The FBI Keeps Losing Desktop Computers

The FBI lost over 200 desktop computers, multiple pieces of body armor, and night-vision scopes over a six-month period last year, according to agency records obtained by Motherboard.

The lost computers potentially present a cybersecurity risk if the machines and their contents were not properly secured. Although they represent only a small snapshot in time, the “lost/stolen property” records also provide a glimpse into the sort of waste that happens inside federal law enforcement agencies. Motherboard obtained the spreadsheets through Freedom of Information Act (FOIA) requests, and we obtained similar records for the DHS.

The FBI records stretch from July-December 2021. The columns include an item description, the location the item came from—such as Washington, D.C., or Quantico, Virginia—and the suspected status of the item, such as whether it was lost, stolen, missing, or damaged or destroyed.

The over 200 figure was sourced from counting items marked in the FBI document as “COMPUTER, DESKTOP.” The 18-page spreadsheet also includes “COMPUTER, PORTABLE,” presumably referring to laptops, and “COMPUTER, PORTABLE, TABLET.” There are also multiple listings for lost or stolen phones.

The DHS document covers incidents from 1st October 2021 until 30th March 2022. The number of lost, stolen, or damaged computers seems much lower, with 25 “COMPUTER, DESKTOP” events recorded. 115 “LAPTOP COMPUTERS” were recorded by the DHS, but the document does not break down whether these were lost, stolen, or damaged.

The FBI’s spreadsheet includes a column for providing the “root cause” of the lost, stolen, damaged, or destroyed item. These are “inadequate security,” “inattention to details,” “gross negligence,” “willful intent,” “other,” and “unknown.” Every single item in the list—including the lost desktop computers, but also stolen body armor and other items—is marked as being lost for an “unknown” reason, raising questions about the effectiveness of the FBI’s record-keeping practices. The columns that mark the status of action taken, which can include an investigation, and the correction measures taken to prevent repetition, are also all marked as “unknown.”

Theoretically, a law enforcement computer going missing can present a cybersecurity risk in that it may contain sensitive information such as documents or files, or it may include passwords or other authentication mechanisms for accessing law enforcement systems, depending on what exactly the computer was used for.

The FBI said in a statement that it “takes the management of its accountable assets and property with the utmost seriousness. Each year, the FBI conducts an inventory of either a portion or all accountable assets, and the FBI successfully inventories over 99% of these assets each year.”

Regarding this reporting period in particular, the FBI added that it was “unique given the resumption of full inventory management practices after a pause during the height of the COVID-19 pandemic in 2020 and early 2021. The vast majority of those items reported as lost were either marked for disposal or in FBI storage space, but could not be counted during the specified 2021 inventory cycle.  For accounting purposes, when the FBI cannot specifically count an item being housed in storage, the item is tagged as ‘lost’—though the item remains appropriately secured or appropriately disposed.”

The DHS did not respond to a request for comment.

Update: this piece has been updated to include a statement from the FBI.

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.