OIG investigations face challenge of both too little and too much data

Quantity of data can undermine federal investigations in two ways: Either investigators receive sparse, filtered-out responses to their inquiries that leave crucial information out, or they can be inundated with too much data that makes it hard to see the forest for the trees.

In both cases, the problem is that investigators “don’t know what they don’t know.” But Steven Burke, the chairman of the Investigation subcommittee of the Technology committee of the Council of Inspectors General on Integrity and Efficiency (CIGIE), said one of the ways to overcome those challenges is with good business relationships among government customers and external data owners.

“On the internal side of the house, this is where the best practices of building that internal business relationship with your host agency to truly understand the vast amount of information that any one government agency holds today,” he said on Federal Monthly Insights – Special Bulletin: Digital Investigations.

He said recent developments from the Digital Accountability and Transparency Act of 2014 and more transparency of government information on websites such as IGNET.gov, which is hosted by CIGIE, Oversight.gov and the White House; to government transparency of COVID-19 pandemic relief spending are all good opportunities to see where information is going.

“From an investigative standpoint, that’s absolutely fantastic for us, because it gives us an extra eye on that data that the government has in its possession, on how we can then introduce that into leads for investigations,” Burke said on Federal Drive with Tom Temin.

He previously worked at the Transportation Department and many cases of data gathering were related to pandemic relief funds going to entities such as airports, or cities’ public transit systems. The funds were needed to improve runway tarmacs or pay employees, so DOT needs to track where the money goes and review the invoice processing for those funds, Burke said.

Those invoices, along with procurement records, contractor and grantee discussions, PDFs and photographs are generating data. And if any allegations of improper spending arise around the use of relief funds, Burke said it can take a certain “gumshoe” type investigation or physical inspection to analyze the data.

“Many times, that’s a big question mark we have is ‘Do they have everything that they need for that investigation?’ This could mean multiple different personnel within the organization are reviewing the data records that are collected from data scientists, to forensic analysts, or just to another investigator or an auditor, just to ensure the content is complete, thorough, and in the information realm that they’re looking for,” he said. “If it’s externally-based information through the information that was gained through a search warrant, a court order or subpoena, that’ll be through consultation through the Department of Justice and U.S. Attorney’s Office, to determine the validity and the content – was the legal process actually complied with? Or do we have to have supplemental legal guidance to go back to the entity for more detailed or more thorough information?”

But unlike in government, where an agency’s own records are kept for years, companies retain their records for varying lengths of time, maybe just for weeks or months.

Storage remains a major challenge for federal digital investigations. Burke said if everything were done on premise investigators would need to procure, power-up and maintain security compliance with the Federal Information Security Management Act. OIGs would need to request budget increases for hardware so that end users, auditors, agents and forensic analysts could review the data. That’s why some agencies are shifting from on premise to the cloud, or a hybrid of both.

Burke said the tagging of metadata for ever-increasing amounts of data is relentless.

“And just as you would go through papers and boxes of things that you’ve collected as a search warrant, we now have to ingest all of those electronic records and data objects into some form of software appliance or hardware appliance that can ingest, interpret, and deliver that content for a user to view and determine, ‘Are these records attributable to the allegations at hand, or do these records exonerate our target from the allegations we have today?’” he said.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.