Today, the U.S. Department of Commerce published its findings of the internal review of the Investigations and Threat Management Service (ITMS) and recommended immediate actions to address outstanding issues.
The Department has accepted the recommendations from the report, including the recommendation to eliminate ITMS and permanently end the criminal investigation function ITMS performed. Within 90 days, ITMS will be eliminated and within 180 days, the additional recommendations will be implemented.
The Department began its review of ITMS after receiving a report from the Office of Inspector General (OIG) addressing allegations of misconduct concerning ITMS spanning several years. After receiving the OIG report, the Department suspended all investigative activity and initiated a review to assess the overall practices, policies, and performance of ITMS in fulfilling its missions and recommend a future path for ITMS.
“Our most important priority is creating an environment at the Department of Commerce where employees feel safe and respected,” said Secretary Raimondo. “We are committed to maintaining our security, but also equally committed to protecting the privacy and civil liberties of our employees and the public. This report and the actions we are taking underscore our commitment that the Department operate with respect for the rule of law, the rights of employees and the American people.”
“The Commerce Department leadership team took the ITMS allegations very seriously and upon learning about the concerns, immediately suspended all criminal enforcement activity and initiated a 90-day review to determine a comprehensive solution that would address these issues,” said Deputy Secretary Graves. “Commerce leadership has reviewed and accepted the recommendations in the report and will begin implementation immediately.”
The report outlines four recommendations for the Commerce Department to address the programmatic and systematic issues raised about ITMS:
- The Department should eliminate ITMS, discontinue the criminal law enforcement function that was part of ITMS’s mission, clarify that the Department does not possess the authority to conduct counterintelligence activities, and redistribute other remaining functions of ITMS to other offices.
- The Department should establish an enhanced oversight framework for its administrative security investigations and insider risk management activities.
- The Department should update its written policies for its administrative security investigations and insider threat functions to ensure that they comply with all applicable laws and ensure that adequate safeguards exist to protect civil rights and civil liberties.
- The Department should continue ongoing work to close and archive ITMS cases, establish an appropriate schedule for the destruction of this information that complies with applicable law, and implement policies to ensure that no information developed by ITMS records inform future decisions without a prior legal review and independent factual corroboration.
The Department has taken personnel actions in connection with findings of misconduct regarding ITMS. Those cannot, by law, be disclosed.
For more information, see full report.