[House Hearing, 113 Congress]
[From the U.S. Government Publishing Office]






 SAFEGUARDING PRIVACY AND CIVIL LIBERTIES WHILE KEEPING OUR SKIES SAFE

=======================================================================

                                HEARING

                               before the

                            SUBCOMMITTEE ON
                        TRANSPORTATION SECURITY

                                 of the

                     COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED THIRTEENTH CONGRESS

                             SECOND SESSION

                               __________

                           SEPTEMBER 18, 2014

                               __________

                           Serial No. 113-86

                               __________

       Printed for the use of the Committee on Homeland Security
                                     
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


                                     

      Available via the World Wide Web: http://www.gpo.gov/fdsys/
                               __________

                        U.S. GOVERNMENT PUBLISHING OFFICE 

93-366 PDF                     WASHINGTON : 2015 
-----------------------------------------------------------------------
  For sale by the Superintendent of Documents, U.S. Government Publishing 
  Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; 
         DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, 
                          Washington, DC 20402-0001


















                     COMMITTEE ON HOMELAND SECURITY

                   Michael T. McCaul, Texas, Chairman
Lamar Smith, Texas                   Bennie G. Thompson, Mississippi
Peter T. King, New York              Loretta Sanchez, California
Mike Rogers, Alabama                 Sheila Jackson Lee, Texas
Paul C. Broun, Georgia               Yvette D. Clarke, New York
Candice S. Miller, Michigan, Vice    Brian Higgins, New York
    Chair                            Cedric L. Richmond, Louisiana
Patrick Meehan, Pennsylvania         William R. Keating, Massachusetts
Jeff Duncan, South Carolina          Ron Barber, Arizona
Tom Marino, Pennsylvania             Donald M. Payne, Jr., New Jersey
Jason Chaffetz, Utah                 Beto O'Rourke, Texas
Steven M. Palazzo, Mississippi       Filemon Vela, Texas
Lou Barletta, Pennsylvania           Eric Swalwell, California
Richard Hudson, North Carolina       Vacancy
Steve Daines, Montana                Vacancy
Susan W. Brooks, Indiana
Scott Perry, Pennsylvania
Mark Sanford, South Carolina
Curtis Clawson, Florida
                   Brendan P. Shields, Staff Director
                   Joan O'Hara,  Acting Chief Counsel
                    Michael S. Twinchek, Chief Clerk
                I. Lanier Avant, Minority Staff Director
                                 ------                                

                SUBCOMMITTEE ON TRANSPORTATION SECURITY

                Richard Hudson, North Carolina, Chairman
Mike Rogers, Alabama, Vice Chair     Cedric L. Richmond, Louisiana
Candice S. Miller, Michigan          Sheila Jackson Lee, Texas
Susan W. Brooks, Indiana             Eric Swalwell, California
Mark Sanford, South Carolina         Bennie G. Thompson, Mississippi 
Michael T. McCaul, Texas (ex             (ex officio)
    officio)
               Amanda Parikh, Subcommittee Staff Director
                    Dennis Terry, Subcommittee Clerk
         Brian Turbyfill, Minority Subcommittee Staff Director



















                            C O N T E N T S

                              ----------                              
                                                                   Page

                               Statements

The Honorable Richard Hudson, a Representative in Congress From 
  the State of North Carolina, and Chairman, Subcommittee on 
  Transportation Security:
  Oral Statement.................................................     1
  Prepared Statement.............................................     2
The Honorable Cedric L. Richmond, a Representative in Congress 
  From the State of Louisiana, and Ranking Member, Subcommittee 
  on Transportation Security:
  Oral Statement.................................................     4
  Prepared Statement.............................................     5
The Honorable Bennie G. Thompson, a Representative in Congress 
  From the State of Mississippi, and Ranking Member, Committee on 
  Homeland Security:
  Prepared Statement.............................................     3

                               Witnesses

Mr. Stephen Sadler, Assistant Administrator, Office of 
  Intelligence and Analysis, Transportation Security 
  Administration, U.S. Department of Homeland Security:
  Oral Statement.................................................     6
  Prepared Statement.............................................     7
Mr. Christopher M. Piehota, Director, Terrorist Screening Center, 
  Federal Bureau of Investigation, U.S. Department of Justice:
  Oral Statement.................................................    10
  Prepared Statement.............................................    11
Ms. Jennifer A. Grover, Acting Director, Homeland Security and 
  Justice, U.S. Government Accountability Office:
  Oral Statement.................................................    14
  Prepared Statement.............................................    15

                                Appendix

Question From Honorable Michael D. Rogers for Stephen Sadler.....    35

 
 SAFEGUARDING PRIVACY AND CIVIL LIBERTIES WHILE KEEPING OUR SKIES SAFE

                              ----------                              


                      Thursday, September 18, 2014

             U.S. House of Representatives,
           Subcommittee on Transportation Security,
                            Committee on Homeland Security,
                                                    Washington, DC.
    The subcommittee met, pursuant to call, at 2:18 p.m., in 
Room 311, Cannon House Office Building, Hon. Richard Hudson 
[Chairman of the subcommittee] presiding.
    Present: Representatives Hudson, Rogers, Brooks, Sanford, 
Richmond, Jackson Lee, and Swalwell.
    Mr. Hudson. The Committee on Homeland Security Subcommittee 
on Transportation Security will come to order. The subcommittee 
is meeting today to examine the process and procedures 
surrounding the U.S. Government's No-Fly and Selectee lists. I 
recognize myself for an opening statement.
    I would like to thank our witnesses for appearing here 
before the subcommittee. This hearing is an opportunity to 
discuss how the Federal Government is working to balance civil 
liberties protections for U.S. citizens with the security of 
our aviation system.
    Last week our Nation observed the 13th anniversary of 9/11. 
Together we remembered both the cowardly acts that took the 
lives of over 3,000 innocent American people and the bravery of 
our first responders on that tragic day. September 11 is the 
very reason our committee was created, and we must do 
everything we can to protect the homeland and prevent other 
attacks.
    The fact remains that our enemies still view the U.S. 
aviation sector as a highly-attractive target, as evidenced by 
several thwarted plots and attempted attacks. In addition to 
the threats posted by al-Qaeda and its affiliates, the 
thousands of foreign fighters, including U.S. citizens 
affiliated with terrorist groups like ISIS, are a growing and 
serious threat to the security of U.S. aviation and the 
homeland. It is crucial that we accurately identify individuals 
who pose this threat and prevent them from boarding flights in 
the United States.
    TSA relies on a multi-layered approach to aviation 
security, with everything from Federal air marshals to canines 
to the latest explosive detection technology. One of the these 
layers is a behind-the-scenes program known as Secure Flight. 
This program, which is the subject of today's hearing, takes 
passenger data it receives from airlines and matches it against 
the U.S. Government's consolidated terrorist watch lists, 
including the No-Fly and Selectee lists. This program is 
crucial, not only for domestic flights, but also for protecting 
the international flights bound for the United States.
    Since 2009, TSA's Secure Flight program has evolved from 
one that looks solely at the No-Fly List and Selectee List 
maintained by the Terrorist Screening Center to one that 
assigns passengers a risk category and uses additional criteria 
to identify high-risk passengers who might not be on the watch 
list. While these lists serve as an important counterterrorism 
tool, we must ensure that travelers who are incorrectly matched 
to a list are able to resolve those issues in a timely, 
effective manner.
    In two comprehensive reports issued today GAO found that 
TSA could improve Secure Flight by measuring and tracking 
errors that occur within the system and at the security 
screening checkpoint. The Government Accounting Office also 
found that TSA generally does a good job of protecting 
passenger data but could strengthen privacy awareness training 
among Secure Flight employees.
    I thank the GAO for its thorough approach to examining this 
program, and I look forward to hearing from TSA how the agency 
plans to implement these Government Accounting Office 
recommendations.
    In addition, we are pleased to have the director of the 
Terrorist Screening Center here today to discuss its role in 
managing this consolidated terrorist watch list, including the 
No-Fly List.
    Yesterday the director of the National Counterterrorism 
Center, testifying before the full committee, highlighted the 
value of the consolidated watch list and the TSC in making sure 
that front-line agencies like TSA are able to identify known or 
suspected terrorists and stop them from entering the country, 
boarding an airplane, or obtaining a visa. I look forward to 
discussing those efforts in greater detail here today.
    The bottom line is that our aviation security is only as 
strong as its weakest link. We must identify individuals who 
pose a threat, such as extremists with Western passports who 
have joined the fight in Iraq and Syria, and take the necessary 
steps to protect the homeland.
    [The statement of Chairman Hudson follows:]
                  Statement of Chairman Richard Hudson
                           September 18, 2014
    I would like to thank our witnesses for appearing before the 
subcommittee today. This hearing is an opportunity to discuss how the 
Federal Government is working to balance civil liberties protections 
for U.S. citizens with the security of our aviation system.
    Last week, our Nation observed the 13th anniversary of 9/11. 
Together, we remembered both the cowardly acts that took the lives of 
over 3,000 innocent people and the bravery of our first responders on 
that tragic day. September 11 is the very reason our committee was 
created, and we must do everything we can to protect the homeland and 
prevent other attacks.
    The fact remains that our enemies still view the U.S. aviation 
sector as a highly-attractive target, as evidenced by several thwarted 
plots and attempted attacks. In addition to the threats posed by al-
Qaeda and its affiliates, the thousands of foreign fighters, including 
U.S. citizens, affiliated with terrorist groups like ISIS are a growing 
and serious threat to the security of U.S. aviation and the homeland. 
It is critical that we accurately identify individuals who pose this 
threat and prevent them from boarding flights to the United States.
    TSA relies on a multi-layered approach to aviation security with 
everything from Federal Air Marshals, to canines, to the latest 
explosives detection technology. One of these layers is a behind-the-
scenes program known as Secure Flight. This program, which is the 
subject of today's hearing, takes passenger data it receives from 
airlines and matches it against the U.S. Government's consolidated 
Terrorist Watch List, including the No-Fly and Selectee Lists. This 
program is crucial not only for domestic flights, but also for 
protecting international flights bound for the United States.
    Since 2009, TSA's Secure Flight Program has evolved from one that 
looks solely at the No-Fly List and Selectee List maintained by the 
Terrorist Screening Center, to one that assigns passengers a risk 
category and uses additional criteria to identify high-risk passengers 
who might not be on the watch list. While these lists serve as an 
important counterterrorism tool, we must ensure that travelers who are 
incorrectly matched to a list are able to resolve those issues in a 
timely, effective manner.
    In two comprehensive reports issued today, GAO found that TSA could 
improve Secure Flight by measuring and tracking errors that occur 
within the system and at the security-screening checkpoint. GAO also 
found that TSA generally does a good job of protecting passenger data 
but could strengthen privacy awareness training among Secure Flight 
employees. I thank GAO for its thorough approach to examining this 
program and I look forward to hearing from TSA how the agency plans to 
implement GAO's recommendations.
    In addition, we are pleased to have the director of the Terrorist 
Screening Center (TSC) here today to discuss its role in managing the 
consolidated Terrorist Watch List, including the No-Fly List. Yesterday 
the director of the National Counterterrorism Center, testifying before 
the full committee, highlighted the value of the consolidated Watch 
List and the TSC in making sure that front-line agencies like TSA are 
able to identify known or suspected terrorists and stop them from 
entering the country, boarding an airplane or obtaining a visa. I look 
forward to discussing those efforts in greater detail here today.
    The bottom line is that our aviation security is only as strong as 
its weakest link. We must identify individuals who pose a threat, such 
as extremists with Western passports who have joined the fight in Iraq 
or Syria, and take the necessary steps to protect the homeland.

    Mr. Hudson. The Chairman would like to point out that other 
Members have the opportunity to submit opening statements for 
the record.
    [The statement of Ranking Member Thompson follows:]
             Statement of Ranking Member Bennie G. Thompson
                           September 18, 2014
    During times of heightened security concerns, like those we 
currently face in light of the potential threat ISIL poses, there is a 
tendency to cast aside privacy concerns in favor of security at any 
cost. To safeguard the American public against such an overreach, it is 
incumbent upon this committee to review the privacy protections that 
the Department of Homeland Security, and its components such as the 
Transportation Security Administration, has in place.
    Thanks to reports released today by the Government Accountability 
Office, we have a greater understanding of both the privacy protections 
and performance of TSA's Secure Flight program. This critical program 
helps ensure passengers designated as high-risk by the intelligence 
community are screened appropriately or, for those on the No-Fly list, 
not permitted to board a plane at all.
    I look forward to hearing from our witness from the Government 
Accountability Office, Ms. Grover, regarding the findings and 
recommendations contained in the reports released today. I am also 
eager to hear from Mr. Sadler of TSA regarding how the agency intends 
to implement GAO's recommendations.
    I will also be interested in hearing from TSA regarding the 
agency's plans to upgrade the technology used by Transportation 
Security Officers to better enable them to identify and ensure the 
proper screening of individuals designated as selectees.
    The Secure Flight program is only as good as the end-user. It does 
no good for taxpayers to spend over $100 million a year on a program 
dedicated to ensuring the proper screening of individuals if Travel 
Document Checkers do not recognize the passengers' designation.
    As it relates to current threats to aviation, I will be interested 
in hearing from the director of the Terrorist Screening Center about 
how information is obtained and used to designate individuals as 
selectees or to place them on the No-Fly list.
    With reports of Americans having joined ISIL and other groups 
fighting in Syria and Iraq, our Members want assurances that 
individuals engaging in terrorist activities are placed on the 
appropriate lists in as close to real-time as possible. While Secretary 
Johnson was clear with the committee yesterday that there is no 
credible information that ISIL is planning to attack the homeland at 
this time, we must remain vigilant.
    That means using all of the tools we have available to us to ensure 
that individuals who intend to commit acts of terrorism are properly 
identified. While doing so, we must also protect against violating the 
privacy and civil liberties of the American public.
    In part, that means having a Constitutional appeal process for 
individuals wrongly designated and placed on the No-Fly List.
    I look forward to hearing from both TSA and the TSC witnesses 
regarding how the appeal process is being revamped to address the 
recent decision from the 9th Circuit Court of Appeals that the previous 
appeals process is unconstitutional.

    Mr. Hudson. I will now introduce our distinguished panel.
    Mr. Stephen Sadler currently serves as the assistant 
administrator for the Office of Intelligence and Analysis at 
the Transportation Security Administration. In this capacity, 
Mr. Sadler aligns intelligence functions with vetting 
operations and manages the technical modernization and Secure 
Flight mission support resources critical to the TSA mission. 
Mr. Sadler joined TSA in 2003 and has worked on implementing 
some of TSA's largest vetting and credential programs.
    Mr. Chris Piehota--did I say that correctly--thank you--Mr. 
Piehota is the director of the Terrorist Screening Center 
within the Federal Bureau of Investigation. Before becoming 
director, Mr. Piehota served as the special agent in charge of 
the FBI's Buffalo field office, overseeing FBI operations in 
western New York from 2011 to 2013. In 2010 he joined the 
Terrorist Screening Center as its deputy director for 
operations, intelligence, and administration, and directly 
managed the FBI's role in the U.S. Government's 24-hour 
consolidated terrorist watchlisting, screening, and world-wide 
terrorist encounter operation enterprises.
    Finally, Ms. Jennifer Grover is the acting director of the 
GAO's Homeland Security and Justice team, leading a portfolio 
of work on transportation security issues. Prior to this 
position, Ms. Grover was an assistant director on GAO's health 
care team, where she led reviews on a diverse range of health 
care-related issues. Ms. Grover joined the GAO in 1991.
    So at this point I would like to recognize the Ranking 
Member, the gentleman from Louisiana, Mr. Richmond, for any 
opening statement that he may have.
    Mr. Richmond. Thank you, Mr. Chairman. Thank you, Chairman 
Hudson, for convening this meeting today.
    As the Members of this subcommittee are well aware, 
terrorists continue to target our commercial aviation sector 
for attack. Earlier this year, TSA took steps to mitigate these 
threats emerging from last-point-of-departure airports in 
Europe, Africa, and the Middle East. This past weekend, the 
Associated Press published an article outlining threats to 
commercial aviation emerging from terrorists currently residing 
in Syria.
    Yesterday the full committee heard from the director of the 
National Counterterrorism Center regarding AQAP's continued 
pursuit of high-profile attacks against Western aviation. Today 
the subcommittee will examine TSA's Secure Flight program, 
which serves as a critical tool for identifying high-risk 
passengers who may pose a threat to our aviation system.
    Thanks to the two Government Accountability Office reports 
released today, we have a clear picture of how TSA can 
strengthen the Secure Flight program. According to GAO, there 
is room for improvement in the program as it relates to both 
operations and privacy training for employees.
    I was pleased to see that TSA referenced GAO's audits in 
its prepared testimony and considered the Comptroller General's 
feedback and recommendations invaluable. I look forward to 
hearing from both GAO and TSA regarding the improvements that 
can be made to the Secure Flight program and the time line for 
implementing recommended reforms.
    I am also interested in hearing from the director of the 
Terrorist Screening Center regarding the process for placing 
known or suspected terrorists on the Selectee and No-Fly lists. 
The Secure Flight program can only be effective if the Selectee 
and No-Flight lists are up-to-date, accurate, and complete. For 
that to be a reality requires continuous collaboration between 
TSA, the Terrorist Screening Center, and the intelligence and 
law enforcement entities that nominate individuals to the watch 
list. Given the number of individuals known to have recently 
traveled to Syria and Iraq to join with terrorist groups, it is 
imperative that the Selectee and No-Fly lists are current and 
comprehensive.
    In the wake of the attempted terrorist attack on Northwest 
Flight 253 on Christmas day in 2009, we learned valuable 
lessons about how TSA and CBP can better coordinate to identify 
potentially dangerous passengers in air transit. It is my hope 
that we no longer need close calls to prompt TSA to identify 
better ways to recognize those who pose a threat to commercial 
aviation.
    Before yielding back, I would like to thank each of the 
witnesses for appearing before the subcommittee today. We 
appreciate what you do on a day-to-day basis to keep our Nation 
secure.
    With that, Mr. Chairman, I yield back the balance of my 
time.
    [The statement of Ranking Member Richmond follows:]
             Statement of Ranking Member Cedric L. Richmond
                           September 18, 2014
    As the Members of this subcommittee are well aware, terrorists 
continue to target our commercial aviation sector for attack. Earlier 
this year, TSA took steps to mitigate threats emerging from last point 
of departure airports in Europe, Africa, and the Middle East.
    This past weekend, the Associated Press published an article 
outlining threats to commercial aviation emerging from terrorists 
currently residing in Syria.
    Yesterday, the full committee heard from the director of the 
National Counterterrorism Center regarding AQAP's continued pursuit of 
high-profile attacks against Western aviation.
    Today, the subcommittee will examine TSA's Secure Flight program, 
which serves as a critical tool for identifying high-risk passengers 
who may pose a threat to our aviation system.
    Thanks to the two Government Accountability Office reports released 
today, we have a clear picture of how TSA can strengthen the Secure 
Flight program. According to GAO, there is room for improvement in the 
program as it relates to both operations and privacy training for 
employees.
    I was pleased to see that TSA referenced GAO's audits in its 
prepared testimony and considered the comptroller general's feedback 
and recommendations invaluable. I look forward to hearing from both GAO 
and TSA regarding the improvements that can be made to the Secure 
Flight program and the time line for implementing recommended reforms.
    I am also interested in hearing from the director of the Terrorist 
Screening Center regarding the process for placing known or suspected 
terrorist on the Selectee and No-Fly lists.
    The Secure Flight program can only be effective if the Selectee and 
No-Fly lists are up-to-date, accurate, and complete.
    For that to be a reality, it requires continuous collaboration 
between TSA, the Terrorist Screening Center, and the intelligence and 
law enforcement entities that nominate individuals to the watch list.
    Given the number of individuals known to have recently traveled to 
Syria and Iraq to join with terrorist groups, it is imperative that the 
Selectee and No-Fly lists are current and comprehensive.
    In the wake of the attempted terrorist attack on Northwest Flight 
253 on Christmas day in 2009, we learned valuable lessons about how TSA 
and CBP can better coordinate to identify potentially dangerous 
passengers in air transit.
    It is my hope that we no longer need close calls to prompt TSA to 
identify better ways to recognize those who pose a threat to commercial 
aviation.
    Before yielding back, I would like to thank each of the witnesses 
for appearing before the subcommittee today. We appreciate what you do 
on a day-to-day basis to keep our Nation secure.

    Mr. Hudson. I thank the gentleman.
    The full written statements from all witnesses will appear 
in the record.
    The Chairman now recognizes Mr. Sadler for your testimony.

STATEMENT OF STEPHEN SADLER, ASSISTANT ADMINISTRATOR, OFFICE OF 
      INTELLIGENCE AND ANALYSIS, TRANSPORTATION SECURITY 
      ADMINISTRATION, U.S. DEPARTMENT OF HOMELAND SECURITY

    Mr. Sadler. Thank you, sir. Good afternoon, Chairman 
Hudson, Ranking Member Richmond, and Members of the 
subcommittee. I am pleased to be here today to talk about TSA's 
Secure Flight program.
    The Secure Flight system was developed and implemented as a 
result of key recommendations in the 9/11 Commission report. 
Specifically, the 9/11 Commission recommended that the Federal 
Government assume responsibility for all watch list matching 
from commercial air carriers. Congress agreed, and DHS was 
directed to do so under the Intelligence Reform and Terrorism 
Prevention Act of 2004.
    In 2005, Congress identified 10 conditions for this new 
system. Among those conditions was the establishment of a 
redress process for passengers who are delayed or prohibited 
from boarding flights. The Secretary of Homeland Security 
certified that all 10 conditions had been met in September 
2008, and in January 2009 Secure Flight went operational.
    The Secure Flight program vets more than 2.2 million 
passengers daily and more than 800 million travelers annually, 
both international and domestic, to ensure that individuals on 
the No-Fly List are denied boarding and that selectees are 
identified for appropriate screening. Secure Flight is capable 
of randomly selecting a percentage of passengers for additional 
screening to build unpredictability into the matching process.
    The Secure Flight system is also critical for vetting 
individuals as part of TSA's risk-based security initiatives, 
such as the TSA PreCheck program. Intelligence-driven, risk-
based security increases TSA's effectiveness by expediting the 
passenger screening process for known travelers while allowing 
us to focus our resources to those areas where we may have 
greater risk. We are able to more effectively mitigate risk to 
aviation based on the information passengers share with us 
ahead of time.
    Additionally, the Secure Flight program has enhanced 
aviation security significantly by delivering earlier 
indication of potential matches, allowing for expedited 
notification of law enforcement, providing a fair and equitable 
and consistent matching process across all airlines, 
implementing critical data security protections within the 
Secure Flight system, and creating consistent application of an 
integrative redress process for misidentified individuals 
through the Department of Homeland Security's Traveler Redress 
Inquiry Program, also known as DHS TRIP.
    To balance passenger privacy and security TSA has built key 
privacy safeguards into the Secure Flight system through 
administrative, operational, and technical controls to mitigate 
unauthorized use, disclosure, and access to information.
    Two recent GAO reports on Secure Flight offer six 
recommendations, and TSA concurs with them all. GAO's 
recommendations offer us an opportunity to further ensure TSA 
is meeting our critical security goals. TSA strives every day 
to provide the most effective security in the most efficient 
way.
    So thank you again for the opportunity to talk about this 
critical program. I look forward to answering your questions.
    [The prepared statement of Mr. Sadler follows:]
                  Prepared Statement of Stephen Sadler
                           September 18, 2014
    Chairman Hudson, Ranking Member Richmond, and Members of the 
subcommittee, I am pleased to appear before you today to discuss the 
Transportation Security Administration (TSA) Secure Flight program.
    TSA is a high-performing counterterrorism agency charged with 
facilitating and securing the travel of the nearly 1.8 million air 
passengers each day. Our Secure Flight program is an integral layer of 
security, crucial to our ability to deter and prevent terrorist attacks 
in aviation. As you know, this system performs secure, efficient, and 
consistent watch list matching of passenger names for all covered 
domestic and international flights into, out of, and within the United 
States. TSA also performs these services for domestic air carrier 
flights between international destinations. TSA vets approximately 2.2 
million passengers per day on 250 domestic and foreign carriers.
                         secure flight history
    As you know, the Secure Flight program had its genesis in the 9/11 
Commission Report, which recommended that TSA take over watch list 
matching from aircraft operators. The Intelligence Reform and Terrorism 
Prevention Act (IRPTA) of 2004 codified this recommendation into law, 
requiring DHS to conduct pre-flight comparisons of passenger 
information to the Terrorist Screening Database (TSDB) watch list. 
Prior to the implementation of Secure Flight, airlines were responsible 
for matching passenger information against the TSDB.
    Since November 2010, Secure Flight has conducted watch list 
matching of passenger information against the TSDB for all covered U.S. 
and foreign flights into, out of, and within the United States, 
including point-to-point international flights operated by U.S. 
airlines. Secure Flight also performs watch list matching for flights 
that overfly, but do not land in, the continental United States.
    By transferring these matching responsibilities from the airlines 
to TSA, Secure Flight allows for expedited notification of law 
enforcement, airlines, and our partners in the intelligence community 
to prevent individuals on the No-Fly List from boarding an aircraft, as 
well as ensuring that individuals on the TSDB with the ``selectee'' 
designation receive appropriate enhanced screening prior to flying. 
Secure Flight allows TSA and our partners in the intelligence community 
to adapt quickly to new threats by accommodating last-minute changes to 
the risk categories assigned to individual passengers. Passengers 
making an airline reservation are required to provide their full name, 
date of birth, and gender, as well as a Known Traveler Number and 
Redress Number, if applicable. TSA matches this information against the 
TSDB, then transmits the results back to airlines so they may issue or 
deny passenger boarding passes.
    The Secure Flight program continues to evolve as TSA's approach to 
transportation security has shifted from a ``one-size-fits-all'' 
approach to a risk-based security approach. Improvements in technology 
and intelligence collection and sharing have allowed TSA to strengthen 
the TSA PreCheckTM program and focus our resources on 
individuals who may pose a higher risk to transportation security. 
Secure Flight is an essential component of efforts to provide 
population who have volunteered information about themselves such as 
pilots, flight attendants, members of the military, clearance holders, 
and individuals enrolled in Trusted Traveler programs with expedited 
screening. Travelers within these populations use their Known Traveler 
Number when making flight reservations, which allows TSA to vet them 
against the TSDB, confirm their eligibility for expedited screening, 
and provide the appropriate designation on the traveler's boarding 
pass.
                        program accomplishments
    The Secure Flight program is vital to the success of TSA's mission. 
Since its inception, Secure Flight has demonstrated reliability and 
superior effectiveness and performance compared to the aircraft 
operators' watch list matching abilities. Secure Flight vets more than 
800 million travelers annually to ensure that individuals on the No-Fly 
List are denied boarding and that selectees are identified for 
appropriate screening.
    In October 2011, TSA introduced TSA PreCheckTM, a 
program which expedites the screening of certain known populations at 
the airport passenger security checkpoint, thereby enabling TSA to 
focus its efforts and resources on those unknown passengers. Secure 
Flight is critical to the operation of TSA PreCheckTM. Watch 
list vetting and confirmation of eligibility for expedited screening 
are conducted by Secure Flight, which enables TSA airport staff to 
appropriately route and screen passengers. In December 2013, TSA 
expanded this program, allowing U.S. citizens and lawful permanent 
residents to participate via the TSA PreCheckTM Application 
program. Applicants undergo fingerprinting and a background 
investigation prior to being granted expedited screening benefits. As 
of August 2014, more than 500,000 individuals have applied and been 
successfully enrolled in the program, further allowing TSA to focus its 
watch list matching efforts on high-risk individuals.
    Secure Flight is capable of identifying passengers flying 
internationally for enhanced screening measures based on risk-based, 
intelligence-driven information, as well as randomly selecting a 
percentage of passengers for additional screening to build 
unpredictability into the matching process. In 2013, TSA initiated TSA 
PreCheckTM Risk Assessments, which allows Secure Flight to 
enhance prescreening by utilizing intelligence-driven rule sets to 
identify high- and low-risk passengers, for either enhanced, standard, 
or expedited screening.
                          privacy and redress
    The Department of Homeland Security (DHS) integrated a robust 
privacy and redress system as part of the Secure Flight program. TSA 
has dedicated privacy staff to ensure Secure Flight systems and 
analyses are in compliance with applicable laws, procedures, and best 
practices. The system also has built-in safeguards to manage privacy 
risks.
    TSA serves as the executive agent for the DHS Traveler Redress 
Inquiry Program (DHS TRIP), an interagency program made up of 
components of the Departments of Homeland Security, Justice, and State. 
It is a single point of contact for individuals who have inquiries or 
are looking to resolve security screening issues they have experienced 
during international or domestic travel, including enhanced screening, 
delays, or denials of boarding. These individuals can use the DHS TRIP 
to request redress and request that DHS, the Terrorist Screening Center 
which houses the TSDB, and any other involved agency review their 
personal information and correct their record to resolve their travel-
related issues or to prevent misidentification as appropriate.
    DHS TRIP has received and processed more than 185,000 redress 
requests and inquiries since its establishment in 2007. Once the TRIP 
review process is complete, and all traveler records have been updated 
as appropriate, DHS issues a letter to the traveler signaling the 
completion of the review and closure of the case. Historically, 
approximately 98% of the applicants to DHS TRIP are determined to be 
false positives. To avoid such instances, DHS TRIP assigns applicants a 
unique Redress Control Number, which they can use when booking travel.
    Since TSA has taken over watch list matching from airlines through 
Secure Flight and since the implementation of DHS TRIP, DHS has seen a 
significant decrease in the number of redress requests.
            government accountability office recommendations
    The Government Accountability Office (GAO) has recently conducted 
two audits of the Secure Flight program and provided TSA with 
invaluable feedback through their recommendations to strengthen our 
systems and procedures. In their audit on Secure Flight operations, GAO 
recommended TSA take the following steps: Develop a process for 
regularly evaluating causes of screening errors, implement corrective 
measures based on this analysis, tie performance more effectively to 
program goals, and document cases to improve program performance.
    TSA has already made great strides in addressing GAO's 
recommendations by developing data collection mechanisms to evaluate 
the root causes of screening errors. TSA's Office of Security 
Operations has taken the lead through the Security Incident Reporting 
Tool to collect feedback at airports including cause, corrective 
solution, and lessons learned from each incident. TSA expects to have 
this reporting system completed and implemented at all airports by the 
end of the month. These lessons learned will also be incorporated back 
into relevant program offices at TSA headquarters to ensure consistency 
and accountability throughout the agency.
    TSA has also implemented a number of critical data security 
protections within the Secure Flight system, including restricting 
access to authorized users and requiring audit logs as well as 
increasing privacy training, and strengthening the approval process to 
allow access to data. TSA also instituted a Management Directive to 
manage all requests for Secure Flight data and will implement 
additional systems to track all data access requests.
    Finally, GAO recommended that TSA develop a system to document 
Secure Flight system matching errors so TSA can better analyze data 
errors and address any matching issues in the future. Our Office of 
Intelligence and Analysis is developing a detailed tracking capacity 
for instances of system matching errors, which we expect to have 
completed by the end of the calendar year.
    With regard to GAO's review of Secure Flight's privacy protections, 
TSA has already begun to incorporate their recommendations to provide 
privacy refresher training and to track decisions pertaining to 
Personally Identifiable Information (PII). Secure Flight employees will 
receive job-specific privacy refresher training by the end of the 
calendar year. As stated earlier, we have dedicated privacy personnel 
on our staff to help with these efforts. As far as tracking decisions 
pertaining to PII, efforts are already underway to establish a tracking 
process and we expect a completion date early next year.
    TSA greatly appreciates the work GAO put into these audits and 
looks forward to enhancing the program through addressing their 
recommendations.
                               conclusion
    TSA's Secure Flight program is a robust system that allows TSA to 
make Risk-Based Security decisions that are crucial to the security of 
our transportation systems. Today, Secure Flight not only identifies 
high-risk passengers by matching them against the TSDB, but it also 
uses the information to assign all passengers a risk category: High-
risk, low-risk, or unknown-risk. At the same time, TSA has also 
enhanced Secure Flight's privacy oversight mechanisms to protect 
personally identifiable information.
    Secure Flight continues to be the Nation's front-line defense 
against terrorism targeting the Nation's civil aviation system. It is 
an incredibly effective tool in identifying individuals of concern for 
denial of boarding, enhanced screening, or expedited screening. TSA 
will continue to expand on these successes even further as we work 
toward our goals of enhancing the passenger experience while at the 
same time keeping bad actors from doing us harm.
    Thank you for the opportunity to testify before you today. I look 
forward to answering your questions.

    Mr. Hudson. Thank you, Mr. Sadler.
    The Chairman now recognizes Mr. Piehota to testify.

   STATEMENT OF CHRISTOPHER M. PIEHOTA, DIRECTOR, TERRORIST 
    SCREENING CENTER, FEDERAL BUREAU OF INVESTIGATION, U.S. 
                     DEPARTMENT OF JUSTICE

    Mr. Piehota. Good afternoon, Chairman Hudson, Ranking 
Member Richmond, and Members of the subcommittee. Thank you for 
the opportunity to discuss the Terrorist Screening Center and 
its National security mission.
    Since the creation of the Terrorist Screening Center 11 
years ago, the center has played a vital role in the fight 
against terrorism. The Terrorist Screening Center integrates 
terrorist identity information from the law enforcement, 
homeland security, and intelligence communities into a single 
identities database known as the Terrorist Screening Database, 
or TSDB.
    The TSDB populates the various terrorist screening systems 
used by the Government. Since its inception, the Terrorist 
Screening Center has remained committed to protecting the 
American public from terrorist threats, while simultaneously 
protecting privacy and safeguarding civil liberties.
    The TSDB, commonly referred to as the Terrorist Watch List, 
contains both known or suspected international and domestic 
terrorist identity information. The procedure for submitting 
information on individuals for inclusion on the Terrorist Watch 
List is referred to as the nomination process.
    Nominations originate from credible information developed 
by the law enforcement, homeland security, and intelligence 
communities. Federal departments and agencies submit 
nominations from known or suspected international terrorists to 
the National Counterterrorism Center, or the NCTC, for 
inclusion in their Terrorist Identity Datamart Environment, or 
TIDE database. NCTC reviews the TIDE entries and submits them 
to the TSC if these entries include sufficient biographic or 
biometric identifiers and are supported with derogatory 
information that generally meets the reasonable suspicion 
standard. In a similar fashion, the FBI collects, stores, and 
forwards information relating purely to domestic terrorists to 
the Terrorist Screening Center.
    The facts and circumstances pertaining to a nomination 
should indicate that an individual is known or suspected to be 
or has been engaged in conduct constituting, in preparation 
for, in aid of, or related to terrorism or terrorist 
activities. The reasonable suspicion standard is based upon the 
totality of circumstances to account for the sometimes 
fragmentary nature of terrorist information. Mere guesses or 
hunches are not sufficient to constitute reasonable suspicion.
    In addition, nominations cannot be solely based on race, 
ethnicity, National origin, religious affiliation, or First 
Amendment-protected activity. Moreover, if the information is 
to the No-Fly or Selectee lists, the nomination must meet 
additional screening criteria.
    The utility of the watchlisting process is highest when the 
information is efficiently disseminated to those law 
enforcement agencies that need it to perform their law 
enforcement, homeland security, or intelligence missions. As 
such, the Terrorist Screening Center places a premium on the 
timely dissemination of terrorist identity data to our 
screening partners, and the TSC supports the TSA and other 
partners by providing the No-Fly and Selectee lists for 
aviation security screening through real-time transactional 
information transfer.
    Throughout the entire watchlisting and screening process, 
the TSC continues to play a significant role in ensuring that 
civil liberties are safeguarded and privacy is protected. The 
goal of the redress process is to provide a timely and fair 
review of redress inquiries referred to DHS and, when 
applicable, the Terrorist Screening Center. Individuals who 
believe they were inconvenienced as a result of screening can 
submit a redress inquiry through DHS, the Traveler Redress 
Inquiry Program. We support DHS TRIP by resolving inquiries 
that appear to be related to terrorist data included in the 
TSDB.
    Upon receipt of a DHS TRIP referral, the Terrorist 
Screening Center redress program reviews the available 
information, including information provided by the inquiring 
party, and determines whether the inquiring party is an exact 
match to an identity in the TSDB and, if so, whether the 
identity should continue to be watchlisted in the TSDB or 
whether the inquiring party's status should be adjusted. As 
part of the review process, the TSC's redress program 
coordinates with the agency who had nominated the individual to 
the Terrorist Watch List and, if warranted, updates the 
applicable data.
    In conclusion, the TSC has firmly established itself as a 
primary element in the U.S. Government's counterterrorism 
detection, early warning, and prevention network. As a premier 
counterterrorism function, the TSC supports its interagency 
partners in preserving the safety, security, and prosperity of 
our communities.
    Thank you again for the opportunity to discuss the TSC and 
its National security mission. I look forward to any questions 
you may have.
    [The prepared statement of Mr. Piehota follows:]
              Prepared Statement of Christopher M. Piehota
                           September 18, 2014
    Good afternoon Chairman Hudson, Ranking Member Richmond and Members 
of the subcommittee. Thank you for the opportunity to discuss the 
Terrorist Screening Center (TSC) and its role in the interagency 
watchlisting and screening process.
    Over the past 11 years, the TSC has played a vital role in the 
fight against terrorism by integrating terrorist identity information 
from the law enforcement, homeland security, and intelligence 
communities into a single identities database known as the Terrorist 
Screening Database (TSDB), which populates the various terrorist 
screening systems used by the U.S. Government. Throughout this process, 
the TSC has remained committed to protecting the American public from 
terrorist threats while simultaneously protecting privacy and 
safeguarding civil liberties. As our efforts continue to evolve in 
response to new threats and intelligence, your support provides us with 
the tools necessary to continue our mission.
                      terrorist nomination process
    The TSDB, commonly referred to as the Terrorist Watch List, 
contains both international and domestic terrorist identity 
information. The procedure for submitting information on individuals 
for inclusion on the Terrorist Watch List is referred to as the 
nomination process. The nomination process is the most fundamental and 
singularly important step in the watchlisting process. It is through 
this process that individuals are added to the Terrorist Watch List. 
Nominations originate from credible information developed by our 
intelligence and law enforcement partners. These intelligence and law 
enforcement agencies are referred to as Originators in the watchlisting 
community because it is through their work that nominations are 
developed. Federal departments and agencies submit nominations of known 
or suspected international terrorists to the National Counterterrorism 
Center (NCTC) for inclusion in NCTC's Terrorist Identities Datamart 
Environment (TIDE) database. NCTC reviews TIDE entries and transmits 
entries to TSC that include sufficient identifiers and are supported 
with information that meet the reasonable suspicion watchlisting 
standard described below. Similarly, the FBI collects, stores, and 
forwards information to the TSC relating to domestic terrorists that 
may have connections to international terrorism.
    Before placing any information into the TSDB, the TSC utilizes a 
multi-level review process to ensure that the nomination meets the 
criteria for inclusion. Generally, nominations to the TSDB must satisfy 
two requirements. First, the facts and circumstances pertaining to the 
nomination must meet the reasonable suspicion standard of review. 
Second, the biographic information associated with a nomination must 
contain sufficient identifying data so that a person being screened can 
be matched to or disassociated from another watchlisted individual.
    Reasonable suspicion requires articulable facts which, taken 
together with rational inferences, reasonably warrant the determination 
that an individual ``is known or suspected to be or has been engaged in 
conduct constituting, in preparation for, in aid of or related to 
terrorism and terrorist activities.'' The reasonable suspicion standard 
is based on the totality of the circumstances in order to account for 
the sometimes fragmentary nature of terrorist information. Due weight 
must be given to the reasonable inferences that a person can draw from 
the available facts. Mere guesses or inarticulate ``hunches'' are not 
enough to constitute reasonable suspicion. In addition, nominations 
must not be solely based on race, ethnicity, national origin, religious 
affiliation, or First Amendment-protected activity, such as free 
speech, the exercise of religion, freedom of the press, freedom of 
peaceful assembly, and petitioning the Government for redress of 
grievances. There are limited exceptions to the reasonable suspicion 
requirement, which exist to support immigration and border screening by 
the Department of State and Department of Homeland Security.
    Upon receiving the nomination, TSC personnel review the supporting 
information to assess sufficiency, including accuracy and timeliness. 
In particular, TSC personnel must make two determinations. First, they 
evaluate whether the nomination meets the reasonable suspicion standard 
for inclusion in the TSDB. This includes determining whether the 
derogatory information provided with the nomination meets the 
additional requirements for placing an individual on the No-Fly or 
Selectee list. If a nomination involves a request that an individual be 
placed on the No-Fly or Selectee list, the nomination must meet 
additional substantive criteria, above and beyond the ``reasonable 
suspicion'' requirement for TSDB nominations. Second, they consider 
whether the biographic information associated with a nomination 
contains sufficient identifying data so that a person being screened 
can be matched to or distinguished from a watchlisted individual on the 
TSDB.
    Upon conclusion of the TSC's review, TSC will either accept or 
reject the TSDB nomination. If a nomination is accepted, the TSC will 
create a TSDB record which includes only the ``terrorist identifiers'' 
(e.g., name, date of birth, etc.).
    Because it is a Sensitive but Unclassified system, the TSDB does 
not include substantive derogatory information or Classified National 
security information. This facilitates the sharing of TSDB identifying 
information with Government screening and law enforcement officers, 
such as U.S. Customs and Border Protection Officers at ports of entry 
and State and local law enforcement officers throughout the United 
States. In addition, TSC personnel are trained on what information is 
proper to disclose when responding to an inquiry by a Government 
screening or law enforcement officer, based on the circumstances of the 
inquiry.
    To uphold the directive in Homeland Security Presidential Directive 
6 to maintain ``thorough, accurate, and current'' information, and to 
protect civil rights and civil liberties, within the TSDB, several 
quality control measures are continuously applied by nominating 
agencies, the NCTC, and TSC. These measures include periodic reviews of 
nominations and TSDB records, including by attorneys, as well as audits 
of supporting systems to promote the integrity of the information 
relied upon for maintenance of TSDB records. Nominating agencies have 
an on-going responsibility to notify NCTC and TSC of any changes that 
could affect the validity or reliability of TSDB information. In those 
cases where modification or deletion of a record relating to 
international terrorism is required, the nominating agency must notify 
NCTC, which will process the request and transmit it to the TSC for 
action. For nominations relating to domestic terrorism, the FBI must 
follow applicable FBI procedures to request that a FBI-nominated TSDB 
record be modified or deleted.
                      export to supported systems
    Once a known or suspected terrorist is identified and included in 
the TSDB, TSC ensures the timely dissemination of the terrorist 
identity data to our screening partners using encrypted electronic 
exports. The utility of the watchlisting process is highest when the 
information is efficiently disseminated to those who need it. The TSC 
uses subject-matter experts, who are experienced analysts and 
designated agency representatives, to support the U.S. Government 
watchlisting and screening mission and the screening systems supported 
by the TSDB. The six major U.S. Government systems supported by the 
TSDB are: Department of State's Consular Lookout and Support System 
(CLASS) for passport and visa screening; Department of Homeland 
Security's (DHS) TECS system for border and port of entry screening; 
DHS Secure Flight system for air passenger screening (such as against 
the No-Fly and Selectee lists) by the Transportation Security 
Administration (TSA); DHS Transportation Vetting System for 
credentialing transportation and critical infrastructure workers; the 
Department of Defense for base access and screening; and, the FBI's 
National Crime and Information Center's Known or Suspected Terrorist 
File (formerly known as the Violent Gang/Terrorist Organization File 
(VGTOF)) for domestic law enforcement screening. The TSDB data exported 
to each of these systems is specifically tailored to the mission, legal 
authorities, and information technology requirements of the department 
or agency that maintains the system. Accordingly, each system receives 
a different subset of data from TSDB. In addition, TSC inserts 
provisions into its information-sharing agreements requiring its 
information-sharing partners to properly protect TSDB-derived 
information, grant access to or release that information only pursuant 
to the agreement, and to provide appropriate training to individuals 
granted access to this information.
                                redress
    Throughout the entire watchlisting and screening process the TSC 
plays a significant role in ensuring that civil liberties are 
safeguarded and privacy is protected. The TSC led the interagency 
initiative to develop an effective interagency redress process and 
maintains a separate unit dedicated to resolving redress matters 
regarding individuals who believe they have been incorrectly 
watchlisted. The goal of the redress process is to provide a timely and 
fair review of redress inquiries referred to the TSC. Working closely 
with our interagency partners, TSC developed an interagency Memorandum 
of Understanding (MOU) on Terrorist Watchlist Redress Procedures that 
was signed in September 2007. The MOU standardizes interagency watch 
list redress procedures and provides complainants with an opportunity 
to receive a timely, fair, and accurate review of their redress 
concerns.
    For example, travelers who are denied or delayed boarding or entry 
into the United States can submit a redress inquiry through the DHS 
Traveler Redress Inquiry Program, commonly referred to as DHS TRIP. DHS 
TRIP provides the public with a single point of contact for individuals 
who have inquiries or seek resolution regarding difficulties they 
experienced during travel screening at transportation hubs (such as 
airports and train stations) or during their inspection at a U.S. port 
of entry. The TSC supports DHS TRIP by helping to resolve complaints 
that appear to be related to data in the TSDB.
    When a traveler's inquiry appears to concern data in the TSDB, DHS 
TRIP refers the case to the TSC Redress Unit for research into the 
matter. Upon receipt of a DHS TRIP inquiry, TSC Redress Unit reviews 
the available information, including the information and documentation 
provided by the traveler, and determines: (1) Whether the traveler is 
an exact match to an identity in the TSDB; and, if an exact match 
exists, (2) whether the identity should continue to be in the TSDB or 
whether the status should be changed (for example, downgrade a No-Fly 
record).
    If the redress inquiry is a match to an identity in the TSDB, the 
TSC Redress Unit researches the record and underlying derogatory 
information, coordinates with the agency that nominated the complainant 
to the Terrorist Watch List to ensure the information is current and 
reliable, and, if warranted, updates incorrect or outdated Terrorist 
Watch List data that may cause the individual difficulty during a 
screening process. Upon the conclusion of TSC's review, the TSC Redress 
Unit advises DHS TRIP representatives of the outcome so they can 
directly respond to the complainant. In some cases, the TSC determines 
that the individual should remain watchlisted, but may also modify the 
individual's watch list status accordingly.
    In addition, when the TSC is advised through press or Congressional 
inquiries about individuals who have encountered travel difficulties 
due to their perceived watch list status, the TSC Redress Unit reviews 
the pertinent watch list encounter records. If the person is found to 
be misidentified, the TSC examines our records to determine if there is 
any additional information that could be used to reduce future 
misidentifications. At the conclusion of the process, the inquiring 
entity is notified that all reasonable measures to reduce any future 
misidentifications have been taken.
    Finally, as you may know, there are currently a number of pending 
court cases involving challenges to administration of the No-Fly List 
by plaintiffs who allege they have been wrongly denied boarding on an 
aircraft. We are currently working with our interagency partners on 
potential changes to the [existing No-Fly List] redress process to 
ensure that our procedures continue to safeguard civil liberties and 
privacy. These changes will be made in coordination with other agencies 
involved in aviation security screening, informed by legal and policy 
concerns that affect the U.S. Government's administration of the No-Fly 
List and the overarching redress process. In so doing, the U.S. 
Government will endeavor to increase transparency for certain 
individuals denied boarding who believe they are on the No-Fly List and 
have submitted DHS TRIP inquiries, consistent with the protection of 
National security and National security information, as well as 
transportation security.
                               conclusion
    The TSC has a standing commitment to protect the United States and 
its international partners from terrorist threats while protecting 
privacy and safeguarding civil liberties. Terrorist watchlisting has 
been a vital early warning and interdiction tool in the 
counterterrorism efforts of the United States Government and will 
continue to serve in this capacity in the future.

    Mr. Hudson. Thank you, Mr. Piehota.
    The Chairman now recognizes Ms. Grover to testify.

  STATEMENT OF JENNIFER A. GROVER, ACTING DIRECTOR, HOMELAND 
  SECURITY AND JUSTICE, U.S. GOVERNMENT ACCOUNTABILITY OFFICE

    Ms. Grover. Good afternoon, Chairman Hudson, Ranking Member 
Richmond, and other Members and staff. I am pleased to be here 
today to discuss TSA's implementation and oversight of the 
Secure Flight program.
    In my remarks, I would like to highlight four points from 
the reports GAO issued today on Secure Flight. First, what TSA 
knows about Secure Flight system-matching errors. Second, what 
TSA knows about screening errors at the checkpoint. Third, 
initiatives to reduce processing time of passenger requests for 
redress. Fourth, opportunities to strengthen Secure Flight 
privacy protections.
    First, Secure Flight system-matching errors, which are 
instances when the Secure Flight system fails to identify a 
passenger with a reservation on an upcoming flight as being 
included on a watch list and who therefore should receive 
additional screening or not be permitted to fly. We found that 
TSA is lacking key information about how well Secure Flight is 
achieving its goals, including the extent to which the system 
misses passengers on the watch lists. We therefore recommend 
that TSA develop additional performance measures to monitor 
this and other aspects of the Secure Flight program.
    Even without performance measures related to system-
matching errors, sometimes TSA becomes aware of such errors 
through other means. In these cases, the TSA Match Review Board 
studies the incident to determine what actions are necessary to 
prevent similar errors. However, TSA has not maintained readily 
available, accurate information on the number or causes of 
system-matching errors which would provide a more robust basis 
for program oversight. Therefore, we also recommend that TSA 
develop a mechanism to systematically document the number and 
causes of Secure Flight system-matching errors.
    Second, screening errors at the checkpoint, which are 
instances in which screening personnel have made errors in 
implementing Secure Flight determinations. We reviewed TSA data 
from May 2012 through February 2014 and found that such errors 
have occurred. At some airports TSA officials conduct after-
action reviews to identify and address the root causes of these 
errors. Conducting such reviews across all airports would allow 
TSA to identify trends and target Nation-wide efforts to 
address them. We recommend that TSA develop a process to 
evaluate the root causes of screening errors at all airport 
checkpoints and implement corrective measures as necessary.
    Third, passenger requests for redress, which gives 
passengers who believe they have been erroneously matched to a 
watch list an opportunity to address this and prevent it from 
happening in the future. DHS TRIP, the office that administers 
the redress process, and the Terrorist Screening Center, which 
maintains watch lists derived from the Terrorist Screening 
Database, are taking steps to reduce the processing time for 
redress applications. In fact, TRIP reduced the redress 
processing time from an average of 100 to 42 days during fiscal 
year 2014.
    In contrast, the average processing time for redress 
appeals is significantly longer: 276 days, or about 9 months. 
This time period is inconsistent with the letter that appeals 
applicants receive stating that DHS will provide a final agency 
decision within 60 days. TRIP and TSC have taken steps to 
reduce the appeals review time, but it will be important for 
TRIP to monitor progress in this area and consider changes to 
the 60-day time frame referenced in the appeals letter if 
necessary.
    Fourth, Secure Flight privacy protections to safeguard 
passengers' personally identifiable information. Let me 
acknowledge that TSA already has privacy mechanisms in place, 
including 
24/7 audit logs of the Secure Flight system and user events, 
privacy training for all new Secure Flight staff, and 
mechanisms to document some privacy-related issues, such as the 
destruction of passenger data. However, TSA's protections could 
be further strengthened with the development of annual job-
specific privacy training for all Secure Flight employees and 
through comprehensive documentation of key privacy issues and 
decisions.
    As Mr. Sadler noted, DHS has concurred with all of our 
recommendations regarding improvements to Secure Flight and is 
planning for implementation.
    Chairman Hudson, Ranking Member Richmond, thank you for the 
opportunity to testify this afternoon.
    [The prepared statement of Ms. Grover follows:]
                Prepared Statement of Jennifer A. Grover
                           September 18, 2014
    Chairman Hudson, Ranking Member Richmond, and Members of the 
subcommittee: I am pleased to be here today to discuss the findings 
from our two September 2014 reports, being released today, in which we 
assessed the performance of the Department of Homeland Security (DHS) 
Transportation Security Administration's (TSA) Secure Flight program 
and related privacy issues.\1\ Secure Flight screens approximately 2 
million passengers each day, matching passenger information against 
Federal Government watch lists and other information to assign each 
passenger a risk category. By identifying those passengers who may pose 
security risks, Secure Flight helps protect against potential acts of 
terrorism that might target the Nation's civil aviation system.
---------------------------------------------------------------------------
    \1\ GAO, Secure Flight: TSA Should Take Additional Steps to 
Determine Program Effectiveness, GAO-14-531 (Washington, DC: Sept. 9, 
2014), and Secure Flight: TSA Could Take Additional Steps to Strengthen 
Privacy Oversight Mechanisms, GAO-14-647 (Washington, DC: Sept. 9, 
2014).
---------------------------------------------------------------------------
    In response to requirements of the Intelligence Reform and 
Terrorism Prevention Act of 2004, and a recommendation of the National 
Commission on Terrorist Attacks upon the United States (the 9/11 
Commission), TSA developed and implemented Secure Flight in order to 
assume from air carriers the function of matching passengers against 
watch lists maintained by the Federal Government.\2\ At the time, TSA 
matched passengers against two watch lists, which were intended to 
identify high-risk individuals: (1) The No-Fly List, composed of 
individuals who should be precluded from boarding an aircraft, and (2) 
the Selectee List, composed of individuals who should receive enhanced 
screening at the airport security checkpoint. The No-Fly and Selectee 
Lists are subsets of the Terrorist Screening Database (TSDB)--the U.S. 
Government's consolidated watch list of known or suspected terrorists 
maintained by the Terrorist Screening Center (TSC), a multi-agency 
organization administered by the Federal Bureau of Investigation.
---------------------------------------------------------------------------
    \2\ See Pub. L. No. 108-458,  4012(a), 118 Stat. 3638, 3714-18 
(2004) (codified at 49 U.S.C.  44903(j)(2)(C)). The 9/11 Commission, 
The 9/11 Commission Report: Final Report of the National Commission on 
Terrorist Attacks upon the United States, July 2004. TSA efforts to 
develop a computer-assisted passenger prescreening system predated the 
Intelligence Reform and Terrorism Prevention Act and the report of the 
9/11 Commission.
---------------------------------------------------------------------------
    After initiating development of Secure Flight in August 2004, TSA 
began implementing it in 2009, and completed transitioning foreign and 
domestic air carriers to the program in November 2010.\3\ Secure Flight 
now screens passengers and certain nontraveling individuals on all 
domestic and international commercial flights to, from, and within the 
United States; certain flights overflying the continental United 
States; and international point-to-point flights operated by U.S. 
aircraft operators.\4\
---------------------------------------------------------------------------
    \3\ TSA began implementing Secure Flight pursuant to the Secure 
Flight Program Final Rule, issued in October 2008. See 73 Fed. Reg. 
64,018 (Oct. 28, 2008).
    \4\ Secure Flight screens certain nontraveling individuals, such as 
escorts for minor, elderly, and disabled passengers, who are authorized 
to access the airport's sterile area--the portion of an airport defined 
in the airport security program that provides passengers access to 
boarding aircraft and to which access is generally controlled through 
the screening of persons and property. See 49 C.F.R.  1540.5. For 
purposes of this report, the term ``commercial flight'' encompasses all 
U.S. and foreign air carrier operations covered by and subject to the 
Secure Flight Final Rule. See 49 C.F.R.  1560.3 (defining ``covered 
flight'' for purposes of the Secure Flight Program).
---------------------------------------------------------------------------
    Secure Flight can have inadvertent and potentially inappropriate 
impacts on the traveling public, such as when passengers are identified 
as high-risk because they share a similar name and date of birth with 
an individual listed on a watch list, and thus experience delays and 
inconveniences during their travels. DHS's Traveler Redress Inquiry 
Program (DHS TRIP) provides passengers who have been denied boarding, 
or identified for additional screening, with an opportunity to be 
cleared if they are determined not to be a match to TSDB-based watch 
list records (i.e., misidentified) or if they have been wrongly 
identified as the subject of a TSDB watch list record (i.e., 
mislisted).\5\
---------------------------------------------------------------------------
    \5\ DHS established DHS TRIP in February 2007 as the central 
processing point within DHS for travel-related redress inquiries. See 
49 U.S.C.  44903(j)(2)(G)(i) (requiring the establishment of a timely 
and fair process for individuals identified as a threat as a result of 
TSA's passenger prescreening system to appeal the determination and 
correct any erroneous information).
---------------------------------------------------------------------------
    My testimony today highlights the key findings of our two reports 
on Secure Flight.\6\ My statement will address the extent to which: (1) 
TSA's performance measures appropriately assess progress toward 
achieving the Secure Flight program goals, (2) TSA ensures that Secure 
Flight screening determinations for passengers are fully implemented at 
airport security checkpoints, (3) DHS's redress process addresses the 
delays and inconveniences that result from Secure Flight screening, and 
(4) TSA has implemented privacy oversight mechanisms to address Secure 
Flight privacy requirements.
---------------------------------------------------------------------------
    \6\ GAO-14-531 addressed the operations of the Secure Flight 
program, including TSA's implementation of screening determinations at 
the checkpoint and performance measures for the Secure Flight program. 
GAO-14-647 addressed Secure Flight's privacy oversight mechanisms and 
DHS's redress process.
---------------------------------------------------------------------------
    For the September 2014 reports, we analyzed documentation of TSA's 
program goals and performance measures for fiscal years 2011 through 
2013 and assessed these measures against provisions of the Government 
Performance and Results Act (GPRA).\7\ We also analyzed a list that TSA 
compiled at our request of missed passengers on two high-risk lists 
(including the reasons for these matching errors) that occurred from 
November 2010 through July 2013. We analyzed certain TSA data on 
screener performance at airport security checkpoints from May 2012, 
when TSA began tracking these data, through February 2014, when we 
conducted the analysis. We also reviewed relevant DHS TRIP redress and 
appeals data for fiscal years 2011 through 2013. In addition, to 
evaluate TSA's documentation of Secure Flight privacy issues and 
decisions and TSA's privacy training for Secure Flight staff, we 
reviewed relevant documents prepared by TSA privacy officials and 
contract staff, including privacy compliance validation reports for the 
period from April 2012 through April 2013, monthly status reports 
prepared by TSA's privacy contractor for the period from March 2013 
through April 2014, and privacy training documents. We interviewed TSA 
and other DHS officials who are responsible for aspects of Secure 
Flight and DHS TRIP, as well as TSA officials at nine airports, which 
we selected based on a variety of factors, such as volume of passengers 
screened and geographic dispersion. Our September 2014 reports provide 
further details on our scope and methodology.\8\ The work upon which 
this statement is based was conducted in accordance with generally 
accepted Government auditing standards.
---------------------------------------------------------------------------
    \7\ Government Performance and Results Act of 1993, Pub. L. No. 
103-62, 107 Stat. 285 (1993). GPRA was updated by the GPRA 
Modernization Act of 2010. Pub. L. No. 111-352, 124 Stat. 3866 (2011).
    \8\ GAO-14-531 and GAO-14-647.
---------------------------------------------------------------------------
                               background
    Since its implementation in 2009, Secure Flight has changed from a 
program that identifies passengers as high-risk solely by matching them 
against the No-Fly and Selectee Lists to one that assigns passengers a 
risk category: High-risk, low-risk, or unknown-risk. In 2010, following 
the December 2009 attempted attack on a U.S.-bound flight, which 
exposed gaps in how agencies used watch lists to screen individuals, 
TSA began using risk-based criteria to identify additional high-risk 
passengers who may not be in the TSDB, but who should be subject to 
enhanced screening procedures. Further, in 2011, TSA began screening 
passengers against additional identities in the TSDB that are not 
already included on the No-Fly or Selectee Lists. In addition, as part 
of TSA PreCheckTM, a 2011 program through which TSA 
designates passengers as low-risk for expedited screening, TSA began 
screening against several new lists of preapproved low-risk travelers. 
TSA also began conducting TSA PreCheckTM risk assessments, 
an activity distinct from matching against lists that uses the Secure 
Flight system to assign passengers scores based upon their travel-
related data, for the purpose of identifying them as low-risk for a 
specific flight. See appendix I for a list of Secure Flight screening 
activities.
    To conduct Secure Flight screening, TSA uses passenger information, 
known collectively as Secure Flight Passenger Data (SFPD), which is 
collected by aircraft operators.\9\ Once this screening is conducted, 
Secure Flight then sends the air carrier a determination of how the 
passenger will be screened at the checkpoint if provided a boarding 
pass. These determinations include a ``TSA PreCheckTM-
eligible'' message for passengers who may receive expedited screening; 
a ``cleared'' message for passengers found not to match any high- or 
low-risk list and who, therefore, will generally receive standard 
screening; and a ``selectee'' message for passengers who should undergo 
enhanced screening.\10\ For passengers matching the No-Fly List, the 
air carrier is precluded from issuing a boarding pass.
---------------------------------------------------------------------------
    \9\ See 49 C.F.R.  1560.3. SFPD includes personally identifiable 
information, such as full name, gender, date of birth, passport 
information (if available), and certain nonpersonally identifiable 
information, such as itinerary information and the unique number 
associated with a travel record (record number locator).
    \10\ Standard screening typically includes passing through a walk-
through metal detector or Advanced Imaging Technology screening, which 
identifies objects or anomalies on the outside of the body, and X-ray 
screening for the passenger's accessible property. Enhanced screening 
includes, in addition to the procedures applied during a typical 
standard screening experience, a pat-down and an explosive trace 
detection search or physical search of the interior of the passenger's 
accessible property, electronics, and footwear. Expedited screening 
typically includes walk-through metal detector screening and X-ray 
screening of the passenger's accessible property, but unlike in 
standard screening, travelers do not have to, among other things, 
remove their belts, shoes, or light outerwear. The Secure Flight system 
may also return an error response to air carriers regarding passengers 
for whom Secure Flight has received incomplete data.
---------------------------------------------------------------------------
    Passengers who believe they have been unfairly denied boarding or 
identified for additional screening may apply to DHS TRIP using an on-
line application, by e-mail, or by mail. If DHS TRIP determines that an 
individual is still a potential match to a TSDB watch list record, it 
refers the matter to TSC for further review. TSC then conducts its own 
review of whether the individual has been misidentified to a watch list 
and whether, based on the most current available information and 
criteria for inclusion on the list, the individual is either correctly 
assigned to the list or is wrongly assigned and should be removed from 
the list. If DHS TRIP and TSC determine that no change in the 
passenger's status is warranted, the passenger is notified of this 
decision, and depending on the determination, some passengers are 
permitted the opportunity to appeal the decision. When passengers 
appeal, DHS TRIP forwards all completed appeals paperwork to TSC. TSC 
analysts are to review all derogatory information maintained on the 
appellant to make a written recommendation to TSA on the appeal. TSA 
then reviews TSC's recommendation through its own internal process, 
which can include going back to TSC for additional information, before 
the TSA administrator makes the final determination to uphold the 
appellant's status, recommend that TSC downgrade the appellant to 
another TSDB-based list, or recommend that TSC remove the appellant 
from the list.\11\
---------------------------------------------------------------------------
    \11\ TSC, in the course of its review, may also find the appellant 
was misidentified to a TSDB-based list.
---------------------------------------------------------------------------
   tsa lacks key information to determine whether the secure flight 
                     program is achieving its goals
    In September 2014, we reported that Secure Flight has established 
program goals that reflect new program functions since 2009 to identify 
additional types of high-risk and also low-risk passengers; however, 
current program performance measures do not allow Secure Flight to 
fully assess its progress toward achieving all of its goals. For 
example, to measure performance toward its goals that address the 
system's ability to accurately identify passengers on various watch 
lists, Secure Flight collects various types of data, including the 
number of passengers TSA identifies as matches to high- and low-risk 
lists. However, we found that Secure Flight does not have measures to 
assess the extent of system-matching errors--for example, the extent to 
which Secure Flight is missing passengers who are actual matches to 
these lists. In addition, we found that Secure Flight's measures do not 
provide information on progress toward the program's goal to 
incorporate additional risk-based security capabilities to streamline 
processes and accommodate additional aviation populations, in part 
because the goal itself did not specify how performance toward the goal 
should be measured.
    We concluded that additional measures that address key performance 
aspects related to program goals, and that clearly identify the 
activities necessary to achieve goals, in accordance with the 
Government Performance and Results Act, would allow TSA to more fully 
assess progress toward its goals. For example, a measure that reflects 
misidentifications to all high-risk lists could help TSA appropriately 
gauge its performance with respect to its goal of limiting such 
misidentifications. Likewise, establishing measures that clearly 
represent the performance necessary to achieve the program's goal that 
addresses risk-based security capabilities will allow Secure Flight to 
determine the extent to which it is meeting its goal of adapting the 
Secure Flight system for different risk-based screening activities. 
Without measures that provide a more complete understanding of Secure 
Flight's performance, TSA cannot compare actual with desired results to 
understand how well the system is achieving these goals. Therefore, we 
recommended in September 2014 that TSA develop additional measures to 
address key performance aspects related to each program goal, and 
ensure these measures clearly identify the activities necessary to 
achieve progress toward the goal. DHS concurred with our recommendation 
and stated that TSA's Office of Intelligence and Analysis (OIA) will 
evaluate its current Secure Flight performance goals and measures and 
develop new performance measures as necessary.
    We also found in September 2014 that TSA lacks timely and reliable 
information on all known cases of Secure Flight system matching errors. 
TSA officials told us at the time of our review that when TSA receives 
information related to matching errors of the Secure Flight system, the 
Secure Flight Match Review Board reviews this information to determine 
if any actions could be taken to prevent similar errors from happening 
again.\12\ We identified instances in which the Match Review Board 
discussed system-matching errors, investigated possible actions to 
address these errors, and implemented changes to strengthen system 
performance. However, we also found that TSA does not have readily-
available or complete information on the extent and causes of system-
matching errors. We recommended that TSA develop a mechanism to 
systematically document the number and causes of the Secure Flight 
system's matching errors, in accordance with Federal internal control 
standards. Such a mechanism would provide Secure Flight more timely and 
reliable information on the extent to which the system is performing as 
intended. DHS concurred with our recommendation and stated that TSA's 
OIA will develop a more robust process to track all known cases in 
which the Secure Flight system has made a matching error, and that the 
Secure Flight Match Review Board will conduct reviews to identify 
potential system improvement measures on a quarterly basis.
---------------------------------------------------------------------------
    \12\ Secure Flight's Match Review Board--a multi-departmental 
entity--and associated Match Review Working Group review performance 
measurement results and recommend changes to improve system 
performance, among other things.
---------------------------------------------------------------------------
    tsa has processes in place to implement secure flight screening 
determinations at checkpoints, but could take further action to address 
                            screening errors
    In September 2014, we reported that TSA has processes in place to 
implement Secure Flight screening determinations at airport 
checkpoints, but could take steps to enhance these processes. Screening 
personnel at airport checkpoints are primarily responsible for ensuring 
that passengers receive a level of screening that corresponds to the 
level of risk determined by Secure Flight by verifying passengers' 
identities and identifying passengers' screening designations. TSA 
information from May 2012 through February 2014 that we assessed 
indicates that screening personnel have made errors in implementing 
Secure Flight determinations at the checkpoint. TSA officials we spoke 
with at five of the nine airports where we conducted interviews conduct 
after-action reviews of screening errors at the checkpoint and have 
used these reviews to take action to address the root causes of those 
errors. However, we found that TSA does not have a systematic process 
for evaluating the root causes of these screening errors at the 
checkpoint across airports, which could allow TSA to identify trends 
across airports and target Nation-wide efforts to address these issues.
    Officials with TSA's Office of Security Operations (OSO) told us in 
the course of our September 2014 review that evaluating the root causes 
of screening errors would be helpful and stated they were in the early 
stages of forming a group to discuss these errors. However, TSA was not 
able to provide documentation of the group's membership, purpose, 
goals, time frames, or methodology. Standards for Internal Control in 
the Federal Government states that managers should compare actual 
performance with expected results and analyze significant 
differences.\13\ Therefore, we recommended in September 2014 that TSA 
develop a process for evaluating the root causes of screening errors at 
the checkpoint and then implement corrective measures to address those 
causes. DHS concurred with our recommendation and stated that TSA's OSO 
will collect and evaluate data on screening errors to identify root 
causes and work to implement corrective measures. Uncovering and 
addressing the root causes of screening errors could allow TSA to 
strengthen security screening at airports by reducing the number of 
these errors at the checkpoint.
---------------------------------------------------------------------------
    \13\ GAO, Internal Control: Standards for Internal Control in the 
Federal Government, GAO/AIMD-00-21.3.1. (Washington, DC: Nov. 1, 1999).
---------------------------------------------------------------------------
  dhs trip addresses inconveniences and delays related to tsdb-based 
      lists, and is taking actions to reduce case-processing time
    In September 2014, we reported that DHS TRIP affords passengers 
adversely affected by TSA screening processes an opportunity to address 
inconveniences and delays associated with being potentially 
misidentified to a TSDB-based list.\14\ Passengers who are determined 
to have been incorrectly matched to or listed on high-risk lists based 
on the TSDB are added to a list of passengers known as the TSA Cleared 
List, which allows them to be cleared (not identified as high-risk) 
nearly 100 percent of the time.\15\ The DHS TRIP process also allows 
passengers determined to have been improperly included on a TSDB-based 
list (mislisted) to be removed, minimizing the likelihood they will be 
identified as matches during future travels.\16\ Although DHS TRIP is 
not able to provide redress for passengers who may have been 
misidentified to high-risk, rules-based lists (TSA's lists of high-risk 
passengers who, based on risk-based criteria, should be subject to 
enhanced screening procedures though they may not be in the TSDB), 
according to TSA officials, TSA procedures for using such lists 
mitigate impacts on these passengers. These procedures may result in 
TSA removing passengers from the lists, which ensures that passengers 
who are misidentified to those individuals will no longer be identified 
as a match, and thus delayed or inconvenienced as a result.
---------------------------------------------------------------------------
    \14\ The specific impacts experienced by a passenger who has been 
matched to a watch list vary depending upon the list to which the 
passenger is matched. For example, an individual with a name similar to 
that of someone who is on the No-Fly list likely will be unable to 
utilize the convenience of internet, curbside, and airport kiosk check-
in options.
    \15\ Upon receipt of a complete application, DHS TRIP sends a 
notification of receipt with a redress control number to the passenger. 
DHS TRIP adds the name, date of birth, and redress control number of 
applicants determined not to match a TSDB-based list to the TSA Cleared 
List. Passengers included on the TSA Cleared List must then submit 
their redress control number when making a reservation to allow the 
Secure Flight system to recognize and clear them. Because of the 
application of other TSA security measures, such as random selection, 
an individual's presence on the Cleared List may diminish, but will not 
preclude, the possibility of being selected for enhanced screening.
    \16\ During the pendency of this review, various courts have issued 
decisions relating to the No-Fly List and DHS TRIP. For example, in 
January 2014, a judge of the U.S. District Court for the Northern 
District of California issued a findings of fact, conclusions of law, 
and order for relief in the case of Ibrahim v. Dep't of Homeland 
Security, No. C 06-00545 WHA (N.D. Cal. Jan 14, 2014) (redacted). 
Specifically, the court found that in this matter, which involved facts 
dating back to 2004, the plaintiff had been placed on the No-Fly List 
as a result of a Federal Bureau of Investigation agent's human error 
and that, among other things, the redress response letter provided to 
the plaintiff by the redress program in place prior to the 
establishment of DHS TRIP was inadequate at the time because the 
response was vague and ``fell short of providing any assurance to [the 
Plaintiff] . . . that the mistake had been traced down in all its forms 
and venues and corrected.'' In June 2014, a judge of the U.S. District 
Court for the District of Oregon issued an opinion and order 
concluding, among other things, that because DHS TRIP procedures do not 
afford individuals the requirements of due process in so much as they 
do not provide them with notice regarding their status on the No-Fly 
List and the reasons for placement on the list, ``the absence of any 
meaningful procedures to afford Plaintiffs the opportunity to contest 
their placement on the No-Fly List violates Plaintiffs' rights to 
procedural due process.'' See Latif v. Holder, No. 3:10-cv-00750-BR (D. 
Or. June 24, 2014). According to a Joint Supplemental Status Report 
filed with the district court on September 3, 2014, the Government is 
in the process of developing revised procedures and is committed to 
complete this and other steps and issue final orders prior to February 
2, 2015. Our review focused on the procedures and data relating to 
implementation of the DHS TRIP redress and appeals processes and did 
not evaluate DHS TRIP on sufficiency of procedural due process grounds.
---------------------------------------------------------------------------
    We also found that DHS has reduced its average processing time for 
redress cases and is taking actions to further reduce processing times. 
Specifically, we found that DHS TRIP officials took several steps in 
fiscal year 2013 to reduce the overall processing time and a backlog of 
redress cases including, for example, automating its response to DHS 
TRIP applicants and hiring additional staff. According to DHS TRIP 
officials, at the beginning of fiscal year 2014, DHS TRIP's average 
case-processing time for redress cases was approximately 100 days, and 
as of June 2014, the average case-processing time was about 42 days. In 
January 2014, DHS TRIP also reduced its target for one of its key 
performance indicators--average number of days for DHS TRIP redress 
cases to be closed--from 93 to 78 days.
    In addition, we reported in September 2014 that DHS TRIP is taking 
actions to reduce processing times for appeals cases. Appeals 
applicants receive a letter stating that DHS will provide a final 
agency decision on the appeal within 60 days of receipt of the appeal. 
However, we found that the average total processing time for the 
appeals process for fiscal years 2011 through 2013 was 276 days. In 
fiscal year 2013, DHS TRIP began taking several actions to make the 
appeals process more structured and reduce the overall review time, 
including, among other things, developing and distributing documents 
that provide information on the status and outcome of each appeal case 
and implementing a more formalized process for reviewing appeals. In 
January 2014, DHS TRIP also established intermediate and long-term 
performance goals for the appeals process for the first time. 
Specifically, the intermediate performance goal calls for an average 
total processing time of 92 days, while the long-term performance goal 
calls for an average processing time of 60 days, consistent with the 
time frame DHS TRIP commits to achieving in the letter informing 
applicants of their right to appeal. According to DHS TRIP officials, 
the agency plans to periodically assess its progress toward achieving 
its intermediate and long-term goals for reducing appeals-processing 
times. Officials stated that if DHS TRIP finds it is not making 
adequate progress by February 2015--about 1 year after the program 
began taking specific actions to reduce the overall review time--it 
would first evaluate whether further changes and improvements could be 
made to shorten the appeals process before considering, in 
collaboration with TSC and the DHS Screening Coordination Office, a 
change to the 60-day time frame stated in the appeals letter.
 tsa has implemented oversight mechanisms to address passenger privacy 
     requirements, but additional actions could better ensure full 
                               compliance
    TSA has taken steps to implement privacy oversight mechanisms, but, 
as we reported in September 2014, additional actions could allow TSA to 
sustain and strengthen its efforts. Overall, TSA has implemented 
mechanisms to identify privacy implications associated with program 
operations and address them as necessary. For example, TSA has 
regularly-updated privacy documents to address changes in the Secure 
Flight program and maintains and reviews audit logs of Secure Flight 
system and user events, such as requests to access the system that 
generates reports on Secure Flight activities. TSA has also implemented 
privacy training for new Secure Flight staff, and all DHS employees 
receive annual privacy training. However, we found that existing Secure 
Flight staff do not receive job-specific privacy refresher training 
consistent with Office of Management and Budget (OMB) requirements.\17\ 
For example, TSA updated its privacy training for new Secure Flight 
staff in December 2013 to reflect new privacy risks unique to Secure 
Flight's expanded screening activities. However, because the DHS 
privacy refresher training for existing staff is not job-specific, 
staff who joined Secure Flight prior to December 2013 may not have 
received privacy training specific to these new screening activities. 
We recommended that TSA provide at least annual job-specific privacy 
refresher training in order to further strengthen Secure Flight's 
protection of personally identifiable information. DHS concurred with 
our recommendation and stated that TSA's OIA will develop and deliver 
job-specific privacy refresher training for all Secure Flight staff.
---------------------------------------------------------------------------
    \17\ See Office of Management and Budget, Safeguarding Against and 
Responding to the Breach of Personally Identifiable Information, OMB 
Memorandum M-07-16 (Washington, DC: 2007).
---------------------------------------------------------------------------
    We also reported in September 2014 that TSA documents some aspects 
of its Secure Flight privacy oversight mechanisms, such as scheduled 
destructions of passenger data and reviews of planned changes to the 
Secure Flight system. However, TSA does not have a mechanism to 
comprehensively document and track key privacy-related issues and 
decisions that arise through the development and use of Secure Flight--
a mechanism TSA planned to develop when Secure Flight implementation 
began in 2009. In the course of our September 2014 review, TSA's Secure 
Flight privacy officer told us that, in the absence of such a system, 
Secure Flight relies on its privacy contract staff to oversee and 
monitor privacy protections, in consultation with the designated Secure 
Flight program privacy officer and the TSA Privacy Officer. However, it 
is unknown whether this ad hoc communication would be sustained after a 
personnel change in Secure Flight's privacy team or contractor 
personnel, and whether privacy-related decisions previously made would 
continue to be implemented without documentation to inform new staff. 
Therefore, to help TSA ensure that these decisions are carried into the 
future in the event of a change in personnel, we recommended that TSA 
comprehensively document and track key privacy-related issues and 
decisions, in accordance with Federal internal control standards. DHS 
concurred with our recommendation and stated that it will develop a 
mechanism to document such issues and decisions.
    Chairman Hudson, Ranking Member Richmond, and Members of the 
subcommittee, this concludes my prepared testimony. I look forward to 
answering any questions that you may have.
            Appendix I.--Secure Flight Screening Activities

------------------------------------------------------------------------
        Screening Activity                      Description
------------------------------------------------------------------------
No-Fly List (high-risk)..........  The No-Fly List is a subset of the
                                    Terrorist Screening Database (TSDB),
                                    the U.S. Government's consolidated
                                    watch list of known or suspected
                                    terrorists maintained by the
                                    Terrorist Screening Center (TSC), a
                                    multi-agency organization
                                    administered by the Federal Bureau
                                    of Investigation. The No-Fly List
                                    contains records of individuals who
                                    are suspected of posing or known to
                                    pose a threat to aviation or
                                    National security and are prohibited
                                    from boarding an aircraft or
                                    entering the sterile area of an
                                    airport. Secure Flight has matched
                                    passengers against the No-Fly List
                                    since 2009.
Selectee List (high-risk)........  The Selectee List is a subset of the
                                    TSDB containing records of
                                    individuals who must undergo
                                    enhanced security screening before
                                    being permitted to enter the sterile
                                    area or board an aircraft. Secure
                                    Flight has matched against the
                                    Selectee List since 2009.
Expanded Selectee List (high-      The Expanded Selectee List includes
 risk).                             terrorist records in the TSDB with a
                                    complete name and date of birth that
                                    meet the reasonable suspicion
                                    standard to be considered a known or
                                    suspected terrorist, but that do not
                                    meet the criteria to be placed on
                                    the No-Fly or Selectee Lists \1\
                                    Secure Flight began matching against
                                    the Expanded Selectee List in April
                                    2011.
Transportation Security            The high-risk rules-based lists
 Administration (TSA) rules-based   include two lists of passengers who
 lists (high-risk).                 may not be known or suspected
                                    terrorists, but who, according to
                                    intelligence-driven, scenario-based
                                    rules developed by TSA in
                                    consultation with U.S. Customs and
                                    Border Protection (CBP), may pose an
                                    increased risk to transportation or
                                    National security.
Centers for Disease Control and    The CDC Do Not Board List is managed
 Prevention (CDC) Do Not Board      by CDC. It includes individuals who
 List (high-risk).                  pose a significant health risk to
                                    other travelers and are not allowed
                                    to fly.
TSA PreCheckTM lists (low-risk)..  TSA PreCheckTM lists include lists of
                                    pre-approved, low-risk travelers,
                                    such as certain members of CBP's
                                    Trusted Traveler programs, members
                                    of the U.S. armed forces,
                                    Congressional Medal of Honor Society
                                    members, and Members of Congress--
                                    groups of individuals TSA has
                                    determined pose a low risk to
                                    transportation or National security--
                                    as well as a PreCheckTM list created
                                    by TSA and composed of individuals
                                    who apply and are pre-approved as
                                    low-risk travelers through the
                                    PreCheckTM Application Program.\2\
                                    Secure Flight began matching against
                                    its first set of low-risk lists, CBP
                                    Trusted Traveler Lists, in October
                                    2011 and instituted the PreCheckTM
                                    Application Program in December
                                    2013.
TSA PreCheckTM Disqualification    The PreCheckTM Disqualification List
 List (ineligible for low-risk).    is a list of individuals who, based
                                    upon their involvement in violations
                                    of security regulations of
                                    sufficient severity or frequency
                                    (e.g., bringing a loaded firearm to
                                    the checkpoint), are disqualified
                                    from receiving expedited screening
                                    for some period of time or
                                    permanently.
TSA PreCheckTM risk assessments    Secure Flight assesses certain travel-
 (low-risk).                        related information submitted by
                                    passengers and assigns them scores
                                    that correspond to a likelihood of
                                    being eligible for expedited
                                    screening for a specific flight.
                                    Secure Flight began performing these
                                    assessments for selected frequent
                                    flier members in October 2011 and,
                                    in October 2013, began using them to
                                    evaluate all passengers not
                                    determined to be a match to a high-
                                    risk or low-risk list.
------------------------------------------------------------------------
 Source.--GAO analysis of TSA and TSC information. GAO-14-796T
\1\ All TSDB-based watch lists utilized by the Secure Flight program
  contain records determined to have met TSC's reasonable suspicion
  standard. In general, to meet the reasonable suspicion standard, the
  agency nominating an individual for inclusion in the TSDB must
  consider the totality of information available that, taken together
  with rational inferences from that information, reasonably warrants a
  determination that an individual is known or suspected to be or have
  been knowingly engaged in conduct constituting, in preparation for, in
  aid of, or related to terrorism or terrorist activities. To be
  included on the No-Fly and Selectee Lists, individuals must meet
  criteria specific to these lists. The TSDB, which is the U.S.
  Government's consolidated watch list of known or suspected terrorists,
  also contains records on additional populations of individuals that do
  not meet the reasonable suspicion standard articulated above but that
  other Federal agencies utilize to support their border and immigration
  screening missions. In addition, according to TSA officials, Secure
  Flight does not utilize all terrorist records in the TSDB because
  records with partial data (i.e., without first name, surname, and date
  of birth) could result in a significant increase in the number of
  passengers misidentified.
\2\ Individuals on all low-risk lists receive a Known Traveler Number
  that they must submit when making travel reservations to be identified
  as low-risk. See 49 C.F.R.  1560.3 (defining ``Known Traveler
  Number''). TSA also refers to these lists as Known Traveler lists.


    Mr. Hudson. Thank you, Ms. Grover.
    We appreciate all of the witnesses for being here, and 
thank you for your service to our country.
    I now recognize myself for 5 minutes to ask questions.
    We will start, Mr. Piehota, we know that an increasing 
number of Westerners, including Americans, have joined the 
fight in Iraq and Syria. How confident are you in our ability 
to track these foreign fighters and ensure that they are being 
added to the terrorist screening database, including the No-Fly 
List?
    Mr. Piehota. The U.S. Government has a very capable 
watchlisting and screening enterprise, and I have a high amount 
of confidence in the abilities of my partners to identify and 
report known or suspected terrorist identities to the Terrorist 
Screening Center, and I have a high bit of confidence in the 
Terrorist Screening Center's ability to export that information 
to be used by our partners in countering the terrorist threat.
    Mr. Hudson. I appreciate that.
    Mr. Sadler, do you want to comment on that at all?
    Mr. Sadler. Well, I would say that we have a very close 
working relationship with the Terrorist Screening Center, as we 
do with all our Federal partners. It is important to understand 
that when that intelligence comes in, that when it goes into 
the organizations that will nominate to the Terrorist Screening 
Center and when the Terrorist Screening Center nominates those 
individuals to the watch list, we come in and do our job and we 
operationalize that data.
    So I just want to make the point, we have got a great 
working relationship with all of our partners, and I think we 
are doing a good job with this.
    Mr. Hudson. Great. Well, it is important that we do.
    Mr. Piehota, has the number of individuals on the No-Fly 
List grown significantly due to the situation in Syria and 
Iraq?
    Mr. Piehota. We can't correlate any significant increase in 
the TSDB populations due to the overseas activities right now.
    Mr. Hudson. How has the Terrorist Screening Center 
streamlined the watch list process and improved information 
sharing within the intelligence community? I mean, you both 
said that there is a good working relationship there, but could 
you maybe give us some specifics of how you have made those 
improvements?
    Mr. Piehota. Well, first the Terrorist Screening Center has 
improved its policy, its protocol, and its technical 
infrastructure over the past few years to remove manual 
processes, lower potential for human error, and as well as to 
send information to our watchlisting and screening partners in 
a real-time fashion.
    As information is processed at the Terrorist Screening 
Center, seconds later it shows up with our partners so they can 
do near-real-time screening as well, a significant technical 
increase in information management.
    We have also participated with our partners in various 
committees, interagency functions, and collaborative projects 
that have brought our organizations close together, that we 
have common operating perspectives, and, as Mr. Sadler said, we 
work exceptionally well together, and I would daresay that our 
relationship with TSA has never been closer or more effective 
than it is right now.
    Mr. Hudson. Great.
    Mr. Sadler, recently we learned that a former employee at 
the Minneapolis-St. Paul Airport was killed while fighting for 
ISIS in Syria. While employed at the airport, this individual 
held credentials that allowed him to work as a fuel technician 
and a cleaner with access to sterile areas of the airport as 
well as the tarmac and the aircraft itself.
    Can you explain how TSA works to mitigate the insider 
threat at airports across the country, especially in light of 
this latest situation?
    Mr. Sadler. Well, every individual that is issued an 
airport credential is sent into my office, and we vet those 
individuals on a daily basis against the Terrorist Screening 
Database. We also do some other checks on them as well. So we 
are very cognizant of the population that works at the airport.
    That is just my piece of it. You also have to understand 
that we have personnel at the airport. We have great 
relationships with the FBI, with State and local authorities at 
those individual airports as well. But my part of it is to take 
that information and vet it on a daily basis. So if a change 
comes through from the Terrorist Screening Center we will know 
very quickly what that change is and what it means to our 
vetted population.
    Mr. Hudson. Great. I appreciate that.
    Ms. Grover, I have become a fan of your work over the 
years. Appreciate you being here with us again. You talked 
about some of the difficulties of the checkpoint, and you 
mentioned in your written statement about fraudulent IDs, 
people being able to avoid sort of the No-Fly List or the 
advanced screening.
    How is TSA addressing this vulnerability posed by 
fraudulent IDs and boarding passes?
    Ms. Grover. TSA is making better progress with boarding 
pass issues than the issue of potential fraudulent IDs, I would 
say. They have boarding pass scanners in place at many, but not 
all of the airport checkpoints, and the scanners are designed 
to provide support to the travel document checker who works 
there to confirm that the boarding pass is genuine, and then it 
alerts the travel document checker to the specific level of 
screening that that individual is supposed to receive.
    As far as confirming that the identification that 
individuals are using is genuine, that is still the 
responsibility of the travel document checker at this point. 
TSA has awarded a contract for the development of credential 
authentication technology, but it was just awarded in April, 
and I believe it is still in the proof-of-concept stage, so 
that technology support is still quite a ways out.
    Mr. Hudson. Thank you.
    My time has expired and so I will recognize the Ranking 
Member, Mr. Richmond, for any questions he may have.
    Mr. Richmond. Thank you, Mr. Chairman.
    Mr. Piehota, according to publicly-available data from TSC, 
as of September 2011 there were approximately 16,000 
individuals on the No-Fly List and approximately 16,000 
individuals on the Selectee List. What are the current 
statistics for those numbers of people who are on the No-Fly 
and Selectee lists?
    Mr. Piehota. The Terrorist Screening Center currently 
stands at about 800,000 identities. For those identities, for 
the No-Fly List, we are looking at about 8 percent of the 
overall population of the TSDB are watchlisted at the No-Fly 
level; about 3 percent of the overall population of the TSDB is 
watchlisted at the Selectee level.
    Mr. Richmond. As I play around with that, how many of those 
individuals on the No-Fly List are U.S. persons?
    Mr. Piehota. Approximately 0.8 percent of the overall TSDB 
population.
    Mr. Richmond. A lot of times what we deal with, and we 
develop policies in theory, and in theory they make a lot of 
sense, and in reality we either didn't go far enough or it just 
doesn't make sense. As I look at all the people on the No-Fly 
List, it just does not make common sense to me that you can be 
on the No-Fly List, where we don't want you flying on our 
planes, but you can go and enroll in flight school and learn 
how to fly a plane.
    Can you all just give me your assessment of why we would 
have a policy where you can't fly, but you can go learn how to 
fly a plane? Am I missing a distinction?
    Mr. Sadler. I will take that one, sir. So any foreign 
applicant who wants to learn how to fly an aircraft gets vetted 
prior to them receiving training. So whether they are training 
here, if it is an FAA-certified school, whether they are 
training here, whether they are training overseas, we vet them.
    Any U.S. person gets vetted through the FAA process. So 
anyone who has an FAA certificate, a student pilot, whatever 
that happens to be, that comes into my office, we vet those 
individuals on a daily basis against the TSDB. So they are all 
vetted.
    Mr. Richmond. Right. But if we don't want them even flying 
on a plane, why would we want them to learn how to fly a plane?
    Mr. Sadler. If they are on the watch list, No-Fly, they do 
not learn how to fly a plane. So the foreign applicants get 
vetted against the No-Fly List and the full TSDB, and they are 
denied their training application if we determine that they are 
on that watch list.
    Mr. Richmond. So everyone on the No-Fly List and the 
Selectee List, they are barred from flight school?
    Mr. Sadler. There are other operational considerations 
whenever you vet an individual, and I would be happy to talk 
about that in a closed setting, but they are all vetted through 
the watch list.
    Mr. Richmond. Okay. I just want to make sure we are saying 
the same thing. If they are on the watch list, they can't go to 
flight school?
    Mr. Sadler. It depends on the situation, sir, and that is 
why I said I would like to talk to you about this in a closed 
session.
    Mr. Richmond. Well, thank you.
    Did anybody else want to respond to that?
    Ms. Grover, GAO noted in its Secure Flight effectiveness 
report that TSA has asserted that it is difficult to measure 
the extent to which the Secure Flight system may miss 
passengers on a high-risk list in real time, but used proxy 
methods to accomplish this when the system was under 
development. Should TSA reinstate the use of proxy methods to 
better assess the rates at which a watchlisted passenger may be 
missed by the Secure Flight program?
    Ms. Grover. Yes, sir, that is exactly the sort of strategy 
that would allow TSA to have some additional information about 
the extent to which the Secure Flight system is accurately 
identifying all of the individuals that it needs to identify.
    When they were first developing the Secure Flight program 
they used simulated passenger lists and watch lists to be able 
to approximate the accuracy of the system, and that would be 
something that they could use on a regular basis to get 
information about how well the system is working and the 
likelihood of misses occurring.
    They also have a similar system that they use right now 
when they are considering changes to the way the match process 
is working that allows them to use historical data, just from 
the past 7 days, to say, if we make this change, does it 
improve the matching rate or does it introduce more errors. So 
any of those approaches would be better than the current 
situation, which is really no information about the number of 
misses that are occurring on a regular basis.
    Mr. Richmond. Thank you.
    I see my time has expired, so I yield back.
    Mr. Hudson. Thank the gentleman.
    The Chairman now recognizes the gentlelady from Indiana, 
Mrs. Brooks, for any questions she may have.
    Mrs. Brooks. Thank you, Mr. Chairman, and thank you for 
calling this hearing on this most important topic.
    Mr. Sadler, how does the TSA know that individuals who are 
on the watch list are not experiencing the expedited screening 
through TSA's PreCheck, like managed inclusion, which I am 
seeing more and more? I fly in and out of the Indianapolis 
Airport, that is a managed inclusion site. How do we know that 
they are not being chosen and put into managed inclusion?
    Mr. Sadler. Well, the first thing, I just want to go back, 
if you don't mind, ma'am. We do have information on the 
efficiency and effectiveness of our system. We are looking at 
new test data, and that new test data is going to be developed 
based on our experience of vetting 3.7 billion records since we 
implemented Secure Flight. So we have a pretty good idea of 
what we are doing. We can improve. We appreciate GAO's 
recommendations, and we concur with those and we are going to 
implement those.
    So everyone who goes through that airport is going to be 
prescreened by TSA. So they should have a marking on the 
boarding pass. That marking should be identified. That should 
preclude them from going into managed inclusion.
    The other thing I would say is, even with the 
recommendations, everyone who goes through that checkpoint is 
screened. So when you go through a managed inclusion checkpoint 
we are screening you with a number of layers of security at 
that checkpoint and within the airport itself. So I think that 
is a very important point. Everyone is being screened going 
through that checkpoint.
    Mrs. Brooks. What happens if the travel documents checker 
that we have heard referred to misses the selectee marking?
    Mr. Sadler. If they miss the selectee marking, that 
individual is going to be screened. That is the point that I 
want to make. You don't go through the checkpoint, to my 
knowledge, without being screened. Whether it is a behavior 
detection officer, whether it is a canine, whatever, whether it 
is an ETD, explosion trace detection, those individuals are 
being screened.
    Mrs. Brooks. I would like to just ask Mr. Piehota, on 
average, your watch lists, they aren't randomly created. 
Obviously you get referrals from law enforcement and from 
others, from FBI, Secret Service, others. How long does it take 
once an intelligence or a law enforcement agency nominates an 
individual to make it into the Terrorist Watch List before that 
person is added to the list?
    Mr. Piehota. The time varies due to the complexity of 
certain issues and the priority assigned to certain 
watchlisting transactions. Some are routine modifications to 
records. They are, of course, lower priority rather than people 
who are added to the list, who receive higher priority. I would 
not give a specific time period, because it varies from record 
to record, because there are many different aspects to each 
record of nomination.
    Mrs. Brooks. Well, and I am certain, having worked with 
Joint Terrorism Task Forces in the past, when they refer you 
names, what are some of the criteria that you use to determine 
how quickly, if the JTTF sends you a name, how quickly does it 
make it into that list, because, as we know, timing can be 
critically important in today's environment.
    Mr. Piehota. All add nominations are processed immediately. 
They are usually done, it could be minutes to hours. 
Modifications, again, the type of modification it is, it could 
take anywhere from hours to a day or so. If it is a delete 
action, they generally happen pretty quickly as well, within 
the next day or so.
    Mrs. Brooks. Mr. Sadler, does TSA have the ability to 
prevent an individual from boarding an airplane even before 
that individual is added to a No-Fly List?
    Mr. Sadler. Yes. The administrator has the authority to 
determine who can board an aircraft and who can't.
    Mrs. Brooks. How would that work if TSA believes--maybe it 
has not yet gone through the practice, they are not on the No-
Fly List--how would that process work if TSA receives 
information that this person should not be boarding a plane?
    Mr. Sadler. So based on our earlier comments, the 
communication between our organizations is as good as I have 
seen it since I have been in this job. So we would receive that 
information. If we felt that there was a threat to the aircraft 
or the risk was too high, then we would notify our vetting 
operations, who would inhibit the record of that individual, if 
we had that record, or it would be inhibited when the 
individual made a reservation, and then we would stop that 
individual at that point.
    Mrs. Brooks. How often does TSA review the names that are 
actually on the expedited list?
    Mr. Sadler. From the TSC, you mean?
    Mrs. Brooks. Yes. Not from TSC. You have expedited lists. 
How often does TSA take a look at that list?
    Mr. Sadler. We normally do that on a monthly basis, and 
then I personally review it on a quarterly basis.
    Mrs. Brooks. Okay.
    Mr. Sadler. We have a very strict oversight process for 
that with our chief counsel and with our privacy officer as 
well when we make those decisions.
    Mrs. Brooks. Thank you. My time is up. I yield back.
    Mr. Hudson. Thank the gentlelady.
    The Chairman now recognizes the gentleman from California, 
Mr. Swalwell, for any questions you may have.
    Mr. Swalwell. Thank you, Chairman.
    Last week I had the opportunity, on September 10, to go 
over to the TSA, Administrator Sadler, you were there, and I 
met with Administrator Pistole and sat in on your morning 
threat assessment brief. I appreciate you extending that 
opportunity to me. It was a very, I think, timely visit, in 
that September 11 was the next day. I left that meeting 
impressed with the men and women and the effort behind keeping 
us safe in the skies every day. So I have great confidence that 
within our country and across the globe TSA is working hard to 
make sure we address the evolving threats across the country.
    I also believe that the threats that we face right now from 
ISIL and the way that TSA and DHS are responding is exactly 
what was envisioned out of the September 11 Commission report. 
We are certainly being tested today.
    Before I ask any further questions, oftentimes it is too 
easy, I think, for us to beat up on TSA, but I do want to 
congratulate you on the success so far on PreCheck. I hear 
about it from my constituents all the time. If anyone hasn't 
signed up for PreCheck, I really encourage you to sign up for 
PreCheck. It has been a success. TSA and its partners in 
implementing it have done a terrific job.
    A few questions. First, Director Piehota, your testimony 
details an extensive system of making sure only the correct 
individuals are put into the Terrorist Screening Database, but 
according to Administrator Sadler, 98 percent of the people who 
ask DHS to remove their names as being incorrectly listed are 
successful in doing so.
    I understand the importance of being over-inclusive. But 
what assurances can you give us that the TSA as well as DHS are 
being just as vigorous to put people on that list as they are 
to take those folks who don't belong on the list off of it? 
Because it is important to me that that list is accurate. I 
understand why it has to be a little more broad. But if someone 
has evidence that they don't belong on the list, I think we 
need to work overtime to take them off and not inconvenience 
them. So if you could just briefly explain how the GAO report 
will bring us to that moment.
    Mr. Piehota. Well, in collaboration with our DHS partners, 
we have cooperatively managed the Redress Inquiry Program. When 
DHS provides us with an inquiry from their Redress Program, we 
take it, we make sure that the individual is actually an 
identical match to an identity in the TSDB. If they have been 
misidentified, we work with our partners at DHS to 
expeditiously remove them.
    Mr. Swalwell. Great. Thank you.
    I also have a question for Administrator Sadler. In light 
of the emerging threat from ISIL, the Americans who we know are 
over there fighting shoulder to shoulder with ISIL, and the 
thousand-plus Westerners who are in the visa waiver countries, 
what are we doing right now to ensure that those countries, 
those visa waiver countries, who do not have 100 percent check 
against the lost and stolen travel database, the lost and 
stolen document database, what are we doing with those 
countries to bring them up to 100 percent compliance?
    Mr. Sadler. Yeah. Sir, I can't speak to that. I am not 
prepared to speak to that today. What I can say, though, is 
that we work very closely with CBP, Customs and Border 
Protection, and along with CBP we vet passports against the 
Stolen and Lost Travel Document database from Interpol. So we 
are taking actions on our side to try and mitigate that risk 
and buy the risk down in that area.
    Mr. Swalwell. Great. As we continue to address this threat, 
is there anything that you believe Congress can do to assist 
the TSA as we try and learn more about what Americans are over 
in the Middle East and North Africa? Is there anything that you 
believe you need additional authority from Congress for or 
funding to better protect us here at home?
    Mr. Sadler. Sir, I mean, we can always use more help, but I 
think the process that we went through with GAO and the 
oversight process makes us stronger, because we have somebody 
who comes in and says, these are the things that we see where 
you can improve. That is what we are about. We are about buying 
down risk, we are about getting better every single day so we 
can do our job the best that we can for the American public.
    Mr. Swalwell. Great. Thank you, Mr. Sadler.
    Ms. Grover, thank you for you and your office's helpful 
report in this matter.
    I yield back the balance of my time.
    Mr. Hudson. Thank the gentleman.
    The Chairman recognizes the gentleman from South Carolina, 
Mr. Sanford, for any questions he may have.
    Mr. Sanford. Thank you, Mr. Chairman.
    I guess a couple different questions. The first, and I 
don't mean to be obstinate, but I want to go back to the 
question that my colleague from New Orleans was asking. It 
seemed to me like a fairly plain vanilla question, which is, 
help me understand, if somebody is on the No-Fly List then that 
means that they can't go and learn how to fly a plane, right?
    Mr. Sadler. Yes.
    Mr. Sanford. There were, like, three different bites at the 
apple, and ultimately still no answer. It was sort-of, if I 
take you into a dark tunnel, then I can answer the question.
    I think from a civil liberties standpoint, that is what 
drives a lot of people crazy about these different lists that 
are kept by the Government. If we are a Nation of laws and not 
men, there is a belief that it ought to be fairly transparent 
at times where we are coming from. Are you on, are you off? If 
it takes three cracks at the apple in a public hearing, and 
then no answer and then the promise of in some closed-door 
environment we can talk about it, it makes a civil libertarian 
crazy. So what about that?
    Mr. Sadler. Well, sir, I think there are some things that 
are operationally sensitive that should be discussed within a 
closed setting. So we try and be as transparent----
    Mr. Sanford. I know. But just going back to common sense, 
to his point, if you say, let me get this right, you can't go 
sit in aisle 37D of the airplane, but you can sit in the 
cockpit, and you can't get an answer on that.
    Mr. Sadler. No, sir. I didn't say that.
    Mr. Sanford. No, but you----
    Mr. Sadler. I didn't say an individual on a No-Fly List 
could sit in the cockpit of an aircraft. I didn't say that. 
What I said was----
    Mr. Sanford. Well, if you learn how to fly an airplane, 
that is where you are sitting.
    Mr. Sadler. What I said was that an individual on the No-
Fly List, to my knowledge, has not received training since I 
have been in this position. All right? What I also said was 
that there were operationally-sensitive matters that I would 
like to discuss in a closed session, but I did not say that 
somebody on the No-Fly List was going to sit in the cockpit. So 
I want to be very----
    Mr. Sanford. But you also did----
    Mr. Sadler. I want to be very clear about that, sir.
    Mr. Sanford. You also equally clearly said that they 
definitively would--there was no definitive yes or no.
    Mr. Sadler. I am telling you, sir, that I do not know of 
any No-Flys that are sitting in the cockpit of an aircraft. 
That is as definitive as I can get.
    Mr. Sanford. Okay. Well, that is much more definitive than 
we got.
    Mr. Sadler. When it gets to an operational issue, then I 
would like to talk to you in a closed session.
    Mr. Sanford. Understood. Okay. All right. We got to a 
little bit of closure on that one.
    Here is another question. I want to follow up on my 
colleague from California's question with regard to delisting, 
which again I think is something that would drive somebody from 
a civil liberties standpoint a bit crazy, which is, you end up 
on the wrong list, it turns out you shouldn't be on that list. 
As I understand it now, it is taking people about a year to be 
cleared from that list, in terms of rough averages, about a 
year, and that the goal now is to take it down to 3 months. Why 
does it still take that long?
    Mr. Sadler. Well, I want to clarify something. The 98 
percent of the individuals that we work with are not on the No-
Fly List. They have no nexus to the No-Fly List.
    Mr. Sanford. Understood.
    Mr. Sadler. Those are individuals that have been matched 
potentially to a person who was on the No-Fly List, and then 
after going through the process you find that they have no 
nexus to that individual on the watch list. So I just wanted to 
clarify that.
    Ninety-eight percent of the individuals who come through 
the Redress Program were not on the watch list and taken off; 
they were individuals that may have been matched to a person on 
the watch list, and then through our redress process, we 
determined that they don't have a nexus to the watch list.
    Mr. Sanford. But it is still taking them a year to get off 
the list.
    Mr. Sadler. No. Those cases through the initial redress 
process, if it is internal to TSA, we can do it within about 2 
weeks; if it is external to TSA, so if it is a CBP issue or a 
Department of State issue, the initial redress takes about 60 
days. That is where the majority of those individuals fall, 
that 98 percent.
    Once you get past that point, the other 2 percent, who have 
some nexus to the watch list, a portion of those may appeal. 
That is when we start getting into the longer time frame.
    Mr. Sanford. Okay. I guess one question would be, though, 
even if you are taken off the list, so as I understand it, you 
are still then on a cleared list.
    Mr. Sadler. That is correct, sir.
    Mr. Sanford. Why be on any list at all?
    Mr. Sadler. Because we want to give you a redress number 
that would allow you to enter that into your reservation, so 
when you come back with another reservation we can run that 
through our system and we can keep you from being 
inconvenienced again. It is our way of ensuring that you can go 
through the checkpoint without being inconvenienced.
    Mr. Sanford. But, I mean, I thought you were cleared. So if 
you got one citizen who goes through the line, turns out he has 
never had any mishap, never been on any wrong list, he is not 
on a cleared list. Why should somebody that went through, turns 
out they were bungled with somebody else's name, why should 
they be on again a cleared list, which raises some level of 
suspicion with regard to, I am on yet another Government list?
    Mr. Sadler. Because we are trying to ensure that they can 
go through the checkpoint without being inconvenienced. So if 
your name is that close and your date of birth is that close to 
that individual, the way we clear that name is by assigning 
this redress control number to the individual that they can put 
in their reservation and then they should be cleared.
    Mr. Sanford. One last question. Well, I am going over. I 
guess I can't. Can I ask one more question? Five seconds? No. 
Okay. Come back to it. Yes, sir.
    Mr. Hudson. I am happy to do a second round if the 
committee would like to do that.
    Mr. Sanford. Thank you. Yes, sir.
    Ms. Jackson Lee. I yield to him so he can ask his question.
    Mr. Hudson. Well, if the gentlelady is willing to hold off 
for a second before her start----
    Ms. Jackson Lee. I will.
    Mr. Hudson [continuing]. Then sure, we will allow the 
gentleman to ask one more question.
    Mr. Sanford. Well, I thank the gentlewoman from Texas. 
Thank you very much.
    I guess my one question would be with all these lists, as I 
understand it, whether it is a Member of Congress or whether it 
is anybody in this room, even we are on different levels of 
risk in terms of gradation. Is that correct?
    Mr. Sadler. Well, I wouldn't go gradation. Well, that is a 
correct answer, but our lists are based on what we know about 
you.
    Mr. Sanford. Well, my only point being, again from a civil 
liberties standpoint, whether it is a Member of Congress who 
has Secret clearance and a whole host of other things, or a 
member of the military or somebody out here, again, why do they 
have to be on any gradation with regard to lists? Why couldn't 
we just clear those folks off this?
    Mr. Sadler. Well, we have to know, sir, that when you are 
coming through the airport that it is you, and we can move you 
off. That is the whole intent of PreCheck. We want to move 
those people off that we know so we can focus our resources 
where they need to be focused.
    Mr. Sanford. But as I am saying, you could be on TSA, have 
PreCheck, but still have a risk factor assigned to you, and I 
don't understand that risk factor.
    But I have taken too much time from the gentlewoman from 
Texas and I need to yield back to her. I really appreciate it. 
Thank you, ma'am.
    Mr. Hudson. Thank the gentleman.
    The Chairman now recognizes the gentlelady from Texas, Ms. 
Jackson Lee, for any questions she may have.
    Ms. Jackson Lee. Mr. Chairman, let me thank you and Mr. 
Richmond for this hearing, very timely hearing, and following 
up on the hearings that we have had this week, the briefings 
that we have had. I just had an opportunity to sit on the 
Foreign Affairs Committee for the testimony of Secretary Kerry; 
as he testified in the Senate yesterday, he was in the House 
today. We had a full committee hearing in the Homeland Security 
Committee with Mr. Thompson, Mr. McCaul this week. Previously 
the Border Security and Maritime Security addressed the 
question of the visa waivers and other ways and means that 
individuals who may be foreign fighters or who may attempt to 
come into the United States might use, and so that we must be 
vigilant to do so.
    Certainly the witnesses before us represent the component 
of vigilance that is important. Secretary Johnson was here, of 
course, and represented well the position of the Department of 
Homeland Security.
    Let me make one or two points before. We are in a posture 
of making sure that we coordinate and are aware of the actions 
that are taken outside the borders of this Nation to protect 
the homeland and to collaborate with what is done on the soil 
of the Nation to protect the homeland and the American people. 
So it is important for the knowledge of the actions that are 
going to be taken, the train and equip, that Congress is 
briefed on that. It is well-known by the American people that 
there have been air strikes, and there are deliberations on the 
utilization of air strikes in places where ISIL can be stopped. 
There is collaboration with other nations in a variety of ways. 
I think it all makes to the security of this Nation.
    So I make the point, and I hope that I will make this on 
the record and that we can get it clarified, on the McKeon 
amendment establishing the appropriate committees that should 
be briefed as the actions have taken place on the train and 
equip, the Homeland Security Committee in both the House and 
the Senate, I believe, should be added. It is outrageous that 
the drafters of the amendment left out the Homeland Security 
Committee. It would be good to keep it quiet and not let anyone 
know that they have been left out, but I believe that it is an 
egregious error by the drafters and whoever is responsible and 
that there is no way that you can ensure the safety of the 
homeland unless we are collaborating. So I hope someone hears 
it and I hope someone makes a correction on that point.
    The second point I want to do is to encourage my colleagues 
to join me on the legislation that I have introduced, the No-
Fly Foreign Fighters legislation, which does not compromise a 
recent court case dealing with the watch lists and the No-Fly 
structure that I understand was just rendered. This is a simple 
cleaning-up. The language I think that is relevant in this 
legislation that has been introduced is that the terrorist 
watch lists utilized by the Transportation Security 
Administration, to determine basically if this is a complete 
list. So we are asking for the appropriate agencies to 
determine whether or not this list that is being utilized is an 
accurate list, is a complete list. It has no impact on one's 
removal. That process is being reviewed. I agree with the 
American Civil Liberties Union that there should be a proper 
process for removal. But I hope my colleagues will join in 
this, simple, that says no fly for foreign fighters. I will 
read some of the language in a moment.
    I see my time is out. So let me just, if I could, ask this 
question, and maybe you will answer it, to--is it Mr. Piehota? 
Is that the correct pronunciation?
    Mr. Piehota. Yes.
    Ms. Jackson Lee. As I indicated, we held a recent hearing 
on the Visa Waiver Program, and during that hearing concerns 
were expressed that someone with a passport from a Western 
country that has joined in the fighting in Syria or in any 
other place in the region where there are efforts at jihad, 
joined with a terrorist organization, could be only one flight 
away from our shores.
    On Tuesday I introduced the No-Fly for Foreign Fighters 
Act. Are individuals known to have joined terrorist 
organizations in Syria and Iraq, is there seemingly a current 
list or current knowledge of those individuals, and are they 
being placed in a position not to possibly do harm in to the 
United States and to the American people? Are we continually 
updating and making sure that we have a complete list to 
address?
    Then my other subset of that, to explain to the 
subcommittee how Secure Flight is being used to identify 
passengers flying internationally for enhanced screening based 
on risk-based, intelligence-driven information.
    Mr. Piehota. The Terrorist Screening Database is updated on 
a 24-hour, 7-day-a-week basis through collaboration with the 
law enforcement, homeland security, and intelligence 
communities. We do this in partnership, we do this in a joint 
National security mission fashion.
    The Terrorist Screening Database at the current time has 
approximately 9,000 identities that have been associated with 
foreign terrorist fighter activities. Of those 9,000 
identities, 95 percent of these people have already been 
watchlisted at the No-Fly level.
    Ms. Jackson Lee. On the Secure----
    Mr. Piehota. That information is then transmitted in a 
transactional real-time fashion to our TSA partners, who then 
use it in their Secure Flight program.
    Ms. Jackson Lee. So let me just conclude, Mr. Chairman, by 
saying, and the idea of my legislation is for Congress to be 
advised on the completeness of the Terrorist Screening 
Database, which I think has not been done, particularly to our 
relevant committees, and to ensure that it is continuously 
updated, and particularly with those who have gone for the 
fight.
    So I hope my colleagues will consider the legislation, but 
I thank the gentleman. I reinforce the point that I am making 
with this legislation, but as well with the questions that I 
asked, in order to secure the homeland, the committees of 
jurisdiction that are relevant to the actions outside of the 
boundaries of this Nation must collaborate with those who have 
the ultimate responsibility for the securing of this Nation. As 
I understand it, that is the jurisdiction of the Homeland 
Security Committee and in this instance on the aviation and 
other matters with the Transportation Security Committee. I 
hope we can fix this as quickly as possible.
    With that, Mr. Chairman, I yield back.
    Mr. Hudson. Well, I thank the gentlelady.
    Thank the witnesses for your testimony and all of the 
Members for your questions today.
    The Members of the subcommittee may have additional 
questions for the witnesses we will ask that you respond to in 
writing.
    Without objection, the subcommittee stands adjourned. Thank 
you.
    [Whereupon, at 3:17 p.m., the subcommittee was adjourned.]


                            A P P E N D I X

                              ----------                              


      Question From Honorable Michael D. Rogers for Stephen Sadler

    Question. The Secure Flight Program's success depends in 
large part upon supporting contracts and contractors. Please 
provide an overview and status update on each of the TSA's 
supporting Secure Flight and Operational Computing Environment 
contracts and acquisitions, including the length and cost of 
each contract.
    Answer. The Transportation Security Administration's Secure 
Flight contract information requested is provided in the tables 
below:

----------------------------------------------------------------------------------------------------------------
                                                                                         Period of
                                                                    Description of      Performance      Total
     Active Contract No.         Contract Type      Contractor      Supply/Service     (Start & End     Value $
                                                                                           Date)        Million
----------------------------------------------------------------------------------------------------------------
1............................  Cost Plus Fixed   Flatter &         Independent       Sep 18, 2009          7.049
                                Fee (CPFF).       Associates.       validation &      thru Mar 17,
                                                                    verification      2015.
                                                                    services.
2............................  CPFF............  Infozen.........  System            Feb 1, 2008 thru     64.779
                                                                    operations &      Nov 27, 2014.
                                                                    maintenance,
                                                                    production
                                                                    environment.
3............................  Firm Fixed Price  InfoGlide.......  Bladeworks        Jan 4, 2011 thru      9.391
                                (FFP).                              software          Nov 3, 2015.
                                                                    maintenance.
4............................  Time and          IBM.............  System            Dec 14, 2013         16.837
                                Material (T&M).                     application       thru Oct 20,
                                                                    development and   2014.
                                                                    Tier 3 Support.
5............................  FFP.............  Comp Sci Corp...  WebEOC  support.  Nov 1, 2013 thru      0.251
                                                                                      Aug 3, 2015.
6............................  FFP.............  Dell............  Hardware........  Dec 17, 2013          0.292
                                                                                      thru Dec 16,
                                                                                      2014.
7............................  FFP.............  Infozen.........  Hardware/         Apr 1, 2013 thru      6.974
                                                                    Software (H/W)    Nov 27, 2014.
                                                                    maintenance
                                                                    renewal, H/S
                                                                    license, spare
                                                                    parts.
8............................  FFP.............  Omniplex........  Physical          Nov 10, 2013          1.813
                                                                    PSecurity.        thru Nov 9,
                                                                                      2018.
9............................  FFP.............  TSA Office of     Annapolis         Oct 22, 2013         13.616
                                                  Facilities.       PJunction         thru Jan 31,
                                                                    Pfacility lease   2018.
                                                                    and utilities.
10...........................  FFP.............  TSA Office of     Colorado Springs  Oct 22, 2013          9.286
                                                  Facilities.       Pfacility lease   thru Dec 21,
                                                                    and utilities.    2018.
11...........................  FFP.............  Customs and       Connectivity      Aug 11, 2009         15.254
                                                  Border            with Customs      thru Aug 10,
                                                  PProtection.      and Border        2015.
                                                                    Protection.
12...........................  Labor Hour (LH).  RCM PSolutions..  Program           Apr 9, 2010 thru      4.862
                                                                    Pmanagement       Jan 12, 2015.
                                                                    support.
13...........................  LH..............  SRA.............  Privacy program   Sep 21, 2009          4.206
                                                                    development and   thru Mar 20,
                                                                    support.          2015.
14...........................  CPFF............  Deloitte          Implementation    Aug 11, 2012         18.722
                                                  PConsulting.      and business      thru Jan 31,
                                                                    operations.       2015.
15...........................  FFP.............  GSA.............  Lines             July 1, 2014          0.589
                                                                    connectivity.     thru June 30,
                                                                                      2015.
16...........................  FFP.............  Zibiz Corp......  Hardware........  Mar 23, 2012          1.900
                                                                                      thru Mar 21,
                                                                                      2015.
17...........................  FFP.............  Immix-            Software license  Apr 1, 2013 thru      0.011
                                                  Ptechnology.                        Mar 31, 2015.
18...........................  FFP.............  ECS Gov, PInc...  Software........  Dec 20, 2011          2.959
                                                                                      thru Mar 31,
                                                                                      2016.
19...........................  FFP.............  Snap, Inc.......  Virtual Storage,  Sep 22, 2014          1.028
                                                                    Smart Cloud.      thru Sep 21,
                                                                                      2015.
20...........................  FFP.............  Govplace........  Net App SAN       Sep 19, 2014          0.229
                                                                    (storage).        thru Sep 18,
                                                                                      2015.
21...........................  FFP.............  ESC Gov (IBM)...  Enterprise        April 15, 2013       61.100
                                                                    Plicense          thru Mar 31,
                                                                    Pagreement.       2018.
22...........................  FFP.............  Dell............  Software license  Apr 1, 2013 thru      0.089
                                                                                      Mar 31, 2014.
23...........................  CPFF............  QinetiQ North     System            July 15, 2013         9.481
                                                  America.          Poperations and   thru Oct 31,
                                                                    Pmaintenance --   2014.
                                                                    under Pprotest.
24...........................  FFP.............  Govplace........  Software........  April 1, 2014         0.041
                                                                                      thru March 31,
                                                                                      2015.
25...........................  T&M.............  Sev1tech, PInc..  Implementation    Nov 17, 2014         14.912
                                                                    and business      thru June 20,
                                                                    operations.       2018.
26...........................  T&M.............  IBM.............  System            Aug 20, 2014         34.458
                                                                    Pdevelopment      thru Feb 19,
                                                                    and Tier 3        2016.
                                                                    System PSupport.
27...........................  FFP.............  Wildflower......  DBI Data Base     Sep 10, 2014          0.121
                                                                    software.         thru Sep 9,
                                                                                      2015.
----------------------------------------------------------------------------------------------------------------

                                 [all]