Arfcom members have reported that the BATFE just sent out an email concerning their e-Form system and somehow managed to CC it to more than 1,400 eForm users, making their email addresses and identities public. The email was sent by Department of Justice “IT Specialist” Lee Alston-Williams.
Many e-Form users are reporting to have received the email from Alston-Williams with no CC’d emails. At this time there appears to have been only one batch of emails, sent to people with names beginning “g” and “h” which contained the CC’d email addresses. This is little consolation to people whose identities have now been leaked.
The below screenshot shows the email subject line, the sender and hundreds of emails is was CC’d to (blurred out):
The contents of the email is below ….
ATF eForms Update
The new eForms has been named the “Firearms and Explosives Application Module (FEAM)”. This name was selected to emphasis that FEAM is more than a “fillable form”. It is a business process module which will include at a minimum the functionality listed below:
? Auto assignment – All applications will be immediately upon submission assigned to an examiner for processing.
? Auto approval – Some forms, like the ATF Forms 2 and 3, if they meet certain pre-determined criteria will be automatically approved by the FEAM system upon submission.
? Internal controls and performance measurement reporting – ATF has a full audit trail of every application received with date and time stamps for every step in the process. Digital signatures can be used to lock down portions of the form to ensure the security of the data and the authenticity of the submitter.
? Improved business processes with automatic Records Management & Retention, as mandated by the Office of Management and Budget.
? Electronic Signature (for submitter and ATF personnel) – provides enhanced authentication, validation and improves processing and approval.
? Enhance Industry satisfaction: user-friendly interaction.
? FEAM provides the Application Program Interface (APIs) needed to update the existing ATF back end databases, to allow for the batch submission of multiple forms using one computer session.
? Improves efficiency for the Enforcement Programs and Services staff – Forms can be automatically routed, evaluated and tracked so that final determinations can be made in a consistent and expeditious manner.
We had hoped to be able to present the first iteration of FEAM at the 2016 SHOT Show. ATF performed an assessment of what was contracted to be developed for FEAM and what the contractor planned to deliver. At the end of the assessment, all parties involved felt that the product outlined in the current contract did not fully provide all the functionality that we expected, or that the industry requested. For these reasons we decided that rather than to continue on the current course, we would take the steps listed below to ensure that FEAM is a worthwhile investment for both the industry and ATF:
1. Curtail the current development effort.
2. Determine what is needed to sustain the existing eForms system, until the full requirements for FEAM can be determined and developed.
3. Make the necessary changes to eForms to stabilize the infrastructure with the ever-increasing user population.
4. Determine if we can re-introduce the Form 3 to the current eForms, through load testing and other system validations.
5. Perform an assessment of the ATF and industry requirements for FEAM.
6. Secure required funding for a new FEAM initiative, based on the revised requirements.
7. Restart the FEAM initiative, to include industry participation during the requirements gathering and testing processes.
We look at this as only a minor delay. It is our intention to use this delay to acquire the tools and resources necessary to develop a product that will provide more functionality and a stable workflow process and infrastructure. All the work previously done on FEAM is not lost. It will be the foundation for the work that is yet to come. If you have any questions you can contact Lee Alston-Williams at firstname.lastname@example.org.
Thanks to Andrew for tipping us off.