The transcript below reproduces the substantive report text from the NCIS file in readable form, including the executive summary when one appears in the source. Paragraph numbers come from the original report. Redactions are shown as [REDACTED]. Because the text was generated from OCR, verify exact quotations against the source PDF.
EXECUTIVE SUMMARY
1. On 14Aug15, [REDACTED] CIV, Information Assurance Manager, Military Sealift Command Enterprise (MSC) Network Operations Center (MSCENOC) notified NCIS Southwest Field Office (SWFO) that a crewmember of USNS PECOS (T-AO-197) is possibly utilizing a government computer to access possible child pornography on the Internet. According to [REDACTED], the user account in question belongs to [REDACTED] CIVMAR, Information Technology Specialist, USNS PECOS. [REDACTED] mentioned he conducted a review of MSCENOC monitoring logs and determined [REDACTED] user account was utilizing web proxies to by-pass MSCENOC'S list of approved websites. [REDACTED] indicated [REDACTED] username is [REDACTED]. Additionally, [REDACTED] stated [REDACTED] utilizes the computer. On 25Aug15, [REDACTED] provided Reporting Agent (RA) the aforementioned monitoring logs for review. RA'S review resulted in the identification of the use of proxy servers and/or anonymizers to hide internet activities. Due to USNS PECOS' scheduled port visit to Subic Bay Freeport Zone (SBFZ), Republic of the Philippines (RP), SWFO notified NCISRA Manila (SNMQ) to conduct further investigation. On 26Aug15, USNS PECOS arrived at SBFZ. On 27Aug15, RA and Participating Agent (PA) [REDACTED], SNSN, proceeded to USNS PECOS, located in SBFZ. Prior to interviewing [REDACTED], PA [REDACTED] seized the computer [REDACTED] from USNS PECOS for computer forensic analysis. Additionally, PA [REDACTED] interviewed [REDACTED] CIVMAR, USNS PECOS, Communications Department [REDACTED] direct supervisor. [REDACTED] provided no derogatory information. Furthermore, RA obtained [REDACTED] Signed System Authorization and Access Request (SAAR) form for search and seizure authority. Shortly thereafter, RA and PA [REDACTED] Aattempted to interview [REDACTED] During the interview [REDACTED] briefly mentioned his use of Internet anonymizers, but immediately concluded the interview. On 15Sep15, RA submitted the computer [REDACTED] NCIS Cyber Pacific Operations for forensic examination. On 16Oct15, PA [REDACTED] DCFO, interviewed [REDACTED] witnessed the username [REDACTED] utilizing web proxies to by-pass MSCENOC'S list of approved websites. On 22DEC15, [REDACTED], NCIS, Investigative Computer Specialist completed the computer forensic examination of [REDACTED] 29FEB16, RA completed review of the aforementioned seized computer and found no child pornography images. Subsequently, RA consulted with [REDACTED] Department of Justice (DOJ) for prosecutorial determination [REDACTED] jadvised RA to submit reviewed images to the National Center for Missing and Exploited Children (NCMEC) for known victim identification. On 03MAR16, RA submitted aforementioned images to NCMEC for known victim identification. On 07APR16, RA reviewed [REDACTED] personnel file and found no derogatory information. On 14APR16, NCMEC identified no known victims on the submitted images. On 22APR14))[REDACTED] requested a copy of the aforementioned images for his review. On 30AUG16, after reviewing submitted imagesgf)[REDACTED] amformed RA that DOJ is declining the prosecution of[REDACTED] the lack of evidence. On 30AUG16, RA apprised [REDACTED] Counsel, MSC Far East regarding the status of this investigation. This investigation is closed.
NARRATIVE
1. This reactive investigation was initiated under a suspected violation of Title 18, United States Code, Section 2252A(a), Certain Activities Relating to Material Constituting or Containing Child Pornography.
2. On 30AUG16, [REDACTED] informed RA that DOJ is declining the prosecution of [REDACTED] ¢)due to the lack of evidence.
3. On 30AUG16, RA apprised [REDACTED] regarding the status of this investigation.
4. This investigation is closed.
