Skip to main content

tv   Hearing on TSA Workforce Vetting Procedures  CSPAN  June 21, 2015 1:19pm-2:36pm EDT

1:19 pm
on the other hand, but if my answer is, that is what the constitution -- [indiscernible] you know, that is some of the back-and-forth among committees and leaders. >> [indiscernible] what happens then? >> i don't know. we will take it a step at a time. i'm hoping that the senate will pass it tomorrow. i'm hoping we will have the support quick and i'm hoping that the president will sign it, not veto it. if any of those things don't work out the way i hope then we will just take that as it comes. >> but -- but, i'm sorry, just to emphasize, he is going to veto a defense bill that provides him exactly as many as he asks for? how does any of that make sense? >> will any of the 1200 pieces of heavy equipment going to eastern europe and the baltic's -- is that appropriated at all?
1:20 pm
>> it would be operation and maintenance that would move it. because as i understand it, it is moving it from one location for the to the east. so there would be some cost in rail or truck or driving, you know, transportation costs that would be out of onm costs whether that is out of the -- >> do you have any thoughts about the -- >> well, it is part of the contingencies of a dangerous world. as you saw, a lot of what we have in the overseas contingency account is onm funds. not just for the middle east, but also for what is happening in the far east and in the eastern europe as well. >> on syria, carter said they want enough people entering the program to -- to send a force in
1:21 pm
to fight isil. was that news to you? is there any hope left for that program? >> [laughter] hope is not a strategy, isn't that the theme of the day? i don't know. he is not the first person who has said iraq is easy compared to syria. you know, i see little prospect of having a ground force that ray trains, that can push back against isil in the near term. it is the kurds who have made some gains in the north. i appreciate that there's somebody there, you know, willing to fight. but the kurds are not going to remove isil from syria. you know, they are doing good work, but they can't do it on their own. thank you all. have a good rest of your days. >> you too. >> [indistinct chatter]
1:22 pm
>> on this father's day, members of congress are tweeting out their own messages. pete olson tweets, being a dad is the best job in the world. happy father's day to all the dads out there. hank johnson says, happy father's day. already have the best gift i could ask for, a wonderful and supportive wife. amy of minnesota tweets, happy father's day to my dad, who taught me to climb life's highest mountains, which he has. and tom tiller says, happy father's day to all fathers across north carolina. being a dad is the greatest blessing of my life. >> like many of us, first families take occasion time. and like presidents and first ladies, a good read can be the perfect companion for your summer journeys. what better book than one that
1:23 pm
appears inside the personal life of every first lady in american history? "first ladies," on the lives of 45 iconic american women. inspiring stories of fascinating women who survive the scrutiny of the white house. a great summertime read. available from public affairs as a hardcover or e-book. >> officials from the transportation security administration say that the 73 tsa employees identified in a recent internal report are not known terrorists and did not pose a threat to transportation to katie. a tsa deputy assistant administrator announced this news at a house homeland security subcommittee meeting. other witnesses include the inspector general, john roth. this is one hour 15 minutes.
1:24 pm
john katko: the committee on homeland security subcommittee on transportation security will come to order. the subcommittee is meeting today to hear testimony on... -- i now recognize myself for an opening statement. i would like to welcome everyone to today's hearing on how tsa can improve aviation worker vetting. since the start of the congress, my subcommittee has actively engaged and examined a number of alarming aspects related to tsa 's operations, policies, and procedures. through hearings, oversight inquiries, and legislation, we've been working to get to the bottom of these issues and raise awareness of the urgent need to fix them. recent revelations that the tsa cleared for employment individuals with potential ties to terrorism demonstrate the dire need for improved, streamline procedures at tsa. the findings released by the department of homeland security inspector general over the last few weeks are indeed alarming. in may, the inspector general
1:25 pm
released a report that found tsa did not have the appropriate controls in place to ensure that screening equipment has necessary maintenance work performed. a few weeks ago, news outlets reported test results showing its screeners failed to detect prohibitive threat items 96 percent of the time. and just last week, we learned that 73 airport employees with potential ties to terrorism were issued credentials which allow them to get access to secure areas of airports. these more recently we learned -- and an employee of the faa bypassing security and flying with a loaded firearm using his badge. more recently we learned of a drug-trafficking ring operating out of the airport in oakland california. all of these findings individually are concerning, and
1:26 pm
in the aggregate, well, they just shake the public's confidence and only demonstrate the leadership needed at the tsa. this committee will come -- excuse me, this committee will continue to lead efforts to close security loopholes and ensure the continuing safety and security of our nation's aviation system. the purpose of today's hearing is to thoroughly examine the identified security gaps highlighted in the most recent i.g. report about aviation worker vetting and find ways to improve the vetting process to improve that these probabilities are addressed and the american people can feel safe when traveling. aviation workers are supposed to be thoroughly vetted due to their continuing access to sensitive areas of airports and the fact that they hold a position of trust within the transportation system. however as the ig report has found so clearly there are significant shortfalls in the vetting policies. for example, the i.g. found that tsa does not have access to all
1:27 pm
the data it may need to thoroughly check an aviation worker's potential ties to terrorism. however, what is even more alarming is that a memo was sent to the tsa administrator last year noting the need for additional information and tsa has dealt yet to resolve this gap. a year later. the report also found that airports do not match the expiration date of an employee's credentials to the expiration of their legal work authorization in the united states. again, while tsa stated they are working to resolve these issues by the end of the calendar year it raises serious concerns that this gap exists in the first place. therefore, i have sponsored hr-2750. which i introduced last week. along with chairman mccall and raking member rice and congressman payne to close these security gaps and ensure the
1:28 pm
safety of the transportation networks. the reality is, in this post-9/11 world, that the terrorist threat is metastasizing, and we as a nation must remain responsive to any holes in the security of our transportation system. and ensure that the protocols keep pace with the ever evolving threat landscape. improving the vetting of the aviation workers who have access to these sensitive areas of airports can help close those -- close another back door vulnerability at our nation's airports at today's hearing have representatives from the tsa, the inspector general himself to address how recommendations can be implemented and what tools are needed to improve the security at our airports. i look forward to hearing their testimony and having a meaningful dialogue on how we can better protect this vital transportation mode and keep aviation safe and secure for the american people the chair now recognizes the ranking minority member of the subcommittee, the gentlelady from new york, ms. rice, for any statement she may
1:29 pm
have. kathleen rice: thank you, mr. chairman, and thank you for convening this hearing. we have an important question to answer today -- how can we do a better job vetting aviation workers? how can we do a better job ensuring that criminals and terrorists cannot get jobs in our airports. clearly, if a terrorist were to penetrate an airport in that way, the results could be catastrophic. we have to assume that right now someone is time to do just that. we have to assume that we can prevent it. we have to keep working together to strengthen our security, find and close the gaps, and stay one step ahead. tsa's responsible for vetting diverse groups of people, from the transit worker identification credential program to pre-check to aviation worker programs. aviation workers themselves are a diverse group of people who play many different and important roles within the commercial airport environment. from the person who works at the newsstand to the mechanic who has to access to the plane
1:30 pm
itself to perform his or her duties. what these two people have in common is that they both go to work everyday beyond the checkpoints in a secure area of the airport. we have to do everything within our power to ensure that people who go to work in the secure areas are exhaustively vetted, both before employment and on a recurring basis. last week the department of homeland security office of inspector general issued a report that detailed how 73 individuals with links to terrorism were able to get jobs with airlines and airport vendors and were clear to act as secured areas. that is unacceptable. first, we should all be grateful to the inspector general for bringing this to our attention and to know that this threat was out there to think about what could have happened should be all the motivation we need to work together, act swiftly, and do what needs to be done. that is why we are here today. not to create a spectacle or cast blame, we are here to figure out how this happened, what we need to learn from it,
1:31 pm
and what we need to do. i also want to point out that inspector general roth himself noted that tsa's vetting process was, quote, "generally effective." so that is not the problem here. as far as i understand, there seems to be two main factors. number one, because of the current interagency watch list policy, tsa doesn't have access to databases that would capture the individuals in question and alerted tsa to their terrorism indicators. that is unacceptable and has to change. tsa should have had access to all information about these individuals, and access to any and all information that will make their vetting process as exhaustive as possible. number two, the report also made it clear that tsa's own databases are a mess, 87,000 employee files without social security numbers, many with no passport number or proof of citizenship. 300 files with no full names for the employees. there is no excuse for that. it strikes me gaza as i am sure
1:32 pm
everyone, as sloppy. we strive for a security system that is airtight and precise. in order to achieve that, our information must be airtight. everything we do much be precise. the inspector general's office has issued six recommendations all of which will help to address these issues and i appreciate the fact that tsa has concurred with these implementations. i look for to hearing more about these issues today. and after this hearing, i look forward to taking up legislation that will quantify recommendations from this report and from another oig report that details the need for tsa to properly manage its airport screening equipment maintenance program. i want to thank each one of our witnesses for being here today. i'm eager to hear all of your testimony and have a productive conversation about how we can do a better job vetting aviation workers how we can keep a particular, and keeping
1:33 pm
passengers safe. mr. chairman, i thank you again for convening this hearing, and i yield back the balance of my time. john katko: thank you, ms. rice. i know at least the chairman of the homeland security full committee, mr. mccaul plans on coming here, making a statement. when he comes, we will give... -- give him an opportunity to do so. i will extend the same courtesy to mr. thompson if he shows up. with respect to other members of the committee, i want to remind you that opening statements may be submitted for the record. we are pleased to have several distinguished witnesses before us today. let me remind the witnesses that their entire written statements will appear in our record. somebody has -- well familiar to this committee and to homeland security as a whole is mr. roth. welcome back and thank you for your continuing good work, sir. ms. -- ms. fitzmaurice from the homeland security committee -- or -- of tsa, excuse me, of tsa, thank you for being here. and, ms. grover, thank you for being here, as well.
1:34 pm
i'd like to hear from mr. roth with respect to his opening statement. john roth: chairman katko, ranking member rice and members of the subcommittee, thank you for inviting me here today to discuss the results of our most -- the airports themselves collect this information used for vetting and submit it to tsa through a contractor. once tsa receives biographic data, it is electronically matches it against a terrorist screening database to identify individuals with potential links to terrorism. tsa also currently bets airport workers every time it receives a
1:35 pm
watchlist update. based upon this review the tsa may revoke a credential after quite a nation with other government agencies. we found that tsa was generally effective in identifying individuals with links to terrorism. however, we did uncover a significant weakness. at our request, the national counterterrorism center before a data match of over 900,000 airport workers who have access to secure areas against the national counterterrorism center's database. as a result of this match, we identified 73 individuals with terrorism related category codes within the database who also had active airport credentials. according to tsa officials current interagency policy prevents tsa from receiving all terrorism-related codes during batting, and this lack of access to complete records resulted in tsa not discovering the issue with the 73 individuals. tsa officials candidly recognize
1:36 pm
that not receiving these codes represents a weakness in its program, and informed us that tsa cannot guarantee that it can consistently identify all questionable individuals without receiving those categories. in 2014, the tsa administrator authorized his staff to request some of the missing category codes for vetting. however, according to an official at the dhs office of policy, tsa and dhs have yet to formalize their request to be watchlist interagency policy committee in order to receive additional categories. additionally, we found an issue with the manner in which airport workers are checked for criminal histories. the airports themselves maintain the ultimate authority to review and determine whether an individual costs criminal history contains this qualifying crimes under federal law. however, tsa did not have adequate monitoring processes in place to ensure that airport operators properly entered a
1:37 pm
gated these histories. tsa officials informed us that airport officials rarely or almost never, documented the results of their criminal history reviews electronically. without sufficient documentation, tsa cannot systematically determine whether individuals with access to secure areas of the airport are free of disqualifying criminal convictions. moreover, under current law and fbi policy, tsa and the airports are not legally authorized to conduct recurrent vetting of criminal histories. we also found a weakness in the verification process for an individual's authorization to work in the united states. as with criminal histories, it is the airport operators who are required to ensure that aviation workers are authorized to work before sending their information to tsa for review. tsa then verifies that aviation workers have lawful status. however, a review of tsa data showed that tsa has had to deny credentials for over 4,800
1:38 pm
applicants because tsa determined that they did not prove their lawful status, even after appeal. now this occurred despite the fact that these individuals had previously been cleared to work at the airports -- being a legally authorized to work. finally, we looked at the quality of the data that is involved in worker vetting. tsa relied on -- relies on airports to complete -- to submit complete and accurate aviation worker data; however we identified thousands of records that appear to have incomplete or inaccurate biographical information. we made six recommendations in our report. tsa agreed to all the recommendations and provided target completion dates for corrective actions. we will follow-up on the implementation of these corrective actions. mr. chairman, thank you again for inviting me to testify here today. i look forward to any questions you or other members of the committee may have. john katko: thank you, mr. roth for -- roth for your continued professionalism in handling these matters.
1:39 pm
we appreciate you being here today, of course, and our... -- our second witness, the deputy assistant for analysis. prior to her current role, ms. fitzmaurice served as division director for the checkpoint solutions and integrity division within tsa's office of security capabilities. in this position, she led efforts to identify, acquire, and manage state-of-the-art technologies and capabilities that screen passengers at u.s. airports. prior to beginning her federal career, ms. fitzmaurice held management positions at airlines reporting corporation, u.s. airways and trans state airlines. the chair now recognizes ms. fitzmaurice to testify. stacey fitzmaurice: good morning, chairman katko, ranking member rice and distinguished members of the subcommittee. i appreciate the opportunity to appear before you today to testify about tsa's aviation worker vetting programs. tsa conducts security threat assessments for more than two million workers requiring badged
1:40 pm
access to airports. these individuals undergo terrorist watchlist checks, as well as immigration, status, and criminal history record checks. they give us near real-time notification of any changes to the list of known or suspected terrorists so that we can take appropriate action. both the ig and an independent review of dhs's vetting process deemed tsa's vetting to be effective. tsa has made key enhancements to aviation worker vetting to projects that began in 2012. these include the ability for airports to upload immigration and identity document to conduct more robust identity identification and immigration checks and implementing logic to reject information. airports represent a critical -- airport operators responsible for reviewing criminal records and ultimately making a
1:41 pm
determination about granting badges to workers that provide secure access to our nation's airports, according to tsa's requirement. in airport operator may not issue a badge if the airport is deemed ineligible. airports represent a critical layer of security by making risk- based decision using tsa-provided information and locally derived information for the final badging decision. tsa recognizes the value of conducting more frequent or recurrent criminal checks on workers to identify cases where there has been subsequent criminal activity. the use of criminal history records checks is considered by the fbi to be for noncriminal justice purposes according to pre-9/11 law and regulations. as such, tsa has not had access to criminal checks that are unavailable to law enforcement agencies. however, in september of 2014, the fbi implemented a new automated capability called rat pack that will provide this service to other agencies, such as tsa, for a fee.
1:42 pm
tsa and the fbi have been working together to implement criminal checks and tsa is planning for initial rat pack pilot to begin later this calendar year. the i.g. recently made several key recommendations on worker vetting, including one that tsa had also identified as an area for enhancement in 2014 namely, that there is additional intelligence related data that may provide value and informed tsa's vetting decisions. using this data, the ig identified 73 cases for additional attention. to be clear, these individuals are not considered to be known or suspected terrorists. tsa has re-reviewed all 73 cases and found the individuals do... -- individuals do not pose a threat to transportation security and the additional data did not change its original determination for these cases. these additional intelligence records do not meet the reasonable suspicion standard of being considered a known or suspected terrorist by the u.s. government.
1:43 pm
that being said, tsa recognizes the value of having as much relevant data as possible to make informed decisions in its betting, and as such, former tsa administrator pistol signed a memo in 2014 supporting tsa's request for the additional data. this information may not only be important for tsa to conduct its security threat assessment, but also may allow tsa to assist the intelligence and law enforcement communities by identifying previously unknown associations of known or suspected terrorists. tsa and the department are aggressively pursuing automated access to the data and working to expedite the process in inter-agency coordination to complete the request. tsa concurs with all six of the i.g. recommendations and is taking steps to address all of them. in addition to the three items i've already mentioned, we will also be including a requirement for inspectors to include verifying an airport badging
1:44 pm
office review of applicant criminal history records and legal status, publishing guidance to all regular the airport to ensure that the airport badging offices to activate the badges properly when individual's temporary authorization to work in the u.s. and and working with airports is denied based on legal status, validates the reason for did as, and issues guidance to the airports to address any weaknesses. the i.g. findings support our efforts to improve the vetting of regulated aviation workers and complement the steps tsa has taken to address the potential insider threat all the ability at u.s. airports. we recognize the value of complete and accurate information when conducting vetting and we will continue to identify areas for improvement. tsa appreciates the work of the i.g. during the course of this audit, and we will use the information to enhance our processes going forward. i want to thank the committee for your interest in this important issue and i look forward to answering your questions. john katko: thank you, ms. fitzmaurice, for your testimony.
1:45 pm
our third witness is ms. jenny grover, director of the homeland security and justice team at the government accountability office. her portfolio includes reviews of tsa and coast guard programs and operations. ms. grover joined in 1991. the chair now recognizes her to testify. jennifer grover: good morning, chairman katko, ranking member rice, chairman mccaul, and other members and staff. i'm pleased to be here today to to discuss tsa's in limitation and oversight of the aviation worker programs, which tsa and airport years to determine whether workers pros security threats. -- pose security threats. tsa, in collaboration with airport operators and the fbi, complete applicant background checks, known as security threat assessment, for a purge facility workers, retail employees, and airline employees. in general, security threat assessments include checks of an applicant's criminal history, immigration status, and known links to terrorism. tsa and airport operators have
1:46 pm
different responsibilities within the process. airport operators collect applicant information and send it to tsa for the security threat assessment. tsa reviews the result of the terrorism and immigration checks to determine if the applicant meets the eligibility criteria for holding an airport credential. tsa transmits the results of the fbi criminal history check, which contains information from a national fingerprint and criminal history system, back to the airport operator for review. based on this information, the airport operator evaluates the criminal history to identify potentially disqualifying criminal offenses and then makes a determination of eligibility. the airport also enrolls approve applicants and issues a credential, providing for access to secured areas of the airport. tsa has faced long-time challenges obtaining the necessary criminal history information to accurately assess
1:47 pm
aviation workers. in december 2011, we found that limitations in the criminal history checks increase the risk that the agency was not detecting all applicants with potentially disqualifying criminal offenses. for the purposes of accessing fbi criminal history records tsa is considered a non-criminal justice requester, similar to that of a private company conducting an employment check on a new applicant. as a result, the information that tsa received on aviation work applicant was often incomplete. for example, at the time of our report, tsa did not have access to many state records with information on sentencing release date, and parole or probation violations. we recommended that tsa and the fbi jointly assess the extent to which this limitation posed a security risk and consider alternatives. tsa and the fbi concluded that the risk of incomplete information could be mitigated through improved access to state
1:48 pm
supplied records. the fbi has since reported expanding the criminal history information that's available to tsa for these security threat assessments. our remaining vulnerability, as others have noted this morning, is that until recently tsa did not conduct periodic criminal history checks of airport workers after they had been hired. in fact, workers who maintain continuous employment with the same airport authority did not undergo any subsequent criminal history checks. in april 2015, tsa changed this policy by requiring periodic criminal history checks of all credentialed airport workers with unescorted access to secure areas of the airport. according to this requirement, tsa will conduct these checks until they are able to establish a system for real-time concurrent checks, similar to the way that tsa conducts checks for vetting for their aviation workers. in conclusion, with more complete and updated information about applicant and current worker criminal histories, tsa and airports are better
1:49 pm
positioned to detect all individuals with potentially disqualifying criminal offenses. tsa's new requirement to periodically conduct criminal history checks of their aviation workers is a positive interim step while the tsi and fbi work towards whole implementation of the service which is intended to provide tsa and the airports with real-time monitoring. chairman katko, ranking member rice, chairman mccaul, this concludes my statement. i look forward to your questions. john katko: thank you, ms. grover. the chair now recognizes the chairman of the full homeland security committee, the gentleman from texas, mr. mccaul, for any statement he may have. michael mccaul: thank you, chairman katko, ranking member rice, for holding this important hearing. recent reports about the tsa screening in my view are deeply disturbing. and call into question some of the 9/11 security measures we have worked hard to put into place. fourteen years after that horrible day, islamist terrorists are still plotting
1:50 pm
daily to kill americans. and lately the threat picture's gotten worse. our aviation sectors are of particular interest to the terrorists. they think that by taking down airplanes, they can bring down our economy. last week, we reportedly hit al qaeda's number two in a joint strike -- join -- drone strike in yemen. it was an important counterterrorism victory. but it won't stop terrorists from aiming their sites at our skies. as we stare down these threats, congress and the american people need confidence in our defenses. terrorists have to be right only once. to defend ourselves, we have to be right 100% of the time. millions of travelers pass through our nation's airports every year, and we need to know that the systems in place will protect them. but in recent weeks, tsa has given us more concern than
1:51 pm
confident. reports about tsa's performance have a lot the american people and raised fears that bonds can pass through airport passenger screening and terrorists might slip through tsa's employees letting -- betting. -- vetting. we need to get to the bottom of these claims and do everything possible to deny terrorists an opportunity to exploit our defenses. next month, i plan to hold a hearing on security. once he is confirmed, and i want him to outline his vision for tsa, give us answers on how he will close any identified vulnerabilities. this will not be easy. but in order to win the confidence of the american people, tsa needs a good wire brushing and strong leadership. we cannot become complacent about the threat. we can and must improve our screening capabilities, and we need aviation workers who are thoroughly vetted. as a first step to tackle these challenges, i'm co-sponsoring
1:52 pm
h.r. 2750, the improved security vetting for aviation workers act, introduced by chairman... -- chairman katko which codifies the six recommendations to ensure there are no loopholes in the security background checks or -- for aviation workers. i am also strongly -- support h.r. 2770, the keeping our travelers safe and secure act, introduced by ranking member rice, which would close additional screening gaps and strengthen our aviation security. i want to thank the dhs inspector general roth for his leadership and strong oversight of tsa and dhs in bringing these all mobility's -- vulnerabilities to our attention. and i also want to thank the witnesses here and i hope they are committed to changing the agency's direction and restoring the trust of the american people.
1:53 pm
when i heard that 73 airport workers had ties to terrorism when i got that news, well first of all, i couldn't believe it. and i want additional briefings on these ties to terrorism, but that is totally unacceptable 14 years after 9/11. i think the american people deserve better. we see the grandma, the veteran the active-duty service, the children being patted down at these airports and water bottles being taken out of luggage is and all this going on, and yet 96% of the stuff gets through. and we can talk about what it is because it is classified. but 96%. that is a 4% success rate. the american people deserve better. and they deserve to feel safe. when they travel on airplanes. and with that, mr. chairman, i yield back. john katko: thank you very much, mr. chairman mccaul. i now recognize myself for five minutes to ask questions. and i'll start with mr. roth.
1:54 pm
briefly summarizing your -- the findings in your reports and recommendations, you recommend basically four broad categories. i just want to make sure i got them right here. number one, tsa should request and review additional watch list data. is that correct? john roth: that's correct. john katko: and number two, that they required that airports improve verification of applicants' rights to work, correct? john roth: correct. john katko: number three, that they revoke credentials when the right to work expires? john roth: correct. john katko: and number four, to improve the quality of vetting data, is that correct? john roth: yes, sir. john katko: all right. ms. fitzmaurice, do you -- does tsa agree with all those recommendations? stacey fitzmaurice: yes, they do. john katko: all right. i want to focus on requesting and reviewing additional watch list data first. and i'll start with mr. roth briefly. could you tell me -- you mentioned during your testimony that about 900,000 individuals, employees nationwide were run through the national counterterrorism center's
1:55 pm
database, is that correct? john roth: yes, sir. john katko: ok. how onerous a task was it to do that? john roth: well, for us it was actually the actual task of running it, and nctc did it for us. the legal authorization for it took some time. we had to get a memorandum of understanding between tsa and nctc to do it. it took about 18 months to get all the legal authorizations that we needed to do it because of the requirements of the data matching act. so legally and bureaucratically it was a huge left. but actually to do the match was quite easy. john katko: ok. so the mechanical checking against a database, once those hurdles are cleared is relatively easy. john roth: yes. the size of the data is not that large, so it was not that big of a task to match on set of data -- one set of data against the other set of data. john katko: so if we can fix these hurdles, it should be a relatively easy task going through this vetting going to the database on the regular basis? john roth: yes, sir. john katko: all right. thank you. ms. fitzmaurice, a couple
1:56 pm
questions for you. i'd like to know when tsa first became aware of this problem with respect to not getting appropriate codes to run names to the database. and i know from at least may of 2014 there was a memo to administrator pistole advising him that they needed additional codes from tied for employees grinning, is that correct? ok. and to your knowledge, is that when they first -- the administrator first became aware of this being a problem? stacey fitzmaurice: that is my understanding. john katko: ok. so, may of 2014 at least the administrator, the head of tsa was aware of the fact that they may not -- they were getting incomplete data regarding employees and that may affect whether individuals with terrorist ties are working at airports across this country. is that right? stacey fitzmaurice: yes. and if i may explain the distinction of the information that we're requesting, tsa receives watch-listed information that is maintained by the fbi's terrorist screening
1:57 pm
center. and that information is the information that we primarily use in our vetting process. that is who the federal government has deemed to be known or suspected terrorists and meet reasonable suspicion standards, which is why that has been shared with us for the watch listing purposes. what we are seeking access to is additional intelligence-related information that is contained in the nctc's tide database. and -- and i think it's important to understand that the information that -- that the information on the watch list are tied, but not everyone in tied is a terror list -- tide is a terrorist and needs to be put on the watch list. john katko: understood. -- is that correct? stacey fitzmaurice: that is correct. we did not have access to that information. we are seeking that access. we did review, though, all of
1:58 pm
the cases of those 73 individuals, and have determined that they do not pose a threat to transportation security. john katko: who made the determination? stacey fitzmaurice: tsa did, sir. john katko: did anybody from outside tsa share in making that determination? stacey fitzmaurice: so, sir, as part of our typical process when we look at information and we look at individuals who may have some nexus to terrorism, we oftentimes will consult with various law enforcement and intelligence community partners. john katko: did you do that? stacey fitzmaurice: we do that regularly as part of our process. john katko: just so the question's clear, did you do that with respect to these 73 individuals that have potential -- the tsa has made their own determination that they don't pose a threat? stacey fitzmaurice: tsa reviewed all of the 73 records on these individuals, determined that they did not pose a threat to transportation. that is part of tsa's kind of... -- of day in and day out process. but every time we understand that someone may have a
1:59 pm
potential nexus, they may not be designated as a known or suspected terrorist, we do, do that consultation with the -- john katko: i just want to make sure you're answering the question, just a brief yes or no. did you consult with the people outside of tsa before you made the ultimate determination that these 73 individuals who are on -- the tide database -- did you consult? stacey fitzmaurice: yes, that is part of our process, we did. john katko: ok. and i take i that's something we can see in a secure setting, the information regarding that. stacey fitzmaurice: yes. we'd be happy to share that in a closed setting. john katko: ok. now, more importantly, this has raised a concern, of course about a gap. and the biggest concern i have is the amount of time it takes -- i guess from a guideline standpoint, have may of 2014 when the information was brought, correct? stacey fitzmaurice: yes, sir. john katko: what did tsa do after that to try and fix this problem? i know as of today, a year later, the problem has not been fixed.
2:00 pm
tell us what you have been doing in the meantime. stacey fitzmaurice: certainly. so yes, the administrator did sign a memorandum may of last year acknowledging our interest to receive access to this information.
2:01 pm
well, with all due respect, and i know you're just the person here filling in for someone who's unavailable, but that's not acceptable. you have the nation's security in your head. -- in your hand. you said you are working on it. stacey fitzmaurice: so, we are working on it. but i think what's really important to understand is that we do receive the terror screening database, and those are the individuals. we do all of the aviation workers against that and we have taken action on those. what we are seeking to do now is gain access to additional information that will assist us and provide a fuller context of
2:02 pm
who these individuals are and known associations. john katko: the point is, and i ask you to take it back to your supervisors, and we're going to make the point crystal clear to them. an action mr. rogers and i and as it stands right now, were it not for the i.g. report, i highly doubt that we would be any closer to getting access to the tide database because the tide database identifies 73 people you did not know who may have had ties to terrorism. it is an internal thing we will look at and the bottom line is it needs to be more quickly done. and we cannot have a bureaucratic morass in charge of guarding our airports, it just can't. and with that, i'll yield my questioning to the ranking member, ms. rice.
2:03 pm
kathleen rice: thank you, mr. chairman. ms. grover, you mentioned something in your testimony about how the tsa is now -- not qualified as a law enforcement agency, which limits the ability for them. jennifer grover: so this has been a topic of discussion for many years. the compact act from 1998 is what set the requirements for requesters that were considered to be having criminal justice access for noncriminal justice access. and when we did our work several years ago, tsa's position was that they didn't really fit neatly into either one of those categories. it was their position that non-criminals justice access records was not a meaning there needs which it clearly was not.
2:04 pm
at the time, they only had access from 15 states and and not have the information to make the complete determination of eligibility. they have worked with the fbi. in the past the fbi has , determined that they are not eligible for the different statuses of criminal justice requester. and has expanded the database. i believe now they have access to information from about 41 states and certainly much closer to meeting their needs. kathleen rice: ok. so, but that's not going to be complete until they have access to all 50. and they are treated for all intents and purposes like a law enforcement. so we have to deal with that change. ok. so you answered the second question i was going to ask. ms. fitzmaurice, the -- one of the first things that you said in your testimony was that the vetting process has been found
2:05 pm
to be affective and whether that is your finding or another. sitting here, how is it possible anybody can come to that conclusion? we are talking about all of these -- you know -- i understand that. let me provide context for that comment. so yes, the inspector general is part of his report did say they found of the vetting process is to be generally effective. additionally, several years back the department sponsored a review of dhs's vetting programs. and we participated in that. and the review of that found at the best performing at has been an effective system and data dhs has. one of the key things that we have to keep in mind, and part of what we're talking about today, though, is the information that we have access. we have very sophisticated vetting system that takes millions of records and that is
2:06 pm
set that does the database of millions of suspected terrorists. but we are absolutely dependent on having access to the right information about individuals who pose, you know a threat to transportation security and. may have value from an intelligence standpoint. additionally, as has been highlighted, you know the other piece that's important on the information that we receive on the applicants who are seeking. -- seeking to work in our transportation system. we are focused on those areas right now. it was the effectiveness of this system that with built in it is very a complex vetting system. kathleen rice: well, i think it's clear after today and probably clear much earlier that we can't use that word effective at this point, in my opinion. mr. roth, i just want to ask you, you said that tsa denied credentials to 4,300 applicants who could -- who had previously
2:07 pm
been found to be ok. can you elaborate on that? do you know what i am making reference to? john roth: with regard to immigration status? kathleen rice: yes, yes. john roth: yes that is my question, how could it happen? they are basically certifying. the airport operators send the information to tsa. kathleen rice: so how is that -- how did that happen? kathleen rice: if you could do it quickly because i have a couple of other questions. john roth: that's precisely my question, how could this happen? i mean, the airports are legally responsible for ensuring immigration status, that these folks.
2:08 pm
kathleen rice: they being who? who sends that information? john roth: sorry, the airport operators. kathleen rice: the airport operators send the background information to tsa. john roth: with the certification that these folks in fact, are legally entitled to work. kathleen rice: so this is a deficiency on the part of the airport operators? roth: correct. john roth: and then what the tsa does is they take that information, they bounce it off of cis records, and that's where we found the discrepancy. kathleen rice: ok. so it's clear i -- i -- i think from what we're hearing here today, that post-9/11, 14 years post-9/11, we still have federal agencies and some. kathleen rice: how do we fix that, mr. roth?
2:09 pm
john roth: well, certainly the airports themselves under law have the obligation to certify whether or not someone meets the criminal history check. john roth: tsa is obligated to do a quality check on that. unfortunately because these aren't electronic records, they have to do a manual review. so if they do -- kathleen rice: mr. roth, i've got to tell you i think that's one of the most disturbing things that i've heard here, that airport operators are not doing their due. john roth: and i share your concern, and it's especially concerning given the fact that there are no layers of security. once you have a sida badge, that that means obviously, is concerning if we don't have a better understanding of who these airport workers are. kathleen rice: well, certainly the airport operators have to assume an enormous amount of accountability and responsibility and we have to figure out a better way. thank you, mr. roth and ms. fitzmaurice and ms. grover, and i yield back my time. >> john katko: thank you, ms.
2:10 pm
rice. the chair now recognizes mr. rogers from alabama for questions he may have. michael "mike" d. rogers: thank you, mr. chairman. mr. roth, and this could be for ms. fitzmaurice, either one, because both of you just made statements that inferred that you don't have access to. ms. fitzmaurice, you made reference a while ago that you can't do your job without access to -- to important information. so your saying that you do not? stacey fitzmaurice: so we do have access to the u.s. government's terrorist watch list data. what we are seeking access to is additional intelligence information on individuals. mr. rogers: is that an existing database that you want access to? stacey fitzmaurice: that is a database that we are seeking some automated access to be able to incorporate additional data into our automated vetting processes.
2:11 pm
mr. rogers: heretofore you've been told that you cannot have access or it's just something ya'll hadn't thought of? stacey fitzmaurice: i think that when we recognized the value of this, we've been working to pursue gaining access to this. mr. rogers: but you knew about it before now? i'm just -- i'm trying to figure out why, at this late time you're just now saying, well, we probably should have. stacey fitzmaurice: so again, i think what we have to understand is that the watch lists, which are maintained by the fbi's terrorist screening centers, are what are determined to be threats to transportation. i think what we have recognized over time through our experience in vetting individuals and understanding the additional patella just information that is contained in tide we believe we can supplement what we do by identifying individuals who may be unknown. mr. rogers: and who has control
2:12 pm
over that database now? stacey fitzmaurice: so that database that we're talking about is maintained by the nctc. mr. rogers: are they giving you any problems about access? is it just a technical issue now? are they happy to let you in on it? >> it is very complex. we have our system that is doing the analysis and getting information from the watch listing community. it is more complexity of that inter- agency coordination process that we're working through. mr. rogers and how long do you think it'll take you to work through that? stacey fitzmaurice: i am very optimistic right now. we've had frequent and ongoing discussions on this matter and i would expect that we'll be able to work through it in. mr. rogers: that's very lawyerly. stacey fitzmaurice: i'm not a lawyer, sir.
2:13 pm
mr. rogers: you sound like one. [laughter] >> just for the record, that hurts me because i'm a lawyer. mr. rogers: i'm a recovering attorney, too. that's why i know one when i see one. so 60 days? 90 days? stacey fitzmaurice: i can tell you that we are having daily conversations on this topic and even as frequent as this afternoon we'll be continuing those discussions on. mr. rogers: mr. roth, is what she just described what you were making reference to about the sida badges? john roth: somewhat. it's a little more complicated than that from our point of view. there are a number of codes that we're talking about. mr. rogers: a number of what? john roth: of codes or sort of
2:14 pm
categories of -- of individuals or names in the large tide database. now some of those are, in fact known or suspected terrorists. there are other components that they get that tsa do not get. mr. rogers: why? john roth: it is difficult to describe in an open setting. but we can certainly explain it later on, if you'd -- if you'd wish. mr. rogers: yes, i do. let me ask you, is this the first time that you've done an i.g. report on this problem? john roth: we have done reports on access badges in general, control over access badges. this is the first time though that we've done sort of a data run comparing to the terrorist databases. mr. rogers: ok, all right. do you agree with ms. fitzmaurice's characterization that the 73 people that were identified as having terrorist ties really were not a problem? john roth: we don't have any information as to the process that tsa used once we gave them
2:15 pm
those names in november of last year. i would say that the more information you have the better decisions you make. so whether or not these 73 individuals in fact did not pose a threat to terrorism doesn't mean that the system's working perfectly. mr. rogers: well, i -- my time's up. i hope one of the other members will pick up on this because i would like to know if they were not a problem, why were they not on the list in the first place? john katko: thank you, mr. rogers. the chair now recognizes mr. payne from new jersey for questioning. >> thank you, mr. chairman. and thank you to the ranking member of this committee. mr. roth, a bit of a kind of confusing element in your most recent report is how tsa's vetting process can be considered generally effective yet 73 individuals with links to terrorism were not found during the process.
2:16 pm
it seems a little contradictory. can you elaborate? john: roth certainly. and thank you for that opportunity. when we talk about generally effective, what we're talking about is the operation that the vetting unit does within tsa. they are only as good as the information they get. they do a very significant job for example they have over 2.2 million recurring vetting hits they have to review every year and that is about 6000 a day. additionally, they have to actually manually review 24,000 records a year, so that's 2,000 records a month, 500 records a week, to, you know, look at. -- to look at potential hits from the database to see whether or not these are the individuals who are listed on the database itself. they do a good job with the information that they have, but again what we had said is that , we uncovered a vulnerability wishes they do not have all of
2:17 pm
the information they needed to do their job. mr. payne: so basically with the volume, if it was other than an issue of terrorism it would be considered not that bad, but you know, the potential 73 individuals you only need one to have -- john roth: that is the nature of the threat that tsa faces. it's an asymmetric threat that all it takes is one and they have to be right every single time. mr. payne: your report acknowledges passport numbers and social security numbers are being a strong -- being strong matching elements, yet neither is required during the application process. and your view, can tsa identify risks if such elements are discounted? john roth: i think it makes their job more difficult. one of the things with regard, for example, the social security numbers, that's probably the best identifier.
2:18 pm
as far as an individual being able to match an applicant off of the database. unfortunately, the privacy act which has some exemptions, does not exempt tsa from requiring sida badge applicants to have the social security number. and that is something that i think would be a useful thing to have. mr. payne: ok. and ms. fitzmaurice, during the q&a with the -- the members up here, what leverage do we have with the airport operators if if they are not complying and giving the information? i believe you said there is a lapse with the operators doing that job. what leverage do we have to make sure they are compliant? stacey fitzmaurice: so, you know, before we get to the compliance piece, i think what is important is us working closely with the airport
2:19 pm
operators to identify the areas for improvement and put out guidance on how we can do that and work with them and ensure we have a robust compliance mechanism to go back and review and ensure they are doing that. and take corrective actions if we continue to find they are not complying with that. mr. payne: and what -- what would those corrective actions consist of if, you know, we're -- we're having -- you know, obviously, continued issues around to them getting to be. what leverage do we have and if they are falling short? stacey fitzmaurice: sure, well we do have formal security programs with all of the airports that they are required to comply with and we have inspectors to go out and review against the requirements. i am not intimately knowledgeable of whether there
2:20 pm
are issues of noncompliance but happy to follow up with you on that. mr. payne: ok, and what -- what can we do to strengthen the relationship tsa has with the airports to ensure accuracy of the data from potential and current aviation workers? stacey fitzmaurice: yes, thank you. so, you know, we continuously look at this and we -- again, we concur with the recommendations that the oig has made in this area going back to 2012 and we have been making improvements and putting in systems logic so that people reject information that may be in accurate. we've also added automation to allowed upload identity documents to be able to review. but looking forward, i think there are continued opportunities, and one of the things that we're looking at is further automation in this process. so the way the information comes from the airport operators through channelers to us is
2:21 pm
through both automated and some manual processes and we are looking to be fully automated process that will reduce the opportunity for further a role to be submitted. -- erroneous information to be submitted. mr. payne: thank you, and i yield back, mr. chairman. john katko: thank you, mr. payne. the chair now recognizes mr. ratcliffe from texas for questioning. john ratcliffe: thank you chairman katko, and ranking member rice for holding yet another hearing on this matter. i have to say, though, that this feels a little bit like the movie groundhog day where the same things keep happening. inspector general roth, you're back here again as you were previously. we've had several hearings on this matter before this subcommittee on security. in april we had the vendor tsa administrator talking about the steps taken to make airport and employee screening more secure but earlier this month, we had the report about officials being
2:22 pm
able to get banned items through security checkpoints 95% of the time. and now inspector general, we have your report revealing tsa failed to identify the 73 active workers with links to terrorism as citing a lack of effective controls in your report. in your report, you conclude that with this statement "with our recent report we add another vulnerability that tsa must now address." and i agree. tsa does the two a dress of these issues. as chairman mccaul noted, it's now been almost 14 years since 9/11 and, unfortunately, some of what i've seen in your report calls to mind the troubling pre-9/11 trend we had. and i know you are a former justice department official and former united states attorney
2:23 pm
and as you know, we had problems with intelligence and law enforcement. we are not sharing information and connecting dots. but we had an excuse back then, the law did not allow it. now will change it. and. want to ask -- and so i want to ask you about -- about your report because you say that tsa didn't identify these 73 individuals with link to terrorism because tsa is not clear to receive all categories under the interagency guidance. did i perceive that accurately? john roth: yes, sir. john ratcliffe: ok, and you talk a little bit about this with -- with congressman rogers, but i'm not real clear. is this a situation where we need to change the law? john roth: it may very well be. my suggestion would be to allow tsa to deal with odni, the office of national intelligence, and determine whether or not
2:24 pm
they will have access to the information. if not, it might require a change in the law. information sharing is critical in this area. even if there's information within the tide database that is unsubstantiated. it is still useful for individuals doing a manual review of someone who will have unfettered access to areas in the airport. what is very troubling both about this sort of tide database as well as the criminal history checks is that tsa is being treated for all intensive purposes as if they were a walmart. an individual holding a badge for recurring criminal history checks stand in lines a walmart to determine there will be a criminal history check. john ratcliffe: ok, well, just let me -- let me ask you about that because we've talked a little bit about that in your testimony, you talk about the fact that airport operators review the histories for new applicants for badges insecure areas.
2:25 pm
that tsa and the airports are not legally authorized to conduct concurrent criminal histories vetting, is that correct? john roth: that's correct. john ratcliffe: ok, so currently, then, how do tsa and the airports know if an employee has committed a crime during their tenure at the airport? john roth: that's the -- that's the difficulty of it, and that's why tsa is providing this rat pack program a pilot program , that they're going to start at the end of the year to get continuous vetting. as far as the current conditions, that is a vulnerability. john ratcliffe: ok, so is -- but is tsa, right now are they -- are they checking or do they have the ability to check against the marshal service wants and warrants? stacey fitzmaurice: yes, we do check against the open wants and list marshal service.
2:26 pm
john ratcliffe: ok, but that list doesn't include all disqualifying crimes, correct? stacey fitzmaurice: that is correct. what's really critical here is getting access to the rat pack capability. john ratcliffe: ok, i see that my time's expired so i yield back. john katko: thank you, mr. ratcliffe. i now recognize the gentleman from massachusetts, mr. keating, for five minutes of questioning. bill keating: thank you, mr. chairman. mr. ratcliffe mentioned this reminded him of the movie "groundhog day." it also reminds me of the leonardo dicaprio movie, "catch me if you can." we had a hearing of the oversight committee, which i was ranking on at the time, at logan airport several years ago. i just want to follow up and -- and say if you have noncompliance by the municipal airport, what can you do about it?
2:27 pm
i mean, we found holes in fences. perimeters not to being looked at. and nothing was done. there was no enforcement over those airports all you ever run airport authority. we're seeing now in -- in testimony this morning that when you're reviewing some of the employment vetting that's there that you early doing 1% and you're finding mistakes that do not come forward with. yet, how is that follow up? what are they threatened with for that? it seems like a basic jurisdictional issue besides information sharing. federal agencies that are not helping each other are giving each other information they should be. and a change in law. yet what are you doing with municipalities?
2:28 pm
now, ms. fitzmaurice, there was an effort on the part of tsa to take the exit lanes in that inner security. and to move the of authority away from tsa and give it to local, give the local responsibility to local employees. given was was discussed this morning, is it fair to say that is officially dead? are you going to stop pushing that effort to get rid of tsa employees and replace them with municipal airport employees or authority of the airport? are you aware of what that effort has been in the last couple of years trying to shift the responsibility? stacey fitzmaurice: i want to make sure that i'm responsive and i -- i understand your question. you're -- you're asking whether we would take back the responsibility of the airport workers? bill keating: no, no.
2:29 pm
you've been asking the airports over the last couple of years to shift the responsibility -- take the responsibility with -- they are putting their employees in that exit lane out of the airports in which many airports with people coming in. and that has been delayed i think probably because members of the committee expressed concern. is it fair to say, given what we've heard this morning, that that's not going to be pursued anymore? stacey fitzmaurice: you know, i -- i apologize; i don't have an answer for you on that. i'll have to get back to you. mr. keating: also, when we're looking at the number studies. although vulnerability study and physical aspects, we found that it is less than 3% of the airport being reviewed. this morning, we found only 1%. we also know that the airports they are not doing their jobs either, too many of them. we have lapses all the way through.
2:30 pm
what i was hoping to ask mr. roth do you think there's a need to have more accountability and a better need to enforce the operations of airport authorities as well? they can look at the recommendations and what has been found and we are not even clear anything is done. other than they can shrug their shoulders as they did with perimeter security essay we do not have the resources for this. i just don't want to see a situation where we have a tragedy and, you know, the federal government's pointing their finger at municipal airports or authorities and the authorities are pointing at the federal government. all pointing to the fingers. finger-pointing is dangerous and going to get us nowhere. and that is what we've been dealing with now the last few years. so how could -- do you think there's a need to put teeth in -- in what the tsa can do.
2:31 pm
with airports? john roth: you raise a good point. and we haven't actually done any work on that, but it's certainly something that we'd be willing to consider, which is irrespective of whether tsa follows up and finds whether officials are doing the criminal history checks they need to. when they find a compliance what do they do? unfortunately, i don't have the answer to that question, but you raise a very good question. bill keating: i have the answer when it comes to vulnerability studies, and it's a toothless grin. nothing. so let's find out here and put some teeth in what we're. i yield back, mr. chairman. john katko: thank you, mr. keating. the chair now recognizes mr. carter from georgia for five minutes of questioning. mr. carter: thank you, mr. chairman. i appreciate your leadership in this most disturbing situation we find ourselves in. mr. roth, i read your report and i appreciate it very much, but there were several things in your report that were very disturbing to me, very disturbing. first of all, it's my
2:32 pm
understanding that security credentials are being given to individuals regardless of their worker authorization dates. is that correct? john roth: that's correct. what we had found was, in fact, let's say you were authorized to work for 18 months, you would get a security badge that would not turn off at the determination of your end to work. mr. carter: so what you're telling me is that we might have people, and we may have people, we probably do have people who are walking around, unescorted in our airports and secure areas who are here illegally? john roth: who do not have authorization to work, yes. we identified that as a vulnerability. mr. carter: you know, certainly -- certainly we have these people's social security numbers, correct? john roth: i'm sorry, i missed the question. mr. carter: certainly we have these people's social security numbers, we have that? john roth: we do not. no.
2:33 pm
mr. carter: whoa, whoa, whoa, we do not. so you're telling me we've got people walking around unescorted in secure areas in our airports and we don't even have. -- have their social security numbers. john roth: that's correct. we did a scrub of the data and found a number of areas in which they don't have their passports or social security numbers. mr. carter: holy cow. ms. fitzmaurice, the report and the inspector general's investigation found that we had thousands of incomplete or in accurate and biographical information. could you give me the initial of your first name? s. now i've got three minutes left to ask questions here. do you think i can guess your first name in that three minutes? and my point is simply this -- we have applications that only have the first initial of the first name? stacey fitzmaurice: that is correct.
2:34 pm
mr. carter: does -- does that scare you? stacey fitzmaurice: so i think we are absolutely looking at and concerned with where we have erroneous and missing information, and we are taking actions, we have already. -- already implemented logic. mr. carter: and i appreciate that, ms. fitzmaurice, i really do. but look, i'm from georgia and i travel at least once, usually twice through the busiest airport in the world. and to think that we may have people walking around in that airport who we don't even know what their name is. we do not other social security number. isn't that something -- look. i am ok. i am confident i can take care of myself to a certain extent. my youngest son's coming up to dana went to make sure he is ok. my middle son's coming up tomorrow. isn't this something that should be taken care of immediately immediately?
2:35 pm
stacey fitzmaurice: yes, and we are taking actions immediately to work on continued improvements to -- to improve the data quality for the vetting systems. mr. carter: i -- i just can't believe that in the world's busiest airport, in atlanta hartsfield-jackson airport, that we could have people walking around unescorted. in secure areas and that airport where we do not know their social security numbers and we do not know their names. and that's something that we're sitting here talking about? you ought to be on the phone right now, stop, we've got to figure this out. i -- i -- i just -- i'm appalled at this. and mr. roth, i appreciate the efforts here and i appreciate all the efforts of all of you, but we need to take care of this admittedly. mr. chairman, i yield. john katko: well, thank you, mr. carter. and i think the committee shares


info Stream Only

Uploaded by TV Archive on