[House Hearing, 113 Congress]
[From the U.S. Government Publishing Office]



 
      EXAMINING DATA SECURITY AT THE UNITED STATES POSTAL SERVICE

=======================================================================

                                HEARING

                               before the

                   SUBCOMMITTEE ON FEDERAL WORKFORCE,
                   
                   U.S. POSTAL SERVICE AND THE CENSUS

                                 of the

                         COMMITTEE ON OVERSIGHT
                         
                         AND GOVERNMENT REFORM

                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED THIRTEENTH CONGRESS

                             SECOND SESSION

                               __________

                           NOVEMBER 19, 2014

                               __________

                           Serial No. 113-157

                               __________

Printed for the use of the Committee on Oversight and Government Reform


         Available via the World Wide Web: http://www.fdsys.gov
                      http://www.house.gov/reform
                      
                                     ______

                      U.S. GOVERNMENT PUBLISHING OFFICE 

93-230 PDF                     WASHINGTON : 2015 
-----------------------------------------------------------------------
  For sale by the Superintendent of Documents, U.S. Government Publishing 
  Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; 
         DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, 
                          Washington, DC 20402-0001                    
                      
                      
              COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM

                 DARRELL E. ISSA, California, Chairman
JOHN L. MICA, Florida                ELIJAH E. CUMMINGS, Maryland, 
MICHAEL R. TURNER, Ohio                  Ranking Minority Member
JOHN J. DUNCAN, JR., Tennessee       CAROLYN B. MALONEY, New York
PATRICK T. McHENRY, North Carolina   ELEANOR HOLMES NORTON, District of 
JIM JORDAN, Ohio                         Columbia
JASON CHAFFETZ, Utah                 JOHN F. TIERNEY, Massachusetts
TIM WALBERG, Michigan                WM. LACY CLAY, Missouri
JAMES LANKFORD, Oklahoma             STEPHEN F. LYNCH, Massachusetts
JUSTIN AMASH, Michigan               JIM COOPER, Tennessee
PAUL A. GOSAR, Arizona               GERALD E. CONNOLLY, Virginia
PATRICK MEEHAN, Pennsylvania         JACKIE SPEIER, California
SCOTT DesJARLAIS, Tennessee          MATTHEW A. CARTWRIGHT, 
TREY GOWDY, South Carolina               Pennsylvania
BLAKE FARENTHOLD, Texas              TAMMY DUCKWORTH, Illinois
DOC HASTINGS, Washington             ROBIN L. KELLY, Illinois
CYNTHIA M. LUMMIS, Wyoming           DANNY K. DAVIS, Illinois
ROB WOODALL, Georgia                 TONY CARDENAS, California
THOMAS MASSIE, Kentucky              STEVEN A. HORSFORD, Nevada
DOUG COLLINS, Georgia                MICHELLE LUJAN GRISHAM, New Mexico
MARK MEADOWS, North Carolina         Vacancy
KERRY L. BENTIVOLIO, Michigan
RON DeSANTIS, Florida

                   Lawrence J. Brady, Staff Director
                John D. Cuaderes, Deputy Staff Director
                    Stephen Castor, General Counsel
                       Linda A. Good, Chief Clerk
                 David Rapallo, Minority Staff Director

 Subcommittee on Federal Workforce, U.S. Postal Service and the Census

                   BLAKE FARENTHOLD, Texas, Chairman
TIM WALBERG, Michigan                STEPHEN F. LYNCH, Massachusetts, 
TREY GOWDY, South Carolina               Ranking Minority Member
DOUG COLLINS, Georgia                ELEANOR HOLMES NORTON, District of 
RON DeSANTIS, Florida                    Columbia
                                     WM. LACY CLAY, Missouri
                                     
                                     
                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on November 19, 2014................................     1

                               WITNESSES

Mr. Randy S. Miskanic, Vice President of Secure Digital 
  Solutions, United States Postal Service
    Oral Statement...............................................     5
    Written Statement............................................     8
Mr. Guy J. Cottrell, Chief Postal Inspector, United States Postal 
  Service
    Oral Statement...............................................    18
    Written Statement............................................    20
Ms. Tammy Whitcomb, Deputy Inspector General, United States 
  Postal Service
    Oral Statement...............................................    28
    Written Statement............................................    30
Mr. Timothy H. Edgar, Visiting Fellow, Watson Institute for 
  International Studies, Brown University
    Oral Statement...............................................    35
    Written Statement............................................    37
Mr. Charles E. Hamby II, Captain, Narcotic Enforcement Division, 
  Prince George's County Police Department
    Oral Statement...............................................    49
    Written Statement............................................    51

                                APPENDIX

Letters to DEI requesting hearings, submitted by Mr. Cummings....    72
Answers to QFRs from Rep. Connolly to Tammy Whitcomb, USPS OIG...    84
Answers to QFRs from Rep. Connolly to Guy Cottrell, USPS.........    92
Answers to QFRs from Rep. Connolly to Timothy Edgar, Brown 
  University.....................................................   102


      EXAMINING DATA SECURITY AT THE UNITED STATES POSTAL SERVICE

                              ----------                              


                     Wednesday, November 19, 2014,

                  House of Representatives,
    Subcommittee on Federal Workforce, U.S. Postal 
                            Service and The Census,
              Committee on Oversight and Government Reform,
                                                    Washington, DC.
    The subcommittee met, pursuant to notice, at 11:40 a.m., in 
room 2154, Rayburn House Office Building, Hon. Blake Farenthold 
(chairman of the subcommittee) presiding.
    Present: Representatives Farenthold, Walberg, Lynch, Clay, 
and Cummings.
    Also present: Representative Davis.
    Staff present: Melissa Beaumont, Majority Assistant Clerk; 
Will L. Boyington, Majority Deputy Press Secretary; Molly Boyl, 
Majority Deputy General Counsel and Parliamentarian; Adam P. 
Fromm, Majority Director of Member Services and Committee 
Operations; Jeffrey Post, Majority Senior Professional Staff 
Member; Laura L. Rush, Majority Deputy Chief Clerk; Andrew 
Shult, Majority Deputy Digital Director; Sarah Vance, Majority 
Assistant Clerk; Jaron Bourke, Minority Administrative 
Director; Marianna Boyd, Minority Counsel; Aryele Bradford, 
Minority Counsel; Jennifer Hoffman, Minority Communications 
Director; Tim Lynch, Minority Counsel; Dave Rapallo, Minority 
Staff Director; Katie Teleky, Minority Staff Assistant.
    Mr. Farenthold. The subcommittee will come to order. It is 
an interesting day. We have Mr. Issa staring over my shoulder 
now and Mr. Hoffield looking at me from over here. The pictures 
have been rearranged.
    Anyway, I would like to begin this hearing by stating the 
Oversight Committee's mission. We exist to secure two 
fundamental principles: first, Americans have the right to know 
that the money Washington takes from them is well spent and, 
second, Americans deserve an efficient, effective Government 
that works for them. Our duty on the Oversight and Government 
Reform Committee is to protect these rights.
    Our solemn responsibility is to hold the Government 
accountable to taxpayers, because taxpayers have a right to 
know what they get from their Government. We will work 
tirelessly in partnership with citizen watchdogs to deliver the 
facts to the American people and bring genuine reform to the 
Federal bureaucracy. This is the mission of the Oversight and 
Government Reform Committee.
    I will now recognize myself for a short opening Statement.
    We have called this hearing today to talk about the Postal 
Service's mail covers program. As we will hear from our panel 
this morning, mail covers have a long-running history at the 
Postal Service as a way of helping law enforcement 
investigations. But they remain a concern for privacy 
advocates.
    Today, the mail covers program is managed by the Postal 
Service Inspection Service. This is the law enforcement arm of 
the Postal Service and it manages all incoming requests, 
oversees data security, and ensures mail covers are properly 
executed.
    A mail cover itself is a fairly simple thing; it is a 
record of all the information on the outside of a mail piece 
for classes of mail that are sealed against inspection. Mail 
covers can be requested either by the United States Postal 
Service Inspection Service or outside law enforcement agencies. 
This information is often transcribed by hand, usually by 
Postal Service supervisors, just before a mail piece is 
delivered.
    A mail cover can consist only of a single package or can 
cover all mail going to and from an addressee for 30 days or 
more. The vast majority of the 49,000 mail covers issued for 
Fiscal Year 2013 were 1-day covers internally requested by the 
Postal Service as part of drug investigations. However, more 
than 6,000 mail covers were requested by outside law 
enforcement agencies and approved by the Postal Service, while 
nearly 3,000 multi-day mail covers were requested internally by 
the Inspection Service.
    On its May 2014 audit report, the Postal Service Office of 
Inspector General uncovered a number of troubling facts 
regarding the management and oversight of external mail cover 
requests. Of the audited covers, 21 percent were not approved 
by authorized individuals and 13 percent were approved without 
adequate justification contained in the request.
    Moreover, despite receiving more than 6,700 requests of 
mail covers in Fiscal Year 2013, the Inspection Service denied 
just 10. That is an approval rate of 99.85 percent. That is 
better than my server is up. This fact raises serious questions 
about the current management of the mail covers program.
    We will hear testimony from a number of witnesses who will 
be able to share the significant law enforcement benefits that 
this program can bring, as well as the privacy risk posed by 
this program if it continues to be poorly managed. We will also 
have the opportunity to hear from both the Postal Inspection 
Service and the IG with updates as to how the problems 
identified with the audit report are being addressed.
    In addition to our discussion of mail covers program, we 
will probably get into discussing the data breach the Postal 
Service announced on November 10th, 2014. With respect to that 
data breach, the Postal Service has confirmed that personally 
identifiable information for more than 800,000 current and 
former Postal Service employees, including their name, 
addresses, and Social Security numbers, have been compromised.
    While I understand some information regarding this breach 
may be still sensitive in nature, it is my hope that we can 
have a discussion about how the breach occurred, the extent of 
the data lost, and, most importantly, what actions are being 
taken to mitigate the risk of a similar breach in the future.
    On that note, I greatly appreciate the written testimony 
that will be presented by Mr. Miskanic today. His testimony 
provides a clear time line of events leading up to the November 
10th announcement that before today had not been available.
    With that, I would like to thank all of our witnesses for 
being here today and allow the ranking member, the gentleman 
from Massachusetts, Mr. Lynch, to make an opening Statement.
    Mr. Lynch. Thank you, Mr. Chairman.
    First, I want to apologize for being tardy. We have 
elections going on in the Democratic caucus, as well as the 
Republican caucus.
    Mr. Farenthold. Hope you did well in whatever you ran for.
    Mr. Lynch. Well, they haven't counted the votes yet. But 
that is another story.
    Mr. Chairman, thank you very much for holding this hearing; 
I appreciate that. I also want to thank the members of the 
panel for your willingness to help this committee with its 
work.
    Through the mail covers process, law enforcement agencies 
may request that the Postal Service record information on the 
outside of a piece of mail to obtain evidence of a crime, 
locate fugitives, identify property, and to protect the 
national security. According to Federal regulations, however, 
the Postal Service may not open or inspect the contents of a 
sealed piece of mail without a Federal search warrant.
    Importantly, the mail covers program can serve as a 
valuable investigative tool through which postal investigators 
and law enforcement officials can further their investigations 
into the abuse of our mail system for terrorists or other 
criminal activity. However, our constitutional commitment to 
individual privacy and due process requires that we conduct 
meaningful oversight of this program in order to ensure that it 
is not unnecessarily broad in scope. Toward this end, the 
Postal Service inspector general recently reported some program 
deficiencies.
    The IG reported that the chief postal inspector should, 
these are recommendations, No. 1, improve controls to ensure 
that responsible Postal Inspection Service personnel process 
the mail covers program as required; and, No. 2, the IG 
recommended that the Postal Service establish procedures to 
ensure periodic reviews of mail covers and that those are 
conducted as required; third, the Service recommended that we 
improve controls to ensure Postal Service facility personnel 
processes mail covers in a timely manner; and also, fourth, to 
implement system controls to ensure that data integrity in the 
Postal Inspection Service mail covers application.
    The Postal Service has agreed with these recommendations 
and has fully implemented recommendation No. 2, establishing 
periodic review procedures. The agency has also made 
substantial progress on implementing the other three 
recommendations. Chief Inspector Cottrell expects all of the 
recommendations to be fully implemented by June 2015, so we 
will keep a watch on that.
    On October 27, 2014, the New York Times published a story 
asserting that the mail covers program was more extensive than 
had been previously reported. In response, the Postal Service 
has reported to committee staff that the increase in mail 
covers was largely due to a change in accounting practices, 
which is easily understandable once the details are revealed. 
According to the Postal Service, starting in 2012, the 
Inspection Service began using 1-day mail covers on each 
individual piece of mail that the law enforcement agencies 
requested. Previously, a single mail cover could reflect Postal 
Service monitoring of multiple pieces of mail. So, naturally, 
this change in practice resulted in an increase in the number 
of total mail covers without necessarily reflecting an increase 
in the use of the mail covers program.
    According to Chief Cottrell's testimony, there has been a 
reduction in the total number of mail covers used by law 
enforcement agencies over the past several years, and I look 
forward to hearing the details of these changes and surrounding 
each of the inspector general's recommendations.
    On November 10th, 2014, the Postal Service publicly 
announced that its computer networks had been significantly 
breached. Personally identifiable information of his employees 
may have been compromised, including names, addresses, dates of 
birth, Social Security numbers, dates of employment, and other 
information. News reports indicate over 800,000 employees could 
be affected. This data breach comes on the heels of several 
other attacks in both the public and private sector, including 
Home Depot, Kmart, Target, JP Morgan Chase, USIS, the Community 
Health Partners, and most recently the U.S. State Department.
    On November 10th, Ranking Member Cummings sent a letter to 
Postmaster General Donahoe requesting additional information 
about the breach, including the extent of the cyber attack, the 
nature of the data that was breached, and the number of 
potential employees and customers affected, and the Postal 
Service notification process regarding the breach. The ranking 
member also highlighted the need for greater collaboration to 
improve data security in light of the increased numbers of 
public and private data sector breaches.
    I look forward to hearing from the Postal Service 
especially on the data breach piece of this, and how it plans 
to address the specific data security issues raised by the 
postal data breach and ensure that its employees and consumers 
are protected from such breaches in the future.
    Thank you, Mr. Chairman. I yield back.
    Mr. Farenthold. Thank you, Mr. Lynch.
    Other members will have 7 days to submit opening Statements 
for the record.
    Mr. Lynch. Mr. Chairman? I am sorry, I forgot. I would ask 
unanimous consent that Mr. Davis, the gentleman from Illinois, 
be allowed to participate. Mr. Davis is a former chairman of 
this subcommittee and has been a strong and eloquent advocate 
on behalf of postal employees and the postal system.
    Mr. Farenthold. Without objection, it will be an honor to 
let him join us today.
    Mr. Davis. Thank you, Mr. Chairman.
    Mr. Farenthold. All right, our panel today, distinguished 
panel, Mr. Randy Miskanic is Vice President of Secure Digital 
Solutions for the United States Postal Service. Welcome, sir.
    Mr. Guy Cottrell is the Chief Postal Inspector for the 
United States Postal Service Inspection Service. Welcome to you 
as well.
    Ms. Tammy Whitcomb is Deputy Inspector General for the 
United States Postal Service Office of Inspector General. 
Welcome, ma'am.
    Mr. Tim Edgar is Visiting Fellow at the Watson Institute 
for International Studies at Brown University. Go Bears.
    Mr. Charles Hamby is a Captain with the Narcotics 
Enforcement Division of the Prince George's County, Maryland 
Police Department. Captain, a privilege to have you in front of 
us, as well, today.
    Pursuant to the committee rules, we ask that all witnesses 
be sworn in before they testify. Would you all please rise? And 
if you will raise your right hand. Do you solemnly swear or 
affirm that the testimony you are about to give will be the 
truth, the whole truth, and nothing but the truth?
    [Witnesses respond in the affirmative.]
    Mr. Farenthold. Let the record reflect that all witnesses 
have answered in the affirmative.
    You all may be seated now.
    We have had you all submit written testimony, so in order 
to allow us time to ask you questions, we ask that you 
summarize your testimony in 5 minutes or less. You will see in 
front of you a little timer. Green means go, yellow means hurry 
up, and red means stop.
    So we will start with Mr. Miskanic. You are recognized for 
your summary of your testimony.

                       WITNESS STATEMENTS

                 STATEMENT OF RANDY S. MISKANIC

    Mr. Miskanic. Good morning, Chairman Farenthold, Ranking 
Member Lynch, and members of the subcommittee. Thank you for 
calling this hearing on data security at the Postal Service.
    My name is Randy Miskanic and I serve as Vice President of 
the Secure Digital Solutions Group for the United States Postal 
Service. In this role I lead the Postal Service's digital 
product development initiatives. I am also a postal inspector, 
and I previously served as the Deputy Chief Inspector of the 
United States Postal Inspection Service. My experience as 
Deputy Chief included leading cyber investigations. Given this 
experience, the postmaster general appointed me to the role of 
Incident Commander in response to the cyber intrusion that 
became public last week.
    On September 11th, the Postal Service Office of Inspector 
General was notified by US-CERT regarding four Postal Service 
servers that were sending unauthorized communication outside of 
the organization, indicating that these systems may have been 
compromised. On that date, we had limited information about the 
nature of the activity and we began a forensic investigation.
    During the next several weeks, OIG agents and postal 
inspectors configured and installed the technical architecture 
and tools necessary to identify impacted servers and 
workstations on the Postal Service network.
    By October 17th, it became apparent that the intrusion was 
very sophisticated and had been developed specifically to 
exploit the Postal Service computing environment. As the scale 
and the scope of the intrusion became evident, we greatly 
escalated our response. We also worked closely with US-CERT, 
the FBI, and other forensic experts to develop a strategy for 
protecting our information systems.
    By November 4th we were able to confirm that a compromised 
employee data set had been copied and removed from our network. 
This confirmation triggered our decision to quickly notify our 
employees.
    Throughout this process, our guiding principles were to 
protect our information systems from additional harm, to ensure 
our employees' and customer data was secure, and to allow the 
investigation to proceed unnoticed by our adversary. One of our 
biggest challenges was maintaining secrecy regarding the 
remediation of our infected systems.
    During the course of the investigative efforts, we learned 
of the sophisticated nature of the adversary and the dynamic 
tactics they employ to evade detection by most commercial 
information security tools. I can't get into too much detail 
about our processes except to say that it was critically 
important that the adversary not know that we were watching 
their activity. Any premature leak about our remediation steps 
might have caused this adversary to cover their tracks or take 
countermeasures that might have further harmed our network.
    Over the weekend of November 8th and 9th, the Postal 
Service took a number of remediation steps that required 
shutting down and then restoring certain systems. Immediately 
afterward, on Monday, the 10th, the Postal Service notified its 
employees, customers, business partners, and other stakeholders 
about the intrusion. This occurred roughly 1 week after 
confirming the contents of the stolen employee data.
    The compromised data included employee personally 
identifiable information. Additionally, customer call center 
data was also compromised. To date, we have seen no evidence 
that the compromised employee data has been used for malicious 
purposes such as identity theft. In an abundance of caution, 
however, the Postal Service is providing a 1-year creditor 
monitoring product at no cost to its employees, in addition to 
other services.
    Mr. Chairman, the Postal Service operates one of the 
largest computer environments in the Federal Government. Until 
this recent intrusion, we have been successful in maintaining 
the integrity of our data and the security of our systems. 
Since being notified of the suspicious activity, the Postal 
Service has been engaged in a very intense process of 
evaluating and developing new strategies to protect our 
information systems. In parallel to complex investigative 
activities, we developed and continue to implement a detailed 
mitigation plan to stop the compromise and protect the Postal 
Service network.
    On November 10th, the postmaster general notified our 
employees about the compromised data and made a commitment to 
strengthen the security of our systems to match these 
sophisticated new threats. The Postal Service will be taking 
numerous steps over the coming months to improve processes and 
technologies to better protect against future intrusions.
    We live in a world that requires perpetual vigilance and 
staying a step ahead of our adversaries. We are committed to 
doing so on behalf of our employees, our customers, and the 
American public.
    Thank you, Mr. Chairman. This concludes my remarks.
    
    [Prepared Statement of Mr. Miskanic follows:]
    
    [GRAPHIC] [TIFF OMITTED] 
    
    Mr. Farenthold. Thank you very much. I look forward to 
questioning you.
    Mr. Cottrell, you are up.

                  STATEMENT OF GUY J. COTTRELL

    Mr. Cottrell. Good morning, Chairman Farenthold, Ranking 
Member Lynch, and members of this subcommittee. I am Guy 
Cottrell, Chief Postal Inspector of the United States Postal 
Service. On behalf of the men and women of our agency, I 
appreciate this opportunity to present the testimony of the 
U.S. Postal Inspection Service in support of this hearing on 
data security at the U.S. Postal Service.
    My testimony today will discuss the Postal Service mail 
cover program and the controls in place to ensure appropriate 
privacy protections are maintained. I will also update the 
committee on the progress made regarding recommendations 
contained in the Postal Service Office of Inspector General 
Report released in May 2014 on the mail cover program.
    The Postal Service respects the privacy of its customers 
and the sanctity of the mail. A mail cover is the process by 
which a nonconsensual recording is made of any data appearing 
on the outside cover of any sealed or unsealed class of mail 
matter. Any personal information obtained in connection with 
the mail cover program is treated as restricted, confidential 
information and is not publicly available.
    Over the past 5 years, law enforcement use of mail covers 
has generally declined, with one significant exception. We 
revised procedures in connection with criminal investigations 
into dangerous mail and narcotics in Fiscal Year 2012. These 
programs emphasized the safety of postal employees and strive 
to protect them from handling mail that contains harmful 
substances, narcotics, and trafficking proceeds, and the 
violence associated with drug crimes.
    Equally important, they aid our efforts to help keep 
illegal drugs off the streets and out of school yards across 
the Country. We now assign mail covers to individual mail 
pieces in these investigations, which drove the spike in 
overall mail cover volume the last three fiscal years.
    Recently, the Postal Service inspector general conducted 
its review of the mail cover process, releasing a report in May 
2014 containing four recommendations to improve program 
security and accountability. We have addressed these 
recommendations as follows:
    We have worked to improve controls to ensure responsible 
Postal Inspector Service personnel process mail covers as 
required.
    We have examined the administration of the program and our 
processes, updating standard operating procedures, improving 
training, testing application workflow enhancements, creating 
performance metrics, and formulating a disbarment process.
    We have established procedures to ensure periodic reviews 
of the mail cover program are conducted at national 
headquarters and in the field as part of our annual compliance 
review process.
    We are leveraging existing Postal Service tools to better 
assess program compliance at the local post office level and 
facilitate communication.
    We have also initiated a project to upgrade the mail cover 
process, allowing us to better ensure data integrity, 
compliance, and accurate reporting.
    We are on target to completely address all audit 
recommendations by June 2015.
    I am certain these actions will provide necessary 
safeguards to ensure the program is administered as required.
    Recent media coverage has confused three independent mail 
programs, the mail cover program, mail imaging, and mail 
isolation control and tracking, or MICT, creating a false 
impression that there is a vast mail monitoring system in 
operation. This simply is not true. These programs are distinct 
and have very different purposes.
    I have already discussed the mail cover program. Mail 
imaging was developed in the early 1990's to help automate mail 
processing. The images are not maintained in a centralized data 
base, not profiled for mailing habits, nor are they mined or 
analyzed electronically.
    Mail isolation control and tracking, MICT, is a set of 
safety procedures developed in response to the anthrax mailings 
of 2001, and it is triggered when a potentially contaminated 
mail piece is identified to help determine potential 
contamination of mail processing equipment, facilities, and 
vehicles. Safety is the ultimate goal of MICT, although the 
contamination path can be relevant for law enforcement 
purposes.
    In closing, I would like to thank the committee for 
inviting me to appear here today to discuss with you our 
commitment to strengthening the mail cover process, allowing us 
an opportunity to better explain our use of this important 
investigative tool and the safeguards in place to protect the 
privacy of the American public.
    Thank you, Mr. Chairman.
    [Prepared Statement of Mr. Cottrell follows:]
    
    [GRAPHIC] [TIFF OMITTED] 
    
    Mr. Farenthold. Thank you very much.
    Ms. Whitcomb.


                   STATEMENT OF TAMMY WHITCOMB


    Ms. Whitcomb. Mr. Chairman and members of the committee, 
thank you for the opportunity to discuss our recent audit 
report on mail covers.
    Mail covers have been an investigative tool for more than 
100 years, used for tracking financial frauds, drug 
trafficking, and other criminal activity. A mail cover involves 
postal officials recording the information from the outside of 
a mail piece, such as the sender's address. However, the mail 
cover program does not permit opening letters and packages that 
are sealed against inspection, as this requires a search 
warrant. To be clear, the program should not be confused with 
the operational imaging of mail pieces to manage mail flows.
    The U.S. Postal Service processed approximately 49,000 mail 
covers in Fiscal Year 2013. Mail covers can be requested either 
by external investigators, including my office, or by the 
Postal Inspection Service. There are different types: mail 
covers that target individuals in suspected criminal matters, 
mail covers that target postal facilities where mail and 
parcels associated with criminal activity are passing, and 
special mail covers used for national security purposes.
    The OIG is responsible for auditing the investigative 
activities of the Postal Inspection Service. As part of this 
work, and in response to public concern, we conducted an audit 
of the handling of external mail covers. The report was issued 
in May. For this initial audit, we examined samples of both 
external criminal mail cover requests and special mail cover 
files. We are now beginning an audit of internal mail covers.
    Federal, State, and local law enforcement agencies can 
request a criminal mail cover by sending a hard copy form to 
the Postal Inspection Service's Criminal Investigation Service 
Center in Chicago. The request must specify the statute thought 
to have been violated and include a description of how the mail 
cover will further the investigation. These forms are manually 
entered into an electronic system for approval. Only the chief 
postal inspector, the manager of the Criminal Investigation 
Service Center, or their designees, can approve mail covers.
    Most criminal mail covers are approved. In Fiscal Year 
2013, the Postal Inspection Service received more than 6,000 
outside requests and denied 10.
    When a mail cover is approved, it is forwarded to the 
appropriate facility, where Postal Service staff photocopy the 
mail pieces or log the information. The facility then mails the 
records to the Inspection Service to pass on to the original 
requesters. Requesters are instructed not to copy mail cover 
records and must return them within 60 days after the mail 
cover period ends.
    Our audit found that mail cover procedures are not always 
followed.
    In 13 percent of cases, external mail cover requests were 
approved without adequate justification, either because the 
requester did not include sufficient justification in the 
request or the justification was not adequately entered into 
the electronic system;
    Authority to approve mail covers was not always delegated 
appropriately. Twenty-one percent of mail cover requests were 
not approved by authorized individuals;
    The Postal Inspection Service did not ensure that outside 
law enforcement returned mail cover information on time. In 61 
percent of cases, mail cover records were not returned within 
60 days as required.
    The computer system used to process mail covers had flaws. 
We found more than 900 cases where the system incorrectly 
showed a mail cover was active, even though the cover period 
had ended. System problems also prevented mail covers from 
being extended and sometimes the same tracking number would be 
issued to different requests;
    There were delays in processing mail covers both by the 
Postal Inspection Service and at Postal Service facilities.
    Finally, the Postal Inspection Service did not carry out 
its required annual reviews of the program.
    Our audit recommended the Postal Service and Inspection 
Service improve controls over the mail covers program, 
establish procedures to ensure the required program reviews are 
conducted, and fix the electronic system. The Postal Service 
and the Inspection Service agreed with our findings and 
recommendations and set target dates to implement solutions. 
Two of the four original target dates have now been extended to 
March 2015. My office will continue to track the Postal 
Service's progress.
    Mail covers are an important law enforcement tool, but 
adequate supervision is critical to ensure the protection of 
the public.
    Thank you.
    [Prepared Statement of Ms. Whitcomb follows:]
    
    [GRAPHIC] [TIFF OMITTED] 
    
    Mr. Farenthold. Thank you very much.
    Mr. Edgar.

                  STATEMENT OF TIMOTHY H. EDGAR

    Mr. Edgar. Thank you very much, Mr. Chairman.
    I served in the Obama White House as the first privacy and 
civil liberties official for the National Security Council, 
focusing on cybersecurity. Under President Bush, I was the 
deputy for civil liberties for the Director of National 
Intelligence. And from 2001 to 2006 I was the national security 
policy counsel for the American Civil Liberties Union.
    I am going to talk today a little bit about the history of 
the privacy of the mail and why that is important.
    When I was given this opportunity to testify, many of my 
friends and colleagues had one Statement: Is nothing sacred? 
The public is used to a lack of privacy on the Internet. They 
know about the NSA controversy; they know about Google reading 
their email for targeted ads. But they expect the Postal 
Service to have a higher standard for privacy and to be 
different; and there is a reason for that, which is that, going 
back to the days of George Washington, the United States has 
treated mail as something very sacrosanct.
    We had a choice in 1792, when the first law was passed 
establishing the Post Office. We could have gone in a different 
direction. The European governments of the time had secret 
rooms in which they monitored mail of political dissidents, of 
foreign diplomats. The United States decided not to set up such 
a room and to just ban the opening of mail altogether without a 
warrant; and shortly after the Civil War, the Supreme Court 
reinforced that notion, said that a sealed envelope, at least, 
basically had the same level of privacy as your home, really a 
pretty remarkable Statement of privacy in correspondence, 
handled, after all, by a Government agency. So this is an 
important part of our culture and of our system of 
constitutional protections for privacy.
    During the cold war we got off track. There were several 
mail monitoring programs run by the CIA and the FBI that were 
investigated by this Congress, by the Church Committee, in the 
mid-1970's. The largest of those was called HTLINGUAL. It was a 
CIA program that actually started as a mail covers program in 
the early 1950's. The CIA got the cooperation of the Postal 
Service to obtain copies of every item of mail that was going 
to or from the Soviet Union, generally in New York.
    And it got off the rails in part really just because the 
CIA did a lot of deceptive tactics to conceal the fact that not 
only were they photographing the outside of mail, which the 
Supreme Court had said does not violate the Fourth Amendment, 
although it should be more highly regulated, but they were 
actually opening mail as well. They monitored the American 
Friends Service Committee, they monitored author John 
Steinbeck. Members of Congress, including Frank Church himself, 
were on the list of people whose mail should be opened if 
encountered.
    So when this was discovered it was ended, but it had really 
been a major breach of Americans' privacy and civil liberties. 
But what are the lessons for today?
    I think one important lesson is that the Postal Service 
needs to be a stickler for privacy. They really need to insist 
that privacy requirements be followed to the letter, if you 
will. And they didn't really do that during these cold war 
abuses. They looked the other way. They allowed other agencies 
that had important national security missions to trump their 
concerns. I think they felt this is the CIA, this is national 
security, let's let them do their thing. And that was the wrong 
way to go. They needed to be the ones standing up and saying, 
hey, what are you doing with those pieces of mail? We need to 
see what you are doing. We need to look and to ask our counsels 
what is going on.
    So that is what is troubling about these missteps by the 
Post Office, is that you see a certain laxity in the way that 
they have enforced their rules on mail covers, and that is a 
troubling one.
    Finally, I think this issue of the mail imaging software is 
an important one for this committee to look at. It may be a 
separate program from mail covers, but it raises real questions 
about what is essentially a bulk collection of postal metadata, 
and it raises questions about the security of those computer 
files, who has access to them, and privacy risks. Back during 
the cold war, you actually had to have a program for the CIA to 
photograph mail. Now that is being done automatically as part 
of the system delivering it. It may be a separate program, but 
it raises privacy and security risks, especially with these 
recent breaches.
    Thank you very much.
    [Prepared Statement of Mr. Edgar follows:]
    
    [GRAPHIC] [TIFF OMITTED] 
    
    Mr. Farenthold. Thank you very much.
    Captain Hamby.

                STATEMENT OF CHARLES E. HAMBY II

    Mr. Hamby. Good morning. Thank you, sir. On behalf of Chief 
Mark Magaw and the Prince George's County Police Department, I 
would like to thank Chairman Farenthold, Ranking Member Lynch, 
and the members of the Subcommittee on Federal Workforce, U.S. 
Postal Service and the Census for the opportunity to discuss 
the mail cover program and the role this investigative tool 
plays in our criminal investigations.
    My name is Captain Charles Hamby and I am currently 
assigned as the Assistant Commander of the Narcotic Enforcement 
Division for the Prince George's County Police Department.
    Let me begin by stating that the Prince George's County 
Police Department is in support of the U.S. Postal Inspection 
Service mail covers program.
    Various investigative units within the police department, 
including, but certainly not limited to, our fugitive 
apprehension teams and narcotic enforcement units, have 
utilized mail covers as supplemental investigative tools to 
further their cases. Mail covers are able to provide assistance 
to law enforcement agencies as they are conducting criminal 
investigations by providing identification information on names 
and addresses of entities, individuals, and also locations that 
are associated with the subject being investigated. Fugitive 
teams may utilize mail covers to identify individuals and 
locations that could lead to the appreciation of the wanted 
subject. Narcotic investigations also benefit from mail covers 
by providing information regarding coconspirators, locations, 
and methods used by the various activities that occur in drug 
trafficking.
    For example, during an investigation that I conducted of a 
drug trafficking organization that was smuggling multiple 
kilograms of cocaine from Miami, Florida to Prince George's 
County, Maryland, a mail cover was used to develop evidence on 
one of the 14 co-conspirators. In this case, the mail cover 
provided identification of names and addresses associated with 
the target of the investigation, and the specific target was 
suspected of receiving the proceeds from the drug sales here in 
Prince George's County and shipping them to Miami, Florida.
    The suspect would facilitate the transfer of those funds to 
the source of supply in Miami, and that money which the suspect 
was sending to the source was payment for the following 
shipment of cocaine. During this conspiracy, it was typical for 
the organization to purchase and receive here in Maryland 10 
kilograms or more of cocaine in a single shipment. All of that 
cocaine was subsequently distributed either in Washington, DC. 
or in Prince George's County, Maryland.
    The information received from that mail cover identified 
previously unknown aliases that the subject was using. That 
information led to eventually further identification of the 
entire system that was being used to pay for the drugs. This 
case culminated with Federal indictments and successful 
prosecution of this suspect and her 13 fellow conspirators, 
which actually resulted in the dismantling of that cocaine 
trafficking organization.
    As described previously, the mail covers used by law 
enforcement investigators can really provide significant 
information and further investigations, and also provide 
evidence of criminal acts.
    In closing, thank you very much for the opportunity to 
present this information to the committee. The mail cover 
program clearly remains an important tool that continues to 
benefit criminal investigations by law enforcement agencies. 
Thank you very much.
    [Prepared Statement of Mr. Hamby follows:]
    
    [GRAPHIC] [TIFF OMITTED] 
    
    Mr. Farenthold. Thank you very much, captain. I have quite 
a few questions. I do not want to give the mail covers program 
short shrift, because I think there are a lot of issues we need 
to discuss with that, but I do want to start with the cyber 
attacks, since they are most recently in the news. And if I run 
out of time, we will do a second or even third round of 
questioning until all the members are satisfied that they have 
gotten their questions answered.
    So, Mr. Miskanic, let me ask a couple questions to reassure 
the American people. Are we relatively confident that no 
customer data was compromised during this attack?
    Mr. Miskanic. Chairman Farenthold, as Stated in my written 
and oral testimony, there was customer call center data that 
was compromised. It did not contain sensitive information.
    Mr. Farenthold. Could you explain what customer call center 
data is, for those who don't know?
    Mr. Miskanic. Yes, sir. The data itself was when an 
individual contacts the Postal Service for followup on a mail 
item or makes an inquiry.
    Mr. Farenthold. So you are not going to have their Social 
Security number or something like that in that data base.
    Mr. Miskanic. No, sir, there was not Social Security 
numbers contained in that data base.
    Mr. Farenthold. All right. What about information or copies 
of mail cover data or the imaging data that Mr. Cottrell talked 
about used in the processing of mail, was any of that 
compromised?
    Mr. Miskanic. No, sir, Chairman Farenthold, there was no 
indication of compromise of any of the mail cover data, nor of 
any of the mail imaging data.
    Mr. Farenthold. All right. I just wanted to reassure the 
American folks. Our postal workers obviously appreciate what 
you all are doing with respect to their credit monitoring.
    I am concerned about how long it actually took the Postal 
Service to act. It was quite some time when CERT notified you 
all of some data leaking out before you did something. Now, I 
understand the need to figure out who did it and how it was 
tracked. Do you see some needs or things that need to be done 
to, where if the Postal Service is hacked again or another 
Government agency is hacked, how we can more rapidly shut off 
the flow of the ex-fill of data and get the tracking tools in 
the system quicker?
    Mr. Miskanic. Yes, Mr. Chairman. On September 11th, what we 
were told was there was suspicious activity on four of our 
pieces of computer equipment, and to give you some scope of 
that, we have over 225,000 servers or workstations. That 
indicated that there was simply just suspicious activity or 
potentially malicious code. Through a complex investigation, we 
learned that data had actually been compromised.
    Mr. Farenthold. Were these mission-critical servers or were 
they just random servers?
    Mr. Miskanic. These were not our mission-critical servers, 
they were not our primary and core systems; they were secondary 
systems. Some of them might have been in a field unit in one of 
our processing facilities or post offices; some were in our 
data centers, but they were not necessarily the primary core 
data centers themselves.
    Mr. Farenthold. On my computer network I have software that 
monitors data flow on my network in my house, and when I see 
something weird coming out of one of my computers, the first 
thing I do is go unplug that computer. So, again, would you 
explain why maybe that wasn't the initial solution and then do 
forensic investigations to determine where that data was going?
    Mr. Miskanic. Well, in this particular instance, the actor 
was very sophisticated, and once we had learned the respective 
access, it was necessary to understand the scope of the 
intrusion to properly mitigate it. We were very concerned 
during this period that if the actor themselves could further 
embed themselves into our network where they could potentially 
cause harm, it could impact our ability to deliver mail and 
serve the American public.
    Mr. Farenthold. So how much of this was done internally by 
the Postal Service versus relying on either Government agencies 
or contractors? I guess what I am getting at, should CERT or 
the FBI or NSA or some Government agency have a program where 
you call them and they send in a SWAT team? How was this 
handled and how do you think it could be handled better?
    Mr. Miskanic. Chairman Farenthold, that is a very good 
question and, actually, US-CERT does have a SWAT team and the 
FBI does have a team that came in and assisted the Postal 
Service with this incident. They provided expert technical 
guidance. In addition to that, we also relied upon external 
technical experts from various companies who have been engaged 
with similar incident response issues.
    Mr. Farenthold. Do you think that that interagency system 
worked well or does it need some polishing? I would certainly 
say by your time line it needs speeding up.
    Mr. Miskanic. The interagency team was faced with a very 
complex challenge. It was a very complex investigation in 
understanding the scope and the breadth across the USPS network 
and the complexities of that network. We are in the process of 
still investigating the matter; however, we do intend to 
produce an after-action report on the actions and activities 
that occurred during throughout the investigation remediation, 
and we would be happy to share that.
    Mr. Farenthold. I would like to see that. And if there is a 
classified or security-sensitive version, that would probably 
be something that this subcommittee probably needs to see in 
private as well. So please keep us on your list for that.
    Sorry, I went a minute over, so we will give Mr. Lynch 6 
minutes here.
    Mr. Lynch. All right. Thank you, Mr. Chairman. I appreciate 
that.
    I am going to revisit that in a minute, Mr. Miskanic. Let 
me ask, though, I only have one question on the covers, the 
postal covers. Do we have technology that would allow us to 
read the mail without opening it, read the contents of the 
mail? I went online to do sort of an anecdotal search about 
some companies out there that do say we have technology that 
can read your email without opening it, without indicating to 
the party who receives the email that their email has been 
opened and read; and there are a number of firms that actually 
have very high technology package inspection that can read 
through envelopes and see the contents. So I am just wondering 
if we have the technology available right now to read the mail, 
the contents of the mail, without opening it.
    Mr. Cottrell. We do not, sir.
    Mr. Lynch. You don't. OK. All right. Who is we?
    Mr. Cottrell. The Postal Service does not have the 
technology to do that.
    Mr. Lynch. Is it out there?
    Mr. Cottrell. Not that I am aware of.
    Mr. Lynch. OK. It would seem to be pretty simple, just 
probably high resolution x-ray or something like that. OK, so 
that is one thing I am concerned about.
    As the courts have said repeatedly, there is no expectation 
of privacy in the outside of what is on your envelope, and that 
probably makes sense. But my concern is that there may be 
technology out there that actually would allow folks to scan 
the outside and also glean whatever the contents of the letter 
might be as well.
    Let's go back to Mr. Miskanic. I really am concerned about 
the way the Postal Service handled the breach. When were we 
first aware of this breach of employee data or a breach of the 
data base at the United States Postal Service?
    Mr. Miskanic. Congressman Lynch, we were notified of the 
actual data being, we had confirmed the actual data being taken 
on November 4th.
    Mr. Lynch. No, no, no, no, no, no, no, no, no.
    Mr. Miskanic. We had suspected----
    Mr. Lynch. Let's go back. I am talking about when did you 
first get any indication that you had a breach. I am not 
talking about official notification.
    Mr. Miskanic. So on October 16th we learned that data had 
actually been compromised. However, we had fragments of that 
data and could not----
    Mr. Lynch. OK, so retroactively, looking back, when did you 
first have a breach?
    Mr. Miskanic. We were notified on September 11th that there 
was suspicious activity on the system by US-CERT.
    Mr. Lynch. Is that the earliest date that you have right 
now, have knowledge of, that you had a breach?
    Mr. Miskanic. That I have knowledge of, yes.
    Mr. Lynch. OK. When did you notify the employees that their 
Social Security numbers had been compromised?
    Mr. Miskanic. We notified the employees on November 10th, 
and that was due to the need to----
    Mr. Lynch. That is about the day I learned about it, on 
November 10th, in the Wall Street Journal and New York Times. 
So why the delay? Why the delay?
    Mr. Miskanic. Over the entire period it was necessary to 
understand the scope and the impact. Once we learned, on 
October 16th, that there might have been some data taken, we 
needed to confirm what that was and reconstruct it 
forensically. Over that period, it was also very imperative 
that we initiated remediation and mitigation activity.
    Mr. Lynch. Based on the files, the contents of the files 
that have been accessed, you should have had some notification 
right then that there was risk to the employees' data.
    Mr. Miskanic. Sir, during that period, we did not have the 
full scope of what files were accessed. Second, it was very 
important for the overall security posture of the Postal 
Service to conduct the detailed mitigation and remediation that 
occurred on November 8th and 9th----
    Mr. Lynch. Look, I am just telling you that the way this 
should work is as soon as you know that a file has been 
compromised and that it contains personally identifiable 
information, Social Security numbers, that employee should be 
notified. If we go with your plan, if we go with your plan, an 
agency, a U.S. Government agency could have the Social Security 
numbers for all its employees compromised, and you will decide, 
you will decide based on your own interests when the employees 
will be notified that their Social Security numbers have been 
stolen.
    That doesn't work. That doesn't work for the American 
taxpayer; it doesn't work for the American people. It doesn't. 
So the secret school squirrel stuff, you know, we have to 
figure out how sophisticated these people were and what 
information they have, that doesn't fly. This is very, very 
important information. These people are at risk and they 
received zero.
    The unions, the employee unions who represent these people 
got zero notice, like I did, and I am just telling you if we 
have to do something legislatively to make sure you cough up 
that information when people's Social Security numbers--you 
know, I keep hearing about how the private sector has had this 
problem as well. Target didn't disclose Social Security 
numbers; Neiman Marcus didn't; JP Morgan didn't. This was all 
credit card information; this was not their Social Security 
numbers, which would allow identity theft and an assortment of 
other problems for these employees.
    So I have to tell you I am very, very disappointed in the 
way you handled this. I am. I think the American people deserve 
better. And if this is the standard that we are using now, we 
are opening up a huge area of exposure to the American people. 
If people like yourself and your agency is going to decide when 
it is good for you to let people know that their Social 
Security numbers have been stolen, when you are good and ready, 
that is not good enough. So we have to figure something out. 
Maybe it is legislatively we need to mandate this. But you have 
to be more forthcoming with the people that you are supposed to 
be protecting than you have been in this case.
    I yield back.
    Mr. Farenthold. Thank you very much, Mr. Lynch.
    We will now go to the vice chair of this subcommittee, the 
gentleman from Michigan, Mr. Walberg.
    Mr. Walberg. Thank you, Mr. Chairman, and thank you to the 
witnesses for being here today.
    Inspector Cottrell, according to the USPS inspector 
general, last year only 10 of more than 6700 external law 
enforcement mail cover requests were rejected. That was given 
in testimony today. Do you know anything about why those 10 
were rejected?
    Mr. Cottrell. I don't know the specifics, sir, but there 
are specific requirements to get a mail cover: it has to be a 
law enforcement agency; you have to be investigating the 
commission of a crime, locating a fugitive or trying to track 
down victims or assets or proceeds. So those are the 
requirements, so obviously those 10 did not meet those specific 
requirements.
    Mr. Walberg. So it would be assumed, then, that it is 
normal for 99-plus percent of external mail cover requests be 
approved in any given year?
    Mr. Cottrell. Well, 10 were outright denied. We have to 
send several back for people to include additional information, 
but we don't track that sort of data. So 10 were actually 
denied.
    Mr. Walberg. So we don't know the percentage, normal 
percentage of a normal year of mail cover requests that are 
approved in any normal year?
    Mr. Cottrell. It fluctuates year to year. Just this past 
year we declined 94 of them.
    Mr. Walberg. In your testimony you mentioned the 
distinction between sealed and unsealed classes of mail. Can 
you elaborate a little more on that?
    Mr. Cottrell. Well, sealed mail is first class mail sealed 
against an inspection; you need a Federal search warrant to get 
inside of that. Other classes of mail are standard, do not have 
the same level of protection.
    Mr. Walberg. So how does that all impact mail cover?
    Mr. Cottrell. Mail covers are still information from the 
outside of a mail piece. Standard mail would be advertising 
mail, circulars, things like that.
    Mr. Walberg. It has been noted that the inspector general 
audit found that 13 percent of external mail cover requests 
lacked appropriate justification, yet were still approved. If 
we were to conduct a full audit of active mail covers today, 
would the number be any different?
    Mr. Cottrell. I think it would improve. The IG report was 
from several months ago, and they gave us some excellent 
recommendations on how to make improvements. What they found is 
the justification wasn't always included in the system as well. 
But we have made great strides there and we are continuing to 
work to improve that process.
    Mr. Walberg. What other recommendations were given?
    Mr. Cottrell. Well, they recommended that we do an annual 
review of this, which we are doing; they recommended that we 
improve our mail cover system that we have, where we enter the 
requesting information in; and they recommended that we train 
our employees; we fix our internal standard operating 
procedures. And all of those fixes are in progress.
    Mr. Walberg. The inspector general audit also found that 21 
percent of external mail cover requests were approved by 
individuals without authorization. Has that been changed?
    Mr. Cottrell. Yes, sir. We have made improvements there in 
improving the delegation process to ensure that we have proper 
delegations of authority on file for individuals to approve the 
mail covers.
    Mr. Walberg. So we have them on file, but could you explain 
a little bit more in depth on how we make sure that, though 
they are on file, they are actually the ones that are approved?
    Mr. Cottrell. Well, when you delegate authority, you need 
to have a record that you have delegated that authority, and we 
did not have proper delegations of authority on file for those 
individuals, so we have corrected that. We have the correct 
individuals in place now to approve the mail cover requests 
that come in.
    Mr. Walberg. Thank you.
    Ms. Whitcomb, from your testimony it appears that your 
audit report focused mainly on mail cover requests made by 
external law enforcement agencies and that a new report is in 
the works looking at internal requests. Is that true?
    Ms. Whitcomb. It is true.
    Mr. Walberg. Is there an estimated completion date for that 
report to end? Are there early conclusions you can share with 
us today?
    Ms. Whitcomb. Not at this point. We are just beginning that 
work. But I imagine that we will have some results probably in 
the next three or 4 months, and we will be happy to come and 
share those results when we have them together.
    Mr. Walberg. In your testimony you mention that the 
Inspection Service did not carry out its required annual 
reviews of the mail cover program. Was your agency able to 
determine any reason for this failure beyond what we have 
heard?
    Ms. Whitcomb. Not that I am aware of. They just weren't 
conducted. I believe one of three of the reviews were 
conducted. We expected to see annual reviews over 3 years and 
we saw one review being conducted.
    Mr. Walberg. Are you confident that that is changing now?
    Ms. Whitcomb. Our process is, when we make a 
recommendation, the agency provides us a response date, a date 
when the action in response or recommendation is to be 
completed. In this case the dates that we received in response 
to our report have been extended, so when those dates or when 
the Inspection Service has completed their work, they will come 
back to us and provide us with documentation to show that they 
have completed that work, and then we will evaluate that and 
either close that recommendation or can keep it open. So at 
this point these recommendations are still open, awaiting that 
documentation to come back to us. So we anticipate that these 
efforts that are being undertaken will be successful, but at 
this point it is impossible for us to know.
    Mr. Walberg. Thank you.
    Thank you, Mr. Chairman.
    Mr. Farenthold. Thank you, Mr. Walberg.
    We will now recognize the ranking member of the full 
committee, Mr. Cummings, for 5 minutes.
    Mr. Cummings. Thank you very much, Mr. Chairman. Mr. 
Chairman, I am extremely concerned about the increased 
frequency and sophistication of data breaches on both public 
and private entities. We have seen attacks in the past year at 
Target, Home Depot, Community Health Systems, and USIS, as well 
as the Postal Service and, most recently, the State Department.
    I am concerned about all Americans whose personally 
identifiable information was stolen and privacy compromised in 
a rash of data breaches this past year. That is why I requested 
four times this year that Chairman Issa join me in conducting 
oversight into the breaches at these various companies. 
Unfortunately, Chairman Issa ignored my repeated requests to 
examine data breaches in the private sector, and this committee 
has missed a significant opportunity as a result.
    Turning to the Postal Service, I must say that I am 
troubled by the chain of partisanship here. In a joint 
Statement, Chairman Farenthold and Chairman Issa said they 
called today's hearing in part because they wanted to know why 
the Postal Service ``waited 2 months before making the news of 
this attack public.'' For the record, the Postal Service 
voluntarily provided to this committee two fulsome and 
classified briefings, one on October 22d, another on November 
7th. Is that right, Mr. Miskanic?
    Mr. Miskanic. Yes, sir, that is correct, October 22d and 
November 7th, sir.
    Mr. Cummings. So we know why the Postal Service did not 
make this news public earlier, because they told us directly.
    Now, Mr. Miskanic has also provided a detailed testimony, 
including a time line of what the Postal Service knew and when, 
how and why it made certain decisions, what agencies and 
experts it has been working with to remediate the breach. That 
is what I call transparency. By contrast, not a single company 
that was breached this year came voluntarily to brief this 
committee.
    I am asking Chairman Issa, in his remaining time as 
chairman, that he finally agree to work with me on ways to 
improve data security in both public and private entities, and 
I am hoping that he will agree to my request on January the 
14th, September 9th, September 11th, and September 15th.
    I would like to thank the Postal Service for working with 
the committee as it rectifies this intrusion.
    Mr. Miskanic, as you know, I wrote to Postmaster General 
Donahoe last week to request more information on the data 
breach at the Postal Service. When can I expect a written 
response?
    Mr. Miskanic. Thank you, Congressman Cummings. We are 
preparing the written response and we will have it, I believe, 
within a 2-week period, sir. We are still conducting part of 
the investigation and would like to provide you a most thorough 
and detailed response as possible, sir.
    Mr. Cummings. And you are saying you will have it in 2 
weeks?
    Mr. Miskanic. Yes, sir.
    Mr. Cummings. In this year, though.
    Mr. Miskanic. Correct, sir. Yes.
    Mr. Cummings. All right.
    I am going to ask unanimous consent that letters that I 
have sent to Chairman Issa requesting investigations into the 
other entities, private and public, be entered into the record. 
I have a letter dated September 15th, 2014, September 9th, 
2014, September 11, 2014, and January 14, 2014, Mr. Chairman.
    Mr. Farenthold. Without objection, so ordered. And I join 
you in thinking especially the Government needs to do more with 
respect to data security and look forward to continuing to work 
with you both this year and in the future.
    Mr. Cummings. Thank you very much, Mr. Chairman. I yield 
back.
    Mr. Farenthold. Thank you very much.
    We will now to go to Mr. Davis, I guess, for his questions. 
Oh, Mr. Clay is back. Are you ready, sir?
    Mr. Clay. Yes, I am ready.
    Mr. Farenthold. You are up.
    Mr. Clay. I am sorry, Mr. Chairman.
    Mr. Farenthold. No, no. We just skipped to Mr. Davis.
    Mr. Clay. OK.
    Let me ask Mr. Miskanic. News reports indicated that over 
800,000 employees could be affected. We learned that personally 
identifiable information of Postal Service employees may have 
been compromised, including names, addresses, dates of birth, 
Social Security numbers, dates of employment, and other 
information.
    Can you tell us any more information about the extent of 
people affected by the breach?
    Mr. Miskanic. Yes, Congressman Clay. We are still 
conducting forensic analysis of the impacted servers and, as a 
result, as mentioned, we have approximately 800,000 records of 
current and former employees that had personally identifiable 
information, the 2.9 million customer care records which were 
calls to our customer center with either a customer followup. 
In addition, we are still processing the evidence and there is 
the possibility of additional compromise specifically as it 
relates to some workers' compensation files.
    Mr. Clay. Have you identified the perpetrators, or can you 
discuss that?
    Mr. Miskanic. The adversary we cannot release; it is a 
classified matter, sir.
    Mr. Clay. Based on your testimony, I understand the Postal 
Service has been following the advice and guidance of several 
Federal and private sector cybersecurity experts since the 
Postal Service's initial discovery of the breach. Is that 
correct?
    Mr. Miskanic. Yes, Congressman Clay. We have been following 
the guidance of US-CERT, getting assistance from Carnegie 
Mellon CERT/CC, and several private security technical experts 
for this matter.
    Mr. Clay. OK. And I know there has been a great deal of 
controversy over whether the Postal Service notified its 
employees and customers about the breach in a timely manner, 
but it seems to me that the Postal Service relied heavily on 
the intelligence and expertise it was receiving from its 
advisors in making these determinations.
    For example, in your testimony you Stated that experts from 
supporting agencies provided prudent warnings that short-term 
remediation efforts would be seriously compromised if the 
threat actor became aware that the intrusion had been 
discovered. If provided advance warnings of network actions 
intended to expel and block the intruder from the Postal 
Service network, the advisory could take bolder steps to 
further infiltrate or sabotage systems.
    Mr. Miskanic, is this why the Postal Service chose not to 
inform its employees and customers about the breach when it was 
originally discovered in mid-September?
    Mr. Miskanic. Yes, Congressman Clay. The concern that was 
raised by the technical experts both from the Federal 
Government and the private sector regarding the adversary 
potentially conducting malicious acts were very significant and 
could have harmful impacts for our ability to deliver the mail 
to each and every American citizen, and we wanted to ensure, 
first of all, protect any further breach of data, but ensure 
that those systems were adequately protected and then implement 
the mitigation activities, which are quite complex. We are in 
the first phase of several phases for those mitigation 
activities, and they will go on for several months.
    Mr. Clay. And I understand that the Postal Service agreed 
to offer free credit monitoring for its employees for 1 year, 
is that correct?
    Mr. Miskanic. That is correct, sir, free credit monitoring 
and identity theft protection, sir.
    Mr. Clay. And based on your experience in handling these 
issues, are you confident that the Postal Service will be able 
to effectively address the current data breach and prevent 
further breaches from occurring in the future?
    Mr. Miskanic. Yes, sir, I am confident, and you have our 
commitment that we will address all of the issues and be very 
vigilant in the future, sir.
    Mr. Clay. And you cannot tell us if you have identified the 
culprit.
    Mr. Miskanic. No, sir. I believe that is a matter that is 
best discussed with the intelligence community, sir.
    Mr. Clay. I see. Thank you for your responses.
    I yield back, Mr. Chairman.
    Mr. Farenthold. Thank you very much.
    Mr. Davis?
    Mr. Davis. Thank you very much, Mr. Chairman. I want to 
thank you and the ranking member for giving me the opportunity 
to participate in this hearing, though I am not a member of 
this subcommittee.
    Like several of my colleagues, I am concerned about the 
length of time that it took to notify employees, as well as 
customers, of the breach. Mr. Miskanic, can you share something 
by November 10th that you had learned that you didn't know, 
say, September the 11th that gave you the level of 
comfortability to now notify these individuals of the breach 
that had not been notified earlier?
    Mr. Miskanic. Sir, on September 11th we had no indication 
that there was data that was compromised or accessed in an 
unauthorized manner; we simply had information that there were 
four servers out of several hundred thousand workstations that 
had potentially malicious code on them. In order to adequately 
investigate, over the period of the next 2 months, we had to 
come to learn the sophistication of the actor and then came to 
find that they had indeed compromised data; however, we had 
fragments of that data and needed to recreate that to make the 
adequate notice to our employees.
    On November 4th is when we actually confirmed through our 
investigation that that information had indeed left the Postal 
Service network, and not before that time, sir.
    Mr. Davis. So the investigation then gave you the 
information that you needed to have in order to have a level of 
assurance that what you were announcing or reporting was in 
fact accurate and adequate. Let me ask you have there been any 
interactions or conversations with representatives of the 
employees, such as the unions, to discuss the issue and see how 
jointly the Service and the employees may be able to work 
together finding a solution?
    Mr. Miskanic. Individually, I have not engaged with those 
discussions; however, I know the postmaster general and staff 
have engaged the unions, and they will continue to engage them 
throughout this entire process.
    Mr. Davis. Thank you very much.
    Let me ask you, Captain Hamby. I understand that you have 
been involved in this kind of activity for a pretty extensive 
period of time. How valuable do you view the mail covers 
program?
    Mr. Hamby. Congressman Davis, I think it is a very valuable 
tool. It is not used that often, quite frankly, in 
investigations, it is only when it is warranted; and usually it 
takes time, it is usually in a long-term investigation that is 
going to be used in any event.
    But in my experience, it provides a very unique piece of 
information in criminal investigations. There are so many types 
of information out there. The mail cover can provide very, very 
unique pieces of information, so in that instance it is very 
valuable. It really can't be duplicated as far as mail coming 
and going from a specific address.
    Mr. Davis. Thank you very much.
    Mr. Miskanic, let me just reinforce that the employees that 
I have been speaking with or have had conversation with, I 
guess they, like others, are very skeptical when they think 
that there has been some breach of their information. So I 
think they would be reassured to know that the Postal Service 
is in fact interacting with their leadership to try and find a 
resolve, so I thank you very much.
    And I thank all of you for your participation and the 
questions that you have answered.
    Mr. Chairman, I yield back.
    Mr. Farenthold. Thank you very much.
    I think we have gotten to everybody, so we will startup 
with a second round of questioning and I will kick it off.
    Mr. Miskanic, you will be happy to know you have almost all 
my questions answered. I want to go on to the mail covers 
program a little bit more.
    Mr. Cottrell, the IG's report has a picture of a guy 
writing down information off of a package, and your testimony 
said often this is done manually. How much of this is done 
electronically? Is it just photocopied, is it scanned? Can you 
break down the percentages of how that data is captured?
    Mr. Cottrell. Yes, Mr. Chairman. It is all done manually. 
The only electronic piece would be to actually photocopy the 
pieces of mail. That is the only electronic part of this 
process. It is all manual.
    Mr. Farenthold. And you also mentioned that you have some 
internal programs where you actually image the covers of the 
mail for processing.
    Mr. Cottrell. Yes, sir.
    Mr. Farenthold. So that is basically where you scan the 
front, bar code the address. How long is that stored, and are 
those computers on a network that do that?
    Mr. Cottrell. Those mail processing machines are at all of 
our facilities around the Country. The images are only on that 
one mail processing machine and the data is overwritten 
depending on the volume of the mail processing machine.
    Mr. Farenthold. So are we talking days, weeks?
    Mr. Cottrell. Days. Three to 7 days.
    Mr. Farenthold. All right. Can you assure me that there is 
not some NSA-like system that is tracking all mail covers, 
storing that data for later search and retrieval?
    Mr. Cottrell. Yes, I can. There is no such system in the 
Postal Service doing anything like that.
    Mr. Farenthold. And can you tell me is there a similar 
process for mail covers for shipments made through your 
competitors, UPS, FedEx, and the like? Are you aware of any 
similar programs?
    Mr. Cottrell. I am not aware of any.
    Mr. Farenthold. Mr. Edgar, you are the privacy expert. How 
is the Postal Service different from FedEx and UPS?
    Mr. Edgar. I don't believe there is any real difference 
here, but the point I was trying to make, I think, in my 
written Statement about this concern is just that the data is 
potentially vulnerable. We have heard about data breaches of 
other systems at the Post Office, so it is important to really 
look very closely at how this data is stored and how it----
    Mr. Farenthold. As a Government efficiency expert, it 
troubles me that there has to be a hard copy request that is 
then entered into a data base that is then sent to the local 
post office and is then done manually, and then I guess you 
mail the mail covers to the law enforcement agent. So, as a 
government efficiency expert, that troubles me. As a privacy 
advocate, I kind of like it.
    Mr. Edgar. I think that is a good point. I think that in 
some ways my personal fears about this were probably in part 
because I didn't realize how inefficient the mail covers 
program was. And maybe that is a good thing because it allows 
us to, as we improve the mail covers program and if there is 
any effort to integrate it with any of these systems, to do it 
in a very careful fashion.
    Mr. Farenthold. Right.
    Let me go on. Mr. Cottrell, what about the contents? Are 
there drug dogs that check? There has to be some additional 
stuff for the contents so you guys aren't at least doing 
something to combat the belief that you are the biggest 
deliverer or contraband in the world.
    Mr. Cottrell. Absolutely not. The U.S. mail should not be 
the provider of choice for narcotics. That is why you see this 
spike in mail covers is indicative of our efforts to combat 
this very offense. But to raise the level, to get into a 
package, obviously you need to get to probable cause. Sometimes 
that is one method, but a hit with a drug dog is obviously one 
of the ways we can get that problem.
    Mr. Farenthold. Ms. Whitcomb, you talked about the 
designees. Do you know how many designees there are that 
authorize mail covers and what kind of training that they 
receive?
    Ms. Whitcomb. I don't know the answer to that question.
    Mr. Farenthold. Mr. Cottrell, do you know?
    Mr. Cottrell. I am sorry, Mr. Chairman, could you repeat 
that?
    Mr. Farenthold. How many designees are there to authorize 
mail coverings and what kind of training do they receive.
    Mr. Cottrell. I would like to give you a full and thorough 
answer. I believe there are two, but if I could provide an 
answer for the record.
    Mr. Farenthold. And then we talked about how few of the 
requests were denied. Were they denied on substantive grounds 
or were they denied because all the Is weren't dotted and Ts 
crossed? Mr. Cottrell or Ms. Whitcomb, either one.
    Mr. Cottrell. It would be because they did not meet those 
requirements of it is from a law enforcement agency, it is 
looking to obtain evidence in the commission of a crime, locate 
a fugitive.
    Mr. Farenthold. So you all really don't have that many 
substantive checks, it is predominantly that you have met all 
the requirements; it is not like a judge reviewing a search 
warrant or something like that.
    Mr. Cottrell. It is not, but it has to be a sworn law 
enforcement agency.
    Mr. Farenthold. OK. Finally, I want to ask one question 
about you said the policy was 60 days to you send the mail 
covers to a law enforcement agency, they have 60 days to return 
them. I guess Ms. Whitcomb said that. How does that work? It 
seems to me that if my mail covers were used in a prosecution, 
I would want to have access to those mail covers and there 
needed to be preserved through the process of--I would want my 
defense attorney to have access to those if I were prosecuted 
as a result of those. Anybody want to comment on how that is 
mailed available to the defendants in a criminal proceeding? 
Either of you guys know?
    Mr. Cottrell. They could request an extension to retain 
that for a trial purpose.
    Mr. Farenthold. OK. That just kind of struck me as being an 
issue. Thank you very much.
    Mr. Lynch, you had some second questions?
    Mr. Lynch. Please, yes. Thank you, Mr. Chairman.
    Mr. Miskanic, I want to go back to the 800,000 postal 
employees who had their Social Security numbers stolen. In that 
file that had their names, addresses, and Social Security 
numbers that were stolen, that information would be very 
helpful to someone engaged in identity theft, would it not?
    Mr. Miskanic. Yes, sir, that information could be used for 
identity theft.
    Mr. Lynch. So I am just wondering do we have, part of the 
thing I am struggling with is that it took so long for us to 
figure out, for the Postal Service to figure out what the 
adversary stole. And you would think that the Social Security 
numbers, names, and addresses of our 800,000 employees would be 
sensitive information that might be segregated so that it might 
gain greater protection. You follow me?
    Mr. Miskanic. Yes, sir.
    Mr. Lynch. So I know we encrypt it, but we encrypt it. We 
should be able to know what has been stolen. Just a basic 
concept there. How come it took so long for us to figure out 
that they had stolen the Social Security numbers, addressed, 
and names of 800,000 postal employees? I can't understand that 
piece. Can you explain it?
    Mr. Miskanic. Yes, sir. The adversary had encrypted the 
file that had been taken themselves and produced a new name of 
that file, and we had to decrypt that file to understand that 
that had actually been stolen and left the USPS network.
    Mr. Lynch. But if we had segregated that file and knew it 
had been accessed, as was reported on September 11th, then we 
could have alerted people that we are concerned. The thing for 
me is if someone has my Social Security number, the best 
defense is for me to know that so that, as a consumer, I can 
watch out for my savings account, credit card activity, things 
like that. But if I don't have that information, I am 
defenseless.
    So that is what I am getting at. If we knew that that file 
had been accessed, like we knew on September 11th, it just 
raised a red flight to the people who might be vulnerable 
because of that intrusion. That is what I am trying to get at.
    Mr. Miskanic. Sir, we did not know that that file was 
accessed on September 11th. On October 16th we had partial 
information that there was fragments of a file that were 
recovered that had been deleted by the adversary. Through that 
period of time we needed to adequately reconstruct what 
happened to make notice to our employees, because we didn't 
know if it was one or 800,000 at the time.
    Mr. Lynch. But we knew that there were four servers that 
were accessed on September 11th, is that correct?
    Mr. Miskanic. Which none of them contained this 
information; it was a different vector of the attack, sir.
    Mr. Lynch. Well, we need to figure out a way that the most 
sensitive information that we have on these employees that 
would introduce severe vulnerability on behalf of our 
employees, we need to find a way to segregate that so if it is 
accessed or if there are indications it has been tampered with, 
that we cannotify them. Are we doing that now as part of this 
corrective action or can we expect this to happen again?
    Mr. Miskanic. Sir, we have actually segregated systems for 
our most critical data. Unfortunately, this was a sub-business 
process, a reporting process that caused this file to be 
subject to a vulnerability. We have corrected that issue. We 
will continue to correct any of those issues in moving forward 
to ensure that this doesn't occur again.
    Mr. Lynch. OK. I am concerned about this because so far 
what I see is there is no negative consequences to the United 
States Postal Service because these 800,000 employees' Social 
Security numbers were stolen. Zero. Nothing bad is going to 
happen. And we are lining up here that it is business as usual 
and, oh, this happened in the private sector. The private 
sector, customers will move away from a company that is not 
protective of their information.
    We have a captive audience in the employees of the American 
Postal Workers Union and some of the other workers there as 
well, so I am just concerned about a perverse incentive here 
that if there is no negative consequences to what just 
happened, it is going to happen again. I am just trying to 
avoid that eventuality and I am having trouble getting 
cooperation to make sure that doesn't happen. I think we are 
whistling through the graveyard here and we are not taking it 
seriously enough.
    Tell me I am wrong.
    Mr. Miskanic. Sir, you have our full cooperation and 
commitment that we will continue the efforts that we have 
undertaken to remediate the impacts of this breach and continue 
to improve our systems and our networks. This is a very 
sophisticated adversary and it is necessary for the Postal 
Service then to learn the traits of the sophisticated 
adversaries. We look forward to working with our Federal 
Government partners to better learn those tactics. I can assure 
you that we will improve our systems in the future.
    Mr. Lynch. Thank you, Mr. Miskanic.
    I yield back.
    Mr. Farenthold. Thank you very much.
    Mr. Cummings, you have some more questions for us?
    Mr. Cummings. Yes, I do. Yes, I do.
    Let me ask you this. Tell me what is the likelihood of this 
happening again? I know you are still looking into it. I always 
talk about transformational moments that should lead to a 
movement. Sometimes when these kinds of things happen, it makes 
us realize how vulnerable we are, and we constantly say to 
ourselves that when the rubber meets the road, that we will be 
prepared; and then when it comes time for the rubber to meet 
the road, we discover there is no road. So I am just trying to 
figure out what the likelihood of this happening again is and 
exactly what are we doing to make sure it doesn't, if we can.
    Mr. Miskanic. As you Stated, Congressman Cummings, this is 
a transformational moment in the way that the Postal Service 
addresses IT security. It is necessary for us to be more 
actively engaged with these emerging threats that are well 
resourced and have a long time period to affect their 
activities. No IT security professional can State 
unequivocally, 100 percent, that they will never be breached 
again, but we must remain vigilant and we must improve our 
processes to ensure that it does not.
    Mr. Cummings. Do we have the necessary people with the 
appropriate skills and technology to address these problems or 
is more needed?
    Mr. Miskanic. Speaking from the Postal Service, that is 
what I have been tasked with, is understanding if we have the 
proper skills and technology.
    Mr. Cummings. You are saying you are trying to figure that 
out, is that what you are saying?
    Mr. Miskanic. We are embarking upon that because obviously, 
sir, we need to improve our skills and our tools and our 
tactics to ensure this doesn't happen again.
    Mr. Cummings. And what will it take to do that? In other 
words, are there people out there that we are not benefited or 
worked with to get their expertise? Do we have it in-house? Do 
we need to go out-house? I mean, what is needed? Because I have 
some of the same concerns as Mr. Lynch and others. It is one 
thing for things to go wrong, and we realize that you said, 
there is no 100 percent failsafe system. We got that.
    But I want to know that we are doing, and I think the 
American people want to know that we are doing the very best 
that we can. So if there is a lack of anything, we want to know 
exactly what it is and what we can do about it.
    Mr. Miskanic. To adequately fight these very significant 
and persistent threats, it is necessary that we form teams that 
are both across the Federal Government and the private sector. 
In the case of Postal Services is ensuring that we are actively 
engaged with obtaining the information on the threat actors 
from the intelligence community to process that and make it 
actionable and put it into tactics to better protect the USPS 
network.
    Mr. Cummings. One of the purposes of this hearing is to 
evaluate the Postal Service's progress in implementing the 
recommendations made by the Postal Service Office of Inspector 
General. Ms. Whitcomb, your office made four recommendations to 
the Bureau as it relates to mail covers program, is that 
correct?
    Ms. Whitcomb. Yes.
    Mr. Cummings. And Chief Inspector Cottrell, does the Postal 
Service agree with all four of those recommendations?
    Mr. Cottrell. Yes, Ranking Member Cummings.
    Mr. Cummings. But based on your testimony, I understand 
that you have completely implemented one of the 
recommendations, is that correct?
    Mr. Cottrell. That is correct.
    Mr. Cummings. I would like to discuss this recommendation 
in detail. First, based on your testimony, I understand that 
the Inspection Service has already implemented periodic review 
procedures that the IG recommended, is that correct?
    Mr. Cottrell. Yes, that is correct.
    Mr. Cummings. And, chief inspector, can you tell us a 
little bit more about the revisions you made to review the 
procedures that you discussed in your testimony?
    Mr. Cottrell. Yes. Just briefly, Congressman, every year we 
go out and we review our high risk programs, and we have added 
this mail cover review to our annual review of high risk 
programs, and we have already begun those reviews in response 
to the IG's recommendations.
    Mr. Cummings. And so the other recommendations, what about 
those?
    Mr. Cottrell. Those are still in progress. Some of them 
involve IT upgrades and issues, and the training and getting 
folks trained, and republishing our standard operating 
procedures and some of our internal training manuals. But we do 
expect to be complete in the timeframe the IG allotted.
    Mr. Cummings. Do you think you have the resources to 
accomplish all of that?
    Mr. Cottrell. Yes, I do.
    Mr. Cummings. All right.
    Thank you very much, Mr. Chairman.
    Mr. Farenthold. Thank you very much.
    Mr. Davis, do you have some more questions?
    Mr. Davis. Yes, Mr. Chairman. Thank you very much.
    I would just like to followup a little bit more on the 
recommendations that have been made and how effective we think 
we have been in completing those or in coming up with the 
processes used to complete those recommendations.
    Mr. Cottrell, could you embellish that a bit?
    Mr. Cottrell. Yes, Congressman. What the IG found is that 
opportunities exist to improve our controls, so there are 
several controls in place, so they recommended we establish 
improvements to ensure responsible personnel process mail 
covers as required; establish procedures to ensure that 
periodic reviews, as we spoke about; ensure mail covers are 
processed in a timely manner; and implement controls to ensure 
data integrity.
    Likewise, we are reviewing and updating our standard 
operating procedures, our instructions to our own employees, as 
well as to outside law enforcement agencies, and we are 
updating our internal training guides as well, to be sure. We 
are also developing a disbarment process for external agencies 
for noncompliance, so that we can bar them from ever getting 
mail covers again. So we have uncovered some additional things 
we would like to do, in addition to what the IG recommended as 
part of that review to make it a stronger, tighter process.
    Mr. Davis. Ms. Whitcomb, would you agree with this 
assessment?
    Ms. Whitcomb. The actions that they have undertaken sound 
very responsive to the recommendations that we have made, but I 
have to say that we haven't made an assessment of the actions 
that they have taken in response to our recommendations. As I 
mentioned, we are looking into internal mail covers now and, as 
a part of that, will likely check in on the actions that they 
have taken in response to our recommendations on the external 
mail covers.
    Mr. Davis. Well, thank you very much. It appears to me that 
we are indeed making progress.
    Mr. Chairman, I have no further questions and yield back 
the balance of my time.
    Mr. Farenthold. Thank you very much.
    I just have two quick questions. Mr. Lynch says he has 
another question, so we will do a quick third round of 
questions.
    Captain Hamby, Mr. Cottrell and Ms. Whitcomb basically 
indicated that if a law enforcement agency dots all the Is, 
crosses all the Ts, it seems like it is almost certain that 
they will get approval of the request for covers. Can you talk 
a little bit about how you found out about this program, how 
you were trained about it, how you train your personnel in how 
to use it, and a little bit about the decisionmaking process to 
make sure it isn't abused to infringe upon the privacy of an 
individual person, yet still available to track the bad guys?
    Mr. Hamby. Yes, sir, Chairman Farenthold. As far as 
learning about the program, as investigators, our investigators 
start out with basic training in the police department. We are 
talking about my agency here. To become an investigator, you 
pretty much have to prove your metal; you get selected as an 
investigator, then you go to basic investigator school. It will 
be mentioned in basic investigator school, but for narcotic 
investigators this is one of the tools that you would learn 
about in narcotic investigator school.
    As far as utilizing it as an investigator, as the new 
investigator, you are usually paired with one who has more 
experience, and this is one of the tools, like many of them, 
that this isn't a fishing expedition tool; this is an initial 
tool. This is one that is only used, in my experience--and I 
have been doing this as a narcotic investigator for 12 years--
we have only used this tool when there are reasonable grounds.
    Mr. Farenthold. Is there management approval for it or can 
any investigator just request? Suppose some investigator wants 
to make sure her spouse isn't sending love letters to somebody 
else.
    Mr. Hamby. Yes, sir, there is, and the process is, first of 
all, the completion of the request form for the U.S. Postal 
Service, but it also requires a cover letter from a supervisor; 
and that supervisor would have to complete the cover letter and 
notify his commander. So that is the process we would use in 
our agency to ensure that requests are authorized throughout 
our agency, and it would be in the Postal Service.
    Mr. Farenthold. Thank you very much.
    Mr. Miskanic, your answer to another question suggested 
another question for me. I am sorry, you are not off the hook 
from me yet. You indicated that there were four servers that 
were breached, but this sensitive data did not reside on one of 
those four servers. So I am assuming those four servers were 
used as a gateway to further penetrate the network. Can you 
tell us how many devices or servers were penetrated?
    Mr. Miskanic. Yes, Chairman Farenthold. Approximately 100 
servers were penetrated. And to give you some scope, there is 
approximately larger servers like that. It is over 25,000, and 
then there are, like I mentioned, over 200,000 workstations. So 
100 workstations and/or servers were impacted.
    Mr. Farenthold. Was there any indication, and if I am 
getting into a classified area, please stop me and we can talk 
about this in an appropriate environment for that. Was there 
any indication that there was more sensitive information other 
than employee data that was targeted?
    Mr. Miskanic. There is no indication o that at this present 
time, sir.
    Mr. Farenthold. OK. Thank you very much.
    Mr. Lynch?
    Mr. Lynch. Thank you.
    Mr. Miskanic, the Social Security numbers for the 800,000 
employees, I understand in one of these reports say those were 
copied by the adversary. Is that correct?
    Mr. Miskanic. Yes.
    Mr. Lynch. So we don't have to worry about them coming back 
and trying to hack that portion of it, because they have that 
information.
    Mr. Miskanic. They copied a file, sir, yes.
    Mr. Lynch. Yes. So how are we helping out these employees 
because their information is out there now?
    Mr. Miskanic. We are providing, through a commercial 
service, creditor monitoring to them and also identity theft 
protection. In addition to that, through our human resources 
service center, we have contact numbers for them to contact us 
if they need additional details or if they suffer any negative 
consequences.
    Mr. Lynch. OK. I am pretty sure, I have a bunch of family 
that work for the Post Office and I am sure they have employee 
numbers. Is there any thought to creating a firewall by 
discontinuing the use of Social Security numbers, which the 
vulnerability is far greater than would be if we were using an 
employee number to identify these folks?
    Mr. Miskanic. As part of our undertaking, we look at all of 
our data retention policies, data storage policies, which 
includes the storage of personally identifiable information. 
That is an excellent suggestion, sir, that we have undertaken 
previously, but obviously we need to also consider the further 
use of that. There are in some instances the need, from a 
payroll reporting perspective, to have a Social Security 
number, but it is, first and foremost, something that we are 
doing to see if we can shield those in some other way possible 
to make them less vulnerable or not vulnerable at all for 
theft.
    Mr. Lynch. OK. And the wider group, including the folks 
that complained, they called the customer call office, their 
information was compromised as well. How many of those were 
there?
    Mr. Miskanic. There was 2.9 million records that were 
taken.
    Mr. Lynch. That is on top of the 800,000 employees?
    Mr. Miskanic. That is correct, sir. That did not contain 
any sensitive information; it was essentially their name and 
address, and if they left a telephone number.
    Mr. Lynch. Are we looking at how long we hang on to that 
information?
    Mr. Miskanic. That is something we are doing as well. The 
data retention policy for the entire Postal Service will be 
under review, and specifically how long we hold that customer 
data is very first and foremost that we need to understand 
whether we have a business need for that or not, sir.
    Mr. Lynch. OK. Thank you, Mr. Miskanic.
    I yield back.
    Mr. Farenthold. Thank you very much.
    Mr. Cummings, you have any more?
    Well, thank you all very much. I really do appreciate the 
panel taking their time to answer our questions. We have a 
couple of followups we look forward to hearing from you on. We 
appreciate your service to the Country and/or your communities.
    With that, we are adjourned.
    
    [Whereupon, at 12:15 p.m., the subcommittee was adjourned.]

                              APPENDIX

                              ----------                              


               Material Submitted for the Hearing Record
               
[GRAPHIC] [TIFF OMITTED] 

                                 [all]