Michigan’s Office of the Auditor General completed a performance audit of the LEIN administration in April of 2016; of the three target objectives, two were scored “Moderately effective” and the third was merely “Satisfactory, with exceptions”.
The LEIN system, or Law Enforcement Information Network, includes in-car computers linked to a police database of criminal activity. Created in 1967, the LEIN program is currently administered by the Michigan State Police (MSP) and the Department of Technology, Management and Budget (DTMB). Questions surround the control of access to the data, the timeliness of self-reporting tasks involving law enforcement, and individual agency compliance with MSP and federal rules.
The audit evaluated three areas of LEIN and made recommendations on the improvements needed. In each of the three cases, the errors found were categorized as a “Reportable Condition” instead of a less severe “Material Condition.” In each of the specific claims of improvements required, the MSP and DTMB returned an agency response of ”Agrees.”
Performance reviews by the OAG include management and staff interviews; testing of case files, financial transactions and information systems; and status updates.
The OAG reached four Findings:
1. LEIN access controls could be improved.
Specifically, the OAG report stated that “MSP did not implement complete authentication controls to prevent unauthorized access to data derived from LEIN” and the MSP failed to “Disable system administrators who no longer require access.”
In the first, the OAG recognizes that MSP failed to follow DTMB Technical Standards established for the protection of citizens against unauthorized access to sensitive data; in the second, 36% of MSP-authorized system administrators inappropriately had the ability to change security settings.
The OAG report refuses to divulge more information on the inappropriate access issue due to the “confidential nature” of the information. MSP did acknowledge that they removed the access to controls for those 36% of system administrators.
2. MSP should evaluate the need for some LEIN access.
The full report states “MSP should work with non-criminal justice agencies to determine if LEIN is the best resource to provide access to criminal justice records.”
Who has access to LEIN? How about the Michigan Lottery. Private schools. Michigan Department of Health and Human Services (MDHHS). 41 different user groups can access criminal records via LEIN, per the Audit, and this gives many people “access to criminal justice records they do not need,” per the OAG.
For example, MDHHS has access to missing person records, personal protection warrants, unidentified persons records and material witness records. OAG recommends using other MSP-maintained record databases, such as the ICHAT system, which the OAG claims “restricts groups to only the necessary records.”
As a result of the OAG investigation, MSP did remove the Michigan Lottery’s access to the LEIN system in October of 2015.
3. Improved monitoring of records entered by local law enforcement and criminal justice agencies into LEIN is needed.
The OAG charges that the “MSP should improve its monitoring of records entered by local law enforcement and criminal justice agencies into LEIN to identify potentially inaccurate warrant and missing person information.”
The OAG conducted two surveys of information contained within LEIN and found significant errors with the information contained or on warrants issued based on LEIN information.
In the first survey, the OAG evaluated 2,765 missing persons records entered into LEIN during a three-year period beginning in October of 2012. Of those records, 66 listed the person being sought as 4 feet tall, weighing 50 lbs and with an age range of 0 – 77 years old. Of those 66, the OAG determined that 77% were older than 15, making the weight and height characteristics misleading or totally false, and the hair/eye colors were unknown for 89% of those 66 missing persons records.
Not surprisingly, 96% of all these bogus missing persons records were entered by one local law enforcement agency, which the OAG declined to identify.
The second survey was of arrest warrants found in the LEIN system during roughly the same time period- including an acknowledged failure by the MSP to follow federal rules. The OAG looked at more than half a million arrest warrants and found huge discrepancies. 629 of the federally-issued Social Security numbers included on the warrants were used multiple times- up to 9 times for a single individual number, per the OAG. Birthdates were entered incorrectly, as 77 LEIN warrants issued in that time period were for people who were 3 years old or less. How do you nab a suspect when you don’t know what sex they are? A value other than male, female or unknown was entered into LEIN warrants 15 times. That’s a lot of aliens doing criminal activity in Michigan!
More than 88,000 warrants surveyed by the OAG listed the same 4 feet tall and 50 lbs description of the individual sought. MSP states that this is the only way to complete a required field in the warrant input program- entering a value that all their officers are trained to know is a meaningless statistic. The audit indicates it is a federal requirement to list values which are not known as UNKNOWN- but the Michigan LEIN system does not allow that function. Officers and others inputting missing persons and warrant data into LEIN are knowingly breaking federal rules by following MSP requirements.
Once again, the source of the bad information was easily discovered. 89% of those bad warrants were issued by a single source, a Court already cited by the MSP in two different audits (2012 and 2013) as having unsatisfactory procedures. The other 11% of those bad warrants were issued by a single court as well. Neither Court was identified by the OAG in their report.
4. Additional raining and instruction needed to ensure the validity, accuracy, and completeness of LEIN records.
The federal government provides a monthly report for local law enforcement agencies to input into LEIN; MSP is responsible for ensuring that the local law enforcement agencies are properly trained in inputting information and to ensure they comply. Of 31 agencies sampled during the same time period listed above, 29% of agencies did not review and validate information at all, 19% had no formal validation procedure in place at all and 26% of agencies failed to follow MSP rules by maintaining a two-year record of validation reports.
The OAG scolded the MSP for failing to monitor the agencies inputting LEIN data, in violation of the federal rules. “MSP agrees with the recommendation,” they replied in the Audit.
The MSP have 60 days from the issuance of the Audit to create a report of corrective measures. The OAG report was issued in April 29, meaning the MSP report is due sometime in June.
The OAG lists Completed Projects on this page:
www.audgen.michigan.gov/projects/audit-report-summaries/2012/211.html
Responses to audits are updated on that page. When the LEIN response is filed, it should appear as a link there.
Source: The Compassion Chronicles