OIG Analysis: We consider these actions responsive to the recommendation, which is resolved and open. We will close this recommendation when we receive documentation showing that CBP has developed a process to conduct annual Field Office reviews to ensure that travelers’ copied information is deleted from the thumb drives. CBP Response to Recommendation 5: CBP concurred with the recommendation. CBP OFO will develop performance measures based on positive enforcement actions resulting from an advanced search. The performance measures will be evaluated by positive results achieved to determine if goals are being accomplished. CBP will evaluate the effectiveness of the pilot program to determine whether the advanced searches are achieving the program’s intended purpose. CBP will finalize the transformation of the program to a national program of record. CBP estimates these actions will be completed by January 31, 2019. OIG Analysis: We consider these actions responsive to the recommendation, which is resolved and open. We will close this recommendation when we receive documentation showing that CBP has developed performance measures, evaluated the effectiveness of the pilot program, and finalized the transformation of the program to a program of record. Objective, Scope, and Methodology The Department of Homeland Security, Office of Inspector General was established by the Homeland Security Act of 2002, Pub. L. No. 107-296, by amendment to the Inspector General Act of 1978. www.oig.dhs.gov 12 LAW ENFORCEMENT SENSITIVE OIG-19-10 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security This audit is the first of three annual audits required by the Trade Facilitation and Trade Enforcement Act of 2015, Pub. L. No. 114-125 (TFTEA). We conducted this audit to determine to what extent CBP conducted searches of electronic devices at U.S. ports of entry in accordance with its SOPs. For the purposes of this audit, our scope was limited to OFO’s operations in conducting searches of electronic devices at ports of entry. To achieve our audit objective, we: x interviewed CBP officials in OFO, Laboratories and Scientific Services Directorate, Office of Information & Technology, Office of Chief Counsel, United States Border Patrol, and Air & Marine Operations; x reviewed the TFTEA; CBP Directive 3340-049, Border Search of Electronic Devices Containing Information (Issued August 20, 2009); CBP Directive 3340-049A, Border Search of Electronic Devices (Issued January 4, 2018); and memorandums and muster documents relating to border searches of electronic devices; x reviewed privacy impact assessments, contract documents, and training documents; x conducted five site visits from July 2017 to September 2017 to Dulles International Airport, Miami International Airport, Miami Seaport, El Paso Land Port, and Buffalo Land Port; x attended training on advanced searches of electronic devices; x interviewed OFO officers, border security coordinators, program managers, training officers, and OFO supervisors at the ports of entry we visited; and x physically inspected equipment used to conduct advanced searches at the ports of entry visited. Additionally, we judgmentally selected and reviewed a sample of 194 electronic media reports completed between April 2016 and July 2017 at Dulles International Airport, Miami International Airport, Miami Seaport, El Paso Land Port, Buffalo Land Port, and Los Angeles Airport. We assessed the reliability of the data received from OFO pertaining to the number of search incidents. The data included the total number of electronic searches, basic (manual) searches, and advanced searches. We assessed the reliability of the data by (1) interviewing OFO officials knowledgeable about the data, and (2) comparing data that OFO provided to OIG to CBP’s publicly released statistical data information. We identified discrepancies of less than 1 percent. We determined that the data were the best available at the time. Despite the discrepancies, the data were sufficient for the purposes of our audit. For the number of devices detained, we reported the data as provided by OFO. See appendix B. www.oig.dhs.gov 13 LAW ENFORCEMENT SENSITIVE OIG-19-10 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security We conducted this performance audit between December 2016 and May 2018 pursuant to the Inspector General Act of 1978, as amended, and according to generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based upon our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based upon our audit objectives. The Office of Audits major contributors to this report are Patrick O’Malley, Audit Director; Modupe Ogunduyile, Audit Manager; Jason Kim, Auditor-inCharge; Rolando Chavez, Auditor; Enrique Leal, Auditor; Nedra Rucker, Auditor; Kelly Herberger, Kevin Dolloson and Ellen Gallagher, Communications Analysts; and Kathy Hughes, Independent Referencer. www.oig.dhs.gov 14 LAW ENFORCEMENT SENSITIVE OIG-19-10 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security Appendix A CBP’s Comments to the Draft Report www.oig.dhs.gov 15 LAW ENFORCEMENT SENSITIVE OIG-19-10 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security www.oig.dhs.gov 16 LAW ENFORCEMENT SENSITIVE OIG-19-10 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security www.oig.dhs.gov 17 LAW ENFORCEMENT SENSITIVE OIG-19-10 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security www.oig.dhs.gov 18 LAW ENFORCEMENT SENSITIVE OIG-19-10 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security www.oig.dhs.gov 19 LAW ENFORCEMENT SENSITIVE OIG-19-10 LA\\' ENFORCEMENT SENSITn'E OFFICE OF INSPECTOR GENERAL Department of Homeland Security Appendix B OIG Information to be Reported under the Trade Facilitation and Trade Enforcement Act of 2015 As required under the TFTEA, in the background and results sections of this report, we described the activities of CBP officers and agents with respect to e lectronic searches. Other reportable information in table 2 shows the total number of border searches of electronic devices in FY 2016 and FY 2017; the number of manual and advanced searches (conducted using external equipment); and the number of electronic devices detained as a result of electronic searches. However, as noted in table 2, we were not able to determine the number of instances in which information collected from electronic devices was subjected to these searches and was transmitted to another Federal agency or whether such transmissions resulted in a prosecution or conviction because OFO does not track this information. Table 2 : Border Searches of Electronic Device s , FYs 2016-2017 Number of Searches FY2016 FY2017 Total Electronic Border Searches* 19,148 30,385 Basic (manual) search 16,725 27,701 Advanced search** 2,423 2,684 -*** -*** Information collected was transferred to another Federal agency, including whether such transmissions resulted in prosecution or conviction Number of Devices 443 Detained 409 Source: CBP OFO *Inbound and Outbound **Border search conducted using external equipment ***Information not tracked by OFO www.oig.dhs.gov 20 LAW ENFORCEMENT SENSITIVE OIG-19-10 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security Appendix C Report Distribution Department of Homeland Security Secretary Deputy Secretary Chief of Staff General Counsel Executive Secretary Director, GAO/OIG Liaison Office Assistant Secretary for Office of Policy Assistant Secretary for Office of Public Affairs Assistant Secretary for Office of Legislative Affairs Acting CBP Commissioner CBP Audit Liaison Office Office for Civil Rights and Civil Liberties Office of Management and Budget Chief, Homeland Security Branch DHS OIG Budget Examiner Congress Committee on Homeland Security and Governmental Affairs, U.S. Senate Committee on Homeland Security, U.S. House of Representatives Congressional Oversight and Appropriations Committees www.oig.dhs.gov 21 LAW ENFORCEMENT SENSITIVE OIG-19-10 Additional Information and Copies To view this and any of our other reports, please visit our website at: www.oig.dhs.gov. For further information or questions, please contact Office of Inspector General Public Affairs at: DHS-OIG.OfficePublicAffairs@oig.dhs.gov. Follow us on Twitter at: @dhsoig. OIG Hotline To report fraud, waste, or abuse, visit our website at www.oig.dhs.gov and click on the red "Hotline" tab. If you cannot access our website, call our hotline at (800) 323-8603, fax our hotline at (202) 254-4297, or write to us at: Department of Homeland Security Office of Inspector General, Mail Stop 0305 Attention: Hotline 245 Murray Drive, SW Washington, DC 20528-0305