DHS OIG, OIG-21-63, CBP Continues to Experience Challenges Managing Searches of Electronic Devices at Ports of Entry - Law Enforcement Sensitive (REDACTED) (2021)

DHS OIG

Section: CBP Continues to Experience Challenges Managing Searches of Electronic Devices at Ports of Entry - Law Enforcement Sensitive (REDACTED)

Effective: 9/23/2021

Bluebook Citation: DHS OIG, OIG-21-63, CBP Continues to Experience Challenges Managing Searches of Electronic Devices at Ports of Entry - Law Enforcement Sensitive (REDACTED) (2021)

(cid:47)(cid:36)(cid:58)(cid:3)(cid:40)(cid:49)(cid:41)(cid:50)(cid:53)(cid:38)(cid:40)(cid:48)(cid:40)(cid:49)(cid:55)(cid:3)(cid:54)(cid:40)(cid:49)(cid:54)(cid:44)(cid:55)(cid:44)(cid:57)(cid:40)(cid:3) CBP Continues to Experience Challenges Managing Searches of Electronic Devices at Ports of Entry (REDACTED) (cid:58)(cid:68)(cid:85)(cid:81)(cid:76)(cid:81)(cid:74)(cid:29)(cid:3)(cid:55)(cid:75)(cid:76)(cid:86)(cid:3)(cid:71)(cid:82)(cid:70)(cid:88)(cid:80)(cid:72)(cid:81)(cid:87)(cid:3)(cid:76)(cid:86)(cid:3)(cid:47)(cid:68)(cid:90)(cid:3)(cid:40)(cid:81)(cid:73)(cid:82)(cid:85)(cid:70)(cid:72)(cid:80)(cid:72)(cid:81)(cid:87)(cid:3)(cid:54)(cid:72)(cid:81)(cid:86)(cid:76)(cid:87)(cid:76)(cid:89)(cid:72)(cid:3)(cid:11)(cid:47)(cid:40)(cid:54)(cid:12)(cid:17)(cid:3)(cid:39)(cid:82)(cid:3)(cid:81)(cid:82)(cid:87)(cid:3)(cid:71)(cid:76)(cid:86)(cid:87)(cid:85)(cid:76)(cid:69)(cid:88)(cid:87)(cid:72)(cid:3)(cid:82)(cid:85)(cid:3) (cid:70)(cid:82)(cid:83)(cid:92)(cid:3)(cid:87)(cid:75)(cid:76)(cid:86)(cid:3)(cid:85)(cid:72)(cid:83)(cid:82)(cid:85)(cid:87)(cid:3)(cid:90)(cid:76)(cid:87)(cid:75)(cid:82)(cid:88)(cid:87)(cid:3)(cid:87)(cid:75)(cid:72)(cid:3)(cid:72)(cid:91)(cid:83)(cid:85)(cid:72)(cid:86)(cid:86)(cid:72)(cid:71)(cid:3)(cid:90)(cid:85)(cid:76)(cid:87)(cid:87)(cid:72)(cid:81)(cid:3)(cid:70)(cid:82)(cid:81)(cid:86)(cid:72)(cid:81)(cid:87)(cid:3)(cid:82)(cid:73)(cid:3)(cid:87)(cid:75)(cid:72)(cid:3)(cid:50)(cid:73)(cid:73)(cid:76)(cid:70)(cid:72)(cid:3)(cid:82)(cid:73)(cid:3)(cid:44)(cid:81)(cid:86)(cid:83)(cid:72)(cid:70)(cid:87)(cid:82)(cid:85)(cid:3) (cid:42)(cid:72)(cid:81)(cid:72)(cid:85)(cid:68)(cid:79)(cid:17)(cid:3)(cid:3)(cid:3) (cid:47)(cid:36)(cid:58)(cid:3)(cid:40)(cid:49)(cid:41)(cid:50)(cid:53)(cid:38)(cid:40)(cid:48)(cid:40)(cid:49)(cid:55)(cid:3)(cid:54)(cid:40)(cid:49)(cid:54)(cid:44)(cid:55)(cid:44)(cid:57)(cid:40) September 23, 2021 OIG-21-63 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security Washington, DC 20528 / www.oig.dhs.gov September 23, 2021 MEMORANDUM FOR: Troy Miller FROM: SUBJECT: Senior Official Performing the Duties of the Commissioner U.S. Customs and Border Protection Joseph V. Cuffari, Ph.D. Inspector General JOSEPH V CUFFARI Digitally signed by JOSEPH V CUFFARI Date: 2021.09.20 13:47:08 -04'00' CBP Continues to Experience Challenges Managing Searches of Electronic Devices at Ports of Entry – Law Enforcement Sensitive For your action is our final report, CBP Continues to Experience Challenges Managing Searches of Electronic Devices at Ports of Entry – Law Enforcement Sensitive. We incorporated the formal comments provided by your office. The report contains five recommendations aimed at improving U.S. Customs and Border Protection’s (CBP) searches of electronic devices at ports of entry program. Your office concurred with all five recommendations.

Based on information provided in your response to the draft report, we consider recommendations 1, 2, 3, and 5 open and resolved. Once your office has fully implemented the recommendations, please submit a formal closeout letter to us within 30 days so that we may close the recommendations. The memorandum should be accompanied by evidence of completion of agreed- upon corrective actions and of the disposition of any monetary amounts. We consider recommendation 4 open and unresolved.

As prescribed by the Department of Homeland Security Directive 077-01, Follow-Up and Resolutions for the Office of Inspector General Report Recommendations, within 90 days of the date of this memorandum, please provide our office with a written response that includes your (1) agreement or disagreement, (2) corrective action plan, and (3) target completion date for each recommendation. Also, please include responsible parties and any other supporting documentation necessary to inform us about the current status of the recommendation. Until your response is received and evaluated, the recommendations will be considered open and unresolved. Please send your response or closure request to [email protected]. www.oig.dhs.gov LAW ENFORCEMENT SENSITIVE LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security Consistent with our responsibility under the Inspector General Act of 1978, as amended, we will provide copies of our report to congressional committees with oversight and appropriation responsibility over the Department of Homeland Security.

We will post a redacted version of the report on our website. Please call me with any questions, or your staff may contact Bruce Miller, Deputy Inspector General for Audits, at (202) 981-6000. Attachment cc: Executive Assistant Commissioner, Office of Field Operations, CBP www.oig.dhs.gov LAW ENFORCEMENT SENSITIVE LAW ENFORCEMENT SENSITIVE DHS OIG HIGHLIGHTS CBP Continues to Experience Challenges Managing Searches of Electronic Devices at Ports of Entry September 21, 2021 What We Found Why We Did This Audit The Trade Facilitation and Trade Enforcement Act of 2015 (TFTEA) requires U.S. Customs and Border Protection (CBP) to establish standard operating procedures (SOP) for searching, reviewing, retaining, and sharing information in communication, electronic, or digital devices at U.S. ports of entry (POE). TFTEA also requires the Department of Homeland Security Office of Inspector General to conduct three annual audits to determine to what extent CBP conducted searches of electronic devices at POEs in accordance with its SOPs.

This is the second audit in the series. What We Recommend We made five recommendations to improve CBP’s oversight of searches of electronic devices at POEs. For Further Information: Contact our Office of Public Affairs at (202) 981-6000, or email us at [email protected] CBP’s Office of Field Operations (OFO) continues to experience challenges managing searches of electronic devices, like those identified in our first audit report, CBP’s Searches of Electronic Devices at Ports of Entry, issued in December 2018. Specifically, OFO did not properly document and conduct searches of electronic devices, fully assess the effectiveness of the electronic device search program, or adequately manage electronic device search equipment.

This occurred because, although it plans to do so, OFO has not yet fully implemented corrective actions for four of the five recommendations in our previous audit report, including establishing training for staff. According to an OFO official, there have been delays fully implementing the prior recommendations due to reviews of existing policy and a capabilities analysis report, and the need to develop additional training. In addition, OFO did not have adequate processes for auditing electronic device searches, track prosecutions and convictions resulting from referrals to other Federal agencies, or adequately monitor search equipment usage, functionality, and inventory. Unless it corrects previously identified deficiencies and better manages searches and equipment, OFO will limit its ability to detect and deter illegal activities related to terrorism; national security; human, drug, and bulk cash smuggling; and child pornography.

CBP Response CBP concurred with all five recommendations. www.oig.dhs.gov OIG-21-63 LAW ENFORCEMENT SENSITIVE LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security Table of Contents Background .................................................................................................... 2 Results of Audit .............................................................................................. 8 CBP Continues to Experience Challenges Managing Searches of Electronic Devices ................................................................................. 8 Recommendations .........................................................................................

17 Appendixes Appendix A: Objective, Scope, and Methodology ................................. 20 Appendix B: CBP Comments to the Draft Report .................................. 22 Appendix C: Potential Monetary Benefits ............................................. 26 Appendix D: Previously Reported Recommendations and Status for CBP’s Searches of Electronic Devices at Ports of Entry, OIG-19-10, December 3, 2018 .........................................

27 Appendix E: Report Distribution .......................................................... 29 Abbreviations ATS Automated Targeting System CBP DOMEX EMR U.S. Customs and Border Protection Document and Media Exploitation electronic media report LSSD OFO POE SIP SOP Laboratories and Scientific Services Directorate Office of Field Operations port of entry Self-Inspection Program standard operating procedure www.oig.dhs.gov OIG-21-63 LAW ENFORCEMENT SENSITIVE LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security Background The mission of U.S. Customs and Border Protection (CBP) is to protect the American people, safeguard our borders, and enhance the Nation’s economic prosperity. CBP’s Office of Field Operations (OFO) is responsible for carrying out this mission at 328 ports of entry (POE). CBP officers conduct initial, primary examinations and inspections of travelers arriving at POEs to determine their identity, citizenship, and admissibility.

During primary inspection, CBP officers review travelers’ passports and other documents to determine whether to admit travelers to the United States. If at the primary inspection the CBP officer determines additional inspection is needed, the traveler may be referred to secondary inspection. Travelers may be referred to a secondary inspection for reasons such as suspicion of terrorist involvement, smuggling, possession of prohibited or restricted items, or a traveler’s presence on lookout lists.1 During a secondary inspection, CBP officers may search travelers’ electronic devices, such as computers, tablets, drives, or mobile phones, to determine admissibility or violations of law. Secondary inspections may include a basic search or both a basic and an advanced search.

For basic searches, the CBP officer manually reviews information stored on the traveler’s electronic devices, such as photos, text messages, and call logs. Officers may refer a traveler for a basic search due to inconsistencies in a traveler’s responses to officers’ questions, suspicious behavior, or intelligence analysis indicating criminal activity.2 An advanced search, started as a pilot project called Document and Media Exploitation (DOMEX) in 2007, occurs when CBP officers connect external equipment, through wired or wireless connections, to a traveler’s electronic devices to gain access, review, copy, and analyze the contents. Figure 1 shows the traveler process through basic and advanced searches. 1 A “lookout” is used to indicate a record represents (usually) a person of interest, to be encountered at a border location.

Lookouts may be against persons, conveyances, documents, or any other entity CBP may encounter. Lookouts may be available through automated support tools or may be issued manually, if needs dictate. 2 CBP officers at POEs have access to different databases that include records relevant to the anti-terrorism and law enforcement mission of CBP and numerous other Federal agencies it supports. www.oig.dhs.gov OIG-21-63 2 LAW ENFORCEMENT SENSITIVE LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security Figure 1. Traveler Process Flow through Basic and Advanced Searches Source: DHS Office of Inspector General (OIG) analysis of CBP data According to a May 2019 memorandum,3 absent approval from the Director of Field Operations,4 an officer may only conduct an advanced search if the traveler is: (cid:120) (cid:120) 3 Weekly Muster for CBP Officers, May 13, 2019, Office of Field Operations, Tactical Operations Division.

4 If an advanced search is conducted on a traveler’s device who does not fall within the listed categories, the Director of Field Operations approval is required. All other advanced searches require GS-14 and equivalent approval. www.oig.dhs.gov OIG-21-63 3 LAW ENFORCEMENT SENSITIVE LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security (cid:120) (cid:120) (cid:120) Prior to conducting these searches, CBP officers provide travelers written notification (referred to as a tear sheet) describing the search purpose, CBP’s authority to conduct the search, and how the individual may obtain more information and report concerns. These searches may occur during any inbound or outbound search pursuant to CBP’s border search authority. In fiscal year 2018, OFO processed more than 413 million travelers arriving at U.S. POEs and conducted an estimated 33,062 basic and advanced electronic device searches of those inbound travelers (.008 percent).

In FY 2019, CBP processed more than 414 million travelers and conducted an estimated 40,610 basic and advanced electronic device searches of those inbound travelers (.010 percent).

A CBP

Director reported that costs directly associated with basic and advanced electronic device searches in FYs 2018 and 2019 were $355,358 and $489,715, respectively.5 Since 2007, OFO has expanded the DOMEX (advanced search) pilot program from 4 to 133 POEs. CBP uses multiple types of DOMEX equipment depending on the specific ( traveler device searched. CBP officers use the triage tool ( ) for searches of computers (Figure 2) and the ) ( ) for mobile phones, and subscriber identification modules, commonly referred to as SIM cards (Figure 3). CBP must purchase and annually renew licenses with the vendor to ensure each unit of equipment has a warranty, support, maintenance, and software upgrades.

5 These totals include equipment, licenses, and travel costs for field audits. www.oig.dhs.gov 4 LAW ENFORCEMENT SENSITIVE OIG-21-63 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security Figure 2. Example of Figure 3. Example of Equipment Used for Advanced Searches of Computers Source: CBP Equipment Used for Advanced Searches of Mobile Devices Source: DHS OIG photo During advanced searches, CBP officers copy information from the traveler’s device to the search equipment. The CBP officer uploads the copied information to CBP’s Automated Targeting System (ATS)6 to be further analyzed against existing information.

The DOMEX equipment ( and information from CBP’s ATS provide real-time feedback of any identified derogatory information to the inspecting CBP officer. CBP officers then analyze the information to help detect evidence related to terrorism and other national security matters, human and bulk cash smuggling, contraband, child pornography, and financial crimes. CBP sometimes refers travelers’ devices and information obtained from devices to other Federal agencies, such as U.S. Immigration and Customs Enforcement and the Federal Bureau of Investigation. and ) The Trade Facilitation and Trade Enforcement Act of 2015 (TFTEA), P.L. 114- 125, enacted February 24, 2016, requires CBP to establish standard operating procedures (SOP) for searching, reviewing, retaining, and sharing information contained in communication, electronic, or digital devices encountered at POEs. CBP must review and update its SOPs every 3 years.7 To meet this requirement, CBP developed CBP Directive No. 3340-049A, Border Search of Electronic Devices (Directive) as the primary SOP for searches of electronic 6 CBP's ATS is a decision support tool that compares traveler, cargo, and conveyance information against law enforcement, intelligence, and other enforcement data using risk-based scenarios and assessments.

7 Trade Facilitation and Trade Enforcement Act of 2015, Pub. L. No. 114-125, 130 Stat. 122, Sec. 802 (k)(4), (codified as 6 U.S.C. § 211(k)(4 . www.oig.dhs.gov 5 LAW ENFORCEMENT SENSITIVE OIG-21-63 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security devices at POEs. To provide additional guidance, CBP has also issued a series of memoranda to reiterate policy for conducting and documenting searches. CBP’s Directive requires CBP officers to fully document all information related to searches of electronic devices.

CBP uses a module in the TECS system of record8 called the Inspection Operations of Electronic Media, also known as an electronic media report (EMR), to document border searches of electronic devices. The EMR provides information surrounding the search, such as device details, type of device search performed, and the officer’s inspection remarks. According to POE personnel, CBP officers receive training on conducting electronic device basic and advanced searches from POE field training officers. Also, POE personnel stated that training is primarily conducted through post academy training, on the job training, and through dissemination of memoranda and job aides reiterating CBP’s Directive requirements.

For advanced searches using DOMEX equipment, officers must be DOMEX- certified. Basic searches have no formal training requirement, and no mandatory refresher training currently exists for basic or advanced searches. OFO has oversight and monitoring mechanisms to ensure compliance with CBP’s Directive, including monthly EMR reviews, OFO annual internal audits, and the annual Self-Inspection Program (SIP) conducted by CBP’s Office of Accountability, Management Inspections Division. Monthly EMR reviews ensure the search reason, type, details, and disposition are properly documented.

The annual audits include verifying data connections are disabled prior to searches, DOMEX equipment is accounted for and secured, and travelers' information copied on thumb drives is immediately deleted. The SIP monitors CBP’s performance, including CBP border searches of electronic devices program, operations, and offices. TFTEA requires the Department of Homeland Security OIG to conduct three annual audits to determine whether CBP conducts searches of electronic devices in compliance with established SOPs and include the following information, shown in Table 1, and further described throughout this report: (cid:120) a description of the activities of CBP officers and agents with respect to searches; the number of searches; (cid:120) 8 TECS (not an abbreviation) serves as a data repository to support law enforcement “lookouts,” border screening, and reporting for CBP’s primary and secondary inspection processes. www.oig.dhs.gov OIG-21-63 6 LAW ENFORCEMENT SENSITIVE LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security (cid:120) (cid:120) (cid:120) the number of instances that information contained in devices subjected to searches was retained, copied, shared, or entered in an electronic database;9 the number of devices detained as the result of searches; and the number of instances that information collected from devices subjected to searches was transmitted to another Federal agency, including whether transmission resulted in a prosecution or conviction.10 Table 1. Border Searches of Electronic Devices, FYs 2018–2019 Number of Device Searches Total Number of Electronic Device Searches Basic search Advanced search Number of Devices Detained and Referred Number of devices referred to another agency Detained Information collected was transferred to another Federal agency, including transmissions resulting in prosecution or conviction *Information not tracked by OFO Source: DHS OIG analysis of OFO data FY 2018 FY 2019 40,610 35,926 4,684 33,062 29,306 3,756 189 555 193 1,037 * * In our first audit of CBP’s searches of electronic devices at POEs, we reported11 deficiencies in supervision, guidance, equipment management, and performance measures and made five recommendations to improve the program’s effectiveness.

CBP concurred with all five recommendations and has taken some actions to improve oversight, such as streamlining license renewals, developing processes to conduct annual field office reviews, and updating its self-inspection worksheet to better identify deficiencies. As of May 2021, CBP had not fully implemented four of five recommended corrective actions. According to an OFO official, there have been delays fully implementing the prior recommendations due to reviews of existing policy, a capabilities analysis report,12 and the need to develop additional training. See 9 The number of instances equals the total number of electronic device searches conducted each year, as each search must be documented in TECS.

10 Trade Facilitation and Trade Enforcement Act of 2015, Pub. L. No. 114-125, 130 Stat. 122, Sec. 802 (k)(5)(A-E), (codified as 6 U.S.C. § 211(k)(5)(A-E . 11 CBP’s Searches of Electronic Devices at Ports of Entry, OIG-19-10, December 3, 2018. 12 CBP’s July 24, 2019 updated response to OIG-19-10 recommendations stated that CBP’s capability analysis report identifies gaps, training, and procurement capabilities and will aid in establishing the DOMEX program as a program of record. www.oig.dhs.gov OIG-21-63 7 LAW ENFORCEMENT SENSITIVE LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security Appendix D for previously reported corrective actions and their status as of December 2020.

In this report, we present the results of our second of three audits to determine to what extent CBP conducted searches of electronic devices at U.S. ports of entry in accordance with its standard operating procedures. Results of Audit CBP Continues to Experience Challenges Managing Searches of Electronic Devices OFO continues to experience challenges managing searches of electronic devices, like those identified in our first audit report, CBP’s Searches of Electronic Devices at Ports of Entry. Specifically, OFO did not properly document and conduct searches of electronic devices, fully assess the effectiveness of the electronic device search program, or adequately manage electronic device search equipment. This occurred because, although it plans to do so, OFO has not yet fully implemented corrective actions for four of the five recommendations in our previous audit report, including establishing training for staff.

According to an OFO official, there have been delays fully implementing the prior recommendations due to reviews of existing policy and a capabilities analysis report, and the need to develop additional training. In addition, OFO did not have adequate processes for auditing electronic device searches, track prosecutions and convictions resulting from referrals to other Federal agencies, or adequately monitor search equipment usage, functionality, and inventory. Unless it corrects previously identified deficiencies and better manages searches and equipment, OFO will limit its ability to detect and deter illegal activities related to terrorism; national security; human, drug, and bulk cash smuggling; and child pornography. Searches of Electronic Devices Were Not Always Properly Conducted and Documented CBP’s Directive requires CBP officers to include all information related to the search,13 such as whether the device’s wireless data connection was disabled, a 13 CBP’s Directive, Section 5.1.5 and 5.61 states “Searches of electronic devices will be documented in the appropriate CBP systems … Reports must include all information related to the search through the final disposition including supervisory approvals and extensions when appropriate.” www.oig.dhs.gov OIG-21-63 8 LAW ENFORCEMENT SENSITIVE LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security tear sheet was provided, and if a supervisor approved advanced searches.

In instances in which OFO detains or seizes an electronic device, officers document such incidents on DHS Form 6051D, Detention Notice and Custody Receipt for Detained Property14 and DHS Form 6051S, Custody Receipt for Seized Property and Evidence,15 to demonstrate chain of custody. The Directive also tasks supervisors with ensuring officers complete thorough inspections and that all notification, documentation, and reporting requirements are met. OFO did not always adhere to all requirements outlined in the Directive when conducting electronic device searches nor properly document searches. Of the 100 EMRs16 from FYs 2018 and 2019 that we reviewed, 79 had one or more instances of non-compliance, which totaled 139 instances.

Table 2 details the identified areas of non-compliance in the EMRs. We also identified 32 EMRs not approved by a supervisor within 7 days. 14 DHS Form 6051D is used when property is withheld pending a review for admissibility or proper importation or exportation. 15 DHS Form 6051S is used when property is seized for a violation of law or for evidentiary use in an investigation.

16 We selected 100 EMRs completed during FYs 2018-2019 at POEs at ( ), , and at the ( ), POE, as well as at stationing of CBP personnel at designated foreign airports to inspect travelers prior to boarding U.S.-bound flights. These 100 EMRs were judgmentally selected from the total universe of 73,672 EMRs completed during FYs 2018-2019. The selections for review were based on targeted risk factors, such as POEs not selected in the first series audit, volume of electronic device searches, and geographic locations. www.oig.dhs.gov location. Preclearance is the strategic OIG-21-63 9 LAW ENFORCEMENT SENSITIVE LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security Non-Compliance with Directive Table 2.

Non-Compliance Identified in CBP Electronic Media Reports Number of EMRs 7 Did not disable the device’s wireless connection (airplane mode) Did not provide a tear sheet to traveler Insufficient Documentation to Support Compliance Did not indicate whether the device’s data connection was disabled Did not indicate whether a tear sheet was provided Did not indicate a reason the tear sheet was not provided Did not detail chronological sequence of border search Did not indicate supervisory approval for search Did not indicate supervisor presence during advanced search Did not indicate supervisor approved detention of electronic device No evidence of a Form 6051D or Form 6051S Total Instances of Non-Compliance 2 27 10 10 18 4 44 2 15 139* Source: DHS OIG analysis of CBP data *As noted, this total exceeds the number of EMRs reviewed because some EMRs had more than one non-compliance issue. CBP’s Directive also requires CBP officers to document searches of electronic devices in appropriate CBP systems using an EMR in TECS. According to the Directive, EMRs are to be created and updated accurately, thoroughly, and in a timely manner and are to contain all information related to the search through the final disposition, including supervisory approvals and extensions when appropriate. CBP officers should create an EMR for every basic and advanced electronic device search.

However, during site visits17 to , and , POEs, we identified instances in which OFO officials used advanced screening equipment to conduct advanced searches of electronic devices without documenting these searches in TECS. For example, in reviewing 44 DOMEX activity log18 entries from the three POEs, we identified 33 advanced searches that were not documented in TECS. According to OFO officials at these POEs, the searches were related to investigations, maintenance, and training. However, we could not confirm these assertions because OFO did not 17 We conducted a physical site visit at virtual site visits at 18 The activity log captures the start date, end date, transaction type, duration, and status, and device searched. www.oig.dhs.gov devices have activity logs that show when the equipment is used to perform a search. .

Due to the COVID-19 pandemic, we conducted . See Appendix A for additional details. OIG-21-63 and 10 LAW ENFORCEMENT SENSITIVE LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security have controls to ensure all advanced searches were traceable to the officer conducting the search. OFO Has Not Yet Taken Corrective Actions, and Training and Auditing Processes Remain Inadequate We attribute the issues we identified with EMRs to actions OFO has not yet taken to implement our prior recommendations, as well as OFO not complying with all TFTEA training requirements or implementing auditing processes in CBP’s Directive.

Although specific training on border searches is not expressly outlined in the statute, Section 802(l) of TFTEA requires CBP officers to participate in a specified amount of continuing education related to the performance of their duties, which includes searches of electronic devices. Appendix D contains the five recommendations from our prior audit and details on the status of all corrective actions. OFO has completed some corrective actions to implement recommendations from our first audit. Specifically, in that audit, we found that CBP officers were not properly documenting actions, not disabling data connections prior to electronic device searches, and not meeting all Directive requirements.

We recommended that OFO ensure officers properly document their actions when conducting electronic device searches, supervisors adequately and promptly review EMRs and related information, and supervisors oversee disabling data connections prior to electronic device searches. In response to our recommendations, OFO implemented monthly field office reviews of POEs, updated its Self-Inspection Worksheet, and reiterated policy and protocol field guidance. However, also in response to our prior recommendations, OFO planned to advise field offices to conduct daily audits and explore use of automated processes to audit EMRs. According to an OFO official, there have been delays in fully implementing the prior recommendations due to reviews of existing policy and a capabilities analysis report, and the need to develop additional training.

As of January 19, 2021, OFO officials informed OIG that they expected to implement these actions by July 31, 2021. TFTEA requires “… all officers and agents of U.S. Customs and Border Protection to participate in a specified amount of continuing education (to be determined by the Commissioner) to maintain an understanding of Federal legal rulings, court decisions, and departmental policies, procedures, and guidelines.”19 Consistent with TFTEA’s statutory construction, this is a general 19 Trade Facilitation and Trade Enforcement Act of 2015, Pub. L. No. 114-125, 130 Stat. 122, Sec. 802 (l), (codified as 6 U.S.C. § 211(l . www.oig.dhs.gov OIG-21-63 11 LAW ENFORCEMENT SENSITIVE LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security training requirement and not a specific requirement for training related to searches of electronic devices. However, the review, retention, and sharing of information contained in electronic devices at ports of entry are duties performed by OFO as part of its authority to conduct inspections at ports of entry.20 As a result, training and continuing education on border searches of electronic devices is required for compliance with TFTEA’s general training requirement.

OFO has not fulfilled this requirement and instead relied on ad hoc and on-the-job training at POEs, which varied by POE location. Although CBP officials did not interpret the TFTEA training requirement to apply specifically to searches of electronic devices, in response to a prior recommendation, OFO planned to develop a mandatory annual online course for all CBP officers. Finally, CBP’s Directive requires implementing auditing processes to ensure CBP officers’ compliance with the Directive. However, OFO’s SIP did not ensure comprehensive auditing of all electronic device searches, which limited OFO’s ability to ensure officers’ compliance.

First, the SIP did not include a procedure to verify both basic and advanced searches are documented in TECS. Second, CBP’s 2019 and the previous versions of the 2020 SIP cycle did not include all types of searches within its sampling methodology for questions related to providing tear sheets, documenting complete EMR narratives, disabling data connections, and disposing of information. The previous versions included only instances of when devices were detained and did not include reviews of all searches of electronic devices. CBP corrected the 2020 SIP to include all searches in its sampling methodology for all questions except the question related to providing tear sheets.

As noted in Table 1, of the 40,610 electronic device searches conducted in 2019, only 1,037 devices were detained (less than 3 percent). Without adequate training and auditing processes, CBP cannot ensure officers conduct searches of electronic devices responsibly and according to policies, procedures, guidelines, and judicial precedent decisions. Additionally, the absence of accurate and complete documentation for electronic device searches prevents OFO from maintaining reliable quantitative data and from identifying and addressing performance problems. OFO Could Not Fully Evaluate Program Effectiveness OFO did not have sufficient data to fully evaluate the effectiveness of the electronic device search program.

TFTEA requires DHS OIG to report on the number of instances that information collected from searches of electronic 20 See id. Sec. 802 (g)(3)(A)-(G) (codified as 6 USC 2311(g)(3)(A)-(G www.oig.dhs.gov 12 LAW ENFORCEMENT SENSITIVE OIG-21-63 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security devices is transferred to another Federal agency, including whether such transmissions result in prosecution or conviction.21 Additionally, according to CBP’s Directive, the purpose of electronic device searches is, in part, to “help detect evidence relating to terrorism and other national security matters, human and bulk cash smuggling, contraband, and child pornography. [Searches] can also reveal information about financial and commercial crimes, such as those relating to copyright, trademark, and export control violations.” Although OFO tracks the number of electronic devices referred to outside agencies, as shown in Figure 4, it does not track if such transmissions result in prosecutions or convictions. Figure 4. Number of Devices Referred by CBP to Outside Agencies in FY 2019 151 20 13 4 3 2 Homeland Security Investigations State/Local Agencies Federal Bureau of Investigations Drug Enforcement Agency U.S. Secret Service Bureau of Alcohol, Tobacco and Firearms Source: CBP data The Government Accountability Office’s Standards for Internal Control in the Federal Government, September 2014, Sections 15.02 and 16.01, state that management should communicate with and obtain quality information from external parties and establish and operate monitoring activities. According to an OFO official, OFO does not see the benefit of receiving the outcomes of referrals, or tracking prosecutions and convictions, and does not have a system to track or receive this information.

Without tracking final legal disposition of devices and information transferred to other Federal agencies, OFO cannot fully evaluate the program’s effectiveness or whether advanced searches are achieving their intended purpose to detect evidence and identify crimes. 21 Trade Facilitation and Trade Enforcement Act of 2015, Pub. L. No. 114-125, 130 Stat. 122, Sec. 802 (k)(5)(E), (codified as 6 U.S.C. § 211(k)(5)(E . The TFTEA does not explicitly require CBP to track conviction or prosecution data. www.oig.dhs.gov OIG-21-63 13 LAW ENFORCEMENT SENSITIVE LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security In our first audit, we found similar issues with establishing activities to monitor performance measures and indicators.

We recommended that OFO evaluate the program’s effectiveness to determine whether advanced searches were achieving their intended purpose. In response to our recommendation, OFO has begun developing performance measures based on positive enforcement actions resulting from advanced searches and evaluating the program to determine whether advanced searches are achieving the program’s goal. OFO estimates these actions will be completed by October 30, 2021. OFO Did Not Adequately Manage DOMEX Equipment According to the Government Accountability Office’s Standards for Internal Control in the Federal Government, September 2014, Sections 13.01 and 14.01, management is responsible for using quality information to achieve the entity’s objectives and internally communicating the necessary quality information.

However, OFO does not have an effective process to track the usage and inventory of DOMEX equipment throughout POEs. OFO uses a spreadsheet to monitor field office basic and advanced searches. However, the spreadsheet does not track usage by specific DOMEX devices ( not useful in identifying idle equipment. Additionally, EMRs do not capture the specific device used to conduct advanced searches. ) and is or Because OFO does not track usage of equipment or have an effective process for CBP officers to report problems, officers were unaware of advanced search equipment problems.

For example, OFO equipment used to search computers ( ) has not functioned since July 2018 due to network compatibility issues. Because of these technical issues, officers at POEs cannot conduct advanced searches of computers on-site. A CBP official stated that if an officer determines a search of a computer is required, the device must be sent to a CBP Laboratories and Scientific Services Directorate (LSSD) location to perform the search.22 Despite technical issues, OFO renewed the equipment in software licenses for all 2019 and 2020, including for equipment that does not function, at a total cost of $330,629. This occurred because, even though LSSD was aware of the functionality issues in 2018, it did not inform OFO headquarters until 2020.

Further, even after OFO officials became aware of the issues, they proceeded with renewing all licenses for non-functioning OFO renewed software licenses for equipment that did not function. 22 LSSD has eight geographically dispersed locations serving POEs. www.oig.dhs.gov 14 LAW ENFORCEMENT SENSITIVE OIG-21-63 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security equipment. According to OFO officials, as of March 8, 2021, the equipment was still not functioning at POEs. OFO has also experienced distribution inefficiencies with equipment.

For example, the DOMEX Program Manager stated that there is not enough DOMEX equipment at CBP to handle the workload at POEs. However, during our May 2020 site visit at the devices had no usage in their activity logs, as shown in Figure 5. POE, we found some Figure 5. Showing No Recent Activity at Source: OFO photo Additionally, OFO’s DOMEX equipment inventory list does not always match the POEs’ equipment inventory.

For example, OFO’s inventory list incorrectly devices. indicated that the POE had one POE Similarly, OFO’s inventory list incorrectly indicated that the device located at the had a POE. We also found seven inaccurate software licensing expiration dates in OFO’s inventory. See Table 3 for a comparison of OFO’s DOMEX master inventory list to the equipment actually located at the device and did not include an device and two , and , POEs. www.oig.dhs.gov 15 LAW ENFORCEMENT SENSITIVE OIG-21-63 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security Table 3. Comparison of OFO DOMEX Equipment Inventory to Equipment Located at POEs POE OIG Verification Date OFO Inventory* (12/10/2019) Devices at POE During Site Visit Discrepancies OFO Software Licensing Inaccuracies 5/2/2020 2/10/2020 7/30/2020 3 0 2** *According to the DOMEX Program Manager, OFO’s December 10, 2019 DOMEX inventory list was the most up to date at the time of our site visits. ** OFO’s inventory list included a Additionally, the OFO’s inventory list.

POE inventory included an device that was not at the device not included in POE. Source: DHS OIG analysis of CBP data and site visit observations field office purchased equipment This occurred because OFO did not adequately manage equipment used in the searches of the electronic devices program. According to the DOMEX Program Manager, CBP officers at the without notifying or coordinating purchases with OFO headquarters. Also, OFO headquarters did not update its inventory list to remove older model equipment disposed of by the POE.

In another instance, the DOMEX Program Manager stated LSSD issued equipment without OFO headquarters notification and not included in OFO’s inventory. However, an official from LSSD stated that LSSD does not issue or provide DOMEX equipment to POEs. According to the DOMEX Program Manager, once it was field office had acquired new equipment, these discovered that the devices were added to OFO’s inventory list. Since this discovery, the DOMEX Program Manager said that OFO had provided all field offices with a list of approved and compatible DOMEX equipment and requested that field offices notify OFO prior to and after any new equipment acquisitions.

Inadequate oversight by OFO to ensure proper management of search equipment may lead to additional waste and inefficient distribution of devices. Better tracking, inventorying, and distribution of search equipment will ensure POEs have enough equipment to meet mission needs. Additionally, without equipment at POEs, CBP officers cannot conduct advanced functioning searches of computers on-site. This creates unnecessary delays for travelers, consumes additional CBP resources, and has led to wasted funds.

Conclusion In our first audit of CBP’s searches of electronic devices at POEs, we made five recommendations to improve program effectiveness. To address ongoing www.oig.dhs.gov OIG-21-63 16 LAW ENFORCEMENT SENSITIVE LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security challenges identified in this second audit, we are making five additional recommendations. We will continue to monitor open recommendations and progress in our third and final audit in the series to ensure OFO conducts searches of electronic devices according to guidelines and does not limit its ability to detect and deter illegal activities. Recommendations Recommendation 1: We recommend the Executive Assistant Commissioner for the Office of Field Operations implement and enhance controls surrounding the use of electronic device search equipment to ensure advanced searches are traceable to officers conducting the search.

Recommendation 2: We recommend the Executive Assistant Commissioner for the Office of Field Operations establish and require completion of a specified amount of continuing education for officers, as applicable, to maintain an understanding of Federal legal rulings, court decisions, and departmental policies, procedures, and guidelines related to searches of electronic devices. Recommendation 3: We recommend the Executive Assistant Commissioner for the Office of Field Operations revise and enhance the sampling methodology of the Self-Inspection Program, Border Searches of Information Documentation, to include reviews of all types of electronic device searches for questions related to providing tear sheets. Also, the OFO audit processes should include reviews to ensure advanced searches are documented in TECS. Recommendation 4: We recommend the Executive Assistant Commissioner for the Office of Field Operations: a. Suspend the renewal of licenses for nonfunctional equipment, as appropriate. b. Work with the Laboratories and Scientific Services Directorate to resolve equipment functionality issues to ensure ports of entry have functioning search equipment to meet mission needs. c. Develop and implement a process to communicate equipment issues with the Laboratories and Scientific Services Directorate and ports of entry to ensure issues are promptly reported and addressed.

Recommendation 5: We recommend the Executive Assistant Commissioner for the Office of Field Operations develop and implement an improved process to manage advanced search equipment including: 1) tracking DOMEX usage by device to identify idle devices and additional equipment required to meet mission needs and 2) keeping an accurate inventory of DOMEX equipment and licenses. www.oig.dhs.gov 17 LAW ENFORCEMENT SENSITIVE OIG-21-63 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security Management Comments and OIG Analysis CBP concurred with all five recommendations and provided comments to the draft report. We included a copy of CBP’s management comments in their entirety in Appendix B. CBP also provided technical comments to our draft report and we made changes to incorporate these comments as appropriate. Recommendations 1, 2, 3, and 5 are open and resolved and recommendation 4 is open and unresolved. A summary of the Department’s responses and our analysis follows.

CBP Response to Recommendation 1: Concur. OFO and LSSD will deploy the with administrative functions, such as tracking equipment by user. There will also be an associated training for the solution for use at POEs. CBP estimates a completion date of June 30, 2022. solution, which is a software-based network solution OIG Analysis: We consider these actions responsive to the recommendation, which is resolved and open.

The recommendation will remain open until OFO provides documentation to show the deployment of the solution, completion of associated training to POEs, and the capability to track equipment by user. CBP Response to Recommendation 2: Concur. OFO will work with CBP’s Enterprise Services, Office of Training and Development, to develop a mandatory annual virtual learning course on border searches of electronic devices for all CBP officials working at the POEs through the Performance and Learning Management System. CBP estimates a completion date of June 30, 2022.

OIG Analysis: We consider these actions responsive to the recommendation, which is resolved and open. The recommendation will remain open until CBP provides documentation showing development of a mandatory annual virtual learning course on border searches of electronic devices for all CBP officers working at POEs. CBP Response to Recommendation 3: Concur. OFO will update the SIP questions and sample methodology on the worksheet for SIP Cycle 2022 to ensure the SIP assesses areas of non-compliance found during the previous OFO audits, including providing tear sheets.

OFO will also establish baseline criteria for the field offices when conducting compliance reviews, including mechanisms to ensure advanced searches are being properly documented in TECS. CBP estimates a completion date of October 29, 2021. www.oig.dhs.gov 18 LAW ENFORCEMENT SENSITIVE OIG-21-63 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security OIG Analysis: We consider these actions responsive to the recommendation, which is resolved and open. The recommendation will remain open until CBP provides the updated worksheets for the SIP Cycle 2022 and the criteria provided to field offices when conducting compliance reviews. CBP Response to Recommendation 4: Concur.

OFO will work with LSSD to pursue enterprise solutions that enable greater equipment oversight. This includes solution, which provides administrative functions, such as identifying nonfunctional equipment. CBP estimates a completion date of June 30, 2022. OIG Analysis: We consider these actions partially responsive to the recommendation, which is unresolved and open.

CBP plans to pursue solutions that will help identify nonfunctional equipment. However, CBP’s planned actions do not address suspending the renewal of licenses for nonfunctional equipment and resolving the current functionality issues at POEs. The recommendation will remain open until CBP provides evidence of suspending the renewal of licenses for nonfunctional equipment, resolving current functionality issues at POEs, and implementing a process to communicate equipment issues. CBP Response to Recommendation 5: Concur.

OFO and LSSD will deploy the provides specific administrative functions designed to facilitate equipment management, including tracking and keeping an accurate inventory of DOMEX devices. CBP estimates a completion date of June 30, 2022. solution and associated training, at the POEs, which OIG Analysis: We consider these actions responsive to the recommendation, which is resolved and open. The recommendation will remain open until CBP provides documentation showing the deployment of the solution, completion of associated training at POEs, and the capability to track equipment usage and keep an accurate inventory of DOMEX devices. www.oig.dhs.gov 19 LAW ENFORCEMENT SENSITIVE OIG-21-63 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security Appendix A Objective, Scope, and Methodology The Department of Homeland Security Office of Inspector General was established by the Homeland Security Act of 2002 (Public Law 107(cid:239)296) by amendment to the Inspector General Act of 1978. This audit is the second of three audits required by TFTEA.

We conducted this audit to determine to what extent CBP conducted searches of electronic devices at U.S. POEs in accordance with its SOPs. For the purposes of this audit, our scope was limited to OFO’s operations in conducting searches of electronic devices at POEs in FYs 2018 and 2019. We also included select information from FY 2020, such as license renewals for equipment. To achieve our audit objective, we reviewed the TFTEA, CBP Directive 3340- 049A, Border Searches of Electronic Devices (January 4, 2018), and CBP memorandums and policy documents related to electronic searches at POEs.

We also reviewed prior OIG and external reports. We interviewed CBP officials from headquarters, Office of Chief Counsel, Management Inspection Division, and LSSD; CBP officers, supervisors, DOMEX Program Manager, and field training officers; POE leadership; and Passenger Analytical Unit officers. We conducted site visits at the POEs at POE. At airports, and the , we conducted physical inspections of and equipment used to conduct advanced searches of electronic devices, and interviewed port officials, and toured facilities.

Site visits at were conducted virtually due to the COVID-19 global pandemic and included interviews with port officials and virtual inspections of equipment. Equipment information collected during these virtual inspections was corroborated with other documentary evidence. We reviewed contract documents and software licensing agreements related to equipment. We conducted a verification review of the corrective actions taken to address the five audit recommendations in the OIG’s previous audit report (OIG-19-10).

We also analyzed CBP data to report the total number of border searches of electronic devices; the number of instances in which information contained in such devices was retained; the number of devices detained as a result of the searches; and the number of instances information collected from devices was transmitted to another Federal agency, as required by TFTEA. We judgmentally selected and reviewed 100 EMRs completed between January 2018 and October 2019 at , , , and , and POEs. These 100 EMRs were judgmentally selected from the total universe of www.oig.dhs.gov 20 LAW ENFORCEMENT SENSITIVE OIG-21-63 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security 73,634 EMRs completed during FYs 2018 and 2019. The selections for review were based on targeted risk factors such as POEs not selected in the first series audit, volume of electronic device searches, and geographic locations.

We judgmentally selected and reviewed 44 activity log entries for DOMEX equipment at the , internal audits, reviews, and SIP results. POEs. We also reviewed CBP , and We assessed the reliability of the data received from OFO pertaining to searches of electronic devices at POEs. We obtained direct access to the TECS system of record and pulled EMRs directly from it.

We also held walkthroughs of applicable systems, interviewed knowledgeable officials about the data, and performed limited testing of the statistical data reported in CBP’s systems. For information and documents obtained remotely, we corroborated information as necessary to determine reliability. Based on the procedures performed, we determined the data is sufficiently reliable for purposes of the audit. In planning and performing our audit, we identified the internal control components and underlying internal control principles as significant to our audit objective.

All internal control components were significant to the audit objectives including Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring. We assessed the design, implementation, and operating effectiveness of the controls significant to CBP conducting searches of electronic devices according to SOPs. We identified internal control deficiencies that could affect CBP's ability to effectively and efficiently operate and to ensure compliance with TFTEA and associated SOPs. We discussed these internal control deficiencies in the body of this report.

However, because we limited our review to internal control components and underlying principles associated with CBP’s searches of electronic devices, other internal control deficiencies may have existed at the time of our audit. We conducted this performance audit between November 2019 and March 2021 pursuant to the Inspector General Act of 1978, as amended, and according to generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based upon our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based upon our audit objectives. www.oig.dhs.gov 21 LAW ENFORCEMENT SENSITIVE OIG-21-63 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security Appendix B CBP Comments to the Draft Report www.oig.dhs.gov 22 LAW ENFORCEMENT SENSITIVE OIG-21-63 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security www.oig.dhs.gov 23 LAW ENFORCEMENT SENSITIVE OIG-21-63 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security www.oig.dhs.gov 24 LAW ENFORCEMENT SENSITIVE OIG-21-63 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security www.oig.dhs.gov 25 LAW ENFORCEMENT SENSITIVE OIG-21-63 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security Appendix C Potential Monetary Benefits Funds to be Put to Better Use is calculated as the software license renewal in August 2020. , which is the cost of Classification of Monetary Benefits Finding Rec.

No. Funds to Be Put to Better Use Questioned Costs – Unsupported Costs Questioned Costs – Other Total Software License Renewal Total $0 $0 $0 $0 Source: DHS OIG analysis of CBP data www.oig.dhs.gov 26 LAW ENFORCEMENT SENSITIVE OIG-21-63 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security Appendix D Previously Reported Recommendations and Status, CBP’s Searches of Electronic Devices at Ports of Entry, OIG-19-10, December 3, 2018 Recommendation 1: We recommend the Executive Assistant Commissioner for the Office of Field Operations ensure its officers properly document their actions when conducting searches of electronic devices, and supervisors provide adequate and prompt review of electronic media reports and related information. Status as of December 11, 2020: OFO concurred with the recommendation and implemented monthly field office reviews of POEs, updated its Self- Inspection Worksheet, and disseminated additional field guidance to reiterate policy and protocol. OFO planned to prepare a mandatory annual online course for all CBP officers, advise field offices to conduct daily audits, and explore the use of automated processes to conduct audits of EMRs. In an email update to DHS OIG on December 11, 2020, OFO estimated the actions not yet taken would be completed by July 31, 2021.

Recommendation 2: We recommend the Executive Assistant Commissioner for the Office of Field Operations ensure supervisors oversee the disabling of data connections prior to conducting searches of electronic devices. Status as of December 11, 2020: OFO concurred with the recommendation and implemented monthly field office reviews of POEs, updated its Self- Inspection Worksheet, and disseminated additional field guidance to reiterate policy and protocol. OFO planned to prepare a mandatory annual online course for all CBP officers. In an email update to DHS OIG on December 11, 2020, OFO estimated the actions not yet taken would be completed by July 31, 2021.

Recommendation 3: We recommend the Executive Assistant Commissioner for the Office of Field Operations ensure all equipment used during advanced searches is accounted for and all software licenses are renewed expeditiously. Status as of December 11, 2020: OFO concurred with the recommendation and implemented monthly field office reviews of POEs, disseminated additional field guidance to reiterate policy and protocol, updated its Self- Inspection Worksheet to include additional questions that address storing electronic media in a secure area, and streamlined the license renewal process by having the renewal for all equipment at the same time each year to avoid any lapses in license validations. OFO implemented the recommended corrective actions on November 21, 2019. www.oig.dhs.gov OIG-21-63 27 LAW ENFORCEMENT SENSITIVE LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security Recommendation 4: We recommend the Executive Assistant Commissioner for the Office of Field Operations ensure that travelers’ copied information is immediately deleted from thumb drives after successful upload to the Automated Targeting System. Status as of December 11, 2020: OFO concurred with the recommendation and implemented monthly field office reviews of POEs, updated its Self- Inspection Worksheet, and disseminated additional field guidance to reiterate policy and protocol.

OFO also planned to prepare a mandatory annual online course for all CBP officers. In an email update to DHS OIG on December 11, 2020, OFO estimated the actions not yet taken would be completed by July 31, 2021. Recommendation 5: We recommend the Executive Assistant Commissioner of the Office of Field Operations: a) Develop and implement performance measures for the advanced searches of electronic devices pilot program. b) Evaluate the effectiveness of the pilot program to determine whether the advanced searches are achieving the program’s intended purpose. c) Work with the Commissioner of U.S. Customs and Border Protection to evaluate the performance of Office of Field Operations in the advanced searches of electronic devices pilot program and, based on the results of such evaluation, decide whether to discontinue or establish it as a permanent program of record. Status as of December 11, 2020: OFO concurred with the recommendation and began developing performance measures based on positive enforcement actions resulting from advanced searches and evaluating the program to determine whether advanced searches are achieving the program’s intended purpose.

OFO also planned to finalize transformation of the DOMEX program to a national program of record. In an email update to DHS OIG on May 10, 2021, OFO estimated the actions would be completed by October 30, 2021. www.oig.dhs.gov 28 LAW ENFORCEMENT SENSITIVE OIG-21-63 LAW ENFORCEMENT SENSITIVE OFFICE OF INSPECTOR GENERAL Department of Homeland Security Appendix E Report Distribution Department of Homeland Security Secretary Deputy Secretary Chief of Staff Deputy Chiefs of Staff General Counsel Executive Secretary Director, GAO/OIG Liaison Office Under Secretary, Office of Strategy, Policy, and Plans Assistant Secretary for Office of Public Affairs Assistant Secretary for Office of Legislative Affairs CBP Component Liaison Office of Management and Budget Chief, Homeland Security Branch DHS OIG Budget Examiner Congress Congressional Oversight and Appropriations Committees www.oig.dhs.gov 29 LAW ENFORCEMENT SENSITIVE OIG-21-63 LAW ENFORCEMENT SENSITIVE ADDITIONAL INFORMATION AND COPIES To view this and any of our other reports, please visit our website at: www.oig.dhs.gov. For further information or questions, please contact Office of Inspector General Public Affairs at: [email protected]. Follow us on Twitter at: @dhsoig.

OIG HOTLINE

To report fraud, waste, or abuse, visit our website at www.oig.dhs.gov and click on the red "Hotline" tab. If you cannot access our website, call our hotline at (800) 323-8603, fax our hotline at (202) 254-4297, or write to us at: Department of Homeland Security Office of Inspector General, Mail Stop 0305 Attention: Hotline 245 Murray Drive, SW Washington, DC 20528-0305 LAW ENFORCEMENT SENSITIVE

Chat with this agency guidance using AI

Ask CiteLaw's AI Navigator anything about this agency guidance, verify citations, and research related authorities. Sign up for CiteLaw free today to get started.