<DOC>
[108th Congress House Hearings]
[From the U.S. Government Printing Office via GPO Access]
[DOCID: f:91646.wais]
CAN THE USE OF FACTUAL DATA ANALYSIS STRENGTHEN NATIONAL SECURITY? PART
TWO
=======================================================================
HEARING
before the
SUBCOMMITTEE ON TECHNOLOGY, INFORMATION
POLICY, INTERGOVERNMENTAL RELATIONS AND
THE CENSUS
of the
COMMITTEE ON
GOVERNMENT REFORM
HOUSE OF REPRESENTATIVES
ONE HUNDRED EIGHTH CONGRESS
FIRST SESSION
__________
MAY 20, 2003
__________
Serial No. 108-98
__________
Printed for the use of the Committee on Government Reform
Available via the World Wide Web: http://www.gpo.gov/congress/house
http://www.house.gov/reform
_____
U.S. GOVERNMENT PRINTING OFFICE
WASHINGTON : 2004
91-646 PDF
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512-1800
Fax: (202) 512-2250 Mail: Stop SSOP, Washington, DC 20402-0001
COMMITTEE ON GOVERNMENT REFORM
TOM DAVIS, Virginia, Chairman
DAN BURTON, Indiana HENRY A. WAXMAN, California
CHRISTOPHER SHAYS, Connecticut TOM LANTOS, California
ILEANA ROS-LEHTINEN, Florida MAJOR R. OWENS, New York
JOHN M. McHUGH, New York EDOLPHUS TOWNS, New York
JOHN L. MICA, Florida PAUL E. KANJORSKI, Pennsylvania
MARK E. SOUDER, Indiana CAROLYN B. MALONEY, New York
STEVEN C. LaTOURETTE, Ohio ELIJAH E. CUMMINGS, Maryland
DOUG OSE, California DENNIS J. KUCINICH, Ohio
RON LEWIS, Kentucky DANNY K. DAVIS, Illinois
JO ANN DAVIS, Virginia JOHN F. TIERNEY, Massachusetts
TODD RUSSELL PLATTS, Pennsylvania WM. LACY CLAY, Missouri
CHRIS CANNON, Utah DIANE E. WATSON, California
ADAM H. PUTNAM, Florida STEPHEN F. LYNCH, Massachusetts
EDWARD L. SCHROCK, Virginia CHRIS VAN HOLLEN, Maryland
JOHN J. DUNCAN, Jr., Tennessee LINDA T. SANCHEZ, California
JOHN SULLIVAN, Oklahoma C.A. ``DUTCH'' RUPPERSBERGER,
NATHAN DEAL, Georgia Maryland
CANDICE S. MILLER, Michigan ELEANOR HOLMES NORTON, District of
TIM MURPHY, Pennsylvania Columbia
MICHAEL R. TURNER, Ohio JIM COOPER, Tennessee
JOHN R. CARTER, Texas CHRIS BELL, Texas
WILLIAM J. JANKLOW, South Dakota ------
MARSHA BLACKBURN, Tennessee BERNARD SANDERS, Vermont
(Independent)
Peter Sirh, Staff Director
Melissa Wojciak, Deputy Staff Director
Rob Borden, Parliamentarian
Teresa Austin, Chief Clerk
Philip M. Schiliro, Minority Staff Director
Subcommittee on Technology, Information Policy, Intergovernmental
Relations and the Census
ADAM H. PUTNAM, Florida, Chairman
CANDICE S. MILLER, Michigan WM. LACY CLAY, Missouri
DOUG OSE, California DIANE E. WATSON, California
TIM MURPHY, Pennsylvania STEPHEN F. LYNCH, Massachusetts
MICHAEL R. TURNER, Ohio
Ex Officio
TOM DAVIS, Virginia HENRY A. WAXMAN, California
Bob Dix, Staff Director
Scott Klein, Professional Staff Member
Ursula Wojciechowski, Clerk
David McMillen, Minority Professional Staff Member
C O N T E N T S
----------
Page
Hearing held on May 20, 2003..................................... 1
Statement of:
Rosenzweig, Paul, senior legal research fellow, Center for
Legal and Judicial Studies, the Heritage Foundation; Barry
Steinhardt, director, technology and liberty program,
American Civil Liberties Union; and John Cohen, co-founder,
president and CEO, PSCOM LLC, Inc.......................... 8
Letters, statements, etc., submitted for the record by:
Cohen, John, co-founder, president and CEO, PSCOM LLC, Inc.,
prepared statement of...................................... 58
Miller, Hon. Candice S., a Representative in Congress from
the State of Michigan, prepared statement of............... 7
Putnam, Hon. Adam H., a Representative in Congress from the
State of Florida, prepared statement of.................... 4
Rosenzweig, Paul, senior legal research fellow, Center for
Legal and Judicial Studies, the Heritage Foundation,
prepared statement of...................................... 10
Steinhardt, Barry, director, technology and liberty program,
American Civil Liberties Union, prepared statement of...... 29
CAN THE USE OF FACTUAL DATA ANALYSIS STRENGTHEN NATIONAL SECURITY? PART
TWO
----------
TUESDAY, MAY 20, 2003
House of Representatives,
Subcommittee on Technology, Information Policy,
Intergovernmental Relations and the Census,
Committee on Government Reform,
Washington, DC.
The subcommittee met, pursuant to notice, at 10:04 a.m., in
room 2154, Rayburn House Office Building, Hon. Adam H. Putnam
(chairman of the subcommittee) presiding.
Present: Representatives Putnam, Miller, Turner, Clay and
Lynch.
Staff present: Bob Dix, staff director; John Hambel, senior
counsel; Scott Klein, Chip Walker, Lori Martin, and Casey
Welch, professional staff members; Ursula Wojciechowski, clerk;
Suzanne Lightman, fellow; Bill Vigen, intern; David McMillen,
minority professional staff member; and Jean Gosa, minority
assistant clerk.
Mr. Putnam. A quorum being present, this hearing of the
Subcommittee on Technology, Information Policy,
Intergovernmental Relations and the Census will come to order.
Good morning and welcome to today's hearing entitled, ``Can
the Use of Factual Data Analysis Strengthen National Security,
Part Two.''
With today's continued improvements in technology,
particularly in the areas of data base exploration and
information sharing, Federal agencies faced with the monumental
task of enhancing national security and law enforcement are
provided a number of opportunities to do so more effectively.
Specifically, the process of factual data analysis enables the
end user to sort through massive amounts of information,
identifying patterns of interest to its user in a matter of
seconds. This type of tool has proven beneficial in a variety
of applications and could have considerable implications for
law enforcement and Federal authorities tasked with identifying
terrorist activity before it strikes.
At the same time, there are valid questions and concerns
about the Government's potential access to the personal
information of individual citizens that could be the subject of
a data mining process. While it is important that the Federal
Government utilize all available resources to enhance national
security, it is critical that we continue to safeguard American
values of personal freedom and privacy.
Today's hearing will focus on examining the questions and
concerns surrounding the Federal Government's use of factual
data analysis or information produced by this analytical
process. With the wealth of technology available today and
certainly as a result of the events of September 11, 2001, the
American people have a realistic expectation that government
and law enforcement entities must continue their efforts to
become better equipped to perform their duties.
Many Federal agencies do not even have the technological
tools that the private sector currently possesses. In many
cases, this means that agencies are undergoing a complete
technology upgrade as well as introducing advanced information
technology applications. Advanced technology will enable
Government to better share and analyze important information.
By making use of these tools, Government and law enforcement
hope to be more successful at securing and protecting our
Nation.
As Government and law enforcement begin to implement new
strategies using advanced technology such as data mining, there
are a number of questions and concerns that need to be
addressed. These agencies will need to address how existing
privacy laws would apply to their programs, what data sources
do they intend to draw from, how the reliability of the data
will be ensured, what procedures are in place to secure the
data collected from intrusion, and what recourse would be
available to an individual who believes his or her information
is inaccurate or incomplete.
We have held previous hearings on this topic. On May 6, the
subcommittee heard from representatives from the Total
Information Awareness Program run by the Defense Advanced
Research Project Agencies, the Transportation Security
Administration's CAPPII Program which is a passenger pre-
screening process, the FBI's Trilogy, related data warehousing
and data mining programs.
What we learned from each of these witnesses is that they
are in the very infant stages of developing their strategies
involving this analytical process. They have testified that as
they continue to figure out what role factual data analysis
will play, each acknowledge and affirm their commitment to
protection of privacy and personal freedom as fundamental
elements of their program.
Today, we will hear from an expert panel of witnesses who
will address the matter of privacy, confidentiality and
personal freedom in the context of the protection of civil
liberties in the pursuit of homeland security and strengthen
law enforcement. The members of the subcommittee look forward
to hearing the observations and recommendations from this panel
and to continue to examine these matters to determine if in
fact factual data analysis can strengthen national security.
The use of advanced information technologies does not mean
the erosion of personal liberties is inevitable. The Federal
Government's objective of better information sharing and
analysis can and must be met simultaneously with that of
securing personal liberties. The subcommittee looks forward to
working with these agencies and the variety of stakeholders in
this matter in implementing their planned proposals for
enhancing homeland security using advanced information
technology.
Today's hearing can be viewed live via Web cast by going to
reform.house.gov and clicking on the link under live committee
broadcast.
I am pleased to yield to the distinguished vice chairman of
the subcommittee, the gentlelady from Michigan, Mrs. Miller,
for her opening statement.
[The prepared statement of Hon. Adam H. Putnam follows:]
[GRAPHIC] [TIFF OMITTED] T1646.001
[GRAPHIC] [TIFF OMITTED] T1646.002
Mrs. Miller. Thank you, Mr. Chairman.
As we begin the third subcommittee hearing on factual data
analysis, the issue of privacy protection becomes exceedingly
important. In previous hearings as you mentioned, we heard
testimony from representatives of the Department of Defense,
the Transportation Security Administration, and the FBI, all
insisting that the privacy of citizens would not be compromised
and certainly that those agencies are very sensitive to concern
raised about the invasion of personal privacy by Big Brother or
by Government.
In the written testimony submitted for today's hearing by
Mr. Rosenzweig, he states, ``Fundamental legal principles and
conceptions of American Government should guide the
configuration of our intelligence and law enforcement rather
than the reverse.'' One of the hallowed principles certainly of
our American system is that we the people determine what the
government can and cannot and should not do, not the other way
around.
This subcommittee has primary oversight of the technology
initiatives of the Federal Government and as Federal agencies
begin to integrate and streamline information technologies, it
is very important that the processes associated with Federal
actions remain transparent so that the confidence of the
American people is not lost. We find ourselves today in a
highly salient national debate concerning the balance between
national security and personal privacy. Factual data analysis
is a tool that will better enable local, State and Federal
officials to secure the homeland from terror attacks and
because of the power and the breadth of capabilities associated
with this tool, both now and in the future, high scrutiny of
its implementation is required.
Mr. Cohen, in his written testimony, has cited instances
where the potential for abuse of factual data analysis will be
ever present but potential abuse exists currently in all levels
of Government activity and hopefully through the work of this
subcommittee, we can help Americans view the implementation of
improved data mining techniques and its homeland security
benefits with cautious optimism and not with fear. I am
confident that the rights of American citizens outlined by the
Constitution and the Bill of Rights will not be subverted in
the auspices of national security.
I want to thank all three of the witnesses for coming
today. I am looking forward to working with our chairman and
this committee and I look forward to your testimony today.
[The prepared statement of Hon. Candice S. Miller follows:]
[GRAPHIC] [TIFF OMITTED] T1646.003
Mr. Putnam. We thank the gentlelady from Michigan and
appreciate her very active involvement in the work of this
subcommittee. The wealth of experience she brings from the
Michigan Department of State has proven very valuable to this
subcommittee. We appreciate your continued involvement.
As is the custom with the committee and its subcommittees,
we will swear in our witnesses.
[Witnesses sworn.]
Mr. Putnam. As you are all aware, we have the lighting
system. You have submitted your written statements for the
record and we ask that you summarize your oral statement in 5
minutes at which time you will see the yellow light indicating
the need to wrap up and the red light indicating that time has
expired.
I will introduce the first of our three witnesses, Mr. Paul
Rosenzweig, senior legal research fellow, the Heritage
Foundation, Center for Legal and Judicial Studies. Before
coming to Heritage, he was in private practice specializing in
Federal, appellate and criminal law and legal ethics.
Previously he served as senior litigation counsel and associate
independent counsel, Office of the Independent Counsel. Before
working at OIC, he worked as the chief investigative counsel
for the House Committee on Transportation and Infrastructure
where his work included the 1996 Value Jet crash. He received
his law degree cum laude from the University of Chicago in
1986.
Welcome. You are recognized.
STATEMENTS OF PAUL ROSENZWEIG, SENIOR LEGAL RESEARCH FELLOW,
CENTER FOR LEGAL AND JUDICIAL STUDIES, THE HERITAGE FOUNDATION;
BARRY STEINHARDT, DIRECTOR, TECHNOLOGY AND LIBERTY PROGRAM,
AMERICAN CIVIL LIBERTIES UNION; AND JOHN COHEN, CO-FOUNDER,
PRESIDENT AND CEO, PSCOM LLC, INC.
Mr. Rosenzweig. Thank you, Mr. Chairman.
Thank you for the invitation to come and speak with you
today about a topic I consider to be the single most important
domestic legal issue facing Congress and the American people.
I should begin with the routine request of my Foundation
that I emphasize I am here on my own account and nothing I say
is a corporate position of the Heritage Foundation or its board
of trustees.
Before speaking to TIA and CAPPSII directly, I would like
to talk about a subject to which both of you alluded in your
opening statements, the role of Congress and the vital
importance of that role.
I had the pleasurable experience of meeting a couple weeks
ago with Lord Alexander Carlisle who is a Lord of the House of
Lords in Great Britain. As you know, Great Britain has passed a
series of laws similar to our own Patriot Act which all involve
the difficult question of tradeoffs between civil liberties and
national security. Pursuant to that law, one of the unique
steps the English have taken is that the law requires the
appointment of an independent reviewer who has the power to
review all the records within the holding of the Home Secretary
whenever he undertakes some exercise of the newly granted
terror powers, and is empowered to report on those uses of the
anti-terror provisions to the Parliament. Lord Carlisle is that
independent reviewer and he was here in the United States to do
a bit of his own comparative analysis, examining how we in
America have dealt with the balance.
We don't have such a person in our provisions of the
Patriot Act and in our developing understanding of TIA and
CAPPS. Congress is that position. They are the independent
reviewer. The genius of the founders was the system of checks
and balances and the core of that genius is the use of
thoughtful, sustained, non-partisan oversight of the use of the
powers we give the executive branch.
There are some who would say the potential for abuse of a
new system means we should forego its development. Of course
any new system can be abused, but, in my judgment, the right
answer is to attempt rationally to construct the systems of
oversight that will enable this Congress and Congresses that
come after it to examine the conduct of the executive branch
and determine whether or not it is in fact appropriate and
consistent with the laws we have imposed upon it.
That is my single most significant and sustained
recommendation to you as you consider TIA and CAPPSII. The real
questions about things like CAPPSII are not whether it will
work, because in the end we will find the answer and if it
doesn't work, then a lot of this debate is moot and we may have
wasted a lot of money. In the end, it will be irrelevant.
The real question is, what if it does work. What will you
be doing to examine whether or not it is being used
appropriately or inappropriately. To do that, Congress is going
to need absolute, unfettered access to information about the
operation of a system like CAPPSII. What I say about CAPPSII
applies equally to TIA.
In some instances, that access may require the receipt of
information in a classified or confidential manner, since I
know full well the disclosure of means and methods can render
them utterly useless and unreasonable, but the vital factor
that you should consider is making sure as you go down the
development and authorization path that you require the
provision of information not just about raw data, about gross
numbers, but the ability for somebody, somewhere to examine
individual cases. There should be an appeals process as well
outside of Congress but the ultimate and final repository of
the ability to check the excessive use of governmental
authority rests in this body.
I see that my time is almost up which is amazing because I
feel I have barely begun but in deference to the committee's
time structure, and I am sure we will have the opportunity for
questions, I will stop now.
[The prepared statement of Mr. Rosenzweig follows:]
[GRAPHIC] [TIFF OMITTED] T1646.004
[GRAPHIC] [TIFF OMITTED] T1646.005
[GRAPHIC] [TIFF OMITTED] T1646.006
[GRAPHIC] [TIFF OMITTED] T1646.007
[GRAPHIC] [TIFF OMITTED] T1646.008
[GRAPHIC] [TIFF OMITTED] T1646.009
[GRAPHIC] [TIFF OMITTED] T1646.010
[GRAPHIC] [TIFF OMITTED] T1646.011
[GRAPHIC] [TIFF OMITTED] T1646.012
[GRAPHIC] [TIFF OMITTED] T1646.013
[GRAPHIC] [TIFF OMITTED] T1646.014
[GRAPHIC] [TIFF OMITTED] T1646.015
[GRAPHIC] [TIFF OMITTED] T1646.016
[GRAPHIC] [TIFF OMITTED] T1646.017
[GRAPHIC] [TIFF OMITTED] T1646.018
[GRAPHIC] [TIFF OMITTED] T1646.019
[GRAPHIC] [TIFF OMITTED] T1646.020
Mr. Putnam. Thank you very much, particularly for your
respect for the time limit.
Our next witness is Barry Steinhardt. Mr. Steinhardt has
served as associate director, American Civil Liberties Union
for the past 10 years. He was recently named as inaugural
director, ACLU Program on Technology and Liberty. Mr.
Steinhardt was a co-founder of the Global Internet Liberty
Campaign, the world's first international coalition of non-
governmental organizations concerned with the rights of
Internet users to privacy and free expression. He is a member
of the Advisory Committee to the U.S. census and the Blue
Ribbon Panel on Genetics of the National Conference of State
Legislatures. He was a member of the U.S. delegation to the
recent G8 Government and Private Sector Tokyo Conference on
Cybercrime. He is a 1978 graduate of Northeastern University
School of Law.
Welcome.
Mr. Steinhardt. Thank you, Mr. Chairman and members of the
committee, for the opportunity to testify this morning.
The timeliness of your hearing could not be more apt. The
explosion of computers, cameras, sensors and other technologies
in the last 10 years has brought us to the edge of surveillance
society. The fact is there are no longer any technical bars to
the creation of that surveillance society. If we don't take
steps to control and regulate surveillance, to bring it into
conformity with our values, we will find ourselves being
tracked, analyzed, profiled and flagged in our daily lives to
the degree we can scarcely imagine today, being forced into an
impossible struggle to conform to the letter of every rule, law
and societal assumption of correctness. Our transgressions,
whether they are real or an imagined product of bad data will
become permanent scarlet letters that will follow us through
our lives.
We should be responding to this new threat, these new
circumstances by building stronger restraints to protect our
privacy but instead, we have been weakening those restraints,
loosening the regulations. Most ominously we are contemplating
the introduction of powerful new surveillance infrastructures
that will tie together all this information. The Total
Information Program [TIA], and CAPPSII are prime examples of
the new infrastructures for surveillance.
DARPA has recently sought to underplay TIA. To my right you
will see two charts, both prepared by the Total Information and
Awareness Office itself. The first was published before the
furor erupted. It makes quite plain the TIA was designed to
conduct a massive search through records of 300 million
Americans, including financial, education, housing, travel,
medical and communications data.
The second, which was prepared after the furor and
Congress' passage of the Wyden amendment which prevented DARPA
from training TIA on Americans, omits all the original detail
and notes that access is ``restricted by law.'' The reality is
that the only thing that significantly restricts TIA is the
Wyden amendment itself. There is no overarching law that
prohibits the Government from gaining or buying access to most
of the details of our lives from having what Poindexter calls
``total information awareness.''
Our memo outlines questions we believe DARPA must answer
when it sends to the Congress your mandated report which is due
today. Consider those questions as you read the report and
insist the report be made public.
CAPPSII is portrayed by the TSA as a more effective and
benign successor to CAPPSI Program and the so-called No Fly
list. The failure of these programs to protect either our
security or our freedoms is well documented. We don't need to
look into history to speculate about what the consequences of
abuse of that sort of data will be. The No Fly list and the
CAPPSI Program demonstrate quite well and there have been
literally hundreds of communications with Members of Congress
that forwarded to TSA and recently revealed under a Freedom of
Information Act request.
The ACLU has six questions which we urge the Congress to
ask about CAPPSII. The questions range from its cost to its
fundamental fairness to how do innocent civilians correct
mistakes made in secret or are we deemed to repeat the failure
of the No Fly list. Let me highlight two questions for you.
First, and I would suggest this is the first question that
should be asked about any security measures, will it work? Will
we really be able to pick out a few terrorists among 100
million Americans who fly? We urge you to heed the advice of
Mark Forman of the Office of Management and Budget who told
this very subcommittee ``If we can't prove it lowers risk, it
is not a good investment for government.''
Citing the obvious problems of error, if you stop and think
about it for a moment, even at 99.9 percent accuracy rate among
the 100 million Americans who fly every year, would result in
100,000 errors each year. The problem with CAPPSII is that
profiles are always one step behind the attackers. The
spokesperson for DHS recently said ``One thing we know about
terrorists is there is no way to predict what will happen.''
The second question is what will be the cost to our freedom
of building a system like this? It is historical fact that
government agencies and surveillance systems alike tend to
expand and not contract, the phenomenon known as mission creep.
Can we really restrict CAPPSII to its original purpose? How
long before it is extended to cover our entire transportation
sector as Admiral Loy has suggested it might, how long before
the system is expanded to reach more and more sectors of our
economy and society, how long before the data which we are told
now is not going to be retained will be retained? How long
before CAPPSII becomes the Total Information Program?
Your subcommittee is performing an essential oversight role
in examining these programs and these questions. I urge you to
continue to act with vigor and expedition before it is too late
to turn back the clock on the looming surveillance society.
Thank you.
[The prepared statement of Mr. Steinhardt follows:]
[GRAPHIC] [TIFF OMITTED] T1646.021
[GRAPHIC] [TIFF OMITTED] T1646.022
[GRAPHIC] [TIFF OMITTED] T1646.023
[GRAPHIC] [TIFF OMITTED] T1646.024
[GRAPHIC] [TIFF OMITTED] T1646.025
[GRAPHIC] [TIFF OMITTED] T1646.026
[GRAPHIC] [TIFF OMITTED] T1646.027
[GRAPHIC] [TIFF OMITTED] T1646.028
[GRAPHIC] [TIFF OMITTED] T1646.029
[GRAPHIC] [TIFF OMITTED] T1646.030
[GRAPHIC] [TIFF OMITTED] T1646.031
[GRAPHIC] [TIFF OMITTED] T1646.032
[GRAPHIC] [TIFF OMITTED] T1646.033
[GRAPHIC] [TIFF OMITTED] T1646.034
[GRAPHIC] [TIFF OMITTED] T1646.035
[GRAPHIC] [TIFF OMITTED] T1646.036
[GRAPHIC] [TIFF OMITTED] T1646.037
[GRAPHIC] [TIFF OMITTED] T1646.038
[GRAPHIC] [TIFF OMITTED] T1646.039
[GRAPHIC] [TIFF OMITTED] T1646.040
[GRAPHIC] [TIFF OMITTED] T1646.041
[GRAPHIC] [TIFF OMITTED] T1646.042
[GRAPHIC] [TIFF OMITTED] T1646.043
[GRAPHIC] [TIFF OMITTED] T1646.044
[GRAPHIC] [TIFF OMITTED] T1646.045
[GRAPHIC] [TIFF OMITTED] T1646.046
Mr. Putnam. Thank you.
Can we pass those charts up here so the subcommittee
members can actually see them?
I will note for the record the arrival of the gentleman
from Ohio, Mr. Turner. We welcome him to the subcommittee and
the record will be open for your opening statement in the
appropriate spot.
Our final witness today is John Cohen, co-founder,
president and CEO of PSCom LLC, Inc. He oversees the general
corporate operations as well as the strategic development of
the firm. Mr. Cohen is also director of the Progressive Policy
Institute's Community Crimefighting Project and co-director of
the PPI Homeland Security Task Force. He has served as a policy
advisor to a number of local, State and national
administrations and political campaigns including as
coordinator of the State of Maryland's Public Safety Technology
Task Force and special advisor to the Governor's Cabinet
Council on Crime and Juvenile Justice.
Mr. Cohen has written and lectured extensively on many
issues advocating the deployment of existing and new
technologies in business practices to fundamentally change the
way we provide for the public safety in America. These issues
include homeland security, counter terrorism, community
policing, drug policy, public safety and racial profiling by
police.
Welcome. You are recognized.
Mr. Cohen. Thank you for the opportunity to participate in
this important hearing.
My views on this issue come from the perspective of someone
who has spent the last 20 years in law enforcement, both from
the operational oversight and policy development perspective. I
have worked counter terrorism cases as a special agent for the
Office of Naval Intelligence and worked as a police officer
assigned to Federal agencies. I appreciate the opportunity to
be a part of this discussion.
As we look back at what has happened in this country since
September 11, I think the best way to describe how State and
local governments have responded and have been operating has
been purely in a reactive mode. It has been a reactive mode
based on non-specific and vague information that has been
provided. This shouldn't be a surprise to everybody because
prior to September 11 the information sharing amongst our
Federal, State and local law enforcement agencies was ad hoc at
best, based on personal relationships very often and not
supported by an integrated system of law enforcement
information sharing.
While this homeland security approach may have been
appropriate for the months immediately preceding the events of
September 11, Governors and mayors around the country have come
to the conclusion that from a long term perspective, they can
no longer operate in a manner in which with every threat level
elevation, they are going to take police officers out of their
communities and mobilize the National Guard to have them guard
potential targets.
There is a growing consensus that our Nation's homeland
security issues should be driven by a number of basic
principles. First, the front lines of the Nation's war on
domestic terrorism are our cities, towns and local communities.
Therefore, State and local authorities must be active partners
with the Federal Government and develop strategic and
operational plans related to homeland defense.
Second, the loss of life and financial repercussions that
would result from a successful terrorist incident require that
State and local governments take a preventative approach, not
just be prepared to respond. In this regard, State and local
homeland security efforts must be information driven, proactive
and focused on preventing future attacks. This can best be done
by collecting, analyzing and disseminating critical
information, not just giving it to the Joint Terrorism Task
Forces but putting systems into place so that information
obtained by a beat cop in a community can flow up and be part
of the analytical mix as well as critical information flowing
down to that same beat cop.
This debate, while important, must be done in the context
of the following. Almost 21 months after the attacks of
September 11, this Nation still has not taken critical steps in
creating a strong information sharing capability that allows us
to conduct this collection, analysis and dissemination of vital
information. We knew connecting the dots was a problem prior to
September 11 and to be quite frank, it is still a problem now.
I have spent the last 21 months working with a number of city
and State governments helping them look at the issue of
homeland security and develop plans on how they can be better
prepared to stop future acts of terrorism. Overwhelmingly what
I hear from mayors, Governors, police chiefs, fire chiefs and
public health officials is that we aren't putting the emphasis
into prevention that we should. A critical part of those
prevention efforts is linking these information systems.
While it would be great to have systems like TIA and be
able to go into credit histories of people that potentially may
be terrorists, it would be great to have a new radar system
that allows us to identify through gait individuals. While
there are amazing things we can do with biometrics and facial
recognition, the fact of the matter is none of those systems
will work if we don't create an initial foundation of criminal
justice information sharing that allows us to share basic
police information.
Many of you from this area were here last summer during the
sniper incident--3 weeks which paralyzed this region. What is
incredible about that whole situation is the car that contained
both suspects in that case was stopped over 10 times by law
enforcement authorities, entered into law enforcement systems
and never rose to anyone's attention. When phone calls were
being received in the call center during the sniper incident,
the information was put on pieces of paper, stacked in piles
behind the calltakers and at some point during the day, it was
disseminated to local agencies so those leads could be followed
up.
This is not an information sharing system that is going to
help us stop the next act of terrorism. As we begin the process
of investing billions of dollars in homeland security, beefing
up this capability has to be a top priority.
Let me conclude that as we look at expanding the
information sharing capability, oversight is a critically
important part of that. September 11, unfortunately, did not
stop the fact that some in law enforcement abuse authority, and
while most cops are honorable people, we have to make sure
oversight mechanisms are in place to prevent abuses of
information collection capability and punish those who misuse
it.
Thank you. I will respect the time rule also since everyone
else did.
[The prepared statement of Mr. Cohen follows:]
[GRAPHIC] [TIFF OMITTED] T1646.047
[GRAPHIC] [TIFF OMITTED] T1646.048
[GRAPHIC] [TIFF OMITTED] T1646.049
[GRAPHIC] [TIFF OMITTED] T1646.050
[GRAPHIC] [TIFF OMITTED] T1646.051
[GRAPHIC] [TIFF OMITTED] T1646.052
[GRAPHIC] [TIFF OMITTED] T1646.053
Mr. Putnam. Thank you, Mr. Cohen.
At this point, I will recognize Mr. Turner if he has an
opening statement and would like to give it now.
Mr. Turner. Thank you, Mr. Chairman. I appreciate your
having this hearing on this important issue.
As we listened to each of the testimonies, we certainly
understand the importance of making certain we are protecting
civil rights and making certain we do not have political views
as a basis for discrimination in these processes or other types
of discrimination we would want to avoid.
You can't help but listen to the importance of the task
that is ahead of us to know that we must have a process of
learning how to discern what an increased terrorist threat
might be. In Mr. Steinhardt's testimony, he used the words, how
would we be able to determine a terrorist from the 100 million
Americans who fly. I think we are all aware that in the
September 11 incident we weren't dealing with Americans, we
were dealing with people on our soil who were carrying out an
attack upon our country.
This discussion is important because we must find the
balance there has to be in this process and a way we can use
information to discern real threats without resulting to
discrimination.
Thank you.
Mr. Putnam. We thank the gentleman and recognize the vice
chairwoman of the subcommittee, Mrs. Miller, for questions.
Mrs. Miller. Thank you, Mr. Chairman. I have a little cold
going on today with my voice, so we will see how it holds up.
If I might followup with Mr. Cohen, I was particularly
interested in your testimony about the sniper and some of the
problems the locals had with information sharing. Is there
anything you could tell us specifically to assist us in what
you might think Congress could do, what our role is? I know so
many of our States have very strong home rule and why that is
particularly important, zoning issues and those kinds of
things.
I think when it comes to national security or information
sharing amongst law enforcement agencies, again the Federal
Government has to be careful we don't get on the slippery slope
there but you had that kind of experience with the locals. Is
there anything you see Congress should be doing quickly here to
expedite some of this information sharing that could have
precluded some of the examples you used with the sniper which
were quite vivid?
Mr. Cohen. I think actually Congress not only plays a
critical role but quite frankly from what I am seeing, it is
not going to happen unless Congress plays a role. One thing
Congress can do immediately is take a look at what homeland
security funding that is being disseminated out to State and
local governments can be used for. You hear a lot of focus on
response, which is important obviously, but as you look at the
requirements of what funding can be used for, you very often do
not see anything that indicates they could use it for
information sharing.
State and locals have acknowledged this has been a problem
prior to September 11. In the 1990's, there was a program
within the Justice Department called the Integrated Justice
Program which provided support to State governments to work
with localities to integrate or link these information systems.
The idea was that as each State linked their intrastate
criminal justice related information systems, you would then be
able to link the 50 States into the Federal system.
During the sniper incident, one of the examples I didn't
use is that a latent fingerprint was lifted from a robbery
homicide in Montgomery, AL. That print was taken by the local
police department, sent to the State of Alabama where it was
run through their fingerprint system. There were no matches
within the State of Alabama fingerprint system. Alabama was one
of the States that was not linked to the Federal fingerprint
system.
After a call by one of the snipers where they talked about
a robbery homicide in Montgomery, AL, investigators from the
Sniper Task Force traveled to Montgomery, AL, took the latent
fingerprint on a piece of paper, traveled to Washington, DC,
ran it through the Federal fingerprint system and identified
the suspect Malvo. From there, they were able to identify the
other suspect and then they were able to identify the car they
were driving in a very short timeframe.
If Alabama had been linked to the Federal system, they
probably would have identified that print prior to the sniper
situation and when that car was stopped 4 hours before the
first shooting in Wheaton, there would have been a Federal
warrant in the system, and you may have prevented the entire
event from occurring.
This is not massive data mining capability. This is basic
system infrastructure that needs to be put into place. It is
important, and this goes to Mr. Turner's point, how do you
decide what information is important? Part of the problem is we
adopt in this country a philosophy where somehow terrorism is
somehow separate from crime and that is ridiculous because
terrorists don't sit in their hotel rooms or their apartments
thinking up their little plans and then come out only to carry
out the plan. They commit drug trafficking offenses, illegal
weapons trafficking offenses, document fraud, money laundering;
they work with criminal organizations. They are intertwined
with the criminal community throughout the world.
The best way and in fact most of the domestic cases that
have been worked in this country since September 11 have all
started off as criminal investigations by either a local police
officer or a Federal agent. If we can link these criminal
justice systems more effectively, it is not a technology issue
but a willingness issue and we can look at terrorism and
terrorist groups for what they are which is people driven by
ideology to commit violent crimes, we can take a giant leap
forward in making the country safer. For that to occur, funding
has to be able to be used by State and local governments for
these information systems, Congress has to insist that be a
part of the philosophy that is adopted as our national homeland
security planning.
Mrs. Miller. That is absolutely true. You say a
willingness. In my former life, as the chairman knows, I was
the Michigan Secretary of State. We did all the DMV kinds of
things in our State. As a consequence of that, we were
responsible for feeding the LEAN machine, an acronym the police
officers used for all the driving records and those kinds of
things.
We had so many times when officers were abusing the system
because they would get into it, find out their girlfriend's
address, there were all kinds of things, even the reporters and
the media were using it for things they shouldn't have used it
for. So there are always those feeding those kinds of
information systems and you certainly have to be vigilant about
who is accessing it and penalties have to be given to those
that abuse it as well.
You also mentioned the homeland security. This is something
I think all of us see in our respective districts and States as
the Federal Government is sort of feeding out this pot of money
for homeland security. Unfortunately so often I see at the
local level they are using it because the States are having a
budget crunch, so they have had to lay off some police and fire
and are using the homeland security to bring those layoffs back
up to snuff, which I suppose is an important thing.
I think many of us, in our minds, were thinking about
homeland security moneys for communications systems and border
crossings and a lot of other kinds of things. That is something
I think Congress does need to pay attention to, how it is
actually being used on the home front.
I did have a question for Mr. Rosenzweig. You mentioned in
your testimony, I have forgotten now, did you say Great Britain
or Canada that has a system somewhat different from the
American system where they have a point person, so they have
someone who is accountable for their information sharing.
Do you have any specific recommendations? You mentioned
here in our Nation, Congress has the responsibility for
ensuring privacy and having these kinds of hearings. Do you
think an appeals process outside the Congress as you mentioned,
would be a good thing?
Mr. Rosenzweig. I think some form of review is absolutely
essential. There is no doubt that however we construct these
information technology systems to conduct advance factual data
analysis, there will be errors. There will be what are known as
false positives.
Especially in the CAPPSII Program, which impinges directly
upon one of our cherished fundamental freedoms, the right to
travel, no American citizen should be denied the right to
travel within or outside the United States without a chance to
have some redress and an ability to make a prompt argument that
the determination is an error.
If it were technologically feasible and I don't know
whether this will be because we don't know how the system will
play out, I would like the appeals system to be at the airport,
so that you can catch the next flight. That may prove to be
impossible and it may well prove to be unnecessary if the
parameters of CAPPSII are drawn tightly enough.
If you design the system such that the external
identification queries merely create a name and verify that
identity and that identity is checked against a terrorist list
created through the use of intelligence sources and means and
methods overseas that I don't know about and probably never
will because I don't have a secret clearance, anybody who is
red carded under that system and not permitted to fly is almost
surely also going to be someone who the authorities will
immediately take into custody because of suspicion that they
are in fact an active terrorist within the system.
That is how I conceive the development of the system and it
is how I think TSA conceives it. Whether or not they can
achieve that remains an open question. If they do achieve that,
then the appeal from no fly will be in a different forum
altogether, the court system where the suspected terrorist will
soon be transported.
There should still be a system for an appeal of a yellow
card determination where you are allowed to fly but are
subjected to heightened scrutiny. However, the need for that to
be an immediate process right at the airport is substantially
diminished because yellow card means you fly unless the yellow
card turns up something in which case you do not fly because
you have the bomb in your luggage.
So there could be a more measured process by which one were
given that appeal. Whatever the structure and architecture of
the system, it is imperative that no American be denied the
right to fly without the right to appeal.
I will add one other thing mentioned in my testimony. No
American should be denied the right to fly, red carded, based
solely on commercial data, data that is gleaned from publicly
available commercial data bases because those data bases are
maintained for different purposes, they have errors in them and
they aren't intended to be terrorist identifiers.
If anybody is denied the right of travel, this Congress
ought to tell TSA it ought to be based upon some positive
indication from an affirmative, intelligence source that gives
us a positive reason for thinking that this particular person,
with this particular name ought to be on the list.
Mrs. Miller. That really is the whole impetus of these
programs, that TSA is able to do some sort of profiling to weed
out the kinds of problems we might have at our airports.
I would like to ask one generally for the panel.
Mr. Putnam. We may need to get back to that. You have had a
10 minute round. We are going to move to Mr. Clay. I hate to
cut you off because it is a good debate, but I will recognize
the gentleman from Missouri for 10 minutes.
Mr. Clay. I thank the witnesses for being here today. Thank
you for your testimony.
I would like to begin by asking each of you to answer this
question. Each of you has emphasized that Congress has an
important policy role in balancing national security and
privacy, however, the development of CAPPSII and the
development of DARPA's Total Information Awareness have been
difficult for Congress to review.
One of the reasons the Wyden amendment was passed was
because Congress did not have sufficient information to allow
the project to proceed. Now, we find the information Congress
had then is no longer operative.
Similarly, Admiral Loy told us about all of his Federal
Register notices and conferences but Congress still doesn't
know what data is going to be used in CAPPSII or what rights
citizens will have.
How can we assure that Congress has the information
necessary and that all of the relevant committees consider that
information before these programs go much further? Mr. Cohen.
Mr. Cohen. Congressman, as you were asking your question, I
couldn't help but looking over your shoulder and seeing the
portrait of Jack Brooks. I used to work for Chairman Brooks
when he chaired the House Judiciary Committee. I was the deputy
chief investigator for the committee. Chairman Brooks worked
very closely with the ranking member of the committee on a
number of issues.
Mr. Clay. When I first met Jack Brooks 25 years ago, I
worked here as a doorkeeper over there in the House. He ran the
committee with an iron fist too.
Mr. Cohen. Yes, he did. I think back to the struggles we
went through trying to conduct oversight. In my opinion as a
law enforcement person, we are in a very uncomfortable time in
this country because on the one hand, you have fear pervasive
through society where people are saying things such as, maybe I
am willing to give some of my civil liberties if just the
Government will keep me safer. You have good people in law
enforcement and government trying to come up with a solution
that is a very complex and very scary situation where people
are attacking this country.
At the same time, we are going through a period where folks
are saying, if I am going to do my job effectively, I can't
have that pesky Congress looking over my shoulder or media
shouldn't be given accurate information, or the courts have no
business telling us what to do. We are a nation at war.
It is a difficult balance because on the one hand, we have
to protect sources and methods but on the other hand, there is
a long history of abuses of authority, and there is a long
history of law enforcement people even though I think most
police officers and law enforcement folks in this country are
people doing a job most would be unwilling or unable to do and
they are honorable but there are bad people.
Today's LA Times runs a story about an LAPD officer who was
using his access to law enforcement information systems to sell
that information for his own personal gain. He ruined the life
of hundreds of people. Abuses will happen. No matter how good
intentioned an agency is in creating a system, there is always
potential for abuse.
I think during these times, Congress has to be
extraordinarily aggressive and the message has to get out that
oversight isn't a bad thing, it is going to make our system
stronger, it is going to help protect us better. What you find
after you start taking a look at how terrorist organizations
operate, you find a lot of the important information isn't
secret information anyway. It is information that comes from
community members, from basic law enforcement systems and non-
law enforcement related government systems--drivers licenses,
FAA, all those types of systems.
I think Congress by aggressively injecting a bit of reality
into this process can play a real significant role.
Mr. Clay. That pretty much serves as a way to fine tune our
system of protections.
Mr. Cohen. Absolutely, Congressman. We worked very closely
with the Justice Department, though it was a different party
administration, on all types of issues. We worked closely with
NSA and the intelligence community on a whole series of issues.
Congress is a very important player in this and cannot be
excluded if we are going to be effective.
Mr. Clay. Mr. Steinhardt, how can Congress assure that we
have the necessary information?
Mr. Steinhardt. I have a great deal of sympathy for your
question. We have had a constantly shifting explanation of what
the Total Information Awareness Program and CAPPSII Program
are. Those charts come from DARPA and we blew them up to make
that very point, that the explanation of these systems
constantly shifts but that the initial explanation, whether the
chart from DARPA or the Privacy Act notice filed by the TSA,
are massive systems of surveillance.
It seems to me Congress has the right and the
Constitutional duty to ask some hard questions of the
administration about what exactly these programs will do, what
data will be collected, who will they be trained on. It is
clear they will be trained on American citizens. Whether or not
there should be, as Mr. Turner suggested, and I tend to agree
with him on this point, a separate set of rules that apply to
non-Americans. It is clear both TIA and CAPPSII will apply to
hundreds of millions of American citizens, American residents.
I would suggest in summary what you need to do is really
employ a two step analysis. The first is you need to ask some
hard questions about whether these systems will work. There are
a lot of good people out there who are security experts,
computer scientists, technologists who will tell you these
systems are not likely to work. If they are not likely to work,
then they become a diversion of our resources and creation of
potential threat only to the point that you are satisfied they
are likely to make us safer, not talking about 100 percent
certainty. I understand nothing is 100 percent certain, but
general certainty that the systems are going to make us safer,
only if you are satisfied on that score do you then begin to
ask the second set of questions which revolve around what is
the cost to our freedoms and how can we cabin the systems so
they don't cost us our freedoms.
You need to begin by asking that first question. Is it
going to work, is it going to make us safer or is it going to
create the illusion of security.
Mr. Clay. You say there may need to be a bifurcated system
or a two-tiered system where we treat American citizens one way
and treat immigrants another way. You bring up a valid point.
We may need to get a handle on who is here in this country and
maybe scrutinize them in a different way than we do American
citizens.
Mr. Steinhardt. What I was trying to do, Congressman, was
answer Mr. Turner's question about who would CAPPSII apply to.
In my opening statement, I give the statistic that it applies
to about 100 million Americans. I estimated the error rate
100,000 people if the error rate was 99.5. Mr. Turner asked a
legitimate question, what about those people who are not
American citizens. I was just emphasizing that both CAPPSII and
as originally proposed the TIA systems were designed to go
after American citizens. There is no question a different set
of Constitutional standards applies to non-Americans. We can
and should at some point talk about those but we need to
recognize that these are not systems solely designed to be
applied to foreign visitors to this country. They are going to
apply to hundreds of millions of American citizens.
Mr. Clay. Thank you.
Mr. Rosenzweig.
Mr. Rosenzweig. The answer to the question how is a very
simple one. You have more power than you think you have or you
know you actually have more power, the power of the purse, the
power of public observation and ultimately powers of subpoena.
I was on a program talking about the Patriot Act, an NPR
program with Congressman Conyers about 6 months ago. As you may
imagine, we don't necessarily agree on a number of things but
this was at the time when the Department of Justice was
refusing to provide data on its use of subpoena powers to the
Judiciary Committee. One of the things that we agreed on
wholeheartedly was the necessity for the Department of Justice
or any other executive branch to provide you with information.
I don't see in these charts a nefarious mutation of policy.
I see the natural product of the development of an idea that
starts as an outside the box conception in an agency that we
designed for the purpose of doing outside the box thinking,
that ultimately gets refined as it is subjected to public
scrutiny such that it is indeed likely a variation on the
original idea that is more sensitive to public liberty
concerns.
That is not DARPA's mission. DARPA's mission is to have the
wild hairbrained ideas. It is the other people in the executive
branch's idea to say, whoa, make sure you do it the right way
and it is your mission to say to the executive branch, really
make sure you do it the right way.
I actually see the trend between those two charts that Mr.
Steinhardt seems to think of as a demonstration of the bad
motivation that initially went into this as actually an example
of the system working. Congress did the right thing with part
of the Wyden amendment by saying, tell us what you are doing
and sometime today you are going to get 500 pages, 300 pages, I
don't know what they will give you, on what TIA is doing.
I am sure Mr. Steinhardt is going to study that carefully,
I am going to study that carefully, you and your staff are
going to study that carefully, and we can build from there. So
do more of what you are doing is the answer.
Mr. Clay. Thank you for that answer.
Mr. Putnam. I thank the gentleman.
Mr. Steinhardt, you made several references in your written
and verbal testimony to the surveillance society. Has the
ACLU's definition of an acceptable level of surveillance in
society changed since September 11?
Mr. Steinhardt. We have never been opposed to strong
security measures. My colleague, Rich Nochime for example,
testified before what was then known as the Gore Commission in
the prior administration, on aviation security about the need
to do several things. One was to fully secure the cockpit doors
in airplanes; second was to x-ray all the package or otherwise
test all the baggage going into the cargo hold; third was to
put armed guards on the planes. We have never been opposed to
security.
The questions we have been raising are does the security
that is proposed work? Many of these proposals simply will not
work. They will not make us safer. Second, how can we retain
our liberties in the face of the ever advancing march of
technology which makes it easier to collect data about us, to
correlate that data, to mine that data? I can show you my
device that does e-mail and phone and keeps my calendar but we
need to begin to put some rules around this technology.
I had the opportunity the other day to visit with Dr. Popp,
the deputy director of the Total Information Awareness Program.
He was showing us some slides about TIA. He was showing a slide
that showed the role of different agencies in the TIA Program.
In the bottom righthand corner of that slide, and I cannot
forget this, was a balloon that said ``policy'' and the
remarkable thing about that balloon was it was empty. There is
no policy other than the Wyden amendment. There is no policy
that really constrains what can be done with TIA. That is
Congress' role, you need to begin to develop those policies.
You can't leave them to the governmental officials who build
these systems.
Mr. Putnam. Everyone else in society has sort of lost their
footing since September 11 and are trying to regain it as to
what is acceptable. Prior to September 11, red light cameras
and face recognition technology at a Super Bowl may not have
been acceptable. After September 11, it may be. There is this
effort on the part of society and it is reflected in the
Congress of trying to regain our footing as to what is an
acceptable level of surveillance in our lives.
My question was whether or not the same process had been
undergone in ACLU but let me move on.
There has been a growth, perhaps an explosion, in the
number of local and State law enforcement agencies who have
begun their own intelligence divisions, agencies, operations
that are probably subject to less scrutiny than the Federal
agencies have been up to. Would you comment on your awareness
of municipal or State efforts in this regard and your concerns
or observations on their progress, beginning with Mr. Cohen?
Mr. Cohen. You are right, for a number of reasons State and
local law enforcement have expanded their exports in two
things, one in the collection, analysis and dissemination of
information and intelligence, especially on the State level as
an intelligence dissemination hub. The State of California has
created a Counterterrorism Information Center. The State of
Maryland is establishing a similar capability where crime and
terrorism related information will all come into a central
analytical facility and be disseminated out to Federal, State
and local entities. The State of Arizona is building a similar
capability.
At the same time, many local agencies are focusing on this
whole issue of intelligence and creating their own intelligence
divisions.
The reason the States are having to step up and do this is
because there is a perceived lack of capability coming from the
Feds in this area. Whether it is because the Federal Government
doesn't have the infrastructure or the capability itself or
whether it is a different perspective on what information
sharing is, a number of State and local governments have felt
they are in a better position to conduct this analysis and
dissemination.
From the standpoint of creating local intelligence groups,
local law enforcement for the most part sees the correlation
between crime and terrorism, and while they tend to be under
less Federal scrutiny unless they are using Federal funds for
technology systems that facilitate movement of this
information, they tend to be under pretty extensive local
scrutiny because of past problems.
The city of Denver, for example. The city council and the
local courts are very heavily focusing on the efforts of the
Denver City Police Department to collect intelligence
information. When we work with police departments, we say as
long as you continue to remember things like due process,
probable cause and you are linking your information collection
activities to criminal activity, you are in good shape. If you
start straying from that area and start looking at collecting
information that may not be related to criminal behavior, you
need to be very careful.
Mr. Steinhardt. Let me followup what Mr. Cohen just said
because the Denver case is actually an ACLU case. We are not
opposed to the Federal Government and local and State law
enforcement agencies talking to one another as some might
suggest. We are concerned about what happened in Denver where
you had the Denver police collecting information about lawful
protesters who were exercising their first amendment rights and
creating what amounted to spy files about those individuals.
It is both a diversion of the resources of the Denver
Police Department from far more critical things they could be
doing and a deprivation of rights. Denver is not alone. That
occurred before September 11 but Denver is not alone as a
representative of that problem. In New York, the incumbent
administration had a policy for a period of time that they
simply would not approve any parade permits, so people who
wanted to exercise their first amendment right to protest were
prohibited from doing it.
The consequence was they denied a permit to what turned out
to be 500,000 or 600,000 people who wanted to hold a
demonstration in front of the U.N. before the Iraqi war broke
out. The classic exercise of their first amendment rights to
petition their government for a redress of their grievances as
the first amendment says, the consequence was from a security
perspective that you had hundreds of thousands of people
wandering through streets of Manhattan in a disorganized way
that made us less secure rather than more secure.
We need to recognize that even in these times, we are not
suspending the Constitution, we are not suspending the Bill of
Rights, we need to apply those resources in a way that makes
the most sense, that is efficient and effective.
Mr. Rosenzweig. I think the answer to your question depends
upon the subject matter of the intelligence gathering. To a
very real degree the tools and methods by which we are going to
identify terrorists reside principally at the Federal level,
the CIA, NSA, DOD, FBI, Homeland Security.
The creation of intelligence divisions in the States is to
be welcomed. Any enhancement of our abilities to identify
terrorists is great but I guess from my perspective, unless
those intelligence capabilities are linked with the Federal
system and thus far they are not so linked, they result in a
duplication of effort to some degree. That is the nature of our
Federal system. Indeed it was created in some ways to cause
inefficiency, the division between Federal and State and locals
is designed to cause governmental inefficiency.
In the case of terrorists questions, that may be an
inefficiency we can no longer afford.
Mr. Putnam. Do you believe Mr. Rosenzweig, that government
should be restricted to publicly available data sources?
Mr. Rosenzweig. With appropriate safeguards, no.
Mr. Putnam. My time has expired. I will recognize the
gentleman from Ohio, Mr. Turner.
Excuse me, Mr. Lynch?
Mr. Lynch. No.
Mr. Putnam. Mr. Turner.
Mr. Turner. Mr. Steinhardt, in listening to your testimony
and reading over the written statement you have given us, I
agree with your concerns and the problems you have identified
in these types of systems. The issues of we can't catch
everyone, there will be failures of the system. Timothy McVeigh
would not be someone who would have been identified. Abuse of
government, the fact that other uses of this information might
be found. Civil liberties, the fact that innocence would be
identified, that there could be creep, that we needed due
process for those aggrieved, that criminals may subvert the
system, that once the system is constructed, those who really
want to get beyond it can and the issues of cost benefit
analysis.
Your conclusion of then don't do this leaves me with the
question of what is the alternative. We know what we are doing
now doesn't work and we have all seen 85 year old grandmothers
with their grandchildren traveling who have gone through
increased security measures and we all agree pose no risk to
us.
I would love to hear from you what is the alternative
besides just increased security. We all know, even in the
highest crime areas of urban America, you could put a policeman
on every corner and still not have an impact on crime
necessarily. What alternatives in intelligence gathering or in
looking at intelligence would you find acceptable or would you
suggest be pursued?
Mr. Steinhardt. I think that is an important question. To
my mind the first alternative is physical security. That
remains our best alternative. We have taken some steps in air
travel that are working pretty well. We put air marshals on the
planes, we strengthened cockpit doors, we x-ray baggage. There
are some additional things we ought to be doing. We are still
not doing luggage matching to determine whether someone
checking luggage on the plane actually got on the plane. There
are a number of things we could be doing in addition to what we
are doing that is physical security.
We are not opposed to the notion that the government have a
properly constituted watch list of persons who we believe are
engaged in terrorist activities which are criminal activities,
that be circulated and people be carefully checked against it
but that is not what CAPPSII is.
CAPPSII is designing a much larger system of investigation
of 100 million Americans plus 10 or 15 million non-U.S. persons
who arrive here every year. When we say we think CAPPSII is the
wrong alternative to the problem, it is not to suggest we think
either there are not additional physical security measures we
can take, nor is to suggest we think the Government should be
prohibited from compiling a generally accurate list of persons
who are not permitted to fly. If you have identified one of
those persons, you trigger the normal criminal process. If you
identify someone who is a terrorist, then the likelihood is you
have sufficient cause to arrest them and bring them to trial.
Mr. Turner. How would that list be made, the watch list you
are talking about, how would that be composed, how would you
achieve that list?
Mr. Steinhardt. We certainly would have to go beyond what
we now have. About a year ago some of us met with some persons
who were then in the Department of Transportation, I suppose
they are in Homeland Security now, who described the current
watchlist as 1,000 guys named Mohammed and I am not
exaggerating that.
If we have sufficient information about individuals to
believe that they intend to cause us harm, that they have
engaged in criminal activities, terrorist activities which are
also criminal activities, then it seems to me it is appropriate
to circulate a list to security officials and check to see if
they are trying to fly.
Mr. Turner. The second question is for Mr. Steinhardt
again. You indicated the Constitutional standards for non-
Americans would be different and there is some level of
acceptable tracking that could be done. Would you be willing to
submit to this committee additional information as to what you
would consider to be an acceptable tracking system for non-
American citizens?
Mr. Steinhardt. Absolutely. We will provide the committee
with additional information. I will ask my colleagues who work
on those issues to help me. We will submit some information.
Mr. Turner. The next question I have goes to all the panel
members, starting with Mr. Rosenzweig.
I participated in a panel at the American War College at
Maxwell Air Force Base. One of the questions asked by someone
attending was can America right a religious war? One of the
biggest issues we all came down to which I thought was pretty
startling was how do you define a religious war. If your enemy
declares a religious war, you are in one whether or not you
believe you are in a religious war yourself.
We define ourselves being an immigrant population as
everyone, every religion, every ethnicity. Governmentally we
consider ourselves to be nonreligious. Yet the rest of the
world does not necessarily organize that way. There are areas
of the world that tend to be more homogeneous, that are not
immigrant populations. So when we have an area of the world
that identifies America as an enemy or a target, we are going
to find ourselves in a situation where by trying to discern who
our enemy is, we are in fact crossing that line into an area
where America feels very uncomfortable because of our inherent
definition of ourselves of being made up of everyone.
In looking at that issue, what are your thoughts on the
Constitutional issues that we face, the political issues we
face, our concerns being an immigrant population of making
certain as we preserve our definition of a nondiscriminatory
society, we still have the ability to discern where there is a
conflict that is coming from an isolated area of the country
that may be more homogeneous and may have a different view of
why it is at war with us?
Mr. Rosenzweig. That is a very difficult question to
answer. Let me offer two thoughts.
The first thought is that in some very real ways, the
promise of advanced technologies that we have been discussing
is to minimize the need for the use of characterizations and
categorizations that Americans inherently find difficult,
racial profiling, religious profiling, that sort of thing.
When we talk about CAPPSII or TIA as an intrusion into
privacy, we have to understand that it really is not a one-way
rachet. It is really a rebalancing the privacy because there
are more intrusions in electronic data that is out there about
you that will probably result in substantial reductions in the
amount of physical intrusions that occur to American people as
they go through the airports, the body searches and things.
Another consequence of a successful CAPPSII Program, if we
can develop one and if it can work, I don't know whether it
will work and history is littered with people who will say
airplanes won't fly and automobiles will never work. Assuming
it works, if we can get a system that is better at pinpointing
who it is that is an appropriate target for enhanced scrutiny
because of indicators out there, that decreases our need and
may even eliminate the need for us to rely upon the fact that a
person is a practitioner of Islam who was born in Yemen and has
moved to the United States, characterizations we don't want to
use.
The second answer, second aspect of it is we are going to
have to accept that as a cost in the end. It is not a cost
anyone willingly accepts and we shouldn't use those sorts of
characterizations for any except the most extreme and
significant threats. I would say don't use it for drugs, don't
use it to catch wife beaters, there is a whole host of valuable
things we do but all of them pale in significance compared to
the security of Americans and their safety.
If we can find no other way to do it, then we are going to
have to with a lot of oversight so we try and do it the best
way we can with the least amount of intrusion. Those are the
only answers. That is not a good answer, not a satisfying
answer but we are in a very unsatisfying situation that is not
the product of our own beginning.
Mr. Steinhardt. As you said, I agree we need to have better
coordination among law enforcement agencies whether it is State
or Federal, local or Federal but the question remains what is
it these systems will evolve into? I was thinking as I prepared
for this testimony about the experience with the Social
Security number. My parents when they first received their
Social Security numbers back in the 1930's were promised the
Social Security number would not be used to do anything other
than to administer this brand new pension program.
My children on the other hand, if you fast forward a few
decades, were given their Social Security numbers at birth and
it is quite clear it has become not only a unique identifying
number in our society but it has very real consequence for
millions of Americans who have become the victim of identity
thieves who use that Social Security number as the linchpin for
their theft.
I fear that in the Internet age in which we live where
everything is sped up, period between when my parents got their
Social Security number and my children got theirs is going to
be tremendously compressed. That if we build systems like TIA
and CAPPS II, in the end they are going to be used for not
purposes that are unauthorized, although they will that is not
what I am worried about, I am worried about what will become
the eventual authorized purposes for systems that allow that
sort of intrusion into our lives, that allow that sort of
ability to correlate what would seem to be these disparate and
unrelated facts about us.
Mr. Cohen. I think your two questions are linked because if
we do this right, we shouldn't have to fight religious wars.
Terrorists aren't dangerous because they have dangerous
thoughts or they say dangerous things. They are dangerous
because their political or religious ideology motivates them to
do violent acts against people, places and things. The danger
comes from the violent act. They don't commit those violent
acts in a vacuum. They deal with criminal organizations, other
political organizations. They move about the world.
There are ways to target them and prevent them from doing
what they intend to do without it becoming a religious war. We
do it the same way we target violent international weapons
trafficking organizations and violent international drug
trafficking organizations who use many of the same terrorist-
like tactics to promote their goals. So they commit violent
acts, sometimes mass murders motivated by greed.
In my opinion, a mass murder committed or motivated by
political ideology is no more sinister than a mass murder
committed because of mental illness or because of the intent to
promote a criminal goal.
I think this goes to your question, what do we do if we are
not going to invest in the CAPPS II system or TIA? I think it
becomes a question of priorities. We have limited funding; that
is the reality of life. Is it more important to build the TIA
system or the CAPPS II system or is it more important to
conduct a comprehensive national threat assessment where the
Federal Government works with State and local governments to
identify potential targets? Is it more important to create a
system so that once that threat assessment is done, we can
constantly reevaluate and reprioritize it based on information
that comes from the Federal level?
Is it more important or a higher priority to map out the
business processes of how international terrorist organizations
work with domestic groups like black militant organizations,
white supremacist organizations, latin american drug
traffickers?
I have to tell you I fundamentally disagree with my
panelist's position that one of the most important components
in identifying terrorists operating in this country, the
information is going to come from the intelligence community.
Investigation in North Carolina into cigarette smuggling by
local sheriffs resulted in the discovery of a terrorist cell
where they were using the proceeds from cigarette sales to fund
Hezbollah operations. It didn't start off as an investigation
that came from intelligence sources but because some local
deputy sheriffs were told by community people there were some
suspicious behavior going on.
DEA agents, FBI agents began an investigation in San Diego
into an heroin trafficking organization. Come to find out, that
organization is involved in shipping surface to air missiles to
Latin American terrorist groups.
An organization coming in from Canada bringing precursor
chemicals for the production of methamphetamine resulted in
dismantling an incredibly large methamphetamine production.
Guess what we found out afterwards? They were funneling the
proceeds of the sales of those precursor chemicals to Middle
Eastern terrorist organizations.
The vast majority of the cases on terrorist organizations
that have taken place since September 11 weren't initiated by
information that came from the intelligence community. They
were initiated because a local police officer, a Federal agent,
a community member reported something suspicious, and a
criminal investigation began. They found out later when they
linked information that came from the intelligence community
that these folks had a tie with terrorist organizations.
I am not saying the intelligence community doesn't have a
role. That would be ridiculous to say that. It is only when we
recognize, if we are going to be truly serious about preventing
terrorism in this country, this philosophy that terrorism is
worked on this path and crime investigations are worked on a
separate path and we have to make it difficult that we don't
share that information; until we recognize that is a
nonproductive way to do it, we are not going to be able to put
in place a system in this country that allows Federal, State,
local law enforcement to best protect the people who live here.
Mr. Turner. Thank you.
Mr. Putnam. You have made the point Mr. Cohen rather
eloquently about the nexus between drugs and weapons
trafficking and the source of financing for terrorist
organizations. Mr. Steinhardt and Mr. Rosenzweig have both
testified either in written submissions or verbally that at
bare minimum, if we are to deploy TIA and CAPPS they should not
be expanded beyond national security issues into criminal
activity.
If we criticize an inability to connect the dots because
the criminal agencies, the law enforcement agencies aren't
talking to the intelligence community or the Department of
Defense, why would we restrict the ability of TSA and others
using best technology practices to pick up a sniper, a weapons
trafficker, a drug trafficker, a murder, a kidnapper? How would
we justify to the parents of a kidnapped child that we had
technology that could have picked up that person at the airport
but we only use that for terrorists? At what point would you
draw that line where national security threats cross the
threshold into criminal activity? I would direct that to Mr.
Steinhardt and Mr. Rosenzweig?
Mr. Rosenzweig. I think the principal difference between
Mr. Steinhardt and I is that he doesn't believe you are going
to be able to maintain that line, that in the end the reality
of politics will cause Congress and the administration, whether
Democrat or Republican, to follow that downward path.
The reason and one of the only reasons I am willing to take
the step of looking at TIA is because I believe you can make
that line and I believe you should.
Mr. Putnam. Where do you put the line?
Mr. Rosenzweig. I think the line is where we are talking
now, national security, the maintenance of the security of all
the citizens of the United States against broad threats of
terror that are likely to result or may result in the deaths of
tens of thousands, thousands of us, is a class category
distinction in my mind.
To be honest with you, if I didn't think you could draw and
maintain that line, I would be joining with Mr. Steinhardt
because the power of this technology to be a potential for
abuse and for intrusion is not insignificant. To my mind, the
risk is worth it if it is going to be used in this narrow range
of circumstances that are the most significant. You can't
define the line but I think it is easy to say that September 11
is a lot different than chasing down deadbeat dads. Deadbeat
dads who don't pay their alimony and child support are bad
people.
Mr. Putnam. You have laid down those two markers, let us
move inward from deadbeat dads to Pablo Escobar or move further
to a major weapons trafficker, or further to someone who is a
financier of Al-Qaeda but is not a known operative.
Mr. Rosenzweig. The lines are difficult no doubt and there
will be room for argument in the gray area where it is. I would
say the financier falls on the side of the line where I would
use it. I would say Pablo Escobar, however grave a threat he is
to Americans, is not a fundamental threat to American security
and does not have as his fundamental purpose the intent to kill
tens and tens of thousands of Americans.
The difficulty in drawing the line is often used as the
slippery slope argument against even beginning the discussion.
I stand with Justice White who wrote in response to the
slippery slope argument, we are rationale human beings, we can
draw lines, we can debate where we want to draw them, but to
say we cannot draw them is to despair of our rationality. I am
paraphrasing obviously. That way lies despair. That way, don't
do this at all. in which case, we are tossing away potentially
our greatest technological advantages if these things work and
condemning quite possibly Americans to death or admitting we
can't draw a line and we are going to travel down the road to a
police state or surveillance state where TIA and CAPPS II and
other systems like that are used to dun me for my unpaid
traffic tickets.
I hope we can stop somewhere along that slope.
Mr. Putnam. Mr. Steinhardt.
Mr. Steinhardt. The ACLU has never opposed the intelligence
agencies and the criminal law enforcement agencies talking to
one another when there is evidence of a crime. We had plenty of
evidence before September 11 those terrorists who hijacked
those planes were going to commit a crime. There was nothing in
law then, certainly nothing now in law that prevents those
agencies from talking to one another. That ought to be the
touchstone here which is whether or not you have evidence of
criminality. If that is the case, the information can be shared
and should be shared.
I would think if the TIA had evidence at the airport that
Pablo Escobar or some other wanted criminal was presenting
himself, the right response is call the cops, bring them in and
have them make the arrest.
That is very different from the question of how do you
design these systems. Do you design them to be an adjunct to
law enforcement or do you design them for the purpose for which
they originally were to be created which is as security
systems.
To the extent we are going to have these systems, I would
suggest we design them as security systems. I am sure if
Admiral Loy were here he would say that is his first priority.
He is in the security business, not the law enforcement
business. I know of nothing in law that would prevent the TSA
if they came across a wanted felon from calling the criminal
law enforcement agencies to make the arrest.
Mr. Putnam. You have made points back and forth, one
following Mr. Forman's comments we are not going to fund
anything until it is proven effective and the other your
philosophical opinions on the privacy issues. Is your primary
objective the deployment of TIA, which has not occurred, or the
development and deployment of CAPPS II which has yet to occur?
Is your objection based on the ineffectiveness argument that it
is not going to work or the intrusiveness argument which is
that it is going to work too well and bring in innocent people?
Mr. Steinhardt. I fear it will be both. Systems like that
are not going to work in the sense that they are not going to
make us more secure. I don't mean 100 percent security, no one
believes we can achieve 100 percent security but a reasonable
degree of extra security.
Second, if we build systems like that, they are inevitably
going to be used for other purposes, even as they don't protect
us, they will be used for other purposes. In fact, as they
don't protect, the impulse is going to be to make them more
intrusive, to gather more information, to use them in different
ways. That will be the response, their lack of efficiency,
their lack of effectiveness. That is what I fear about systems
like TIA and CAPPS II. Build it and they will come with all
sorts of other uses for systems like that and they inevitably
will be used for other purposes just as my parents' Social
Security numbers are used for a host of other purposes now.
Mr. Putnam. You specifically cite in your testimony your
objection to Admiral Loy's comment. In fairness to Admiral Loy,
his comment was in response to my question and he couched his
response by saying he would not expand the use of CAPPS II
beyond air travel without specific congressional authorization
if I remember correctly.
You object to using the same technology for air travel on
passenger cruise lines and rail travel. If we deploy a
technology to presumably increase the security of air travel,
why would we deliberately choose not to deploy that same
technology to rail and cruise ships? Do we presume they won't
select those transportation modes as a target?
Mr. Steinhardt. We object to the technology whether
employed in air travel or rail or shipping. Your response I
sense is what I assume will happen which is if we build one of
these systems, say CAPPS II, you make an excellent point, if we
build the system, why not apply it in other areas and we would
employ it for a whole host of other reasons, some of which are
completely unrelated to the security of our transportation.
That is exactly what I think will happen if we build CAPPS II
or TIA. We will use them in other ways.
There is no good answer in a sense to your question which
is why not use it in x or y case.
Mr. Putnam. If you are right and it doesn't work, we
shouldn't put it anywhere?
Mr. Steinhardt. That is right.
Mr. Putnam. But if it does work, I think it would be silly
to use it in air travel but leave all rail passengers
vulnerable. I would lead the charge in Congress in response to
your objection. Your objection is well founded and people like
me would say if it works for air, it ought to work for rail and
passenger cruise lines because clearly the people who wish us
ill have a range of targets to choose from.
My time has expired. I will recognize the gentleman from
Massachusetts if he has questions.
Mr. Lynch. Let us go back to the airline model. Right now
we have just a purely random system, so my mom, 82 years old,
coming down for the First Lady's luncheon last week gets
screened and it is completely random. We need to move from that
model. Clearly we are wasting a lot of resources on people who
aren't legitimate threats. That is not effective.
Is there a system out there with some criteria that would
be acceptable in terms of honing down the number of suspects
that would receive more robust screening at airports? I know it
is terribly problematic but when you have a situation like we
have where there is a group that has declared war against this
country and we are at pains under our Constitution to make sure
we don't simply respond to that by stigmatizing and labeling
all members of that group as suspects, we still have an
overriding primary responsibility to protect the citizens of
our country. There is the dilemma.
Is there anything you gentlemen can agree on that might
provide a more effective screening process?
Mr. Rosenzweig. That is what TSA is searching for. As of
now, the alternate to the random screening is a various set of
heuristics they use but they are so widely known to the public
that it is easy to avoid. For example, if you buy a ticket
late, less than a half hour or hour before you board, you are
going to get additional screening. The answer to that for the
terrorist is easy, buy your tickets 14 days in advance.
To the extent systems are currently in place that attempt
to supplement random screening, they are essentially
compromised and of little or no value. To the extent that we
are creating the CAPPS I No Fly list, it isn't really working
and just about anybody who does a little research can figure
out how it is created. It is fundamentally compromised.
You need a different heuristic. If the CAPPS II system or
something like it isn't developed and adopted, then you are
going to be left only with random searches or I guess the last
option is the very narrowest definition, the hard name list. We
cull every intelligence source and we get 27,000 people we
think are terrorists and we use that name list. If we don't add
name verification and identity checking to it, which is the
part of CAPPS II that people like Mr. Steinhardt find
objectionable for understandable reasons, the name list is
useless because the obvious answer is change your name. It is
not a very hard thing to do and it is not a very hard thing to
assume somebody else's identity.
The only way we can get beyond the current system I think
is something like the model they have developed in CAPPS II. If
we make the decision we don't want to do that for other
extrinsic policy reasons, that is OK but then we are going to
be doing heightened physical security, heightened random
screening, more privacy intrusions of the direct and immediate
personal sort that your mother experienced, and it is a
tradeoff. We will take that type of privacy intrusion as
opposed to the privacy intrusion of the name and identity
verification of CAPPS II.
For me, I would make the other choice but you can't really
say there is no rationality to the objection.
Mr. Lynch. Are we missing one other option? Isn't there the
possibility that we could have people self prove, low
susceptibility or low likelihood that they might be a
terrorist, people who fly frequently, if they came forward
voluntarily and said, I fly so often I can't be dealing with
the selection process all the time. I will come in and
basically lay all my cards on the table and this is who I am
and I will agree to go through some type of enhanced
identification process. Maybe it is biometrics or something
like that.
Mr. Rosenzweig. The trusted traveler program has at least
three problems. It is another possible answer. One, the depth
of inquiry necessary to make somebody a trusted traveler if it
is low enough to make it an efficient process is probably going
to miss people. If it is high enough that it will actually be
effective in screening out terrorists who try to get into the
program, it will take longer than the FBI screening that now
delays senatorial confirmation by 6 months.
You are talking about lots more people, so it is going to
be hard and it is subject to the same discovery of the
methodology problems that any other screening system is, which
is that the terrorists, once they learn there is a new system,
can game it. You can't predict for certain, but for sure
terrorists will try and suborn that system that setting
themselves up as trusted travelers.
No system is going to be perfect. That is at least a
reasonable alternative that allows people to volunteer to make
the choice of which type of privacy intrusion they will accept,
the physical one at the airport or the electronic one in
getting the trusted traveler, so at least it has a virtue of
choice. That is a reasonable alternative to think about.
Mr. Lynch. Thank you, Mr. Chairman.
Mr. Putnam. The ACLU has stated TSA will ``drown security
screeners in an ocean of private information. Some of the data
will be fraudulent and much of it just plain wrong.'' That
statement was printed after our last hearing and is in direct
conflict to what Admiral Loy described as CAPPS II doing. What
is that assertion based on?
Mr. Steinhardt. It is based on the privacy notice which the
Department of Transportation published which they now admit was
their first description of the CAPPS II Program. I have had the
opportunity to meet with Admiral Loy. We spent 3 days with his
staff at Wye River and had a long discussion about the CAPPS
Program. I have great faith in Admiral Loy and I believe he is
a man of good will. I believe his staff are people of good
will.
The initial description of the CAPPS II Program was the one
they published in the Federal Register. There has been a
shifting description of what CAPPS II now is. They describe it
differently in Wye River than they did to representatives of
the European Commission we met with a couple of weeks ago. It
is difficult to know exactly what CAPPS II is. It is difficult
to know what is in the black boxes they are going to check
after they do the identity checks. It is important to remember
CAPPS II as they currently describe it is a two-step process.
The first is an identity check, name, home address, home phone
number and date of birth. The second is a check against the
black boxes and we don't know what is in the black boxes. They
have described what is in the black boxes differently at
different times. It seems to me it certainly is Congress'
responsibility to try to find out what is in the black boxes.
Mr. Putnam. Does the use of factual data analysis or data
mining automatically suggest an erosion of civil liberties?
Mr. Steinhardt. I guess the short answer to that question
is no. The question is are we going to build systems of the
size and complexity of either TIA or CAPPS II which inevitably
will be used to erode civil liberties and will inevitably be
used for purposes other than the purposes for which they are
now being proffered.
Clearly we engage in a certain amount of data mining,
police officers, law enforcement officers engage in a certain
amount of data mining anytime they do an investigation. So we
are not inalterably opposed to the concept that law enforcement
or intelligence agencies engage in factual investigations.
There is a form of data mining going on every time they do
that.
Mr. Putnam. But I presume your preference and your
agreement with its proper role is after an incident and after
an investigation has begun rather than prior to a bad
occurrence, an event? In other words, you are investigating,
your data mining, you are narrowing down based on suspects that
were developed as a result of evidence that was collected after
a bad thing happened as opposed to prospectively looking for
patterns among innocent people because a bad thing has not yet
occurred. Is that a fair characterization of your position?
Mr. Steinhardt. I suppose it is but importantly we hold
that view because we don't think what you have just described
actually works. Does it in fact make us safer? That is not to
say they had some good reasons to suspect a person is going to
commit a crime, they can't investigate but to search through
what amounts to billions of pieces of data looking for patterns
in the sort of speculative way that TIA would do it, I don't
think they have demonstrated you can pick out the bad guys and
it won't wind up being a diversion of scarce resources that
could be more wisely spent on other enterprises.
Mr. Putnam. Again, your objection is based on its
ineffectiveness, not its intrusiveness?
Mr. Steinhardt. No. What I suggested is there is a two step
process here. First, the obligation it seems to me is on the
part of the proponents of the systems to demonstrate it will be
effective; that you as a Member of Congress ought to vote to
appropriate them funds to do x instead of y because x is going
to be effective. That is the first question. We don't even have
to reach the civil liberties issues if they can't demonstrate
it is going to be effective.
If a proposal is effective or reasonably effective, I don't
mean 100 percent efficiency, then we need to begin to ask the
question how do we balance our freedoms against whatever
intrusion that proposal will cause. The first question is, is
it going to work.
Mr. Putnam. That is a fair point.
There are volumes of information already publicly available
about any given individual. Technology now allows us to
access--in seconds rather than days--when political campaigns
or newspaper reporters dispatch investigators to the tax
collector's office, the property appraiser's office, the
supervisor of elections office, and the county court house to
look for criminal records and things like that. It can all be
theoretically accessed in seconds if the stovepipe data bases
are connected.
Assuming factual data analysis can be an effective law
enforcement and national security tool, at what point on the
list of transactional data on the chart you provided, which of
those categories of data then become inappropriate? Is
financial data appropriate or inappropriate? Is educational
data appropriate or inappropriate? What about travel history,
medical history, entry into the country? What then becomes
appropriate and what is not? Is it only things that are already
publicly held information that is accessible to any American
and not just the TSA law enforcement investigator or is it
every conceivable thing law enforcement can get their hands on
to prevent another September 11?
Mr. Steinhardt. You know the difficulty we have now as you
suggest is the fact so much information has become available.
TIA crystallized that not only are these disparate pieces of
information available out there publicly both to the government
and to non-governmental actors, but now they can all be tied
together. That is what TIA proposes to do. Paint this portrait
of us.
There is a lot of information on that chart I don't think
the government ought to have access to unless it has some
reasonable cause to have access. That is what the fourth
amendment requires, medical information, financial information,
education records, all those sorts of things.
It is important to look at the overall construct. TSA
proposes to build a system that ties together all these
individual strands about our lives to create this portrait of
us. That is what I meant by the surveillance society. TIA is an
example of how this surveillance society would operate. Tie all
the strands together, paint these portraits, the portraits may
or may not be true to life but they will be painted and we will
have to live with the consequences of having those portraits
painted. That is the direction in which we are moving.
It seems to me the Congress can step in and say wait, we
need to develop some rules about how we are going to use not
only individual data but when and how you can tie together all
this data. Congress did the right thing with TIA when it called
time out and said you can't use it on Americans and you can
make a report to us on how the system works, whether it works
and what its consequences are for civil liberties.
Mr. Putnam. Mr. Rosenzweig.
Mr. Rosenzweig. I think Mr. Steinhardt and I have a
different conception of how TIA is going to operate which is
one of the reasons why congressional oversight is vital. As I
understand it, in terms of pattern analysis, in terms of
assessing patterns within the data streams, this isn't going to
be a sifting in of millions of pieces of information of
education and medical records and all. It is going to be
pushing out into the data a query based upon models developed
by people who have sat around and said if we are going to blow
up the Golden Gate Bridge, what are the things we are going to
have to do that would leave trails in data space, what
purchases are we going to have to make, what travel are we
going to have to do.
It is clear as far as that inquiry goes, the success or
failure of TIA will turn upon the utility of our model. If we
develop the model of people who rent trucks and buy fertilizer,
that will capture not only Timothy McVeigh but most farmers in
Nebraska. That would be a really bad model.
It will need to be a broader model, maybe rent trucks, buy
fertilizers, pay cash, have previous membership in the Montana
Militia, etc. until it gets to a narrow enough group.
Otherwise, it is useless.
For access to the highly personalized information of a
particular person, the likelihood of that being a necessity
will only increase when the number of names gets down to very
small, particularized groups. That is as it should be. To be
candid, if we have a list of five names that some intelligence
source in Lebanon has given us are in the United States and are
planning terror, it is appropriate I think to want to be able
to link the data bases together so we can try and find out
whether or not we can get the information on these people.
To a large degree, TIA is about increasing efficiency. All
the information on that list, your financials, your medical,
education, is already available to the government once your
name becomes a legitimate subject of inquiry. Almost none of
those areas of data information have privacy restrictions that
prevent access to them in the case of criminal investigations.
In almost all of those instances, the data can be accessed
without notice to the original source of the data, the
individual who is the subject of the investigation. Often
notice is required to the data holder, your bank, your medical
provider, that sort of thing.
TIA is not going to change those rules or shouldn't change
those rules. The same rules that apply today to the rights of
law enforcement to have access to private information about you
should apply in the future when you access through TIA.
TIA will instead of taking as it took the FBI 9 months and
100 agents to develop a picture of what the 19 terrorists did
in the 2-months before September 11, it will allow it to happen
more quickly. If we have a narrowly enough focused search, that
is a good thing, not a bad thing.
Mr. Putnam. The gentleman from Ohio, do you have further
questions?
Mr. Lynch. No.
Mr. Putnam. The gentleman from Massachusetts?
Mr. Turner. No.
Mr. Cohen. May I?
Mr. Putnam. Please do.
Mr. Cohen. I think some of the last comments were actually
apropos and right on. I think the key to building this type of
system is to have the ability to take in real time intelligence
information and make modifications. For example, when Mohammed
Atta and his roommate received within a 6-week period a number
of suspicious wire transfers that all fit within the
requirements of suspicious transaction reports, it should have
been put on file with the Treasury Department. That in itself
does not mean they are part of a hijacking scheme. It could be
they are a drug trafficker, or they could be importing
legitimate goods.
If the system is structured right, it would also be able to
pull in additional information such as intelligence information
which indicates people are going to flight schools. The same
individual was on an FAA report leaving a plane on a runway in
Miami International Airport. The key is to make sure the system
is flexible enough and structured enough so that it can bring
in these different types of data sources.
To your earlier question about where do you draw the line,
you can't draw the line. There is no line because they are all
interlinked. I would argue if you build a system that is only
going to help identify foreign terrorists but not identify
someone like Tim McVeigh whose goal was very similar, or you
are going to somehow try to separate artificially identifying
folks involved in violent crimes from people involved in
violent terrorist acts, you are not going to be able to
construct a system and you are going to pour a lot of money
into something that is not going to work very effectively.
The flip side of that, if you go into the design of the
system understanding that not only can it help you protect the
Nation from terrorism but it is also going to help you protect
the streets of our communities from violent criminal activity
and build the system based on that understanding, you can then
put in the protections which would reduce abuses of that
capability.
Mr. Putnam. You don't think there is an ability to draw
some line on acceptable criminal behavior that would be
enforced, a line at which you would not pick up people who are
behind in paying their child support but you would pick up
someone who just escaped from a south Florida prison?
Mr. Cohen. I think the way you structured your question
earlier sort of identifies or illustrates the difficulty. The
person who is involved in failure to pay child support; the
person who is involved in cigarette smuggling; the person
involved in making fraudulent drivers licenses; may actually be
a terrorist. If you create a system that artificially separates
those different actions, you may be building a system that
isn't as effective as it could be.
If you go back and look at the activities of the hijackers
in the time period preceding the hijackings, you find they had
all kinds of run-ins with local police and local authorities.
It wasn't until we went back after the fact that we were able
to see if we only had a system that would have allowed us to
connect all these dots together.
The other thing I would say is we don't want to necessarily
build a system that only helps address the last attack. We have
to build a system that is going to allow us to prevent the next
attack, whether a suicide bombing, some other type of attack
different than hijacking an airplane and crashing it into a
building.
Mr. Putnam. You make the point in your testimony when you
describe the breakdowns in law enforcement information sharing
that the sniper attacks could have been prevented. You point
out the State of Alabama's data base doesn't have access to
Federal data bases, correct?
Mr. Cohen. Yes, sir.
Mr. Putnam. Later in response to a question, you said the
creation and buildup of these local and State
counterintelligence, counterterrorism, domestic information
gathering operations is a good thing because you are spreading
the eyes and ears around the country and you are developing
people who have unique local expertise and things like that. I
am paraphrasing you but you essentially said it was a good
thing that the city of New York now has a tremendous
intelligence operation as well as others.
Are we spending the money in the right places if we are
building up brand new counterintelligence networks in city
police departments and State law enforcement agencies when they
don't even have access to the data bases on common criminals?
Mr. Cohen. No, we are not and that is part of the problem.
We have to recognize while prevention and response activities
ultimately include at a great level local authorities, local
authorities themselves cannot do it alone. It is a very bad use
of money to simply allow each individual local jurisdiction to
come up with their own homeland security strategy that is not
connected with their neighbor, not connected on a regional
basis and not coordinated on a statewide basis and feeds in.
What you described is exactly what is happening right now.
We haven't come up with a detailed, national comprehensive
plan that defines the roles and responsibilities of how the
city of Miami links with Dade County from how they are going to
work together, what assets they are going to merge and how that
fits into the whole statewide approach.
The problem is because there hasn't been, from a State and
local perspective, that strong direction and because at the
State and local level, people feel they need to be doing
something, you are beginning to see the emergence of a lot of
non-linked, duplicative efforts.
Mr. Putnam. So we are creating more stovepipes even as we
seek a streamlined data base?
Mr. Cohen. Absolutely. My concern is that 2 or 3 years down
the road when we are doing the after action study on how we
spent this money, people will find we spent billions and
billions and have not gone as far as we could have and in some
respects, the funding has been wasted.
Mr. Putnam. You were pretty blunt in your testimony that
very little progress if any has been made in information
sharing and analysis across the law enforcement community since
September 11, even though everyone acknowledges the problem.
What is the single greatest obstacle to that coordination or
what is causing this breakdown or this failure?
Mr. Cohen. It is not a lack of money; it is not technology.
It is leadership and whether on a State or national level, we
haven't made it a priority yet to fix this problem. If you
think about the whole universe of what is homeland security,
that is a pretty big challenge to have to deal with. There are
a lot of issues and a lot of people identifying what the
priorities should be. Should it be ports, air travel systems,
CAPPS, TIA? I think we need to take a step back, need to stop
operating in the emergency response mode of thought and start
looking long term.
We do not have the resources in this country at the State
and local level or even the Federal level to continue our
approach to homeland security which I call the ``security
guard'' approach. We don't know what the real targets are, so
we are going to guard everything or harden as many things as we
can. We are going to pull police officers out of their
communities and do what we can to protect every nuclear power
plant, every water treatment plant, every bridge. It is just
impossible.
The only way to counter that is to sort of reboot the
computer and rethink the way we are doing it. We need to
integrate homeland security into the day to day business of
government, need to make sure everybody understands this is
something we have to deal with every day, and we have to
structure our information and communications systems in such a
way that we are able to pull key data out of those to identify
emerging trends.
Is a broken lock at a water treatment plant a maintenance
issue, or is it a terrorist organization or a criminal
organization probing the security of that facility? We don't
have the ability to do that today. A lot of Governors, a lot of
mayors are beginning to think this is the way of the future. We
have to make sure the Federal funding supports that thought
process.
Mr. Putnam. Then their ticket to more Federal money is to
create the greatest threat scenario possible for their
community?
Mr. Cohen. You bring up an interesting point. There is no
way for anyone to counteract. Obviously in the real world,
local governments need money, so they will say we will use
homeland security as a way for us to get additional funding to
address infrastructure issues. I don't think that is
necessarily a bad thing except for the fact there is no
mechanism today for someone to say, city of Houston, your
threat is actually higher than Salt Lake City, therefore, you
should be prioritized.
We have formulas that were created in years prior to
September 11. We have formulas based on demographics or
population because we haven't done a comprehensive, nationwide
threat assessment and because we don't have a system in place
that allows us to constantly reevaluate that on an ongoing
basis. We have no way to really determine whether one city is
more at risk than another except for conjecture, mathematical
models, and non-specific or non-confirmed intelligence
information.
I come from a background of information driven policing.
Police departments around the country have begun to become very
effective in pulling data from a variety of sources, whether
abandoned buildings, abandoned vehicles. They understand what
are the causal factors of crime. They identify the data element
they need, and management holds people accountable for
addressing crime issues and preventing crime.
That is the same approach we should be taking in homeland
security but we have not identified that baseline yet to begin
the process. From a priority perspective, that should be our
top priority--comprehensive nationwide threat assessment.
Create the baseline, and create a system so that we can
constantly update and reevaluate. That is what guides funding
decisions and operational decisions also.
Mr. Putnam. Is there a difference in your outlook or your
fears between a Federal agency engaging in factual data
analysis in-house and them doing it on a contracting basis with
a private firm? Is it irrelevant? Does it matter one way or the
other to you as far as the applicability of privacy laws and
things like that? Mr. Steinhardt.
Mr. Steinhardt. Increasingly what we are finding is that it
is difficult to draw a distinction between when the Government
is doing something and when the private sector is doing
something because government both contracts with the private
sector, provide services and information and sometimes it
compels the private sector to provide it with services or
information. So it is very difficult.
It seems to me though that when the Government is involved,
it makes sense to apply Constitutional principles to the action
whether the Government has hired someone to do it for it or not
and that ought to be the touchstone that the most efficient way
to use our resources at this point is to apply the
Constitution. It makes Constitutional sense and makes law
enforcement efficiency sense. We should be applying scarce
resources we have in those circumstances where we have
reasonable cause to believe someone has or will commit a crime.
That ought to be the touchstone rather than these massive sets
of speculations that TIA or CAPPS II suggest.
One place to begin spending our scarce resources is to fix
what is broken. I was stunned a few weeks ago to read a notice
in the Federal Register by the Department of Justice in which
they said the National Crime Computer [NCIC], was a data base
they could no longer stand behind the accuracy of. They wanted
to be exempted from the requirement that this data base, our
central repository of criminal justice records, is accurate.
Mr. Putnam. Who did that?
Mr. Steinhardt. The Justice Department. That was a stunning
development. For many years, many of us believed the NCIC was
full of garbage but here the Justice Department is saying not
only do we agree it is full of mistake but we are no longer
willing to stand behind it. That is frightening both from a
civil liberties perspective because of the mistakes that are
going to be made but it is also frightening from a security
perspective, that you have a central data base that law
enforcement is relying on at both the State, local and Federal
levels and it is simply full of inaccuracy. That is the kind of
thing that might be an appropriate opportunity for this
subcommittee to look at, what systems do we already have in
place, how accurate are they?
The ACLU is not opposed to the concept we have a
centralized repository of criminal justice information but it
ought to be accurate both from a civil liberties and a security
perspective.
Mr. Putnam. Mr. Rosenzweig.
Mr. Rosenzweig. To answer your question, the key to
oversight and therefore control is accountability. To the
extent that outsourcing the operation of a system diminishes
the accountability of Federal officials who you will call to
account for the operation of the system, it is to be generally
disfavored.
There is obviously no hard and fast rule and there are some
things that are far more efficient to use contractors for and
we should obviously want to do whatever we do with the
government dollar in the most efficient and effective manner.
As a general rule, I would urge you to ensure that any
system that is put in place retains a high degree of
accountability in high level administration officials who you
can demand come here and tell you how CAPPS II or TIA is
working or not working.
Mr. Putnam. The Wyden amendment was put on the Omnibus Bill
so it is a 1-year issue. What do each of you see as being
Congress' timeline for action and what do you see that action
as being between now and the expiration of the Wyden amendment?
What does the post-Wyden world look like from your perspective
and the timeline for that?
Mr. Rosenzweig. I would like to see Congress consider a
program like TIA and authorize additional research in the
program. I would urge the research contain a series of
guidelines as to what Congress considers an acceptable program,
one that retains accountability. We didn't talk about the
necessity of an audit trail but I have listed a dozen different
recommendations in the written testimony that in suitable
legislative language ought to be incorporated in any
authorization.
When and if the concept proves itself to be potentially
effective, since I agree with Mr. Steinhardt that we don't have
to address the liberties questions unless and until the
research says we can do the thing, those who would use it, the
FBI, DHS, CIA, come back and seek further authorization to
deploy the system.
Mr. Steinhardt. Actually your first responsibility begins
today. Today is literally the deadline for DARPA and other
Federal agencies involved to submit a report to the Congress in
response to the Wyden amendment on the TIA Program.
We suggested in my testimony a series of questions we hope
you will ask about that report. It seems to me the Congress
needs to carefully scrutinize this report before it authorizes
any further construction of the Total Information Awareness
Program, you certainly ought to put a halt to it until you
satisfy yourselves that it both will be effective and will
protect our freedoms.
Mr. Putnam. Recognizing that DARPA is a research agency and
their business is high risk research, isn't it a bit unusual to
apply a proof of success test to a research agency whose very
mission is to continue to work things through until they prove
they are successful or not. We don't make cancer research funds
contingent upon finding the cure by a certain date. We
understand the nature of the scientific process is you continue
to seek answers based on a hypothesis and the data you collect
in your experimentation. Is that a bit of an unusual standard?
Mr. Steinhardt. Here you are talking about fundamental
liberties at stake, in some respects the construction of our
society. I don't think it is unusual at all for Congress to say
before we appropriate half a billion dollars, to build a
prototype system, TIA, that we want some demonstration that
this is likely to work as opposed to other possibilities we
have for that half a billion dollars that could be spent.
The Wyden amendment does not prohibit them from going
forward with research and they are going forward with research.
I am curious to see what this report says about what they
regard as the likely effects from this program and how they
came to those conclusions. I urge you to look closely at that
as well. As an appropriator you need to make decisions about
how to spend half a billion dollars. You need to have some
assurances that there is a likelihood of success.
Mr. Putnam. Mr. Cohen.
Mr. Cohen. The only thing I would add to what Mr.
Rosenzweig and Mr. Steinhardt said is at the end of the day is
that the best use of half a billion dollars? If our local and
State criminal justice systems, which are going to be a key
part of an effective TIA system, still don't work; if in
Maryland you are only able to enter one warrant per person, so
if Montgomery County has an open container warrant for John
Cohen, and the Eastern Shore wants to put a robbery warrant in
the system, you can't do it because of the way the system is
structured, the question becomes: where would half a billion
dollars be spent more effectively, research on TIA or making
sure each State has a robust and interconnected, integrated
justice system?
Mr. Putnam. Before we conclude, is there other final
comments any of you would like to make or a question of a
fellow panelist that you have not heard today?
Mr. Steinhardt. I was going to suggest I think the one
thing we all agree on is that we have taken enough of the
committee's time.
Mr. Putnam. This is a very important issue and this is not
the end of the committee's work on this issue. As all of you
have pointed out, the report due today will be an important
next step to the further congressional involvement in this
matter.
I want to thank all of you for your outstanding insight and
comments and I thank the members of the subcommittee who
participated.
In the event there may be additional questions we did not
get to today, the record will remain open for 2 weeks for
submitted questions and answers which all of you will be
expected to respond to.
Thank you all very much.
[Whereupon, at 12:15, the subcommittee was adjourned, to
reconvene at the call of the Chair.]
<all>�