[House Hearing, 110 Congress]
[From the U.S. Government Publishing Office]
ENSURING AMERICA'S SECURITY: CLEANING UP THE NATION'S WATCHLISTS
=======================================================================
HEARING
before the
SUBCOMMITTEE ON TRANSPORTATION SECURITY
AND INFRASTRUCTURE PROTECTION
of the
COMMITTEE ON HOMELAND SECURITY
HOUSE OF REPRESENTATIVES
ONE HUNDRED TENTH CONGRESS
SECOND SESSION
__________
SEPTEMBER 9, 2008
__________
Serial No. 110-135
__________
Printed for the use of the Committee on Homeland Security
[GRAPHIC] [TIFF OMITTED]
Available via the World Wide Web: http://www.gpoaccess.gov/congress/
index.html
__________
U.S. GOVERNMENT PRINTING OFFICE
47-173 WASHINGTON : 2009
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC
area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, Washington, DC
20402-0001
COMMITTEE ON HOMELAND SECURITY
Bennie G. Thompson, Mississippi, Chairman
Loretta Sanchez, California Peter T. King, New York
Edward J. Markey, Massachusetts Lamar Smith, Texas
Norman D. Dicks, Washington Christopher Shays, Connecticut
Jane Harman, California Mark E. Souder, Indiana
Peter A. DeFazio, Oregon Tom Davis, Virginia
Nita M. Lowey, New York Daniel E. Lungren, California
Eleanor Holmes Norton, District of Mike Rogers, Alabama
Columbia David G. Reichert, Washington
Zoe Lofgren, California Michael T. McCaul, Texas
Sheila Jackson Lee, Texas Charles W. Dent, Pennsylvania
Donna M. Christensen, U.S. Virgin Ginny Brown-Waite, Florida
Islands Gus M. Bilirakis, Florida
Bob Etheridge, North Carolina David Davis, Tennessee
James R. Langevin, Rhode Island Paul C. Broun, Georgia
Henry Cuellar, Texas Candice S. Miller, Michigan
Christopher P. Carney, Pennsylvania
Yvette D. Clarke, New York
Al Green, Texas
Ed Perlmutter, Colorado
Bill Pascrell, Jr., New Jersey
I. Lanier Lavant, Staff Director
Rosaline Cohen, Chief Counsel
Michael Twinchek, Chief Clerk
Robert O'Connor, Minority Staff Director
______
SUBCOMMITTEE ON TRANSPORTATION SECURITY AND INFRASTRUCTURE PROTECTION
Sheila Jackson Lee, Texas, Chairwoman
Edward J. Markey, Massachusetts Daniel E. Lungren, California
Peter A. DeFazio, Oregon Ginny Brown-Waite, Florida
Eleanor Holmes Norton, District of Gus M. Bilirakis, Florida
Columbia Paul C. Broun, Georgia
Yvette D. Clarke, New York Peter T. King, New York (Ex
Ed Perlmutter, Colorado Officio)
Bennie G. Thompson, Mississippi (Ex
Officio)
Michael Beland, Director & Counsel
Natalie Nixon, Deputy Chief Clerk
Coley O'Brien, Minority Senior Counsel
(II)
C O N T E N T S
----------
Page
Statements
The Honorable Sheila Jackson Lee, a Representative in Congress
From the State of Texas, and Chairwoman, Subcommittee on
Transportation Security and Infrastructure Protection.......... 1
The Honorable Daniel E. Lungren, a Representative in Congress
From the State of California................................... 4
The Honorable Bennie G. Thompson, a Representative in Congress
From the State of Mississippi, and Chairman, Committee on
Homeland Security.............................................. 6
Witnesses
Panel I
Mr. Edmund ``Kip'' Hawley, Assistant Secretary, Transportation
Security Administration, Accompanied by Mr. Greg Wellen,
Assistant Administrator, Transportation Threat Assessment,
Transportation Security Administration:
Oral Statement by Mr. Hawley................................... 8
Oral Statement by Mr. Wellen................................... 9
Joint Prepared Statement....................................... 10
Mr. Richard S. Kopel, Principal Deputy Director, Terrorist
Screening Center:
Oral Statement................................................. 14
Prepared Statement............................................. 15
Ms. Cathleen A. Berrick, Director, Homeland Security and Justice
Issues, Government Accountability Office:
Oral Statement................................................. 18
Prepared Statement............................................. 19
Panel II
Ms. Denise Robinson, Private Citizen:
Oral Statement................................................. 41
Prepared Statement............................................. 43
Mr. John M. Meenan, Executive Vice President and Chief Operating
Officer, Air Transport Association:
Oral Statement................................................. 45
Prepared Statement............................................. 46
Ms. Lillie Coney, Associate Director, Electronic Privacy
Information Center:
Oral Statement................................................. 47
Prepared Statement............................................. 49
ENSURING AMERICA'S SECURITY: CLEANING UP THE NATION'S WATCHLISTS
----------
Tuesday, September 9, 2008
U.S. House of Representatives,
Committee on Homeland Security,
Subcommittee on Transportation Security and Infrastructure
Protection,
Washington, DC.
The subcommittee met, pursuant to notice, at 2:17 p.m., in
Room 311, Cannon House Office Building, Hon. Sheila Jackson Lee
[Chairwoman of the subcommittee] presiding.
Present: Representatives Thompson, Jackson Lee, DeFazio,
Norton, Clarke, Lungren, and Brown-Waite.
Ms. Jackson Lee [presiding]. The subcommittee will come to
order. The subcommittee is meeting today to receive testimony
on ``Ensuring America's Security: Cleaning up the Nation's
Watchlists''.
It is appropriate, as we are joined by the Chairman of the
full committee, who has been noted as one of the Nation's
leading champions of securing this Nation, that we hold this
hearing on the day of the issuance of a report by an
organization that includes the membership of Lee Hamilton, a
member of the 9/11 Commission, that indicates that America is
in the line of a terrorist incident involving bioterrorism and,
certainly, nuclear products.
The reason why I make mention of this is the importance of
a secure, reliable watchlist for those who are destined to do
us wrong is necessary so that we can provide for the protection
of Americans. This should be a primary concern not only of this
committee, of this Congress, but also of this Nation.
Our witnesses today will testify about the so-called
terrorist watchlists and about the steps TSA is taking to
improve how passengers are checked against that list.
Good afternoon. I am eager to convene today's hearing to
evaluate the progress made by the Department of Homeland
Security on one of the most important recommendations made by
the 9/11 Commission regarding aviation security.
Two days from now we will mark the seventh anniversary of
the attack on the United States by terrorists using our own
commercial airplanes. The 9/11 terrorist hijacking not only
scarred the American public by killing thousands of innocent
citizens, but also dawned a new era in Government.
The policymakers must endeavor to keep the American safe
without eroding democratic values and principles.
Today's hearing will take a closer look at what the Federal
Government is doing to improve intelligence-driven security
programs as highlighted in the 9/11 Commission report.
Certainly, the practice of watchlisting individuals plays
an important role in identifying possible terrorist suspects.
It is important to keep in mind that the watchlist is only as
good as the information on it.
Without accurate or complete and reliable information, the
purpose of the watchlist is frustrated, the database becomes
unreliable, and misidentifications persist.
Just last year the Government Accountability Office and the
Department's screening coordination office expressed concerns
to the full committee regarding the margin of error that exists
in information gathering related to the database that feeds the
watchlist.
Today I am determined to learn from our witnesses about to
what extent these concerns have been addressed. Getting the
watchlist fixed and reducing misidentifications is a
particularly difficult challenge, but as I started out, it is
the underpinnings of the security of this Nation. Get the bad
guys; release the innocent.
In order to do so, all of the intelligence and law
enforcement components that populate the list must come
together and work collectively to clean it up. This
subcommittee has been advocating such coordination for some
time, and I encourage the TSA to move quickly down this path.
Let me thank Congresswoman Yvette Clarke for her very
thoughtful legislation that added an additional form of relief
for those who have been subjected to misidentification on the
watchlist.
In addition to the watchlist, I remain highly concerned
about the TSA's lack of demonstrated progress in implementing
the Secure Flight program.
Earlier this year Assistant Secretary Hawley told the
subcommittee that TSA is approaching its final planning stages
for Secure Flight, notwithstanding the troubled history of
Secure Flight's $200 million program.
Let me suggest that the administrator, Assistant Secretary
Hawley, is here today in spite of some difficult security
issues and challenges that he is facing. We are glad that he is
here.
He is also well aware of the concern of this committee, and
I am very gratified to indicate that he is willing to work with
this committee, recognizing that we have been focusing on
Secure Flight and recognizing that there is no final rule.
I believe it is important that we legislate this process
and work with all of those concerned to ensure that we might
move this along effectively, inasmuch as I believe that TSA
will be able to move quickly with a legislative initiative that
I intend to offer to this committee.
We are finding out that the TSA--and I hope it will be
affirmed by Assistant Secretary Hawley--has in fact met the
criteria to move forward on Secure Flight. I hope that he will
affirm that, and that we will be able to address our concerns,
our urgent concerns, with the legislative initiative from this
committee.
Until Secure Flight is operational, redress is the only
real recourse for an American who is repeatedly stopped or
delayed at airports and border crossings because he or she is
misidentified as a terrorist threat.
Since April 2008, over 32,000 Americans have sought redress
through the DHS Travel and Redress Inquiry Program, also known
as DHS TRIP. If we can get a legislative fix of Secure Flight,
that will be an answer to many of the concerns we will hear
today. That will answer the questions of thousands of Americans
and others who are unfairly or misidentified on the watchlist.
Unfortunately, the effectiveness of DHS TRIP remains
questionable, as individuals who have gone through the redress
process continue to experience problems when traveling.
Today we will look at TSA's policies and administration of
the cleared list, which contains the names of individuals who
have completed the redress process and have been subsequently
cleared.
The use of the cleared list by air carriers when screening
the passengers again against the watchlist match must also be
thoughtfully reviewed. Again, I reiterate it may be an
important time for a legislative initiative on Secure Flight.
Again, as I mentioned, I want to thank Congresswoman Yvette
Clarke, because on June 18, 2008, the House unanimously passed
H.R. 4179, the Fair, Accurate, Secure and Timely Redress Act
introduced by my colleague from New York, Congresswoman Yvette
Clarke.
Under the FAST Redress Act, the cleared list would be
shared throughout DHS and with other Federal agencies that use
the terrorist watchlist or database.
I commend my colleague for her effort to address this issue
expeditiously.
At this time I would like to acknowledge the presence of
two people who flew here from California at their own expense
to attend today's hearing. Ms. Denise Robinson and her son,
James, came here today so that Ms. Robinson could describe the
troubles her 8-year-old son and the rest of her family have
encountered because of the watchlist.
Every time young James travels, he has to deal with the
delays and hassles of being consistently misidentified.
Wouldn't it be wonderful if in today's hearing there could be a
coming together of the TSA and this committee and the full
committee for a legislative fix that would assist in this
particular set of circumstances?
Remember, our job is to secure America and to protect
democracy.
Regrettably, James' story is one among many about which we
have heard recently. It is imperative that the watchlist is
accurate and narrowly tailored so that it only includes
individuals who may wish to do our country harm.
I cannot imagine that this administration, working with
this committee, with both equally concerned about integrity and
about the honesty and fairness of the watchlist, cannot find a
solution to this issue.
As a member of our second panel, it is my hope that Ms.
Robinson's testimony will provide some real world perspective
to the problems associated with the watchlist.
Without objection, James will be allowed to sit with his
mother at the witness table during the second panel today,
though he will not be testifying or answering questions.
Hearing no objection, it is so ordered.
Once again, I would like to thank everyone for their
participation today, and I look forward to hearing from our
witnesses.
I am now pleased to recognize the Ranking Member of the
subcommittee, a gentleman who has worked closely with us
throughout our time in the 110th Congress, and this is the
distinguished gentleman from California, Mr. Lungren, for an
opening statement.
Mr. Lungren. Thank you very much, Madam Chairwoman.
Nice to see all of you, after being gone for about 5 weeks.
I must say that, having just come back from Minneapolis-St.
Paul, I feel much better than I did 5 or 6 weeks ago.
As we approach the seventh anniversary of 9/11, that
horrific terrorist attack which called 3,000 innocent
Americans, it is fitting that we focus, as we are here today,
on watchlist matching, which is now one of our first lines of
defense for aviation security.
A consolidated terrorist watchlist was one of the key
recommendations made by the 9/11 Commission, and I agree with
the commission's recommendation. I believe that terrorist
watchlist matching is a critical first layer of aviation
security.
Terror watchlists keep legitimate terrorist threats off
airplanes every day all over the world.
We always have the problem, and we have to confront the
problem of having people on that list that ought not to be on
the list. I hope that we can solve that.
As one who has a new artificial hip, I hope they can solve
the problem of the pat-downs I get every time I go through as
well. But I understand that there are certain inconveniences
and some imperfections in the system, and we need to work to
alleviate those problems as best we can.
But we also have to understand why we are engaged in these
inconveniences. I have to remind myself every time I go
through, because I know despite the fact I am going to tell him
exactly where the hip is and where it is, I am still going go
through that pat-down.
Part of the formation of the Terrorist Screening Center,
the TSC, watchlists were maintained by a dozen different
Federal agencies, I believe. This created inconsistent and
disjointed approaches to sharing information on individuals
with possible links to terrorism.
Combining these multiple terror watchlists into one
consolidated list of known or suspected terrorists was to be
the mission of the Terrorist Screening Center when it was
established in September 2003.
I believe it was a major accomplishment. The Terrorist
Screening Center is administered by the FBI in collaboration
with DHS and the National Counterterrorism Center.
This consolidated terror watchlist has approximately 1
million names representing less than 400,000 actual persons due
to multiple names, misspellings and aliases. As I understand
it, the number of Americans on the watchlist now is less than
13,000.
But unfortunately, name matching is not a precise science,
to say the least. Even the TSC's consolidated watchlist is only
as good as the information contained on the list.
If the name is the only information available, then name
matching will be problematic. As always, additional information
will be necessary to distinguish the innocent from the
terrorist with the same name.
TSA and their airline partners should share more
information and eliminate or significantly reduce the name
mismatches. At least that is my hope, but a name and a date of
birth could resolve most of these name-matching discrepancies.
I do recall the tension that we had a number of years ago
when we were trying to deal with this issue. The question was
how much information--commercial information--should the
Government have in its possession, not to put people on the
watchlist, but to match against those that we had on a
preliminary watchlist to knock them off because of additional
data.
There was a question we had of privacy. Do we want to give
the Government too much information that they hold in their
hands for us? So maybe in the testimony that we are going to
hear, we can see how that has been addressed and if we need to
address it further and if you need some legislation on it.
So I mean I think people need to understand if you are
going to take my name off the list, one of the ways you can do
it is by going against other data--in most cases, that is
commercially available data--run that against that list, be
able to ferret out those that don't belong on there, but at the
same time how do we protect the privacy interests that have
come up?
Hopefully, we can deal with that question.
The terror watchlist redress procedure also, as we know,
needs updating. Representative Clarke addressed this issue of
privacy constraints in her legislation, H.R. 4179, the Fast
Redress Act of 2008 mentioned earlier by the Chairwoman.
It passed this committee and the House of Representatives
with bipartisan support. There was nothing partisan about it
whatsoever. But I understand it was referred to the Senate
Commerce Committee, where it remains today.
They could have held it at the desk and dealt with it right
away, and we could have gotten that out. So, hopefully, if
anybody listens to what we are doing here, they might hear over
on the Senate side that we should speed up the redress process.
We did it on a bipartisan basis here. I don't see why there
should be any problem on the Senate side to get that done as
quickly as possible.
I think it would help, at least unless I am told
differently by our panels here, that it would help in clearing
the names of innocent watchlist victims like Denise Robinson's
son, as well as Congressman John Lewis. At least that was our
intention when we passed it here.
I don't know why the Senate doesn't just take our good work
once in a while and move so that we can start working on our
side. I mean I think really with these witnesses here, we are
going to find out where we think they haven't done enough on
their side, but on our side we need the Senate to act.
The long-awaited Secure Flight program will greatly
improve, in my judgment, the existing name-based screening
process. TSA will assume the terror watchlist matching
responsibility at the beginning of 2009 for passengers on all
flights within the United States, and ultimately for
international flights departing and arriving in the United
States.
As the Chairwoman suggested, Secure Flight will provide the
additional identifying information necessary to eliminate
mismatching innocent passengers to terrorist suspects in the
screening process.
So, hopefully, with the legislation we passed, and if the
Senate would act on, with the Secure Flight and with answering
this question as to how much commercial information or how you
would query commercial databases in an efficient way so that we
can clear up these names that ought not to be on there, we
might be able to solve of the problems that we are really
legitimately looking at here today.
So I am hopeful the final rule for the important program of
Secure Flight will be issued shortly by TSA. I join the
Chairwoman in thanking our witnesses for being here and look
forward to hearing from them.
Thank you very much.
Ms. Jackson Lee. I thank the Ranking Member for his
collaborative statement and hope that we can work together as
we look at a way to legislate and hopefully think of that as a
vehicle.
We will not get into the blame game of who is not moving
fast enough. I think it is important that we reach out to the
Senate on the legislation of Congresswoman Clarke.
If we move as quickly as I expect, and work in a bipartisan
manner through this committee on legislation that might
expedite Secure Flight, that we move out as fast as we could to
the Senate and work with them.
September 11 should remind us--all of us--of the need of
securing this Nation as we come upon that commemoration.
It is now the pleasure of the Chairwoman to recognize the
Chairman of the full committee, the gentleman from Mississippi,
Mr. Thompson, who I mentioned before, who has become a
standard-bearer of securing the homeland.
I yield to the distinguished gentleman.
Mr. Thompson. Thank you very much, Madam Chairwoman, for
convening this important hearing today.
When most people hear about the terrorist watchlist, they
think of flying and about the No-Fly List they hear about on
TV. But the watchlist is much broader than that.
It is used by a number of different Federal agencies,
including TSA, Customs and Border Protection, the State
Department and other Federal, State, local, territorial and
tribal law enforcement agencies.
Since the Terrorist Screening Center was created, we have
seen some real progress in taking multiple watchlists and
combining them into one functional list.
Now, we will have a question during this hearing, because
we understand that there is a problem when you take multiple
watchlists, because sometimes it involves a data dump, and you
don't know whether you got good stuff or bad. What happens is
everything shows up on the list. We will talk a little bit
about that.
In the process of putting these lists together, we have
stopped some really bad people from entering the country, and
that is good. Director Boyle and the Terrorist Screening Center
and his employees, such as Mr. Kopel, ought to be commended for
doing a good job.
But we also have seen the pitfalls of maintaining such a
list. We continue to see it grow with the addition of the names
of thousands of Americans. I am concerned with the quality of
the data, privacy concerns and the civil liberties of
individuals, whose names are on that list.
I look forward to hearing from Ms. Lillie Coney from the
Electronic Privacy Information Center, who is here to speak
about the privacy concerns related to the watchlist.
In the past this committee has explored questions involving
the collection and maintenance of the terrorist screening
database. Today we will follow up on any progress made by the
Federal Government in its efforts to reduce the amount of
misidentifications while providing a critical layer of
security.
Our Ranking Member talked about Congressman John Lewis'
continuous saga of being misidentified.
One of the problems I want to talk about a little bit is
why do we put the burden on airlines? We have a number of
airlines, domestic airlines here in the country, and my
understanding is each airline has to maintain its own system.
So if Congressman Lewis is interested in not being detained,
then he has to go to each individual airline in order to get
cleared. That is a laborsome process.
We have been told that maybe Secure Flight is the answer.
We are not sure, but we are going to have to fix it.
So I look forward to the witnesses' testimony, and I yield
back the balance of my time.
Ms. Jackson Lee. We thank the Chairman of the full
committee for his statement. Might I acknowledge the presence
of Members of the committee--Mr. DeFazio of Oregon, Ms. Clarke
of New York, and Ms. Brown-Waite of Florida?
Other Members of the subcommittee are reminded that under
the committee rules, opening statements may be submitted for
the record.
I welcome our first panel of witnesses. Our first witness,
Greg Wellen. Greg Wellen is the assistant administrator of
Transportation Threat Assessment and Credentialing Office at
TSA. Mr. Wellen oversees the development and deployment of
security programs such as Secure Flight and other threat
assessment tools managed at TSA.
Our second witness is Mr. Richard Kopel. Mr. Kopel is a
terrorist threat tracking officer in the Department of Homeland
Security's Office of Intelligence and Analysis. He is currently
assigned as the principal deputy director of the Terrorist
Screening Center. Mr. Kopel has had an extensive career in
public service, as well as experience in the private sector.
Our third witness is Ms. Cathleen Berrick from the
Government Accountability Office. We welcome Ms. Berrick, who
routinely testifies before this subcommittee and full
committee, for providing insight that is constructive as
relates to their analysis. We are looking forward to her
assessment of the progress made by TSA to Secure Flight and
related security directives.
Without objection, the witnesses' full statements will be
inserted into the record. I now ask each witness to summarize
his or her statement for 5 minutes.
I also ask unanimous consent that, as I indicated, that the
assistant secretary is dealing with a number of security issues
as we speak, to yield to Mr. Hawley, who is part of Mr. Wellen,
for a brief remark, and I know that we will be able to hear
from Mr. Wellen.
So with unanimous consent, Mr. Hawley, you are recognized.
STATEMENT OF EDMUND ``KIP'' HAWLEY, ASSISTANT SECRETARY,
TRANSPORTATION SECURITY ADMINISTRATION, ACCOMPANIED BY GREG
WELLEN, ASSISTANT ADMINISTRATOR, TRANSPORTATION THREAT
ASSESSMENT, TRANSPORTATION SECURITY ADMINISTRATION
Mr. Hawley. Thank you very much, Madam Chairwoman, Ranking
Member Lungren, Mr. Chairman and Members of the committee.
I am pleased to be here with Greg Wellen, who is a 25-year
Government executive who is the program manager for these
security screening programs such as Secure Flight and TWIC.
Greg will identify a lot of the issues that we have discussed
here.
I just wanted to have a couple of overall comments--one,
that I think the partnership is critical and is good, that the
committee has been very attentive to this issue and given clear
direction on Secure Flight coming fast, that it be effective
and that it be secure of protecting privacy. I believe all of
those things are now in position to happen.
The second thing is that the partnership with the Terrorist
Screening Center, who is the custodian of the watchlist, and
with the airlines, who are our partners in implementing it,
that those are critical relationships, and I believe they work
well.
The punch-line to the American people is that if someone is
identified by an agency of the U.S. Government as being unsafe
to have on an aircraft, that we are today effectively
preventing that from happening. So that is probably the most
important thing, and that is happening.
We are all aware of the issues that involve people such as
our guests from California, who are not watchlisted, but who,
through the process, may somehow end up thinking that they are.
I think that is a very right issue for us to evaluate.
But as far as what the Chairman was talking about in terms
of Secure Flight being the answer, I believe it is. With the
four parts of getting that implemented--the authority to do it,
the privacy, the technical readiness and our work with the
partners--that the authority depends on the rule coming out,
which we hope will happen in October or November.
The privacy issues I believe have been resolved, which Mr.
Wellen will describe. The technical issues have been resolved,
which Mr. Wellen will be describing--even working with the
partners.
So those are the pieces, those are the moving parts of
getting Secure in place, and I believe we are in a position
where working together we can get that in place in early 2009.
And Mr. Wellen, if time permits.
Ms. Jackson Lee. Mr. Wellen.
Thank you very much, Assistant Secretary. We will have a
question or two for you.
Mr. Wellen.
STATEMENT OF GREG WELLEN
Mr. Wellen. Good afternoon, Chairwoman Jackson Lee, Ranking
Member----
Ms. Jackson Lee. You are recognized for 5 minutes.
Mr. Wellen [continuing]. And Members of the subcommittee.
Thank you for the opportunity to appear before you today to
discuss TSA's Secure Flight program and our effective use of
the TSC watchlist.
I first want to introduce myself to the subcommittee. My
name is Greg Wellen, and I am the assistant administrator of
TSA's Office of Transportation Threat Assessment and
Credentialing, which oversees the Secure Flight program.
Prior to joining TSA, I worked for more than 25 years as an
intelligence community officer for the National Security
Agency. I am a career Government service, and I transferred to
TSA in April of this year.
First, to be clear, identification matters. If we believe
we have intelligence that may lead us to people who are
planning terrorist attacks, we absolutely must use that
information.
When the TSC intelligence committee identifies someone who
meets the criteria for a person who should not fly, we, TSA and
the airlines have to make sure that person does not get on a
plane.
Basic watchlist name matching is something everybody agrees
must be done effectively. The problem we face is not an
overgrown watchlist with too many names or names that don't
matter. The real issue is how to match actual passenger names
against those very important names that are on the TSC
watchlist.
TSA does not control how airlines match names. That is a
business decision that each airline must make. Each airline has
a different process for using the watchlist to match names.
One carrier may have a sophisticated computer system that
uses robust filters to clear names. Another carrier may check
names manually or use a less advanced software program. The
result is inconsistency between airlines and inconvenience to
their passengers.
The problem is solved when the same method is used to clear
a passenger from the list. That answer is Secure Flight. TSA is
working in partnership with the airlines to enhance their
ability to avoid delays of passengers with names similar to
those on the watchlist.
Hassles due to misidentification and the need to stand in
line at the ticket counter is a consistent complaint by the
traveling public, and we share that concern. Thousands of
passengers are inconvenienced each day.
Secretary Chertoff announced in April the flexibility given
to the airlines to create a system to verify and securely score
a passenger's date of birth to clear up watchlist
misidentification.
By voluntarily providing this limited biographical data to
an airline, travelers who were previously inconvenienced on
every trip now have an opportunity for a better travel
experience.
More airlines need to take advantage of this process to
quickly verify that a passenger is not the person on the
terrorist watchlist.
TSA has made sure that Secure Flight is the best way
possible to match names. Our goal is to stop the people who
need to be stopped and let other passengers go through freely.
In 2005 GAO and the Secure Flight working group issued
reports saying that more needed to be done in terms of privacy
and program integrity for Secure Flight. In February 2006
Administrator Hawley testified that we would re-beat baseline
Secure Flight to address the concerns expressed in the report.
TSA significantly upgraded the design and development of
the program, and the implementing rule has received public
scrutiny and discussion. The rule is now in the final stages of
administrative review.
Today I am pleased to announce a significant milestone in
the implementation of Secure Flight. Secretary Chertoff has
certified that TSA has successfully met the 10 conditions
required by Congress as outlined in the 2005 DHS Appropriation
Act.
This paves the way for Secure Flight to commence operations
as planned in January 2009. Administrator Hawley invites all
airlines to participate in the test process so that their
passengers benefit from the convenience of Secure Flight.
I am confident that we have the right team in place to make
Secure Flight a success moving forward. While some may say it
is difficult to balance increased security while protecting
individual rights, TSA is very clear that privacy and security
are essential ingredients, and both have been built directly
into the Secure Flight program.
Secure Flight will result in better security and create a
more consistent and uniform pre-screening process for
passengers while at the same time reducing misidentifications.
Thank you for the opportunity to appear today. I would be
happy to answer any questions.
[The joint statement of Mr. Hawley and Mr. Wellen follows:]
Prepared Statement of Edmund ``Kip'' Hawley and Greg Wellen
September 9, 2008
Good afternoon, Chairwoman Jackson Lee, Ranking Member Lungren, and
Members of the subcommittee. Thank you for the opportunity to appear
before you today on behalf of the Transportation Security
Administration (TSA) and the Department of Homeland Security (DHS) to
discuss our continuing efforts to improve the aviation security
environment through the development of the Secure Flight program and to
effectively use intelligence to prevent terrorists from using the
transportation system to gain entry to or harm the United States.
First, I would like to thank the subcommittee for its significant
efforts to support TSA's progress in implementing new security
approaches. Over the past 2 years, many of the new strategies we have
discussed--behavior detection techniques, Visible Intermodal Prevention
and Response (VIPR) teams, travel document checking, Checkpoint
Evolution--have matured into important, visible components of our
layered security approach. Your sustained, personal attention and
oversight have been vital to the success of our security strategy.
I would also like to acknowledge the strong working relationship
TSA shares with the Terrorist Screening Center (TSC) and the Government
Accountability Office (GAO) in carrying out our transportation security
mission. I am pleased to appear on the panel today with Mr. Kopel of
the TSC and Ms. Berrick of the GAO.
The National Commission on Terrorist Attacks Upon the United States
(9/11 Commission) placed a strong emphasis on enhancing the use of
watchlists as part of a layered aviation security system. The 9/11
Commission's final report recommends that the watchlist matching
function should be performed by TSA and that air carriers should be
required to supply the information needed to test and implement this
new system.
TSA's aviation security strategy relies upon an interlocking system
of multiple layers of security. Key to this system is the use of
intelligence to both develop countermeasures against terrorist threats
and to intervene directly when threats become apparent. One of the most
important tools in the fight against terrorism is the U.S. Government's
consolidated Terrorist Screening Database (TSDB).
Prior to 9/11, information about known or suspected terrorists was
dispersed throughout the U.S. Government, and no single agency was
charged with consolidating it and making it available for use in
terrorist screening. Under Homeland Security Presidential Directive
(HSPD) 6, the TSC now provides ``one-stop shopping'' so that every
Government agency is using the same TSDB--whether it is TSA, a U.S.
consular official issuing visas overseas, or a State or local law
enforcement officer on the street. The consolidated system allows
Government agencies to run name checks against one comprehensive
database with the most accurate, up-to-date information about known and
suspected terrorists.
The consolidated system provides the critical nexus between the
work of the intelligence and law enforcement communities and the rest
of the counterterrorism community. Our partners in the law enforcement
and intelligence communities work tirelessly and in some cases under
great physical danger to identify individuals who pose a terror threat.
It would be dangerous and negligent not to use this information to our
advantage. TSA is constantly adapting to the ever-changing threat
environment and improving our people, processes, and technology to
detect and deter threats. As important as it is to detect threat
objects, it is imperative that we use intelligence to aid in the
identification and interception of the people who would do us harm.
TSA utilizes subsets of the TSDB--the No-Fly and Selectee lists. A
nominating agency can recommend that a known or suspected terrorist be
placed on the No-Fly or Selectee list if the individual meets specific
criteria for inclusion on that list.
Terror watchlists keep legitimate terror threats off airplanes
every day, all over the world. There are significantly fewer than
50,000 individuals on the No-Fly and Selectee lists and only a small
percentage of those are in the United States. The lists are reserved
for known or suspected terrorists who have reached a threshold where
they should not be allowed to fly or should receive additional scrutiny
before boarding an aircraft. Using the No-Fly and Selectee watchlists,
TSA can quickly evaluate passengers to determine if they have a known
or suspected link to terrorism or pose a threat to national security
and to prevent passengers with known or suspected links to terrorism
from boarding aircraft.
The No-Fly and Selectee lists are made available for passenger
prescreening to air carriers flying into, out of, or within the United
States for passenger pre-screening. As part of their shared
responsibility for aviation security, air carriers play a critical role
in ensuring that individuals on the No-Fly list do not board aircraft.
Air carriers must conduct watchlist checks in advance of issuance of
boarding passes, and they must notify the TSA of a match to the No-Fly
list. TSA then notifies the TSC and the FBI, which coordinate the
operational response with law enforcement and other agencies and
foreign partners as appropriate. Air carriers must also ensure that a
match to the Selectee list is subject to secondary screening prior to
boarding an aircraft. Aside from a Selectee match, an individual may be
subject to secondary screening based on the Computer-Assisted Passenger
Prescreening Systems (CAPPS), as a result of our behavior detection
officers, or through other random and unpredictable screening processes
we have employed at the checkpoint as part of our layered security
system.
passenger verification and redress
We are all aware of recent news reports about individuals with
names similar to those on watchlists who are experiencing delays and
inconvenience at the airport. The current prescreening system is
effectively catching the people we need to identify, but it is also
flagging people with similar names.
Recognizing the impact of screening on the public, particularly
where only name-based checks are conducted, TSA and other DHS agencies
have incorporated redress into their screening programs. DHS has
implemented the DHS Traveler Redress Inquiry Program (DHS TRIP), which
provides a central gateway for travelers to obtain information about
screening and redress as well as a central contact to DHS regarding
their adverse screening experiences. Travelers, regardless of their
nationality, citizenship, or immigration status, can submit inquiries
via the DHS TRIP website, email, or postal mail. The DHS TRIP Program
Office, using its redress management system, assigns redress requests
to the Department of State or appropriate DHS agencies, ensures
coordination of responses, and has instituted performance metrics to
track progress. The DHS TRIP Program Office ensures that the cases are
then reviewed and resolved, as appropriate, and that travelers receive
an official response.
DHS TRIP receives approximately 3,600 requests for redress per
month. Since DHS TRIP began in February 2007 through August 31, 2008,
the DHS TRIP system has logged over 41,000 requests for redress. Over
22,000 applications have been adjudicated and closed with an average
response time of just over 60 days. The 60-day response time includes
the duration from the date an initial on-line application is submitted
through the date the supporting documents are received to the date the
inquiry is closed.
Once a redress request associated with No-Fly and Selectee List
matching is processed, the cleared individual is also added to the TSA
Cleared List that is provided to air carriers. The Cleared List is
intended to be used by the airlines to distinguish false matches from
actual matches as they perform No-Fly and Selectee List matching.
TSA has been working collaboratively with airlines to enhance the
ability to avoid delays of passengers with names similar to those on
watchlists. Hassles due to problems in verification and the resulting
necessity to stand in line to check in at the ticket counter is a
consistent complaint by the traveling public. Many passengers are
inconvenienced each day. In April 2008, DHS provided air carriers with
more flexibility to allow passengers to check in remotely on-line or at
a kiosk who had previously been unable to do so because they have a
name similar to someone on a watchlist. Airlines are now able to create
a system to verify and securely store a passenger's date of birth to
improve passenger verification. By voluntarily providing this limited
biographical data to an airline and verifying that information once at
the ticket counter, travelers who were previously inconvenienced on
every trip now have an opportunity for a more convenient travel
experience. More airlines need to take advantage of this process.
With implementation of Secure Flight, TSA soon will take over
passenger watchlist matching and resolve many of the inconveniences
passengers are experiencing with verification under the current system.
Until Secure Flight is implemented, however, TSA believes airlines need
to do more to alleviate the inconvenience to passengers, including
changing procedures for watchlist filtering and improving
communications with passengers concerning their status. The decision to
invest in improving their watchlist filtering systems may be basically
a business decision for air carriers. For TSA, however, this is a very
serious concern.
TSA is also concerned that airline employees are misinforming
passengers about whether they are on a terrorist watchlist. This
practice affects public perception of the watchlists, undercuts the
credibility of the security system, and potentially puts at risk
sensitive information. TSA has conducted outreach to the air carriers
on this issue and has provided guidance as to what to say to a traveler
who is a potential match. While TSA wishes to continue to work
collaboratively with airlines to solve this problem and penalties are
not TSA's preferred approach, TSA has authority to impose penalties up
to $25,000 per infraction.
secure flight
TSA is moving forward aggressively to assume responsibility for
watchlist matching for both international and domestic air passengers
through Secure Flight. Secure Flight will close a critical aviation
security gap and reduce the vulnerabilities associated with watchlist
matching performed by the airlines. Under Secure Flight, watchlist
matching will be more effective, efficient, and consistent, offering
improvements in both security and customer service for the traveling
public. Secure Flight will add a vital layer of security to our
Nation's commercial air transportation system while maintaining the
privacy of passenger information. TSA evaluated and realigned Secure
Flight in 2006 to ensure that privacy and security serve as the very
foundation for the system. The realignment established the basic
infrastructure and fundamentals of a rigorous program including
extensive program management elements. The effort ensured privacy
practices are built into all areas of the program.
Secure Flight will improve aviation security by providing:
Early knowledge of potential watchlist matches;
Earlier law enforcement notification;
Decreased chance of compromised watchlist data because of
its limited distribution;
Enhanced use of the Redress Process and Cleared List;
Consistent watchlist matching process across all aircraft
operators; and
Privacy protections for individuals.
TSA currently plans to begin full operation of Secure Flight in
January 2009 with a limited number of aircraft operators. The final
schedule for implementation will depend on fiscal year 2009 funding and
publication of the Secure Flight Final Rule, which currently is in the
final stages of administration review and is anticipated to be
published this fall. The Final Rule is the product of extensive
consultations with air carriers and other stakeholders, as well as an
extended public notice and comment period that resulted in the
inclusion of robust privacy protections. In the interim, TSA has
conducted extensive systems testing in preparation for Secure Flight's
launch and has re-programmed additional funds to accelerate development
of the program.
DHS is moving swiftly toward achieving another significant Secure
Flight milestone, the certification that TSA has completed all ten of
the following Secure Flight conditions required by the Department of
Homeland Security Appropriations Act, 2005, Pub. L. 108-334:
System of due process (redress) established;
System error rate will not produce a large number of false
positives;
Accuracy of the system has been stress-tested;
DHS has established internal oversight board;
TSA has sufficient operational safeguards to reduce
opportunities for abuse;
Substantial security measures are in place to prevent
hacking;
Effective oversight of the use and operation of the system
is in place;
No specific privacy concerns with system architecture;
States with unique transportation needs are accommodated;
and
Appropriate life-cycle cost estimates and program plans
exist.
A certification report is currently in final review.
TSA also has worked closely with the GAO over the past several
years as Secure Flight has progressed, meeting regularly and sharing
substantial information and documents on plans and testing, with the
goal of keeping GAO well-informed and enhancing GAO's ability to
complete its post-certification review. Dedicated office space has been
provided for GAO at TSA headquarters to better facilitate their work on
this and other programs. Upon completion of the DHS Final Certification
Report for Secure Flight, we look forward to providing this report to
GAO to begin their review.
Extensive consultation with key stakeholder groups, including
aircraft operators, aviation associations, privacy advocacy groups, and
travel industry associations, has been a critical component of Secure
Flight development and has been essential in addressing the issues in
the current watchlist matching processes. As a result of this
consultation, Secure Flight is designed to address many of the customer
service concerns inherent in the current watchlist matching process.
Specific customer service benefits include:
Integrating DHS TRIP into Secure Flight by using the Cleared
List and passenger redress numbers in the automated matching
process;
Operating a 24-hour, 7-day-per-week Resolution Service
Center for aircraft operators to call to resolve potential
Secure Flight matches and limit delays for verification of
passengers; and
Requesting the minimum amount of personal data necessary to
conduct effective watchlist matching.
Many aircraft operators expressed concerns about the proposed 60-
day implementation period. TSA has modified the Secure Flight
implementation approach to accommodate the needs for the industry to
make changes to systems and processes. TSA has conducted a series of
meetings and working sessions on topics including implementation
strategy, testing, and outages, and these meetings will continue with
the publication of the Final Rule. As we continue to ready Secure
Flight for deployment and ensure a smooth transition through parallel
testing of the system, we look forward to a continued partnership with
the air carrier industry, with whom we share a common goal of keeping
dangerous individuals off aircraft while facilitating legitimate
passenger travel.
conclusion
I would once again like to thank this subcommittee for its support
for TSA's mission. TSA is making major strides toward implementation of
Secure Flight, a step that will enhance transportation security and
improve customer service while taking advantage of critical
intelligence to prevent a terrorist act against the United States. I
look forward to continuing to work together with the subcommittee as we
achieve this important goal. Thank you for the opportunity to appear
today, and I would be happy to answer any questions.
Ms. Jackson Lee. Thank you very much for your testimony.
I now recognize Mr. Kopel to summarize his statement for 5
minutes. Mr. Kopel, you might have heard a lot of bells
ringing. If you could summarize in under that amount of time,
we will recess.
Ms. Berrick, we will come back to you, which will give us
more time.
Then, Mr. Kopel, we will certainly give you ample time with
questions. I yield it to you for 5 minutes.
STATEMENT OF RICHARD S. KOPEL, PRINCIPAL DEPUTY DIRECTOR,
TERRORIST SCREENING CENTER
Mr. Kopel. Thank you, Madam Congresswoman, Ranking Member
Lungren, Chairman Thompson and the Members of the subcommittee.
I thank you for the opportunity to talk about the Terrorist
Screening Center and the U.S. Government's watchlisting
process.
As Congressman Lungren alluded, the TSC is administered by
the FBI, but we are truly a multi-agency type task force
environment with over 12 different agencies and departments
represented at the TSC.
Our mission is to consolidate the Government's approach to
screening for terrorism. That includes consolidation of the
terrorist watchlist, but it also includes setting up a 24x7
call center to aid in the identification support when someone
on the watchlist is encountered, coordination with all the
encounters through the FBI to ensure that the FBI case agents
and individuals are notified of those encounters and can
contribute to the encounter process.
We also have a formal process for tracking all the
encounters to ensure that the appropriate information is
collected both on positive encounters when someone does match
the watchlist and also for individuals that are not matches or
misidentifications to the watchlist.
Then another high item on the 9/11 Commission report was
the lack of sharing information. The TSC takes all the
information collected from encounters with known or suspected
terrorists and shares that throughout the U.S. Government
counterterrorism efforts.
That includes, obviously, the FBI, the originator of the
information, and the other departments and agencies doing the
CT type work.
A big question that seems to be the focus of the hearings
are, you know, how does someone get on the watchlist in the
first place? Are there significant and sufficient safeguards to
keep the people, the innocent person off that doesn't have a
connection to terrorism?
We have a multi-tiered approach and review process that
varies between agencies, but at one point when the originator
believes that there is a connection, a reasonable suspicion
that there is a connection to terrorism, that nomination, or
that name of the individual is submitted to the National
Counterterrorism Center for review.
The National Counterterrorism Center will review not only
the name, but the supporting information on why that person is
believed to have a connection to terrorism. If they believe the
connection exists, they submit that name to the Terrorist
Screening Center.
We again reevaluate the supporting information, a third
look, if you will, at the supporting data, to determine that
that person is indeed the person that we believe should be
watchlisted.
With all the names on the watchlist are the records in the
database. There are times when the wrong person, or a name of a
person with a similar name, has issues.
We believe that the different screening agencies have
processes in place to allow that person to file a redress or
ask for help in the watchlisting process. DHS TRIP is a major
component of that system.
In addition to that, we have put on a full redress team to
give our data an independent look when a name comes through the
redress process. They will reevaluate all the supporting
information to determine if any action has to be taken.
For individuals that are unfortunate enough, as our friends
from California, to maybe share the name of someone who is on
the watchlist, this is the process to go through to help
minimize any inconvenience they may experience.
In addition to the formal redress that someone may file, we
have additionally put on a new program, the Terrorist
Encounters Review Process, which proactively looks and
determines if a person is on the watchlist or been encountered
multiple times and not been the actual person of interest.
In those cases we do initiate our own redress process to
actually determine if additional action needs to be taken and
if we can actually help that person through the cleared process
that TSA has, and other agencies.
The TSC continues to play a vital role in the war on
terrorism. Multiple auditors concur that we have made
significant, positive impact on the terrorist screening
processes, ensuring that all of our screening agencies have the
identifying information they need to identify these persons
when they are encountered.
We continue to work hard to make our processes better. We
understand that everything is not perfect, and we look forward
to working those issues with the independent audits that we
have had, where we have been able to take that information and
actually apply that to making our processes better.
Chairwoman Jackson Lee, Ranking Member Lungren and other
Members of the subcommittee, I look forward to answering any
questions that you may have.
[The statement of Mr. Kopel follows:]
Prepared Statement of Richard S. Kopel
September 9, 2008
Good afternoon Chairwoman Jackson Lee, Ranking Member Lungren, and
Members of the subcommittee. Thank you for the opportunity to discuss
the Terrorist Screening Database (known as the TSDB or ``terrorist
watch list'') and the watchlisting process at large. The Terrorist
Screening Center (TSC) is dedicated to consolidating and coordinating
the U.S. Government's approach to terrorism screening and facilitating
information sharing to protect the Nation and the international
community. In addition, the TSC is dedicated to performing its mission
while protecting privacy and civil liberties. The dedicated employees
at the TSC take their responsibility to these two priorities very
seriously.
Since it began operations on December 1, 2003, the Terrorist
Screening Center (TSC) has assumed a critical role in securing our
borders and the safety of the American people by providing to the
Nation's entire screening and law enforcement communities the
identities of known and suspected terrorists. As directed by Homeland
Security Presidential Directive 6 (HSPD-6) Integration and Use of
Screening Information, the TSC has combined the numerous terrorist
watchlists existing on September 11, 2001 and created the U.S.
Government's single consolidated Terrorist Screening Database (TSDB).
Every day, the TSC adds, updates and removes records in the TSDB and
makes the information available to Federal/State/local entities for
terrorist screening. HSPD-6 did not contain any new legal authorities
and all screening is performed under the existing legal authority of
the screening agency. The TSC also provides:
(1) A single coordination point for terrorist screening data;
(2) A 24/7 call center to provide identification assistance to
screening agencies;
(3) Access to a coordinated law enforcement response for any
encounter with a watchlisted person;
(4) A formal process for tracking all positive encounters;
(5) Feedback on all positive encounters with Known and Suspected
Terrorists (KST) to the originator, FBI, and other appropriate
entities;
The Terrorist Screening Center has been the focus of significant
attention from Congress and various governmental auditors. The TSC has
worked to develop a strong relationship and open communications with
Congress and appreciates the support, oversight and constructive
criticism it receives from the various committees with which it works.
The TSC has taken advantage of the external reviews of its processes
and is focused on using the results of these reviews to identify ways
to improve its operations. Generally, these auditors have found that
the watchlist performs a critical function in securing the Nation from
terrorist threats while protecting privacy and civil liberties.
Specifically, GAO report 08-110 states, ``[GAO's] analysis of data on
outcomes and our interviews with screening agency, law enforcement, and
intelligence community officials indicate that the use of the watchlist
has enhanced the Government's counterterrorism efforts.'' It also
reports that ``[t]he TSC plays a central role in the real-time sharing
of information, creating a bridge among screening agencies.'' The TSC
has not only assisted in eliminating historical cultural boundaries
between and among the intelligence and law enforcement communities but
also has provided a physical mechanism to ensure information sharing is
done in an efficient manner. The TSC looks forward to continuing the
healthy working relationship that it currently has with this and the
other committees and subcommittees with which it works.
Further, the TSC is working to provide the public with an increased
understanding of its mission through the press. The TSC has hosted news
reporters and has been engaged with various press outlets to answer
questions and clarify the role of the TSC for the American public. It
is through this openness that the TSC hopes to rectify many of the
misconceptions about its mission, and responsibilities. It is with this
in mind that the TSC is reaching out to describe the watchlisting
process and to demonstrate its efforts to protect individuals' civil
liberties and privacy. Due to the national security nature of TSC's
work, however, it is impossible to explain in precise detail how the
watchlist is managed.
Often, an individual believes he or she is on the watchlist because
of an encounter with law enforcement, airport screening or another
security-related entity. The actuality is that there are many reasons a
person may experience Law Enforcement/Screening delays and only one of
these reasons is the watchlist. The TSC works closely with the
Department of Homeland Security, the Transportation Security
Administration, the FBI, and Federal, State and local law enforcement
agencies, and other partners to minimize inconvenience to individuals
that are not on the watchlist, but nevertheless have a name that is
similar to the name of a known or suspected terrorist.
Inclusion on the watchlist is based on specific criteria and a name
can be removed from the TSDB by the nominating and investigating
agencies reasonably determining the individual is not engaging in
terrorism or terrorist activity.
It is also critical to understand that the TSC serves to facilitate
information sharing on Known or Suspected Terrorists with its partner
agencies in the law enforcement, screening and intelligence
communities. The watchlist is a tool to assist the screening agency in
its legally mandated responsibilities to determine if an individual has
a possible connection to terrorist activity. It is a pointer to
additional information and is not used to determine if any adverse
action should be taken. The TSC, when contacted, will provide
identification support and, if the identity is confirmed, will ensure
all appropriate information on the individual is supplied to the
screening agency to help determine what action, if any, is to be taken.
The size of the watchlist is often misreported and there is
considerable confusion about the difference between the number of
records and individuals. The TSDB reflects sensitive but unclassified
identity information concerning individuals reasonably suspected to be
engaged in terrorism or terrorist activities. The TSDB is updated daily
and contains approximately:
Number of Records: 1,000,000 Records;
Number of Individuals: 400,000 (3 percent of which are U.S.
Persons);
Reason for difference: A separate record is created for each name,
alias and name variant. A single individual may have multiple records
and the TSDB averages just over 2 records for every individual.
It is also critical to clarify that the No-Fly List is not
synonymous with the TSDB; rather, it is a small subset of the TSDB and
pertains specifically to commercial aviation. Inclusion on the No-Fly
List requires that an individual meet very specific criteria and are or
may be a threat to civil aviation (i.e., the aircraft, its passengers,
crew members, and others). As such, not every record in the TSDB would
be appropriate for inclusion on the No-Fly List. The TSC works with its
screening partners to determine what level of information is required
to meet that entity's particular screening needs and is consistent with
its legal authorities. This is one manner in which the TSC works to
limit any inconvenience the watchlist may have on the innocent
traveling public.
The U.S. Government (USG) has many controls in place to ensure that
only Known or Suspected Terrorists are nominated to the watchlist. The
nomination process for including someone on the watchlist is a multi-
agency, multi-tiered process. Each International Terrorist (IT)
nomination comes through the National Counterterrorism Center (NCTC),
and each Domestic Terrorist (DT) nomination comes through the Federal
Bureau of Investigation. Nominations are first reviewed at the field
level, reviewed again at the NCTC or FBI, and again at the TSC before
inclusion in the TSDB.
While the TSDB is critical to counterterrorism efforts at the
Federal, State and local levels, the TSC is aware that the watchlist
has an impact on the traveling public. As such, the TSC takes all steps
possible to limit this impact and balance privacy and civil liberties
with its critical terrorist screening mission. The TSC strives to
reduce the time it takes to resolve encounters with screening agencies.
The average encounter currently takes just under eight (8) minutes to
resolve. Further, the TSC reviews each nominated record for
completeness and the appropriateness of its inclusion on the watchlist.
The TSC similarly reviews all nominated change and removal requests to
ensure that the watchlist contains the most thorough, accurate and
current information possible.
The TSC's Redress program also conducts a comprehensive review of
records related to requests referred to the TSC by its screening
partners through their respective redress programs, including DHS TRIP.
This provides a mechanism for persons who feel they are inappropriately
watchlisted or misidentified to seek redress. In addition, in April
2008, the TSC initiated the Terrorist Encounter Review Process (TERP)
to automatically review the terrorist watchlist records of frequently
encountered individuals even if no formal redress requests are filed.
TERP provides a guaranteed review of such records to ensure they are
thorough, accurate and current.
conclusion
The TSC continues to play a vital role in the war on terrorism.
Multiple auditors all concur that the TSC has made a significant,
positive impact in terrorist screening operations, ensuring that
Federal, State, and local law enforcement and screening partners have
the information they need to identify terrorists abroad, at our
borders, and within our country. The TSC will continue to work hard to
identify means to increase efficiency and limit the impact on the
American public, while effective terrorist screening operations are
conducted. This can only be accomplished through a continuous process
of internal and external review and unremitting vigilance. Chairwoman
Jackson Lee, Ranking Member Lungren, and Members of the committee,
thank you again for the opportunity to address this esteemed body, and
I look forward to answering your questions.
Ms. Jackson Lee. Thank you. The hearing stands in recess.
[Recess.]
Ms. Jackson Lee. I am reconvening the Transportation
Security and Infrastructure Protection Subcommittee hearing on
``Ensuring America's Security, Cleaning up the Nation's
Watchlists.''
At this time I will recognize Ms. Berrick to summarize her
statement for 5 minutes.
STATEMENT OF CATHLEEN A. BERRICK, DIRECTOR, HOMELAND SECURITY
AND JUSTICE ISSUES, GOVERNMENT ACCOUNTABILITY OFFICE
Ms. Berrick. Thank you, Madam Chairwoman, for inviting me
to discuss GAO's work reviewing aviation watchlist matching, or
the matching of passenger information against terrorist
watchlist records.
Domestic and foreign carriers traveling within, to and from
the United States are required to conduct watchlist matching in
accordance with TSA requirements. TSA has responsibility for
overseeing how carriers implement their watchlist matching
programs. TSA plans to assume this function from carriers
beginning in 2009, as you aware, under Secure Flight.
My testimony addresses TSA's watchlist matching
requirements for domestic carriers, TSA's oversight of
carriers' watchlist matching requirements programs, and TSA's
progress in developing and implementing Secure Flight.
In conducting watchlist matching, TSA requires that
carriers conduct exact name matches against watchlist records
and to match name variations, also known as similar name
matching.
Carriers must conduct similar name matching because
watchlists of individuals may travel using name variations and
would not be identified if carriers searched only for an exact
name match.
Although TSA requires carriers to conduct similar name
matching, until recently revising some of its requirements, TSA
did not specify how many or what types of such name variations
carriers should compare.
As a result, the 14 carriers we interviewed reported
implementing varied approaches, two conducting similar name
matching, and not every carrier reported conducting any form of
similar name matching.
There have been incidents of carriers failing to identify
potential matches through watchlist records by not successfully
conducting similar name matching.
However, in 2008 during my review and following a special
inspection conducted by TSA, TSA should have revised security
directives to clarify the types of name variations that
carriers must compare against the No-Fly List.
TSA acknowledges this new capability will not address all
vulnerabilities that exist with watchlist matching, but believe
that it is the best interim solution pending implementation of
Secure Flight, because it strengthens watchlist matching
without requiring major system changes for carriers.
TSA has taken various actions to assess domestic carriers'
compliance with watchlist matching requirements. However, until
a special inspection conducted in 2008, TSA conducted limited
oversight of carriers' name-matching capability.
TSA records for field inspections conducted during 2007
identified the carriers' watchlist matching function was tested
during only 5 percent of airport inspections conducted that
year.
TSA reported that its guidance for inspectors is currently
being revised to strengthen oversight of carrier watchlist
matching.
Since Secure Flight will likely not be fully operational
for at least a year for domestic flights, and longer for
international flights, it is important that TSA strengthen its
oversight of air carrier programs in the interim.
Secure Flight, once implemented, is intended to strengthen
watchlist matching by conducting more robust name variations
than currently conducted by carriers. Secure Flight is also
intended to more accurately match passenger information to
watchlist records.
In February 2008, despite past difficulties in implementing
Secure Flight, we reported that TSA had made significant
progress in developing the program, including developing key
systems development documentation and strengthening privacy
protections.
However, we reported that challenges remained, including
the need to more fully test systems development security
requirements and develop more robust cost and schedule
estimates.
If these challenges are not effectively addressed, the
chances of the program performing on schedule and as intended
are diminished. We have an on-going review, assessing TSA's
efforts in implementing Secure Flight.
This concludes my opening statement. I look forward to your
questions.
[The statement of Ms. Berrick follows:]
Prepared Statement of Cathleen A. Berrick
September 9, 2008
aviation security: tsa is enhancing its oversight of air carrier
efforts to screen passengers against terrorist watch-list records, but
expects ultimate solution to be implementation of secure flight
gao highlights
Highlights of GAO-08-1136T, a testimony before the Subcommittee on
Transportation Security and Infrastructure Protection, Committee on
Homeland Security, House of Representatives.
Why GAO Did This Study
Domestic air carriers are responsible for checking passenger names
against terrorist watchlist records to identify persons who should be
denied boarding (the No-Fly List) or who should undergo additional
security scrutiny (the Selectee List). The Transportation Security
Administration (TSA) is to assume this function through its Secure
Flight program. However, due to program delays, air carriers retain
this role. This testimony discusses: (1) TSA's requirements for
domestic air carriers to conduct watchlist matching; (2) the extent to
which TSA has assessed compliance with watchlist matching requirements;
and (3) TSA's progress in developing Secure Flight. This statement is
based on GAO's report on air carrier watchlist matching (GAO-08-992)
being released today and GAO's previous and ongoing reviews of Secure
Flight. In conducting this work, GAO reviewed TSA security directives
and TSA inspections guidance and results, and interviewed officials
from 14 of 95 domestic air carriers.
What GAO Recommends
GAO is not making any recommendations related to air carriers'
watchlist matching programs because TSA initiated actions in April 2008
to strengthen related requirements and its oversight of air carriers'
implementation of these requirements. Regarding Secure Flight, GAO
previously made recommendations to strengthen the program's
development. TSA generally agreed.
what gao found
TSA's requirements for domestic air carriers to conduct watchlist
matching include a requirement to identify passengers whose names are
either identical or similar to those on the No-Fly and Selectee lists.
Similar-name matching is important because individuals on the watchlist
may try to avoid detection by making travel reservations using name
variations. According to TSA, there have been incidents of air carriers
failing to identify potential matches by not successfully conducting
similar-name matching. However, until revisions were initiated in April
2008, TSA's security directives did not specify what types of similar-
name variations were to be considered. Thus, in interviews with 14 air
carriers, GAO found inconsistent approaches to conducting similar-name
matching, and not every air carrier reported conducting similar-name
comparisons. In January 2008, TSA conducted an evaluation of air
carriers and found deficiencies in their capability to conduct similar-
name matching. Thus, in April 2008, TSA revised the No-Fly List
security directive to specify a baseline capability for conducting
watchlist matching and reported that it planned to similarly revise the
Selectee List security directive. While recognizing that the new
baseline capability will not address all vulnerabilities, TSA
emphasized that establishing the baseline capability should improve air
carriers' performance of watchlist matching and is a good interim
solution pending the implementation of Secure Flight.
TSA has undertaken various efforts to assess domestic air carriers'
compliance with watchlist matching requirements; however, until 2008,
TSA had conducted limited testing of air carriers' similar-name-
matching capability. In 2005, for instance, TSA evaluated the
capability of air carriers to identify names that were identical--but
not similar--to those in terrorist watchlist records. Also, TSA's
internal guidance did not specifically direct inspectors to test air
carriers' similar-name-matching capability, nor did the guidance
specify the number or types of name variations to be assessed. Records
in TSA's database for regular inspections conducted during 2007 made
reference to name-match testing in only 61 of the 1,145 watchlist-
related inspections that GAO reviewed. During the course of GAO's
review, and prompted by findings of the evaluation conducted in January
2008, TSA reported that its guidance for inspectors would be revised to
help ensure air carriers' compliance with security directives. Although
TSA has plans to strengthen its oversight efforts, it is too early to
determine the extent to which TSA will provide oversight of air
carriers' compliance with the revised security directives.
In February 2008, GAO reported that TSA has made progress in
developing Secure Flight but that challenges remained, including the
need to more effectively manage risk and develop more robust cost and
schedule estimates (GAO-08-456T). If these challenges are not addressed
effectively, the risk of the program not being completed on schedule
and within estimated costs is increased, and the chances of it
performing as intended are diminished. TSA plans to begin assuming
watchlist matching from air carriers in January 2009.
Madam Chairwoman and Members of the subcommittee: I am pleased to
be here today to discuss GAO's work assessing the Transportation
Security Administration (TSA) and domestic air carrier efforts in
conducting watchlist matching--or the matching of airline passenger
information against terrorist watchlist records--a front-line defense
against acts of terrorism that target the Nation's civil aviation
system.\1\ Domestic air carriers operating to, from, and within the
United States are to conduct watchlist matching in accordance with
requirements set forth by TSA. That is, air carriers are to conduct
preboarding checks by comparing passenger data--most prominently name
and date of birth--against the No-Fly List to identify individuals who
should be prevented from boarding an aircraft, and against the Selectee
List to identify individuals who must undergo enhanced screening at the
checkpoint prior to boarding.\2\ TSA has responsibility for overseeing
how air carriers implement the watchlist-matching process, consistent
with TSA requirements. Critical to this oversight effort are the
agency's inspectors--both the principal security inspectors who oversee
implementation efforts at air carriers' corporate security offices and
the transportation security inspectors who oversee implementation
efforts at airport locations. Beginning in 2009, under a program known
as Secure Flight, TSA is to take over from air carriers the function of
watchlist matching for domestic and ultimately international flights.
Pending Secure Flight's implementation, air carriers continue to have
primary responsibility for conducting watchlist matching. In turn, TSA
continues to have an important oversight responsibility to ensure that
air carriers comply with watchlist-matching requirements.
---------------------------------------------------------------------------
\1\ For the purposes of this statement, domestic air carriers are
those with operations based in the United States that maintain full
security programs in accordance with 49 C.F.R. part 1544. The number of
domestic air carriers has varied over time, for example, from 95 in
2005 to about 70 in 2007.
\2\ These lists contain applicable records from the Terrorist
Screening Center's consolidated database of known or appropriately
suspected terrorists. Pursuant to Homeland Security Presidential
Directive 6, dated September 16, 2003, the Terrorist Screening Center--
an entity that has been operational since December 2003 under the
administration of the Federal Bureau of Investigation--was established
to develop and maintain the U.S. Government's consolidated terrorist
screening database (the watch list) and to provide for the use of
watchlist records during security-related screening processes. See GAO,
Terrorist Watch List Screening: Recommendations to Promote a
Comprehensive and Coordinated Approach to Terrorist-Related Screening,
GAO-08-253T (Washington, DC: Nov. 8, 2007).
---------------------------------------------------------------------------
My testimony today addresses: (1) TSA's requirements for domestic
air carriers to conduct watchlist matching for domestic flights; (2)
the extent to which TSA has assessed domestic air carriers' compliance
with watchlist-matching requirements; and, (3) TSA's progress in
developing and implementing the Secure Flight program. This statement
is based on a report we released today \3\ on air carrier watchlist-
matching processes and TSA's oversight of these efforts, as well as
work we conducted on the Secure Flight program from August 2007 to
January 2008,\4\ with selected updates in September 2008.
---------------------------------------------------------------------------
\3\ GAO, Aviation Security: TSA Is Enhancing Its Oversight of Air
Carrier Efforts to Identify Passengers on the No-Fly and Selectee
Lists, but Expects Ultimate Solution to Be Implementation of Secure
Flight, GAO-08-992 (Washington, DC: Sept. 9, 2008).
\4\ GAO, Aviation Security: Transportation Security Administration
Has Strengthened Planning to Guide Investments in Key Aviation Security
Programs, but More Work Remains, GAO-08-456T (Washington, DC: Feb. 28,
2008).
---------------------------------------------------------------------------
Regarding air carrier watchlist matching, we reviewed TSA's
security directives and related guidance applicable to watchlist
matching; interviewed responsible officials at TSA headquarters;
conducted interviews (both in-person and via telephone) with officials
from domestic air carriers to discuss their implementation of
watchlist-matching requirements;\5\ analyzed watchlist-related
inspections that TSA conducted during fiscal year 2007 to ensure that
air carriers were in compliance with applicable requirements; and
reviewed the results from a special emphasis assessment that TSA
conducted in 2005 and a special emphasis inspection it conducted in
January 2008, both of which addressed air carriers' capability to
conduct watchlist matching.\6\ Regarding the Secure Flight program, we
reviewed systems development, privacy, and other documentation, and
interviewed Department of Homeland Security (DHS), TSA, and contractor
officials. We conducted these performance audits from July 2006 to
September 2008 in accordance with generally accepted government
auditing standards. Those standards require that we plan and perform
the audit to obtain sufficient, appropriate evidence to provide a
reasonable basis for our findings and conclusions based on the audit
objectives. We believe that the evidence obtained provides a reasonable
basis for our findings and conclusions based on the audit objectives.
---------------------------------------------------------------------------
\5\ Our selection of the 14 air carriers was based, in part, on
operational size with the goal of obtaining a range of sizes. Although
the 14 air carriers (selected from a total of 95 air carriers required
to perform watchlist matching during calendar year 2005) represent a
range in the types of air carriers that conduct watchlist matching,
and, according to our calculations, accounted for approximately 70
percent of all passengers that boarded domestic flights in 2005, the
results of our interviews are not generalizable to the domestic
operations of all domestic air carriers. However, our selection allowed
us to understand how watchlist matching was performed for the majority
of passengers flying domestically in 2005, although we did not
independently verify each air carrier's reported method of
implementation.
\6\ Special emphasis assessments and special emphasis inspections
are nonroutine activities undertaken at the direction of TSA
headquarters. According to TSA, a special emphasis assessment addresses
a vulnerability that generally is not tied to a regulation, while a
special emphasis inspection is tied to a regulatory requirement.
---------------------------------------------------------------------------
summary
Through its security directives, TSA has issued requirements for
watchlist matching, which include identifying passengers with names
similar to those on the No-Fly and Selectee lists. Before undertaking
revisions of the relevant security directives in 2008, TSA expected air
carriers to conduct similar-name matching but TSA's security directives
did not specify how many and what types of such name variations air
carriers should compare. Consequently, in interviews with 14 air
carriers, we found inconsistent approaches to conducting similar-name
matching. Some carriers compared more name variations than others; in
addition, not every air carrier reported conducting similar-name
comparisons. Air carriers that conduct only exact-name comparisons and
carriers that conduct relatively limited similar-name comparisons are
less effective in identifying watchlisted individuals who travel under
name variations. Also, due to inconsistent air carrier processes, a
passenger could be identified as a match to the watch list by one
carrier and not by another. In April 2008, during the course of our
review, TSA revised and issued the No-Fly List security directive to
specify a baseline capability for similar-name matching to which all
air carriers must conform. Also, in August 2008, TSA officials reported
that the agency was in the process of similarly revising the Selectee
List security directive to require the same baseline capability.\7\ TSA
officials acknowledged that the new baseline capability will not
address all vulnerabilities identified by TSA. However, the officials
stated that the new baseline capability was a good interim approach for
improving air carriers' matching efforts because, among other reasons,
it will strengthen watchlist matching without requiring investment in a
solution that will be replaced when Secure Flight is implemented.
---------------------------------------------------------------------------
\7\ TSA officials did not provide us a targeted issuance date for
the revised Selectee List security directive.
---------------------------------------------------------------------------
Although TSA assessed air carriers' compliance with watchlist-
matching requirements through a special emphasis assessment conducted
in 2005 and through planned inspections conducted in conjunction with
annual inspection cycles, the agency had tested similar-name matching
to only a limited extent until 2008. For instance, the 2005 special
emphasis assessment focused on air carriers' capability to identify
passenger names that were exact matches with names on the No-Fly List,
but did not address the capability to conduct similar-name matching.
Also, during the most recent annual inspection cycle (fiscal year
2007), although some TSA inspectors tested air carriers' effectiveness
in conducting similar-name matching, the inspectors did so at their own
discretion and without specific evaluation criteria. However, during a
special emphasis inspection conducted in January 2008, TSA found
deficiencies in the capability of air carriers to conduct similar-name
matching.\8\ Thereafter, following TSA's revision of the No-Fly List
security directive in April 2008, officials planned to issue new
guidance for inspectors to better ensure compliance by air carriers
with requirements in the new security directive. Further, in September
2008, TSA updated us on the status of its efforts with watchlist
matching. Specifically, TSA provided us with the results of a May 2008
special emphasis assessment of seven air carriers' compliance with the
revised No-Fly List security directive. TSA generally characterized the
results of the May 2008 special emphasis assessment as positive.
Further, TSA officials noted that the agency's internal handbook, which
provides guidance to transportation security inspectors on how to
inspect air carriers' compliance with requirements, including
watchlist-matching requirements, was being revised, and was expected to
be released later this year. Officials indicated that the new
inspection guidance would be used in conjunction with TSA's Nation-wide
regulatory activities plan for fiscal year 2009. While these actions
and plans are positive developments, it is too early to determine the
extent to which air carriers' compliance with watchlist-matching
requirements will be assessed based on the new security directives
since these efforts are still underway and have not been completed.
---------------------------------------------------------------------------
\8\ TSA reported that the January 2008 special emphasis inspection
covered 52 domestic air carriers and 31 foreign air carriers.
---------------------------------------------------------------------------
Moreover, in February 2008, we reported that TSA has made
significant progress in developing Secure Flight, but that challenges
remained in a number of areas, including the need to more effectively
manage risk and develop more robust cost and schedule estimates. We
made a number of recommendations to strengthen TSA's efforts in these
areas, to which TSA agreed and has begun to take corrective actions. We
will continue to evaluate TSA's efforts to develop and implement Secure
Flight and its progress in addressing these recommendations as part of
our on-going review.\9\
---------------------------------------------------------------------------
\9\ Our review of TSA's progress with Secure Flight is being
conducted in response to requests from the U.S. Senate (Committee on
Commerce, Science, and Transportation, and its Subcommittee on Aviation
Operations, Safety, and Security; Committee on Appropriations,
Subcommittee on Homeland Security; Committee on Homeland Security and
Governmental Affairs; and Committee on the Judiciary) and the U.S.
House of Representatives (Committee on Transportation and
Infrastructure, Committee on Homeland Security, and Committee on
Oversight and Government Reform). In addition, the Consolidated
Appropriations Act, 2008, requires that we report to the Committees on
Appropriations of the Senate and House of Representatives on DHS's
certification of 10 conditions outlined in section 522(a) of the
Department of Homeland Security Appropriations Act, 2005, related to
the development and implementation of the Secure Flight program. See
Pub. L. No. 110-161, Div. E, � 513, 121 Stat. 1844, 2072-73 (2007).
---------------------------------------------------------------------------
background
TSA is responsible for ensuring air carriers' compliance with
regulatory requirements, including requirements reflected in TSA
security directives. Related to watchlist matching, TSA outlines air
carrier requirements in the No-Fly List Procedures security directive,
requiring domestic air carriers to conduct checks of passenger
information against the No-Fly List to identify individuals who should
be precluded from boarding flights, and the Selectee List Procedures
security directive, directing domestic air carriers to conduct checks
of passenger information against the Selectee List to identify
individuals who should receive enhanced screening (e.g., additional
physical screening or a hand-search of carry-on baggage) before
proceeding through the security checkpoint. Since 2002, TSA has issued
numerous revisions to the No-Fly and Selectee list security directives
to strengthen and clarify requirements, and has issued guidance to
assist air carriers in implementing their watchlist-matching processes.
TSA conducts inspections of air carriers throughout the year as
part of regular inspection cycles based on annual inspection plans to
determine the extent to which air carriers are complying with TSA
security requirements. These inspections are based on inspection
guidelines known as PARIS prompts,\10\ which address a broad range of
regulatory requirements (including airport perimeter security and cargo
security, as well as screening of employees, baggage, and passengers).
With respect to watchlist matching, inspection guidelines instruct
inspectors regarding the aspects of air carrier watchlist matching that
should be tested, such as whether air carriers are comparing the names
of all passengers against names on the most current No-Fly and Selectee
lists in accordance with the procedures outlined in TSA's security
directives.
---------------------------------------------------------------------------
\10\ PARIS is the acronym for the Performance and Results
Information System, which is TSA's inspections database. This database
assists TSA management by providing factual and analytical information
on the compliance of TSA-regulated entities. There are approximately
1,700 PARIS prompts, which serve as guidelines for TSA inspectors.
---------------------------------------------------------------------------
TSA conducts watchlist-related inspections at air carriers'
corporate security offices (where policies and procedures are
established on how watchlist matching is to be performed) and at
airports (where policies and procedures for responding to a potential
match are implemented). TSA's principal security inspectors are
responsible for conducting inspections at domestic air carriers'
corporate headquarters. These inspectors assess air carriers'
compliance with security requirements and provide direct oversight of
air carriers' implementation of and compliance with TSA-approved
security programs. Field inspectors--known as transportation security
inspectors--conduct watchlist-related inspections at airports. They are
responsible for a multitude of TSA-related activities, including
conducting inspections and investigations of airports and air carriers,
monitoring compliance with applicable civil aviation security policies
and regulations, resolving routine situations that may be encountered
during the assessment of airport security, participating in testing of
security systems in connection with compliance inspections, identifying
when enforcement actions should be initiated, and providing input on
the type of action and level of penalty commensurate with the nature
and severity of a violation that is ultimately recommended to TSA's
Office of Chief Counsel.
To further enhance commercial aviation security and as required by
the Intelligence Reform and Terrorism Prevention Act of 2004, TSA is
developing an advanced passenger prescreening program known as Secure
Flight to assume from air carriers the function of matching passenger
information against Government-supplied terrorist watchlists for
domestic, and ultimately international, flights.\11\ Through assumption
of the watchlist-matching function from the air carriers, Secure Flight
is intended to ensure a higher level of consistency than current air
carrier watchlist matching and also help remedy possible
misidentifications if a passenger's name is similar to one found on a
watch list. According to TSA plans, Secure Flight's benefits, once the
program becomes operational, will include:
---------------------------------------------------------------------------
\11\ See Pub. L. No. 108-458, � 4012(a), 118 Stat. 3638, 3714-18
(2004) (codified at 49 U.S.C. � 44903(j)(2)(C)).
---------------------------------------------------------------------------
eliminating inconsistencies in current air carrier watchlist
matching procedures;
decreasing the risk of unauthorized disclosure of sensitive
watchlist information;
reducing the number of individuals who are misidentified as
being on the No-Fly or Selectee lists, and;
integrating the redress process so that individuals are less
likely to be improperly or unfairly delayed or prohibited from
boarding an aircraft.
TSA expects to begin assuming from air carriers the watchlist
matching function for domestic flights in January 2009, and to assume
this function from U.S. Customs and Border Protection for flights
departing from and to the United States by fiscal year 2010.
prior to april 2008, tsa watch-list-matching requirements were broad
and allowed air carriers discretion in comparing name variations, which
resulted in less effective processes
Since the terrorist attacks of September 11, 2001, TSA has imposed,
through security directives, requirements for watchlist matching, which
include identifying passengers with names similar to those on the No-
Fly and Selectee lists--a process TSA refers to as similar-name
matching. Identifying passengers with names similar to those on the No-
Fly and Selectee lists is a critical component of watchlist matching
because individuals may travel using abbreviated name forms or other
variations of their names. Therefore, searching for only an exact match
of the passenger's name may not result in identifying all watchlisted
individuals.
Before undertaking revisions of the relevant security directives in
2008, TSA expected air carriers to conduct similar-name matching, but
TSA's security directives did not specify how many and what types of
such name variations air carriers should compare. Consequently, the 14
air carriers we interviewed reported implementing varied approaches to
similar-name matching. Some carriers reported comparing more name
variations than others, and not every air carrier reported conducting
similar-name comparisons. Air carriers that conduct only exact-name
comparisons and carriers that conduct relatively limited similar-name
comparisons are less effective in identifying watchlisted individuals
who travel under name variations. Also, due to inconsistent air carrier
processes, a passenger could be identified as a match to a watchlist
record by one carrier and not by another, which results in uneven
effectiveness of watchlist matching. Moreover, there have been
incidents, based on information provided by TSA's Office of
Intelligence, of air carriers failing to identify potential matches by
not successfully conducting similar-name matching.
Generally, TSA had been aware that air carriers were not using
equivalent processes to compare passenger names with names on the No-
Fly and Selectee lists. However, in early 2008 the significance of such
differences was crystallized during the course of our review and
following TSA's special emphasis inspection of air carriers' watchlist-
matching capability. On the basis of these inspection results, in April
2008, TSA issued a revised security directive governing the use of the
No-Fly List to establish a baseline capability for similar-name
matching to which all air carriers must conform. Also, TSA announced
that it planned to similarly revise the Selectee List security
directive to require the new baseline capability.\12\
---------------------------------------------------------------------------
\12\ In August 2008, TSA informed us that the revised Selectee List
security directive was still in the agency's internal clearance
process, and did not provide us a targeted issuance date.
---------------------------------------------------------------------------
According to TSA officials, the new baseline capability is intended
to improve the effectiveness of watchlist matching, particularly for
those air carriers that had been using less-thorough approaches for
identifying similar-name matches and those air carriers that did not
conduct any similar-name comparisons. However, because the baseline
capability requires that air carriers compare only the types of name
variations specified in the security directive, TSA officials noted
that the new baseline established in the No-Fly List security directive
is not intended to address all possible types of name variations and
related security vulnerabilities. Agency officials explained that based
on their analysis of the No-Fly and Selectee lists and interviews with
intelligence community officials, the newly-established baseline covers
the types of name variations air carriers are most likely to encounter.
TSA officials further stated that these revised requirements were a
good interim solution because, among other reasons, they will
strengthen security while not requiring air carriers to invest in
significant modifications to their watchlist matching processes, given
TSA's expected implementation of Secure Flight beginning in 2009. If
implemented as intended, Secure Flight is expected to better enable the
use of passenger names and other identifying information to more
accurately match passengers to the subjects of watchlist records.
until a 2008 special emphasis inspection, tsa had conducted limited
testing of air carriers' capability to perform similar-name matching
Until 2008, TSA had conducted limited testing of air carriers'
similar-name-matching capability, although the agency had undertaken
various efforts to assess domestic air carriers' compliance with
watchlist matching requirements in the No-Fly and Selectee list
security directives. These efforts included a special emphasis
assessment conducted in 2005 and regular inspections conducted in
conjunction with annual inspection cycles. However, the 2005 special
emphasis assessment focused on air carriers' capability to prescreen
passengers for exact-name matches with the No-Fly List, but did not
address the air carriers' capability to conduct similar-name
comparisons. Regarding inspections conducted as part of regular
inspection cycles, TSA's guidance establishes that regulatory
requirements encompassing critical layers of security need intensive
oversight, and that testing is the preferred method for validating
compliance. However, before being revised in 2008, TSA's inspection
guidelines for watchlist-related inspections were broadly stated and
did not specifically direct inspectors to test air carriers' similar-
name-matching capability. Moreover, TSA's guidance provided no baseline
criteria or standards regarding the number or types of such variations
that must be assessed. Thus, although some TSA inspectors tested air
carriers' effectiveness in conducting similar-name matching, the
inspectors did so at their own discretion and without specific
evaluation criteria.
In response to our inquiry, six of TSA's nine principal security
inspectors told us that their assessments during annual inspection
cycles have not included examining air carriers' capability to conduct
certain basic types of similar-name comparisons. Also, in reviewing
documentation of the results of the most recent inspection cycle
(fiscal year 2007), we found that available records in TSA's database
made references to name-matching tests in only 6 of the 36 watchlist-
related inspections that principal security inspectors conducted, and
in only 55 of the 1,109 inspections that transportation security
inspectors conducted.\13\ Without baseline criteria or standards for
air carriers to follow in conducting similar-name comparisons, TSA has
not had a uniform basis for assessing compliance. Further, without
routinely and uniformly testing how effectively air carriers are
conducting similar-name matching, TSA may not have had an accurate
understanding of the quality of air carriers' watchlist-matching
processes.
---------------------------------------------------------------------------
\13\ According to TSA data, these 1,145 watchlist-related
inspections (36 plus 1,109) covered 60 domestic air carriers, and most
of the air carriers were inspected multiple times.
---------------------------------------------------------------------------
However, TSA began taking corrective actions during the course of
our review and after it found deficiencies in the capability of air
carriers to conduct similar-name matching during the January 2008
special emphasis inspection.\14\ More specifically, following the
January 2008 inspection, TSA officials reported that TSA began working
with individual air carriers to address identified deficiencies. Also,
officials reported that, following the issuance of TSA's revised No-Fly
List security directive in April 2008, the agency had plans to assess
air carriers' progress in meeting the baseline capability specified in
the new security directive after 30 days, and that the agency's
internal guidance for inspectors would be revised to help ensure
compliance by air carriers with requirements in the new security
directive. Further, in September 2008, TSA updated us on the status of
its efforts with watchlist matching. Specifically, TSA provided us with
the results of a May 2008 special emphasis assessment of seven air
carriers' compliance with the revised No-Fly List security directive.
Although the details of this special emphasis assessment are
classified, TSA generally characterized the results as positive. Also,
the TSA noted that it plans to work with individual air carriers, as
applicable, to analyze specific failures, improve system performance,
and conduct follow-up testing as needed. Further, officials noted that
the agency's internal handbook, which provides guidance to
transportation security inspectors on how to inspect air carriers'
compliance with requirements, including watchlist-matching
requirements, was being revised and was expected to be released later
this year. Officials stated that the new inspection guidance would be
used in conjunction with TSA's Nation-wide regulatory activities plan
for fiscal year 2009. However, while these actions and plans are
positive developments, it is too early to determine the extent to which
TSA will assess air carriers' compliance with watchlist-matching
requirements based on the new security directives since these efforts
are still underway and have not been completed.
---------------------------------------------------------------------------
\14\ According to TSA officials, the January 2008 special emphasis
inspection covered 52 domestic air carriers and 31 foreign air
carriers.
---------------------------------------------------------------------------
dhs has made progress in developing and implementing the secure flight
program, but challenges remain that may hinder the program moving
forward
Over the last 4 years, we have reported that the Secure Flight
program (and its predecessor known as the Computer Assisted Passenger
Prescreening System II or CAPPS II) had not met key milestones or
finalized its goals, objectives, and requirements, and faced
significant development and implementation challenges.\15\
Acknowledging the challenges it faced with the program, in February
2006, TSA suspended the development of Secure Flight and initiated a
reassessment, or rebaselining, of the program, which was completed in
January 2007. In February 2008, we reported that TSA had made
substantial progress in instilling more discipline and rigor into
Secure Flight's development and implementation, including preparing key
systems development documentation and strengthening privacy
protections.\16\ However, we reported that challenges remain that may
hinder the program's progress moving forward. Specifically, TSA had
not: (1) Developed program cost and schedule estimates consistent with
best practices; (2) fully implemented its risk management plan; (3)
planned for system end-to-end testing in test plans; and, (4) ensured
that information-security requirements are fully implemented. If these
challenges are not addressed effectively, the risk of the program not
being completed on schedule and within estimated costs is increased,
and the chances of it performing as intended are diminished.
---------------------------------------------------------------------------
\15\ See GAO, Aviation Security: Progress Made in Systematic
Planning to Guide Key Investment Decisions, but More Work Remains, GAO-
07-448T (Washington, DC: Feb. 13, 2007).
\16\ See GAO, Aviation Security: Transportation Security
Administration Has Strengthened Planning to Guide Investments in Key
Aviation Security Programs, but More Work Remains, GAO-08-456T
(Washington, DC: Feb. 28, 2008).
---------------------------------------------------------------------------
To address these challenges, we made several recommendations to DHS
and TSA to incorporate best practices in Secure Flight's cost and
schedule estimates and to fully implement the program's risk-
management, testing, and information-security requirements. DHS and TSA
officials generally agreed to implement the recommendations and
reported that they are making progress doing so. According to TSA
officials, the ``initial cutover'' or assumption of the watchlist
matching function from one or more air carriers for domestic flights is
scheduled to begin in January 2009. However, as of July 2008, TSA had
not developed detailed plans or time frames for assuming watchlist
matching from all air carriers for domestic flights. We will continue
to evaluate TSA's efforts to develop and implement Secure Flight and
its progress in addressing our prior recommendations as part of our on-
going review.
concluding observations
Until the Secure Flight program is implemented, TSA's oversight of
air carriers' compliance with watchlist-matching requirements remains
an important responsibility. In this regard, TSA's April 2008 revision
of the No-Fly List security directive--and a similar revision planned
for the Selectee List security directive--are significant developments.
The April 2008 revision establishes a baseline name-matching capability
applicable to all domestic air carriers. Effective implementation of
the baseline capability should strengthen watchlist-matching processes,
especially for those air carriers that had been using less-thorough
approaches for identifying similar-name matches. Concurrently, revised
internal guidance for TSA's inspectors can help ensure that compliance
inspections of air carriers are conducted using the standards specified
within the security directives as evaluation criteria. At the time of
our review, TSA was in the initial stage of revising the internal
guidance for inspectors. As a result, it is too early to determine the
extent to which updated guidance for principal security inspectors and
transportation security inspectors will strengthen oversight of air
carriers' compliance with the security directive requirements. Going
forward, TSA officials acknowledge that the baseline capability
specified in the revised No-Fly List security directive and the similar
revision planned for the Selectee List security directive--while an
improvement--does not address all vulnerabilities identified by TSA and
does not provide the level of risk mitigation that is expected to be
achieved from Secure Flight. Thus, TSA officials recognize the
importance of--and the challenges to--ensuring continued progress in
developing and deploying the Secure Flight program as soon as possible.
Madam Chairwoman, this concludes my statement. I would be pleased
to answer any questions that you or other Members have at this time.
Ms. Jackson Lee. Let me thank you very much for your,
again, important analysis.
As well, let me thank all of the witnesses for their
presence here today.
I want it to be known that this persistent pursuit is a
serious effort on behalf of this subcommittee and the full
committee really to penetrate into the essence of security to
make it real, consistent and effective.
I have appreciated the polite talk of the witnesses. I have
also appreciated the collaborative efforts. My questions will
be pointed, because I don't think we can have hearing after
hearing after hearing after hearing without finding a solution
to what seems to be a complex question with a simple answer.
So I would first of all like to pose a question to Mr.
Wellen. I want to congratulate TSA for getting the final
certification that seems to have come with the signoff of
Secretary Chertoff. This certification report confirms that
Secure Flight meets all 10 certifications mandated in the 2005
appropriations language, which many of us worked together on.
There are many of us who have been on the Homeland Security
Committee since its origins after 9/11 and its first beginnings
as a select committee, first as a team of Members to decide how
we were going to move forward. So we want to make sure that the
recommendations can be asked and answered.
One of the recommendations--we physically asked that you
develop an appropriate lifecycle cost estimate. I would like to
know how have you verified that the estimates you have
constructed are reasonable and achievable, first of all?
As you answer that, I would like you to make a commitment
to provide the subcommittee with a copy of that report. Mr.
Wellen.
Mr. Wellen. Thank you, Ms. Chairwoman.
The lifecycle cost estimates we are in the process of
providing were based on April's estimates for the first 5 years
of the program. Those can be made available.
We are also in the process of updating the lifecycle cost
estimates to abide by additional GAO and DHS guidance. When
those are complete, we can provide those as well.
Ms. Jackson Lee. Assistant Secretary, do you want add a
little? Expand on that for us, please. I just think it is
important.
Mr. Hawley. The 10-year cost is in the billion dollar
range, and it ranges probably per year $80 million, and perhaps
going up above that to get to around a billion over 10 years.
As part of a review of the Department, and also the
engagement that we have with GAO, we have had a lot of back and
forth, and there are some different ways of framing the
questions, and therefore the answers that we are referring to.
So I believe the first 5 years are ready to go now and
would provide the additional when that is available.
Ms. Jackson Lee. So the first 5 years--a half a billion
dollars?
Mr. Wellen. Yes, ma'am. The approximations are anywhere
between $85 and $93 million per year.
Ms. Jackson Lee. Good. Is that a Government cost? Or is
that shared with the industry?
Mr. Wellen. That is Government cost, ma'am.
Ms. Jackson Lee. Do we have any estimates of the industry's
participation and any cost on their part?
Mr. Wellen. I don't have their cost estimates.
Ms. Jackson Lee. But we would expect that there would be
some.
Mr. Wellen. Yes, ma'am.
Ms. Jackson Lee. Can I ask you to engage--and I am going to
yield to you, Mr. Secretary--with the industry to give us some
ballpark on those figures, please? Assistant Secretary.
Mr. Hawley. Yes, ma'am.
Ms. Jackson Lee. You heard the discussion that we had, and
I offered my congratulations for the certification announcement
to back a question of their participation in it. But I
indicated that I am not holding these hearings I guess for what
most might perceive would be a continuous reciting of the
problem.
I know that there are issues with legislation, but there
are also issues with administration rulemaking. My question to
you is could we have a collaborative effort as we proceed to
write legislation to expedite this process for what we all
want: relief to the American people.
Now, what that would mean is that we could not point
fingers at each other for what the delay might be. It would
have to move through this House, which I feel confident that we
have the ability to work collaboratively, but it would have to
move in the Senate.
So the question is would that be something that you, DHS,
the administration would be open to? Can you work with this
committee, work with me on legislation that could be put the
energy in that we need to secure the American people?
Mr. Hawley. Yes. I would like to comment that this
subcommittee has been very consistently into the detail of this
program, and I appreciate the legislation from Ms. Clarke. Mr.
Lungren referred to it, and bipartisan nature of it.
We would certainly work with you and the committee to see
if there are additional ways to strengthen that process, but to
get to the point where it will be implemented just as soon as
it is ready.
Having said that, our rule is in its final stages of
administration clearance, so our hope is that that will go the
course, and should Congress or you wish to pursue legislative
remedies, we would be very open to working with you.
Ms. Jackson Lee. I think that is a very important first
step, and I think we will move expeditiously, but we will also
be monitoring the rulemaking. What we want to do is that we
will both be holding hands in success not for ourselves, but
for the American people.
Let me ask Ms. Berrick, are you just listening to costs? I
am concerned that the 10 items that have been certified need
themselves to be reviewed by GAO.
Will you all assess them to determine their reasonableness
and also their costs? How long do you think it will take you to
review these certifications that have now been made?
Ms. Berrick. Yes. We will be. We have been reviewing. We
will continue to review the Secure Flight. There is legislation
in the--2 years ago the appropriations legislation requires GAO
to review the program and report within 90 days of
certification. So our report will be due around December 10 of
this year.
Related to the 10 conditions, GAO has done a lot of work
already, and there are two areas where we have identified some
concerns that we are working with TSA on right now.
One has to do with cost and schedule estimates--lifecycle
cost estimates, for example, that you asked about. We have not
yet full lifecycle cost estimates for Secure Flight. The
estimates that we got just went up to 2012, and it was based on
an older version of the program. So we are waiting to get
updated lifecycle cost estimates.
We will be looking at that to see to what extent it was
developed consistent with best practices for these estimates.
Another area has to do with testing, making sure that TSA
is fully testing security and systems requirements before they
go operational. So we will continue to review those areas, as
well as the other 10, and report to this committee and others
in December.
Ms. Jackson Lee. So let me ask you just to repeat that. Do
you think you will begin the review process now and expect to
finish in December, of the 10 certification?
Ms. Berrick. Right. We have 90 days to complete the work,
which would be December.
Ms. Jackson Lee. So our legislation could track your
review. But we need to be concerned, then, if your review is
not finished until December, that we want to be more expedited.
So let me ask that you be in dialog with this committee and
let us, even though you do have the time frame, let us look
very carefully and keenly at how we can work together on moving
that up.
Ms. Berrick. Okay. We will.
Ms. Jackson Lee. I appreciate it very much.
Let me just try to quickly finish my own questioning. Time
seems to go more quickly than we would like.
Mr. Kopel, let me thank you for the work that you do, and
let me also indicate that the resourcefulness of which I am
about to begin is appreciation for the work that you do.
But here is a dilemma that we face, and you laid it out.
Nominating agencies or nominating individuals because they
have--originators of the nomination think that this is a person
we need to watch.
We have a lot of backtalk going on. The backtalk is that
there is a watchlist. I do expect in another committee, or
possibly this committee, since we invited Director Mueller to
be here--and I know that you work for the Department of
Homeland Security--but I believe we should indicate on the
record that we are giving resources to the FBI to have the kind
of a four-star A-plus-plus watchlist, because it may seem
insignificant to have thousands of Americans on the list that
are wrongly named, or five on the list, but any American on the
list wrongly named is unacceptable.
So I have a concern that the confusion about the watchlist,
and I think though you at DHS, let me pointedly suggest that it
works unfortunately in the direction of the FBI, because what
the TSA gets, it is in the custodial hands of the FBI.
People believe, and civilians believe, and airlines
believe, and the have said it, which they are inappropriate to
say it, but they have, that someone is on the watchlist.
James Robinson, an 8-year-old, is on the watchlist. That is
unfair, untoward, and it does not help the American people. So
I am a little confused as to what DHS is doing in your shop to
try to get the most accurate watchlist possible.
This seems to be the pass the buck situation. You talk to
the FBI; they are moving paper around. I am not sure what role
you may play in trying to give the best assistance, though I
know that you are committed. So you are in the hot seat.
I am frankly not very happy with what I think is an uneven
watchlist that then results in what we have to work with for
Secure Flight, but more importantly results in the misidentity
of individuals, who innocently come to use the airlines and to
visit Grandma, to go on a family vacation, to try to make
deadlines to go to a funeral, and whatever else the airlines
are used for.
People miss flights, because they are intimidated by this
process.
Meantime, some of the great work that needs to be done to
secure America is not being done.
Mr. Kopel.
Mr. Kopel. Thank you, Madam Chairwoman. First, let me
explain that although I am a DHS employee, and I work for
Charlie Allen in information analysis. I am also the No. 2
person at the Terrorist Screening Center--a direct line.
Our director is currently an FBI employee. Our previous
director was a DHS employee. Actually, a senior member of TSA
was our original director for the first 3 years of the TSC.
The TSC, when I referenced a multi-agency task force type
environment, I have about 45--a commitment from DHS for 45--and
have about between 30 and 40 DHS employees at any time
permanently assigned to the TSC.
So it isn't like we really work for the FBI. We work for
the Terrorist Screening Center and the watchlisting process for
the USG.
Ms. Jackson Lee. What you are doing with the watchlist that
is in the custodial hands of the FBI, and you are dealing with
a situation where people are on a No-Fly List because they are
matched against the watchlist--it is very confusing, and it
doesn't work.
So tell me what you are doing to clear it up? What are you
doing to coordinate? I appreciate the coordination and the
various people that are working in your shop, but what are you
doing to ensure a cleaned-up watchlist?
Mr. Kopel. Well, let me start by saying based on some of
our preliminary audits--and we have had many where we tend to
think we have live-ins from GAO and the IG working with us
continuously--but part of that process.
In March 2006, we initiated some information technology
changes to our process that allowed us to, or actually requires
us to, review every nomination that comes to the TSC and review
the supporting information behind that actual record, so that
we just don't take a name, and because an originator thought
there was a reasonable suspicion of a connection to terrorism,
that doesn't automatically get you on the watchlist.
It goes through the National Counterterrorism Center. They
are going to review that nomination, along with all the
supporting information, whether that comes from the FBI in
their case management files or whether it is with the CIA in
the TIDE system.
So between the difference, they are going to review the
information, and they are going to say that they believe there
is also a connection to terrorism, a reasonable suspicion of
that.
Then that record is transmitted to the Terrorist Screening
Center. We have a group of subject matter experts that review
each and every one of those records to also ensure by looking
at the supporting information that there is sufficient
information that a reasonable suspicion can be determined that
this person may have a connection to terrorism.
Ms. Jackson Lee. Are you suggesting to me that there is
your own separate analysis from the separate watchlist that the
FBI is custodian over?
Mr. Kopel. The FBI is a custodian of the U.S. Government's
list, and that list is reviewed at the Terrorist Screening
Center. We do our own independent review, as does the National
Counterterrorism Center, and as do the nominating agencies and
the originators of that information.
Ms. Jackson Lee. What we might take from that is that there
are names on it that are names of individuals in the United
States who are innocent, but that you have done all the
screening that you could do to assure that if that name is on
there, there is a basis for such.
Mr. Kopel. Madam Chairwoman, I believe that almost all the
names, and we are in the process to finish a complete review of
the entire database to ensure that every record has been
reviewed and had that supporting information.
Ms. Jackson Lee. So we find a gap in that translation to
the Nation's airlines. As the Chairman said, there are other
nodes or other agencies that use watchlists, and then it
captures an 8-year-old by the name of James Robinson.
Mr. Kopel. Madam Chairwoman, I believe that every name that
we have on the No-Fly List is appropriately watchlisted for the
No-Fly List.
Ms. Jackson Lee. But not an 8-year-old by the name that may
be the same.
Mr. Kopel. We supply the airlines with what we believe is
sufficient information to make some preliminary identification
from that. Their actual processes would probably be best
described by TSA on how the airlines evaluate the information
that is supplied to them.
Ms. Jackson Lee. Well, let me now--and I thank you for your
answer. We will just have to have a second round to pursue it.
But let me now yield to the distinguished gentlelady from
New York. Congresswoman Clarke.
Ms. Clarke. Thank you very much, Madam Chairwoman. I want
to thank you for your labor and commitment to really addressing
and resolving this issue. I would like to also thank you for
your support on the FAST Redress Act. It is really at the heart
of the issue that we are talking about today.
You know I think it is not really an issue of the names as
such. It is the misidentification. It is the ability for people
to be able to feel reassured that our Nation has the capability
of clearing those who may be misidentified.
There is a difference between having a terrorist watchlist,
which we know is a necessity, and having so many false
positives, if we may.
So at the end of the day, it is up to us to really come up
with a system that really enables people to provide to an
entity all pertinent information required to get them off that
list.
If an 8-year-old, who was basically born around the time
that the incident occurred, can't travel, something is wrong. I
mean we don't want our airline using discretion to the extent
that it becomes a vulnerability.
But when an 8-year-old comes to purchase, or their parent
comes to purchase a ticket, and they would just basically blow
a horn like the day before this incident took place, someone
has got to say I am going to take it upon myself to get this
child cleared.
That is where I believe part of the challenge lies for us
right now--bringing that common sense, the intelligence
community together to come up with a remedy. I just wanted to
put that out there, because I think we kind of lose that in the
conversation about the list.
It is not the list. I think all Americans are glad that we
have got that level of intelligence.
It is the misuse of the list and it is the
misidentifications of individuals with similar names that has
become you know a real sticking point for most Americans,
because after the third incident, it becomes just a violation
of our humanity. We don't want to continue to experience that.
Director Hawley, I am appreciative of your comments that
you have made regarding the FAST Redress Act, and I hope that
you will express your interest as you interface with our
colleagues on the other side in the Senate.
I know that the final rule for Secure Flight is being
reviewed by OMB. Do you have a sort of a date when you expect
that the rule would be approved? This is with regard to Secure
Flight.
Mr. Hawley. Yes, we are anticipating November is when the
rule would be cleared and then be made final.
Ms. Clarke. You think it would be the earlier part of
November, or the end of November?
Mr. Hawley. I thought it was going to be in the summer,
so----
Ms. Clarke. I got you. I got you. If you had the authority
to move on implementation today, how ready would you be to put
the program into place?
Mr. Hawley. I think today it is a different answer, because
the certification is done. That is the first step to make sure
the privacy and security pieces are done, and so having an
appropriate GAO review of those I think would be the next step
there.
But technically, and Mr. Wellen can describe it, the system
is operational and that part is ready. Our partners need to be
ready, meaning the airlines need to be ready to give us the
data. Then the legal authorities have to be there, which is
something either would come legislatively or by rule.
Ms. Clarke. With regard to the airlines, because they play
such a crucial role here, would you say the capacity to stand
them up in this process in a fairly short period of time, Mr.
Wellen?
Mr. Wellen. Yes, ma'am. We have six airlines that have
expressed a willingness and a desire to be early adapters for
Secure Flight.
We encourage other airlines to express a similar desire,
and that went to my oral statement. But yes, ma'am.
Ms. Clarke. But Mr. Wellen, let me ask you something. Is
there anything that we could do to compel all airlines to be a
part of this process? Because again you know it is also the
inconsistency amongst the airlines in terms of their protocols
that has created a part of the problem as well.
Mr. Wellen. Yes, ma'am. You are absolutely right. The rule
is what we were using for compulsion.
Ms. Clarke. Okay.
Mr. Wellen. But legislation I believe probably could have
the same authority.
Ms. Clarke. Okay. Thank you very much.
I yield back, Madam Chairwoman.
Ms. Jackson Lee. Let me thank the gentlelady for her
leadership. I know that we are going to partnership on this
committee.
It is our mutual commitment and the commitment of this
entire committee to get this right, because I don't believe, as
we honor the dead this coming Thursday, as we all will do, that
we will have truly honored them if we cannot find a way to do
what originally was a horrific act of those untoward and evil
persons getting on the airplane and doing the wrong thing and a
dangerous thing, and separate them from the travels of
Americans and others, who are innocent.
Let me yield for a second round and quickly ask to
Assistant Secretary Hawley two issues. Since revising the No-
Fly List security directive in April 2008, has TSA observed an
increase in the number of true matches, meaning passengers
correctly matched?
Do you have a way of the air transport industry reporting
back to the No-Fly List, meaning true matches to the No-Fly
List? On the other hand, have air carriers reported an increase
in the number of passengers misidentified as matches to the No-
Fly List, which is what Congresswoman Clarke indicated that
there is a watchlist, which I believe should be continuously
surveyed to make sure that it is accurate, but then as that is
accessed by the appropriate people, are they still doing
misidentifications?
Using the term, and I would like you to respond to that,
``you are on the watchlist,'' which many of our constituents
come back and tell us that that is what is being said over the
counter while the grandma is trying to get on the plane or
while a young Mr. Robinson or military Mr. Robinson or former
U.S. Attorney Mr. Robinson is trying to get on a plane? So if
you can share that with us.
Mr. Hawley. Yes. We have begun to collect the data from the
airlines as to the number of people going to the counters. So
we will begin next month having some trend analysis of that.
But just anecdotally, a number of the airlines were
experiencing about a thousand people a day coming to the
counter, and our hope is that as they adopt measures, and we
working with them, that those numbers will decrease.
I think it is important to note all the airlines agree with
all of us in terms of not saying, ``You are on the watchlist.''
That is their policy. It is our policy. We all have distributed
operations where employees are all over the world and sometimes
say things they shouldn't. So we all have the same interest in
not saying to somebody, ``You are on a watchlist.''
Ms. Jackson Lee. But what kind of oversight do we have over
that? You are right. We do have employees all over the world. I
am sure they have good intentions. But I can assure you that we
have heard from individuals, who at a counter in a public
setting, who were told that you are on a watchlist.
Mr. Hawley. Yes. We are interested to learn about that, as
I am sure the airlines are, if there are employees doing that.
One point I think is very interesting is that from our
redress, the DHS TRIP, of the people who come to TSA and say,
``I would like redress,'' 99.75 percent of them are
misidentification.
I think Ms. Clarke has it exactly right, that the
precautions in the process in making sure that the people on
the watchlist belong on the watchlist, my experience is that is
done excellently.
The problem comes in taking those lists and then matching
the passenger manifest. That is where the problems come in the
data. As I said, less than a quarter of 1 percent end up being
about whether they should be on the watchlist. Most are
misidentified.
Ms. Jackson Lee. Let me then quickly ask Mr. Kopel. I know
that we have called him the name of the news anchor, so we will
try to continue to correct his name, which is Kopel, and we
appreciate the distinction. But in any event, it is a good
person to be confused with.
Let me ask you this. Building on that, there is
considerable confusion between the terrorist screening database
and the Selectee and No-Fly List. Please clarify the difference
between the entire TSCD and the Selectee and No-Fly List, which
are used by TSA.
To the greatest extent possible, please discuss the other
Government agencies that use the TSCD or are provided
information by the TSCD. If you can quickly answer that, we
want to move to our second panel. Then I want to ask you a
redress question.
Mr. Kopel. Yes, ma'am. The entire watchlist, the terrorist
screening database, contains all the names and identifiers of
everyone that the U.S. Government believes has a reasonable
suspicion of a connection to terrorism.
Ms. Jackson Lee. Well, it is important to note for the
American people that the watchlist is legitimate, we should
have it, and it is not out to attack Americans.
Mr. Kopel. Absolutely, ma'am. That is why the supporting
information for every nomination on the list is reviewed at not
only the TSC, but in multi-layers by multi-agency
participation.
Ms. Jackson Lee. All right. Well, when we go to the No-Fly
List, Selectee, the TSCD, the Selectee No-Fly List.
Mr. Kopel. Yes, ma'am. The No-Fly and Selectee List have a
higher level of I guess--the criteria for actually being placed
on the No-Fly and Selectee List is about two or three notches
above the reasonable suspicion of a connection to terrorism.
In both those cases, without getting into the actual
specifics of the criteria----
Ms. Jackson Lee. So that is even higher.
Mr. Kopel. That is higher. Those lists have been what we
call scrubs, where we will periodically go in and reevaluate,
pull every record and determine that the information is still
valid and accurate and that all of those people we believe have
a potential for a danger to the aircraft.
Ms. Jackson Lee. So what is the airline counterperson
looking at, and their computer looking at, when someone comes,
who, as has been indicated by my colleague, may be
misidentified?
Mr. Kopel. There is a subset of the terrorist screening
database, the No-Fly and Selectee List. The appropriate
identifying information, Madam Chairwoman, and I can't actually
say what that this in this forum, but I would be glad to
discuss that with you in a classified environment.
Ms. Jackson Lee. We will have you do so. Thank you.
Mr. Kopel. But at those cases, the airlines are given some
specific information that should help them make at least a
preliminary determination whether or not that is a match to the
No-Fly and Selectee List.
Ms. Jackson Lee. So when they are speaking to the multiple
Robinsons, who are innocent----
Mr. Kopel. Yes, ma'am.
Ms. Jackson Lee [continuing]. What is it that they are
supposed to be doing?
Mr. Kopel. Well, we would believe that they would do a
preliminary review of the information that they have available
to them to determine, matching that against the person at the
counter, whether or not that is the same person.
Ms. Jackson Lee. Do you believe the information that they
have has been scrubbed and accurate so they can make a
determination?
Mr. Kopel. I believe that the information they have is
accurate and has been scrubbed. Yes, ma'am.
Ms. Jackson Lee. Let me indicate that we want to pass the
legislation of Ms. Clarke, and we are going to be moving and
working on that. What we hear from constituents--and last
question to you--one of the chief complaints about the redress
process is that individuals are never told that their name was
actually removed from the watchlist. Why can the TSA neither
confirm or deny an individual's watchlist status?
Now, this is in the backdrop of recognizing that we are not
trying to inform terrorists of anything. But what mechanism
could we use?
Mr. Kopel. Well, and I think that has been something that
certainly DHS, as probably the largest user of the watchlist
between TSA and the U.S. Customs and Border Protection, has
been struggling with.
The key to that, though, is from an investigative
standpoint, if we were to inform an individual they are or not
on the watchlist, that would be kind of like an open door to
use a name that they know that they could kind of get through
the security and skirt the security that has been put in place.
That is a policy that we have had, and we stand by it. I
think it worked for us, because there have been times when we
believe people are phishing, you know, the system to look and
see if this name is good or they can use this.
Ms. Jackson Lee. Right. Well, let me indicate that I think
we are better than a country that is not able to end the
misidentification. We are also a country that should recognize
that a scrubbed and clean and effective watchlist is protecting
all of us. We are going to get to that in this committee.
Let me thank you for your testimony. We ask----
Gentlelady, you have another question?
Let me yield to the gentlelady.
Ms. Clarke. Thank you, Madam Chairwoman.
I guess for me--and this question is for Mr. Kopel. It is
clear to me that there are going to be cases where the name
does not come off the list. It is the misidentified individual
that needs to be cleared, because the name remains the same. It
is just that multiple people have either a similar name or the
same name.
So that is really the technicality, because we are asking
for some of these end up whose name comes off, but we know that
the name doesn't come off, because the name remains the name of
a bad actor out there.
It is the individual that may have a similar or same name
that has to be cleared. Is there a process for that individual
that begins to whittle down the pool of individuals that could
be trapped by having the same or similar name? Because that
name doesn't come off the list.
Mr. Kopel. If the name on the list belongs to someone that
is reasonably suspected of having a nexus to or a connection to
terrorism, that name is going to remain on the list. Yes,
ma'am.
Ms. Clarke. That is right.
Mr. Kopel. The process for working through that today at
TSA is the cleared list.
At Customs it is their primary lookout override system of
the TSC, when a name is referred to us in our redress program,
we work closely with both the offices in TSA for redress and
with Customs and Border Protection to address those, to get
those names not only to determine whether or not this is not
the individual, but to help that individual.
We actually have a process to get that person placed on the
cleared list and to work with Customs and Border Protection for
their primary lookout override.
Ms. Clarke. You create sort of I guess an indicator that
differentiates that individual with that name versus the
individual with the name, which is the bad actor.
Mr. Kopel. Absolutely. For Secure Flight we will really aid
that for an automated function----
Ms. Clarke. Okay.
Mr. Kopel [continuing]. For TSA. For Customs and Border
Protection, that is a fully automated process that the person
is not flagged at the customs inspection when they come through
just wanting a passport. It is automatically overridden,
because we know that is not the person.
Ms. Clarke. Okay.
Mr. Wellen, since DHS started the TRIP program, has there
been a significant increase in referrals to TSC of potential
cases for names and records to be removed?
Mr. Wellen. First, TSA has worked with TSC to do a complete
scrub.
I am sorry. Excuse me, ma'am.
TSA and TSC have worked together to do a complete scrub of
the No-Fly and the Selectee watchlist. So we have employed that
process.
Second of all, the people that have requested redress
through the DHS TRIP system do go through a process in which it
is determined that in fact they are not the person on the
terrorist watchlist.
That name does go into a cleared list. That cleared list is
provided daily----
Ms. Clarke. Can you just stick right there, because you
said ``that name.'' I think that is where we are having--is
there another indicator of the difference in the name?
Mr. Wellen. Yes, ma'am. In addition to the name, there is a
redress number.
Ms. Clarke. Okay.
Mr. Wellen. What happens is this is supplied to the
airlines daily. It is updated daily. With varying degrees of
consistency, the airlines apply those names when a person does
their boarding pass--excuse me.
Some airlines do it quite well. They made the investment in
the IT infrastructure to make that happen. Others not so well.
What the ultimate solution will be is Secure Flight,
because as part of the process, an automatic process, those
names will automatically--anybody that is a hit on the match
would automatically--then the next step is to look. Is there a
redress number and are they on the cleared list?
So that is actually built in as an automated piece of the
Secure Flight engine.
Ms. Clarke. Thank you.
Madam Chairwoman, just one final question.
Last April with the terrorist screening database
approaching the 1 million record mark, the Terrorist Screening
Center implemented the Terrorist Encounter Review Process,
which started in April, to help reduce the number of
unnecessary records.
Director Kopel, now that this program has been under way
for several months, do you have any early results on its level
of effectiveness? Have many records been flagged for review? If
so, how many of these have been acted upon and actually removed
from the system?
Do you have any statistics available?
Mr. Kopel. Madam Chairwoman, we do have some statistics. I
did not bring those with me today, but I can tell you that the
overall I think success of the program--it is really reaping
some benefits for everyone.
What the program does for us is when a person is
misidentified, that person that has gone through the process I
think three times, they are automatically referred to our
redress team for a redress referral of that record.
If that is determined that they are not the individual,
which at the time of the redress submittal we know that, then
we go through the process and we will actually work to get them
added to the cleared list or the customs list, the primary
lookout override, without the person ever having to actually
file a redress complaint.
Ms. Clarke. I would like to get Ms. Berrick's response,
Madam Chairwoman. It is a little----
Ms. Jackson Lee. Yield to the gentlelady.
Ms. Clarke. Thank you.
Ms. Berrick. have you looked into the TERP program at all?
Do you have any thoughts on it? I am sorry--the TSC's TERP
program.
Ms. Berrick. No, we haven't looked at that specific
program.
If I could, I would like to make a point about the cleared
list--two points, actually.
One is that even if an individual goes through the process
and is added to the cleared list, they still may be
inconvenienced, because they may not be able to remotely check
in for their flight. They will have to go to the ticket
counter, unless the carriers have some other pre-clearance
system in place.
So that is point No. 1. Even if you are on a cleared list,
you may still be inconvenienced is one thing that they need to
consider.
The other point just slipped my mind, but I am sure it will
come back to me.
Oh, it was that the carrier--we interviewed 14 carriers and
talked about their use of the cleared list. Actually only 10 of
the 14 were using the cleared list.
The reason that they gave was they felt it could identify a
lot more additional people that would have to come to the
ticket counter and be cleared, and it caused long lines and
passenger frustration.
Now, some of those carriers had alternative clearance
systems, but not all of the carriers were even using the
cleared list. So that is why TSA oversight over this process is
so important.
Even though Secure Flight is going to begin operations in
January, that is going to be a phased schedule, so they will
not be screening all domestic passengers for probably another
year. After that, they will be screening international
passengers.
So in the interim the oversight is very key to make sure
carriers are following TSA requirements and are using the
cleared list appropriately.
Ms. Clarke. Thank you very much, Madam Chairwoman.
Ms. Jackson Lee. Thank you.
Our second panel has been enormously patient, and we
appreciate it very much. I do want to recognize, and ask if she
wants to ask questions of the first panel, the distinguished
gentlelady from the District of Columbia.
Ms. Norton. Thank you, Madam Chairwoman. I want to thank
you for having this hearing. I stopped by for nothing more than
to say this.
I must say just hearing the last few minutes, I am struck
by whether we ought to give this to some high school nerds,
because I really do think the notion that we can't figure out
how to keep from going each time to get another list and going
to the counter really speaks so poorly of Department of
Homeland Security that they haven't been able to figure it out,
that we continue to get complaints.
I don't think they know how. I think they are thinking
through how to solve this puzzle. That is what I regard it as.
It does take more than bureaucrats sitting around saying,
``Now, how do we do things like this?''
The way we do things like this is to make sure that this
person is still the right person. Then we got to create another
list. That is the kind of bureaucratic thinking that has--you
may have heard that some of these cleared lists don't even
exist in some of the airlines.
But assuming even the airlines that they do exist, surely
there is some experience around the world that by now we could
have copied. For example, there--Latin America. I have noted
all my life how many Latin Americans' names are the same.
I just wonder if we have looked beyond our shores to see if
somebody has figured out a way to do this. I don't think it is
beyond our intellectual capacity, but what I have heard in this
room, just sitting down here for 5 minutes makes me believe
that it is beyond the capacity of this agency.
Have you looked at how other nations, some of which will
have the same problem, have very large populations, deal with
this issue of similar names? Or are you talking to yourselves?
Ms. Jackson Lee. Well, let me ask--I don't want to overstep
the gentlelady's bounds, and I appreciate if Assistant
Secretary Hawley----
If you don't mind, Congresswoman Holmes Norton, if Mr.
Kopel could answer that. Then we will move to the second panel.
Ms. Norton. Whoever is qualified to answer.
Ms. Jackson Lee. Whoever feels competent, but those two
individuals can jump in and be as pointed as they possibly can.
Mr. Kopel. Yes, ma'am. One of the missions from the TSC is
to share terrorist screening information with foreign
governments.
We have been very active in going worldwide and meeting
with many governments, not only to share our terrorist
watchlist and get information from them, but to learn how they
use the list, how we can kind of do a build-off of that and how
they can build off of our system.
So I think that the answer to your question is that we talk
to many different countries.
Ms. Norton. Yes, but I have asked you a very specific
question. Do countries who also--we are not the only country in
the world where people have similar names--have they found a
quick and easy way to do what I think seems to me--again, I am
serious. Put some nerds together at a table. They will figure
it out.
Have any of them found a way to do it without the processes
that I have described here, and have you sat down with them to
find that out? Not sharing your list, but how do you do it? How
long does it take to figure out, to keep coming back, answering
the questions that you hear from this committee?
Mr. Hawley. I would like to answer that in the sense that
we have built the system. One of the things that we said at the
beginning of the hearing--we had a major announcement that we
have met the 10 privacy requirements of certification.
That has occurred from Secretary Chertoff so that the
privacy piece is in place, the technology is in place, the
system is built, the matching is done. It is operational, and
now the next stages are for the authorities to go to require
the information we need to come in, as well as work with our
partners so that the airlines can get the information to it.
So the system is now built. The privacy protections are in
place. GAO is going to review that over the next 90 days. We
should be good to go starting in January.
Ms. Norton. One-stop system?
Mr. Hawley. One-stop. Yes, ma'am.
Ms. Norton. I want to thank the gentlelady for what I think
was an instructive line of thought today. We are going to take
it one step further. Both of my colleagues have highlighted
part of the concern that we have.
One, Mr. Kopel, we are going to have the security briefing
for our committee so that we can get the oranges and apples
together. I think that is the concern that I have.
Certainly a shocking statement by Ms. Berrick that our
airlines--less of them are using the secured list. I would
appreciate it if I could get a fuller explanation of that, Ms.
Berrick, in writing for the committee. It will help us as we
move forward.
I am going to ask Assistant Secretary Hawley if he could
give a response in writing as to what he perceives a fully
operational Secure Flight will look like, because I am
concerned that we will now have or should have all the
participants knowing their obligations.
Do not give leeway to who can look at a list and who
doesn't look at a list, because that, if you will, speaks to
the inconsistencies.
Our second panel will have representatives from the public
and as well our technological community and transport to answer
those questions.
I would be remiss if I did not thank TSA for meeting their
certification, and Secretary Chertoff for certifying. I will
say this one comment, and that is it is important to note--and
I have mentioned his name before--Drew Griffin, who is a
reporter for CNN.
I don't think the answer of calling the inspector general
of DHS is an answer, which was given by Secretary Chertoff--
maybe well-meaning--that work for those Americans and others
that are on a list inappropriately to call up the inspector
general of the DHS.
So what we have here are the partners--Assistant Secretary
Hawley, Mr. Wellen, Mr. Kopel, and certainly GAO's Ms.
Berrick--to get this done. I am going to hopefully leave you
with the instruction we have to get this done. We will be
writing legislation.
I thank this panel very much. I understand there being no
further questions for our first panel, I thank the witnesses
for appearing before the subcommittee today for this very
important hearing.
Members of the subcommittee may have additional questions
for you. We ask that you respond to them expeditiously in
writing.
We now welcome our second panel to the witness table.
Again, we thank all of you for your participation.
Let me welcome our second panel of witnesses. Our first
witness is Ms. Denise Robinson. Ms. Robinson lives in
Sunnyvale, California, with her husband and two sons, James and
Tyler.
Since 2005, when James was 5 years old, the Robinson family
has had to deal with the delays and hassles of having a son who
has been consistently misidentified when traveling.
Every time the family travels, they have to deal with long
waits for the ticket counter, or at the ticket counter, close
calls at missing flights, the inability to use curbside check-
in, and embarrassment.
Let me note for the record again that Ms. Robinson and her
son traveled here to Washington, DC, at their own cost. I do
want to acknowledge as well that even though Ms. Robinson is in
Sunnyvale, California, she is with strong roots from the great
State of Texas.
I am delighted that she has that kind of stamina that comes
from the great State of Texas. But I think as we listen, my
colleagues will recognize that the consternation of this
committee, the commitment to get this right is reflected in a
young man, who is 8 years old, who has been stupendous by being
at this hearing starting 2 p.m., and we will reflect what time
it is now.
So we are commending Mr. James Robinson, because he has a
great future in front of him, and it might be that he will be
sitting in a chairpersonship, if he desires proceeding and
governing a hearing, as he has been very able in his presence
here today.
Our second witness is Ms. Lillie Coney, who is an associate
director with the Electronic Privacy Information Center. I did
not construct this to be such, but she also hails from the
great State of Texas. We thank her for her leadership.
Additionally, she serves in an advisory capacity to several
organizations, which include Verified Voting, Accurate Voting
System Performance Rating, and Open Voting Consortium.
Our third witness is Mr. John Meenan, who is the executive
president, chief operating officer of the Air Transport
Association. Mr. Meenan is responsible for all aspects of ATA
operations, with a particular focus on technical, safety,
security, environmental, economic and legal policy issues
impacting the airline industry.
Without objection, the witnesses' full statements will be
inserted in the record. I now ask each witness to summarize his
or her statement for 5 minutes, beginning with Ms. Robinson.
We are going to adhere to the rule, and that is that we
have laid down a compromise that Mr. Robinson at his age will
communicate through his mom. All of us believe that Mr.
Robinson--James--could speak for himself, just as he is
confronted individually as he tries to visit Grandma and others
when he goes to an airline counter.
He should be able to address his own grievance and his own
particular embarrassment, if that is something that occurs to
the family, but we are going to let Ms. Robinson do so. I hope
in her statement that she will answer the question--and maybe
she will consult with James--if he knows what a terrorist
happens to be.
So now, however, we recognize Ms. Robinson for 5 minutes,
with her son, James Robinson, sitting alongside of her. I yield
to the witness.
STATEMENT OF DENISE ROBINSON, PRIVATE CITIZEN
Ms. Robinson. Thank you, Madam Chairwoman. Thank you to the
committee for the information to come and speak to you today.
The purpose of my testimony really is to sort of give the
perspective of a common citizen and dealing with somebody who
is on the watchlist.
But before I get to the specifics of our experience, I
would like to state that I am a strong proponent of the
watchlist. I believe that in our country we as citizens are
going to have to accept some inconveniences and be flexible
with some of the liberties that we have come to expect in order
to provide the security against terrorism.
So I am a proponent of it, but I do think that it has been
mismanaged or not executed to the quality that we in our
country can do. So I share with you our specific experience
with James.
When he was 5, we went to the airport to check in on a
flight. We were at curbside told that we were not able to check
in and we must proceed to the ticket counter.
We did that. The ticket agent took a very long time on the
phone, on the computer system, not able to answer questions
that we were asking about why it was taking so long. He kept
saying, ``I don't know. I mean I can't tell you what is going
on.'' We kept saying, ``Well, but why is it taking so long?''
Finally, he would ask, ``Who is James?'' Obviously, we
pointed to our son. Then he asked, ``How old is he?'' I said,
``He is 5.'' You know he said, ``I cannot tell you what is
going on, but I am going to provide you with information,
printed information that you need to follow.''
He said, ``I suggest that you follow it for your entire
family, because I can't tell you any more information.''
I know there has been a lot of talk today about the
airlines using the term ``watchlist'' or not. We have never had
the airlines use the term ``watchlist'' with us over the last
3\1/2\ years.
So we were able to make the flight. In hindsight I now know
that this ticket agent was very confounded with the situation.
It was probably his first opportunity to come across someone
who was listed that was so young.
So anyway, we did make the flight. The printout that he
gave me was the TSA directions to follow the redress process. I
did that. It took almost a year to get a response from the TSA.
I did do the redress process for our entire family.
However, what was interesting was the only response I got from
the TSA was a letter for James Robinson. There was no
communication about any of the other family members.
Further, the letter was very vague. It stated that a review
of records was conducted, and where it has been determined that
a correction to records is warranted, these records have been
modified. That is very vague from a citizen's perspective.
To further frustrate me, it said this letter constitutes
TSA's final agency decision, which is reviewable by a U.S.
Court of Appeals.
So you are faced with no further action. I understand that
the redress process has been revised. I haven't gone through it
again. But that was our experience.
So, based on that background, you know my point is that--
and I agree that it can't just be based on the name. The system
can be a good system, but it can't just be based on the name.
It has to have other information with it. You know the list is
only going to grow unless we do something to solve this.
With James in particular I have encountered this problem on
every airline. We have frequent flyer programs for him on every
airline. When I go to the airport, I am the one who approaches
them and says, ``My son is on the watchlist.'' Then the airline
then is able to help us manipulate--not manipulate, but get
through the system, get our boarding passes so that we can get
on the plane.
But you know James at his young age is embarrassed by that,
because all of a sudden he is in the spotlight.
James, I will ask you now and ask you to answer to me, ``Do
you know what a terrorist is?''
His answer is no. He doesn't understand why this problem
persists with him.
The other thing that I have done is that I applied for a
passport for him. When I went through the passport application
process, I did it with both of my sons. I expected that I would
have further inquiry in getting James' passport. I did not. I
used the paperwork. The passport came back.
Yet when I flew with him yesterday, with his passport, he
was still on the watchlist. So if we are issuing citizens
passports without further inquiry, and they are on the
watchlist, you know it just completely erodes the confidence of
the citizens in you know the TSA, Homeland Security,
everything. It erodes our confidence.
The other thing that has been talked about today is the
ability to use name variations to circumvent the system. That
further erodes the confidence, you know because we as citizens
don't really care, to be honest, whether the watchlist, or the
application of the watchlist by the airlines--we want the
system to work.
That is my expectation is that I am hopeful that this new
process that will roll out in January 2009 will solve these
problems and will bring the airlines and the TSA together and
get all of these extraneous names off the list.
So, finally, why am I here? I am here for two reasons.
First, I am obviously here to get my son off the list, whether
it is the airlines or the TSA, whatever, I want him off the
list.
I have been able to manage the process thus far, but as he
grows up and he begins to travel on his own--it is obvious he
is not a security threat now, but when he is a teenager or in
his early 20's and he is traveling on his own domestically, and
particularly internationally, he could encounter problems. So I
am here to get him off now.
The other thing is that, again, I feel very strongly that
the watchlist is a good tool. I feel very strongly about
national security for our country. I think we can do a better
job. Thank you.
[The statement of Ms. Robinson follows:]
Prepared Statement of Denise Robinson
September 9, 2008
Dear Committee Members: Thank you for the invitation to testify
before your committee on behalf of my son, James Robinson. The purpose
of this testimony is to highlight key weaknesses, from my perspective,
in the implementation of the Transportation Safety Administration's
(TSA) ``Terrorist Watch List''.
Before I get to the specifics of our situation, I would like to
state that I am a strong proponent of effective actions by our
Government to ensure safe travel in the United States. I also believe
that citizens of this country will have to accept some inconveniences
and be flexible with some of the liberties that we have come to expect
in order to gain that additional security. However, I do believe it's
incumbent on our Government to, very simply, be effective.
My son, James, has been on the watchlist since 2005 when he was 5
years old. How do we know this? We know this only through experience
every time we travel by air. Our first introduction to this situation
was in 2005 when we were traveling on American Airlines from San
Francisco to New York JFK Airport to visit his grandmother. Upon
arriving at curbside check-in, our normal travel procedure, we were
told by the skycaps that we had to go to the ticket counter to check in
and receive boarding passes. Once at the ticket counter, the American
ticket agent spent a significant amount of time on the phone and on the
computer terminal, so much time that we were concerned about missing
our flight. When asked what was going on, we were told, ``I can't tell
you anything''. Obviously, we were concerned. Finally, the ticket agent
asked which one of us was James and we identified our 5-year old son.
More time went by on the phone and computer, and he finally asks, ``How
old is he?'' I replied, ``He's 5''. Growing more concerned, we
questioned further what the issue was. Again we were told that he could
not tell us anything but that he would print some information and we
should follow the directions on that printout for every member of our
family even though James was the only one he called out specifically.
The printout included instructions to contact the TSA and provided
contact information by mail. I contacted the TSA and received a letter
requesting us to complete the Passenger Identity Verification (PIV)
form. I completed the forms for all members of our family and mailed
them to the TSA in April 2005. In February 2006, I received
communication back from the TSA but it was only one letter addressed to
James Robinson. There was no communication about the status of the rest
of the family. The letter to James states that a review of records was
conducted and ``where it has been determined that a correction to
records is warranted, these records have been modified . . . ''. To
date based on our experience at airports, there has been no correction
to James' records. Additionally, the letter states that ``this letter
constitutes TSA's final agency decision, which is reviewable by a U.S.
Court of Appeals . . . ''.
Based on that background, my main point is, very simply, that the
watchlist is completely mismanaged. The list is too big and too flawed
with extraneous names, and the current process for getting off is
totally ineffective.
The list only grows. Secretary Chertoff has said that there is a
``simple solution'' for getting off. In a press conference, Chertoff
said that ``if the innocent John Smiths provide information such as a
date of birth to the TSA . . . then when they show identification of
that date of birth at the airport they are immediately taken out of the
system''. I provided just that information to the TSA in 2005 and
provided just that information at the airport; James is still on the
list. So, if a 5-year old can't get off the watchlist, who can? With
new people being added to the list and without an effective process for
getting off, the list is an unwieldy and ineffective tool.
Divisions of our Government don't cross-reference, creating
opportunities for the terrorists and frustrations for the rest of us.
In late 2007, I applied for a U.S. passport for James. The passport was
issued in January 2008 without any further inquiry, and James remains
on the watchlist. The irony is clear and perplexing.
The list is not hard to circumvent. In a CNN investigation about
the watchlist, which aired on August 19 and included interviews of
three different James Robinsons including my 8-year-old son, there are
numerous examples of using variations of the name to avoid the
watchlist at the airport. For example, one James Robinson who is a
commercial pilot and licensed to carry a weapon in the cockpit uses Jim
Robinson to circumvent the hassle. We have used J. Pierce Robinson for
the same reason. In both cases, just that small change works. Drew
Griffin, the CNN reporter who is also on the list, has sidestepped the
list by combining his first and middle name into one. The list is not
well managed.
So, why am I here? Why did I take my son out of school and bear the
expense of traveling to the District of Columbia to testify before you?
First and foremost for me personally, I am here to get my son, James
Robinson, off the watchlist. But equally important, I'm here to do my
part to make it an effective tool in the fight against terrorism. I
feel very strongly that our country can beat the terrorists. I believe
that we have the will, resources, intelligence and fortitude in this
country to prevent them from their main goal, to ruin our way of life.
I believe the watchlist can be an effective tool if managed; it is
currently not. I'm hopeful that the new Secure Flight Program that the
TSA is scheduled to implement in January 2009 will be more effective,
but I'm not optimistic based on my personal experience.
Thank you for your invitation to speak before you and your
consideration of this issue.
Ms. Jackson Lee. Let me thank you for your testimony. I can
tell you that you are before a committee that is very strongly
committed to a cleaned-up watchlist, very strongly committed to
national security. That is our reason for being.
So we thank you so very much for your testimony.
I would now recognize Mr. Meenan.
I recognize you to summarize your statement for 5 minutes.
STATEMENT OF JOHN M. MEENAN, EXECUTIVE VICE PRESIDENT AND CHIEF
OPERATING OFFICER, AIR TRANSPORT ASSOCIATION
Mr. Meenan. Madam Chairwoman, thank you very much.
Members, I appreciate the opportunity to appear here today.
At the outset I would like to say that we certainly regret
hearing this story, and I know that our managing director of
security has offered to work with the Robinsons to try to sort
this out.
I thought it would be useful to give the committee a
chronology of what we are dealing with here.
In October 2001, FAA, and subsequently succeeded by TSA,
created the first watchlist with just a handful of names that
were given to the airlines, and we were told not to let them
board flights. Later in 2001 that morphed into the Selectee
List, which were people to be handled in a particular process,
and a No-Fly List.
At the time the carriers asked for a script as to what they
should tell these passengers when they arrived, and they were
respectfully--that request was respectfully declined by FAA and
TSA. We received no script.
We also asked how the process should work. They said, ``Use
your best judgment as to how you design it.''
The list began to grow through 2002 and 2003. The carriers
found themselves devoting more and more resources to handling
these lists largely in a manual process, so they began
investing in significant changes to their information systems
to try to automate this.
Again, that was done based on their own judgment as to how
that should proceed, using very different information systems
across the industry. There were no standards provided. So we
ended up with a variable system that quite honestly in
hindsight is where the problems really started cropping up.
Let me be frank with you. The industry economics have not
contributed to this situation. The fact is that the airlines
were among the first users of information systems, but to an
extent we are still using some of those first systems.
So they are cumbersome. They involve writing of code that
really isn't done anymore. It is very difficult to find the
people to do this. It is expensive.
As we have gone through the process for the last 7 years,
we get constant requests and requirements from the Government
that require modification of these systems. All of those go
into a queue to be taken care of, and honestly, it has not been
a very neat process.
It isn't working as smoothly as we would like, and
obviously, if the economics of the industry were different, we
think that situation would be handled differently.
Throughout 2002 and 2003, TSA promised that CAPS II was
going to come on-line, and it was going to take care of this
problem. 2003 moved into 2004. CAPS II remained a promise.
The carriers began receiving frequent modifications of the
format. The lists that they received from TSA--the formats
changed, which required constant renovation of the information
systems, adding further confusion and, honestly, I think
probably producing some of the problems we are continuing to
see today.
You know before CAPS II sort of stopped in its tracks,
morphed into Secure Flight, that was to be the successor
system. Again, investments continued to be made, but we were
awaiting this promise of a Secure Flight system that was going
to remove this responsibility from the airlines completely and
put it in the hands of the Government, where they could have
access to all of the information they need to resolve these
issues that they can't share with us today.
So as that process has gone forward, we have done
everything we can to try to advance it. We are pleased to hear
from the Government witnesses today that the plans are in place
to hopefully get that up and running early next year.
We are doing everything we can to try to expedite that
process. Obviously, we are looking to this committee for its
support. We hope that by this time next year that all of these
issues can be looked at through the rear view mirror, rather
than coming at us.
With that, we would be happy to respond to your questions
in due course.
[The statement of Mr. Meenan follows:]
Prepared Statement of John M. Meenan
September 9, 2008
Thank you, Madame Chairwoman. The Air Transport Association and its
member airlines welcome the opportunity to appear before you today to
discuss the critical issues associated with aviation security
``watchlists.''
In order to provide the committee with a complete picture, it may
be helpful to begin with a chronology of the lists during the past 7
years.
In October 2001, prior to the creation of the Transportation
Security Administration (TSA), the Federal Aviation
Administration (FAA) issued the first ``watchlist'' (containing
a handful of names) of individuals identified by the FBI. These
individuals were not to be allowed to board flights.
Late in 2001, the list was divided by Security Directive
into separate ``No-Fly'' and ``Selectee'' components. As the
name implies, No-Fly listees were not to be permitted to board
while selectees were to be subject to additional screening.
Carrier requests for scripts as to what these individuals
should be told were declined, first by the FAA and later by
TSA.
As the lists began to grow in 2002 and 2003, carriers were
devoting more and more manpower to this effort. Consequently,
many carriers began investing significant resources in
information system modifications to automate this process. Two
relevant asides are worth mention:
The carriers were required to use their best judgment in
designing those systems, incorporating name variability
programs to be certain they found similar names--but
without Government guidance or standards. Looking back,
problems really began to compound themselves at this point
when, absent Government engagement, carriers began to
develop highly variable systems, capabilities and
procedures.
Point two, let me be frank: Due to the economics of the
airline industry, the legacy information systems we are
working with, while reliable, are cumbersome and expensive
to modify. They are generally old technology, which adds
complexity to the situation. While many carriers would, no
doubt, welcome new systems, economic realities control new
investment decisions.
In 2003, many carriers went to work to develop
``preclearance systems''--essentially reviewing each day's
anticipated passenger lists against the Government's lists, and
pre-resolving any matches to the greatest extent possible. One
carrier had approximately 35 full-time employees engaged in
this process. Again, as more and more names were added, more
efforts were made to automate this process. As a result,
carriers incorporated their frequent flyer lists (which
provided more detailed identification information) and
therefore helped resolve uncertainties. These lists, of course,
are highly proprietary and, as a result, being a frequent flyer
on one carrier does not help clear a passenger traveling on
another airline.
Throughout 2002 and 2003, TSA indicated that its Computer
Assisted Passenger Pre-Screening program (CAPPS II) was moving
forward and would soon replace the carrier programs with a TSA
risk-assessment and passenger-authentication program.
As 2003 moved on to 2004, CAPPS II remained a promise. At
the same time, TSA began modifying procedures and list formats,
usually without industry consultation, resulting in frequent
and redundant reprogramming in order to enable the loading of
the modified lists.
By 2004, CAPPS II had morphed into the newly promised Secure
Flight--and TSA's renewed commitment to take over the watchlist
matching function. The carriers have made every effort to
support this initiative, noting only their concern that Secure
Flight be thoroughly vetted and tested to avoid further
complications.
Throughout this period, the lists had continued to grow--the
No-Fly and Selectee lists alone exceeded 145,000 names. Added
to that, we now have a so-called ``cleared list,'' which TSA
developed to respond to passengers who had been inconvenienced.
Unfortunately again, with wide variations among carrier's
processing capabilities, passenger delays were inevitable.
Given of the absence of TSA/industry consultation, the
investments to develop robust carrier preclearance systems, the
cleared list are next to useless.
Over the past 7 years we have worked with no fewer than
five--TSA CAPPS II/Secure Flight program directors. Carriers
have, as for 2007 (the last time we updated the data) spent
some $44 million maintaining, developing and operating
screening systems. (We acknowledge this figure is imprecise,
since these expenses are not tracked more closely.) We have
participated in numerous teleconferences and provided personnel
for literally dozens of meeting with the TSA, particularly
seeking to advance first, CAPPS II, and then Secure Flight.
I am pleased to report that in recent months, TSA and airlines have
been working closely to further reduce the number of passengers
misidentified through the Watch List process. We know this is a
difficult assignment for the TSA and for the airlines--and we are
committed to ensuring that it is effective. The Department of Homeland
Security (DHS) and TSA have now provided more detailed guidance as to
functional system requirements; carriers have been authorized to
incorporate date of birth information into their records to help
address misidentifications; carriers have also redoubled their efforts
to encourage customers to join their frequent flyer programs--which,
for the most part, provides the optimal use of existing technology to
avoid misidentification; TSA has provided a script for carrier use to
advise passengers why they may not be able to check in on-line or at a
kiosk. Taken together these initiatives should help to further reduce
passenger inconvenience.
We know too that TSA plans to begin to roll out Secure Flight,
which may ultimately resolve the problem of watchlist misidentification
by early 2009. We are fully supportive of this effort--subject only to
the caveat that it be fully vetted prior to implementation to assure
that passenger pre-screening is truly improved. We urge this
committee's full and active engagement in the development and
deployment of Secure Flight and thank you for the opportunity to appear
today.
Ms. Jackson Lee. Mr. Meenan, I thank you for your
testimony.
I would now like to yield 5 minutes to Ms. Coney----
STATEMENT OF LILLIE CONEY, ASSOCIATE DIRECTOR, ELECTRONIC
PRIVACY INFORMATION CENTER
Ms. Coney. Thank you, Congresswoman.
Ms. Jackson Lee [continuing]. To summarize her statement.
Ms. Coney. Congresswoman Jackson Lee, Ranking Member Daniel
Lungren, Congresswoman Norton and Congresswoman Clarke, thank
you for the opportunity to appear before you today.
EPIC is a nonpartisan public interest research organization
established in 1994 to focus public attention on emerging civil
liberties issues. We are very pleased that the committee is
holding this hearing on ensuring America's security, cleaning
up the Nation's watchlist.
There are three primary problems with the security
watchlist. First, the databases in the system are not subject
to the full safeguards of the Privacy Act of 1974. The
Transportation Security Administration has sought wide-ranging
exemptions from the record system, and private companies
engaged by the agency are not subject to the Privacy Act.
As a result, legal safeguards that help ensure accuracy and
accountability and other Federal databases are absent from the
watchlist system.
Second, the security watchlist on which the system is based
are riddled with inaccurate and obsolete data. In September
2005 documents obtained by EPIC under the Freedom of
Information Act revealed travelers' struggles with watchlist
errors.
The situation has not changed materially, and recently
continues to reveal more incidents of false positives and
harrowing experiences of legitimate travelers.
Third, the existence of the Registered Traveler Program may
become a textbook example of security failure.
The Privacy Act requires that data collected should be
limited to only what is relevant and necessary. However, the
TRIP program does not perform a critical process to determine
if the collection of information is necessary.
Second, the data collected should be specific to the kind
of problem the traveler may have experienced.
Third, the information collected must only be used to
resolve the problem. TRIP does not distinguish between frequent
air travelers and infrequent air travelers. All air traveler
travel experiences are not equal.
Some, like Members of Congress, may travel on average 30 or
40 weeks out of the year. Very infrequent air travelers may
travel once over several years.
One of the principal protections offered by the Privacy Act
and Fair Information Practices is transparency. Transparency is
a key component of a functioning, healthy democracy.
Efforts to provide due process by DHS must remove ambiguity
that may currently exist in the minds of agency administrators
regarding their obligation to make public information related
to watchlists and prohibitions on travel.
The FBI Terrorist Screening Center manages watchlists used
by DHS to screen air travelers. The inspector general of the
U.S. Department of Justice found that the Terrorist Screening
Center is relying on two interconnected versions of the
watchlist database.
The inspector general found that the methodology adopted by
the FBI to nominate new names as flawed. The inspector general
concluded that this procedure resulted in the TSC being unable
to ensure that consistent, accurate and complete terrorist
information is disseminated to frontline screening agents in a
timely manner.
Further, there must also be a clear statutory definition of
the words ``terrorism'' and ``terrorists,'' as well as the
phrase ``terrorist organization.'' Without clear definitions,
these designations could be misused, such as in the past, when
the word ``subversive'' was used to justify actions taken
against some civil rights activists, civil liberties groups and
others who engaged in lawful pursuit.
In order to ensure American air travel security, the
watchlist must not only be cleaned up of errors. The Government
must also ensure that an inaccurate data is not entered into
the database in the first place.
Further, it must be transparent to the general public by
providing information on the existence of watchlists,
disclosing the penalties for being listed, publicizing the
redress procedure, ensuring effective due process rights for
travelers, and cleaning up the appeals process for agency
decisions.
Finally, each traveler denied the right to travel should
have access to the courts. It is our hope that the work set
forth by this committee will lead to a more just, fair,
privacy-centric and transparent watchlist program.
Thank you.
[The statement of Ms. Coney follows:]
Prepared Statement of Lillie Coney
September 9, 2008
Chairwoman Sheila Jackson Lee and Ranking Member Daniel E. Lungren,
thank you for the opportunity to appear before you today. My name is
Lillie Coney and I am Associate Director of the Electronic Privacy
Information Center in Washington, DC. EPIC is a non-partisan public
interest research organization established in 1994 to focus public
attention on emerging civil liberties issues. We are very pleased that
the committee is holding this hearing on ``Ensuring America's Security:
Cleaning Up the Nation's Watchlists.'' The watchlist program is
dysfunctional because it is a black box system. Information goes into
the process, but not very much escapes, including when errors are made.
Poor list creation and management not only cost taxpayers money, they
may also deny individuals a fundamental constitutional right to
travel.\1\ I ask that my complete statement and our summary of the on-
going problems with watchlist errors be entered into the hearing
record.
---------------------------------------------------------------------------
\1\ Saenz v. Roe, 526 U.S. 489 (1999).
---------------------------------------------------------------------------
In my statement today, I wish to call your attention to three
primary problems with the security watchlists. First, the databases in
the system are not subject to the full safeguards of the Privacy Act of
1974,\2\ as the Transportation Security Administration (TSA) has sought
wide-ranging exemptions for the record system and private companies
engaged by the agency are not subject to the Privacy Act.\3\ As a
result, legal safeguards that help ensure accuracy and accountability
in other databases are absent from the watchlist system.
---------------------------------------------------------------------------
\2\ 28 CFR � 16.96(r)(1).
\3\ Privacy Act Amendments 2005, EPIC, available at http://
epic.org/privacy/laws/privacy_act.html.
---------------------------------------------------------------------------
The second flaw of the program aggravates the issue further--the
security watchlists on which the system is based are riddled with
inaccurate and obsolete data.\4\ In September 2005, documents obtained
by EPIC under the Freedom of Information Act revealed travelers'
struggles with watchlist errors.\5\ The situation has not changed
materially and recent news continues to reveal more incidents of false
positives and harrowing experiences of legitimate travelers.\6\
---------------------------------------------------------------------------
\4\ Watchlist FOIA Documents, available at http://epic.org/privacy/
airtravel/foia/watchlist_foia_analysis.html/.
\5\ EPIC FOIA Notes No. 8, available at http://epic.org/foia_notes/
note8.html/.
\6\ Drew Griffin and Kathleen Johnston, ``Airline captain, lawyer,
child on terror `watchlist' '', CNN, Aug. 19, 2008 available at http://
www.cnn.com/2008/US/08/19/tsa.watch.list/. See also ``Formal calls for
probe into reporter's name on no-fly list'', CNN, July 17, 2008
available at http://www.cnn.com/2008/US/07/17/watchlist.chertoff/
index.html.
---------------------------------------------------------------------------
Third, the existence of the Registered Traveler program may become
a textbook example of ``Security Theater.''\7\ Further, the approach is
triggering typical hallmarks of ``mission creep''--the databases of
personal information collected by private sector companies will be used
for purposes other than originally intended--aviation security. The TSA
has outsourced the vetting of bona fide air-travelers to Verified
Identity Pass, Inc. (Verified ID), a privately held company running The
Clear� Registered Traveler program (Clear).
---------------------------------------------------------------------------
\7\ Bruce Schneier, ``The Feeling and Reality of Security'', Apr.
8, 2008 at http://www.schneier.com/blog/archives/2008/04/
the_feeling_and_1.html (describing security countermeasures intended to
provide the feeling of improved security while doing little or nothing
to actually improve security).
---------------------------------------------------------------------------
For a year, San Francisco air travelers have been offered the
option of enrollment in the Clear Registered Traveler Program at a cost
of $128. Those who registered were given a biometric ID card that could
be used to bypass regular security lines. In August of this year,
Verified ID reported the theft of a laptop containing registration
information from its San Francisco office. The agency is now
prohibiting Verified ID from registering new customers into the
Registered Traveler program. Registered traveler schemes are all
vulnerable to several serious flaws, including the example presented in
this news item. Travelers who registered for the program may find
themselves waiting in lines once again. Later, it was reported that the
laptop was returned to the office it was stolen from.\8\
---------------------------------------------------------------------------
\8\ ``Laptop with traveler info likely stolen, returned,'' Marcus
Wholsen, Business Week, August 2008, available at http://
www.businessweek.com/ap/financialnews/D92GO1A00.htm.
---------------------------------------------------------------------------
In order to ensure America's air travel security, the watchlist
must not only be cleaned up of errors, the Government must also ensure
that inaccurate data is not entered into the database in the first
place. Further, it must be transparent to the general public by:
providing information on the existence of the watchlists; disclosing
the penalties for being listed; publicizing the redress procedures;
ensuring effective due process rights for travelers, and cleaning up
the appeals process for agency decisions. Finally, each traveler denied
the right to travel should have access to the courts.
the privacy act 1974
The protection of privacy is hardly a new problem. An 1890 journal
article written by American lawyers Samuel Warren and Louis Brandies
entitled the ``Right to Privacy,'' captured the attention of law
scholars, legislators, and the public. This law journal article has
been cited and debated for over a century, and has guided the
establishment of laws and international norms that restrain the power
of technology and human curiosity to encroach on an individual's
``right to be let alone.''\9\
---------------------------------------------------------------------------
\9\ Samuel Warren & Louis Brandies, The Right to Privacy, 4 Harvard
Law Review 193 (1890).
---------------------------------------------------------------------------
In 1948, the right of privacy found a place in international law
through its adoption into the Universal Declaration of Human
Rights.\10\ Article 12 states:
---------------------------------------------------------------------------
\10\ Universal Declaration of Human Rights, adopted and proclaimed
by General Assembly resolution 217 A(III) on December 10, 1948,
available at http://www.un.org/Overview/rights.html.
No one shall be subjected to arbitrary interference with his privacy,
family, home or correspondence, nor to attacks upon his honour and
reputation. Everyone has the right to the protection of the law against
---------------------------------------------------------------------------
such interference or attacks.
The ``Digital Information Age,'' ushered in a much-needed expansion
of the fundamental human right of privacy. During the 1960s and 1970s,
interest in the protection of privacy rights increased with the arrival
of the information technology revolution. Congress in its wisdom acted
not in the wake of disaster, but prospectively to address the real
threats posed by powerful computer systems. The Federal Privacy Act
established the right of citizens to be free from Government abuse and
misuse of personal information, and the right to be informed of the
actions taken by the Federal Government on their behalf.
The Privacy Act of 1974 was passed in response to concerns about
how the creation and use of computerized databases might impact
individuals' privacy rights. However, its scope was limited to Federal
Government agencies. It safeguards privacy of Federal Government-held
records through the creation of four procedural and substantive rights
in personal data. First, the Privacy Act requires Government agencies
to show an individual any records kept on him or her. Second, it
requires agencies to follow certain principles, called ``fair
information practices,'' when gathering and handling personal data.\11\
Third, it places restrictions on how agencies can share an individual's
data with other people and agencies. Fourth and finally, it allows
individuals to sue the Government for violating the provisions of the
Act.
---------------------------------------------------------------------------
\11\ Fair Information Practices, EPIC, http://epic.org/privacy/
consumer/code_fair_info.html.
---------------------------------------------------------------------------
There are, however, several exceptions to the Privacy Act. For
example, Government agencies that are engaged in law enforcement can
excuse themselves from the Act's rules. Agencies have also circumvented
information sharing rules by exploiting a ``routine use'' exemption. In
addition, the Act applies only to certain Federal Government agencies
(except for Section 7's limits on the Social Security Number (SSN) that
applies to Federal, State, and local governments). Aside from Section
7, the Privacy Act does not cover State and local governments, though
individual States may have their own laws regarding record keeping on
individuals.
In August 2007, The Department of Homeland Security published in
the Federal Register its ``Privacy Act of 1974; Implementation of
Exemptions; Security Flight Records''.\12\ The Federal Register notice
states that the agency is claiming the exemption agency conduct under
the Privacy Act, which include the statue's core privacy protections.
DHS is exempting itself from Privacy Act requirements that its records
on individuals are accurate; that the data collect is limited to only
information that is relevant, and that U.S. citizens be afforded due
process rights to appeal agency decisions.
---------------------------------------------------------------------------
\12\ Federal Register, Department of Homeland Security, TSA 49 CFR
Part 1507, Privacy Act of 1974: Implementation of Exemptions; Secure
Flight Records, pg. 48397-48400, August 23, 2007, available at http://
edocket.access.gpo.gov/2007/E7-15963.htm.
---------------------------------------------------------------------------
The agency message on privacy for those visiting the TRIP web site
is published on a page titled ``DHS TRIP and Your Privacy.'' The
information provided does not disclose that the agency is claiming a
wide range of exemptions from the Privacy Act. It states:\13\
---------------------------------------------------------------------------
\13\ Department of Homeland Security, How to Use DHS TRIP, Section:
DHS TRIP and Your Privacy, available at http://www.dhs.gov/xtrvlsec/
programs/gc_1169826536380.shtm.
The Department of Homeland Security safeguards the privacy of any
personal information that you provide in your inquiry to DHS TRIP. This
information will be protected and will only be shared in accordance
with the provisions of the Privacy Act of 1974 (5 U.S.C. � 552a) and as
---------------------------------------------------------------------------
provided in the Privacy Impact Assessment published for DHS TRIP.
There is a fundamental failure to adhere to the Privacy Act in the
current system used by the DHS's online Traveler Redress Inquiry
Program (TRIP). TRIP is a one-stop voluntary program to provide a means
for individuals to request redress who believe they have been: (1)
Denied or delayed boarding transportation due to DHS screening
programs; (2) denied or delayed entry into or departure from the United
States at a port of entry; or, (3) identified for additional
(secondary) screening at our Nation's transportation facilities,
including airports and seaports.\14\
---------------------------------------------------------------------------
\14\ Transportation Security Administration, Department of Homeland
Security, DHS Traveler Redress Inquiry Program (DHS TRIP), Contact:
James Kennedy, January 18, 2007.
---------------------------------------------------------------------------
First, the Privacy Act requires that data collection be limited to
only what is ``relevant and necessary.'' However, the TRIP program does
not perform a critical process to determine if the collection of
information is necessary.\15\ Second, the data collected should be
specific to the kind of problem the traveler may have experienced.
Third, the information collected must only be used to resolve the
problem. Once the travel issue is identified, and if necessary
investigated data not needed should be discarded from the system. TRIP
does not distinguish between frequent travelers and infrequent
travelers. All air travel experiences are not equal--some like Members
of Congress may travel on average 30-40 weeks out of the year. Very
infrequent air travelers may travel once over several years.
---------------------------------------------------------------------------
\15\ Lillie Coney, This Testimony, Attachment A, House Committee on
Homeland Security, Subcommittee on Transportation, Security, and
Infrastructure Protection, September 9, 2008, also see: http://
www.dhs.gov/xtrvlsec/programs/gc_1169673653081.shtm.
---------------------------------------------------------------------------
Prior to collecting personally identifiable information from
travelers DHS's TRIP process should first separate the subjective from
objective travel experience of the respondent. Second, there are
several points in airport traveler processing that passengers may
experience problems: the ticket counter or ticket kiosk, the security
screening to enter gate areas, and the boarding process to enter a
airplane. A series of questions could help navigate inquiries to
relevant information such as why repeated request to re-enter a
magnetometer might happen, why fluid containers above a certain size
will prompt secondary screening, why laptops left in carry-on luggage
will promote a secondary screening process.
There is no link on the DHS homepage to the One-Stop Travelers'
Redress web page. Further the on-line process does include an automated
routing method to guide the respondent through the process. The program
page has three options ``Should I Use DHS TRIP,'' ``How to use DHS
TRIP'' and ``After your inquiry.''\16\ The actual on-line application
starts with a series of questions that include ``Do you feel you were
discriminated against; Do you believe that the U.S. Government's record
of your personal information is inaccurate; You were unfairly detained;
You could not print a boarding pass; You were delayed or detained; You
were told: your fingerprints were incorrect, your photo did not match,
your information was incomplete or inaccurate, you are on a No-Fly
list; You want to amend a travel record or Ensure your biometric record
created by US-VISIT is removed.''\17\
---------------------------------------------------------------------------
\16\ Department of Homeland Security, One-Stop Travelers' Redress,
available at http://www.dhs.gov/xtrvlsec/programs/
gc_1169673653081.shtm.
\17\ Department of Homeland Security, Traveler Inquiry Form,
available at http://www.dhs.gov/xlibrary/assets/
DHSTRIP_Traveler_Inquiry_Form.pdf.
---------------------------------------------------------------------------
The series of questions conflates the US-VISIT process with the
typical U.S. citizen's experience with domestic air travel. The United
States Visitor and Immigrant Status Indicator Technology (US-VISIT) is
an integrated Government-wide program intended to improve the Nation's
capability to collect information about foreign nationals who travel to
the United States, as well as control the pre-entry, entry, status, and
exit of these travelers. The US-VISIT system of data collection does
not include U.S. citizens. If DHS has access to biometric data on U.S.
citizens, or dossiers then that should be disclosed to Congress and to
the traveling public. In any case it is important that to convey
incorrect information to travelers by conflating the two programs and
to appropriately eliminate respondents from the data collection process
based on objective negative travel experiences. [Footnote exhibit]
dhs must increase watchlist transparency
One of the principle protections offered by the Privacy Act and
fair information practices is transparency. Transparency is a key
component of a functioning healthy democracy. It can be translated into
public policy decisions that allow citizens, policymakers, and the
media to assure themselves that a local, State or Federal Government
agency is functioning as intended.\18\
---------------------------------------------------------------------------
\18\ EPIC, Litigation Under the Federal Open Government Laws (FOIA)
2006, web page, available at http://www.epic.org/bookstore/foia2006/.
---------------------------------------------------------------------------
Efforts to provide due process by DHS must remove ambiguity that
may currently exist in the minds of agency administrators regarding
their obligations to make public information related to watchlists and
prohibitions on travel. EPIC filed a court challenge to an attempt by
the Transportation Security Administration to withhold a Privacy Impact
Assessment from the public, which was in violation of Federal law.\19\
EPIC requested the Privacy Impact Assessments from the TSA under the
Freedom of Information Act, and received heavily redacted documents
from the agency in its reply.\20\ EPIC sued the agency for full
disclosure of the documents as required by the E-Government Act. The
TSA argued that the Federal Privacy Act and the E-Government Act, which
requires publication of Privacy Impact Assessments, were segregated.
---------------------------------------------------------------------------
\19\ EPIC v. US Transportation Security Administration, Civil
Action No. 03-1846 (CKK), available at http://www.epic.org/privacy/
airtravel/pia_order.pdf, August 2, 2004.
\20\ EPIC, Alert e-Newsletter, Volume 11.18, available at http://
legalminds.lp.findlaw.com/list/epic-news/msg00164.html, September 24,
2004.
---------------------------------------------------------------------------
watchlist errors
The watchlists are comprised of entries derived from multiple
sources.\21\ However, as the process of compiling the lists is unknown,
methods of quality control at this stage are unclear and unknown.
Senators Ted Kennedy and Don Young, for instance, have both been
improperly placed on the lists in error. Catherine Stevens, wife of
Alaska Sen. Ted Stevens have also faced difficulties.
---------------------------------------------------------------------------
\21\ ``Follow-up Audit of the Terrorist Screening Center'' Audit
Report 07-41, Sept. 2007, U.S. Dept. of Justice, Office of the
Inspector General, Audit Division available at http://www.usdoj.gov/
oig/reports/FBI/a0741/final.pdf.
---------------------------------------------------------------------------
The Inspector General of the U.S. Dept. of Justice found that the
Terrorist Screening Center (``TSC'') is relying on two interconnected
versions of the watchlist database. As a result, not only were names
missing from the frontline personnels' computers, but also the numbers
of duplicate records have significantly increased since the last
review.\22\ Further, the TSC had not taken adequate steps to ensure
that the content of the two databases was identical. In brief, the
Inspector General found that the methodology adopted by the FBI to
nominate new names was flawed.\23\ The Inspector General concluded that
this procedure resulted in the TSC being ``unable to ensure that
consistent, accurate, and complete terrorist information is
disseminated to frontline screening agents in a timely manner.
Moreover, the TSC determined that the Terrorist Screening Database
contained over 2,000 watchlist records that did not belong in the
database''\24\ in the first place and included some records that were
inappropriately maintained without any watchlist designation.\25\ The
Inspector General's report details deterioration in the quality of the
database arising from and perpetuated by the fact that the database
grew from 150,000 in April 2004 to 724,442 in April 2007. With such a
high rate of increase, and poor algorithms, the record-by-record review
could not be completed within the time frame.\26\
---------------------------------------------------------------------------
\22\ Id.
\23\ Id at page 12.
\24\ Id.
\25\ Id. at page 13.
\26\ Id. at page 41.
---------------------------------------------------------------------------
Even with such official reports, the database continues to be
plagued with problems. The United States Government Accountability
Office also concluded that ``lacking clearly articulable principles,
milestones, and outcome measures, the federal government is not easily
able to provide accountability and have a basis for monitoring to
ensure (1) the intended goals for, and expected results of, terrorist
screening are being achieved and (2) use of the list is consistent with
privacy and civil liberties.''\27\ In recent glaring examples, a
lawyer, an airline captain and a child were found to be on the terror
watchlist.\28\ In another case, an investigative reporter for CNN found
his name on the TSA watchlist after he completed his investigation of
the TSA.\29\
---------------------------------------------------------------------------
\27\ United States Government Accountability Office, ``TERRORIST
WATCHLIST SCREENING: Opportunities Exist to Enhance Management
Oversight, Reduce Vulnerabilities in Agency Screening Processes, and
Expand Use of the List'', Oct. 2007, available http://www.gao.gov/
new.items/d08110.pdf.
\28\ See supra note 5.
\29\ ``Formal calls for probe into reporter's name on no-fly
list'', CNN, July 17, 2008 available at http://www.cnn.com/2008/US/07/
17/watchlist.chertoff/index.html.
---------------------------------------------------------------------------
There must be a clear statutory definition of the words
``terrorism,'' and ``terrorist,'' as well as the phrase ``terrorist
organization.''\30\ Without clear definitions, these designations could
be misused, such as in the past when the word ``subversive'' was used
to justify actions taken against some civil rights activists, civil
liberty groups and others who were engaged in lawful pursuits.
Currently, each agency uses its own definitions for these terms, which
means a moving bar exists for inclusion of names on watchlists.
---------------------------------------------------------------------------
\30\ GAO, Terrorist Watchlist Screening, GAO-08110, October 2007.
---------------------------------------------------------------------------
It is therefore respectfully urged that methods of nomination of
names into the database be scrutinized, people be given further
information about the processes involved instead of filling out lengthy
questionnaires providing personal information, and additional steps be
taken to ensure the information in the database is accurate, timely and
amenable to correction.
recommendations
DHS should employ the expertise of a human factors expert to
revamp the TRIP query process to help eliminate the data
collection process to only those affected by watchlist issues.
The agency should be prohibited from exempting itself from
Privacy Act enforcement obligations.
The process for citizens and non-citizens should be clear
and governed by a series of questions. The information
presented should make it clear if it is intended for a citizen
or non-citizen. The information collected should only apply to
that category.
Respondents should be told their rights and protections
afforded to them.
Over-collection of data should be prohibited.
Agency personnel, airlines, and contractors should be held
accountable by Privacy Act civil and criminal penalties or held
to contract obligations with the equivalent effect.
conclusion
It is necessary to first analyze at what points travelers are
stopped by the watchlist. The first point of interaction is at the
check-in or obtaining of a boarding pass. If the passenger is on the
so-called ``Selectee'' list, she will be subjected to additional
screening. However, the collection of a ticket or boarding pass may be
disassociated with the actual screening process. The next point where
her identification is checked is at the entry to the security screening
area. Boarding passes are taken or checked at the gate prior to
boarding. When a traveler experiences difficulty in the airport
screening, baggage check-in, security screening, or during the flight
boarding process, it is important to differentiate between something
they are asked to do that is different from other passengers. Further,
it is vital that all other possible explanations for the different
treatment be eliminated before asking the respondent for personally
identifiable information.
It is our hope that the work set forth by this committee will lead
to a more just, fair, privacy centric, and transparent watchlist
program.
Thank you.
Ms. Jackson Lee. Let me thank our witnesses for framing
this question for the second panel. I will yield myself 5
minutes to begin the questioning.
I want to thank Congresswoman Eleanor Holmes Norton for her
contribution to this important discussion.
It is not difficult to in this instance give the challenges
and not providing the solution. I am very glad that Ms.
Robinson made it very clear that she has flown across the
country, wanting to reaffirm her commitment to the security of
this Nation.
I am glad to hear that from just as she said, as we have
described her, a public citizen, a citizen of America, and that
she agrees with the concept, if you will, of a watchlist that
works.
I thank Ms. Clarke for her service.
But at the same time she asks the question: Why we can't
get it right? So I am going to allow you, and I would like you
to really espouse and feel free to recall some pointed
incidences that in your testimony you were not able to detail.
Do it in the framework that we have highlighted, that we are
talking about misidentity.
So we have a watchlist, and I, certainly in a secured
briefing, will ask the hard questions and making sure that is a
scrubbed watchlist, meaning that it is accurate from that
perspective.
But we have had the media bring to our attention three
James Robinsons with impeccable credentials, to our knowledge,
from the United States military, Department of Justice, and I
can't imagine that that does not fit James Robinson, who is 8
years old.
So what happens is that we have misidentification. I am
glad that we have not had someone indicate he is on the
watchlist, but you have also had them indicate silence or
inability to explain your situation.
Would you share with us, maybe in a little bit more detail,
the breadth and depth of embarrassment or confusion or delay
that comes about that really needs to push this committee and
our good friends in the airline industry to work together to
find a solution?
We could be here 5 years from now, speaking about the same
issue. Why? Because 9/11 will keep us in this mode. We are in a
new sphere, a new era of American history and culture. That is
all right. We are Americans. We know how to deal with it.
But the question is, tell us what is really confronting
Americans who confront this on a regular basis.
Ms. Robinson. Thank you. I would be happy to. So again, our
experiences when we go to the airport, you know we are faced
with having to go to the ticket counter, stand in the lines. At
the ticket counter, we are there for a long period of time.
They are searching.
You know we all have to show identification. I don't always
have identification for the children. I don't typically travel
with their birth certificates. Sometimes the children are
questioned about what their name is, who they are, et cetera.
You know that is embarrassing for them, because that is not
typical. It is also you know they will ask them how old they
are, what their birthrate is, et cetera. It just puts them on
the spot in a situation where, when they are so young, they
don't need to be put in a spotlight like that.
Then you know this process at the ticker counter can take
30 minutes, 45 minutes, et cetera.
Even if we arrive at the airport early, which we do,
because travel with this situation is always uncertain you
know. Given the length of security lines, et cetera, and not
knowing which airline is going to respond in what way. It is
just very stressful to travel. It is very stressful, whether we
are actually going to make the flight or not.
I just think that these situations are unnecessary. As I
have said before, I have used variations of his name in order
to try to circumvent it so that it is not so stressful to
travel.
We have, you know, hesitated taking trips because of this,
which I think is sort of a sad commentary on the security of
our Nation that you know, because in that way we are altering
our lifestyle, which is exactly what the terrorists want us to
do.
So you know it is these sorts of experiences that we
encounter when we travel that I think are unnecessary.
Ms. Jackson Lee. While we are going to other questions, I
am going to ask you to consult with James if he can in his own
words tell us--does he know why he is here? If he in his own
words can share any thoughts--in his own words meaning through
you--so that we have a reflection of him, because he has been,
as I said, I know this is going to late hours, but we want to
make sure that we can hear from him, if you can explain to him,
and I know that you can, as we go on to the other witnesses.
So thank you for your testimony.
Mr. Meenan, let me ask you a question. What are some of the
impacts of air carriers using different watchlist matching
systems to pre-screen passengers?
Mr. Meenan. It has led to a lot of inconsistency in the
system. Just within the last few months, however, a lot of
changes have been made. We have now gotten much more detailed
guidance from the TSA as to how these systems are to work, how
the name matching is to occur. That didn't take place until
very recently.
We also now have a script that the Government has provided
for us by customer service representatives that I think will
give the public a better message and a better understanding of
how to resolve these things.
From our perspective the cleared list has not been
particularly helpful. It was really developed by the Government
without consultation with the industry. While we have tried
to--various carriers have tried to use it in different ways. It
doesn't fit well with the screening systems that we have in
place.
Ms. Jackson Lee. Mr. Meenan, if I might, it is shocking to
me to know that some airlines use it and some airlines don't.
That is a very poor response. I don't know if you have made
that known to the Government, but certainly the Congress is now
aware of this sort of haphazard inconsistency that impacts the
traveling public negatively.
Mr. Meenan. The watchlist is used consistently and with
increasing consistency across the industry. As you will recall,
I noted at the beginning we were told simply use your best
judgment as to how to develop these systems. Each carrier did
things differently.
The watchlist, or the cleared list, rather, was just
announced last April without any pre-consultation with the
industry. Many carriers are using it, but in some cases it
doesn't fit well. It is better for the customer to continue to
use the screening systems that we have got in place while the
carriers try to figure out ways to better use the cleared list.
The fact is that Secure Flight will resolve all of these
issues, once it is up and running. That is where we believe the
greatest emphasis needs to be put. We need to get the Secure
Flight program.
Remember, for 7 years we have been engaged in efforts with
the Government to try to do what they want done to clear these
passenger lists effectively. I think we are pretty good at
that. Unfortunately, it has inconvenienced a lot of people.
On the plus side, obviously, we are very good at catching
the people that we don't want on these airplanes or who are
required to receive special clearance.
But the fact is we do want to eliminate this problem as
well. The best way that we have identified to accomplish that,
and I am not quite sure why it hasn't worked in the case we
have heard about today, is for people to enroll in frequent
flyer programs, because then the carriers have additional data
elements that they collect on their own, which they can use to
help clear individuals for whom there are questions as to
whether or not--the problem right now is that if you have got a
name identified and an age, you need to resolve that in some
way. So you may actually have to physically look at this
individual and try to determine how old they really are, other
characteristics, and so forth.
We don't want to be doing that anymore. Secure Flight will
take care of that once and for all. That is where we believe
the Government needs to put the strongest emphasis.
Ms. Jackson Lee. Well, I think we have already conceded the
fact that we are all accepting of inconvenience. I think what
Ms. Robinson's testimony has indicated is that it is more than
inconvenience. It is long stays at the counter, where the
person cannot distinguish from the information that the airline
has between an 8-year-old and someone who happens to have the
same name.
That I think is egregious. That is not precise information
that would give them the judgment and the comfort to be able to
note that this is the wrong person. I think the very use of an
8-year-old for this hearing is that we wanted to show there are
some things that can be done more quickly than what I imagine
the Robinsons are facing.
So I ask you what kind of financial commitment under Secure
Flight are the airlines collectively prepared to make?
Mr. Meenan. Well, the airlines have already expended many,
many millions of dollars in developing the systems that are in
place today. Secure Flight is actually a process through which
the Government will take over the screening system completely.
We will be providing them information. There will be costs
associated with that. I don't at this point know what those
will be, because we haven't seen the rule that Mr. Hawley had
mentioned earlier this afternoon.
So we will have to determine what those costs will be as
the rule unfolds, and as we determine how we are going to
comply with it.
But our commitment is, as it has been since 9/11, we want
to do whatever the Government believes is necessary to resolve
security concerns in a way that also protects the privacy of
our customers.
We have been trying to do that since day one. We will
continue to do that, and we look forward to your leadership to
get Secure Flight out there, because we do think that that
offers the best solution for everybody concerned.
Ms. Jackson Lee. Are you prepared to go the extra financial
mile to ensure that this is a working process? Because you are
right--it will require, at least on the side of the airlines,
some technical revamp and training on how to utilize the
system.
Are the airlines--can you represent the association that
represents them, that this is going to be a serious effort on
their part, which includes the issues concerning privacy?
Mr. Meenan. It is already a serious effort on our part. We
are expending many millions of dollars today. Obviously, I
can't tell you that we are going to commit to any amount of
money that the Government believes is necessary.
We are dealing with a number of programs right now, for
example, where the Government has proposed adding an additional
billion dollars a year to the cost of the airline industry,
which we think in a related security area, which we think is
misguided.
We are seeking better ways of doing that. I don't
anticipate we will be doing that kind of thing with Secure
Flight, but we certainly are looking forward to seeing the rule
and making it work as effectively as we possibly can.
Ms. Jackson Lee. Let me ask Ms. Coney. We appreciate your
comments, and I think a lot of your statement was shocking. We
hope to engage with your organization as we craft the
legislation dealing with Secure Flight.
Let me ask you with regard to this program of Secure
Flight, what are your privacy-related concerns?
Ms. Coney. Well, EPIC's privacy concerns begins with the
August 23, 2007, Federal Register Notice of Proposed Rule
published by the Transportation Security Administration titled
``Privacy Act 1974 Implementation of Exemption Secure Flight
Record.''
In this exemption they point out that they want to exempt 5
U.S. Code 552(a)(c)(3)(m)(4)(d)(1)(2)-(d)(1) and Section 2,
Section 3, Section 4, Section (e)(1), Section 2, Section 3,
Section (4)(g) through (i), Section 5 and Section 8 and Section
(f) and (g).
We went through the code, and I just want to show you how
much of the code they are exempting themselves from the Privacy
Act, based on what they are requesting in this proposed rule
change.
Privacy sounds good when you use the word, but there are
statutory protections in Federal law that in fact establish
privacy. These protections take into consideration after
criminal investigations, those who may be suspected of having
ill intent toward the U.S. Government or its persons or its
interests.
They are regularly used exemptions for those types of
issues. The fact that this agency wants to take away the
transparency obligation--in fact telling you that you are in
fact on a watchlist, and not in a public setting--that is
inappropriate, but in some kind of communication that yes, your
name matches someone, and this is what the issues are.
Allowing you to have due process through the redress
program, which is called a TRIP program, and allowing you to
have some kind of way to do an effective due process so that
you have a right, you have ability to have an advocate work on
your behalf, and not get a letter in the mail and say, ``Sorry,
unless you have the money to go take us to court, we won't
allow that.''
Even in the problem of the exemptions, they take away your
right to sue--the civil protections that are part of the
Privacy Act, should a Government agency or an employee of the
Government agency abuse access to your records, your personal
information.
So there are a number of problems with what the agency is
doing, and its self-definition of itself, affirmation of its
meeting the requirements of privacy, it just doesn't satisfy
us.
When we look at what the agency is actually doing, they are
in effect doing something that undermines your right to
privacy.
There are a couple of things I would like to get to, and if
you have the time, I would like to point out on the TRIP
application itself, there is a question about whether you are a
registered voter and asking you for your voter ID number and
the location where you registered to vote.
I mean that question alone raises alarm bells in our minds
about what in fact is going on with the redress program, not
just the watchlist program. It is a black box. It is a process
that cannot be satisfied, but the agency's saying they are
meeting the privacy requirements. Thank you.
Ms. Jackson Lee. I yield myself an additional 5 minutes on
the second round, and we will conclude on that.
Let me go right to you to just quickly as to what degree
has DHS reached out stakeholders such as EPIC to ensure that
its policies with respect to redress and Secure Flight account
for privacy rights and related concerns?
I just need a--and have you--have they reached out to you?
Ms. Coney. Congresswoman, they have reached out to EPIC.
EPIC coordinates a program, a project called the Privacy
Coalition. We hold regularly scheduled meetings. They have come
to our meetings.
The things I am saying to you on the record here are things
they have heard in these meetings. So meeting with us--yes,
they are willing to do that. But are they listening? That is
yet a question we haven't seen evidence of.
Ms. Jackson Lee. So the reach out including the
stakeholders is not translated into response. Let me just be
clear on the record that I think it is important that your
testimony be taken in the right context, which is that I
understand that you have said that you are fully conversant and
fully appreciate that there are limitations with respect to
what the DHS can adhere to.
But those exemptions of individuals who are to do us harm
or criminal aspects are exempted already. It is not as if we
want to give blanket protection.
But you are saying they have gone beyond that----
Ms. Coney. Exactly.
Ms. Jackson Lee [continuing]. And denying citizens their
right to information, which speaks to Ms. Robinson's point
about young James growing to a teenager, to a college student
who will seek to travel internationally.
Ms. Coney, what problems do you think Mr. Robinson might
face as he grows up?
Ms. Coney. The same problems he is experiencing right now.
There are very fundamental rules for what is going to work, an
identification system that is completely remote and it is
computer-based.
Name-recognition-only identifications fail. We see this in
a lot of different cities, not just national security-related
cities.
For example, sell them voter-roll purge lists that only use
the name of the person who is listed on the roll to purge voter
rolls. You have one person that you are talking about, but you
may have 2,000 individuals within a State that share the same
name. They all get purged.
We see that, and it is more prominent when there are--
because there are thousands of people who are showing up on
Election Day to vote. You are going to see the problem.
In James' situation, it is him and his family that see the
problem. There is a lack of transparency, because they are not
going to seize your letter to tell you you are on this list. We
know you are not the right person from the exchange that we
have had from the person who screened you, but we want to make
you aware of what the situation is.
The lack of transparency is pernicious, because it
perpetuates the errors within the process that they have
established.
Ms. Jackson Lee. I can't imagine, but we have certainly had
the first panel. They are not here to answer the question, Mr.
Meenan. But I can't imagine that transparency would be a
problem in the Secure Flight program. Do you think that would
be a problem for the airlines?
Mr. Meenan. It is our understanding that the Secure Flight
program will basically resolve the kinds of problems that the
Robinsons have experienced, because it will enable TSA to know
with a much greater degree of certainty.
Then they are able to let us know who this particular
individual is, not just what this name is, so that they will be
able to pre-resolve and determine that in fact it is this James
Robinson, not the James Robinson whose name is on the
watchlist.
That is why Secure Flight is so important, because it will
clear up these problems, rather than compound them.
Ms. Jackson Lee. Well, I think we should also have some
transparency that can impact or have access, or be accessed by
the traveling public as well. I think Ms. Coney's point is is
that the guard, the breadth of elimination of privacy rights,
seem to be unacceptable, and I agree with her.
Mr. Meenan. And I----
Ms. Jackson Lee. A transparent system in Secure Flight
should not be something that we should object to.
Mr. Meenan. I fully expect that TSA anticipates that same
type of approach to the Secure Flight program. I am not an
expert on what they have got in mind, but I would be very
surprised if they weren't seeking transparency.
Ms. Jackson Lee. Let me ask you this. Although the first
panel indicated that these mistakes are made, and it is not
often made, I do know that there have been constituents who
have come up, who have checked in at the counter, often told by
airline representatives that it is because they are on a
watchlist, when in fact this may or may not be the case.
Do you know if TSA is working with you all to take any
steps to address this misinformation? What do you do with
worldwide employees, as many of you have in the industry? I do
recognize that the airlines have been a good partner in this
whole question of security.
But what is going on with respect to those confronted with
the question or the issue you are on a watchlist, which, of
course, are two separate entities--the watchlist and
misidentification?
Mr. Meenan. There are a number of different pieces of
confusion here. But I think, as Assistant Secretary Hawley said
earlier, we are working to try to eliminate that problem among
a fairly widely dispersed population of employees.
I think part of the source of that problem was the absence
of a script for the first 7 years we were engaged in this
process. It really left it up to the carriers, and often to
individual employees, to try to come up with, you know: What do
I say to this person while they are standing in front of them?
Unfortunately, some people, without the direction of their
employer, migrated to the idea that well, you must be on the
watchlist, because they saw that on television or they heard
that from a colleague.
Ms. Jackson Lee. Meaning an airline employee?
Mr. Meenan. An airline employee. We have no doubt that has
been said to passengers.
Ms. Jackson Lee. How is TSA is working with you to avoid
that?
Mr. Meenan. TSA and the carriers have both made it clear to
our employees that that is not the case. We now, as of August
of this year, have a very detailed script that says if you have
a selectee, you can say A, B or C. If you have someone who is
on the No-Fly List, you can say C, D or E.
So that is now working its way into the system, and we are
confident that over time it will replace what is probably a bad
habit in some employees of saying, ``Well, you must be on the
watchlist if you are being delayed.''
We are working to eliminate that problem, and TSA has been
an effective partner in encouraging that.
Ms. Jackson Lee. Well, Mr. Meenan, I want you to work extra
hard. Our committee will be working with you. We would like to
have, if we could, in writing possibly, the various procedures
that the airline industry has put in place, generally speaking,
that we would like to have submitted into the record to this
committee that has pointed to those discrepancies that we have
seen.
I thank you for that. I would also be interested in any
estimates that you can make as we move forward into the Secure
Flight program, generally speaking, so that we can begin to see
the commitment of the airlines.
I would also like to have in writing--I think I asked you
on the record; I am going to do yes or no for you--the
willingness of the airlines to commit, recognizing the industry
sort of constraints. I understand the finances.
But am I to understand that Air Transport Association
within the airlines is committed to working as hard as they can
with the TSA and DHS, Department of Homeland Security to make
this work, and work right?
Mr. Meenan. No question about it.
Ms. Jackson Lee. Let me thank you, Ms. Robinson. We have
heard intertwining words--No-Fly, the Secure or Selectee, and
the watchlist, all having to do with the security of this
Nation.
Yet if, as one of our Members said, the most sophisticated
nation in the world with technology, appreciation for our
Constitution, can't get it right, who can?
Your presence here today has really offered to us a
roadmap. One of the extreme cases, because I imagine as
individuals are listening, there may be parents of other
youngsters.
In 2001, and correct me if I am wrong, and I did not get
James' actual birthdate, but he was certainly a toddler, an
infant, being 8 now, and therefore was certainly having no
ability, I imagine, to be that creative to be involved in any
untoward activity.
He is now full steam ahead, growing to be a young man, and
a very important young man to us, because he symbolizes the
complexity and the foolishness of this process.
I indicated to you, and I thought you were being polite.
You didn't want to talk to James as others were talking. Let me
allow you just to talk to him for a moment about his feeling of
being here. Mommy knows how to ask a question, because I see
the coming to the end--that might excite him--of this hearing
in process.
But I am going to let you just bend down and ask him. Then
you can share with us his thoughts, because you only asked him
one question, and we will yield just for a moment so that you
can get some words out of him.
Tell him he will be heard on this record.
Ms. Robinson. So James says that he is nervous about being
here, because again it is putting him in the spotlight, which
is a bit uncomfortable. But he is also excited about being
here, because he does feel, and he and I have discussed this,
but he does feel that it is sort of the opportunity to get him
off.
Because we have tried all the other things, and it hasn't
worked. So he is excited about the prospect that he will get
off.
Ms. Jackson Lee. Well, maybe the bug has touched him about
solving problems at the Federal Government level. I know that
the James Robinson name sounds like a good Presidential name
for some decades to come.
So I want to make a commitment that this committee, as
Assistant Secretary Hawley indicated, would work with us on a
quick fix through legislation.
We will use the testimony, Ms. Robinson, that you have
given us, and the words that James has given to you, as an
instructive roadmap to move quickly.
I think a legislative fix may be important, as long as it
does not cause delay, because Ms. Coney's comment of privacy
are shocking to me, shocking to Members of the committee, I
know, that will read her statement.
We want to be assured that a rulemaking doesn't diminish
any more of the privacy rights and the transparency than is
necessary that can parallel and complement the necessity of a
watchlist, along with the importance of protecting the
Constitution.
Mr. Meenan, we have always been friends of the airline
industry. We helped them in 2001 in the serious and tragic
incident of 9/11, in, as you well know, a major bailout. So we
want to count ourselves as friends to the airline industry. But
we also have to count them as friends to fix this problem.
The hearing was entitled, ``Clean Up the Watchlist.'' I
think the witnesses collectively, the first panel and the
second panel, have given us our marching orders, but they have
also given us a framework for saying we cannot continue this on
our watch.
So we will look to all of the witnesses that have
participated to give us the, if you will, the details that will
generate into a solution and a respect of a watchlist that is
respectable.
That will include the problem Homeland Security and the
Federal Bureau of Investigation, Secretary Chertoff in these
waning months and Director Mueller to help us fix this problem.
So let me again thank the witnesses for their valuable
testimony and the Members for their questions.
The Members of the subcommittee may have additional
questions for the witnesses, and we ask that you respond to
them expeditiously in writing.
Hearing no further business, the subcommittee thanks all of
you again, and the committee is adjourned.
[Whereupon, at 5:13 p.m., the subcommittee was adjourned.]
�