FBI Criticized for Inadequate Handling of Sensitive Electronic Devices

Why Trust Techopedia
Key Takeaways

  • The Department of Justice found lapses in the FBI’s management of discarded media with sensitive information.
  • An audit conducted by the DOJ found some media unaccounted for and prone to being lost or stolen.
  • The FBI will form new review directives for processing media and has installed metal enclosures inside storage facilities to secure devices.

The FBI’s handling of electronic devices containing sensitive and potentially classified information was found to be inadequate, forcing it to review its policies. 

The US Department of Justice’s Office of the Inspector General reprimanded the FBI for inadequate measures to manage and dispose of older storage media with sensitive information.

An audit conducted by the OIG found the FBI’s handling of storage devices can expose sensitive but unclassified (SBU) and classified national security information to third parties, including those contracted to dispose of them. 

The audit also highlighted insufficient sorting measures or physical security of devices, including hard drives, USB thumb drives, optical media, phones, computers, fax machines, TVs, and whatnot, at destruction facilities, and this makes them vulnerable to theft. 

FBI media storage | Source: The US DOJ’s Office of the Inspector General
FBI media storage | Source: The US DOJ’s Office of the Inspector General

The agency further identified the FBI’s poor efforts in storing these devices. The agency dumped them in pallet-sized boxes and did not correctly label them based on the sensitivity of the data, which determines the priority for sorting and “sanitization.” Some storage media is also left unaccounted for or tracked with its Asset Management System, making them prone to misuse. 

What DOJ Recommends to the FBI

Addressing these gaps, the OIG also offered recommendations to the FBI for better weeding such electronic devices. 

Firstly, it instructed the FBI to revise its procedures to ensure all devices are properly accounted for and tracked for timely destruction. The FBI was advised that all extracted internal storage media, such as hard drives from computers and servers, be reported and tracked as separate entities, isolated from their chassis. 

Secondly, it recommended the FBI accurately classify information in the media as top secret, sensitive, or classified. In addition to larger storage units, such as hard drives and optical media, the FBI was recommended to label small flash drives and memory cards intended for cleansing or disposal appropriately using specific labels complying with the DOJ’s policies. 

Thirdly, the audit found the FBI’s storage media storage questionable and asked it to secure them in safe enclosures instead of pellet boxes physically. The OIG recommended creating physical barriers to prevent contractors and non-FBI personnel from accessing areas where such discarded media are stored inside the FBI’s storage facilities. In addition, it is recommended that security cameras be added to monitor movement in the area. 

FBI’s response to the matter

In response, the FBI said it was in the process of finalizing a “Physical Control and Destruction of Classified and Sensitive Electronic Devices and Material Policy Directive” that will make handling of all physical media and electronic hardware with more accountability and proper tracking in line with the DOJ’s recommendations. 

Source: The US DOJ’s Office of the Inspector General
Source: The US DOJ’s Office of the Inspector General

The FBI has further installed metal cages inside storage facilities to control access to such devices and supplemented it with security cameras to strengthen monitoring.