Air Force
Intelligence and Security Doctrine

BY ORDER OF THE AIR FORCE INSTRUCTION 71-101 volume 1
SECRETARY OF THE AIR FORCE 22 July 1994

Special Investigations

CRIMINAL INVESTIGATIONS, COUNTERINTELLIGENCE,

AND PROTECTIVE SERVICE MATTERS

This volume implements AFPD 71-1, Criminal Investigations and Counterintelligence; DoD Directive 5200.24, Interception of Wire and Oral Communications for Law Enforcement Purposes, April 3, 1978, with Changes 1 through 3; DoD Directive 5210.48, DoD Polygraph Program, December 24, 1984; DoD Directive 5240.5, DoD Technical Surveillance Countermeasures (TSCM) Survey Program, May 23, 1984; and DoD 5240.1-R, Procedures Governing the Activities of DoD Intelligence Components that Affect United States Persons, December 1982. This instruction requires the collection and maintenance of information protected by the Privacy Act of 1974. The authority to collect and maintain this information exists in Title 10, United States Code (U.S.C.), Section 8013. Systems of Records Notice F124 AF C, Criminal Records, also applies. This instruction does not confer upon an individual any rights or privileges that applicable law does not require. See attachment 1 for definitions of terms used in this instruction.

SUMMARY OF CHANGES

Chapter 1 contains significant general investigative and administrative procedures in criminal investigations. Chapter 2 contains procedures for collecting information on non-Department of Defense (DoD) US persons. Chapter 3 contains procedures for counterintelligence (CI) matters. Chapter 4 contains procedures for using the special investigative techniques of forensic hypnosis, polygraph testing, technical surveillance, and technical surveillance countermeasures. It sets up basic procedures for indexing criminal investigations in the Defense Clearance and Investigations Index, investigating drug offenses by persons not subject to the Uniform Code of Military Justice (UCMJ), forming joint drug enforcement teams to combat drug abuse, obtaining personal financial data in criminal investigations, and handling the theft of arms, ammunition, and explosive material. It authorizes an AFOSI source program. It establishes counterintelligence reporting requirements.

Paragraph
Chapter 1--Criminal Investigations
Investigating Criminal Allegations 1.1
Using AFOSI Reports of Investigation (ROI) 1.2
Using the Defense Clearance and Investigations Index (DCII) 1.3
Determining AFOSI and Air Force Security Police (AFSP) Spheres of Influence 1.4
Sexual Misconduct 1.5
Investigating Drugs 1.6
Setting Up Joint Drug Enforcement Teams (JDET) 1.7
Investigating Criminal Matters With the Department of Justice 1.8
Investigating Fraud Offenses 1.9
Obtaining Information From Financial Institutions 1.10
Providing Investigative Support to the Army and Air Force Exchange Service (AFFES) 1.11
Using Counterintelligence and Investigative Contingency Funds (C-Funds) 1.12
Operating the Source Program 1.13
Training Special Agents 1.14

Chapter 2--Acquiring Information About Non-DoD US Persons
US Person Defined 2.1
Authorized Activities 2.2
Prohibited Activities 2.3
Factors To Consider When Acquiring Information 2.4
Operational Guidance 2.5
Operations Related to Civil Disturbances 2.6
Reporting Violations 2.7

Chapter 3--Counterintelligence
Counterintelligence Investigations, Operations, Collections, and Activities 3.1
Counterintelligence Awareness and Briefing Program 3.2

Chapter 4--Specialized Investigative Services
Forensic Hypnosis 4.1
Polygraph Testing 4.2
Requesting Technical Surveillance 4.3
Technical Surveillance Countermeasures (TSCM) 4.4

Page

Attachments
1. Glossary of Terms 13
2. AFOSI and Security Police Investigative Matrix 16

Chapter 1
CRIMINAL INVESTIGATIONS

1.1. Investigating Criminal Allegations. The Air Force Office of Special Investigations (AFOSI) conducts criminal investigations and provides investigative reports to action authorities.

1.2. Using AFOSI Reports of Investigation (ROI). Installation commanders, or designees, must:
1.2.1. Reproduce sufficient copies of ROIs to fulfill their local notification and up-channeling responsibilities.
1.2.2. Ensure that local notifications and up-channeling of information not occur in espionage investigations or other sensitive matters such as undercover operations. NOTE: AFOSI is responsible for notifications in these matters.
1.2.3. Provide ROIs only to authorized persons whose official duties require access.
1.2.4. Prepare extracts or summaries and use them instead of ROIs for court-martial or military administrative boards, civilian disciplinary action and boards, or an officer conducting an investigation according to Article 32, UCMJ.
1.2.5. Check extracts and summaries to ensure that they do not include information that could disclose or compromise a confidential source or a sensitive investigative technique or procedure.
1.2.6. Maintain classified ROIs according to AFI 31-401, Information Security Program Management, and keep "For Official Use Only" ROIs in locked file cabinets.
1.2.7. Destroy "For Official Use Only" ROIs in the same manner as classified ROIs when the need for them has passed.
1.2.8. Notify the local accounting and finance office for recoupment actions if appropriate.
1.2.9. Report promptly to AFOSI all actions that you have taken as a result of an investigation.
1.2.10. Report promptly to AFOSI all disposition instructions for seized evidence.
1.2.11. Ensure that public affairs officials coordinate with AFOSI prior to releasing any information to the public about an investigation.
1.2.12. Send all Freedom of Information Act and Privacy Act requests for AFOSI ROIs to the AFOSI Office of Information Release at AFOSI/DIR, 226 Duncan Avenue, Suite 2100, Bolling AFB DC 20332-0001.
1.2.13. Release ROIs only to military and civilian defense attorneys during the adjudicative process of judicial or administrative actions unless AFOSI prohibits it. NOTE: A defense attorney may disclose information from an ROI to a client only to the extent necessary to help the client assist in his or her own defense.

1.3. Using the Defense Clearance and Investigations Index (DCII). AFOSI indexes incidentals and subjects in the DCII according to DoD Instruction 5505.7, Titling and Indexing of Subjects of Criminal Investigations in the Department of Defense, May 14, 1992, when:

An investigation is initiated based on credible information that a crime was committed.
An incidental if indexing is deemed to be of future value.
The security police provide investigative reports for each crime they have investigated (as shown in attachment 2).

1.3.1. Do not remove from the DCII the names of subjects titled in a criminal investigation except in cases of mistaken identity.

1.4. Determining AFOSI and Air Force Security Police (AFSP) Spheres of Influence:
1.4.1. AFOSI investigates those crimes that AFOSI's AFMD specifies.
1.4.2. AFSP may investigate crimes that the investigative matrix in attachment 2 specifies and to which the installation's AFOSI commander and chief of security police agree.

1.5. Sexual Misconduct. An allegation involving only adult private consensual sexual misconduct is evaluated by an action authority according to DoD Instruction 5505.8, Investigations of Sexual Misconduct by the Defense Criminal Investigative Organizations and Other DoD Law Enforcement Organizations, February 28, 1994. Such an allegation is normally disposed of by an action authority without the investigative services of AFOSI or AFSP. The installation AFOSI commander may not initiate an investigation solely for an allegation of sexual misconduct without a request from an action authority unless approved by the Commander or Vice Commander, AFOSI, except when the allegation involves one or more of the following:

Force, coercion, or intimidation.
Abuse of position or rank.
Fraternization.
Persons under the age of 16.
Conduct directly applicable to security standards for access to classified information.

1.5.1. Do not initiate an investigation to determine sexual orientation, i.e., whether a Service member is a heterosexual, a homosexual, or a bisexual.

1.6. Investigating Drugs. According to the Manual for Courts-Martial (MCM), AFOSI investigates drug offenses that members of the Armed Forces commit.
1.6.1. According to DoD Inspector General Criminal Investigations Policy Memorandum Number 5, Criminal Drug Investigative Activities, 10 October 1987, AFOSI investigates drug offenses that certain persons not subject to the UCMJ commit.

1.7. Setting Up Joint Drug Enforcement Teams (JDET). AFOSI and AFSP form JDETs when necessary to combat drug abuse.
1.7.1. AFOSI and AFSP should define their operational and administrative tasks in memorandums of agreement.

1.8. Investigating Criminal Matters With the Department of Justice. AFOSI complies with DoD Directive 5525.7, Implementation of the Memorandum of Understanding Between the Department of Justice and the Department of Defense Relating to the Investigation and Prosecution of Certain Crimes, January 22, 1985, in investigating and potentially prosecuting crimes over which the Air Force does not have jurisdiction.

1.9. Investigating Fraud Offenses. AFOSI complies with DoD Instruction 5505.2, Criminal Investigations of Fraud Offenses, July 16, 1990, to investigate major fraud offenses involving DoD programs and personnel and to present them for prosecution.

1.10. Obtaining Information From Financial Institu-tions. AFOSI obtains personal financial data on subjects of criminal investigations according to DoD Directive 5400.12, Obtaining Information From Financial Institutions, February 6, 1980, with Changes 1 and 2.
1.10.1. AFOSI submits the RCS DD-COMP[A]1538, Right to Financial Privacy Act of 1978 Annual Report, to the Secretary of the Air Force, Inspector General, Criminal Investigations and Counterintelligence Directorate (SAF/IGV), by 1 February annually.

1.11. Providing Investigative Support to the Army and Air Force Exchange Service (AAFES). AFOSI is the executive agency for the coordination of criminal investigative support to AAFES.

1.11.1. AFOSI exchanges information with the US Army Criminal Investigations Command (USACIDC) in cases involving concurrent or conflicting responsibilities.
1.11.2. AFOSI conducts criminal investigations at HQ AAFES, oversea AAFES headquarters , AAFES facilities on Air Force installations, and off-base facilities that primarily serve Air Force personnel or installations. AFOSI may refer some criminal allegations to the security police according to attachment 2.
1.11.3. AFOSI must not investigate an individual or activity under Army control without the concurrence of the local USACIDC commander.

1.12. Using Counterintelligence and Investigative Contingency Funds (C-Funds). AFOSI uses C-Funds for any requirement that contributes to counterintelligence and investigative missions or aids in acquiring counterintelligence or criminal investigative information. Title 10, United States Code, Chapter 3, Section 127(a), provides the authority to spend these funds.
1.12.1. Within AFOSI, the:

Secretary of the Air Force (SECAF) sets the annual expenditure limitation.
Air Force Administrative Assistant to the SECAF (SAF/AA) reports C-Funds expenditures to the Office of the Secretary of Defense.
Air Force Inspector General (SAF/IG) oversees the Air Force C-Funds program and delegates to the Commander, AFOSI, the authority to approve expenditures.
Commander, AFOSI, manages and implements the C-Funds program and ensures that expenditures are proper. The Commander, AFOSI, or a designee, must approve the use of C-Funds for liaison functions that representatives of foreign law enforcement and intelligence agencies and key representatives of US Federal, state, county, and local law enforcement and intelligence agencies attend.
Air Force Audit Agency (AFAA) audits the C-Funds program annually to ensure compliance with this instruction and internal AFOSI instructions.

1.12.2. The C-Funds Custodian at each field unit is responsible for all cash on hand, which must:

Not exceed $7,000.00.
Remain in a General Services Administration (GSA)-approved container with a three-position combination lock.

1.13. Operating the Source Program. AFOSI operates a source program consisting of people who confidentially provide vital information for the quick resolution of criminal investigations and counterintelligence matters.
1.13.1. AFOSI briefs installation commanders on this program when they assume command.

1.14. Training Special Agents. The Commander, AFOSI, oversees the operation of the US Air Force Special Investigations Academy where all special agents receive training.

Chapter 2
ACQUIRING INFORMATION ABOUT NON-DoD US PERSONS

2.1. US Person Defined. For the purpose of this instruction, a US person is one of these:

A US citizen.
A foreign national lawfully admitted into the United States for permanent residence.
An unincorporated association substantially composed of US citizens or permanent resident aliens.
A corporation incorporated in the United States, except for a corporation directed and controlled by a foreign government or governments. A corporation or corporate subsidiary incorporated abroad, even if partially or wholly owned by a corporation in the United States, is not a US person.

2.1.1. The Air Force considers a person or organization outside the United States or an alien in the United States to be a non-US person unless it receives specific information to the contrary.

2.2. Authorized Activities. Air Force commanders may gather information that is essential to accomplishing assigned missions, including information about activities threatening DoD personnel and installations, including vessels, aircraft, communications equipment, and supplies. These types of activities warrant information-gathering:
2.2.1. Subverting the loyalty, discipline, or morale of Air Force or DoD personnel by actively encouraging violation of law, disobedience of lawful order or directive, or disruption of DoD activities.
2.2.2. Stealing arms, ammunition, or equipment, or destroying or sabotaging facilities, equipment, or records belonging to US Air Force or DoD units or installations.
2.2.3. Jeopardizing the security of US Air Force and other DoD elements or operations or compromising classified defense information by unauthorized disclosure or by espionage.
2.2.4. Illegally demonstrating on active or reserve Air Force installations.
2.2.5. Threatening Air Force or DoD personnel in connection with their official duties or other persons whom the Air Force has authority to protect.
2.2.6. Endangering facilities that have classified defense contracts or that have received official designation as key defense facilities.
2.2.7. Committing crimes that the Air Force investigates or prosecutes.

2.3. Prohibited Activities. Restrict the collection of information on US persons not affiliated with DoD to that information essential to accomplish assigned Air Force missions. The Air Force prohibits the following activities:
2.3.1. Collecting information about a US person solely because that person lawfully disagrees with US Government policy.
2.3.2. Using physical or electronic surveillance on Federal, state, or local officials, or on candidates for such offices.
2.3.3. Using electronic surveillance on any person except as the law authorizes.
2.3.4. Assigning, without specific prior approval by the SECAF, Air Force personnel to attend public or private meetings, demonstrations, or other similar activities to acquire information that this instruction authorizes.
2.3.4.1. Commanders must send each request to SAF/IG. SAF/IG reviews each request and processes it for SECAF approval when a threat to Air Force Resources exists. EXCEPTION: A local commander or higher authority may forgo obtaining SECAF approval when the threat is direct and immediate and insufficient time exists to seek prior approval. The commander must send SAF/IG a report explaining the details and circumstances of each incident.
2.3.5. Maintaining computerized databanks on US persons who are not affiliated with DoD. The Deputy Under Secretary of Defense for Security Policy (DUSD[SP]) provides the approval for exceptions.
2.3.5.1. Commanders must send each request for an exception to SAF/IG, which processes it and, in turn, sends it to DUSD(SP) for approval, if appropriate.

2.4. Factors To Consider When Acquiring Information. Commanders shall consider the political factors outside the United States in reaching a decision to collect and maintain information to protect Air Force and DoD personnel and property. Relevant factors include the:

Level of disruptive activity against US forces.
Competence of host country investigative agencies.
Absence of other US investigative capabilities.
Unique and vulnerable position of US forces abroad.

2.5. Operational Guidance. Commanders consider these factors when collecting and maintaining information under this instruction.
2.5.1. Only government agencies that require the information to execute their duties may have access to it.
2.5.2. DoD Directive 5200.27, Acquisition of Information Concerning Persons and Organizations not Affiliated With the Department of Defense, January 7, 1980, requires commanders to destroy all information that they have obtained under this instruction within 90 days unless the criteria that the DUSD(ASP) has set up specifically authorizes retaining it longer.
2.5.3. This instruction does not void or alter any provision in the April 1979 agreement between DoD and the US Attorney General concerning the conduct of counterintelligence activities with the Federal Bureau of Investigation (FBI). It does not prevent the collection of information required by federal statute or Executive Order.
2.5.4. This instruction does not void or alter any mission responsibilities of Air Force units.
2.5.5. This instruction encourages the prompt reporting to law enforcement agencies of any information suggesting a threat to life or property or a violation of law and encourages keeping a record of such a report.
2.5.6. This instruction encourages commanders to actively acquire the following information:

A listing of Federal, state, or local officials who are responsible for controlling civil disturbances.
Physical data on vital public or private installations, facilities, highways, and utilities.

2.6. Operations Related to Civil Disturbances. The Secretary of Defense has designated the Secretary of the Army as the approval authority to collect essential information to aid civil authorities during civil disturbances. The Secretary of the Army may approve the collection of information when a distinct threat of a civil disturbance exceeding the law enforcement capabilities of state and local jurisdictions exists.
2.6.1. Commanders must send each request for approval to SAF/IG.
2.6.2. If appropriate, SAF/IG forwards the request through SECAF to the Secretary of the Army for approval.

2.7. Reporting Violations. Report all suspected violations of this instruction to the Inspector General for the area in which the violation occurred.

Chapter 3
COUNTERINTELLIGENCE

3.1. Counterintelligence Investigations, Operations, Collections, and Activities:
3.1.1. AFOSI initiates and conducts all counterintel-ligence investigations, operations, collections and other related counterintelligence activities for the Air Force.
3.1.1.1. In the United States, AFOSI coordinates these activities with the FBI.
3.1.1.2. Outside the United States, AFOSI coordinates these activities with the Central Intelligence Agency (CIA).

3.2. Counterintelligence Awareness and Briefing Program:
3.2.1. AFOSI is the installation-level training agency for Counterintelligence Awareness briefings.
3.2.2. Air Force commanders ensure that their personnel receive briefing on the counterintelligence threat that foreign intelligence services (FIS) pose and on the requirements of this instruction.
3.2.2.1. Air Force commanders seek to instill in their personnel a high level of awareness of the threat to classified, sensitive, and proprietary information from foreign sources as well as from inadvertent or deliberate disclosures by cleared personnel.
3.2.2.2. Military personnel must receive recurring awareness briefings upon permanent change of station or at least every 3 years.
3.2.2.3. Civilian employees must receive recurring briefings at least every 3 years.
3.2.3. The Air Education and Training Command (AETC) provides military members with their initial awareness briefing during basic training or precommissioning programs.
3.2.4. Air Force commanders ensure that military personnel entering the Air Force directly through means other than AETC and civilian personnel receive the briefing during their initial assignment.
3.2.5. Other defense components acquiring military and civilian personnel must brief them according to DoD Directive 5240.6, Counterintelligence Awareness and Briefing Program, February 26, 1986.
3.2.6. Trainers tailor the briefing for the audience and include:

The threat posed by foreign intelligence, foreign government-sponsored commercial enterprises, terrorists, and international narcotics trafficking organizations.
The threat to the specific installation or mission.
Specific security vulnerabilities of the command.
A discussion of how the threat applies to the installation and the individual's responsibilities.
The reporting requirements of this instruction.

3.2.7. The following individuals must adhere to the reporting requirements that this section identifies:

Active duty Air Force personnel and civilian employees.
US Air Force Reserve personnel while in active status.
Air National Guard personnel when federalized.
Foreign national employees of the DoD in oversea areas, depending on command wishes and Status of Forces Agreements (SOFA).
Contract employees and employees of companies under contract with the DoD when the contracting officer considers it necessary and writes it into the contract.
Civilian employees of US defense agencies (except the Defense Intelligence Agency [DIA]) for which AFOSI provides counterintelligence support and oversea employees for whom the Air Force provides administrative and logistical support.

3.2.8. The individuals in paragraph 3.2.7 must immediately report the following situations to AFOSI:

Any unofficial contact with a non-US citizen who is employed by a foreign diplomatic establishment.
All attempts or requests by any person, including US Air Force civilian or active duty military personnel, to gain unauthorized access to classified or otherwise sensitive information.
Any event that suggests that you might be the target of a FIS or terrorist group.
Any information indicating the planned or actual, deliberate compromise or unauthorized release of classified or controlled information.
Any offer to give you classified or otherwise sensitive information.
All information regarding the intentions of terrorist organizations.
All information regarding planned or actual acts of sabotage or subversion.

Chapter 4
SPECIALIZED INVESTIGATIVE SERVICES

4.1. Forensic Hypnosis:
4.1.1. Requesting Forensic Hypnosis Interviews. Any person who wants to use hypnosis or drug-induced interviews for investigative or administrative purposes must contact the closest AFOSI office, which processes the request.

4.2. Polygraph Testing:
4.2.1. Requesting US Air Force Polygraph Tests. Air Force organizations with responsibility for security, law enforcement, or the administration of criminal justice and DoD Components that receive investigative support from the Department of the Air Force may request US Air Force polygraph tests using this procedure:
4.2.1.1. Submit requests by message or letter to the nearest AFOSI unit.
4.2.1.2. The AFOSI unit sends the request to the AFOSI Investigative Operations Center, Polygraph Office (IOC/PLG), for approval. Include:

Name (include maiden name or aliases), age, and sex of person you wish to examine.
Social Security number of person you wish to examine.
Military organization of person you wish to examine.
A summary of the pertinent facts, including the date, place, and nature of the offense or matter.
Reason why you consider the examination essential.
Statement about whether the person you wish to examine has received trial by either a civil or military court or has accepted Article 15 punishment for the offense or matter concerned.
Statement about whether charges of any kind exist against the person you wish to examine.
Any other action that another party has taken or considered against the person you wish to examine.
The opinion of the local Staff Judge Advocate (SJA) on the use of a polygraph in the matter.
A copy of the investigation report if AFOSI did not conduct the investigation.
Other facts that the requester believes should be considered.

4.2.2. Waivers to the Polygraph Policy. Any person or entity requesting a waiver to the polygraph policy must submit a letter or message to the Commander, AFOSI. AFOSI processes the request and sends it to the Office of the Assistant Secretary of Defense, Command, Control, Communications, and Intelligence (OASD C3I), who approves exceptions consistent with the Federal Personnel Manual-P, appendix D, chapter 736, Investigations, and in the interest of national security.

4.3. Requesting Technical Surveillance:
4.3.1. Requesting Nonconsensual Interceptions of Wire, Oral, or Electronic Communications. To request a nonconsensual interception of wire, oral, or electronic communication in the United States, AFOSI prepares a Request for Authorization in accordance with DoD Directive 5200.24 and sends it to the Secretary of the Air Force, General Counsel (SAF/GC).
4.3.1.1. For interceptions that will occur in the United States, SAF/GC sends the Request for Authorization through the Deputy Assistant Secretary of Defense, Counterintelligence, Security Countermeasures (DASD [CI/SCM]), to the Department of Defense, General Counsel (DoD/GC), for approval to seek a court order.
4.3.1.2. The official making the request coordinates with an attorney from the Department of Justice or the US Attorney's office to prepare the documents needed to get a court order as shown in 18 U.S.C. 2518. The Department of Justice attorney sends these documents to the Attorney General or to the designated Assistant Attorney General for approval, as shown in 18 U.S.C. 2516.
4.3.1.3. The attorney from the Department of Justice, with a military lawyer from the SJA's office, formally applies for a court order once the Attorney General or appropriate designee has approved the request.
4.3.1.4. If the interception will occur on a military installation, the installation commander signs an AF Form 1176, Authority To Search and Seize, after seeking the advice of the installation SJA to ensure that all legal requirements are met.
4.3.2. Requesting Nonconsensual Interceptions of Wire, Oral, or Electronic Communications Abroad. To request approval for nonconsensual interceptions of wire, oral, or electronic communications abroad, AFOSI initiates and processes the request following procedures outlined in paragraph 4.3.1. Then:
4.3.2.1. If the target of the interception is subject to the UCMJ, and if DoD/GC approves the request, AFOSI formally applies to a qualifying military judge for a court order using the rules in 18 U.S.C. 2518(1). The military judge processes the request in accordance with DoD Directive 5200.24.
4.3.2.2. If the target of the interception is a person who is not subject to the UCMJ, DoD/GC decides whether to approve the request and what further approval the request needs.
4.3.2.3. The SAF/GC determines if a situation warrants an emergency approval for the nonconsensual interception. If yes, the SAF/GC must handle the approvals according to DoD Directive 5200.24.
4.3.3. Requesting Consensual Interceptions of Wire, Oral, or Electronic Communications. To request approval for consensual interceptions of wire, oral, or electronic communications, AFOSI sends a request prepared in accordance with DoD Directive 5200.24, to SAF/GC, which returns a written approval or disapproval.
4.3.3.1. The Commander of AFOSI approves emergency requests for consensual interceptions in accordance with DoD Directive 5200.24 when before written approval can not be obtained from SAF/GC.
4.3.3.1.1. AFOSI makes a written record of all emergency requests, including justification for the emergency action, and forwards it to SAF/GC within 72 hours of the emergency approval.
4.3.4. Requesting Pen Registers and Trap-and-Trace Devices. To request approval for the use of nonconsensual pen registers and trap-and-trace devices, AFOSI prepares a request in accordance with DoD Directive 5200.24 and sends it to SAF/GC for approval to seek a court order.
4.3.4.1. In emergency situations, the Commander, AFOSI, approves seeking the court order.
4.3.4.1.1. AFOSI makes a written record of each emergency request, including a justification for the emergency action, and forward it to SAF/GC within 72 hours of the emergency approval.
4.3.4.2. Within the United States, and after the approval to seek the court order, AFOSI agents request the local Assistant US Attorney to apply to the appropriate court, in accordance with 18 U.S.C. 3122, for an order authorizing the nonconsensual pen register or trap-and-trace operation.
4.3.4.3. Abroad, in cases in which the target of the operation is a person subject to the UCMJ or the trace is to involve a military installation, a judge advocate may apply for a court order to a military judge that The Judge Advocate General of one of the Armed Forces specifically designates.
4.3.4.3.1. The judge advocate makes a written application under oath for the court order or extension of a court order in accordance with DoD Directive 5200.24.
4.3.4.3.2. If applicable legal requirements are met the military judge enters an ex parte order authorizing the installation and use of a pen register or a trap and trace device according to DoD Directive 5200.24.
4.3.4.4. To conduct consensual trap-and-trace operations on a military installation, the requesting AFOSI office submits a request to the installation commander, who decides whether to approve the operation after coordinating with the servicing staff judge advocate.
4.3.4.5. For consensual trap-and-trace operations on military installations abroad, the operation must comply with any applicable SOFA and foreign law.
4.3.5. Waiving Interception Policies. The Secretary of Defense approves all waivers to policy regarding interception of oral, wire, or electronic communication. HQ USAF/JA or a designee coordinates all waivers and sends them through the Secretary of the Air Force, Administrative Assistant (SAF/AA), and SAF/GC to the Secretary of Defense.

4.4. Technical Surveillance Countermeasures (TSCM):
4.4.1. Requesting TSCM Services. Air Force or DoD entities or contractors responsible for a secure or proprietary area where classified information is discussed on routine basis are authorized to submit written requests for a TSCM survey to the servicing AFOSI detachment. CAUTION: Do not telephone AFOSI when requesting a TSCM survey. Include:

Classify the request according to paragraph 4.4.3.
The address, building, and room number for the specific facility that you want to survey.
The name of the organization using the area and a brief synopsis of the mission.
The size of the area in square feet.
The name of the individual who has security responsibility for the area.
Special access authorization requirements for agents who will perform the survey. NOTE: AFOSI will pass Special access authorization data through the servicing Special Security office.
Security classification of the information that you wish to protect in the area. Indicate if the sensitive information is discussed or used on a continuing basis.
A statement that all construction is, or will be, complete at the time of the TSCM survey.
A statement that all equipment and furnishings are, or will be, in place at the time of the TSCM survey.
A statement that adequate physical security measures are, or will be, in effect to keep any unauthorized people from entering during and after the survey.
The desired date for conducting the survey. State if conferences, relocations, or other scheduled events are planned.
A narrative description of unique mission responsibilities that would affect the priority of the request.
A floor plan of the area that you wish to survey. If a blueprint is not available, attach a hand-drawn floor plan showing the dimensions of the area.

4.4.1.1. If you are making a request for an area that has previously undergone a TSCM survey, identify the actions that previous applicants took to correct security vulnerabilities and state the justification for the new survey. Once an area has had a TSCM survey, AFOSI will not do additional surveys unless you or other responsible parties have taken action to correct previous security vulnerabilities or one or more of the following conditions exist:

Uncleared personnel have been building in the area.
Unauthorized personnel have had uncontrolled access to the area.
The Air Force TSCM Program Manager has approved the area for recurring TSCM surveys according to this instruction.

4.4.1.2. If the request pertains to an area that has previously undergone a survey, include the AFOSI case file number from the previous survey.
4.4.2. Preparing for TSCM Services. Any entity requesting a TSCM survey must:

Ensure the telephone security of areas that will undergo the survey.
Ensure that adequate acoustical barriers exist at area boundary surfaces.
Apply necessary physical security safeguards to prevent clandestine physical access to the area.
Remove all electronic or recording equipment that the unit commander or equivalent agency chief has not certified as essential to the mission.
Ensure that all construction and interior decoration are complete and all equipment and furnishings are in place before the survey.
Ensure that only those people with an absolute need-to-know learn that a TSCM request or actual survey is underway.
Ensure a normal working atmosphere in the area before and during a TSCM survey, such as preventing any talk in the area that would reveal a TSCM survey might happen or is happening.
Take all necessary precautions to prevent compromising the survey.
Ensure that the survey team has complete and unescorted access to the survey area. (If the area is to undergo surveying on a recurring basis, the Requesting Authority must ensure that the Special Agents assigned to the servicing AFOSI Technical Services Division receive permanent restricted area badges, and so forth.)

4.4.2.1. The requesting entity must correct all security vulnerabilities and items of security interest that the TSCM survey report identifies or accept the risk and consequences of not correcting them. Alternative corrective actions that achieve the same objective as those that the AFOSI survey team recommends are satisfactory.
4.4.3. Using TSCM Classification Guidance and Procedures. Any person or entity who creates information or documents pertaining to the TSCM program must use the guidance in subparagraphs 4.4.3.1 through 4.4.3.11 to determine proper classification and to mark documents accordingly, using this instruction as the classification authority. For the purposes of this paragraph, the term "specific area" means the room, building, installation, or city.
4.4.3.1. Classify information that reveals the specific area and date of pending or current TSCM activity as SECRET. Downgrade the information to CONFIDENTIAL on completion of the TSCM activity, with Originating Agency Determination Required (OADR) for declassification.
4.4.3.2. Classify information that reveals the specific area (without a date) of pending or current TSCM activity as CONFIDENTIAL, OADR.
4.4.3.3. Classify information that reveals the specific area (with or without a date) of completed TSCM activity as CONFIDENTIAL, OADR.
4.4.3.4. Classify technical summaries, survey reports, and other correspondence documenting major security vulnerabilities as SECRET, OADR.
4.4.3.5. Classify minor security vulnerabilities and items of security interest as CONFIDENTIAL, OADR.
4.4.3.6. Classify information about the discovery or alleged discovery of a technical surveillance device as SECRET, OADR, for downgrading or declassification. If Air Force organizations other than AFOSI originate documents containing such information, they must coordinate with the TSCM Program Manager before downgrading or declassifying information.
4.4.3.7. Classify information that reveals the capabilities or limitations of TSCM equipment, TSCM equipment budgets or procurement actions, or TSCM policies or procedures as SECRET, OADR, depending on the extent and sensitivity of such information.
4.4.3.8. Classify facility or program threat assessments that TSCM personnel conduct as SECRET, OADR.
4.4.3.9. Classify travel orders for AFOSI TSCM personnel as SECRET, OADR, depending on the sensitivity of the facility or facilities that the TSCM personnel service during TDY travel.
4.4.3.10. Where appropriate, add the restrictive legends "Not Releasable to Foreign Nationals NOFORN," or "Not Releasable to Contractors/Consultants NOCONTRACT" to the classified material for which this paragraph provides direction.
4.4.3.11. If the requesting authority believes that information about the survey of a facility requires classification at a higher level than this instruction authorizes, the requesting authority must provide the appropriate classification authority.
4.4.4. Receiving Recurring Surveys. AFOSI conducts threat and vulnerability assessments of facilities that they survey according to the guidelines that the National Advisory Group for Security Countermeasures, Committee on Technical Surveillance (COTS), has set up. AFOSI selects a facility for recurring surveys according to these assessments.
4.4.5. Requesting Other DoD Components' TSCM Services. Submit requests for TSCM support by sister DoD components according to paragraph 4.4.1 of this instruction.
4.4.6. Initiating Unrequested Surveys. AFOSI may independently determine that a TSCM survey is desirable and initiate the appropriate survey. In those instances, the Air Force TSCM Program Manager approves the request and coordinates it with the installation commander or equivalent.
4.4.6.1. AFOSI provides the TSCM survey report to the installation commander.
4.4.6.2. The installation commander may provide copies or extracts of the report to affected subordinate commanders or security managers. Additional dissemination must comply with paragraph 4.4.11.
4.4.7. Reporting Suspected Eavesdropping Devices. Any person who discovers an actual or suspected technical surveillance device must report it immediately to the person responsible for the security of the area. That communication must not occur in the area of the suspect device and should occur outside the building.
4.4.7.1. The person responsible for the security of the area must:

Immediately notify the nearest AFOSI detachment by secure means (outside the area).
Leave the suspect device in place and secure the area.
Prevent any person that AFOSI has not authorized from tampering with or removing the device.
Continue normal work in the area as much as possible, but don't discuss classified information or the suspect device in the area.
Brief only people who have a direct tie to the facility and must immediately know about the suspect device. Do not share information with any others unless the Air Force TSCM Program Manager has specifically authorized it.
Not talk about the suspect device in the area in which it is located.
Take all steps necessary to keep the discovery of the device secret.

4.4.7.2. The Air Force TSCM Program Manager notifies the Chairperson, COTS, and OASD/C3I of the discovery and provides investigative information.
4.4.8. Conducting Technical Security Threat Briefings. AFOSI:

Presents briefings on current technical security threats and the procedures for reporting a suspect device.
Provides technical security threat briefings to:
- Personnel who are responsible for the security of sensitive facilities.
- Any cleared personnel at sensitive facilities that receive the TSCM survey support.

4.4.8.1. Individuals or offices that want technical security threat briefings send written requests that contain the following information to the nearest AFOSI detachment:

The name of the organization or activity sponsoring the briefing.
A brief synopsis of the activity's mission.
The location of the briefing.
The approximate number of individuals who plan to attend the briefing, their level of security clearance, and a brief synopsis of their positions within the organization (such as command staff, security managers, and so on).
Any specific areas of interest that the requesting authority believes the briefing should emphasize.
The desired date of the briefing.

4.4.8.2. Send the request as far in advance of the briefing as possible if you are planning the briefing to be a component part of a larger function, such as a commander's conference.
4.4.9. Conducting Physical Security Surveys. AFOSI conducts physical security surveys as a service to customers who are designing future secure areas that will eventually require TSCM surveys. To request this service, the appropriate security manager prepares a request per paragraph 4.4.1 of this instruction.
4.4.10. Planning Classified Projects. Organizations planning the development of major new classified projects or programs must consider the need for TSCM services early in the planning process If they believe the new project or program will need TSCM services, the office of primary responsibility (OPR) must notify the Air Force TSCM Program Manager through the servicing AFOSI detachment.
4.4.10.1. If the TSCM manager requires additional AFOSI resources to provide the necessary support, the TSCM Program Manager notifies the OPR of the requirement.

4.4.10.2. The OPR must program for the required resources. Failure to do so results in delay or denial of TSCM services.
4.4.11. Distributing TSCM Information. The Air Force TSCM Program Manager approves all reports and information that AFOSI generates and distributes under the TSCM Program. Recipients of those reports or information may not distribute them further except as noted here:
4.4.11.1. If the TSCM survey report identifies a condition that requires corrective action by another organization such as the telephone company or civil engineers, the facility security manager gives them an unclassified extract from the report. Extracts must not divulge AFOSI association or the significance of the problem with regard to technical security.
4.4.11.2. Recipients of information regarding suspect or actual technical surveillance devices and TSCM methods or equipment release this information only if the Air Force TSCM Program Manager has specifically approved the release.

MARCUS A. ANDERSON, Lt General, USAF

The Inspector General

GLOSSARY OF TERMS

Abroad--Outside of the United States, its territories, and possessions. An interception abroad takes place when an individual locates and operates an interception device outside the United States and insufficient evidence exists to conclude that the target of the interception is in the United States.

Action Authority--Usually an installation commander or higher authority primarily responsible for taking judicial or administrative action in an AFOSI investigation.

C-Funds--Emergency and Extraordinary (E&E) Expense Funds are used to further the counterintelligence and investigative missions of the Air Force. This subdivision of operation and maintenance (O&M) funds is allocated to AFOSI, through SAF/IG, by the Secretary of the Air Force (SECAF) under a legal limitation to reimburse investigators for authorized expenses that they have incurred in the performance of their assigned duties.

Credible Information:

Criminal Cases--Information disclosed to or obtained by an investigator that, considering the source and nature of the information and the complete circumstances, is sufficiently believable to indicate criminal activity has occurred and reasonably warrants further investigation to determine whether a criminal act did or may have occurred.
Sexual Misconduct Cases--Information, considered in light of its source and the circumstances, that supports a reasonable belief that a service member has engaged in adult private consensual sexual misconduct. Credible information consists of articulable facts, not just a belief or suspicion.

Criminal Investigation--An investigation of possible criminal violations of the United States Code, the Uniform Code of Military Justice, or, when appropriate, state or local statutes or ordinances or foreign law.

Defense Clearance and Investigations Index--A computerized, central index of investigations for all DoD investigative activities that the Defense Investigative Service (DIS) manages. The eight contributors to the index are:

The US Army Investigative Records Repository.
US Army Crime Records Directorate.
Naval Criminal Investigative Service.
Department of Defense Inspector General.
The Air Force Intelligence Support Agency.
National Security Agency.
DIS.
AFOSI.

Electronic Communication--Any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature that a wire, radio, electromagnetic, photoelectronic, or photo-optical system affecting interstate or foreign commerce has transmitted in whole or in part. Does not include:

The radio portion of a cordless telephone communication that takes place between the cordless telephone handset and the base unit.
Any wire or oral communication.
Any communication that a tone-only paging device transmits.
Any communication from a tracking device as 18 U.S.C. 3117 defines.

Extract--A verbatim portion or combination of portions of a report of investigation selected for use in a judicial or administrative proceeding.

Incidentals--Any person or entity associated with a matter under investigation and whose identity may be of subsequent value for law enforcement or security purposes.

Indexing--The recording of information so that an orderly retrieval process can identify and access a particular file or investigation.

Interception--According to 18 U.S.C. 2510(4), the aural acquisition of the contents of any wire or oral communication through use of any electronic, mechanical, or other device. The term "contents," when used with respect to any wire, oral, or electronic communication, includes any information concerning the substance, purport, or meaning of that communication.

Items of Security Interest--Items noted during the course of a TSCM survey that have a bearing on the overall security of the facility but are not serious enough to be considered security vulnerabilities. Examples of such items are:

Failure to comply with administrative security requirements.
A malfunctioning alarm sensor within a separate alarm zone while the facility is still protected by a functioning perimeter alarm.
Security practices that don't fully enforce the need-to-know principle for access to information.

Liaison Function--An official gathering with foreign or US citizens that gives AFOSI personnel access to counterintelligence or investigative sources, counterparts, information, or cooperation.

Oral Communication--Any oral communication uttered by a person exhibiting an expectation that such communication is not subject to interception under circumstances justifying such expectation, but such term does not include any electronic communication. (18 U.S.C. 2510[2]).

Pen Register--A device that records or decodes the numbers dialed or otherwise transmitted on the telephone line to which such device is attached. This term does not include any device that a provider or customer of a wire or electronic communication service uses. The term can refer to any device that a provider or customer of a wire communication service uses for cost accounting or other like purposes. (18 U.S.C. 3127[3]).

Proprietary Area--An area where:

Physical security measures are normally less than those of a secure area.
Proprietary information is discussed on a routine basis.
Classified information is seldom if ever discussed. For example, a staff judge advocate's office, a major command (MAJCOM) commander's residence or office, or an Air Force procurement office where significant contracts are processed.

Proprietary Information--Sensitive, unclassified information that is the property of the US Government. Examples include information that relates to significant procurement matters, the formulation of Air Force or MAJCOM policy, and the prosecution or litigation of major judicial matters.

Report of Investigation--The official written record of an AFOSI investigation. The record copy of all investigations is maintained at AFOSI/DIR, 226 Duncan Avenue, Suite 2100, Bolling AFB DC 20332-0001, and destroyed according to AFMAN 37-139, Records Disposition--Standards (formerly AFR 4-20, Volume 2).

Security Vulnerability--A deficiency in the physical or technical security safeguards of an area that could permit access to the area by uncleared or unauthorized personnel or facilitate a covert surveillance or the installation of a technical surveillance device.

Sexual Misconduct--A sexual act or acts (heterosexual or homosexual) in violation of Title 10, U.S.C., Chapter 47, UCMJ, Sections 801-940, that occur between consenting adults, in private, on or off a military installation. It does not include any sexual act or acts that involve allegations of force, coercion or intimidation; abuse of position or rank; fraternization; persons under the age of 16; or conduct that relates directly to applicable security standards for access to classified information.

Sexual Orientation--An abstract sexual preference for persons of a particular sex, as distinct from a propensity or intent to engage in sexual acts.

Subject--A person, corporation, other legal entity, or organization about which credible information exists that would cause a reasonable person to suspect that party to have committed a criminal offense or would make the party the object of a criminal investigation.

Summary--A condensed version of a report of investigation that succinctly discusses the allegation and results of the investigation. It may include copies of statements. A judicial or administrative proceeding may use a summary.

Technical Security--Security measures taken to prevent the installation of technical surveillance devices and the exploitation of security vulnerabilities.

Technical Surveillance--All activities associated with installing and operating equipment for the audio, optical, or electronic recording or monitoring of people, places, things, data, or any wire, oral, or electronic communication. Technical surveillance does not include use of viewing equipment (such as binoculars, night vision devices, or telephoto lens-photographic camera combinations used for viewing only) while doing a physical surveillance.

Technical Surveillance Device--A device installed to covertly monitor or record activities in a target area.

Technical Surveillance Penetration--A deliberate, unauthorized, covert placement of a device, or the covert employment of a technique, that allows the monitoring of activities within an area for the purpose of gaining information.

Titling--Placing the name of a person, corporation, other legal entity, organization, or occurrence in the subject block of an investigative report. Titling is an operational rather than a legal decision. Final responsibility for the decision to title an individual or entity rests with AFOSI. Titling and indexing do not, in and of themselves, imply any degree of guilt or innocence.

Trap-and-Trace Device--A device that identifies the originating number of an instrument or device that transmitted a wire or electronic communication. (18 U.S.C. 3127[4]).

TSCM Program Manager--The individual that the Secretary of the Air Force or designee appoints to manage all facets of the Air Force TSCM Program. The TSCM Program Manager has approval authority for all activities conducted according to this instruction. Except where otherwise noted, the TSCM Program Manager may delegate approval authority.

TSCM Survey--A TSCM survey is a service that highly specialized Special Agents of AFOSI or similar DoD agencies provide to detect the presence of technical surveillance devices and hazards and to identify technical security vulnerabilities and items of security interest. A TSCM survey provides a command with a professional evaluation of the facility's technical security status. It normally consists of a thorough visual, electronic, and physical examination.

United States--For this instruction, the 50 states of the United States, the District of Columbia, the Commonwealth of Puerto Rico, and any territory or possession of the United States.

US Person--For this instruction, US citizens, aliens admitted to the United States for permanent residence, corporations incorporated in the United States, and unincorporated associations organized in the United States and substantially composed of US citizens or aliens admitted for permanent residence.

User--Any person or entity who uses an electronic communication service and whom the provider of the service has authorized.

Wire Communication--Any aural transfer made in whole or in part through the use of wire, cable, or other like connection between the point of origin and the point of reception (including the use of such connection in a switching station). The term includes any electronic storage of such communication but does not include the radio portion of a cordless telephone communication that takes place between the cordless telephone handset and the base unit. (18 U.S.C. 2510[1]).

AFOSI AND SECURITY POLICE INVESTIGATIVE MATRIX

Use table A2.1 to determine the correct investigative resource for specific case types.

Table A2.1. AFOSI and Security Police Investigative Matrix.

R A B C

U

then contact

L

Air Force Security Police

E If case category is AFOSI about: about:

1 Assault aggravated assault involving serious bodily harm or requiring extensive investigation; and serious child abuse or serious neglect that involves infliction of serious bodily harm. simple assaults excluding serious child abuse or serious neglect.

2 Bad Checks cases involving ring-type* activity, numerous utterances at various installations, or high-dollar accumulation. cases as necessary to support command.

3 Black Market large black-market transfers, ring-type activity, and those activities involving coordination with host-country investigative agencies. localized cases involving low-value items. Notify AFOSI when subject has TOP SECRET clearance or sensitive access.

4 Bribery all. none.

5 Counterfeiting

6 Customs Violations major violations, those requiring coordination with Federal agencies outside the local area, or ring-type activities. localized investigations resulting from security police customs inspections.

7 Death Investigations--Murder, voluntary and involuntary manslaughter, suicide, and death by unknown causes all except deaths in vehicle accidents, natural deaths, and deaths without criminal intent. all vehicle accidents not involving hit-and-run, and all deaths not involving criminal intent or intent to commit suicide.

8 Drug Abuse
all cases of sale, transfer, trafficking, or smuggling.
selected use or possession cases intended to identify dealers and traffickers.
all investigations of persons not subject to the UCMJ under DoD Memo 5.
localized investigations involving use or possession. (Conduct field tests on security police cases. Participate with AFOSI in joint operations involving dealers.)

9 Forgery major forgery cases involving the US Treasury or other Federal agency. localized forgery matters not involving US Federal agencies.

10 Fraudulent Enlistment, Appointment, or Discharge all. none.

11 House Breaking cases involving ring-type activity or aggravated assault. localized cases.

12 Impersonation--Assuming a false identity all except minor localized incidents. Localized incidents in which the only goal was to impress others and that did not involve pecuniary gain or the US mail as a transmittal vehicle.

13 Intimidation--Extortion, kidnapping, attempted bombings, hijackings, and terrorist acts all, unless deferred. Bomb threats and localized threats to injure or extort money or favors from others in which no overt act actually occurred.

14 Improper Use or Diversion of Government Property major cases and those involving manipulation or falsification of records. minor localized incidents.

15 Larceny By Fraud--Manipulation or falsification of records, receipts, inventories, and so on to cover thefts all. none.

16 Larceny of Government Property
thefts of high-value property and controlled drugs.
ring-type activity.
significant thefts and losses of Arms, Ammunition, and Explosive Materials (AA&EM).
localized investigations, including low-value thefts of AA&EM unless you suspect fraud or terrorist activity.

17 Larceny of Private Property major cases involving high-value or ring-type activity. localized incidents involving low-dollar value thefts.

18 Misconduct--Attempted suicides, bigamy, and so forth bigamy, attempted suicides, and ring-type activity. localized investigations of suicidal gestures or misconduct.

19 Perjury--False official statements. cases involving leads to other locations or requiring the submission of evidence to the FBI or other Federal crime laboratory. other localized incidents.

20 Postal Violations all. none.

21 Procurement, Disposal, and Pay-and-Allowance Matters
all cases involving procurement and disposal matters.
major pay-and-allowance matters, including ring-type activities.
pay-and-allowance matters involving low-dollar value loss, as necessary to support command.

22 Property Destruction--Arson, bombing, intentional damage to US Air Force aircraft or aircraft equipment, and intentional damage to Government or private property aggravated arson, intentional damage to US Air Force aircraft or Priority A, B, or C resources, and intentional damage to high-value Government or private property. other localized incidents.

23 Robbery--Armed and unarmed robberies involving serious bodily harm, ring-type activity, appropriated and nonappropriated fund activities, and on-base private financial institutions. localized cases of unarmed robbery involving low-dollar amounts.

24 Security Violations cases that the command specifically requests. cases to support command responsibilities according to AFI 31-401.

25 Sex Offenses--Rape, carnal knowledge, sodomy, indecent exposure, sexual misconduct, voyeurism, and child molestation rape, sodomy, carnal knowledge, child molestation, or cases involving serious bodily harm. localized investigations, including carnal knowledge, indecent exposure, sexual misconduct, and voyeurism on a case-by-case basis. (Notify AFOSI if suspect has TOP SECRET clearance or sensitive access.)

26 Terrorist Acts--Bombings, hijackings, kidnapping, and thefts of weapons, explosives, and so on all. none.

27 Environmental Crimes all. none.

Ring-type activity is continuing activity involving more than a simple conspiracy to commit a crime.

Table A2.1. AFOSI and Security Police Investigative Matrix.
R	A	B	C
U		then contact
L			Air Force Security Police
E	If case category is	AFOSI about:	about:
1	Assault	aggravated assault involving serious bodily harm or requiring extensive investigation; and serious child abuse or serious neglect that involves infliction of serious bodily harm.	simple assaults excluding serious child abuse or serious neglect.
2	Bad Checks	cases involving ring-type* activity, numerous utterances at various installations, or high-dollar accumulation.	cases as necessary to support command.
3	Black Market	large black-market transfers, ring-type activity, and those activities involving coordination with host-country investigative agencies.	localized cases involving low-value items. Notify AFOSI when subject has TOP SECRET clearance or sensitive access.
4	Bribery	all.	none.
5	Counterfeiting
6	Customs Violations	major violations, those requiring coordination with Federal agencies outside the local area, or ring-type activities.	localized investigations resulting from security police customs inspections.
7	Death Investigations--Murder, voluntary and involuntary manslaughter, suicide, and death by unknown causes	all except deaths in vehicle accidents, natural deaths, and deaths without criminal intent.	all vehicle accidents not involving hit-and-run, and all deaths not involving criminal intent or intent to commit suicide.
8	Drug Abuse	all cases of sale, transfer, trafficking, or smuggling. selected use or possession cases intended to identify dealers and traffickers. all investigations of persons not subject to the UCMJ under DoD Memo 5.	localized investigations involving use or possession. (Conduct field tests on security police cases. Participate with AFOSI in joint operations involving dealers.)
9	Forgery	major forgery cases involving the US Treasury or other Federal agency.	localized forgery matters not involving US Federal agencies.
10	Fraudulent Enlistment, Appointment, or Discharge	all.	none.

11	House Breaking	cases involving ring-type activity or aggravated assault.	localized cases.
12	Impersonation--Assuming a false identity	all except minor localized incidents.	Localized incidents in which the only goal was to impress others and that did not involve pecuniary gain or the US mail as a transmittal vehicle.
13	Intimidation--Extortion, kidnapping, attempted bombings, hijackings, and terrorist acts	all, unless deferred.	Bomb threats and localized threats to injure or extort money or favors from others in which no overt act actually occurred.
14	Improper Use or Diversion of Government Property	major cases and those involving manipulation or falsification of records.	minor localized incidents.
15	Larceny By Fraud--Manipulation or falsification of records, receipts, inventories, and so on to cover thefts	all.	none.
16	Larceny of Government Property	thefts of high-value property and controlled drugs. ring-type activity. significant thefts and losses of Arms, Ammunition, and Explosive Materials (AA&EM).	localized investigations, including low-value thefts of AA&EM unless you suspect fraud or terrorist activity.
17	Larceny of Private Property	major cases involving high-value or ring-type activity.	localized incidents involving low-dollar value thefts.
18	Misconduct--Attempted suicides, bigamy, and so forth	bigamy, attempted suicides, and ring-type activity.	localized investigations of suicidal gestures or misconduct.
19	Perjury--False official statements.	cases involving leads to other locations or requiring the submission of evidence to the FBI or other Federal crime laboratory.	other localized incidents.
20	Postal Violations	all.	none.
21	Procurement, Disposal, and Pay-and-Allowance Matters	all cases involving procurement and disposal matters. major pay-and-allowance matters, including ring-type activities.	pay-and-allowance matters involving low-dollar value loss, as necessary to support command.
22	Property Destruction--Arson, bombing, intentional damage to US Air Force aircraft or aircraft equipment, and intentional damage to Government or private property	aggravated arson, intentional damage to US Air Force aircraft or Priority A, B, or C resources, and intentional damage to high-value Government or private property.	other localized incidents.

23	Robbery--Armed and unarmed	robberies involving serious bodily harm, ring-type activity, appropriated and nonappropriated fund activities, and on-base private financial institutions.	localized cases of unarmed robbery involving low-dollar amounts.
24	Security Violations	cases that the command specifically requests.	cases to support command responsibilities according to AFI 31-401.
25	Sex Offenses--Rape, carnal knowledge, sodomy, indecent exposure, sexual misconduct, voyeurism, and child molestation	rape, sodomy, carnal knowledge, child molestation, or cases involving serious bodily harm.	localized investigations, including carnal knowledge, indecent exposure, sexual misconduct, and voyeurism on a case-by-case basis. (Notify AFOSI if suspect has TOP SECRET clearance or sensitive access.)
26	Terrorist Acts--Bombings, hijackings, kidnapping, and thefts of weapons, explosives, and so on	all.	none.
27	Environmental Crimes	all.	none.

Air Force Intelligence and Security Doctrine

Air Force
Intelligence and Security Doctrine