An audit has said that the process the FBI uses to collect text messages sent to or from agency-issued mobile devices raises questions about whether records of those messages are being kept as required.
Further, unknown to the FBI, some messages were saved to a plain text database on the devices, “some of which were not captured. The OIG identified this, and other concerns, as security vulnerabilities,” a report said.
The report said the issues surfaced during an investigation into messages sent by two employees related to the 2016 presidential election, in which a several-month gap in records of their messages was discovered.
“The FBI informed the OIG that it was aware that there were deficiencies in its collection application and that it was changing the model of the mobile device issued to FBI employees as part of a regular technical refresh and to mitigate the problem. However, the OIG later learned that, even after upgrading to new devices, the data collection tool utilized by the FBI was still not reliably collecting text messages from approximately 10 percent of more than 31,000 FBI-issued mobile devices,” the report said.
A subject matter expert the IG engaged found further security vulnerabilities, it said. It recommended that the FBI look into those issues and said that “current and future mobile devices and data collection and preservation tools should be tested for security vulnerabilities in order to ensure the security of the devices and the safekeeping of the sensitive data therein.”