Virtual Case File

Last updated March 01, 2023

Virtual Case File (or VCF) was a software application developed by the United States Federal Bureau of Investigation (FBI) between 2000 and 2005. The project was officially abandoned in April 2005, while still in development stage and cost the federal government nearly $170 million. In 2006, The Washington Post wrote "In a 318-page report, completed in January 2005 and obtained by The Post under the Freedom of Information Act, [the Aerospace Corporation] said the SAIC software was incomplete, inadequate and so poorly designed that it would be essentially unusable under real-world conditions. Even in rudimentary tests, the system did not comply with basic requirements, the report said. It did not include network-management or archiving systems—a failing that would put crucial law enforcement and national security data at risk"^[1]

Origins

In September 2000, the FBI announced the "Trilogy" program, intended to modernize the bureau's outdated Information Technology (IT) infrastructure. The project had three parts: purchasing modern desktop computers for all FBI offices, developing secure high-performance WAN and LAN networks, and modernizing the FBI's suite of investigative software applications. The first two goals of Trilogy were generally successful^{[ citation needed ]}, despite cost overruns. Replacing the Bureau's Automated Case Support (ACS) software system proved difficult. It had been developed in-house by the bureau and was used to manage all documents relating to cases being investigated by the FBI, enabling agents to search and analyze evidence between different cases. The project was originally scheduled to take three years and cost US$380 million. ACS was considered by 2000 a legacy system, made up of many separate stovepipe applications that were difficult and cumbersome to use. ACS was built on top of many obsolete 1970s-era software tools, including the programming language Natural, the ADABAS database management system, and IBM 3270 green screen terminals. Some IT analysts^[1] believed that ACS was already obsolete when it was first deployed in 1995.

Launch

Bob E. Dies, then the bureau's assistant director of information resources and head of the Trilogy project, prepared initial plans in 2000 for a replacement to ACS and several other outdated software applications. In June 2001, a cost-plus contract for the software aspects of the project was awarded to Science Applications International Corporation (SAIC), and the network aspects were contracted to DynCorp. Dies was the first of five people who would eventually be in charge of the project. The software was originally intended to be deployed in mid-2004, and was originally intended to be little more than a web front-end to the existing ACS data.

Problems and abandonment

Robert Mueller was appointed director of the FBI in September 2001, just one week before the September 11, 2001 attacks. The attacks highlighted the Bureau's information sharing problems and increased pressure for the Bureau to modernize. In December 2001, the scope of VCF was changed with the goal being complete replacement of all previous applications and migration of the existing data into an Oracle database. Additionally, the project's deadline was pushed up to December 2003.

Initial development was based on meetings with users of the current ACS system. SAIC broke its programmers up into eight separate and sometimes competing teams. One SAIC security engineer, Matthew Patton, used VCF as an example in an October 24, 2002 post on the InfoSec News mailing list regarding the state of federal information system projects in response to a Senator's public statements a few days earlier about the importance of doing such projects well. His post was regarded by FBI and SAIC management as attempting to "blow the whistle" on what he saw as crippling mismanagement of a national security-critical project. Patton was quickly removed from the project and eventually left SAIC for personal reasons.

In December 2002, the Bureau asked the United States Congress for increased funding, seeing it was behind schedule. Congress approved an additional $123 million for the Trilogy project. In 2003, the project saw a quick succession of three different CIO's come and go before Zal Azmi took the job, which he held until 2008. Despite development snags throughout 2003, SAIC delivered a version of VCF in December 2003. The software was quickly deemed inadequate by the Bureau, who lamented inadequacies in the software. SAIC claimed most of the FBI's complaints stemmed from specification changes they insisted upon after the fact.

On March 24, 2004, Robert Mueller testified to Congress that the system would be operational by the summer, although this seemed impractical and unlikely to happen. SAIC claimed it would require over $50 million to get the system operational, which the Bureau refused to pay. Finally, in May 2004 the Bureau agreed to pay SAIC $16 million extra to attempt to salvage the system and also brought in Aerospace Corporation to review the project at a further cost of $2 million. Meanwhile, the Bureau had already begun talks for a replacement project beginning as early as 2005. Aerospace Corp.'s generally negative report was released in the fall of 2004. Development continued throughout 2004 until the project was officially scrapped in April 2005.^[2]

Reasons for failure

The project demonstrated a systematic failure of software engineering practices:^[3]

Lack of a strong technical architecture ("blueprint") from the outset led to poor architectural decisions
Repeated changes in specification
Repeated turnover of management, which contributed to the specification problem
Micromanagement of software developers
The inclusion of many FBI personnel who had little or no formal training in computer science as managers and even engineers on the project
Scope creep as requirements were continually added to the system even as it was falling behind schedule
Code bloat due to changing specifications and scope creep—at one point it was estimated the software had over 700,000 lines of code.
Planned use of a flash cutover deployment made it difficult to adopt the system until it was perfected.

Implications

The bureau faced a great deal of criticism following the failure of the VCF program. The program lost $104 million in taxpayer money. In addition, the bureau continued to use the antiquated ACS system, which many analysts felt was hampering the bureau's new counter-terrorism mission. In March 2005, the bureau announced it was beginning a new, more ambitious software project code-named Sentinel to replace ACS. After several delays, new leadership, a slightly bigger budget, and adoption of agile software development methodology,^[4] it was completed under budget and was in use agency-wide on July 1, 2012.^[5]

Related Research Articles

The Federal Bureau of Investigation (FBI) is the domestic intelligence and security service of the United States and its principal federal law enforcement agency. Operating under the jurisdiction of the United States Department of Justice, the FBI is also a member of the U.S. Intelligence Community and reports to both the Attorney General and the Director of National Intelligence. A leading U.S. counterterrorism, counterintelligence, and criminal investigative organization, the FBI has jurisdiction over violations of more than 200 categories of federal crimes.

Software testing is the act of examining the artifacts and the behavior of the software under test by validation and verification. Software testing can also provide an objective, independent view of the software to allow the business to appreciate and understand the risks of software implementation. Test techniques include, but are not necessarily limited to:

Leidos, formerly known as Science Applications International Corporation (SAIC), is an American defense, aviation, information technology, and biomedical research company headquartered in Reston, Virginia, that provides scientific, engineering, systems integration, and technical services. Leidos merged with Lockheed Martin's IT sector, Information Systems & Global Solutions, in August 2016 to create the defense industry’s largest IT services provider. The Leidos-Lockheed Martin merger is one of the biggest transactions thus far in the consolidation of a defense sector. Leidos works extensively with the United States Department of Defense, the United States Department of Homeland Security, and the United States Intelligence Community, including the NSA, as well as other U.S. government civil agencies and selected commercial markets.

Software development is the process of conceiving, specifying, designing, programming, documenting, testing, and bug fixing involved in creating and maintaining applications, frameworks, or other software components. Software development involves writing and maintaining the source code, but in a broader sense, it includes all processes from the conception of the desired software through to the final manifestation of the software, typically in a planned and structured process. Software development also includes research, new development, prototyping, modification, reuse, re-engineering, maintenance, or any other activities that result in software products.

Black-box testing is a method of software testing that examines the functionality of an application without peering into its internal structures or workings. This method of test can be applied virtually to every level of software testing: unit, integration, system and acceptance. It is sometimes referred to as specification-based testing.

Implementation is the realization of an application, or execution of a plan, idea, model, design, specification, standard, algorithm, or policy.

<span class="mw-page-title-main">Systems development life cycle</span> Systems engineering terms

In systems engineering, information systems and software engineering, the systems development life cycle (SDLC), also referred to as the application development life cycle, is a process for planning, creating, testing, and deploying an information system. The SDLC concept applies to a range of hardware and software configurations, as a system can be composed of hardware only, software only, or a combination of both. There are usually six stages in this cycle: requirement analysis, design, development and testing, implementation, documentation, and evaluation.

Laptop theft is a significant threat to users of laptop and netbook computers. Many methods to protect the data and to prevent theft have been developed, including alarms, laptop locks, and visual deterrents such as stickers or labels. Victims of laptop theft can lose hardware, software, and essential data that has not been backed up. Thieves also may have access to sensitive data and personal information. Some systems authorize access based on credentials stored on the laptop including MAC addresses, web cookies, cryptographic keys and stored passwords.

In agile principles, timeboxing allocates a fixed and maximum unit of time to an activity, called a timebox, within which planned activity takes place. It is used by agile principles-based project management approaches and for personal time management.

Lockheed Martin Information Technology (I&TS) is a subsidiary of American company Lockheed Martin that consists of dozens of smaller companies and units that have been acquired and integrated. The company also administers a number of U.S. Government contracts. I&TS includes operations in information technology integration and management, enterprise solutions, application development, aircraft maintenance and modification services, management and logistics services for government and military systems, mission and analysis services, engineering and information services for NASA, and support of nuclear weapons and naval nuclear reactors. The US government accounts for more than 90% of sales.

The FBI's Ten Most Wanted Fugitives during the 2000s is a list, maintained for a sixth decade, of the Ten Most Wanted Fugitives of the United States Federal Bureau of Investigation. At any given time, the FBI is actively searching for 12,000 fugitives. During the 2000s, 36 new fugitives were added to the list. By the close of the decade a total of 494 fugitives had been listed on the Top Ten list, of whom 463 have been captured or located.

Investigative Data Warehouse (IDW) is a searchable database operated by the FBI. It was created in 2004. Much of the nature and scope of the database is classified. The database is a centralization of multiple federal and state databases, including criminal records from various law enforcement agencies, the U.S. Department of the Treasury's Financial Crimes Enforcement Network (FinCEN), and public records databases. According to Michael Morehart's testimony before the House Committee on Financial Services in 2006, the "IDW is a centralized, web-enabled, closed system repository for intelligence and investigative data. This system, maintained by the FBI, allows appropriately trained and authorized personnel throughout the country to query for information of relevance to investigative and intelligence matters."

The Terrorist Screening Database (TSDB) is the central terrorist watchlist consolidated by the Federal Bureau of Investigation's Terrorist Screening Center and used by multiple agencies to compile their specific watchlists and for screening. The list was created after the September 11 attacks.

Knowledge Discovery Metamodel (KDM) is a publicly available specification from the Object Management Group (OMG). KDM is a common intermediate representation for existing software systems and their operating environments, that defines common metadata required for deep semantic integration of Application Lifecycle Management tools. KDM was designed as the OMG's foundation for software modernization, IT portfolio management and software assurance. KDM uses OMG's Meta-Object Facility to define an XMI interchange format between tools that work with existing software as well as an abstract interface (API) for the next-generation assurance and modernization tools. KDM standardizes existing approaches to knowledge discovery in software engineering artifacts, also known as software mining.

The FBI Name Check is a background check procedure performed by the Federal Bureau of Investigation for federal agencies, components within the legislative, judicial, and executive branches of the federal government; foreign police and intelligence agencies; and state and local law enforcement agencies within the criminal justice system. The FBI Name Check is performed by the FBI as a part of the National Name Check Program, which dates back to Executive Order 10450 that was issued during the Eisenhower Administration. The FBI Name Check for an individual involves a search of the FBI's Central Records System Universal Index for any appearance of the name of the individual, as well as close phonetic variants and permutations of that name, in any of the records stored in the Universal Index. If any such occurrences are found, the Name Check also involves retrieval and analysis of the relevant paper and electronic files from local FBI offices and from other law-enforcement agencies.

Trailblazer was a United States National Security Agency (NSA) program intended to develop a capability to analyze data carried on communications networks like the Internet. It was intended to track entities using communication methods such as cell phones and e-mail.

Sentinel is a software case management system developed by the US FBI with the aim to replace digital and paper processes with purely digital workflows during investigations. There was a previous failed project called Virtual Case File.

The FBI–Apple encryption dispute concerns whether and to what extent courts in the United States can compel manufacturers to assist in unlocking cell phones whose data are cryptographically protected. There is much debate over public access to strong encryption.

Review of Four FISA Applications and Other Aspects of the FBI's Crossfire Hurricane Investigation is a report by the United States Department of Justice Office of the Inspector General which was released on December 9, 2019 by Inspector General Michael E. Horowitz. The report reviewed the Crossfire Hurricane investigation by the Federal Bureau of Investigation (FBI), which looked into whether people associated with the Donald Trump 2016 presidential campaign coordinated with Russian interference in the 2016 United States elections.

The Intelligence Bureau of the Joint Staff Department of the Central Military Commission is one of the People's Republic of China's primary intelligence organizations and the principal military intelligence organ of the People's Liberation Army (PLA).

References

1 2 Eggen, Dan; Witte, Griff (18 August 2006). "The FBI's Upgrade That Wasn't" (PDF). The Washington Post. Retrieved 11 June 2013.
↑ "Full Page Reload". September 2005.
↑ (PDF) http://www.usdoj.gov/oig/testimony/0502/final.pdf.{{cite web}}: Missing or empty |title= (help) Congressional Testimony, US DOJ Inspector General Glenn A. Fine, February 2005
↑ FBI puts Sentinel on hold
↑ "FBI's Sentinel Project: 5 Lessons Learned". InformationWeek. 2012-08-02. Retrieved 2014-07-29.

External links

IEEE Spectrum article: Who killed the virtual case file? 11 page detailed article of the entire timeline
The FBI's Upgrade That Wasn't - Washington Post article about the project
Testimony of Inspector General Glenn A. Fine before the Department of Justice - February 3, 2005: Project Audit results
Testimony of Inspector General Glenn A. Fine before the Department of Justice - July 27, 2005
Matthew Patton's October 24, 2002 posting on InfoSec News about VCF
IEEE Spectrum Radio audio discussion of the failure. Participants are Peter Neumann, Steve Bellovin, Matt Blaze, and Robert Charette.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[washingtonpost-1] 1 2 Eggen, Dan; Witte, Griff (18 August 2006). "The FBI's Upgrade That Wasn't" (PDF). The Washington Post. Retrieved 11 June 2013.

[2] "Full Page Reload". September 2005.

[usdoj0502-3] (PDF) http://www.usdoj.gov/oig/testimony/0502/final.pdf.{{cite web}}: Missing or empty |title= (help) Congressional Testimony, US DOJ Inspector General Glenn A. Fine, February 2005

[4] FBI puts Sentinel on hold

[5] "FBI's Sentinel Project: 5 Lessons Learned". InformationWeek. 2012-08-02. Retrieved 2014-07-29.

[1]

[2]

[3]

[4]

[5]