The FBI's Upgrade That Wasn't

While accepting some blame for the system's failure, FBI Director Robert Mueller said the software "was not what it should be." (By Melina Mara -- The Washington Post)

The NRC team found plenty of blame to go around, starting with the FBI itself.

Like many government agencies, the bureau had been drained of much of its top talent as skilled managers left for the higher salaries and reduced bureaucracy of the private sector. By 2001, when the VCF program was born, the FBI had few people in house with the expertise to develop the kind of sophisticated information technology systems that it would need. As a result, the agency had been turning increasingly to private contractors for help, a process that only hastened the flow of talent out the door at FBI headquarters.

"In essence, the FBI has left the task of defining and identifying its essential operational processes and its IT concept of operations to outsiders," the NRC researchers concluded. "The FBI lacks experienced IT program managers and contract managers, which has made it unable to deal aggressively or effectively with its contractors."

Daniel Guttman, a fellow at Johns Hopkins University who specializes in government contracting law, said: "This case just shows the government doesn't have a clue. Yet the legal fiction is that the government knows what it's doing and is capable of taking charge. The contractors are taking advantage of that legal fiction."

In the end, the FBI's failure to police the contractors would lead to disastrous results.

After the disappointing preview of VCF in late 2003 by Azmi, who was then an adviser to Mueller tasked with reviewing the system, the FBI scrambled to rescue the project. The Aerospace Corp., a federally funded research-and-development firm in El Segundo, Calif., was hired for $2 million in June 2004 to review the program and come up with a "corrective action plan."

The conclusion: SAIC had so badly bungled the project that it should be abandoned.

In a 318-page report, completed in January 2005 and obtained by The Post under the Freedom of Information Act, Aerospace said the SAIC software was incomplete, inadequate and so poorly designed that it would be essentially unusable under real-world conditions. Even in rudimentary tests, the system did not comply with basic requirements, the report said. It did not include network-management or archiving systems -- a failing that would put crucial law enforcement and national security data at risk, according to the report.

"From the documents that define the system at the highest level, down through the software design and into the source code itself, Aerospace discovered evidence of incompleteness, lack of follow-through, failure to optimize and missing documentation," the report said.

Others joined Aerospace in highlighting SAIC's role in the failure. The NRC report complains that the contractor dealt with Trilogy as a "business as usual" program, without regard to its importance to national security.

Matthew Patton, a programmer who worked on the contract for SAIC, said the company seemed to make no attempts to control costs. It kept 200 programmers on staff doing "make work," he said, when a couple of dozen would have been enough. The company's attitude was that "it's other people's money, so they'll burn it every which way they want to," he said.

Patton, a specialist in IT security, became nervous at one point that the project did not have sufficient safeguards. But he said his bosses had little interest. "Would the product actually work? Would it help agents do their jobs? I don't think anyone on the SAIC side cared about that," said Patton, who was removed from the project after three months when he posted his concerns online.