[Senate Hearing 107-912] [From the U.S. Government Publishing Office] S. Hrg. 107-912 SHOULD THE OFFICE OF HOMELAND SECURITY HAVE MORE POWER? A CASE STUDY IN INFORMATION SHARING ======================================================================= HEARING before the SUBCOMMITTEE ON ADMINISTRATIVE OVERSIGHT AND THE COURTS of the COMMITTEE ON THE JUDICIARY UNITED STATES SENATE ONE HUNDRED SEVENTH CONGRESS SECOND SESSION __________ APRIL 17, 2002 __________ Serial No. J-107-73 __________ Printed for the use of the Committee on the Judiciary 85-887 U.S. GOVERNMENT PRINTING OFFICE WASHINGTON : 2003 ____________________________________________________________________________ For Sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpr.gov Phone: toll free (866) 512-1800; (202) 512�091800 Fax: (202) 512�092250 Mail: Stop SSOP, Washington, DC 20402�090001 COMMITTEE ON THE JUDICIARY PATRICK J. LEAHY, Vermont, Chairman EDWARD M. KENNEDY, Massachusetts ORRIN G. HATCH, Utah JOSEPH R. BIDEN, Jr., Delaware STROM THURMOND, South Carolina HERBERT KOHL, Wisconsin CHARLES E. GRASSLEY, Iowa DIANNE FEINSTEIN, California ARLEN SPECTER, Pennsylvania RUSSELL D. FEINGOLD, Wisconsin JON KYL, Arizona CHARLES E. SCHUMER, New York MIKE DeWINE, Ohio RICHARD J. DURBIN, Illinois JEFF SESSIONS, Alabama MARIA CANTWELL, Washington SAM BROWNBACK, Kansas JOHN EDWARDS, North Carolina MITCH McCONNELL, Kentucky Bruce A. Cohen, Majority Chief Counsel and Staff Director Sharon Prost, Minority Chief Counsel Makan Delrahim, Minority Staff Director ------ Subcommittee on Administrative Oversight and the Courts CHARLES E. SCHUMER, New York, Chairman PATRICK J. LEAHY, Vermont JEFF SESSIONS, Alabama EDWARD M. KENNEDY, Massachusetts STROM THURMOND, South Carolina RUSSELL D. FEINGOLD, Wisconsin CHARLES E. GRASSLEY, Iowa RICHARD J. DURBIN, Illinois ARLEN SPECTER, Pennsylvania Benjamin Lawsky, Majority Chief Counsel Ed Haden, Minority Chief Counsel C O N T E N T S ---------- STATEMENTS OF COMMITTEE MEMBERS Page Schumer, Hon. Charles E., a U.S. Senator from the State of New York........................................................... 1 Leahy, Hon. Patrick J., a U.S. Senator from the State of Vermont. 69 Sessions, Hon. Jeff, a U.S. Senator from the State of Alabama.... 5 WITNESSES Anderson, Philip, Senior Fellow and Director, Homeland Security Initiative, Center for Strategic and International Studies..... 46 Hastings, Scott O., Associate Commissioner for the Office of Information Resources Management, U.S. Immigration and Naturalization Service, Washington, D.C........................ 17 Hitch, Vance, Chief Information Officer, Justice Management Division, Department of Justice, Washington, D.C............... 7 Jordan, Robert J., head of the Information Sharing Task Force, Federal Bureau of Investigation, Washington, D.C............... 12 Light, Paul C., Brookings Institution, Washington, D.C........... 53 Panetta, Hon. Leon E., Director, Panetta Institute, Monterey Bay, CA............................................................. 35 Terwilliger, George J., III, Partner, White & Case, Washington, D.C............................................................ 42 SUBMISSION FOR THE RECORD Department of Justice, Joseph Karpinski, Director, Congressional Relations and Public Affairs, letter........................... 70 SHOULD THE OFFICE OF HOMELAND SECURITY HAVE MORE POWER? A CASE STUDY IN INFORMATION SHARING ---------- WEDNESDAY, APRIL 17, 2002 United States Senate, Subcommittee on Administrative Oversight and the Courts, Committee on the Judiciary, Washington, DC. The Subcommittee met, pursuant to notice, at 9:36 a.m., in Room SD-216, Dirksen Senate Office Building, Hon. Charles Schumer, Chairman of the subcommittee, presiding. Present: Senators Schumer, Sessions, and Specter. STATEMENT OF HON. CHARLES E. SCHUMER, A U.S. SENATOR FROM THE STATE OF NEW YORK Chairman Schumer. Good morning, everybody. The hearing will come to order. We have consulted with Senator Sessions' staff, and because of our timing issues and particularly a few of our witnesses have to catch planes, we are going to start now. We will probably have a quick vote at 10 o'clock, and so we are going to try to move things along as quickly as possible. I want to thank all of our witnesses for coming to what I think is a very interesting and important hearing. I hope you will agree--all of you in the audience--after you hear what we have to say. And here is Senator Sessions now. Jeff, I am just going to begin my opening statement, because we have some time constraints. Since the events of September 11th, every local, State and Federal Government agency has been scrambling to repair the holes in our homeland defense that were revealed on that fateful day. Our homeland defense situation is comparable to the story of the little Dutch boy who single-handedly tried to keep the floods from breaking through the dike and destroying Amsterdam. He was successful, but we have many more holes than that one little hole in the dike. All of them have to be plugged up rather quickly. Try as we might, every time we plug one hole, another pops up. Whether it is the discovery of a terrorist with a shoe bomb who made it onto a plane, or sending student visas to known terrorists, we keep discovering hole after hole, and that translates into threat after threat and risk after risk. That is something we clearly cannot afford in the post-9/11 world. Our world changes, and we have to adapt to it. There are over 40 Federal agencies charged with law enforcement and intelligence gathering. Our safety relies in good part upon each and every one of them. When the left hand does not know what the right hand is doing, you have a problem. When you have 20 left hands and 20 right hands and none of them know what the other is doing, you have a potential disaster in the making. That is what we are facing right now. The backbone of homeland defense is good information sharing and coordination between Federal law enforcement and intelligence agencies. It is clear that we need some kind of body to coordinate government-wide policy on information sharing. We need an entity that can answer questions like: Where are we most vulnerable? Who can supply the right information about those vulnerabilities? Who needs to know about our weaknesses? And who is going to tell them? These sound like simple, basic questions, but in a bureaucracy like ours, unless someone is keeping an eye on things, the answers get lost pretty quickly. The Administration, in my judgment, was headed in the right direction when Tom Ridge was sworn in as the first Director of the Office of Homeland Security. Director Ridge was charged with developing and coordinating a comprehensive national strategy to strengthen protections against terrorist threats or attacks in the United States. Though the idea is a good one, I am afraid that the consequences, intended or not, have resulted in OHS becoming a little bit akin to something like a toothless tiger. Everybody has tremendous respect for Tom Ridge. I certainly do. We served in the House together, and he is an exemplary man and I am glad he is in that position. But at this point in time, he does not have the tools or the power to get what needs to be done, and this hearing will just show one little aspect of that. If OHS is meant to be more of a policymaking agency, then it needs to acquire the appropriate authority and be subject to congressional oversight. We are not taking any sides on whether Mr. Ridge ought to testify here or not; that is not the issue. The issue is what the scope of his office ought to be as it relates to information sharing and other issues. But OHS in this case needs to be able to prod or even direct the different Federal agencies into changing their management decisions and removing the blinders that stop agencies from thinking outside their own parameters. Each agency and bureau needs to think beyond its own functions, beyond its own databases, and work to connect to other departments. It is very hard to do this on your own. I am not blaming any of the agencies here for not doing it on their own. I am not blaming anyone in the Administration or in the House or Senate that we did not do this before. This is a brave new world and nobody had the foresight to know what we had to do. But now we do know what we have to do. And that is why we have to improve things and act. Various proposals have been laid out on how this entity, a new entity, an agency that is responsible for making sure there is coordination of information, be structured. And I look forward to hearing from our witnesses today on what they think. But whatever form it takes, I strongly believe that we need to empower one agency, one entity, to coordinate information sharing between and among the different Federal law enforcement and intelligence agencies for the purposes of homeland defense. Having an agency that coordinates information from different agencies is the first problem. Then having technology to help them do it is the second. I have been told the technology exists to vastly improve our agencies' databases so appropriate agency officials can access information in real time, both within their own agencies and, just as importantly, with other State, Federal, and local agencies. Before the recess, I introduced the idea of a supercomputer to coordinate Federal law enforcement intelligence gathering activities. While we would have to address the obvious privacy concerns in developing such an idea as this one, that is hardly beyond the pale. You can deal with privacy issues because you cannot just be Luddite and say do not make coordination better, do not have the best computers. You rather would have them, and then make sure that privacy concerns are protected as you use them. Now, we might need three or four of these computers, each one for a separate security purpose. In a recent interview, Larry Ellison of Oracle blamed a lot of our security problems on fragmented data. He said, ``We knew that Mohammed Atta was wanted. We just did not check the right database when he came into the country.'' And that sums up the problem as good as anybody can. For the most part, we have the right information. We know who to go after. We just keep stumbling into our own bureaucracy. About 6 weeks ago, I requested a complete list of the unclassified information databases used for law enforcement and intelligence purposes from 10 different law enforcement and intelligence agencies. I did not request what is in the databases, just what the databases are. I made follow-up call after follow-up call. I received the final lists only yesterday--6 weeks just to get a list of what the databases are, so we would know how to coordinate them. What does that say about our organizational capabilities? I have been told that our intelligence community is light years ahead of our law enforcement community in terms of the organization of information sharing and its technology. Well, everyone has to be brought up to speed and maybe the intelligence agencies can share some of their wisdom and what they have done with our law enforcement agencies. Intelligence gathering does not help if we do not have the law enforcement capability to deal with that information. Finally, we have to look at the culture in our Federal agencies and put a stop to the rivalries that get in the way of protecting our country. It is a well-known fact that cultural differences between the different law enforcement and intelligence agencies hinder proper information sharing. The CIA does not want to share with the FBI. The FBI does not want to share with the INS. My message to all of these groups is: Get with it. We are in a new and different world, and those rivalries cause us to pay a real price or could cause us to pay a real price. This is not about a turf war between Federal agencies. It is about preventing terrorists from murdering innocent civilians. If you cannot see that, then you need to take a good, hard look and figure it out. I very much look forward to hearing from our witnesses today from both inside and outside the government. And working together--this is not a partisan issue in any sense--we can repair our defenses and make our Nation a safer one. Thank you. [The prepared statement of Senator Schumer follows:] Statement of Hon. Charles E. Schumer, a U.S. Senator from the State of New York With over forty Federal agencies conducting homeland security- related law enforcement or intelligence gathering activities, and no one entity actually in charge of coordinating and directing all of them, the Courts Subcommittee today held a hearing to explore whether the Office of Homeland Security has the authority it needs. Schumer pointed to frequent terrorist threats that can and are slipping through the cracks and examined why major mistakes like granting student visas to terrorists occur and whether the Federal Government is doing enough to develop a supercomputer to coordinate homeland security activities. The following is Schumer's statement from the hearing: Since the events of September 11th, every local, State, and Federal Government agency has been scrambling to repair the holes in our homeland defense that were revealed on that fateful day. Our homeland defense situation is comparable to that story of the little Dutch boy who singlehandedly tried to keep the floods from breaking through the dike and destroying Amsterdam. Though I think he was successful, we're having a much harder time defending our own. Try as we might, every time we plug one hole, another one pops up. Whether it's the discovery of a terrorist with a shoe bomb who made it onto a plane or sending student visas to known terrorists, we keep discovering hole after hole, and that translates into threat after threat, risk after risk. That's something we clearly can't afford. There are over forty Federal agencies charged with law enforcement and intelligence gathering. Our safety relies, in some part, upon each and every one of them. When the left hand doesn't know what the right hand is doing, you've got a problem. When you have 20 left hands and 20 right hands and none of them knows what the other is, you've got a disaster in the making. And that's exactly what we're facing right now. The backbone of homeland defense is good information sharing and coordination between Federal law enforcement and intelligence agencies. It's clear that we need some kind of body to coordinate governmentwide policy on information sharing. We need an entity that can answer questions like: Where are we most vulnerable? Who can supply the right information about those vulnerabilities? Who needs to know about our weaknesses? And who is going to tell them? These may sounds like simple, basic questions, but in a bureaucracy like ours, unless someone is keeping an eye on things, the answers get lost pretty quickly. The Administration was headed in the right direction when Tom Ridge was sworn in as the first director of the Office of Homeland Security. Director Ridge was charged with developing and coordinating a comprehensive national strategy to strengthen protections against terrorist threats or attacks in the United States. Everyone has tremendous respect for Tom Ridge, but he needs the power to carry out his mandate: protecting the American people. If OHS is meant to be more of a policymaking agency, then it needs to acquire the appropriate authority and be subject to Congressional oversight. OHS needs to be able to prod the different Federal agencies into changing their management decisions and remove the blinders that stop agencies from thinking outside their own parameters. Each agency and bureau needs to think beyond its own functions, beyond its own databases, and work to connect to other departments. It's very hard to do this on your own. That's why we need an agency who's responsible for making sure it happens. Various proposals have been laid out for how this entity should be structured and I look forward to hearing from our witnesses today on what they think. But whatever form it takes, I strongly believe that we need to empower one agency, one entity, to coordinate information-sharing between and among the different Federal law enforcement and intelligence agencies for the purposes of homeland defense. Having an agency that coordinates information from different agencies is the first problem. Having the technology to help them do so is the second. I've been told that the technology exists to vastly improve our agencies' databases so that the appropriate officials can access information in real time both within their own agencies and with other Federal, State, and local agencies. Before the recess, I introduced the idea of a supercomputer to coordinate Federal law enforcement intelligence-gathering activities. While we would have to address the obvious privacy concerns in developing an idea such as this one, it's not beyond the pale. We might need three or four of these computers, each one for a separate security purpose. In a recent interview, Larry Ellison of Oracle blamed a lot of our security problems on fragmented data. ``We knew that Mohammed Atta was wanted,'' he said. ``We just didn't check the right database when he came into the country.'' For the most part, we have the right information. We know who to go after. We just keep stumbling into our own bureaucracy. About 6 weeks ago, I requested a complete list of the unclassified information databases used for law enforcement and intelligence purposes from 10 different Federal law enforcement and intelligence agencies. After making follow-up call after follow-up call, I received the final lists only yesterday. What does this say about our organizational capabilities? I've been told that our intelligence community is light years ahead of our law enforcement community in terms of the organization of information-sharing and its technology. Everyone has to be brought up to speed. Intelligence gathering doesn't help if we don't have the law enforcement capabilities to deal with the information. Finally, we have to look at the culture in our Federal agencies and put a stop to the stupid rivalries that get in the way of protecting our country. It's a well known fact that cultural differences between the different law enforcement and intelligence agencies hinder proper information sharing. The CIA doesn't want to share with the FBI, the FBI doesn't want to share with INS. My message to all of them is this: grow up. This isn't about turf wars between Federal agencies. It's about preventing terrorists from murdering innocent civilians. If you can't see that, then you need to take a good, hard look and figure it out. I look forward to hearing from our witnesses today, from both inside and outside the Government. Together, we can repair our defenses and make our Nation a safer one. Chairman Schumer. Now let me call on my colleague and friend, Senator Sessions. STATEMENT OF HON. JEFF SESSIONS, A U.S. SENATOR FROM THE STATE OF ALABAMA Senator Sessions. Thank you, Senator Schumer, and thank you for your courtesy in working with us on putting this hearing together. We do not always work as well as we should in the Senate sometimes, but you have always been extremely courteous and open about what the purposes of a hearing would be and what you hoped to accomplish. I believe it is an important issue. How we go about making sure that we have the right kind of unified information-sharing system is a critically important issue. I have believed for some time that we have a number of problems there. DEA can do certain things. They do not input their intelligence information, but if there is a warrant or an arrest warrant for someone, they will flag it so that if that person is ever arrested, at least they would call the Drug Enforcement Administration, then they would know that this person has been arrested, and they would not have to share their most sensitive intelligence information on the NCIC or some other system. I believe we have to utilize the NCIC more. We have some 600,000-plus State and local law enforcement officers, and, for example, 12,000 FBI agents. So not to enlist them in this effort is a colossal error. They have got to be. They are out there every day making arrests, making stops for people. And it is just a tragedy if they make an arrest of a seriously wanted individual, to not know it and release them. We have systems today that a person who has been stopped, you can put their thumb or finger on a machine, and it would tell their criminal history from the police officer's car. It is amazing. So we have some capabilities here that we need to make sure that we are utilizing fully. I look forward to asking some questions about how our computer data systems are working, how they actually work today, because I am not sure I fully understand it. But there are gaps, and it is a good thing to talk about. With regard to the homeland security organization, that is a matter of great complexity and importance. How we go about that, I do not know. I am not convinced we need to create a large, permanent Cabinet-level or even semi-Cabinet-level agency at this point. But we are going to have to decide how to do that, how we can improve our homeland security, so it will be good to talk about those issues, too. Mr. Chairman, thank you. Chairman Schumer. Thank you, Senator Sessions. I want to just repay the compliment. We are from different parts of the country. We are different ideologically. But we work together well, and it is a tribute to Jeff. He is straightforward and fair, and I very much appreciate that all the time. Now let's call on our witnesses and try to get right to the point here. I am going to ask each of the witnesses to really-- their entire statements will be read into the record--but each witness to try and limit the testimony to 5 minutes and get to the point, so we can ask questions, because I think we are going to have a vote at 10 o'clock. As I say, we have some plane schedules from some of our future witnesses to catch. We could not put them on first, because the protocol is always that you guys go first. So I just ask your cooperation. So let me introduce all three witnesses, and then we will have each of them testify. Mr. Vance Hitch is the CIO, the Chief Information Officer, for the Department of Justice. He was appointed by Attorney General Ashcroft in March. He is leading the development of an IT, information technology, strategic plan that provides direction for the Department of Justice's future IT investments. Before coming to DoJ, Mr. Hitch was a senior partner with Accenture, where he developed the IT strategic plan for the State of Maryland, comprehensive reengineering and automation of the city of Philadelphia's records. He has worked with other agencies, such as the Department of State, the NSA, the CIA, and the DoD, to name a few initials, and multiple State and local governments. Mr. Robert Jordan, our second witness, heads the information sharing task force for the FBI. He is the section chief in the Government and Civil Rights section. He is a 22- year-old veteran of the FBI and was most recently in Newark, New Jersey, where he supervised the white-collar crime and corruption program for that entire State. Before that, he was a supervisory special agent in San Diego, where he initiated a large-scale judicial corruption case. Our third witness is Mr. Scott Hastings. He is the associate commissioner of the Office of Information Resource Management and the deputy chief information officer of the INS. As the associate commissioner, Mr. Hastings is responsible for the service's information technology programs, including all established ADP functions, telecommunications, and electronic enforcement technology programs. He has considerable experience with outsourcing of government operations. In his current position, he is examining the role of Federal information technology organizations and their future configurations and structure. Prior to this position, he was the assistant commissioner for the Office of Record Services at the INS, during which time he created a national records facility and centralized operation for holdings in excess of 25 million active files. So you can see all three gentlemen are very accomplished in this field and in the government. We are lucky to have all three of you. Each of your statements will be read into the record. I am going to try to stick to the 5 minutes. Mr. Hitch, you may proceed. STATEMENT OF VANCE HITCH, CHIEF INFORMATION OFFICER, DEPARTMENT OF JUSTICE, WASHINGTON, DC Mr. Hitch. Thank you. Mr. Chairman and Members of the Subcommittee, I am pleased to appear before you today to discuss information sharing, as you requested. I will take just a few minutes to briefly summarize my prepared statement. Last month, the Attorney General appointed me as the chief information officer of the Department of Justice. In announcing my appointment, the Attorney General stated: A critical element in our battle against the terrorist threat is the effective use of information technology to share information across law enforcement. To pursue this mission, my mandate, I believe, is very clear: Upgrade the department's information technology program to better enable core mission accomplishment and use information technology as a tool for collaboration among the Justice components and between Justice and other Federal agencies, as well as Federal, State and local law enforcement. Improving and expanding the department's use of information technology is a key component of the Attorney General's wartime reorganization of the department, which he announced last November 8. Just last week, the Attorney General ordered the Justice components to take further actions to institutionalize the department's ongoing efforts to coordinate information relating to terrorism. Specifically, he asked for four things. First, expand the information about known or suspected terrorists in existing law enforcement databases, such as the FBI's National Crime Information Center, or NCIC, the Department of State's TIPOFF system, and the Customs Service's Interagency Border Inspection System or IBIS. Number two, establish procedures to obtain on a regular basis identifying information on terrorists known to other countries. Three, establish a secure system for sharing information with State and local agencies. And four, standardize procedures for sharing sensitive information and implementing the information sharing provisions of the U.S. Patriot Act. But even prior to 9/11, the department was involved in several efforts to improve information sharing. For example, the El Paso Intelligence Center, or EPIC, is an interagency center that provides tactical drug intelligence to Federal, State and local users. A telephone call, fax or teletype provides the requester real-time information access to EPIC from many Federal databases and EPIC's own internal system. The IDENT/IAFIS project is integrating the INS's IDENT system with the FBI's IAFIS fingerprint database. The integration project will increase the apprehension and effective prosecution of criminal aliens. Finally, the JABS, or the Joint Automated Booking System, is streamlining the identification and booking of persons in Federal custody. JABS enables the department's law enforcement components to share arrest information electronically and update the FBI's crime master file in a real-time mode. In direct response to the deadly attacks on the World Trade Center and the Pentagon, the President directed the department also to create a foreign terrorist tracking task force, or FTTTF, a multi-agency group that leverages expertise, information, and technology to identify, locate, remove or deny entry to foreign terrorists and their supporters. Among the participating agencies are the CIA, the INS, FBI, State, Customs, Social Security and many members of the intelligence community. The President also directed that the Attorney General and the Director of Central Intelligence ensure to the maximum extent permitted by law that the task force has access to all available information necessary to perform its mission. The task force is gathering and analyzing data contributed by participating agencies, using advanced techniques to mine the data, establish patterns, and calculate risk parameters. The results of these analyses are provided to the relevant agencies for appropriate enforcement action. Although the task force is still in the early stages of its work, it offers an especially promising model for information sharing and collaboration associated with terrorism. Despite these efforts, it is clear that more needs to be done. We must fundamentally rethink how information systems are designed, developed, and managed, so that information technology fosters rather than hinders collaboration. This really means creating a Department of Justice information architecture, as well as infrastructure and the management approach that promotes both information sharing, as well as information security at the same time. I am confident that the organizational and cultural roadblocks to information sharing are being remedied. We know that to succeed we must work together. Our long-term goal and one that technology can help make a reality is that the Department of Justice and members of the law enforcement community, whether State, Federal or local, be able to communicate and collaborate with one another fully, easily, and securely. One of the Attorney General's top 10 management goals, which he announced in his initial reorganization letter, and one of his initial assignments to me, is the development of a comprehensive information technology plan for the department. We are working on this plan as we speak and expect to have it completed within the next several months. Among the major goals of this plan are removing any technical barriers to information sharing, building a department-wide security infrastructure, and developing an enterprise architecture that ensures secure access to data by all authorized users, and promotes sharing and collaboration across organizational lines. I can assure this Subcommittee that the Department of Justice is committed to moving away from the stovepipe systems and overcoming unnecessary obstacles to information sharing, and working closely with the Office of Homeland Security, the Federal agencies and others, to fully and securely share sensitive law enforcement information. Again, thank you for the opportunity to discuss this matter of critical importance to the Justice Department and to all law enforcement. I would be pleased to respond to your questions. [The prepared statement of Mr. Hitch follows:] Statement Vance Hitch, Chief Information Officer, Justice Management Division, United States Department of Justice Mr. Chairman and Members of the Committee, I am pleased to appear before you today to discuss information sharing. I am both honored and grateful for this opportunity. Last month, the Attorney General appointed me Chief Information Officer (CIO) for the Department of Justice. In announcing my appointment, the Attorney General stated: ``A critical element in our battle against the terrorist threat is the effective use of information technology to share information across law enforcement.'' To pursue this mission, my mandate is clear: upgrade the Department's information technology program to better enable core mission accomplishment, and use information technology as a tool for collaboration among Justice components, between Justice and other Federal agencies, and among Federal, State, and local law enforcement. In the aftermath of the September 11 terrorist attacks, it is clear that information sharing is critical to our Nation's safety. The Attorney General recognizes clearly that access to accurate and timely information is crucial to supporting the Department's critical law enforcement responsibilities, and especially in protecting against acts and threats of terrorism. Improving and expanding the Department's use of information technology are key components of the Attorney General's wartime reorganization of the Department, announced on November 8, 2001. Just last week, the Attorney General directed key Justice components to take further actions to institutionalize the Department's ongoing efforts to coordinate information relating to terrorism. Specifically, he ordered the investigating components to establish procedures to provide, on a regular basis and in electronic format, the names, photographs and other identifying data of all known or suspected terrorists for inclusion in the State Department's TIPOFF system, the FBI's National Crime Information Center (NCIC), and the Customs Service's Interagency Border Inspection System (IBIS). He also ordered the Assistant Attorney General for Legal Policy to work with the components to draft for his consideration procedures, guidelines, and regulations to implement the information sharing provisions of the USA PATRIOT Act. Historically, information systems have been developed and implemented to meet the particular business needs of a specific component organization. The result, as you know all too well, is a number of legacy stovepipe systems that impede cross component information sharing. However, even before 9/11, the Department was involved in several efforts to improve sharing or to consolidate systems. For example:El Paso Intelligence Center (EPIC). The Department of Justice established the El Paso Intelligence Center (EPIC) in 1974, staffed by representatives of the INS, the Customs Service, and the DEA, to provide a common information resource on drug movement and immigration violations. Today, EPIC has grown to include 15 Federal agencies, the Texas Department of Public Safety, and the Texas Air National Guard. In addition, EPIC maintains information sharing agreements with other Federal law enforcement agencies, the Royal Canadian Mounted Police and each of the 50 States and serves law enforcement agencies throughout the western hemisphere. A telephone call, fax, or teletype from any of these agencies provides the requestor real-time information accessed through EPIC from many different Federal data bases, plus EPIC's own internal database. IDENT/IAFIS. The IDENT/IAFIS project was established to integrate the INS IDENT system with the FBI's IAFIS. The integration project will directly enhance the Department's ability to meet its mission through increased apprehension and effective prosecution of criminal aliens. It is a major cross-cutting initiative and will provide improved INS identification services to determine whether a person they apprehend is the subject of a posted Want or Warrant or has a record in the FBI's Criminal Master File. Similarly, it will provide law enforcement agencies with all relevant immigration information as part of a criminal history response from a single FBI. Joint Automated Booking System (JABS). JABS is another major cross-cutting initiative involving the Bureau of Prisons, the U.S. Marshals Service, the INS, the FBI, and the DEA. JABS streamlines the identification and processing of Federal offenders by providing the means to electronically collect, store, and transmit photographic, fingerprint, and biographical data. More recently, and in direct response to the deadly attacks on the World Trade Center and the Pentagon, the President directed the Department to create a Foreign Terrorist Tracking Task Force (FTTTF). This is a multi-agency Task Force that combines agency expertise, information and advanced technologies to identify, locate, and remove or deny entry to foreign terrorists and their supporters. There are several Federal agencies that are already participating (e.g., the FBI, the INS, the State Department, the Customs Service, the Social Security Administration, and elements of the Intelligence Community). These agencies are joint participants with a common mission of neutralizing the threat of terrorist aliens. The President also directed that the Attorney General and the Director of Central Intelligence ``ensure, to the maximum extent permitted by law, that the Task Force has access to all available information necessary to perform its mission.'' The Task Force is both gathering and analyzing data contributed by participating agencies, using advanced methods to mine the data, establish patterns, and calculate risk parameters. Results of these analyses are provided to the relevant agencies for appropriate enforcement action. Although the Task Force is still in the early stages of its work, it offers an especially promising model for information sharing and collaboration. Despite these efforts, it is clear that more needs to be done. To meet the new threats and challenges we face today, we must fundamentally rethink how information systems are designed, developed and managed so that IT fosters, rather than hinders, collaboration. This means creating a DoJ information architecture, infrastructure, and management approach that promote both information sharing and information security. It is important that we move forward on both the sharing and security fronts simultaneously. Sharing information depends in no small measure on our ability to assure that the information will be protected from unauthorized disclosure. A primary obstacle to sharing has been, and remains, concerns about the security of the information once it is outside the control of the agency that ``owns'' it. The Department has a long ways to go, but I am confident we are headed in the right direction. I am convinced that organizational and cultural roadblocks to information sharing are being remedied. In part, this is because of executive branch and Congressional leadership; in part, it is because of the sheer magnitude and complexity of the threat. We know that to succeed we must work together. Our long-term goal--and one that technology can help make a reality--is that the Department of Justice and all members of the law enforcement community, whether Federal, State, or local, be able to communicate and collaborate with one another fully, easily, and securely. One of the Attorney General's top ten management goals, and one of his initial assignments to me, is the development of a comprehensive Information Technology Plan for the Department. We are working on this Plan and expect to complete it within the next month. However, let me briefly outline the Plan's major themes and directions: Information Sharing There are three key technical barriers to information sharing within the Department of Justice: (1) insufficiently modernized office automation systems; (2) inadequate networking; and (3) applications and data stores that cannot be accessed by other components or agencies. Overcoming these barriers is a long-term effort, but progress has and is being made. For example, the components are in various stages of updating their office automation and networking infrastructures and, as mentioned earlier, there have been some, albeit limited, efforts to share information and integrate systems. Critical areas in support of information sharing to be addressed in the plan include: Upgrading our telecommunications infrastructure to improve cross component access to intranet sites and other data stores, meet projected demands for bandwidth, and ensure wireless and remote access to the DoJ network; Accelerating the completion of component office automation upgrades; and Modernizing access methods, such as through Web-like interfaces, collaboration platforms, and systems consolidation. I want to elaborate on the last point. Of great concern to this Committee is whether agencies are sharing information related to foreign nationals who want to enter this country, or are already here, and who may be threats to national security. One of the difficulties is that the INS has an array of heterogeneous systems that does not provide a full and complete picture of a foreign national's travel to and from the United States or critical events during his or her period of stay. For this reason, the Department is exploring with the Office of Homeland Security and affected agencies the creation of a consolidated database that would be organized by person rather than immigration event and would be accessible to all parties, including the State Department and the Customs Service. Information Security Information systems must be protected from inadvertent or deliberate disclosure of sensitive information to unauthorized users, from attacks on the infrastructure that deny services, and from attempts to alter or otherwise falsify information. Securing our information systems has rightfully become the focus of increasing scrutiny by the Congress and others. We need to improve information security by building a long-term departmentwide security infrastructure that will ensure that information systems are secure from day one, rather than requiring continuous patches and fixes. In the meantime, we will take two immediate steps: First, we need to make sure that existing systems are as well protected as they should be by identifying vulnerabilities and taking corrective action. The Department is carefully monitoring and tracking component progress in this regard. Second, we need to build infrastructure-based capabilities, such as public key infrastructure, available for use throughout DoJ and scalable to the broader law enforcement and judicial communities. IT Planning and Management We also intend to strengthen the way we plan for and manage our IT investments. Here again, progress has been made but more work is needed. Among my priorities will be developing an enterprise architecture that is linked to investment management and provides a foundation for ensuring that IT systems meet mission requirements, identifies redundancies and opportunities for consolidation, and ensures cross component sharing of common assets, services, and solutions. It will be an architecture that ensures secure access to data by all authorized users and promotes sharing and collaboration across organizational lines. Relatedly, I will be emphasizing the development of Departmentwide standards and policies, as well as stronger oversight of priority initiatives. This is an ambitious agenda, one that will take time, resources, and cooperation to implement fully. But I can assure this Committee that the Department of Justice is committed to moving away from stovepipe information systems, overcoming unnecessary obstacles to information sharing, and working closely with the Office of Homeland Security, Federal agencies, and others to fully and securely share sensitive law enforcement. We simply cannot afford to do otherwise. Again, thank you for the opportunity to discuss this matter of critical importance to the Justice Department, and to all law enforcement. I would be pleased to respond to your questions at this time. Chairman Schumer. Thank you, Mr. Hitch. Mr. Jordan. STATEMENT OF ROBERT J. JORDAN, CRIMINAL INVESTIGATIVE DIVISION, FEDERAL BUREAU OF INVESTIGATION, WASHINGTON, DC Mr. Jordan. Thank you. Good morning, Mr. Chairman and Senator Sessions. My name is Bob Jordan and I serve as the head of the FBI's information sharing task force. With me today is Gene O'Leary, acting Assistant Director of the FBI's Information Resources Division, and Ken Ritchhart, Chief of the Data/Information Management Section of IRD. We welcome this opportunity to meet with you today about the status of the FBI's information sharing initiatives within the bureau and with other government agencies for homeland defense purposes. The FBI is an organization in change. Not only are we structurally different, but in very fundamental ways, Director Mueller has revamped our approaches to counterterrorism and prevention. Since 9/11, we have seen massive shifts in our resource deployments. Our missions and priorities are being redefined to better reflect the post-9/11 realities. As an agency, we are committed to devoting whatever resources are necessary to meet our prevention mission and continue to sustain a dramatically enhanced worldwide counterterrorism effort. A substantial component of this approach is information sharing, not only at the Federal level, but also within the entire law enforcement and intelligence communities. Over the last several years, much has improved, but this seemingly simple issue is actually a complex myriad of technology, legal, policy, and cultural issues. Since the tragic events of 9/11, this single issue which is critical to public safety is receiving the sustained high-level attention necessary to ensure that everything that can be done on every facet of the issue is being done. In that regard, I am happy to say that the spirit of collaboration and willingness to exchange data has never been stronger or more pronounced than it is today. Many of the legal and policy impediments that kept us from more fully exchanging information in the past have been or are now being changed. The Patriot Act has greatly improved our ability to exchange data with the intelligence community and across law enforcement. In addition, the Attorney General's recent directive to increase the coordination and sharing of information between the Department of Justice, the FBI, INS, the Marshals Service and the Foreign Terrorist Tracking Task Force on terrorist matters, and to establish secure means of working with State and local officials, are major milestones in improving our information-sharing and collaboration efforts. Equally important, the difficult technology challenges we all face are on top of everybody's priority list. This is especially so at the FBI. Under Director Mueller's leadership, the FBI on every front is hard at work, carrying out the Attorney General's information-sharing directive. Within the FBI, Director Mueller has personally taken on the challenge of improving information sharing and has directed FBI executive management to develop every means necessary to share as much information as possible with other agencies, as well as State and local law enforcement. Years of experience have demonstrated that joint terrorism task forces, our JTTFs, have proven to be one of the most effective methods of unifying Federal, State and local law enforcement efforts to prevent and investigate terrorist activity by ensuring that all levels of law enforcement are fully benefiting from the information possessed by each. There are currently 47 JTTFs. We are working expeditiously to establish JTTFs in each of the FBI's 56 field offices. In 1996, there were only 11 of these task forces. The creation of 21 new JTTFs this year is resulting in an expanded level of interaction and cooperation between the FBI and their Federal, State and local counterparts, as well as an enhanced flow of information between the participating law enforcement agencies. Among the full-time Federal participants on JTTFs are the INS, the Marshals Service, Secret Service, the FAA, the Customs Service, ATF, the State Department, Postal Inspection Service, IRS, and the U.S. Park Police. State and local agencies are heavily represented. The FBI has a long tradition of exchanging unclassified information with Federal, State and local law enforcement agencies on wants and warrants, fingerprint identification, forensic information, and watch lists. The last few years has seen dramatic increases in the exchanges of specific case- related information due in large part to the proliferation of task forces. Now we are improving our sharing of classified information, again through such mechanisms as the JTTFs. Following the terrorist attacks of September 11, FBI headquarters compiled what became known as the Project Lookout Watch List. The project was successful in identifying a number of individuals potentially connected to the PENTTBOM investigation. Due to the success of this effort and in recognition of the need to maintain a centralized repository of names in the investigative interests related to terrorism investigations, Director Mueller instructed the establishment of a permanent terrorism watch list, TWL, to serve as the FBI's single integrated listing of individuals of investigative interest that will be accessible throughout the law enforcement intelligence communities. We anticipate the full implementation of the TWL within the next 60 to 90 days, replacing the stopgap system now resident in NCIC. The TWL will consist of a compendium of names based on information identified through FBI and JTTF investigations, U.S. intelligence community reporting, and Department of Defense intelligence gathering, as well as information provided by cooperating foreign governments. Director Mueller has undertaken several other initiatives that either directly or indirectly enhance the FBI's information sharing capacity. All of these efforts are designed around the recognition that post-9/11, the FBI has adopted both a new focus and priorities that recognize the substantial investment being made in prevention. A few examples include: Director Mueller has recently named Louis Quijas, currently the Chief of Police of High Point, North Carolina, to be the FBI Assistant Director for Law Enforcement Coordination. An Office of Intelligence is now part of the FBI's organizational structure. The FBI has undertaken a major recruiting and hiring initiative to bring into the FBI private sector IT experts who can greatly assist in designing and managing our sizeable IT projects recently funded by Congress. The FBI's future ability to deter and prevent crimes requires the use of current and relevant IT. We have several critical initiatives underway to upgrade our IT infrastructure and investigative applications, such as Trilogy program, data warehousing and data mining, and our information assurance initiative. Funding these programs is essential to providing our investigators and analysts with improved IT resources and tools to support criminal and national security investigations, enabling improved and more expeditious data sharing and active collaboration. That concludes my prepared remarks, Mr. Chairman. I will be happy to respond to any questions. [The prepared statement of Mr. Jordan follows:] Statement of Robert J. Jordan, Federal Bureau of Investigation Good morning, Mr. Chairman and Members of the Subcommittee. My name is Bob Jordan and I serve as the head of the FBI's Information Sharing Task Force. With me today is Gene O'Leary, Acting Assistant Director of the FBI's Information Resources Division (IRD) and Ken Ritchhart, Chief of the Data/Information Management Section of IRD. We welcome this opportunity to meet with you today about the status of the FBI's information sharing initiatives within the Bureau and with other Government agencies for homeland defense purposes. The FBI is an organization in change. Not only are we structurally different but, in very fundamental ways, Director Mueller has revamped our approaches to counterterrorism and prevention. Since 9/11, we have seen massive shifts in our resource deployments. Our missions and priorities are being redefined to better reflect the post-9/11 realities. As an agency, we are committed to devoting whatever resources are necessary to meet our prevention mission and continue to sustain a dramatically enhanced worldwide counterterrorism effort. A substantial component of this approach is information sharing, not only at the Federal level but also within the entire law enforcement and intelligence communities: Over the last several years much has improved, but this seemingly simple issue is actually a complex myriad of technology, legal, policy and cultural issues. Since the tragic events of September 11, this single issue, which is critical to public safety, is receiving the sustained, high-level attention necessary to ensure everything that can be done on every facet of the issue is being done. In that regard, I am happy to say that the spirit of collaboration and willingness to exchange data has never been stronger or more pronounced than it is today. Many of the legal and policy impediments that kept us from more fully exchanging information in the past have been or are now being changed. The USA Patriot Act (Pub. L. 107-56) has greatly improved our ability to exchange data with the intelligence community and across law enforcement. In addition, the Attorney General's recent directive to increase the coordination and sharing of information between the DoJ, the FBI, the INS, the USMS, and the Foreign Terrorist Tracking Task Force (FTTTF) on terrorist matters and to establish secure means of working with State and local officials are major milestones in improving our information sharing and collaboration efforts. Equally important, the difficult technology challenges we all face are on the top of everyone's priority list. This is especially so at the FBI. Under Director Mueller's leadership, the FBI, on every front, is hard at work carrying out the Attorney General's information- sharing directive. Joint Terrorism Task Forces Within the FBI, Director Mueller has personally taken on the challenge of improving information sharing and has directed FBI executive management to develop every means necessary to share as much information as possible with other agencies as well as with State and local law enforcement. Years of experience have demonstrated that Joint Terrorism Task Forces, JTTFs, have proven to be one of the most effective methods of unifying Federal, State and local law enforcement efforts to prevent and investigate terrorist activity by ensuring that all levels of law enforcement are fully benefiting from the information possessed by each. There are currently 47 JTTFs. We are working expeditiously to establish JTTFs in each of the FBI's 56 field offices. In 1996, there were only 11 of these task forces. The creation of 21 new JTTFs this year is resulting in an expanded level of interaction and cooperation between FBI Special Agents and their Federal, State and local counterparts, as well as an enhanced flow of information between the participating law enforcement agencies. Among the full-time Federal participants on JTTFs are the INS, the Marshal's Service, the Secret Service, the FAA, the Customs Service, the ATF, the State Department, the Postal Inspection Service, the IRS, and the U.S. Park Police. State and local agencies are heavily represented. In addition to the JTTFs, the Regional Terrorism Task Force (RTTF) initiative serves as a viable means of accomplishing the benefits associated with information sharing without establishing a full-time JTTF. FBI Special Agents assigned to counterterrorism matters meet with their Federal, State and local counterparts in designated alternating locations on a semi-annual basis for common training, discussion of investigations, and to share and discuss intelligence. The design of this non-traditional terrorism task force provides the necessary mechanism and structure to direct counterterrorism resources toward localized terrorism problems within the United States. There are currently six RTTFs: the Inland Northwest, the South Central, the Southeastern, the Northeast Border, the Deep South and the Southwest RTTFs. The FBI has a long tradition of exchanging unclassified information with Federal, State and local law enforcement agencies on wants and warrants, fingerprint identification, forensic information and watch lists. The last few years have seen dramatic increases in the exchange of specific case-related information due, in large part, to the proliferation of task forces. Now, we are improving our sharing of classified information again through such mechanisms as the JTTFs. Terrorism Watch List Following the terrorist attacks of September 11, 2001, FBI Headquarters compiled what became known as the ``Project Lookout Watch List.'' The project was successful in identifying a number of individuals potentially connected to the PENTTBOM investigation. Due to the success of this effort and in recognition of the need to maintain a centralized repository of names of investigative interest related to terrorism investigations, Director Mueller instructed the establishment of a permanent Terrorism Watch List (TWL) to serve as the FBI's single, integrated listing of individuals of investigative interest that will be accessible throughout the law enforcement and intelligence communities. We anticipate the full implementation of the TWL within the next 60 to 90 days, replacing the stop-gap system now resident in NCIC. The TWL will consist of a compendium of names based on information identified through FBI and JTTF investigations, U.S. Intelligence Community reporting, and Department of Defense intelligence gathering, as well as information provided by cooperating foreign governments. The TWL will be designed to assist both the intelligence and the law enforcement communities in their investigations of terrorist groups/individuals and, equally important, to alert officers or agents should a person of interest in a terrorism matter be encountered by another agency. TWL staff will coordinate with the FBI's Criminal Justice Information Services (CJIS) Division to ensure the utilization of appropriate NCIC files. This capability will provide all State and local law enforcement agencies ready access to this information. Information in the TWL will also be shared with U.S. Government agencies that operate comparable tracking systems. As I describe these new databases and our plans for sharing them, please remember that the FBI will by complying with the Privacy Act and the detailed regulations that govern our law enforcement, counterterrorism, and counterintelligence activities, which ensures proper protection for the rights of Americans in the use of the databases. The TWL will be divided into three distinct categories. The first category will include the names of individuals for whom formal criminal charges or indictments have been issued (e.g., the 22 individuals on the Most Wanted Terrorist list). The second category will include the names of individuals of investigative interest to the FBI. The third category of the TWL will include the names of individuals provided by the Intelligence Community and cooperating foreign governments. Other FBI Initiatives We have recently developed an FBI-wide and DoJ-wide capability to electronically share case information. Our Integrated Intelligence Information Application (IIIA) database is another example of major improvements in information sharing. It uses information derived from many different sources including the Department of State and INS. IIIA provides analytical support for Counterintelligence and Counterterrorism programs. It is a real-time collection system that houses over 33 million records. In the aftermath of 9/11 and PENTTBOM, IIIA has been asked to provide electronic search support to units within the FBI as well as to the critical FTTTF. To satisfy these requests, multiple programs have been written to standardize incoming data arriving in differing formats and to package the responses to accommodate the requesters' needs. Director Mueller has undertaken several other initiatives that either directly or indirectly enhance the FBI's information sharing capacity. All of these efforts are designed around the recognition that post-9/11, the FBI has adopted both a new focus and priorities that recognize the substantial investment being made in prevention. A few examples include: Director Mueller has named Louis Quijas, currently Chief of Police of High Point, North Carolina, to be FBI Assistant Director for Law Enforcement Coordination. Chief Quijas has as his single mission fully exploiting State and local law enforcement support through enhanced information sharing and ensuring that State and local law enforcement have a strong voice within the FBI as we work on terrorism, prevention and major investigations. An Office of Intelligence is now part of the FBI's organizational structure. This office has as part of its mission not only to ensure the vigorous and fluid flow of information within the FBI but also to ensure that intelligence goes elsewhere within the law enforcement and intelligence communities in every instance when it is appropriate to do so. The FBI has undertaken a major recruiting and hiring initiative to bring into the FBI private sector IT experts who can greatly assist in designing and managing the sizable IT projects recently funded by Congress. These projects, such as Trilogy, are vital to any robust information sharing program. A Records Management Division has been established, headed by an outside records expert, to put in place the ``information management'' policies and mechanisms critical to effective sharing programs. The FBI is detailing personnel to other agencies, and vice versa, to ensure that information both is both shared and understood within both agencies. These efforts are critical to programs like the National Infrastructure Protection Center (NIPC), the Counterterrorism Center at CIA, and others. Information Security One equity we must balance with our desire to share information as freely as possible is the need for the security of information. As recently detailed in Judge William Webster's report, we must keep in mind that we are keepers of information that is highly classified and controlled by ``need to know'' principles. Access to highly confidential information will be in accordance with the FBI's broad, new security policies. Access control mechanisms, such as identification and authentication will provide accountability for those individuals having a need to know restricted information. In addition, audits of this access will be routinely conducted. The lives of agents, informants and innocent victims often rest upon the safekeeping of their information. The need for information security must be balanced by the driving need of the criminal investigator to be able to follow any and all avenues in an investigation. The Webster Commission report accurately points out that the FBI's information technology (IT) recapitalization effort, Trilogy, includes funding for only the foundational elements of Information Assurance (IA). At rollout, Trilogy will provide more security than the FBI's current IT backbone. The goal, however, is to develop the IA Program to be on par with other world-class information systems security efforts. Significant coordination has taken place between the Trilogy Program and personnel assigned to the IA Program to ensure that the Trilogy security architecture will support the utilization of the future IA technologies we plan to employ. So, while Trilogy and related applications will give the FBI a vastly increased capability to use, analyze, exploit and share information collected in investigations, it will be designed and deployed in a manner that addresses the shortcomings apparent in the Hanssen matter. Challenges Today, information sharing is technologically feasible. Advances in information technology have made it possible to link the information systems of agencies that are operating with different hardware and software. The improvements in information sharing that are at the heart of these initiatives, however, require that agencies participating in integration initiatives come together and agree upon a governance structure to manage decisionmaking in an integrated environment. Federal, State and Local law enforcement must address the considerable challenge of developing a formalized organizational framework within which participating agencies will share responsibility for making and executing overarching decisions on such issues as budgeting, hardware and software purchases, and the development of policies, procedures, and protocols that effect the operational integrity of the information sharing system. Our systems were originally designed to comply with a complex set of regulations restricting what can and cannot be shared amongst Federal, State and local agencies. We are committed to redesigning our systems and making whatever changes are necessary to ensure the effective and efficient exchange of information within the law enforcement community. At the same time, we still need to further improve our ability to share information between our own applications and our own multitude of databases. Our Data Warehousing project will provide us with the capability to finally combine information from all our applications into a coherent whole and provide advanced data mining, analytical and visualization tools. We are also working with the Office of Homeland Security on improving horizontal information sharing, developing common data standards, and improving collaboration capabilities. The FBI's future ability to deter and prevent crimes requires the use of current, and relevant IT. We have several critical initiatives underway to upgrade the FBI IT infrastructure and investigative applications such as the Trilogy Program; Data Warehousing & Data Mining; our Collaboration Initiative; and our Information Assurance initiative. Funding these programs is essential to provide our investigators and analysts with improved IT resources and tools to support criminal and national security investigations, enabling improved and more expeditious data sharing and active collaboration. That concludes my prepared remarks, Mr. Chairman. I will be happy to respond to any questions you may have. Chairman Schumer. Thank you, Mr. Jordan. I want to thank both witnesses. I know you condensed your testimony. Mr. Hastings. I presume you will do the same thing. STATEMENT OF SCOTT O. HASTINGS, DEPUTY ASSOCIATE COMMISSIONER FOR INFORMATION RESOURCES, IMMIGRATION AND NATURALIZATION SERVICE, WASHINGTON, DC Mr. Hastings. I will certainly do that. I appreciate the opportunity to appear today to discuss this issue. In any discussion about moving Federal agencies to a more effective information-sharing environment, technical solutions need to be only a part. The Department of Justice approach and the approach of the Office of Homeland Security are similar: build a solid planning requirements base before identifying technical solutions, at the same time implementing tactical interim successes that make sense to support the immediate threats. Business needs and objectives that may be expressed in enterprise architectures must be established. Following that process, decide the information that is required by the operation and how to deliver it, identify technology alternatives to deliver that information, create utilities that support that process, and invest. Finally, select, control, and manage those utilities, and then create knowledge-management capability. The INS is clearly one of the core agencies that requires enhanced information-sharing capabilities. The data we collect are crucial to the law enforcement and intelligence communities, who are now integrating their functions to combat the threat of terrorism. Consequently, we are deeply involved in efforts to overcome the barriers to appropriate and secure exchange of data, and equally important to convert that data to useful information that supports clear operational objectives. The Office of Homeland Security, in conjunction with OMB, is overseeing initiatives that provide information sharing between Federal agencies horizontally, and then promote agencies vertically to State and local governments, as well as selected private industries. INS is a working partner in those efforts. Attorney General Ashcroft has made the prevention of terrorist activities an overriding priority in the Department of Justice and its components. With this goal in mind, he directed us to review and strengthen our policies and procedures to ensure that information sharing and analysis and coordination of activities with other Federal agencies, as well as our State and local partners, to combat terrorism. This mandate, coupled with new legislation, such as the USA Patriot Act, has provided us with greater authority to share information as appropriate. We are implementing technical linkages as we speak with other Federal agencies to integrate the data required to support the act. We have also been directed by the Attorney General to step up our efforts to coordinate information activities in the common effort to prevent and disrupt terrorism, and we are full participants in the departmental efforts to improve data sharing. Federal agencies maintain a number of databases that provide real-time information to officials at U.S. diplomatic posts abroad, offices at ports of entry, and the interior law enforcement officials. We work closely with agencies to prevent terrorists from entering the United States, to deny them entry across our borders, and to detect and apprehend those already in the country, and to gather intelligence on the plans and activities of terrorist conspiracies. We provide, in electronic format, biographic, biometric, and associated data for inclusion in several external agency databases to better identify these terrorists. For many years, INS has taken steps to enhance the exchange of information through greater cooperation amongst the law enforcement community. An example of this is the law enforcement support center, available 24 hours a day, 7 days a week, to provide State law enforcement with data and information from INS databases. We also verify immigration status for State and local benefit granting agencies, some employers and some State drivers license bureaus. Finally, we are working internationally to develop better ways of sharing information that will support enforcement intelligence operations. The U.S. government recently signed agreements with the governments of Canada and Mexico to further these initiatives. I cannot overemphasize the commitment of INS and the other Federal agencies to work together to achieve a more supportive and comprehensive information support environment. In each of these, we need to be sensitive to the legal limitations on sharing information, security and privacy concerns, and who are the appropriate users of the information. With all the initiatives, there are no quick fixes, technological or otherwise, to problems we face. We must work with advanced technology to improve our systems. But technology alone cannot solve our problems. In order to leverage our resources and maximize our capabilities, technology must be coupled with strong intelligence information-gathering distribution systems. This will require seamless cooperation amongst the agencies involved. It is crucial we focus on the efforts exemplified by DoJ, the Department of Justice, and the Homeland Security Office that solidify the planning and administrative structures that are required, while continuing to support the immediate requirements levied every day by ongoing intelligence and enforcement operations. In this way, the INS can help ensure a more dependable outcome that takes advantage of the wealth of technology solutions that already exist, but that may be embedded within individual agencies. Without these structures, we will be unable to interlace these solutions together in a meaningful way. Thank you for the opportunity to testify. [The prepared statement of Mr. Hastings follows:] Statement of Scott O. Hastings, Associate Commissioner for the Office of Information Resources Management, U.S. Immigration & Naturalization Service, Washington, D.C. Mr. Chairman and Members of the Committee, I appreciate the opportunity to appear before you to discuss the important issue of how technology and information can best support our efforts to reduce the threat of foreign terrorist activity. The Immigration and Naturalization Service (INS) is clearly one of the core agencies that will require enhanced information sharing capabilities. The data we collect are crucial to the law enforcement and intelligence communities that are now integrating their functions to combat the threat of terrorism. The INS will need to take advantage of additional external sources of data to support our enforcement and intelligence functions. Consequently, we are involved deeply in efforts to overcome barriers to the appropriate and secure exchange of data and, equally important, to convert that data to useful information that supports clear operational objectives. The Office of Homeland Security, in conjunction with the Office of Management and Budget, is coordinating agency initiatives that promote information sharing among Federal agencies horizontally, and then from those agencies, vertically, to State and local governments as well as selected private industries. INS is a working partner in those efforts. Attorney General Ashcroft has made the prevention of terrorist activities an overriding priority of the Department of Justice and its components. With this goal in mind, he directed us to review and strengthen our policies and procedures to ensure information sharing and analysis and coordination of activities with other Federal agencies, as well as our State and local partners, to combat terrorism. This mandate, coupled with new legislation such as the USA PATRIOT Act of 2001, has provided us with greater authority to share information with Federal officials to assist in the performance of their duties. We are implementing the technical linkages with other Federal agencies to integrate data required to support this Act. The Attorney General has also directed Department of Justice components to step up our efforts to coordinate information and activities in the common effort to prevent and disrupt terrorism. We are participating in Department efforts to improve data sharing. Federal agencies maintain a number of databases that provide realtime information to officials at U.S. diplomatic outposts abroad, officers at ports-of-entry, and interior law enforcement officials (e.g., the State Department's TIPOFF program). We work closely with these agencies to prevent terrorists from entering the United States, to deny them entry across our borders, to detect and apprehend those already in the country, and to gather intelligence on the plans and activities of terrorist conspiracies. We provide in electronic format biographic, biometric, and associated data for inclusion in several external agency databases to better identify suspected terrorists. For example, through the Interagency Border Inspection System (IBIS), the primary automated screening tool used by both the INS and U.S. Customs Service at ports-of-entry, access is provided to many databases, including the FBI National Crime Information Center (NCIC). NCIC is the Nation's principal law enforcement automated information sharing tool. It provides on-the-street access to information to over 650,000 U.S. local, State, and Federal law enforcement officers. Additionally, the INS works to share information through the Integrated Automated Fingerprint Identification System (IAFIS) and other appropriate law enforcement databases to assist in detecting and locating foreign terrorists. We have successfully integrated wants and warrants from the NCIC and the FBI into our own IDENT system. Through this joint endeavor, since August 15, 2001, we have identified a total of 891 individual aliens at the border who were wanted on outstanding criminal charges. With the expansion of IDENT to INS offices in the interior, we have been better able to identify criminal aliens residing in the United States. On October 30, 2001, the President directed the Department of Justice to establish the Foreign Terrorist Tracking Task Force (FTTTF). The mission of the FTTTF is to keep foreign terrorists and their supporters out of the United States by providing critical and timely information to border control and interior enforcement agencies and officials. To do so requires electronic access to large sets of data, including the most sensitive material from law enforcement and intelligence sources. The INS works closely with the FTTTF to discern patterns and probabilities of terrorist activities and to ensure that data is properly shared. For many years, the INS has taken steps to enhance the exchange of information through greater cooperation amongst the law enforcement community. An example of this is the Law Enforcement Support Center available 24 hours a day, 7 days a week to provide State law enforcement with data and information from INS databases. We also verify immigration status for State and local benefit granting agencies, some employers, and some State driver's license bureaus. Finally, we are working internationally to develop better ways of sharing information that will support enforcement and intelligence operations. The U.S. Government recently signed agreements with the governments of Canada and Mexico to further these initiatives. I cannot over-emphasize the commitment of the INS and other Federal agencies and other participants to work together to achieve a more supportive and comprehensive information support environment. In each of these data sharing initiatives we must be sensitive to the Privacy Act and other relevant legal limitations on sharing information. When making information available to other entities, security, privacy concerns and appropriate user access are primary considerations for us. We have created a standing reviewing body to ensure all these issues are addressed with each type of data-sharing request. All of our efforts to better share data need to take place in a sound planning and investment management process in order to succeed. Prior to September 11, the INS was developing mid- to long-range plans in response to growth in both its mission responsibilities and information sharing. Specifically, the INS has long-term plans to guide and align infrastructure and technology to accomplish this mission. The INS has undertaken several major initiatives to improve the planning and integration of its information technology environment, including an INS Enterprise Architecture Plan, a technology architecture, strategic information technology plans, and a 5-year records management plan. One goal of these plans is to ensure enhanced data sharing that is secure, accurate, and timely, and that meets the enterprise's operational objectives, not individual and ``stove-piped'' business functions. Other goals of these plans include: Additional agent support equipment and technology enhancements and expanded access to biometric identification systems, such as a mobile IDENT system. Implementation of automated access to the National Crime Information Center Interstate Identification Index (NCIC III) through the Advance Passenger Information System to enable primary inspectors at ports-of-entry receiving Advance Passenger Information to identify, prior to admission, aliens with criminal histories. Improved system checks for the adjudication of applications at INS Service Centers and District Offices. Improved accessibility to all Department of State visa data and photographs in electronic form at ports-of-entry so that visa information will be available at the time of actual inspection. Expanded implementation of alternative inspection systems to facilitate admission of low-risk travelers while focusing on high-risk travelers. Deployment of the Student Exchange Visitor Information System, an Internet-based system that provides tracking and monitoring functionality on non-immigrant students and exchange visitors. Implementation of an entry and exit data system that will record the arrivals and departures of foreign nationals visiting the United States. Continued cooperation with the State Department to replace old border crossing cards with the new biometric border crossing card and deploy card readers to our ports-of-entry. Even with each of these initiatives, there is no quick fix, technological or otherwise, to the problems we face. We must work with advanced technology and improve our systems. But technology alone cannot solve our problems. In order to leverage our resources and maximize our capabilities, technology must be coupled with a strong intelligence and information-gathering and distribution system. This will require seamless cooperation among the many Federal agencies involved. The most compelling progress in this arena has been the formalization of the planning and management processes needed to achieve the necessary level of information sharing among Federal, State, and local entities. These structures will bring discipline to the development and application of technology and will ensure that the INS defines what our operational objectives should be, identifies the data and the data sources needed to support those objectives, and applies the appropriate technology solutions to deliver that information. It is crucial that we focus on the efforts exemplified by the Department of Justice and the Homeland Security Office that solidify the planning and administrative structure, while continuing to support immediate requirements levied every day by ongoing intelligence and enforcement operations. In this way, the INS will ensure a more dependable outcome that takes advantage of the wealth of technology solutions that already exist, but that may be embedded within individual agencies. Without these structures, we will be unable to interlace those solutions together in a meaningful way. Thank you for the opportunity to testify before the Committee this morning. I welcome your questions. Chairman Schumer. Thank you, Mr. Hastings. As you can probably see, we had a vote called. Senator Sessions has gone to vote, so we do not have to interrupt, because we know the deadlines. So I am going to begin asking questions. The minute Senator Sessions gets back, I will break my questioning. He will ask questions. I will go vote, and then we will resume in that way. And however Arlen wants to fit into this will be fine with me in any way. I guess the first question I have is a preliminary one. You have all outlined some ambitious plans for information sharing and all of that, which obviously requires more dollars in terms of both hardware, machinery, computers, et cetera, as well as more personnel. First, how much would each of you estimate it will cost to eventually do this over the period of years? I guess Mr. Hitch would probably know this for all of Justice, and then just Mr. Jordan and Mr. Hastings, in your respective agencies. And second, is lack of money a problem at all? I would presume it is not at this point in time. Mr. Hitch. Mr. Hitch. Yes, sir. Right now, we do not have definitive estimates to respond to your question. However, I would say, the way I have been talking about this to my counterparts in Justice, is we need to view this as the Defense Department would a new aircraft carrier. It is a big effort to implement the kind of systems that are going to be necessary to protect our citizens. The number is-- Chairman Schumer. It is in the billions, you would say? Mr. Hitch. It is probably in the billions, yes. Chairman Schumer. That is within the Justice Department. Senator Specter. Mr. Chairman, could I just say a word? Chairman Schumer. Please. Senator Specter. I am going to be departing in a moment for the vote, but I just wanted to thank you for scheduling this hearing. I believe the issue of homeland security is one of enormous importance. It cuts across many of our Committee lines. It is my hope that we will see some legislation in the field that will strengthen the operation, make it a Cabinet officer. And I think that a hearing like this is very constructive toward finding out what we ought to be doing. Thank you, Mr. Chairman. Chairman Schumer. Thank you, Senator Specter. Do you expect that you will have all the dollars that you need to do this? You have been told by the Attorney General or others to make the best system and do not let finances get in the way? Mr. Hitch. At this point, finances have not gotten in the way. I think the U.S. Patriot Act was really a landmark piece of legislation in helping us along that way. It provided a lot of seed money for a lot of things to get under way that we currently have under way. I think ongoing support is going to be necessary, but I think we have got enough to get us going in the right direction, to do the best we can without regard to that issue. Chairman Schumer. Right. Mr. Jordan, how much do you think it will cost and do you have the resources you need to do what you need to do in the FBI? Mr. Jordan. We have a budget request for fiscal year 2003 in this area of approximately $411 million. With that, we would have what we need. Chairman Schumer. And has the Administration put that in its budget? Mr. Jordan. That is correct. It has. Chairman Schumer. It will continue to be at about that level over the next several years, by the way, Mr. Jordan. Mr. Jordan. That is my understanding. Chairman Schumer. Okay, Mr. Hastings. Mr. Hastings. We received specific funding for specific projects in the counterterrorism supplemental. We have a 2003 budget request, which I do not have the details in front of me, but there are some large efforts that we have yet to put dollars to. The exit-entry system alone will be a significant investment, and it is really very difficult to predict at this point. I know that the department will be helping us orchestrate and integrating these requests to ensure that we are not duplicating efforts, and we are making the best use of the funds from a departmental standpoint. Chairman Schumer. Is yours in the hundreds of millions for this year? Mr. Hastings. I would say so. Chairman Schumer. Yes, okay. Well, Jeff is not here, and I think we have about a minute or two left to vote. So what I am going to do is just call a brief recess. I will run vote and come right back. But if Senator Sessions comes, we will let him start his questioning, and then I will resume mine when he finishes. We are calling a short recess. [Recess.] Senator Sessions. If you do not mind, we will get started again. Senator Schumer told me to go ahead and get started with some questions that I might have. I would just like to ask some fundamental questions that sort of go to where we are in terms of information sharing. My personal view is the National Crime Information Center, the NCIC, is accessible by police officers in their vehicles anywhere in America, by police departments and sheriff's departments. It is secure in the sense that anybody that leaks that information is subject to a criminal penalty. But it is not secure, not greatly secure, in terms of the intelligence community, I am sure, because so many thousands of people have access to it and could obtain access to it in any police department surreptitiously to run any name that they would like to run. So it has tremendous potential to help local law enforcement be the eyes and ears and hands of our effort to maintain security in our country, but it has some difficulties, too. Mr. Hastings, with regard to INS, let me ask you a few simple questions. If an individual who comes here overstays his visa or is otherwise declared to be illegally in the United States, is that information made available to local law enforcement through the NCIC? Is any of that information placed in NCIC, which is the primary information center for law enforcement throughout America? Mr. Hastings. The information would be available through our LESC, which is available 24 by 7 to law enforcement communities. We can provide that on a case-by-base basis. And we also have begun including absconder information, where folks have gone through deportation proceedings and are still known to be in the country. Senator Sessions. Prior to September 11, that was not the case. Is that correct? Mr. Hastings. That is correct. Senator Sessions. So prior to September 11, we did not have any database accessible to local law enforcement to identify people who they may be apprehending for some minor offense, but that would tell them that person was an illegal entrant or overstayer in the United States. Mr. Hastings. By accessing the LESC, it would be the-- Senator Sessions. Now let's pursue the changes you have made. What is the LESC? Mr. Hastings. The Law Enforcement Support Center. I am sorry for the acronym. Senator Sessions. Is that available to a local police officer? Mr. Hastings. Yes, it is. Senator Sessions. And is it, therefore, part of the NCIC? Or does he have to do a double access? Mr. Hastings. The LESC will access a multiplicity of data sources to provide information that we have according to the query that is generated by the local law enforcement. Senator Sessions. Let me get that straight. I just want to know what it is like for the police officer out there trying to do his duty. He stops someone. Does that officer have to run two different systems from his vehicle or from the police station where he may have taken a person for some maybe minor crime? Or will one access to the general NCIC kick out a hit for that individual? Do you know? Mr. Hastings. If he runs NCIC, and we have put information such as the absconder in that database, he will have access to that. He might want to make a further inquiry to determine whether or not we have additional information on this individual, in which case that is when he would contact our Law Enforcement Support Center. Senator Sessions. With regard to absconder information and so forth, what if a person is eligible to stay in the country one year and they overstay and they are here 18 months. Is that going to be normally in your system under your current policy today? Mr. Hastings. In the NCIC? Senator Sessions. Yes. Mr. Hastings. Not at this point. Senator Sessions. So who would go in that system, then? You say you will put some of the absconders or others in there. How do you determine who will go in the system made available to local law enforcement? Mr. Hastings. Sir, you are getting into an area--I am the technologist, and I am really not able to give you the policy decisions behind how we make the decisions. I know that information is reviewed before it goes into the NCIC to make sure it is appropriate to go there. We can certainly follow up with a detailed explanation of what types of information at this point we put in there and how it is done, if I can defer that to a follow-up. Senator Sessions. All right. That is very important to me. Mr. Hastings. We will make sure you get that information. Senator Sessions. What we have done in this country with regard to illegal immigration, we have said the words, and we have passed generalized statutes that deal with immigration. But when it gets down to the grassroots level where it actually succeeds or does not succeed, we have created roadblocks and problems that have eviscerated the capability of enforcing our statutes. Well, I guess, Mr. Hastings, I will ask you. Maybe some of the others would comment. What happens if a police officer in Hagerstown stops a person that he identifies as being an illegal alien, but has not violated any serious Federal crimes? Do you know what that officer does, Mr. Hastings, with the person he has apprehended, who he determines to be illegally here? Mr. Hastings. I suspect that will be a case-by-case decision on their part. Again, sir, I would want to defer to our operations and investigations folks to give you the specifics on that. Senator Sessions. That may not your area of responsibility. Mr. Hitch, would you like to opine on that question? Mr. Hitch. Sir, I would have to defer to the INS on exactly how it works today. What I have been working on is the future vision of how this would work. Certainly, our objective is to do exactly what you are talking about, to have a tiered system where that police officer would know exactly what the situation for that person is. The top tier would be the 10 most-wanted terrorists, but along the line there would be the people who are on an overstay situation, with specific directions, action codes to tell the police officer how to react to that situation. Senator Sessions. We are going to get to the bottom of that question pretty soon. Mr. Jordan, what is your view on it? Mr. Jordan. Currently, right now, there is a stopgap system in place, wherein absconder information can be accessed through NCIC, and it is currently dependent on INS putting that information into the absconder file. Senator Sessions. Will the FBI accept any INS information indicating illegal aliens and absconder information that they wish to put in it? Or does the FBI refuse to accept--would have to approve that? Or do you object to receiving such information? Mr. Jordan. My understanding is that absconder information, where the person has been adjudged to be an absconder, that that information we will enter, if it is provided to us by INS. As I said in my opening statement, we have a terrorism watch list, which is being integrated into NCIC. And it will be fully implemented within this next 60 to 90 days, to bridge the gap that I think you are making reference to. Senator Sessions. Well, I just want the American people to know something. What the American people need to know is that all over America, when a police officer or sheriff's deputy stops someone, unless they have some high degree of notoriety, that is illegally in this country, they turn them loose. They do not even bother to call INS, from what I understand, because INS has no interest in it. They will not come and pick them up and process them, because they say they are too busy. And so we have these rules that people think are working, but actually out there on the ground, they are not working. So it makes a mockery, really, of the immigration laws in America. So let's go back. You say absconder information; that deals with a circumstance, if I am not in error, in which a full court hearing has been held and an individual has been declared to be illegal and has been ordered to remove himself from the country and fails to do so, but absconds and hides in the United States. Mr. Jordan. That is correct. Senator Sessions. Those are very, very few. That would be less than 1 percent of the people here illegally, would it not, Mr. Jordan? Mr. Jordan. I would not know the numbers, but it is certainly a distinction between someone who just overstays and someone adjudged to be an absconder. Senator Sessions. Well, I think it is going to be exceedingly small, probably less than one-tenth of 1 percent, but I may be in error about that. Overwhelmingly, the people that are here illegally have not been taken to court and been officially declared to be illegal. This is when they have contested it in some fashion or maybe got in trouble and there was an official court hearing. I have information, Mr. Hastings, that there are some 321,000 people who have been ordered deported, but only 2,000 names have been put in NCIC. What would you say about that? Mr. Hastings. I am not sure of those statistics. I believe that those cases are being reviewed. There are procedures that need to be followed before we enter individuals into NCIC, to make sure it is appropriate that they are there. Again, I will include the exact statistics in the follow-up that I can give you on where we stand in terms of how many have actually been entered. Senator Sessions. Well, that is the information I have. Certainly, prior to September 11, that is what the circumstances were, if not worse than that, which just indicates to me that we are not serious about this. There are people who say, well, we cannot do anything about people who are here illegally. It is just hopeless. One reason it is hopeless is because we are not taking the steps necessary to see that we enforce the law. To me, as a Federal prosecutor for 15 years enforcing the law and prosecuting a number of immigration cases, America has got to enforce the law fairly. It is just not right to have somebody who patiently waits their turn to come into the United States, and to have their slot, their spot, taken by somebody who is here illegally and who cuts the corners and goes around it. So I just think that in the course of all this it will help us in security. It will help us also just in maintaining the rule of law in this country. With regard to approval for a person, let's say from Iran, who would like to come to the United States, what does the American embassy in Iran, what kind of information do they have as they evaluate whether or not that person is a potential good person to trust to come into the country? Do they have access to your computer system? Mr. Hastings. They do not have direct access to our computer systems. There are databases that they utilize--TIPOFF is one--to inform the decision-making. We are working with them to include, again, additional information and make that available. We are working aggressively with a Department of State initiative to establish a collaboration zone to enhance the data sharing and information available to those decisions made before these individuals reach our shores. Senator Sessions. Well, what if an individual that has been approved for admission into the United States from Iran, and I just say that because there are some people in that country that would be dangerous, although normally I think most Iranians reject all terrorism and that kind of thing, but let's just say some country that we know has an indigenous terrorist network that perhaps may be trying to operate there illegally, and that after they have been approved for entry into the United States it is discovered by the consulate that they may be connected to al Qaeda, what is done? Are they taking any action to identify or apprehend that person? Mr. Hastings. Is State Department taking any action? Senator Sessions. Yes. Would they contact INS and say, ``The person that we approved for entry we now think may be dangerous.'' Mr. Hastings. I cannot testify to specific steps the State Department takes. I do know that information that is being developed cooperatively between intelligence and enforcement agencies is that there is an effort to include that in the inspectional access, the systems that we use as the inspections, to determine whether or not that information can be communicated at the point of inspection. I am not sure what the procedure is at State Department in a case like that. Chairman Schumer. I just had a follow-up here, related to Jeff's question, which I think is on the money. Right now, and I would ask this of Mr. Hastings and Mr. Hitch, right now if, say, the FBI Counterterrorism Bureau suspects somebody of being a terrorist, and they would be on this list that I think Mr. Jordan mentioned, what you called TWL, and they apply for a visa in any country--they are a foreign national--does that show up on the INS computers right now? Mr. Jordan. Mr. Jordan. Right now, the State Department, when they receive an application for a visa, prior to them approving it, they send that information on the application to the FBI, and we process that through our databases to include databases that have information about terrorism. Chairman Schumer. So every single person who applies for any kind of visa would go through your TWL list? Mr. Jordan. Yes. That is going on right now. Chairman Schumer. Through the State Department. Mr. Jordan. Right. That is correct. Mr. Hastings. And the INS gets access to it. A Border Patrol or somebody at a port of entry would have access to the IBIS system, which contains the same information. These are coordinated databases that would contain information about---- Chairman Schumer. Right. That is what I was asking. So at the border, you would have exactly that information. Mr. Hastings. Yes. Chairman Schumer. So right now we could say that every person on this list--we do not know if we have everybody who might be a terrorist on this list--but anyone we have on this list would be known immediately as they apply to come into the country by both the State Department and the INS, whether it is at the border or in the embassies. Is that fair to say? Mr. Hitch. I think that is fair to say that that is certainly the intent, and in the post-9/11 world, the Attorney General specifically asked for a review of all those procedures to make sure that if there was anything that could be done, it was done. He followed up just this past week to institutionalize all those procedures to make sure that that is happening. Chairman Schumer. And what is the answer? I know he wants to make sure. Mr. Hitch. The answer is yes. Chairman Schumer. Yes, okay. And you both agree with that? Sorry, Jeff. Chairman Sessions. What about where there is a visa waiver in our relationship with a country? Many countries have that. First, if you know how many we have a visa waiver system with? And does this procedure you have just described work in those cases? Do they check? Mr. Hitch. The visa waiver countries, there are a lot of them. There are something like 29 or 30. Mr. Hastings. Twenty-eight countries. Mr. Hitch. Twenty-eight visa waiver countries. Those countries basically what they have is a speedy process of getting into the United States based on treaties that have been negotiated. Those procedures do not apply to them. They can come if they have a passport. So I think that is an area that, for our future look at what we are doing, what we are planning to do is to tighten up on those visa waiver people also, because that is a significant hole in our security. However, that is going to require renegotiation of those agreements. Mr. Hastings. We do have access to advance passenger information, and we are utilizing that in the inspectional process. And by the fall, we will have that fully integrated in that IBIS environment as well, again, as an interim step, knowing that we have still have an entry-exit system in a very large scope to be planned and developed over the next several years. These are the interim measures that we have taken. Chairman Schumer. But you are basically saying that your system at the borders is a lot better than your system internally in the country. I mean, the kind of thing we read about with the two people, the two terrorists who posthumously got the approval of their visas, shows that things are not in good shape. What you are leading us to believe is that, if they were coming into the country at this point in time, not 9/11, and they were on some kind of list--that is a different issue, how good our lists are--that they would have been blocked. Mr. Hastings. I think that is safe to say. As a matter of fact in those cases, at the point of inspection and the point of adjudication, there was no reason to believe in any of the data that was available in our databases that there was a record that these folks were of interest. Chairman Schumer. Right. Okay. Senator Sessions. The shoe bomber came in the country through another country that we have a visa waiver system for. Mr. Hitch, would our system today catch that or not? Or would that be a weakness in our system today? Mr. Hitch. I believe that is a weakness in our system today that we are fully aware of and trying to figure out ways to best fill it. As I mentioned before, the long-term answer is some renegotiation of the visa waiver agreements. I think the passenger manifests that were mentioned by Mr. Hastings are a step in the right direction. But unless we had some reason to suspect him, the passenger manifests would not have shown up anything. Mr. Hastings. Mr. Hitch is correct in that. I do want to articulate that, in that case, we would check the advance passenger information against what we have in our databases. The question would be, would there be information in those databases that would have suggested that this individual was someone we should be looking for? Chairman Schumer. As I remember, he was an American citizen, right? The shoe bomber? Mr. Hastings. I think he was a British citizen. He was traveling on a British passport. Chairman Schumer. A British passport. Mr. Hitch. I do believe that that is a weakness that has to be plugged up. The visa waiver issue has to be plugged up from a policy standpoint. Senator Sessions. Just one more. Mr. Jordan, with regard to the National Crime Information Center, let's say an individual came here from the United Kingdom. There is no evidence that they pose any threat to America, but under our new system that INS is going to be putting together, I trust he is identified as an overstayer or is identified as a person that otherwise has violated the terms of his entry and is therefore illegally entering here. Does the FBI have any objection to entering all of those people's names into the system? Mr. Jordan. Give me one minute, Senator? Our NCIC system is managed by an oversight panel that is staffed by local chiefs, who work with us in establishing what goes in and what does not go in NCIC files. One of the things we want to make sure is that the information is relevant and useful and mature enough to be disseminated. Senator Sessions. Has the FBI opposed that information coming in? Or is it INS that has no desire to put it in? Mr. Jordan. I do not know that sitting here this morning, Senator, I can answer that question. Senator Sessions. Well, the answer I guess fundamentally is, it is not going in. And it is either that the INS is not putting it in or there has been an objection from NCIC to receiving it. If it overwhelmed the computer system, I could understand that. Otherwise, I think it should be in there for whatever value it can provide to a local officer. I think we, ultimately, if we have any respect for law in America, if we have any respect for fairness and justice, will try to make sure that people who are here illegally are not allowed to continue in that status. And to do so, we have to enlist the local law enforcement, and they have to be able to access it on the computer. I do not mean to belabor that. That may be a subject for a different hearing, because you are the technicians, you are not the policymakers on this deal. Thank you, Mr. Chairman. Chairman Schumer. Thank you, Senator Sessions. I have so many questions, but we are going to move it along. This was all helpful. Just one final question on this level, Mr. Hastings. I remember back in 1993 when the outcry occurred because the sheik came in through Khartoum, I believe it was, and there was not a computer. I take it every one of our embassies has a computer now, whether INS or State Department. There are no just handwritten lists. And what we are talking about is available in any point of access. Mr. Hastings. I know that our staff overseas has access to computers. Again, I am not sure where the State Department is, but I assume that is correct. Chairman Schumer. Do you know, Mr. Hitch? Mr. Hitch. I cannot speak for the State Department. Chairman Schumer. Right. OK. Let me ask you, Mr. Hitch, a couple of questions. Do you have the authority to order all the various agencies in the Justice Department to do things so that their computers are in greater sync or so that their coordination is in greater sync? How does that work? Let's say you go to the FBI and then you go to the INS-- both Justice Department components--and they have good reason, each of them, to say, ``No, no, no, they have to do it my way, or I cannot do it.'' Each agency says that. Do you have the ability to order them to develop a system to coordinate? Mr. Hitch. I believe I do, sir. But that is a new position. I have only been around for a month, but in my discussions with the Attorney General when I accepted the position, I made it clear that I thought that was necessary in order to be successful. Chairman Schumer. Right. OK. And so your authority---- Mr. Hitch. And he has asked me to define an organization to make that happen. Chairman Schumer. I see. Good. Now, what if the same problem occurs from without your agency? In other words, Justice to State or CIA to Justice or DIA to Justice. What happens? What will happen if, say, we need information from DIA or NSA and they, ``We are not giving it to any of your Justice Department components,'' and you say you need it? How does that work? Mr. Hitch. Well, the way it is working right now, and I can speak from experience on this, even though it is short, is we approach the department directly, and we are participating in what are called these policy coordination committee meetings of the homeland security, associated with a lot of different topics. On this one, it would probably be called horizontal sharing, which is the sharing of information among Federal agencies. On a regular basis, we would discuss those issues and come to resolution of those issues. Chairman Schumer. And someone from the Homeland Security Office is there? Mr. Hitch. Yes. Chairman Schumer. OK. What if there is an impasse? You may not have had that yet in your short history. Mr. Hitch. There has not been an impasse in my short history. Basically, I asked that same question and was told that we will work it out, and basically Homeland Security will help us broker the agreement. Chairman Schumer. Okay. So we do not know, but at this point, you have not come across it. I take it neither of you have either, where someone outside of the Justice Department purview, you feel you need certain information from them, and you cannot get it. Because of their own internal reasons, they will not give it to you. I am sure that has happened in the past. Is that correct, Mr. Jordan? You do not have to give me any specifics, but I am sure it has, right? Mr. Jordan. That is correct. Chairman Schumer. And how about now? Is it better? Mr. Jordan. Our Director has told us that we are going to share information unless there is a specific or legal reason not to. That has been a sea-change for us at the FBI. Chairman Schumer. Yes. And how about the other agencies sharing it with you, intelligence agencies in particular? Mr. Jordan. It is a tremendous change there. I can tell you that in my position as the chief of the corruption section, I brief up all the cases that we have in the presence of CIA and DEA personnel that are assigned to FBI headquarters. They sit in without any reservation on all those kinds of briefings. Chairman Schumer. Mr. Hitch, which agency in your purview needs the most help in terms of bringing its computers up to date, its entry and all of that? Which one is the furthest behind where you want them to be? Mr. Hitch. Within Justice? Chairman Schumer. Yes. Mr. Hitch. Obviously, the two largest agencies and the two at the center of this issue are here at the table with me, and so I am looking very closely at both of those and trying to get involved very deeply in all the projects associated with this topic. Chairman Schumer. When we hear that there are mess-ups at the INS, the people in the INS are often quoted in the press saying, ``Well, what do you expect? Our computer system is so backward that it doesn't work. It doesn't do what we need.'' You hear that sometimes from FBI, too, although I think there have been greater efforts to update the FBI computers. Again, this is not to blame anybody here. We are all new to this. Would it be fair to say that INS is considerably behind most of the others? Mr. Hitch. I think INS needs a lot of improvement in terms of its computer system. I think it is fair to say that. Comparing it to others, I have a difficult time doing that at this point, based on my short tenure. But I am trying to work with them to improve what they have. Chairman Schumer. I have one final question for all of you. I have more questions that I will submit in writing. But there has been talk of one sort of supercomputer, where all the information is almost automatically shared. You would have to have privacy safeguards. But, again, that is who manipulates the computer, not what the computer says. What do you think of that idea? I would ask each of you, given your experience in this, what you think of that idea? What do you think of the idea of the fellow from Oracle who came in and said, ``You just let me do it. I will do it for free, and I will have you all coordinated in no time.'' Easier said than done, obviously. When you are worth $10 billion, you can---- Mr. Hitch. Having been in this business for 28 years so far, I certainly respect Larry Ellison. However, it is easier said than done. From my perspective, I am trying to understand what the business issues are and what the impediments to doing what we want to do are. I do not think it is technology. We are looking into all different alternatives-- supercomputers, data mining. We are looking into distributed databases. We are looking at all the options. And I do not feel that that is the obstacle at this point. Chairman Schumer. But I do think, and you tell me what you think of this, right now there is an era of cooperation because of 9/11. The way the world works, the way bureaucracy works, if, God willing, there is no new terrorist incident a year from now, that could fade back into the old bureaucratic mentalities, unless a system is in place that ensures that sharing. If you believe, as I know the President does and I do, that this terrorism is going to be with us for decades--it is not an al Qaeda phenomena; it is a technology phenomena that we have to deal with. It would be good to have a system in place that makes sure that there is no slide-back. Do you buy that? Mr. Hitch. Absolutely. Absolutely. Chairman Schumer. And do you think we will have one in a year or two? Mr. Hitch. I think putting in place the long-term solution to these issues is going to take more than a year or two. I would couch the problem a little differently than you have. As opposed to the technical solution being a supercomputer, I think the real solution--as a couple of us, Scott and I, mentioned--is looking at enterprise architecture, because that is really where you design into the systems the ability to share information, making sure that you do not have redundancies, making sure that the business functions that are related get related in the system. That is the real answer. So my long-term approach is to make sure that we are doing that kind of an approach to building systems at the Justice Department. Obviously, in the shorter term, we have to look to what I would call patches, things to physically integrate information that was not previously in the same database. Chairman Schumer. And have you in the short time that you have been there had disagreements among your component agencies about how to solve some of these problems? Mr. Hitch. I would not call them major disagreements. I would call them heated discussions about approaches. I have been involved very significantly in this entry-exit system that is being developed at the INS. I would say we have come up with a collaborative effort that I am pretty proud of. Chairman Schumer. Okay, thank you. I want to thank the entire panel for being here, and I would ask unanimous consent the record be held open for approximately a week so others might submit written questions or some of us might, but it was very helpful. Senator Sessions. Mr. Chairman, can I ask one thing? Chairman Schumer. Please. Senator Sessions. Regional Organized Crime, they have a database system too, don't they, Mr. Jordan? The Regional Organized Crime group? Mr. Jordan. Yes. Senator Sessions. State systems have data systems. I really think that we have to do better about getting it all in one system. You listed, Mr. Hitch, here a number--EPIC and IDENT and JABS. There are a lot of them out there, and how you make this come together in a coherent way is real important. These systems are sources of power for the individual entities. They create them. They work at them. They put their information in them. They tend to be very jealous of them. So we want you to know we are behind you in trying to work that out. I think that is fair to say. Chairman Schumer. One hundred percent. Senator Sessions. They have some legitimate concerns, but for the most part, unifying this system is going to be good for America. Mr. Hastings, with regard to the two individuals--I will just say it this way. You will hear from the people at the top echelons of the Department of Justice and INS and Customs and State and all that; they are looking at this level up here. I do not think they understand or have given nearly enough thought to the grassroots level where you have got two terrorists stopped for speeding in Maryland. They were on those planes that killed American citizens. Had that information been in the system available to those local police officers when they ran NCIC, which they invariably do when they stop somebody, there would have been a hit, would it not, Mr. Hitch? Mr. Hitch. Yes. Senator Sessions. And, Mr. Hastings, I know there are policies now, with regard to what you can put in the system and you cannot put in the system. Let's say you have an individual that has been approved properly to come into the United States, and somewhere along the way the embassy or State Department or another agency determines that that person has connections to al Qaeda. You find out that they have overstayed in the United States, but they have committed no provable crime at that point. Can you put in the system legally today, according to our rules and regulations, that information, so any police officer stopping them would know to hold them? Mr. Hastings. It is my understanding in that case, where we have developed specific information, that that would find its way into our watch list and be accessible. Just the overstay with no other negative information I think is a policy that has yet to be established. Senator Sessions. So a mere overstay with intelligence information. Mr. Hastings. I believe that if the intelligence community has uncovered information that we need to know about, they would be working through the FBI, and that information would be reviewed and made available in a watch list environment. In that case, I do not think we would be the lead agency on getting that done. Senator Sessions. And, Mr. Hitch, what about a local police officer? Can they hold the individual? Let's say it comes up on the NCIC--an overstay, flag, contact FBI before releasing--something to that effect is what it ought to say. What power does a local police officer have to hold a person who is illegally in the United States? Mr. Hitch. Sir, I am not the best person to answer that question, but I do recall just in the past couple of weeks that the Attorney General has made some statements about pilot projects in Florida and elsewhere, where they are empowering the local police to be extensions of the INS in some ways. I know it is a very sensitive topic, but that is happening right now. Senator Sessions. Well, it is not that complicated. Police officers hold people for all kinds of crimes, and if they can hold them for shoplifting, if they can hold them for absconding and not answering warrants for traffic tickets, they can hold them for being in the country illegally. This is a political deal. It is a political deal that undermines the realistic ability of our country to enforce our immigration laws. So we passed a law, but we create a system so it cannot be effectively enforced. So we need to deal with that. I think the Attorney General's steps are in the right direction, but it really needs to go a lot further, to me. And I do not think police officers need 2 weeks of training on how to hold an illegal alien. If you do that, you have basically made it very difficult for them to do it. Chairman Schumer. And on that strong note, we thank the panel. We are now going to combine the next two panels, so we are going to call all four people up--Congressman Panetta, Mr. Terwilliger, Mr. Anderson, and Mr. Light. What we are going to do is, because Mr. Panetta came here with the proviso that he had a plane to catch, we are going to let him testify, ask him questions, and then go to the other three, if that is okay with you, Jeff. Great. We put you closest to the door so you can get to that plane. Is Dr. Anderson here as well? Yes. Great. Okay, thank you. And I want to thank very much this panel for coming and very much appreciate Senator Sessions' participation and good questions. So what I am going to do is introduce Leon Panetta, let him testify. We will ask him questions, and then we will go to the other three, if that is OK with everybody. Is that all right? Thank you. Because of his time commitment, I am going to be brief in my introduction. Leon Panetta is co-founder and director of the Panetta Institute, a nonpartisan center for the study of public policy. He has had a very long, very distinguished career, starting in politics in appointed office in his 20s; serving in the House of Representatives for 16 years, four as Chairman of the Budget Committee; and then serving President Clinton as both the head of OMB and then Chief of Staff. In addition, he was my roommate for 12 years, and he is a man of hard work, intelligence, integrity--just the kind of public servant you want. So, Leon, welcome. It is great to see you again, and your entire statement will be read in the record and you may proceed as you wish. STATEMENT OF LEON E. PANETTA, DIRECTOR, PANETTA INSTITUTE, MONTEREY BAY, CA Mr. Panetta. Thank you. Thank you, Mr. Chairman, Senator Sessions. Thank you for asking me to provide my views on the issue of the Office of Homeland Security and whether or not it should have more power in trying to meet this challenge of information sharing within the executive branch. Let me preface my remarks by saying that obviously I am going to provide these views from the White House perspective. I realize, as with the testimony that you just received, that there are a number of efforts, I am sure, that are going on between the various departments to try to improve the situation. Chairman Schumer. We wanted the first panel sort of to be a little bit of a case study, and now to take it to the larger issue. Mr. Panetta. That is why I would like to kind of address it from the larger perspective. Just let me get to the point very quickly. I do not think there is any question that if you want to have an Office of Homeland Security be effective, it has to have additional power to be able to effectively coordinate the information and activities that are so necessary to protecting this country against the threat of domestic terrorism. Part of the problem, obviously, is developing more effective technology. We understand that. They do have to develop more effective databases and better computers to put this information into and greater ability to share that information, obviously, at the local level. And part of the problem is also organizing common policy between a very large number and a diverse number of agencies and departments that you have to work with to try to develop some kind of common strategy. But make no mistake about it, the biggest problem to centralizing command and control here is the basic culture of the Federal bureaucracy. You have to be able to break through that. You have to be able to deal with a culture that basically resists the kind of coordination and sharing that is so essential to effective law enforcement. As Chief of Staff to the President, I was responsible for policy development and, obviously, the flow of crucial information to the President of the United States. It is my experience that in the absence of a clear line of authority and a clear chain of command, that the sharing of information within the Executive Branch is haphazard at best. When a crisis happens or when the White House directly says, ``I want information, and the President wants information on a particular issue or a particular crisis,'' the agencies and departments are obviously forthcoming. As an example of that, based on my own experience, when Oklahoma City took place and the bombing occurred there at the Federal building, what I did as Chief of Staff was convene a task force at the White House that included the representatives, obviously, of all of the responsible agencies involved with what had happened there for the specific purpose of making sure that they were sharing and coordinating crucial information on that crisis. We also needed to have a single place in which information flow could then go to the public. In the absence of that kind of presidential mandate or when that kind of crisis begins to--as you see in the present situation--as it begins to move away from public attention, information is largely provided at the discretion of each department or agency. I always found as Chief of Staff that good news can travel very quickly to the White House. People are willing to tell you if it is good news. But if it is bad news, usually it winds up on the front page of The Washington Post or the New York Times, and then you wonder why you did not hear about it or why the information was not shared--because nobody wants to provide that kind of bad news, obviously. So regardless of Administration, I want you to consider the kind of deep and intractable factors that involve the operations of the bureaucracy. Obviously, the first is protection of turf. There just is a natural instinct in every department and agency to try to protect their jurisdiction. I understand that. There is a loyalty that develops that is necessary for their particular operation. There is a certain competitiveness that is involved to try to sharpen their mission. Every secretary, every director basically talks about the special uniqueness of that particular operation. But the first loyalty is obviously to the President and the overall policy of the Administration and obviously to the American people, and that is a fundamental principle that is so often forgotten. The size of the bureaucracy, the sheer numbers of departments and agencies that share responsibility for a given area are just overwhelming. Homeland security, as you know, involves well over 40 agencies. When there are that many involved, it is just very difficult to determine who knows what. There are different databases. There are different operations. You have heard some of that this morning. Even within a large department, it was my experience that information can have a difficult time just making its way through the internal chain of command that is within that department. I have had secretaries tell me, when something has happened that was of concern to the White House, I have had secretaries tell me that they had no idea that a certain policy decision was being made at a certain level or that a certain fact had taken place, just because of the sheer immensity of the bureaucracy within that department. Security of information, you will hear a lot of that on issues that involve, obviously, national security or law enforcement. There is a concern about sharing that information, a concern about compromising an action or mission. And obviously, this is a legitimate concern, but there is no reason why that information cannot be shared with those that have the proper credentials, particularly at the White House level or at the Homeland Security level. Fighting for funding is another major problem, because every department and agency understands that their lifeblood is funding. They have developed their own approach to White House aides, to OMB aides, and to Members of Congress for the purpose of funding their particular programs. The dependence on certain Members and aides and programs just often inhibits the sharing of information. They basically understand that they have got to go to certain Members to basically make sure that those Members and those aides are working for them and not working for others. And obviously, there are personality differences. This is something that is true everywhere, I am sure. But in a large operation like the Federal Government, if you have friction and political competition between personalities, that can seriously affect communications and operations. There has got to be a way to cut through that, and obviously, you do not expect that kind of behavior from professionals. But if they have vital information, it can be used to undermine each other, and that is a reality. Recognizing the need for command and control, then, and coordinated information and response capability, what can be done to try to break through these bureaucratic barriers and try to accomplish the vital goal? I think the U.S. Commission on National Security in the 21st Century basically made this recognition before September 11, and I think it is still relevant, that we have to create a national homeland security agency with ``the responsibility for planning, coordinating, and integrating various U.S. Government activities that are involved in homeland security.'' They recommended the agency be built on the capabilities of FEMA, the Federal Emergency Management Agency, and include the Customs Service and the Border Patrol and the Coast Guard. I think it can be designed in different ways, but you need to establish some kind of agency, department agency, that has a Cabinet officer that has responsibility in this area. The appointment of a Director of Homeland Security, as the President has done, obviously is an important step. But unless that Director has direct line authority over the policies and funding of the agencies involved in homeland security, it is just very difficult to control and coordinate the effort. I do not care how likable that person. I do not care how nice that person may be. The reality is that he can persuade, he can try to convince people, but he cannot enforce, and you have to have the ability to enforce actions. Even with the blessing of the President, the primary instinct of agencies and departments is to protect their own information and their own operations. The reality is that they will do that because there is little threat of consequences. Funding and line authority primarily rest with each department and agency, so it makes them behave more like independent contractors than team players. At the very least, and this is a suggestion that I make from my own experience as Director of OMB, Tom Ridge obviously has to have broader authority over funding. I can tell you it would be my view that he would be more effective if you made Mr. Ridge a deputy director at the Office of Management and Budget, responsible for the budgets of the homeland security agencies, than just being another presidential assistant. At least in that position, you know that he has to oversee those budgets and that he can control the recommendations as to what those agencies ultimately get in their budgets. A better approach, of course, would be to have and establish a national homeland security agency. Again, I recognize there is no silver bullet here, but having that kind of agency and having better control and coordination and having a clear line of responsibility, not just for the country, not just for the Administration, but for the Congress. You cannot have a situation where you have a Homeland Security Director who, for whatever reason, will not testify to the Congress. You have to have somebody who has the ability to come here, to share information with the Congress, and to be the primary spokesman to the country. As a former Member of Congress, I recognize the difficulties of establishing any new agency. I know the turf battles that will go on, even in a situation that involves a national crisis. But I do not think that we can afford to simply have the internal politics of the Executive or Legislative Branch prevent the Nation from doing what is essential here to our security. So, Mr. Chairman, you have a choice. You can either go with the status quo as it exists and try to beat up different agencies and departments as they come up here one at a time. Or you can try to centralize this in a homeland security agency with the power to do the job. I think it is an important decision that hopefully you will proceed with. [The prepared statement of Mr. Panetta follows:] Statement of Hon. Leon E. Panetta, Director, Panetta Institute, Washington, D.C. Mr. Chairman and Members of the Judiciary Committee: Thank you for your invitation to provide my views on the issue of the Office of Homeland Security and whether it should have more power in meeting the challenge of information sharing within the Executive Branch. Let me get to the basic point quickly: There is absolutely no question but that the Office of Homeland Security must have additional power if it is to effectively coordinate the information and activities relevant to protecting our country against the threat of domestic terrorism. Part of the problem of coordination is developing more effective technology and part of the problem is organizing common policy among a large group of agencies and departments. But make no mistake--the biggest problem to centralizing command control is the basic culture of the Federal bureaucracy. As Chief of Staff to the President and therefore responsible for policy development and the flow of crucial information to the President of the United States, it is my experience that absent a clear line of authority and chain of command, the sharing of information within the Executive Branch can be haphazard at best. In a crisis or when the White House demands information on an issue, the agencies and departments are generally forthcoming. As an example, following the Oklahoma City bombing at the Federal Building, I convened a task force at the White House of all the responsible agencies and each day would meet for the specific purpose of sharing and coordinating crucial information on this crisis. In the absence of that kind of Presidential mandate, information is provided largely at the discretion of the department or agency. Good news generally seems to flow much faster to the White House. Bad news seems to usually wind up first on the front page of the Washington Post or the New York Times. Why is this? Regardless of Administration, there are some deep and intractable factors that characterize the operations of the bureaucracy. (1) Protection of Turf. There is a natural instinct in each department or agency to protect their jurisdiction. Loyalty is an important quality necessary to the esprit of any Federal operation. And competitiveness can sharpen the performance of a mission. But the first loyalty is to the President and to the overall policy of an Administration and too often, that fundamental principle is forgotten. (2) Size of Bureaucracy. The sheer numbers of departments and agencies that share responsibility for any given area can be overwhelming. Homeland security alone involves well over 40 agencies. When that many are involved, it is difficult to determine who knows what. Even within a large department, information can have a difficult time making its way through the internal chain of command. (4) Security of Information. In areas that involve national security or law enforcement, there is a concern about protecting information so as not to compromise an action or mission. While this can be a legitimate concern, there is no reason why information cannot be shared with those in authority at other agencies or the White House who have the proper security credentials. (5) Fighting for Funding. Because the lifeblood of each department and agency is money, each has developed its own approach to White House aides and the Congress for funding programs. Obviously, this dependence on specific members, aides and programs often inhibits the sharing of information between agencies if they believe it can hurt their particular budgets. (6) Personality Differences. In any large operation, particularly in government, friction and political competition between personalities can seriously affect communications and operations. Withholding vital information can be one of the ways people try to undermine each other. Again, there is no excuse for this kind of behavior by professionals, but it can be a reality. Recognizing the need for command control and a coordinated information and response capability for effective homeland security, what steps can be taken to overcome these bureaucratic barriers and accomplish this vital goal? The U.S. Commission on National Security in the 21st Century laid out the most important step--the creation of a National Homeland Security Agency with ``responsibility for planning, coordinating and integrating various U.S. Government activities involved in homeland security.'' They recommended building this agency on the capabilities of the Federal Emergency Management Agency and including the Customs Service, Border Patrol and Coast Guard. While the President has appointed a Director of Homeland Security within the White House, unless that Director is given direct line authority over the policies and funding of the agencies involved with homeland security, it will be very difficult to control and coordinate their efforts. He can persuade but he cannot enforce. Even with the blessing of the President, the primary instinct of these agencies and departments will be to protect their own information and operations first because there is little threat of any real consequences. Funding and line authority will primarily rest within each department and agency, and that makes them act more like independent contractors than team players. In the very least, Tom Ridge needs broader authority over funding. As a former Director of the Office of Management and Budget, it is my view that it would be more effective to make Mr. Ridge a Deputy Director at OMB in charge of the budgets for the homeland security agencies rather than just another Presidential assistant. The better approach is for the President to support and the Congress to establish a National Homeland Security Agency. Not only would this ensure better control and coordination within the Executive Branch, it would establish a clear relationship with the Congress and the country as to who is responsible for overall homeland security policy. As a former Member of Congress, I recognize the difficulties of establishing any new agency, even one essential to dealing with a national crisis. But if September 11 told us anything, it is that we cannot afford to allow the internal politics of either the Executive or Legislative branches prevent the Nation from doing what is essential to its security. Mr. Chairman and Members of the Committee you have two choices: You can accept the status quo--a Homeland Security Director with little or no direct line authority; or you can establish a single Homeland Security Agency with the power needed to do the job. This is not just a political decision; it is a national security decision that will determine whether we can more fully protect our citizens from acts of terrorism. I urge you and the Congress to make the right choice. Chairman Schumer. Well, thank you, Leon Panetta, and once again your remarks are excellent. Whether one agrees or not, they are just laid out terrifically. Let me ask you this. The report that you refer to that was made before 9/11 gave rather limited agencies. You know, there were a few there--the Border Patrol and FEMA and others. Would you, just off the top of your head, think other agencies would have to be part of this, or at least parts of other agencies? And the second question is, there are some agencies you would not want to put under the direct authority of the Office of Homeland Security, but you would certainly want that person to have authority to get certain things done. Take information sharing between the FBI and the State Department, let's say. How do you accomplish that in this kind of an office as well? Mr. Panetta. Well, obviously there would be, I think, at least parts of other agencies that I think that ought to be included here. Having seen efforts to try to get the Coast Guard located in a number of other areas, it is impossible to do. I mean, with all respect to the commission, that is going to be tough to do. But in the very least, if you could get an element of Coast Guard that is associated with enforcement located there, I think that would be important, and the same thing is true for these other agencies. I think building it on FEMA does make sense, just because FEMA has the responsibility for emergency response, and I think that is true for others, so I would look at that. In addition, I do think that you need a council at the White House. I would have the head of the Homeland Security Agency chair that council. But the difference is that as a Cabinet member and a lead Cabinet member, that person would have greater authority then to get responses from the other agencies at the table. So the way to get at having the Defense Department, having the CIA, having DIA, having these other agencies at the table would be make sure that you, in addition to establishing a Homeland Security Agency, that you formalize a council within the White House for that purpose. Chairman Schumer. Let me ask you, does it make sense to have a strong and statutory national chief information officer, maybe under the homeland security person, to deal with the problems that we face? I mean, the model is so obvious. Mr. Hitch talked about now how he has authority within the Justice Department, which no one had ever had before, to sort of knock heads and get one information-sharing system. But of course, if that model works, then the obvious question is, why don't you use a similar model when you go interagency as opposed to intra-agency in this kind of chief information officer, on the area of information would make sense. What do you think of that? Mr. Panetta. I think either a directorate or an assistant director responsible for coordinating that information would be very important, because again, even though within the departments there will be efforts now to try to better coordinate information, you have to be able to establish a larger information base in which different agencies can be able to share information, and you can require that information to be shared. Right now, there is no central location for that kind of information. In the absence of that, you basically have to go hat in hand, then, to Justice, to CIA, to these other departments and say, ``What do you know about this and what is happening?'' Chairman Schumer. What about the answer to this? And I have read in the paper now that the White House is actually considering upgrading Tom Ridge's office, which my guess is, if they were to propose it, it would pass the House and Senate like a hot knife through butter. But what about the alternative answer, which says, look, the President is in charge of this. You do not really need this Cabinet-level officer, because that is his job to do. If he wants it done, he will get it done, and if he does not want it done, no matter who you have there, he will not get it done. Mr. Panetta. The President of the United States has responsibility in a number of areas each day. He is dealing obviously with foreign policy crises. He is dealing with legislative issues. He is going out on political trips. He is going here. He is going there. Admittedly, the President of the United States appoints somebody as an assistant to oversee that, but the problem is that the agencies and departments know very well that unless the President is calling on every issue that the Homeland Security Director is trying to enforce, that they can basically nod, say ``yes'', and walk away and nothing happens. You have to have line authority. And the only way you really have line authority is controlling the purse strings. Chairman Schumer. So you would say that this office has to have authority, but budget authority as well? Mr. Panetta. Absolutely. Absolutely. Chairman Schumer. OK. I know you are in a hurry. We very much appreciate your remarks. I am going to ask the other witnesses what they think of them, and have a safe flight. Mr. Panetta. Thank you, Mr. Chairman. Chairman Schumer. Thank you. Great. Okay, now let's introduce our next three witnesses and hear from them and see what they have to say about chief of staff, Congressman Panetta's fairly strong views on these issues. First, we are honored to have somebody just like Leon Panetta, who stands for excellence in government and has been there a long time in many different capacities, even though now he is out of government. My guess is he will be back at some point or another. But George Terwilliger is a partner now in the office of White & Case, which is an international law firm. He represents institutional clients in dealings with the U.S. Government. During 15 years of public service, Mr. Terwilliger was the Deputy Attorney General of the United States, second- ranking in the Department of Justice. He was the U.S. Attorney in Vermont and Assistant U.S. Attorney in Washington, DC, and in Vermont. On policy matters, he was a principal in the highest councils of government charged with addressing a broad array of legal, policy issues arising in the Executive Branch. Mr. Terwilliger has served as counsel to a U.S. Senate investigation, outside general counsel to Federal commissions, as well as confidante and counselor to elected and appointed officials. We are also honored to have Dr. Phil Anderson. He is a senior fellow in the international security program at CSIS, the Center for Strategic and International Studies. He specializes in homeland security studies and was previously Director of Defense and Aerospace Content for the Intellibridge Corporation, a provider of customized Internet-based intelligence and advisory solutions. He also served 23 years in the Marine Corps, and his military experience includes leadership of operational organizations, from platoon through battalion, with deployments worldwide. He was the principal operations adviser to the commander of the U.S. Marine Corps Forces Atlantic, where he conducted research and onsite analyses, resulting in successful antiterrorism force protection plans for the U.S. forces assigned to Haiti. And finally, Dr. Paul Light is the founding director of the Center for Public Service and Vice President and Director of Governmental Studies at Brookings. After serving as director of studies at the National Academy of Public Administration from 1984 to 1997, he came to Capitol Hill as a senior staffer to the Senate Governmental Affairs Committee. He then became Associate Dean and Professor of Public Affairs at the University of Minnesota's Hubert H. Humphrey Institute and was Director of the Public Policy program at the Pew Charitable Trust in Philadelphia. Dr. Light has written 15 books, including ``Thickening Government,'' ``The Tides of Reform,'' and ``The True Size of Government.'' Each of your entire statements will be read into the record. And, Mr. Terwilliger, you may proceed. Senator Sessions. Mr. Chairman? Chairman Schumer. Please. Senator Sessions. If I could have a moment of personal privilege to welcome my good friend George Terwilliger. He used to be my boss; he was the Deputy Attorney General. But more than that, what we liked about him, and all the prosecutors out around the country liked, he had been a line prosecutor; personally tried hundreds of cases and knew all about that, and then had served in Vermont as a United States Attorney, where he was a hands-on United States Attorney. So not only did he have a view from the high echelons of the Department of Justice, but he knows what it is like out in the real world. George, it is great to have you before us. STATEMENT OF GEORGE J. TERWILLIGER III, PARTNER, WHITE & CASE, WASHINGTON, DC Mr. Terwilliger. Thank you, Jeff, Senator Sessions, and thank you, Mr. Chairman. I do appreciate being invited here. I cannot help but observe, in light of your kind introduction and Senator Sessions' remarks, that Jeff and I shared duties at the Justice Department on the Attorney General's Advisory Committee of United States Attorneys when we were both United States Attorneys. Regretfully, I must say that some of the very information sharing-issues, and the effect of information sharing on how things really work out in the real world where the rubber meets the road, were topics of more than a few of those meetings, some of the self-same issues we are here to talk about today. Chairman Schumer. Which might give us cause for pessimism. [Laughter.] Mr. Terwilliger. Well, actually, I think what it may be is that, for all of the tragedy of September 11, it may in fact be the impetus to change some things that will not only help us in dealing with terrorism, but with a lot of other national problems. Mr. Chairman, thank you for taking my statement for the record. I will try to briefly summarize a couple of the points that I have here, in the interests of time. I do want to say at the outset that despite your very generous introduction, I do not claim to have all the answers, maybe not even some of them. I am not sure I even know all the questions, but I will share some observations. My statement goes into some detail about the importance of intelligence historically to success in our military endeavors. Today, while we may be in a different kind of war, we are in a war, and this is not a metaphorical war. I have heard some people recently describe it that way. We are really facing a new paradigm of warfare. But it is a war, and it is a war where our fundamental liberty interests are what is at stake. In my view, knowledge is the most important weapon we have to be able to fight that war against terrorists. We can tighten our borders. We can improve aviation security. We can do a bunch of other things that will improve infrastructure security. But there is a real danger, I think, in concentrating on those tangible and visible improvements that we could develop a Maginot Line-type mentality that will lull us into a sense of security based on what we see, but does not protect us from the real threat. The fact of the matter is, Mr. Chairman, I believe that we cannot remain the kind of free and open society that we exist to be without remaining vulnerable to people who are both willing to subvert the rule of law and to surrender their own lives or perhaps the lives of others to create mayhem and destruction in our midst. What this means is that intelligence, information about who our foe is, what they are planning to do, how they operate, is what is essential to victory in order to preempt further attacks. I would also observe that, as we divide the response to terrorism into prevention or preemption and consequence management, intelligence has great value on the consequence management side as well. We cannot prepare for everything that we have to deal with. It makes more sense to know more about what we are most likely to face and prepare for that. So the first question for me in terms of how the government is organized in terms of dealing with counterterrorism--how it is best organized--is how can we improve our counterterrorism intelligence effort. I think first the fact that this hearing is being held and that this topic is before the Congress and before the Administration is important, because we simply have to recognize and understand how important information is to our eventual success. On a more practical level, somebody has to be in charge of that function. It is one of the principal functions of the counterterrorism effort, and somebody has to be in charge of it. I think if you asked the question today, ``Who is in charge of counterintelligence intelligence functions within the government?'' the answer would be a lot less clear than it ought to be. There are also several policy issues that may inform a reasoned judgment about how to best organize the government to deal with this. For example, is this a law enforcement function? I would say, not entirely. Is it a military function? Not necessarily, but perhaps sometimes. Is it largely a national security function? Arguably so. I do not think these are academic points. The need to defend ourselves here at home, based on information to be acquired both here and abroad, diminishes the traditional distinctions between counterterrorism responsibilities of law enforcement agencies and those in the intelligence community. In addition to that, I think when we talk about reorganizing the law enforcement functions of some of our major agencies to focus on counterterrorism, we should not lose sight that even though counterterrorism, as you remarked before, Mr. Chairman, will be with us for decades, it is not going to be here forever. I see my light is on, so I will submit the rest of my statement for the record, if I may just make a couple of closing points. I think we ought to consider some other kind of an agency to perform at least the intelligence function in counterterrorism. It is clear that somebody has to be in charge. It is clear that it has to be someone that bears the President's authority and can direct the activities of other agencies, coordinate with State and local governments, and, indeed, the private sector, as I mention in my statement. The idea of having an agency or a unit or a combination of agency functions to do this is not inconsistent, as Mr. Panetta mentioned, with also having a council that is a domestic analog to the National Security Council at the White House performing this function with someone bearing the President's authority in charge of that. I do not think it is a good idea to take what is essentially now Governor Ridge's office and make it operational. The White House should not run operations. Thank you, sir. [The prepared statement of Mr. Terwilliger follows:] Statement of George J. Terwilliger III, Partner, White & Case, Washington, D.C. Mr. Chairman and Members of the Committee: I was asked to assist your consideration of government organizational issues related to counter-terrorism. I thank you for the invitation, but let me say at the outset that I do not claim to have a lot of answers, nor even to know all the questions. Thus, I offer no advice to anyone. Rather, I am pleased to share some observations based on my experience that I hope will assist consideration of how to best defend the United States from terrorist attack. Biographical material concerning my background is attached for your reference. Tomorrow is the 226th anniversary of one our fledgling Nation's early intelligence successes. When Paul Revere rode through the Massachusetts countryside awakening the citizen army, he was functioning as intelligence officer, analyst and disseminator of product. Observation of the British fleet, signaling the enemy's intentions from the tower of the North Church and a call to arms from horseback combined to provide and disseminate the intelligence that made the following day a success for the colonial forces fighting a war. Today we are in a different kind of war, but a war nonetheless. This is not a metaphorical war. We are confronted with a new paradigm of warfare. It is one where we face a clandestine foe using tactics that include the use of common instrumentalities of our commerce as weapons against us. It is every inch a war to defend our country from fundamental threats to liberty. In my view, knowledge is the most important weapon we have in the war against terrorists. We can and should tighten our borders, improve transportation security, increase immigration controls and take a host of other security measures. However, there is a danger of developing a ``Maginot Line mentality'' that would mistake these tangible and visible improvements to security as a complete defense against the terrorist threat. We cannot remain a free society without also remaining vulnerable to those willing to subvert the rule of law and surrender their own lives in order to create mayhem and destruction. The only way to best such people is to know who they are, what they are planning and to stop them. This gives us something in common with our colonial predecessors. It means that intelligence--information about who our foe is, how it operates and what its plans are--is essential to our victory. Today the objective is to acquire the information necessary to preempt further attacks. Large, clandestine outlaw organizations cannot be completely eliminated. But their capabilities to operate can be greatly diminished and even destroyed if we understand who they are and how they function. Intelligence also has value in helping those who must manage the consequences of attack anticipate what particular challenges they are most likely to face. So, for me, the first question concerning how the government is organized to deal with terrorism today is how can we improve our counter-terrorism intelligence effort? I have a few observations. First, we need to simply recognize and understand how important the intelligence effort is to success. If one accepts the premise that our counter-terrorism program requires detailed information about our foes, then it must be asked, who is in charge? Perhaps because perception of the current threat has emerged gradually and only become a matter of great urgency in recent months, I think the answer to that question may be less clear than it ought to be. Second, there are several policy issues that may inform a reasoned judgment about how the Government would be best organized to fight terrorism today. Chief among these is the issue of defining clearly the nature of the current counter-terrorism mission here in the United States. Is this a law enforcement function? Not entirely. Is it a military function? Not necessarily. Is it a largely national security function? Arguably so. I do not intend an academic discussion. These questions, and other related issues, have very practical implications. The need to defend ourselves from attack at home with knowledge of what is going on both here and abroad may diminish the traditional distinction between the counter-terrorism responsibilities of law enforcement agencies and those of the intelligence community. For example, is the FBI gathering information in criminal investigations or for other intelligence purposes? Can the CIA and other community agencies share classified terrorism information with Federal law enforcement agencies? Likewise, we might bear in mind that while making us safe from terrorist attack will take time, it is a mission that is more limited than the general Federal law enforcement responsibility. Thus, one might question whether the broad powers and authorities necessary for counter-terrorism measures should be provided as general law enforcement authority. This could result in relatively extraordinary powers being applied to a wide range of investigative activities having nothing to do with terrorism. Conversely, the authority necessary to effectively combat terrorism may be withheld out of concern that we not expand law enforcement powers in general. In my view, despite some current modernizing that is necessary, the FBI and other Federal law enforcement agencies have built well deserved reputations for excellence in making this Nation more safe from crime. For all these reasons, I believe we should be cautious in fundamentally altering the role and authority of Federal law enforcement agencies. My third observation is that, given the foregoing considerations, it maybe worth considering a new organizational approach to counter- terrorism, especially as to the intelligence function. This could be a new organization, or new unit or task force made up of a combination of parts of existing agencies. What to me renders this worth considering are three principal factors: 1. The counter-terrorism intelligence challenge today is a domestic-international hybrid which may obviate the utility of traditional distinctions between domestic and international terrorism; 2. Preempting further attacks and neutralizing terrorist capabilities are likely to necessitate intrusive investigative activities at home and unprecedented coordination of domestic and international intelligence functions. 3. The organizations and the people performing these tasks must have clear and unambiguous legal authority for their work. A smaller organization dedicated to counter-terrorism intelligence may be both more nimble in, and more accountable for, the use of more powerful investigative authority that also crosses traditional legal, policy and agency jurisdictional lines. This may not be any answer at all, but we should not let the way we have been organized to date dictate what we do going forward without consideration of alternatives. My fourth point is that, regardless of the organizational structure used, we must improve the quality and quantity of information made available to those upon whose work our security depends. We cannot allow their work to be hindered by systemic inadequacies. For example, putting terminals from multiple information systems in one room and calling it an ``intelligence center'' is no substitute for true systems integration. Our Nation is in the forefront of information technology and our intelligence agencies should have state-of-the-art information systems. If government procurement procedures are an impediment to keeping these vital functions on the cutting edge of this rapidly changing technology, then the way government acquires, maintains and updates this technology needs to change. My fifth and final observation is that further organizational changes in government to address the terrorist threat must account for the necessary involvement of many Federal agencies, State and local governments and the private sector as both contributors and consumers of counter-terrorism intelligence. Federal agencies of limited jurisdiction, such as Immigration, Customs, BATF and others make extremely important contributions to counter-terrorism, including by collection of valuable intelligence in the ordinary course and by executing specific tasks in furtherance of intelligence objectives. Each performs part of a critical intelligence function that must be, in my judgment, not just coordinated, but directed. The same premise is true as to State and local governments, including their law enforcement components. While Federal direction is not called for, coordination in counter-terrorism is. Time and again State and local authorities, which have the most frequent and routine encounters with the general population, discover information that, when placed into a bigger picture, may be critical to counter-terrorism objectives. The private sector's potential to contribute should not be overlooked. Experience has shownthat the terrorist organizations and their support networks make considerable use of private sector services, educational and employment opportunities. Business can be a great help, but the effort needs Federal leadership and assistance. Are we doing a better job of all of this today then before September 11? While I have no access to non-public information, I am sure that we are doing better, much better. I would not be surprised to learn at some point in the future that our government and our allies have succeeded in stopping one or more significant terrorist episodes in the last several months. The recent capture of a key terrorist leader is a reminder that there are many people whose names we will probably never know, and whose faces we will never harm's way in distant places so that see, going we and our families may sleep in safety and security. If something more can be done here, we owe it to them to do it. Thank you. Chairman Schumer. Thank you, Mr. Terwilliger, again, for your intelligence and being right to the point. Dr. Anderson. STATEMENT OF PHILIP ANDERSON, SENIOR FELLOW, INTERNATIONAL SECURITY PROGRAM, CENTER FOR STRATEGIC AND INTERNATIONAL STUDIES, WASHINGTON, DC Mr. Anderson. Good morning, Mr. Chairman, Senator Sessions. It is an honor to be here this morning, and I thank you for accepting my longer statement into the record. I would like to begin by saying that we are barely 7 months into what I believe to be a much deeper examination of the homeland security issue. The President has given Governor Ridge the task of developing a national strategy for homeland security, and it is important to note that despite the criticism in the media and on Capitol Hill that the Office of Homeland Security is understaffed and has no budget authority or power to make decisions. I believe that the public should understand that the Administration has really not been given enough time to fully address this new challenge. While time is of the essence, this new environment demands some patience to allow a comprehensive strategy to emerge. In the absence of a comprehensive strategy, there can be no clear understanding of the threat to be addressed or any real sense of the priorities from which specific requirements will emerge. Assuming the Office of Homeland Security can produce a comprehensive strategy this year, once it is published, the debate can begin on implementation. Although there are numerous challenges associated with securing the homeland, the following are a few that I believe should be given priority going forward. First, a national strategy as the basis for initiating government reform. In the absence of a comprehensive national strategy which addresses all aspects of waging an ongoing war against terrorism--to include detection, preparation, prevention, protection, response, and recovery--there can be no framework for establishing clear priorities or defining requirements to base decisions on how to organize the government and spend the taxpayers' money. With real threats to the homeland and agreement that we are unprepared to deal with those threats, what is needed is continued leadership in the Administration to finish a comprehensive national strategy. Significant organizational reform cannot happen without all the strategic underpinnings-- the strategy and all its interrelated parts that enables government to make decisions on how best to move forward. Second, a national strategy that addresses the principal obstacles to information sharing and coordination. No one disagrees the coordination and the sharing of information is absolutely essential in this environment, but there is little mention or debate about the cultural barriers that exist both within the Federal Government and between the Federal Government and the State and local governments, and between all aspects of government and the private sector. With extremely large agencies like those in the intelligence community, the senior leadership has their own business interests and their own relationships with customers and capabilities that they think they are protecting, that truly are the source of their influence. The CIA is a good example, and in many ways is supposed to be the focal point for the intelligence community. The CIA has privileged access to the President of the United States and privileged access to the Congress. Why would the Director of Central Intelligence want to cooperate fully with other intelligence agencies and give up the power that he has as CIA Director? That said, I believe that behavior can be changed through incentives and disincentives. Leadership is critical to cultural change--leaders who see the broader need, the greater good, and aggressively pursue them to initiate change in their organization and across government. The inherent distrust between the Federal Government and State and local governments is another obstacle that will have to be overcome. In this new environment, State and local assets will play the lead role in responding to and managing the consequences of an attack. With the exception of some specialized Federal capability in the Department of Energy for nuclear weapons and in the Department of Defense's capability for chemical and biological response, the majority of first response assets will come from State and local governments. It would seem that much attention has been focused on the Federal apparatus, but the national strategy, to be comprehensive, must establish the framework for effective communication and coordination at every level of government. The terrorists who attacked the World Trade Center and the Pentagon on September 11th were able to move information, people, and finances across a sophisticated terrorist network. The fact that government at all levels is not networked must be addressed. The intelligence community again offers a good example. There are 14 agencies in the intelligence community doing analysis. Coordinating intelligence across those disparate agencies involves moving information across those agencies. The terrorists of September 11th proved that they could beat us at this game. On September 12th, if you were employed by the Nuclear Regulatory Commission, for example, you were getting reports about Osama bin Laden's potential attack against nuclear facilities. Most assuredly, those reports came from a newspaper or from CNN, but not from the intelligence community. We are still in the infancy stage of determining how best to do this, but in the context of homeland security, if you are a fireman or if you are a policeman, you certainly do want and should expect relevant information and effective communication from your Federal government. As the concern about security abates, as it inevitably will, networking the Federal Government with State and local government functions must be aggressively pursued. Third, a national strategy that provides for private sector involvement. A good example of the complexity of initiating public-private cooperation can be seen in the containerized shipping industry. Approximately 7.5 million containers enter the United States each year, and the Customs Service only inspects 2 percent of those. The contents of these containers originate with approximately 450,000 shippers globally. This would appear to represent an unworkable number, but I believe that there are steps that can be taken now to reduce this vulnerability. An interesting statistic is that the contents of 60 percent of those shipping containers entering the United States originate with just 1,000 large shipping companies worldwide. This would seem to be a workable number where cooperation between government and the private sector could again make a difference and drastically reduce our overall vulnerability. Recently, and I think it was just yesterday, 60 large corporations agreed to work with the government as part of the Customs Trade Partnership Against Terrorism to ensure adequate security of goods entering the United States, in exchange for faster passage through border checkpoints. Much of the Nation's strength rests on its privately owned critical infrastructure, but the private sector does not just own and operate the Nation's critical infrastructure. The private sector owns a lot of expertise that could improve the way in which government approaches the information-sharing problem. The Y2K problem is a good example, where the private sector did a much better job in understanding the problem in developing responses to it. And I will wrap this up quickly. Networking is an area that the private sector has mastered. They proved that during the Y2K situation. In the National Security Council or Homeland Security Council, you will not find our Federal agencies networked in the same way that you would find similar functions networked in the private sector. Developing public-private partnerships is complicated by the need to protect sensitive information and the lack of information sharing and coordination between the numerous agencies of the Federal Government with responsibility for homeland security. The national strategy must be the vehicle for simplifying the communication and coordination problem within government and between government and the private sector. The private sector should be included in the development of the strategy, and the strategy must formalize the means to ensure private sector involvement in its implementation. In conclusion, Mr. Chairman, over the long term, in the absence of a comprehensive national homeland security strategy, there can be no clear understanding of the threat to be addressed or any real sense of priorities from which specific requirements will emerge. Mr. Chairman, my time is way passed up. We appreciate the Committee's leadership on this issue and we look forward to helping in any way we can at CSIS. [The prepared statement of Mr. Anderson follows:] Statement of Philip Anderson, Senior Fellow and Director, Homeland Security Initiative, Center for Strategic and International Studies I. Introduction. Good morning, Mr. Chairman, Members of the Committee, it is an honor to be with you today, to present my views on ``Should the Office of Homeland Security Have More Power? A Case Study in Information Sharing.'' Let me begin by saying that the statement I am about to give represents my views and in no way should be taken as the institutional view of CSIS. Before beginning though, let me provide you with some background on the work we are doing at CSIS. CSIS has completed a number of homeland security projects both prior to and since the tragic events of September 11. In January 2001, CSIS released a report on the results of an 18-month study, Homeland Defense: A Strategic Approach. In June 2001, CSIS co-directed Dark Winter, a high-level simulation of a smallpox attack originating in Oklahoma City. In the immediate aftermath of September 11, CSIS convened an internal task force on terrorism, the results of which were published in To Prevail: An American Strategy for the Campaign Against Terrorism. CSIS is currently working on two projects in the area of Critical Infrastructure Protection: (1) A comprehensive series of events to address critical infrastructure issues facing the United States establishing the foundation for a report that will focus on what business and government can accomplish together to meet future threats--pulling together public-private partnerships. A simulation exercise, patterned after our Dark Winter effort--to focus on energy infrastructure in the United States. Rather than consequence management, this simulation exercise will focus on the less understood--and explored--scenarios in which policymakers must decide on whether and how to act in the case of a credible threat against critical energy infrastructure. II. Overview. In the 7 months since the tragic events of September 11, there has been a great deal of momentum, both inside and outside of government-- and it would seem that we are all developing a clearer understanding of the Homeland Security problem in all of its complexity--but most often, solutions remain out of reach--which should be expected at this point-- as we are barely 7 months into a much deeper examination of the issue which in most ways represents the most daunting challenge the United States has ever had to address. In this new and very dangerous environment, it is clear that government reform will be necessary to ensure clear lines of authority, responsibility and most importantly, accountability to unify the efforts of the 46 Federal agencies that, to varying degrees, have responsibility for Homeland Security. With responsibility spread across so many agencies, effective communication and coordination is extremely complicated and will only become more difficult in the long term as threats to the homeland increase. This is made far more complex by the additional requirement for the Federal Government to coordinate and communicate efforts with State and local governments and further, to develop the means to work with, and cooperate with the private sector. The most important question to consider at this juncture is: When should reform be initiated? Some would argue that there is no time to waste and that well-informed decisions should be acted on immediately in this environment. However, the President has given Governor Ridge the task of developing a strategy for National Homeland Security and as such, the Office of Homeland Security should be allowed some time to fully address the problem. In the absence of a comprehensive strategy, there can be no clear understanding of the threat to be addressed or any real sense of priorities from which specific requirements will emerge. If the strategy that emerges is truly comprehensive, the debate that will follow will certainly involve the appropriate organization of government to address the problem. It would seem that with each passing day, the Administration, in the process of developing a National Strategy, is learning that organizational and process reform will be necessary to streamline the process of coordination and communication. At a Senate hearing on April 11, to address Senator Lieberman's proposal to create a Department of National Homeland Security and a White House Office to combat terrorism, at which I was also fortunate to testify, OMB Director Mitch Daniels Jr., told the Senate Government Reform Committee that President Bush ``has said from the outset that the structure for organizing and overseeing homeland security may evolve over time . . . should the ongoing strategy review ultimately recommend to the President a different homeland security structure, there is a chance it may resemble Senator Lieberman's bill.'' Among the many organizational issues the strategy will have to address, the following would seem most important: Create a foundation for unifying the efforts of the Federal Government or at least establish the conditions for effective cooperation and coordination. (2) Point the way for those agencies of the Federal Government, with direct responsibility for Homeland Security, to effectively cooperate, coordinate and communicate with State and local governments. (3) Establish the conditions for every level of government to effectively cooperate with the private sector since they own and operate most of the critical infrastructure in the United States and as such, are ultimately responsible for securing it. Developing a National Homeland Security strategy that points the way toward effectively addressing these issues is no small task, it is truly a daunting challenge--the likes of which have never been faced at any other point in our Nation's history. It is important to note that despite the criticism in the media and on Capitol Hill--that the Office of Homeland Security is understaffed and has no budget authority or power to make decisions--the public should understand that the Administration has really not been given enough time to fully address this new challenge. While time is of the essence, this new environment demands some patience to allow a strategy to emerge. The strategy should serve as the basis to initiate government reform and allocate resources and assuming the Office of Homeland Security can produce a comprehensive strategy this year--and once it is published--the debate can begin on implementation. III. The Challenges. Although there are numerous challenges associated with securing the homeland, the following are a few that should be given priority going forward: A National Strategy as the basis for initiating government reform: There have been numerous commissions and studies conducted--the Hart- Rudman Commission, the Gilmore Commission, the Bremer Commission, and the Center for Strategic and International Studies Working Group on Homeland Defense--that addressed the lack of coordination among the 46 Federal agencies that have specific responsibilities for Homeland Security. There have also been a number of proposals floating around in the Administration and in Congress that call for consolidating some of the agencies responsible for securing the homeland. The Administration's proposal to consolidate Immigration and Naturalization Service, Customs and the Border Patrol in one agency and Senators Lieberman and Specter's proposed National Homeland Security and Combating Terrorism Act of 2002 are just two examples. Governor Ridge's original proposal also included the Coast Guard and border-related parts of the Agriculture Department. In addition, many commissions and studies recommended that Congress develop the means for reviewing the President's policy and budget for Homeland Security. The lines of responsibility are unclear in the Executive Branch but they are just as unclear in the Legislative Branch given the existing committee structure that further complicates coordination in the Executive Branch. Most importantly, in the absence of a comprehensive National Strategy which addresses all aspects of waging an on-going war against terrorism to include, detection, preparation, prevention, protection, response and recovery, there is no framework for establishing clear priorities and defining requirements to base decisions on how to organize the government and spend the taxpayers' money. With real threats to the homeland and agreement that we are unprepared to deal with those threats, what is needed now is leadership in the Administration to finish a comprehensive National Strategy. Significant organizational reform cannot happen without all the strategic underpinnings--the strategy in all its interrelated parts--that enables government to make decisions on how best to move forward. A comprehensive threat assessment as the basis for the National Strategy: It would seem that the Administration has, since September 11, taken a ``vulnerabilities-based'' approach to the problem. That is, in the absence of a strategy, they have attempted to identify the Nation's critical vulnerabilities and focus attention and resources accordingly. Unfortunately, at this juncture, this is exactly the condition the public should expect where everything appears to be a critical vulnerability. This situation will not resolve itself until the Nation has a comprehensive Homeland Security strategy. At the heart of any effort to develop a strategy is the requirement to address the likely threats. The strategy that emerges at the end of the development process will need to be first and foremost, threat- specific. However, defining likely threats in this new environment is problematic in that they will likely derive from multiple sources with different objectives and various means to do us harm. Defining the threat is risky but absolutely necessary to developing a coherent National Strategy to fully address the problem. It is hard to develop plans, organize and allocate resources to address the myriad vulnerabilities that exist without taking an informed position on potential threats. While we remain extremely vulnerable in many areas, most do not represent critical vulnerabilities simply because they are not likely targets. How many people would argue, at this point, that commercial aviation is a critical vulnerability? On the other hand, private aviation with 500,000 private pilots and 200,000 private aircraft operating from approximately 18,000 airfields could represent a critical vulnerability. Some would argue that the nuclear power industry is critically vulnerable. I would submit that the nuclear power industry, the most regulated in the United States, is far less vulnerable than other aspects of energy infrastructure to include, liquid natural gas operations, refineries and petro-chemical operations. Without an informed assessment of how those that would do us harm may act, the ability to organize and allocate resources effectively is extraordinarily difficult, if not impossible. Another important point relates to the way in which the current organization of government looks at the threat. FEMA is a good example--with an organizational culture that has, for the most part, addressed natural disasters rather than a thinking enemy. A National Strategy that addresses the principal obstacles to information sharing and coordination: There are numerous obstacles that stand in the way, culture certainly not the least among them. No one disagrees that coordination and the sharing of information is absolutely essential in this environment but there is little mention or debate about the cultural barriers that exist both within the Federal Government and between the Federal Government and State and local governments, and between all aspects of government and the private sector. With extremely large agencies, like those in the intelligence community, the senior leadership has their own business interests and their own relationships with the customers and capabilities they think they are protecting that are the source of their influence. The CIA is a good example and many ways is supposed to be the focal point for the intelligence community. CIA has privileged access to the President of the United States, and privileged access to the Congress. Why would the Director of Central intelligence want to cooperate fully with the other intelligence agencies and give up the power that he has as the CIA director? However, behavior can be changed through incentives and disincentives. Leadership is critical to cultural change--leaders who see the broader need--the greater good--and aggressively pursue them to initiate change in their organizations and across government. The inherent distrust between the Federal Government and State and local governments is another obstacle that will have to be overcome. In this new environment, State and local assets will play the lead role in responding to and managing the consequences of an attack. With the exception of some specialized Federal capability in DOE for nuclear weapons and DoD's specialized chemical and biological capabilities, the majority of first response assets will come from State and local governments. It would seem that the Federal Government is primarily focused on the Federal apparatus, but the national strategy, to be comprehensive, must establish the framework for effective communication and coordination at every level of government. The terrorists who attacked the World Trade Center and the Pentagon on September 11 were able to move information, people, and finance across a sophisticated terrorist network. The fact that government at all levels is not networked must be addressed. The intelligence community again offers a good example. There are at least 11 agencies in the intelligence community doing analysis. Coordinating intelligence across those disparate agencies involves moving information across those agencies. The terrorists of September 11 proved that they could beat us at this game. On the September 12, if you were employed by the Nuclear Regulatory Commission, you were getting reports about Osama bin Laden's potential attack against nuclear facilities. Most assuredly, those reports came from a newspaper or from CNN not from the intelligence community. We are still in the infancy stage of determining how best to do this, but in the context of homeland security, if you're a fireman or policeman, you certainly do want and should expect relevant information and effective communication from your Federal Government. As the concern about security abates, as inevitably it will in our society, networking the Federal Government with State and local government functions must be aggressively pursued. To effectively respond to threats to the homeland, government at every level is going to have to be networked. A National Strategy that accounts for the primary missions of Federal agencies associated with Homeland Security: The national strategy must establish the framework to account for large gaps in missions that potentially stand in the way of unifying around the homeland security mission. Most agencies that are now focused on homeland security have other primary missions that will have to be accounted for. The Customs Service is a good example because its mission is as a revenue-generating agency, focused on goods and trade, not on security. Last year, the Customs Service collected in $23.5 billion in taxes, fees, and penalties, second only to the Internal Revenue Service in generating government income. The Coast Guard is another good example with non-homeland security missions associated with routine law enforcement, fisheries, and deep-water drug and political refugee interdiction. A National Strategy that provides for private sector involvement: A good example of the complexity of initiating public-private cooperation can be seen in the containerized shipping industry. Approximately 7.5 million containers enter the United States each year. The Customs Service only inspects 2 percent. The contents of these containers originate with approximately 450,000 shippers globally. This represents an unworkable number, but there are steps that can be taken now to reduce our vulnerability. Recently more than 50 large corporations agreed to work with the government to ensure adequate security of goods entering the United States in exchange for faster passage through border checkpoints. An interesting statistic is that the contents of 60 percent of shipping containers entering the United States originate with just 1000 large shipping companies worldwide. This would seem to be a workable number where cooperation between government and the private sector could again make a difference and drastically reduce our overall vulnerability. Much of the Nation's strength rests on its privately owned critical infrastructure, but the private sector does not just own and operate the Nation's critical infrastructure, the private sector owns a lot of the expertise that could improve the way in which government approaches the homeland security problem. The private sector does not just have interest in working with the government, the government absolutely has to have help from the private sector. The Y2K problem is a good example where the private sector did a much better job in understanding the problem and developing responses to it. Networking is an area that the private sector has mastered. In the National Security Council or Homeland Security Council, you won't find our Federal agencies networked in the way you would find similar functions networked in the private sector. Developing public-private partnership is complicated by the need to protect sensitive information and the lack of information sharing and coordination between the numerous agencies of the Federal Government with responsibility for homeland security. The national strategy must be the vehicle for simplifying the communication and coordination problem within government--and between government and the private sector. The private sector must be included in the development of the strategy and the strategy must formalize the means to ensure private sector involvement in its implementation. IV. Conclusion Mr. Chairman, over the long term, in this new and very dangerous environment, government reform must be initiated to ensure unity of effort and clear lines of authority, responsibility and most importantly, accountability. In the absence of a comprehensive national homeland security strategy, there can be no clear understanding of the threat to be addressed or any real sense of priorities from which specific requirements will emerge. The strategy should be the vehicle that establishes the framework for every aspect of government to move forward together in a unified and coordinated way to fully address what is surely the most complex problem our government has ever had to face. Mr. Chairman, the road ahead remains complex and dangerous with numerous challenges yet to be addressed. The Center for Strategic and International Studies is ready and willing to help. Organizing effectively to secure the American homeland is essential to our country's prosperity and to the prosperity of our allies. We appreciate the Committee's leadership on this issue, and we look forward to helping in any way we can. Chairman Schumer. Thank you, Dr. Anderson. I very much appreciate your testimony as well. And finally, Dr. Light. STATEMENT OF PAUL C. LIGHT, VICE PRESIDENT AND DIRECTOR, GOVERNMENTAL STUDIES, BROOKINGS INSTITUTION Mr. Light. It is nice to have the last word again on this issue. As you know, the Governmental Affairs Committee is considering legislation to create both a Cabinet department and a statutory Office of Homeland Security. Before I go into a brief summary of my statement, I should note that there already is a de facto national chief information officer. That individual is the deputy director of the Office of Management and Budget for management. That is a position that has been vacant for 16 months. There is no nominee currently pending before the United States Senate. There is no individual who has been announced for that position. Last week, this Committee received testimony from the Webster Commission about streamlining and improving the FBI review process for appointees. We have over in the Governmental Affairs Committee now legislation co-authored by Senators Lieberman and Thompson that was favorably marked up earlier this session called the Presidential Appointments Improvement Act. I cannot speak for those two Senators, obviously, but a friendly amendment to ask the FBI to accelerate and make less burdensome the review process for presidential appointees might improve the odds that we would actually get somebody into the position that you clearly have heard a case made for today. My statement here basically argues that there is not necessarily too little information in the Federal Government today regarding potential threats, but possibly too much. Perfect hindsight suggests that government often has the information it needs to make decisions, but that it cannot sort it, integrate it, or interpret it. I think that historians 20 or 30 years from now will be making that argument regarding September 11th. The Office of Homeland Security does not appear to have the power to break down the barriers and address the most serious problems facing those who desire to harm this country. Interestingly enough, in my analysis of the Office of Homeland Security, it may be young, it may be new, it may be understaffed, but let me tell you, Senator, it is thick. The organization chart for this young office is one of the most complicated organization charts for a White House unit or for a departmental unit that I have seen in my career. I make a career of pointing at organization charts, and I have just never seen on what appears to have been designed to complexify the movement of knowledge. I do not question Governor Ridge's sensibilities in putting together this organization chart. I just point out that it is a rather novel and complicated organization chart that may make the procurement, production, and integration of information more difficult than it needs to be. My statement looks at seven components of an integrated information chain that the Office of Homeland Security might need. I talk about production of information, which the office does not do and does not have the power to do. I talk about the procurement of information. The office does not have the authority to order, purchase, or otherwise gain information that does not currently exist. It cannot order the study of a particular issue. It cannot analyze a particular body of information. The word ``coordinate'' appears 33 times in the Executive Order establishing the office. The word ``investigate'' appears once. The word ``analyze'' appears not at all. The word ``study'' appears not at all. The office does appear to have considerable authority to collect information, but as my colleagues have argued at Brookings and elsewhere, there is not enough staff or capability in the office right now to basically crunch that information into meaningful analysis. It does not have the power to assess the quality of information or the capability to assess the quality of information. It does not have the capability to assess trends, to do analysis. It absolutely does have the authority to disseminate information, but ironically-- and this is an important issue for this Committee and for the Senate as a whole--the President's assistant for homeland security does not have one authority to disseminate information to the United States Congress. He may not disseminate information through formal hearing or testimony before the United States, and I think that is a weakness in the office, which can be easily remedied by making that position a Senate advise and consent position. The director does have the power to classify information as Top Secret, but does not have the power to declassify information that he deems to be in the national interest to be declassified. My recommendations in my testimony are, number one, to give the office a statutory base. That is the coin of the realm. You want to go toe-to-toe with these agencies, you have to have a statutory base which means Senate confirmation. You need additional staffing. You need the dollars and the authority to produce and procure information, and you need to be able to coordinate an information technology plan for the agencies of government. I submit my testimony for the record and am open to any questions you may have. [The prepared statement of Mr. Light follows:] Statement of Paul C. Light, The Brookings Institution, Washington, D.C. I am pleased to appear before the Subcommittee today to consider options for strengthening the Office of Homeland Security. I believe this Subcommittee is right on target in asking whether and how the office might improve the flow of information to and from key decisionmakers. Although there are many causes of the September 11 tragedy, none was so easily addressed as the failure to collect, interpret, and share information. I believe the question of information sharing involves two discrete parts. First, is the Federal Government currently producing the right information? Second, is that information available to the right people at the right time? The Immigration and Naturalization Service is a perfect case in point. It suffers from a dearth of high-quality information on potential threats to national security, and has serious vulnerabilities in making sure that high-quality information reaches the right people at the right time. Bluntly put, even if the agency were to discover a potential threat, it is not clear that the information would make it to key law enforcement and security officials in time to prevent a tragedy. We know, for example, that the INS does not have the information technology to track visitors to the United States. The agency simply does not have the right information about who is entering the country under what conditions and for what purpose, nor does it know where current visitors might be located, or whether they have over-stayed their welcome. Although there is nothing the Office of Homeland Security can do at this point to better coordinate, share, or monitor information that does not exist, I believe there are ways that the office can better control the production of information through expanded authority. We also know that the INS does not have the technology to share the information it does have with the right people at the right time. We know, for example, that information about the individuals involved in the September 11 attacks on New York City and Washington, D.C., did not make it to the right people at the right time in the Immigration and Naturalization Service and its contractors. Otherwise, one would be hard-pressed to explain last month's extraordinary news that ACS, Inc., had mailed visa notices on behalf of Mohamed Atta and Marwan Al-Shehhi. Although one can argue that there was no harm, and, therefore, no foul, the lack of communication up and down the INS hierarchy speaks to the extraordinary problems in sharing information in a timely fashion. Deja Vu The INS is hardly the only Federal agency with problems collecting and sharing the right information. Indeed, recent Federal history is replete with examples of breakdowns caused by either bad information or good information ignored, including the security problems at the Nation's nuclear weapons laboratories and the taxpayer abuse at the Internal Revenue Service. Looking back with perfect hindsight, we can now see the outlines of a remarkable information breakdown at the core of the September 11 attacks, not the least of which were bits and pieces of evidence from flight schools and simulation centers. As in so many similar cases, from Pearl Harbor to Vietnam, we are likely to discover that the Federal Government had significant information about the potential threat, but could not put the pieces together in time. The fact is that the Federal Government, indeed most organizations, almost always have the information to prevent failure, but not the analysis or communication chains. That was the case in the 1980s with the HUD scandal and the savings & loan debacle, in the 1990s with espionage at the nuclear weapons labs and taxpayer abuse at the Internal Revenue Service, and the early 2000s with the INS. Sadly, I have made a living out of showing the problems associated with communication failures in the Federal Government. We see the same problems over and over and over again as information gets lost, distorted, mishandled, improperly classified, or misinterpreted up and down the ponderous Federal hierarchy. See the appendix of this testimony for a side-by-side confirmation of my conclusion. Assessing the Case at Hand Our task today is not to look back for culprits, but to look forward to solutions. Simply asked by the Subcommittee, should the Office of Homeland Security have more power? As I and my colleagues at the Brookings Institution have argued, the answer is ``yes.'' Much as one can credit Governor Ridge with substantial success in shaping the budgets of the agencies involved in homeland security, his office does not provide the levers that are essential for coordinating, let alone assuring the flow of high-quality information in real time. He should be congratulated for having made the best of a very difficult situation, but should be fully empowered to make sure that the Federal Government has the information it needs. Unfortunately, I do not believe Governor Ridge has the authority to prevent communication failures in the future. Even a cursory review of the Office of Homeland Security organization chart confirms the problem. According to the latest available Yellow Book listing, the office is structured around an assortment of titles whose primary tasks focus more on outreach than information collection or analysis: (I have numbered the layers within the office using conventional nomenclature.) 1. Assistant to the President for Homeland Security (Ridge) 2. Deputy Assistant to the President and Deputy Director 3. Deputy Assistant to the President (Communications & Legislative Affairs) 4. Deputy Assistant to the President for Legislative Affairs Senior Associate Counsel to the President and General Counsel 5. Special Assistant and Senior Director for Information Integration and Chief Information Officer Special Assistant and Senior Director for Policy & Plans 6. Special Assistant and Executive Secretary Special Assistant for External Affairs 7. Protection & Prevention Senior Director Response & Recovery Senior Director 8. Special Assistant and Director of Communications 9. Special Assistant for External Affairs Special Assistant for Public Liaison 10. Assistant Director for Intergovernmental Affairs 11. Communication Strategy Director 12. Staff Assistant Much as one might question the problems associated with 12 discrete layers in the office, and much as one might ask whether the special assistant for information integration and chief information officer is (1) placed high enough in the bureaucratic pecking order, and (2) has too many competitors for access, the more important question at hand is whether Governor Ridge and his team have the authority needed to assemble the information they need. The answer appears to be ``no.'' At best, information collection and analysis is but one of many competing priorities in the Office of Homeland Security. At worst, it appears to reside in a single unit that has multiple responsibilities, not the least of which is ensuring that the office itself has adequate computer technology, which is the traditional concern of chief information officer posts across government. At a minimum, I would recommend splitting the information integration and chief information officer posts, while raising the former to the level of deputy assistant to the President. An Inventory of Authority More importantly, however, I worry that the office as currently constructed does not have the authority to implement an aggressive information collection, analysis, and dissemination strategy. Let me suggest the following problems facing the office today: 1. Production. The Office of Homeland Security does not have the authority to produce information that it deems essential to its planning process. Although it does have a talented, albeit small staff, the office does not have the internal capacity to investigate or study problems that Governor Ridge deems essential. To the extent words have meaning, ``coordinate'' appears 33 times in the President's Executive Order establishing the Office of Homeland Security, while the word ``investigate'' appears only once. ``Study'' and ``analyze'' do not appear at all. 2. Procurement. The Office of Homeland Security does not have the authority to order or purchase information, whether through private contractors such as the RAND Corporation, which has extraordinary capacity for conducting the kind of exploratory analysis that Governor Ridge might find particularly useful in anticipating potential threats, or through government intelligence agencies. Nor does the Office of Homeland Security have the dollars to make such purchases. If Governor Ridge wants a special analysis of trends across or within agency databases, one presumes he must ask. 3. Collection. The Office of Homeland Security appears to have adequate mechanisms for tapping into the Federal Government's vast inventory of information. The question is whether an office composed of a scant 100 or so individuals, many of whom are dedicated to prevention, outreach, legislative affairs, communications, etc., can hope to swallow from the fire-hydrant of information that currently courses through government. I do not see, for example, the capacity to evaluate the quality of information flowing into the office, nor do I see the ability to reach down into agencies to demand the release of information that already exists. Even more importantly, I do not see the capacity needed to compel the release of information that agencies might or might not know they have. 4. Quality. I do not see firm evidence that the Office of Homeland Security has the internal capacity to assay the quality of information flowing from inside or outside government. At least for the time-being, the office must rely on its sources to validate information. 5. Analysis and Interpretation. The Office of Homeland Security does not appear to have adequate mechanisms for analyzing information. That might mean, for example, resolving disputes between different portraits of threats, or pulling strands of analysis together into a particular whole. Such analysis requires a much greater staffing complement than currently exists. By way of comparison, I would point the Subcommittee to the National Security Council staff, which contains a series of well-staffed directorates for monitoring international threats, as well as a well-developed administrative infrastructure. Although it is fair to argue that it has taken more than a half century to develop, the Nation does not have another 50 years to wait. This problem is particularly significant given the office's role in maintaining the Homeland Security Advisory System, which assigns threats on a green (low) to red (highest) level. 6. Dissemination. The Office of Homeland Security appears to have adequate capability for disseminating information about potential threats. 7. Classification and Declassification. Although the Office of Homeland Security has ample authority to classify information as ``top secret,'' it does not have parallel authority to order the immediate declassification of information that it deems in the national interest. Recommendations for Action I do not believe statutory authority can solve all of these problems. However, it can improve the odds that the Office of Homeland Security can produce the right information at the right time. At a minimum, I strongly recommend that the office be given the authority, and budget, needed to produce and procure its own analysis. Some may argue that such analysis would merely duplicate already existing information. I would argue to the contrary. The Office of Homeland Security has a special obligation to examine information through a very broad lens and from a vantage point that no other agency of government has. I also strongly recommend that the office be given enough staff to interpret, analyze, and assay the information that it currently receives, and to make recommendations to Congress and the President regarding improvements in the information system. That might mean, for example, that Congress would provide the funding for a minimum staff floor, or create a special information directorate within a new Office of Homeland Security. That might also mean that Congress would require the office to conduct an information audit of the Federal agencies it coordinates, and make recommendations regarding the technology investments needed to assure secure, high-quality information. Finally, I recommend that the director of Homeland Security be given limited authority to declassify information deemed in the public's interest. These authorities will be wasted, however, if the current office or its statutory successor is allowed to thicken with needless bureaucracy. The thickening has already begun. Being lean and flat is not just a value that the President himself espoused in the 2000 Presidential campaign; it is also the sine qua non for effective information sharing. For whatever reason, the current Office of Homeland Security has already become one of the thickest units in the White House. That not only weakens communication within the office, it merely adds to the extraordinary thickening of other units of government. To the extent the President relies on Governor Ridge to stay in touch with the front-lines at the INS, for example, he is staring down an information chain with 30-35 links. That is more than the Nation can afford. Chairman Schumer. Thank you again. I think all three of you really helped contribute. Let me start off with one question. Our first panel gave a pretty sanguine view of how information sharing was going within the Justice Department. You could argue that that makes the argument all three of you have made in different ways that we ought to do the same thing within the whole Federal Government, because we do have a new person here, Mr. Hitch, who has the power, which I did not know until this testimony, to order all the agencies to share information within Justice, and can tell the INS and FBI, et cetera, to coordinate. First, do you think things are going as well within the Justice Department, based on your experience, as they say? And second is the analogy that I am making: If it is good for within the Justice Department, which has traditionally had problems with information sharing, then it is probably good for the whole government as well. Mr. Terwilliger. Mr. Terwilliger. Senator Schumer, let me observe that I think it is no particular insight to say there is no issue more critical than information management to this effort, and there is no weakness that has traditionally been greater in government, particularly in the Justice Department and law enforcement, than information management. So the steps taken seem to be ones very much in the right direction. I am not sure that I am in a position to know whether it is working or not, maybe no one is at this point. Chairman Schumer. You have been aware of all the turf problems when you were there. Mr. Terwilliger. Yes, painfully. Chairman Schumer. And do you think that the advent of 9/11 and a new person, who seems a fairly capable fellow who has done this in the private sector and other places very well, would be enough? Mr. Terwilliger. No. I think that they both will be important reasons for things to change, but there are systemic issues that will get in the way of accomplishing what Mr. Hitch and the Attorney General and others are setting out to do--how the government procures technology, how it designs it, how it uses it. All of those are systemic issues that giving someone license and authority are simply not going to be sufficient to solve. The biggest problem, in my view--and I will just confine my remarks to the Justice Department for the time being--in information management is that every agency wants to own the solution. If it is not an idea that has been homegrown and developed by that agency, then largely it is not a good one. There is precious little attention to how the use of that information may affect the functions and responsibilities of other components. Chairman Schumer. In the model that we have seen, doesn't Mr. Hitch have the ability to say, okay, even though this was developed by FBI, INS, you have to use that system. Mr. Terwilliger. Yes, I hope so. And I guess I would, to quote another famous American, say: I trust his testimony, but I would verify that that will happen. Chairman Schumer. Right. Dr. Anderson or Dr. Light, either one? Mr. Anderson. My perspective as an outside observer is that there is a far greater awareness clearly among those in government that this is important. I think that within departments, there has been some progress made, but it is between departments where the problem still exists. There is all kinds of great technology out there that will allow you to address this problem, but there is not any technology that is going to influence the willingness of people to contribute to input the system. You can appoint an information czar, but I am not convinced that even though they may have the legal authority that it is going to make a lot of difference. I think that this is truly a function of leadership. You have got to get the leaders involved in trying to change the cultures of their organizations such that they can work department to department and between multiple agencies of government that would have to try and solve this problem. Chairman Schumer. Do you think an Office of Homeland Security with Cabinet authority, budget authority and statutory basis could do that? Mr. Anderson. I think it would be a good start. I am convinced at this point that the strategy is going to point in that direction. I think that to the extent that you can reduce the number of agencies or at least consolidate a number of those agencies in one department, it is probably a step in the right direction. But a word of caution there relates to the primary missions of these agencies. If you look at Customs, they are a revenue-generating agency, second only to Internal Revenue. So that function is going to have to be accounted for in any organizational structure or any organizational reform. The Coast Guard has a deepwater mission. There are a lot of other missions non-homeland-security-related that are going to have to be accounted for. That said, the most important concern at this point is homeland security. So you deal with that problem first, and then resolve the secondary tertiary missions after the fact. Chairman Schumer. Dr. Light. Mr. Light. I have watched the chief information officer concept develop over the last 12, 14 years. The first CIO was created in the Department of Veterans' Affairs back in 1988. It is a slender reed on which to build a policy for integrating information. These offices are staffed by talented individuals, but 80 percent of their expenditures now are contracted out, and they are primarily concerned with systems. This augmentation of the CIO's office in Justice with a policy function is a novel departure from prevailing practice. We will just have to see how it works. I would rather see it as a higher level within the agency and combining both systems and policy. Chairman Schumer. Each of you had sort of different recommendations, but similar and not as grand, I guess, as the Office of Homeland Security. There could be an addition to it, obviously. Mr. Terwilliger is a chief counterintelligence officer at the White House, and I believe Dr. Light said let's build this deputy director for management who could help coordinate a lot of this. I take it both of you feel that that is necessary, but not sufficient. Mr. Terwilliger. Yes, I think that is right. Just to be clear, I would not recommend putting the intelligence function for counterterrorism in the White House. I would put it out somewhere in an agency that is dedicated to that task, whether it is an existing agency or whether it is--and I would frankly prefer to see a new agency dedicated to that function in one form or another. There is, frankly, a model among some of our allies for that type of thing. I think we will quickly recognize, if we do not already, that what we are doing now is not enough. Chairman Schumer. By the way, is there a model for a country that does this better? Obviously, we are probably the largest with the number of people, the amount of money spent, responsibilities. Mr. Terwilliger. Yes. Chairman Schumer. But is there a smaller country that does a better job of this that we should look at, on intelligence, information sharing particularly when it comes to intelligence. Mr. Terwilliger. You put your finger on the biggest problem we have, Mr. Chairman, and that is just the size of the problem and the breadth of the information we have to deal with. But in terms of conceptual models, when you talk to the people who are really experts in this and the professionals, they point, as much as it may strike some as odd to say so, to some of our European allies such as France, who at times appear not to have been totally supportive of some of the things we are doing in counterterrorism, but when they had a problem with terrorists who were threatening to blow up their symbols of democracy, they empowered their domestic security agency--I have worked with them in my days at the Justice Department--they are very effective. And they created a small cadre of very special investigating magistrates, who are the equivalent of our prosecutors, to be totally focused on terrorism and gave them extraordinary investigative authority. Chairman Schumer. Were they geographically--I mean, was one for Paris, one for Marseilles? Mr. Terwilliger. That is a good question that I do not know the answer to. But the point is I think that the danger of giving these extraordinary powers to law enforcement in general is that they then become available for a lot of problems that have nothing to do with terrorism. Conversely, if that is where we talk about reposing the power, we may not give them the authority they need to get the job done out of that very concern. Chairman Schumer. Dr. Light, I had asked you also about this deputy director for management, which is necessary, but I take it you would say hardly sufficient. Mr. Light. It's a pivot point to note that we have serious problems in the presidential appointments process. I have a colleague behind me who would be very disappointed if I did not make some segue here to argue for presidential appointee reform. I am a strong supporter of putting a statutory base under the Office of Homeland Security. I think that is essential. Chairman Schumer. One final question, and then I will turn to Jeff. Each of you has pointed out that even if we were to do that, you would still have many of these barriers and it would take a long time and you all have years of experience either doing this or studying it. And so let me go back to the question I asked I think it was the first panel. What about this idea to make this--I understand that you need more than technology. But if you have a technological direction, a lot of the other things fall by the wayside. So what about this idea of a single computer, a supercomputer, that Ellison model that says all our intelligence information is shared on this one thing, and everybody--it is not their only computer, but that has all their intelligence. If you require them to input the information and then the selected agencies have access to it, it makes information sharing--it overcomes a lot of the cultural barriers, technological barriers, turf issues, et cetera. So I think it is more than just a technology. In a sense, it is sort of a tool to overcome the age-old barriers that each of you has very aptly pointed out. There is a privacy issue, obviously, but I am not sure that is dispositive. The final question is each of your views on that. Mr. Terwilliger. I think that is a good vision. The answer probably is not--and I know you do not intend it to be as simple as you say, just technology or a computer. This is a problem that is not new. This is just a different subject matter to which it applies. We had this problem when Senator Sessions and I were at the Justice Department with drug intelligence. And our solution, one of which I frankly spilled a lot of blood internally within the Administration over, was to create a fusion intelligence center, to have a computer system where information from all the agencies that had drug-related intelligence would fuse. It has worked to a certain degree, but it only works as well as someone forces people to contribute to the knowledge base that is in that system. I think that the system without the authority--frankly, the authority of the President over it--that you must contribute this kind of information to that knowledge base, will not solve the problem. So I think it is going to take both. Chairman Schumer. What if you had the authority? Mr. Terwilliger. If you have the authority, yes, because we have to remember where we are trying to go here. We are trying to find out what our enemy is up to here and stop them before they do it. The ability to do that will follow naturally from having the information. Chairman Schumer. Dr. Anderson. Mr. Anderson. I agree completely. I would like to say, though, that there are no 100 percent solutions in this environment. Chairman Schumer. In this area, we would settle for 50 percent. Mr. Anderson. Senator, I think that is the most important point. We need to do what we can do now. If we can address 60 percent of the containers that are coming into the country, we need to do that. The airport analogy is a great one because any one of us goes to an airport, we are all treated the same way. But the bottom line is, through some simple identification means and methods, we could probably reduce that number to 30 or 40 percent. And how much better would we be in scrutinizing that percentage of the entire population? A lot better. So we do what we can do now. And to the extent that we can get people to input a central system, we ought to do it, but I do not think we are going to get 100 percent willingness and ability, short of forcing agencies of government to contribute. Chairman Schumer. Last word, Dr. Light. Mr. Light. It is kind of a ``Field of Dreams'' phenomenon, isn't it? I mean, if we build it, will it come? And the answer is that I think that if you build an integrated system and you put authority behind it, I think we will probably do better than 50 percent, less than 100 percent. It is part of a broad attack on this particular problem, which has an asymmetry to it. We do not know where the next attack will come from. All we can do is be prudent and use due diligence to respond. So if it can be built and it does not cost every last penny in our coffers, I would say let's try. Chairman Schumer. Jeff. Senator Sessions. Thank you. Chairman Schumer. I thank all of you. Senator Sessions. It is very interesting and a great discussion. The best example I know of, of really uniting behind a concept, was when your former Mayor, Rudy Giuliani, was Associate Attorney General, he declared that we did not want Federal agencies in Washington setting the policy of every one of the offices in America, that each region would meet and set their priorities. And it caused quite a stir, because the FBI thought they should decide what their priorities were. So did DEA, and so did Customs. But because the President said, we are going to do it, and Rudy Giuliani's drive and vision, he just overcame the bureaucracy. And it just happened. And it is still out there functioning. I do no think quite as well. I think the agencies have sort of stovepiped since then. But for a glorious time there of several years, there was real unity within Federal law enforcement. If you create a new Cabinet position, there is just one more Cabinet position. That Cabinet position cannot order the Attorney General or the Secretary of Treasury or the Secretary of Transportation to do anything. It is ultimately the President. So I do not think we should dismiss entirely what is happening now with Mr. Ridge, because I think that what the President essentially said was, ``This needs a lot of time, a lot of personal attention. There are a lot of bureaucratic problems out there. I want to be personally engaged in it, but I cannot personally do everything, so I am choosing somebody I trust to be engaged in it, to advise me. All of this is an Executive Branch function, and they are to come to me and we will make sure that things happen.'' The way I understand what Mr. Ridge has done and does do, is he meets with agencies where there is a dispute--like you used to do, George--within the Department of Justice, but he is doing it within the whole government. He says, ``Well, having heard all this, I think Treasury, you should give it up to Justice.'' And they say, ``No, we are not going to do it. You do not have any legislative authority.'' And what does Mr. Ridge say? ``Well, let's just go meet with the President, and we will talk about it.'' Well, then the agency heads say, ``Well, maybe we need to settle this thing. We really do not want to go to the President, bickering over some jurisdictional matter.'' And things do happen that way. So a good, strong leader, who has the personal confidence of the President, could even in some ways be more effective because he is known to speak directly to the President of the United States. If he is given one more Cabinet head, I am not sure that would have as much clout in this area. It is a complex deal, and I can remember the battles over intelligence within the Department of Justice--just brutal sometimes. I would say, you mentioned, Dr. Light, and I know Mr. Panetta did, and I am sorry I did not have time to question him, but there is a lot of power in the OMB, within the Administration. In other words, if an agency asked for money to start their intelligence system and another agency is asking for money to do theirs, and the President has to submit a budget, and he picks the one he wants. Could you explain the power of OMB and how that could be a vehicle for eliminating duplicity and creating some coherence in our government? Mr. Light. In theory, the budget requests move up from the bottom of that agency and eventually reach a decision point where somebody, a program associate deputy, would basically say, there is a conflict here, or we need to integrate. I think where Governor Ridge has had his greatest influence has been affecting the movement of budget information regarding the homeland security function. Currently within OMB, there is nobody per se who integrates across the various program associate program levels to say, okay, here is the homeland security issue. That goes all the way up to the Director's office, which would be Mitch Daniels, and one assumes that he looks at every budget request through the lens of what is the total for homeland security. Senator Sessions. But I guess the point is, assuming you had it staffed properly, that is traditionally thought to be the spot where duplications in organizations get fixed. Is that right? Or at least it has that potential. Mr. Light. On information technology, there is no question that Congress has given OMB responsibility for integrating and modernizing our computer systems. No doubt about it whatsoever. We have the Office of Federal Procurement Policy within OMB, which has been responsible for streamlining the way we purchase technology. The deputy director for management is theoretically responsible for convening the council of CIOs from around government. I mean, this all is supposed to happen within OMB. But you know, it is a moving process, and if you do not get the attention to it, and if you do not focus on it, we do not get the result we want. Senator Sessions. Mr. Terwilliger, sometimes OMB does not catch it, or maybe it is below their radar screen. Do you remember the duplication between ATF and FBI over forensic analysis of firearms? To me, that was a classic unfortunate event when two Federal agencies were competing around the country, trying to get their system chosen throughout the country. Mr. Terwilliger. That is true. And as you know, Senator Sessions, there have been a number of those. When the FBI was developing automated fingerprint identification, one of the Treasury agencies started a program to do that. In fact, Attorney General Barr and I at one point tried to create a law enforcement technology council and budgetary function with the blessing of OMB. Every law enforcement agency in the government, including our own, objected to it. But I think that those experiences have to be put in a proper perspective. What we are really grappling with here is that we have never had this particular issue before, at least since 1812. And if we had this problem at the beginning of the 19th Century, we would call the Army and ask them to go take care of it. That is not, for a number of reasons, a very good idea right now. So what we are really talking about is, how do we deal with a pernicious, serious threat to the security of the homeland of the United States? The President has chosen to create a domestic analog to the NSC. But the NSC largely--I have sat at the table in the situation room of the deputies committee of the NSC--and the NSC largely has a policymaking function, and then the agencies at the table carry that policy out, and that policy carries the President's authority. I think what we are talking about in terms of the tasks that involve homeland security, it does certainly involve policy, but it is much more than that, particularly when it comes to information management, consequences management, and preemption of attack. Senator Sessions. Mr. Chairman, we tend to blame the Executive Branch, but a lot of these things are congressionally created. We have said, ``Secret Service, you have this jurisdiction. You have this authority.'' ``Coast Guard, you have this authority by law.'' So Mr. Ridge--or whoever is in charge of trying to work this--has got to utilize existing agencies, unless we intend to do the most monumental reorganization of agencies the government has ever seen, and maybe that is not a bad idea. Chairman Schumer. Everyone talked about turf in the Executive Branch--something unheard of in the Congress. [Laughter.] Senator Sessions. Well-said. So I mean probably the best way to do this thing is to make sure that the Border Patrol agent, the Customs agent on the docks, the DEA agent who may be monitoring an international smuggling organization, the FBI agent who is doing counterintelligence in organized crime and those kind of things, probably we are going to be stuck with this solution, making sure that they are moving relevant information promptly to the right places when it is uncovered in the course of their work, and perhaps giving each one of them some expanded additional duties with regard to homeland security, enhancing that as a priority of theirs. So then how do you at the top fix that? Do you try to create a separate Cabinet agency that basically is going to be dealing with all the other Cabinet secretaries and their subordinate units? Or does the President try to have his personal coordinator to try to coordinate? Do you have any comments on that? Mr. Terwilliger. Senator, if I may just make an observation? You have several times brought your perspective of how decisions here in Washington affect how the people we are depending on in the street do their jobs. One of the things from talking to some of those people since 9/11 that I think is critically important for the Congress to bear in mind and deal with is, we have to give them the clear and unambiguous legal authority for what we ask them to do. Right now, I think there are law enforcement agents and others out in the field doing things that they have been asked operationally to do that they are not sure they really have the authority to do, or at least there is uncertainty. That is not fair to them, and it is not very efficacious in the long term. Senator Sessions. And that is our responsibility as Congress to give them that legislative authority. All our agencies are limited, Mr. Chairman. They are given jurisdiction over certain kinds of crime and only those kinds of crimes. And sometimes that does impede their ability to reach their maximum effectiveness. Mr. Light. I suspect that what we are going to end up with a border control agency and a statutory adviser for Homeland Security. I suspect that is where this confluence of debate is heading, that we do not have the wisdom to put together a Cabinet department just yet, but there is this old saying that if it ain't broke, don't fix it, and then, if it ain't broke, don't break it. Well, you have a couple of agencies under this Committee's jurisdiction that are pretty badly broken, and you are going to have to do something. The INS problems are going to lead inevitably towards reorganization. Where does that take us in terms of a border control agency? And on the other side, we want a strong policy adviser who is allowed to testify before Congress. I do not know what the shape is going to be, but I would put money on that particular outcome sometime later this year. Chairman Schumer. But we are not sure that would deal with the information sharing, which is, to me, at least, the most important one of them all. Mr. Light. And I think that you, the Subcommittee here, should be working on the tasking on this particular issue. It is a fundamentally important question that you are raising in this hearing, and it is one that is not being worked anywhere else in this conversation that I know of. If you can come up with that supercomputer or you can come up with that answer, put it in a bill and get it through. Nobody is working this issue with diligence. Chairman Schumer. Because we are all divided, too. We had Justice and all of their agencies, but there are lots of others. Senator Sessions. And we have legislation. We have at least four or five bills now with different ideas about how to organize this thing. So there are a lot of different ideas out there. Sooner or later, we have to be realistic and do something that makes a big step forward, which I believe we can do. I do not think that anybody would disagree that, if we focused on it, we can make a large improvement from our current status. Mr. Anderson. I do not think this really, Senator, should be viewed in general terms any differently than the way we view national security. We have a number of different Cabinet secretaries with very clearly defined responsibilities, and departments with very clearly defined functions. They coordinate through the National Security Council and there is a National Security Advisor. It would seem to me that we should have the equivalent on the homeland security side and at least one Cabinet secretary, who consolidates potentially the border responsibilities, which seem to be at this point our most critical vulnerability. But it would seem in general, and certainly this is far more complex and involves far many more agencies, but the national security apparatus would probably be, in my view, a good starting point for the way to approach this problem organizationally going forward. Chairman Schumer. Jeff has a few more questions. I have a 12 o'clock appointment, so I am just going to excuse myself, thank the witnesses, and let Jeff continue to chair the hearing and close it. Senator Sessions. Thank you, Mr. Chairman, for your leadership. Chairman Schumer. I really appreciate it. It was really excellent, and it is getting us thinking. Senator Sessions. It is important for us to be thinking about this. I am inclined to think the National Security Council adviser model may be the right approach, too, Mr. Anderson. In other words, this would be a person that answers directly to the President. It today coordinates international matters, and advises the President from the multiplicity of sources of information that come in. A good bit of information comes in outside of the State Department, so State should not be the only person advising the President on foreign policy issues. So you could do that for homeland security. Would the three of you like to briefly just comment on that model as a potential? You already have, Mr. Anderson. Would the other two like to comment on that? Mr. Light. The analogy is often made between the Office of Homeland Security and the NSC. I think there are some areas where the analogy is appropriate, and other areas where it is not. The Office of Homeland Security has a public face to it that the NSC and the National Security Advisor do not. Governor Ridge has a dissemination and a public awareness function, a coordination function, that is fairly significant, and I think leads us more towards thinking of him as we would the Director of OMB or the international trade representative or the drug czar. But I think that takes us a somewhat different direction. Mr. Terwilliger. I think, Senator Sessions, that at least the President intended to mirror in many respects the NSC model and the NSC adviser's model in creating the current Office of Homeland Security and Governor Ridge's position. But because there is no one else to do a lot of the other things that go with the issue and the tasks of homeland security, I think that office has been inundated with responsibility that goes well beyond anything we would expect in the national security arena for the National Security Advisor to do. So it may very well be that we will always need that kind of function, a domestic security adviser at the White House. The question remains whether we need something else in addition to that. There are two ways to go about that. Senator Sessions. Well, you could put those within existing agencies. Mr. Terwilliger. Exactly. Or you can create some new agency, which would mean taking some functions from other agencies. When I was Deputy Attorney General, I would attend the TREVI ministers conference, which is the G-7 nations international organization to deal with terrorism and immigration. And most of my counterparts at those meetings were from the ministry of the interior in the European nations, for example. Their chief legal officers do not function as our Attorney General does. They do not run the police. They do not handle internal security. That is in a separate ministry. We have just evolved in a different way. It may be that, given time, I think--I am not advocating for or against this-- it just may be that given time and maturity, that the idea of having someone of Governor Ridge's authority under presidential order as a domestic analog to the National Security Advisor may work. The question that I have about that is whether we have the time to let that mature, given the threat that we are facing. Senator Sessions. Dr. Light, just briefly, you mentioned the distinction between the National Security Advisor and the drug czar. Are you aware of their legislative powers and how they are different, and why one might be preferable to the other? Mr. Light. The drug czar, as well as the international trade rep, are subject to Senate confirmation, which I think is important. The drug czar has some certification authorities regarding budgets. I think if we look at the drug czar and say, you know, ``Gee, how successful has that been in the war on drugs?'' I am not sure we would all say that is the model. But you look at the international trade rep and the OMB Director and other Executive Office of the President's positions, and there is that legal basis for action. I am reminded here that, you know, the Office of Homeland Security is currently responsible for the homeland security advisory system, which alerts the American public to the level of threat. But again, we are in a situation where the adviser himself cannot come before Congress to explain why it is that we are in one level of threat or another. I agree with my colleague here that a lot of responsibilities have flowed into this office that have gone there because there is no place else to go, in a sense. Senator Sessions. Any other thoughts on that subject? Well, it is a difficult matter, how to organize this government. As a United States Attorney, you represent the United States Government, and I used to have a little phrase. It would say something like: ``Here are the agencies; the United States of America is one. It can only speak with one voice.'' But the agencies become so independent over the years that they think that they have a right to do policies contrary to another agency's policies and conflict with them and fight with them. But they have no authority to do that. They were created to be part of one government, and when you get to court, there is only one position the United States can take. So it always has taught me a lesson that there is only one goal for our agencies, and that is to serve the United States' interest. And how we do it is very difficult. I remember writing Associate Attorney General Rudy Giuliani a wonderful letter I spent days writing, telling him that he should merge not DEA with FBI, but merge ATF with DEA. ATF and DEA--that would be a perfect match. And he said ``It cannot be done.'' I said ``why?'' And he said, ``Well, that is Treasury and Justice. We cannot even merge people within Justice. How are we going to get the Secretary of Treasury's agency to merge with Justice?'' That was a lesson for me in how a bureaucracy works and how difficult it is to overcome. Thank you very much for your insight. We have to continue to wrestle with this. I thank Senator Schumer for his leadership in calling this hearing. I know, having suffered as he did in New York--the pain of all of that--he feels a particularly strong mission to make sure that we do everything we can to make sure that does not happen again. If there is nothing else, we will stand adjourned. [Whereupon, at 12:18 p.m., the hearing was adjourned.] [Submissions for the record follow.] SUBMISSIONS FOR THE RECORD Statement of Senator Patrick Leahy, U.S. Senator from the State of Vermont Today the Senate Judiciary Subcommittee on Administrative Oversight and Courts holds an important hearing on the sharing of information and the power of the Office of Homeland Security, and I thank Senator Schumer for his focused attention on this issue. The Judiciary Committee has a critical oversight responsibility to ensure that counterterrorism information is properly shared among Federal Government agencies and that homeland security functions are managed effectively. The apparent mission and authority of the Office of Homeland Security relate extensively and directly to the Department of Justice and to Federal law enforcement and border control operations for which the Judiciary Committee has legislative and oversight jurisdiction. Strong leadership is needed to bring together the necessary organizations, both within and outside the Justice Department, and design procedures, with adequate safeguards against abuse, for sharing information across agencies that have different missions, information technologies, policies and cultures. Policies for sharing counterterrorism information were among the most controversial issues during congressional consideration of the USA PATRIOT Act last year. There was wide agreement on the principle that unnecessary barriers to the sharing of intelligence and law enforcement information on international terrorism should be removed. At the same time, there was great concern that sensitive information, such as information derived from grand juries or surreptitious wiretaps, should not be shared without close supervision by Federal judges who have traditionally played an important role in overseeing the grand jury and electronic surveillance process. Another controversial issue was the scope of information sharing that would be permitted for purposes beyond counterterrorism. As enacted, in Section 203, the USA PATRIOT Act reduced but did not completely eliminate the role of the courts in the sharing of grand jury information. The Act also provided for the sharing of foreign intelligence information from criminal investigations for national security purposes beyond counterterrorism, but definitions and procedural safeguards were included in an effort to minimize the dissemination of ``foreign intelligence'' about lawful activities of United States persons and domestic groups acquired incidentally in criminal investigations. The new law, in Section 905, also requires law enforcement agencies to notify the Intelligence Community when a criminal investigation reveals information of foreign intelligence value. I noted upon passage of the USA PATRIOT Act that the Judiciary Committee has a responsibility to exercise careful and continuing oversight with respect to implementation of the information sharing provisions of the USA PATRIOT Act. On April 11, 2002, the Attorney General made an announcement on information sharing that directed ``the Assistant Attorney General for Legal Policy, in consultation with the Justice Department's Criminal Division, to draft for consideration and promulgation, procedures, guidelines, and regulations to implement Sections 203 and 905 of the USA PATRIOT Act in a manner that makes consistent and effective the standards for sharing of information, including sensitive or legally restricted information, with other Federal agencies.'' The Attorney General stated, ``Those standards should be directed toward, consistent with law, the dissemination of all relevant information to Federal officials who need such information in order to prevent and disrupt terrorist activity and other activities affecting our national security. At the same time, the procedures, guidelines, and regulations should seek to ensure that shared information is not misused for unauthorized purposes, disclosed to unauthorized personnel, or otherwise handled in a manner that jeopardizes the rights of U.S. persons, and that its use does not unnecessarily affect criminal investigations and prosecutions. The standards adopted will govern the coordination of information directed by this memorandum, and [sic] well as other voluntary or mandated sharing of criminal investigative information.'' I welcome the Attorney General's assignment of responsibility for the drafting of these information sharing procedures, and I look forward to consultation by the Department of Justice with this Committee before rules are promulgated on such an important matter. Information sharing involves technology and cultural issues as well as policy considerations. Over the past month the full Judiciary Committee has held two hearings on the FBI that highlighted the weaknesses in the Bureau's information technology and security. On March 21, 2002, the Justice Department Inspector General described serious information management problems that contributed to the delay in producing documents in the Oklahoma City bombing case. On April 9, 2002, Judge Webster discussed his Commission's report findings on information security flaws that helped make it possible for FBI Agent Robert Hanssen to commit espionage undetected. At both hearings, senior FBI officials described the challenges they face in designing and deploying new information technologies and management tools to meet the operational and security needs of the FBI. Today's hearing reminds us that the FBI cannot function in isolation from the rest of the Justice Department or from other Federal agencies. Other Justice Department components such as the Immigration and Naturalization Service, the Criminal Division, the Office of Intelligence Policy and Review, and the new Foreign Terrorist Tracking Task Force share responsibility for counterterrorism and homeland security and are at different stages in their development and use of information technologies. The appointment of Mr. Vance Hitch as new Chief Information Officer for the Department of Justice is a welcome opportunity for leadership that integrates the work of Departmental components internally and with other agencies. I encourage all elements of the Justice Department to work closely with Mr. Hitch to achieve as much collaboration as possible in the design of technologies and information sharing policies that achieve shared national counterterrorism and homeland security objectives. Many of those national objectives and required actions have been set out by the President in a series of policy directives based on the advice of Governor Ridge, with the support of the staff of the Homeland Security Office. Presidential decisions on homeland security are coordinated through interagency bodies chaired by Governor Ridge and his staff. Several witnesses today will testify as to the advantages and disadvantages of various legislative proposals to enhance or supplement the limited powers that Governor Ridge and his office currently have under Presidential directives. Whatever may be the legislative route, however, it is important to stress that the Department of Justice and law enforcement agencies generally have the principal domestic role in the operational implementation of the President's counterterrorism and homeland security policies. If any new Senate-confirmed positions are established to lead counterterrorism or homeland security organizations that directly and substantially affect Federal law enforcement, either in the White House office or in a new department or agency, the Judiciary Committee has the duty to ensure that the nominees are qualified to perform the functions of their office and to oversee their performance. In any event, this Committee, both through the work of the full Committee and the capable leadership of its subcommittee chairmen, will continue to monitor and engage in constructive and productive dialog with the Administration and Justice Department in this important work. __________ Department of Justice, Washington, DC., April 26, 2002. Hon. Charles Schumer, Chairman, Subcommittee on Administrative Oversight and the Courts, Committee on the Judiciary, U.S. Senate, Washington, DC. Dear Mr. Chairman: I am writing to clarify two statements that were made concerning the admission of Mohammed Atta and the issuance of Forms I-20 to Atta and Marwan Al-Shehhi during opening remarks at the April 17, 2002 hearing of the Senate Judiciary Committee, Subcommittee on Administrative Oversight and the Courts. I ask that you enter this letter into the hearing record. In your opening statement, you said that, ``since September 11, 2001 every local, State, and Federal Government agency has been scrambling to repair the holes in our homeland defense,'' and cited ``sending student visas to known terrorists'' as an example. On March 19, 2002, before the House Committee on the Judiciary, Subcommittee on Immigration and Claims, Commissioner Ziglar testified that, contrary to some reports, the Immigration and Naturalization Service (INS) did not recently approve the applications for Atta and Al-Shehhi to change their non-immigrant status. Adjudication of Atta's change of status application took place on July 17, 2001, and adjudication of Al- Shehhi's change of status application took place on August 9, 2001. What Huffman Aviation International School received on March 11, 2002, were file copies of paperwork originally prepared on behalf of Atta and Al-Shehhi. No new visas were issued and no new decisions were reflected in the documents sent to them. It has been acknowledged that prior INS procedures and contract terms for data entry and the mailing of student approvals were not effective or desirable--both have changed. Commissioner Ziglar has ordered that student notifications (I-20s) be mailed directly to the schools at the time of adjudication. In addition, INS procedures and the related contract have been modified to ensure that schools are promptly notified when a student enters the United States at a port-of- entry. You also summarized your perception of the information-sharing problem by quoting Larry Ellison of Oracle, who said that, ``We knew that Mohammed Atta was wanted. We just didn't check the right database when he came into the country.'' As the Commissioner has testified, Atta was not the subject of a lookout or watch list at any time that he was admitted into the United States. Again, let me emphasize that the INS had no intelligence information that Atta was a potential terrorist. Thank you for the opportunity to explain this information to you. Please contact me if you have additional questions or concerns about this or any other immigration-related matter. Sincerely, Joseph Karpinski, Director, Congressional Relations and Public Affairs,