FBI Faulted for Procedures for Smartphones that Forensics Can’t Scrub
Watchdog’s review of Strzok-Page text messages prompts changes in product selection.
Limits on forensics specialists’ ability to recapture employee data from agency-issued smartphones have prompted the FBI to change its acquisition decisions, a redacted report from the Justice Department watchdog noted.
The issue arose early this year when the inspector general was attempting to reconstruct text messages from the Samsung Galaxy S5 phones used by since-terminated FBI employees Peter Strzok and Lisa Page—whose anti-Trump comments shared in the context of their extramarital affair became a disputed portion of the drama surrounding special counsel Robert Mueller’s investigation of possible ties between President Trump’s campaign and the Russian government.
The IG’s Cyber Investigations Office did reconstruct most but not all the relevant messages numbering in the thousands, mostly from what had been a gap between Dec. 15, 2016 and May 17, 2017.
But “according to the FBI’s Information and Technology Branch, as of Nov. 15, 2018, the data collection tools utilized by the FBI were still not reliably collecting text messages from the approximately 10 percent of FBI-issued mobile devices, which included Samsung S7s and subsequently issued S9s,” the IG wrote. “By comparison, the estimated failure rate of the collection tool was 20 percent for the Samsung S5.”
The IG had asked the FBI Inspection Division for Galaxy 5 and 7 phones issued to Strzok and Page, and four were provided for forensic data extractions. “To ensure the thoroughness of text message recovery efforts, OIG also consulted the Department of Defense, conducted additional quality assurance steps and hired a subject-matter expert,” the report released on Thursday said.
The IG had also asked the special counsel’s office for two Justice Department phones assigned to Strzok and Page before they were removed from Mueller’s team, both of which had been returned. But the IG was informed that the phone assigned to Strzok had been “reissued to another FBI agent.” The IG’s cyber team was unable to extract more Strzok messages because phones intended to be reassigned phones are “re-set” to remove the previous user’s data. “The officer reviewed Strzok’s DoJ-issued phone after he returned it to the [special counsel] and determined it contained no substantive text messages,” the IG said.
Page’s old phone was eventually located, but it too had been reset to factory settings, the usual policy, and the recipient said no messages had been found before the reset.
“The department, unlike the FBI, does not have an automated system that seeks to retain text messages, and the service provider only retains such messages for five to seven days,” the report said. During 2017, the FBI phased out use of the Samsung Galaxy S5 in favor of models that make recapture of messages easier, the IG noted.
After reviewing policies on document preservation and interviewing the FBI’s general counsel and Enterprise Security Operations Center, the watchdog “determined that the FBI does not currently have a specific policy directive mandating that the FBI….collect text messages sent and received by FBI employees using their issued mobile devices.”
The FBI slightly disagreed in its comments, though it acknowledged gaps in its ability to retrieve messages. It said its practices for preservation go beyond what is required by statute or the Justice Department, but that there are “multiple technological, cost and human factors that must be considered and addressed.” The FBI added that it “believes that its text collection practices far exceed those of most other federal agencies.”
The IG’s formal recommendations will come later, the report said.
NEXT STORY: The IRS Is Now On Instagram