It started out as a relatively simple, even noble endeavor: a team of auditors at the Navy was ordered to find out if servicemembers who reported sexual assault suffered any consequences in their naval career thereafter.
The plan for the audit was announced back in February 2012. The findings, however, weren't published until August 2017, five years later -- a long time even by government standards.
Now, the Pentagon's Inspector General has revealed in mind-numbing detail the timeline of bureaucratic squabbling and office infighting that led to years of delay.
The official story is bad, but the reason for the IG's involvement in the first place is worse -- a whistle-blower suspects the independence of the auditing team was compromised and that the initial audit team was first sandbagged and then dismissed in an act of petty bureaucratic retribution. It should be noted right at the start that the Pentagon's IG did not substantiate the whistle-blower's allegations of wrongdoing, even if it did find that the Navy's organizational structure did threaten the independence of the auditing office.
For what it's worth, the audit report [PDF] that eventually came out found that those who reported being sexually assaulted "were more likely to experience a disruption to a normal career progression," but it said the auditors were unable to determine if the sexual assault was directly linked to the career disruptions.
That report, however, was admittedly incomplete because -- and brace yourself for an alphabet soup of Navy acronyms -- the Naval Audit Service (NAVAUDSVC) auditing team was heavily restricted by Navy Office of the Inspector General (NAVINSGEN) in its access to the Naval Inspector General Hotline Tracking System (NIGHTS), which contained data on the initial reports of sexual assault.
It was access that the two Navy offices, both charged with important oversight responsibilities, fought over for nearly half a decade until they literally could not work together any more, according to a review of the Pentagon IG's report published late last month.
It Was Already Bad, Then the Lawyers Got Involved
The trouble appears to have started in November 2012, when the Navy IG first denied the auditing team access to NIGHTS, saying it was policy not to release the names of individual complainants without their consent. The audit team, busy following other avenues of information, didn't take the issue back up with the Navy IG until April 2013, five months later.
That meeting led to the audit team revising its stated mission to directly reference NIGHTS, which was supposed to clear the bureaucratic way forward. But then the head of the Navy IG's Hotline and Investigations Division joined the fray, saying she didn't think the names of alleged victims and perpetrators would be in the NIGHTS system anyway. So she called the head of another hotline under the Pentagon IG's office to see what the official position was on giving auditors access to hotline records.
The response, which had gone through at least one Pentagon attorney, came back in mid-May and said that auditors shouldn't have unrestricted access. It said the general counsel's office in the Pentagon IG was "particularly concerned with protecting the identity of complainants, witnesses, and even subjects."
It took another month and mediation by Navy lawyers for the Navy IG and the Navy auditing team to come to a detailed, seven-point agreement about how the auditing team would access some NIGHTS records. Among them: "[T]he designated NAVAUDSVC personnel [would] provide the NAVINSGEN personnel with the search terms; the NAVINSGEN and NAVAUDSVC representatives [would] sit side by side while the NAVINSGEN representative input the search terms..."
Maybe a little over-the-top, but at least now we're getting somewhere, right? Nope.
A Potential Loophole for the Very Paranoid
So with the new access deal in place, the audit team went about compiling their list of personnel who had been involved, one way or another, in an alleged sexual assault, presumably drawing from other Navy records. They then turned this list over to their counterparts in the Navy IG office.
The next month the Navy IG's office surprised the audit team by asking them to destroy the list, because, the IG said, some of the information therein fell out of the scope of the audit and were a concern on privacy grounds. The auditors refused, arguing it needed to be retained in their files, but promised they would not use the paper beyond this particular audit. A week later, the Navy IG's office told the auditors it would withhold access to NIGHTS until the auditors agreed to destroy the list.
The lawyers were called back in. The back-and-forth went on for two months until the attorneys hammered out a new deal between the IG's office and the audit team -- this one nine items long. The auditors now could only search the names of alleged victims, not perpetrators, and the auditors promised to delete or return copies of its now-infamous list from July.
More than a year after the auditors' initial mandate, audit team members were finally allowed to sit next to a Navy IG official while that official entered the names of nearly 1,500 sexual assault victims.
But then another amazingly petty obstacle arose: the Navy IG official refused to search for variations on the names -- "such as J. Doe versus John Doe," as the Pentagon's IG report put it. The director of the Navy's IG hotline was afraid the audit team could use such a dastardly loophole to perform "limitless searches" of variations of names in the NIGHTS database. The Navy audit team would have to settle only for people who reported alleged sexual assaults by using their complete name, identical to how it appeared on Navy records.
After an Embarrassing Email, a Team Removed
For weeks in early 2014 the audit team asked the Navy IG if it could search the NIGHTS database for perpetrators and supervisory personnel, as it felt it was originally mandated. In response, the Navy IG "initially asked for clarification regarding the request and then did not respond to these requests," the Pentagon's IG report says. The hotline director told the Pentagon IG later that she felt that information was outside the scope of the audit and that the Navy IG had requested guidance from the Pentagon IG.
Another odd wrinkle: At the time all this was going on, Defense Department regulations did not address audit access to hotline records. Then, in October 2014, the regulations were updated to specifically say "DoD audit organizations must have full and unrestricted access to all personnel, facilities, records, reports, audits, reviews, hotline records, databases, documents..." [Emphasis added.] And the weirdest part was that the Pentagon IG report claims that was an accident -- that the inclusion of "hotline records" was "inadvertent." (In May 2015, the Pentagon IG issued a memorandum saying that the regulation allowing auditors access to hotline records was wrong. A year later it was updated to omit hotline records.)
But while it was still the law of the land, so to speak, the audit team tried to use the provision in the fall of 2014 to get full access to the NIGHTS system. Again, the Navy IG hotline director argued against it, saying such an interpretation would compromise the "integrity" of the system and that people do not file complaints in order for them to be audited.
By March 2015 the issue still had not been resolved, at which point the man who announced the audit in the first place, the NAVAUDSVC Assistant Auditor General-Manpower and Reserve Affairs (AAG-M&RA), sent a draft report of the audit -- including complaints about the restricted access to NIGHTS -- to the Chief of Naval Personnel with the Secretary of the Navy and other senior officials copied on the email. It was, in this ongoing turf war, a provocative move.
Within days, the Auditor General of the Navy (AUDGEN), who works directly under the Under Secretary of the Navy, dismissed the original audit team and assigned new people to take over the Hotline Programs Audit portion of the overall audit.
The Auditor General later told the Pentagon IG officials the Navy IG had replaced its team working on the issue and agreed that a "fresh start for us, with a different set of players, is in order." In a curious addendum, the Auditor General said his subordinate, the AAG-M&RA who sent around the draft report, had, in the words of the Pentagon IG report, "lost perspective with respect to this particular audit and the denial of access."
The unnamed whistle-blower who originally contacted the Pentagon IG suspected the team's dismissal was retribution for the AAG-M&RA sending around the draft report to the Navy's top brass. After its review, the Pentagon IG disagreed and concluded that the dismissal was on the up-and-up.
A Technical Solution, Two Months Too Late
Still, the access issue languished for another year, until July 2016 when the Navy's lawyers issued a new policy memorandum that finally gave the audit team access to Navy records in NIGHTS.
But, of course, there was a problem. NIGHTS contained data from the Defense Department's hotline as well, and the audit team wasn't allowed to see that. The Navy IG decided it would use a technical solution and partition its system. "The update took a year to build, test and approve," the Pentagon IG wrote.
It wasn't fast enough, though, and in August 2017 the audit report was released. Two months later the audit team got access to Navy records in NIGHTS.
The thing is, this whole thing is only a part of the story. As the Pentagon IG report goes on to describe, another significant side of the delay was caused by a two-year argument over where to put the NIGHTS restriction complaints in the final report -- whether it belonged in "scope" or "audit findings."
If you'd like to torture yourself a little further, the Pentagon IG report included a timeline a "significant events" in this nightmare, which is posted below.
[Do you have a tip or question for Code and Dagger? Reach us at CodeAndDagger@protonmail.com. And if you like what you read and want to help keep the site running (kind of) smoothly, click here to learn how you can support the site. ]