Terrorist Watch List Screening: Opportunities Exist to Enhance	 
Management Oversight, Reduce Vulnerabilities in Agency Screening 
Processes, and Expand Use of the List (11-OCT-07, GAO-08-110).	 
                                                                 
The Federal Bureau of Investigation's (FBI) Terrorist Screening  
Center (TSC) maintains a consolidated watch list of known or	 
appropriately suspected terrorists and sends records from the	 
list to agencies to support terrorism-related screening. Because 
the list is an important tool for combating terrorism, GAO	 
examined (1) standards for including individuals on the list, (2)
the outcomes of encounters with individuals on the list, (3)	 
potential vulnerabilities and efforts to address them, and (4)	 
actions taken to promote effective terrorism-related screening.  
To conduct this work, GAO reviewed documentation obtained from	 
and interviewed officials at TSC, the FBI, the National 	 
Counterterrorism Center, the Department of Homeland Security, and
other agencies that perform terrorism-related screening.	 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-08-110 					        
    ACCNO:   A77311						        
  TITLE:     Terrorist Watch List Screening: Opportunities Exist to   
Enhance Management Oversight, Reduce Vulnerabilities in Agency	 
Screening Processes, and Expand Use of the List 		 
     DATE:   10/11/2007 
  SUBJECT:   Counterterrorism					 
	     Emergency preparedness				 
	     Federal agencies					 
	     Federal intelligence agencies			 
	     Homeland security					 
	     Interagency relations				 
	     Investigations by federal agencies 		 
	     Law enforcement agencies				 
	     Passenger screening				 
	     Records						 
	     Records management 				 
	     Risk assessment					 
	     Standards						 
	     Strategic planning 				 
	     Terrorism						 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-08-110

   

     * [1]Results in Brief
     * [2]Background
     * [3]In Assessing Individuals for Inclusion on TSC's Watch List,

          * [4]The National Counterterrorism Center Uses a "Reasonable Susp
          * [5]Individuals Who Are Subjects of FBI Counterterrorism Investi
          * [6]TSC's Watch List Is the Master Repository for Watch List Rec

     * [7]Agencies Have Had Approximately 53,000 Encounters with Indiv

          * [8]The Number of Positive Matches to the Watch List Has Increas
          * [9]The Watch List Has Helped Screening Agencies Assess the Pote
          * [10]The Watch List Has Helped Support Law Enforcement Investigat

     * [11]TSC Exports Applicable Watch List Records to Screening Agenc

          * [12]Interagency Border Inspection System (CBP)
          * [13]Consular Lookout and Support System (Department of State)
          * [14]Violent Gang and Terrorist Organization File (FBI)
          * [15]No Fly and Selectee Lists (TSA)

     * [16]DHS Agencies Are Addressing Incidents of Persons on the Watc

          * [17]Key Frontline Screening Agencies in DHS Are Separately Addre

               * [18]U.S. Customs and Border Protection Is Studying Cases
                 Where S
               * [19]Agencies Are Working on Solutions to Prevent
                 Unauthorized Ap
               * [20]A Final Rule and a Planned Prescreening Program Could
                 Help A

          * [21]The Terrorist Screening Center Has Various Ongoing or Planne

               * [22]Improving the Effectiveness of Screening: Search Engine
                 Tech
               * [23]Improving Data Quality
               * [24]Future Enhancement: Linking to Biometric Data

     * [25]The U.S. Government Has Made Progress in Using the Watch Lis

          * [26]The Department of State Has Made Progress in Efforts to Exch
          * [27]DHS Has Not Finalized Guidelines for Using Watch List Record
          * [28]Federal Departments and Agencies Have Not Identified All App
          * [29]The U.S. Government Lacks an Updated Strategy and an Investm
          * [30]Existing Governance Structures May Not Provide Necessary Ove

     * [31]Conclusions
     * [32]Recommendations for Executive Action
     * [33]Agency Comments and Our Evaluation
     * [34]Objectives
     * [35]Scope and Methodology

          * [36]Standards Used by NCTC and the FBI in Determining Which Indi
          * [37]Number of Times That Screening and Law Enforcement Agencies
          * [38]Extent That Screening and Law Enforcement Agencies Check aga
          * [39]Extent That Screening Agencies Monitor Incidents in Which Su
          * [40]Actions the U.S. Government Has Taken to Ensure That the Ter

     * [41]Data Reliability
     * [42]Subjects of Watch List Records Have Been Arrested Hundreds o
     * [43]Subjects of Watch List Records Were Denied Visas and Also Gr
     * [44]Passengers Were Matched to the No Fly and Selectee Lists
     * [45]Many Nonimmigrant Aliens on the Watch List Were Refused Entr
     * [46]Watch List Records Related to State and Local Encounters Ind
     * [47]GAO's Mission
     * [48]Obtaining Copies of GAO Reports and Testimony

          * [49]Order by Mail or Phone

     * [50]To Report Fraud, Waste, and Abuse in Federal Programs
     * [51]Congressional Relations
     * [52]Public Affairs

Report to Congressional Requesters

United States Government Accountability Office

GAO

October 2007

TERRORIST WATCH LIST SCREENING

Opportunities Exist to Enhance Management Oversight, Reduce
Vulnerabilities in Agency Screening Processes, and Expand Use of the List

GAO-08-110

Contents

Letter 1

Results in Brief 7
Background 13
In Assessing Individuals for Inclusion on TSC's Watch List, Officials Rely
upon Standards of Reasonableness That Inherently Involve Some Subjectivity
18
Agencies Have Had Approximately 53,000 Encounters with Individuals on the
Watch List, and Outcomes Indicate the List Has Helped to Combat Terrorism
25
TSC Exports Applicable Watch List Records to Screening Agency Databases,
Depending on Agency Mission and Technical Capacity; but Some Technical
Requirements May Present Security Vulnerabilities 30
DHS Agencies Are Addressing Incidents of Persons on the Watch List Passing
Undetected through Screening; TSC Has Ongoing Initiatives That Could Help
Reduce This Vulnerability 37
The U.S. Government Has Made Progress in Using the Watch List but a
Strategy and Plan Supported by a Governance Structure with Clear Lines of
Authority Would Enhance Use and Effectiveness 45
Conclusions 53
Recommendations for Executive Action 55
Agency Comments and Our Evaluation 56
Appendix I Objectives, Scope, and Methodology 60
Appendix II Homeland Security Presidential Directive/HSPD-6 (Sept. 16,
2003) 66
Appendix III Homeland Security Presidential Directive/HSPD-11 (Aug. 27,
2004) 68
Appendix IV Outcomes of Screening Agency Encounters with Individuals on
the Terrorist Watch List 71
Appendix V Comments from the Department of Homeland Security 77

Table

Table 1: Distribution List for TSC's Daily Summary of Positive Matches 29

Figures

Figure 1: General Overview of the Process Used to Resolve Encounters with
Individuals on the Terrorist Watch List 17
Figure 2: General Overview of the Process Used to Nominate Individuals for
Inclusion on TSC's Watch List 23
Figure 3: Increase in Terrorist Watch List Records, June 2004 through May
2007 24
Figure 4: General Overview of the Process Used to Export Records from
TSC's Consolidated Watch List to Screening Agency Databases 31

Abbreviations

CBP U.S. Customs and Border Protection
DHS Department of Homeland Security
FBI Federal Bureau of Investigation
HSPD Homeland Security Presidential Directive
NCTC National Counterterrorism Center
TSA Transportation Security Administration
TSC Terrorist Screening Center

This is a work of the U.S. government and is not subject to copyright
protection in the United States. The published product may be reproduced
and distributed in its entirety without further permission from GAO.
However, because this work may contain copyrighted images or other
material, permission from the copyright holder may be necessary if you
wish to reproduce this material separately.

United States Government Accountability Office
Washington, DC 20548

October 11, 2007

The Honorable Joseph I. Lieberman
Chairman
The Honorable Susan M. Collins
Ranking Member
Committee on Homeland Security and Governmental Affairs
United States Senate

The Honorable Carl Levin
Chairman
The Honorable Norm Coleman
Ranking Member
Permanent Subcommittee on Investigations
Committee on Homeland Security and Governmental Affairs
United States Senate

The Honorable Bennie G. Thompson
Chairman
The Honorable Peter T. King
Ranking Member
Committee on Homeland Security
House of Representatives
The Honorable Bennie G. Thompson
Chairman
The Honorable Peter T. King
Ranking Member
Committee on Homeland Security
House of Representatives

Since the events of September 11, 2001, agencies within the Departments of
Homeland Security, Justice, and State, as well as state and local law
enforcement organizations and the intelligence community, have implemented
enhanced procedures to collect and share information about known or
suspected terrorists who pose a threat to homeland security and to track
their movements. One important tool used by these agencies is the
terrorist watch list, which contains records with identifying or Since the
events of September 11, 2001, agencies within the Departments of Homeland
Security, Justice, and State, as well as state and local law enforcement
organizations and the intelligence community, have implemented enhanced
procedures to collect and share information about known or suspected
terrorists who pose a threat to homeland security and to track their
movements. One important tool used by these agencies is the terrorist
watch list, which contains records with identifying or biographical
information--such as name and date of birth--of foreign and U.S. citizens
with known or appropriately suspected links to terrorism.1

Pursuant to Homeland Security Presidential Directive 6, the Terrorist
Screening Center--an entity that has been operational since December 2003
under the administration of the Federal Bureau of Investigation (FBI)--was
established to develop and maintain the U.S. government's consolidated
terrorist screening database (the watch list) and to provide for the use
of watch list records during security-related screening processes.2 To
build upon and provide additional guidance related to this directive, in
August 2004, the President signed Homeland Security Presidential Directive
11.3 Among other things, this directive required the Secretary of Homeland
Security--in coordination with the heads of appropriate federal
departments and agencies--to outline a strategy to enhance the
effectiveness of terrorist-related screening activities and develop a
prioritized investment and implementation plan for detecting and
interdicting suspected terrorists and terrorist activities.

The Terrorist Screening Center receives the vast majority of its
information about known or appropriately suspected terrorists from the
National Counterterrorism Center, which compiles information on
international terrorists from a wide range of executive branch departments
and agencies, such as the Department of State, the Central Intelligence
Agency, and the FBI. In general, international terrorists engage in
terrorist activities that occur primarily outside the territorial
jurisdiction of the United States or that transcend national boundaries
and include individuals in the United States with connections to terrorist
activities outside the United States. In addition to providing information
on international terrorists to the National Counterterrorism Center, the
FBI directly provides the Terrorist Screening Center with information
about known or suspected domestic terrorists, that is, individuals who
operate primarily within the United States, such as Ted Kaczynski (the
"Unabomber"). The center consolidates this information into a sensitive
but unclassified watch list and makes records available as appropriate for
a variety of screening purposes. For instance, the Transportation Security
Administration directs airlines to use portions of the Terrorist Screening
Center's watch list--the No Fly and Selectee lists--to screen the names of
passengers to identify those who may pose threats to aviation.4 Also, to
help ensure that known or appropriately suspected terrorists are tracked,
and denied entry into the United States, as appropriate, applicable watch
list records are to be checked by Department of State consular officers
before issuing U.S. visas and passports, and by U.S. Customs and Border
Protection officers before admitting persons--including U.S. citizens--at
air, land, and sea ports of entry. Further, screening against applicable
watch list records can occur anywhere in the nation when, for example,
state or local law enforcement officers stop individuals for traffic
violations or other offenses.

1There is no specific definition of terrorism for purposes of the watch
list, though agencies utilizing watch list records recognize various
definitions of the term. For example, the Federal Bureau of Investigation
defines terrorism to include the unlawful use of force and violence
against persons or property to intimidate or coerce a government, the
civilian population, or any segment thereof, in furtherance of political
or social objectives. See 28 C.F.R. S 0.85(l). See also, e.g., 18 U.S.C. S
2331 and 22 U.S.C. S 2656f(d) (providing definitions of terrorism and
international terrorism in criminal and foreign relations contexts,
respectively). Also, terrorist activity has been more broadly defined in
the Immigration and Nationality Act for purposes of immigration benefits.
See 8 U.S.C. S 1182(a)(3)(B). Additional information on standards used to
determine whether an individual is a "known or appropriately suspected
terrorist"--which for purposes of this report includes any individual
known or appropriately suspected to be or have been engaged in conduct
constituting, in preparation for, in aid of, or related to terrorism-- is
discussed later in this report.

2The White House, Homeland Security Presidential Directive/HSPD-6,
Subject: Integration and Use of Screening Information (Washington, D.C.:
Sept. 16, 2003).

3The White House, Homeland Security Presidential Directive/HSPD-11,
Subject: Comprehensive Terrorist-Related Screening Procedures (Washington,
D.C.: Aug. 27, 2004).

When an individual on the terrorist watch list is identified or
encountered during screening, several entities--the Terrorist Screening
Center, the screening agency, investigative agencies, and the intelligence
community--can be involved in deciding what action to take.5 Regarding a
foreign citizen seeking to immigrate to the United States permanently or
temporarily for business or pleasure purposes, screening agencies rely on
immigration laws that specify criteria and rules for deciding whether or
not to admit the individual.6 In general, foreign citizens that have
engaged in or are likely to engage in terrorist-related activities are
ineligible to receive visas and ineligible to enter the United States. If
a foreign citizen is legally admitted into the United States--either
permanently or temporarily--and subsequently engages in or is likely to
engage in a terrorist activity, the individual may be removed to that
person's country of citizenship. U.S. citizens returning to the United
States from abroad are not subject to the admissibility requirements
applicable to foreign citizens, regardless of whether or not they are
subjects of watch list records. These individuals only need to establish
their U.S. citizenship to the satisfaction of the examining officer--by,
for example, presenting a U.S. passport--to obtain entry into the United
States.7 These individuals, however, can be subjected to additional
screening by U.S. Customs and Border Protection before being admitted to
determine the potential threat they pose, with related actions taken, if
needed.

4In general, individuals on the No Fly list are to be precluded from
boarding an aircraft, and individuals on the Selectee list are to receive
additional physical screening prior to boarding an aircraft.

5As used in this report, the term "encounter" refers to any incident where
a screening or law enforcement entity has contact with a person who is
positively matched to a record in the terrorist watch list.

6See, e.g., 8 U.S.C. S 1182 (codifying section 212 of the Immigration and
Nationality Act, as amended, and establishing conditions under which an
alien--any person not a citizen or national of the United States--may be
deemed inadmissible to the United States).

This report is a public version of the restricted report that we also
provided to you on October 11, 2007. The various departments and agencies
we reviewed deemed some of the information in the restricted report as
Sensitive Security Information or Law Enforcement Sensitive information,
which must be protected from public disclosures. Therefore, this report
omits certain information associated with vulnerabilities we identified in
existing screening processes and measures that could be taken to address
those vulnerabilities. This report also omits key details regarding (1)
certain policies and procedures associated with the development and use of
the terrorist watch list and (2) specific outcomes of encounters with
individuals who were positively matched to the watch list. In the context
of agency efforts to screen for known or appropriately suspected
terrorists, the restricted report addressed the following questions:

           o In general, what standards do the National Counterterrorism
           Center and the FBI use in determining which individuals are
           appropriate for inclusion on the Terrorist Screening Center's
           consolidated watch list?

           o Since the Terrorist Screening Center became operational in
           December 2003, how many times have screening and law enforcement
           agencies positively matched individuals to terrorist watch list
           records, and what do the results or outcomes of these encounters
           indicate about the role of the watch list as a counterterrorism
           tool?

           o To what extent do the principal screening agencies whose
           missions most frequently and directly involve interactions with
           travelers check against all records in the Terrorist Screening
           Center's consolidated watch list? If the entire watch list is not
           being checked, why not, what potential vulnerabilities exist, and
           what actions are being planned to address these vulnerabilities?

           o To what extent are Department of Homeland Security component
           agencies monitoring known incidents in which subjects of watch
           list records pass undetected through screening processes, and what
           corrective actions have been implemented or are being planned to
           address these vulnerabilities?

           o What actions has the U.S. government taken to ensure that the
           terrorist watch list is used as effectively as possible,
           governmentwide and in other appropriate venues?

7See 8 C.F.R. S 235.1. Similarly, lawful permanent residents generally are
not regarded as seeking admission to the United States and, as with U.S.
citizens, are not subject to the grounds for inadmissibility unless they
fall within certain criteria listed at 8 U.S.C. S 1101(a)(13)(C) that
describe why an alien lawfully admitted for permanent residence would be
regarded as seeking admission.

Although the information provided in this version of the report is more
limited in scope, it covers the same general questions as the restricted
report. Also, the overall methodology used for our restricted report is
relevant to this report because the information contained in this report
was derived from the restricted report. To address the questions in our
restricted report, we reviewed the Terrorist Screening Center's standard
operating procedures, statistics on encounters with individuals on the
terrorist watch list, and other relevant documentation; and we interviewed
Terrorist Screening Center officials, including the director and the
principal deputy director. To identify standards used to nominate
individuals for inclusion on the watch list, we reviewed documentation and
interviewed senior officials from the National Counterterrorism Center and
the FBI.

Also, to assess the outcomes of encounters and the extent to which
screening agencies check against the entire watch list, we reviewed
documentation and interviewed senior officials from the FBI's
Counterterrorism Division and the principal screening agencies whose
missions most frequently and directly involve interactions with travelers.
Specifically, at the Transportation Security Administration, we examined
the prescreening of air passengers prior to their boarding a flight; at
U.S. Customs and Border Protection, we examined the screening of travelers
entering the United States through ports of entry; and, at the Department
of State, we examined the screening of nonimmigrant visa applicants. We
did not review the Department of State's use of the watch list to screen
passport applicants. We also visited a nonprobability sample of screening
agencies and investigative agencies in geographic areas of four states
(California, Michigan, New York, and Texas).8 We chose these locations on
the basis of geographic variation and other factors. Further, to determine
the extent to which agencies monitor known incidents in which subjects of
watch list records pass undetected through screening processes and efforts
to address these vulnerabilities, we reviewed documentation and
interviewed senior officials from U.S. Customs and Border Protection, U.S.
Citizenship and Immigration Services--which screens individuals who apply
for immigration benefits or U.S. citizenship--and the Transportation
Security Administration. Finally, to assess the actions the U.S.
government has taken to ensure that the terrorist watch list is used as
effectively as possible, we compared the status of watch list-related
strategies, planning, and initiatives with the expectations set forth in
Homeland Security Presidential Directives 6 and 11. We considered federal
plans to identify screening opportunities, the private sector's use of
watch list records, and the Department of State's progress in sharing
watch list information with foreign governments.

Regarding statistical information we obtained from the Terrorist Screening
Center and screening agencies--such as the number of positive matches and
actions taken--we discussed the sources of the data with agency officials
and reviewed documentation regarding the compilation of the statistics. We
determined that the statistics were sufficiently reliable for the purposes
of this review. We did not review or assess the derogatory information
available on individuals nominated to the terrorist watch list, partly
because such information involved ongoing counterterrorism investigations.
Also, a primary agency that collects information on known or suspected
terrorists--the Central Intelligence Agency--declined to meet with us or
provide us documentation on its watch list-related activities. The
Homeland Security Council--which is chaired by the Assistant to the
President for Homeland Security and Counterterrorism--also denied our
request for an interview.9 We performed our work on the restricted version
of this report from April 2005 through September 2007 in accordance with
generally accepted government auditing standards. Appendix I presents more
details about our objectives, scope, and methodology.

8In a nonprobability sample, some elements of the population being studied
have no chance or an unknown chance of being selected as part of the
sample. Thus, results from a nonprobability sample cannot be used to make
inferences about the population.

Results in Brief

The National Counterterrorism Center and the FBI rely upon standards of
reasonableness in determining which individuals are appropriate for
inclusion on the Terrorist Screening Center's consolidated watch list. In
general, individuals who are reasonably suspected of having possible links
to terrorism--in addition to individuals with known links--are to be
nominated. To determine if the suspicions are reasonable, the National
Counterterrorism Center and the FBI are to assess all available
information on the individual. According to the National Counterterrorism
Center, determining whether to nominate an individual can involve some
level of subjectivity. Nonetheless, any individual reasonably suspected of
having links to terrorist activities is to be nominated to the list and
remain on it until the FBI or the agency that supplied the information
supporting the nomination, such as one of the intelligence agencies,
determines the person is not a threat and should be removed from the list.
Moreover, according to the FBI, individuals who are subjects of ongoing
FBI counterterrorism investigations are generally nominated to the list.
If an investigation finds no nexus to terrorism, the FBI generally is to
close the investigation and request that the Terrorist Screening Center
remove the person from the watch list. Because individuals can be added to
the list based on reasonable suspicion, inclusion on the list does not
automatically prohibit an individual from, for example, obtaining a visa
or entering the United States. Rather, when an individual on the list is
encountered, agency officials are to assess the threat the person poses to
determine what action to take, if any. Based on these standards, the
number of records in the Terrorist Screening Center's consolidated watch
list has increased from about 158,000 records in June 2004 to about
755,000 records as of May 2007.10

9The Homeland Security Council was established to ensure coordination of
all homeland security-related activities among executive departments and
agencies and promote the effective development and implementation of all
homeland security policies. See The White House, Homeland Security
Presidential Directive/HSPD-1, Subject: Organization and Operation of the
Homeland Security Council (Washington, D.C.: Oct. 29, 2001).

From December 2003 (when the Terrorist Screening Center began operations)
through May 2007, screening and law enforcement agencies encountered
individuals who were positively matched to watch list records
approximately 53,000 times, according to Terrorist Screening Center
data.11 Many individuals were positively matched to watch list records
multiple times. Agencies took a range of actions in response to these
encounters, such as arresting individuals and denying others entry into
the United States. Most often, however, the agencies questioned and then
released the individuals because there was not sufficient evidence of
criminal or terrorist activity to warrant further legal action. Our
analysis of data on outcomes and our interviews with screening agency, law
enforcement, and intelligence community officials indicate that the use of
the watch list has enhanced the government's counterterrorism efforts in
two ways:

           o Use of the watch list has helped federal, state, and local
           screening and law enforcement officials obtain information to make
           better-informed decisions when they encounter an individual on the
           list as to the threat posed and the appropriate response or action
           to take, if any.

           o Information collected from watch list encounters is shared with
           agents conducting counterterrorism investigations and with the
           intelligence community for use in analyzing threats. Such
           coordinated collection of information for use in investigations
           and threat analyses is one of the stated policy objectives for the
           watch list.

The principal screening agencies whose missions most frequently and
directly involve interactions with travelers do not check against all
records in the Terrorist Screening Center's consolidated watch list
because screening against certain records (1) may not be needed to support
the respective agency's mission, (2) may not be possible due to the
requirements of computer programs used to check individuals against watch
list records, or (3) may not be operationally feasible.12 Rather, each
day, the center exports applicable records from the consolidated watch
list to federal government databases that agencies use to screen
individuals for mission-related concerns. For example, the database that
U.S. Customs and Border Protection uses to check incoming travelers for
immigration violations, criminal histories, and other matters contained
the highest percentage of watch list records as of May 2007. This is
because its mission is to screen all travelers, including U.S. citizens,
entering the United States at ports of entry. The database that the
Department of State uses to screen applicants for visas contained the
second highest percentage of all watch list records. This database does
not include U.S. citizens and lawful permanent residents because these
individuals would not apply for U.S. visas. Also, the FBI database that
state and local law enforcement agencies use for screening contained the
third highest percentage of the records. According to the FBI, the
remaining records were not included in this database primarily because
they did not contain sufficient identifying information, which is required
to minimize instances of individuals being misidentified as being subjects
of watch list records. Further, the No Fly and Selectee lists disseminated
by the Transportation Security Administration to airlines for use in
prescreening passengers contained the lowest percentage of watch list
records. The lists did not contain the remaining records either because
they (1) did not meet criteria for the No Fly or Selectee lists
established by the Homeland Security Council or (2) did not contain
sufficient identifying information, which is required to help airlines
verify identities and minimize instances of individuals being falsely
identified as being on the No Fly or Selectee lists. According to the
Department of Homeland Security, increasing the number of records used to
prescreen passengers would expand the number of misidentifications to
unjustifiable proportions without a measurable increase in security.

10The approximately 755,000 records in the Terrorist Screening Center's
watch list as of May 2007 is greater than the total number of individuals
on the list. If an individual has one or more aliases, the database will
contain multiple records for the same individual. The Terrorist Screening
Center did not have data on the number of unique individuals on the watch
list.

11The approximately 53,000 total encounters with individuals who were
positively matched to the watch list constitute screening results from all
agencies that use the list, not just the specific screening agencies and
processes we reviewed.

Department of Homeland Security component agencies are separately taking
steps to address certain aspects of screening processes that occasionally
have resulted in subjects of watch list records passing undetected through
screening processes. For example, U.S. Customs and Border Protection has
encountered situations where it identified the subject of a watch list
record after the individual had been processed at a port of entry and
admitted into the United States. The agency did not maintain aggregated,
national data on the number of these incidents or the specific causes, but
noted several possible reasons. In response to our inquiries, U.S. Customs
and Border Protection created an interdisciplinary working group within
the agency to study the causes of this vulnerability. The working group
held its first meeting in early 2007 and subsequently has begun to
implement corrective actions. U.S. Citizenship and Immigration
Services--the agency responsible for screening persons who apply for U.S.
citizenship or immigration benefits--has also acknowledged areas that need
improvement in the processes used to detect subjects of watch list
records. According to agency representatives, each instance of an
individual on the watch list getting through agency screening is reviewed
on a case-by-case basis to determine the cause, with appropriate follow-up
and corrective action taken, if needed. The agency is working with the
Terrorist Screening Center to enhance screening effectiveness. Further,
Transportation Security Administration data show that in the past, a
number of individuals who were on the government's No Fly list passed
undetected through airlines' prescreening of passengers and flew on
international flights bound to or from the United States. The individuals
were subsequently identified in-flight by U.S. Customs and Border
Protection, which used information that was collected from air carriers'
passenger manifests to check passengers against watch list records to help
the agency prepare for the passengers' arrival in the United States.
However, the potential onboard security threats posed by the undetected
individuals required an immediate counterterrorism response, which in some
instances resulted in diverting the aircraft to a new location.13
According to the Transportation Security Administration, such incidents
were subsequently investigated and, if needed, corrective action was taken
with the respective air carrier. In addition, U.S. Customs and Border
Protection has issued a final rule that should better position the
government to identify individuals on the No Fly list before an
international flight is airborne.14 For domestic flights within the United
States, there is no second screening opportunity--like the one U.S.
Customs and Border Protection conducts for international flights--and,
consequently, the Transportation Security Administration generally does
not know whether individuals on the No Fly list have passed undetected
through airlines' prescreening. Because such instances have occurred on
international flights, it is possible they have also occurred but have not
been detected on domestic flights. The government plans to take over from
air carriers the function of prescreening passengers prior to departure
against watch list records for both international and domestic flights.

12Also, some watch list records can be excluded from screening agency
databases for other reasons, such as the records were pending deletion or
quality assurance resolution.

13In July 2007, we issued a report that examined federal coordination for
responding to in-flight security threats. See GAO, Aviation Security:
Federal Coordination for Responding to In-flight Security Threats Has
Matured, but Procedures Can Be Strengthened, [53]GAO-07-891R (Washington,
D.C.: July 31, 2007).

14See 72 Fed. Reg. 48,320 (Aug. 23, 2007). The provisions of the final
rule take effect on February 19, 2008.

Although the federal government has made progress in using the
consolidated watch list for screening purposes, additional opportunities
exist for using the list. Internationally, the Department of State has
made progress in making bilateral arrangements to share terrorist
screening information with certain foreign governments. The department had
two such arrangements in place before September 11, 2001. More recently,
the department has made four new arrangements and is in negotiations with
several other countries. Also, the Department of Homeland Security has
made progress in using watch list records to screen employees in some
critical infrastructure components of the private sector, including
certain individuals who have access to vital areas of nuclear power
plants, work in airports, or transport hazardous materials. However, many
critical infrastructure components are not using watch list records. The
Department of Homeland Security has not, consistent with Homeland Security
Presidential Directive 6, finalized guidelines to support private sector
screening processes that have a substantial bearing on homeland
security--such as screening certain employees against the list--which is
an important action to ensure that watch list records are used by the
private sector where appropriate. Further, federal departments and
agencies have not identified all appropriate opportunities for which
terrorist-related screening should be applied, in accordance with
presidential directives.

A primary reason why screening opportunities remain untapped is because
the government lacks an up-to-date strategy and implementation
plan--supported by a clearly defined leadership or governance
structure--for enhancing the effectiveness of terrorist-related screening,
consistent with presidential directive. Currently, numerous existing
entities have roles in watch list-related activities, including the
Terrorist Screening Center, screening agencies, law enforcement agencies,
and the intelligence community. However, clear lines of responsibility and
authority are important to provide monitoring and analysis of watch
list-related screening efforts governmentwide, promote information
sharing, and address interagency issues. Without an up-to-date strategy
and implementation plan and clearly defined leadership, it is difficult to
establish governmentwide priorities for screening, assess progress toward
intended outcomes, ensure that any needed changes are implemented, and
respond to issues that hinder effectiveness, such as the potential
vulnerabilities discussed in this report.

To promote more comprehensive and coordinated use of terrorist screening
information to detect, identify, track, and interdict known or
appropriately suspected terrorists, the restricted version of this report
makes several recommendations to the heads of relevant departments and
agencies intended to help (1) mitigate security vulnerabilities in
terrorist watch list screening processes and (2) optimize the use and
effectiveness of the watch list as a counterterrorism tool, including
development of an up-to-date strategy and implementation plan for using
terrorist-related information. Also, to help ensure that governmentwide
terrorist-related screening efforts are effectively coordinated, we
recommended in the restricted version of this report that the Assistant to
the President for Homeland Security and Counterterrorism ensure that the
leadership or governance structure proposed by the implementation plan
identifies clear lines of responsibility and authority.

The Department of Homeland Security and the FBI, which provided the
Department of Justice's comments on a draft of the restricted version of
this report, generally agreed with our findings and recommendations. The
Department of Homeland Security noted, among other things, that it had
already begun work to correct issues identified in the report, including
ongoing efforts with other federal entities to ensure that potential watch
list vulnerabilities are identified and addressed and that watch list
records and screening programs are appropriate. The FBI's comments focused
primarily on two issues. First, the FBI noted that the extent of
vulnerabilities in current screening processes that arise when the FBI
database that state and local law enforcement agencies use for screening
does not contain certain watch list records has been determined to be low
or nonexistent. However, the FBI's assessment was based on operational
concerns and did not specifically address the extent to which security
risks are raised by not using these records. Second, the FBI commented
that it believes the Terrorist Screening Center's governance board is the
appropriate forum for obtaining a commitment from all of the entities
involved in the watch listing process. However, as discussed in this
report, while the governance board could be suited to assume more of a
leadership role, its current authority is limited to issues specific to
the Terrorist Screening Center, and it would need additional authority to
provide effective coordination of terrorist-related screening activities
and interagency issues governmentwide. The Homeland Security Council was
provided a draft of the restricted version of this report but did not
provide comments. The Office of the Director of National Intelligence, the
Department of State, and the Social Security Administration provided
technical comments only on a draft of the restricted version of this
report, which we incorporated where appropriate.

Background

In April 2003, we reported that watch lists were maintained by numerous
federal agencies and that the agencies did not have a consistent and
uniform approach to sharing information on individuals with possible links
to terrorism.15 Our report recommended that the Secretary of the
Department of Homeland Security (DHS), in collaboration with the heads of
departments and agencies that have and use watch lists, lead an effort to
consolidate and standardize the federal government's watch list structures
and policies. Subsequently, pursuant to Homeland Security Presidential
Directive 6 (HSPD-6), dated September 16, 2003, the Attorney General
established the Terrorist Screening Center (TSC) to consolidate the
government's approach to terrorism screening and provide for the
appropriate and lawful use of terrorist information in screening
processes.16 TSC's consolidated watch list is the U.S. government's master
repository for all known or appropriately suspected international and
domestic terrorist records used for watch list-related screening. TSC
records contain sensitive but unclassified information on terrorist
identities--such as name and date of birth--that can be shared with
screening agencies, whereas the classified derogatory information that
supports the watch list records is maintained in other law enforcement and
intelligence agency databases. Records for inclusion on the consolidated
watch list are nominated to TSC from the following two sources:

           o Identifying information on individuals with ties to
           international terrorism is provided to TSC through the National
           Counterterrorism Center (NCTC), which is managed by the Office of
           the Director of National Intelligence.
           o Identifying information on individuals with ties to purely
           domestic terrorism is provided to TSC by the FBI.17

15GAO, Information Technology: Terrorist Watch Lists Should Be
Consolidated to Promote Better Integration and Sharing, [54]GAO-03-322
(Washington, D.C.: Apr. 15, 2003).

16The full text of HSPD-6 is reprinted in appendix II.

HSPD-6 required the Attorney General--in coordination with the Secretary
of State, the Secretary of Homeland Security, and the Director of Central
Intelligence--to implement appropriate procedures and safeguards with
respect to all terrorist information related to U.S. persons (i.e., U.S.
citizens and lawful permanent residents) that is provided to NCTC
(formerly the Terrorist Threat Integration Center). According to TSC,
agencies within the intelligence community that collect and maintain
terrorist information and nominate individuals for inclusion on TSC's
consolidated watch list are to do so in accordance with Executive Order
12333.18 With respect to U.S. persons, this order addresses the nature or
type of information that may be collected and the allowable methods for
collecting such information. It provides that agencies within the
intelligence community are authorized to collect, retain, or disseminate
information concerning U.S. persons only in accordance with procedures
established by the head of the agency concerned and approved by the
Attorney General, consistent with the authorities set out earlier in the
order. The order further provides that agencies within the intelligence
community are to use the least intrusive collection techniques feasible
when such collection is conducted within the United States or when
directed against U.S. persons abroad. Also, according to TSC officials,
the center requires annual training for all personnel concerning the
Privacy Act of 1974 to ensure that information collected on U.S. persons
is handled in accordance with applicable law.19

To facilitate operational or mission-related screening, TSC sends
applicable records from its terrorist watch list to screening agency
systems for use in efforts to deter or detect the movements of known or
suspected terrorists. For instance, applicable TSC records are provided to
the Transportation Security Administration (TSA) for use by airlines in
prescreening passengers;20 to a U.S. Customs and Border Protection (CBP)
system for use in screening travelers entering the United States;21 to a
Department of State system for use in screening visa applicants;22 and to
an FBI system for use by state and local law enforcement agencies pursuant
to arrests, detentions, and other criminal justice purposes.

17The FBI also has information on individuals with possible international
terrorism ties, which it provides to NCTC.

18Exec. Order No. 12,333 (Dec. 4, 1981).

19See 5 U.S.C. S 552a.

When an individual makes an airline reservation, arrives at a U.S. port of
entry, or applies for a U.S. visa, or is stopped by state or local police
within the United States, the frontline screening agency or airline
conducts a name-based search of the individual against applicable
terrorist watch list records. In general, when the computerized
name-matching system of an airline or screening agency generates a "hit"
(a potential name match) against a watch list record, the airline or
agency is to review each potential match. Any obvious mismatches (negative
matches) are to be resolved by the airline or agency, if possible, as
discussed in our September 2006 report.23 However, clearly positive or
exact matches and matches that are inconclusive (uncertain or
difficult-to-verify) generally are to be referred to the applicable
screening agency's intelligence or operations center and TSC for closer
examination. Specifically, airlines are to contact TSA's Office of
Intelligence; CBP officers at U.S. ports of entry are to contact CBP's
National Targeting Center; and Department of State consular officers who
process visa applications are to submit a request for a security advisory
opinion to Department of State headquarters.24 The intelligence or
operations center is to refer exact matches and inconclusive matches to
TSC. State and local law enforcement officials generally are to refer
exact matches and inconclusive matches directly to TSC. In turn, TSC is to
check its databases and other sources--including classified databases
maintained by NCTC and the FBI--and confirm whether the individual is a
positive, negative, or inconclusive match to the watch list record.

20TSA is developing a new advanced passenger prescreening program, known
as Secure Flight. Under the program, the agency plans to take over from
aircraft operators the responsibility for comparing identifying
information on airline passengers against watch list records. See 72 Fed.
Reg. 48,356 (Aug. 23, 2007). The agency expects that Secure Flight will
improve passenger prescreening as compared with the current
airline-operated process. In June 2006, we reported that TSA still faces
significant challenges in developing and implementing the Secure Flight
program. See GAO, Aviation Security: Management Challenges Remain for the
Transportation Security Administration's Secure Flight Program,
[55]GAO-06-864T (Washington, D.C.: June 14, 2006).

21CBP's system is also used to assist law enforcement and other personnel
at approximately 20 other federal agencies, including the following: U.S.
Immigration and Customs Enforcement; U.S. Citizenship and Immigration
Services; the FBI; the Drug Enforcement Administration; the Bureau of
Alcohol, Tobacco, Firearms and Explosives; the Internal Revenue Service;
the U.S. Coast Guard; the Federal Aviation Administration; and the U.S.
Secret Service.

22The Department of State also uses watch list records in screening
passport applicants, which we did not cover during this review.

23Terrorist watch list-related screening can cause travel delays and other
inconveniences, which may be inevitable consequences of enhanced homeland
security. Nonetheless, as we reported in September 2006, it is important
for TSC and screening agencies to provide effective redress for
individuals who are inadvertently and adversely affected by watch
list-related screening. See GAO, Terrorist Watch List Screening: Efforts
to Help Reduce Adverse Effects on the Public, [56]GAO-06-1031 (Washington,
D.C.: Sept. 29, 2006).

TSC is to refer positive and inconclusive matches to the FBI's
Counterterrorism Division to provide an opportunity for a counterterrorism
response. Deciding what law enforcement or screening agency action to
take, if any, can involve collaboration among the frontline screening
agency, NCTC or other intelligence community members, and the FBI or other
investigative agencies. If the encounter arises in the context of an
application for a visa or admission into the United States, the screening
agency's adjudicating official determines whether the circumstances
trigger a statutory basis for inadmissibility. Generally, NCTC and the FBI
are involved because they maintain the underlying derogatory information
that supports terrorist watch list records, which is needed to help
determine the appropriate counterterrorism response. If necessary, a
member of an FBI Joint Terrorism Task Force can respond in person to
interview and obtain additional information about the person
encountered.25 In other cases, the FBI will rely on the screening agency
and other law enforcement agencies--such as U.S. Immigration and Customs
Enforcement--to respond and collect information. Figure 1 presents a
general overview of the process used to resolve encounters with
individuals on the terrorist watch list.

24Regarding the process for screening nonimmigrant visa applicants against
applicable watch list records, the Department of State emphasized that for
any positive or inconclusive match, consular officers are required to ask
Department of State headquarters to initiate a process of requesting that
TSC and other relevant agencies check their respective databases or
systems for the existence of any investigative or intelligence information
regarding the individual and pass the results back to the department for
use in recommending a course of action to the consular officer.

25Joint Terrorism Task Forces are teams of state and local law enforcement
officials, FBI agents, and other federal agents and personnel whose
mission is to investigate and prevent acts of terrorism. There is a Joint
Terrorism Task Force in each of the FBI's 56 main field offices, and
additional task forces are located in smaller FBI offices.

Figure 1: General Overview of the Process Used to Resolve Encounters with
Individuals on the Terrorist Watch List

To build upon and provide additional guidance related to HSPD-6, in August
2004, the President signed Homeland Security Presidential Directive 11
(HSPD-11).26 Among other things, this directive required the Secretary of
Homeland Security--in coordination with the heads of appropriate federal
departments and agencies--to submit two reports to the President (through
the Assistant to the President for Homeland Security) related to the
government's approach to terrorist-related screening.27 The first report
was to outline a strategy to enhance the effectiveness of
terrorist-related screening activities by developing comprehensive and
coordinated procedures and capabilities. The second report was to provide
a prioritized investment and implementation plan for detecting and
interdicting suspected terrorists and terrorist activities. Specifically,
the plan was to describe the "scope, governance, principles, outcomes,
milestones, training objectives, metrics, costs, and schedule of
activities" to implement the U.S. government's terrorism-related screening
policies. According to DHS officials, the department submitted the
required strategy and the investment and implementation plan to the
President in November 2004. Additional information on the status of the
strategy and implementation plan is presented later in this report.

26The full text of HSPD-11 is reprinted in appendix III.

In Assessing Individuals for Inclusion on TSC's Watch List, Officials Rely upon
Standards of Reasonableness That Inherently Involve Some Subjectivity

NCTC and FBI officials rely upon standards of reasonableness in
determining which individuals are appropriate for inclusion on TSC's watch
list, but determining whether individuals meet these minimum standards can
involve some level of subjectivity.28 In accordance with HSPD-6, TSC's
watch list is to contain information about individuals "known or
appropriately suspected to be or have been engaged in conduct
constituting, in preparation for, in aid of, or related to terrorism." In
implementing this directive, NCTC and the FBI strive to ensure that
individuals who are reasonably suspected of having possible links to
terrorism--in addition to individuals with known links--are nominated for
inclusion on the watch list. Thus, as TSC adds nominated records to its
watch list, the list may include individuals with possible ties to
terrorism, establishing a broad spectrum of individuals that meet the
"known or appropriately suspected" standard specified in HSPD-6. As such,
inclusion on the list does not automatically cause an alien to be, for
example, denied a visa or deemed inadmissible to enter the United States
when the person is identified by a screening agency. Rather, in these
cases, screening agency and law enforcement personnel may use the
encounter with the individual as an opportunity to collect information for
assessing the potential threat the person poses, tracking the person's
movements or activities, and determining what actions to take, if any.29

27In HSPD-11, the term "terrorist-related screening" is defined as the
collection, analysis, dissemination, and use of information related to
people, cargo, conveyances, and other entities and objects that pose a
threat to homeland security. Terrorist-related screening also includes
risk assessment, inspection, and credentialing.

28In general, and in this context, a standard of reasonableness can be
described as a government agent's particularized and objective basis for
suspecting an individual of engaging in terrorist-related activities,
considering the totality of circumstances known to the government agent at
that time. See, e.g., United States v. Price, 184 F.3d 637, 640-41 (7th
Cir. 1999); Terry v. Ohio, 392 U.S. 1, 30 (1968).

The National Counterterrorism Center Uses a "Reasonable Suspicion" Standard in
Determining Which Individuals Are Appropriate for Inclusion on the Watch List

NCTC receives international terrorist-related information from executive
branch departments and agencies--such as the Department of State, the
Central Intelligence Agency, and the FBI--and enters this information into
its terrorist database.30 On a formal basis, Department of State embassies
around the world--in collaboration with applicable federal agencies
involved in security, law enforcement, and intelligence activities--are
expected to participate in the "Visas Viper" terrorist reporting program.
This congressionally mandated program is primarily administered through a
Visas Viper Committee at each overseas post.31 The committee is to meet at
least monthly to share information on known or suspected terrorists and
determine whether such information should be sent to NCTC for inclusion in
its terrorist database.32 NCTC's database, known as the Terrorist
Identities Datamart Environment, contains highly classified information
and serves as the U.S. government's central classified database with
information on known or suspected international terrorists. According to
NCTC's fact sheet on the Terrorist Identities Datamart Environment,
examples of conduct that will warrant an entry into NCTC's database
includes persons who

29The purpose of certain screening processes is to address a specific
security concern, such as airlines' prescreening of passengers wherein the
use of watch list records is primarily intended to enhance aviation
security. However, such screening may also support government efforts to
track a person's movements or activities.

30According to NCTC data, other sources of information on known or
suspected international terrorists include the National Security Agency;
the military, including the Department of Defense, the Defense
Intelligence Agency, the Air Force Office of Special Investigations, and
the U.S. Navy; DHS, including U.S. Immigration and Customs Enforcement,
U.S. Customs and Border Protection, and the National Targeting Center;
other federal departments and agencies, including the Department of
Justice, the Department of the Treasury, and the Federal Aviation
Administration; foreign sources; and the press, including the Foreign
Broadcast Information System, Reuters, and Associated Press International.

31See 8 U.S.C. S 1733.

32See GAO, Border Security: Strengthened Visa Process Would Benefit from
Improvements in Staffing and Information Sharing, [57]GAO-05-859
(Washington, D.C.: Sept. 13, 2005).

           o commit international terrorist activity;
           o prepare or plan international terrorist activity;
           o gather information on potential targets for international
           terrorist activity;
           o solicit funds or other things of value for international
           terrorist activity or a terrorist organization;
           o solicit membership in an international terrorist organization;
           o provide material support, such as a safe house, transportation,
           communications, funds, transfer of funds or other material
           financial benefit, false documentation or identification, weapons,
           explosives, or training; or
           o are members of or represent a foreign terrorist organization.33

If NCTC determines that an individual meets the "known or appropriately
suspected" standard of HSPD-6, NCTC is to extract sensitive but
unclassified information on the individual's identity from its classified
database--such as name and date of birth--and send forward a record to TSC
for inclusion on the watch list. According to NCTC procedures, NCTC
analysts are to review all information involving international terrorists
using a "reasonable suspicion" standard to determine whether an individual
is appropriate for nomination to TSC for inclusion on the watch list. NCTC
defines reasonable suspicion as information--both facts, as well as
rational inferences from those facts and the experience of the
reviewer--that is sufficient to cause an ordinarily prudent person to
believe that the individual under review may be a known or appropriately
suspected terrorist. According to NCTC, this information can include past
conduct, current actions, and credible intelligence concerning future
conduct. In making this determination, NCTC generally relies upon the
originating agency's designation that there is reasonable suspicion to
believe a person is engaged in terrorist or terrorist-related activities
as being presumptively valid. For example, NCTC will rely on the FBI's
designation of an individual as a known or suspected international
terrorist unless NCTC has specific and credible information that such a
designation is not appropriate.

Also, NCTC officials noted that an individual is to remain on the watch
list until the respective department or agency that provided the
terrorist-related information that supports a nomination determines the
individual should be removed from the list. According to TSC, if the FBI
conducts a threat assessment on an individual that reveals no nexus to
international terrorism, then NCTC will initiate the process for deleting
the record from its database and the watch list. If NCTC receives
information that it determines is insufficient to nominate an individual
to TSC for inclusion on the watch list, the available information may
remain in the NCTC database until additional information is obtained to
warrant nomination to TSC or be deleted from the NCTC database.

33In general, these types of conduct are related to provisions in the
Immigration and Nationality Act that establish grounds for alien
admissibility on terrorism-related grounds. See 8 U.S.C. S 1182(a)(3)(B)
(codifying section 212(a)(3)(B) of the Immigration and Nationality Act, as
amended).

Individuals Who Are Subjects of FBI Counterterrorism Investigations Are
Generally Nominated to the Watch List

In general, individuals who are subjects of ongoing FBI counterterrorism
investigations are nominated to TSC for inclusion on the watch list,
including persons who are being preliminarily investigated to determine if
they have links to terrorism. If an investigation does not establish a
terrorism link, the FBI generally is to close the investigation and
request that TSC remove the person from the watch list.

In determining whether to open an investigation, the FBI uses guidelines
established by the Attorney General. These guidelines contain specific
standards for opening investigations. According to FBI officials, there
must be a "reasonable indication" of involvement in terrorism before
opening an investigation. The FBI noted, for example, that it is not
sufficient to open an investigation based solely on a neighbor's complaint
or an anonymous tip or phone call. In such cases, however, the FBI could
use techniques short of opening an investigation to assess the potential
threat the person poses, which would not result in adding the individual
to the watch list at that time.

The FBI has established formal review and approval processes for
nominating individuals for inclusion on the watch list. In general, FBI
case agents are to send nominations to a unit at FBI headquarters for
review and approval. If approved, information on domestic terrorists is
sent to TSC for inclusion on the watch list. For approved international
terrorist nominations, the FBI sends the information to NCTC, who then
sends forward the nomination to TSC.

TSC's Watch List Is the Master Repository for Watch List Records

For each nomination, NCTC and the FBI provide TSC with biographic or other
identifying data, such as name and date of birth. This identifying
information on known or suspected terrorists is deemed sensitive but
unclassified by the intelligence and law enforcement communities.34 Then,
TSC is to review the identifying information and the underlying derogatory
information--by directly accessing databases maintained by NCTC, the FBI,
and other agencies--to validate the requirements for including the
nomination on the watch list.35 On the basis of the results of its review,
TSC is to either input the nomination into the watch list--which is the
U.S. government's master repository for all known or appropriately
suspected international and domestic terrorist records that are used for
watch list-related screening--or reject the nomination and send it back to
NCTC or the FBI for further investigation. TSC relies predominantly on the
nominating agency to determine whether or not an individual is a known or
appropriately suspected terrorist. According to TSC, on the basis of its
review of relevant identifying and derogatory information, the center
rejects approximately 1 percent of all nominations. Figure 2 presents a
general overview of the process used to nominate individuals for inclusion
on TSC's watch list.

34TSC does not receive or maintain the derogatory information that
supports watch list records. Rather, NCTC, the FBI, and other agencies
that originate nominations maintain this information.

35In March 2006, TSC implemented a formal process to review each
nomination. Before March 2006, TSC generally accepted nominations without
reviewing the supporting derogatory information, but it had processes in
place to review the identifying information.

Figure 2: General Overview of the Process Used to Nominate Individuals for
Inclusion on TSC's Watch List

TSC's watch list of individuals with known or appropriately suspected
links to terrorism has increased from 158,374 records in June 2004 to
754,960 records in May 2007 (see fig. 3).36 It is important to note that
the total number of records on TSC's watch list does not represent the
total number of individuals on the watch list. Rather, if an individual
has one or more known aliases, the watch list will contain multiple
records for the same individual. For example, if an individual on the
watch list has 50 known aliases, there could be 50 distinct records
related to that individual in the watch list.

36TSC completed its initial consolidation of terrorist watch list records
in March 2004 but did not specifically track the number of records in the
database until June 2004.

Figure 3: Increase in Terrorist Watch List Records, June 2004 through May
2007

TSC's database is updated daily with new nominations, modifications to
existing records, and deletions. According to TSC data, as of May 2007, a
high percentage of watch list records were international terrorist records
nominated through NCTC, and a small percentage were domestic terrorist
records nominated through the FBI. TSC data also show that more than
100,000 records have been removed from the watch list since TSC's
inception. As discussed later in this report, agencies that conduct
terrorism screening do not check against all records in the watch list.
Rather, TSC exports applicable records to federal government databases
used by agencies that conduct terrorism screening based on the screening
agency's mission responsibilities and other factors.

Agencies Have Had Approximately 53,000 Encounters with Individuals on the Watch
List, and Outcomes Indicate the List Has Helped to Combat Terrorism

For the 42-month period of December 2003 (when TSC began operations)
through May 2007, screening and law enforcement agencies encountered
individuals who were positively matched to watch list records 53,218
times, according to our analysis of TSC data. These encounters include
many individuals who were positively matched to watch list records
multiple times. Agencies took a range of actions, such as arresting
individuals, denying other individuals entry into the United States, and
most commonly, releasing the individuals following questioning and
information gathering. Our analysis of data on the outcomes of these
encounters and interviews with screening agency, law enforcement, and
intelligence community officials indicate that the watch list has enhanced
the U.S. government's counterterrorism efforts by (1) helping frontline
screening agencies obtain information to determine the level of threat a
person poses and the appropriate action to take, if any, and (2) providing
the opportunity to collect and share information on known or appropriately
suspected terrorists with law enforcement agencies and the intelligence
community.

The Number of Positive Matches to the Watch List Has Increased Each Year, and
Many Individuals Have Been Encountered Multiple Times

A breakdown of encounters with positive matches to the terrorist watch
list shows that the number of matches has increased each year--from 4,876
during the first 10-month period of TSC's operations (December 2003
through September 2004) to 14,938 during fiscal year 2005, to 19,887
during fiscal year 2006. This increase can be attributed partly to the
growth in the number of records in the consolidated terrorist watch list
and partly to the increase in the number of agencies that use the list for
screening purposes. Since its inception, TSC has worked to educate federal
departments and agencies, state and local law enforcement, and foreign
governments about appropriate screening opportunities. Our analysis of TSC
data also indicates that many individuals who were positively matched to
the terrorist watch list were encountered multiple times. For example, a
truck driver who regularly crossed the U.S.-Canada border or an individual
who frequently took international flights could each account for multiple
encounters.

Further, TSC data show that the highest percentage of encounters with
individuals who were positively matched to the watch list involved
screening within the United States by a state or local law enforcement
agency, U.S. government investigative agency, or other governmental
entity. Examples of these encounters include screening by police
departments, correctional facilities, FBI agents, and courts. The next
highest percentage of encounters with positive matches to the watch list
involved border-related encounters, such as passengers on airline flights
inbound from outside the United States or individuals screened at land
ports of entry.37 Examples include (1) a passenger flying from London
(Heathrow), England, to New York (JFK), New York, and (2) a person
attempting to cross the border from Canada into the United States at the
Rainbow Bridge port of entry in Niagara Falls, New York. The smallest
percentage of encounters with positive matches occurred outside of the
United States.

State and local law enforcement agencies historically have had access to
an FBI system that contains watch list records produced by the FBI.
However, pursuant to HSPD-6 (Sept. 16, 2003), state and local law
enforcement agencies were, for the first time, given access to watch list
records produced by the intelligence community, which are also included in
the FBI system. This access has enabled state and local agencies to better
assist the U.S. government's efforts to track and collect information on
known or appropriately suspected terrorists. These agencies accounted for
a significant percentage of the total encounters with positive matches to
the watch list that occurred within the United States.

The Watch List Has Helped Screening Agencies Assess the Potential Threat a
Person Poses and Take a Wide Range of Counterterrorism Responses

The watch list has enhanced the U.S. government's counterterrorism efforts
by allowing federal, state, and local screening and law enforcement
officials to obtain information to help them make better-informed
decisions during encounters regarding the level of threat a person poses
and the appropriate response to take, if any. The specific outcomes of
encounters with individuals on the watch list are based on the
government's overall assessment of the intelligence and investigative
information that supports the watch list record and any additional
information that may be obtained during the encounter. Our analysis of
data of the outcomes of encounters revealed that agencies took a range of
actions, such as arresting individuals, denying others entry into the
United States, and most commonly, releasing the individuals following
questioning and information gathering. The following provides additional
information on arrests, as well as the outcomes of encounters involving
the Department of State, TSA, CBP, and state or local law enforcement,
respectively.

37Passengers on airline flights coming into the United States are
generally to be screened against applicable records in the watch list two
times--first, at TSA's direction, by air carriers against the No Fly and
Selectee lists prior to boarding and then by CBP against watch list
records in its database before being admitted into the United States. To
avoid double counting, TSC generally reports these instances as one
encounter, typically as CBP border-crossing encounters. In addition, prior
to flight, an initial watch list screening is to occur in cases where a
visa is required, which TSC reports as Department of State encounters.

           o TSC data show that agencies reported arresting many subjects of
           watch list records for various reasons, such as the individual
           having an outstanding arrest warrant or the individual's behavior
           or actions during the encounter. TSC data also indicated that some
           of the arrests were based on terrorism grounds.

           o TSC data show that when visa applicants were positively matched
           to terrorist watch list records, the outcomes included visas
           denied, visas issued (because the consular officer did not find
           any statutory basis for inadmissibility), and visa ineligibility
           waived.38

           o TSA data show that when airline passengers were positively
           matched to the No Fly or Selectee lists, the vast majority of
           matches were to the Selectee list. Other outcomes included
           individuals matched to the No Fly list and denied boarding (did
           not fly) and individuals matched to the No Fly list after the
           aircraft was in-flight, which required an immediate
           counterterrorism response. Additional information on individuals
           on the No Fly list passing undetected through airline prescreening
           and being identified in-flight is presented later in this report.

           o CBP data show that a number of nonimmigrant aliens encountered
           at U.S. ports of entry were positively matched to terrorist watch
           list records. For many of the encounters, CBP determined there was
           sufficient derogatory information related to watch list records to
           preclude admission under terrorism grounds. However, for most of
           the encounters, CBP determined that there was not sufficient
           derogatory information related to the records to preclude
           admission.

           o TSC data show that state or local law enforcement officials have
           encountered individuals who were positively matched to terrorist
           watch list records thousands of times. Although data on the actual
           outcomes of these encounters were not available, the vast majority
           involved watch list records that indicated that the individuals
           were released, unless there were reasons other than
           terrorism-related grounds for arresting or detaining the
           individual.
			  
38In this context, ineligibility waived refers to individuals who were
ineligible for a visa based on terrorism grounds, but DHS approved a
waiver for a one-time visit or multiple entries into the United States. In
general, waivers are approved when the U.S. government has an interest in
allowing the individual to enter the United States, such as an individual
on the terrorist watch list who is invited to participate in peace talks
under U.S. auspices.

           Appendix IV presents more details on the outcomes of screening
           agency encounters with individuals on the terrorist watch list.
			  
			  The Watch List Has Helped Support Law Enforcement Investigations
			  and the Intelligence Community by Tracking the Movements of Known
			  or Appropriately Suspected Terrorists and Collecting Information
			  about Them

           According to federal officials, encounters with individuals who
           were positively matched to the watch list assisted government
           efforts in tracking the respective person's movements or
           activities and provided the opportunity to collect additional
           information about the individual that was shared with agents
           conducting counterterrorism investigations and with the
           intelligence community for use in analyzing threats. Such
           coordinated collection of information for use in investigations
           and threat analyses is one of the stated policy objectives for the
           watch list. Most of the individuals encountered were questioned
           and released because the intelligence and investigative
           information on these persons that supported the watch list records
           and the information obtained during the encounter did not support
           taking further actions, such as denying an individual entry into
           the United States.

           Specifically, as discussed previously, for most Department of
           State, TSA (via air carriers), CBP, and state and local encounters
           with individuals who were positively matched to the terrorist
           watch list, the counterterrorism response consisted of questioning
           the individuals and gathering information. That is, the encounters
           provided screening agency and law enforcement personnel the
           opportunity to conduct in-depth questioning and inspect travel
           documents and belongings to collect information for use in
           supporting investigations and assessing threats. TSC plays a
           central role in the real-time sharing of this information,
           creating a bridge among screening agencies, the law enforcement
           community, and the intelligence community. For example, in
           addition to facilitating interagency communication and
           coordination during encounters, TSC creates a daily report of
           encounters involving positive matches to the terrorist watch list.
           This report contains a summary of all positive encounters for the
           prior day. TSC summarizes the type of encounter, what occurred,
           and what action was taken. The report notes the person's
           affiliation with any groups and provides a summary of derogatory
           information available on the individual. Overview maps depicting
           the encounters and locations are also included in the report. The
           daily reports are distributed to numerous federal entities, as
           shown in table 1.

           Table 1: Distribution List for TSC's Daily Summary of Positive
           Matches
			  
White House            Homeland Security Council                        
FBI                    Director                                         
                          Counterterrorism Division                        
                          National Joint Terrorism Task Force              
                          Office of Intelligence                           
Departments            Department of Homeland Security (Secretary and   
                          other units)                                     
                          Department of State                              
Agencies               Federal Air Marshal Service                      
                          Transportation Security Administration           
                          (Administrator and intelligence staff)           
                          U.S. Immigration and Customs Enforcement         
                          U.S. Customs and Border Protection               
                          United States Secret Service                     
Intelligence community Central Intelligence Agency                      
                          Defense Intelligence Agency                      
                          Department of Defense Counterintelligence Field  
                          Activity                                         
                          FBI Field Intelligence Group membersa            
                          National Counterterrorism Center                 
                          National Security Agency                         
                          Office of the Director of National Intelligence  			  

           Source: GAO summary of TSC information.

           aAccording to the FBI, Field Intelligence Groups consist of FBI
           intelligence analysts, special agents, language analysts, and
           surveillance specialists who take raw information from local cases
           and make big-picture sense out of it; fill gaps in national cases
           with local information; and share their findings, assessments, and
           reports with other Field Intelligence Groups across the country
           and with other law enforcement and intelligence agencies. There is
           one Field Intelligence Group in each of the FBI's 56 field
           offices.

           According to federal law enforcement officials, the information
           collected during encounters with individuals on the terrorist
           watch list helps to develop cases by, among other means, tracking
           the movement of known or appropriately suspected terrorists and
           determining relationships among people, activities, and events.
           According to NCTC officials, information obtained from encounters
           is added to NCTC's Terrorist Identities Datamart Environment
           database, which serves as the U.S. government's central classified
           database on known or suspected international terrorists.39 This
           information can be electronically accessed by approximately 5,000
           U.S. counterterrorism personnel around the world.
			  
			  TSC Exports Applicable Watch List Records to Screening Agency Databases,
			  Depending on Agency Mission and Technical Capacity; but Some Technical
			  Requirements May Present Security Vulnerabilities

           Each day, TSC exports applicable records from the watch
           list--containing biographic or other identifying data, such as
           name and date of birth--to federal government databases used by
           agencies that conduct terrorism screening. Specifically,
           applicable watch list records are exported to the following
           federal agency databases, which are described later in this
           report:

                        o DHS's Interagency Border Inspection System.
                        o The Department of State's Consular Lookout and
                        Support System.40 
                        o The FBI's Violent Gang and Terrorist Organization
                        File.
                        o TSA's No Fly and Selectee lists.

           The applicable records that TSC exports to each of these databases
           vary based on the screening agency's mission responsibilities, the
           technical capabilities of the agency's computer system, and
           operational considerations.41 For example, records on U.S.
           citizens and lawful permanent residents are not exported to the
           Department of State's system used to screen visa applicants for
           immigration violations, criminal histories, and other matters,
           because these individuals would not apply for a U.S. visa. Also,
           to facilitate the automated process of checking an individual
           against watch list records, all of these databases require certain
           minimum biographic or identifying data in order to accept records
           from TSC's consolidated watch list. The identifying information
           required depends on the policies and needs of the screening agency
           and the technical capacity of the respective agency's computerized
           name-matching program. Also, certain records may not be exported
           to screening agency systems based on operational considerations,
           such as the amount of time available to conduct related screening.
           In general, the agency governing a particular screening database
           establishes the criteria for which records from the consolidated
           watch list will be accepted into its own system. Figure 4 presents
           a general overview of the process used to export records from
           TSC's consolidated watch list to screening agency databases.
			  
			  

           Figure 4: General Overview of the Process Used to Export Records
           from TSC's Consolidated Watch List to Screening Agency Databases

           Note: In addition to sending applicable watch list records to
           these federal government databases, TSC shares applicable records
           with certain foreign governments on a reciprocal basis, which is
           discussed later in this report.

           According to TSC, in addition to agency mission, technical, and
           operational considerations, an individual's record may be excluded
           from an agency's database in rare cases when there is a reasonable
           and detailed justification for doing so and the request for
           exclusion has been reviewed and approved by the FBI's
           Counterterrorism Division and TSC. The following sections provide
           additional information on the databases of the screening processes
           we reviewed, the percentage of records accepted as of May 2007,
           and potential security vulnerabilities.
			  
			  Interagency Border Inspection System (CBP)

           The Interagency Border Inspection System is DHS's primary lookout
           system available at U.S. ports of entry and other locations. CBP
           officers use the system to screen travelers entering the United
           States at ports of entry, which include land border crossings
           along the Canadian and Mexican borders, sea ports, and U.S.
           airports for international flight arrivals.42 This system includes
           not only the applicable records exported by TSC, but also
           additional information on people with prior criminal histories,
           immigration violations, or other activities of concern that CBP
           wants to identify and screen at ports of entry. The system is also
           used to assist law enforcement and other personnel at
           approximately 20 other federal agencies, including the following:
           U.S. Immigration and Customs Enforcement; U.S. Citizenship and
           Immigration Services; the FBI; the Drug Enforcement
           Administration; the Bureau of Alcohol, Tobacco, Firearms and
           Explosives; the Internal Revenue Service; the U.S. Coast Guard;
           the Federal Aviation Administration; and the U.S. Secret Service.

           Of all the screening agency databases discussed in this report,
           the Interagency Border Inspection System has the least restrictive
           acceptance criteria and therefore contained the highest percentage
           of records from TSC's consolidated watch list as of May 2007. This
           is because CBP's mission is to screen all travelers, including
           U.S. citizens, entering the United States at ports of entry.
			  
			  Consular Lookout and Support System (Department of State)

           The Consular Lookout and Support System is the Department of
           State's name-check system for visa applicants. Consular officers
           abroad use the system to screen the names of visa applicants to
           identify terrorists and other aliens who are potentially
           ineligible for visas based on criminal histories or other reasons
           specified by federal statute. According to the Department of
           State, all visa-issuing posts have direct access to the system and
           must use it to check each applicant's name before issuing a visa.
			  
42The Interagency Border Inspection System is also part of DHS's United
States Visitor and Immigrant Status Indicator Technology Program--known as
US-VISIT--an automated entry-exit system that records the arrival and
departure of aliens. See GAO, Homeland Security: Planned Expenditures for
U.S. Visitor and Immigrant Status Program Need to Be Adequately Defined
and Justified, [65]GAO-07-278 (Washington, D.C.: Feb. 14, 2007).

           Records on U.S. citizens and lawful permanent residents are not to
           be included in the part of the Consular Lookout and Support System
           that is used to screen visa applicants--because these individuals
           would not apply for U.S. visas--but may be included in another
           part of the system that is used to screen passport applicants.
           According to TSC officials, the part of the system that is used to
           screen visa applicants generally contains the same information as
           is contained in the Interagency Border Inspection System, except
           for records on U.S. citizens and lawful permanent residents. As of
           May 2007, the Consular Lookout and Support System contained the
           second highest percentage of all watch list records.
			  
			  Violent Gang and Terrorist Organization File (FBI)

           The Violent Gang and Terrorist Organization File is the FBI's
           lookout system for known or appropriately suspected terrorists, as
           well as gang groups and members. The file is part of the FBI's
           National Crime Information Center database, which is accessible by
           federal, state, and local law enforcement officers and other
           criminal justice agencies for screening in conjunction with
           arrests, detentions, and other criminal justice purposes.43 A
           subset of the Violent Gang and Terrorist Organization file
           consists of TSC's records to be used to screen for possible
           terrorist links.44 As of May 2007, the FBI database contained the
           third highest percentage of watch list records.

           According to TSC officials, if the remaining watch list records
           were included in the Violent Gang and Terrorist Organization File,
           the system would identify an unmanageable number of records of
           individuals as potentially being matches to the National Crime
           Information Center database. The officials explained that name
           checks against the National Crime Information Center database
           return not only potential matches to terrorist watch list records
           in the Violent Gang and Terrorist Organization File, but also
           potential matches to the millions of other records in the
           database. TSC officials noted, however, that not including these
           records has resulted in a potential vulnerability in screening
           processes--or at least a missed opportunity to track the movements
           of individuals who are the subjects of watch list records and
           collect additional relevant information. According to the FBI, the
           remaining records are not included to ensure the protection of
           civil rights and prevent law enforcement officials from taking
           invasive enforcement action on individuals misidentified as being
           on the watch list. The FBI also noted that while law enforcement
           encounters of individuals on the watch list provide significant
           information, unnecessary detentions or queries of misidentified
           persons would be counterproductive and potentially damaging to the
           efforts of the FBI to investigate and combat terrorism. Because of
           these operational concerns, the FBI noted that the extent of
           vulnerabilities in current screening processes that arise when the
           Violent Gang and Terrorist Organization File cannot accept certain
           watch list records has been determined to be low or nonexistent.
           We note, however, that the FBI did not specifically address the
           extent to which security risks are raised by not using these
           records.
			  
43The FBI's National Crime Information Center is a computerized database
of documented criminal justice information. It is available to federal,
state, and local law enforcement and other criminal justice agencies
nationwide and is operational 24 hours a day, 365 days a year.

44Also, the FBI and designated state and local criminal justice agencies
access the Violent Gang and Terrorist Organization File in conducting
background checks on individuals seeking to purchase firearms or obtain
permits to possess, acquire, or carry firearms. See GAO, Gun Control and
Terrorism: FBI Could Better Manage Firearm-Related Background Checks
Involving Terrorist Watch List Records, [66]GAO-05-127 (Washington, D.C.:
Jan. 19, 2005).

           No Fly and Selectee Lists (TSA)

           The No Fly and Selectee lists are compiled by TSC and forwarded to
           TSA, which distributes the lists to air carriers for use in
           identifying individuals who either should be precluded from
           boarding an aircraft or should receive additional physical
           screening prior to boarding a flight. TSA requires that U.S.
           aircraft operators use these lists to screen passengers on all of
           their flights and that foreign air carriers use these lists to
           screen passengers on all flights to and from the United States. Of
           all of the screening agency databases that accept watch list
           records, only the No Fly and Selectee lists require certain
           nomination criteria or inclusion standards that are narrower than
           the "known or appropriately suspected" standard of HSPD-6.
           Specifically, the lists are to contain any individual, regardless
           of citizenship, who meets certain nomination criteria established
           by the Homeland Security Council.45

45The Homeland Security Council issued revised implementation guidelines
related to the No Fly and Selectee list criteria in July 2006.

           o Persons on the No Fly list are deemed to be a threat to civil
           aviation or national security and therefore should be precluded
           from boarding an aircraft. Passengers who are a match to the No
           Fly list are to be denied boarding unless subsequently cleared by
           law enforcement personnel in accordance with TSA procedures. The
           Homeland Security Council criteria contain specific examples of
           the types of terrorism-related conduct that may make an individual
           appropriate for inclusion on the No Fly list.

           o Persons on the Selectee list are also deemed to be a threat to
           civil aviation or national security but do not meet the criteria
           of the No Fly list. Being on the Selectee list does not mean that
           the person will not be allowed to board an aircraft or enter the
           United States. Instead, persons on this list are to receive
           additional security screening prior to being permitted to board an
           aircraft, which may involve a physical inspection of the person
           and a hand-search of the passenger's luggage. The Homeland
           Security Council criteria contain specific examples of the types
           of terrorism-related conduct that may make an individual
           appropriate for inclusion on the Selectee list, as well as the
           types of activities that generally would not be considered
           appropriate for inclusion on the list.

           According to the Homeland Security Council criteria, the No Fly
           and Selectee lists are not intended as investigative or
           information-gathering tools, or tracking mechanisms. Rather, the
           lists are intended to help ensure the safe transport of passengers
           and their property and to facilitate the flow of commerce. An
           individual must meet the specific nomination criteria to be placed
           on one of the lists, and the watch list record must contain a full
           name and date of birth to be added to either of the lists.

           As of May 2007, the No Fly list and the Selectee list collectively
           contained the lowest percentage of watch list records. The
           remaining records in TSC's watch list either did not meet the
           specific Homeland Security Council nomination criteria or did not
           meet technical requirements that the records contain a full name
           and date of birth. TSC could not readily determine how many
           records fell into each of these two categories. Nonetheless, these
           records are not provided to TSA for use in prescreening
           passengers. According to TSA officials, without a full name and
           date of birth, the current name-matching programs used by airlines
           would falsely identify an unacceptable number of individuals as
           potentially being on the watch list.

           According to DHS, the amount or specific types of biographical
           information available on the population to be screened should also
           be considered when determining what portion of the watch list
           should be used. For example, DHS noted that screening
           international airline passengers who have provided passport
           information is very different from screening domestic airline
           passengers for whom the government has little biographical
           information. Further, DHS noted that for airline passengers, there
           is not much time to resolve false positives or determine whether
           someone on the watch list should be subjected to additional
           screening prior to departure of a flight, whereas for individuals
           arriving at U.S. ports of entry from international locations, CBP
           has more time to interview individuals and resolve issues upon
           their arrival.

           For international flights bound to or departing from the United
           States, two separate screening processes occur. Specifically, in
           addition to TSA requiring that air carriers prescreen passengers
           prior to boarding against the No Fly and Selectee lists, CBP
           screens all passengers on international flights--for border
           security purposes--against watch list records in the Interagency
           Border Inspection System.46 CBP's screening generally occurs after
           the aircraft is in flight.47 This layered or secondary screening
           opportunity does not exist for passengers traveling domestically
           within the United States.

           In 2006, the conference report accompanying the Department of
           Homeland Security Appropriations Act, 2007, directed TSA to
           provide a detailed plan describing key milestones and a schedule
           for checking names against the full terrorist watch list in its
           planned Secure Flight passenger prescreening program if the
           administration believes a security vulnerability exists under the
           current process of checking names against only the No Fly and
           Selectee lists.48 According to TSA, the administration has
           concluded that non-use of the full watch list does not constitute
           a security vulnerability; however, TSA did not explain the basis
           for this determination. Also, DHS's Office for Civil Rights and
           Civil Liberties emphasized that there is a strong argument against
           increasing the number of watch list records TSA uses to prescreen
           passengers. Specifically, the office noted that if more records
           were used, the number of misidentifications would expand to
           unjustifiable proportions, increasing administrative costs within
           DHS, without a measurable increase in security. The office also
           noted that an expansion of the No Fly and Selectee lists could
           even alert a greater number of individuals to their watch list
           status, compromising security rather than advancing it. Further,
           according to the office, as the number of U.S. citizens denied and
           delayed boarding on domestic flights increases, so does the
           interest in maintaining watch list records that are as accurate as
           possible. Also, the office noted that an increase in denied and
           delayed boarding of flights could generate volumes of complaints
           or queries that exceed the current capabilities of the watch list
           redress process.
			  
46As discussed previously, as of May 2007, CBP's system contained the
highest percentage of the records in TSC's watch list.

47Pursuant to a final rule published in the Federal Register in August
2007, this process will take place, in all instances, before an aircraft
is in flight by the end of February 2008. See 72 Fed. Reg. 48,320 (Aug.
23, 2007).

48See H.R. Conf. Rep. No. 109-669, at 140 (2006) (accompanying H.R. 5441,
enacted into law as the Department of Homeland Security Appropriations
Act, 2007, Pub. L. No. 109-295, 120 Stat. 1355 (2006)). See also
Department of Homeland Security Appropriations Act, 2008, H.R. 2638, 110th
Cong. (as passed by House of Representatives, June 15, 2007) (containing a
similar requirement).

           DHS Agencies Are Addressing Incidents of Persons on the Watch List
			  Passing Undetected through Screening; TSC Has Ongoing Initiatives
			  That Could Help Reduce This Vulnerability

           Key frontline screening agencies within DHS--CBP, U.S. Citizenship
           and Immigration Services, and TSA--are separately taking actions
           to address potential vulnerabilities in terrorist watch
           list-related screening. A particular concern is that individuals
           on the watch list not pass undetected through agency screening.
           According to the screening agencies, some of these
           incidents--commonly referred to as false negatives--have occurred.
           Irrespective of whether such incidents are isolated aberrations or
           not, any individual on the watch list who passes undetected
           through agency screening constitutes a vulnerability. Regarding
           other ameliorative efforts, TSC has ongoing initiatives that could
           help reduce false negatives, such as improving the quality of
           watch list data.
			  
			  Key Frontline Screening Agencies in DHS Are Separately Addressing
			  Screening Vulnerabilities

           CBP, U.S. Citizenship and Immigration Services, and TSA have begun
           to take actions to address incidents of subjects of watch list
           records passing undetected through agency screening. The efforts
           of each of these three DHS component agencies are discussed in the
           following sections, respectively. Generally, as indicated,
           positive steps have been initiated by each agency. Given the
           potential consequences of any given incident, it is particularly
           important that relevant component agencies have mechanisms in
           place to systematically monitor such incidents, determine causes,
           and implement appropriate corrective actions as expeditiously as
           possible.
			  
			    U.S. Customs and Border Protection Is Studying Cases Where Some
				 Subjects of Watch List Records Were Not Detected by Screening at
				 Ports of Entry

           During our field visits in spring 2006 to selected ports of entry,
           CBP officers informed us of several incidents involving
           individuals on the watch list who were not detected until after
           they had been processed and admitted into the United States.49 In
           response to our inquiry at CBP headquarters in May 2006, agency
           officials acknowledged that there have been such incidents. CBP
           did not maintain aggregated data on the number of these incidents
           nationwide or the specific causes, but it did identify possible
           reasons for failing to detect someone on the watch list.
           Subsequently, in further response to our inquiries, CBP created a
           working group to study the causes of incidents involving
           individuals on the watch list who were not detected by
           port-of-entry screening. The working group, coordinated by the
           National Targeting Center, is composed of subject matter experts
           representing the policy, technical, and operations facets within
           CBP. According to headquarters officials, the group is responsible
           for (1) identifying and recommending policy solutions within CBP
           and (2) coordinating any corrective technical changes within CBP
           and with TSC and NCTC, as appropriate. The working group held its
           first meeting in early 2007. According to CBP, some corrective
           actions and measures have already been identified and are in the
           process of being implemented.
			  
			    Agencies Are Working on Solutions to Prevent Unauthorized
				 Applicants for Citizenship and Other Immigration Benefits from
				 Getting through Agency Screening

           Agencies are working to eliminate shortcomings in screening
           processes that have resulted in unauthorized applicants for
           citizenship and other immigration benefits getting through agency
           screening. The cognizant agency, U.S. Citizenship and Immigration
           Services, is to screen all individuals who apply for U.S.
           citizenship or other immigration benefits--such as work
           authorization--for information relevant to their eligibility for
           these benefits. According to U.S. Citizenship and Immigration
           Services officials, the agency does not maintain aggregated data
           on the number of times the initial screening has failed to
           identify individuals who are subjects of watch list records or the
           specific causes. The officials noted, however, that for certain
           applicants--including individuals seeking long-term benefits such
           as permanent citizenship, lawful permanent residence, or
           asylum--additional screening against watch list records is
           conducted. This additional screening has generated some positive
           matches to watch list records, whereas these matches were not
           detected during the initial checks.50
			  
49We visited various CBP ports of entry at airports and land border
crossings in California, Michigan, New York, and Texas (see app. I).

50In 2005, we reported on U.S. Citizenship and Immigration Services'
efforts to manage backlogs of immigration benefit applications. See GAO,
Immigration Benefits: Improvements Needed to Address Backlogs and Ensure
Quality of Adjudications, [67]GAO-06-20 (Washington, D.C.: Nov. 21, 2005).

           According to U.S. Citizenship and Immigration Services, each
           instance of individuals on the watch list getting through agency
           screening is reviewed on a case-by-case basis to determine the
           cause, with appropriate follow-up and corrective action taken, if
           needed. As a prospective enhancement, in April 2007, U.S.
           Citizenship and Immigration Services entered into a memorandum of
           understanding with TSC. If implemented, this enhancement could
           allow U.S. Citizenship and Immigration Services to conduct more
           thorough and efficient searches of watch list records during the
           screening of benefit applicants.
			  
			    A Final Rule and a Planned Prescreening Program Could Help Address
				 the Issue of Individuals on the No Fly List Being Inadvertently
				 Allowed to Fly

           In the past, there have been a number of known cases in which
           individuals who were on the No Fly list passed undetected through
           airlines' prescreening of passengers and flew on international
           flights bound to or from the United States, according to TSA data.
           These individuals were subsequently identified in-flight by other
           means--specifically, screening of passenger manifests conducted by
           CBP's National Targeting Center. However, the onboard security
           threats required an immediate counterterrorism response, which in
           some instances resulted in diverting the aircraft to a location
           other than its original destination. TSA provided various reasons
           why an individual who is on the No Fly list may not be detected by
           air carriers during their comparisons with the No Fly list.
           However, TSA had not analyzed the extent to which each cause
           contributed to such incidents. According to TSA, the agency's
           regulatory office is responsible for initiating investigative and
           corrective actions with the respective air carrier, if needed.

           For international flights bound to or from the United States, two
           separate screening processes occur. In addition to the initial
           prescreening conducted by the airlines in accordance with TSA
           requirements, CBP's National Targeting Center screens passengers
           against watch list records in the Interagency Border Inspection
           System using information that is collected from air carriers'
           passenger manifests, which contain information obtained directly
           from government-issued passports. Specifically, for passengers
           flying internationally, airlines are required to provide passenger
           manifest data obtained at check-in from all passengers to CBP.51
           Presently, CBP requires airlines to transmit the passenger data no
           later than 15 minutes prior to departure for outbound flights and
           no later than 15 minutes after departure for inbound flights.52
           Because the transmission of this information occurs so close to
           the aircraft's departure, the National Targeting Center's
           screening of the information against watch list records in the
           Interagency Border Inspection System--which includes a check of
           records in the No Fly list--often is not completed until after the
           aircraft is already in the air. If this screening produces a
           positive match to the No Fly list, the National Targeting Center
           is to coordinate with other federal agencies to determine what
           actions to take.

           Procedures described in the final rule issued by CBP and published
           in the Federal Register on August 23, 2007, could help mitigate
           instances of individuals on the No Fly list boarding international
           flights bound to or from the United States. Specifically, the rule
           will require air carriers to either transmit complete passenger
           manifests to CBP no later than 30 minutes prior to the securing of
           the aircraft doors, or transmit manifest information on an
           individual basis as each passenger checks in for the flight up to
           but no later than the securing of the aircraft. When implemented
           (the rule is to take effect on February 19, 2008), CBP should be
           better positioned to identify individuals on the No Fly list
           before an international flight is airborne.53

           Regarding domestic flights within the United States, there is no
           second screening opportunity using watch list-related information.
           Rather, the airlines are responsible for prescreening passengers
           prior to boarding in accordance with TSA requirements and using
           the No Fly and Selectee lists provided by TSA. Although TSA has
           been mandated to assume responsibility for conducting the watch
           list screening function from the airline industry, the agency's
           proposed prescreening program, known as Secure Flight, has not yet
           been implemented.54 Under the Secure Flight program, TSA plans to
           take over from aircraft operators the responsibility for comparing
           identifying information on airline passengers against watch list
           records. We have reported and TSA has acknowledged significant
           challenges in developing and implementing the Secure Flight
           program.55 Last year, TSA suspended Secure Flight's development to
           reassess, or rebaseline, the program. The rebaselining effort
           included reassessing the program goals, the expected benefits and
           capabilities, and the estimated schedules and costs. According to
           TSC officials who have been working with TSA to support
           implementation of Secure Flight, the program could help to reduce
           potential vulnerabilities in the prescreening of airline
           passengers on domestic flights.
			  
51See 19 C.F.R. SS 122.49a, 122.75a (listing the required passenger
manifest information for international arrivals and departures,
respectively).

52CBP defines "departure" as the point at which the wheels are up on the
aircraft and the aircraft is en route directly to its destination. See 19
C.F.R. S 122.49a(a). CBP, however, issued a final rule that, among other
things, will require the transmission of passenger data no later than the
"securing of the aircraft," defined as the moment the aircraft's doors are
closed and secured for flight. See 72 Fed. Reg. 48,320 (Aug. 23, 2007).
The provisions of the final rule take effect on February 19, 2008.

53For additional information on international passenger prescreening, see
GAO, Aviation Security: Efforts to Strengthen International Passenger
Prescreening Are Under Way, but Planning and Implementation Issues Remain,
GAO-07-346 (Washington, D.C.: May 16, 2007).

54See 49 U.S.C. S 44903(j)(2)(C). In August 2007, TSA issued its notice of
proposed rulemaking for the Secure Flight program. See 72 Fed. Reg. 48,356
(Aug. 23, 2007).

55GAO, Aviation Security: Management Challenges Remain for the
Transportation Security Administration's Secure Flight Program,
[68]GAO-06-864T (Washington, D.C.: June 14, 2006).

           The Terrorist Screening Center Has Various Ongoing or Planned
			  Initiatives That Could Help Reduce Vulnerabilities in Watch List-
			  Related Screening

           To help reduce vulnerabilities in watch list-related screening,
           TSC has ongoing initiatives to improve the effectiveness of
           screening and ensure the accuracy of data. Also, prospectively,
           TSC anticipates developing a capability to link biometric data to
           supplement name-based screening.
			  
			    Improving the Effectiveness of Screening: Search Engine Technology
				 and Direct-Query Capability

           Generally, to handle the large volumes of travelers and others who
           must be screened, federal agencies and most airlines use
           computer-driven algorithms to rapidly compare the names of
           individuals against applicable terrorist watch list records.56 In
           the name-matching process, the number of likely matching records
           returned for manual review depends partly upon the sensitivity
           thresholds of the algorithms to variations in name spelling or
           representations of names from other languages. Screening agencies,
           and airlines in accordance with TSA requirements, have discretion
           in setting these thresholds, which can have operational
           implications. If a threshold is set relatively high, for example,
           more names may be cleared and fewer flagged as possible matches,
           increasing the risk of false negatives--that is, failing to
           identify an individual whose name is on the terrorist watch list.
           Conversely, if a threshold is set relatively low, more individuals
           who do not warrant additional scrutiny may be flagged (false
           positives), with fewer cleared through an automated process. A
           primary factor in designing a computerized name-matching process
           is the need to balance minimizing the possibility of generating
           false negatives, while not generating an unacceptable number of
           false positives (misidentifications).
			  
56An algorithm is a prescribed set of well-defined, unambiguous rules or
processes for the solution of a problem in a finite number of steps.

           To help ensure awareness of best practices among agencies, TSC has
           formed and chairs an interagency working group--the Federal
           Identity Match Search Engine Performance Standards Working
           Group--that met initially in December 2005.57 An objective of the
           working group is to provide voluntary guidance for federal
           agencies that use identity matching search engine technology.
           Essentially, the prospective guidance is intended to improve the
           effectiveness of identity matching across agencies by, among other
           means, assessing which algorithms or search engines are the most
           effective for screening specific types or categories of names.
           According to TSC, three agencies have volunteered to participate
           in pilot programs in the summer of 2007, after which a target date
           for completing the initiative to develop and provide voluntary
           guidance to screening agencies will be set. If effectively
           implemented, this initiative could help reduce potential
           vulnerabilities in screening processes that are based on
           limitations in agencies' computerized name-matching programs.

           TSC is also developing a process whereby screening agencies can
           directly "query" the center's consolidated terrorist screening
           database. TSC noted that a direct-query capability will ensure
           that all possible hits against the database will be directed
           automatically into the center's resolution process to determine if
           they are positive matches, thereby ensuring consistency in the
           government's approach to screening. Currently, TSC must rely upon
           the screening agencies to contact the center--generally by
           telephone or fax--when they have possible hits. As of May 2007,
           TSC had not developed specific time frames for implementing this
           initiative. According to TSC, the technology for a direct-query
           capability is in place, but related agreements with screening
           agencies were still being negotiated.
			  
57The working group's membership includes representatives from the
Departments of Homeland Security (including TSA and CBP), State, and
Defense; FBI; and the intelligence community (including NCTC, Central
Intelligence Agency, National Security Agency, and Defense Intelligence
Agency). Also, the National Institute of Standards and Technology acts as
a special advisor to the working group.

             Improving Data Quality

           Preventing incidents of individuals on the watch list passing
           undetected through agency screening is dependent partly on the
           quality and accuracy of data in TSC's consolidated terrorist watch
           list. In June 2005, the Department of Justice's Office of the
           Inspector General reported that its review of TSC's consolidated
           watch list found several problems--such as inconsistent record
           counts and duplicate records, lack of data fields for some
           records, and unclear sources for some records.58 Among other
           things, the Inspector General recommended that TSC develop
           procedures to regularly review and test the information contained
           in the consolidated terrorist watch list to ensure that the data
           are complete, accurate, and nonduplicative. In its September 2007
           follow-up report, the Inspector General noted that TSC has
           enhanced its efforts to ensure the quality of watch list data and
           has increased the number of staff assigned to data quality
           management. However, the Inspector General also determined that
           TSC's management of the watch list continues to have weaknesses.59
			  
58Department of Justice, Office of the Inspector General, Review of the
Terrorist Screening Center, Audit Report 05-27 (June 2005).

59Department of Justice, Office of the Inspector General, Follow-up Audit
of the Terrorist Screening Center, Audit Report 07-41 (September 2007).

           TSC has ongoing quality-assurance initiatives to identify and
           correct incomplete or inaccurate records that could contribute to
           either false negatives or false positives. The center's director
           and principal deputy director stressed to us that quality of data
           is a high priority and also is a continuing challenge,
           particularly given that the database is dynamic, changing
           frequently with additions, deletions, and modifications. The
           officials noted the equal importance of ensuring that (1) the
           names of known and appropriately suspected terrorists are included
           on the watch list and (2) the names of any individuals who are
           mistakenly listed or are cleared of any nexus to terrorism are
           removed. In this regard, the officials explained that the TSC's
           standard operating practices include at least three opportunities
           to review records. First, TSC staff--including subject matter
           experts detailed to the center from other agencies--review each
           incoming record submitted (nominated) to the center for inclusion
           on the consolidated watch list. Second, every time there is a
           screening encounter--for example, a port-of-entry screening of an
           individual that generates an actual or a potential match with a
           watch list record--that record is reviewed again. And third,
           records are reviewed when individuals express their concerns or
           seek correction of any inaccurate data--a process often referred
           to as redress.60
			  
60Redress generally refers to an agency's complaint resolution process,
whereby individuals may seek resolution of their concerns about an agency
action. See GAO, Terrorist Watch List Screening: Efforts to Help Reduce
Adverse Effects on the Public, [69]GAO-06-1031 (Washington, D.C.: Sept.
29, 2006).
			  
			    Future Enhancement: Linking to Biometric Data

           Conceptually, biometric technologies based on fingerprint
           recognition, facial recognition, or other physiological
           characteristics can be used to screen travelers against a
           consolidated database, such as the terrorist watch list.61
           However, TSC presently does not have this capability, although use
           of biometric information to supplement name-based screening is
           planned as a future enhancement. Specifically, TSC's strategy is
           not to replicate existing biometric data systems. Rather, the
           strategy, according to TSC's director and principal deputy
           director, is to develop a "pointer" capability to facilitate the
           online linking of name-based searches to relevant biometric
           systems, such as the FBI's Integrated Automated Fingerprint
           Identification System--a computerized system for storing,
           comparing, and exchanging fingerprint data in a digital format
           that contains the largest criminal biometric database in the
           world. TSC officials recognize that even biometric systems have
           screening limitations, such as relevant federal agencies may have
           no fingerprints or other biometrics to correlate with many of the
           biographical records in the TSC's watch list. For instance, watch
           list records may be based on intelligence gathered by electronic
           wire taps or other methods that involve no opportunity to obtain
           biometric data. Nonetheless, TSC officials anticipate that
           biometric information, when available, can be especially useful
           for confirming matches to watch list records when individuals use
           false identities or aliases.

61In an earlier report, we assessed various biometric technologies. See
GAO, Technology Assessment: Using Biometrics for Border Security,
[70]GAO-03-174 (Washington, D.C.: Nov. 15, 2002).

           The U.S. Government Has Made Progress in Using the Watch List but
			  a Strategy and Plan Supported by a Governance Structure with Clear
			  Lines of Authority Would Enhance Use and Effectiveness

           Although the U.S. government has made progress in using watch list
           records to support terrorism-related screening, there are
           additional opportunities for using the list. Internationally, the
           Department of State has made arrangements with six foreign
           governments to exchange terrorist watch list information and is in
           negotiations with several other countries. Within the private
           sector, some critical infrastructure components are presently
           using watch list records to screen current or prospective
           employees, but many components are not. DHS has not established
           guidelines to govern the use of watch list records for appropriate
           screening opportunities in the private sector that have a
           substantial bearing on homeland security. Further, all federal
           departments and agencies have not taken action in accordance with
           HSPD-6 and HSPD-11 to identify and describe all appropriate
           screening opportunities that should use watch list records.
           According to TSC, determining whether new screening opportunities
           are appropriate requires evaluation of multiple factors, including
           operational and legal issues--particularly related to privacy and
           civil liberties. To date, appropriate opportunities have not been
           systematically identified or evaluated, in part because the
           federal government lacks an up-to-date strategy and a prioritized
           investment and implementation plan for optimizing the use and
           effectiveness of terrorist-related screening. Moreover, the lines
           of authority and responsibility to provide governmentwide
           coordination and oversight of such screening are not clear, and
           existing entities with watch list responsibilities may not have
           the necessary authority, structure, or resources to assume this
           role.
			  
			  The Department of State Has Made Progress in Efforts to Exchange
			  Terrorist Watch List Information with Foreign Governments

           According to the 9/11 Commission, the U.S. government cannot meet
           its obligations to the American people to prevent the entry of
           terrorists into the United States without a major effort to
           collaborate with other governments.62 The commission noted that
           the U.S. government should do more to exchange terrorist
           information with trusted allies and raise U.S. and global border
           security standards for travel and border crossing over the medium
           and longterm through extensive international cooperation. HSPD-6
           required the Secretary of State to develop a proposal for the
           President's approval for enhancing cooperation with certain
           foreign governments--beginning with those countries for which the
           United States has waived visa requirements--to establish
           appropriate access to terrorism screening information of the
           participating governments.63 This information would be used to
           enhance existing U.S. government screening processes.
			  
62National Commission on Terrorist Attacks Upon the United States, The
9/11 Commission Report: Final Report of the National Commission on
Terrorist Attacks Upon the United States (July 22, 2004).

63Foreign nationals from visa waiver countries are allowed to travel to
the United States under limited conditions and for a limited time without
obtaining a visa. The following 27 countries are currently in the visa
waiver program: Andorra, Austria, Australia, Belgium, Brunei, Denmark,
Finland, France, Germany, Iceland, Ireland, Italy, Japan, Liechtenstein,
Luxembourg, Monaco, the Netherlands, New Zealand, Norway, Portugal, San
Marino, Singapore, Slovenia, Spain, Sweden, Switzerland, and the United
Kingdom. For additional information on the visa waiver program, see GAO,
Border Security: Stronger Actions Needed to Assess and Mitigate the Risks
of the Visa Waiver Program, [71]GAO-06-854 (Washington, D.C: July 28,
2006).

           The Department of State determined that the most effective way to
           obtain this information was to seek bilateral arrangements to
           share information on a reciprocal basis. The Department of State's
           Bureau of Consular Affairs and the Homeland Security Council
           co-chair an interagency working group to implement the
           international cooperation provisions of HSPD-6.64 According to the
           Department of State, there is no single document or proposal that
           sets forth the working group's approach or plan. Rather, a series
           of consensus decisions specify how to proceed, often on a
           country-by-country basis in order to accommodate each country's
           laws and political sensitivities. The working group met six times
           from September 2005 through December 2006 to discuss operational
           and procedural issues related to sharing terrorism information and
           to update working group members on the status of bilateral
           negotiations with foreign governments.

           According to the Department of State, the department's Bureau of
           Consular Affairs has approached all countries for which the United
           States has waived visa requirements and two non-visa waiver
           program countries with a proposal to exchange terrorist screening
           information. From October through December 2006, interagency teams
           visited six countries to brief government officials and also met
           in Washington, D.C., with representatives of a number of other
           countries. According to the Department of State, interagency
           working groups at U.S. embassies around the world remain actively
           engaged with foreign counterparts and coordinate discussions on
           international sharing of terrorist screening information with a
           Department of State team in Washington, D.C.

64According to the Department of State, interagency working group members
represent agencies and organizations from the intelligence and law
enforcement communities with an interest in the implementation of HSPD-6,
including the Central Intelligence Agency, the FBI, the Defense
Intelligence Agency, the National Security Agency, DHS, the Department of
Justice, the Office of Management and Budget, and TSC.

           Two countries have been sharing terrorist screening information
           with the United States since before September 11, 2001, and that
           information has been integrated into TSC's consolidated watch list
           and, as applicable, into screening agencies' databases. According
           to the Department of State, since 2006, the United States has made
           arrangements to share terrorist screening information with four
           new foreign government partners and is in negotiations with
           several other countries. The department noted that it had also
           received indications of interest from governments of non-visa
           waiver countries.
			  
			  DHS Has Not Finalized Guidelines for Using Watch List Records to
			  Support Private Sector Screening

           Although federal departments and agencies have made progress in
           using terrorist watch list records to support private sector
           screening processes, there are additional opportunities for using
           records in the private sector. However, DHS has not yet finalized
           guidelines to govern such use. Specifically, HSPD-6 required the
           Secretary of Homeland Security to develop guidelines to govern the
           use of terrorist information, as defined by the directive, to
           support various screening processes, including private sector
           screening processes that have a substantial bearing on homeland
           security. The interagency memorandum of understanding that
           implements HSPD-6 also required the Secretary of Homeland Security
           to establish necessary guidelines and criteria to (a) govern the
           mechanisms by which private sector entities can access the watch
           list and (b) initiate appropriate law enforcement or other
           governmental action, if any, when a person submitted for query by
           a private sector entity is identified as a person on the watch
           list.

           According to the Associate Director of the Screening Coordination
           Office within DHS, in developing guidelines to govern private
           sector screening against watch list records, the department
           planned to partner with the National Infrastructure Advisory
           Council.65 The council had previously reported that the private
           sector wants to be informed about threats and potential
           terrorists. Specifically, in its July 2006 report on public and
           private sector intelligence coordination, the National
           Infrastructure Advisory Council noted that chief executive
           officers of private sector corporations expect to be informed when
           the government is aware of a specific, credible threat to their
           employees, physical plants, or cyber assets.66 The report also
           noted that chief executive officers expect to be informed if the
           government knows that their respective company has inadvertently
           employed a terrorist.

           According to DHS's Office of Infrastructure Protection and
           Infrastructure Partnerships Division, employees in parts of some
           components of the private sector are being screened against watch
           list records, including certain individuals who have access to the
           protected or vital areas of nuclear power plants, work in
           airports, and transport hazardous materials. However, many
           critical infrastructure components are not using watch list
           records. The office also indicated that several components of the
           private sector are interested in screening employees against watch
           list records or expanding current screening. In its June 2007
           comments on a draft of this report (see app. V), DHS noted that
           the Screening Coordination Office has drafted initial guidelines
           to govern the use of watch list records to support private sector
           screening processes and was in the process of working with federal
           stakeholders to finalize this document. However, DHS did not
           provide specific plans and time frames for finalizing the
           guidelines. Establishing guidelines to govern the private sector's
           use of watch list records, in accordance with HSPD-6, would help
           in identifying and implementing appropriate screening
           opportunities.
			  
65The National Infrastructure Advisory Council is to provide the
President, through the Secretary of Homeland Security, with advice on the
security of critical infrastructure sectors of the economy. It also is
authorized to provide advice directly to the heads of other agencies that
have shared responsibility for critical infrastructure protection,
including the Departments of Health and Human Services, Transportation,
and Energy. The council is charged to improve the cooperation and
partnership between the public and private sectors in securing the
critical infrastructures and advising on related policies and strategies,
such as clarification of the roles and responsibilities between public and
private sectors.

66National Infrastructure Advisory Council, Public-Private Sector
Intelligence Coordination: Final Report and Recommendations by the Council
(June 11, 2006).

           Federal Departments and Agencies Have Not Identified All Appropriate
           Opportunities for Using Watch List Records to Detect and Deter
			  Terrorists

           Although required to do so by presidential directives, federal
           departments and agencies have not identified all appropriate
           screening opportunities that should use terrorist watch list
           records. Specifically, HSPD-6 required the heads of executive
           departments and agencies to conduct screening using the terrorist
           watch list at all appropriate opportunities, and to report the
           opportunities at which such screening shall and shall not be
           conducted to the Attorney General. TSC provided an initial report
           on screening opportunities to the Attorney General on December 15,
           2003.67 According to the report, TSC hosted a meeting with
           representatives of more than 30 agencies in October 2003 to
           discuss the HSPD-6 requirement. At the meeting, TSC requested that
           the agencies identify appropriate screening opportunities and
           report them to TSC. However, the report noted that based on the
           agency responses TSC received, no meaningful or comprehensive
           report on screening opportunities could be produced at that time.
           TSC provided additional reports to the Attorney General in April,
           July, and December 2004. These reports also did not contain
           comprehensive information on all screening opportunities,
           consistent with HSPD-6.

           According to the Department of Justice, with the issuance of
           HSPD-11, which "builds upon" HSPD-6, the Attorney General's
           responsibilities for identifying additional screening
           opportunities were largely overtaken by DHS which, in coordination
           with the Department of Justice and other agencies, was to create a
           comprehensive strategy to enhance the effectiveness of
           terrorist-related screening activities. Among other things, the
           strategy was to include a description of the screening
           opportunities for which terrorist-related screening would be
           applied. DHS has taken some related actions but, as of June 2007,
           it had not systematically identified all appropriate screening
           opportunities.68 Absent a systematic approach to identifying
           appropriate screening opportunities, TSC has been working with
           individual agencies to identify such opportunities. According to
           TSC, as of May 2007, the center was working on approximately 40
           agreements with various federal departments or agencies to use
           applicable portions of the terrorist watch list.
			  
67TSC's initial report and supplemental reports were provided to the
Attorney General via memorandums from the Director of the FBI.

68Additional information on DHS's efforts to develop the strategy is
discussed later in the report.

           Also, a systematic approach to identifying screening opportunities
           would help the government determine if other uses of watch list
           records are appropriate and should be implemented, including uses
           primarily intended to assist in collecting information to support
           investigative activities. Such coordinated collection of
           information for use in investigations is one of the stated policy
           objectives for the watch list. For example, during our review, TSC
           noted that screening domestic airline passengers against watch
           list records in addition to those in the No Fly and Selectee lists
           would have benefits, such as collecting information on the
           movements of individuals with potential ties to terrorism.
           According to TSC, other factors would need to be considered in
           determining whether such screening is appropriate and should be
           implemented, including privacy and civil liberties implications.
           Moreover, it is not clear whether such screening is operationally
           feasible, and if it were, whether TSC or some other agency would
           perform the screening.
			  
			  The U.S. Government Lacks an Updated Strategy and an Investment and
			  Implementation Plan for Enhancing the Use and Effectiveness of
			  Terrorist-Related Screening

           Since September 11, 2001, we, as well as the Administration, have
           called for a more strategic approach to managing terrorist-related
           information and using it for screening purposes. In April 2003, we
           made recommendations for improving the information technology
           architecture environment needed to support watch list-related
           screening and called for short- and long-term strategies that
           would provide for (1) more consolidated and standardized watch
           list information and (2) more standardized policies and procedures
           for better sharing watch list data and for addressing any legal
           issues or cultural barriers that affect watch list sharing.69
           Subsequently, in August 2004, HSPD-11 outlined the
           Administration's vision to develop comprehensive terrorist-related
           screening procedures. Specifically, HSPD-11 required the Secretary
           of Homeland Security--in coordination with the heads of
           appropriate federal departments and agencies--to submit two
           reports to the President (through the Assistant to the President
           for Homeland Security) related to the government's use of the
           watch list. Among other things, the first report was to outline a
           strategy to enhance the effectiveness of terrorist-related
           screening activities by developing comprehensive, coordinated, and
           systematic procedures and capabilities. The second report was to
           provide a prioritized investment and implementation plan for a
           systematic approach to terrorist-related screening that optimizes
           detection and interdiction of suspected terrorists and terrorist
           activities. The plan was to describe the "scope, governance,
           principles, outcomes, milestones, training objectives, metrics,
           costs, and schedule of activities" to enhance and implement the
           U.S. government's terrorism-related screening policies.
			  
69 [72]GAO-03-322 .			  

           According to DHS officials, the department submitted the required
           strategy and the investment and implementation plan to the
           President in November 2004. However, neither DHS nor the Homeland
           Security Council would provide us copies of either report.
           Instead, officials from DHS's Screening Coordination Office
           provided us a document that they said contained
           department-specific information from the 2004 strategy and
           implementation plan.70 According to DHS officials, because the
           strategy and plan were products of an interagency process, the
           Screening Coordination Office believed that it needed to redact
           information that pertained to other departments' processes,
           programs, or activities. The DHS document contains information on
           the department's efforts to catalogue its terrorist-related
           screening activities and identifies significant issues that
           inhibit effective terrorist-related screening. For example,
           according to the document, "no one entity within the department is
           responsible for defining roles and responsibilities for
           terrorist-related screening, identifying gaps and overlaps in
           screening opportunities, prioritizing investments, measuring
           performance, or setting technical and non-technical standards."
           Also, the document notes that DHS components may have only limited
           knowledge of what screening is currently being performed by others
           within the department, because there is no coordination mechanism
           to share information on these activities.

           DHS acknowledged that it has not updated either the strategy or
           the plan since the 2004 reports, despite the fact that some
           aspects of the strategy and plan had been overcome by other
           events, such as results of the "Second Stage Review" initiated in
           March 2005 by the Secretary of Homeland Security.71 Moreover,
           according to DHS screening managers, the departmental office
           responsible for updating these documents--the Screening
           Coordination Office--was not established until July 2006 and has
           had other screening-related priorities. The officials noted that
           the Screening Coordination Office is working on various aspects of
           terrorist-related screening, but that work remains in updating the
           strategy and the investment and implementation plan.
			  
70DHS established the Screening Coordination Office in July 2006 to
enhance security measures by integrating the department's terrorist- and
immigration-related screening efforts, creating unified screening
standards and policies, and developing a single redress process for
travelers.

71The review's purpose was to systematically evaluate DHS's operations,
policies, and structures. On July 13, 2005, the Secretary of Homeland
Security announced completion of the review.

           Without an updated strategy and plan, the federal government lacks
           mechanisms to support a comprehensive and coordinated approach to
           terrorist-related screening envisioned by the Administration,
           including mechanisms for building upon existing systems and best
           practices. Also, the federal government has not taken necessary
           actions to promote the effective use of watch list records at all
           appropriate screening opportunities, including private sector
           screening processes that have a substantial bearing on homeland
           security. An updated strategy and an investment and implementation
           plan that address the elements prescribed by HSPD-11--particularly
           clearly articulated principles, milestones, and outcome
           measures--could also provide a basis for establishing
           governmentwide priorities for screening, assessing progress toward
           policy goals and intended outcomes, ensuring that any needed
           changes are implemented, and responding to issues our work
           identified, such as potential screening vulnerabilities and
           interagency coordination challenges.
			  
			  Existing Governance Structures May Not Provide Necessary Oversight
			  and Coordination

           Recognizing that achievement of a coordinated and comprehensive
           approach to terrorist-related screening involves numerous entities
           within and outside the federal government, HSPD-11 called for DHS
           to address governance in the investment and implementation plan.
           To date, however, no governance structure with clear lines of
           responsibility and authority has been established to monitor
           governmentwide screening activities--such as assessing gaps or
           vulnerabilities in screening processes and identifying,
           prioritizing, and implementing new screening opportunities.
           Lacking clear lines of authority and responsibility for
           terrorist-related screening activities that transcend the
           individual missions and more parochial operations of each
           department and agency, it is difficult for the federal government
           to monitor its efforts and to identify best practices or common
           corrective actions that could help to ensure that watch list
           records are used as effectively as possible. More clearly defined
           responsibility and authority to implement and monitor crosscutting
           initiatives could help ensure a more coordinated and comprehensive
           approach to terrorist-related screening by providing applicable
           departments and agencies important guidance, information, and
           mechanisms for addressing screening issues.

           Until the governance component of the investment and
           implementation plan is clearly articulated and established, it
           will not be possible to assess whether its structure is capable of
           providing the oversight necessary for optimizing the use and
           effectiveness of terrorist-related screening. Our interviews with
           responsible officials and our analysis of department and agency
           missions suggest, however, that existing organizations with watch
           list-related responsibilities may lack the authority, resources,
           or will to assume this role. Specifically, DHS screening officials
           told us that the department is the appropriate entity for
           coordinating the development of the watch list strategy and the
           related investment and implementation plan, but that it does not
           have the authority or resources for providing the governmentwide
           oversight needed to implement the strategy and plan or resolve
           interagency issues. The Office of the Director of National
           Intelligence and its NCTC also have important roles in watch
           list-related issues and information-sharing activities, but
           officials there told us that the agency is not suited for a
           governmentwide leadership role either, primarily because its
           mission focuses on intelligence and information sharing in support
           of screening but not on actual screening operations. Likewise,
           since its inception, TSC has played a central role in coordinating
           watch list-related activities governmentwide and has established
           its own governance board--composed of senior-level agency
           representatives from numerous departments and agencies--to provide
           guidance concerning issues within TSC's mission and authority.
           While this governance board could be suited to assume more of a
           leadership role, its current authority is limited to TSC-specific
           issues, and it would need additional authority to provide
           effective coordination of terrorist-related screening activities
           and interagency issues governmentwide.
			  
			  Conclusions

           Managed by TSC, the terrorist watch list represents a major step
           forward from the pre-September 11 environment of multiple,
           disconnected, and incomplete watch lists throughout the
           government. Today, the watch list is an integral component of the
           U.S. government's counterterrorism efforts. However, our work
           indicates that there are additional opportunities for reducing
           potential screening vulnerabilities. It is important that
           responsible federal officials assess the extent to which security
           vulnerabilities exist in screening processes when agencies are not
           able to screen individuals on the watch list to determine the
           level of threat the individuals pose because of technical or
           operational reasons and--in consultation with TSC and other
           agencies--determine whether alternative screening or other
           mitigation activities should be considered. Our work also
           indicates the need for a more coordinated and comprehensive
           approach to terrorist-related screening through expanded use of
           the list and enhanced collaboration and coordination within and
           outside the federal government.

           To further strengthen the ability of the U.S. government to
           protect against acts of terrorism, HSPD-6 required the Secretary
           of Homeland Security to develop guidelines to govern the use of
           terrorist information to support various screening processes,
           including private sector screening processes that have a
           substantial bearing on homeland security. To date, however, DHS
           has not developed guidelines for the private sector's use of watch
           list records in screening designed to protect the nation's
           critical infrastructures. Currently, some but not all relevant
           components of the private sector use the watch list to screen for
           terrorist-related threats. Establishing clear guidelines to comply
           with the presidential directive would help both the private sector
           and DHS ensure that private sector entities are using watch list
           records consistently, appropriately, and effectively to protect
           their workers, visitors, and key critical assets.

           HSPD-11 outlined the Administration's vision to implement a
           coordinated and comprehensive approach to terrorist-related
           screening and directed the Secretary of Homeland Security to
           coordinate with other federal departments to develop (1) a
           strategy for a coordinated and comprehensive approach to
           terrorist-related screening and (2) a prioritized investment and
           implementation plan that describes the scope, governance,
           principles, outcomes, milestones, training objectives, metrics,
           costs, and schedule of activities necessary to achieve the policy
           objectives of HSPD-11. DHS officials acknowledged that work
           remains to update the strategy and the investment and
           implementation plan. Without an up-to-date strategy and plan,
           agencies and organizations that engage in terrorist-related
           screening activities do not have a foundation for a coordinated
           approach that is driven by an articulated set of core principles.
           Furthermore, lacking clearly articulated principles, milestones,
           and outcome measures, the federal government is not easily able to
           provide accountability and a basis for monitoring to ensure that
           (1) the intended goals for, and expected results of, terrorist
           screening are being achieved and (2) use of the list is consistent
           with privacy and civil liberties. These plan elements, which were
           prescribed by HSPD-11, are crucial for coordinated and
           comprehensive use of terrorist-related screening data, as they
           provide a platform to establish governmentwide priorities for
           screening, assess progress toward policy goals and intended
           outcomes, ensure that any needed changes are implemented, and
           respond to issues that hinder effectiveness, such as the potential
           vulnerabilities and interagency coordination challenges discussed
           in this report.

           Although all elements of a strategy and an investment and
           implementation plan cited in HSPD-11 are important to guide
           realization of the most effective use of watch list data,
           addressing governance is particularly vital, as achievement of a
           coordinated and comprehensive approach to terrorist-related
           screening involves numerous entities within and outside the
           federal government. Establishing a governance structure with
           clearly defined responsibility and authority would help ensure
           that agency efforts are coordinated and the federal government has
           the means to monitor and analyze the outcomes of interagency
           efforts and to address common problems efficiently and
           effectively. To date, however, no clear lines of responsibility
           and authority have been established to monitor governmentwide
           screening activities for shared problems and solutions or best
           practices. Neither does any existing entity clearly have the
           requisite authority for addressing various governmentwide
           issues--such as assessing common gaps or vulnerabilities in
           screening processes and identifying, prioritizing, and
           implementing new screening opportunities. Indeed, current
           unresolved interagency issues highlight the need for clearly
           defined leadership and accountability for managing and overseeing
           watch list-related issues across the individual departments and
           agencies, each of which has its own mission and focus.
			  
			  Recommendations for Executive Action

           To promote more comprehensive and coordinated use of
           terrorist-related screening data to detect, identify, track, and
           interdict suspected terrorists, we recommended a total of five
           actions in the restricted version of this report.

           First, in order to mitigate security vulnerabilities in terrorist
           watch list screening processes, we recommended that the Secretary
           of Homeland Security and the Director of the FBI assess to what
           extent there are vulnerabilities in the current screening
           processes that arise when screening agencies do not accept
           relevant records due to the designs of their computer systems, the
           extent to which these vulnerabilities pose a security risk, and
           what actions, if any, should be taken in response.

           Further, we recommended the following three actions to enhance the
           use of the consolidated terrorist watch list as a counterterrorism
           tool and to help ensure its effectiveness:

                        o that the Secretary of Homeland Security in
                        consultation with the heads of other appropriate
                        federal departments and agencies and private sector
                        entities, develop guidelines to govern the use of
                        watch list records to support private sector
                        screening processes that have a substantial bearing
                        on homeland security, as called for in HSPD-6;

                        o that the Secretary of Homeland Security in
                        consultation with the heads of other appropriate
                        federal departments, develop and submit to the
                        President through the Assistant to the President for
                        Homeland Security and Counterterrorism an updated
                        strategy for a coordinated and comprehensive approach
                        to terrorist-related screening as called for in
                        HSPD-11, which among other things, (a) identifies all
                        appropriate screening opportunities to use watch list
                        records to detect, identify, track, and interdict
                        individuals who pose a threat to homeland security
                        and (b) safeguards legal rights, including privacy
                        and civil liberties; and

                        o that the Secretary of Homeland Security in
                        consultation with the heads of other appropriate
                        federal departments, develop and submit to the
                        President through the Assistant to the President for
                        Homeland Security and Counterterrorism an updated
                        investment and implementation plan that describes the
                        scope, governance, principles, outcomes, milestones,
                        training objectives, metrics, costs, and schedule of
                        activities necessary for implementing a
                        terrorist-related screening strategy, as called for
                        in HSPD-11.

           Finally, to help ensure that governmentwide terrorist-related
           screening efforts have the oversight, accountability, and guidance
           necessary to achieve the Administration's vision of a
           comprehensive and coordinated approach, we recommended that the
           Assistant to the President for Homeland Security and
           Counterterrorism ensure that the governance structure proposed by
           the plan affords clear and adequate responsibility and authority
           to (a) provide monitoring and analysis of watch list screening
           efforts governmentwide, (b) respond to issues that hinder
           effectiveness, and (c) assess progress toward intended outcomes.
			  
			  Agency Comments and Our Evaluation

           We provided a draft of the restricted version of this report for
           comments to the Homeland Security Council, the Office of the
           Director of National Intelligence, and the Departments of Homeland
           Security, Justice, and State. We also provided relevant portions
           of a draft of the restricted version of this report for comments
           to the Social Security Administration. We received written
           responses from each entity, except for the Homeland Security
           Council.

           In its response, DHS noted that it agreed with and supported our
           work and stated that it had already begun to address issues
           identified in our report's findings. The response noted that DHS,
           working closely with the FBI and the Office of the Director of
           National Intelligence, has ongoing efforts to ensure that
           potential watch list vulnerabilities are identified and addressed
           and that watch list records and screening programs are
           appropriate. Also, DHS noted that at the time of our audit work,
           the department's Screening Coordination Office was relatively
           new--established in July 2006--but had subsequently added key
           staff and begun the critical work of advancing DHS screening
           programs and opportunities. According to DHS, the office has
           drafted initial guidelines to govern the use of watch list records
           to support private sector screening processes and is working with
           federal stakeholders to finalize this document, but the department
           did not provide specific plans and time frames for finalizing the
           guidelines. The department also noted that it works closely with
           all DHS and federal offices involved in screening initiatives and
           has begun appropriate outreach to the private sector. Further, DHS
           noted that its Screening Coordination Office is working within the
           department to advance a comprehensive approach to
           terrorist-related screening and that DHS would review and
           appropriately update the department's investment and
           implementation plans for screening opportunities. However, DHS did
           not specifically address our recommendations related to updating
           the governmentwide terrorist-related screening strategy and the
           investment and implementation plan, which is to include the scope,
           governance, principles, outcomes, milestones, training objectives,
           metrics, costs, and schedule of activities necessary for
           implementing the strategy. In our view, an updated strategy and
           plan are important for helping to ensure a coordinated and
           comprehensive approach to terrorist-related screening as called
           for in HSPD-11. The full text of DHS's written comments is
           reprinted in appendix V. DHS also provided technical comments,
           which we incorporated in this report where appropriate.

           The FBI, responding on behalf of the Department of Justice,
           commented that the report correctly characterized the FBI's
           criteria for nominating individuals for inclusion on the watch
           list. Also, the FBI response noted that to ensure the protection
           of civil rights and prevent law enforcement officials from taking
           invasive enforcement action on individuals misidentified as being
           on the watch list, the Violent Gang and Terrorist Organization
           File is designed to not accept certain watch list records. The FBI
           explained that while law enforcement encounters of individuals on
           the watch list provide significant information, unnecessary
           detentions or queries of misidentified persons would be
           counterproductive and potentially damaging to the efforts of the
           FBI to investigate and combat terrorism. Because of these
           operational concerns, the FBI noted that our recommendation to
           assess the extent of vulnerabilities in current screening
           processes that arise when the Violent Gang and Terrorist
           Organization File cannot accept certain watch list records has
           been completed and the vulnerability has been determined to be low
           or nonexistent. In our view, however, recognizing operational
           concerns does not constitute assessing vulnerabilities. Thus,
           while we understand the FBI's operational concerns, we maintain it
           is still important that the FBI assess to what extent
           vulnerabilities or security risks are raised by not screening
           against certain watch list records and what actions, if any,
           should be taken in response.

           With respect to private sector screening, the FBI commented that
           it has assigned staff to assist the DHS Screening Coordination
           Office with drafting related screening guidelines. Finally, the
           FBI commented that the language of our recommendation related to
           governance of the watch-listing process may be interpreted to have
           some overlap with existing mandates carried out by TSC under
           HSPD-6. Specifically, the FBI noted that governance of the
           watch-listing process is better suited to be a component of TSC,
           rather than DHS. The FBI explained that DHS has no authority or
           provisions for establishing any watch-listing procedures for
           anyone other than DHS component agencies, whereas TSC has
           established a governance board composed of senior members from the
           nominating and screening agencies, the Office of the Director of
           National Intelligence, and the Homeland Security Council to
           monitor and update the watch listing process. The FBI further
           explained that these members meet regularly and address terrorist
           watch-listing issues ranging from nominations and encounters to
           dissemination of information and intelligence collected, and that
           all decisions approved by the governance board are presented at
           the Deputies Meeting chaired by the White House. The FBI believes
           this is the appropriate forum for obtaining a commitment from all
           of the entities involved in the watch-listing process.

           We recognize that TSC and its governance board have played and
           will continue to play a central role in coordinating watch
           list-related activities governmentwide. However, as discussed in
           this report, TSC's governance board is currently responsible for
           providing guidance concerning issues within TSC's mission and
           authority and would need additional authority to provide effective
           coordination of terrorist-related screening activities and
           interagency issues governmentwide. We are not recommending that a
           new governance structure be created that overlaps with existing
           mandates or activities currently carried out by TSC and other
           entities. Rather, we are recommending that a governance structure
           be established that affords clear and adequate responsibility and
           authority to (a) provide monitoring and analysis of watch list
           screening efforts governmentwide, (b) respond to issues that
           hinder effectiveness, and (c) assess progress toward intended
           outcomes. The FBI also provided technical comments, which we
           incorporated in this report where appropriate.

           The Office of the Director of National Intelligence, the
           Department of State, and the Social Security Administration
           provided technical comments only, which we incorporated in this
           report where appropriate.

           As arranged with your offices, we plan no further distribution of
           this report until 30 days after the date of this report. At that
           time, we will send copies of the report to interested
           congressional committees and subcommittees.

           If you or your staff have any questions about this report or wish
           to discuss the matter further, please contact me at (202) 512-8777
           or [58][email protected] . Contact points for our Offices of
           Congressional Relations and Public Affairs may be found on the
           last page of this report. Other key contributors to this report
           were Danny R. Burton, Virginia A. Chanley, R. Eric Erdman, Michele
           C. Fejfar, Jonathon C. Fremont, Kathryn E. Godfrey, Richard B.
           Hung, Thomas F. Lombardi, Donna L. Miller, Raul Quintero, and
           Ronald J. Salo.

           Eileen Larence
			  Director, Homeland Security and Justice Issues
			  
			  Appendix I: Objectives, Scope, and Methodology
			  
			  Objectives

           In response to a request from the Chairman and the Ranking Member
           of the Senate Committee on Homeland Security and Governmental
           Affairs, the Chairman and the Ranking Member of the Permanent
           Subcommittee on Investigations, and the Chairman and the Ranking
           Member of the House Committee on Homeland Security, we addressed
           the following questions:
			  
			  Scope and Methodology

           In addressing these questions, we reviewed TSC's standard
           operating procedures and other relevant documentation, including
           statistics on screening encounters with individuals who were
           positively matched to terrorist watch list records, and we
           interviewed TSC officials, including the director and the
           principal deputy director. Further, we reviewed documentation and
           interviewed senior officials from the FBI's Counterterrorism
           Division and the principal screening agencies whose missions most
           frequently and directly involve interactions with travelers.
           Specifically, at the Transportation Security Administration (TSA),
           we examined the screening of air passengers prior to their
           boarding a flight; at U.S. Customs and Border Protection (CBP), we
           examined the screening of travelers entering the United States
           through ports of entry; and at the Department of State, we
           examined the screening of nonimmigrant visa applicants. We also
           visited a nonprobability sample of screening agencies and
           investigative agencies in geographic areas of four states
           (California, Michigan, New York, and Texas).1 We chose these
           locations on the basis of geographic variation and other factors.
           More details about the scope and methodology of our work regarding
           each of the objectives are presented in the following sections,
           respectively.
			  
			  Standards Used by NCTC and the FBI in Determining Which Individuals
			  Are Appropriate for Inclusion on TSC's Consolidated Watch List

           To ascertain the general standards used in determining which
           individuals are appropriate for inclusion on TSC's consolidated
           watch list, we reviewed available documentation. In particular, we
           reviewed

                        o In general, what standards do the National
                        Counterterrorism Center (NCTC) and the Federal Bureau
                        of Investigation (FBI) use in determining which
                        individuals are appropriate for inclusion on the
                        Terrorist Screening Center's (TSC) consolidated watch
                        list?

                        o Since TSC became operational in December 2003, how
                        many times have screening and law enforcement
                        agencies positively matched individuals to terrorist
                        watch list records, and what do the results or
                        outcomes of these encounters indicate about the role
                        of the watch list as a counterterrorism tool?

                        o To what extent do the principal screening agencies
                        whose missions most frequently and directly involve
                        interactions with travelers check against all records
                        in TSC's consolidated watch list? If the entire watch
                        list is not being checked, why not, what potential
                        vulnerabilities exist, and what actions are being
                        planned to address these vulnerabilities?

                        o To what extent are Department of Homeland Security
                        component agencies monitoring known incidents in
                        which subjects of watch list records pass undetected
                        through screening processes, and what corrective
                        actions have been implemented or are being planned to
                        address these vulnerabilities?

                        o What actions has the U.S. government taken to
                        ensure that the terrorist watch list is used as
                        effectively as possible, governmentwide and in other
                        appropriate venues?

                        o Homeland Security Presidential Directive 6, which
                        specifies that TSC's consolidated watch list is to
                        contain information about individuals "known or
                        appropriately suspected to be or have been engaged in
                        conduct constituting, in preparation for, in aid of,
                        or related to terrorism;"2

                        o an NCTC document on building a single database of
                        known and suspected terrorists for the U.S.
                        government, which provides NCTC's standards for
                        including individuals on the watch list;

                        o the Attorney General's Guidelines for FBI National
                        Security Investigations and Foreign Intelligence
                        Collection, which provide standards for opening FBI
                        international terrorism investigations; and

                        o the Attorney General's Guidelines on General
                        Crimes, Racketeering Enterprise and Terrorist
                        Enterprise Investigations, which provide standards
                        for opening FBI domestic terrorism investigations.

           We discussed implementation of applicable guidance with
           responsible NCTC and FBI Counterterrorism Division officials.
           However, we did not audit or evaluate agencies' compliance with
           the guidance. For instance, we did not review or assess the
           derogatory information related to terrorist watch list records,
           partly because such information involved ongoing counterterrorism
           investigations. Also, a primary agency that collects information
           on known or suspected terrorists--the Central Intelligence
           Agency--declined to meet with us or provide us with documentation
           on its watch list-related activities.
			  
1Results from nonprobability samples cannot be used to make inferences
about a population, because in a nonprobability sample some elements of
the population being studied have no chance or an unknown chance of being
selected as part of the sample.

2The White House, Homeland Security Presidential Directive/HSPD-6,
Subject: Integration and Use of Screening Information (Washington, D.C.:
Sept. 16, 2003).

           Number of Times That Screening and Law Enforcement Agencies Have
			  Positively Matched Individuals to the Watch List: Results or
			  Outcomes

           From TSC, we obtained statistics on the number of positive
           encounters, that is, the number of times that individuals have
           been positively matched during screening against terrorist watch
           list records. Generally, the statistics cover the period from
           December 2003 (when TSC began operations) through May 2007. To the
           extent possible on the basis of available information, we worked
           with the applicable agencies (particularly the FBI, CBP, TSA, and
           the Department of State) to quantify the results or outcomes of
           these positive encounters--which included actions ranging from
           arrests and visa denials to questioning and releasing individuals.
           Further, we inquired about the existence and resolution of any
           issues regarding interagency collaboration in managing encounters
           with individuals on the terrorist watch list. Moreover, in our
           interviews with officials at TSC and the frontline screening
           agencies and in the law enforcement and intelligence communities,
           we obtained perspectives on whether (and how) watch list screening
           has enhanced the U.S. government's counterterrorism efforts.
			  
			  Extent That Screening and Law Enforcement Agencies Check against
			  All Records in the TSC's Consolidated Watch List

           We determined from TSC what subsets of records from the
           consolidated watch list are exported for use by the respective
           frontline screening agencies and law enforcement. Each day, TSC
           exports subsets of the consolidated watch list to federal
           government databases used by agencies that conduct
           terrorism-related screening. Specifically, we focused on exports
           of records to the following agencies' databases:

                        o Department of Homeland Security's Interagency
                        Border Inspection System. Among other users, CBP
                        officers use the Interagency Border Inspection System
                        to screen travelers entering the United States at
                        international ports of entry, which include land
                        border crossings along the Canadian and Mexican
                        borders, sea ports, and U.S. airports for
                        international flight arrivals.

                        o Department of State's Consular Lookout and Support
                        System. This system is the primary sensitive but
                        unclassified database used by consular officers
                        abroad to screen the names of visa applicants to
                        identify terrorists and other aliens who are
                        potentially ineligible for visas based on criminal
                        histories or other reasons specified by federal
                        statute.

                        o FBI's Violent Gang and Terrorist Organization File.
                        This file, which is a component of the FBI's National
                        Crime Information Center, is accessible by federal,
                        state, and local law enforcement officers for
                        screening in conjunction with arrests, detentions, or
                        other criminal justice purposes.

                        o TSA's No Fly and Selectee lists. TSA provides
                        updated No Fly and Selectee lists to airlines for use
                        in prescreening passengers. Through the issuance of
                        security directives, the agency requires that
                        airlines use these lists to screen passengers prior
                        to boarding.

           The scope of our work included inquiries regarding why only
           certain records are exported for screening rather than use of the
           entire consolidated watch list by all agencies. At TSC and the
           frontline screening agencies, we interviewed senior officials and
           we reviewed mission responsibilities, standard operating
           procedures, and documentation regarding the technical capabilities
           of the respective agency's database.
			  
			  Extent That Screening Agencies Monitor Incidents in Which Subjects
			  of Watch List Records Pass Undetected through Screening Processes;
			  Corrective Actions Implemented or Planned to Address Vulnerabilities

           We inquired about incidents of subjects of watch list records who
           were able to pass undetected through screening conducted by the
           various frontline screening agencies or, at TSA direction,
           airlines. More specifically, we reviewed available documentation
           and interviewed senior officials at the FBI, CBP, TSA, U.S.
           Citizenship and Immigration Services, and the Department of State
           regarding the frequency of such incidents and the causes, as well
           as what corrective actions have been implemented or planned to
           address vulnerabilities.
			  
			  Actions the U.S. Government Has Taken to Ensure That the Terrorist
			  Watch List Is Used as Effectively as Possible

           Regarding actions taken by the U.S. government to ensure the
           effective use of the watch list, we reviewed Homeland Security
           Presidential Directive 6 and Homeland Security Presidential
           Directive 11, which address the integration and use of screening
           information and comprehensive terrorist-related screening
           procedures. Generally, these directives require federal
           departments and agencies to identify all appropriate opportunities
           or processes that should use the terrorist watch list. We did not
           do an independent evaluation of whether all screening
           opportunities were identified. Rather, to determine the
           implementation status of these directives, we reviewed available
           documentation and interviewed senior officials at the Departments
           of Homeland Security, Justice, and State, as well as TSC and the
           Social Security Administration. Our inquiries covered domestic
           screening opportunities within the federal community and critical
           infrastructure sectors of private industry. Further, our inquiries
           covered international opportunities, that is, progress made in
           efforts to exchange terrorist watch list information with trusted
           foreign partners on a reciprocal basis. Finally, we compared the
           status of watch list-related strategies, planning, and initiatives
           with the expectations set forth in Homeland Security Presidential
           Directive 6 and Homeland Security Presidential Directive 11. The
           Homeland Security Council--which is chaired by the Assistant to
           the President for Homeland Security and Counterterrorism--denied
           our request for an interview.3
			  
3The Homeland Security Council was established to ensure coordination of
all homeland security-related activities among executive departments and
agencies and promote the effective development and implementation of all
homeland security policies. See the White House, Homeland Security
Presidential Directive/HSPD-1, Subject: Organization and Operation of the
Homeland Security Council (Washington, D.C.: Oct. 29, 2001).
			  
           Data Reliability

           Regarding statistical information we obtained from TSC and
           screening agencies--such as the number of positive matches and
           actions taken--we discussed the sources of the data with agency
           officials and reviewed documentation regarding the compilation of
           the statistics. We determined that the statistics were
           sufficiently reliable for the purposes of this review. We did not
           review or assess the derogatory information related to terrorist
           watch list records, primarily because such information involved
           ongoing counterterrorism investigations or intelligence community
           activities.

           We performed our work on the restricted version of this report
           from April 2005 through September 2007 in accordance with
           generally accepted government auditing standards.
			  
			  Appendix II: Homeland Security Presidential Directive/HSPD-6
			  (Sept. 16, 2003)
			  
			  Appendix III: Homeland Security Presidential Directive/HSPD-11
			  (Aug. 27, 2004)
			  
			  Appendix IV: Outcomes of Screening Agency Encounters with
			  Individuals on the Terrorist Watch List

           This appendix presents details on the outcomes of screening agency
           encounters with individuals on the terrorist watch list.
           Specifically, the following sections provide information on
           arrests and other outcomes of encounters involving the Department
           of State, TSA, CBP, and state or local law enforcement.
			  
			  Subjects of Watch List Records Have Been Arrested Hundreds of Times,
			  with Some Arrests Based on Terrorism Grounds

           According to TSC data, for the period December 2003 through May
           2007, agencies reported arresting subjects of watch list records
           for various reasons hundreds of times, such as the individual
           having an outstanding arrest warrant or the individual's behavior
           or actions during the encounter. For this period, TSC data also
           indicated that some of the arrests were based on terrorism
           grounds. For example, according to TSC, in November 2004, the
           subject of a watch list record was encountered at the El Paso,
           Texas, border crossing by CBP and U.S. Immigration and Customs
           Enforcement agents and subsequently arrested as a result of their
           interview with the person. According to TSC, the arrest was done
           in conjunction with the FBI on grounds of material support to
           terrorism. In January 2007, TSC officials told us that--because of
           the difficulty in collecting information on the basis of
           arrests--the center has changed its policy on documentation of
           arrests and no longer categorizes arrests as terrorism-related. As
           such, the number of times individuals on the watch list have been
           arrested based on terrorism grounds is no longer being tracked.
			  
			  Subjects of Watch List Records Were Denied Visas and Also Granted Visas

           U.S. consulates and embassies around the world are required to
           screen the names of all visa applicants against the Department of
           State's Consular Lookout and Support System and to notify TSC when
           the applicant's identifying information matches or closely matches
           information in a terrorist watch list record.1 For positive
           matches, officials at Department of State headquarters are to
           review available derogatory information and provide advice to the
           consular officer, who is responsible for deciding whether to grant
           or refuse a visa to the applicant under the immigration laws and
           regulations of the United States. According to TSC data, when visa
           applicants were positively matched to terrorist watch list
           records, the outcomes included visas denied, visas issued (because
           the consular officer did not find any statutory basis for
           inadmissibility), and visa ineligibility waived.2
			  
1Department of State officials assigned to TSC handle all referrals from
consulates and embassies.

2In this context, ineligibility waived refers to individuals who were
ineligible for a visa based on terrorism grounds, but DHS approved a
waiver for a one-time visit or multiple entries into the United States. In
general, waivers are approved when the U.S. government has an interest in
allowing the individual to enter the United States, such as an individual
on the terrorist watch list who is invited to participate in peace talks
under U.S. auspices.

           The Department of State described several scenarios under which an
           individual on the terrorist watch list might still be granted a
           visa. According to the department, visas can be issued following
           extensive interagency consultations regarding the individuals who
           were matched to watch list records. The department explained that
           the information that supports a terrorist watch list record is
           often sparse or inconclusive. It noted, however, that having these
           records exported to the Consular Lookout and Support System
           provides an opportunity for a consular officer to question the
           alien to obtain additional information regarding potential
           inadmissibility. For instance, there might be a record with
           supporting information showing that the person attended a
           political rally addressed by radical elements. According to the
           Department of State, while this activity may raise suspicion about
           the individual, it also requires further development and
           exploration of the person's potential ability to receive a visa.
           Thus, using watch list records allows the department to develop
           information and pursue a thorough interagency vetting process
           before coming to a final conclusion about any given prospective
           traveler who is the subject of a watch list record.

           Further, individuals can receive a waiver of inadmissibility from
           the Department of Homeland Security. According to the Department
           of State, there may be U.S. government interest in issuing a visa
           to someone who has a record in the terrorist watch list and who
           may have already been found ineligible for a visa or inadmissible
           to the United States. For instance, an individual might be a
           former insurgent who has become a foreign government official.
           This person might be invited to the United States to participate
           in peace talks under U.S. auspices. According to the Department of
           State, in such a case, the visa application would go through
           normal processing, which would include a review of the derogatory
           information related to the terrorist watch list record. This
           information, along with the request for a waiver, would be passed
           to the Department of Homeland Security, which normally grants
           waivers recommended by the Department of State.

           Another scenario under which an individual on the terrorist watch
           list might still be granted a visa involves instances where a
           watch list record is not exported to the Department of State's
           Consular Lookout and Support System. According to the department,
           originating agencies that nominate terrorist watch list records
           occasionally ask TSC to not export a record to the Department of
           State's system for operational reasons, such as to not alert the
           individuals about an ongoing investigation. In this case, if a
           terrorist watch list record is not exported to the Consular
           Lookout and Support System database, a consular officer will not
           be notified of the record and may otherwise proceed in
           adjudicating the visa without consulting Department of State
           officials in Washington, D.C.
			  
			  Passengers Were Matched to the No Fly and Selectee Lists

           TSA requires aircraft operators to screen the names of all
           passengers against extracts from TSC's consolidated watch list to
           help ensure that individuals who pose a threat to civil aviation
           are denied boarding or subjected to additional screening before
           boarding, as appropriate. Specifically, TSA provides the No Fly
           and Selectee lists to airlines for use in prescreening passengers.
           According to TSA policy, if a situation arises in which a person
           on the No Fly list is erroneously permitted to board a flight,
           upon discovery, that flight may be diverted to a location other
           than its original destination.

           According to TSA data, when airline passengers were positively
           matched to the No Fly or Selectee lists, the vast majority of
           matches were to the Selectee list. Other outcomes included
           individuals matched to the No Fly list and denied boarding (did
           not fly) and individuals matched to the No Fly list after the
           aircraft was in-flight. Regarding the latter, TSA officials
           explained that there have been situations in which individuals on
           the No Fly list have passed undetected through airlines'
           prescreening of passengers and flew on international flights bound
           to or from the United States. These individuals were subsequently
           identified in-flight by other means--specifically, screening of
           passengers conducted by CBP.
			  
           Many Nonimmigrant Aliens on the Watch List Were Refused Entry into
			  the United States, but Most Were Allowed to Enter

           CBP officers at U.S. ports of entry use the Interagency Border
           Inspection System to screen the names of individuals entering the
           United States against terrorist watch list records.3 Specifically,
           all individuals entering the United States at seaports and U.S.
           airports for international flight arrivals are to be checked
           against watch list records. At land border ports of entry,
           screening against watch list records depends on the volume of
           traffic and other operational factors.

           While U.S. citizens who have left the United States and seek to
           reenter may be subjected to additional questioning and physical
           screening to determine any potential threat they pose, they may
           not be excluded and must be admitted upon verification of
           citizenship (for example, by presenting a U.S. passport).4 Alien
           applicants for admission are questioned by CBP officers, and their
           documents are examined to determine admissibility based on
           requirements of the Immigration and Nationality Act.5 For
           nonimmigrant aliens who are positively matched to a terrorist
           watch list record, officials at CBP are to review available
           derogatory information related to the watch list record and advise
           port officers regarding whether sufficient information exists to
           refuse admission under terrorism or other grounds. CBP officers at
           ports of entry are ultimately responsible for making
           determinations regarding whether an individual should be admitted
           or denied entry into the United States.

           According to CBP policies, CBP officers at the port of entry are
           required to apprise the local FBI Joint Terrorism Task Force and
           the local U.S. Immigration and Customs Enforcement of all watch
           list encounters, regardless of the individual's citizenship and
           whether or not the person is refused admission into the United
           States. If the individual is a U.S. citizen or an admitted
           non-citizen, CBP officers at the port are to apprise the local
           Joint Terrorism Task Force of any suspicions about the person
           after questioning, in order to permit post-entry investigation or
           surveillance.
			  
3U.S. ports of entry include land border crossings along the Canadian and
Mexican borders, seaports, and U.S. airports for international flight
arrivals.

4See 8 C.F.R. S 235.1. Similarly, lawful permanent residents are generally
not regarded as seeking admission to the United States and, like U.S.
citizens, are not subject to the grounds for inadmissibility unless they
fall within certain criteria listed at 8 U.S.C. S 1011(a)(13)(C) that
describe why an alien lawfully admitted for permanent residence would be
regarded as seeking admission.

5See 8 U.S.C. S 1182 (codifying section 212 of the Immigration and
Nationality Act, as amended).

           According to CBP data, a number of nonimmigrant aliens encountered
           at U.S. ports of entry were positively matched to terrorist watch
           list records. For many of the encounters, CBP determined there was
           sufficient derogatory information related to the watch list
           records to preclude admission under terrorism grounds in the
           Immigration and Nationality Act, and the individuals were refused
           entry. However, for most of the encounters, CBP determined there
           was not sufficient derogatory information related to terrorist
           watch list records to refuse admission on terrorism-related
           grounds in the Immigration and Nationality Act. According to CBP,
           the center did not know how many times these encounters ultimately
           resulted in individuals being admitted or denied entry into the
           United States. The officials explained that after in-depth
           questioning and inspection of travel documents and belongings, CBP
           officers could still have refused individuals the right to enter
           the United States based on terrorism-related or other grounds set
           forth in the Immigration and Nationality Act, such as immigration
           violations.
			  
			  Watch List Records Related to State and Local Encounters Indicate
			  the Vast Majority of Subjects Were Released

           To assist state and local officials during encounters, all watch
           list records in the FBI's Violent Gang and Terrorist Organization
           File contain a specific category or handling code and related
           instructions about actions that may be taken in response to a
           positive watch list encounter.6 These actions may include--in
           appropriate and lawfully authorized circumstances--arresting,
           detaining, or questioning and then releasing the individual. State
           and local officials are to contact TSC when the names of
           individuals queried match or closely match a terrorist watch list
           record in the Violent Gang and Terrorist Organization File. For
           positive or inconclusive matches, TSC is to refer the matter to
           the FBI's Counterterrorism Division, which provides specific
           instructions to state and local officials about appropriate
           actions that may be taken or questions that should be asked.

           According to TSC data, state or local law enforcement officials
           have encountered individuals who were positively matched to
           terrorist watch list records in the Violent Gang and Terrorist
           Organization File thousands of times. Although data on the actual
           outcomes of these encounters were not available, the vast majority
           involved watch list records that indicated that the individuals
           were released, unless there were other reasons for arresting or
           detaining the individual.
			  
6The FBI's Violent Gang and Terrorist Organization File contains terrorist
watch list records and records involving gang-related activities that do
not meet the terrorism-related standard for inclusion in TSC's
consolidated watch list. Screening officials are to notify TSC only when
there is a positive match to a terrorist record in the file.

           Appendix V: Comments from the Department of Homeland Security
			  
			  Note: GAO-07-1206 is the previous number for this report.

           GAO's Mission

           The Government Accountability Office, the audit, evaluation, and
           investigative arm of Congress, exists to support Congress in
           meeting its constitutional responsibilities and to help improve
           the performance and accountability of the federal government for
           the American people. GAO examines the use of public funds;
           evaluates federal programs and policies; and provides analyses,
           recommendations, and other assistance to help Congress make
           informed oversight, policy, and funding decisions. GAO's
           commitment to good government is reflected in its core values of
           accountability, integrity, and reliability.
			  
			  Obtaining Copies of GAO Reports and Testimony

           The fastest and easiest way to obtain copies of GAO documents at
           no cost is through GAO's Web site ( [59]www.gao.gov ). Each
           weekday, GAO posts newly released reports, testimony, and
           correspondence on its Web site. To have GAO e-mail you a list of
           newly posted products every afternoon, go to [60]www.gao.gov and
           select "E-mail Updates."
			  
			  Order by Mail or Phone

           The first copy of each printed report is free. Additional copies
           are $2 each. A check or money order should be made out to the
           Superintendent of Documents. GAO also accepts VISA and Mastercard.
           Orders for 100 or more copies mailed to a single address are
           discounted 25 percent. Orders should be sent to:

           U.S. Government Accountability Office 441 G Street NW, Room LM
           Washington, DC 20548

           To order by Phone: Voice: (202) 512-6000
			  TDD: (202) 512-2537
			  Fax: (202) 512-6061
			  
			  To Report Fraud, Waste, and Abuse in Federal Programs

           Contact:

           Web site: [61]www.gao.gov/fraudnet/fraudnet.htm
			  E-mail: [62][email protected]
			  Automated answering system: (800) 424-5454 or (202) 512-7470
			  
			  Congressional Relations

           Gloria Jarmon, Managing Director, [63][email protected] , (202)
           512-4400 U.S. Government Accountability Office, 441 G Street NW,
           Room 7125 Washington, DC 20548
			  
			  Public Affairs

           Susan Becker, Acting Manager, [64][email protected] , (202) 512-4800
           U.S. Government Accountability Office, 441 G Street NW, Room 7149
           Washington, DC 20548

(440656)

To view the full product, including the scope
and methodology, click on [73]GAO-08-110 .

For more information, contact Eileen Larence at (202) 512-8777 or
[email protected].

Highlights of [74]GAO-08-110 , a report to congressional requesters

October 2007

TERRORIST WATCH LISTSCREENING

Opportunities Exist to Enhance Management Oversight, Reduce
Vulnerabilities in Agency Screening Processes, and Expand Use of the List

The Federal Bureau of Investigation's (FBI) Terrorist Screening Center
(TSC) maintains a consolidated watch list of known or appropriately
suspected terrorists and sends records from the list to agencies to
support terrorism-related screening. Because the list is an important tool
for combating terrorism, GAO examined (1) standards for including
individuals on the list, (2) the outcomes of encounters with individuals
on the list, (3) potential vulnerabilities and efforts to address them,
and (4) actions taken to promote effective terrorism-related screening.

To conduct this work, GAO reviewed documentation obtained from and
interviewed officials at TSC, the FBI, the National Counterterrorism
Center, the Department of Homeland Security, and other agencies that
perform terrorism-related screening.

[75]What GAO Recommends

GAO is making recommendations to promote a comprehensive and coordinated
approach to terrorist-related screening. Among them are actions to monitor
and respond to vulnerabilities and to establish up-to-date guidelines,
strategies, and plans to facilitate expanded and enhanced use of the list.

GAO provided a draft copy of this report to relevant departments and
agencies. The departments that provided comments generally agreed with
GAO's findings and recommendations.

The FBI and the intelligence community use standards of reasonableness to
evaluate individuals for nomination to the consolidated watch list. In
general, individuals who are reasonably suspected of having possible links
to terrorism--in addition to individuals with known links--are to be
nominated. As such, being on the list does not automatically prohibit, for
example, the issuance of a visa or entry into the United States. Rather,
when an individual on the list is encountered, agency officials are to
assess the threat the person poses to determine what action to take, if
any. As of May 2007, the consolidated watch list contained approximately
755,000 records.

From December 2003 through May 2007, screening and law enforcement
agencies encountered individuals who were positively matched to watch list
records approximately 53,000 times. Many individuals were matched multiple
times. The outcomes of these encounters reflect an array of actions, such
as arrests; denials of entry into the United States; and, most often,
questioning and release. Within the federal community, there is general
agreement that the watch list has helped to combat terrorism by (1)
providing screening and law enforcement agencies with information to help
them respond appropriately during encounters and (2) helping law
enforcement and intelligence agencies track individuals on the watch list
and collect information about them for use in conducting investigations
and in assessing threats.

Regarding potential vulnerabilities, TSC sends records daily from the
watch list to screening agencies. However, some records are not sent,
partly because screening against them may not be needed to support the
respective agency's mission or may not be possible due to the requirements
of computer programs used to check individuals against watch list records.
Also, some subjects of watch list records have passed undetected through
agency screening processes and were not identified, for example, until
after they had boarded and flew on an aircraft or were processed at a port
of entry and admitted into the United States. TSC and other federal
agencies have ongoing initiatives to help reduce these potential
vulnerabilities, including efforts to improve computerized name-matching
programs and the quality of watch list data.

Although the federal government has made progress in promoting effective
terrorism-related screening, additional screening opportunities remain
untapped--within the federal sector, as well as within critical
infrastructure components of the private sector. This situation exists
partly because the government lacks an up-to-date strategy and
implementation plan for optimizing use of the terrorist watch list. Also
lacking are clear lines of authority and responsibility. An up-to-date
strategy and implementation plan, supported by a clearly defined
leadership or governance structure, would provide a platform to establish
governmentwide screening priorities, assess progress toward policy goals
and intended outcomes, consider factors related to privacy and civil
liberties, ensure that any needed changes are implemented, and respond to
issues that hinder effectiveness.

References

Visible links
  53. http://www.gao.gov/cgi-bin/getrpt?GAO-07-891R
  54. http://www.gao.gov/cgi-bin/getrpt?GAO-03-322
  55. http://www.gao.gov/cgi-bin/getrpt?GAO-06-864T
  56. http://www.gao.gov/cgi-bin/getrpt?GAO-06-1031
  57. http://www.gao.gov/cgi-bin/getrpt?GAO-05-859
  58. mailto:[email protected]
  59. http://www.gao.gov/
  60. http://www.gao.gov/
  61. http://www.gao.gov/fraudnet/fraudnet.htm
  62. mailto:[email protected]
  63. mailto:[email protected]
  64. mailto:[email protected]
  65. http://www.gao.gov/cgi-bin/getrpt?GAO-07-278
  66. http://www.gao.gov/cgi-bin/getrpt?GAO-05-127
  67. http://www.gao.gov/cgi-bin/getrpt?GAO-06-20
  68. http://www.gao.gov/cgi-bin/getrpt?GAO-06-864T
  69. http://www.gao.gov/cgi-bin/getrpt?GAO-06-1031
  70. http://www.gao.gov/cgi-bin/getrpt?GAO-03-174
  71. http://www.gao.gov/cgi-bin/getrpt?GAO-06-854
  72. http://www.gao.gov/cgi-bin/getrpt?GAO-03-322
  73. http://www.gao.gov/cgi-bin/getrpt?GAO-08-110
  74. http://www.gao.gov/cgi-bin/getrpt?GAO-08-110
*** End of document. ***