Email Episode 1472: No Dust Left on Chappaqua Server?

Posted: 11:28 pm PDT

.

.

.
The New York Times also posted the letter from the former secretary of state’s lawyer David E. Kendall to House Chairman Trey Gowdy.  Excerpt below:

There is no basis to support the proposed third-party review of the server that hosted the hdr22@clintonemail.com account. During the fall of 2014, Secretary Clinton’s legal representatives reviewed her hdr22@clintonemail.com account for the time period from January 21, 2009 through February 1, 2013. After the review was completed to identify and provide to the Department of State all of the Secretary’s work-related and potentially work-related emails, the Secretary chose not to keep her non-record personal e-mails and asked that her account (which was no longer in active use) be set to retain only the most recent 60 days of e-mail. To avoid prolonging a discussion that would be academic, I have confirmed with the Secretary’s IT support that no e-mails from hdr22@clintonemail.com for the time period January 21, 2009 through February 1, 2013 reside on the server or on any back-up systems associated with the server.

Page 8 of this 9-page document includes a letter from the State Department’s Under Secretary for Management Patrick Kennedy:

We understand that Secretary Clinton would like to continue to retain copies of the documents to assist her in responding to congressional and related inquiries regarding the documents and her tenure as head of the Department. The Department has consulted with the National Archives and Records Administration (NARA) and believes that permitting Secretary Clinton continued access to the documents is in the public interest as it will help promote informed discussion.

Accordingly, Secretary Clinton may retain copies of the documents provided that: access is limited to Secretary Clinton and those directly assisting her in responding to such inquiries; steps are taken to safeguard the documents against loss or unauthorized access; the documents are not released without written authorization by the Department; and there is agreement to return the documents to the Department upon request. Additionally, following counsel, we ask that, to the extent the documents are stored electronically, they continue to be preserved in their electronic format. In the event that State Department reviewers determine that any document or documents is/are classified, additional steps will be required to safeguard and protect the information.

The  entire Kendall-Gowdy letter is available to read here.

Because it’s Friday, there is also this item from Gawker and ProPublica adding a stranger twist to this  email saga.

 

 

In related news, remember when Michael Schmidt broke the NYT story about  Secretary Clinton’s exclusive use of a personal email account during her entire tenure as Secretary of State? That was on March 2.  On March 25,  Secretary Kerry finally asked the Office of Inspector General to review email and record retention at his agency.  The letter Secretary Kerry sent to IG Steve Linick is available to read here (pdf).

.

I don’t know about you but … it’s that kind of week.

Greys-Anatomy perfectedflaw

Image: Tumblr, perfectedflaw via Mashable

#

Rabbit Hole News: State Dept’s Private Email Usage Policy, Plus Attn: State/OIG – Firecracker Coming Your Way

Posted: 01:47 EST
Updated: 11:19 EST
Updated 15:14 EST

 

Shortly after the NYT broke the story about the former secretary of state’s exclusive used of a personal email account to conduct government business, we sent an inquiry to the State Department’s Office of Inspector General. We don’t know if they could comment about it but we wanted to ask anyway.  We’ve looked at the regs but the FAM is silent on the use of private email, or at least we thought it was. It almost seem as if the rule makers presumed that all employees will be using official email, thus, the rules only spell out the requirement for the preservation of records.

If Secretary Clinton was using a private email account and if her close advisers were also using private email accounts, we wanted to know how is this reconciled with the ability of individuals to FOIA government documents. We were also interested how this would keep other senior or even regular employees from using Yahoo or Gmail to conduct official business.

State/OIG’s response was, “we are not in a position to comment at this time.”

Actually, we asked the wrong questions.

In 2012, we blogged about the OIG inspection report of the U.S. Embassy in Kenya. (See State/OIG Releases Ambassador Scott Gration’s Embassy Report Card – And Look, No Redactions!). We mentioned in passing the ambassador’s use of commercial email for official government business. In light of these news reports that Secretary Clinton exclusively used nongovernment email during her four year tenure as secretary of state, the old 2012 report is getting some legs again.

 

.
Below is an excerpt from that 2012 report specifically addressing the ambassador’s use of commercial email for daily communication of official government business. The ambassador was also slammed for using “a government-owned laptop that is not physically or electronically connected to the Department’s OpenNet network.”  

Mission Leadership Challenge 

Very soon after the Ambassador’s arrival in May 2011, he broadcast his lack of confidence in the information management staff. Because the information management office could not change the Department’s policy for handling Sensitive But Unclassified material, he assumed charge of the mission’s information management operations. He ordered a commercial Internet connection installed in his embassy office bathroom so he could work there on a laptop not connected to the Department email system. He drafted and distributed a mission policy authorizing himself and other mission personnel to use commercial email for daily communication of official government business. During the inspection, the Ambassador continued to use commercial email for official government business. The Department email system provides automatic security, record-keeping, and backup functions as required. The Ambassador’s requirements for use of commercial email in the office and his flouting of direct instructions to adhere to Department policy have placed the information management staff in a conundrum: balancing the desire to be responsive to their mission leader and the need to adhere to Department regulations and government information security standards. The Ambassador compounded the problem on several occasions by publicly berating members of the staff, attacking them personally, loudly questioning their competence, and threatening career-ending disciplinary actions. These actions have sapped the resources and morale of a busy and understaffed information management staff as it supports the largest embassy in sub-Saharan Africa.

Authorized Automated Information Systems 

The Ambassador uses a government-owned laptop that is not physically or electronically connected to the Department’s OpenNet network. Authorized Department OpenNet email systems are available on the Ambassador’s office desktop. According to 12 FAM 544.3 and 11 State 73417 (from the Assistant Secretary for Diplomatic Security to the Ambassador), it is the Department’s general policy that normal day-to-day operations be conducted on an authorized information system, which has the proper level of security controls. The use of unauthorized information systems increases the risk for data loss, phishing, and spoofing of email accounts, as well as inadequate protections for personally identifiable information. The use of unauthorized information systems can also result in the loss of official public records as these systems do not have approved record preservation or backup functions. Conducting official business on non-Department automated information systems must be limited to only maintaining communications during emergencies.

Recommendation 57: Embassy Nairobi should cease using commercial email to process Department information and use authorized Department automated information systems for conducting official business. (Action: Embassy Nairobi)

Source:  Inspection of Embassy Nairobi, Kenya | Report Number ISP-I-12-38A, August 2012 | pdf

 

We should point out that the 2012 report was issued prior to the tenure of IG Steve Linick and Secretary Clinton tenure at the State Department ended in February 2013.  But with 2016 just around the corner, this email debacle will not die a quiet death.

The unclassified cable  STATE 065111 on securing email accounts sent to all overseas posts on June 28, 2011 only says “avoid conducting official Department business from your personal email accounts.”

See the magic word there? It did not say you can’t, only that you shouldn’t.

So for the second day in a row, the subject of the Clinton emails was featured in the Daily Press Briefing. The State Department’s deputy spox, Marie Harf was impressive when she said that “There was no prohibition” on the use of personal email.  She emphasized that “There was not then and there is not now a prohibition on using a personal email for official business, and at the time she was in office, there was no time requirement for when those needed to be preserved as records.”

Entertainment value? High.

In any case, the question that we probably should have asked the OIG is this — if an ambassador was “hammered” for his use of nongovernment, private email, can we presume that ordinary bureaucrats would get a similar treatment? And if this is so  — don’t we then have a set of rules that applied to everyone but the head of the agency?   We originally cited 5 FAM 440 (pdf) as the rules governing  Electronic Records, Facsimile Records, and Electronic Mail Records in the State Department.  But wait —  the 2012 OIG report on Kenya cited 12 FAM 544.3 Electronic Transmission Via the Internet (pdf), a section of the FAM that has been in the rules books since 2005. It says in part:

It is the Department’s general policy that normal day-to-day operations be conducted on an authorized AIS [automated information system], which has the proper level of security control to provide nonrepudiation, authentication and encryption, to ensure confidentiality, integrity, and availability of the resident information. The Department’s authorized telework solution(s) are designed in a manner that meet these requirements and are not considered end points outside of the Department’s management control.
[…]
c. Employees should be aware that transmissions from the Department’s OpenNet to and from non-U.S. Government Internet addresses, and other .gov or .mil addresses, unless specifically directed through an approved secure means, traverse the Internet unencrypted. Therefore, employees must be cognizant of the sensitivity of the information and mandated security controls, and evaluate the possible security risks and then decide whether a more secure means of transmission is warranted (i.e., secure fax, mail or network, etc.)

d. In the absence of a Department-provided secure method, employees with a valid business need may transmit SBU information over the Internet unencrypted after carefully considering that:

(1) SBU information within the category in 12 FAM 541b(7)(a) and (b) must never be sent unencrypted via the Internet;

(2) Unencrypted information transmitted via the Internet is susceptible to access by unauthorized personnel;

(3) Email transmissions via the Internet generally consist of multipoint communications that are routed to their destination through the path of least resistance, which may include multiple foreign and U.S. controlled Internet service providers (ISP);

(4) Once resident on an ISP server, the SBU information remains until it is overwritten;

(5) Unencrypted email transmissions are subject to a risk of compromise of information confidentiality or integrity;

(6) SBU information resident on personally owned computers connected to the Internet is generally more susceptible to cyber attacks and/or compromise than information on government owned computers connected to the Internet;

(7) The Internet is globally accessed (i.e., there are no physical or traditional territorial boundaries). Transmissions through foreign ISPs or servers can magnify these risks; and

(8) Current technology can target specific email addresses or suffixes and content of unencrypted messages.

 

General policies, of course, can have exceptions and if that’s what happened here, wouldn’t it be nice to know who were granted exceptions to use private email accounts besides the secretary of state and why? And did the Legal Advisor or somebody else signed off on those exceptions? Was the clintonemail.com server an authorized AIS [automated information system] of the State Department, and if so, who authorized it?

We cannot predict where this email controversy is going to end, but some Internet sleuth is digging up Dubai, Denmark, Luxembourg in what seems to be an already convoluted matter.  If you read the link below there is an interesting question whether the Clinton e-mail server was hosted for some period of time by an outside hosting firm.  If the hosting firm was based overseas at an external location in Texas or elsewhere,  wouldn’t this be an added headache for cybersecurity and something the OIG’s new Office of Evaluations and Special Projects (ESP) might be interested in?

.

.

While the Inspector General of the State Department might not be in a position to comment about this issue publicly at this time, or might not want to wade into the rabbit hole with this political firecracker, it may not have much of a choice.  Even our apolitical neighbors were dismayed by this.  The perception that the rules may have been applied selectively, based on rank undermines the Service.  That in itself is an excellent excuse to review the entire practice and determine to what extent exceptions were made.  The Republican National Committee has reportedly already asked the Office of Inspector General to look into whether Clinton’s practices led her or the department to violate the Federal Records Act.

It’s only a matter of time before there is a formal congressional request. Heads up State/OIG, this firecracker is heading your way.

* * *

Related post:
So wait — Hillary Clinton never got a state.gov email? What does the FAM say?

Related items:

State Department June 28, 2011 Unclassified Cable 065111 on Securing Email Accounts via (foxnews)

NARA Bulletin 2014-06 | September 15, 2014 – Guidance on Managing Email

NARA Bulletin 2013-03 | September 9, 2013 – Guidance for agency employees on the management of Federal records, including email accounts, and the protection of Federal records from unauthorized removal

NARA Bulletin 2011-03 | December 22, 2010 – Guidance Concerning the use of E-mail Archiving Applications to Store E-mail

OMB | Managing Government Records Directive requires that Federal agencies manage all their email electronically by December 31, 2016.

 

 

 

State/OIG Challenges: Access and OIG Network Vulnerabilities

Posted: 01:42 EST
Updated: 3/3/2015 @1051 PST

Update: In response to our inquiry, State/OIG informed us that the 128 debarment and suspension referrals it made to the State Department “were accepted by the Department and action was taken.” However, we were also informed that the OIG actually “made more referrals, but no action has been taken by the Department to date.”*

As to the issue of OIG’s IT independence and integrity, “a memorandums of understanding have been executed in which the Department has agreed to obtain prior approval from OIG before accessing its network. In addition, we are engaging a third party to explore options to enhance the independence of our network system.”**

 

* * *

Last week, the State Department Inspector General Steve Linick appeared before the Committee on Homeland Security and Government Affairs on the Senate panel’s hearing on improving the efficiency, effectiveness and independence of inspector generals.  State/OIG has oversight of an agency with more than 72,000 employees (includes locally employed staff) in over 280 overseas missions and domestic entities, the BBG and the U.S. Section of the International Boundary and Water Commission. These agencies’ total annual appropriated funding includes approximately $15 billion, nearly $7 billion in consular fees and other earned income, and full or partial oversight of an additional $17 billion in Department-managed foreign assistance.

Some highlights:

  • Although the Department has made improvements on overseas security, challenges remain. Through our inspection and audit work, OIG continues to find security deficiencies that put our people at risk. Those deficiencies include failing to observe set-back and perimeter requirements and to identify and neutralize weapons of opportunity. Our teams also uncover posts that use warehouse space and other sub-standard facilities for offices, another security deficiency. Our audit of the Local Guard Program found that firms providing security services for embassy compounds were not fully vetting local guards they hired abroad, placing at risk our posts and their personnel. In other audits, we found that the Bureau of Diplomatic Security (responsible for setting standards) and the Bureau of Overseas Buildings Operations (responsible for constructing facilities to meet those standards) often do not coordinate adequately to timely address important security needs.
  • We found that follow-through on long-term security program improvements involving physical security, training, and intelligence-sharing lacked sustained oversight by Department principals. Over time, the implementation of recommended improvements slows. The lack of follow-through explains, in part, why a number of Benghazi ARB recommendations mirror previous ARB recommendations.
  • The Department’s obligations in FY 2014 equaled approximately $9 billion in contractual services and $1.5 billion in grants, totaling approximately $10.5 billion. However, the Department faces challenges managing its contracts, grants, and cooperative agreements. These challenges have come to light repeatedly in OIG audits, inspections, and investigations over the years. […]In FY 2014, more than 50 percent of post or bureau inspections contained formal recommendations to strengthen controls and improve administration of grants.
  • OIG’s assessments of the Department’s cybersecurity programs have found recurring weaknesses and noncompliance with the Federal Information Security Management Act (FISMA) with respect to its unclassified systems.[…] Our work in the information security area is ongoing. Since my arrival, OIG has arranged for penetration testing of the Department’s unclassified networks in order to better assess their vulnerability to attack.

What’s happening in FY2015? The following were specifically identified in IG Linick’s testimony (pdf):

  • Planned FY 2015 security audits include an audit of the approval and certification process used to determine employment suitability for locally employed staff and contracted employees, an audit of emergency action plans for U.S. Missions in the Sahel region of Africa, and an audit of the Vital Presence Validation Process (VP2) implementation. VP2 is the Department’s formal process for assessing the costs and benefits of maintaining its presence in dangerous locations around the world. Note: The VP2 is a result of the tragedy in Benghazi.
  • The DS/International Programs Directorate of the Bureau of Diplomatic Security is up for inspection. Note: This is  one of the main bureaus in aftermath of the Benghazi attack that came under congressional scrutiny. Charlene Lamb has now been succeeded by Christian J. Schurman who was named Deputy Assistant Secretary of State and Assistant Director for International Programs on September 15, 2014. DAS Schurman is a Diplomatic Security (DS) Special Agent with 27 years of service who was recently promoted to the rank of Minister Counselor in April 2014.
  • In FY 2015, OIG plans on issuing, among others, audits involving non-lethal aid and humanitarian assistance in response to the Syrian crisis, the Iraq Medical Services Contract, and the Bureau of International Narcotics and Law Enforcement’s Embassy Air Wing Contract in Iraq.
  • ESP is conducting a joint review with the Department of Justice’s OIG of the handling of the use of lethal force during a counternarcotics operation in Honduras in 2012.

 

IG Linick also highlighted new OIG initiatives to enhance the effectiveness and efficiency of OIG’s independent oversight of the Department’s programs and operations including:

  • the issuance of issue Management Alerts and Management Assistance Reports
  • the creation of the Office of Evaluations and Special Projects (ESP), and using ESP to improve OIG’s capabilities to meet statutory requirements of the Whistleblower Protection Enhancement Act of 2012
  • new oversight of overseas contingency operations specifically for Operation Inherent Resolve (OIR)—the U.S.-led overseas contingency operation directed against the Islamic State of Iraq and the Levant (ISIL),
  • data and technology enhancements
  • suspension and debarment:  between 2011 and 2014, OIG referred 128 cases to the Department for action *
  • new offices in Charleston, South Carolina, where one of the Department’s Global Financial Services Center resides, and in Frankfurt, Germany, the site of one of the Department’s Regional Procurement Support Office.
  • co-locating an OIG attorney-investigator as a full-time Special Assistant U.S. Attorneys (SAUSAs) in the U.S. Attorney Office for the Eastern District of Virginia in order to prosecute more quickly and effectively cases involving fraud against the Department of State

 

This hearing followed a well -publicized accessibility issues the Peace Corps and EPA OIG had with their own agencies. In his prepared testimony, IG Linick stated that “unfettered and complete access to information is the linchpin that ensures independence and objectivity for the entire OIG community.

He was careful to note “the importance of forging productive relationships with Department leadership and decision-makers” and cited the Department notice issued by Secretary Kerry at the start of his tenure over a year ago “outlining OIG authorities and obligations under the IG Act and advising staff of our need for prompt access to all records and employees.”  He then shared with Congress the OIG’s two main challenges:

  • Access: Generally, most of our work is conducted with the Department’s full cooperation and with timely production of material. However, there have been occasions when the Department has imposed burdensome administrative conditions on our ability to access documents and employees. At other times, Department officials have initially denied access on the mistaken assumption that OIG was not entitled to confidential agency documents. In these instances, OIG ultimately was able to secure compliance but only after delays and sometimes with appeals to senior leadership. These impediments have at times adversely affected the timeliness of our oversight work, resulting in increased costs for taxpayers.Delays in responding to document requests also occur because the requested information has not been maintained at all or in a manner to allow timely retrieval. Such disorganization of information may negatively impact not only OIG audits, inspections, evaluations, and investigations but also the integrity of Department programs and operations. For example, an OIG Management Alert identified missing or incomplete files for contracts and grants with a combined value of $6 billion.
  • OIG Network Vulnerabilities:  Vulnerabilities in the Department’s unclassified network also affect OIG’s IT infrastructure, which is part of the same network. We noted in our November 2013 information security Management Alert that there are literally thousands of administrators who have access to Department databases. That access runs freely to OIG’s IT infrastructure and creates risk to OIG operations. Indeed, a large number of Department administrators have the ability to read, modify, or delete any information on OIG’s network including sensitive investigative information and email traffic, without OIG’s knowledge. OIG has no evidence that administrators have actually compromised OIG’s network. However, the fact that the contents of our unclassified network may easily be accessed and potentially compromised unnecessarily places our independence at risk. We have begun assessing the best course of action to address these vulnerabilities. **

* * *

State OIG Appoints Whistleblower Ombudsman, Releases “Know Your Rights” Video

 

The Whistleblower Protection Enhancement Act of 2012, requires every IG to appoint an Ombudsman.  The Act requires that an ombudsman educate employees about the rights and protections available to whistleblowers.

The State Department IG Steve Linick has appointed Jeff McDermott as Ombudsman for the Department of State and the BBG. Mr. McDermott is a career appointee and his ombudsman duties are in addition to his duties as a senior investigative counsel.  He also serves as the OIG’s representative to the Justice Department’s whistleblower protection committee and counsels individual whistleblowers.  Within OIG, he works with the Office of Investigations to investigate allegations of retaliation by contractor and grantee employees.  He is available to discuss the protections against retaliation and how to make a protected disclosure, but he cannot act as your legal representative or advocate.  You may contact him at at OIGWPEAOmbuds@state.gov. Read more here. The “Know Your Rights” video is here. We asked the OIG a couple of questions:

Q: What protection is there for whistleblowers?

The law protects individuals from reprisal for reporting potential misconduct or alleged criminal activities. Reprisal can come in the form of a prohibited personnel practice which occurs when a person with authority takes, fails to take or threatens to take a personnel action against an employee because of the employee’s protected disclosure and can include details, transfers, reassignments, and significant changes in duties, responsibilities, or working conditions.

Q: Are hotline callers automatically considered whistleblowers? 

No, whether or not a hotline caller is considered a whistleblower depends first on whether the hotline caller has made a protected disclosure. The caller may be entitled to whistleblower protection if he or she indicates that a personnel action was taken because of the protected disclosure. Under the Whistleblower Protection Act, the Office of Special Counsel may receive and investigate claims for whistleblower protection from federal employees, former federal employees, and applicants for federal employment. In addition, OIG offers confidentiality or anonymity to any individual who contacts the hotline and fears retaliation because of the disclosure. In 2013, Congress created a pilot program whereby employees of contractors and grantees who allege they are retaliated against for whistleblowing can request an investigation by the OIG, and in these cases, OIG does determine whether a complainant qualifies as a whistleblower and whether retaliation occurred because of the whistleblowing activity.

We were told by State/OIG that in 2014, the office processed 1,278 Hotline complaints for the calendar year.  We understand that this is generally in line with the amount of complaints the OIG processed in 2013.  However, a significant portion of the OIG complaints reportedly pertain to visa issues, and those complaints are sent to Consular Affairs for appropriate response and action.  Occasionally, the office also receive complaints that do not pertain to Department of State or Broadcasting Board of Governors matters – i.e. Veteran’s Affairs, Department of Justice, Health and Human Services, etc. Those submissions are referred to the appropriate Office of Inspector General and are not counted in State/OIG’s tally of “processed Hotline complaints”.

Some notable whistleblowers have been brought to life on the big screen.  Check out the top 10 whistleblower movies via http://www.WatchMojo.com:

Come visit again, bookmark da blog!

 

UPDATE:

“A Concerned FS Officer” sent us the following for your consideration, appended to this post on 2/9/15 at 15:47 PST:

While “retaliation” is officially forbidden, it is close to impossible to prove. Assignments, for example, are at the Dept’s discretion, needs of the service, etc. and it can just be a coincidence that your whistleblowing and your assignment to the butthole of the world coincide. Same of course for the black hole of promotions.

Once you are a troublemaker, er, whistleblower, be prepared for a non-retaliatory “routine” deep dive into your life. Suddenly there’s a need to audit your travel vouchers back to the Dulles era, DS needs to update your clearance based on info received you can’t see, that sort of thing. All of those moves are well-within the Dept’s routine responsibilities and you’ll never prove they’re connected to your talking to the OIG.

If you are contemplating blowing the whistle, speak to a qualified, outside lawyer first. AFSA has its place, but you need serious advice from someone familiar with the real-world case law, not just Dept practices.

 

Related items:

 

 

Benghazi Select Committee Invites DS Greg Starr (Again) and IG Steve Linick to Hearing #2

– Domani Spero

 

The House Select Committee on Benghazi had its inaugural hearing on September 17 (see Battle For Benghazi in WashDC:  Vroom Vroom Your Search Engines Now or Just Drink Gin). That hearing’s topic was “Implementation of the Accountability Review Board Recommendations” and the committee had as witnesses, DS Greg Starr, the Assistant Secretary for Diplomatic Security, and Mark J. Sullivan and Todd Keil, chairman and member respectively of the The Independent Panel on Best Practices. The Accountability Review Board Recommendations were issued for the State Department and not a task just for Diplomatic Security. For whatever reason, Mr. Starr, one bureau’s assistant secretary was invited to answer agency implementation questions from the Select Committee. No deputy secretary or under secretary was available to answer questions from the Hill?

On November 21, the House Intel Committee released its final Benghazi Report.

 

The Select Committee on Benghazi issued the following statement on the declassification of the House Intelligence Committee’s Benghazi Report:

“The Select Committee on Benghazi received the Intelligence Committee’s report on the Benghazi terrorist attack months ago, and has reviewed it along with other Committee reports and materials as the investigation proceeds. It will aid the Select Committee’s comprehensive investigation to determine the full facts of what happened in Benghazi, Libya before, during and after the attack and contribute toward our final, definitive accounting of the attack on behalf of Congress.”

 

Some fellow over there said that the report is full of crap.

 

Also, apparently, other GOP lawmakers, and Benghazi survivors were fuming over the House report and were not happy with the Intel Committee’s chairman, Republican Rep. Mike Rogers. Uh-oh.

So crap or not, the Benghazi Select Committee is charging on.  The Committee will have a second hearing on “Reviewing Efforts to Secure U.S. Diplomatic Facilities and Personnel.” This time, the Committee will appropriately hear from Assistant Secretary Starr. By the way, where can we place bets on how many times A/S Starr will be invited to speak to the Committee before this is over in 2017?  Because you know this won’t be over until after the 2016 elections; poor fellow was not even working at the State Department when the Benghazi attack happened.

A/S Starr will be joined by State Department Inspector General Steve Linick for this hearing.  We think this is Mr. Linick’s first appearance before Congress following his confirmation.

Wed, 12/10/2014 – 10:00am
HVC-210

Topic: Reviewing Efforts to Secure U.S. Diplomatic Facilities and Personnel

Witnesses:

  • Greg Starr, Assistant Secretary for Diplomatic Security
  • Steve Linick, Inspector General, Department of State

The hearing page is here.

 * * *

 

 

 

 

 

Office of Inspector General Adds Evaluations and Special Projects Office, Launches New Website

– Domani Spero

 

The State Department Office of Inspector General has been recruiting and hiring new staffers the last several months. The latest change is the addition of a new directorate and the relaunching of its website.  The snazzy, new website includes a video with IG Steve Linick.  The new site also includes a better search function to locate reports by category, topic, location or bureau/office.

Screen Shot 2014-10-30 at 9.18.21 PM
New org chart below. Note that Emilia DiSanto is no longer in an acting capacity but has been formally appointed as IG Linick’s deputy.

Screen Shot 2014-10-20

 

Perhaps the most notable addition is that of Evaluation and Special Projects:

The Office of Evaluations and Special Projects (ESP) was established in 2014 to strengthen OIG’s oversight of the Department and BBG, and to improve OIG’s capabilities to meet statutory requirements of the Whistleblower Protection Enhancement Act of 2012. ESP will fulfill OIG’s whistleblower protection duties by educating Department and BBG employees and contractors on the protections from retaliation for disclosing fraud, waste, or abuse. ESP is also responsible for reviewing allegations of administrative misconduct by senior officials, and issuing management alerts to highlight urgent need for corrective actions and capping reports on thematic areas of concern. Additionally, ESP is responsible for special evaluations and reviews, including responses to congressional inquiries. The work of this new office complements the work of OIG’s audits, investigations, and inspections by developing a capacity to focus on broader, systemic issues.

ESP has issued a Management Alert on Grant Management Deficiencies (MA-14-03), which highlights significant deficiencies in Department grants management oversight. It also produced a Review of Selected Internal Investigations Conducted by the Bureau of Diplomatic Security (ESP-14-01), which examined allegations of undue influence and favoritism in eight high-profile internal investigations conducted by the Bureau of Diplomatic Security (DS).

Also, the new website includes the State OIG Winners for 2014 CIGIE Annual Awards including an Award of Excellence in Investigation for an Individual that went to Special Agent Jeff Whitney:

The Office of Investigations received the Award of Excellence in Investigations, Individual awarded to Special Agent (SA) Jeff Whitney for his exceptional performance in the conduct of investigations supporting contingency operations in Southwest Asia and the protection of high-risk Department resources. SA Whitney led two complex investigations in Kabul, Afghanistan, which resulted in a $1.7 million cost savings to the Department and a combined debarment of at least 26 contractor entities. These investigations involved schemes relating to bid rigging, antitrust violations, bribery, conflict of interest, and violations of the Procurement Integrity Act. SA Whitney diligently and effectively worked with prosecutors from the Department of Justice and Special Agents from the Federal Bureau of Investigations, Special Inspector General for Afghanistan Reconstruction and the Defense Criminal Investigative Service to interview several witnesses and subjects, write and serve multiple search warrants and travel to dangerous environments within Afghanistan in order to accomplish investigative objectives. SA Whitney also met with numerous Department and Embassy Officials to aide them in their efforts to improve their processes to ensure these types of schemes are not replicated in the future.

Check it out!

* * *

 

 

 

 

Don’t Give Up On Us Baby: State Dept OIG Writes Back on Leadership and Management

– Domani Spero

 

In the years that we’ve blogged about the State Department and the Foreign Service, we’ve covered the Office of Inspector General (OIG) quite a bit.  The complaints that reports to the OIG were ignored or forwarded to other parts of the bureaucracy are not new.  We have readers bending our ears about that specific issue for years.

Recently, we had a Burn Bag submission saying “The OIG can’t and won’t save us. They stress, the Bureaus, not the OIG, should be the “bad leadership police.”

That is troubling, yes?  To paraphrase the Dalai Lama, if people lose hope, that’s your real disaster. If employees start thinking and feeling that their institution do not care about them, how soon before the employees stop caring about their institution?

So we sent the following questions to the Office of Inspector General:

Is it true that complaints or allegations of bad leadership or mismanagement are forwarded by the OIG to the bureaus to handle?

Do you think that the bureaus are equipped to police their own ranks?

Who do you go to if you have complaints about mismanagement at the bureau level?

If top officials are not accountable for their bad leadership or mismanagement and as these officials are reassigned from one post to the next, doesn’t this build a negative impact on morale and ultimately on the institution?

I am trying to understand why the OIG, which is often, the last resort in many of these cases, does not think effective management and leadership is a priority as he embarks on his new tenure at State?

Yesterday, we received the following response:

 

Oops, excuse me, that’s Hutch’s 1977 smash-hit single. If you don’t remember him, that’s because I’m officially an oldster protected by ADEA.  And he’s that fellow from the original Starsky and Hutch.

 

Here’s the official OIG response, republished below in full:

Leadership and management are challenges for the Department and an oversight priority for the Office of Inspector General (OIG). IG Linick has discussed leadership and management issues directly with the Secretary and the Deputy Secretary for Management and Resources. Each of the divisions within OIG play a role, often collaborating to hold the Department accountable for ineffective leadership and mismanagement.

OIG’s Office of Investigations (INV) learns of ineffective leadership or management through Hotline reports, from our Office of Inspections (ISP), and in the course of its own investigations. INV addresses complaints about Department leadership and management in a number of different ways. OIG investigators conduct initial reviews of mismanagement involving fraud, waste, abuse, administrative misconduct, or retaliation against whistleblowers, for example, and refer matters to the Department of Justice when there is evidence of possible criminal or civil violations.

There are, however, circumstances that prompt OIG to refer leadership and management concerns to the Department. If, for instance, a complainant’s allegations relate to a personnel matter, such as allegations that an official used abusive language with subordinates, OIG may notify appropriate Department officials about the alleged perpetrator so that they may take action. Thus, if such a complaint were about a COM or DCM, OIG would notify the relevant Assistant Secretary and Director General. Matters referred to the Department are monitored for appropriate follow-up. In other circumstances, when warranted, OIG will send investigators to look into the allegations directly.

OIG’s Office of Investigations notifies OIG inspectors of allegations or complaints about leadership and management at posts and bureaus to help ISP prioritize its work and to identify areas that should be assessed during formal inspections. OIG monitors compliance with its recommendations and brings them to the attention of Congress through formal and informal means. ISP evaluates the effectiveness of leadership and management in the course of its inspections, and it may move up scheduling of a post’s inspection when these types of concerns surface in survey results or by other means.

Over the years, ISP has made recommendations to the Department aimed at improving Department-wide leadership and management issues, such as recommendations that the Department develop directives on leadership or management principles, conduct 360-degree surveys on its leaders, enhance First And Second Tour (FAST) mentoring, and be more innovative in providing sustained leadership and management training to Foreign Service Officers throughout their careers. The Department has already adopted some of OIG’s major recommendations, such as updating the Foreign Affairs Manual to address leadership. It has also begun to conduct its first 360-degree survey of COMs.

 

We  appreciate State/OIG’s effort  to address our questions. We hope this is helpful to our readers. We will have a follow-up post later on.

* * *

 

 

 

 

 

 

State/OIG Files Report to Congress, Wassup With the In-Depth Review Over CBS News Allegations?

– Domani Spero

 

The State Department’s Office of the Inspector General submitted its first semi-annual report to Congress under Steve Linick last March. The report which summarizes OIG’s work during the period October 1, 2013, through March 31, 2014 was not published online until June 2014. Looking at the investigative data from the previous report ending on September 30, 2013, you will note that the OIG registered 182 less complaints this reporting cycle. Employee misconduct is steady at 4% while conflict of interest cases were down from 17% to 4%.  Embezzlement and theft cases went from 8% to 15% and contracts and procurement fraud went from 63% to 70%.

Extracted from Semi-Annual Report, March 2014

Extracted from Semi-Annual Report, State/OIG, March 2014

 

Below is the investigative data from the previous report ending on September 30, 2013:

OIG_SA_report Sept 2013

In the report ending September 30, 2013, State/OIG told Congress it was conducting an in-depth review of Diplomatic Security’s investigative process.  This was in connection with last year’s allegations that several recent investigations were influenced, manipulated, or simply called off by senior State Department officials. (See CBS News: Possible State Dept Cover-Ups on Sex, Drugs, Hookers — Why the “Missing Firewall” Was a Big Deal).

The Office of Investigations (INV) is conducting an independent oversight review of certain investigations conducted by the Bureau of Diplomatic Security, Office of Investigations and Counterintelligence, Special Investigations Division (DS/ICI/SID). This is an in-depth review of the DS/ICI/SID investigations to assess the adequacy of the investigative process.

The current OIG report ending on March 31, 2014 makes no mention of the status or disposition of this investigation. That CBS News story broke in June 2013, so we’re now a year into this and still counting.

Oops, wait! A statement provided to CBS News by the Inspector General’s office on June 2013 said:

OIG does not comment on drafts of reports.

On its own initiative, OIG Office of Investigations has been conducting its own independent review of the allegations made. This is our standard procedure.

We staffed it independently and appropriately and they were people hired specific for this review at the end of 2012. They are on staff. We staffed it with the best people we can find at hand to do the job.

DS does not speak for us.

End of 2012 and isn’t it now July 2014?  So — wassup with that?

Mr. Linick’s report to Congress also notes that he has initiated the practice of sending out management alerts to senior Department of State and Broadcasting Board of Governors (BBG) officials in order to identify high-risk systemic issues requiring prompt attention and risk mitigation. He told Congress that to-date, OIG has issued two management alerts: one addressing significant vulnerabilities in the management of contract files with a combined value of $6 billion and the other addressing recurring weaknesses in the Department’s information-security program.  That’s a great initiative; that means the senior officials will not have an excuse to say later on that they were not alerted to issues that need their attention.

He also writes that the OIG goal is clear — “to act as a catalyst for effective management, accountability, and positive change for the Department, BBG, and the foreign affairs community.”

And that’s a lovely goal and all,really, except that Mr. Linick’s OIG — all together now — no longer issue the Inspector’s Evaluation Reports (IERs) for senior officials during the IG inspections at overseas missions!

No more IERs included in the official performance files (OPF), no more IERs for review by promotion boards, thus, no more IERs to potentially derail promotions.

Ambassador Franklin “Pancho” Huddle who previously served as U.S. Ambassador to Tajikistan and spent five years as a senior OIG inspector at the State Department told us:

“When OIG dumped their IERs, they dumped their ability to make a real difference.” 

Boom!

When asked if we can quote him, he said, “I didn’t survive one of history’s deadliest skyjackings not to go on record.”

Ambassador Huddle and his wife survived the hijacking and the crash of  Ethiopian Airlines Flight 961, considered the deadliest hijacking involving a single aircraft before the 9/11 attacks.  He  said that he earned three promotions directly related to favorable IERs done by the OIG. He now trains special forces which “put a premium on honest appraisals.”

What he said about making a real difference — anyone want to top that?

* * *

-03/31/14   Semiannual Report to the Congress October 1, 2013 to March 31, 2014  [11136 Kb] Posted on June 23, 2014

 

 

 

 

 

 

 

 

 

 

 

Who killed King Joffrey? And what about the State Dept’s “missing” $6 billion?

– Domani Spero

We recently posted about that $6 Billion Alert. What Does The Spox Say? Goring-ding-ding-ding … “Grossly Inaccurate” But …. On April 3, WaPo went with State Department inspector general issues alert over $6 billion in contracting money.  On April 4, TheBlaze.com reported that The State Department Has Lost Track of More Than $6Billion. On April 4, Washington Free Beacon has State Department Misplaced $6B Under Hillary Clinton. On April 6, Fox News (blog) screamed $6 Billion Went Missing From Hillary Clinton’s State Department …. Also on April 6, the Examiner.com – ‎reported State Department $6 billion missing: ‘Creates conditions conducive to fraud’.  On April 8, ABC News (blog) added a twist with Blackwater Named in State Department Probe, Spent $$ on Pricey  On April 9, AllGov has State Dept. Can’t Locate Files for $6 Billion Worth of Contracts. Russia’s RIA Navosti found itself an expert and ran with $6 Bln Vanished from US State Department Due to Corruption – Expert.

Finally ….

 

 

On April 13, ten days after WaPo first reported the $6 billion contracts and just when we could not stop talking about ‘The Lion And The Rose’ episode of ‘Game Of Thrones‘, State/OIG’s Steve Linick wrote to the editors of WaPo “about the State Department’s “missing” $6 billion:

WaPo, Sunday, April 13

The April 3 news article “State Department’s IG issues rare alert” reported on the management alert issued recently by my office. In the alert, we identified State Department contracts with a total value of more than $6 billion in which contract files were incomplete or could not be located. The Post stated, “The State Department’s inspector general has warned the department that $6 billion in contracting money over the past six years cannot be properly accounted for . . . . ”

Some have concluded based on this that $6 billion is missing. The alert, however, did not draw that conclusion. Instead, it found that the failure to adequately maintain contract files — documents necessary to ensure the full accounting of U.S. tax dollars — “creates significant financial risk and demonstrates a lack of internal control over the Department’s contract actions.”

Steve Linick, Washington

The writer is inspector general for the U.S. Department of State and Broadcasting Board of Governors.

 

* * *

Enhanced by Zemanta

$6 Billion Alert. What Does The Spox Say? Goring-ding-ding-ding … “Grossly Inaccurate” But ….

– Domani Spero

 

Last week, State/OIG issued a Management Alert on Contract File Management Deficiencies at the State Department. The Alert is reportedly intended to well, alert senior Department management to the serious nature of this issue and provides “recommendations to assist in eliminating or mitigating those vulnerabilities.” The main thing is this:

“In sum, over the past 6 years, our audit work has uncovered significant contract file management deficiencies in Department contracts/task orders with a total value of more than $6 billion.”

The alert dated March 20, 2014 was addressed to the Under Secretary for Management Patrick F. Kennedy and the Assistant Secretary of Administration Joyce A. Barr. The signatory of this Management Alert is not State/OIG Steve Linick but three of the four Assistant Inspector Generals of State/OIG namely: Norman P. Brown, Assistant Inspector General for AuditsRobert B. Peterson, Assistant Inspector General for Inspections;  Anna S. Gershman, Assistant Inspector General for Investigations.  Mr. Brown has been AIG since July 2013, Mr. Peterson since 2003, and Ms. Gershman since 2011.  The official response to this alert is dated March 28, 2014 from Ms. Barr who as head of the Bureau of Administration reports to Mr. Kennedy at “M.” Ms. Barr has been “A” since 2011.  Mr. Kennedy has been “M” since 2007.

Do you know why it took six years for this alert to be issued? And how is it that this alert is not addressed to the State Department’s Deputy Secretary for Management and Resources Heather Higginbottom?

Since $6 billion is a lot of resources spent, it made a huge splash – described as “lost,” “missing,” “misplaced,” “lacks files,” or “not totally sure” where the money went.

It made the Daily Press Briefing, of course:

QUESTION: Marie, do you have any comment on the OIG report that was made public today on the $6 billion?

MS. HARF: I do. Just give me one second. Well, reports that there is a $6 billion that can’t be accounted for are grossly inaccurate. The OIG’s report noted that there were a number of incomplete files for our contracts and that these contracts’ cumulative value was about 6 billion. As highlighted in our response to the OIG, this is an issue of which the Department is aware and is taking steps to remedy. It’s not an accounting issue. I think it’s more like a bureaucratic issue. But it’s not that we’ve lost $6 billion, basically.

On March 20th, our new Inspector General did issue a management alert on contract file management deficiencies. The Bureau of Administration responded with a plan to address their three recommendation. Those are all posted on the IG’s web page now.

QUESTION: So how much money can you not account for if it’s not 6 billion?

MS. HARF: I have no idea.
[…]
QUESTION: But it’s way less than 6 billion? I mean, you said it was grossly inflated.

MS. HARF: Grossly inaccurate. Uh-huh.

QUESTION: Okay. So do – you must have –

QUESTION: What’s a rounded-up figure –

MS. HARF: I’m not – no –

QUESTION: You must have an estimate of what it is if you have an understanding –

MS. HARF: It’s my understanding that it’s not an accounting issue. It’s not that we can’t account for money. So I don’t – I’m not sure that there’s any money that we can’t account for.

QUESTION: So how is it grossly inaccurate, then?

MS. HARF: Because it’s not that there’s $6 billion we can’t account for. They said there were incomplete files –

QUESTION: Right.

MS. HARF: — and that the files were – their cumulative value for those contracts was about $6 billion. So it’s a filing issue. It’s not a “we lost money” issue.

QUESTION: So you’re sure that you know where all that money is even though you acknowledge that the files are not complete?

MS. HARF: I – that’s my understanding, yes. But again, all of this is posted on the IG’s website in much more detail.

QUESTION: But —

MS. HARF: I don’t have the $6 billion.

QUESTION: Yeah. I mean, I just – (laughter) – it sounds like it may be more of a distinction without a difference, saying it’s an accounting error, like maybe —

MS. HARF: No, because the notion that we can’t find $6 billion, right, would mean that it’s an accounting issue, that somehow we lost money that – you can understand why when people hear that they think that it means we’ve lost $6 billion. That’s my understanding that that’s not the case.

QUESTION: Yes, please. I mean, regarding this IG issue, it’s like every other day something is coming out of —

MS. HARF: IG’s been very busy, apparently.

QUESTION: Yeah. I mean, because there was no IG before, no five years.

MS. HARF: We have a new IG, yep.

QUESTION: Yeah, it came on September. Yeah. I mean, I’m trying to figure out – I mean, when he’s like – when you say grossly and inaccurate, does he presenting these things with information or just like a number?

MS. HARF: Yeah. So the way the IG works in general – and I don’t have the details about their methodology here – is they are independent and they undertake independent reviews, some I understand that are done just routinely, some I think are in response to people submitting things to them. And in general, after the IG does a draft report they submit it to either the post overseas or the office here or the bureau that deals with it so they can have a chance to review it and comment on it and to begin implementing recommendations, if there are any that they think are helpful. So there’s a process here. Then they eventually release the final report that sometimes takes into account comments, sometimes they disagree. We have a variety of ways to respond.

QUESTION: The reason I am asking because these things are related more about overseas activities and contracts. Does the State Department officially – when you say grossly inaccurate, are you going to say what is accurate?

MS. HARF: Yes. And as I said, our response and the entire report is up on the IG’s website. I’m happy to dig into it a little bit more. But yes, we do. I mean, that’s why we give responses and they’re published.

A good excuse to post this again:

Below are some of the cases specified in the $6 billion State/OIG alert:

  • A recent OIG audit of the closeout process for contracts supporting the U.S. Mission in Iraq revealed that contracting officials were unable to provide 33 of 115 contract files requested in accordance with the audit sampling plan.  The value of the contracts in the 33 missing files totaled $2.1 billion.
  • Forty-eight of the 82 contract files received did not contain all of the documentation required by FAR 4.8. The value of the contracts in the 48 incomplete files totaled an additional $2.1 billion.
  • An ongoing OIG audit of Bureau of African Affairs contracts revealed that CORs were unable to provide complete contract administration files for any of the eight contracts that were reviewed. The value of these contracts totaled $34.8 million.
  • In two joint audits conducted with DoD OIG,5 we found that, for two task orders valued in excess of $1 billion, the Bureau of International Narcotics and Law Enforcement Affairs had neither ensured that the COR for the Civilian Police contract in Afghanistan established or maintained contracting files that were complete and easily accessible, nor finalized and fully implemented standard operating procedures for maintaining COR files.
  • A joint audit with SIGIR,  we reviewed four task orders from the Worldwide Personal Protective Services II contract, with an estimated total cost of $1 billion as of May 29, 2008, and found that COR files maintained in both Washington, DC, and Baghdad, Iraq, were not accessible, complete, or maintained in accordance with Department policy.
  • One investigation revealed that a contract file did not contain documentation reflecting that modifications and task orders were awarded to the company owned by the spouse of a contractor employee performing as a Contract Specialist for the contract. This contract was valued at $52 million.  (Note: We think this is the relevant case – Former State Department Contract Employee And Husband Plead Guilty To $53 Million Fraud)
  • In another investigation, OIG found that a CO falsified Government technical review information and provided the contractor with contract pricing information. The related contract file was not properly maintained and for a period of time was hidden by the CO. This contract was valued at $100 million.
  • In a third investigation, OIG found that a COR allowed the payment of $792, 782 to a contractor even though the contract file did not contain documents to support the payment. Furthermore, an additional OIG investigation revealed that the contract file was missing a COR appointment letter required by FAR 1.602-2 (d).
  • COR files for a $2.5 million contract lacked status reports and a tally of the funds expended and remaining on the contract. OIG discovered other instances in which contract files lacked contract performance documentation and COR appointment and training certification; CORs failed to maintain technical information and performance records needed to monitor contractor performance; and COR filing systems were disorganized.

 

The Management Alert issued concludes that “The failure to enforce those requirements exposes the Department to significant financial risk and makes OIG oversight more difficult. It creates conditions conducive to fraud, as corrupt individuals may attempt to conceal evidence of illicit behavior by omitting key documents from the contract file. It impairs the ability of the Department to take effective and timely action to protect its interests, and, in turn, those of taxpayers. Finally, it limits the ability of the Government to punish and deter criminal behavior.”

If these contract documents were never completed, what is there to file? If these were filed but misplaced, how do you find files that date back to 2008 for instance on the Worldwide Personal Protective Services II contract in Iraq? Also, without accurate files how do we even know that “It’s not a “we lost money” issue?” 

This is the second Management Alert issued by State/OIG under Steve Linick this year. We have not been able to locate previous management alerts issued by any of his predecessors as Inspector Generals of the State Department.  Perhaps they’re available, not just to the public. But this scrub down is smart.  Every new sheriff should do it. We’re also looking forward to the next alert. It’ll tell us where the new IG is looking under the hood.

* * *

Related items:

-03/31/14   Management Alert – Contract File Management Deficiencies (MA-A-0002)  [1768 Kb]  Posted online April 3, 2014

-01/13/14   Mgmt Alert on OIG Findings of Significant and Recurring Weaknesses in the Dept of State Info System Security Program (MA-A-0001)  [6298 Kb]  Posted online January 16, 2014

 

 

 

 

 

 

 

 

 

 

Enhanced by Zemanta