GAO-08-194T, Terrorist Watch List Screening: Recommendations to Enhance Management Oversight, Reduce Potential Screening Vulnerabilities, and Expand Use of the List


This is the accessible text file for GAO report number GAO-08-194T 
entitled 'Terrorist Watch List Screening: Recommendations to Enhance 
Management Oversight, Reduce Potential Screening Vulnerabilities, and 
Expand Use of the List' which was released on October 24, 2007. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Testimony before the Committee on Homeland Security and Governmental 
Affairs, U.S. Senate: 

United States Government Accountability Office: 

GAO: 

For Release on Delivery Expected at 10:00 a.m. EDT: 

Wednesday, October 24, 2007: 

Terrorist Watch List Screening: 

Recommendations to Enhance Management Oversight, Reduce Potential 
Screening Vulnerabilities, and Expand Use of the List: 

Statement of Eileen R. Larence, Director Homeland Security and Justice 
Issues: 

GAO-08-194T: 

GAO Highlights: 

Highlights of GAO-08-194T, a testimony before the Committee on Homeland 
Security and Governmental Affairs, United States Senate. 

Why GAO Did This Study: 

The Federal Bureau of Investigation’s (FBI) Terrorist Screening Center 
(TSC) maintains a consolidated watch list of known or appropriately 
suspected terrorists and sends records from the list to agencies to 
support terrorism-related screening. 

This testimony discusses (1) standards for including individuals on the 
list, (2) the outcomes of encounters with individuals on the list, (3) 
potential vulnerabilities in screening processes and efforts to address 
them, and (4) actions taken to promote effective terrorism-related 
screening. 

This statement is based on GAO’s report (GAO-08-110) being released at 
this hearing. To accomplish the objectives, GAO reviewed documentation 
obtained from and interviewed officials at TSC, the FBI, the National 
Counterterrorism Center, the Department of Homeland Security, and other 
agencies that perform terrorism-related screening. 

What GAO Found: 

The FBI and the intelligence community use standards of reasonableness 
to evaluate individuals for nomination to the consolidated terrorist 
watch list. In general, individuals who are reasonably suspected of 
having possible links to terrorism—in addition to individuals with 
known links—are to be nominated. As such, being on the list does not 
automatically prohibit, for example, the issuance of a visa or entry 
into the United States. Rather, when an individual on the list is 
encountered, agency officials are to assess the threat the person poses 
to determine what action to take, if any. As of May 2007, the 
consolidated watch list contained approximately 755,000 records. 

From December 2003 through May 2007, screening and law enforcement 
agencies encountered individuals who were positively matched to watch 
list records approximately 53,000 times. Many individuals were matched 
multiple times. The outcomes of these encounters reflect an array of 
actions, such as arrests; denials of entry into the United States; and, 
most often, questioning and release. Within the federal community, 
there is general agreement that the watch list has helped to combat 
terrorism by (1) providing screening and law enforcement agencies with 
information to help them respond appropriately during encounters and 
(2) helping law enforcement and intelligence agencies track individuals 
on the watch list and collect information about them for use in 
conducting investigations and in assessing threats. 

Regarding potential vulnerabilities, TSC sends records daily from the 
watch list to screening agencies. However, some records are not sent, 
partly because screening against them may not be needed to support the 
respective agency’s mission or may not be possible due to the 
requirements of computer programs used to check individuals against 
watch list records. Also, some subjects of watch list records have 
passed undetected through agency screening processes and were not 
identified, for example, until after they had boarded and flew on an 
aircraft or were processed at a port of entry and admitted into the 
United States. TSC and other federal agencies have ongoing initiatives 
to help reduce these potential vulnerabilities, including efforts to 
improve computerized name-matching programs and the quality of watch 
list data. 

Although the federal government has made progress in promoting 
effective terrorism-related screening, additional screening 
opportunities remain untapped—within the federal sector, as well as 
within critical infrastructure components of the private sector. This 
situation exists partly because the government lacks an up-to-date 
strategy and implementation plan for optimizing use of the terrorist 
watch list. Also lacking are clear lines of authority and 
responsibility. An up-to-date strategy and implementation plan, 
supported by a clearly defined leadership or governance structure, 
would provide a platform to establish governmentwide screening 
priorities, assess progress toward policy goals and intended outcomes, 
consider factors related to privacy and civil liberties, ensure that 
any needed changes are implemented, and respond to issues that hinder 
effectiveness. 

What GAO Recommends: 

GAO recommends several actions to promote a comprehensive and 
coordinated approach to terrorist-related screening. Among them are 
actions to monitor and respond to vulnerabilities and to establish up-
to-date guidelines, strategies, and plans to facilitate expanded and 
enhanced use of the list. 

The departments that provided comments on the report generally agreed 
with GAO’s findings and recommendations. 

To view the full product, including the scope and methodology, click on 
[hyperlink, http://wwww.GAO-08-194T]. For more information, contact 
Eileen Larence at (202) 512-8777 or larencee@gao.gov. 

[End of section] 

Mr. Chairman and Members of the Committee: 

I am pleased to be here today to discuss our report on U.S. efforts to 
develop and use the terrorist watch list to screen for known or 
suspected terrorists who pose a threat to homeland security. The list 
is an important tool in the government's overall efforts to combat 
terrorism. 

The Terrorist Screening Center (TSC) is responsible for maintaining the 
watch list and providing for its use during agency screening processes. 
TSC receives the vast majority of its watch list records from the 
National Counterterrorism Center, which compiles information on known 
or suspected international terrorists from executive branch departments 
and agencies. In addition, the Federal Bureau of Investigation (FBI) 
provides TSC with information on known or suspected domestic terrorists 
who operate primarily within the United States, such as Ted Kaczynski 
(the "Unabomber"). TSC consolidates this information into its watch 
list database and makes records available for a variety of screening 
purposes, such as the screening of visa applicants and the screening of 
airline passengers. When an individual on the watch list is encountered 
during screening, several entities--TSC, the screening agency, 
investigative agencies, and the intelligence community--can be involved 
in deciding what action to take, if any. 

My testimony today discusses (1) the standards agencies use for 
including individuals on the list, (2) the outcomes of encounters with 
individuals on the list, (3) potential vulnerabilities in agencies' 
watch list screening processes and efforts to address them, and (4) 
actions taken to promote effective terrorism-related screening. 

This statement is based on the report we released today.[Footnote 1] To 
accomplish our report objectives, we reviewed procedural guidance, 
statistics, and other relevant documentation obtained from and 
interviewed officials at TSC, the FBI, the National Counterterrorism 
Center, the Department of Homeland Security, and other agencies that 
perform terrorism-related screening. Specifically, at the 
Transportation Security Administration, we examined the prescreening of 
airline passengers prior to their boarding a flight; at U.S. Customs 
and Border Protection, we examined the screening of travelers entering 
the United States through ports of entry; and at the Department of 
State, we examined the screening of visa applicants. We conducted our 
work in accordance with generally accepted government auditing 
standards. 

Summary: 

In summary, we found the following: 

* The National Counterterrorism Center and the FBI rely upon standards 
of reasonableness in determining which individuals are appropriate for 
inclusion on TSC's consolidated terrorist watch list. In general, 
individuals who are reasonably suspected of having possible links to 
terrorism--in addition to individuals with known links--are to be 
nominated. As such, inclusion on the list does not automatically 
prohibit an individual from, for example, obtaining a visa or entering 
the United States. As of May 2007, TSC's watch list contained 
approximately 755,000 records. 

* From December 2003 (when TSC began operations) through May 2007, 
agencies encountered individuals who were on the watch list about 
53,000 times. Many individuals were encountered multiple times. Actions 
taken in response included arresting individuals and denying others 
entry into the United States. Most often, however, agencies questioned 
and then released the individuals because there was not sufficient 
evidence of criminal or terrorist activity to warrant further legal 
action. Nevertheless, such questioning allowed agencies to collect 
information on the individuals, which was shared with law enforcement 
agencies and the intelligence community. 

* Screening agencies do not check against all records in the 
consolidated watch list, partly because screening against certain 
records (1) may not be needed to support the respective agency's 
mission or (2) may not be possible due to the requirements of computer 
programs used to check individuals against watch list records. Not 
checking against all records may pose a security risk. Also, some 
subjects of watch list records have passed undetected through agency 
screening processes and were not identified, for example, until after 
they had boarded and flew on an aircraft. Federal agencies have ongoing 
initiatives to help reduce these potential vulnerabilities. 

* The federal government has made progress in using the consolidated 
watch list for screening purposes, but it has not (1) finalized 
guidelines for using watch list records within critical infrastructure 
components of the private sector or (2) identified all appropriate 
opportunities for which terrorist-related screening should be applied. 
Further, the government lacks an up-to-date strategy and implementation 
plan--supported by a clearly defined leadership or governance 
structure--which are important for enhancing the effectiveness of 
terrorist-related screening. 

We have recommended several actions to promote a more comprehensive and 
coordinated approach to terrorist-related screening. Among them are 
actions to monitor and respond to vulnerabilities and to establish up- 
to-date guidelines, strategies, and plans to facilitate expanded and 
enhanced use of the list. The Department of Homeland Security and the 
FBI, which provided the Department of Justice's comments on a draft of 
the report, generally agreed with our findings and recommendations. The 
Homeland Security Council was provided a draft of the report but did 
not provide comments.[Footnote 2] 

Background: 

Pursuant to Homeland Security Presidential Directive 6, the Attorney 
General established TSC in September 2003 to consolidate the 
government's approach to terrorism screening and provide for the 
appropriate and lawful use of terrorist information in screening 
processes. TSC's consolidated watch list is the U.S. government's 
master repository for all records of known or appropriately suspected 
international and domestic terrorists used for watch list-related 
screening. 

When an individual makes an airline reservation, arrives at a U.S. port 
of entry, or applies for a U.S. visa, or is stopped by state or local 
police within the United States, the frontline screening agency or 
airline conducts a name-based search of the individual against 
applicable terrorist watch list records. In general, when the 
computerized name-matching system of an airline or screening agency 
generates a "hit" (a potential name match) against a watch list record, 
the airline or agency is to review each potential match. Any obvious 
mismatches (negative matches) are to be resolved by the airline or 
agency, if possible, as discussed in our September 2006 report on 
terrorist watch list screening.[Footnote 3] However, clearly positive 
or exact matches and matches that are inconclusive (difficult to 
verify) generally are to be referred to TSC to confirm whether the 
individual is a match to the watch list record. TSC is to refer 
positive and inconclusive matches to the FBI to provide an opportunity 
for a counterterrorism response. Deciding what action to take, if any, 
can involve collaboration among the frontline screening agency, the 
National Counterterrorism Center or other intelligence community 
members, and the FBI or other investigative agencies. If necessary, a 
member of an FBI Joint Terrorism Task Force can respond in person to 
interview and obtain additional information about the person 
encountered.[Footnote 4] In other cases, the FBI will rely on the 
screening agency and other law enforcement agencies--such as U.S. 
Immigration and Customs Enforcement--to respond and collect 
information. Figure 1 presents a general overview of the process used 
to resolve encounters with individuals on the terrorist watch list. 

Figure 1: General Overview of the Process Used to Resolve Encounters 
with Individuals on the Terrorist Watch List: 

This figure is a chart with illustrations showing a general overview of 
the process used to resolve encounters with individuals on the 
terrorist watch list. 

[See PDF for image] 

Source: GAO analysis of TSC information. 

[End of figure] 

To build upon and provide additional guidance related to Homeland 
Security Presidential Directive 6, in August 2004, the President signed 
Homeland Security Presidential Directive 11. Among other things, this 
directive required the Secretary of Homeland Security--in coordination 
with the heads of appropriate federal departments and agencies--to 
submit two reports to the President (through the Assistant to the 
President for Homeland Security) related to the government's approach 
to terrorist-related screening. The first report was to outline a 
strategy to enhance the effectiveness of terrorist-related screening 
activities by developing comprehensive and coordinated procedures and 
capabilities. The second report was to provide a prioritized investment 
and implementation plan for detecting and interdicting suspected 
terrorists and terrorist activities. Specifically, the plan was to 
describe the "scope, governance, principles, outcomes, milestones, 
training objectives, metrics, costs, and schedule of activities" to 
implement the U.S. government's terrorism-related screening policies. 

Agencies Rely upon Standards of Reasonableness in Assessing Individuals 
for Inclusion on TSC's Watch List: 

The National Counterterrorism Center and the FBI rely upon standards of 
reasonableness in determining which individuals are appropriate for 
inclusion on TSC's consolidated watch list.[Footnote 5] In accordance 
with Homeland Security Presidential Directive 6, TSC's watch list is to 
contain information about individuals "known or appropriately suspected 
to be or have been engaged in conduct constituting, in preparation for, 
in aid of, or related to terrorism." In implementing this directive, 
the National Counterterrorism Center and the FBI strive to ensure that 
individuals who are reasonably suspected of having possible links to 
terrorism--in addition to individuals with known links--are nominated 
for inclusion on the watch list. To determine if the suspicions are 
reasonable, the National Counterterrorism Center and the FBI are to 
assess all available information on the individual. According to the 
National Counterterrorism Center, determining whether to nominate an 
individual can involve some level of subjectivity. Nonetheless, any 
individual reasonably suspected of having links to terrorist activities 
is to be nominated to the list and remain on it until the FBI or the 
agency that supplied the information supporting the nomination, such as 
one of the intelligence agencies, determines the person is not a threat 
and should be removed from the list. 

Moreover, according to the FBI, individuals who are subjects of ongoing 
FBI counterterrorism investigations are generally nominated to TSC for 
inclusion on the watch list, including persons who are being 
preliminarily investigated to determine if they have links to 
terrorism. In determining whether to open an investigation, the FBI 
uses guidelines established by the Attorney General. These guidelines 
contain specific standards for opening investigations, including formal 
review and approval processes. According to FBI officials, there must 
be a "reasonable indication" of involvement in terrorism before opening 
an investigation. The FBI noted, for example, that it is not sufficient 
to open an investigation based solely on a neighbor's complaint or an 
anonymous tip or phone call. If an investigation does not establish a 
terrorism link, the FBI generally is to close the investigation and 
request that TSC remove the person from the watch list. Based on these 
standards, the number of records in TSC's consolidated watch list has 
increased from about 158,000 records in June 2004 to about 755,000 
records as of May 2007 (see fig. 2). It is important to note that the 
total number of records in TSC's watch list does not represent the 
total number of individuals on the watch list. Rather, if an individual 
has one or more known aliases, the watch list will contain multiple 
records for the same individual. 

Figure 2: Increase in Terrorist Watch List Records, June 2004 through 
May 2007: 

This is a line graph showing the increase in terrorist watch list 
records, between June of 2004 through May of 2007. 

[See PDF for image] 

Source: GAO analysis of TSC data. 

[End of figure] 

TSC's watch list database is updated daily with new nominations, 
modifications to existing records, and deletions. Because individuals 
can be added to the list based on reasonable suspicion, inclusion on 
the list does not automatically prohibit an individual from, for 
example, obtaining a visa or entering the United States when the person 
is identified by a screening agency. Rather, when an individual on the 
list is encountered, agency officials are to assess the threat the 
person poses to determine what action to take, if any. 

Agencies Have Had Approximately 53,000 Encounters with Individuals on 
the Watch List, and Outcomes Indicate the List Has Helped to Combat 
Terrorism: 

From December 2003 (when TSC began operations) through May 2007, 
screening and law enforcement agencies encountered individuals who were 
positively matched to watch list records approximately 53,000 times, 
according TSC data. A breakdown of these encounters shows that the 
number of matches has increased each year--from 4,876 during the first 
10-month period of TSC's operations to 14,938 during fiscal year 2005, 
to 19,887 during fiscal year 2006. This increase can be attributed 
partly to the growth in the number of records in the consolidated 
terrorist watch list and partly to the increase in the number of 
agencies that use the list for screening purposes. Our analysis of TSC 
data also indicates that many individuals were encountered multiple 
times. For example, a truck driver who regularly crossed the U.S.- 
Canada border or an individual who frequently took international 
flights could each account for multiple encounters. Further, TSC data 
show that the highest percentage of encounters involved screening 
within the United States by a state or local law enforcement agency, 
U.S. government investigative agency, or other governmental entity. The 
next highest percentage involved border-related encounters, such as 
passengers on airline flights inbound from outside the United States or 
individuals screened at land ports of entry. The lowest percentage of 
encounters occurred outside of the United States. 

* The watch list has enhanced the U.S. government's counterterrorism 
efforts by allowing federal, state, and local screening and law 
enforcement officials to obtain information to help them make better- 
informed decisions during encounters regarding the level of threat a 
person poses and the appropriate response to take, if any. The specific 
outcomes of encounters with individuals on the watch list are based on 
the government's overall assessment of the intelligence and 
investigative information that supports the watch list record and any 
additional information that may be obtained during the encounter. Our 
analysis of data on the outcomes of encounters revealed that agencies 
took a range of actions, such as arresting individuals, denying others 
entry into the United States, and most commonly, releasing the 
individuals following questioning and information gathering. 

* TSC data show that agencies reported arresting many subjects of watch 
list records for various reasons, such as the individual having an 
outstanding arrest warrant or the individual's behavior or actions 
during the encounter. TSC data also indicated that some of the arrests 
were based on terrorism grounds. 

* TSC data show that when visa applicants were positively matched to 
terrorist watch list records, the outcomes included visas denied, visas 
issued (because the consular officer did not find any statutory basis 
for inadmissibility), and visa ineligibility waived.[Footnote 6] 

* Transportation Security Administration data show that when airline 
passengers were positively matched to the No Fly or Selectee lists, the 
vast majority of matches were to the Selectee list.[Footnote 7] Other 
outcomes included individuals matched to the No Fly list and denied 
boarding (did not fly) and individuals matched to the No Fly list after 
the aircraft was in flight. Additional information on individuals on 
the watch list passing undetected through agency screening is presented 
later in this statement. 

* U.S. Customs and Border Protection data show that a number of 
nonimmigrant aliens encountered at U.S. ports of entry were positively 
matched to terrorist watch list records. For many of the encounters, 
the agency determined there was sufficient information related to watch 
list records to preclude admission under terrorism grounds. However, 
for most of the encounters, the agency determined that there was not 
sufficient information related to the records to preclude admission. 

* TSC data show that state or local law enforcement officials have 
encountered individuals who were positively matched to terrorist watch 
list records thousands of times. Although data on the actual outcomes 
of these encounters were not available, the vast majority involved 
watch list records that indicated that the individuals were released, 
unless there were reasons other than terrorism-related grounds for 
arresting or detaining the individuals, such as the individual having 
an outstanding arrest warrant. 

Also, according to federal officials, encounters with individuals who 
were positively matched to the watch list assisted government efforts 
in tracking the respective person's movements or activities and 
provided the opportunity to collect additional information about the 
individual. The information collected was shared with agents conducting 
counterterrorism investigations and with the intelligence community for 
use in analyzing threats. Such coordinated collection of information 
for use in investigations and threat analyses is one of the stated 
policy objectives for the watch list. 

Potential Vulnerabilities in Agency Screening Processes and Agency 
Efforts to Address Them: 

The principal screening agencies whose missions most frequently and 
directly involve interactions with travelers do not check against all 
records in TSC's consolidated watch list because screening against 
certain records (1) may not be needed to support the respective 
agency's mission, (2) may not be possible due to the requirements of 
computer programs used to check individuals against watch list records, 
or (3) may not be operationally feasible. Rather, each day, TSC exports 
applicable records from the consolidated watch list to federal 
government databases that agencies use to screen individuals for 
mission-related concerns. For example, the database that U.S. Customs 
and Border Protection uses to check incoming travelers for immigration 
violations, criminal histories, and other matters contained the highest 
percentage of watch list records as of May 2007. This is because its 
mission is to screen all travelers, including U.S. citizens, entering 
the United States at ports of entry. The database that the Department 
of State uses to screen applicants for visas contained the second 
highest percentage of all watch list records. This database does not 
include records on U.S. citizens and lawful permanent residents because 
these individuals would not apply for U.S. visas. 

The FBI database that state and local law enforcement agencies use for 
screening contained the third highest percentage of watch list records. 
According to the FBI, the remaining records were not included in this 
database primarily because they did not contain sufficient identifying 
information on the individual, which is required to minimize instances 
of individuals being misidentified as being subjects of watch list 
records. Further, the No Fly and Selectee lists disseminated by the 
Transportation Security Administration to airlines for use in 
prescreening passengers contained the lowest percentage of watch list 
records. The lists did not contain the remaining records either because 
they (1) did not meet the nomination criteria for the No Fly or 
Selectee list or (2) did not contain sufficient identifying information 
on the individual.[Footnote 8] According to the Department of Homeland 
Security, increasing the number of records used to prescreen passengers 
would expand the number of misidentifications to unjustifiable 
proportions without a measurable increase in security. While we 
understand the FBI's and the Department of Homeland Security's concerns 
about misidentifications, we still believe it is important that federal 
officials assess the extent to which security risks exist by not 
screening against certain watch list records and what actions, if any, 
should be taken in response. 

Also, Department of Homeland Security component agencies are taking 
steps to address instances of individuals on the watch list passing 
undetected through agency screening. For example, U.S. Customs and 
Border Protection has encountered situations where it identified the 
subject of a watch list record after the individual had been processed 
at a port of entry and admitted into the United States. U.S. Customs 
and Border Protection has created a working group within the agency to 
study the causes of this vulnerability and has begun to implement 
corrective actions. U.S. Citizenship and Immigration Services--the 
agency responsible for screening persons who apply for U.S. citizenship 
or immigration benefits--has also acknowledged areas that need 
improvement in the processes used to detect subjects of watch list 
records. According to agency representatives, each instance of an 
individual on the watch list getting through agency screening is 
reviewed to determine the cause, with appropriate follow-up and 
corrective action taken, if needed. The agency is also working with TSC 
to enhance screening effectiveness. 

Further, Transportation Security Administration data show that in the 
past, a number of individuals who were on the government's No Fly list 
passed undetected through airlines' prescreening of passengers and flew 
on international flights bound to or from the United States. The 
individuals were subsequently identified in-flight by U.S. Customs and 
Border Protection, which checks passenger names against watch list 
records to help the agency prepare for the passengers' arrival in the 
United States. However, the potential onboard security threats posed by 
the undetected individuals required an immediate counterterrorism 
response, which in some instances resulted in diverting the aircraft to 
a new location.[Footnote 9] According to the Transportation Security 
Administration, such incidents were subsequently investigated and, if 
needed, corrective action was taken with the respective air carrier. In 
addition, U.S. Customs and Border Protection has issued a final rule 
that should better position the government to identify individuals on 
the No Fly list before an international flight is airborne.[Footnote 
10] For domestic flights within the United States, there is no second 
screening opportunity--like the one U.S. Customs and Border Protection 
conducts for international flights. The government plans to take over 
from air carriers the function of prescreening passengers prior to 
departure against watch list records for both international and 
domestic flights. Also, TSC has ongoing initiatives to help reduce 
instances of individuals on the watch list passing undetected through 
agency screening, including efforts to improve computerized name- 
matching programs. 

The U.S. Government Has Made Progress in Using the Watch List, but a 
Strategy and Plan Supported by a Governance Structure Would Enhance Use 
and Effectiveness: 

Although the federal government has made progress in using the 
consolidated watch list for screening purposes, additional 
opportunities exist for using the list. Internationally, the Department 
of State has made progress in making bilateral arrangements to share 
terrorist screening information with certain foreign governments. The 
department had two such arrangements in place before September 11, 
2001. More recently, the department has made four new arrangements and 
is in negotiations with several other countries. 

Also, the Department of Homeland Security has made progress in using 
watch list records to screen employees in some critical infrastructure 
components of the private sector, including certain individuals who 
have access to vital areas of nuclear power plants, work in airports, 
or transport hazardous materials. However, many critical infrastructure 
components are not using watch list records. The Department of Homeland 
Security has not, consistent with Homeland Security Presidential 
Directive 6, finalized guidelines to support private sector screening 
processes that have a substantial bearing on homeland security. 
Finalizing such guidelines would help both the private sector and the 
Department of Homeland Security ensure that private sector entities are 
using watch list records consistently, appropriately, and effectively 
to protect their workers, visitors, and key critical assets. Further, 
federal departments and agencies have not identified all appropriate 
opportunities for which terrorist-related screening will be applied, in 
accordance with presidential directives. 

A primary reason why screening opportunities remain untapped is because 
the government lacks an up-to-date strategy and implementation plan-- 
supported by a clearly defined leadership or governance structure--for 
enhancing the effectiveness of terrorist-related screening, consistent 
with presidential directives. Without an up-to-date strategy and plan, 
agencies and organizations that conduct terrorist-related screening 
activities do not have a foundation for a coordinated approach that is 
driven by an articulated set of core principles. Furthermore, lacking 
clearly articulated principles, milestones, and outcome measures, the 
federal government is not easily able to provide accountability and a 
basis for monitoring to ensure that (1) the intended goals for, and 
expected results of, terrorist screening are being achieved and (2) use 
of the list is consistent with privacy and civil liberties. These plan 
elements, which were prescribed by presidential directives, are crucial 
for coordinated and comprehensive use of terrorist-related screening 
data, as they provide a platform to establish governmentwide priorities 
for screening, assess progress toward policy goals and intended 
outcomes, ensure that any needed changes are implemented, and respond 
to issues that hinder effectiveness. 

Although all elements of a strategy and implementation plan cited in 
presidential directives are important to guide realization of the most 
effective use of watch list data, addressing governance is particularly 
vital, as achievement of a coordinated and comprehensive approach to 
terrorist-related screening involves numerous entities within and 
outside the federal government. However, no clear lines of 
responsibility and authority have been established to monitor 
governmentwide screening activities for shared problems and solutions 
or best practices. Neither does any existing entity clearly have the 
requisite authority for addressing various governmentwide issues--such 
as assessing common gaps or vulnerabilities in screening processes and 
identifying, prioritizing, and implementing new screening 
opportunities. Thus, it is important that the Assistant to the 
President for Homeland Security and Counterterrorism address these 
deficiencies by ensuring that an appropriate governance structure has 
clear and adequate responsibility and authority to (a) provide 
monitoring and analysis of watch list screening efforts governmentwide, 
(b) respond to issues that hinder effectiveness, and (c) assess 
progress toward intended outcomes. 

Conclusions and Recommendations for Executive Action: 

Managed by TSC, the consolidated terrorist watch list represents a 
major step forward from the pre-September 11 environment of multiple, 
disconnected, and incomplete watch lists throughout the government. 
Today, the watch list is an integral component of the U.S. government's 
counterterrorism efforts. However, our work indicates that there are 
additional opportunities for reducing potential screening 
vulnerabilities, expanding use of the watch list, and enhancing 
management oversight. Thus, we have made several recommendations to the 
heads of relevant departments and agencies. Our recommendations are 
intended to help (1) mitigate security vulnerabilities in terrorist 
watch list screening processes that arise when screening agencies do 
not use certain watch list records and (2) optimize the use and 
effectiveness of the watch list as a counterterrorism tool. Such 
optimization should include development of guidelines to support 
private sector screening processes that have a substantial bearing on 
homeland security, as well as development of an up-to-date strategy and 
implementation plan for using terrorist-related information. Further, 
to help ensure that governmentwide terrorist-related screening efforts 
are effectively coordinated, we have also recommended that the 
Assistant to the President for Homeland Security and Counterterrorism 
ensure that an appropriate leadership or governance structure has clear 
lines of responsibility and authority. 

Agency Comments and Our Evaluation: 

In commenting on a draft of our report, which provides the basis for my 
statement at today's hearing, the Department of Homeland Security noted 
that it agreed with and supported our work and stated that it had 
already begun to address issues identified in our report's findings. 
The FBI noted that the database state and local law enforcement 
agencies use for screening does not contain certain watch list records 
primarily to minimize instances of individuals being misidentified as 
subjects of watch list records. Because of this operational concern, 
the FBI noted that our recommendation to assess the extent of 
vulnerabilities in current screening processes has been completed and 
the vulnerability has been determined to be low or nonexistent. In our 
view, however, recognizing operational concerns does not constitute 
assessing vulnerabilities. Thus, while we understand the FBI's 
operational concerns, we maintain it is still important that the FBI 
assess to what extent security risks are raised by not screening 
against certain watch list records and what actions, if any, should be 
taken in response. Also, the FBI noted that TSC's governance board is 
the appropriate forum for obtaining a commitment from all of the 
entities involved in the watch-listing process. However, as discussed 
in our report, TSC's governance board is responsible for providing 
guidance concerning issues within TSC's mission and authority and would 
need additional authority to provide effective coordination of 
terrorist-related screening activities and interagency issues 
governmentwide. The Homeland Security Council was provided a draft of 
the report but did not provide comments. 

Mr. Chairman, this concludes my statement. I would be pleased to answer 
any questions that you or other members have at this time. 

GAO Contacts and Staff Acknowledgments: 

For questions regarding this testimony, please contact me at (202) 512- 
8777 or larencee@gao.gov. Other key contributors to this statement were 
Danny R. Burton, Virginia A. Chanley, R. Eric Erdman, Michele C. 
Fejfar, Jonathon C. Fremont, Kathryn E. Godfrey, Richard B. Hung, 
Thomas F. Lombardi, Donna L. Miller, and Ronald J. Salo. 

[End of section] 

Footnotes: 

[1] GAO, Terrorist Watch List Screening: Opportunities Exist to Enhance 
Management Oversight, Reduce Vulnerabilities in Agency Screening 
Processes, and Expand Use of the List, GAO-08-110 (Washington, D.C.: 
Oct. 11, 2007). 

[2] The Homeland Security Council was established to ensure 
coordination of all homeland security-related activities among 
executive departments and agencies and promote the effective 
development and implementation of all homeland security policies. See 
The White House, Homeland Security Presidential Directive/HSPD-1, 
Subject: Organization and Operation of the Homeland Security Council 
(Washington, D.C.: Oct. 29, 2001). 

[3] Terrorist watch list-related screening can cause travel delays and 
other inconveniences, which may be inevitable consequences of enhanced 
homeland security. Nonetheless, as we reported in September 2006, it is 
important for TSC and screening agencies to provide effective redress 
for individuals who are inadvertently and adversely affected by watch 
list-related screening. See GAO, Terrorist Watch List Screening: 
Efforts to Help Reduce Adverse Effects on the Public, GAO-06-1031 
(Washington, D.C.: Sept. 29, 2006). 

[4] Joint Terrorism Task Forces are teams of state and local law 
enforcement officials, FBI agents, and other federal agents and 
personnel whose mission is to investigate and prevent acts of 
terrorism. There is a Joint Terrorism Task Force in each of the FBI's 
56 main field offices, and additional task forces are located in 
smaller FBI offices. 

[5] In general, and in this context, a standard of reasonableness can 
be described as a government agent's particularized and objective basis 
for suspecting an individual of engaging in terrorist-related 
activities, considering the totality of circumstances known to the 
government agent at that time. See, e.g., United States v. Price, 184 
F.3d 637, 640-41 (7th Cir. 1999); Terry v. Ohio, 392 U.S. 1, 30 (1968). 

[6] In this context, ineligibility waived refers to individuals who 
were ineligible for a visa based on terrorism grounds, but the 
Department of Homeland Security approved a waiver for a one-time visit 
or multiple entries into the United States. In general, waivers are 
approved when the U.S. government has an interest in allowing the 
individual to enter the United States, such as an individual on the 
terrorist watch list who is invited to participate in peace talks under 
U.S. auspices. 

[7] In general, individuals on the No Fly list are to be precluded from 
boarding an aircraft, and individuals on the Selectee list are to 
receive additional physical screening prior to boarding an aircraft. 

[8] Of all of the screening databases that accept watch list records, 
only the No Fly and Selectee lists require certain nomination criteria 
or inclusion standards that are narrower than the "known or 
appropriately suspected" standard of Homeland Security Presidential 
Directive 6. 

[9] In July 2007, we issued a report that examined federal coordination 
for responding to in-flight security threats. See GAO, Aviation 
Security: Federal Coordination for Responding to In-flight Security 
Threats Has Matured, but Procedures Can Be Strengthened, GAO-07-891R 
(Washington, D.C.: July 31, 2007). 

[10] See 72 Fed. Reg. 48,320 (Aug. 23, 2007). The provisions of the 
final rule take effect on February 19, 2008.

GAO's Mission: 

The Government Accountability Office, the audit, evaluation, and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates." 

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to: 

U.S. Government Accountability Office: 
441 G Street NW, Room LM: 
Washington, DC 20548: 

To order by Phone: 
Voice: (202) 512-6000: 
TDD: (202) 512-2537: 
Fax: (202) 512-6061: 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Gloria Jarmon, Managing Director, JarmonG@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, DC 20548: 

Public Affairs: 

Susan Becker, Acting Manager, BeckerS@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, DC 20548: