Terrorist Watch List Screening: Recommendations to Enhance	 
Management Oversight, Reduce Potential Screening Vulnerabilities,
and Expand Use of the List (24-OCT-07, GAO-08-194T).		 
                                                                 
The Federal Bureau of Investigation's (FBI) Terrorist Screening  
Center (TSC) maintains a consolidated watch list of known or	 
appropriately suspected terrorists and sends records from the	 
list to agencies to support terrorism-related screening. This	 
testimony discusses (1) standards for including individuals on	 
the list, (2) the outcomes of encounters with individuals on the 
list, (3) potential vulnerabilities in screening processes and	 
efforts to address them, and (4) actions taken to promote	 
effective terrorism-related screening. This statement is based on
GAO's report (GAO-08-110). To accomplish the objectives, GAO	 
reviewed documentation obtained from and interviewed officials at
TSC, the FBI, the National Counterterrorism Center, the 	 
Department of Homeland Security, and other agencies that perform 
terrorism-related screening.					 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-08-194T					        
    ACCNO:   A77547						        
  TITLE:     Terrorist Watch List Screening: Recommendations to       
Enhance Management Oversight, Reduce Potential Screening	 
Vulnerabilities, and Expand Use of the List			 
     DATE:   10/24/2007 
  SUBJECT:   Counterterrorism					 
	     Emergency preparedness				 
	     Federal agencies					 
	     Federal intelligence agencies			 
	     Homeland security					 
	     Interagency relations				 
	     Investigations by federal agencies 		 
	     Law enforcement agencies				 
	     Passenger screening				 
	     Records						 
	     Records management 				 
	     Risk assessment					 
	     Standards						 
	     Strategic planning 				 
	     Terrorism						 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-08-194T

   

     * [1]Summary
     * [2]Background
     * [3]Agencies Rely upon Standards of Reasonableness in Assessing
     * [4]Agencies Have Had Approximately 53,000 Encounters with Indiv
     * [5]Potential Vulnerabilities in Agency Screening Processes and
     * [6]The U.S. Government Has Made Progress in Using the Watch Lis
     * [7]Conclusions and Recommendations for Executive Action
     * [8]Agency Comments and Our Evaluation
     * [9]GAO Contacts and Staff Acknowledgments
     * [10]GAO's Mission
     * [11]Obtaining Copies of GAO Reports and Testimony

          * [12]Order by Mail or Phone

     * [13]To Report Fraud, Waste, and Abuse in Federal Programs
     * [14]Congressional Relations
     * [15]Public Affairs

Testimony before the Committee on Homeland Security and Governmental
Affairs, U.S. Senate

United States Government Accountability Office

GAO

For Release on Delivery
Expected at 10:00 a.m. EDT
Wednesday, October 24, 2007

TERRORIST WATCH LISTSCREENING

Recommendations to Enhance Management Oversight, Reduce Potential
Screening Vulnerabilities, and Expand Use of the List

Statement of Eileen R. Larence, Director
Homeland Security and Justice Issues

GAO-08-194T

Mr. Chairman and Members of the Committee:

I am pleased to be here today to discuss our report on U.S. efforts to
develop and use the terrorist watch list to screen for known or suspected
terrorists who pose a threat to homeland security. The list is an
important tool in the government's overall efforts to combat terrorism.

The Terrorist Screening Center (TSC) is responsible for maintaining the
watch list and providing for its use during agency screening processes.
TSC receives the vast majority of its watch list records from the National
Counterterrorism Center, which compiles information on known or suspected
international terrorists from executive branch departments and agencies.
In addition, the Federal Bureau of Investigation (FBI) provides TSC with
information on known or suspected domestic terrorists who operate
primarily within the United States, such as Ted Kaczynski (the
"Unabomber"). TSC consolidates this information into its watch list
database and makes records available for a variety of screening purposes,
such as the screening of visa applicants and the screening of airline
passengers. When an individual on the watch list is encountered during
screening, several entities--TSC, the screening agency, investigative
agencies, and the intelligence community--can be involved in deciding what
action to take, if any.

My testimony today discusses (1) the standards agencies use for including
individuals on the list, (2) the outcomes of encounters with individuals
on the list, (3) potential vulnerabilities in agencies' watch list
screening processes and efforts to address them, and (4) actions taken to
promote effective terrorism-related screening.

This statement is based on the report we released today.^1 To accomplish
our report objectives, we reviewed procedural guidance, statistics, and
other relevant documentation obtained from and interviewed officials at
TSC, the FBI, the National Counterterrorism Center, the Department of
Homeland Security, and other agencies that perform terrorism-related
screening. Specifically, at the Transportation Security Administration, we
examined the prescreening of airline passengers prior to their boarding a
flight; at U.S. Customs and Border Protection, we examined the screening
of travelers entering the United States through ports of entry; and at the
Department of State, we examined the screening of visa applicants. We
conducted our work in accordance with generally accepted government
auditing standards.

^1GAO, Terrorist Watch List Screening: Opportunities Exist to Enhance
Management Oversight, Reduce Vulnerabilities in Agency Screening
Processes, and Expand Use of the List, GAO-08-110 (Washington, D.C.: Oct.
11, 2007).

Summary

In summary, we found the following:

           o The National Counterterrorism Center and the FBI rely upon
           standards of reasonableness in determining which individuals are
           appropriate for inclusion on TSC's consolidated terrorist watch
           list. In general, individuals who are reasonably suspected of
           having possible links to terrorism--in addition to individuals
           with known links--are to be nominated. As such, inclusion on the
           list does not automatically prohibit an individual from, for
           example, obtaining a visa or entering the United States. As of May
           2007, TSC's watch list contained approximately 755,000 records.

           o From December 2003 (when TSC began operations) through May 2007,
           agencies encountered individuals who were on the watch list about
           53,000 times. Many individuals were encountered multiple times.
           Actions taken in response included arresting individuals and
           denying others entry into the United States. Most often, however,
           agencies questioned and then released the individuals because
           there was not sufficient evidence of criminal or terrorist
           activity to warrant further legal action. Nevertheless, such
           questioning allowed agencies to collect information on the
           individuals, which was shared with law enforcement agencies and
           the intelligence community.

           o Screening agencies do not check against all records in the
           consolidated watch list, partly because screening against certain
           records (1) may not be needed to support the respective agency's
           mission or (2) may not be possible due to the requirements of
           computer programs used to check individuals against watch list
           records. Not checking against all records may pose a security
           risk. Also, some subjects of watch list records have passed
           undetected through agency screening processes and were not
           identified, for example, until after they had boarded and flew on
           an aircraft. Federal agencies have ongoing initiatives to help
           reduce these potential vulnerabilities.

           o The federal government has made progress in using the
           consolidated watch list for screening purposes, but it has not (1)
           finalized guidelines for using watch list records within critical
           infrastructure components of the private sector or (2) identified
           all appropriate opportunities for which terrorist-related
           screening should be applied. Further, the government lacks an
           up-to-date strategy and implementation plan--supported by a
           clearly defined leadership or governance structure--which are
           important for enhancing the effectiveness of terrorist-related
           screening.

We have recommended several actions to promote a more comprehensive and
coordinated approach to terrorist-related screening. Among them are
actions to monitor and respond to vulnerabilities and to establish
up-to-date guidelines, strategies, and plans to facilitate expanded and
enhanced use of the list. The Department of Homeland Security and the FBI,
which provided the Department of Justice's comments on a draft of the
report, generally agreed with our findings and recommendations. The
Homeland Security Council was provided a draft of the report but did not
provide comments.^2

Background

Pursuant to Homeland Security Presidential Directive 6, the Attorney
General established TSC in September 2003 to consolidate the government's
approach to terrorism screening and provide for the appropriate and lawful
use of terrorist information in screening processes. TSC's consolidated
watch list is the U.S. government's master repository for all records of
known or appropriately suspected international and domestic terrorists
used for watch list-related screening.

When an individual makes an airline reservation, arrives at a U.S. port of
entry, or applies for a U.S. visa, or is stopped by state or local police
within the United States, the frontline screening agency or airline
conducts a name-based search of the individual against applicable
terrorist watch list records. In general, when the computerized
name-matching system of an airline or screening agency generates a "hit"
(a potential name match) against a watch list record, the airline or
agency is to review each potential match. Any obvious mismatches (negative
matches) are to be resolved by the airline or agency, if possible, as
discussed in our September 2006 report on terrorist watch list
screening.^3 However, clearly positive or exact matches and matches that
are inconclusive (difficult to verify) generally are to be referred to TSC
to confirm whether the individual is a match to the watch list record. TSC
is to refer positive and inconclusive matches to the FBI to provide an
opportunity for a counterterrorism response. Deciding what action to take,
if any, can involve collaboration among the frontline screening agency,
the National Counterterrorism Center or other intelligence community
members, and the FBI or other investigative agencies. If necessary, a
member of an FBI Joint Terrorism Task Force can respond in person to
interview and obtain additional information about the person
encountered.^4 In other cases, the FBI will rely on the screening agency
and other law enforcement agencies--such as U.S. Immigration and Customs
Enforcement--to respond and collect information. Figure 1 presents a
general overview of the process used to resolve encounters with
individuals on the terrorist watch list.

^2The Homeland Security Council was established to ensure coordination of
all homeland security-related activities among executive departments and
agencies and promote the effective development and implementation of all
homeland security policies. See The White House, Homeland Security
Presidential Directive/HSPD-1, Subject: Organization and Operation of the
Homeland Security Council (Washington, D.C.: Oct. 29, 2001).

^3Terrorist watch list-related screening can cause travel delays and other
inconveniences, which may be inevitable consequences of enhanced homeland
security. Nonetheless, as we reported in September 2006, it is important
for TSC and screening agencies to provide effective redress for
individuals who are inadvertently and adversely affected by watch
list-related screening. See GAO, Terrorist Watch List Screening: Efforts
to Help Reduce Adverse Effects on the Public, [16]GAO-06-1031 
(Washington, D.C.: Sept. 29, 2006).

^4Joint Terrorism Task Forces are teams of state and local law enforcement
officials, FBI agents, and other federal agents and personnel whose
mission is to investigate and prevent acts of terrorism. There is a Joint
Terrorism Task Force in each of the FBI's 56 main field offices, and
additional task forces are located in smaller FBI offices.

Figure 1: General Overview of the Process Used to Resolve Encounters with
Individuals on the Terrorist Watch List

To build upon and provide additional guidance related to Homeland Security
Presidential Directive 6, in August 2004, the President signed Homeland
Security Presidential Directive 11. Among other things, this directive
required the Secretary of Homeland Security--in coordination with the
heads of appropriate federal departments and agencies--to submit two
reports to the President (through the Assistant to the President for
Homeland Security) related to the government's approach to
terrorist-related screening. The first report was to outline a strategy to
enhance the effectiveness of terrorist-related screening activities by
developing comprehensive and coordinated procedures and capabilities. The
second report was to provide a prioritized investment and implementation
plan for detecting and interdicting suspected terrorists and terrorist
activities. Specifically, the plan was to describe the "scope, governance,
principles, outcomes, milestones, training objectives, metrics, costs, and
schedule of activities" to implement the U.S. government's
terrorism-related screening policies.

Agencies Rely upon Standards of Reasonableness in Assessing Individuals for
Inclusion on TSC's Watch List

The National Counterterrorism Center and the FBI rely upon standards of
reasonableness in determining which individuals are appropriate for
inclusion on TSC's consolidated watch list.^5 In accordance with Homeland
Security Presidential Directive 6, TSC's watch list is to contain
information about individuals "known or appropriately suspected to be or
have been engaged in conduct constituting, in preparation for, in aid of,
or related to terrorism." In implementing this directive, the National
Counterterrorism Center and the FBI strive to ensure that individuals who
are reasonably suspected of having possible links to terrorism--in
addition to individuals with known links--are nominated for inclusion on
the watch list. To determine if the suspicions are reasonable, the
National Counterterrorism Center and the FBI are to assess all available
information on the individual. According to the National Counterterrorism
Center, determining whether to nominate an individual can involve some
level of subjectivity. Nonetheless, any individual reasonably suspected of
having links to terrorist activities is to be nominated to the list and
remain on it until the FBI or the agency that supplied the information
supporting the nomination, such as one of the intelligence agencies,
determines the person is not a threat and should be removed from the list.

Moreover, according to the FBI, individuals who are subjects of ongoing
FBI counterterrorism investigations are generally nominated to TSC for
inclusion on the watch list, including persons who are being preliminarily
investigated to determine if they have links to terrorism. In determining
whether to open an investigation, the FBI uses guidelines established by
the Attorney General. These guidelines contain specific standards for
opening investigations, including formal review and approval processes.
According to FBI officials, there must be a "reasonable indication" of
involvement in terrorism before opening an investigation. The FBI noted,
for example, that it is not sufficient to open an investigation based
solely on a neighbor's complaint or an anonymous tip or phone call. If an
investigation does not establish a terrorism link, the FBI generally is to
close the investigation and request that TSC remove the person from the
watch list. Based on these standards, the number of records in TSC's
consolidated watch list has increased from about 158,000 records in June
2004 to about 755,000 records as of May 2007 (see fig. 2). It is important
to note that the total number of records in TSC's watch list does not
represent the total number of individuals on the watch list. Rather, if an
individual has one or more known aliases, the watch list will contain
multiple records for the same individual.

^5In general, and in this context, a standard of reasonableness can be
described as a government agent's particularized and objective basis for
suspecting an individual of engaging in terrorist-related activities,
considering the totality of circumstances known to the government agent at
that time. See, e.g., United States v. Price, 184 F.3d 637, 640-41 (7th
Cir. 1999); Terry v. Ohio, 392 U.S. 1, 30 (1968).

Figure 2: Increase in Terrorist Watch List Records, June 2004 through May
2007

TSC's watch list database is updated daily with new nominations,
modifications to existing records, and deletions. Because individuals can
be added to the list based on reasonable suspicion, inclusion on the list
does not automatically prohibit an individual from, for example, obtaining
a visa or entering the United States when the person is identified by a
screening agency. Rather, when an individual on the list is encountered,
agency officials are to assess the threat the person poses to determine
what action to take, if any.

Agencies Have Had Approximately 53,000 Encounters with Individuals on the Watch
List, and Outcomes Indicate the List Has Helped to Combat Terrorism

From December 2003 (when TSC began operations) through May 2007, screening
and law enforcement agencies encountered individuals who were positively
matched to watch list records approximately 53,000 times, according TSC
data. A breakdown of these encounters shows that the number of matches has
increased each year--from 4,876 during the first 10-month period of TSC's
operations to 14,938 during fiscal year 2005, to 19,887 during fiscal year
2006. This increase can be attributed partly to the growth in the number
of records in the consolidated terrorist watch list and partly to the
increase in the number of agencies that use the list for screening
purposes. Our analysis of TSC data also indicates that many individuals
were encountered multiple times. For example, a truck driver who regularly
crossed the U.S.-Canada border or an individual who frequently took
international flights could each account for multiple encounters. Further,
TSC data show that the highest percentage of encounters involved screening
within the United States by a state or local law enforcement agency, U.S.
government investigative agency, or other governmental entity. The next
highest percentage involved border-related encounters, such as passengers
on airline flights inbound from outside the United States or individuals
screened at land ports of entry. The lowest percentage of encounters
occurred outside of the United States.

The watch list has enhanced the U.S. government's counterterrorism efforts
by allowing federal, state, and local screening and law enforcement
officials to obtain information to help them make better-informed
decisions during encounters regarding the level of threat a person poses
and the appropriate response to take, if any. The specific outcomes of
encounters with individuals on the watch list are based on the
government's overall assessment of the intelligence and investigative
information that supports the watch list record and any additional
information that may be obtained during the encounter. Our analysis of
data on the outcomes of encounters revealed that agencies took a range of
actions, such as arresting individuals, denying others entry into the
United States, and most commonly, releasing the individuals following
questioning and information gathering.

           o TSC data show that agencies reported arresting many subjects of
           watch list records for various reasons, such as the individual
           having an outstanding arrest warrant or the individual's behavior
           or actions during the encounter. TSC data also indicated that some
           of the arrests were based on terrorism grounds.

           o TSC data show that when visa applicants were positively matched
           to terrorist watch list records, the outcomes included visas
           denied, visas issued (because the consular officer did not find
           any statutory basis for inadmissibility), and visa ineligibility
           waived.^6

           o Transportation Security Administration data show that when
           airline passengers were positively matched to the No Fly or
           Selectee lists, the vast majority of matches were to the Selectee
           list.^7 Other outcomes included individuals matched to the No Fly
           list and denied boarding (did not fly) and individuals matched to
           the No Fly list after the aircraft was in flight. Additional
           information on individuals on the watch list passing undetected
           through agency screening is presented later in this statement.

           o U.S. Customs and Border Protection data show that a number of
           nonimmigrant aliens encountered at U.S. ports of entry were
           positively matched to terrorist watch list records. For many of
           the encounters, the agency determined there was sufficient
           information related to watch list records to preclude admission
           under terrorism grounds. However, for most of the encounters, the
           agency determined that there was not sufficient information
           related to the records to preclude admission.

           o TSC data show that state or local law enforcement officials have
           encountered individuals who were positively matched to terrorist
           watch list records thousands of times. Although data on the actual
           outcomes of these encounters were not available, the vast majority
           involved watch list records that indicated that the individuals
           were released, unless there were reasons other than
           terrorism-related grounds for arresting or detaining the
           individuals, such as the individual having an outstanding arrest
           warrant.

Also, according to federal officials, encounters with individuals who were
positively matched to the watch list assisted government efforts in
tracking the respective person's movements or activities and provided the
opportunity to collect additional information about the individual. The
information collected was shared with agents conducting counterterrorism
investigations and with the intelligence community for use in analyzing
threats. Such coordinated collection of information for use in
investigations and threat analyses is one of the stated policy objectives
for the watch list.

^6In this context, ineligibility waived refers to individuals who were
ineligible for a visa based on terrorism grounds, but the Department of
Homeland Security approved a waiver for a one-time visit or multiple
entries into the United States. In general, waivers are approved when the
U.S. government has an interest in allowing the individual to enter the
United States, such as an individual on the terrorist watch list who is
invited to participate in peace talks under U.S. auspices.

^7In general, individuals on the No Fly list are to be precluded from
boarding an aircraft, and individuals on the Selectee list are to receive
additional physical screening prior to boarding an aircraft.

Potential Vulnerabilities in Agency Screening Processes and Agency Efforts to
Address Them

The principal screening agencies whose missions most frequently and
directly involve interactions with travelers do not check against all
records in TSC's consolidated watch list because screening against certain
records (1) may not be needed to support the respective agency's mission,
(2) may not be possible due to the requirements of computer programs used
to check individuals against watch list records, or (3) may not be
operationally feasible. Rather, each day, TSC exports applicable records
from the consolidated watch list to federal government databases that
agencies use to screen individuals for mission-related concerns. For
example, the database that U.S. Customs and Border Protection uses to
check incoming travelers for immigration violations, criminal histories,
and other matters contained the highest percentage of watch list records
as of May 2007. This is because its mission is to screen all travelers,
including U.S. citizens, entering the United States at ports of entry. The
database that the Department of State uses to screen applicants for visas
contained the second highest percentage of all watch list records. This
database does not include records on U.S. citizens and lawful permanent
residents because these individuals would not apply for U.S. visas.

The FBI database that state and local law enforcement agencies use for
screening contained the third highest percentage of watch list records.
According to the FBI, the remaining records were not included in this
database primarily because they did not contain sufficient identifying
information on the individual, which is required to minimize instances of
individuals being misidentified as being subjects of watch list records.
Further, the No Fly and Selectee lists disseminated by the Transportation
Security Administration to airlines for use in prescreening passengers
contained the lowest percentage of watch list records. The lists did not
contain the remaining records either because they (1) did not meet the
nomination criteria for the No Fly or Selectee list or (2) did not contain
sufficient identifying information on the individual.^8 According to the
Department of Homeland Security, increasing the number of records used to
prescreen passengers would expand the number of misidentifications to
unjustifiable proportions without a measurable increase in security. While
we understand the FBI's and the Department of Homeland Security's concerns
about misidentifications, we still believe it is important that federal
officials assess the extent to which security risks exist by not screening
against certain watch list records and what actions, if any, should be
taken in response.

Also, Department of Homeland Security component agencies are taking steps
to address instances of individuals on the watch list passing undetected
through agency screening. For example, U.S. Customs and Border Protection
has encountered situations where it identified the subject of a watch list
record after the individual had been processed at a port of entry and
admitted into the United States. U.S. Customs and Border Protection has
created a working group within the agency to study the causes of this
vulnerability and has begun to implement corrective actions. U.S.
Citizenship and Immigration Services--the agency responsible for screening
persons who apply for U.S. citizenship or immigration benefits--has also
acknowledged areas that need improvement in the processes used to detect
subjects of watch list records. According to agency representatives, each
instance of an individual on the watch list getting through agency
screening is reviewed to determine the cause, with appropriate follow-up
and corrective action taken, if needed. The agency is also working with
TSC to enhance screening effectiveness.

Further, Transportation Security Administration data show that in the
past, a number of individuals who were on the government's No Fly list
passed undetected through airlines' prescreening of passengers and flew on
international flights bound to or from the United States. The individuals
were subsequently identified in-flight by U.S. Customs and Border
Protection, which checks passenger names against watch list records to
help the agency prepare for the passengers' arrival in the United States.
However, the potential onboard security threats posed by the undetected
individuals required an immediate counterterrorism response, which in some
instances resulted in diverting the aircraft to a new location.^9
According to the Transportation Security Administration, such incidents
were subsequently investigated and, if needed, corrective action was taken
with the respective air carrier. In addition, U.S. Customs and Border
Protection has issued a final rule that should better position the
government to identify individuals on the No Fly list before an
international flight is airborne.^10 For domestic flights within the
United States, there is no second screening opportunity--like the one U.S.
Customs and Border Protection conducts for international flights. The
government plans to take over from air carriers the function of
prescreening passengers prior to departure against watch list records for
both international and domestic flights. Also, TSC has ongoing initiatives
to help reduce instances of individuals on the watch list passing
undetected through agency screening, including efforts to improve
computerized name-matching programs.

^8Of all of the screening databases that accept watch list records, only
the No Fly and Selectee lists require certain nomination criteria or
inclusion standards that are narrower than the "known or appropriately
suspected" standard of Homeland Security Presidential Directive 6.

The U.S. Government Has Made Progress in Using the Watch List, but a Strategy
and Plan Supported by a Governance Structure Would Enhance Use and Effectiveness

Although the federal government has made progress in using the
consolidated watch list for screening purposes, additional opportunities
exist for using the list. Internationally, the Department of State has
made progress in making bilateral arrangements to share terrorist
screening information with certain foreign governments. The department had
two such arrangements in place before September 11, 2001. More recently,
the department has made four new arrangements and is in negotiations with
several other countries.

Also, the Department of Homeland Security has made progress in using watch
list records to screen employees in some critical infrastructure
components of the private sector, including certain individuals who have
access to vital areas of nuclear power plants, work in airports, or
transport hazardous materials. However, many critical infrastructure
components are not using watch list records. The Department of Homeland
Security has not, consistent with Homeland Security Presidential Directive
6, finalized guidelines to support private sector screening processes that
have a substantial bearing on homeland security. Finalizing such
guidelines would help both the private sector and the Department of
Homeland Security ensure that private sector entities are using watch list
records consistently, appropriately, and effectively to protect their
workers, visitors, and key critical assets. Further, federal departments
and agencies have not identified all appropriate opportunities for which
terrorist-related screening will be applied, in accordance with
presidential directives.

^9In July 2007, we issued a report that examined federal coordination for
responding to in-flight security threats. See GAO, Aviation Security:
Federal Coordination for Responding to In-flight Security Threats Has
Matured, but Procedures Can Be Strengthened, [17]GAO-07-891R (Washington,
D.C.: July 31, 2007).

^10See 72 Fed. Reg. 48,320 (Aug. 23, 2007). The provisions of the final
rule take effect on February 19, 2008.

A primary reason why screening opportunities remain untapped is because
the government lacks an up-to-date strategy and implementation
plan--supported by a clearly defined leadership or governance
structure--for enhancing the effectiveness of terrorist-related screening,
consistent with presidential directives. Without an up-to-date strategy
and plan, agencies and organizations that conduct terrorist-related
screening activities do not have a foundation for a coordinated approach
that is driven by an articulated set of core principles. Furthermore,
lacking clearly articulated principles, milestones, and outcome measures,
the federal government is not easily able to provide accountability and a
basis for monitoring to ensure that (1) the intended goals for, and
expected results of, terrorist screening are being achieved and (2) use of
the list is consistent with privacy and civil liberties. These plan
elements, which were prescribed by presidential directives, are crucial
for coordinated and comprehensive use of terrorist-related screening data,
as they provide a platform to establish governmentwide priorities for
screening, assess progress toward policy goals and intended outcomes,
ensure that any needed changes are implemented, and respond to issues that
hinder effectiveness.

Although all elements of a strategy and implementation plan cited in
presidential directives are important to guide realization of the most
effective use of watch list data, addressing governance is particularly
vital, as achievement of a coordinated and comprehensive approach to
terrorist-related screening involves numerous entities within and outside
the federal government. However, no clear lines of responsibility and
authority have been established to monitor governmentwide screening
activities for shared problems and solutions or best practices. Neither
does any existing entity clearly have the requisite authority for
addressing various governmentwide issues--such as assessing common gaps or
vulnerabilities in screening processes and identifying, prioritizing, and
implementing new screening opportunities. Thus, it is important that the
Assistant to the President for Homeland Security and Counterterrorism
address these deficiencies by ensuring that an appropriate governance
structure has clear and adequate responsibility and authority to (a)
provide monitoring and analysis of watch list screening efforts
governmentwide, (b) respond to issues that hinder effectiveness, and (c)
assess progress toward intended outcomes.

Conclusions and Recommendations for Executive Action

Managed by TSC, the consolidated terrorist watch list represents a major
step forward from the pre-September 11 environment of multiple,
disconnected, and incomplete watch lists throughout the government. Today,
the watch list is an integral component of the U.S. government's
counterterrorism efforts. However, our work indicates that there are
additional opportunities for reducing potential screening vulnerabilities,
expanding use of the watch list, and enhancing management oversight. Thus,
we have made several recommendations to the heads of relevant departments
and agencies. Our recommendations are intended to help (1) mitigate
security vulnerabilities in terrorist watch list screening processes that
arise when screening agencies do not use certain watch list records and
(2) optimize the use and effectiveness of the watch list as a
counterterrorism tool. Such optimization should include development of
guidelines to support private sector screening processes that have a
substantial bearing on homeland security, as well as development of an
up-to-date strategy and implementation plan for using terrorist-related
information. Further, to help ensure that governmentwide terrorist-related
screening efforts are effectively coordinated, we have also recommended
that the Assistant to the President for Homeland Security and
Counterterrorism ensure that an appropriate leadership or governance
structure has clear lines of responsibility and authority.

Agency Comments and Our Evaluation

In commenting on a draft of our report, which provides the basis for my
statement at today's hearing, the Department of Homeland Security noted
that it agreed with and supported our work and stated that it had already
begun to address issues identified in our report's findings. The FBI noted
that the database state and local law enforcement agencies use for
screening does not contain certain watch list records primarily to
minimize instances of individuals being misidentified as subjects of watch
list records. Because of this operational concern, the FBI noted that our
recommendation to assess the extent of vulnerabilities in current
screening processes has been completed and the vulnerability has been
determined to be low or nonexistent. In our view, however, recognizing
operational concerns does not constitute assessing vulnerabilities. Thus,
while we understand the FBI's operational concerns, we maintain it is
still important that the FBI assess to what extent security risks are
raised by not screening against certain watch list records and what
actions, if any, should be taken in response. Also, the FBI noted that
TSC's governance board is the appropriate forum for obtaining a commitment
from all of the entities involved in the watch-listing process. However,
as discussed in our report, TSC's governance board is responsible for
providing guidance concerning issues within TSC's mission and authority
and would need additional authority to provide effective coordination of
terrorist-related screening activities and interagency issues
governmentwide. The Homeland Security Council was provided a draft of the
report but did not provide comments.

Mr. Chairman, this concludes my statement. I would be pleased to answer
any questions that you or other members have at this time.

GAO Contacts and Staff Acknowledgments

For questions regarding this testimony, please contact me at (202)
512-8777 or [18][email protected] . Other key contributors to this
statement were Danny R. Burton, Virginia A. Chanley, R. Eric Erdman,
Michele C. Fejfar, Jonathon C. Fremont, Kathryn E. Godfrey, Richard B.
Hung, Thomas F. Lombardi, Donna L. Miller, and Ronald J. Salo.

(440672)

This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.

GAO's Mission

The Government Accountability Office, the audit, evaluation, and
investigative arm of Congress, exists to support Congress in meeting its
constitutional responsibilities and to help improve the performance and
accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.

Obtaining Copies of GAO Reports and Testimony

The fastest and easiest way to obtain copies of GAO documents at no cost
is through GAO's Web site ( [19]www.gao.gov ). Each weekday, GAO posts
newly released reports, testimony, and correspondence on its Web site. To
have GAO e-mail you a list of newly posted products every afternoon, go to
[20]www.gao.gov and select "E-mail Updates."

Order by Mail or Phone

The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent of
Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more
copies mailed to a single address are discounted 25 percent. Orders should
be sent to:

U.S. Government Accountability Office 441 G Street NW, Room LM Washington,
DC 20548

To order by Phone: Voice: (202) 512-6000
TDD: (202) 512-2537
Fax: (202) 512-6061

To Report Fraud, Waste, and Abuse in Federal Programs

Contact:

Web site: [21]www.gao.gov/fraudnet/fraudnet.htm
E-mail: [22][email protected]
Automated answering system: (800) 424-5454 or (202) 512-7470

Congressional Relations

Gloria Jarmon, Managing Director, [23][email protected] , (202) 512-4400
U.S. Government Accountability Office, 441 G Street NW, Room 7125
Washington, DC 20548

Public Affairs

Susan Becker, Acting Manager, [24][email protected] , (202) 512-4800 U.S.
Government Accountability Office, 441 G Street NW, Room 7149 Washington,
DC 20548

To view the full product, including the scope
and methodology, click on [25]GAO-08-194T .

For more information, contact Eileen Larence at (202) 512-8777 or
[email protected].

Highlights of [26]GAO-08-194T , a testimony before the Committee on
Homeland Security and Governmental Affairs,

United States Senate

October 2007

TERRORIST WATCH LISTSCREENING

Recommendations to Enhance Management Oversight, Reduce Potential
Screening Vulnerabilities, and Expand Use of the List

The Federal Bureau of Investigation's (FBI) Terrorist Screening Center
(TSC) maintains a consolidated watch list of known or appropriately
suspected terrorists and sends records from the list to agencies to
support terrorism-related screening.

This testimony discusses (1) standards for including individuals on the
list, (2) the outcomes of encounters with individuals on the list, (3)
potential vulnerabilities in screening processes and efforts to address
them, and (4) actions taken to promote effective terrorism-related
screening.

This statement is based on GAO's report (GAO-08-110) being released at
this hearing. To accomplish the objectives, GAO reviewed documentation
obtained from and interviewed officials at TSC, the FBI, the National
Counterterrorism Center, the Department of Homeland Security, and other
agencies that perform terrorism-related screening.

[27]What GAO Recommends

GAO recommends several actions to promote a comprehensive and coordinated
approach to terrorist-related screening. Among them are actions to monitor
and respond to vulnerabilities and to establish up-to-date guidelines,
strategies, and plans to facilitate expanded and enhanced use of the list.

The departments that provided comments on the report generally agreed with
GAO's findings and recommendations.

The FBI and the intelligence community use standards of reasonableness to
evaluate individuals for nomination to the consolidated terrorist watch
list. In general, individuals who are reasonably suspected of having
possible links to terrorism--in addition to individuals with known
links--are to be nominated. As such, being on the list does not
automatically prohibit, for example, the issuance of a visa or entry into
the United States. Rather, when an individual on the list is encountered,
agency officials are to assess the threat the person poses to determine
what action to take, if any. As of May 2007, the consolidated watch list
contained approximately 755,000 records.

From December 2003 through May 2007, screening and law enforcement
agencies encountered individuals who were positively matched to watch list
records approximately 53,000 times. Many individuals were matched multiple
times. The outcomes of these encounters reflect an array of actions, such
as arrests; denials of entry into the United States; and, most often,
questioning and release. Within the federal community, there is general
agreement that the watch list has helped to combat terrorism by (1)
providing screening and law enforcement agencies with information to help
them respond appropriately during encounters and (2) helping law
enforcement and intelligence agencies track individuals on the watch list
and collect information about them for use in conducting investigations
and in assessing threats.

Regarding potential vulnerabilities, TSC sends records daily from the
watch list to screening agencies. However, some records are not sent,
partly because screening against them may not be needed to support the
respective agency's mission or may not be possible due to the requirements
of computer programs used to check individuals against watch list records.
Also, some subjects of watch list records have passed undetected through
agency screening processes and were not identified, for example, until
after they had boarded and flew on an aircraft or were processed at a port
of entry and admitted into the United States. TSC and other federal
agencies have ongoing initiatives to help reduce these potential
vulnerabilities, including efforts to improve computerized name-matching
programs and the quality of watch list data.

Although the federal government has made progress in promoting effective
terrorism-related screening, additional screening opportunities remain
untapped--within the federal sector, as well as within critical
infrastructure components of the private sector. This situation exists
partly because the government lacks an up-to-date strategy and
implementation plan for optimizing use of the terrorist watch list. Also
lacking are clear lines of authority and responsibility. An up-to-date
strategy and implementation plan, supported by a clearly defined
leadership or governance structure, would provide a platform to establish
governmentwide screening priorities, assess progress toward policy goals
and intended outcomes, consider factors related to privacy and civil
liberties, ensure that any needed changes are implemented, and respond to
issues that hinder effectiveness.

References

Visible links
  16. http://www.gao.gov/cgi-bin/getrpt?GAO-06-1031
  17. http://www.gao.gov/cgi-bin/getrpt?GAO-07-891R
  18. mailto:[email protected]
  19. http://www.gao.gov/
  20. http://www.gao.gov/
  21. http://www.gao.gov/fraudnet/fraudnet.htm
  22. mailto:[email protected]
  23. mailto:[email protected]
  24. mailto:[email protected]
  25. http://www.gao.gov/cgi-bin/getrpt?GAO-08-194T
  26. http://www.gao.gov/cgi-bin/getrpt?GAO-08-194T
*** End of document. ***