[Senate Hearing 111-211]
[From the U.S. Government Publishing Office]



                                                        S. Hrg. 111-211

   PROTECTING NATIONAL SECURITY AND CIVIL LIBERTIES: STRATEGIES FOR 
                     TERRORISM INFORMATION SHARING

=======================================================================

                                HEARING

                               before the

                       SUBCOMMITTEE ON TERRORISM,
                    TECHNOLOGY AND HOMELAND SECURITY

                                 of the

                       COMMITTEE ON THE JUDICIARY
                          UNITED STATES SENATE

                     ONE HUNDRED ELEVENTH CONGRESS

                             FIRST SESSION

                               __________

                             APRIL 21, 2009

                               __________

                          Serial No. J-111-15

                               __________

         Printed for the use of the Committee on the Judiciary









                  U.S. GOVERNMENT PRINTING OFFICE
54-241 PDF                WASHINGTON : 2010
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC 
area (202) 512-1800 Fax: (202) 512-2104  Mail: Stop IDCC, Washington, DC 
20402-0001






                  PATRICK J. LEAHY, Vermont, Chairman
HERB KOHL, Wisconsin                 ARLEN SPECTER, Pennsylvania
DIANNE FEINSTEIN, California         ORRIN G. HATCH, Utah
RUSSELL D. FEINGOLD, Wisconsin       CHARLES E. GRASSLEY, Iowa
CHARLES E. SCHUMER, New York         JON KYL, Arizona
RICHARD J. DURBIN, Illinois          JEFF SESSIONS, Alabama
BENJAMIN L. CARDIN, Maryland         LINDSEY O. GRAHAM, South Carolina
SHELDON WHITEHOUSE, Rhode Island     JOHN CORNYN, Texas
RON WYDEN, Oregon                    TOM COBURN, Oklahoma
AMY KLOBUCHAR, Minnesota
EDWARD E. KAUFMAN, Delaware
            Bruce A. Cohen, Chief Counsel and Staff Director
              Nicholas A. Rossi, Republican Chief Counsel
                                 ------                                

      Subcommittee on Terrorism, Technology and Homeland Security

                 BENJAMIN L. CARDIN, Maryland, Chairman
HERB KOHL, Wisconsin                 JON KYL, Arizona
DIANNE FEINSTEIN, California         ORRIN G. HATCH, Utah
CHARLES E. SCHUMER, New York         JEFF SESSIONS, Alabama
RICHARD J. DURBIN, Illinois          JOHN CORNYN, Texas
RON WYDEN, Oregon                    TOM COBURN, Oklahoma
EDWARD E. KAUFMAN, Delaware
                Bill Van Horne, Democratic Chief Counsel
               Stephen Higgins, Republican Chief Counsel











                            C O N T E N T S

                              ----------                              

                    STATEMENTS OF COMMITTEE MEMBERS

                                                                   Page

Cardin, Hon. Benjamin L., a U.S Senator from the State of 
  Maryland.......................................................     1
    prepared statement...........................................    49
Kyl, Hon. Jon, a U.S. Senator from the State of Arizona..........     6
    prepared statement...........................................    85

                               WITNESSES

Baird, Zoe, president, Markle Foundation, and Co-Chair, Task 
  Force on National Security in the Information Age, New York, 
  New York.......................................................     3
Fredrickson, Caroline, Director, Washington Office, American 
  Civil Liberties Union, Washington, D.C.........................    11
Gorton, Hon. Slade, former U.S. Senator from the State of 
  Washington, and Member, Markle Foundation Task Force on 
  National Security in the Information Age, Seattle Washington...     7
Manger, J. Thomas, Chief of Police, Montgomery County, Maryland, 
  and Chairman, Legislative Committee, Major Cities Chiefs 
  Association, Rockville, Maryland...............................     8

                         QUESTIONS AND ANSWERS

Responses of Zoe Baird to questions submitted by Senator Feingold    26
Responses of Caroline Fredrickson to questions submitted by 
  Senator Feingold...............................................    30
Responses of J. Thomas Manger to questions submitted by Senator 
  Feingold.......................................................    35

                       SUBMISSIONS FOR THE RECORD

Baird, Zoe, president, Markle Foundation, and Co-Chair, Task 
  Force on National Security in the Information Age, New York, 
  New York, statement............................................    37
Center for Democracy & Technology, Leslie Harris, President and 
  Chief Executive Officer, Washington, D.C., letter..............    52
Fredrickson, Caroline, Director, Washington Office, American 
  Civil Liberties Union, Washington, D.C., statement.............    55
Gorton, Hon. Slade, former U.S. Senator from the State of 
  Washington, and Member, Markle Foundation Task Force on 
  National Security in the Information Age, Seattle Washington, 
  statement......................................................    73
Manger, J. Thomas, Chief of Police, Montgomery County, Maryland, 
  and Chairman, Legislative Committee, Major Cities Chiefs 
  Association, Rockville, Maryland, statement....................    88

 
   PROTECTING NATIONAL SECURITY AND CIVIL LIBERTIES: STRATEGIES FOR 
                     TERRORISM INFORMATION SHARING

                              ----------                              


                        TUESDAY, APRIL 21, 2009

                                       U.S. Senate,
           Subcommittee on Terrorism and Homeland Security,
                                Committee on the Judiciary,
                                                   Washington, D.C.
    The Subcommittee met, pursuant to notice, at 2:35 p.m., in 
room SD-226, Dirksen Senate Office Building, Hon. Benjamin L. 
Cardin, Chairman of the Subcommittee, presiding.
    Present: Senators Cardin and Kyl.

 OPENING STATEMENT OF HON. BENJAMIN L. CARDIN, A U.S. SENATOR 
                   FROM THE STATE OF MARYLAND

    Chairman Cardin. Good afternoon, everyone. Let me welcome 
you all to the first hearing of the Terrorism and Homeland 
Security Subcommittee of the Judiciary Committee for the 111th 
Congress.
    First, I want to acknowledge and thank Chairman Leahy for 
allowing me to chair this Committee and to convene this 
Subcommittee. This Subcommittee has a proud tradition. I know 
that Senator Kyl will be joining us shortly, who is the Ranking 
Republican member. But the leadership on this Subcommittee 
under Senator Feinstein and Senator Kyl has established, I 
think, a record for our Subcommittee to follow. I just want to 
acknowledge that up front that I very much rely upon the 
leadership of Senator Feinstein and Senator Kyl in going 
through the agenda that we hope to handle in our Subcommittee.
    We have several issues that we will be taking up. Of 
course, today we are going to be starting with, I think, the 
most important responsibility we have, and that is the security 
of our country, and whether we are getting the maximum 
information, intelligence information to keep the people of 
this Nation safe.
    This Subcommittee will also have to deal with the PATRIOT 
Act. Several provisions of the PATRIOT Act will expire this 
year, and Congress will need to consider extending those 
provisions or modifying them. I intend for this Subcommittee to 
play an active role in that regard.
    We also have the detainee issues, those that will be 
leaving Guantanamo Bay, and we will be reviewing with the 
administration how they intend to deal with the detainees.
    We will be dealing with passport fraud. The GAO report 
recently showed some weaknesses in our system, and we will be 
taking that issue up. We will be dealing with cyber security, 
biological research security, in which I have a direct interest 
in Maryland, considering it was breached in my own State; 
encryption policies, espionage laws. So we have a full agenda 
for our Subcommittee. But today we start with what I think to 
be one of the most important functions of Government, and that 
is to keep our people safe. We want to make sure that we have 
the best intelligence information against the threats of 
terrorism and the tools that are appropriate for the collection 
of reliable intelligence information.
    I think it is our responsibility to make sure that we have 
the proper use of resources. After all, these are scarce 
resources that are taxpayer dollars, that we get reliable 
intelligence information that can be shared with those who can 
keep us safe, and that we have the protections for civil 
liberties. That is our obligation, and that is what we are 
looking to do.
    As a result of the attack on our country on September 11th, 
the agencies that are responsible for intelligence have been 
reorganized, and we now have a Department of Homeland Security. 
We have a Director of National Intelligence. We have a National 
Counterterrorism Center. And the question is: Is this the right 
mechanism, the right structure to make sure that we get the 
most reliable information to keep our Nation safe?
    There have been major issues raised about sharing of 
information, whether we are sharing the information in the most 
effective way. The Department of Justice has the Joint 
Terrorism Task Force, which I have worked with in my own State, 
and is that the best way in order to share information? Are 
there more effective ways to get information back and forth to 
keep people safe?
    The Department of Homeland Security has their Fusion 
Centers. I think we need to evaluate whether they are working 
as appropriately as we think they should.
    Have we overcome the bureaucratic obstacles to get 
information to those who can prevent a terrorist attack? That 
is a question I hope our witnesses will deal with during the 
course of this hearing.
    We know that the Maryland State Police were involved in a 
14-month investigation of peace groups in my State who 
protested against the use of capital punishment in a very 
lawful way. There appears to be no reason whatsoever that that 
investigation should have taken place. We know information was 
made available to Federal intelligence agencies. The question 
is: Do we have adequate protection for privacy and civil 
liberties in our system? Are we doing the right oversight?
    Congress passed a law providing for a privacy and civil 
liberties oversight board in 2007 that has not been appointed 
yet. Should that board be appointed now? Should we move forward 
on those issues?
    I hope these would be issues that we will take up during 
the course of this hearing. The 9/11 Commission concluded that, 
``The choice between security and liberty is a false choice,'' 
quoting from the report, ``as nothing is more likely to 
endanger Americans' liberty than the success of a terrorist 
attack at home. Our history has shown us that insecurity 
threatens liberty. Yet if our liberties are curtailed, we lose 
the values that we are struggling to defend.''
    I think the 9/11 Commission got it right. I think that is 
the balance that we are trying to achieve in protecting the 
security of the people of our country and protecting the civil 
liberties which are the values of our Nation.
    I hope that today's hearing will help Congress and the new 
administration work together to figure out the most effective 
way to organize our intelligence-gathering capacities and 
establishing better guidelines for privacy and civil liberties.
    Well, we are very proud to have a very distinguished panel 
of experts who I hope can help us sort through what we need to 
do.
    Zoe Baird serves as the President of the Markle Foundation 
and also served as the Co-Chair of the foundation's Task Force 
on National Security in the Information Age. Her task force 
issued a March 2009 report on the subject of today's hearing 
entitled: ``Nation at Risk: Policy Makers Need Better 
Information to Protect the Country.''
    Of course, it is a pleasure to welcome back former Senator 
Slade Gorton to the U.S. Senate, to the Judiciary Committee, 
former Senator from the State of Washington, who has a very 
distinguished record in the U.S. Senate and served as a member 
of the Markle task force and also as a member of the 9/11 
Commission.
    We will also hear from J. Thomas Manger, the Chief of 
Police of Montgomery County, Maryland. I have worked with Chief 
Manger, and I thank him very much for his work in law 
enforcement. He represents the largest jurisdiction in the 
State of Maryland and one of the most diverse jurisdictions, I 
think, in our Nation. He certainly knows a lot about how these 
issues affect local law enforcement. Chief Manger also serves 
as the head of the legislative committee for the Major Cities 
Chiefs Association.
    Our final witness will be Caroline Fredrickson, who is the 
Director of the Washington Office of the American Civil 
Liberties Union. I want to thank the American Civil Liberties 
Union for working closely with us in trying to make sure that 
we are asking the right questions and that Congress exercises 
its responsibility of oversight.
    I was just checking the protocol of swearing in the 
witnesses because I have never sworn in a former Senator 
before. But the tradition of the Judiciary Committee is for the 
witnesses to take the oath, so if you would all stand. Do you 
affirm that the testimony you are about to give before the 
Committee will be the truth, the whole truth, and nothing but 
the truth?
    Ms. Baird. I do.
    Mr. Gorton. I do.
    Chief Manger. I do.
    Ms. Fredrickson. I do.
    Chairman Cardin. Thank you. We will start with Ms. Baird.

 STATEMENT OF ZOE BAIRD, PRESIDENT, MARKLE FOUNDATION, AND CO-
CHAIR, TASK FORCE ON NATIONAL SECURITY IN THE INFORMATION AGE, 
                       NEW YORK, NEW YORK

    Ms. Baird. The real breach of protocol is probably to have 
me testify ahead of Senator Gorton, but as a member of our task 
force, he has graciously suggested that as co-chair of it, I 
should start. Thank you very much for having us, and I am 
really grateful to all the staff who is here. It is such a 
wonderful showing of interest on the part of the staff.
    Senator Gorton and I, in addition to both coming from 
Washington State, have had the privilege of working together on 
the Markle Task Force on National Security in the Information 
Age, which I have co-chaired with Jim Barksdale, the former CEO 
of Netscape. The Task Force has been made up of a lot of 
experts on national security from every administration since 
the Carter administration, civil liberties advocates, and 
experts on information technology. We have worked since 9/11 to 
try to work our way through the challenging questions of how 
the country can use information in order to better protect us 
against threats to national security while at the same time 
preserving traditional civil liberties and privacy interests.
    Our recommendations were adopted very substantially by the 
9/11 Commission and have been part of both intelligence reform 
laws that have been passed by Congress--the original 
Intelligence Reform Act and then the law that was passed that 
was H.R. 1 and became the intelligence reform law a couple of 
years ago.
    The principal thing I would encourage you to take away from 
this hearing--and it is apt that you are starting your hearings 
with this topic--is that our country will not be able to 
address any of the threats your Subcommittee intends to take up 
unless we have the best information and we are able to use that 
information effectively to understand those threats; and to use 
that information in a way that builds public confidence in the 
Government; and in the Government's understanding of its 
constraints as well as its powers.
    So with that overview of what this is all about, I would 
say that our Task Force, after working in the 7 years since 9/
11, concluded in our report that we just put out that, 
unfortunately, this Nation still cannot connect the dots. We 
have been very fortunate that we have not had another major 
terrorist incident since 9/11, and a lot of that is due to good 
work by the Government. But we still are unable to really know 
what we know, and certainly we are unable to know what we know 
adequately.
    And, in addition, this Nation is still at risk because we 
do not have the governmentwide privacy policies that we need. 
Those policies are very important to have the public confidence 
in the Government's development of intelligence against these 
new threats we face, whether they be terrorism or energy 
security or cyber security. While they are important for public 
confidence, the privacy and civil liberties policies that are 
needed governmentwide are also critical to empower Government 
officials, because, by and large, most Government employees do 
not want to do something that is wrong, and they do not want to 
be up here in front of you explaining to you why they did what 
they did that looks wrong.
    So there is a great deal of reluctance to act on the part 
of the intelligence community and law enforcement officials as 
well, if they do not have clear guidance. So both to achieve 
our objectives of obtaining and using the information that we 
need to provide national security and to ensure the protection 
of privacy and civil liberties, we need governmentwide policy 
guidelines on privacy and civil liberties. This is a very 
important area for your Subcommittee to encourage the 
administration and to provide continuing guidance.
    We made in our report four principal recommendations on how 
to achieve this. I will go through these very briefly, and then 
obviously I am very happy to answer any questions you have.
    First of all, we encourage you to press the administration 
and your colleagues in Congress to give priority to this. It is 
critical that we are able to connect the dots. We need to get 
information sharing right with good policies for privacy and 
civil liberties, and we are concerned that this has been 
languishing and that we may have lost our focus. And as I say, 
nothing else you want to achieve, whether it is cyber security 
or border security or anything else you want to achieve, can be 
achieved without good information so that policymakers can make 
good decisions.
    Second, we really have encouraged two elements of 
information sharing that require more focus and may be of 
interest to you. One is the concept of discoverability. Our 
task force does not believe in creating large centralized data 
bases. We believe that information should stay with those who 
collect it and who can keep it accurate enough and up to date. 
That is a privacy protection as well as a protection to make 
sure that the information we use is the best information that 
we have; that is not out of date; that it has not been 
discredited. But it needs to be discoverable, so whether it is 
someone in the Maryland State Police who needs to find out if 
anyone else has information on a particular subject, or whether 
it is a CIA analyst, people need to find information. They do 
not need all the content. No one needs all the content. But 
they need electronic directories. Information needs to be 
tagged. Even paper directories are better than what we have now 
so that people can find out who else is working on a problem, 
who else might have information.
    Then the second concept that goes with that we believe is 
authorized use. In the last intelligence reform law, the law 
asked the administration to advise us--because they never held 
hearings on our concept of authorized use, but they put it in 
the bill anyway--whether this is something Congress should 
adopt. This really needs to be dug into more, because the 
authorized use concept basically says that if you want to get 
access to information, the rules have to say that you are 
authorized for your mission, for your need, for the predicate 
that you articulate, the purpose you articulate for why you 
want to have access to the information. And then if you meet 
those tests, you can get access to the information in a way 
that we can audit against it. So later, in a review of whether 
someone was appropriately looking at information, you can go 
back and audit whether it was an appropriate authorization, 
whether they indeed articulated a predicate that was related to 
their mission. And this is very important because the old 
classification systems do not really work well anymore. We 
cannot get collaboration between the Justice Department and the 
CIA if the only principles we have for what defines what 
information people have access to are classifications. It is 
too crude, and it is not oriented toward the current threats.
    So that is the second area of focus. The first is 
leadership, making this a priority; the second is developing 
the notions of discoverability and authorized use.
    The third are the governmentwide privacy policies which I 
have talked about already.
    And then the fourth area of recommendations that we have 
made are related with what I would sum up by saying, ``Old 
habits die hard''; that both Congress and the administration 
need to find ways to encourage people to come into the modern 
age, to encourage people to change their work habits, to become 
collaborative, to understand that agency lines are not written 
around the current-day problems that we face. And that can be 
through setting metrics, through expectations Congress has for 
the executive branch, through awards, rewards for employees who 
get it right. But that cultural issue of how do you change old 
habits is one that really deserves attention, and my guess is 
something that you are looking at in other areas of reform that 
you want to see as well.
    Thank you very much.
    [The prepared statement of Ms. Baird appears as a 
submission for the record.]
    Chairman Cardin. Thank you for your testimony.
    Senator Kyl, of course, is now here. I just wanted to point 
out, Ms. Baird, that one of the reasons that we--I never make 
excuses for my fellow Senators, but there is a major bill 
signing this afternoon on the Volunteers Act with Senator 
Kennedy and President Obama, and I know that there are members 
of the Judiciary Committee that are at that bill signing. So I 
just really wanted to point that out to the witnesses. I know 
some of the members of this Committee had that conflict, and 
that is where they are this afternoon.
    I want to give Senator Kyl a moment. I said before you 
came, I thank you and I thank Senator Feinstein for your 
leadership on this Subcommittee. You have established a 
bipartisan record of putting our Nation's security first on 
dealing with terrorism in the work of this Subcommittee. It is 
a model that I intend to follow, and I personally want to thank 
you for the work that you have done, both as Chairman and 
Ranking Member of this Committee. And we hope to follow in that 
tradition.

  STATEMENT OF HON. JON KYL, A U.S. SENATOR FROM THE STATE OF 
                            ARIZONA

    Senator Kyl. Mr. Chairman, thank you. I will just put my 
opening statement in the record but return the thanks. It has 
been wonderful working with Senator Feinstein. We have been 
both Chairman and Ranking in turn, and there has never been 
anything partisan about our activities. It has always been 
focused on how to protect our constituents and fellow citizens.
    You have been very helpful in the same vein in organizing 
this hearing and others, and so it is really a pleasure to work 
on a Subcommittee like this where that is the attitude that 
prevails, and I thank you very much. And my sincere apologies 
to everyone. From time to time you cannot get exactly where you 
need to be on time, and I very much apologize. I will catch up 
on the reading here and not make any further statement, but 
thank you all.
    Senator Gorton, it is great to see you again.
    [The prepared statement of Senator Kyl appears as a 
submission for the record.]
    Chairman Cardin. Senator Gorton?

 STATEMENT OF HON. SLADE GORTON, FORMER UNITED STATES SENATOR 
  FROM THE STATE OF WASHINGTON, AND MEMBER, MARKLE FOUNDATION 
    TASK FORCE ON NATIONAL SECURITY IN THE INFORMATION AGE, 
                      SEATTLE, WASHINGTON

    Mr. Gorton. The Markle Task Force on National Security in 
the Information Age is now some 7 years old and has issued 
three reports on that subject, the latest of which focuses on 
information sharing and the vital importance of appropriate 
information sharing at all levels of government toward our 
national security.
    At one level, I have good news, Mr. Chairman and Senator 
Kyl. We are not asking you for any new laws. We believe that 
the two statutes that were passed pursuant to the 
recommendations of the 9/11 Commission, which in turn depended 
significantly on the Markle Commission's earlier reports, are 
sufficient to do the job. The problem is in their 
implementation. The problem is in a very slow-moving 
bureaucracy which takes a long time in changing its habits. And 
we want a major change in habit. We have lived for generations 
on a basis of sharing intelligence on a need-to-know basis. We 
think the philosophy ought to be ``need to share,'' with the 
burden being on those who would not share rather than the other 
way around.
    The 9/11 Commission reported on ten lost operational 
opportunities to derail the 9/11 attacks. Now, we cannot say 
that any one of them or even all of them would absolutely have 
done so, but we had ten chances that were missed, and every one 
of them involved a failure to exchange, to share information 
which was in the possession of one Government agency or 
another. And so the current Markle Task Force report, which you 
have and which you and your staff have read, says that even 7 
years after 9/11, our Nation is still at risk. We need better 
information to defend the homeland.
    I am sure that Chief Manger is going to report that it is 
much easier today to share information upwards from his level 
than it is downwards from the national level to the law 
enforcement agencies that are on the front line of our defense. 
And that is only one example of where we have not done the job 
exactly right.
    We have a couple of very specific requests directed more at 
the administration than they are here at the Congress. The 
first one is that the program manager for the information-
sharing environment be lodged in the White House. That seemed 
to be at the present time something of a bureaucratic morass 
somewhere in the Intelligence Committee. In the White House, 
that officer would have the ability to see to it that 
information is shared appropriately.
    And, second--and you mentioned this yourself, Mr. Chairman, 
in your opening remarks--these two statutes have set up a 
privacy board which is not yet appointed and in being. We also 
believe that while the Obama administration has started very 
well in setting out a philosophy for privacy, it needs to 
enforce a uniform policy on all of the agencies of Government, 
and it needs to make that policy enforceable, not just a set of 
suggestions.
    Finally, I want to express a real admiration for the two of 
you and for your Subcommittee in one very important matter. You 
are not going to get very much publicity or political credit 
for doing the kind of oversight job that needs to be done. 
Success breeds complacency, and we have now gone 7\1/2\ years 
without a terrorist attack in the United States--partly due to 
better laws and better enforcement, even though they are still 
inadequate. And that means that people are paying attention to 
other matters, and that complacency, in my view, is the cause 
of the great risks that we run at the present time.
    So you need to be on the forefront of harassing and talking 
to people in the administration and getting them to do their 
jobs right in a way that is probably not going to bring you 
very much credit. But if you do it right, you will see to it 
that that 7\1/2\ years of no attacks on the United States will 
be many, many more years in the future.
    [The prepared statement of Mr. Gorton appears as a 
submission for the record.]
    Chairman Cardin. Thank you, Senator Gorton. I appreciate 
that very much.
    Chief Manger?

  STATEMENT OF J. THOMAS MANGER, CHIEF OF POLICE, MONTGOMERY 
 COUNTY, MARYLAND, AND CHAIRMAN, LEGISLATIVE COMMITTEE, MAJOR 
         CITIES CHIEFS ASSOCIATION, ROCKVILLE, MARYLAND

    Chief Manger. Chairman Cardin, Ranking Member Kyl, I 
appreciate the invitation to be here this afternoon speaking on 
behalf of the Major Cities Chiefs of Police, which represent 
the 56 largest police departments in the United States.
    I am pleased to report that the relationships and 
information sharing between and among Federal, State, local, 
and tribal police has never been better. But we were coming 
from a time when it was not very good. So the rest of the story 
remains that there is still a great deal more to do to fully 
engage the more than 18,000 law enforcement agencies in this 
country as full partners in the quest for homeland security.
    Federal agencies, despite their ever-improving efforts, 
have still yet to completely leverage the vast resources of our 
Nation's police and sheriffs.
    Since September 11, 2001, the FBI and the Department of 
Homeland Security--and all other agencies included in the 
intelligence community--have made tremendous progress in 
incorporating State, local, and tribal law enforcement into the 
national effort to protect our homeland.
    But as with any effort so monumental, any effort that has 
achieved progress so quickly, we need to take a good, long look 
at what has been created and make certain that what we have is 
what we intended. Keep what is working and build on it, 
eliminate duplicative efforts, and fix what is not working as 
it should.
    The areas of oversight for this Subcommittee are far-
reaching and critical. But because my time here is limited, I 
want to focus on just a limited number of topic areas. I will 
focus on the role of local law enforcement in homeland 
security; several systems in place to facilitate the exchange 
of information; establishing and maintaining safeguards for 
everyone's privacy and civil liberties; and, finally, some 
shortcomings from the perspective of local law enforcement.
    Law enforcement's role in uncovering and disrupting 
terrorist activities is well documented. Sergeant Robert Fromme 
from the Iredell County (North Carolina) Sheriff's Office saw 
two men enter a discount tobacco shop with over $20,000 cash in 
a plastic grocery bag. These men came into the shop almost 
daily buying many cartons of cigarettes. Fast-forward several 
years and a long-term Federal investigation later, and the ATF 
and FBI indicted 26 individuals who were using the proceeds 
from a cigarette-smuggling operation to fund a terrorist group 
based in Lebanon. A suspicious activity noted by local law 
enforcement, appropriately documented and legally investigated, 
results in a terrorist operation being shut down.
    This type of story is repeated over and over again because 
of the relationships and information-sharing mechanisms in 
place within the Nation's law enforcement community.
    I think everyone would agree that the key lesson that 9/11 
taught us is that law enforcement is more effective when 
relationships, protocols, and information exchange systems are 
established and in place before a crisis strikes.
    The national Suspicious Activity Report System--or SARS--is 
an effort still in its infancy that needs to be invested in and 
allowed to grow.
    The SARS process has directly enhanced the ability of local 
police to protect our communities from violent crime including 
terrorism. And, most important, the SARS process can and will 
be done in a manner that protects the privacy, civil liberties, 
and civil rights of all.
    The two greatest values of SARS are: one, the ability to 
connect events that in the past would never have been 
connected; and, two, it is a nationwide initiative that for the 
first time is providing consistent criteria and consistent 
training to all law enforcement personnel.
    We are training our first responders how to identify 
behaviors associated with terrorism-related crime and providing 
them the training they need to distinguish between those 
behaviors that are reasonably associated with criminal activity 
and those that are not.
    No police chief wants his officers involved in 
confrontational interactions with people engaged in innocent, 
constitutionally protected behavior.
    Not every person wearing baggy pants is a gang-banger and 
not every person videotaping the Washington Monument is a 
terrorist.
    Public safety is not enhanced and homeland security is not 
increased by filling data bases with information about people, 
organizations, and activities that have no nexus to criminal 
activity or terrorism.
    I firmly believe that the SARS system can operate with 
strong protections for privacy and civil liberties while it 
provides the Nation's best practice for information sharing 
among law enforcement agencies. JTTFs and fusion centers can 
also operate effectively with these protections. From a local 
perspective, involvement in the JTTFs and fusion centers 
remains the most effective way to stay on top of the latest 
terrorist threat information.
    Unfortunately, one of the harshest realities remains that 
only if a police agency is capable of assigning someone to the 
local JTTF, or a state or local fusion center, that agency is 
likely to get its most timely threat information that it can. 
Those agencies that cannot assign folks to those JTTFs and 
fusion centers are still likely to get their most timely threat 
information from the media.
    The Montgomery County Police Department, like many large 
police agencies, has the resources to assign our own personnel 
to the FBI's JTTF and two fusion centers in this region. We 
have assigned personnel to the Maryland Coordination and 
Analysis Center, the MCAC, and the Washington, D.C., Regional 
Threat and Analysis Center.
    While there is some overlap in the intelligence and threat 
information we receive from these three operations, at any 
given time one center will have information that is of interest 
to Montgomery County that the other two do not have. By virtue 
of our proximity to the Nation's Capital, it is best that we be 
plugged into all three sources. It is staff intensive and 
highlights the importance of Federal funding of intelligence 
analysts that work for the State and local agencies.
    Another area that has been a long-term issue is the need 
for a nationwide system for Federal security clearances. DHS 
has been very accommodating for sponsorship of security 
clearances, and the FBI likewise has sponsored clearances for 
police officials that have membership in the JTTF. Constant 
promotions, retirements, and transfers make it very difficult 
for the FBI and DHS to keep up.
    While the Major Cities Chiefs and Major County Sheriffs 
applaud the FBI and DHS for their willingness to provide 
clearances, there has been little progress in accomplishing a 
process for reciprocal acceptance of those clearances to access 
systems and conduct briefings. Refusal by one Federal agency to 
routinely accept the clearances issued by another is a 
disruptive policy that contradicts information sharing and 
threatens our progress toward realizing the goals of the 
Committee. The chiefs and the sheriffs ask for your help to 
resolve this issue once and for all.
    Another issue involves the sharing of some information with 
the JTTFs. While fusion centers allow law enforcement agencies 
to share information generally, there is a problem when the 
information goes through the vetting process at the JTTF. If 
the FBI decides to enter the information into the Guardian 
system for further investigation by the JTTF, the information 
immediately becomes classified, thus limiting access to the 
information.
    So if, for example, a Guardian lead is investigated 
involving fraudulent identifications, and it is later 
determined that the individuals involved have no nexus to 
terrorism, the lead is then closed by the JTTF. Local police, 
however, may be interested in working the case from a local 
crime perspective--an identity theft case. Unfortunately, the 
information gathered by the JTTF remains classified and often 
unavailable to local police. These issues require continued 
work between the FBI and local authorities.
    Let me summarize. SARS is working. Let's find a way to get 
it fully implemented around the Nation--the training, the 
accountability, and the technology.
    Fusion centers are working. Let's ensure safeguards are in 
place to protect our civil liberties and that all centers are 
equipped to combat both crime and terrorism. Done legally and 
done effectively, these centers have been responsible for the 
arrests of bank robbers, criminal street gang members, money 
launderers, and terrorists. The cases were made because 
multiple jurisdictions quickly linked crimes, patterns, and 
individuals involved in criminal wrongdoing. The value of 
fusion centers is the information they put out to all 
stakeholders.
    Every local police or sheriff's department has the 
particular mission of protecting neighborhoods--protecting 
communities from crime and terrorism. Cops on the street are 
uniquely positioned to receive and document information from a 
variety of sources that could assist the Federal Government in 
maintaining our homeland security.
    We have systems in place to facilitate the sharing of that 
information. Let's make sure all agencies are plugged in. We 
have systems in place to facilitate the sharing of that 
information. Let's ensure effective analytic capability so that 
we do not go down the wrong road.
    These systems are in place to facilitate the sharing of 
that information. Let's establish safeguards so that 
information is used appropriately and hold people accountable.
    We have systems in place to facilitate the sharing of that 
information. Fund these systems and allow them to mature and 
improve. It will make our neighborhoods safer and our homeland 
more secure.
    Thank you.
    [The prepared statement of Chief Manger appears as a 
submission for the record.]
    Chairman Cardin. Thank you very much, Chief Manger.
    Ms. Fredrickson.

STATEMENT OF CAROLINE FREDRICKSON, DIRECTOR, WASHINGTON OFFICE, 
         AMERICAN CIVIL LIBERTIES UNION, WASHINGTON, DC

    Ms. Fredrickson. Thank you very much, Chairman Cardin, 
Ranking Member Kyl, for holding this very important hearing.
    We all agree, clearly, from this panel that law enforcement 
has a legitimate need to share lawfully collected information 
regarding terrorism and other criminal activity in an effective 
and efficient manner. But we should also all agree that 
increasing the Government's authority to collect and 
disseminate personally identifiable information about Americans 
can pose significant risks to our privacy and civil liberties.
    Last year, as Senator Cardin mentioned, the ACLU of 
Maryland exposed an extensive Maryland State Police spying 
operation that targeted at least 23 non-violent political 
advocacy organizations based solely on the exercise of their 
members' First Amendment rights. The Maryland State Police 
spied on an array of political and religious organizations, 
including religious groups like the American Friends Service 
Committee, immigrants rights groups like CASA of Maryland, 
human rights groups like Amnesty International, anti-death 
penalty advocates like the Maryland Citizens Against State 
Executions, and gay rights groups like Equality Maryland. None 
of the Maryland State Police reports from these operations 
suggested any factual basis to suspect these groups posed any 
threat to security. Not surprisingly, no criminal activity was 
discovered during these investigations, some of which lasted as 
long as 14 months. Despite this lack of evidence, the Maryland 
State Police labeled many of these activists ``terrorists,'' 
distributed information gathered in the investigations widely 
among law enforcement and intelligence agencies, and uploaded 
the activists' personal information into a Federal drug 
enforcement and terrorism data base.
    The Department of Homeland Security was also involved, 
collecting and disseminating e-mails from one of the peace 
groups to assist the State police spying operation. From a pure 
information-sharing perspective, things were working well. But 
the sharing of such erroneous and irrelevant information 
provided no security benefit to the people of Maryland and only 
undermined the credibility of State and Federal intelligence 
systems.
    In recent years the ACLU has uncovered substantial evidence 
that domestic intelligence powers are being misused at all 
levels of government to target non-violent political activists. 
In addition to the Maryland State Police investigations, the 
ACLU of Colorado and the ACLU of Northern California uncovered 
widespread illegal spying by Federal, State, and local 
officials. ACLU Freedom of Information Act litigation revealed 
Joint Terrorism Task Force investigations targeting peace 
activists in Pennsylvania and Georgia, and Department of 
Defense intelligence operations targeting anti-military and 
anti-war protestors from around the country.
    The ACLU has produced two reports warning of problems at 
intelligence fusion centers, so we were not surprised when 
intelligence products written by fusion centers in Texas, 
Missouri, and Virginia targeted a wide variety of political and 
religious groups. And a well-publicized assessment published by 
DHS this month warned that right-wing extremists might recruit 
and radicalize ``disgruntled military veterans.'' And a DHS 
contractor's report smeared environmental organizations like 
the Sierra Club, the Humane Society, and the Audubon Society as 
``mainstream organizations with known or possible links to eco-
terrorism.''
    Abusive intelligence reports that share misleading 
information about the ideologies and activities of non-violent 
activists do nothing to improve security and only undermine 
public support for law enforcement. While effective and 
efficient information sharing among law enforcement agencies is 
an important, and critical goal, intelligence activities that 
target political dissent as a threat to security lead only to 
misguided investigations that violate rights, chill free 
expression, and waste the time and resources of our security 
agencies.
    Frederick the Great warned that those who seek to defend 
everything defend nothing. Guidelines and regulations that 
require law enforcement officers to have a reasonable factual 
basis to suspect illegal behavior before collecting and 
distributing personally identifiable information help curb this 
abuse and focus finite police resources where they belong--on 
criminal activity.
    Congress has an obligation to examine and evaluate all 
Government intelligence and information-sharing programs 
regularly and withhold funding from any activities that are 
unnecessary, ineffective, or prone to abuse.
    We do not have to choose between security and liberty, and 
I think it was in the Markle report that said this is not a 
zero sum game. Security and liberty both support each other. 
But in order to be effective, intelligence activities need to 
be narrowly focused on real threats, tightly regulated, and 
closely monitored. We look forward to working with this 
Subcommittee to establish and enforce reasonable standards that 
protect both privacy and security.
    Thank you.
    [The prepared statement of Ms. Fredrickson appears as a 
submission for the record.]
    Chairman Cardin. Well, once again, let me thank all four of 
our witnesses. I found your testimony very helpful.
    Senator Gorton, let me start, if I might. You said 
something which I agree with, and that is, it looks like our 
primary responsibility of this Committee is going to be 
oversight. We have passed a lot of laws, and there is a lot of 
authority, and it is a matter of getting it right. But much of 
it is administrative more so than passing any new laws.
    Then, Ms. Baird, you pointed out something that I found 
interesting, and that is, rather than sharing the information 
directly by transferring it to different data banks, as I 
understood your testimony, you are saying that the collector 
agency should maintain it, keep it current, and then make it 
accessible for those who have use for that type of information. 
That would certainly have handled one of our major concerns in 
Maryland. We were concerned in Maryland not only with what the 
Maryland State Police did, but the fact that they made that 
information available to a Federal data bank, and we were 
concerned that it was then being used extensively in a Federal 
data bank when it should not have been in a Federal data bank 
to start off with.
    My question basically is: How does one access the 
information if they do not know it exists? If you are doing a 
criminal investigation or you stop someone, and if you do not 
have access within your data bank to that information through 
appropriate sharing, how do you get timely access to 
information that allows you to deal with a terrorist threat?
    Mr. Gorton. We came up with an analogy, the analogy to a 
public library and the card catalogue and the old-fashioned way 
of footing that. And under that kind of system, the gathering 
agency would not publish it to every other agency by any means, 
but it would have a short and anonymous index to the subject 
matter, something of that sort. That would be available to the 
other agencies, and then if another agency was in that subject 
matter, they could seek through appropriate means to get a hold 
of the entire bed of information that--the entire bed of 
information itself. Just as, you know, you do not go to a 
public library and wander up and down the aisles hoping that 
you will find a book on the subject that you want; you look in 
the card catalogue which has that very brief summary.
    This is one way of keeping the information anonymous, not 
spreading it willy-nilly to every potential reader by any 
stretch of the imagination, but at least telling the searcher 
who is looking for a particular subject that something on the 
subject exists.
    Chairman Cardin. But let me just give you an example. Chief 
Manger is investigating some criminal enterprise in Montgomery 
County that may very well be local, or it could very well be 
connected to terrorist activities. How would he know that the 
individuals that are participating in this activity are of 
interest to the collectors of intelligence information 
nationally as potential terrorists?
    Mr. Gorton. If he came up with a particular name, I think--
and I am going to let Zoe correct me on this, if she wishes to 
do so--about which he had reasonable grounds to feel might be 
of national interest or some such thing, presumably he would be 
able to find out whether or not the Federal Government had 
information on that individual or on the type of the activity 
in which he was presumably engaged.
    Is that an accurate description, Zoe?
    Ms. Baird. Yes, I think that is fair, and I think the point 
is twofold: One, he has to be able to articulate why it is he 
thinks this person is connected to terrorism, and he will be 
accountable for that. But, secondly, the rules that need to be 
written are rules which would say in passing that information 
along to the relevant Federal agencies, say the FBI, does he 
need to pass on the name, or should he pass on the character of 
the activity that he is seeing to see if it might be related to 
other activity that the FBI is concerned about?
    Obviously, if a local police officer has hard information 
or reasonable suspicion that someone is engaged in a terrorist 
activity, they know what to do today. That is, you know, an 
area that is pretty well worked out. But what we are talking 
about is the use of intelligence information where the piece of 
information one individual has does not tell the whole picture. 
So you need to be able to ensure that that information gets 
connected up with other people who might have other pieces of 
information. And we could go back to the 9/11 story. You know 
all those stories about the bits of information the FBI had, 
the bits of information the CIA had, and how those dots were 
not connected.
    In fact, in our first report we showed how you could have 
identified all 19 terrorists from publicly available 
information, but terrorists are probably a little smarter. 
Those terrorists were using the same addresses, even the same 
frequent flyer numbers.
    But the key answer to this is that we need the 
governmentwide policies, and this is an area where you could 
call in the agencies to account to you what are the policies 
that they are using to answer these questions. How does a local 
police officer know, with care, how to share information with 
other agencies?
    Chairman Cardin. Here is my concern. I do not know whether 
the local law enforcement has enough dots to connect, and they 
may very well need to access the national data bank in order to 
get the missing dot that makes the connections.
    Chief Manger, does this work the way----
    Ms. Baird. If I could add one more comment before you 
respond, because this may help in your response.
    Chairman Cardin. Sure.
    Ms. Baird. Take the scenario where, at the Federal level, 
we have picked up information abroad that terrorists are 
looking at the possibility of major terrorist attacks on 
shopping centers--Mall of America, for example. There needs to 
be a way for the national apparatus, even short of an actual 
threat warning, to inform local police that they should be 
observing shopping centers, and if they see information that is 
suspicious, there is a place where that can be brought together 
with what the foreign intelligence is. But there is no need for 
the local police officer to know the details of the foreign 
intelligence, and there is no need for everyone involved in 
that information-sharing exercise to know the names of the 
people who are being observed.
    Chairman Cardin. And I think that is probably handled 
through the Joint Terrorism Task Force and the fusion centers; 
that if there is a reason for concern, that information should 
get to law enforcement through those mechanisms. But my concern 
is if there is not a red flag nationally about a problem that 
would warrant notifying Montgomery County, but Montgomery 
County has part of a scenario but not everything, how does it 
fill in the blanks without having greater access than I think 
you would normally give the local law enforcement to be able to 
check that information?
    Ms. Baird. The local law enforcement officer, if he is 
concerned about something he is seeing in a shopping center, 
should have a directory which says these are the other people 
who have been looking at threat warnings related to shopping 
centers, talk to them, create an ad hoc group that is going to 
discuss what the problem is what they are observing. And that 
is what we hope the overall information-sharing exercise will 
encourage, is the forming of groups that share information 
based on identifying that others are working a similar problem.
    Mr. Gorton. Let me give you a specific example, if I can, 
from 9/11. I believe, from my memory, that FBI agents in 
Phoenix, I think, discovered that a significant number of 
people were taking flying lessons but only how to take off and 
never how to land. Now, the same thing was going on with 
Moussaoui in Minnesota. But even within the FBI, you know, if 
the FBI agents in Phoenix had said, ``Is this going on 
somewhere else?'' they would not have gotten the information 
back. If both of them had known it, it might very well have 
been that the FBI would have authorized going after a subpoena 
for Moussaoui's laptop--you know, which it did not do.
    Now, if that did not happen in the FBI, just imagine what 
would happen if the Chief of Montgomery County had found people 
doing the same thing and, pre-9/11, had asked the FBI if it 
were going on anywhere else. He would have gotten a blank wall 
from doing that.
    But take those bits of information. No one needed to know 
the names to begin with. The fact that there were people in 
various parts of the country taking these peculiar types of 
flying lessons might have been something that brought them 
together to the point at which they all went forward to the 
next step. It would have been--it could have been anonymous, 
would have been anonymous in the original instance. But it did 
not even happen within the FBI, much less between the FBI and 
any local law enforcement agent.
    Chairman Cardin. And I agree with you on scenarios that 
should be shared. I still have a concern about local law 
enforcement. With Senator Kyl's permission, I am going to give 
Chief Manger a chance just to respond.
    Chief Manger. Just a couple of reactions. The system that 
has been described, you initially asked would that work. And I 
guess the short answer is I am not sure. Ideally, if we can put 
the guidelines in place and have them be consistent throughout 
the country, I think that absolutely needs to be done. And I 
will tell you an example.
    We have gang data-bases that we use regularly, every day, 
in Montgomery County where there are individuals and 
information about specific gangs as well as specific 
individuals in this data-base. There is a specific set of 
criteria, and it has been--we have discussed it with the 
community, I think even with the local chapter of the ACLU 
knows our criteria of how someone can get entered into our gang 
data-base. The information is scrubbed every so often, but I 
bring this up because if one of my officers stops somebody for 
running a stop sign and, you know, because we have the 
computers in the cars, we just routinely make ``Wanted'' checks 
on someone, you know, is that a bad thing? Now, all this person 
has done is run a stop sign. But shouldn't that officer know 
that this person is listed in the gang data-base and in the 
information in the gang data-base, they were arrested a year 
ago and they were carrying a gun? I think that is information 
that is good for that officer to know.
    Now, again, the officer can deal with the running of the 
stop sign and that is it, but that is information that I 
believe is necessary for my personnel to have.
    If there are criteria for how someone gets into a data-base 
and that criteria is agreed on and has protections in it, then 
I think that it makes sense for that officer who, you know, 
stops that individual for running a stop sign, if they are on a 
terrorist watchlist or have some nexus to terrorism, I think it 
is good that the Federal authorities are made aware that this 
person ran a stop sign, just for their information. Now, is 
that going to open up a case? No. But that kind of information 
sharing could end up being useful. We do not know.
    Another example. We had a case where a maintenance person 
in an apartment complex called us and said, ``I have got a 
suspicious activity. We have a group of men who have rented an 
apartment. They pay their rent in cash at the end of every 
month. We just had to go in to change the furnace filters. We 
went in there. There is not a stick of furniture in this 
apartment, but there are magazines. There are flight 
instruction magazines in the apartment.''
    They called us. Now, there is not a law that has been 
broken. There is no law that says you have to have furniture in 
your apartment. There is no law against subscribing to flight 
instruction magazines. But what you have here is, in my view, a 
situation that warrants further looking into.
    You know, my folks are not equipped to do terrorism 
investigations, but, you know, that kind of information needs 
to be shared with the JTTF. And that is what it was. We turned 
all the information we had over to the JTTF.
    And so I think the key here is having a set of guidelines 
for information. If information is in the data-base, then it 
has already been scrubbed. It has already been verified as 
being appropriate to be in a data-base. And if that is the 
case, then we should be able to share it with anybody.
    Chairman Cardin. Let me turn to Senator Kyl. We may come 
back to this in the second round.
    Senator Kyl. Thank you, Mr. Chairman. I am interested in 
the same thing, so you are doing a good job of cross-
examination there.
    Ms. Fredrickson, just on that last point, anything wrong 
with the Chief's folks sharing with the Joint Terrorism Task 
Force information that they came across, including, let's say, 
the names of the people who leased the apartment, just as 
something that they might want to look into?
    Ms. Fredrickson. Well, I would like to go back to something 
that the Chief said in his testimony, which I think puts us 
exactly in the same place. He said that it is important to make 
sure that the officers are looking at individuals or events 
that are reasonably associated with criminal activity. And I 
think this is an example similar to the running of the stop 
sign.
    What we have a problem with is what the Maryland State 
Police was involved with----
    Senator Kyl. OK. I heard you testify about that. But there 
is no obvious criminal activity in the circumstance that he 
discussed. In retrospect, knowing what we know about 9/11, you 
know, a light bulb would go on in our mind. Pre-9/11, I am not 
sure that your guy seeing that would have necessarily called a 
joint task force, if it existed at that time.
    Chief Manger. You are right.
    Senator Kyl. I am just presupposing that.
    Ms. Fredrickson. And I think this is why there is a need, 
exactly what Ms. Baird also called for earlier, there is a need 
for standards. There is a need for standards governmentwide. I 
think we have a lot of different government entities--the 
JTTFs, we have the fusion centers, we have a lot of different--
I am getting back to your----
    Senator Kyl. Let me just interrupt you there. What kind of 
a standard would be appropriate for the circumstance, just the 
real-life circumstance that the Chief just talked about.
    Ms. Fredrickson. Well, I think you have to be very careful 
not to start putting people's names in data-bases if there is 
not something some reason to believe that they are associated 
with some criminal activity. I think bringing to Federal task 
forces this paradigm, I think, again, to refer to what my 
colleagues have said on this panel, you know, you have to 
disassociate personally identified information from 
circumstances----
    Senator Kyl. But if I can interrupt you, how do you--some 
three people rented an apartment that had only magazines in it. 
Well, can you give us their names so we can see if they have 
some previous terrorist activity? No, I cannot do that. I mean, 
what good is the info that there was an apartment rented by 
three people that had no furniture, but just a bunch of----
    Ms. Fredrickson. Well, I would say that in most 
circumstances, that information would probably not be 
worthwhile, and you really do have to be careful about 
putting--every time you discover an apartment with only 
magazines, and you look at the people's names on those 
magazines, and they go into a Federal terrorism data-base, I 
think that is probably quite problematic.
    Senator Kyl. Are you maybe jumping some--they go into a 
Federal terrorist data-base. I think you are skipping one step. 
The names are reported to someone who determines whether or not 
they have any kind of information on them. Wouldn't there be a 
standard before they are actually put into the data-base to try 
to connect them? Chief, would that be the normal step that 
would be taken?
    Chief Manger. Yes. I think the key there is, you know, we 
reported the information to the JTTF. I would be very 
discouraged if the JTTF just took the names of those four 
people that were on the lease and stuck them in the data-base. 
What they need to do is an investigation at this point.
    Senator Kyl. Right.
    Chief Manger. And I think it is prudent to do that 
investigation and then, based on the results of that 
investigation, then determine whether those names should go in 
the data-base or not.
    Senator Kyl. Could I ask any of you--and maybe, Chief, you 
are the one to answer this--what kind of information generally 
is in the SARS data-base?
    Chief Manger. It is suspicious activity reports, and it is 
anything that has a nexus to terrorism. I mentioned that----
    Senator Kyl. Is it terrorism only? Or could it be drug 
running or----
    Chief Manger. SARS is primarily for terrorism.
    Ms. Baird. I could maybe jump in try to shed some light on 
this in terms of the kinds of guidelines that are needed. The 
circumstance that we do not want to miss is a situation where 
the FBI in its Intelligence Unit, for example, has information 
from the CIA that is causing it to look for terrorists who 
might be living in Baltimore, and then to find that the local 
police find this apartment, find the flight manuals, and we 
have some other information which says that there is a 
terrorist group that is trying to use airplanes to commit a 
terrorist act.
    The situation we do not want to be in is where that 
information cannot be looked at as a whole by someone who is 
analyzing the situation. On the other hand, we also do not want 
to be in a situation where we are taking the names of people, 
where we have no information at all that they have committed 
any crime, and we are running them against law enforcement or 
Federal data-bases.
    So I would say that this is a very good example of the care 
with which these guidelines need to be written because I would 
think that in a circumstance like this, the local law 
enforcement can say we got a report of this apartment, these 
magazines, no reason to think anybody is involved with a crime, 
but someone was suspicious about this. It is just like the 
original stories of the time of 9/11 where the Attorney General 
was talking about the need for the UPS truck driver who sees 
something suspicious to be able to have someone to call, and 
the magnificent op-ed written by a UPS truck driver in the New 
York Times which said, ``I do not want to start becoming a law 
enforcement officer and reporting on the people I see on the 
street.'' Well, we have to figure that out as a country.
    So what I would say is you need a place, a circumstance, a 
guideline which says something that low level--an empty 
apartment with some magazines lying on the floor--I would not 
jump to the belief that that person is engaged in terrorism, or 
we will have laws passed which say we cannot look at any 
information, because that is not the country we live in.
    Senator Kyl. Well, if I----
    Ms. Baird. But we need to--if I could just finish, we need 
to be able to have someone who might be looking for a terrorist 
cell in that city, maybe even in that neighborhood, have some 
suspicion brought to their attention without necessarily having 
to identify the names, but the ability to go back and find out 
those names if someone has a reason, can document a reason to 
obtain them.
    Senator Kyl. Well, with all due respect, a lot of police 
work is based on hunches and suspicions, and this reminds me of 
another suspicious activity that turned out to be a problem and 
so on. And I think if you try to put too many restrictions on 
what police officers can follow up--they are not accusing 
anyone of a crime. They are not putting him into a data-base. 
What they are doing is saying here are names of three guys on 
magazines that we picked up under somewhat suspicious 
circumstances to the Federal authorities, is there anything 
about these three guys that you already know that might lead us 
to want to follow it up? I see absolutely nothing wrong with 
that. Do you? Ms. Baird?
    Ms. Baird. Well, I think the really important part of what 
you said is the police officer's knowledge of what is 
suspicious. I think we have to honor that and certainly enable 
that. But I think we also have to ensure that that 
professionalism is carried through and that by opening up an 
information-sharing environment and an intelligence role for 
law enforcement officers, that we do not say to law enforcement 
anything goes now, there are no rules. And that is the problem 
we have had. And, quite frankly, it has been more an inhibition 
on the law enforcement officers who want to participate in an 
information-sharing environment because they are used to 
following rules and laws, and they need the new rules and laws 
that operate in the intelligence context, which is different 
than the law enforcement context.
    One of the reasons that the rules might be less stringent 
in the intelligence context is that the way we act against that 
information is to not take away someone's liberty by locking 
them up. In other words, a law enforcement investigation brings 
the power of Government behind it; whereas, an intelligence 
investigation might not have the same consequences for an 
individual.
    Senator Kyl. So there could be different standards, 
depending upon the nature of the investigation.
    Ms. Baird. Right.
    Senator Kyl. Thank you.
    Chairman Cardin. Well, continuing this line, because I 
think this is really the critical part, we are trying to get it 
right on sharing of information. And it is interesting, I think 
we might be drawing a distinction between information and 
intelligence. If we gather too much information, we can clog 
the system and violate privacy, make it very tempting to 
violate privacy. If we do not collect enough information, then 
good leads go--you do not follow them up. You do not deal with 
what we should do to keep people safe.
    Now, do not oversell the Maryland situation. The Maryland 
situation, they did a full investigation. There was nothing 
there. Nothing should have been forwarded to the Federal 
Government. It was. It was wrong--violation clearly of laws and 
privacy--and the Maryland Legislature has taken action. I have 
not had a chance to review their statute. I know the summary of 
it, and I would be curious. We can maybe talk later about how 
effective you believe the Maryland Legislature will be. I am 
also interested in Chief Manger's view as to what the Maryland 
Legislature did.
    But I think the challenge we have here, we need uniformity 
on guidelines. We have got to know what the right rules are, 
and they have to be enough to share information so that when 
you get information that requires a follow-up for you to 
complete an investigation, either you turn it over to the 
appropriate agency to complete the investigation, or you 
complete the investigation with access to information and 
intelligence that have been gathered that you should be able to 
get access to. That is what we are trying to achieve.
    I am somewhat concerned about having to draw too many 
conclusions locally before local law enforcement has access to 
actionable intelligence information. And I know this is a 
difficult balancing act, but I do have that concern. And I 
think we are going to need to follow that up in more detail.
    But, Chief Manger, I want to ask you a question because you 
pointed out a real practical problem we have for local law 
enforcement in getting information. We have the fusion centers. 
We have the Joint Terrorism Task Forces. But if you cannot 
either participate in that or you do not have the resources to 
assign an intelligence officer to participate, your chances of 
getting timely intelligence information may be lost.
    So I look at some of our smaller law enforcement agencies 
in Maryland who cannot afford to hire full-time intelligence 
officers to participate in this and wonder how they get access 
to information they need in order to participate in keeping our 
communities safe from terrorism.
    Chief Manger. That is the million-dollar question, and I do 
not have the answer other than to say the FBI offers LEO, Law 
Enforcement Online. That does provide some information to 
anyone who gets an account. It is restricted to law enforcement 
only, and you can get into that data-base and get some 
information.
    For instance, in the smaller jurisdictions within 
Montgomery County, I try and maintain a very good dialog with 
those jurisdictions so that when we get information about a 
threat, we share that information. But, I mean, I cannot worry 
about sharing it with the city of Frederick or, you know, 
Hagerstown or somewhere else. So, you know, they are sort of at 
the mercy of the agencies that are plugged in whether they get 
that information in a timely manner. The fact is they usually 
get it from CNN. That is where it ends up getting to them. By 
that time, everybody has got it.
    Chairman Cardin. Yes. Senator Gorton?
    Mr. Gorton. Mr. Chairman, I would like to go back to 
Senator Kyl's question, and I must tell you that sitting here 
and listening to a question de novo, I do not believe that I 
know the answer to that question in any highly positive 
fashion. But I believe that is the very reason that we made our 
recommendation that while this administration has taken a good 
first step in coming up with information-sharing guidelines for 
the Federal Government, it ought to make certain that those 
guidelines are, one, mandatory and, two, you know, apply to all 
of the agencies, because under those circumstances, people who 
spend a lot of time thinking very carefully about the values on 
either side of those questions will have thought them out, I 
trust, with great care.
    And then if we get this privacy board actually appointed 
and in business, you know, there will be an entity, again, that 
focuses, I think, very, very carefully on this kind of 
question. Both the 9/11 Commission report and Ms. Fredrickson 
in her testimony stated something that ought to simply be a 
truism. We are not engaged in a zero sum game here in which 
every enhancement of national security can only come because we 
are limiting civil liberties or every attempt to validate civil 
liberties is going to decrease our national security. The two 
can work together. They can be self-reinforcing.
    When I get asked a specific question like that, I just hope 
there is someone who has thought about it more than I have in 5 
minutes right here and can come up with a set of rules and a 
set of policies that will make it work. And I believe that is 
clearly possible, and that your function here as a Subcommittee 
is to try to push the administration into doing that as 
promptly and effectively as possible.
    Chairman Cardin. Thank you.
    Ms. Fredrickson, I wanted to give you a chance to respond 
as to what you would urge us to look at on guidelines are our 
highest priorities on protecting the legitimate privacy and 
rights of our citizens.
    Ms. Fredrickson. Well, we have a fuller set of 
recommendations in the testimony we provided to the Committee, 
but I think one of the important parts is to go to 28 CFR Part 
23 and codify that regulation, which would establish a 
reasonable suspicion standard for all criminal intelligence 
information collection programs and limit dissemination absent 
a legitimate law enforcement need.
    I think it is very critical that there be standards that 
are governmentwide, that will be clear for law enforcement and 
will prevent the kind of surveillance based on First Amendment-
protected activities that we have seen not just in Maryland, 
although that was one of the more recent examples, but across 
the country.
    Chairman Cardin. Under that guideline, would Chief Manger 
be able to enter information concerning that apartment that he 
observed?
    Ms. Fredrickson. Well, I think there was a general 
agreement that information would be entered into a data-base 
without some kind of corroboration of actual criminal activity. 
But whether there would be an ability to talk to fellow 
departments and speak with the Federal Government about whether 
or not there were similar activities that had been observed, 
you know, I do not think that would be precluded at all.
    Chairman Cardin. Senator Kyl?
    Senator Kyl. Chief, one of the things you said was that we 
need to make the SARS more broadly available, or words to that 
effect. Two questions. How available? What exactly are you 
talking about? And, second, what is keeping that from 
happening? Which would lead us, obviously, to the third point, 
which is how to make it happen.
    Chief Manger. It is still a very new program, and each 
individual police agency--and there are 18,000 police agencies 
in this country--has to make the decision to hook into this. 
And it takes technology, it takes, you know, funding, and some 
departments--the Los Angeles Police Department has been a 
pioneer, done a nice job at getting in there.
    The Montgomery County Police is just getting plugged into 
the SARS program, and it is a pilot agency for the State of 
Maryland.
    Senator Kyl. So it basically requires you to get the 
funding to physically by computer tie your system into that 
system so that your officers, or at least some of them, can 
access that information.
    Chief Manger. That is correct. And then also the key here 
is having an analyst who knows what should go in and what 
should not go in, and the training, the guidelines, 
everything----
    Senator Kyl. So this is interactive in the sense that your 
guys can put stuff into it as well. They are not merely gaining 
access to information somebody else has already put in.
    Chief Manger. That is correct.
    Senator Kyl. One reason I mention this is that yesterday 
Senators Lieberman, McCain, and I held a hearing in Phoenix 
about the drug cartel activity coming through Mexico and 
spilling over into the United States. It is an awful situation, 
and we asked the Phoenix police chief, for example, what to do 
about it. He had several stories, and one of the points he made 
was that they need to be able to get into the SARS system. I 
did not ask him at that point, ``What do you need to do that?'' 
But they will stop someone on a traffic charge and then only 
later find out that the car was owned by a drug dealer or had 
been stolen or was operated by someone known to be a carrier 
for the cartel or something of that sort. And so he was 
lamenting the fact that they were not tied into it. So it is 
primarily a matter of resources for local police to tie into 
the system. Is that correct?
    Chief Manger. That is correct.
    Senator Kyl. Well, it is good to know that it is only 
resources.
    One of the questions that I had was this comment that, Ms. 
Fredrickson, you made. You said the current method of homeland 
security is an ``all crimes, all hazards'' approach. And I 
would just like to know from the members of the panel, is that 
OK? Or were you suggesting that that is a real problem?
    Ms. Fredrickson. I was suggesting that is a problem because 
it is wasting resources that should be focused on criminal and 
terrorist activity.
    Senator Kyl. But the example that the Subcommittee--in 2004 
we had a Subcommittee hearing, and here is a quotation from the 
testimony: ``Three of the 19 hijackers on September 11th were 
stopped by State or local law enforcement officials in routine 
traffic stops in the weeks leading up to the attacks on the 
Nation. For example, on September 9th, 2 days before the 
September 11th attack, Maryland State Police stopped Ziad 
Jarrah for driving 90 miles an hour in a 65-mile-an-hour zone 
in a rural section of I-95 near the Delaware State line. A 
videotape of the stop shows the State trooper approaching the 
car, obtaining the driver's license and registration, returning 
to his patrol car for a radio check of the credentials. Jarrah, 
who was on the CIA watchlist, was given a ticket and allowed to 
go.'' And there are other similar situations.
    Now, that is an example where if we had really applied the 
``all crimes, all hazards'' approach, we might have been able 
to identify him, is it not? And that would have been a good 
thing, would it not?
    Ms. Fredrickson. Well, what we were referring to in the 
testimony was actually the examples that we discussed, which is 
of law enforcement mistaking First Amendment-protected activity 
for suspicious activity and using resources to track, for 
example, in Maryland anti-death penalty activists or anti-war 
activists or gay rights activists. That is what we are talking 
about when we are talking about--the gathering of this kind of 
information, the sharing of that kind of information with 
Federal law enforcement and the clogging of the data-bases with 
that irrelevant----
    Senator Kyl. Well, if I could just interrupt, these are 
your words, not mine, the ``all crimes, all hazards'' approach. 
I interpreted that to mean that you had to have a crime, that 
you are not just targeting free speech activity, but you have 
to have a crime, first of all, and then see whether or not that 
leads you to something else.
    Ms. Fredrickson. Well, that is not what was intended in 
that statement. It really is ``all hazards'' point of view, and 
what we are saying is that there needs to be appropriate, 
effective attention actually to crimes and to terrorist 
activities.
    Senator Kyl. So just the general proposition that when a 
crime is committed, let's say a traffic stop, and then 
something else is investigated or the data-base is accessed to 
see whether this would lead to anything else, as a general 
proposition that is not what you were criticizing, is that----
    Ms. Fredrickson. No.
    Senator Kyl. Anybody else on the panel want to refer to 
that?
    [No response.]
    Senator Kyl. It seems to me that, just as a general 
proposition--let me get your reaction to it--that while 
guidelines are really important when you are investigating 
these kinds of activities, you also need to be very careful 
that you do not get into a situation analogous to the wall of 
separation that existed before 9/11, where an arbitrary legal 
standard prevented the sharing of data. And I can just see one 
of the officers pulling out a manual about the size--I mean, if 
you have ever seen a flight manual, they are about that thick--
and trying to figure, OK, now here is what happened, what can I 
try to find out and where do I find it out? I mean, I think you 
would all agree, would you not, that this has to be done in a 
very usable way, and that argues against really complicated 
legalese that is going to make it very difficult for the people 
on the spot to be able to access the information in a quick and 
profitable way. Ms. Baird?
    Ms. Baird. Senator Kyl, if I could comment on that, in my 
opening statement I made a statement I would like to reiterate, 
which is that we need these guidelines not just to constrain 
Government employees but to empower them, that there is a great 
deal of uncertainty now about what people are authorized to do, 
and so they are not doing it.
    And the second comment I would make is that you are 
absolutely right that this has to be very easy to understand 
and you need to be able to walk around the building, stop 
somebody in the hallway, and ask them the question and have 
them be able to answer it. It has got to be that, you know, 
real time that they know what the answer is of what they are 
able to do. And we can help that with technology. We can 
facilitate it by having automatic authorizations or approvals 
of things that happen because a particular individual enters 
their identification code and the reasons why they think they 
need the information. So if we can get the technology systems 
built as well as the policies written, we ought to be able to 
facilitate this.
    But the lack of adequately robust policies now is really 
slowing things down more than the technology question, and if 
anything, the technology is getting out ahead of the policies. 
And so you are creating more and more ways that we might 
collect or analyze information, but people are not using it or 
do not know what they are empowered to do because they do not 
have robust enough policies.
    So I think you are absolutely right, the objective here is 
not to write a rule book. You know, when I first went to work 
as general counsel of the chairman, they handed me a 2-inch 
thick glossary of terms of that industry, and I said, ``If I 
have to learn this, I cannot do my job.'' You cannot weigh 
people down with things that make it impossible for them to 
understand what they have to do. But we do need these rules to 
empower people so that they are not afraid to act because they 
do not want to wind up here in front of you saying why they did 
something without any real authorization that they can point to 
to say that they were supposed to do it.
    Mr. Gorton. I just want to emphasize my full agreement with 
Zoe in that respect. In this report we say we want a paradigm 
of need to share rather than need to know. And traditionally in 
the Federal Government--on this point, I am speaking only of 
sharing within the Federal Government--there have been great 
penalties for the unauthorized sharing. And that is why you 
absolutely had to prove you needed to know something before you 
got it, and you did not know what you did not know so you could 
hardly look for it.
    We need a set of policies that is at least as encouraging 
for the sharing of information with people and agencies that 
have some reasonable access to it than there are penalties for 
unauthorized sharing. And, again, you are absolutely right, it 
has got to be clear. People have got to be confident in what 
they are doing.
    Chairman Cardin. Let me again thank the witnesses for their 
testimony. As I said at the beginning, this is the first 
hearing of this Subcommittee. It is intentional to be the first 
hearing because I consider this to be our most important 
responsibility in making sure that actionable intelligence 
information is gathered in a way that is made accessible to 
those who can prevent terrorist activities in our country. And 
I think the comments that have been made about the laws are 
adequate, provided that there is proper oversight and there are 
clear guidelines, which we have not yet implemented in our 
Government. So it is an issue that our Committee will clearly 
be continuing to have interest in and conduct additional 
oversight in these areas.
    So, once again, let me thank our four witnesses for 
participating in this hearing. The hearing record will remain 
open for 1 week for any additional statements or questions, and 
with that, the Subcommittee will stand adjourned. Thank you.
    [Whereupon, at 3:55 p.m., the Subcommittee was adjourned.]
    [Questions and answers and submissions for the record 
follow.] 

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


                                 
