[House Hearing, 108 Congress]
[From the U.S. Government Publishing Office]



 
CAN THE USE OF FACTUAL DATA ANALYSIS STRENGTHEN NATIONAL SECURITY? PART 
                                  TWO

=======================================================================

                                HEARING

                               before the

                SUBCOMMITTEE ON TECHNOLOGY, INFORMATION
                POLICY, INTERGOVERNMENTAL RELATIONS AND
                               THE CENSUS

                                 of the

                              COMMITTEE ON
                           GOVERNMENT REFORM

                        HOUSE OF REPRESENTATIVES

                      ONE HUNDRED EIGHTH CONGRESS

                             FIRST SESSION

                               __________

                              MAY 20, 2003

                               __________

                           Serial No. 108-98

                               __________

       Printed for the use of the Committee on Government Reform


  Available via the World Wide Web: http://www.gpo.gov/congress/house
                      http://www.house.gov/reform
                                 _____

                   U.S. GOVERNMENT PRINTING OFFICE
                          WASHINGTON : 2004
91-646 PDF

For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512-1800  
Fax: (202) 512-2250 Mail: Stop SSOP, Washington, DC 20402-0001




                     COMMITTEE ON GOVERNMENT REFORM

                     TOM DAVIS, Virginia, Chairman
DAN BURTON, Indiana                  HENRY A. WAXMAN, California
CHRISTOPHER SHAYS, Connecticut       TOM LANTOS, California
ILEANA ROS-LEHTINEN, Florida         MAJOR R. OWENS, New York
JOHN M. McHUGH, New York             EDOLPHUS TOWNS, New York
JOHN L. MICA, Florida                PAUL E. KANJORSKI, Pennsylvania
MARK E. SOUDER, Indiana              CAROLYN B. MALONEY, New York
STEVEN C. LaTOURETTE, Ohio           ELIJAH E. CUMMINGS, Maryland
DOUG OSE, California                 DENNIS J. KUCINICH, Ohio
RON LEWIS, Kentucky                  DANNY K. DAVIS, Illinois
JO ANN DAVIS, Virginia               JOHN F. TIERNEY, Massachusetts
TODD RUSSELL PLATTS, Pennsylvania    WM. LACY CLAY, Missouri
CHRIS CANNON, Utah                   DIANE E. WATSON, California
ADAM H. PUTNAM, Florida              STEPHEN F. LYNCH, Massachusetts
EDWARD L. SCHROCK, Virginia          CHRIS VAN HOLLEN, Maryland
JOHN J. DUNCAN, Jr., Tennessee       LINDA T. SANCHEZ, California
JOHN SULLIVAN, Oklahoma              C.A. ``DUTCH'' RUPPERSBERGER, 
NATHAN DEAL, Georgia                     Maryland
CANDICE S. MILLER, Michigan          ELEANOR HOLMES NORTON, District of 
TIM MURPHY, Pennsylvania                 Columbia
MICHAEL R. TURNER, Ohio              JIM COOPER, Tennessee
JOHN R. CARTER, Texas                CHRIS BELL, Texas
WILLIAM J. JANKLOW, South Dakota                 ------
MARSHA BLACKBURN, Tennessee          BERNARD SANDERS, Vermont 
                                         (Independent)

                       Peter Sirh, Staff Director
                 Melissa Wojciak, Deputy Staff Director
                      Rob Borden, Parliamentarian
                       Teresa Austin, Chief Clerk
              Philip M. Schiliro, Minority Staff Director

   Subcommittee on Technology, Information Policy, Intergovernmental 
                        Relations and the Census

                   ADAM H. PUTNAM, Florida, Chairman
CANDICE S. MILLER, Michigan          WM. LACY CLAY, Missouri
DOUG OSE, California                 DIANE E. WATSON, California
TIM MURPHY, Pennsylvania             STEPHEN F. LYNCH, Massachusetts
MICHAEL R. TURNER, Ohio

                               Ex Officio

TOM DAVIS, Virginia                  HENRY A. WAXMAN, California
                        Bob Dix, Staff Director
                 Scott Klein, Professional Staff Member
                      Ursula Wojciechowski, Clerk
           David McMillen, Minority Professional Staff Member



                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on May 20, 2003.....................................     1
Statement of:
    Rosenzweig, Paul, senior legal research fellow, Center for 
      Legal and Judicial Studies, the Heritage Foundation; Barry 
      Steinhardt, director, technology and liberty program, 
      American Civil Liberties Union; and John Cohen, co-founder, 
      president and CEO, PSCOM LLC, Inc..........................     8
Letters, statements, etc., submitted for the record by:
    Cohen, John, co-founder, president and CEO, PSCOM LLC, Inc., 
      prepared statement of......................................    58
    Miller, Hon. Candice S., a Representative in Congress from 
      the State of Michigan, prepared statement of...............     7
    Putnam, Hon. Adam H., a Representative in Congress from the 
      State of Florida, prepared statement of....................     4
    Rosenzweig, Paul, senior legal research fellow, Center for 
      Legal and Judicial Studies, the Heritage Foundation, 
      prepared statement of......................................    10
    Steinhardt, Barry, director, technology and liberty program, 
      American Civil Liberties Union, prepared statement of......    29


CAN THE USE OF FACTUAL DATA ANALYSIS STRENGTHEN NATIONAL SECURITY? PART 
                                  TWO

                              ----------                              


                         TUESDAY, MAY 20, 2003

                  House of Representatives,
   Subcommittee on Technology, Information Policy, 
        Intergovernmental Relations and the Census,
                            Committee on Government Reform,
                                                    Washington, DC.
    The subcommittee met, pursuant to notice, at 10:04 a.m., in 
room 2154, Rayburn House Office Building, Hon. Adam H. Putnam 
(chairman of the subcommittee) presiding.
    Present: Representatives Putnam, Miller, Turner, Clay and 
Lynch.
    Staff present: Bob Dix, staff director; John Hambel, senior 
counsel; Scott Klein, Chip Walker, Lori Martin, and Casey 
Welch, professional staff members; Ursula Wojciechowski, clerk; 
Suzanne Lightman, fellow; Bill Vigen, intern; David McMillen, 
minority professional staff member; and Jean Gosa, minority 
assistant clerk.
    Mr. Putnam. A quorum being present, this hearing of the 
Subcommittee on Technology, Information Policy, 
Intergovernmental Relations and the Census will come to order.
    Good morning and welcome to today's hearing entitled, ``Can 
the Use of Factual Data Analysis Strengthen National Security, 
Part Two.''
    With today's continued improvements in technology, 
particularly in the areas of data base exploration and 
information sharing, Federal agencies faced with the monumental 
task of enhancing national security and law enforcement are 
provided a number of opportunities to do so more effectively. 
Specifically, the process of factual data analysis enables the 
end user to sort through massive amounts of information, 
identifying patterns of interest to its user in a matter of 
seconds. This type of tool has proven beneficial in a variety 
of applications and could have considerable implications for 
law enforcement and Federal authorities tasked with identifying 
terrorist activity before it strikes.
    At the same time, there are valid questions and concerns 
about the Government's potential access to the personal 
information of individual citizens that could be the subject of 
a data mining process. While it is important that the Federal 
Government utilize all available resources to enhance national 
security, it is critical that we continue to safeguard American 
values of personal freedom and privacy.
    Today's hearing will focus on examining the questions and 
concerns surrounding the Federal Government's use of factual 
data analysis or information produced by this analytical 
process. With the wealth of technology available today and 
certainly as a result of the events of September 11, 2001, the 
American people have a realistic expectation that government 
and law enforcement entities must continue their efforts to 
become better equipped to perform their duties.
    Many Federal agencies do not even have the technological 
tools that the private sector currently possesses. In many 
cases, this means that agencies are undergoing a complete 
technology upgrade as well as introducing advanced information 
technology applications. Advanced technology will enable 
Government to better share and analyze important information. 
By making use of these tools, Government and law enforcement 
hope to be more successful at securing and protecting our 
Nation.
    As Government and law enforcement begin to implement new 
strategies using advanced technology such as data mining, there 
are a number of questions and concerns that need to be 
addressed. These agencies will need to address how existing 
privacy laws would apply to their programs, what data sources 
do they intend to draw from, how the reliability of the data 
will be ensured, what procedures are in place to secure the 
data collected from intrusion, and what recourse would be 
available to an individual who believes his or her information 
is inaccurate or incomplete.
    We have held previous hearings on this topic. On May 6, the 
subcommittee heard from representatives from the Total 
Information Awareness Program run by the Defense Advanced 
Research Project Agencies, the Transportation Security 
Administration's CAPPII Program which is a passenger pre-
screening process, the FBI's Trilogy, related data warehousing 
and data mining programs.
    What we learned from each of these witnesses is that they 
are in the very infant stages of developing their strategies 
involving this analytical process. They have testified that as 
they continue to figure out what role factual data analysis 
will play, each acknowledge and affirm their commitment to 
protection of privacy and personal freedom as fundamental 
elements of their program.
    Today, we will hear from an expert panel of witnesses who 
will address the matter of privacy, confidentiality and 
personal freedom in the context of the protection of civil 
liberties in the pursuit of homeland security and strengthen 
law enforcement. The members of the subcommittee look forward 
to hearing the observations and recommendations from this panel 
and to continue to examine these matters to determine if in 
fact factual data analysis can strengthen national security.
    The use of advanced information technologies does not mean 
the erosion of personal liberties is inevitable. The Federal 
Government's objective of better information sharing and 
analysis can and must be met simultaneously with that of 
securing personal liberties. The subcommittee looks forward to 
working with these agencies and the variety of stakeholders in 
this matter in implementing their planned proposals for 
enhancing homeland security using advanced information 
technology.
    Today's hearing can be viewed live via Web cast by going to 
reform.house.gov and clicking on the link under live committee 
broadcast.
    I am pleased to yield to the distinguished vice chairman of 
the subcommittee, the gentlelady from Michigan, Mrs. Miller, 
for her opening statement.
    [The prepared statement of Hon. Adam H. Putnam follows:]
    [GRAPHIC] [TIFF OMITTED] T1646.001
    
    [GRAPHIC] [TIFF OMITTED] T1646.002
    
    Mrs. Miller. Thank you, Mr. Chairman.
    As we begin the third subcommittee hearing on factual data 
analysis, the issue of privacy protection becomes exceedingly 
important. In previous hearings as you mentioned, we heard 
testimony from representatives of the Department of Defense, 
the Transportation Security Administration, and the FBI, all 
insisting that the privacy of citizens would not be compromised 
and certainly that those agencies are very sensitive to concern 
raised about the invasion of personal privacy by Big Brother or 
by Government.
    In the written testimony submitted for today's hearing by 
Mr. Rosenzweig, he states, ``Fundamental legal principles and 
conceptions of American Government should guide the 
configuration of our intelligence and law enforcement rather 
than the reverse.'' One of the hallowed principles certainly of 
our American system is that we the people determine what the 
government can and cannot and should not do, not the other way 
around.
    This subcommittee has primary oversight of the technology 
initiatives of the Federal Government and as Federal agencies 
begin to integrate and streamline information technologies, it 
is very important that the processes associated with Federal 
actions remain transparent so that the confidence of the 
American people is not lost. We find ourselves today in a 
highly salient national debate concerning the balance between 
national security and personal privacy. Factual data analysis 
is a tool that will better enable local, State and Federal 
officials to secure the homeland from terror attacks and 
because of the power and the breadth of capabilities associated 
with this tool, both now and in the future, high scrutiny of 
its implementation is required.
    Mr. Cohen, in his written testimony, has cited instances 
where the potential for abuse of factual data analysis will be 
ever present but potential abuse exists currently in all levels 
of Government activity and hopefully through the work of this 
subcommittee, we can help Americans view the implementation of 
improved data mining techniques and its homeland security 
benefits with cautious optimism and not with fear. I am 
confident that the rights of American citizens outlined by the 
Constitution and the Bill of Rights will not be subverted in 
the auspices of national security.
    I want to thank all three of the witnesses for coming 
today. I am looking forward to working with our chairman and 
this committee and I look forward to your testimony today.
    [The prepared statement of Hon. Candice S. Miller follows:]
    [GRAPHIC] [TIFF OMITTED] T1646.003
    
    Mr. Putnam. We thank the gentlelady from Michigan and 
appreciate her very active involvement in the work of this 
subcommittee. The wealth of experience she brings from the 
Michigan Department of State has proven very valuable to this 
subcommittee. We appreciate your continued involvement.
    As is the custom with the committee and its subcommittees, 
we will swear in our witnesses.
    [Witnesses sworn.]
    Mr. Putnam. As you are all aware, we have the lighting 
system. You have submitted your written statements for the 
record and we ask that you summarize your oral statement in 5 
minutes at which time you will see the yellow light indicating 
the need to wrap up and the red light indicating that time has 
expired.
    I will introduce the first of our three witnesses, Mr. Paul 
Rosenzweig, senior legal research fellow, the Heritage 
Foundation, Center for Legal and Judicial Studies. Before 
coming to Heritage, he was in private practice specializing in 
Federal, appellate and criminal law and legal ethics. 
Previously he served as senior litigation counsel and associate 
independent counsel, Office of the Independent Counsel. Before 
working at OIC, he worked as the chief investigative counsel 
for the House Committee on Transportation and Infrastructure 
where his work included the 1996 Value Jet crash. He received 
his law degree cum laude from the University of Chicago in 
1986.
    Welcome. You are recognized.

 STATEMENTS OF PAUL ROSENZWEIG, SENIOR LEGAL RESEARCH FELLOW, 
CENTER FOR LEGAL AND JUDICIAL STUDIES, THE HERITAGE FOUNDATION; 
  BARRY STEINHARDT, DIRECTOR, TECHNOLOGY AND LIBERTY PROGRAM, 
  AMERICAN CIVIL LIBERTIES UNION; AND JOHN COHEN, CO-FOUNDER, 
               PRESIDENT AND CEO, PSCOM LLC, INC.

    Mr. Rosenzweig. Thank you, Mr. Chairman.
    Thank you for the invitation to come and speak with you 
today about a topic I consider to be the single most important 
domestic legal issue facing Congress and the American people.
    I should begin with the routine request of my Foundation 
that I emphasize I am here on my own account and nothing I say 
is a corporate position of the Heritage Foundation or its board 
of trustees.
    Before speaking to TIA and CAPPSII directly, I would like 
to talk about a subject to which both of you alluded in your 
opening statements, the role of Congress and the vital 
importance of that role.
    I had the pleasurable experience of meeting a couple weeks 
ago with Lord Alexander Carlisle who is a Lord of the House of 
Lords in Great Britain. As you know, Great Britain has passed a 
series of laws similar to our own Patriot Act which all involve 
the difficult question of tradeoffs between civil liberties and 
national security. Pursuant to that law, one of the unique 
steps the English have taken is that the law requires the 
appointment of an independent reviewer who has the power to 
review all the records within the holding of the Home Secretary 
whenever he undertakes some exercise of the newly granted 
terror powers, and is empowered to report on those uses of the 
anti-terror provisions to the Parliament. Lord Carlisle is that 
independent reviewer and he was here in the United States to do 
a bit of his own comparative analysis, examining how we in 
America have dealt with the balance.
    We don't have such a person in our provisions of the 
Patriot Act and in our developing understanding of TIA and 
CAPPS. Congress is that position. They are the independent 
reviewer. The genius of the founders was the system of checks 
and balances and the core of that genius is the use of 
thoughtful, sustained, non-partisan oversight of the use of the 
powers we give the executive branch.
    There are some who would say the potential for abuse of a 
new system means we should forego its development. Of course 
any new system can be abused, but, in my judgment, the right 
answer is to attempt rationally to construct the systems of 
oversight that will enable this Congress and Congresses that 
come after it to examine the conduct of the executive branch 
and determine whether or not it is in fact appropriate and 
consistent with the laws we have imposed upon it.
    That is my single most significant and sustained 
recommendation to you as you consider TIA and CAPPSII. The real 
questions about things like CAPPSII are not whether it will 
work, because in the end we will find the answer and if it 
doesn't work, then a lot of this debate is moot and we may have 
wasted a lot of money. In the end, it will be irrelevant.
    The real question is, what if it does work. What will you 
be doing to examine whether or not it is being used 
appropriately or inappropriately. To do that, Congress is going 
to need absolute, unfettered access to information about the 
operation of a system like CAPPSII. What I say about CAPPSII 
applies equally to TIA.
    In some instances, that access may require the receipt of 
information in a classified or confidential manner, since I 
know full well the disclosure of means and methods can render 
them utterly useless and unreasonable, but the vital factor 
that you should consider is making sure as you go down the 
development and authorization path that you require the 
provision of information not just about raw data, about gross 
numbers, but the ability for somebody, somewhere to examine 
individual cases. There should be an appeals process as well 
outside of Congress but the ultimate and final repository of 
the ability to check the excessive use of governmental 
authority rests in this body.
    I see that my time is almost up which is amazing because I 
feel I have barely begun but in deference to the committee's 
time structure, and I am sure we will have the opportunity for 
questions, I will stop now.
    [The prepared statement of Mr. Rosenzweig follows:]
    [GRAPHIC] [TIFF OMITTED] T1646.004
    
    [GRAPHIC] [TIFF OMITTED] T1646.005
    
    [GRAPHIC] [TIFF OMITTED] T1646.006
    
    [GRAPHIC] [TIFF OMITTED] T1646.007
    
    [GRAPHIC] [TIFF OMITTED] T1646.008
    
    [GRAPHIC] [TIFF OMITTED] T1646.009
    
    [GRAPHIC] [TIFF OMITTED] T1646.010
    
    [GRAPHIC] [TIFF OMITTED] T1646.011
    
    [GRAPHIC] [TIFF OMITTED] T1646.012
    
    [GRAPHIC] [TIFF OMITTED] T1646.013
    
    [GRAPHIC] [TIFF OMITTED] T1646.014
    
    [GRAPHIC] [TIFF OMITTED] T1646.015
    
    [GRAPHIC] [TIFF OMITTED] T1646.016
    
    [GRAPHIC] [TIFF OMITTED] T1646.017
    
    [GRAPHIC] [TIFF OMITTED] T1646.018
    
    [GRAPHIC] [TIFF OMITTED] T1646.019
    
    [GRAPHIC] [TIFF OMITTED] T1646.020
    
    Mr. Putnam. Thank you very much, particularly for your 
respect for the time limit.
    Our next witness is Barry Steinhardt. Mr. Steinhardt has 
served as associate director, American Civil Liberties Union 
for the past 10 years. He was recently named as inaugural 
director, ACLU Program on Technology and Liberty. Mr. 
Steinhardt was a co-founder of the Global Internet Liberty 
Campaign, the world's first international coalition of non-
governmental organizations concerned with the rights of 
Internet users to privacy and free expression. He is a member 
of the Advisory Committee to the U.S. census and the Blue 
Ribbon Panel on Genetics of the National Conference of State 
Legislatures. He was a member of the U.S. delegation to the 
recent G8 Government and Private Sector Tokyo Conference on 
Cybercrime. He is a 1978 graduate of Northeastern University 
School of Law.
    Welcome.
    Mr. Steinhardt. Thank you, Mr. Chairman and members of the 
committee, for the opportunity to testify this morning.
    The timeliness of your hearing could not be more apt. The 
explosion of computers, cameras, sensors and other technologies 
in the last 10 years has brought us to the edge of surveillance 
society. The fact is there are no longer any technical bars to 
the creation of that surveillance society. If we don't take 
steps to control and regulate surveillance, to bring it into 
conformity with our values, we will find ourselves being 
tracked, analyzed, profiled and flagged in our daily lives to 
the degree we can scarcely imagine today, being forced into an 
impossible struggle to conform to the letter of every rule, law 
and societal assumption of correctness. Our transgressions, 
whether they are real or an imagined product of bad data will 
become permanent scarlet letters that will follow us through 
our lives.
    We should be responding to this new threat, these new 
circumstances by building stronger restraints to protect our 
privacy but instead, we have been weakening those restraints, 
loosening the regulations. Most ominously we are contemplating 
the introduction of powerful new surveillance infrastructures 
that will tie together all this information. The Total 
Information Program [TIA], and CAPPSII are prime examples of 
the new infrastructures for surveillance.
    DARPA has recently sought to underplay TIA. To my right you 
will see two charts, both prepared by the Total Information and 
Awareness Office itself. The first was published before the 
furor erupted. It makes quite plain the TIA was designed to 
conduct a massive search through records of 300 million 
Americans, including financial, education, housing, travel, 
medical and communications data.
    The second, which was prepared after the furor and 
Congress' passage of the Wyden amendment which prevented DARPA 
from training TIA on Americans, omits all the original detail 
and notes that access is ``restricted by law.'' The reality is 
that the only thing that significantly restricts TIA is the 
Wyden amendment itself. There is no overarching law that 
prohibits the Government from gaining or buying access to most 
of the details of our lives from having what Poindexter calls 
``total information awareness.''
    Our memo outlines questions we believe DARPA must answer 
when it sends to the Congress your mandated report which is due 
today. Consider those questions as you read the report and 
insist the report be made public.
    CAPPSII is portrayed by the TSA as a more effective and 
benign successor to CAPPSI Program and the so-called No Fly 
list. The failure of these programs to protect either our 
security or our freedoms is well documented. We don't need to 
look into history to speculate about what the consequences of 
abuse of that sort of data will be. The No Fly list and the 
CAPPSI Program demonstrate quite well and there have been 
literally hundreds of communications with Members of Congress 
that forwarded to TSA and recently revealed under a Freedom of 
Information Act request.
    The ACLU has six questions which we urge the Congress to 
ask about CAPPSII. The questions range from its cost to its 
fundamental fairness to how do innocent civilians correct 
mistakes made in secret or are we deemed to repeat the failure 
of the No Fly list. Let me highlight two questions for you. 
First, and I would suggest this is the first question that 
should be asked about any security measures, will it work? Will 
we really be able to pick out a few terrorists among 100 
million Americans who fly? We urge you to heed the advice of 
Mark Forman of the Office of Management and Budget who told 
this very subcommittee ``If we can't prove it lowers risk, it 
is not a good investment for government.''
    Citing the obvious problems of error, if you stop and think 
about it for a moment, even at 99.9 percent accuracy rate among 
the 100 million Americans who fly every year, would result in 
100,000 errors each year. The problem with CAPPSII is that 
profiles are always one step behind the attackers. The 
spokesperson for DHS recently said ``One thing we know about 
terrorists is there is no way to predict what will happen.''
    The second question is what will be the cost to our freedom 
of building a system like this? It is historical fact that 
government agencies and surveillance systems alike tend to 
expand and not contract, the phenomenon known as mission creep. 
Can we really restrict CAPPSII to its original purpose? How 
long before it is extended to cover our entire transportation 
sector as Admiral Loy has suggested it might, how long before 
the system is expanded to reach more and more sectors of our 
economy and society, how long before the data which we are told 
now is not going to be retained will be retained? How long 
before CAPPSII becomes the Total Information Program?
    Your subcommittee is performing an essential oversight role 
in examining these programs and these questions. I urge you to 
continue to act with vigor and expedition before it is too late 
to turn back the clock on the looming surveillance society.
    Thank you.
    [The prepared statement of Mr. Steinhardt follows:]
    [GRAPHIC] [TIFF OMITTED] T1646.021
    
    [GRAPHIC] [TIFF OMITTED] T1646.022
    
    [GRAPHIC] [TIFF OMITTED] T1646.023
    
    [GRAPHIC] [TIFF OMITTED] T1646.024
    
    [GRAPHIC] [TIFF OMITTED] T1646.025
    
    [GRAPHIC] [TIFF OMITTED] T1646.026
    
    [GRAPHIC] [TIFF OMITTED] T1646.027
    
    [GRAPHIC] [TIFF OMITTED] T1646.028
    
    [GRAPHIC] [TIFF OMITTED] T1646.029
    
    [GRAPHIC] [TIFF OMITTED] T1646.030
    
    [GRAPHIC] [TIFF OMITTED] T1646.031
    
    [GRAPHIC] [TIFF OMITTED] T1646.032
    
    [GRAPHIC] [TIFF OMITTED] T1646.033
    
    [GRAPHIC] [TIFF OMITTED] T1646.034
    
    [GRAPHIC] [TIFF OMITTED] T1646.035
    
    [GRAPHIC] [TIFF OMITTED] T1646.036
    
    [GRAPHIC] [TIFF OMITTED] T1646.037
    
    [GRAPHIC] [TIFF OMITTED] T1646.038
    
    [GRAPHIC] [TIFF OMITTED] T1646.039
    
    [GRAPHIC] [TIFF OMITTED] T1646.040
    
    [GRAPHIC] [TIFF OMITTED] T1646.041
    
    [GRAPHIC] [TIFF OMITTED] T1646.042
    
    [GRAPHIC] [TIFF OMITTED] T1646.043
    
    [GRAPHIC] [TIFF OMITTED] T1646.044
    
    [GRAPHIC] [TIFF OMITTED] T1646.045
    
    [GRAPHIC] [TIFF OMITTED] T1646.046
    
    Mr. Putnam. Thank you.
    Can we pass those charts up here so the subcommittee 
members can actually see them?
    I will note for the record the arrival of the gentleman 
from Ohio, Mr. Turner. We welcome him to the subcommittee and 
the record will be open for your opening statement in the 
appropriate spot.
    Our final witness today is John Cohen, co-founder, 
president and CEO of PSCom LLC, Inc. He oversees the general 
corporate operations as well as the strategic development of 
the firm. Mr. Cohen is also director of the Progressive Policy 
Institute's Community Crimefighting Project and co-director of 
the PPI Homeland Security Task Force. He has served as a policy 
advisor to a number of local, State and national 
administrations and political campaigns including as 
coordinator of the State of Maryland's Public Safety Technology 
Task Force and special advisor to the Governor's Cabinet 
Council on Crime and Juvenile Justice.
    Mr. Cohen has written and lectured extensively on many 
issues advocating the deployment of existing and new 
technologies in business practices to fundamentally change the 
way we provide for the public safety in America. These issues 
include homeland security, counter terrorism, community 
policing, drug policy, public safety and racial profiling by 
police.
    Welcome. You are recognized.
    Mr. Cohen. Thank you for the opportunity to participate in 
this important hearing.
    My views on this issue come from the perspective of someone 
who has spent the last 20 years in law enforcement, both from 
the operational oversight and policy development perspective. I 
have worked counter terrorism cases as a special agent for the 
Office of Naval Intelligence and worked as a police officer 
assigned to Federal agencies. I appreciate the opportunity to 
be a part of this discussion.
    As we look back at what has happened in this country since 
September 11, I think the best way to describe how State and 
local governments have responded and have been operating has 
been purely in a reactive mode. It has been a reactive mode 
based on non-specific and vague information that has been 
provided. This shouldn't be a surprise to everybody because 
prior to September 11 the information sharing amongst our 
Federal, State and local law enforcement agencies was ad hoc at 
best, based on personal relationships very often and not 
supported by an integrated system of law enforcement 
information sharing.
    While this homeland security approach may have been 
appropriate for the months immediately preceding the events of 
September 11, Governors and mayors around the country have come 
to the conclusion that from a long term perspective, they can 
no longer operate in a manner in which with every threat level 
elevation, they are going to take police officers out of their 
communities and mobilize the National Guard to have them guard 
potential targets.
    There is a growing consensus that our Nation's homeland 
security issues should be driven by a number of basic 
principles. First, the front lines of the Nation's war on 
domestic terrorism are our cities, towns and local communities. 
Therefore, State and local authorities must be active partners 
with the Federal Government and develop strategic and 
operational plans related to homeland defense.
    Second, the loss of life and financial repercussions that 
would result from a successful terrorist incident require that 
State and local governments take a preventative approach, not 
just be prepared to respond. In this regard, State and local 
homeland security efforts must be information driven, proactive 
and focused on preventing future attacks. This can best be done 
by collecting, analyzing and disseminating critical 
information, not just giving it to the Joint Terrorism Task 
Forces but putting systems into place so that information 
obtained by a beat cop in a community can flow up and be part 
of the analytical mix as well as critical information flowing 
down to that same beat cop.
    This debate, while important, must be done in the context 
of the following. Almost 21 months after the attacks of 
September 11, this Nation still has not taken critical steps in 
creating a strong information sharing capability that allows us 
to conduct this collection, analysis and dissemination of vital 
information. We knew connecting the dots was a problem prior to 
September 11 and to be quite frank, it is still a problem now. 
I have spent the last 21 months working with a number of city 
and State governments helping them look at the issue of 
homeland security and develop plans on how they can be better 
prepared to stop future acts of terrorism. Overwhelmingly what 
I hear from mayors, Governors, police chiefs, fire chiefs and 
public health officials is that we aren't putting the emphasis 
into prevention that we should. A critical part of those 
prevention efforts is linking these information systems.
    While it would be great to have systems like TIA and be 
able to go into credit histories of people that potentially may 
be terrorists, it would be great to have a new radar system 
that allows us to identify through gait individuals. While 
there are amazing things we can do with biometrics and facial 
recognition, the fact of the matter is none of those systems 
will work if we don't create an initial foundation of criminal 
justice information sharing that allows us to share basic 
police information.
    Many of you from this area were here last summer during the 
sniper incident--3 weeks which paralyzed this region. What is 
incredible about that whole situation is the car that contained 
both suspects in that case was stopped over 10 times by law 
enforcement authorities, entered into law enforcement systems 
and never rose to anyone's attention. When phone calls were 
being received in the call center during the sniper incident, 
the information was put on pieces of paper, stacked in piles 
behind the calltakers and at some point during the day, it was 
disseminated to local agencies so those leads could be followed 
up.
    This is not an information sharing system that is going to 
help us stop the next act of terrorism. As we begin the process 
of investing billions of dollars in homeland security, beefing 
up this capability has to be a top priority.
    Let me conclude that as we look at expanding the 
information sharing capability, oversight is a critically 
important part of that. September 11, unfortunately, did not 
stop the fact that some in law enforcement abuse authority, and 
while most cops are honorable people, we have to make sure 
oversight mechanisms are in place to prevent abuses of 
information collection capability and punish those who misuse 
it.
    Thank you. I will respect the time rule also since everyone 
else did.
    [The prepared statement of Mr. Cohen follows:]
    [GRAPHIC] [TIFF OMITTED] T1646.047
    
    [GRAPHIC] [TIFF OMITTED] T1646.048
    
    [GRAPHIC] [TIFF OMITTED] T1646.049
    
    [GRAPHIC] [TIFF OMITTED] T1646.050
    
    [GRAPHIC] [TIFF OMITTED] T1646.051
    
    [GRAPHIC] [TIFF OMITTED] T1646.052
    
    [GRAPHIC] [TIFF OMITTED] T1646.053
    
    Mr. Putnam. Thank you, Mr. Cohen.
    At this point, I will recognize Mr. Turner if he has an 
opening statement and would like to give it now.
    Mr. Turner. Thank you, Mr. Chairman. I appreciate your 
having this hearing on this important issue.
    As we listened to each of the testimonies, we certainly 
understand the importance of making certain we are protecting 
civil rights and making certain we do not have political views 
as a basis for discrimination in these processes or other types 
of discrimination we would want to avoid.
    You can't help but listen to the importance of the task 
that is ahead of us to know that we must have a process of 
learning how to discern what an increased terrorist threat 
might be. In Mr. Steinhardt's testimony, he used the words, how 
would we be able to determine a terrorist from the 100 million 
Americans who fly. I think we are all aware that in the 
September 11 incident we weren't dealing with Americans, we 
were dealing with people on our soil who were carrying out an 
attack upon our country.
    This discussion is important because we must find the 
balance there has to be in this process and a way we can use 
information to discern real threats without resulting to 
discrimination.
    Thank you.
    Mr. Putnam. We thank the gentleman and recognize the vice 
chairwoman of the subcommittee, Mrs. Miller, for questions.
    Mrs. Miller. Thank you, Mr. Chairman. I have a little cold 
going on today with my voice, so we will see how it holds up.
    If I might followup with Mr. Cohen, I was particularly 
interested in your testimony about the sniper and some of the 
problems the locals had with information sharing. Is there 
anything you could tell us specifically to assist us in what 
you might think Congress could do, what our role is? I know so 
many of our States have very strong home rule and why that is 
particularly important, zoning issues and those kinds of 
things.
    I think when it comes to national security or information 
sharing amongst law enforcement agencies, again the Federal 
Government has to be careful we don't get on the slippery slope 
there but you had that kind of experience with the locals. Is 
there anything you see Congress should be doing quickly here to 
expedite some of this information sharing that could have 
precluded some of the examples you used with the sniper which 
were quite vivid?
    Mr. Cohen. I think actually Congress not only plays a 
critical role but quite frankly from what I am seeing, it is 
not going to happen unless Congress plays a role. One thing 
Congress can do immediately is take a look at what homeland 
security funding that is being disseminated out to State and 
local governments can be used for. You hear a lot of focus on 
response, which is important obviously, but as you look at the 
requirements of what funding can be used for, you very often do 
not see anything that indicates they could use it for 
information sharing.
    State and locals have acknowledged this has been a problem 
prior to September 11. In the 1990's, there was a program 
within the Justice Department called the Integrated Justice 
Program which provided support to State governments to work 
with localities to integrate or link these information systems. 
The idea was that as each State linked their intrastate 
criminal justice related information systems, you would then be 
able to link the 50 States into the Federal system.
    During the sniper incident, one of the examples I didn't 
use is that a latent fingerprint was lifted from a robbery 
homicide in Montgomery, AL. That print was taken by the local 
police department, sent to the State of Alabama where it was 
run through their fingerprint system. There were no matches 
within the State of Alabama fingerprint system. Alabama was one 
of the States that was not linked to the Federal fingerprint 
system.
    After a call by one of the snipers where they talked about 
a robbery homicide in Montgomery, AL, investigators from the 
Sniper Task Force traveled to Montgomery, AL, took the latent 
fingerprint on a piece of paper, traveled to Washington, DC, 
ran it through the Federal fingerprint system and identified 
the suspect Malvo. From there, they were able to identify the 
other suspect and then they were able to identify the car they 
were driving in a very short timeframe.
    If Alabama had been linked to the Federal system, they 
probably would have identified that print prior to the sniper 
situation and when that car was stopped 4 hours before the 
first shooting in Wheaton, there would have been a Federal 
warrant in the system, and you may have prevented the entire 
event from occurring.
    This is not massive data mining capability. This is basic 
system infrastructure that needs to be put into place. It is 
important, and this goes to Mr. Turner's point, how do you 
decide what information is important? Part of the problem is we 
adopt in this country a philosophy where somehow terrorism is 
somehow separate from crime and that is ridiculous because 
terrorists don't sit in their hotel rooms or their apartments 
thinking up their little plans and then come out only to carry 
out the plan. They commit drug trafficking offenses, illegal 
weapons trafficking offenses, document fraud, money laundering; 
they work with criminal organizations. They are intertwined 
with the criminal community throughout the world.
    The best way and in fact most of the domestic cases that 
have been worked in this country since September 11 have all 
started off as criminal investigations by either a local police 
officer or a Federal agent. If we can link these criminal 
justice systems more effectively, it is not a technology issue 
but a willingness issue and we can look at terrorism and 
terrorist groups for what they are which is people driven by 
ideology to commit violent crimes, we can take a giant leap 
forward in making the country safer. For that to occur, funding 
has to be able to be used by State and local governments for 
these information systems, Congress has to insist that be a 
part of the philosophy that is adopted as our national homeland 
security planning.
    Mrs. Miller. That is absolutely true. You say a 
willingness. In my former life, as the chairman knows, I was 
the Michigan Secretary of State. We did all the DMV kinds of 
things in our State. As a consequence of that, we were 
responsible for feeding the LEAN machine, an acronym the police 
officers used for all the driving records and those kinds of 
things.
    We had so many times when officers were abusing the system 
because they would get into it, find out their girlfriend's 
address, there were all kinds of things, even the reporters and 
the media were using it for things they shouldn't have used it 
for. So there are always those feeding those kinds of 
information systems and you certainly have to be vigilant about 
who is accessing it and penalties have to be given to those 
that abuse it as well.
    You also mentioned the homeland security. This is something 
I think all of us see in our respective districts and States as 
the Federal Government is sort of feeding out this pot of money 
for homeland security. Unfortunately so often I see at the 
local level they are using it because the States are having a 
budget crunch, so they have had to lay off some police and fire 
and are using the homeland security to bring those layoffs back 
up to snuff, which I suppose is an important thing.
    I think many of us, in our minds, were thinking about 
homeland security moneys for communications systems and border 
crossings and a lot of other kinds of things. That is something 
I think Congress does need to pay attention to, how it is 
actually being used on the home front.
    I did have a question for Mr. Rosenzweig. You mentioned in 
your testimony, I have forgotten now, did you say Great Britain 
or Canada that has a system somewhat different from the 
American system where they have a point person, so they have 
someone who is accountable for their information sharing.
    Do you have any specific recommendations? You mentioned 
here in our Nation, Congress has the responsibility for 
ensuring privacy and having these kinds of hearings. Do you 
think an appeals process outside the Congress as you mentioned, 
would be a good thing?
    Mr. Rosenzweig. I think some form of review is absolutely 
essential. There is no doubt that however we construct these 
information technology systems to conduct advance factual data 
analysis, there will be errors. There will be what are known as 
false positives.
    Especially in the CAPPSII Program, which impinges directly 
upon one of our cherished fundamental freedoms, the right to 
travel, no American citizen should be denied the right to 
travel within or outside the United States without a chance to 
have some redress and an ability to make a prompt argument that 
the determination is an error.
    If it were technologically feasible and I don't know 
whether this will be because we don't know how the system will 
play out, I would like the appeals system to be at the airport, 
so that you can catch the next flight. That may prove to be 
impossible and it may well prove to be unnecessary if the 
parameters of CAPPSII are drawn tightly enough.
    If you design the system such that the external 
identification queries merely create a name and verify that 
identity and that identity is checked against a terrorist list 
created through the use of intelligence sources and means and 
methods overseas that I don't know about and probably never 
will because I don't have a secret clearance, anybody who is 
red carded under that system and not permitted to fly is almost 
surely also going to be someone who the authorities will 
immediately take into custody because of suspicion that they 
are in fact an active terrorist within the system.
    That is how I conceive the development of the system and it 
is how I think TSA conceives it. Whether or not they can 
achieve that remains an open question. If they do achieve that, 
then the appeal from no fly will be in a different forum 
altogether, the court system where the suspected terrorist will 
soon be transported.
    There should still be a system for an appeal of a yellow 
card determination where you are allowed to fly but are 
subjected to heightened scrutiny. However, the need for that to 
be an immediate process right at the airport is substantially 
diminished because yellow card means you fly unless the yellow 
card turns up something in which case you do not fly because 
you have the bomb in your luggage.
    So there could be a more measured process by which one were 
given that appeal. Whatever the structure and architecture of 
the system, it is imperative that no American be denied the 
right to fly without the right to appeal.
    I will add one other thing mentioned in my testimony. No 
American should be denied the right to fly, red carded, based 
solely on commercial data, data that is gleaned from publicly 
available commercial data bases because those data bases are 
maintained for different purposes, they have errors in them and 
they aren't intended to be terrorist identifiers.
    If anybody is denied the right of travel, this Congress 
ought to tell TSA it ought to be based upon some positive 
indication from an affirmative, intelligence source that gives 
us a positive reason for thinking that this particular person, 
with this particular name ought to be on the list.
    Mrs. Miller. That really is the whole impetus of these 
programs, that TSA is able to do some sort of profiling to weed 
out the kinds of problems we might have at our airports.
    I would like to ask one generally for the panel.
    Mr. Putnam. We may need to get back to that. You have had a 
10 minute round. We are going to move to Mr. Clay. I hate to 
cut you off because it is a good debate, but I will recognize 
the gentleman from Missouri for 10 minutes.
    Mr. Clay. I thank the witnesses for being here today. Thank 
you for your testimony.
    I would like to begin by asking each of you to answer this 
question. Each of you has emphasized that Congress has an 
important policy role in balancing national security and 
privacy, however, the development of CAPPSII and the 
development of DARPA's Total Information Awareness have been 
difficult for Congress to review.
    One of the reasons the Wyden amendment was passed was 
because Congress did not have sufficient information to allow 
the project to proceed. Now, we find the information Congress 
had then is no longer operative.
    Similarly, Admiral Loy told us about all of his Federal 
Register notices and conferences but Congress still doesn't 
know what data is going to be used in CAPPSII or what rights 
citizens will have.
    How can we assure that Congress has the information 
necessary and that all of the relevant committees consider that 
information before these programs go much further? Mr. Cohen.
    Mr. Cohen. Congressman, as you were asking your question, I 
couldn't help but looking over your shoulder and seeing the 
portrait of Jack Brooks. I used to work for Chairman Brooks 
when he chaired the House Judiciary Committee. I was the deputy 
chief investigator for the committee. Chairman Brooks worked 
very closely with the ranking member of the committee on a 
number of issues.
    Mr. Clay. When I first met Jack Brooks 25 years ago, I 
worked here as a doorkeeper over there in the House. He ran the 
committee with an iron fist too.
    Mr. Cohen. Yes, he did. I think back to the struggles we 
went through trying to conduct oversight. In my opinion as a 
law enforcement person, we are in a very uncomfortable time in 
this country because on the one hand, you have fear pervasive 
through society where people are saying things such as, maybe I 
am willing to give some of my civil liberties if just the 
Government will keep me safer. You have good people in law 
enforcement and government trying to come up with a solution 
that is a very complex and very scary situation where people 
are attacking this country.
    At the same time, we are going through a period where folks 
are saying, if I am going to do my job effectively, I can't 
have that pesky Congress looking over my shoulder or media 
shouldn't be given accurate information, or the courts have no 
business telling us what to do. We are a nation at war.
    It is a difficult balance because on the one hand, we have 
to protect sources and methods but on the other hand, there is 
a long history of abuses of authority, and there is a long 
history of law enforcement people even though I think most 
police officers and law enforcement folks in this country are 
people doing a job most would be unwilling or unable to do and 
they are honorable but there are bad people.
    Today's LA Times runs a story about an LAPD officer who was 
using his access to law enforcement information systems to sell 
that information for his own personal gain. He ruined the life 
of hundreds of people. Abuses will happen. No matter how good 
intentioned an agency is in creating a system, there is always 
potential for abuse.
    I think during these times, Congress has to be 
extraordinarily aggressive and the message has to get out that 
oversight isn't a bad thing, it is going to make our system 
stronger, it is going to help protect us better. What you find 
after you start taking a look at how terrorist organizations 
operate, you find a lot of the important information isn't 
secret information anyway. It is information that comes from 
community members, from basic law enforcement systems and non-
law enforcement related government systems--drivers licenses, 
FAA, all those types of systems.
    I think Congress by aggressively injecting a bit of reality 
into this process can play a real significant role.
    Mr. Clay. That pretty much serves as a way to fine tune our 
system of protections.
    Mr. Cohen. Absolutely, Congressman. We worked very closely 
with the Justice Department, though it was a different party 
administration, on all types of issues. We worked closely with 
NSA and the intelligence community on a whole series of issues. 
Congress is a very important player in this and cannot be 
excluded if we are going to be effective.
    Mr. Clay. Mr. Steinhardt, how can Congress assure that we 
have the necessary information?
    Mr. Steinhardt. I have a great deal of sympathy for your 
question. We have had a constantly shifting explanation of what 
the Total Information Awareness Program and CAPPSII Program 
are. Those charts come from DARPA and we blew them up to make 
that very point, that the explanation of these systems 
constantly shifts but that the initial explanation, whether the 
chart from DARPA or the Privacy Act notice filed by the TSA, 
are massive systems of surveillance.
    It seems to me Congress has the right and the 
Constitutional duty to ask some hard questions of the 
administration about what exactly these programs will do, what 
data will be collected, who will they be trained on. It is 
clear they will be trained on American citizens. Whether or not 
there should be, as Mr. Turner suggested, and I tend to agree 
with him on this point, a separate set of rules that apply to 
non-Americans. It is clear both TIA and CAPPSII will apply to 
hundreds of millions of American citizens, American residents.
    I would suggest in summary what you need to do is really 
employ a two step analysis. The first is you need to ask some 
hard questions about whether these systems will work. There are 
a lot of good people out there who are security experts, 
computer scientists, technologists who will tell you these 
systems are not likely to work. If they are not likely to work, 
then they become a diversion of our resources and creation of 
potential threat only to the point that you are satisfied they 
are likely to make us safer, not talking about 100 percent 
certainty. I understand nothing is 100 percent certain, but 
general certainty that the systems are going to make us safer, 
only if you are satisfied on that score do you then begin to 
ask the second set of questions which revolve around what is 
the cost to our freedoms and how can we cabin the systems so 
they don't cost us our freedoms.
    You need to begin by asking that first question. Is it 
going to work, is it going to make us safer or is it going to 
create the illusion of security.
    Mr. Clay. You say there may need to be a bifurcated system 
or a two-tiered system where we treat American citizens one way 
and treat immigrants another way. You bring up a valid point. 
We may need to get a handle on who is here in this country and 
maybe scrutinize them in a different way than we do American 
citizens.
    Mr. Steinhardt. What I was trying to do, Congressman, was 
answer Mr. Turner's question about who would CAPPSII apply to. 
In my opening statement, I give the statistic that it applies 
to about 100 million Americans. I estimated the error rate 
100,000 people if the error rate was 99.5. Mr. Turner asked a 
legitimate question, what about those people who are not 
American citizens. I was just emphasizing that both CAPPSII and 
as originally proposed the TIA systems were designed to go 
after American citizens. There is no question a different set 
of Constitutional standards applies to non-Americans. We can 
and should at some point talk about those but we need to 
recognize that these are not systems solely designed to be 
applied to foreign visitors to this country. They are going to 
apply to hundreds of millions of American citizens.
    Mr. Clay. Thank you.
    Mr. Rosenzweig.
    Mr. Rosenzweig. The answer to the question how is a very 
simple one. You have more power than you think you have or you 
know you actually have more power, the power of the purse, the 
power of public observation and ultimately powers of subpoena.
    I was on a program talking about the Patriot Act, an NPR 
program with Congressman Conyers about 6 months ago. As you may 
imagine, we don't necessarily agree on a number of things but 
this was at the time when the Department of Justice was 
refusing to provide data on its use of subpoena powers to the 
Judiciary Committee. One of the things that we agreed on 
wholeheartedly was the necessity for the Department of Justice 
or any other executive branch to provide you with information.
    I don't see in these charts a nefarious mutation of policy. 
I see the natural product of the development of an idea that 
starts as an outside the box conception in an agency that we 
designed for the purpose of doing outside the box thinking, 
that ultimately gets refined as it is subjected to public 
scrutiny such that it is indeed likely a variation on the 
original idea that is more sensitive to public liberty 
concerns.
    That is not DARPA's mission. DARPA's mission is to have the 
wild hairbrained ideas. It is the other people in the executive 
branch's idea to say, whoa, make sure you do it the right way 
and it is your mission to say to the executive branch, really 
make sure you do it the right way.
    I actually see the trend between those two charts that Mr. 
Steinhardt seems to think of as a demonstration of the bad 
motivation that initially went into this as actually an example 
of the system working. Congress did the right thing with part 
of the Wyden amendment by saying, tell us what you are doing 
and sometime today you are going to get 500 pages, 300 pages, I 
don't know what they will give you, on what TIA is doing.
    I am sure Mr. Steinhardt is going to study that carefully, 
I am going to study that carefully, you and your staff are 
going to study that carefully, and we can build from there. So 
do more of what you are doing is the answer.
    Mr. Clay. Thank you for that answer.
    Mr. Putnam. I thank the gentleman.
    Mr. Steinhardt, you made several references in your written 
and verbal testimony to the surveillance society. Has the 
ACLU's definition of an acceptable level of surveillance in 
society changed since September 11?
    Mr. Steinhardt. We have never been opposed to strong 
security measures. My colleague, Rich Nochime for example, 
testified before what was then known as the Gore Commission in 
the prior administration, on aviation security about the need 
to do several things. One was to fully secure the cockpit doors 
in airplanes; second was to x-ray all the package or otherwise 
test all the baggage going into the cargo hold; third was to 
put armed guards on the planes. We have never been opposed to 
security.
    The questions we have been raising are does the security 
that is proposed work? Many of these proposals simply will not 
work. They will not make us safer. Second, how can we retain 
our liberties in the face of the ever advancing march of 
technology which makes it easier to collect data about us, to 
correlate that data, to mine that data? I can show you my 
device that does e-mail and phone and keeps my calendar but we 
need to begin to put some rules around this technology.
    I had the opportunity the other day to visit with Dr. Popp, 
the deputy director of the Total Information Awareness Program. 
He was showing us some slides about TIA. He was showing a slide 
that showed the role of different agencies in the TIA Program. 
In the bottom righthand corner of that slide, and I cannot 
forget this, was a balloon that said ``policy'' and the 
remarkable thing about that balloon was it was empty. There is 
no policy other than the Wyden amendment. There is no policy 
that really constrains what can be done with TIA. That is 
Congress' role, you need to begin to develop those policies. 
You can't leave them to the governmental officials who build 
these systems.
    Mr. Putnam. Everyone else in society has sort of lost their 
footing since September 11 and are trying to regain it as to 
what is acceptable. Prior to September 11, red light cameras 
and face recognition technology at a Super Bowl may not have 
been acceptable. After September 11, it may be. There is this 
effort on the part of society and it is reflected in the 
Congress of trying to regain our footing as to what is an 
acceptable level of surveillance in our lives.
    My question was whether or not the same process had been 
undergone in ACLU but let me move on.
    There has been a growth, perhaps an explosion, in the 
number of local and State law enforcement agencies who have 
begun their own intelligence divisions, agencies, operations 
that are probably subject to less scrutiny than the Federal 
agencies have been up to. Would you comment on your awareness 
of municipal or State efforts in this regard and your concerns 
or observations on their progress, beginning with Mr. Cohen?
    Mr. Cohen. You are right, for a number of reasons State and 
local law enforcement have expanded their exports in two 
things, one in the collection, analysis and dissemination of 
information and intelligence, especially on the State level as 
an intelligence dissemination hub. The State of California has 
created a Counterterrorism Information Center. The State of 
Maryland is establishing a similar capability where crime and 
terrorism related information will all come into a central 
analytical facility and be disseminated out to Federal, State 
and local entities. The State of Arizona is building a similar 
capability.
    At the same time, many local agencies are focusing on this 
whole issue of intelligence and creating their own intelligence 
divisions.
    The reason the States are having to step up and do this is 
because there is a perceived lack of capability coming from the 
Feds in this area. Whether it is because the Federal Government 
doesn't have the infrastructure or the capability itself or 
whether it is a different perspective on what information 
sharing is, a number of State and local governments have felt 
they are in a better position to conduct this analysis and 
dissemination.
    From the standpoint of creating local intelligence groups, 
local law enforcement for the most part sees the correlation 
between crime and terrorism, and while they tend to be under 
less Federal scrutiny unless they are using Federal funds for 
technology systems that facilitate movement of this 
information, they tend to be under pretty extensive local 
scrutiny because of past problems.
    The city of Denver, for example. The city council and the 
local courts are very heavily focusing on the efforts of the 
Denver City Police Department to collect intelligence 
information. When we work with police departments, we say as 
long as you continue to remember things like due process, 
probable cause and you are linking your information collection 
activities to criminal activity, you are in good shape. If you 
start straying from that area and start looking at collecting 
information that may not be related to criminal behavior, you 
need to be very careful.
    Mr. Steinhardt. Let me followup what Mr. Cohen just said 
because the Denver case is actually an ACLU case. We are not 
opposed to the Federal Government and local and State law 
enforcement agencies talking to one another as some might 
suggest. We are concerned about what happened in Denver where 
you had the Denver police collecting information about lawful 
protesters who were exercising their first amendment rights and 
creating what amounted to spy files about those individuals.
    It is both a diversion of the resources of the Denver 
Police Department from far more critical things they could be 
doing and a deprivation of rights. Denver is not alone. That 
occurred before September 11 but Denver is not alone as a 
representative of that problem. In New York, the incumbent 
administration had a policy for a period of time that they 
simply would not approve any parade permits, so people who 
wanted to exercise their first amendment right to protest were 
prohibited from doing it.
    The consequence was they denied a permit to what turned out 
to be 500,000 or 600,000 people who wanted to hold a 
demonstration in front of the U.N. before the Iraqi war broke 
out. The classic exercise of their first amendment rights to 
petition their government for a redress of their grievances as 
the first amendment says, the consequence was from a security 
perspective that you had hundreds of thousands of people 
wandering through streets of Manhattan in a disorganized way 
that made us less secure rather than more secure.
    We need to recognize that even in these times, we are not 
suspending the Constitution, we are not suspending the Bill of 
Rights, we need to apply those resources in a way that makes 
the most sense, that is efficient and effective.
    Mr. Rosenzweig. I think the answer to your question depends 
upon the subject matter of the intelligence gathering. To a 
very real degree the tools and methods by which we are going to 
identify terrorists reside principally at the Federal level, 
the CIA, NSA, DOD, FBI, Homeland Security.
    The creation of intelligence divisions in the States is to 
be welcomed. Any enhancement of our abilities to identify 
terrorists is great but I guess from my perspective, unless 
those intelligence capabilities are linked with the Federal 
system and thus far they are not so linked, they result in a 
duplication of effort to some degree. That is the nature of our 
Federal system. Indeed it was created in some ways to cause 
inefficiency, the division between Federal and State and locals 
is designed to cause governmental inefficiency.
    In the case of terrorists questions, that may be an 
inefficiency we can no longer afford.
    Mr. Putnam. Do you believe Mr. Rosenzweig, that government 
should be restricted to publicly available data sources?
    Mr. Rosenzweig. With appropriate safeguards, no.
    Mr. Putnam. My time has expired. I will recognize the 
gentleman from Ohio, Mr. Turner.
    Excuse me, Mr. Lynch?
    Mr. Lynch. No.
    Mr. Putnam. Mr. Turner.
    Mr. Turner. Mr. Steinhardt, in listening to your testimony 
and reading over the written statement you have given us, I 
agree with your concerns and the problems you have identified 
in these types of systems. The issues of we can't catch 
everyone, there will be failures of the system. Timothy McVeigh 
would not be someone who would have been identified. Abuse of 
government, the fact that other uses of this information might 
be found. Civil liberties, the fact that innocence would be 
identified, that there could be creep, that we needed due 
process for those aggrieved, that criminals may subvert the 
system, that once the system is constructed, those who really 
want to get beyond it can and the issues of cost benefit 
analysis.
    Your conclusion of then don't do this leaves me with the 
question of what is the alternative. We know what we are doing 
now doesn't work and we have all seen 85 year old grandmothers 
with their grandchildren traveling who have gone through 
increased security measures and we all agree pose no risk to 
us.
    I would love to hear from you what is the alternative 
besides just increased security. We all know, even in the 
highest crime areas of urban America, you could put a policeman 
on every corner and still not have an impact on crime 
necessarily. What alternatives in intelligence gathering or in 
looking at intelligence would you find acceptable or would you 
suggest be pursued?
    Mr. Steinhardt. I think that is an important question. To 
my mind the first alternative is physical security. That 
remains our best alternative. We have taken some steps in air 
travel that are working pretty well. We put air marshals on the 
planes, we strengthened cockpit doors, we x-ray baggage. There 
are some additional things we ought to be doing. We are still 
not doing luggage matching to determine whether someone 
checking luggage on the plane actually got on the plane. There 
are a number of things we could be doing in addition to what we 
are doing that is physical security.
    We are not opposed to the notion that the government have a 
properly constituted watch list of persons who we believe are 
engaged in terrorist activities which are criminal activities, 
that be circulated and people be carefully checked against it 
but that is not what CAPPSII is.
    CAPPSII is designing a much larger system of investigation 
of 100 million Americans plus 10 or 15 million non-U.S. persons 
who arrive here every year. When we say we think CAPPSII is the 
wrong alternative to the problem, it is not to suggest we think 
either there are not additional physical security measures we 
can take, nor is to suggest we think the Government should be 
prohibited from compiling a generally accurate list of persons 
who are not permitted to fly. If you have identified one of 
those persons, you trigger the normal criminal process. If you 
identify someone who is a terrorist, then the likelihood is you 
have sufficient cause to arrest them and bring them to trial.
    Mr. Turner. How would that list be made, the watch list you 
are talking about, how would that be composed, how would you 
achieve that list?
    Mr. Steinhardt. We certainly would have to go beyond what 
we now have. About a year ago some of us met with some persons 
who were then in the Department of Transportation, I suppose 
they are in Homeland Security now, who described the current 
watchlist as 1,000 guys named Mohammed and I am not 
exaggerating that.
    If we have sufficient information about individuals to 
believe that they intend to cause us harm, that they have 
engaged in criminal activities, terrorist activities which are 
also criminal activities, then it seems to me it is appropriate 
to circulate a list to security officials and check to see if 
they are trying to fly.
    Mr. Turner. The second question is for Mr. Steinhardt 
again. You indicated the Constitutional standards for non-
Americans would be different and there is some level of 
acceptable tracking that could be done. Would you be willing to 
submit to this committee additional information as to what you 
would consider to be an acceptable tracking system for non-
American citizens?
    Mr. Steinhardt. Absolutely. We will provide the committee 
with additional information. I will ask my colleagues who work 
on those issues to help me. We will submit some information.
    Mr. Turner. The next question I have goes to all the panel 
members, starting with Mr. Rosenzweig.
    I participated in a panel at the American War College at 
Maxwell Air Force Base. One of the questions asked by someone 
attending was can America right a religious war? One of the 
biggest issues we all came down to which I thought was pretty 
startling was how do you define a religious war. If your enemy 
declares a religious war, you are in one whether or not you 
believe you are in a religious war yourself.
    We define ourselves being an immigrant population as 
everyone, every religion, every ethnicity. Governmentally we 
consider ourselves to be nonreligious. Yet the rest of the 
world does not necessarily organize that way. There are areas 
of the world that tend to be more homogeneous, that are not 
immigrant populations. So when we have an area of the world 
that identifies America as an enemy or a target, we are going 
to find ourselves in a situation where by trying to discern who 
our enemy is, we are in fact crossing that line into an area 
where America feels very uncomfortable because of our inherent 
definition of ourselves of being made up of everyone.
    In looking at that issue, what are your thoughts on the 
Constitutional issues that we face, the political issues we 
face, our concerns being an immigrant population of making 
certain as we preserve our definition of a nondiscriminatory 
society, we still have the ability to discern where there is a 
conflict that is coming from an isolated area of the country 
that may be more homogeneous and may have a different view of 
why it is at war with us?
    Mr. Rosenzweig. That is a very difficult question to 
answer. Let me offer two thoughts.
    The first thought is that in some very real ways, the 
promise of advanced technologies that we have been discussing 
is to minimize the need for the use of characterizations and 
categorizations that Americans inherently find difficult, 
racial profiling, religious profiling, that sort of thing.
    When we talk about CAPPSII or TIA as an intrusion into 
privacy, we have to understand that it really is not a one-way 
rachet. It is really a rebalancing the privacy because there 
are more intrusions in electronic data that is out there about 
you that will probably result in substantial reductions in the 
amount of physical intrusions that occur to American people as 
they go through the airports, the body searches and things.
    Another consequence of a successful CAPPSII Program, if we 
can develop one and if it can work, I don't know whether it 
will work and history is littered with people who will say 
airplanes won't fly and automobiles will never work. Assuming 
it works, if we can get a system that is better at pinpointing 
who it is that is an appropriate target for enhanced scrutiny 
because of indicators out there, that decreases our need and 
may even eliminate the need for us to rely upon the fact that a 
person is a practitioner of Islam who was born in Yemen and has 
moved to the United States, characterizations we don't want to 
use.
    The second answer, second aspect of it is we are going to 
have to accept that as a cost in the end. It is not a cost 
anyone willingly accepts and we shouldn't use those sorts of 
characterizations for any except the most extreme and 
significant threats. I would say don't use it for drugs, don't 
use it to catch wife beaters, there is a whole host of valuable 
things we do but all of them pale in significance compared to 
the security of Americans and their safety.
    If we can find no other way to do it, then we are going to 
have to with a lot of oversight so we try and do it the best 
way we can with the least amount of intrusion. Those are the 
only answers. That is not a good answer, not a satisfying 
answer but we are in a very unsatisfying situation that is not 
the product of our own beginning.
    Mr. Steinhardt. As you said, I agree we need to have better 
coordination among law enforcement agencies whether it is State 
or Federal, local or Federal but the question remains what is 
it these systems will evolve into? I was thinking as I prepared 
for this testimony about the experience with the Social 
Security number. My parents when they first received their 
Social Security numbers back in the 1930's were promised the 
Social Security number would not be used to do anything other 
than to administer this brand new pension program.
    My children on the other hand, if you fast forward a few 
decades, were given their Social Security numbers at birth and 
it is quite clear it has become not only a unique identifying 
number in our society but it has very real consequence for 
millions of Americans who have become the victim of identity 
thieves who use that Social Security number as the linchpin for 
their theft.
    I fear that in the Internet age in which we live where 
everything is sped up, period between when my parents got their 
Social Security number and my children got theirs is going to 
be tremendously compressed. That if we build systems like TIA 
and CAPPS II, in the end they are going to be used for not 
purposes that are unauthorized, although they will that is not 
what I am worried about, I am worried about what will become 
the eventual authorized purposes for systems that allow that 
sort of intrusion into our lives, that allow that sort of 
ability to correlate what would seem to be these disparate and 
unrelated facts about us.
    Mr. Cohen. I think your two questions are linked because if 
we do this right, we shouldn't have to fight religious wars. 
Terrorists aren't dangerous because they have dangerous 
thoughts or they say dangerous things. They are dangerous 
because their political or religious ideology motivates them to 
do violent acts against people, places and things. The danger 
comes from the violent act. They don't commit those violent 
acts in a vacuum. They deal with criminal organizations, other 
political organizations. They move about the world.
    There are ways to target them and prevent them from doing 
what they intend to do without it becoming a religious war. We 
do it the same way we target violent international weapons 
trafficking organizations and violent international drug 
trafficking organizations who use many of the same terrorist-
like tactics to promote their goals. So they commit violent 
acts, sometimes mass murders motivated by greed.
    In my opinion, a mass murder committed or motivated by 
political ideology is no more sinister than a mass murder 
committed because of mental illness or because of the intent to 
promote a criminal goal.
    I think this goes to your question, what do we do if we are 
not going to invest in the CAPPS II system or TIA? I think it 
becomes a question of priorities. We have limited funding; that 
is the reality of life. Is it more important to build the TIA 
system or the CAPPS II system or is it more important to 
conduct a comprehensive national threat assessment where the 
Federal Government works with State and local governments to 
identify potential targets? Is it more important to create a 
system so that once that threat assessment is done, we can 
constantly reevaluate and reprioritize it based on information 
that comes from the Federal level?
    Is it more important or a higher priority to map out the 
business processes of how international terrorist organizations 
work with domestic groups like black militant organizations, 
white supremacist organizations, latin american drug 
traffickers?
    I have to tell you I fundamentally disagree with my 
panelist's position that one of the most important components 
in identifying terrorists operating in this country, the 
information is going to come from the intelligence community. 
Investigation in North Carolina into cigarette smuggling by 
local sheriffs resulted in the discovery of a terrorist cell 
where they were using the proceeds from cigarette sales to fund 
Hezbollah operations. It didn't start off as an investigation 
that came from intelligence sources but because some local 
deputy sheriffs were told by community people there were some 
suspicious behavior going on.
    DEA agents, FBI agents began an investigation in San Diego 
into an heroin trafficking organization. Come to find out, that 
organization is involved in shipping surface to air missiles to 
Latin American terrorist groups.
    An organization coming in from Canada bringing precursor 
chemicals for the production of methamphetamine resulted in 
dismantling an incredibly large methamphetamine production. 
Guess what we found out afterwards? They were funneling the 
proceeds of the sales of those precursor chemicals to Middle 
Eastern terrorist organizations.
    The vast majority of the cases on terrorist organizations 
that have taken place since September 11 weren't initiated by 
information that came from the intelligence community. They 
were initiated because a local police officer, a Federal agent, 
a community member reported something suspicious, and a 
criminal investigation began. They found out later when they 
linked information that came from the intelligence community 
that these folks had a tie with terrorist organizations.
    I am not saying the intelligence community doesn't have a 
role. That would be ridiculous to say that. It is only when we 
recognize, if we are going to be truly serious about preventing 
terrorism in this country, this philosophy that terrorism is 
worked on this path and crime investigations are worked on a 
separate path and we have to make it difficult that we don't 
share that information; until we recognize that is a 
nonproductive way to do it, we are not going to be able to put 
in place a system in this country that allows Federal, State, 
local law enforcement to best protect the people who live here.
    Mr. Turner. Thank you.
    Mr. Putnam. You have made the point Mr. Cohen rather 
eloquently about the nexus between drugs and weapons 
trafficking and the source of financing for terrorist 
organizations. Mr. Steinhardt and Mr. Rosenzweig have both 
testified either in written submissions or verbally that at 
bare minimum, if we are to deploy TIA and CAPPS they should not 
be expanded beyond national security issues into criminal 
activity.
    If we criticize an inability to connect the dots because 
the criminal agencies, the law enforcement agencies aren't 
talking to the intelligence community or the Department of 
Defense, why would we restrict the ability of TSA and others 
using best technology practices to pick up a sniper, a weapons 
trafficker, a drug trafficker, a murder, a kidnapper? How would 
we justify to the parents of a kidnapped child that we had 
technology that could have picked up that person at the airport 
but we only use that for terrorists? At what point would you 
draw that line where national security threats cross the 
threshold into criminal activity? I would direct that to Mr. 
Steinhardt and Mr. Rosenzweig?
    Mr. Rosenzweig. I think the principal difference between 
Mr. Steinhardt and I is that he doesn't believe you are going 
to be able to maintain that line, that in the end the reality 
of politics will cause Congress and the administration, whether 
Democrat or Republican, to follow that downward path.
    The reason and one of the only reasons I am willing to take 
the step of looking at TIA is because I believe you can make 
that line and I believe you should.
    Mr. Putnam. Where do you put the line?
    Mr. Rosenzweig. I think the line is where we are talking 
now, national security, the maintenance of the security of all 
the citizens of the United States against broad threats of 
terror that are likely to result or may result in the deaths of 
tens of thousands, thousands of us, is a class category 
distinction in my mind.
    To be honest with you, if I didn't think you could draw and 
maintain that line, I would be joining with Mr. Steinhardt 
because the power of this technology to be a potential for 
abuse and for intrusion is not insignificant. To my mind, the 
risk is worth it if it is going to be used in this narrow range 
of circumstances that are the most significant. You can't 
define the line but I think it is easy to say that September 11 
is a lot different than chasing down deadbeat dads. Deadbeat 
dads who don't pay their alimony and child support are bad 
people.
    Mr. Putnam. You have laid down those two markers, let us 
move inward from deadbeat dads to Pablo Escobar or move further 
to a major weapons trafficker, or further to someone who is a 
financier of Al-Qaeda but is not a known operative.
    Mr. Rosenzweig. The lines are difficult no doubt and there 
will be room for argument in the gray area where it is. I would 
say the financier falls on the side of the line where I would 
use it. I would say Pablo Escobar, however grave a threat he is 
to Americans, is not a fundamental threat to American security 
and does not have as his fundamental purpose the intent to kill 
tens and tens of thousands of Americans.
    The difficulty in drawing the line is often used as the 
slippery slope argument against even beginning the discussion. 
I stand with Justice White who wrote in response to the 
slippery slope argument, we are rationale human beings, we can 
draw lines, we can debate where we want to draw them, but to 
say we cannot draw them is to despair of our rationality. I am 
paraphrasing obviously. That way lies despair. That way, don't 
do this at all. in which case, we are tossing away potentially 
our greatest technological advantages if these things work and 
condemning quite possibly Americans to death or admitting we 
can't draw a line and we are going to travel down the road to a 
police state or surveillance state where TIA and CAPPS II and 
other systems like that are used to dun me for my unpaid 
traffic tickets.
    I hope we can stop somewhere along that slope.
    Mr. Putnam. Mr. Steinhardt.
    Mr. Steinhardt. The ACLU has never opposed the intelligence 
agencies and the criminal law enforcement agencies talking to 
one another when there is evidence of a crime. We had plenty of 
evidence before September 11 those terrorists who hijacked 
those planes were going to commit a crime. There was nothing in 
law then, certainly nothing now in law that prevents those 
agencies from talking to one another. That ought to be the 
touchstone here which is whether or not you have evidence of 
criminality. If that is the case, the information can be shared 
and should be shared.
    I would think if the TIA had evidence at the airport that 
Pablo Escobar or some other wanted criminal was presenting 
himself, the right response is call the cops, bring them in and 
have them make the arrest.
    That is very different from the question of how do you 
design these systems. Do you design them to be an adjunct to 
law enforcement or do you design them for the purpose for which 
they originally were to be created which is as security 
systems.
    To the extent we are going to have these systems, I would 
suggest we design them as security systems. I am sure if 
Admiral Loy were here he would say that is his first priority. 
He is in the security business, not the law enforcement 
business. I know of nothing in law that would prevent the TSA 
if they came across a wanted felon from calling the criminal 
law enforcement agencies to make the arrest.
    Mr. Putnam. You have made points back and forth, one 
following Mr. Forman's comments we are not going to fund 
anything until it is proven effective and the other your 
philosophical opinions on the privacy issues. Is your primary 
objective the deployment of TIA, which has not occurred, or the 
development and deployment of CAPPS II which has yet to occur? 
Is your objection based on the ineffectiveness argument that it 
is not going to work or the intrusiveness argument which is 
that it is going to work too well and bring in innocent people?
    Mr. Steinhardt. I fear it will be both. Systems like that 
are not going to work in the sense that they are not going to 
make us more secure. I don't mean 100 percent security, no one 
believes we can achieve 100 percent security but a reasonable 
degree of extra security.
    Second, if we build systems like that, they are inevitably 
going to be used for other purposes, even as they don't protect 
us, they will be used for other purposes. In fact, as they 
don't protect, the impulse is going to be to make them more 
intrusive, to gather more information, to use them in different 
ways. That will be the response, their lack of efficiency, 
their lack of effectiveness. That is what I fear about systems 
like TIA and CAPPS II. Build it and they will come with all 
sorts of other uses for systems like that and they inevitably 
will be used for other purposes just as my parents' Social 
Security numbers are used for a host of other purposes now.
    Mr. Putnam. You specifically cite in your testimony your 
objection to Admiral Loy's comment. In fairness to Admiral Loy, 
his comment was in response to my question and he couched his 
response by saying he would not expand the use of CAPPS II 
beyond air travel without specific congressional authorization 
if I remember correctly.
    You object to using the same technology for air travel on 
passenger cruise lines and rail travel. If we deploy a 
technology to presumably increase the security of air travel, 
why would we deliberately choose not to deploy that same 
technology to rail and cruise ships? Do we presume they won't 
select those transportation modes as a target?
    Mr. Steinhardt. We object to the technology whether 
employed in air travel or rail or shipping. Your response I 
sense is what I assume will happen which is if we build one of 
these systems, say CAPPS II, you make an excellent point, if we 
build the system, why not apply it in other areas and we would 
employ it for a whole host of other reasons, some of which are 
completely unrelated to the security of our transportation. 
That is exactly what I think will happen if we build CAPPS II 
or TIA. We will use them in other ways.
    There is no good answer in a sense to your question which 
is why not use it in x or y case.
    Mr. Putnam. If you are right and it doesn't work, we 
shouldn't put it anywhere?
    Mr. Steinhardt. That is right.
    Mr. Putnam. But if it does work, I think it would be silly 
to use it in air travel but leave all rail passengers 
vulnerable. I would lead the charge in Congress in response to 
your objection. Your objection is well founded and people like 
me would say if it works for air, it ought to work for rail and 
passenger cruise lines because clearly the people who wish us 
ill have a range of targets to choose from.
    My time has expired. I will recognize the gentleman from 
Massachusetts if he has questions.
    Mr. Lynch. Let us go back to the airline model. Right now 
we have just a purely random system, so my mom, 82 years old, 
coming down for the First Lady's luncheon last week gets 
screened and it is completely random. We need to move from that 
model. Clearly we are wasting a lot of resources on people who 
aren't legitimate threats. That is not effective.
    Is there a system out there with some criteria that would 
be acceptable in terms of honing down the number of suspects 
that would receive more robust screening at airports? I know it 
is terribly problematic but when you have a situation like we 
have where there is a group that has declared war against this 
country and we are at pains under our Constitution to make sure 
we don't simply respond to that by stigmatizing and labeling 
all members of that group as suspects, we still have an 
overriding primary responsibility to protect the citizens of 
our country. There is the dilemma.
    Is there anything you gentlemen can agree on that might 
provide a more effective screening process?
    Mr. Rosenzweig. That is what TSA is searching for. As of 
now, the alternate to the random screening is a various set of 
heuristics they use but they are so widely known to the public 
that it is easy to avoid. For example, if you buy a ticket 
late, less than a half hour or hour before you board, you are 
going to get additional screening. The answer to that for the 
terrorist is easy, buy your tickets 14 days in advance.
    To the extent systems are currently in place that attempt 
to supplement random screening, they are essentially 
compromised and of little or no value. To the extent that we 
are creating the CAPPS I No Fly list, it isn't really working 
and just about anybody who does a little research can figure 
out how it is created. It is fundamentally compromised.
    You need a different heuristic. If the CAPPS II system or 
something like it isn't developed and adopted, then you are 
going to be left only with random searches or I guess the last 
option is the very narrowest definition, the hard name list. We 
cull every intelligence source and we get 27,000 people we 
think are terrorists and we use that name list. If we don't add 
name verification and identity checking to it, which is the 
part of CAPPS II that people like Mr. Steinhardt find 
objectionable for understandable reasons, the name list is 
useless because the obvious answer is change your name. It is 
not a very hard thing to do and it is not a very hard thing to 
assume somebody else's identity.
    The only way we can get beyond the current system I think 
is something like the model they have developed in CAPPS II. If 
we make the decision we don't want to do that for other 
extrinsic policy reasons, that is OK but then we are going to 
be doing heightened physical security, heightened random 
screening, more privacy intrusions of the direct and immediate 
personal sort that your mother experienced, and it is a 
tradeoff. We will take that type of privacy intrusion as 
opposed to the privacy intrusion of the name and identity 
verification of CAPPS II.
    For me, I would make the other choice but you can't really 
say there is no rationality to the objection.
    Mr. Lynch. Are we missing one other option? Isn't there the 
possibility that we could have people self prove, low 
susceptibility or low likelihood that they might be a 
terrorist, people who fly frequently, if they came forward 
voluntarily and said, I fly so often I can't be dealing with 
the selection process all the time. I will come in and 
basically lay all my cards on the table and this is who I am 
and I will agree to go through some type of enhanced 
identification process. Maybe it is biometrics or something 
like that.
    Mr. Rosenzweig. The trusted traveler program has at least 
three problems. It is another possible answer. One, the depth 
of inquiry necessary to make somebody a trusted traveler if it 
is low enough to make it an efficient process is probably going 
to miss people. If it is high enough that it will actually be 
effective in screening out terrorists who try to get into the 
program, it will take longer than the FBI screening that now 
delays senatorial confirmation by 6 months.
    You are talking about lots more people, so it is going to 
be hard and it is subject to the same discovery of the 
methodology problems that any other screening system is, which 
is that the terrorists, once they learn there is a new system, 
can game it. You can't predict for certain, but for sure 
terrorists will try and suborn that system that setting 
themselves up as trusted travelers.
    No system is going to be perfect. That is at least a 
reasonable alternative that allows people to volunteer to make 
the choice of which type of privacy intrusion they will accept, 
the physical one at the airport or the electronic one in 
getting the trusted traveler, so at least it has a virtue of 
choice. That is a reasonable alternative to think about.
    Mr. Lynch. Thank you, Mr. Chairman.
    Mr. Putnam. The ACLU has stated TSA will ``drown security 
screeners in an ocean of private information. Some of the data 
will be fraudulent and much of it just plain wrong.'' That 
statement was printed after our last hearing and is in direct 
conflict to what Admiral Loy described as CAPPS II doing. What 
is that assertion based on?
    Mr. Steinhardt. It is based on the privacy notice which the 
Department of Transportation published which they now admit was 
their first description of the CAPPS II Program. I have had the 
opportunity to meet with Admiral Loy. We spent 3 days with his 
staff at Wye River and had a long discussion about the CAPPS 
Program. I have great faith in Admiral Loy and I believe he is 
a man of good will. I believe his staff are people of good 
will.
    The initial description of the CAPPS II Program was the one 
they published in the Federal Register. There has been a 
shifting description of what CAPPS II now is. They describe it 
differently in Wye River than they did to representatives of 
the European Commission we met with a couple of weeks ago. It 
is difficult to know exactly what CAPPS II is. It is difficult 
to know what is in the black boxes they are going to check 
after they do the identity checks. It is important to remember 
CAPPS II as they currently describe it is a two-step process. 
The first is an identity check, name, home address, home phone 
number and date of birth. The second is a check against the 
black boxes and we don't know what is in the black boxes. They 
have described what is in the black boxes differently at 
different times. It seems to me it certainly is Congress' 
responsibility to try to find out what is in the black boxes.
    Mr. Putnam. Does the use of factual data analysis or data 
mining automatically suggest an erosion of civil liberties?
    Mr. Steinhardt. I guess the short answer to that question 
is no. The question is are we going to build systems of the 
size and complexity of either TIA or CAPPS II which inevitably 
will be used to erode civil liberties and will inevitably be 
used for purposes other than the purposes for which they are 
now being proffered.
    Clearly we engage in a certain amount of data mining, 
police officers, law enforcement officers engage in a certain 
amount of data mining anytime they do an investigation. So we 
are not inalterably opposed to the concept that law enforcement 
or intelligence agencies engage in factual investigations. 
There is a form of data mining going on every time they do 
that.
    Mr. Putnam. But I presume your preference and your 
agreement with its proper role is after an incident and after 
an investigation has begun rather than prior to a bad 
occurrence, an event? In other words, you are investigating, 
your data mining, you are narrowing down based on suspects that 
were developed as a result of evidence that was collected after 
a bad thing happened as opposed to prospectively looking for 
patterns among innocent people because a bad thing has not yet 
occurred. Is that a fair characterization of your position?
    Mr. Steinhardt. I suppose it is but importantly we hold 
that view because we don't think what you have just described 
actually works. Does it in fact make us safer? That is not to 
say they had some good reasons to suspect a person is going to 
commit a crime, they can't investigate but to search through 
what amounts to billions of pieces of data looking for patterns 
in the sort of speculative way that TIA would do it, I don't 
think they have demonstrated you can pick out the bad guys and 
it won't wind up being a diversion of scarce resources that 
could be more wisely spent on other enterprises.
    Mr. Putnam. Again, your objection is based on its 
ineffectiveness, not its intrusiveness?
    Mr. Steinhardt. No. What I suggested is there is a two step 
process here. First, the obligation it seems to me is on the 
part of the proponents of the systems to demonstrate it will be 
effective; that you as a Member of Congress ought to vote to 
appropriate them funds to do x instead of y because x is going 
to be effective. That is the first question. We don't even have 
to reach the civil liberties issues if they can't demonstrate 
it is going to be effective.
    If a proposal is effective or reasonably effective, I don't 
mean 100 percent efficiency, then we need to begin to ask the 
question how do we balance our freedoms against whatever 
intrusion that proposal will cause. The first question is, is 
it going to work.
    Mr. Putnam. That is a fair point.
    There are volumes of information already publicly available 
about any given individual. Technology now allows us to 
access--in seconds rather than days--when political campaigns 
or newspaper reporters dispatch investigators to the tax 
collector's office, the property appraiser's office, the 
supervisor of elections office, and the county court house to 
look for criminal records and things like that. It can all be 
theoretically accessed in seconds if the stovepipe data bases 
are connected.
    Assuming factual data analysis can be an effective law 
enforcement and national security tool, at what point on the 
list of transactional data on the chart you provided, which of 
those categories of data then become inappropriate? Is 
financial data appropriate or inappropriate? Is educational 
data appropriate or inappropriate? What about travel history, 
medical history, entry into the country? What then becomes 
appropriate and what is not? Is it only things that are already 
publicly held information that is accessible to any American 
and not just the TSA law enforcement investigator or is it 
every conceivable thing law enforcement can get their hands on 
to prevent another September 11?
    Mr. Steinhardt. You know the difficulty we have now as you 
suggest is the fact so much information has become available. 
TIA crystallized that not only are these disparate pieces of 
information available out there publicly both to the government 
and to non-governmental actors, but now they can all be tied 
together. That is what TIA proposes to do. Paint this portrait 
of us.
    There is a lot of information on that chart I don't think 
the government ought to have access to unless it has some 
reasonable cause to have access. That is what the fourth 
amendment requires, medical information, financial information, 
education records, all those sorts of things.
    It is important to look at the overall construct. TSA 
proposes to build a system that ties together all these 
individual strands about our lives to create this portrait of 
us. That is what I meant by the surveillance society. TIA is an 
example of how this surveillance society would operate. Tie all 
the strands together, paint these portraits, the portraits may 
or may not be true to life but they will be painted and we will 
have to live with the consequences of having those portraits 
painted. That is the direction in which we are moving.
    It seems to me the Congress can step in and say wait, we 
need to develop some rules about how we are going to use not 
only individual data but when and how you can tie together all 
this data. Congress did the right thing with TIA when it called 
time out and said you can't use it on Americans and you can 
make a report to us on how the system works, whether it works 
and what its consequences are for civil liberties.
    Mr. Putnam. Mr. Rosenzweig.
    Mr. Rosenzweig. I think Mr. Steinhardt and I have a 
different conception of how TIA is going to operate which is 
one of the reasons why congressional oversight is vital. As I 
understand it, in terms of pattern analysis, in terms of 
assessing patterns within the data streams, this isn't going to 
be a sifting in of millions of pieces of information of 
education and medical records and all. It is going to be 
pushing out into the data a query based upon models developed 
by people who have sat around and said if we are going to blow 
up the Golden Gate Bridge, what are the things we are going to 
have to do that would leave trails in data space, what 
purchases are we going to have to make, what travel are we 
going to have to do.
    It is clear as far as that inquiry goes, the success or 
failure of TIA will turn upon the utility of our model. If we 
develop the model of people who rent trucks and buy fertilizer, 
that will capture not only Timothy McVeigh but most farmers in 
Nebraska. That would be a really bad model.
    It will need to be a broader model, maybe rent trucks, buy 
fertilizers, pay cash, have previous membership in the Montana 
Militia, etc. until it gets to a narrow enough group. 
Otherwise, it is useless.
    For access to the highly personalized information of a 
particular person, the likelihood of that being a necessity 
will only increase when the number of names gets down to very 
small, particularized groups. That is as it should be. To be 
candid, if we have a list of five names that some intelligence 
source in Lebanon has given us are in the United States and are 
planning terror, it is appropriate I think to want to be able 
to link the data bases together so we can try and find out 
whether or not we can get the information on these people.
    To a large degree, TIA is about increasing efficiency. All 
the information on that list, your financials, your medical, 
education, is already available to the government once your 
name becomes a legitimate subject of inquiry. Almost none of 
those areas of data information have privacy restrictions that 
prevent access to them in the case of criminal investigations. 
In almost all of those instances, the data can be accessed 
without notice to the original source of the data, the 
individual who is the subject of the investigation. Often 
notice is required to the data holder, your bank, your medical 
provider, that sort of thing.
    TIA is not going to change those rules or shouldn't change 
those rules. The same rules that apply today to the rights of 
law enforcement to have access to private information about you 
should apply in the future when you access through TIA.
    TIA will instead of taking as it took the FBI 9 months and 
100 agents to develop a picture of what the 19 terrorists did 
in the 2-months before September 11, it will allow it to happen 
more quickly. If we have a narrowly enough focused search, that 
is a good thing, not a bad thing.
    Mr. Putnam. The gentleman from Ohio, do you have further 
questions?
    Mr. Lynch. No.
    Mr. Putnam. The gentleman from Massachusetts?
    Mr. Turner. No.
    Mr. Cohen. May I?
    Mr. Putnam. Please do.
    Mr. Cohen. I think some of the last comments were actually 
apropos and right on. I think the key to building this type of 
system is to have the ability to take in real time intelligence 
information and make modifications. For example, when Mohammed 
Atta and his roommate received within a 6-week period a number 
of suspicious wire transfers that all fit within the 
requirements of suspicious transaction reports, it should have 
been put on file with the Treasury Department. That in itself 
does not mean they are part of a hijacking scheme. It could be 
they are a drug trafficker, or they could be importing 
legitimate goods.
    If the system is structured right, it would also be able to 
pull in additional information such as intelligence information 
which indicates people are going to flight schools. The same 
individual was on an FAA report leaving a plane on a runway in 
Miami International Airport. The key is to make sure the system 
is flexible enough and structured enough so that it can bring 
in these different types of data sources.
    To your earlier question about where do you draw the line, 
you can't draw the line. There is no line because they are all 
interlinked. I would argue if you build a system that is only 
going to help identify foreign terrorists but not identify 
someone like Tim McVeigh whose goal was very similar, or you 
are going to somehow try to separate artificially identifying 
folks involved in violent crimes from people involved in 
violent terrorist acts, you are not going to be able to 
construct a system and you are going to pour a lot of money 
into something that is not going to work very effectively.
    The flip side of that, if you go into the design of the 
system understanding that not only can it help you protect the 
Nation from terrorism but it is also going to help you protect 
the streets of our communities from violent criminal activity 
and build the system based on that understanding, you can then 
put in the protections which would reduce abuses of that 
capability.
    Mr. Putnam. You don't think there is an ability to draw 
some line on acceptable criminal behavior that would be 
enforced, a line at which you would not pick up people who are 
behind in paying their child support but you would pick up 
someone who just escaped from a south Florida prison?
    Mr. Cohen. I think the way you structured your question 
earlier sort of identifies or illustrates the difficulty. The 
person who is involved in failure to pay child support; the 
person who is involved in cigarette smuggling; the person 
involved in making fraudulent drivers licenses; may actually be 
a terrorist. If you create a system that artificially separates 
those different actions, you may be building a system that 
isn't as effective as it could be.
    If you go back and look at the activities of the hijackers 
in the time period preceding the hijackings, you find they had 
all kinds of run-ins with local police and local authorities. 
It wasn't until we went back after the fact that we were able 
to see if we only had a system that would have allowed us to 
connect all these dots together.
    The other thing I would say is we don't want to necessarily 
build a system that only helps address the last attack. We have 
to build a system that is going to allow us to prevent the next 
attack, whether a suicide bombing, some other type of attack 
different than hijacking an airplane and crashing it into a 
building.
    Mr. Putnam. You make the point in your testimony when you 
describe the breakdowns in law enforcement information sharing 
that the sniper attacks could have been prevented. You point 
out the State of Alabama's data base doesn't have access to 
Federal data bases, correct?
    Mr. Cohen. Yes, sir.
    Mr. Putnam. Later in response to a question, you said the 
creation and buildup of these local and State 
counterintelligence, counterterrorism, domestic information 
gathering operations is a good thing because you are spreading 
the eyes and ears around the country and you are developing 
people who have unique local expertise and things like that. I 
am paraphrasing you but you essentially said it was a good 
thing that the city of New York now has a tremendous 
intelligence operation as well as others.
    Are we spending the money in the right places if we are 
building up brand new counterintelligence networks in city 
police departments and State law enforcement agencies when they 
don't even have access to the data bases on common criminals?
    Mr. Cohen. No, we are not and that is part of the problem. 
We have to recognize while prevention and response activities 
ultimately include at a great level local authorities, local 
authorities themselves cannot do it alone. It is a very bad use 
of money to simply allow each individual local jurisdiction to 
come up with their own homeland security strategy that is not 
connected with their neighbor, not connected on a regional 
basis and not coordinated on a statewide basis and feeds in. 
What you described is exactly what is happening right now.
    We haven't come up with a detailed, national comprehensive 
plan that defines the roles and responsibilities of how the 
city of Miami links with Dade County from how they are going to 
work together, what assets they are going to merge and how that 
fits into the whole statewide approach.
    The problem is because there hasn't been, from a State and 
local perspective, that strong direction and because at the 
State and local level, people feel they need to be doing 
something, you are beginning to see the emergence of a lot of 
non-linked, duplicative efforts.
    Mr. Putnam. So we are creating more stovepipes even as we 
seek a streamlined data base?
    Mr. Cohen. Absolutely. My concern is that 2 or 3 years down 
the road when we are doing the after action study on how we 
spent this money, people will find we spent billions and 
billions and have not gone as far as we could have and in some 
respects, the funding has been wasted.
    Mr. Putnam. You were pretty blunt in your testimony that 
very little progress if any has been made in information 
sharing and analysis across the law enforcement community since 
September 11, even though everyone acknowledges the problem. 
What is the single greatest obstacle to that coordination or 
what is causing this breakdown or this failure?
    Mr. Cohen. It is not a lack of money; it is not technology. 
It is leadership and whether on a State or national level, we 
haven't made it a priority yet to fix this problem. If you 
think about the whole universe of what is homeland security, 
that is a pretty big challenge to have to deal with. There are 
a lot of issues and a lot of people identifying what the 
priorities should be. Should it be ports, air travel systems, 
CAPPS, TIA? I think we need to take a step back, need to stop 
operating in the emergency response mode of thought and start 
looking long term.
    We do not have the resources in this country at the State 
and local level or even the Federal level to continue our 
approach to homeland security which I call the ``security 
guard'' approach. We don't know what the real targets are, so 
we are going to guard everything or harden as many things as we 
can. We are going to pull police officers out of their 
communities and do what we can to protect every nuclear power 
plant, every water treatment plant, every bridge. It is just 
impossible.
    The only way to counter that is to sort of reboot the 
computer and rethink the way we are doing it. We need to 
integrate homeland security into the day to day business of 
government, need to make sure everybody understands this is 
something we have to deal with every day, and we have to 
structure our information and communications systems in such a 
way that we are able to pull key data out of those to identify 
emerging trends.
    Is a broken lock at a water treatment plant a maintenance 
issue, or is it a terrorist organization or a criminal 
organization probing the security of that facility? We don't 
have the ability to do that today. A lot of Governors, a lot of 
mayors are beginning to think this is the way of the future. We 
have to make sure the Federal funding supports that thought 
process.
    Mr. Putnam. Then their ticket to more Federal money is to 
create the greatest threat scenario possible for their 
community?
    Mr. Cohen. You bring up an interesting point. There is no 
way for anyone to counteract. Obviously in the real world, 
local governments need money, so they will say we will use 
homeland security as a way for us to get additional funding to 
address infrastructure issues. I don't think that is 
necessarily a bad thing except for the fact there is no 
mechanism today for someone to say, city of Houston, your 
threat is actually higher than Salt Lake City, therefore, you 
should be prioritized.
    We have formulas that were created in years prior to 
September 11. We have formulas based on demographics or 
population because we haven't done a comprehensive, nationwide 
threat assessment and because we don't have a system in place 
that allows us to constantly reevaluate that on an ongoing 
basis. We have no way to really determine whether one city is 
more at risk than another except for conjecture, mathematical 
models, and non-specific or non-confirmed intelligence 
information.
    I come from a background of information driven policing. 
Police departments around the country have begun to become very 
effective in pulling data from a variety of sources, whether 
abandoned buildings, abandoned vehicles. They understand what 
are the causal factors of crime. They identify the data element 
they need, and management holds people accountable for 
addressing crime issues and preventing crime.
    That is the same approach we should be taking in homeland 
security but we have not identified that baseline yet to begin 
the process. From a priority perspective, that should be our 
top priority--comprehensive nationwide threat assessment. 
Create the baseline, and create a system so that we can 
constantly update and reevaluate. That is what guides funding 
decisions and operational decisions also.
    Mr. Putnam. Is there a difference in your outlook or your 
fears between a Federal agency engaging in factual data 
analysis in-house and them doing it on a contracting basis with 
a private firm? Is it irrelevant? Does it matter one way or the 
other to you as far as the applicability of privacy laws and 
things like that? Mr. Steinhardt.
    Mr. Steinhardt. Increasingly what we are finding is that it 
is difficult to draw a distinction between when the Government 
is doing something and when the private sector is doing 
something because government both contracts with the private 
sector, provide services and information and sometimes it 
compels the private sector to provide it with services or 
information. So it is very difficult.
    It seems to me though that when the Government is involved, 
it makes sense to apply Constitutional principles to the action 
whether the Government has hired someone to do it for it or not 
and that ought to be the touchstone that the most efficient way 
to use our resources at this point is to apply the 
Constitution. It makes Constitutional sense and makes law 
enforcement efficiency sense. We should be applying scarce 
resources we have in those circumstances where we have 
reasonable cause to believe someone has or will commit a crime. 
That ought to be the touchstone rather than these massive sets 
of speculations that TIA or CAPPS II suggest.
    One place to begin spending our scarce resources is to fix 
what is broken. I was stunned a few weeks ago to read a notice 
in the Federal Register by the Department of Justice in which 
they said the National Crime Computer [NCIC], was a data base 
they could no longer stand behind the accuracy of. They wanted 
to be exempted from the requirement that this data base, our 
central repository of criminal justice records, is accurate.
    Mr. Putnam. Who did that?
    Mr. Steinhardt. The Justice Department. That was a stunning 
development. For many years, many of us believed the NCIC was 
full of garbage but here the Justice Department is saying not 
only do we agree it is full of mistake but we are no longer 
willing to stand behind it. That is frightening both from a 
civil liberties perspective because of the mistakes that are 
going to be made but it is also frightening from a security 
perspective, that you have a central data base that law 
enforcement is relying on at both the State, local and Federal 
levels and it is simply full of inaccuracy. That is the kind of 
thing that might be an appropriate opportunity for this 
subcommittee to look at, what systems do we already have in 
place, how accurate are they?
    The ACLU is not opposed to the concept we have a 
centralized repository of criminal justice information but it 
ought to be accurate both from a civil liberties and a security 
perspective.
    Mr. Putnam. Mr. Rosenzweig.
    Mr. Rosenzweig. To answer your question, the key to 
oversight and therefore control is accountability. To the 
extent that outsourcing the operation of a system diminishes 
the accountability of Federal officials who you will call to 
account for the operation of the system, it is to be generally 
disfavored.
    There is obviously no hard and fast rule and there are some 
things that are far more efficient to use contractors for and 
we should obviously want to do whatever we do with the 
government dollar in the most efficient and effective manner.
    As a general rule, I would urge you to ensure that any 
system that is put in place retains a high degree of 
accountability in high level administration officials who you 
can demand come here and tell you how CAPPS II or TIA is 
working or not working.
    Mr. Putnam. The Wyden amendment was put on the Omnibus Bill 
so it is a 1-year issue. What do each of you see as being 
Congress' timeline for action and what do you see that action 
as being between now and the expiration of the Wyden amendment? 
What does the post-Wyden world look like from your perspective 
and the timeline for that?
    Mr. Rosenzweig. I would like to see Congress consider a 
program like TIA and authorize additional research in the 
program. I would urge the research contain a series of 
guidelines as to what Congress considers an acceptable program, 
one that retains accountability. We didn't talk about the 
necessity of an audit trail but I have listed a dozen different 
recommendations in the written testimony that in suitable 
legislative language ought to be incorporated in any 
authorization.
    When and if the concept proves itself to be potentially 
effective, since I agree with Mr. Steinhardt that we don't have 
to address the liberties questions unless and until the 
research says we can do the thing, those who would use it, the 
FBI, DHS, CIA, come back and seek further authorization to 
deploy the system.
    Mr. Steinhardt. Actually your first responsibility begins 
today. Today is literally the deadline for DARPA and other 
Federal agencies involved to submit a report to the Congress in 
response to the Wyden amendment on the TIA Program.
    We suggested in my testimony a series of questions we hope 
you will ask about that report. It seems to me the Congress 
needs to carefully scrutinize this report before it authorizes 
any further construction of the Total Information Awareness 
Program, you certainly ought to put a halt to it until you 
satisfy yourselves that it both will be effective and will 
protect our freedoms.
    Mr. Putnam. Recognizing that DARPA is a research agency and 
their business is high risk research, isn't it a bit unusual to 
apply a proof of success test to a research agency whose very 
mission is to continue to work things through until they prove 
they are successful or not. We don't make cancer research funds 
contingent upon finding the cure by a certain date. We 
understand the nature of the scientific process is you continue 
to seek answers based on a hypothesis and the data you collect 
in your experimentation. Is that a bit of an unusual standard?
    Mr. Steinhardt. Here you are talking about fundamental 
liberties at stake, in some respects the construction of our 
society. I don't think it is unusual at all for Congress to say 
before we appropriate half a billion dollars, to build a 
prototype system, TIA, that we want some demonstration that 
this is likely to work as opposed to other possibilities we 
have for that half a billion dollars that could be spent.
    The Wyden amendment does not prohibit them from going 
forward with research and they are going forward with research. 
I am curious to see what this report says about what they 
regard as the likely effects from this program and how they 
came to those conclusions. I urge you to look closely at that 
as well. As an appropriator you need to make decisions about 
how to spend half a billion dollars. You need to have some 
assurances that there is a likelihood of success.
    Mr. Putnam. Mr. Cohen.
    Mr. Cohen. The only thing I would add to what Mr. 
Rosenzweig and Mr. Steinhardt said is at the end of the day is 
that the best use of half a billion dollars? If our local and 
State criminal justice systems, which are going to be a key 
part of an effective TIA system, still don't work; if in 
Maryland you are only able to enter one warrant per person, so 
if Montgomery County has an open container warrant for John 
Cohen, and the Eastern Shore wants to put a robbery warrant in 
the system, you can't do it because of the way the system is 
structured, the question becomes: where would half a billion 
dollars be spent more effectively, research on TIA or making 
sure each State has a robust and interconnected, integrated 
justice system?
    Mr. Putnam. Before we conclude, is there other final 
comments any of you would like to make or a question of a 
fellow panelist that you have not heard today?
    Mr. Steinhardt. I was going to suggest I think the one 
thing we all agree on is that we have taken enough of the 
committee's time.
    Mr. Putnam. This is a very important issue and this is not 
the end of the committee's work on this issue. As all of you 
have pointed out, the report due today will be an important 
next step to the further congressional involvement in this 
matter.
    I want to thank all of you for your outstanding insight and 
comments and I thank the members of the subcommittee who 
participated.
    In the event there may be additional questions we did not 
get to today, the record will remain open for 2 weeks for 
submitted questions and answers which all of you will be 
expected to respond to.
    Thank you all very much.
    [Whereupon, at 12:15, the subcommittee was adjourned, to 
reconvene at the call of the Chair.]

                                  