GSA Purchased Chinese-Manufactured Videoconference Cameras and Justified It Using Misleading Market Research

Why We Performed This Audit

In 2022, our office was contacted by a GSA employee who was concerned about GSA’s purchase and use of Chinese-manufactured videoconference cameras. Since these cameras were manufactured in China, they were not compliant with the Trade Agreements Act of 1979 (TAA). Our audit objective was to determine whether GSA’s purchase and use of these Chinese-manufactured videoconference cameras were in accordance with federal laws, regulations, and internal guidance.

What We Found

GSA Office of Digital Infrastructure Technologies (IDT) employees misled a contracting officer with egregiously flawed information to acquire 150 Chinese-made, TAA-noncompliant videoconference cameras. Before completing the purchase, the contracting officer requested information from GSA IDT to justify its request for the TAA-noncompliant cameras, including the existence of TAA-compliant alternatives and the reason for needing this specific brand. In response, GSA IDT provided misleading market research in support of the TAA-noncompliant cameras and failed to disclose that comparable TAA-compliant alternatives were available.

The TAA-noncompliant cameras have known security vulnerabilities that need to be addressed with a software update. However, GSA records indicate that some of these TAA-noncompliant cameras have not been updated and remain susceptible to these security vulnerabilities.

What We Recommend

We recommend that the GSA Administrator:

1. Ensure that GSA no longer purchases TAA-noncompliant cameras if there are TAA- compliant cameras that meet the Agency’s requirements.
2. Return, or otherwise dispose of, previously purchased TAA-noncompliant cameras.
3. Strengthen controls to ensure that:
   1. TAA-compliant products are prioritized during future procurements;
   2. TAA contracting officer determinations are adequately reviewed prior to approval, including any comparisons or market research performed;
   3. Head of contracting activity non-availability determinations are obtained prior to procuring TAA-noncompliant products; and
   4. Information technology equipment is being updated in a timely manner to reduce the risk of overlooking identified vulnerabilities.
4. Take appropriate action against the Office of GSA Information Technology and GSA IDT personnel to address the misleading information provided to the contracting officer for the purchase of TAA-noncompliant cameras.

The GSA Administrator agreed with our recommendations, except for Recommendation 2, with which she partially agreed. In her comments, she stated she is confident that GSA’s current security protocols are sufficient to secure the TAA-noncompliant cameras. The GSA Administrator said those security protocols included already discontinuing the use of some TAA-noncompliant cameras that do not meet GSA’s standards. However, due to security and procurement concerns, we reaffirm our recommendation that GSA should return or dispose of these TAA-noncompliant cameras. GSA’s written comments did not affect our findings and recommendations, and are included in their entirety in Appendix B.