[House Hearing, 111 Congress] [From the U.S. Government Publishing Office] NATIONAL ARCHIVES AND RECORDS ADMINISTRATION ORGANIZATIONAL ISSUES ======================================================================= HEARING before the SUBCOMMITTEE ON INFORMATION POLICY, CENSUS, AND NATIONAL ARCHIVES of the COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM HOUSE OF REPRESENTATIVES ONE HUNDRED ELEVENTH CONGRESS FIRST SESSION __________ JULY 30, 2009 __________ Serial No. 111-70 __________ Printed for the use of the Committee on Oversight and Government Reform Available via the World Wide Web: http://www.gpoaccess.gov/congress/ index.html http://www.oversight.house.gov U.S. GOVERNMENT PRINTING OFFICE 58-132 WASHINGTON : 2010 ----------------------------------------------------------------------- For sale by the Superintendent of Documents, U.S. Government Printing Office, http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, U.S. Government Printing Office. Phone 202�09512�091800, or 866�09512�091800 (toll-free). E-mail, [email protected]. COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM EDOLPHUS TOWNS, New York, Chairman PAUL E. KANJORSKI, Pennsylvania DARRELL E. ISSA, California CAROLYN B. MALONEY, New York DAN BURTON, Indiana ELIJAH E. CUMMINGS, Maryland JOHN M. McHUGH, New York DENNIS J. KUCINICH, Ohio JOHN L. MICA, Florida JOHN F. TIERNEY, Massachusetts MARK E. SOUDER, Indiana WM. LACY CLAY, Missouri JOHN J. DUNCAN, Jr., Tennessee DIANE E. WATSON, California MICHAEL R. TURNER, Ohio STEPHEN F. LYNCH, Massachusetts LYNN A. WESTMORELAND, Georgia JIM COOPER, Tennessee PATRICK T. McHENRY, North Carolina GERALD E. CONNOLLY, Virginia BRIAN P. BILBRAY, California MIKE QUIGLEY, Illinois JIM JORDAN, Ohio MARCY KAPTUR, Ohio JEFF FLAKE, Arizona ELEANOR HOLMES NORTON, District of JEFF FORTENBERRY, Nebraska Columbia JASON CHAFFETZ, Utah PATRICK J. KENNEDY, Rhode Island AARON SCHOCK, Illinois DANNY K. DAVIS, Illinois ------ ------ CHRIS VAN HOLLEN, Maryland HENRY CUELLAR, Texas PAUL W. HODES, New Hampshire CHRISTOPHER S. MURPHY, Connecticut PETER WELCH, Vermont BILL FOSTER, Illinois JACKIE SPEIER, California STEVE DRIEHAUS, Ohio ------ ------ Ron Stroman, Staff Director Michael McCarthy, Deputy Staff Director Carla Hultberg, Chief Clerk Larry Brady, Minority Staff Director Subcommittee on Information Policy, Census, and National Archives WM. LACY CLAY, Missouri, Chairman PAUL E. KANJORSKI, Pennsylvania PATRICK T. McHENRY, North Carolina CAROLYN B. MALONEY, New York LYNN A. WESTMORELAND, Georgia ELEANOR HOLMES NORTON, District of JOHN L. MICA, Florida Columbia JASON CHAFFETZ, Utah DANNY K. DAVIS, Illinois STEVE DRIEHAUS, Ohio DIANE E. WATSON, California Darryl Piggee, Staff Director C O N T E N T S ---------- Page Hearing held on July 30, 2009.................................... 1 Statement of: Thomas, Adrienne C., Acting Archivist of the United States, National Archives and Records Administration, accompanied by Gary M. Stern, General Counsel, the National Archives and Records Administration, and Sharon Thibodeau, Deputy Assistant Archivist for Records Services; and Paul Brachfeld, Inspector General, National Archives and Records Administration............................................. 6 Brachfeld, Paul.......................................... 18 Thomas, Adrienne C....................................... 6 Letters, statements, etc., submitted for the record by: Brachfeld, Paul, Inspector General, National Archives and Records Administration, prepared statement of.............. 21 Clay, Hon. Wm. Lacy, a Representative in Congress from the State of Missouri, prepared statement of................... 3 McHenry, Hon. Patrick T., a Representative in Congress from the State of North Carolina, prepared statement of......... 29 Thomas, Adrienne C., Acting Archivist of the United States, National Archives and Records Administration, prepared statement of............................................... 9 NATIONAL ARCHIVES AND RECORDS ADMINISTRATION ORGANIZATIONAL ISSUES ---------- THURSDAY, JULY 30, 2009 House of Representatives, Subcommittee on Information Policy, Census, and National Archives, Committee on Oversight and Government Reform, Washington, DC. The subcommittee met, pursuant to notice, at 2:40 p.m. in room 2154, Rayburn House Office Building, Hon. Wm. Lacy Clay (chairman of the subcommittee) presiding. Present: Representatives Clay, McHenry, and Norton. Staff present: Darryl Piggee, staff director/counsel; Frank Davis, professional staff member; Jean Gosa, clerk; Charisma Williams, staff assistant; Charles Phillips, minority chief counsel for policy; Adam Fromm, minority chief clerk and Member liaison; Howard Denis, minority senior counsel; and Chapin Fay and Jonathan Skladany, minority counsels. Mr. Clay. The Information Policy, Census, and National Archives Subcommittee will now come to order. Good afternoon and welcome to today's hearing entitled, ``National Archives and Records Administration Organizational Issues.'' Without objection, the Chair and ranking member will have 5 minutes to make opening statements, followed by opening statements not to exceed 3 minutes by any other Member who seeks recognition. Without objection, Members and witnesses may have 5 legislative days to submit a written statement or extraneous materials for the record. The purpose of today's hearing is to examine the loss of an external hard drive containing data from the Executive Office of the Clinton administration. We will hear from the Acting Archivist, Adrienne Thomas, and the NARA Inspector General, Paul Brachfeld, and we hope to get real insight into how the security breach occurred and what steps have been taken, and what steps should be taken to tighten security at NARA facilities. The missing hard drive, which is a backup copy, contained the entire computer files of 113 White House employees. Their entire computer files were downloaded and stored on a hard drive and later transferred to the backup hard drive that is now missing. Classified documents and personally identifiable information of former Clinton administration staff and visitors to the White House are now exposed. Before we continue with this hearing, let us be very clear that the subcommittee has no intention of interfering or impeding the investigations currently being conducted by the NARA Inspector General, the Secret Service, or the Federal Bureau of Investigation. We urge everyone's cooperation with these investigations and I thank all of our witnesses for appearing today and look forward to their testimony. [The prepared statement of Hon. Wm. Lacy Clay follows:] [GRAPHIC] [TIFF OMITTED] T8132.001 [GRAPHIC] [TIFF OMITTED] T8132.002 Mr. Clay. Now, we are on a tight schedule today, so what I am going to do is, normally we would yield to the ranking member, who is not here yet. When he gets here, he will be allowed an opening statement, but I will swear the witnesses in. I will introduce you and swear you in, and hopefully by the end a minority Member will be here. Let me first introduce the panel. We will hear first from Ms. Adrienne Thomas, Acting Archivist of the U.S. National Archives and Records Administration. Ms. Thomas is currently the Acting Archivist of the United States. Prior to her appointment as Acting Archivist in December 2008, Ms. Thomas served as the Deputy Archivist of the United States. Ms. Thomas has been with the National Archives for 38 years, beginning as an Archivist Trainee in the Office of Presidential Libraries, and subsequently holding a number of policy and administrative roles. Ms. Thomas will be accompanied by Mr. Gary M. Stern, General Counsel for the National Archives and Records Administration. Welcome to both of you. Our next witness will be Mr. Paul Brachfeld, Inspector General, National Archives and Records Administration. Mr. Brachfeld serves as the IG of NARA and as the IG for NARA, he oversees the conduct and execution of all audits, investigations and inspection for the agency, in compliance with provisions of the Inspector General Act of 1978 as amended. Mr. Brachfeld's entire career has been devoted to investigative activities since graduating from the University of Maryland College Park in 1979. Go Terps. And today, he brings 10 years of experience as the NARA Inspector General and 30 years of exceptional service to the U.S. Government. Currently at NARA, Mr. Brachfeld's tenure has included the recovery of hundreds of stolen archival holdings and related successful prosecutions of identified subjects. And we look forward to his testimony. I want to welcome all of you to our hearing today, and it is the policy of the Oversight and Government Reform Committee to swear in all witnesses before they testify. Would all of you please stand and raise your right hands? [Witnesses sworn.] Mr. Clay. You may be seated. Thank you. Let the record reflect that the witnesses answered in the affirmative, and each of you will have 5 minutes to make opening statements. Your complete written testimony will be included in the hearing record. The yellow light will indicate that it is time to sum up. The red light will indicate that your time has expired. Ms. Thomas, you may begin your opening statement. STATEMENTS OF ADRIENNE C. THOMAS, ACTING ARCHIVIST OF THE UNITED STATES, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION, ACCOMPANIED BY GARY M. STERN, GENERAL COUNSEL, THE NATIONAL ARCHIVES AND RECORDS ADMINISTRATION, AND SHARON THIBODEAU, DEPUTY ASSISTANT ARCHIVIST FOR RECORDS SERVICES; AND PAUL BRACHFELD, INSPECTOR GENERAL, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION STATEMENT OF ADRIENNE C. THOMAS Ms. Thomas. Thank you, Chairman Clay and members of the subcommittee. I appreciate this opportunity to discuss a recent security incident that is a serious breach of the trust placed in the National Archives to protect our Nation's records. NARA learned in late March that an external computer hard drive containing copies of Clinton Administrative Executive Office of the President records was missing from the electronic records processing room. As the Acting Archivist, and as someone who has devoted my entire 39-year career to the National Archives, I am deeply angered that a NARA employee or contractor may have intentionally removed this item. With me today are NARA's General Counsel and Senior Agency Official for Privacy, Gary Stern, and Sharon Thibodeau, Deputy Assistant Archivist for Records Services. The loss of the hard drive occurred while NARA was conducting preservation processing of electronic media received from the Executive Office of the President [EOP], at the end of the Clinton administration. Tapes containing snapshots of the contents of the working drives of EOP employees were copied by a contractor to new media to prevent deterioration. On September 18, 2008, two My Book hard drives created by the contractor were delivered to NARA. The hard drives were labeled master No. 2 and backup No. 2. The two hard drives were taken to suite 5300 at the National Archives in College Park and placed on a shelf in the unclassified electronic records processing room within the suite. At the time, approximately 85 NARA employees and contractors had badges that opened the three doors to the office area of the suite. Individuals with badge access to suite 5300 also had access to the electronic records processing room for unclassified records. On October 30th, the work of verifying the records on the hard drive was assigned to an information technology specialist. Work was performed only on the master No. 2 hard drive, not the backup No. 2, which would later be missing. On February 5, 2009, the IT specialist placed the master No. 2 hard drive into its original manufacturer's box and noted that the backup No. 2 hard drive was in a similar adjacent box. The two boxes remained on a shelf in the processing room and no additional work was done on the hard drive until March 24, 2009, when the IT specialist discovered that the box that had contained backup No. 2 hard drive was empty. The master No. 2 hard drive was still in its box. An immediate division-wide search was initiated. On April 2, 2009, the Inspector General, General Counsel and I were informed of the loss. While the Office of the Inspector General continues its investigation, there are currently no facts to determine whether the drive was stolen or misplaced and no suspect has been identified. NARA has offered a reward of up to $50,000 for information that leads to the recovery of the missing hard drive. NARA staff reviewed the master No. 2 hard drive and discovered that it contained numerous files containing personal names and Social Security numbers. In addition, NARA also found a small number of files that contained markings indicating they may contain classified information. While information from the EOP provided at the time of transfer indicated that the hard drives did not contain classified data, we believe EOP employees must have accidentally or improperly stored some classified information on their unclassified computers. We are compiling a list of those individuals who may have had their personal information compromised and a credit monitoring contractor is notifying these individuals as they are identified. To date, approximately 15,750 notification letters have been mailed. NARA is offering each individual 1 year of free credit monitoring services and fraud protection. To date, 796 individuals have signed up for the credit monitoring services. Because of the extremely large volume of data on the drive, over 8.7 million individual files, we do not yet know the total number of individuals whose privacy has been affected. NARA has taken steps to improve internal security in our Electronic Records Division. First, we have added separate bad access controls to the doors opening the processing rooms in suite 5300. There are now only entrances to the processing room and only individuals with badges programmed to open these doors may enter the processing room. All others must sign the log and be accompanied by an authorized person while in the room. Second, we conducted an audit of all electronic media containing personally identifiable information and moved it to a separate locked block of shelving within a locked stack area accessible only to authorized employees. Finally, all NARA staff are required to complete training on how to handle sensitive information, including the new security procedures. The Office of Records Services is also conducting unannounced inspections of all records branches and divisions on a periodic basis, and supervisors are required to do periodic walk-through inspections during the day. When the investigation of this incident by NARA's Office of Inspector General and Secret Service is completed, I can assure you that we will act on the results with swift and appropriate disciplinary actions if it is determined that any NARA employees were responsible for removing the hard drive or failed to adhere to proper records handling procedures. The National Archives is a public trust and the 3,000 women and men who work at NARA's 44 facilities across the country take their job and that trust very seriously. Every day, our staff performs work that is vital to our democracy by preserving and safeguarding the more than 9 billion records that make up the National Archives of the United States. At the same time, we must balance safeguarding the records with providing the people of this country access to those records. As with any endeavor that relies on the work of human beings, our work, despite our best efforts and intentions, is subject to error. However, the loss of even one record or breach, even one individual's personal information is unacceptable. And I assure you that NARA will continue to improve our security procedures and ensure that all staff is inculcated with the importance of following these procedures. Given the seriousness with which we take this loss, I am thankful for the opportunity to testify and I will try to answer any questions that you may have. [The prepared statement of Ms. Thomas follows:] [GRAPHIC] [TIFF OMITTED] T8132.003 [GRAPHIC] [TIFF OMITTED] T8132.004 [GRAPHIC] [TIFF OMITTED] T8132.005 [GRAPHIC] [TIFF OMITTED] T8132.006 [GRAPHIC] [TIFF OMITTED] T8132.007 [GRAPHIC] [TIFF OMITTED] T8132.008 [GRAPHIC] [TIFF OMITTED] T8132.009 [GRAPHIC] [TIFF OMITTED] T8132.010 [GRAPHIC] [TIFF OMITTED] T8132.011 Mr. Clay. Thank you so much, Ms. Thomas. Mr. Brachfeld, you are up next. STATEMENT OF PAUL BRACHFELD Mr. Brachfeld. Mr. Chairman and members of the subcommittee, I thank you for offering me the opportunity to testify today. I have been called before the subcommittee to provide testimony on the circumstances surrounding an external computer hard drive missing from the National Archives and Records Administration which contained a vast amount of material from the Clinton administration, including Presidential Record Act [PRA], material. The Presidential Record Act of 1978 governs the official records of the President and Vice President created or received after January 20, 1981. The PRA changed the legal ownership of the official records of the President from private to public and established a new statutory structure under which Presidents must manage their records. I trust that in reaction to the loss of a hard drive, new policies, procedures and processes will be defined and implemented at NARA, and certainly my office will evaluate these actions, provide guidance and appropriate independent and skilled oversight. However, our focus now is on the criminal investigation of the disappearance of the hard drive capable of holding two terabytes of our government's information, and which my forensic investigator informs me was essentially filled with data. At the outset, I must say I am not able to talk about all aspects of the investigation at this time. This is an ongoing criminal investigation which may have elements affecting national security. Therefore, I know that the Chair and members of this distinguished committee would not wish me to provide any information that could potentially damage the investigation's integrity or potential success. Currently, we are working with the assistance of the U.S. Secret Service and the Federal Bureau of Investigation to more precisely identify the content of the hard drive. However, an initial cursory review identified that thousands of examples of personally identifiable information [P.I.] data, reside on the hard drive. We reported this to NARA management officials and they have hired a contractor to further analyze this P.I. aspect and provide breach notification per OMB requirements. I should also note that at my request, the Special Agent in charge of the Secret Service Washington Field Office generously made their 24/7 hotline operation available to us in order to support the investigation and potential recovery of the missing drive. In response to our suggestion, NARA has established a reward of up to $50,000 for information leading to the successful recovery of the missing hard drive. No productive leads have resulted to date from this action. The subcommittee has asked about the security in place at NARA at the time the hard drive went missing and after the hard drive went missing. The direct answer is that the controls in place were inadequate and what controls were in there were readily bypassed and obviously compromised on an ongoing and dynamic basis. Quite simply, this was an accident waiting to happen and now it has. As a direct result of these failures in controls, my office's capacity to investigate this incident has been severely compromised. The loss went unnoticed potentially for months. Conservatively speaking, at least 150 people had access to the area, and even rudimentary access controls such as badge or sign-in logs were not maintained or could be readily bypassed. While the drive was kept in an area ostensibly secured by a proximity card-reading lock, in practice this system failed. People could simply piggyback by going through the door when other persons opened it, and even worse, doors which should have been secured were propped open for ventilation purposes. It was also reported to my investigators that the processing area in which the hard drive went missing was used as a conduit or shortcut to the rest rooms. Therefore, it can be argued that the security for this area was no greater than the general security for the building as a whole. The loss of this hard drive holding PRA materials is not the only concern I have in this investigation. Many in the pool of potential subjects of this criminal investigation have access to the processing area where this drive disappeared, as well as more traditional storage or stack areas. Therefore, I cannot say with any confidence that data stored in these areas was not compromised. This includes the records of the 9/11 Commission, the Warren Commission, as well as large quantities of other national security holdings. In a benign case where proper controls were in place and a subject hard drive was lost or ruinously disposed of, one might take comfort that other data was not compromised. The facts dictate that I am afforded no such comfort. If the drive was deliberately removed, the person or persons could have just as readily removed other holdings or copied information onto other mediums. I am also deeply concerned about how NARA generally treated the category of Presidential data like that which was on the missing hard drive. Specifically, when the data was copied from original Executive Office of the President [EOP] computer tapes to modern hard drives, the copying was done by contractors offsite without any security requirements. NARA had a fixed price delivery order for the duplication of 1,428 such EOP computer tapes to external hard drives to include the missing hard drive. A small business was provided complete custody and control over the housing content of the EOP material. Amazingly, this contractor was one in a series of like contracts in which NARA was silent in addressing any security requirements for the tapes or the information which they held. In fact, the contractor made absolutely no mention of the sensitivity of these records, nor included a nondisclosure agreement. When handling and processing groups of PRA material, I would think it essential to institute appropriate measures for security over transport and processing of these records offsite by contractors. However, no such measures were identified. In this specific case, the tapes were sent offsite to a small storefront operation in New Jersey. The existing security at this location was rudimentary and clearly inadequate to protect and limit inappropriate access to PRA material. In a June 18, 2009 letter, Senator Charles E. Grassley asked the Acting Archivist of the United States: ``Do you recognize NARA is a national security agency?'' She stated, ``No. NARA is not a national security agency by any shared means of that term within the executive branch for which we are aware. NARA does not make nor does it implement national security policy. NARA's only relationship to national security is our responsibility for ensuring that those security classified records that come into our custody from other agencies are stored, protected and handled following the rules for which all agencies that handle classified records must adhere.'' I would submit that NARA has in this and other recent cases breached that relationship. While by some technical standards, NARA may not meet the traditional definition of a formal national security agency, the information and records we hold are vital to our Nation's security. What I will say specific to the loss of this hard drive is that the American people deserve better security and accountability than NARA has provided them. I can assure you that through our audits and investigations, management consultations and briefings, we will work to help NARA strengthen its internal control and security mechanism. While some corrective measures have, and I trust more will be taken, it is analogous to closing the barn door after the horse has left. The event has passed and damage done, the extent to which I cannot quantify for you today. I thank you for the opportunity to testify and am available to take questions. [The prepared statement of Mr. Brachfeld follows:] [GRAPHIC] [TIFF OMITTED] T8132.012 [GRAPHIC] [TIFF OMITTED] T8132.013 [GRAPHIC] [TIFF OMITTED] T8132.014 [GRAPHIC] [TIFF OMITTED] T8132.015 [GRAPHIC] [TIFF OMITTED] T8132.016 [GRAPHIC] [TIFF OMITTED] T8132.017 Mr. Clay. Thank you very much, Mr. Brachfeld. We have been joined by two additional Members. I will yield to Mr. McHenry for his opening statement. Mr. McHenry. I thank the chairman. Ms. Thomas, thank you for agreeing to join us today, this time, for the hearing. The topic today is, of course, the National Archives and Records Administration organizational issues, but I think that is sort of diminishing the import of this. And organizational issues I think is putting it lightly, the scope or the magnitude of the problem that we are facing. The National Archives is an agency with an extremely important function. It serves as the keeper of our Nation's valuable records, preserves government and historical records that include copies of acts of Congress, Presidential proclamations and Federal regulations. While the Archives maintains public access to some documents, other records contain highly sensitive data. Mr. Brachfeld, thank you for touching on the national security component in your testimony. And these must be secured to ensure our national security and shield personally identifiable information as well. The effectiveness of the Archives as protector of the records under its control is key to preserving our history and maintaining accountability in our government. The Archives conducts truly invaluable work, very important work, obviously, yet they are an agency that the public doesn't often hear much about. Unfortunately, they have been getting quite a lot of press lately, all of which or most of which seems to be negative. In May, the National Archives Inspector General, Mr. Brachfeld, notified Congress that an external hard drive containing national security information had gone missing from the agency's College Park facility sometime between October 2008 and March 2009, when its absence was first noticed. That drive contained one terabyte of information, and what we have come to know is that Clinton presidency records, the equivalent of which are millions of books full of information, as Mr. Brachfeld has previously put it. The missing data, including more than 100,000 Social Security numbers, the personal contact information of Presidential administration officials, the entire computer files of 113 former White House employees, Secret Service and White House operating procedures, and other highly sensitive information. Disturbingly, the missing hard drive was stored in an easily identifiable package, as Ms. Thomas testified to today, in a workspace that the Archives has already admitted was unsecured, unattended, and accessible to personnel without clearance. Even now, it is still not known whether the hard drive was misplaced, lost or stolen, or even when it actually went missing. It is my hope that the National Archives management would immediately react to what has been called a catastrophic loss by tightening security and accessibility at their College Park facility, particularly in the area which the hard drive was removed. However, when a bipartisan group of Oversight Committee staff visited the campus on July 17th, they observed many of the same deficiencies in security measures and left with the impression that a motivated criminal would be able to remove sensitive material with little to no resistance. Now, this is a bipartisan assessment. There wasn't much of an effort on the part of National Archives staff to even make it appear that substantive changes had been made to secure the location. To be fair, the pattern of material mismanagement of the National Archives precedes Ms. Thomas by quite a few years. We are still remembering Clinton administration official National Security Adviser Sandy Berger caught walking out of the Archives with his pants stuffed, or actually rather socks, stuffed full with classified uninventoried documents. There are many more alarming cases of negligence at the Archives, yet none as egregious as the disappearance of the hard drive. These include the disappearance of $6 million worth of taxpayer-funded equipment over the periods of 2002 to 2006, the disposal of countless original records from the Bureau of Indian Affairs with the Archives trash, and the disappearance of 55,000 pages of CIA and other Federal agency records right off the shelf in 2006. There is a prevalent culture of carelessness at the National Archives and it must be replaced with meticulous accounting for all materials, paper and electronic, and stringent security measures that restrict access of unauthorized employees to areas where confidential data is kept. On Tuesday, President Obama announced he had selected his nominee as Archivist to replace Ms. Thomas, David Ferriero. Quite frankly, I believe this announcement couldn't come soon enough. Mr. Ferriero has certainly had a lot of experience managing mass quantities of paper and electronic documents and other information in his tenure as director of Research Libraries at the New York Public Library, and I look forward to hearing about his qualifications and his plans for the National Archives at his Senate confirmation hearing, whenever the Senate really gets around to doing their job. And I thank the witnesses for appearing here today, and look forward to the testimony and explanation of how the hard drive full of sensitive information was lost or stolen. [The prepared statement of Hon. Patrick T. McHenry follows:] [GRAPHIC] [TIFF OMITTED] T8132.018 [GRAPHIC] [TIFF OMITTED] T8132.019 [GRAPHIC] [TIFF OMITTED] T8132.020 [GRAPHIC] [TIFF OMITTED] T8132.021 Mr. Clay. Thank you, Mr. McHenry. We will now go into the questioning stage of this hearing, and I will start it off with Ms. Norton for 5 minutes. Ms. Norton. Thank you very much, Mr. Chairman. I see why you called this hearing. It is a virtually mandatory hearing in light of the circumstances and the buildup of the security issues. Let me make sure what we are talking about, because as I looked at the testimony, I think it is Mr. Brachfeld's testimony, I tore it out, which says the hard drive contained examples of personally identifiable information. You know, the word secure information has been thrown around in the last several years so loosely. I am trying to understand what was on the hard drive. What does it mean by personally identifiable information? Mr. Brachfeld. Is that question directed at me, ma'am? Ms. Norton. Yes, Mr. Brachfeld, that is fine. Mr. Brachfeld. There is a technical definition for PII. For purposes of this hearing, what I will define is that OMB defines PII material to include Social Security numbers and like material that could be used to damage a person's security, banking, for identity theft, along those lines. It could be names, addresses, associates, that kind of information. As this information was a compilation from the Clinton administration, it was a compilation, it has information that was resided on individual computers, and thus there is information that meets that definition that resided on the hard drive that is missing. So again, it was a compilation of material. Ms. Norton. Have all of the parties whose information was compromised been so informed? Mr. Brachfeld. I will yield to the Acting Archivist. Ms. Thomas. We are in the process of identifying the individuals that need to be notified of the breach. Ms. Norton. When did the breach occur? Ms. Thomas. I am sorry? Ms. Norton. When did the breach occur? When was it noted? Ms. Thomas. At the end of March, actually on April 2nd it was reported to me, to Mr. Brachfeld, and to Mr. Stern that the hard drive had been lost. Ms. Norton. Considering the nature of information and that this is the month of almost August, are you saying that most of these parties have not been so notified? Ms. Thomas. We don't at this point know how many people's names and Social Security numbers are on the hard drive. Ms. Norton. Why do you not know that information? Ms. Thomas. There are 8.7 million individual files on this hard drive, and we have a contractor at this time trying to extract all of the data that they can to come up with the lists to go through---- Ms. Norton. Is that contractor, like this one, off the premises? This is another contracting out matter where people who apparently should not have been handling secure information were doing so. Now, where is this contractor located and why couldn't this be done on the premises so the hard drive would not have had, why did the hard drive have to leave the premises, I suppose is my question. Mr. Brachfeld. Mr. Brachfeld. Let me answer your last question. The process of copying the information from White House tapes or what were White House EOP employees' tapes to the hard drive was done offsite and that is what I testified regarding. That was done offsite up in New Jersey, and that is where I have raised significant security issues. The second part of your interest, which is on now attempting to mine and identify those individuals whose PII may have been compromised, that is under a separate contract which is being administered by the Archives. The reason it is taking so exceptionally long is this is probably, as far as I know through my 30-year career, this is probably the greatest challenge in trying to identify---- Ms. Norton. You are having to reconstruct essentially what was on the hard drive with nothing to go on? Mr. Brachfeld. What my investigators are trying to do and are now yielding the PII element to the contractor, what we are attempting to do is to use the latest forensic investigative software available. This is not normal data that sits in one standard language or one standard format. If you think about every record that you have ever captured over your career in different languages and different spread sheets and different formats, all being compressed into one entity. That is what has happened. It is not readily mineable and definable as one would think. Ms. Norton. So nobody's been notified as of now? Mr. Brachfeld. I yield. Ms. Thomas. We have sent I believe it is 15,000, somewhere between 15,000 and 16,000 letters have gone out to notify people of the breach of their information. Ms. Norton. Do you have any idea how long it will take before all of the parties have been notified? What kind of harm could be done in the meantime? Ms. Thomas. I think it is going to take several months. I think one of the things that this has made perfectly clear to us, it is very difficult to get the information off the hard drive. There are many different---- Ms. Norton. So you think that in terms of a nefarious act, someone trying to use the data, that would not be very easy to do? Ms. Thomas. Given that we have a contractor that was suggested to us by the National Security Agency as somebody that they had worked with, who they thought was the best in the field to try and do this, I do indeed believe that it is going to be difficult for anybody to extract this information from the hard drive. Ms. Norton. Well, Mr. Brachfeld, you said a criminal investigation is going on. Is there any possibility other than this being stolen that you would regard as a credible possibility? I mean, could it have been mislaid? If it had been mislaid, where would that have been, since there were only two places it should be, either the Archives or with the contractor? Mr. Brachfeld. I cannot dismiss any aspect as to whether or not it is missing, somebody took it for purposes of benign intent, just to use it for their own medium, or the worst case scenario, that it was taken for more nefarious purposes. That is a potential. I also want to state that people with the correct technologies and tools can mine this data. We have a contractor now that is trying to, my investigation is focusing on how it happened and what the impact of the loss is, and if we can find the subject. I am also looking at what classified material resided on that hard drive and other sensitive information. I am no longer involved in looking at the PII content. That has now been yielded to the contractor working for the National Archives. What I can say is, again, people with the capacity to read this data, the tools, can do it. My investigators, my forensic auditor could in fact pull up PII information fairly readily. Now, to find the tremendous quantity to issue PII letters, as the agency is doing, that is another subject. But certainly, somebody with, if they had that intent, and if in fact it really is out there and somebody is using it for that purpose, certainly they could pull P.I. information off of that drive. Ms. Norton. Mr. Chairman, could I just ask to the extent that there is a discovery of criminal use of this information that the chairman of this subcommittee be informed immediately? I don't know what people could do to protect themselves, but I think the worse thing to happen in a circumstance like this is not to even know that out there in the stratosphere and perhaps in the hands of thieves is all your personal information. And if it is discovered, it seems to me at such point it is discovered, if you are at 20,000 of 8 million or whatever, it seems to me that this committee should be informed at that point. Mr. Clay. Oh, for certain that will be made part of this official hearing record. Ms. Norton. Thank you very much, Mr. Chairman. Mr. Clay. Thank you for the question. Mr. McHenry, are you ready? Mr. McHenry. Yes. Ms. Thomas, how long have you been Acting Archivist? Ms. Thomas. Since mid-December 2008. Mr. McHenry. Since mid-December. Mr. Chairman, I am not familiar with most administration officials testifying with counsel at the desk. It seems to me a bit telling about the situation we are in, about how sensitive this is. But you know, Ms. Thomas, I know this predates you. I mean, this doesn't necessarily simply fall at your feet. So I mean, how long have you been with the Archives? Ms. Thomas. Thirty-nine years. Mr. McHenry. Thirty-nine years, full career. So you know, there have been studies on job satisfaction within the Federal Government. And I think it was American University's Best Places to Work in the Federal Government 2009, American University's Institute for the Study of Public Policy. Are you familiar with the study? Ms. Thomas. Yes. Mr. McHenry. Yes. It was telling to me, based on our Oversight Committee, to see where National Archives and Records Administration ranks. It is extraordinarily low in terms of job satisfaction within the Federal Government. It is actually, I think the second to last of all the institutions they studied. Do you think there is a linkage between job satisfaction-- well actually, let's start here. What do you attribute the low job satisfaction assessment to? Ms. Thomas. Well, we did some further analysis of what the different rankings were in the different parts of the National Archives. And the truth of the matter is that most of the very low rankings came from our regional facilities. And we have, for example, in our Federal Records Centers, which are fairly low paid occupations, they are not exactly intellectually stimulating. It is people moving boxes in and out and so forth. There is not a whole lot of promotion potential within the Records Center system, and a great deal of the very low scores in terms of job satisfaction came from those regional activities. If you look at the National Archives in the Washington area, we rank at at least the same average as most other agencies or a little higher. So the regional scores basically bring the agency score down to the level that is reported in that study. Mr. McHenry. OK. OK. Do you think that there is any linkages between dissatisfaction and disappearance of records or theft of records? Ms. Thomas. I think there could be, but the averages for the people who are working with archival records are much higher and they are not low. The Records Center records, of course, are agency records, temporary records, not archival records. So the incidents that have occurred over the past several decades have occurred in archival records. Mr. McHenry. OK. Ms. Thomas. So I am not sure that the linkage is there. Mr. McHenry. In terms of your testimony, you said that this drive with one terabyte of information was kept in its original package. Is that true? Ms. Thomas. Yes, that is correct. Mr. McHenry. OK. Is that standard procedure within your division of government to put these objects back in their original box? Ms. Thomas. In most cases, information---- Mr. McHenry. If you don't have a policy, then that is fine, then if you will just state that. Ms. Thomas. I don't know. I can provide that for the record. I don't know the answer. Mr. McHenry. Yes, if you could, that would be good. Ms. Thomas. Sure. Mr. McHenry. It seems somewhat bizarre to me to have such important information, and this is not really judging the information. You know, but having it lost to history is a major concern and being able to piece this back together on what the---- Ms. Thomas. Well, the information is not lost because this was a backup tape. It is a copy. Mr. McHenry. OK. Where was the original kept? Wasn't it all in the same desk? Ms. Thomas. The originals are the tapes that were delivered from the EOP at the end of the Clinton administration. Those tapes were backed up onto these hard drives, one of which was a master hard drive and one which is a copy hard drive. Mr. McHenry. And they were next to each other? Ms. Thomas. Yes, but the tapes were stored in the locked staff area, the original records. Mr. McHenry. OK. Is there a procedure for having a master, the original and the backup, the two drives, is there a process to keep them separate? If you have the backup and the main drive, right? Same information, is there any policy you have within the Archives to keep them in separate locations? Ms. Thomas. Not while they are being processed, and that is what was happening at the time that the hard drives were there. Mr. McHenry. Is it not true that the reason why we don't know if it is October or March is because they have been sitting on someone's desk the whole time and they were not being processed? They were left out untouched. Ms. Thomas. I think it is unclear how long they were left untouched. Mr. McHenry. OK, which tells me you don't have any policies or procedures on how this works. Mr. Brachfeld, are there policies and procedures on paper within the Archives about how to handle two copies of the same data? Mr. Brachfeld. I will answer your question by getting specific in this matter. In this case, I should note that drives that were not used new were maintained in a locked area. Whereas the drives that were in process and therefore holding the kind of data and quality of data we talked about today were left in an unlocked, exposed area, put back in the original box. So to me, it seemed curious and bothersome, troublesome that clean tapes are locked up for security, but tapes that have documentation were left in an open area. As far as policy and procedures, I guess more specifically, that is what we are investigating. Right now, my focus is investigating a potentially criminal act. We have time and we will look at audit issues. We will look at new internal controls. I can simply say, as I said in my testimony, it would seem that internal controls were not the focus in this area. Mr. McHenry. Well, thank you for your testimony. My time is up, but it seems to me that the basic Archives procedure was the equivalent of putting your car keys and your backup car key on the same key chain. It seemed that it was very basic procedure that was not instituted, nor was there a culture of following those procedures to ensure that you have two pieces of data--right?--kept separately, both secure so that therefore you have in this new technology age that we have, with diminishing documents from the early 1990's as that technology is getting older, that you would actually have those policies and procedures. So, you know, to the larger issue here is making sure this doesn't happen again for any administration or any document. And with that, I yield back. Mr. Clay. Thank you, Mr. McHenry. It begs the question of the backup system, that there be a fool-proof backup system. Let me ask both witnesses, do you know anything about hundreds of thousands of veterans' PII that has been compromised when the National Archives sent unencrypted hard drives to a vendor in return for replacement of hard drives? And if you do, what has been done to inform veterans that their information has been compromised? Either one. Mr. Brachfeld. I will answer that by saying we are in the process, as I stated in my last semiannual report, of conducting an investigation specific to that matter. At this time, I do not have information to the extent that I could respond fully to that question. We do believe an event occurred. The question is, what is the nature of the event and what are the implications? We are currently investigating that matter. There have also been other issues related to and have been reported in a management letter, related to St. Louis and the military veterans records in terms of other PII policy and procedures that have been violated that also potentially compromises veterans' information. And again, that is an issue which I cannot discuss in a public forum because should that information be made available publicly, it could be damaging. So I respectfully cannot--I don't think you would want me to discuss this in this public forum. Mr. Clay. OK. Well, I will go to my next witness, and ask Ms. Thomas, can you shed any light on it? Are you aware of it? Ms. Thomas. I am unfamiliar with an incident relating to veterans' records and a hard drive and missing records. I just don't have any information on that. Mr. Clay. OK. All right. Ms. Thomas, in June 2006, the Information Security Oversight Office inspected the information security controls of NARA's Washington National Records Center. ISOO found that due to inadequate records management, hundreds of boxes of classified materials could not be readily located. It is my understanding that since the ISOO inspection, NARA has taken steps to improve security at the Washington National Records Center. What is the status of those missing boxes and what has NARA done to improve the management of classified and other materials at the Washington National Records Center? Ms. Thomas. There are two vaults at the Washington National Records Center. One contains top secret SCI and R.D. material, and the second vault contains secret and confidential information. The Washington National Records Center has almost four million cubic feet of records. Of those, 333,000 are classified, either at the top secret SCI or secret or confidential. The controls, the ISOO made recommendations, 22 different recommendations for how to improve security at the Washington National Records Center. At this stage, I believe all of them have been implemented. An Information Security Program Manager has been hired. A Vault Manager has been hired. Resources have been thrown into the Records Center to do a complete inventory of both vaults. They started on the top secret and the SCI one. And they completed that inventory. Initially, they found 1,400 boxes that were not where they were supposed to be. They then did a complete check and got that number down to, I believe, 125 boxes of material that is not apparently on the shelves at the Washington National Records Center. These records are owned by the agencies. They are not NARA records. They are not archival records. They are often called back by the agencies. And often what has happened in the past is that an agency calls back records and they either keep them, because they are their records and they have that right, and/or they will send them back some months or years later in another accession so that the number changes in terms of how you identify the records, and they get shelved as a new accession, and they contain boxes from the old accession. So there certainly was a record keeping issue that needed to be straightened out so we could keep better control over what went back to the agency, whether they were permanently withdrawn and kept in the agency, or whether or not they were returned to the Washington National Records Center. We are now, for the 125 boxes that are still not accounted for, we have contacted six different agencies whose records these are and asked them if they could check and find out if perhaps they have a record of whether or not they borrowed back these records. I believe there was something from the Energy Department just in the past few weeks that said, oh yes, they have 15 of the boxes that they have been able to account for. So we are still working the process to find out where the records are, and a similar inventory of the secret and confidential vault is underway. And we will go through the same process of completing the inventory, determining to the best we can where the records are, and whether or not they have been loaned back to the agencies or permanently withdrawn by the agencies. Mr. Clay. OK. And thank you for your response. Mr. McHenry's second round of questioning. Mr. McHenry. Certainly. Thank you, Mr. Chairman. Now, you found out about this security breach, or the disappearance of the drive April 2nd, you said. Is that correct? Ms. Thomas. Yes. That is when I was informed. Mr. McHenry. OK. Ms. Thomas. All three of us were informed. Gary is here because he is the Privacy Officer for the agency and has responsibility for PII. Mr. McHenry. So what have you done to address this so it doesn't happen again? Ms. Thomas. The Office of Record Services for Washington did a complete review of procedures, and has implemented much more stringent procedures to make sure that it doesn't happen again. Some of them I went through in my testimony, and they are in more detail in my longer testimony that is submitted for the record. Mr. McHenry. Yes. Ms. Thomas. They have put card readers on doors where before you could go into the office area and then go into the processing area. The card reader on the office door would, in essence, get you into the office area and into the processing office. Now, the processing space has another layer of security, and so you have different card reader access for those doors. They are doing spot inspections. The supervisors and managers are going through the space to make sure that the procedures that we put in place are being adhered to. We intend to do more training for people so that they truly get the message that this is a basic part of their job is protecting the records that they are working with. And that is a balancing act between providing access for research purposes and securing the items, but securing the items is a critical, critical part of their job. Mr. McHenry. Certainly. Now, are you familiar with the Inspector General's audits from between October 2007 and March 2008? Are you familiar with the audits that the Inspector General's office issued? Ms. Thomas. Well, I see the audits, yes. Mr. McHenry. OK. Because at that point, it was pointed out in that audit that the Archives was, ``not accounting for artifacts in a timely manner.'' That was one. And two, among other things, artifacts were ``not maintained in appropriate space.'' So the audit there expressed some of the same failings that resulted in the disappearance of this data. Did you have any actions you took off that audit from---- Ms. Thomas. Well, I think that audit referred to the museum items, the artifacts in Presidential libraries. Mr. McHenry. Yes. Ms. Thomas. And Presidential libraries had started an inventory process. It was at various stages in the different libraries. We indeed poured more resources into completing the inventories, and they are underway. Some of them have been completed. Some of the problems that existed in the older libraries will not exist for the Bush Library or any library going forward because there will be a computer system that tracks every artifact as it arrives in the White House, and then that system is provided to us so that we will have a complete list to start out with. The record keeping in the White House Gift Office wasn't as complete in the past, and it was not consistent, if I can give you an example. A tea set, is that one item or is that a teapot and four cups? And is there a tray? Is that seven items? You know, there was no consistency in how they dealt with it. Mr. McHenry. But within one division of the Archives, when you have issues like, you know, not having information secured in appropriate space, does that raise questions for the overall system? Do you look at overall systems within the Archives? Or is that just one division and therefore isn't applicable to anywhere else? Ms. Thomas. For the issue with the hard drive, we are going to undertake a complete review. The Office of Records Services in Washington has already started. Mr. McHenry. I thought you said they have already done that. Ms. Thomas. I am sorry? Mr. McHenry. I thought you said, in my last question, that they had already done a complete review. Ms. Thomas. They did it for the Electronic Records Division. They are branching out to all of their records holding units and, as you said, looking at it more holistically across the agency, as opposed to just in one division. So we are looking at all security procedures and whether or not they are sufficient, whether they need to be improved. We certainly have decided that we need to improve our training and that we need training at a lot of different levels. For example, I am proposing that we will train every employee that comes to the National Archives as part of their orientation, whether they are a budget analyst or whatever, to make them understand what the mission of the agency is and that everybody has a responsibility to make sure that records are protected. Mr. McHenry. Thank you. Thank you. Very good answer. Thank you. Mr. Clay. Ms. Thomas, regarding the notices that were sent out to the 16,000, roughly, people, were there any problems with the notices? I have received reports that recipients of those notices thought that they were scams. Ms. Thomas. We did have some questions come in. We had a hotline set up for any questions that anybody did have. And we also had an email box where they could contact us. And yes, the most frequently asked question that came to us was: Is this a scam? Is this somebody who is, you know, Prince so and so from somewhere who is, you know, trying to get hold of my personal information and drain my bank account or something? So we have answered those questions. Gary, if you have anything to add to that? Mr. Clay. Mr. Stern. Mr. Stern. I can try. Yes. The letters were sent out by our contractor providing the credit monitoring services as well. And so while it is on NARA letterhead, it was put in an envelop that looks more like the kind of envelope you get from, you know, a bank or something else. Mr. Clay. A solicitation? Mr. Stern. Exactly. So I think some people thought, weren't sure, is this really from the National Archives or is this just some company just trying to, you know, solicit my business. And so we assured those people that it really was from us. We referred them to our Web site and we put up an updated notice to say we have sent these letters out and they are legitimate, and we are informing you of this potential breach and offering this service. So there was some confusion that we just hadn't occurred to us that would result by sending out the letters in that format. Mr. Clay. I see. Any recommendations, Mr. Brachfeld? Mr. Brachfeld. Specific to that question? Mr. Clay. Yes. Mr. Brachfeld. I am pretty much apart from that process. Again, my duty is to do the investigations. We reviewed the language in the breach notification letter just as a courtesy and the language in the breach notification seemed to be appropriate. As far as the contractor, the mailing, that is completely outside of my domain. Mr. Clay. So there was really two mailings. Did you re-mail the notices or no? Ms. Thomas. No, no, no. But there was an email box set up and in the letter that notified people of the breach, they were provided with the email address. They were provided with a hotline number that they could call. And they were notified that they could look at our Web site for further information, so that if they had any questions about the breach notification, they could contact us in several different ways. Mr. Clay. Ms. Thomas, regarding the copying of Executive Office computer tapes onto this hard drive, why were security requirements not built into the contract documents with your vendor? Ms. Thomas. Well, the contractor that did the work on the latest batch of copying, because there were five different contracts, I believe, for various stages of copying of this material, was a GSA schedule contract with the routine, I will say routine, because they were, clauses about protection of government information, government products that were provided to the contractor. In hindsight, our people should have included some additional security requirement clauses in the contract and that will certainly be a part of any contract going forward. Mr. Clay. OK. Mr. Brachfeld, any comment on that? Mr. Brachfeld. I have pretty much all the documentation related to this contract and what is clearly missing is any, any mention of security as even a consideration within the body of any of the solicitation. The company that received the tapes did not even respond in terms of their having any security arrangements in place. Again, there was no clause for nondisclosure of information, as should be customary in such a contractual relationship, contractual document. Basically, it just shouldn't have happened, and I think the Archives will learn from that. Mr. Clay. This sounds pretty sloppy as far as how we handle sensitive information. Mr. Brachfeld. We visited the site and it is not the contractor's fault, per se, because the contractor was doing a duplication service. They were honoring the terms of the contract. But if you went to the contractor site, as my agents did, along with other law enforcement you would have seen a basic storefront operation with security clearly not the focus. You would see that the tapes were kept in a room where doors were propped open also. I have actually images of this and it will be in my investigative report when it is finalized, or I could present them to you subsequent to this hearing. It was not the environment that one would expect you would keep something of even minimal importance, much less the quality and quantity of data that we have discussed today. Mr. Clay. You can certainly share whatever information you can with this subcommittee, so that we can get a clear picture of it. Mr. Brachfeld. I will do that. Mr. Clay. I will stop there and let Mr. McHenry have the last question. Mr. McHenry. Mr. Chairman, I thank you for having this hearing. I think it is important that we get the right policies and procedures in place. And this is not necessarily an adversarial thing, I am just perplexed at how something so basic could disappear. You know, these hard drives in my experience aren't cheap to get anyway. They are not cheap objects to have lying around, much less with no information, much less with sensitive information on it. And so it seems to me that even so much as actually taking that hard drive, instead of leaving it out, putting it in a locked desk drawer would have been a world apart from what happened, or as near as we can tell, happened with the minimal amount of information that is actually known right now. And as the IG still has the investigation going on, and I would love to have any information as you produce it that you are able to share with us, we would certainly appreciate it. Mr. Chairman, thank you for having this hearing and thank you for your leadership. Mr. Clay. Thank you, too, Mr. McHenry. Since there are no further questions, that concludes this hearing. The committee is adjourned. [Whereupon, at 3:44 p.m., the subcommittee was adjourned.]