By Sharon Gaudin
Feb 12, 2007
Three to four laptops are lost or stolen from the FBI every month,
according to a report issued this month from the Justice Department's
While 116 FBI laptops were reported lost and 44 were reported stolen in
the last 44 months, the agency is doing better than it was five years
ago, the DOJ's audit said of one of the nation's top investigative
agencies. Another audit, conducted in 2002, showed that in a 28-month
period 300 FBI laptops had been lost and 17 had been stolen.
At least seven of the computers were issued to FBI divisions that handle
some of the most sensitive information related to national security. Six
were assigned to the Counter-Intelligence Division and one was assigned
to the Counterterrorism Division. Yet, the FBI did not know what these
computers contained, including whether or not they held sensitive or
"This is a significant deficiency," the report states. "Some of these
laptops may have contained classified or sensitive information, such as
personally identifiable information or investigative case files. Without
knowing the contents of these lost and stolen laptop computers, it is
impossible for the FBI to know the extent of the damage these losses
might have had on its operations or on national security."
The missing laptops include one that was reported stolen from a Boston
field office that contained software for creating identification badges.
Reports say it was encrypted. Another laptop was reported stolen from
the FBI's own security division. While it, too, was encrypted, it
contained a system security plan for an electronic access control
system. However, it's not known if a laptop stolen from the FBI Academy
at the U.S. Marine Corps Base Quantico in Virginia was encrypted. That
machine contained the names, addresses, and telephone numbers for FBI
Ken van Wyk, principal consultant with KRvW Associates and formerly with
the Defense Information Systems Agency, says it's important to separate
the lost computers from the information on them. "It's disconcerting,
but as someone who travels with electronic gear all the time, I can tell
you we're targeted," he adds. "But a lot of agencies, and I've got to
believe that includes the FBI, are using whole-disk encryption. The
chances of a thief being able to break it are very slim. The risk, at
that point, is extremely low."
Van Wyk adds that while the FBI obviously should tighten up its
security, he thinks the agency's computer loss rate would match up to
that of most large companies. "It's inevitable," he says.
According to the audit report, the FBI investigated six of the 10 laptop
losses that were known to contain sensitive or classified information.
Of those six, one resulted in a three-day suspension, two investigations
were pending when the report was filed, and three resulted in no action
taken against the employee. The FBI did not investigate the remaining
four losses, including the loss of the laptop computers that contained
personal identifying information of FBI personnel and software for
creating identification badges
FBI Assistant Director John Miller said in a written statement that it
is notable that the agency reduced the rate of lost computers.
"The OIG [Office of Inspector General] determined that when compared
with figures from 2002, there has been a 349% reduction in the average
number of weapons lost or stolen in a given month and a 312% reduction
in the loss or theft of laptop computers," said Miller, noting that he
disagrees with some of the audit's findings. "Nonetheless, we
acknowledge more needs to be done to ensure the proper handling of the
loss and theft of weapons and laptops, and the information maintained on
"While the Inspector General acknowledged that the loss of certain
resources is inevitable in an organization the size of the FBI, we
nevertheless stand committed to increasing institutional and personal
accountability to further increase the progress we have made in
minimizing the loss of firearms and information technology components,"
The Inspector General's report also audited the number of weapons that
have been lost or stolen from the FBI. In the first audit, 354 weapons
had been lost or stolen, and in this second audit, the number dropped to
160. Forty-eight functional weapons were lost, 94 functional weapons
were stolen, and 18 training weapons were lost.
In 2001, the U.S. Attorney General requested that the Office of the
Inspector General conduct audits over the control of weapons and laptops
within the FBI, the U.S. Drug Enforcement Administration, the Federal
Bureau of Prisons, and the U.S. Marshals Service. The report on the FBI
disclosed "significant losses" of weapons and computers so a follow-up
audit was requested.
The FBI had the greatest number of losses, as well as the most
significant deficiencies in controls, of all the DOJ components reviewed
in the 2002 audits, according to the report.
This article was modified on February 12 to include a comment from a
Subscribe to the InfoSec News RSS Feed