[House Hearing, 111 Congress]
[From the U.S. Government Publishing Office]
NATIONAL ARCHIVES AND RECORDS ADMINISTRATION ORGANIZATIONAL ISSUES
=======================================================================
HEARING
before the
SUBCOMMITTEE ON INFORMATION POLICY,
CENSUS, AND NATIONAL ARCHIVES
of the
COMMITTEE ON OVERSIGHT
AND GOVERNMENT REFORM
HOUSE OF REPRESENTATIVES
ONE HUNDRED ELEVENTH CONGRESS
FIRST SESSION
__________
JULY 30, 2009
__________
Serial No. 111-70
__________
Printed for the use of the Committee on Oversight and Government Reform
Available via the World Wide Web: http://www.gpoaccess.gov/congress/
index.html
http://www.oversight.house.gov
U.S. GOVERNMENT PRINTING OFFICE
58-132 WASHINGTON : 2010
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing Office,
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, U.S. Government Printing Office. Phone 202�09512�091800, or 866�09512�091800 (toll-free). E-mail, [email protected].
COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM
EDOLPHUS TOWNS, New York, Chairman
PAUL E. KANJORSKI, Pennsylvania DARRELL E. ISSA, California
CAROLYN B. MALONEY, New York DAN BURTON, Indiana
ELIJAH E. CUMMINGS, Maryland JOHN M. McHUGH, New York
DENNIS J. KUCINICH, Ohio JOHN L. MICA, Florida
JOHN F. TIERNEY, Massachusetts MARK E. SOUDER, Indiana
WM. LACY CLAY, Missouri JOHN J. DUNCAN, Jr., Tennessee
DIANE E. WATSON, California MICHAEL R. TURNER, Ohio
STEPHEN F. LYNCH, Massachusetts LYNN A. WESTMORELAND, Georgia
JIM COOPER, Tennessee PATRICK T. McHENRY, North Carolina
GERALD E. CONNOLLY, Virginia BRIAN P. BILBRAY, California
MIKE QUIGLEY, Illinois JIM JORDAN, Ohio
MARCY KAPTUR, Ohio JEFF FLAKE, Arizona
ELEANOR HOLMES NORTON, District of JEFF FORTENBERRY, Nebraska
Columbia JASON CHAFFETZ, Utah
PATRICK J. KENNEDY, Rhode Island AARON SCHOCK, Illinois
DANNY K. DAVIS, Illinois ------ ------
CHRIS VAN HOLLEN, Maryland
HENRY CUELLAR, Texas
PAUL W. HODES, New Hampshire
CHRISTOPHER S. MURPHY, Connecticut
PETER WELCH, Vermont
BILL FOSTER, Illinois
JACKIE SPEIER, California
STEVE DRIEHAUS, Ohio
------ ------
Ron Stroman, Staff Director
Michael McCarthy, Deputy Staff Director
Carla Hultberg, Chief Clerk
Larry Brady, Minority Staff Director
Subcommittee on Information Policy, Census, and National Archives
WM. LACY CLAY, Missouri, Chairman
PAUL E. KANJORSKI, Pennsylvania PATRICK T. McHENRY, North Carolina
CAROLYN B. MALONEY, New York LYNN A. WESTMORELAND, Georgia
ELEANOR HOLMES NORTON, District of JOHN L. MICA, Florida
Columbia JASON CHAFFETZ, Utah
DANNY K. DAVIS, Illinois
STEVE DRIEHAUS, Ohio
DIANE E. WATSON, California
Darryl Piggee, Staff Director
C O N T E N T S
----------
Page
Hearing held on July 30, 2009.................................... 1
Statement of:
Thomas, Adrienne C., Acting Archivist of the United States,
National Archives and Records Administration, accompanied
by Gary M. Stern, General Counsel, the National Archives
and Records Administration, and Sharon Thibodeau, Deputy
Assistant Archivist for Records Services; and Paul
Brachfeld, Inspector General, National Archives and Records
Administration............................................. 6
Brachfeld, Paul.......................................... 18
Thomas, Adrienne C....................................... 6
Letters, statements, etc., submitted for the record by:
Brachfeld, Paul, Inspector General, National Archives and
Records Administration, prepared statement of.............. 21
Clay, Hon. Wm. Lacy, a Representative in Congress from the
State of Missouri, prepared statement of................... 3
McHenry, Hon. Patrick T., a Representative in Congress from
the State of North Carolina, prepared statement of......... 29
Thomas, Adrienne C., Acting Archivist of the United States,
National Archives and Records Administration, prepared
statement of............................................... 9
NATIONAL ARCHIVES AND RECORDS ADMINISTRATION ORGANIZATIONAL ISSUES
----------
THURSDAY, JULY 30, 2009
House of Representatives,
Subcommittee on Information Policy, Census, and
National Archives,
Committee on Oversight and Government Reform,
Washington, DC.
The subcommittee met, pursuant to notice, at 2:40 p.m. in
room 2154, Rayburn House Office Building, Hon. Wm. Lacy Clay
(chairman of the subcommittee) presiding.
Present: Representatives Clay, McHenry, and Norton.
Staff present: Darryl Piggee, staff director/counsel; Frank
Davis, professional staff member; Jean Gosa, clerk; Charisma
Williams, staff assistant; Charles Phillips, minority chief
counsel for policy; Adam Fromm, minority chief clerk and Member
liaison; Howard Denis, minority senior counsel; and Chapin Fay
and Jonathan Skladany, minority counsels.
Mr. Clay. The Information Policy, Census, and National
Archives Subcommittee will now come to order.
Good afternoon and welcome to today's hearing entitled,
``National Archives and Records Administration Organizational
Issues.''
Without objection, the Chair and ranking member will have 5
minutes to make opening statements, followed by opening
statements not to exceed 3 minutes by any other Member who
seeks recognition.
Without objection, Members and witnesses may have 5
legislative days to submit a written statement or extraneous
materials for the record.
The purpose of today's hearing is to examine the loss of an
external hard drive containing data from the Executive Office
of the Clinton administration. We will hear from the Acting
Archivist, Adrienne Thomas, and the NARA Inspector General,
Paul Brachfeld, and we hope to get real insight into how the
security breach occurred and what steps have been taken, and
what steps should be taken to tighten security at NARA
facilities.
The missing hard drive, which is a backup copy, contained
the entire computer files of 113 White House employees. Their
entire computer files were downloaded and stored on a hard
drive and later transferred to the backup hard drive that is
now missing.
Classified documents and personally identifiable
information of former Clinton administration staff and visitors
to the White House are now exposed.
Before we continue with this hearing, let us be very clear
that the subcommittee has no intention of interfering or
impeding the investigations currently being conducted by the
NARA Inspector General, the Secret Service, or the Federal
Bureau of Investigation. We urge everyone's cooperation with
these investigations and I thank all of our witnesses for
appearing today and look forward to their testimony.
[The prepared statement of Hon. Wm. Lacy Clay follows:]
[GRAPHIC] [TIFF OMITTED] T8132.001
[GRAPHIC] [TIFF OMITTED] T8132.002
Mr. Clay. Now, we are on a tight schedule today, so what I
am going to do is, normally we would yield to the ranking
member, who is not here yet. When he gets here, he will be
allowed an opening statement, but I will swear the witnesses
in. I will introduce you and swear you in, and hopefully by the
end a minority Member will be here.
Let me first introduce the panel. We will hear first from
Ms. Adrienne Thomas, Acting Archivist of the U.S. National
Archives and Records Administration. Ms. Thomas is currently
the Acting Archivist of the United States. Prior to her
appointment as Acting Archivist in December 2008, Ms. Thomas
served as the Deputy Archivist of the United States.
Ms. Thomas has been with the National Archives for 38
years, beginning as an Archivist Trainee in the Office of
Presidential Libraries, and subsequently holding a number of
policy and administrative roles.
Ms. Thomas will be accompanied by Mr. Gary M. Stern,
General Counsel for the National Archives and Records
Administration.
Welcome to both of you.
Our next witness will be Mr. Paul Brachfeld, Inspector
General, National Archives and Records Administration. Mr.
Brachfeld serves as the IG of NARA and as the IG for NARA, he
oversees the conduct and execution of all audits,
investigations and inspection for the agency, in compliance
with provisions of the Inspector General Act of 1978 as
amended.
Mr. Brachfeld's entire career has been devoted to
investigative activities since graduating from the University
of Maryland College Park in 1979. Go Terps. And today, he
brings 10 years of experience as the NARA Inspector General and
30 years of exceptional service to the U.S. Government.
Currently at NARA, Mr. Brachfeld's tenure has included the
recovery of hundreds of stolen archival holdings and related
successful prosecutions of identified subjects. And we look
forward to his testimony.
I want to welcome all of you to our hearing today, and it
is the policy of the Oversight and Government Reform Committee
to swear in all witnesses before they testify.
Would all of you please stand and raise your right hands?
[Witnesses sworn.]
Mr. Clay. You may be seated. Thank you.
Let the record reflect that the witnesses answered in the
affirmative, and each of you will have 5 minutes to make
opening statements. Your complete written testimony will be
included in the hearing record. The yellow light will indicate
that it is time to sum up. The red light will indicate that
your time has expired.
Ms. Thomas, you may begin your opening statement.
STATEMENTS OF ADRIENNE C. THOMAS, ACTING ARCHIVIST OF THE
UNITED STATES, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION,
ACCOMPANIED BY GARY M. STERN, GENERAL COUNSEL, THE NATIONAL
ARCHIVES AND RECORDS ADMINISTRATION, AND SHARON THIBODEAU,
DEPUTY ASSISTANT ARCHIVIST FOR RECORDS SERVICES; AND PAUL
BRACHFELD, INSPECTOR GENERAL, NATIONAL ARCHIVES AND RECORDS
ADMINISTRATION
STATEMENT OF ADRIENNE C. THOMAS
Ms. Thomas. Thank you, Chairman Clay and members of the
subcommittee. I appreciate this opportunity to discuss a recent
security incident that is a serious breach of the trust placed
in the National Archives to protect our Nation's records.
NARA learned in late March that an external computer hard
drive containing copies of Clinton Administrative Executive
Office of the President records was missing from the electronic
records processing room. As the Acting Archivist, and as
someone who has devoted my entire 39-year career to the
National Archives, I am deeply angered that a NARA employee or
contractor may have intentionally removed this item.
With me today are NARA's General Counsel and Senior Agency
Official for Privacy, Gary Stern, and Sharon Thibodeau, Deputy
Assistant Archivist for Records Services.
The loss of the hard drive occurred while NARA was
conducting preservation processing of electronic media received
from the Executive Office of the President [EOP], at the end of
the Clinton administration. Tapes containing snapshots of the
contents of the working drives of EOP employees were copied by
a contractor to new media to prevent deterioration.
On September 18, 2008, two My Book hard drives created by
the contractor were delivered to NARA. The hard drives were
labeled master No. 2 and backup No. 2. The two hard drives were
taken to suite 5300 at the National Archives in College Park
and placed on a shelf in the unclassified electronic records
processing room within the suite. At the time, approximately 85
NARA employees and contractors had badges that opened the three
doors to the office area of the suite. Individuals with badge
access to suite 5300 also had access to the electronic records
processing room for unclassified records.
On October 30th, the work of verifying the records on the
hard drive was assigned to an information technology
specialist. Work was performed only on the master No. 2 hard
drive, not the backup No. 2, which would later be missing.
On February 5, 2009, the IT specialist placed the master
No. 2 hard drive into its original manufacturer's box and noted
that the backup No. 2 hard drive was in a similar adjacent box.
The two boxes remained on a shelf in the processing room and no
additional work was done on the hard drive until March 24,
2009, when the IT specialist discovered that the box that had
contained backup No. 2 hard drive was empty. The master No. 2
hard drive was still in its box.
An immediate division-wide search was initiated. On April
2, 2009, the Inspector General, General Counsel and I were
informed of the loss. While the Office of the Inspector General
continues its investigation, there are currently no facts to
determine whether the drive was stolen or misplaced and no
suspect has been identified. NARA has offered a reward of up to
$50,000 for information that leads to the recovery of the
missing hard drive.
NARA staff reviewed the master No. 2 hard drive and
discovered that it contained numerous files containing personal
names and Social Security numbers. In addition, NARA also found
a small number of files that contained markings indicating they
may contain classified information. While information from the
EOP provided at the time of transfer indicated that the hard
drives did not contain classified data, we believe EOP
employees must have accidentally or improperly stored some
classified information on their unclassified computers.
We are compiling a list of those individuals who may have
had their personal information compromised and a credit
monitoring contractor is notifying these individuals as they
are identified. To date, approximately 15,750 notification
letters have been mailed. NARA is offering each individual 1
year of free credit monitoring services and fraud protection.
To date, 796 individuals have signed up for the credit
monitoring services. Because of the extremely large volume of
data on the drive, over 8.7 million individual files, we do not
yet know the total number of individuals whose privacy has been
affected.
NARA has taken steps to improve internal security in our
Electronic Records Division. First, we have added separate bad
access controls to the doors opening the processing rooms in
suite 5300. There are now only entrances to the processing room
and only individuals with badges programmed to open these doors
may enter the processing room. All others must sign the log and
be accompanied by an authorized person while in the room.
Second, we conducted an audit of all electronic media
containing personally identifiable information and moved it to
a separate locked block of shelving within a locked stack area
accessible only to authorized employees.
Finally, all NARA staff are required to complete training
on how to handle sensitive information, including the new
security procedures.
The Office of Records Services is also conducting
unannounced inspections of all records branches and divisions
on a periodic basis, and supervisors are required to do
periodic walk-through inspections during the day.
When the investigation of this incident by NARA's Office of
Inspector General and Secret Service is completed, I can assure
you that we will act on the results with swift and appropriate
disciplinary actions if it is determined that any NARA
employees were responsible for removing the hard drive or
failed to adhere to proper records handling procedures.
The National Archives is a public trust and the 3,000 women
and men who work at NARA's 44 facilities across the country
take their job and that trust very seriously. Every day, our
staff performs work that is vital to our democracy by
preserving and safeguarding the more than 9 billion records
that make up the National Archives of the United States.
At the same time, we must balance safeguarding the records
with providing the people of this country access to those
records. As with any endeavor that relies on the work of human
beings, our work, despite our best efforts and intentions, is
subject to error. However, the loss of even one record or
breach, even one individual's personal information is
unacceptable. And I assure you that NARA will continue to
improve our security procedures and ensure that all staff is
inculcated with the importance of following these procedures.
Given the seriousness with which we take this loss, I am
thankful for the opportunity to testify and I will try to
answer any questions that you may have.
[The prepared statement of Ms. Thomas follows:]
[GRAPHIC] [TIFF OMITTED] T8132.003
[GRAPHIC] [TIFF OMITTED] T8132.004
[GRAPHIC] [TIFF OMITTED] T8132.005
[GRAPHIC] [TIFF OMITTED] T8132.006
[GRAPHIC] [TIFF OMITTED] T8132.007
[GRAPHIC] [TIFF OMITTED] T8132.008
[GRAPHIC] [TIFF OMITTED] T8132.009
[GRAPHIC] [TIFF OMITTED] T8132.010
[GRAPHIC] [TIFF OMITTED] T8132.011
Mr. Clay. Thank you so much, Ms. Thomas.
Mr. Brachfeld, you are up next.
STATEMENT OF PAUL BRACHFELD
Mr. Brachfeld. Mr. Chairman and members of the
subcommittee, I thank you for offering me the opportunity to
testify today. I have been called before the subcommittee to
provide testimony on the circumstances surrounding an external
computer hard drive missing from the National Archives and
Records Administration which contained a vast amount of
material from the Clinton administration, including
Presidential Record Act [PRA], material.
The Presidential Record Act of 1978 governs the official
records of the President and Vice President created or received
after January 20, 1981. The PRA changed the legal ownership of
the official records of the President from private to public
and established a new statutory structure under which
Presidents must manage their records.
I trust that in reaction to the loss of a hard drive, new
policies, procedures and processes will be defined and
implemented at NARA, and certainly my office will evaluate
these actions, provide guidance and appropriate independent and
skilled oversight.
However, our focus now is on the criminal investigation of
the disappearance of the hard drive capable of holding two
terabytes of our government's information, and which my
forensic investigator informs me was essentially filled with
data.
At the outset, I must say I am not able to talk about all
aspects of the investigation at this time. This is an ongoing
criminal investigation which may have elements affecting
national security. Therefore, I know that the Chair and members
of this distinguished committee would not wish me to provide
any information that could potentially damage the
investigation's integrity or potential success.
Currently, we are working with the assistance of the U.S.
Secret Service and the Federal Bureau of Investigation to more
precisely identify the content of the hard drive. However, an
initial cursory review identified that thousands of examples of
personally identifiable information [P.I.] data, reside on the
hard drive. We reported this to NARA management officials and
they have hired a contractor to further analyze this P.I.
aspect and provide breach notification per OMB requirements.
I should also note that at my request, the Special Agent in
charge of the Secret Service Washington Field Office generously
made their 24/7 hotline operation available to us in order to
support the investigation and potential recovery of the missing
drive.
In response to our suggestion, NARA has established a
reward of up to $50,000 for information leading to the
successful recovery of the missing hard drive. No productive
leads have resulted to date from this action.
The subcommittee has asked about the security in place at
NARA at the time the hard drive went missing and after the hard
drive went missing. The direct answer is that the controls in
place were inadequate and what controls were in there were
readily bypassed and obviously compromised on an ongoing and
dynamic basis. Quite simply, this was an accident waiting to
happen and now it has.
As a direct result of these failures in controls, my
office's capacity to investigate this incident has been
severely compromised. The loss went unnoticed potentially for
months. Conservatively speaking, at least 150 people had access
to the area, and even rudimentary access controls such as badge
or sign-in logs were not maintained or could be readily
bypassed.
While the drive was kept in an area ostensibly secured by a
proximity card-reading lock, in practice this system failed.
People could simply piggyback by going through the door when
other persons opened it, and even worse, doors which should
have been secured were propped open for ventilation purposes.
It was also reported to my investigators that the
processing area in which the hard drive went missing was used
as a conduit or shortcut to the rest rooms. Therefore, it can
be argued that the security for this area was no greater than
the general security for the building as a whole.
The loss of this hard drive holding PRA materials is not
the only concern I have in this investigation. Many in the pool
of potential subjects of this criminal investigation have
access to the processing area where this drive disappeared, as
well as more traditional storage or stack areas. Therefore, I
cannot say with any confidence that data stored in these areas
was not compromised. This includes the records of the 9/11
Commission, the Warren Commission, as well as large quantities
of other national security holdings.
In a benign case where proper controls were in place and a
subject hard drive was lost or ruinously disposed of, one might
take comfort that other data was not compromised. The facts
dictate that I am afforded no such comfort. If the drive was
deliberately removed, the person or persons could have just as
readily removed other holdings or copied information onto other
mediums.
I am also deeply concerned about how NARA generally treated
the category of Presidential data like that which was on the
missing hard drive. Specifically, when the data was copied from
original Executive Office of the President [EOP] computer tapes
to modern hard drives, the copying was done by contractors
offsite without any security requirements. NARA had a fixed
price delivery order for the duplication of 1,428 such EOP
computer tapes to external hard drives to include the missing
hard drive.
A small business was provided complete custody and control
over the housing content of the EOP material. Amazingly, this
contractor was one in a series of like contracts in which NARA
was silent in addressing any security requirements for the
tapes or the information which they held. In fact, the
contractor made absolutely no mention of the sensitivity of
these records, nor included a nondisclosure agreement.
When handling and processing groups of PRA material, I
would think it essential to institute appropriate measures for
security over transport and processing of these records offsite
by contractors. However, no such measures were identified. In
this specific case, the tapes were sent offsite to a small
storefront operation in New Jersey. The existing security at
this location was rudimentary and clearly inadequate to protect
and limit inappropriate access to PRA material.
In a June 18, 2009 letter, Senator Charles E. Grassley
asked the Acting Archivist of the United States: ``Do you
recognize NARA is a national security agency?'' She stated,
``No. NARA is not a national security agency by any shared
means of that term within the executive branch for which we are
aware. NARA does not make nor does it implement national
security policy. NARA's only relationship to national security
is our responsibility for ensuring that those security
classified records that come into our custody from other
agencies are stored, protected and handled following the rules
for which all agencies that handle classified records must
adhere.''
I would submit that NARA has in this and other recent cases
breached that relationship. While by some technical standards,
NARA may not meet the traditional definition of a formal
national security agency, the information and records we hold
are vital to our Nation's security.
What I will say specific to the loss of this hard drive is
that the American people deserve better security and
accountability than NARA has provided them. I can assure you
that through our audits and investigations, management
consultations and briefings, we will work to help NARA
strengthen its internal control and security mechanism.
While some corrective measures have, and I trust more will
be taken, it is analogous to closing the barn door after the
horse has left. The event has passed and damage done, the
extent to which I cannot quantify for you today.
I thank you for the opportunity to testify and am available
to take questions.
[The prepared statement of Mr. Brachfeld follows:]
[GRAPHIC] [TIFF OMITTED] T8132.012
[GRAPHIC] [TIFF OMITTED] T8132.013
[GRAPHIC] [TIFF OMITTED] T8132.014
[GRAPHIC] [TIFF OMITTED] T8132.015
[GRAPHIC] [TIFF OMITTED] T8132.016
[GRAPHIC] [TIFF OMITTED] T8132.017
Mr. Clay. Thank you very much, Mr. Brachfeld.
We have been joined by two additional Members. I will yield
to Mr. McHenry for his opening statement.
Mr. McHenry. I thank the chairman.
Ms. Thomas, thank you for agreeing to join us today, this
time, for the hearing.
The topic today is, of course, the National Archives and
Records Administration organizational issues, but I think that
is sort of diminishing the import of this. And organizational
issues I think is putting it lightly, the scope or the
magnitude of the problem that we are facing.
The National Archives is an agency with an extremely
important function. It serves as the keeper of our Nation's
valuable records, preserves government and historical records
that include copies of acts of Congress, Presidential
proclamations and Federal regulations. While the Archives
maintains public access to some documents, other records
contain highly sensitive data.
Mr. Brachfeld, thank you for touching on the national
security component in your testimony.
And these must be secured to ensure our national security
and shield personally identifiable information as well. The
effectiveness of the Archives as protector of the records under
its control is key to preserving our history and maintaining
accountability in our government.
The Archives conducts truly invaluable work, very important
work, obviously, yet they are an agency that the public doesn't
often hear much about. Unfortunately, they have been getting
quite a lot of press lately, all of which or most of which
seems to be negative. In May, the National Archives Inspector
General, Mr. Brachfeld, notified Congress that an external hard
drive containing national security information had gone missing
from the agency's College Park facility sometime between
October 2008 and March 2009, when its absence was first
noticed.
That drive contained one terabyte of information, and what
we have come to know is that Clinton presidency records, the
equivalent of which are millions of books full of information,
as Mr. Brachfeld has previously put it. The missing data,
including more than 100,000 Social Security numbers, the
personal contact information of Presidential administration
officials, the entire computer files of 113 former White House
employees, Secret Service and White House operating procedures,
and other highly sensitive information.
Disturbingly, the missing hard drive was stored in an
easily identifiable package, as Ms. Thomas testified to today,
in a workspace that the Archives has already admitted was
unsecured, unattended, and accessible to personnel without
clearance. Even now, it is still not known whether the hard
drive was misplaced, lost or stolen, or even when it actually
went missing.
It is my hope that the National Archives management would
immediately react to what has been called a catastrophic loss
by tightening security and accessibility at their College Park
facility, particularly in the area which the hard drive was
removed.
However, when a bipartisan group of Oversight Committee
staff visited the campus on July 17th, they observed many of
the same deficiencies in security measures and left with the
impression that a motivated criminal would be able to remove
sensitive material with little to no resistance.
Now, this is a bipartisan assessment. There wasn't much of
an effort on the part of National Archives staff to even make
it appear that substantive changes had been made to secure the
location. To be fair, the pattern of material mismanagement of
the National Archives precedes Ms. Thomas by quite a few years.
We are still remembering Clinton administration official
National Security Adviser Sandy Berger caught walking out of
the Archives with his pants stuffed, or actually rather socks,
stuffed full with classified uninventoried documents.
There are many more alarming cases of negligence at the
Archives, yet none as egregious as the disappearance of the
hard drive. These include the disappearance of $6 million worth
of taxpayer-funded equipment over the periods of 2002 to 2006,
the disposal of countless original records from the Bureau of
Indian Affairs with the Archives trash, and the disappearance
of 55,000 pages of CIA and other Federal agency records right
off the shelf in 2006.
There is a prevalent culture of carelessness at the
National Archives and it must be replaced with meticulous
accounting for all materials, paper and electronic, and
stringent security measures that restrict access of
unauthorized employees to areas where confidential data is
kept.
On Tuesday, President Obama announced he had selected his
nominee as Archivist to replace Ms. Thomas, David Ferriero.
Quite frankly, I believe this announcement couldn't come soon
enough. Mr. Ferriero has certainly had a lot of experience
managing mass quantities of paper and electronic documents and
other information in his tenure as director of Research
Libraries at the New York Public Library, and I look forward to
hearing about his qualifications and his plans for the National
Archives at his Senate confirmation hearing, whenever the
Senate really gets around to doing their job.
And I thank the witnesses for appearing here today, and
look forward to the testimony and explanation of how the hard
drive full of sensitive information was lost or stolen.
[The prepared statement of Hon. Patrick T. McHenry
follows:]
[GRAPHIC] [TIFF OMITTED] T8132.018
[GRAPHIC] [TIFF OMITTED] T8132.019
[GRAPHIC] [TIFF OMITTED] T8132.020
[GRAPHIC] [TIFF OMITTED] T8132.021
Mr. Clay. Thank you, Mr. McHenry.
We will now go into the questioning stage of this hearing,
and I will start it off with Ms. Norton for 5 minutes.
Ms. Norton. Thank you very much, Mr. Chairman.
I see why you called this hearing. It is a virtually
mandatory hearing in light of the circumstances and the buildup
of the security issues.
Let me make sure what we are talking about, because as I
looked at the testimony, I think it is Mr. Brachfeld's
testimony, I tore it out, which says the hard drive contained
examples of personally identifiable information.
You know, the word secure information has been thrown
around in the last several years so loosely. I am trying to
understand what was on the hard drive. What does it mean by
personally identifiable information?
Mr. Brachfeld. Is that question directed at me, ma'am?
Ms. Norton. Yes, Mr. Brachfeld, that is fine.
Mr. Brachfeld. There is a technical definition for PII. For
purposes of this hearing, what I will define is that OMB
defines PII material to include Social Security numbers and
like material that could be used to damage a person's security,
banking, for identity theft, along those lines. It could be
names, addresses, associates, that kind of information.
As this information was a compilation from the Clinton
administration, it was a compilation, it has information that
was resided on individual computers, and thus there is
information that meets that definition that resided on the hard
drive that is missing.
So again, it was a compilation of material.
Ms. Norton. Have all of the parties whose information was
compromised been so informed?
Mr. Brachfeld. I will yield to the Acting Archivist.
Ms. Thomas. We are in the process of identifying the
individuals that need to be notified of the breach.
Ms. Norton. When did the breach occur?
Ms. Thomas. I am sorry?
Ms. Norton. When did the breach occur? When was it noted?
Ms. Thomas. At the end of March, actually on April 2nd it
was reported to me, to Mr. Brachfeld, and to Mr. Stern that the
hard drive had been lost.
Ms. Norton. Considering the nature of information and that
this is the month of almost August, are you saying that most of
these parties have not been so notified?
Ms. Thomas. We don't at this point know how many people's
names and Social Security numbers are on the hard drive.
Ms. Norton. Why do you not know that information?
Ms. Thomas. There are 8.7 million individual files on this
hard drive, and we have a contractor at this time trying to
extract all of the data that they can to come up with the lists
to go through----
Ms. Norton. Is that contractor, like this one, off the
premises? This is another contracting out matter where people
who apparently should not have been handling secure information
were doing so. Now, where is this contractor located and why
couldn't this be done on the premises so the hard drive would
not have had, why did the hard drive have to leave the
premises, I suppose is my question.
Mr. Brachfeld.
Mr. Brachfeld. Let me answer your last question. The
process of copying the information from White House tapes or
what were White House EOP employees' tapes to the hard drive
was done offsite and that is what I testified regarding. That
was done offsite up in New Jersey, and that is where I have
raised significant security issues.
The second part of your interest, which is on now
attempting to mine and identify those individuals whose PII may
have been compromised, that is under a separate contract which
is being administered by the Archives.
The reason it is taking so exceptionally long is this is
probably, as far as I know through my 30-year career, this is
probably the greatest challenge in trying to identify----
Ms. Norton. You are having to reconstruct essentially what
was on the hard drive with nothing to go on?
Mr. Brachfeld. What my investigators are trying to do and
are now yielding the PII element to the contractor, what we are
attempting to do is to use the latest forensic investigative
software available. This is not normal data that sits in one
standard language or one standard format.
If you think about every record that you have ever captured
over your career in different languages and different spread
sheets and different formats, all being compressed into one
entity. That is what has happened. It is not readily mineable
and definable as one would think.
Ms. Norton. So nobody's been notified as of now?
Mr. Brachfeld. I yield.
Ms. Thomas. We have sent I believe it is 15,000, somewhere
between 15,000 and 16,000 letters have gone out to notify
people of the breach of their information.
Ms. Norton. Do you have any idea how long it will take
before all of the parties have been notified? What kind of harm
could be done in the meantime?
Ms. Thomas. I think it is going to take several months. I
think one of the things that this has made perfectly clear to
us, it is very difficult to get the information off the hard
drive. There are many different----
Ms. Norton. So you think that in terms of a nefarious act,
someone trying to use the data, that would not be very easy to
do?
Ms. Thomas. Given that we have a contractor that was
suggested to us by the National Security Agency as somebody
that they had worked with, who they thought was the best in the
field to try and do this, I do indeed believe that it is going
to be difficult for anybody to extract this information from
the hard drive.
Ms. Norton. Well, Mr. Brachfeld, you said a criminal
investigation is going on. Is there any possibility other than
this being stolen that you would regard as a credible
possibility? I mean, could it have been mislaid? If it had been
mislaid, where would that have been, since there were only two
places it should be, either the Archives or with the
contractor?
Mr. Brachfeld. I cannot dismiss any aspect as to whether or
not it is missing, somebody took it for purposes of benign
intent, just to use it for their own medium, or the worst case
scenario, that it was taken for more nefarious purposes. That
is a potential.
I also want to state that people with the correct
technologies and tools can mine this data. We have a contractor
now that is trying to, my investigation is focusing on how it
happened and what the impact of the loss is, and if we can find
the subject.
I am also looking at what classified material resided on
that hard drive and other sensitive information. I am no longer
involved in looking at the PII content. That has now been
yielded to the contractor working for the National Archives.
What I can say is, again, people with the capacity to read
this data, the tools, can do it. My investigators, my forensic
auditor could in fact pull up PII information fairly readily.
Now, to find the tremendous quantity to issue PII letters, as
the agency is doing, that is another subject. But certainly,
somebody with, if they had that intent, and if in fact it
really is out there and somebody is using it for that purpose,
certainly they could pull P.I. information off of that drive.
Ms. Norton. Mr. Chairman, could I just ask to the extent
that there is a discovery of criminal use of this information
that the chairman of this subcommittee be informed immediately?
I don't know what people could do to protect themselves, but I
think the worse thing to happen in a circumstance like this is
not to even know that out there in the stratosphere and perhaps
in the hands of thieves is all your personal information.
And if it is discovered, it seems to me at such point it is
discovered, if you are at 20,000 of 8 million or whatever, it
seems to me that this committee should be informed at that
point.
Mr. Clay. Oh, for certain that will be made part of this
official hearing record.
Ms. Norton. Thank you very much, Mr. Chairman.
Mr. Clay. Thank you for the question.
Mr. McHenry, are you ready?
Mr. McHenry. Yes.
Ms. Thomas, how long have you been Acting Archivist?
Ms. Thomas. Since mid-December 2008.
Mr. McHenry. Since mid-December.
Mr. Chairman, I am not familiar with most administration
officials testifying with counsel at the desk. It seems to me a
bit telling about the situation we are in, about how sensitive
this is. But you know, Ms. Thomas, I know this predates you. I
mean, this doesn't necessarily simply fall at your feet. So I
mean, how long have you been with the Archives?
Ms. Thomas. Thirty-nine years.
Mr. McHenry. Thirty-nine years, full career. So you know,
there have been studies on job satisfaction within the Federal
Government. And I think it was American University's Best
Places to Work in the Federal Government 2009, American
University's Institute for the Study of Public Policy. Are you
familiar with the study?
Ms. Thomas. Yes.
Mr. McHenry. Yes. It was telling to me, based on our
Oversight Committee, to see where National Archives and Records
Administration ranks. It is extraordinarily low in terms of job
satisfaction within the Federal Government. It is actually, I
think the second to last of all the institutions they studied.
Do you think there is a linkage between job satisfaction--
well actually, let's start here. What do you attribute the low
job satisfaction assessment to?
Ms. Thomas. Well, we did some further analysis of what the
different rankings were in the different parts of the National
Archives. And the truth of the matter is that most of the very
low rankings came from our regional facilities. And we have,
for example, in our Federal Records Centers, which are fairly
low paid occupations, they are not exactly intellectually
stimulating.
It is people moving boxes in and out and so forth. There is
not a whole lot of promotion potential within the Records
Center system, and a great deal of the very low scores in terms
of job satisfaction came from those regional activities.
If you look at the National Archives in the Washington
area, we rank at at least the same average as most other
agencies or a little higher. So the regional scores basically
bring the agency score down to the level that is reported in
that study.
Mr. McHenry. OK. OK. Do you think that there is any
linkages between dissatisfaction and disappearance of records
or theft of records?
Ms. Thomas. I think there could be, but the averages for
the people who are working with archival records are much
higher and they are not low. The Records Center records, of
course, are agency records, temporary records, not archival
records. So the incidents that have occurred over the past
several decades have occurred in archival records.
Mr. McHenry. OK.
Ms. Thomas. So I am not sure that the linkage is there.
Mr. McHenry. In terms of your testimony, you said that this
drive with one terabyte of information was kept in its original
package. Is that true?
Ms. Thomas. Yes, that is correct.
Mr. McHenry. OK. Is that standard procedure within your
division of government to put these objects back in their
original box?
Ms. Thomas. In most cases, information----
Mr. McHenry. If you don't have a policy, then that is fine,
then if you will just state that.
Ms. Thomas. I don't know. I can provide that for the
record. I don't know the answer.
Mr. McHenry. Yes, if you could, that would be good.
Ms. Thomas. Sure.
Mr. McHenry. It seems somewhat bizarre to me to have such
important information, and this is not really judging the
information. You know, but having it lost to history is a major
concern and being able to piece this back together on what
the----
Ms. Thomas. Well, the information is not lost because this
was a backup tape. It is a copy.
Mr. McHenry. OK. Where was the original kept? Wasn't it all
in the same desk?
Ms. Thomas. The originals are the tapes that were delivered
from the EOP at the end of the Clinton administration. Those
tapes were backed up onto these hard drives, one of which was a
master hard drive and one which is a copy hard drive.
Mr. McHenry. And they were next to each other?
Ms. Thomas. Yes, but the tapes were stored in the locked
staff area, the original records.
Mr. McHenry. OK. Is there a procedure for having a master,
the original and the backup, the two drives, is there a process
to keep them separate? If you have the backup and the main
drive, right? Same information, is there any policy you have
within the Archives to keep them in separate locations?
Ms. Thomas. Not while they are being processed, and that is
what was happening at the time that the hard drives were there.
Mr. McHenry. Is it not true that the reason why we don't
know if it is October or March is because they have been
sitting on someone's desk the whole time and they were not
being processed? They were left out untouched.
Ms. Thomas. I think it is unclear how long they were left
untouched.
Mr. McHenry. OK, which tells me you don't have any policies
or procedures on how this works.
Mr. Brachfeld, are there policies and procedures on paper
within the Archives about how to handle two copies of the same
data?
Mr. Brachfeld. I will answer your question by getting
specific in this matter. In this case, I should note that
drives that were not used new were maintained in a locked area.
Whereas the drives that were in process and therefore holding
the kind of data and quality of data we talked about today were
left in an unlocked, exposed area, put back in the original
box.
So to me, it seemed curious and bothersome, troublesome
that clean tapes are locked up for security, but tapes that
have documentation were left in an open area.
As far as policy and procedures, I guess more specifically,
that is what we are investigating. Right now, my focus is
investigating a potentially criminal act. We have time and we
will look at audit issues. We will look at new internal
controls. I can simply say, as I said in my testimony, it would
seem that internal controls were not the focus in this area.
Mr. McHenry. Well, thank you for your testimony. My time is
up, but it seems to me that the basic Archives procedure was
the equivalent of putting your car keys and your backup car key
on the same key chain. It seemed that it was very basic
procedure that was not instituted, nor was there a culture of
following those procedures to ensure that you have two pieces
of data--right?--kept separately, both secure so that therefore
you have in this new technology age that we have, with
diminishing documents from the early 1990's as that technology
is getting older, that you would actually have those policies
and procedures.
So, you know, to the larger issue here is making sure this
doesn't happen again for any administration or any document.
And with that, I yield back.
Mr. Clay. Thank you, Mr. McHenry.
It begs the question of the backup system, that there be a
fool-proof backup system. Let me ask both witnesses, do you
know anything about hundreds of thousands of veterans' PII that
has been compromised when the National Archives sent
unencrypted hard drives to a vendor in return for replacement
of hard drives? And if you do, what has been done to inform
veterans that their information has been compromised? Either
one.
Mr. Brachfeld. I will answer that by saying we are in the
process, as I stated in my last semiannual report, of
conducting an investigation specific to that matter. At this
time, I do not have information to the extent that I could
respond fully to that question.
We do believe an event occurred. The question is, what is
the nature of the event and what are the implications? We are
currently investigating that matter.
There have also been other issues related to and have been
reported in a management letter, related to St. Louis and the
military veterans records in terms of other PII policy and
procedures that have been violated that also potentially
compromises veterans' information. And again, that is an issue
which I cannot discuss in a public forum because should that
information be made available publicly, it could be damaging.
So I respectfully cannot--I don't think you would want me
to discuss this in this public forum.
Mr. Clay. OK. Well, I will go to my next witness, and ask
Ms. Thomas, can you shed any light on it? Are you aware of it?
Ms. Thomas. I am unfamiliar with an incident relating to
veterans' records and a hard drive and missing records. I just
don't have any information on that.
Mr. Clay. OK. All right. Ms. Thomas, in June 2006, the
Information Security Oversight Office inspected the information
security controls of NARA's Washington National Records Center.
ISOO found that due to inadequate records management, hundreds
of boxes of classified materials could not be readily located.
It is my understanding that since the ISOO inspection, NARA
has taken steps to improve security at the Washington National
Records Center. What is the status of those missing boxes and
what has NARA done to improve the management of classified and
other materials at the Washington National Records Center?
Ms. Thomas. There are two vaults at the Washington National
Records Center. One contains top secret SCI and R.D. material,
and the second vault contains secret and confidential
information.
The Washington National Records Center has almost four
million cubic feet of records. Of those, 333,000 are
classified, either at the top secret SCI or secret or
confidential.
The controls, the ISOO made recommendations, 22 different
recommendations for how to improve security at the Washington
National Records Center. At this stage, I believe all of them
have been implemented. An Information Security Program Manager
has been hired. A Vault Manager has been hired. Resources have
been thrown into the Records Center to do a complete inventory
of both vaults.
They started on the top secret and the SCI one. And they
completed that inventory. Initially, they found 1,400 boxes
that were not where they were supposed to be. They then did a
complete check and got that number down to, I believe, 125
boxes of material that is not apparently on the shelves at the
Washington National Records Center.
These records are owned by the agencies. They are not NARA
records. They are not archival records. They are often called
back by the agencies. And often what has happened in the past
is that an agency calls back records and they either keep them,
because they are their records and they have that right, and/or
they will send them back some months or years later in another
accession so that the number changes in terms of how you
identify the records, and they get shelved as a new accession,
and they contain boxes from the old accession.
So there certainly was a record keeping issue that needed
to be straightened out so we could keep better control over
what went back to the agency, whether they were permanently
withdrawn and kept in the agency, or whether or not they were
returned to the Washington National Records Center.
We are now, for the 125 boxes that are still not accounted
for, we have contacted six different agencies whose records
these are and asked them if they could check and find out if
perhaps they have a record of whether or not they borrowed back
these records. I believe there was something from the Energy
Department just in the past few weeks that said, oh yes, they
have 15 of the boxes that they have been able to account for.
So we are still working the process to find out where the
records are, and a similar inventory of the secret and
confidential vault is underway. And we will go through the same
process of completing the inventory, determining to the best we
can where the records are, and whether or not they have been
loaned back to the agencies or permanently withdrawn by the
agencies.
Mr. Clay. OK. And thank you for your response.
Mr. McHenry's second round of questioning.
Mr. McHenry. Certainly. Thank you, Mr. Chairman.
Now, you found out about this security breach, or the
disappearance of the drive April 2nd, you said. Is that
correct?
Ms. Thomas. Yes. That is when I was informed.
Mr. McHenry. OK.
Ms. Thomas. All three of us were informed. Gary is here
because he is the Privacy Officer for the agency and has
responsibility for PII.
Mr. McHenry. So what have you done to address this so it
doesn't happen again?
Ms. Thomas. The Office of Record Services for Washington
did a complete review of procedures, and has implemented much
more stringent procedures to make sure that it doesn't happen
again. Some of them I went through in my testimony, and they
are in more detail in my longer testimony that is submitted for
the record.
Mr. McHenry. Yes.
Ms. Thomas. They have put card readers on doors where
before you could go into the office area and then go into the
processing area. The card reader on the office door would, in
essence, get you into the office area and into the processing
office. Now, the processing space has another layer of
security, and so you have different card reader access for
those doors.
They are doing spot inspections. The supervisors and
managers are going through the space to make sure that the
procedures that we put in place are being adhered to.
We intend to do more training for people so that they truly
get the message that this is a basic part of their job is
protecting the records that they are working with. And that is
a balancing act between providing access for research purposes
and securing the items, but securing the items is a critical,
critical part of their job.
Mr. McHenry. Certainly. Now, are you familiar with the
Inspector General's audits from between October 2007 and March
2008? Are you familiar with the audits that the Inspector
General's office issued?
Ms. Thomas. Well, I see the audits, yes.
Mr. McHenry. OK. Because at that point, it was pointed out
in that audit that the Archives was, ``not accounting for
artifacts in a timely manner.'' That was one. And two, among
other things, artifacts were ``not maintained in appropriate
space.''
So the audit there expressed some of the same failings that
resulted in the disappearance of this data. Did you have any
actions you took off that audit from----
Ms. Thomas. Well, I think that audit referred to the museum
items, the artifacts in Presidential libraries.
Mr. McHenry. Yes.
Ms. Thomas. And Presidential libraries had started an
inventory process. It was at various stages in the different
libraries. We indeed poured more resources into completing the
inventories, and they are underway. Some of them have been
completed. Some of the problems that existed in the older
libraries will not exist for the Bush Library or any library
going forward because there will be a computer system that
tracks every artifact as it arrives in the White House, and
then that system is provided to us so that we will have a
complete list to start out with.
The record keeping in the White House Gift Office wasn't as
complete in the past, and it was not consistent, if I can give
you an example. A tea set, is that one item or is that a teapot
and four cups? And is there a tray? Is that seven items? You
know, there was no consistency in how they dealt with it.
Mr. McHenry. But within one division of the Archives, when
you have issues like, you know, not having information secured
in appropriate space, does that raise questions for the overall
system? Do you look at overall systems within the Archives? Or
is that just one division and therefore isn't applicable to
anywhere else?
Ms. Thomas. For the issue with the hard drive, we are going
to undertake a complete review. The Office of Records Services
in Washington has already started.
Mr. McHenry. I thought you said they have already done
that.
Ms. Thomas. I am sorry?
Mr. McHenry. I thought you said, in my last question, that
they had already done a complete review.
Ms. Thomas. They did it for the Electronic Records
Division. They are branching out to all of their records
holding units and, as you said, looking at it more holistically
across the agency, as opposed to just in one division. So we
are looking at all security procedures and whether or not they
are sufficient, whether they need to be improved.
We certainly have decided that we need to improve our
training and that we need training at a lot of different
levels. For example, I am proposing that we will train every
employee that comes to the National Archives as part of their
orientation, whether they are a budget analyst or whatever, to
make them understand what the mission of the agency is and that
everybody has a responsibility to make sure that records are
protected.
Mr. McHenry. Thank you. Thank you. Very good answer. Thank
you.
Mr. Clay. Ms. Thomas, regarding the notices that were sent
out to the 16,000, roughly, people, were there any problems
with the notices? I have received reports that recipients of
those notices thought that they were scams.
Ms. Thomas. We did have some questions come in. We had a
hotline set up for any questions that anybody did have. And we
also had an email box where they could contact us. And yes, the
most frequently asked question that came to us was: Is this a
scam? Is this somebody who is, you know, Prince so and so from
somewhere who is, you know, trying to get hold of my personal
information and drain my bank account or something?
So we have answered those questions.
Gary, if you have anything to add to that?
Mr. Clay. Mr. Stern.
Mr. Stern. I can try. Yes.
The letters were sent out by our contractor providing the
credit monitoring services as well. And so while it is on NARA
letterhead, it was put in an envelop that looks more like the
kind of envelope you get from, you know, a bank or something
else.
Mr. Clay. A solicitation?
Mr. Stern. Exactly. So I think some people thought, weren't
sure, is this really from the National Archives or is this just
some company just trying to, you know, solicit my business. And
so we assured those people that it really was from us. We
referred them to our Web site and we put up an updated notice
to say we have sent these letters out and they are legitimate,
and we are informing you of this potential breach and offering
this service.
So there was some confusion that we just hadn't occurred to
us that would result by sending out the letters in that format.
Mr. Clay. I see.
Any recommendations, Mr. Brachfeld?
Mr. Brachfeld. Specific to that question?
Mr. Clay. Yes.
Mr. Brachfeld. I am pretty much apart from that process.
Again, my duty is to do the investigations. We reviewed the
language in the breach notification letter just as a courtesy
and the language in the breach notification seemed to be
appropriate.
As far as the contractor, the mailing, that is completely
outside of my domain.
Mr. Clay. So there was really two mailings. Did you re-mail
the notices or no?
Ms. Thomas. No, no, no. But there was an email box set up
and in the letter that notified people of the breach, they were
provided with the email address. They were provided with a
hotline number that they could call. And they were notified
that they could look at our Web site for further information,
so that if they had any questions about the breach
notification, they could contact us in several different ways.
Mr. Clay. Ms. Thomas, regarding the copying of Executive
Office computer tapes onto this hard drive, why were security
requirements not built into the contract documents with your
vendor?
Ms. Thomas. Well, the contractor that did the work on the
latest batch of copying, because there were five different
contracts, I believe, for various stages of copying of this
material, was a GSA schedule contract with the routine, I will
say routine, because they were, clauses about protection of
government information, government products that were provided
to the contractor.
In hindsight, our people should have included some
additional security requirement clauses in the contract and
that will certainly be a part of any contract going forward.
Mr. Clay. OK.
Mr. Brachfeld, any comment on that?
Mr. Brachfeld. I have pretty much all the documentation
related to this contract and what is clearly missing is any,
any mention of security as even a consideration within the body
of any of the solicitation.
The company that received the tapes did not even respond in
terms of their having any security arrangements in place.
Again, there was no clause for nondisclosure of information, as
should be customary in such a contractual relationship,
contractual document.
Basically, it just shouldn't have happened, and I think the
Archives will learn from that.
Mr. Clay. This sounds pretty sloppy as far as how we handle
sensitive information.
Mr. Brachfeld. We visited the site and it is not the
contractor's fault, per se, because the contractor was doing a
duplication service. They were honoring the terms of the
contract. But if you went to the contractor site, as my agents
did, along with other law enforcement you would have seen a
basic storefront operation with security clearly not the focus.
You would see that the tapes were kept in a room where doors
were propped open also.
I have actually images of this and it will be in my
investigative report when it is finalized, or I could present
them to you subsequent to this hearing. It was not the
environment that one would expect you would keep something of
even minimal importance, much less the quality and quantity of
data that we have discussed today.
Mr. Clay. You can certainly share whatever information you
can with this subcommittee, so that we can get a clear picture
of it.
Mr. Brachfeld. I will do that.
Mr. Clay. I will stop there and let Mr. McHenry have the
last question.
Mr. McHenry. Mr. Chairman, I thank you for having this
hearing. I think it is important that we get the right policies
and procedures in place. And this is not necessarily an
adversarial thing, I am just perplexed at how something so
basic could disappear. You know, these hard drives in my
experience aren't cheap to get anyway. They are not cheap
objects to have lying around, much less with no information,
much less with sensitive information on it.
And so it seems to me that even so much as actually taking
that hard drive, instead of leaving it out, putting it in a
locked desk drawer would have been a world apart from what
happened, or as near as we can tell, happened with the minimal
amount of information that is actually known right now.
And as the IG still has the investigation going on, and I
would love to have any information as you produce it that you
are able to share with us, we would certainly appreciate it.
Mr. Chairman, thank you for having this hearing and thank
you for your leadership.
Mr. Clay. Thank you, too, Mr. McHenry.
Since there are no further questions, that concludes this
hearing.
The committee is adjourned.
[Whereupon, at 3:44 p.m., the subcommittee was adjourned.]
�