IRS and Terrorist-Related Information Sharing (21-OCT-02, GAO-03-50R). Events preceding and following the attacks of September 11, 2001, spotlighted ineffective information sharing, particularly related to intelligence and law enforcement activities, as a serious weakness. Poor information sharing hinders effectively identifying vulnerabilities and coordinating efforts to detect attacks. GAO monitored the Internal Revenue Service's (IRS) efforts to enhance the security of the tax filing process, to study how terrorist-related threat information is shared with IRS. The Federal Bureau of Investigation (FBI) uses task forces and electronic means to share terrorist-related threat information with the Treasury Inspector General for Tax Administration (TIGTA). More specifically, it shares information through its involvement with TIGTA and others in Joint Terrorism Task Forces and through electronic arrangements such as the National Threat Warning System. For its part, TIGTA uses formal communications to disseminate threat information to IRS. TIGTA and IRS officials were satisfied with the FBI's and TIGTA's information-sharing procedures, respectively. -------------------------Indexing Terms------------------------- REPORTNUM: GAO-03-50R ACCNO: A05350 TITLE: IRS and Terrorist-Related Information Sharing DATE: 10/21/2002 SUBJECT: Counterterrorism Terrorism Warning systems Electronic data interchange Law enforcement agencies Federal intelligence agencies Information resources management Interagency relations ****************************************************************** ** This file contains an ASCII representation of the text of a ** ** GAO Product. ** ** ** ** No attempt has been made to display graphic images, although ** ** figure captions are reproduced. Tables are included, but ** ** may not resemble those in the printed version. ** ** ** ** Please see the PDF (Portable Document Format) file, when ** ** available, for a complete electronic file of the printed ** ** document's contents. ** ** ** ****************************************************************** GAO-03-50R GAO- 03- 50R IRS and Terrorist- Related Information Sharing United States General Accounting Office Washington, DC 20548 October 21, 2002 The Honorable Max Baucus Chairman The Honorable Charles E. Grassley Ranking Member Committee on Finance United States Senate Subject: IRS and Terrorist- Related Information Sharing Events preceding and following the attacks of September 11, 2001, spotlighted ineffective information sharing, particularly related to intelligence and law enforcement activities, as a serious weakness. Poor information sharing hinders effectively identifying vulnerabilities and coordinating efforts to detect attacks. As agreed with your offices, as part of our response to your request to monitor the Internal Revenue Service*s (IRS) efforts to enhance the security of the tax filing process, 1 we studied how terrorist- related threat information is shared with IRS. More specifically, one of this report*s objectives is to describe the process the Federal Bureau of Investigation (FBI) uses to share this kind of information with the Treasury Inspector General for Tax Administration (TIGTA) and the process TIGTA uses to share information with IRS. Another objective is to describe TIGTA and IRS officials* views on the procedures for sharing information. We included the FBI in our work because it is responsible for ensuring a coordinated and vigorous response to terrorist acts and needs to share information to carry out its responsibility. We included TIGTA because even though it is separate from IRS, it is responsible for investigating threats against IRS facilities and employees and is the conduit to IRS for FBI information related to IRS. Results in Brief The FBI uses task forces and electronic means to share terrorist- related threat information with TIGTA. More specifically, it shares information through its involvement with TIGTA and others in Joint Terrorism Task Forces (JTTFs) and through electronic arrangements such as the National Threat Warning System. For its part, TIGTA uses formal communications to disseminate threat information to IRS. 1 We issued interim and final *limited official use only* reports to you on IRS mail security in February and August 2002. GAO- 03- 50R IRS and Terrorist- Related Information Sharing Page 2 TIGTA and IRS officials were satisfied with the FBI*s and TIGTA*s informationsharing procedures, respectively. We are making no recommendations. After reviewing a draft of this report, the FBI had no comments, and TIGTA and IRS agreed with our findings. However, TIGTA noted that receiving no additional funding for its enhanced participation in JTTFs made TIGTA*s information- sharing efforts especially challenging, and that, in this context, continuing its efforts to improve the process raised concerns about endangering other program initiatives. How the FBI Shares Information with TIGTA According to FBI officials, the FBI shares information with TIGTA and many other agencies through FBI- chaired JTTFs. Composed of various federal, state, and local agencies, JTTFs aim to prevent, preempt, deter, and investigate terrorism and related activities affecting the United States and to apprehend terrorists. According to an FBI official, the FBI had a JTTF in each of its 56 field offices by July 2002, and a TIGTA official said that TIGTA would be involved in a full- time, part- time, or liaison capacity in almost all the JTTFs. According to FBI officials, full- time JTTF members share information by working side by side in the same space every day, and JTTF meetings include discussions of casework, intelligence information, administrative matters, available training, and other JTTF- related issues. According to a TIGTA official, when TIGTA works with a JTTF in a liaison or part- time capacity, the FBI agrees to notify TIGTA of anything of interest to TIGTA that arises in a TIGTA representative*s absence. Another TIGTA official cautioned, however, that TIGTA*s absence means that the FBI has to recognize a risk to IRS that TIGTA would otherwise recognize. FBI officials told us that in a liaison capacity, JTTF members participate through regular meetings, conferences, and telephone calls. At a different level, TIGTA also participates in a national JTTF, which allows for information sharing on a national basis among federal, state, and local groups, and it was trying to hire someone to participate full- time. Because the FBI requires that a memorandum of understanding be executed with all agencies participating full- time in the JTTFs, it finalized one with TIGTA in September 2001. Lasting until TIGTA withdraws from JTTFs, the memorandum governs how TIGTA employees are detailed or otherwise assigned to work at the FBI as part of JTTFs. According to a TIGTA official, TIGTA*s role with the JTTFs evolved from an earlier FBI/ TIGTA relationship. In addition to sharing information through JTTFs, the FBI shares information with TIGTA electronically. TIGTA receives FBI information through the National Threat Warning System over secure teletype; the National Law Enforcement Telecommunications System, which provides for interagency exchange of unclassified criminal justice information; and the National Infrastructure Protection Center, which is the national focal point for information on threats to critical infrastructures, such as telecommunications and banking and finance systems. Similarly, TIGTA has access to the FBI*s National Crime Information Center database, GAO- 03- 50R IRS and Terrorist- Related Information Sharing Page 3 which has a terrorism subfile. The purpose of this database is to share biographical information on people of interest to the FBI who should be treated with caution. How TIGTA and IRS Share Information According to TIGTA officials, TIGTA is the primary conduit through which terroristrelated threat information flows both ways between the FBI and IRS. When IRS reports a threat to TIGTA, TIGTA determines its validity and passes it on to the FBI, if warranted. Similarly, through its involvement in individual JTTFs, according to TIGTA officials, TIGTA becomes aware of information, such as militia or antitax activity, and decides whether it should be passed on to IRS. In May 2001, TIGTA formed its own counterterrorism group, which is the centralized point where threat information related to IRS, including information received from TIGTA representatives on the JTTFs, is analyzed. The group is charged with coordinating TIGTA*s investigations of terrorism threats directed against IRS or its employees. TIGTA formally disseminates some terrorist- related threat information to IRS*s Agencywide Shared Services through threat advisories. 2 The purpose of the advisories is to advise TIGTA and IRS management of significant anti- government activity that may affect the safety of IRS personnel and facilities. According to a TIGTA official, the decision to disseminate advisories is a collaborative effort using years of law enforcement experience to assess threats. The information in the advisories we examined came from many sources, including the FBI, other federal agencies, and the media. Many of the advisories warned TIGTA agents of developments relating to fighting terrorism, but others warned IRS of situations threatening federal agencies and others in general. Very seldom did an advisory mention anything specific to IRS or the federal tax system. TIGTA and IRS Officials Are Satisfied with Information- Sharing Procedures The TIGTA and IRS officials we interviewed were satisfied with the procedures used for sharing information. A TIGTA Assistant Special Agent- in- Charge told us that the FBI shared terrorist- related threat information with TIGTA in a way that was timely and responsive to IRS*s needs. Similarly, IRS officials responsible for security policymaking and implementation told us that they were satisfied with the job TIGTA was doing. According to the Director of the Office of IRS- Wide Security, TIGTA represented IRS*s interests well, explaining to others why IRS had to have certain knowledge. According to officials in IRS*s Agencywide Shared Services responsible for distributing threat information throughout IRS, TIGTA shared information alerts as they occurred, and IRS received everything it needed to complete its job. 2 Agencywide Shared Services is the IRS organization responsible for distributing threat information throughout IRS. GAO- 03- 50R IRS and Terrorist- Related Information Sharing Page 4 Agency Comments We provided a draft of this report to the Attorney General, the Acting Treasury Inspector General for Tax Administration, and the Commissioner of Internal Revenue for comment. On October 8, 2002, the Department of Justice*s Audit Liaison Office orally told us that the FBI had no comments. Also in oral comments, the Director of the Office of IRS- Wide Security said on September 26, 2002, that IRS agreed with our findings. In providing written comments on our draft, TIGTA*s Deputy Inspector General for Investigations also agreed with our findings. He added that TIGTA*s not receiving any additional funding to support its enhanced participation in JTTFs made TIGTA*s information- sharing efforts especially challenging. In this context, he also expressed concern that TIGTA*s continued efforts to improve its process would imperil other program initiatives. We did not address TIGTA*s funding in our report because it was beyond our scope. The full text of the Deputy Inspector General*s comments is reprinted in the enclosure. Scope and Methodology To obtain information on processes used to share terrorist- related threat information and officials* views of those processes, we reviewed our reports and testimonies 3 and other materials on information- sharing procedures and coordination among federal agencies; interviewed FBI, TIGTA, and IRS officials responsible for counterterrorism, information dissemination, threat assessment, and IRS security policymaking and implementation; reviewed the memorandum of understanding between the FBI and TIGTA; and obtained information on TIGTA threat advisories issued from March 2001 through June 2002. We did not test the FBI*s or TIGTA* s information- sharing procedures. We did our work in the Washington, D. C. area from February through July 2002 in accordance with generally accepted government auditing standards. - - - - As agreed with your offices, unless you publicly announce its contents earlier, we plan no further distribution of this report until 30 days from the date of this report. At that time, we will send copies of this report to the Attorney General, the Treasury Inspector General for Tax Administration, the Commissioner of Internal Revenue, and other interested parties. We also will make copies available to others upon request. In addition, the report will be available at no charge on the GAO Web site at http:// www. gao. gov. 3 For instance, U. S. General Accounting Office, FBI Reorganization: Initial Steps Encouraging but Broad Transformation Needed, GAO- 02- 865T (Washington, D. C.: June 21, 2002). In this testimony, we said that communication problems significantly hampered the FBI*s ability to share information internally and with other intelligence and law enforcement agencies. We also testified that the FBI*s recent steps toward greater information sharing, improving analytical capacity, and establishing a central unit to make sense of gathered information seemed to be rational ones. GAO- 03- 50R IRS and Terrorist- Related Information Sharing Page 5 If you or your staff have any questions about this report, please contact David Attianese or me on (202) 512- 9110. Key contributors to this report were Chan My J. Battcher and Lawrence M. Korb. James R. White Director, Tax Issues Enclosure Page 6 GAO- 03- 50R IRS and Terrorist- Related Information Sharing (440134) *** End of document. ***