The Justice Department inspector general’s office has said that security practices are not being clearly communicated or followed regarding phones issued to Bureau of Prisons employees.
“In connection with the OIG’s criminal and administrative investigations, highly relevant evidence is often stored on government-issued electronic devices, and the OIG then needs to extract that evidence from the government issued devices,” it said. However, it said it found in recent investigations involving alleged misconduct by BoP personnel that the agency “has not developed, documented, and implemented rules of behavior for employees when accessing and using” the devices and has not required all users to review and consent to rules of behavior agreements
Further, it said that BoP has not trained mobile device users on the security risks associated with downloading unvetted apps onto the devices and has not instituted controls to block the downloading of apps on a prohibited list.
In addition, a special “management advisory” issued while an investigation is still ongoing questioned the agency’s use of a security system that allows employees to create a “personal container” on the devices, which “has led employees who have engaged in inappropriate uses of their mobile devices to claim privacy protections.”
In one such case, it said, the IG office had to petition a federal court for a subpoena because the employee refused to turn over communications and documents in the “personal container” despite being issued two administrative subpoenas. While the petition to the court succeeded, the investigation was delayed, it said.