Inspector General: FBI Lost Six Months Of Important Text Messages Because Its Retention System Sucks
from the all-the-smart-people-at-the-agency-etc dept
It's great to know the FBI wants encryption broken so it can forensically molest any devices in its possession to find the mother lode of culpatory evidence these devices always contain. ("Always," you ask? The FBI irritatedly taps the word "always" repeatedly in response.)
The reason this is such good news is that the FBI can't even manage to reliably extract content from phones it issues to agents and other personnel. If you can't expertly handle data migration/storage from phones in your control at all times, how badly are you going to bungle forensic evidence extraction at scale if the government ever green lights encryption backdoors?
The DOJ Inspector General has just released a report [PDF] detailing its investigation of missing text messages sent by two agents at the center of a Congressional hearing about supposed biased behavior during the FBI investigation of Hillary Clinton and Mueller's investigation of Donald Trump. Agents Peter Strzok and Lisa Page exchanged text messages expressing their dislike of Trump and made some comments suggesting they would do something to harm his presidential chances. Critics believed this showed these agents -- if not the agency itself -- were guided by political bias when investigating Trump's ties with Russia.
Maybe there was more to this than there first appeared to be. Thousands of text messages from the agents' devices went missing -- a gap that stretched from December 2016 to May 2017. The Inspector General's office used forensic tools to recover roughly 19,000 text messages from the two phones. The culprit appears to be standard operating procedure rather than a deliberate attempt to destroy evidence.
Strzok and Page had each returned their DOJ-issued iPhones six months earlier when their assignments to the SCO (Special Counsel's Office) had ended. The OIG was told that the DOJ issued iPhone previously assigned to Strzok had been re-issued to another FBI agent… CYBER obtained a forensic extraction of the iPhone previously assigned to Strzok; however, this iPhone had been reset to factory settings and was reconfigured for the new user...
The same thing happened to Page's phone. It was reset in July 2017 by personnel at the DOJ's Justice Management Decision. It hadn't been issued to another agent but it had been restored in preparation for reassignment.
Resetting phones just makes sense. Nothing about the FBI's handling of records its supposed to be retaining does. Text messages are official communications. They're subject to public records requests and they're often responsive to subpoenas in criminal cases. Wiping a phone without ensuring existing communications have been backed up is monumentally stupid and possibly illegal.
To the agency's credit, it does try to retain these communications before resetting issued devices. The problem is its tool works poorly. As does its management:
FBI Assistant General Counsel [redacted for some fucking reason] informed OIG that there does not appear to be a directive for preservation of texts by ESOC [Enterprise Security Operations Center], but that ESOC retains text messages as a matter of practice.
Define "retain" and "matter of practice" in the context of a six-month gap of non-retention of Strzok/Page text messages. I guess it's the thought that counts?
[E]SOC could not provide a specific explanation for the failure in the FBI's text message collection relating to Strzok's and Page's S5 phones…
ESOC did offer up a set of possible explanations for the failure, none of which are reassuring. First, it could have been a bug reported by the vendor in 2016 but not fixed until March 2017. The application itself could have been misconfigured. The application may not have been compatible with device software updates.
Efforts were made to mitigate the issue. But those failed as well. The FBI phased out Samsung S5s and replaced them with S7s. Nothing changed but the phone model.
[A]ccording to FBI's Information and Technology Branch, as of November 15, 2018, the data collection tool utilized by FBI was still not reliably collecting text messages from approximately 10 percent of FBI issued mobile devices…
That the OIG was able to recover thousands of messages from forensic extraction and scouring the FBI's enterprise database isn't really good news. It's unlikely the FBI will make the same effort when hit with discovery demands and it already won't thoroughly search databases it has full access to when responding to FOIA requests. So, records are going to go missing and it won't be until the OIG steps in that any effort will be made to find the missing records, much less take a good look at the broken processes that caused them to go missing in the first place.
Filed Under: data retention, fbi, inspector general, lisa page, peter strzok, public records, text messages
