b"<html>\n<title> - INTELLIGENCE SHARING AND TERRORIST TRAVEL: HOW DHS ADDRESSES THE MISSION OF PROVIDING SECURITY, FACILITATING COMMERCE, AND PROTECTING PRIVACY FOR PASSENGERS ENGAGED IN INTERNATIONAL TRAVEL</title>\n<body><pre>[House Hearing, 112 Congress]\n[From the U.S. Government Publishing Office]\n\n\n\n \n   INTELLIGENCE SHARING AND TERRORIST TRAVEL: HOW DHS ADDRESSES THE \n MISSION OF PROVIDING SECURITY, FACILITATING COMMERCE, AND PROTECTING \n         PRIVACY FOR PASSENGERS ENGAGED IN INTERNATIONAL TRAVEL\n\n=======================================================================\n\n\n\n                                HEARING\n\n                               before the\n\n                    SUBCOMMITTEE ON COUNTERTERRORISM\n\n                            AND INTELLIGENCE\n\n                                 of the\n\n                     COMMITTEE ON HOMELAND SECURITY\n\n                        HOUSE OF REPRESENTATIVES\n\n                      ONE HUNDRED TWELFTH CONGRESS\n\n                             FIRST SESSION\n\n                               __________\n\n                            OCTOBER 5, 2011\n\n                               __________\n\n                           Serial No. 112-49\n\n                               __________\n\n       Printed for the use of the Committee on Homeland Security\n                                     \n[GRAPHIC] [TIFF OMITTED] CONGRESS \n\n                                     \n\n      Available via the World Wide Web: http://www.gpo.gov/fdsys/\n\n                               __________\n\n\n\n\n                  U.S. GOVERNMENT PRINTING OFFICE\n73-736                    WASHINGTON : 2012\n-----------------------------------------------------------------------\nFor sale by the Superintendent of Documents, U.S. Government Printing \nOffice Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC \narea (202) 512-1800 Fax: (202) 512-2104  Mail: Stop IDCC, Washington, DC \n20402-0001\n\n\n\n                     COMMITTEE ON HOMELAND SECURITY\n\n                   Peter T. King, New York, Chairman\nLamar Smith, Texas                   Bennie G. Thompson, Mississippi\nDaniel E. Lungren, California        Loretta Sanchez, California\nMike Rogers, Alabama                 Sheila Jackson Lee, Texas\nMichael T. McCaul, Texas             Henry Cuellar, Texas\nGus M. Bilirakis, Florida            Yvette D. Clarke, New York\nPaul C. Broun, Georgia               Laura Richardson, California\nCandice S. Miller, Michigan          Danny K. Davis, Illinois\nTim Walberg, Michigan                Brian Higgins, New York\nChip Cravaack, Minnesota             Jackie Speier, California\nJoe Walsh, Illinois                  Cedric L. Richmond, Louisiana\nPatrick Meehan, Pennsylvania         Hansen Clarke, Michigan\nBen Quayle, Arizona                  William R. Keating, Massachusetts\nScott Rigell, Virginia               Kathleen C. Hochul, New York\nBilly Long, Missouri                 Janice Hahn, California\nJeff Duncan, South Carolina\nTom Marino, Pennsylvania\nBlake Farenthold, Texas\nRobert L. Turner, New York\n            Michael J. Russell, Staff Director/Chief Counsel\n               Kerry Ann Watkins, Senior Policy Director\n                    Michael S. Twinchek, Chief Clerk\n                I. Lanier Avant, Minority Staff Director\n\n                                 ------                                \n\n           SUBCOMMITTEE ON COUNTERTERRORISM AND INTELLIGENCE\n\n                 Patrick Meehan, Pennsylvania, Chairman\nPaul C. Broun, Georgia, Vice Chair   Jackie Speier, California\nChip Cravaack, Minnesota             Loretta Sanchez, California\nJoe Walsh, Illinois                  Brian Higgins, New York\nBen Quayle, Arizona                  Kathleen C. Hochul, New York\nScott Rigell, Virginia               Janice Hahn, California\nBilly Long, Missouri                 Bennie G. Thompson, Mississippi \nJeff Duncan, South Carolina              (Ex Officio)\nPeter T. King, New York (Ex \n    Officio)\n                    Kevin Gundersen, Staff Director\n                    Alan Carroll, Subcommittee Clerk\n               Hope Goins, Minority Subcommittee Director\n\n\n\n                            C O N T E N T S\n\n                              ----------                              \n                                                                   Page\n\n                               Statements\n\nThe Honorable Patrick Meehan, a Representative in Congress From \n  the State of Pennsylvania, and Chairman, Subcommittee on \n  Counterterrorism and Intelligence..............................     1\nThe Honorable Jackie Speier, a Representative in Congress From \n  the State of California, and Ranking Member, Subcommittee on \n  Counterterrorism and Intelligence..............................     3\n\n                               Witnesses\n\nMr. David Heyman, Assistant Secretary for Policy, U.S. Department \n  of Homeland Security:\n  Oral Statement.................................................     4\n  Joint Prepared Statement.......................................     7\nMs. Mary Ellen Callahan, Chief Privacy Officer, The Privacy \n  Office, U.S. Department of Homeland Security:\n  Oral Statement.................................................    12\n  Joint Prepared Statement.......................................     7\nMr. Thomas Bush, Executive Director of Automation and Targeting \n  Office of Intelligence and Investigative Liaison, Customs and \n  Border Protection:\n  Oral Statement.................................................    14\n  Joint Prepared Statement.......................................     7\n\n\n   INTELLIGENCE SHARING AND TERRORIST TRAVEL: HOW DHS ADDRESSES THE \n  MISSION OF PROVIDING SECURITY, FACILITATING COMMERCE AND PROTECTING \n         PRIVACY FOR PASSENGERS ENGAGED IN INTERNATIONAL TRAVEL\n\n                              ----------                              \n\n\n                       Wednesday, October 5, 2011\n\n             U.S. House of Representatives,\n                    Committee on Homeland Security,\n         Subcommittee on Counterterrorism and Intelligence,\n                                                    Washington, DC.\n    The subcommittee met, pursuant to call, at 10:02 a.m., in \nRoom 311, Cannon House Office Building, Hon. Patrick Meehan \n[Chairman of the subcommittee] presiding.\n    Present: Representatives Meehan, Long, Speier, Hochul, and \nHahn.\n    Also present: Representative Jackson Lee.\n    Mr. Meehan. The Committee on Homeland Security, \nSubcommittee on Counterterrorism and Intelligence will come to \norder.\n    The subcommittee is meeting today to hear testimony \nregarding how the Department of Homeland Security addresses the \nmission of providing security, facilitating commerce, and \nprotecting the privacy of passengers engaged in international \ntravel.\n    I would like to welcome everyone to today's subcommittee on \ncounterterrorism and intelligence hearing. I look forward to \nhearing from today's witnesses on the value and efficacy of the \nPassenger Name Record program in our on-going mission to \nprevent terrorists and other dangerous criminals from entering \nthe United States.\n    I further look forward hearing and learning about the \nstatus of on-going negotiations with our partners in the \nEuropean Union with regard to the 2007--I am going to refer to \nthis from this point forward as PNR, the Passenger Name Record, \nso we don't have to continue to do it, but the 2007 PNR record \nas well as the privacy concerns that David raised.\n    But before I begin, I think especially on a committee like \nthis it is so appropriate to take a moment to recognize the \ntremendous victory that was achieved by our U.S. military \nintelligence communities in locating and killing Anwar Al-\nAwlaki last Friday.\n    Awlaki was one of the worst perpetrators of terrorism and \none of the United States' most real enemies. He was involved in \nmultiple attacks against the U.S. homeland including the Fort \nDix six plot, which occurred in my backyard; the Fort Hood \nattack; the Christmas day 2009 attack over Detroit; and the UPS \ncargo bomb which again landed in my airport. Or the airport in \nmy district, it is not my airport.\n    The world is a safer place now that Awlaki is no longer a \npart of it.\n    The achievement is a great testament to the U.S. \nintelligence capabilities. It will send a clear message to \nthose who seek to harm us that you won't hide, and you won't \nescape justice.\n    Now today's hearing is aimed at educating our Members, and \nI think many at-large, about the ways in which the Department \nof Homeland Security collects, protects, and uses personal \ninformation on travelers attempting to come into the United \nStates.\n    Given the transnational nature of terrorism, and a desire \nof terrorist operatives to enter the United States from abroad, \nit is crucial that we act in partnership with other nationals \naround the world. We push it out a little bit further and make \nsure our skies and our ports are safe and secure from wrongful \nentry.\n    In 2007 the United States and the European Union entered \ninto an agreement to share with one another intelligence that \nwould help all parties identify potentially dangerous \nindividuals before they set foot on an aircraft, thus helping \nto disrupt the effort of terrorists and organized crime rings.\n    Since 2007, the programs resulting from this agreement have \nproven to be an indispensible component in our strategy to \nthwart terrorists. In fact, in 2008 and 2009, PNR helped the \nUnited States identify individuals with potential ties to \nterrorism in more than 3,000 cases.\n    Among these was the Mumbai attack plotter, David Headley, \nwho was arrested in Chicago after U.S. authorities accessed his \nPNR data from a flight he had booked from the United States to \nGermany. Headley since pled guilty to a separate plot to murder \njournalists from a Danish newspaper.\n    PNR data also identified Faisal Shahzad, the perpetrator of \nthe failed Times Square bombing in May 2010, who was caught \nwith the help of PNR as he attempted to escape the United \nStates at JFK Airport.\n    In 2010, approximately one-quarter of those individuals \ndenied entry into the United States for having ties with \nterrorism, were initially tied through PNR data.\n    Now in 2009, the European Union member states adopted the \nTreaty of Lisbon, and that gave greater power to the European \nParliament. Thereafter, this parliament sought, under its new \nauthority, to reject this E.U.-U.S. PNR agreement because the \nUnited States had negotiated bilateral memorandums of \nunderstanding rather than establish uniform rules with the \nEuropean Union as a representative body.\n    In addition, some members of the E.U. Parliament have begun \nto criticize the agreement for not providing stricter privacy \nprotections--and I hope that you will go in to the privacy \nprotections that we have--even though no violation of privacy \nrates, or breach of security, had been reported. I hope you \nwill develop that point as well.\n    The United States has been absolutely vigilant in assuring \nthat individual privacy rights under both the U.S. and European \nlaw were respected.\n    As many know, last month Attorney General Eric Holder \ntraveled to Brussels to discuss with European lawmakers the \ncollaborative efforts between the United States and the \nEuropean Union to address mutual security concerns. Holder \ntestified before the parliament's committee on civil liberties \nto attempt to assuage their fears.\n    He argued that the debate over data protection is a purely \nacademic one. Despite differences between the U.S. and European \nlegal structures, both protect civil liberties effectively.\n    Still, DHS and other components have been involved in on-\ngoing negotiations with the European Union to amend the PNR \nagreement, and it has been on-going since 2009.\n    We have been through four rounds of such discussions. In \nfact they continue on these terms which were supposed to remain \nin effect until 2014.\n    Our main concern in Congress, and part of the reason we are \nholding this hearing today, is to ensure that negotiations with \nthe United Nations and European Union do not impact the \neffectiveness of this agreement. The PNR programs have been \ninvaluable tool in our gathering of actionable intelligence \nover the course of the 4 years. It is a tool we cannot do \nwithout.\n    The United States was built upon principles of freedom and \ncivil liberty. This country has always been a leader among \nnations of upholding the rights of the individual person, and \nit will continue to be. It is for this reason that we must \nmaintain our ability to prevent those who would seek to take \nthose freedoms from us from carrying out their plans.\n    Privacy is a right, but so is security. One relies on the \nother.\n    I look forward to hearing from today's distinguished \nwitnesses and on these matters.\n    Now, the Chairman recognizes the Ranking Minority Member of \nthe subcommittee, the gentlewoman from California, Ms. Speier, \nfor any statements she may have.\n    Ms. Speier. Mr. Chairman, thank you for holding today's \nhearing and having us focus on the PNR issue.\n    I would like to associate myself with the comments you made \nabout the successful efforts by the President, the military, \nand the CIA in actually putting al-Awlaki to his final demise.\n    I would also like to welcome the witnesses here, and look \nforward to gaining insights into how the Department of Homeland \nSecurity uses the PNR, including how DHS protects travelers' \nprivacy. It has got to be a key component of the utilization of \nthis information.\n    It is, in fact, one of the most powerful tools that we have \nto combat terrorist travel. There is obviously a very important \nbalancing that must go on.\n    As we know, analyzing PNR can highlight high-risk travel \npatterns such as popular routes used by human smugglers and \nterrorist facilitators. This may be the only way to flag \npotentially unknown suspects who aren't on any of the watch \nlists, and who on the surface appear like any other traveler.\n    PNR can be immensely important in terrorism investigations. \nInvestigators can use a terrorist suspect's past travel history \nto identify travel to terrorist-safe havens as well as co-\ntravelers who may be associates, which can help to identify and \ndisrupt the entire terrorism network.\n    PNR has played a key role in many prominent terror \ninvestigations including that of the 2008 Mumbai attack \nplotter, David Headley, and the attempted Times Square bomber, \nFaisal Shahzad.\n    But we almost missed Shahzad when he attempted to leave the \ncountry. So the question that we must ask is: What enhancements \nto the system have been put in place to address the \nvulnerabilities exposed by that near miss?\n    Effectively combating terrorist travel hinges on the timely \nsharing of information which requires working with the airline \ncompanies to get the PNR data quickly and efficiently. Have \nthese increased demands for timely information placed an undue \nburden on the airline companies or to the traveling public is a \nquestion that must be answered.\n    Equally important to our cooperation with the airlines is \nour relationship with our foreign partners. How can we maintain \nlasting and mutually-beneficial agreements with our foreign \npartners to ensure the timely sharing of PNR data continues?\n    One such agreement that has been the subject of public \nscrutiny and some controversy is the one we share with the \nEuropean Union.\n    Many European airports serve as the last point of departure \nto the United States for many high-risk areas of origin \nincluding the Middle East, Africa, and South Asia. So it is of \nthe utmost importance that we maintain the robust sharing of \ninformation on travelers flying from Europe to the United \nStates.\n    ``How will proposed changes to the agreement affect our \nscreening operations?'' is yet another question we must ask.\n    Many people, including privacy advocates both here and \nabroad, have expressed concern about the privacy implications \nthat come with obtaining customers' data from the airlines for \ncounterterrorism purposes.\n    Although independent reviews of the PNR information-sharing \nprogram have determined that the usage of PNR data by DHS has \nnever unlawfully violated travelers' privacy, we must be \nmindful of these privacy concerns and ensure that DHS continues \nto uphold stringent privacy restrictions.\n    The traveling public has the right to a reasonable degree \nof privacy, and they have the right to be concerned. I think we \nneed to do a better job of explaining to the public the \nparameters of the U.S. Government's usage of PNR data--why we \nneed it, for how long, and how is it applied.\n    I am eager to learn more about the protections in place. \nHow exactly do we ensure that a traveler's personal information \nis protected? How might further future modifications to the \nagreement impact privacy?\n    So I hope today that we can positively contribute to that \ndiscussion and clear up some misconceptions about how and why \nthe Government uses PNR data.\n    I am also looking forward to learning more about how far \nDHS has come since 9/11 to effectively analyze data sources \nsuch as PNR to identify and mitigate potential threats.\n    With the system CBP and DHS has at its disposal now, could \nwe avoid past failures such as the Christmas day attack?\n    How important is PNR data to these efforts, and what \nchallenges remain?\n    With that, Mr. Chairman, I yield back.\n    Mr. Meehan. Thank you, Ms. Speier.\n    I want to have the other Members of the committee be \nreminded that any statements that they would like to make can \nbe submitted for the record.\n    We are pleased to have a distinguished panel of witnesses \nbefore us today on this important topic.\n    Let me first turn to Mr. David Heyman.\n    He is the assistant secretary for policy at the Department \nof Homeland Security. Mr. Heyman is an expert on terrorism, \ncritical infrastructure protection, bioterrorism, and risk-\nbased security.\n    Previously, Mr. Heyman has served as a senior fellow and \ndirector of the CSIS Homeland Security Program where he led the \nresearch and program activities for that section.\n    Additionally, Mr. Heyman has held a number of Government \npositions, including as a senior adviser to the U.S. Secretary \nof Energy and at the White House Office of Science and \nTechnology policy on National security and international \naffairs.\n    Mr. Heyman has testified before several committees in \nCongress and authored numerous publications, and appeared in \nvarious media outlets.\n    I now recognize Secretary Heyman for his testimony, and ask \nthat you do your best to stay within the 5-minute parameters.\n    Thank you, Mr. Heyman.\n\nSTATEMENT OF DAVID HEYMAN, ASSISTANT SECRETARY FOR POLICY, U.S. \n                DEPARTMENT OF HOMELAND SECURITY\n\n    Mr. Heyman. Thank you, Mr. Chairman, good morning Ranking \nMember Speier and distinguished Members of the subcommittee.\n    We very much appreciate the opportunity to appear before \nyou today to discuss how the Department of Homeland Security's \nprescreening of passengers, and in particular the use of PNR \ndata, plays an important role in our Nation's work to prevent \nand counter terrorist and criminal threats to the homeland.\n    Preventing terrorists from traveling to or remaining \nundetected in the United States remains a top priority of the \nDepartment, and I commend this committee for holding this \nhearing and for your support on the on-going efforts to \nrenegotiate our agreement with Europe on the exchange of PNR \ndata.\n    Ten years ago screening passengers coming to the United \nStates was limited to the Department of State's visa process \nand the inspection of a person by an immigration officer at the \nport of entry, plus whatever processes were applied at foreign \nairports and by foreign governments.\n    If you were a terrorist seeking to come to the United \nStates you would for all intents and purposes apply for a visa, \npurchase a ticket, and board an aircraft to America.\n    There would most likely not have been checks to see if you \nwere a known or suspected terrorist, no checks to see if you \nmay be a risk to security based upon behavior, no checking to \nsee if you were traveling on a lost or stolen passport, no \nscreening of you or your luggage for explosives, little to no \nsecurity on-board the aircraft, and no checking to see if you \nare even admissible to the United States.\n    That has obviously all changed in the last 10 years.\n    Back then provision of advance passenger information was \nvoluntary, and even when provided by air carriers frequently \ncontain inaccurate and inconsistent data. There was no \nbiometric collection of visa applicants beyond photographs, nor \nfor aliens seeking admission to the United States. There was \nvery limited pre-departure screening of passengers seeking to \nfly to the United States.\n    Today, a decade later, in response to both 9/11 and \nevolving threats and with the help and support of Congress, we \nhave significantly adapted and enhanced our ability to detect \nand interdict travel threats at the earliest opportunity. PNR \nplays a central role in all of this.\n    The term PNR refers to the data an airline receives from a \ntraveler to book and manage travel plans, and may include the \ntraveler's itinerary, payment method, and contact information.\n    Just as fingerprinting was first used and became an \nimportant tool in criminal investigations in the beginning of \nthe 20th Century, so too at the start of the 21st Century has \nPNR analysis become a vital tool for helping to identify \nterrorists and criminals.\n    DHS analyzes PNR provided by the airlines to help identify, \ndetect, and thwart terrorists and criminals attempting to blend \ninto the traveling public, and before they commit criminal acts \nagainst innocent peoples.\n    Our analysis of PNR data helps the U.S. Government to \nidentify--as the Chairman has noted--over 1,700 unique \nsuspicious activities or suspicious cases every year, and it \nhas been vital in almost every high-profile terrorist \ninvestigation since 9/11.\n    PNR data analysis has been proven to be a critical tool in \nidentifying nearly every human smuggling case involving air \ntravel.\n    My colleague, Tom Bush, executive director for targeting \nand analysis for our customs and border patrol, will elaborate \non the use and protection of PNR data international targeting \nprograms this morning.\n    In addition to the Department's PNR system being \noperationally effective, we also can be proud of our \noutstanding record of data privacy protection over the past \ndecade. To ensure the protection of privacy and civil \nliberties, DHS use of PNR data is subject to oversight for \nmultiple independent bodies including the Department's chief \nprivacy officer, the DHS inspector general, the GAO, and as \nwell as the United States Congress.\n    In addition, periodic joint reviews with E.U. officials \nhave confirmed the value of PNR data in protecting the \ntraveling public. These reviews have confirmed our adherence to \nthe highest data protection and privacy standards.\n    My colleague, Mary Ellen Callahan, the Department's chief \nprivacy officer, is here to elaborate further on our protection \nand privacy programs.\n    Let me close by saying, over the past decade the use of PNR \nhas evolved into a critical tool for ensuring the security of \nthe traveling public, but also for identifying and prosecuting \nterrorists and criminals.\n    The Department has accomplished all this while also \ndemonstrating its firm commitment to protecting the privacy of \ntravelers. Of literally billions of passengers traveling to and \nfrom the United States over the past decade, there has not been \na single breach of use of PNR and violation of established \nprivacy protections.\n    In fact, the PNR system we have put in place has become a \nmodel internationally for other countries seeking to implement \nsimilar programs of which there is nearly a dozen now. We are \nseeing more and more countries seeking to establish their own \nPNR systems, including the European Union who we are in \nnegotiations with right now.\n    So let me again, thank the committee for this opportunity \nto discuss this matter, and to helping us ensure the commitment \nis maintained to achieve a security with the traveling public \nin exchange of data to accomplish that.\n    I look forward to your questions. Thank you.\n    [The joint prepared statement of Mr. Heyman, Ms. Callahan, \nand Mr. Bush follows:]\n  Joint Prepared Statement of David Heyman, Mary Ellen Callahan, and \n                              Thomas Bush\n                            October 5, 2011\n                              introduction\n    Chairman Meehan, Ranking Member Speier, and distinguished Members \nof the subcommittee, thank you for the opportunity to appear before you \ntoday to discuss how the Department of Homeland Security (DHS) works to \nprevent individuals that may pose a risk to our National security from \nentering the country--all while facilitating legitimate travel and \ncommerce and protecting the privacy of individuals engaged in \ninternational travel.\n    Specifically, I want to highlight the Department's pre-screening of \npassengers, and in particular, the use of Passenger Name Record (PNR) \ndata in our work to prevent and counter terrorist and criminal threats \nto the Homeland. PNR data and analysis play a unique role in enabling \nthe U.S. Government to identify both known and unknown threats. Recent \ncases underscore the vital benefit of PNR and reflect its value today--\na value that has grown in recent years as the Department has improved \nand expanded its data matching and processes. We have been able to \nadvance the development, implementation, and use of this tool, while \nalso protecting travelers' data and privacy.\n    Other countries, recognizing the utility of PNR, have expressed \ninterest in developing their own PNR systems for screening travelers. \nOur on-going negotiation with the European Union over how PNR from \nflights with ties to the European Union is handled by DHS is one \nmanifestation of our ability to advance security, data protection, and \nprivacy together. I commend the subcommittee for holding this important \nhearing on this topic.\nMultiple Layers of Defense\n    Since 9/11, we have learned that the exercise of immigration and \nborder security authorities can be powerful resources used to identify \nand thwart terrorist operations at the earliest opportunity. We have \nsignificantly adapted and enhanced our ability to detect and interdict \nthreats at the earliest opportunity by instituting a layered aviation \nand border security architecture, incorporating both seen and unseen \nassets.\n    Accordingly, we have strengthened our security and screening at \npoints:\n  <bullet> During the travel planning phase, when a traveler seeks a \n        visa or authorization to travel;\n  <bullet> Just prior to travel, when a person seeks to board an \n        aircraft at a point of departure; and\n  <bullet> During travel, when a person seeks to enter the United \n        States.\n    PNR is one of five automated systems that assist the Department in \nidentifying travelers likely to pose a risk. The five reinforcing \nsystems are: PNR; the visa application process (conducted by the \nDepartment of State and supported by DHS); the Electronic System for \nTravel Authorization (ESTA) for travel under the Visa Waiver Program; \nthe Advance Passenger Information System (APIS), and; Secure Flight. \nThese are the systems DHS uses to begin conducting screening before an \naircraft's departure and function in conjunction with physical security \nprocedures such as checkpoint screening.\n                       passenger name record--pnr\n    The term PNR refers to the data an airline receives from a traveler \nto book and manage travel plans, and may include the traveler's \nitinerary, payment method, and contact information. In light of the \nlessons learned from 9/11 about identifying and preventing terrorists \ntraveling into and out of the United States, Congress mandated that \ncarriers make PNR data available to the U.S. Government in the Aviation \nand Transportation Security Act of 2001 (ATSA, Pub. L. 107-71). \nPresently, all carriers flying to and from the United States provide \nDHS with PNR pursuant to ATSA and DHS implementing regulations. DHS \nanalyzes PNR provided by the airlines to identify terrorists and \ncriminals attempting to blend into the traveling public before \ncommitting criminal acts against innocent people. Our analysis of PNR \ndata, reinforced through cooperation with Federal partners, has helped \nto identify approximately 1,750 unique suspicious cases every year, and \nhas been vital in many of the United States' most well-known terrorism \ninvestigations since 9/11.\n    To ensure the protection of privacy and civil liberties, DHS' use \nof PNR data is subject to oversight from multiple independent bodies, \nincluding the Department's Chief Privacy Officer, the DHS Inspector \nGeneral, and the Government Accountability Office, as well as the U.S. \nCongress. In addition, periodic joint reviews with E.U. officials have \nconfirmed the value of PNR data and our adherence to the highest data \nprotection and privacy standards. The findings of these joint reviews \nare available on-line on the DHS and E.U. websites. Over the last \ndecade, the Department has demonstrated its firm commitment to \nprotecting the privacy of travelers. Of the literally billions of \npassengers traveling to and from the United States during the past 10 \nyears, there has not been a single data breach or privacy violation of \nthe PNR data.\n               continued threat/risk of terrorist travel\n    This year witnessed the deaths of both Osama bin Laden and Anwar \nal-Awlaki, as well as the 10-year anniversary of the deadly terrorist \nattacks of 9/11. As we reflect on the past decade, it is important to \nremain cognizant of the continued, evolving threat of terrorism to the \ntraveling public. Since 9/11, the threat has changed to include not \nonly large-scale attacks but also smaller operations with potentially \ncatastrophic effects, including the continued targeting of the aviation \nsector. One of the most important responsibilities of government is the \nprotection of its citizens, a duty this Department well recognizes and \ntakes seriously. Passengers have a right to privacy and protection of \ntheir civil liberties and personal information, but also have a right \nto know that their government is doing everything it can to ensure \ntheir safety and security when they board an airplane. It is necessary, \ntherefore, to ensure the continued use of proven and effective security \nmeasures. PNR is a proven asset in the fight against terrorism and \nother transnational crimes.\n           evolution of u.s. prescreening efforts since 9/11\n    Ten years ago, screening of passengers coming to the United States \nwas limited to the Department of State visa process, if applicable; the \ninspection of a person by an immigration officer at the port of entry; \nand any processes applied at foreign airports by foreign governments. \nProvision of advance passenger information was voluntary. There was \nvery limited pre-departure screening of passengers seeking to fly to \nthe United States, and there was virtually no screening of any kind for \ndomestic flights beyond airport checkpoints.\n    Today, in response to both 9/11 and evolving threats, and with the \nhelp and support of Congress, DHS has significantly adapted and \nenhanced its ability to detect and interdict threats at the earliest \nopportunity, including through the access to and analysis of PNR data \nas mandated by Congress. PNR data are analyzed in conjunction with \nother screening tools such as visa applications, the Advance Passenger \nInformation System, and the Electronic System for Travel Authorization \n(ESTA). DHS analysis of PNR data is an indispensable layer in a \ncomprehensive approach to security. Each tool plays a unique role in \nthe screening process. ESTA and the visa issuance process (depending on \nthe country and traveler) allow us to prevent a known criminal or \nterrorist from preparing to travel. Secure Flight and APIS help DHS \ndecide how the carriers and CBP officers, respectively, should handle \ntravelers as they prepare to board. PNR data further enable this \ndecision with additional and earlier information. APIS and PNR then \nhelp DHS decide who warrants a secondary examination upon arrival. In \nall cases, trained DHS personnel review and analyze the results of \nthese automated systems.\n    As the 9/11 Commission pointed out, targeting terrorist travel is \none of the most powerful weapons this country has to counter terrorist \noperations. Terrorists travel in order to: Identify and engage in \nsurveillance of potential targets; plan attacks; receive training on \ntactics and operations; collect and transfer funds and documents; and \ncommunicate with other operatives. Every step along this pathway \npresents a vulnerability for would-be attackers, who must come out of \nthe shadows and interact with the traveling public, the travel \nindustry, and immigration and border security officials. At some point \nalong the travel pathway, for example, many terrorists cross \ninternational borders--a step that often necessitates submitting \nadvance passenger information, using a passport, and undergoing \nscreening by immigration and border officials while at ports of entry.\n                the role of pnr data within that system\n    PNR data analysis can help identify individuals up to 72 hours \nprior to departure, including watch-listed individuals, non-watch-\nlisted co-travelers, and terrorists or criminals adopting known illicit \ntravel patterns. DHS is able to link previously unknown terrorists and \ncriminals to known terrorists or criminals by matching contact \ninformation, flight patterns, and other data. After this analysis is \ncomplete, DHS works with foreign and industry partners to interdict \nillicit travelers prior to boarding or prioritizes resources for their \ninspection at U.S. ports of entry. PNR data collection and analysis \nalso support terrorist and criminal investigations, including the three \nmost prominent U.S. terrorist investigations in 2009 and 2010. Further, \nPNR served as a critical tool in supporting United States Government \nefforts to investigate 9/11 threats over the tenth anniversary weekend.\n    The retention of PNR data after a flight allows DHS to unravel more \ncomplex plots by looking at travel practices over time. Data that does \nnot appear to be relevant at the time of travel can be critically \nimportant when tied to a specific case later. Remember that the 9/11 \nplot was originally conceived in the early 1990s; an attempt on the \nWorld Trade Center occurred in 1993, and the actual 9/11 plot planning \nand execution began in earnest in 1996. This included numerous dry runs \nand practice flights, as well as travel for recruitment and planning. \nRetained travel data was important in securing convictions by the \nDepartment of Justice in a number of recent counter-terrorism cases, \nincluding the conviction of Mumbai plotter David Headley.\nIdentifying Unknowns\n    Following 9/11, the United States Government collected intelligence \non al-Qaeda and its affiliate networks and established the FBI's \nconsolidated Terrorist Screening Database (TSDB) of known or suspected \nterrorists. Today, we check travelers to the United States against the \nTSDB, no matter what mode of transportation they plan to use to come to \nthe United States.\n    As DHS has seen in recent cases, however, intelligence and law \nenforcement agencies may have limited or no derogatory information \nabout individuals who pose a real risk to the United States. In fact, \nwe know that some terrorist groups are deliberately looking to recruit \nindividuals who are specifically unknown and can remain undetected by \nheightened security measures. Fortunately, PNR data analysis, \nparticularly of historic records, allows us to help identify \nindividuals who may be unknown to us as terrorists or criminals, but \nexhibit a pattern of behavior that is consistent with known or \nsuspected terrorist or transnational criminal behavior. For example, a \nfew years ago, two organized crime syndicates in Latin America devised \na simple and effective way to smuggle kidnapped children into the \nUnited States for sale. They would pay women to fly to the United \nStates with their own children's legitimate passports but with \nkidnapped babies. The women would then return alone. By looking for \nsuch a pattern in PNR records over a number of years DHS arrested 11 \nsmugglers, removed 10 criminals and identified 37 victims. The same \ntechnique of analyzing travel patterns has proven effective against a \nmyriad of crimes and terrorism.\n    At the same time, DHS realizes that sometimes innocent travelers \nmay adopt what may appear to be suspicious patterns. As a result, DHS \nhas established automated procedures so if a traveler is repeatedly \nflagged for further inspection and found not to pose a risk, DHS will \nautomatically ``de-flag'' the traveler in the future. Further, all \npattern-based rules are evaluated quarterly by the DHS Chief Privacy \nand Civil Liberties Officers for effectiveness and appropriateness. A \nCustoms and Border Protection (CBP) officer, however, may still \ndetermine that a closer inspection is warranted, depending on the \nindividual circumstances and travel.\nEarly Identification--Activation of IAP Teams\n    CBP stations Immigration Advisory Program (IAP) officers at certain \nforeign airports to work with airlines and foreign officials to \nidentify high-risk and improperly documented travelers before they \nboard aircraft bound for the United States. At the invitation of \nforeign partners, IAP officers make ``no-board'' recommendations to \nairlines on the basis of passenger data analysis and a review of \nindividual travel documents. To be most effective, several hours before \na flight is scheduled to depart, an IAP officer must know who will \nlikely be on a flight and whether they warrant further exam prior to \ndeparture. Frequently, PNR data analysis is the first information IAP \nofficers receive to assist in making these determinations. CBP's \nNational Targeting Center--Passenger (NTC-P) analyzes PNR data received \nup to 72 hours prior to departure and provides recommendations to the \nIAP officers. NTC-P later validates this analysis with APIS closer to \ndeparture. IAP officers are currently posted at 10 airports in 8 \ncountries, and have recommended, in part based upon PNR data, a total \nof 2,875 no-boards in fiscal year 2011, including 9 No-Fly hits, 74 \nconfirmed Terrorist Screening Database matches, and 109 cases of \nfraudulent document use.\n                     examples of pnr effectiveness\nHeadley, Zazi, Shahzad\n    I would like to take a little time to discuss some of the high-\nprofile cases where PNR data analysis has been instrumental in critical \nNational security investigations and prosecutions. As background, I \nmentioned earlier that analysis of PNR data have proven to be the \ncritical tool for annually identifying around 1,750 suspicious cases. \nPNR data have also aided nearly every high-profile terrorist \ninvestigation, including: David Headley, who pled guilty for his role \nin the 2008 Mumbai terrorist attacks; Najibullah Zazi, who pled guilty \nto plotting to bomb New York City subways; and Faisal Shahzad, who pled \nguilty to attempting to detonate a car bomb in New York's Times Square. \nJust as fingerprinting was first used and became an important tool in \ncriminal investigations in the beginning of the 20th Century, so too at \nthe start of the 21st Century has PNR analysis become a vital tool in \nterrorist and transnational criminal investigations. DHS has also \nrelied on PNR data analysis in nearly every human smuggling case \ninvolving air travel.\n    The case of Faisal Shahzad clearly demonstrates the effectiveness \nof DHS's prescreening programs. Early in this investigation, the \nFederal Bureau of Investigation (FBI) learned of Shahzad's cell phone \nnumber, but had little additional information. Through good interagency \ncooperation, the FBI asked DHS if it had encountered any individual who \nreported this phone number during border crossings. DHS searched its \nPNR database for the phone number, identified Shahzad, and learned \nother information he had provided to DHS. DHS then provided the \nadditional data to the FBI. Later, Shahzad attempted to flee the United \nStates, but DHS's analysis of departing passenger data identified him \nbefore departure and DHS removed him from the aircraft.\n                  strong record of privacy protection\n    DHS provides robust privacy protections and strict safeguards over \nPNR data. Through a combination of law, policy, and oversight, DHS \nensures its compliance with stringent standards of privacy and security \nin the collection and use of PNR data. DHS applies fair information \npractice principles to its collection and use of PNR, including data \nintegrity, data security, purpose specification, auditing and \naccountability, individual access, and redress. Moreover, the \nDepartment is firmly committed to transparency when it comes to \ninforming our partners and the public about its mission, including how \nwe use and safeguard personally identifiable information such as PNR \ndata.\n    By leveraging the Congressionally-mandated authorities of the DHS \nChief Privacy Officer, DHS is working diligently to assure all U.S. and \ninternational travelers that the highest standards are being applied to \nthe protection of their personal information. The Chief Privacy Officer \nhas managed two internal audits of DHS's use of PNR data and \ncoordinated two joint reviews with the European Union since 2004. When \npreparing for the joint review that took place in February 2010, the \nDHS Privacy Office spent approximately 10 weeks of employee time \nanalyzing and assessing DHS collection and use of PNR data and \npublished two public reports related to that assessment. The reports \nfrom these audits are publicly available on the websites of the DHS \nPrivacy Office and the European Union. The DHS Privacy Office found, \nand the European Union acknowledged, that there has not been a single \nincident involving the unauthorized use of PNR data.\n    Individual travelers have many opportunities to learn how DHS \nhandles PNR data. The PNR data rule, System of Records Notice, and \nPrivacy Impact Assessment are all available for public review and \ncomment. In addition, individuals, both U.S. and non-U.S. citizens, \nhave multiple opportunities for access and redress. The U.S. Freedom of \nInformation Act (FOIA) applies equally to U.S. citizens and non-U.S. \ncitizens. Anyone can request his or her PNR data directly from DHS; DHS \nreceives and answers these types of requests routinely. If the traveler \nseeks to change or delete information contained in his/her PNR, he or \nshe can submit a request to DHS and changes deemed appropriate will be \nmade. U.S. and non-U.S. citizens alike also have access to the DHS \nTraveler Redress Inquiry Program (DHS TRIP) to correct or amend \nrecords. More information on these programs can be found at \nwww.dhs.gov/privacy.\n                        u.s.-e.u. pnr agreements\n    Despite this operational and privacy success, last year, the \nEuropean Union sought to re-negotiate our bilateral PNR Agreement to \nobtain further reassurance that data with ties to Europe is being \nhandled properly by the United States. To protect U.S. industry \npartners from unreasonable lawsuits, as well as to reassure our allies, \nDHS has entered into these negotiations.\n    The Agreement currently in force provisionally, negotiated in 2007, \nis not scheduled to sunset until 2014. The Agreement is operationally \nsound, but it is subject to ratification by the European Parliament, \nwhich instead directed the European Commission to renegotiate the \nAgreement. As a matter of good faith and out of respect for our E.U. \npartners and their evolving political structures following enactment of \nthe Lisbon Treaty, Secretary Napolitano subsequently agreed to \nnegotiate a new agreement only if the new text would not degrade the \noperational effectiveness of the 2007 Agreement and would permit \nadditional security enhancements where necessary. We commenced the \nlatest negotiations on December 4, 2010. As such, the United States is \ncurrently in its fourth negotiation over PNR with the European Union in \n9 years--effectively a decade of negotiation.\n    The Department is committed to concluding a new PNR agreement, \nfirst and foremost a security agreement, which upholds vital public \ninterests in both security and privacy. We reached agreement with the \nEuropean Commission for such a text on May 16, 2011. The text is an \nimprovement over the 2007 Agreement, it protects both security and \nprivacy and U.S. and European interests, it provides all relevant \nparties with legal certainty, and it is a reliable framework for an \nenduring deal.\n    U.S. and E.U. negotiators worked to respond to the European \nParliament's criticism of the 2007 Agreement, to improve passenger \nsecurity and to provide air carriers a legally certain operating \nenvironment. To build support for this approach, DHS has met repeatedly \nwith not only the European Commission, which negotiates on behalf of \nthe European Union, but also with key Committees and Members of the \nEuropean Parliament and representatives of individual Member States. \nThe new agreement is clear, detailed, and transparent--in ways that \nsome critics in Europe felt the previous Agreement was not. The text of \nthe draft agreement defines key terms such as ``terrorism,'' and \n``transnational crime'' consistently with United States, European \nUnion, and international norms. A data retention period acceptable for \nU.S. security purposes is maintained, with additional safeguards to \nensure privacy and data protection. The new agreement will require \ntravel information to be transmitted to DHS with greater lead time than \nprovided for in the 2007 Agreement, and thus will provide for greater \nanalysis earlier in the passenger travel life-cycle. It also provides \nfor a new method of data transmission (``real-time'' push). By \nrestricting data transmission to the minimum necessary while ensuring \ndata accuracy, the real-time push method of sharing data will enhance \nsecurity and privacy protection at the same time. Lastly, the new \nagreement will expand opportunities for police and judicial cooperation \nbetween the U.S. and E.U. authorities.\n    I want to thank this committee for its interest and support in our \nnegotiations with the European Union. With the conclusion of PNR \nnegotiations with the European Commission and, we hope, forthcoming \nsignature and then support from the European Parliament, the United \nStates and European Union will have made progress in strengthening the \nprevious PNR Agreement from a privacy and security perspective. Success \nwill be the result of 9 months of intense negotiations and build off 9 \nyears of dialogue on how best to facilitate safe transatlantic travel \nand protect individual privacy.\n    By all accounts, the new text is stronger than the 2007 Agreement; \nit addresses all E.U. concerns raised with the U.S. negotiating team, \nwhile also preserving and in some cases improving critical U.S. \noperational interests. We must build on our historic relationship, \nvalues, and interests, as we seek action by the European Commission, \nthe European Council, and the European Parliament to finally conclude \nthis PNR Agreement, which is without a doubt better for enhanced \nsecurity, as well as for improved data and privacy protections.\n                               conclusion\n    Chairman Meehan, Ranking Member Speier, and distinguished Members \nof the subcommittee, we look forward to working with you as we explore \nopportunities to advance our cooperation with our European partners to \ncounter terrorism and transnational crime. Thank you again for this \nopportunity to testify. My colleagues and I are happy to answer your \nquestions.\n\n    Mr. Meehan. Thank you, Mr. Heyman, for your testimony and \nfor your good work and service in your current position.\n    Next, the Chairman would like to recognize Ms. Mary Ellen \nCallahan, who was appointed the chief privacy officer and chief \nfreedom of information officer by DHS Secretary Napolitano in \nMarch 2009.\n    In her role as chief privacy officer, Ms. Callahan is \nresponsible for evaluating Department-wide programs, systems, \ntechnologies, and rulemakings for potential privacy impacts, \nand for providing mitigation strategies to reduce any privacy \nimpact.\n    She and her staff have extensive expertise in privacy laws \nboth domestic and international that help inform privacy policy \ndevelopment both within the Department and in collaboration \nwith the rest of the Federal Government.\n    Prior to joining DHS, Ms. Callahan was a partner with the \nlaw firm of Hogan & Hartson where she specialized in privacy \nand data security law.\n    In 2011, Ms. Callahan received the Federal 100 award which \nrecognizes individuals in Government and industry that make \nsignificant contributions to the Federal I.T. community.\n    I now recognize Ms. Callahan to testify for 5 minutes.\n\n STATEMENT OF MARY ELLEN CALLAHAN, CHIEF PRIVACY OFFICER, THE \n      PRIVACY OFFICE, U.S. DEPARTMENT OF HOMELAND SECURITY\n\n    Ms. Callahan. Thank you very much.\n    Good morning, Chairman Meehan, Ranking Member Speier, and \ndistinguished Members of the subcommittee.\n    My name is Mary Ellen Callahan. I am the chief privacy \nofficer at the Department of Homeland Security.\n    As the Chairman acknowledged in his introduction, I am \nresponsible for evaluating Department-wide programs, systems, \nand technology for potential privacy impacts including the \nDepartment's use of passenger name records--and I will take \nyour cue and call it PNR--through Customs and Border \nProtection's Automated Targeting System. I will also refer to \nthis as ATS.\n    DHS provides privacy protections and strict safeguards over \nPNR data. DHS ensures its compliance with stringent standards \nof privacy and security in the collection of use of PNR.\n    DHS applies fair information practice principles to its \ncollection and use of PNR including data integrity, data \nsecurity, purpose specification, auditing and accountability, \nindividual access, and redress--the principles which I will \ndetail in my testimony this morning.\n    Moreover, the Department is firmly committed to \ntransparency when it comes to informing our partners and the \npublic about its mission, including how we use and safeguard \npersonally identifiable information such as PNR data.\n    My office has managed three internal audits of DHS' use of \nPNR data and coordinated two joint reviews with the European \nUnion since 2004. For example, when preparing for the joint \nreview that took place in February 2010, the DHS privacy office \nspent approximately 10 weeks of employee time analyzing and \nassessing DHS collection and use of PNR data, and published two \nreports totaling 65 pages related to that assessment.\n    My staff conducted multiple interviews, reviewed the PNR \ndata use in sharing audit trails, and SOPs for ATS.\n    We also reviewed the logs in ATS associated with whether \nsensitive data had ever been accessed by DHS. It had never been \naccessed.\n    Through these two joint PNR reviews, the DHS privacy office \nfound, and the European Union acknowledged, that there has not \nbeen a single privacy incident or data breach involving the \nunauthorized use of PNR data.\n    These public compliance reviews conducted by my office \nconfirm the original intent of the data collection, and provide \npublic assurance that the information is being used for the \npurposes for which it had been collected. The pattern-based \nrules that are referred to in our written testimony, that DHS \nemployees are also subject to my review, as well as that of the \nofficer for civil rights and civil liberties, and the Office of \nGeneral Counsel.\n    On a quarterly basis, we review these pattern-based rules, \nthe underlying intelligence that supports the rules, and the \nimpact effectiveness and efficacy of the rules themselves.\n    This periodic oversight and review allows DHS to perform \nits border security task in a privacy-protective way.\n    In addition to my statutory authorities related to privacy \ncompliance, the DHS privacy office is involved in data \ngovernance and information sharing in the Department through \nthe chief information officer and his counsels, departmental \ncompliance with FISMA, I.T. budget review, and the information \nsharing and governance board.\n    This type of integrated, ex-anti and ex-post assessment and \nreview by the DHS privacy office is one of the virtues of the \nsenior position my office has within the Department, with \nvisibility and oversight through the data life-cycles of DHS \nprograms, systems, and technologies.\n    As the committee knows, I have had the pleasure of serving \nas the Department's chief FOIA officer as well. One of the ways \nthe Department supports the privacy fair information practice \nof individual participation is to provide travelers with \nmultiple opportunities for access and redress.\n    FOIA applies equally to U.S. citizens and non-U.S. \ncitizens. Anyone can request their PNR directly from DHS. DHS \nreceives and answers these types of requests routinely. Based \non a recommendation by the European Commission in the 2010 \nreview, we now track that number discretely.\n    Since April 2011, DHS has received approximately 220,000 \nFOIA requests from around the world. In that same time period, \nwe have received 69 FOIA requests from travelers seeking their \nPNR records.\n    If a traveler seeks to change or delete information \ncontained in his or her PNR, they can submit a request to DHS \nand changes deemed appropriate will be made. The administrative \nappeals through my office are also available.\n    This existing opportunity was strengthened through the \nDepartment record amendment policy that was released earlier \nthis year.\n    Furthermore, U.S. citizens and non-U.S. citizens alike have \naccess to the DHS traveler redress inquiry program to resolve \ntravel-related inquiries such as the use of PNR.\n    In sum, the DHS' collection and use of PNR, and my office's \ninvolvement throughout the PNR life-cycle, demonstrates the \nDepartment's commitment to embedding privacy principles within \nthe Department's operations.\n    I look forward to your questions, sir.\n    Mr. Meehan. Thank you, Ms. Callahan.\n    Last, let me turn to Mr. Thomas Bush, the executive \ndirector of automation and targeting for the Customs and Border \nProtection Office of Intelligence and Investigative Liaison.\n    Mr. Bush and his staff are responsible for assessing and \nreporting the threats that the United States Customs and Border \nPatrol faces through research, evaluation, and dissemination of \ntrend analysis, intelligence alerts, and assessments.\n    Mr. Bush began his career as a program analyst for the \nDepartment of Defense strategic defense initiative and entered \nthe United States customs service in 1994.\n    In 2006 Mr. Bush joined the Office of Antiterrorism where \nhe acted as executive director prior to the establishment of \nthe Office of Intelligence and Operations Coordination in 2007.\n    His numerous honors include the 1998 Commissioner's Unit \nCitation Award and the 2003 Commissioner's Annual Award for \nInnovation, and the 2008 Secretary's Award for Excellence.\n    I now recognize Mr. Bush to testify for 5 minutes.\n    Mr. Bush.\n\nSTATEMENT OF THOMAS BUSH, EXECUTIVE DIRECTOR OF AUTOMATION AND \n  TARGETING OFFICE OF INTELLIGENCE AND INVESTIGATIVE LIAISON, \n                 CUSTOMS AND BORDER PROTECTION\n\n    Mr. Bush. Good morning Chairman Meehan, Ranking Member \nSpeier, distinguished Members of the subcommittee. Thank you \nfor this opportunity to provide background on PNR today.\n    PNR is the data that an airline receives from travelers to \nbook and manage their reservations. This can include the \ntraveler's itinerary, payment method, and contact information.\n    It is one of our most important tools in the on-going fight \nagainst terrorism, as well as narcotics smuggling, human \ntrafficking, and other transnational crime.\n    I will address how we get this data, how we use it, and how \nit has helped us in the past.\n    CBPs predecessors, the U.S. Customs Service and the \nImmigration and Naturalization Service, began receiving PNR \ndata from commercial airlines on a voluntary basis in the early \n1990s. The carriers recognize that working closely with U.S. \nlaw enforcement to intercept high-risk travelers would in turn \nyield benefit for enhanced security on their flights.\n    Shortly after September 11, 2001, Congress began mandating \nthat the airlines provide PNR to U.S. Customs Service, now CBP. \nSince then, CBP has had electronic access to the PNR data of \nevery airline with an electronic reservation system operating \ninternational flights to and from the United States.\n    I would also like to add that CBP works closely with our \npartners in the Department of Homeland Security's oversight \noffices, the chief privacy officer, and the civil rights and \ncivil liberties officer to ensure transparency in how we use \nPNR at CBP.\n    We also have established clear guidelines for our officers \nand what they can and cannot do with the data. Not every \nemployee in CBP needs to have access to PNR, but those that do \nrespect PNR as a powerful tool in their decision-making \nprocess.\n    CBP maintains PNR in our automated targeting system or ATS. \nThe system parses the data into discrete elements, analyzing it \nin conjunction with other DHS traveler holdings. This allows \nCBP officers and analysts to use a variety of information, to \nidentify those travelers posing the highest risk before they \nboard airplanes overseas.\n    CBP officers and analysts use PNR in conjunction with other \ndata and law enforcement intelligence information to establish \nrisk-based scenarios for the interception of previously unknown \nhigh-risk subjects--in other words, those not on the watch \nlist. These scenarios, or pattern-based rules, allow officers \nto make faster and better-informed decisions about which \ntravelers to interview and secondary examination.\n    PNR data is also useful to trend analysis. It is unique and \nit allows CBP to see a traveler's full itinerary and contact \ninformation such as phone numbers and e-mail address. This can \nbe very powerful in establishing connections with other \ntravelers who may arrive from different locations or different \ntimes, and who may appear to be otherwise unconnected.\n    I will cover a few of our success stories.\n    One important example of it is the case of Najibullah Zazi. \nYou may recall Zazi as the al-Qaeda-trained operative who \nplanned to explode improvised explosive devices in New York \nCity's subway system.\n    Using PNR data, DHS and CBP worked closely with the FBI to \ncross-check the names of his co-travelers against open \ncounterterrorism cases inside the United States, and determined \nhis co-travelers were being trained during the same trips to \nPakistan in the same training camps.\n    Zazi was arrested on September 19, 2009 and the information \nfrom his PNR records were used in his questioning and his \nindictment. Zazi pled guilty in February 2010.\n    Another example of CBP's ability to fully leverage PNR \nholdings--specifically about those we have very little \ninformation or those we call the unknowns.\n    Law enforcement intelligence information implicated a \nspecific person in the plotting of the 2008 Mumbai attacks as \nwell as the possible attacks against a Danish newspaper office. \nStarting with the very common first name, David, a partial \ntravel itinerary, and a very vague travel time frame, CBP was \nable to review its PNR data in connection with other DHS \ndatabases.\n    Within 24 hours CBP was able to provide the FBI with the \nperson's full name, address, passport number, travel history, \nand other information useful to law enforcement pursuing him. \nYou may know that person as David Headley who pled guilty in \nMarch 2010.\n    A third example of how CBP's use of PNR and has been \nsuccessful also demonstrates when we receive the data.\n    In the case of Faisal Shahzad, who attempted to use the car \nbomb in Times Square in May 2010, CBP used PNR in the first \nplace to target him on his flight returning from Pakistan. It \nwas also used to intercept him when he tried to flee the plot \nafter it was unsuccessful.\n    After a stay in Pakistan, in which was later determined \nShahzad underwent terrorist training, Shahzad arrived in the \nUnited States and was flagged for screening based on \ninformation in his PNR. CBP conducted an examination and \nreleased him after finding no reason to further detain him.\n    After the failed attack, the FBI, in coordination with DHS, \nlearned of Shahzad's identity from a phone number in his \nattempt to purchase the car that was linked to the PNR data, \nand our reporting on that examination.\n    Based on previous information, CBP created travel lookouts \non Shahzad which enabled us to intercept him before he \nhurriedly booked his PNR in an attempt to leave the United \nStates on a flight out of JFK.\n    Shahzad confessed and was sentenced to life prison in June \n2010.\n    Two other examples that are in human smuggling are cases in \nKorea of sex trade--they also were connected to Sri Lanka. PNR \nwas used for us to target the travel routes and the travel \nagencies used by those perpetrators in November 2009.\n    A separate human smuggling case working with Interpol, we \nwere able to use PNR data to detect payment address information \nand e-mail information that connected to Eastern European human \nsmuggling cases. This was in August 2009.\n    PNR uniquely and solely provides CBP with the ability to \nidentify the true point of origin for travel. Without it CBP \noften mistakes the origin of travel at that last point of \ndeparture to the United States--take an example for Heathrow \nversus an originating travel in Pakistan.\n    PNR also allows CBP to see all the stops along the way.\n    PNR also affords CBP the opportunity to determine \nsuspicious booking and payment methods such as last-minute \nticket purchase, cash tickets, or one-way tickets.\n    Mr. Meehan. Mr. Bush, can I ask you--these are all good \nthings and perhaps these are some of the things you can develop \nfor us in your testimony.\n    Do you have a closing observation for your direct \ntestimony?\n    Mr. Bush. Other than I just noticed I was over. I \napologize.\n    Mr. Meehan. I can see you----\n    Mr. Bush. Part of the excitement.\n    Thank you, sir.\n    Mr. Meehan. It does. It is interesting stuff.\n    Particularly, you are getting a chance to layout your \ntrophy case and I think it is a significant record.\n    I want to thank each of you for your testimony here.\n    First, how inherently important it is because the record \ndemonstrates the things that have been accomplished by virtue \nof the work that has been done with PNR.\n    Second as you have testified here today, each of you in \ndifferent parts there is a lot of work that has gone into \nprotecting the integrity of this information, and the audits \nhave shown that we haven't had violations.\n    With that premise, we really do want to find the balance of \nassuring privacy while protecting the safety of Americans \ntraveling.\n    So, Mr. Heyman, let me start with you because this is the \nkind of a thing that if you aren't close to it and you drill \ndown to it, you know, just the terminology can overwhelm you.\n    Effectively, what kind of information are we using when we \nare engaged with PNR?\n    Isn't it in many ways the kind of information that the \npeople should have an expectation that they are already \ncurrently sharing? It is just using that information in a more \neffective manner than we have in the past.\n    Mr. Heyman. Thank you, Chairman.\n    You are absolutely right. The balancing act that we have \nsought to accomplish, and I think frankly effectively have, is \nthe balance that says passengers have a right to privacy and \nprotection of their civil liberties and personal information.\n    But when they get on the airplane they also have a right to \nknow their Government is doing everything they can to make sure \nthat that flight is going to be safe. We do that through a \nnumber of different things that I have outlined, but included \nand most important, the PNR record.\n    The PNR record is basically the information that you \nprovide an air carrier when you book a travel plan. So it is \nyour seat number. It is your destination. It is your routing.\n    It is perhaps how you purchased the ticket. There are about \n19 types of fields that are included and include personal \ninformation such as your name and----\n    Mr. Meehan. But not inherently private information per se, \nright?\n    Mr. Heyman. Well, I will let my privacy officer speak to \nthe specifics about how privacy is accounted for. But it is \ninformation that you share with the airlines and then they \nshare it with the Government for the purposes of the evaluation \nabout whether an individual presents a risk getting on that \naircraft.\n    We take that responsibility quite seriously. We have data \nprotection for ensuring that only the information of those 19 \nfields are preserved.\n    The specifics about sensitive information that people are \nconcerned about, we do not use that. It is our policy not to \nuse sensitive information----\n    Mr. Meehan. Well, let me drill down to that for a moment \nbecause that is the essence of what we are really talking \nabout, I think.\n    We have demonstrated over a course of period of time the \neffectiveness of PNR and the importance that it plays. You have \nalso been able to create a record in which it has withstood \nscrutiny up to this point in time.\n    So what is really at play here with the European Union now \ncoming back and challenging what has been a program which I am \npresuming has not only worked effectively, but my assumption is \nyou developed more fields of information that its effectiveness \nonly grows?\n    Mr. Heyman. Well, that is a great question.\n    What is at play? There is a lot of play here, some of it \nhaving to do with institutional reform in Europe post-Lisbon \nwhere the parliament now has a responsibility for approving \nagreement.\n    Previously the pathway to an agreement with the United \nStates would be the commission negotiates an agreement and \nmember states sign off on it. Now, the parliament also must \nvote on it. Seven-hundred-plus members of the European \nparliament will vote thumbs up or thumbs down.\n    Parliament for the last decade or so has made past \nresolutions in Europe requesting and urging the commission to \nprovide more for data protection on these types of information-\nsharing agreements.\n    Now that they have an opportunity to vote up or down in \nthis past year, they requested that the commission come back to \nthe United States and seek a renegotiation of the----\n    Mr. Meehan. The point of it is, individually many of these \nmember nations have not only appreciated the significance of \nthe protections afforded to safety, but they have agreed and \nparticipated with you in the zones of information that should \nbe shared. Is that right?\n    Mr. Heyman. In fact, yes. I believe it is 23 or 24 of the \n27 member states ratified the 2007 or re-passed the 2007 \nagreement.\n    Mr. Meehan. Do we share information with them in a return \ncapacity because there are people that fly through airlines \nthat either go through the United States or from the United \nStates to their countries?\n    Mr. Heyman. Yes. We may on a case-by-case basis share \ninformation. At this point the Europeans as a group don't have \na PNR system. They proposed one which may take several years to \nstand up. Some member states--the Brits in particular--have \nbegun to stand up their own PNR system in which case we would \nhave that type of exchange.\n    Mr. Meehan. Well----\n    Mr. Heyman. Protected also--protected with the same data \nprotection and privacy protections that we seek in our own \nagreements.\n    Mr. Meehan. My time has expired for now. But I know that \nthere is an interest in the broad spectrum that all of us \nwill--have to share.\n    So I turn it over to the Ranking Member, Ms. Speier.\n    Ms. Speier. Thank you, Mr. Chairman.\n    So let me follow up on the Chairman's questioning.\n    Does the 2007 agreement stay in place pending the \nnegotiations on the 2011 agreement?\n    Mr. Heyman. Yes, it is provisionally in effect.\n    Ms. Speier. All right. We prefer the 2007 agreement to the \n2011 agreement?\n    Mr. Heyman. Well, let me just give a little background on--\nSecretary Napolitano, when she agreed to renegotiate the \nagreement, agreed with two fundamental principles that we must \nadhere to. The members here are part of the negotiating team \nhere--your witnesses.\n    So No. 1, she directed us that we have to maintain the same \noperational effectiveness as 2007. So there is no degradation \nin existing operational capabilities. The 2007 agreement \nprovides us with exceptional operational capability.\n    No. 2, that a new text must permit additional security \nenhancements where necessary or appropriate, so we have been \ngiven guidelines or direction that we will have no degradation \nand operational----\n    Ms. Speier. Mr. Heyman, excuse me for interrupting.\n    I am trying to get to what the crux of the issue is with \nthe 2011 agreement.\n    Would you say that the expectation of the European Union to \nhave greater privacy protections is what is stalling the \nnegotiations?\n    Mr. Heyman. The Europeans seek--what has stalled--the \nnegotiations have proceeded as directly as we can. We concluded \nwhat we believe is a good text in May this past year.\n    They have a number of institutional hoops that they must go \nthrough. The commission must now get the member states onboard. \nThe member states then pass it, and they have to give it to the \nparliament. There are some institutional things that must get \naccomplished.\n    But as far as we are concerned with perhaps a couple of \nother discussions, we are pretty much satisfied with the text \nas created in May 2011.\n    Ms. Speier. So there are no disputes pending?\n    Mr. Heyman. The Europeans have to go through their own \ninstitutional requirements, and so there is still discussions \ngoing on.\n    Ms. Speier. Okay. Can you just tell me if there is anything \noutstanding?\n    Mr. Heyman. From the European side there are, yes.\n    Ms. Speier. Okay. What are they?\n    Mr. Heyman. The Europeans have a legal opinion that has \nbeen put forward by the commission that says that the May text \nthat was leaked to the public is not proportionate, which is a \nstandard by which data protection and data use must be adhered \nto.\n    So, they are working through that challenge right now. We \nare open to hearing their proposals for how to fix that \nproblem.\n    But it is on the European side.\n    Ms. Speier. What do you mean by proportional?\n    Mr. Heyman. So--why don't you----\n    Ms. Callahan. The proportionality is a concept that is in \nthe European law particularly vis-a-vis the member states to \nthe European Union. It is one that has been incorporated into \nthe data protection or privacy directive of 1995.\n    Proportionality is actually a concept that has multiple \nmeanings within Europe. One meaning is you should only take the \ninformation that you need in order to do your job. So the \nnumber of fields that you collect from the airline, the 19 \nfields that Mr. Heyman spoke about.\n    Another concept of proportionality that we have heard \ndiscussed is that you only collect information from the people \nthat you need to collect the information from. From, for \nexample, the bad guys, from the criminals.\n    Now that of course, as Mr. Bush elaborated on we don't know \nwho all the bad guys are. We have unknown terrorists out there, \nand so that is not necessarily possible.\n    Then there is proportionality in terms of the scope of the \nenforcement and the application.\n    Each time we talk about proportionality, we hear a \ndifferent definition. So the definition in European Union law \nis quite broad, which is why to say that the, ``agreement'' is \nnot proportionate is difficult to pin down in terms of how to--\n--\n    Ms. Speier. Okay.\n    What are the 19 fields? Can someone just rattle those off \nfor us?\n    Ms. Callahan. Mr. Bush.\n    Mr. Bush. I can try to do most of them, ma'am, and get \nyou----\n    Ms. Speier. All right. I have got 30 seconds so----\n    Mr. Bush. Travel itinerary, which covers a few of the 19 \nfields: Name, date of birth, payment information, e-mail \naddress, phone number. If you have associates, co-travelers on \nyour ticket, you are sharing, travel agency, travel agency \naddress.\n    Ms. Callahan. Co-chair.\n    Mr. Bush. Co-chair if it splits. So if United needs to \nshare with another airline as an example. I think that covers--\nbags and seat assignment.\n    Ms. Speier. All right, thank you.\n    Mr. Bush. We can get you the full details.\n    Mr. Meehan. Thank you, Ms. Speier.\n    The Chairman now recognizes the gentlelady from California, \nMs. Hahn.\n    Ms. Hahn. Mr. Chairman and Ranking Member Speier, this has \nbeen a very interesting hearing. Thank you for your testimony.\n    It is certainly--and, you know, I have a statement that I \ncan enter into the record. I won't give it now.\n    But clearly PNR is an important tool that I think we use in \nthis country to clearly, as was stated, to connect the dots. I \nguess the key is making sure we have the right dots, and then \nthe real work begins on connecting those dots.\n    But we have certainly had some pretty impressive success \nstories to tell which I think is important.\n    You know, reading some of the background materials, I think \nthe real problem is parliament. You know, when you read some of \nthe quotes from the members of parliament, they are the ones \nthat look like they could very well veto this or block it.\n    It doesn't seem like there is some real instances of abuse \nthat they can point to after we have collected this \ninformation. But it is just a basic overall belief that data \ncollection has sort of gotten to an extreme, and privacy, just \non that basis, for them it sounds like to be violated.\n    So I think that is going to be the real issue--is their \nparliament.\n    You know, one of the things--you know, my district in \nCalifornia borders Los Angeles International Airport. It also \nborders the Port of Los Angeles.\n    Now, I am wondering--you know, the airport police in many \nof our airports in this country, certainly are sort of a \nseparate law enforcement agency. I am wondering how this \ninformation is communicated to our airport police and vice \nversa--our airport police, agencies across this country in an \ninformation-sharing loop with the Department?\n    The other thing I was certainly wondering, it is always my \nconcern is I think our real vulnerable points of entry into \nthis country are our sea ports.\n    Wondering, does this also include--does the PNR also \ninclude passengers who would be coming into this country \nthrough cruise ships, for instance? Is that an area of concern?\n    Because it is for me, and wondering where we are in really \nlooking at information for those who come into this country on, \nyou know, some major cruise ships certainly from Europe--so \njust kind of two questions.\n    Mr. Heyman. Thank you, Congresswoman.\n    Let me say that first of all in the broader context, also \nto the Ranking Member's question, that we are satisfied with \nthe text as we have negotiated and look forward to the \ncommission advancing that to the council for approval. We look \nforward to the council approving it and giving it to the \nparliament and voting positively on that.\n    In terms of a law enforcement cooperation, we have added \ninto the new text some ability to facilitate greater \ncooperation in law enforcement. But as it pertains to U.S. law \nenforcement, the provisions that would be most important really \napply to our Federal law officials.\n    When somebody gets off an airplane from another country \nthey go through customs and borders. So the information PNR \nrecords are evaluated in advance of arrival, as is other \ninformation so that if there is additional screening that is \nrequired, our customs officials take that into account.\n    Then the third point, on sea ports, we do look at PNR for \npeople coming in to our ports.\n    Ms. Hahn. Is it as extensive as--are we connecting the dots \nas much in that area, do you believe?\n    Mr. Bush. PNR as an industry tool is not as well-developed \nin the sea environment, but we do have the same ability to \nconnect the dots and do run the same pattern-based rules and \nuse the automated targeting system on cruise ships.\n    Ms. Hahn. I just want to go on record to say, again, my \nconcern will always be on this committee as well as Homeland \nSecurity Committee--I mean, on the subcommittee, is that our \nsea ports, I believe are still an extremely vulnerable entry \nway into this country, both with cargo and with passengers.\n    I just want to go on record saying that.\n    Mr. Meehan. Thank you, Ms. Hahn.\n    The Chairman now recognizes the gentlelady from New York, \nMs. Hochul.\n    Ms. Hochul. Thank you, Mr. Chairman, Ranking Member.\n    My district is on the border of Canada. What standards are \nin place with respect to airlines that come in from Europe, \nstop in Toronto and continue to the United States?\n    We have a different set of standards for Canadian and \nMexican-originated flights versus what is considered at the \nEuropean Union or identical standards.\n    You can just enlighten me a little bit on that before I ask \nmy next question.\n    Mr. Heyman. We have the same standards and requirements for \nall of those flights. The secure flight program that the \nDepartment of Homeland Security put in place also requires \ninformation are provided for all the flights.\n    So, if a flight were to go to Canada but not to the United \nStates, we would still be able to do the risk assessment for \nU.S. security.\n    Ms. Hochul. Have any of our other partner nations outside \nthe European Union raised any privacy concerns or any issues or \nis this it?\n    Ms. Callahan. With regard to privacy concerns and the use \nof passenger name records, it has exclusively been a \nconversation with the European Union.\n    Mr. Heyman. Let me elaborate.\n    Actually, there are 250 some-odd last points of departure \nwhere we require, because of Congressional law, passenger name \nrecords to be provided in advance of a flight.\n    Some of those are in Europe, but the bulk of them are \noutside of Europe. The European agreement is the only one that \nwe have for that.\n    Ms. Hochul. If we are not successful in negotiating this \nagreement with the European Union, what is the effect?\n    The 2007 agreement stays in effect until 2014? Is that how \nit is?\n    Okay. So we are not bumping up against a wall just yet. You \nare just having these negotiations at the stage that we are not \nunder the gun. We are not going to have this program suspended \nany time soon, correct?\n    Mr. Heyman. That is correct. The Europeans have said that \nthe agreement is provisionally in effect until negotiations are \nconcluded.\n    Ms. Hochul. I know that some have suggested that we suspend \nthe visa waiver program for European countries if we are unable \nto negotiate, that. Given that about 16 million people come in \nfrom Europe to our country, do you think you could handle that \nadditional workload if that would be the case?\n    Yes. I didn't think so.\n    [Laughter.]\n    Ms. Hochul. What would be the effect?\n    Would that compromise the program we have in place with the \nadditional workload? What is your opinion?\n    Mr. Heyman. Actually, first of all it would be terrific if \nwe were to expand our trade-travel opportunity for people who \ncome to the United States. I think it would be a good \ninvestment in America. So I think it is a positive step in the \nright direction.\n    I don't have the technical specifications in terms of our \ndata analysis capabilities. That is why I was looking over to \nTom.\n    But I suspect first of all this would be ramped up over a \nperiod of time, and so we would in fact be able to match the \nincrease if there was a need.\n    But right now, I think we have the capacity for additional \nexpansions. Is that right?\n    Ms. Hochul. I am very pleased with how this program is \nworking. But how often do you get the situation where you do \nget someone who is innocent or has the same name, who has to go \nthrough additional scrutiny.\n    Are you able to quickly correct those?\n    I know you talked about the people who can file the FOIA \nrequest and they can correct their record. Early stories were \nnot that simple.\n    I mean people from my district, it took a long time to get \nthemselves off the list just because I have a community--the \nYemenites in my community, others were getting more trouble.\n    Again, I am supporting what you do. I don't want to \ncompromise the heart of your program.\n    But I just want to make sure--you said you have made \nprogress in having people removed from that list who have the \nsame name, but have no other reason to be tracking them or \ngiving them additional secondary or additional screening.\n    Ms. Callahan. DHS takes the issue of providing people \nappropriate redress and opportunities. The traveler redress \ninquiry program, I mentioned briefly in my oral statement, has \nreally helped to assist to have a Department-wide process.\n    For example, you may think that you had a problem at the \nborder because it was a passenger name record issue. But indeed \nit was something unrelated, therefore they transitioned it.\n    That has shown great improvement in that we do think that \nis effective in getting innocent people to have appropriate \nredress.\n    Ms. Hochul. Okay. Thank you very much.\n    I yield back the balance of my time, Mr. Chairman.\n    Ms. Speier. Mr. Chairman, I would like to request unanimous \nconsent that the gentlewoman from Texas, the Ranking Member on \nthe subcommittee on transportation security, Congresswoman \nJackson Lee, be allowed to participate in this hearing.\n    Mr. Meehan. Without objection, so ordered.\n    The Chairman now recognizes the gentlelady from Texas, Ms. \nJackson Lee.\n    Ms. Jackson Lee. First order of business is to thank you \nfor your courtesies and to acknowledge the importance of this \nhearing to the Ranking Member and Chairman, and express my \ninterest because of the subcommittee that I have been involved \nin as it relates to this important issue.\n    So, I would like to just--well, first of all welcome the \nwitnesses and ask maybe a question that has already been asked.\n    We know that--though may not be directly related but we \nknow that travel has generated, by a number of culprits, \nincidences that have harmed the homeland, from the shoe bomber \nto the trial that is going on in Detroit as we speak that was a \ntraveler and decided to use methods that we had not confronted \nin the past.\n    So I guess I am going to ask this general question in \nhelping us in transportation security--since we deal with the \ninternational travel as well. Focusing mainly on passenger \ntravel--is the kind of framework that we see going forward in \nthe 21st Century, and the climate that we are in, and where we \nare seeing individual actors--I consider terrorism now a \nfranchise.\n    There is no battalion that shows up at your doorstep, maybe \njust an individual.\n    How do we pierce that?\n    Do we pierce that veil with the human resource intelligence \nor do we need more armor?\n    Do we need more armor and intelligence at the gateway? In \nthis instance, I am talking about planes, though I know that \ntrains are in the eye of the storm too. But is it more of a \nfocus on human resource or human intelligence rather?\n    If I could get that answer from all three of the witnesses, \nplease.\n    Mr. Heyman. Thank you, Congresswoman. That is really one of \nthe most important questions, is: How do we look forward in the \n21st Century to securing air travel and travel in general?\n    The Department of Homeland Security takes this issue very \nseriously. We have put in place over the last decade, I think, \nan approach which attempts to achieve exactly what you have set \nforth.\n    No. 1, we have to have multiple layers from the \nauthorization of travel visas, ESTAs, Advanced Electronics \nTravel Authorization. That needs to be scrutinized.\n    From the decision to book travel, PNR records and the other \npre-travel engagement that a traveler makes, we can do scrutiny \nthere.\n    Checkpoints at the airports is another layer. When a person \ngets on an aircraft we have security on planes. Then before \nthey get to the United States there is additional scrutiny.\n    So we have a number of layers of defense that we have put \nin place to ensure that we prohibit, and prevent, and detect \nthose who seek to do harm from even getting on a plane to begin \nwith. That is with a system that Congress has helped put \ntogether through a number of laws and appropriations over the \nlast decade.\n    I think the PNR system that we have now have been \ndiscussing today plays a central role in that.\n    It allows for us to do not just detection of those who are \nknown or suspected terrorists by going up against the--matching \nagainst the watch list that we have, the terrorist database. \nBut allows through certain analysis to detect those who may be \nunknown to us, but exhibit certain behavior that can allow us \nto then prevent them from getting on a plane or doing \nadditional screening at a time, so a number of different \nlayers.\n    Information sharing is critical to that and so that is why \nwe are having the negotiations and having relationships with \nthird parties and other countries to ensure that we have that \ninformation exchanged.\n    Ms. Jackson Lee. There is only a little bit more time. \nMaybe in your answer you would also include whether we are \ninvading a person's privacy on the behavioral aspect, but I \nthink you are talking about utilizing as well.\n    Ms. Callahan. So, I can take that one up, ma'am.\n    With regard to information sharing, with regard to \nscreening at the border, I think that we have done--the \ndevelopments in the past decade have been extraordinary.\n    But at the same time what has been important is the \nDepartment has included privacy protections as they develop \nthese programs. I think that that is crucial for going forward.\n    Mr. Bush. Yes, ma'am. I think you hit it on--right away the \ndifference between the intelligence and information sharing and \nthe need for the armor. I think both have to come in.\n    Obviously with the increasing attempted acts of terror by \nthose not on the watch list really stresses the need for the \nintelligence information sharing within the Federal Government, \nbut also with our foreign partners.\n    But once we identified a likely suspect, how can we then \ndetect if they have something on them or attempting to get on a \nplane are two equally challenging areas.\n    Ms. Jackson Lee. Thank you.\n    I yield back.\n    Mr. Meehan. Thank you, Ms. Jackson Lee.\n    I have a couple of follow-up questions. I will certainly \nopen the courtesy to the other Members of the committee who are \nhere today if they would so like.\n    But may I ask--well first, I want to follow up with what \nthe gentlelady just said. The two important points, that \naviation continues to be an area that is targeted to be sure, \nand the, you know, the concern we have that individuals will \ntry to exploit that.\n    But, Ms. Callahan, there has already been a great deal of \nwork that has been done in terms of protecting the privacy of \ninformation as we move along. This has been part of the DHS \nmission. We constantly move forward and seek information.\n    Oftentimes there is not enough attention paid to what we \nare doing with that information behind us or assuring that \nthere are protections that are done. I think simply the fact \nthat we are having this hearing identifies Congress' \nappreciation and desire to participate in this.\n    As I have researched this and looked at this particular \nissue, there is something called fair information practice \nprinciples and other standards that are in place.\n    Could you explain to us just what they are and how they \nhelp to secure the privacy of individuals both within the \nUnited States and outside?\n    Ms. Callahan. Absolutely.\n    Absolutely, sir, thank you for that question.\n    The fair information practice principles are core elements \nof essentially all privacy laws throughout the world that has \nprivacy laws. A basis of it was originally in the Privacy Act \nof 1974 which was the first National privacy act in the world.\n    It is also embedded in the OECD Privacy Principles of 1980 \nwhich, of course, is the genesis for both the European privacy \nlaw as well as the U.S. law.\n    The Department of Homeland Security embeds the Fair \nInformation Practice Principles, or the FIPPs within each of \nits activities associated with programs, technologies, systems, \nand information sharing. That is what my office does.\n    The Fair Information Practice Principles include \ntransparency, individual participation, purpose limitation, \ndata security, data usage, access auditing and accountability, \nand redress.\n    All of those elements are important cornerstones that I \ntried to address in my oral testimony to explain how PNR is an \nexample of the Fair Information Practice Principles as \nimplemented.\n    Mr. Meehan. Can you give me an example of one of those and \nhow that serves as a check against the abuse of that \ninformation?\n    Ms. Callahan. Well, one of the points that the Ranking \nMember had said is wanting to be more clear with what we are \ndoing with information.\n    We have tried to be very transparent with the passenger \nname records and what we are doing. I look forward to any other \nopportunities to discuss it in order to do that.\n    In addition, for example, the purpose limitation, to make \nsure that we are using passenger name records for terrorism, \ntransnational serious crimes, as well as to identify \nindividuals with whom we may want to have more border security \nto not have the potential for mission creep for example.\n    Those are important elements and that is what my three \naudits that are available in my website all show that we are \nindeed adhering to the principles that we said we would when we \nfirst set up the program. That is a very important part of the \nDepartment.\n    Mr. Meehan. One of the principles you identified was \nredress which allows an individual to challenge the information \nthat is in there. So there is already, as I understand it under \nthe FOIA, of the ability to obtain your own record and to \nrequest that there be changes in inaccurate information with \nrespect to your own record.\n    Did I understand your testimony correctly that there are \nsome 220,000 foreign requests for FOIA?\n    Ms. Callahan. Let me clarify. Two hundred and twenty \nthousand FOIA requests that we received from across the world. \nOf those we received them from 100-plus countries. But in terms \nof proportion, I can't tell you the proportion whether they are \nU.S. citizens here in the United States or also overseas.\n    Mr. Meehan. Oh, but that may include U.S. citizens----\n    Ms. Callahan. It absolutely does include U.S. citizens.\n    Mr. Meehan. But that would be an important thing. I mean, I \ndon't know that I need you to do this just to do it.\n    But if there is some way to analyze and identify the \nbreakdown that may be relevant to this question, I would like \nto know if we are seeing a disproportionate amount of requests \nfrom foreign nations.\n    Ms. Callahan. The majority--about 75 percent of the FOIAs \nthat we receive actually go to citizenship and immigration \nservices associated with alien files, with their immigration \nrecords to obtain information about that.\n    Mr. Meehan. That may be relevant to their interest in \ntrying to obtain citizenship or other kinds of benefits.\n    Ms. Callahan. Exactly.\n    So I can tell you that that is where the majority of the \nrequests come in. But a lot of those people are also \nnaturalized U.S. citizens or legal permanent residents who are \nseeking their information.\n    With regard to PNR, I can give you the breakdown for the \n69----\n    Mr. Meehan. I just wanted to see if there was a dramatic \nimbalance for some particular reason.\n    This last issue----\n    Ms. Callahan. There doesn't appear to be----\n    Mr. Meehan. But the redress is sufficient. Or I am seeing \nsome concerns that somehow we should open up the courts for \nfurther redress in some--what is your position on that?\n    Ms. Callahan. As I mentioned earlier, the traveler redress \ninquiry program that DHS has stood up is designed to be a one-\nstop shop available on-line to multiple individuals regardless \nof where you are and for free.\n    I think it is a very efficient and effective process that \n140,000 people have already sought redress through.\n    With that said, the European standard thinks that a \njudicial redress opportunity would be one that would be better.\n    If you go through a TRIP, you actually have the opportunity \nto go to court to challenge it. So therefore, I think that to \nrequest judicial redress, particularly with the use of PNR, it \nis probably not necessary because it already is available in \nthe U.S. system.\n    Mr. Meehan. Right.\n    Well, thank you. My time has expired.\n    I will now turn it over to the Ranking Member for any \nfurther questions she may have.\n    Ms. Speier. Thank you, Mr. Chairman.\n    Along those same lines, Ms. Callahan, of the 69 requests \nthat you have had for redress, could you make the specifics of \nthose cases or a handful of those cases available to the \nChairman and the committee so that we can see what it is they \nare objecting--I would like to get a better sense of what the \nconcern is.\n    Because based on the 19 fields that you just listed--and I \nam a privacy queen. I mean, I have spent a good part of my \ncareer trying to protect people's privacy.\n    I am not seeing where there is a potential even for abuse \nbased on the information that is being shared.\n    So, either you are taking this information and using it \nwith other information you get from other sources, which if you \nare you need to explain that to us, or I am missing something.\n    Ms. Callahan. If I could clarify what the 69 requests were.\n    They are the request for FOIAs, so just to receive access \nto their information. Of those 69 FOIA requests--so we don't \nknow if there is a redress problem with it per se.\n    Of those 69 requests, about half of them come from American \ncitizens who were seeking their own access. About a quarter of \nthem come from the European Union, Canada, and Mexico, and a \nquarter come from the rest of the world. So it is just an \ninteresting breakdown to see how it evolved.\n    It originally was more heavily weighted towards Europeans, \nbut now we are getting more from the rest of the world.\n    With regard to the use and with regard to the access, as \nMr. Heyman and Mr. Bush noted, the fields that are being \nprovided are the fields that are being provided to an airline, \nand therefore they don't inherently have sensitive information \nin it.\n    With that said, it is commercial data that the United \nStates is acquiring as part of this Federal border security. So \nI do think it is important to note that when the U.S. \nGovernment acquires commercial information, we need to treat it \nvery carefully.\n    I think that that may be some of the reservations that \npeople think because it was originally a commercial \ninformation, that that is the problem with it.\n    With that said, the protections that we had put in place, I \nthink, are very robust, very sufficient, and helped to \nameliorate that concern, but also help us protect our borders \nin the ways that Mr. Bush described.\n    Ms. Speier. But do you take that information and overlay it \nwith other information you have within a database you have \ninternally?\n    Ms. Callahan. We do compare passenger name records with \nother datasets that Mr. Heyman talked about including ESTA, \nAPIS--which is the Advanced Passenger Information System, the \nterrorist screening database, and a few other data fields--and \ncriminal records as well. That is all disclosed in all of our \npublic documents.\n    Ms. Speier. A FOIA request by an individual would be able \nto access that information that you have?\n    Ms. Callahan. If they asked for their passenger name \nrecords, it would not have that because the information is \noverlaid, compared, and then they go back to their separate \ndatabases.\n    It is not stored in a unique setting. So it is not a \nFederal record under FOIA.\n    With that that said they could ask for the information that \nCustoms and Border Protection utilizes in order to make the \nborder decisions. That is a way of having a broader aperture on \nthe FOIA.\n    Ms. Speier. Now, let us go back to the Shahzad case.\n    He went through a series of screenings, still got on the \nplane. It was about to leave before he was apprehended.\n    So where were the failings in the existing system? What \nkinds of changes have been made to make sure that doesn't \nhappen again?\n    Mr. Bush. I think the first improvement, ma'am, was the \nincreased watch list service out of the Terrorism Screening \nCenter.\n    It had previously taken up to 24 hours to get someone \nwatch-listed. That has now been streamlined and is real-time. \nSo the soonest he would have checked in his name would hit on \nthe watch list and I think it would have stopped there.\n    The second thing is the time of which PNR is being \nsubmitted to the United States has intervals. It is not real-\ntime every time someone books a ticket or makes some changes.\n    You had asked earlier, I believe--I apologize, if it wasn't \nyou ma'am--the differences between this agreement and the \nprevious ones.\n    That is an example of an improvement. We are trying to get \nany change to the PNR in real time. We are trying to explain \nthe value of that to the Europeans.\n    Ms. Speier. So does the European Union object to that?\n    Mr. Bush. I don't think they understand it yet to object to \nit. I think they are still trying to understand does that mean \nmore data being provided, when we were saying if you originally \npurchased your ticket and you only change it one time, well \nthen we don't need to have continual submissions of the same \nPNR.\n    They are trying to understand that. I shouldn't say it is \nan objection at this point, but I can defer.\n    Mr. Heyman. They are not objecting to it. I think they are \njust trying to understand it.\n    It is a new concept, the idea of having real-time data. It \nis--for data minimization, so it is good for privacy. It is \nreal-time accuracy, so it is good for data security--for \nNational security.\n    Ms. Speier. You know, for those in the European parliament \nthat appear to be objecting to this negotiated agreement, I \nwould argue that they are better served by this agreement than \nby the agreement that we are operating under, which to your \nperspective is broader and has less privacy protection.\n    So I am kind of mystified by their logic. But, I will leave \nit at that.\n    I yield back.\n    Mr. Meehan. Mr. Heyman is not taking the bait.\n    [Laughter.]\n    Mr. Meehan. Ms. Hahn, do you have any follow-up questions?\n    All right, well, I want to express my deep appreciation. It \nis a remarkable topic.\n    I don't think most of America woke up this morning thinking \nthat PNR was the first thing that was on their mind, but a few \nof us did. It does show the importance. You have identified the \nkey role that this plays.\n    I also really appreciate the interest of the committee in \nlooking to assure that we are protecting the privacy interests \nas well. I think that is similarly a mission for this \ncommittee.\n    I thank you for the work that you are doing on both.\n    Just one following comment. Mr. Bush, we didn't get into \nthe work that you are doing not just with terrorism, but I am \nimpressed by the work that is done with human smuggling and \nother kinds of things looking at the pattern activity, and do \nbelieve that that is an area that we ought to keep working on.\n    So I want to thank the witnesses for their valuable \ntestimony, and the Members for their questions.\n    The Members of the committee might have some additional \nquestions for the witnesses, and we will ask that you respond \nto those in writing. The hearing record will be open for 10 \ndays.\n    So without objection, the committee stands adjourned.\n    [Whereupon, at 11:15 a.m., the subcommittee was adjourned.]\n\n                                 <all>\n\x1a\n</pre></body></html>\n"