Customs Service: Internal Control Weaknesses Over Deletion of Certain Law
Enforcement Records (Letter Report, 08/21/98, GAO/GGD-98-187).
Pursuant to a congressional request, GAO reviewed the internal control
techniques the Customs Service has in place to safeguard certain law
enforcement records in the Treasury Enforcement Communications System
(TECS) from being inappropriately deleted.
GAO noted that: (1) Customs did not have adequate internal controls over
the deletion of TECS lookout records; (2) standards issued by the
Comptroller General require that: (a) key duties and responsibilities in
authorizing, processing, recording, and reviewing transactions should be
separated among individuals; (b) internal control systems and all
transactions and other significant events should be clearly documented;
and (c) supervisors should continuously review and approve the assigned
work of their staffs; (3) however, guidance on TECS does not require
these safeguards and Customs officials at the three ports GAO visited
had not implemented these controls; (4) as a result, Customs employees
could inappropriately remove lookout records from TECS; and (5) although
GAO's review was limited to Customs headquarters, their Custom
Management Centers, and three ports of entry, because of the lack of
adequate system wide internal control standards over deletion authority,
it is possible that TECS lookout records may not be adequately
safeguarded in other ports of entry as well.
--------------------------- Indexing Terms -----------------------------
REPORTNUM: GGD-98-187
TITLE: Customs Service: Internal Control Weaknesses Over Deletion
of Certain Law Enforcement Records
DATE: 08/21/98
SUBJECT: Customs administration
Internal controls
Law enforcement information systems
Federal records management
Smuggling
Drug trafficking
Search and seizure
IDENTIFIER: Treasury Enforcement Communications System
******************************************************************
** This file contains an ASCII representation of the text of a **
** GAO report. Delineations within the text indicating chapter **
** titles, headings, and bullets are preserved. Major **
** divisions and subdivisions of the text, such as Chapters, **
** Sections, and Appendixes, are identified by double and **
** single lines. The numbers on the right end of these lines **
** indicate the position of each of the subsections in the **
** document outline. These numbers do NOT correspond with the **
** page numbers of the printed product. **
** **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced. Tables are included, but **
** may not resemble those in the printed version. **
** **
** Please see the PDF (Portable Document Format) file, when **
** available, for a complete electronic file of the printed **
** document's contents. **
** **
** A printed copy of this report may be obtained from the GAO **
** Document Distribution Center. For further details, please **
** send an e-mail message to: **
** **
** **
** **
** with the message 'info' in the body. **
******************************************************************
Cover
================================================================ COVER
Report to the Honorable
Dianne Feinstein, U.S. Senate
August 1998
CUSTOMS SERVICE - INTERNAL CONTROL
WEAKNESSES OVER DELETION OF
CERTAIN LAW ENFORCEMENT RECORDS
GAO/GGD-98-187
Law Enforcement Records
(264443)
Abbreviations
=============================================================== ABBREV
CMC - Customs Management Center
SCO - System Control Officer
TECS - Treasury Enforcement Communications System
Letter
=============================================================== LETTER
B-279230
August 21, 1998
The Honorable Dianne Feinstein
United States Senate
Dear Senator Feinstein:
You asked us to conduct a broad review of the drug enforcement
operations of the U.S. Customs Service along the Southwest border of
the United States. This report is one of several that we have issued
in response to your request.\1 This report discusses the results of
our evaluation of the internal control techniques Customs has in
place to safeguard certain law enforcement records in the Treasury
Enforcement Communications System (TECS) from being inappropriately
deleted.
As part of our review, we examined records designated by Customs as
containing lookout data, which identify persons and vehicles known or
suspected of illegal activity. TECS is designed to enable Customs
inspectors to compare records containing lookout data with persons
and vehicles entering the United States during primary screening
inspections at ports of entry. Matches found during this comparison
process can lead to a secondary inspection, with an intensive search
and the arrest of the person and seizure of the vehicle and other
property if drugs or other contraband are discovered during the
search. TECS lookout records at ports of entry can be very important
to law enforcement efforts to detect smuggled narcotics crossing the
border. For example, the value of a lookout record was recently
demonstrated when Customs inspectors seized 112 pounds of cocaine
from a vehicle arriving from Mexico. A thorough inspection of the
vehicle was performed because of the active TECS lookout record on
the vehicle, leading to the discovery of 46 packages of cocaine.
In developing the information in this report, we (1) interviewed key
officials and reviewed TECS internal control documents at Customs'
headquarters and at three Customs Management Centers (CMC) located
along the Southwest border and (2) visited three ports of entry:
Otay Mesa, CA; Nogales, AZ; and Laredo, TX. We selected the Otay
Mesa port of entry because it was of specific interest to you. We
selected Laredo because it is the busiest cargo port of entry on the
Southwest border, and we selected Nogales to provide information on a
smaller, yet busy port of entry. At each port, we interviewed key
officials to obtain information on chains of authority for the
deletion of records from TECS; reviewed TECS internal control
documents; and observed Customs inspectors' use of TECS.
We requested comments on a draft of this report from the Secretary of
the Treasury. These comments are discussed near the end of this
letter. We performed our work between February 1998 and July 1998 in
accordance with generally accepted government auditing standards.
--------------------
\1 Customs Service Drug Interdiction: Internal Control Weaknesses
and Other Concerns With Low-Risk Cargo Entry Programs
(GAO/GGD-98-175, July 31, 1998); Customs Service: Process for
Estimating and Allocating Inspectional Personnel (GAO/GGD-98-107,
Apr. 30, 1998); and Customs Service: Information on Southwest
Border Drug Enforcement Operations (GAO/GGD-97-173R, Sept. 30,
1997).
RESULTS IN BRIEF
------------------------------------------------------------ Letter :1
Customs did not have adequate internal controls over the deletion of
TECS lookout records. Standards issued by the Comptroller General\2
require that (1) key duties and responsibilities in authorizing,
processing, recording, and reviewing transactions should be separated
among individuals; (2) internal control systems and all transactions
and other significant events should be clearly documented, and the
documentation should be readily available for examination; and (3)
supervisors should continuously review and approve the assigned work
of their staffs. However, Customs guidance on TECS does not require
these safeguards and Customs officials at the three ports we visited
had not implemented these controls. As a result, Customs employees
could inappropriately remove lookout records from TECS.
Although our review was limited to Customs headquarters, three CMCs,
and three ports of entry, because of the lack of adequate systemwide
internal control standards over deletion authority, it is possible
that TECS lookout records may not be adequately safeguarded in other
ports of entry as well. Accordingly, this report recommends that
Customs develop and implement guidance and standards to help ensure
adequate internal controls over the deletion of TECS lookout records.
--------------------
\2 Standards for Internal Controls in the Federal Government, United
States General Accounting Office (1983). Although these standards
remain conceptually sound and are used throughout the federal
government, they are currently being updated and enhanced to (1)
recognize recent internal control evaluation guidance developed by
the private sector with our assistance and the assistance of other
organizations and (2) give greater recognition to the increasing use
of information technology.
BACKGROUND
------------------------------------------------------------ Letter :2
A major goal of Customs is to prevent the smuggling of drugs into the
country by attempting to create an effective drug interdiction,
intelligence, and investigation capability that disrupts and
dismantles smuggling organizations. Although Customs inspectors have
the option to conduct examinations of all persons, cargo, and
conveyances entering the country, the inspectors may selectively
identify for a thorough inspection those that they consider high risk
for drug smuggling. This identification is generally done through
the use of databases available to Customs, such as TECS.
TECS is designed to be a comprehensive enforcement and communications
system that enables Customs and other agencies to create or access
lookout data when (1) processing persons and vehicles entering the
United States; (2) communicating with other computer systems, such as
the Federal Bureau of Investigation's National Crime Information
Center; and (3) storing case data and other enforcement reports. In
addition to Customs, TECS has users from over 20 different federal
agencies, including the Immigration and Naturalization Service; the
Bureau of Alcohol, Tobacco and Firearms; the Internal Revenue
Service; and the Drug Enforcement Administration.
The TECS network consists of thousands of computer terminals that are
located at land border crossings along the Canadian and Mexican
borders; sea and air ports of entry; and the field offices of
Customs' Office of Investigations and the Bureau of Alcohol, Tobacco
and Firearms. These terminals provide access to records and reports
in the TECS database containing information from Customs and other
Department of the Treasury and Department of Justice enforcement and
investigative files.\3
--------------------
\3 In March 1998, Treasury's Office of Inspector General reported
that, despite improvements made during fiscal year 1997, security
weaknesses continued to exist that could allow for unauthorized
modification and deletion of data in customs' computer systems,
including those for law enforcement activities.
HOW TECS RECORDS ARE USED AT
LAND BORDER PORTS OF ENTRY
---------------------------------------------------------- Letter :2.1
According to the TECS user manual, all TECS users (e.g., Customs
inspectors and special agents) can create and query subject records,
which consist of data on persons, vehicles, aircraft, vessels,
businesses or organizations, firearms, and objects. According to
TECS Data Standards, records should be created when the subject is
deemed to be of law enforcement interest. This interest may be based
on previous violations, such as drug smuggling or suspicion of
violations, or subjects that are currently or potentially of
investigative interest. One of the reasons for creating a TECS
lookout record is to place a person or vehicle in the system for
possible matching at Customs' screening locations, such as land
border ports of entry. For example, if a vehicle's license plate
that was placed on lookout for possible drug smuggling were later
matched during a primary inspection\4 at a land border port of entry,
that vehicle could be referred for additional scrutiny at a secondary
inspection.\5
Inappropriate deletions of TECS lookout records could negatively
affect Customs' ability to detect drug smuggling. Although
inspectors have the option to conduct a thorough examination of all
persons, cargo, and conveyances entering the country, they
selectively identify for a thorough inspection only those that they
consider high risk for drug smuggling. This identification is
generally done through the use of databases available to Customs,
such as TECS. Inspectors also rely on their training and experience
to detect behavior that alerts them to potential drug violators. If
lookout records have been inappropriately deleted, inspectors will
have less information or less accurate information on which to make
their decisions.
--------------------
\4 Primary inspection is the initial screening by Customs inspectors
of vehicles and persons that enter U.S. ports of entry.
\5 Secondary inspection may include searching a person or vehicle for
narcotics.
TECS ADMINISTRATIVE CONTROL
STRUCTURE
---------------------------------------------------------- Letter :2.2
The TECS administrative control structure consists of a series of
System Control Officers (SCO) at various locations, including Customs
headquarters, CMCs, and ports around the country. These SCOs are
responsible for authorizing and controlling TECS usage by all of the
users within the network. A national SCO has designated other SCOs
at Customs headquarters for each major organization (e.g., Office of
Investigations, Field Operations, and Internal Affairs) who, in turn,
have designated regional SCOs who have named SCOs at each CMC and
Office of Investigations field office. In some instances, SCOs have
been appointed at the port of entry and Office of Investigations
suboffice level. Consequently, the SCO chain is a hierarchical
structure with each user assigned to a local SCO who, in turn, is
assigned to a regional SCO, and so on up to the national level.
One of an SCO's primary duties is to establish User Profile Records
on each user. User Profile Records identify the user by name, social
security number, position, duty station, and telephone number. They
also identify the social security number of the user's supervisor,
the SCO's social security number, and the TECS applications that the
user is authorized to access. SCOs at the various levels have
certain system authorities they can pass on to other users. For
example, the record update level is a required field in the User
Profile Record that indicates the user's authority to modify or
delete records. SCOs can only assign to a user the level that they
have, or a lower level. According to the TECS user manual, record
update levels include the following:
1. Users can only modify or delete records they own (i.e., the user
created the records or received them as a transfer from the previous
owner).
2. Users can modify or delete any record within their specific
Customs sublocation, such as a port of entry, thereby ignoring the
ownership chain;\6 the user does not have to be the owner of the
record.
3. Users can modify or delete any record owned by anyone in their
ownership chain.
4. Users can modify or delete any record in the Customs Service,
thereby ignoring the ownership chain.
5. Users have a combination of levels two and three.
9.\7 Users can modify or delete any user's record in the database.
--------------------
\6 The ownership chain normally consists of, but is not restricted to
(1) the record owner, (2) the owner's supervisor, and (3) the owner's
SCO.
\7 There are no record update levels six, seven, or eight. These
levels are reserved for future use, if needed.
CUSTOMS GUIDANCE ON
CREATING, MODIFYING, AND
DELETING TECS RECORDS
---------------------------------------------------------- Letter :2.3
According to Customs TECS officials, when a TECS user creates a
record and enters it into the system, the user's supervisor is
automatically notified of the entry. All records must be viewed by
the supervisor. The supervisor must approve the record, and the
record must be linked to supporting documentation, such as a
Memorandum of Information Received.
According to the TECS user manual, TECS users can modify and delete
records that they own, and on the basis of the record update level in
their User Profile Record, may modify and delete the records of other
users as follows:
-- If the users are supervisors or SCOs with the proper record
update level (three or five), they may modify and delete the
records owned by users in their supervisory or SCO chain.
-- If the users' record update level (two, four, or five) allows,
they may modify and delete the records created or owned by other
users in a specific Customs sublocation, such as a port of
entry.
No other controls or restrictions are written in the TECS user manual
or any other document that we reviewed.
WEAK INTERNAL CONTROLS OVER THE
DELETION OF TECS RECORDS
------------------------------------------------------------ Letter :3
The Federal Managers' Financial Integrity Act of 1982 required, among
other items, that we establish internal control standards that
agencies are required to follow (see 31 U.S.C. 3512). The resulting
Comptroller General's standards for internal controls in the federal
government contain the criteria we used to assess Customs' controls
over the deletion of lookout records from TECS. During our review,
we identified three areas of control weakness: separation of duties,
documentation of transactions, and supervision.
SEPARATION OF DUTIES
---------------------------------------------------------- Letter :3.1
The Comptroller General's internal control standards require that key
duties and responsibilities in authorizing, processing, recording,
and reviewing transactions should be separated among individuals. To
reduce the risk of error, waste, or wrongful acts or to reduce the
risk of their going undetected, no one individual should control all
key aspects of a transaction or event. Rather, duties and
responsibilities should be assigned systematically to a number of
different individuals to ensure that effective checks and balances
exist. Key duties include authorizing, approving, and recording
transactions and reviewing or auditing transactions.
Customs' current policy authorizes a wide variety of people within
and outside of an individual's supervisory and SCO chain to
individually delete the records that another individual owns without
any checks and balances (e.g., concurrence by another person). This
situation increases risk because, as one SCO that we interviewed told
us, the more individuals--supervisors, SCOs, or others--with the
required record update levels there are, the more vulnerable TECS is
to having records inappropriately altered or deleted. According to
the TECS user manual, supervisors, SCOs, and other users with the
proper record update level may delete TECS records that they do not
own. Moreover, we noticed a range in the number of individuals who
were authorized to individually delete others' records at the three
CMCs and three ports we visited. For example, the Southern
California CMC had 1 official--the SCO--with the authority to delete
others' records, while the Arizona CMC had 41
individuals--supervisors, SCOs, and others--with that authority. In
addition, 1 of the ports we visited (Nogales) had 22 individuals with
the authority to delete any record within their port without the
record owner's or anyone else's permission. In these instances, many
individuals, by virtue of their status as a supervisor or SCO or
because they possessed the required record update level, were able to
delete records with no checks and balances in evidence.
DOCUMENTATION OF
TRANSACTIONS
---------------------------------------------------------- Letter :3.2
The Comptroller General's standards require that internal control
systems and all transactions and other significant events are to be
clearly documented, and that the documentation is to be readily
available for examination. Documentation of transactions or other
significant events should be complete and accurate and should
facilitate tracing the transaction or event and related information
from before it occurs, while it is in process, to after it is
completed.
Neither Customs policies nor the TECS user manual contained standards
or guidance to require that Customs officials document reasons for
the deletion of TECS lookout records. Although TECS can produce
detailed information on what happened to records in the system and
when it happened, there is no requirement that the person deleting
the record is to describe the circumstances that called for the
deletion. Thus, examiners cannot determine from the documentation
whether the deletion was appropriate.
SUPERVISION
---------------------------------------------------------- Letter :3.3
The Comptroller General's standards require that qualified and
continuous supervision is to be provided to ensure that internal
control objectives are achieved. This standard requires supervisors
to continuously review and approve the assigned work of their staffs,
including approving work at critical points to ensure that work flows
as intended. A supervisor's assignment, review, and approval of a
staff's work should result in the proper processing of transactions
and events, including (1) following approved procedures and
requirements; (2) detecting and eliminating errors,
misunderstandings, and improper practices; and (3) discouraging
wrongful acts from occurring or recurring.
Customs had no requirement for supervisory review and approval of
record deletions, although supervisory review and approval were
required for creating TECS records. TECS officials told us that
users could delete records that they own without supervisory
approval. In addition, anyone with a higher record update level than
the record owner, inside or outside of the owner's supervisory and
SCO chain, could also delete any owner's record without obtaining
approval.
CONCLUSIONS
------------------------------------------------------------ Letter :4
TECS lookout records can provide Customs inspectors at screening
areas on the Southwest border with assistance in identifying persons
and vehicles suspected of involvement in drug smuggling. Internal
control weaknesses over deletions of the records may compromise the
value of these tools in Customs' anti-drug smuggling mission.
Most of the CMCs and ports we reviewed had many individuals who were
able to delete TECS records without any checks and balances,
regardless of whether they owned the records or whether they were in
an authorized supervisory or SCO chain of authority. In addition,
Customs' current policy authorizes a wide variety of people within
and outside of an individual's chain of authority the ability to
delete records that other individuals created. The more people
inside or outside of the supervisory or SCO chain of authority who
can delete records without proper checks and balances, the more
vulnerable the records are to inappropriate deletions.
Although our review was limited to Customs headquarters, three CMCs,
and three ports of entry, because of the lack of systemwide (1)
internal control standards concerning deletion authority and (2)
specific guidance concerning the deletion of TECS records that comply
with the Comptroller General's standards for internal controls, it is
possible that TECS lookout records are not adequately safeguarded in
other CMCs and other ports of entry as well.
RECOMMENDATION
------------------------------------------------------------ Letter :5
To better ensure that TECS lookout records are adequately safeguarded
from inappropriate deletion, we recommend that the Commissioner of
Customs develop and implement guidance and procedures for
authorizing, recording, reviewing, and approving deletions of TECS
records that conform to the Comptroller General's standards. These
procedures should include requiring supervisory review and approval
of record deletions and documenting the reason for record deletions.
AGENCY COMMENTS
------------------------------------------------------------ Letter :6
The Treasury Under Secretary for Enforcement provided written
comments on a draft of this report, and the comments are reprinted in
appendix I. Overall, Treasury and Customs management generally
agreed with our conclusions, and the Under Secretary said that
Treasury officials also provided technical comments, which have been
incorporated in the report as appropriate. Customs has begun action
on our recommendation.
Customs recognized that there is a systemic weakness in not requiring
supervisory approval for the deletion of TECS records and not
requiring an explicit reason for the deletion of these records.
Customs agreed to implement the necessary checks and balances to
ensure the integrity of lookout data in TECS.
---------------------------------------------------------- Letter :6.1
We are providing copies of this report to the Chairmen and Ranking
Minority Members of House and Senate committees with jurisdiction
over the activities of the Customs Service, the Secretary of the
Treasury, the Commissioner of Customs, and other interested parties.
Copies also will be made available to others upon request.
The major contributors to this report are listed in appendix II. If
you or your staff have any questions about the information in this
report, please contact me on (202) 512-8777 or Darryl Dutton,
Assistant Director, on (213) 830-1000.
Sincerely yours,
Norman J. Rabkin
Director, Administration
of Justice Issues
(See figure in printed edition.)Appendix I
COMMENTS FROM THE DEPARTMENT OF
THE TREASURY
============================================================== Letter
(See figure in printed edition.)
MAJOR CONTRIBUTORS TO THIS REPORT
========================================================== Appendix II
GENERAL GOVERNMENT DIVISION,
WASHINGTON, D.C.
Darryl W. Dutton, Assistant Director
Barry J. Seltser, Assistant Director; Design, Methodology, and
Technical
Assistance
Sidney Schwartz, Senior Mathematical Statistician; Design,
Methodology,
and Technical Assistance
OFFICE OF THE GENERAL COUNSEL,
WASHINGTON, D.C.
Jan Montgomery, Assistant General Counsel
LOS ANGELES FIELD OFFICE
Brian Lipman, Site Senior
*** End of document. ***