Congressional Record: September 28, 2006 (Senate) Page S10463-S10471 STATEMENT ON INTRODUCED BILLS AND JOINT RESOLUTIONS By Mr. AKAKA (for himself and Mr. Lautenberg): S. 3968. A bill to affirm the authority of the Comptroller General to audit and evaluate the programs, activities, and financial transactions of the intelligence community, and for other purposes; to the Select Committee on Intelligence. Mr. AKAKA. Mr. President, I rise to introduce ``The Intelligence Community Audit Act of 2006,'' with Senator Lautenberg which would reaffirm the Comptroller General of the United States and head of the Government Accountability Office's, GAO, authority to audit the financial transactions and evaluate the programs and activities of the intelligence community (IC). Representative Bennie Thompson, ranking member of the House Homeland Security Committee, is introducing similar legislation. The bill Senator Lautenberg and I offer today is in keeping with legislation introduced in 1987 by Senator John Glenn, the former chairman of the Governmental Affairs Committee, to ensure more effective oversight of the Central Intelligence Agency (CIA) in the wake of the Iran-Contra scandal. [[Page S10464]] The need for greater oversight and availability of information to appropriate congressional committees is not new. What is new is that Congress does not have the luxury of failure in this era of terrorism. Failure brings terrible consequence. Since 9/11, effective oversight is needed now more than ever for two very basic reasons: First, intelligence reforms have spawned new agencies with new intelligence functions demanding even more inter- agency cooperation. The Congress needs to ensure that these agencies have the assets, resources, and capability to do their job in protecting our national security. However, now the Congress cannot do its job properly, in part, because its key investigative arm, the Government Accountability Office, is not given adequate access to the intelligence community, led by the Director of National Intelligence (DNI). Moreover, intelligence oversight is no longer the sole purview of the Senate and House intelligence committees. Other committees have jurisdiction over such departments as Homeland Security, State, Defense, Justice, Energy, and even Treasury and Commerce, which, in this war on terrorism, have intelligence collection and sharing responsibilities. Nor is the information necessary for these committees to exercise their oversight responsibilities restricted to the two intelligence committees as their organizing resolutions make clear. Unfortunately, the intelligence community stonewalls the GAO when committees of jurisdiction request that GAO investigate problems despite the clear responsibility of Congress to ensure that these agencies are operating effectively to protect America. This is not always the case. Some agencies recognize the valuable contribution that GAO makes in improving the quality of our intelligence. As Lieutenant General Lew Allen, Jr., then Director of the National Security Agency (NSA), observed in testimony before the Senate Select Committee To Study Governmental Operations With Respect To Intelligence Activities, on October 29, 1975: ``Another feature of congressional review is that since 1955 resident auditors of the General Accounting Office have been assigned at the Agency to perform on-site audits. Additional GAO auditors were cleared for access in 1973, and GAO, in addition to this audit, is initiating a classified review of our automatic data processing functions.'' Not surprisingly, this outpost of the GAO still exists at the NSA. Second, and equally important, is the inability of Congress to ensure that unfettered intelligence collection does not trample civil liberties. New technologies and new personal information data bases threaten our individual right to a secure private life, free from unlawful government invasion. The Congress must ensure that private information being collected by the intelligence community is not misused and is secure. Over 30 years ago, Senator Charles Percy urged Congress to ``act now to gain control over the Government's dangerously proliferating police, investigative, and intelligence activities.'' He noted that ``we find ourselves threatened by the specter of a `watchdog' Government, breeding a nation of snoopers.'' The privacy concerns expressed by our former colleague have become vastly more complicated. As I have noted, the institutional landscape has become littered with new intelligence agencies with ever-increasing demands and responsibilities on law enforcement at every level of government since the establishment of the Department of Homeland Security and the passage of the Intelligence Reform and Terrorism Prevention Act of 2004. They have the legitimate mission to protect the country against potential threats. Congress' role is to ensure that their mission remains legitimate. The intelligence community today consists of 19 different agencies or components: the Office of the Director of National Intelligence; Central Intelligence Agency; Department of Defense; Defense Intelligence Agency; National Security Agency; Departments of the Army, Navy, Marine Corps, and Air Force; Department of State; Department of Treasury; Department of Energy; Department of Justice; Federal Bureau of Investigation; National Reconnaissance Office; National Geospatial- Intelligence Agency; Coast Guard; Department of Homeland Security, and the Drug Enforcement Administration. I ask unanimous consent that a memorandum prepared by the Congressional Research Service, entitled ``Congressional Intelligence Oversight,'' be included in the Record. As both House Rule 48 and Senate Resolution 400 establishing the intelligence oversight committees state, ``Nothing in this [charter] shall be construed as amending, limiting, or otherwise changing the authority of any standing committee of the [House/Senate] to obtain full and prompt access to the product of the intelligence activities of any department or agency of the Government relevant to a matter otherwise within the jurisdiction of such committee.'' Despite this clear and unambiguous statement, the ability of non- intelligence committees to obtain information, no matter how vital to improving the security of our Nation, has been restricted by the various elements of the intelligence community. Two recent incidents have made this situation disturbingly clear. At a hearing entitled ``Access Delayed: Fixing the Security Clearance Process, Part II,'' before the Subcommittee on Oversight of Government Management, the Federal Workforce, and the District of Columbia on which I serve as Ranking Member, on November 9, 2005, GAO was asked about steps it would take to ensure that the Office of Personnel Management (OPM), the Office of Management and Budget, and the intelligence community met the goals and objectives outlined in the OPM security clearance strategic plan. Fixing the security clearance process, which is on GAO's high-risk list, is essential to our national security. But as GAO observed in a written response to a question raised by Senator Voinovich, ``while we have the authority to do such work, we lack the cooperation we need to get our job done in that area.'' The intelligence community is blocking GAO's work in this essential area. A similar case arose in response to a GAO investigation for the Senate Homeland Security Committee and the House Government Reform Committee on how agencies are sharing terrorism-related and sensitive but unclassified information. The report, entitled ``Information Sharing, the Federal Government Needs to Establish Policies and Processes for Sharing Terrorism-Related and Sensitive but Unclassified Information'' (GAO-06-385), was released in March 2006. At a time when Congress is criticized by members of the 9-11 Commission for failing to implement its recommendations, we should remember that improving terrorism information sharing among agencies was one of the critical recommendations of the 9-11 Commission. Moreover, the Intelligence Reform and Terrorism Prevention Act of 2004 mandated the sharing of terrorism information through the creation of an Information Sharing Environment. Yet, when asked by GAO for comments on the GAO report, the Office of the Director of National Intelligence refused, stating that ``the review of intelligence activities is beyond GAO's purview.'' However, as a Congressional Research Service memorandum entitled ``Overview of `Classified' and `Sensitive but Unclassified' Information,'' concludes, ``it appears that pseudo-classification markings have, in some instances, had the effect of deterring information sharing for homeland security.'' I ask unanimous consent that the memo be printed in the Record following my remarks. Unfortunately I have more examples, that predate the post 9-11 reforms. Indeed, in July 2001, in testimony entitled ``Central Intelligence Agency, Observations on GAO Access to Information on CIA Programs and Activities'' (GAO-01-975T) before the House Committee on Government Reform, the GAO noted, as a practical matter, ``our access is generally limited to obtaining information on threat assessments when the CIA does not perceives [sic] our audits as oversight of its activities.'' I ask consent that this testimony also be printed following my remarks. It is inconceivable that the GAO--the audit arm of the U.S. Congress--has been unable to conduct evaluations of the CIA for over 40 years. [[Page S10465]] If the GAO had been able to conduct basic auditing functions of the CIA, perhaps some of the problems that were so clearly exposed following the terrorist attacks in September 2001 would have been resolved. And yet, it is extraordinary that five years after 9-11 the same problems persist. Once more I refer to Senator Glenn's bill S. 1458, the ``General Accounting Office-Central Intelligence Agency Audit Act of 1987.'' On its introduction he said, ``in the long run, I believe carefully controlled GAO audits of CIA will lower the probability of future abuses of power, boost the credibility of CIA management, increase the essential public support the Agency's mission deserves, assist the Congress in conducting meaningful oversight, and in no way compromise the CIA mission.'' Unfortunately, S. 1458 did not become law, and nearly 20 years later, the CIA's apparent management challenges led to the creation of the Director of National Intelligence with the Intelligence Reform Act of 2004. If Senator Glenn's proposal made in 1987 had been accepted, perhaps, again, some of the problems that became apparent with our intelligence agencies following 9-11 might never have occurred. I want to be clear that my legislation does not detract from the authority of the intelligence committees. In fact, the language makes explicit that the Comptroller General may conduct an audit or evaluation of intelligence sources and methods or covert actions only upon the request of the intelligence committees or at the request of the congressional majority or minority leaders. The measure also prescribes for the security of the information collected by the Comptroller General. However, my bill reaffirms the authority of the Comptroller General to conduct audits and evaluations--other than those relating to sources and methods, or covert actions--relating to the management and administration of elements of the intelligence community in areas such as strategic planning, financial management, information technology, human capital, knowledge management, information sharing, and change management for other relevant committees of the Congress. Attached is a detailed description of the legislation. I urge my colleagues to join me in supporting this legislation. I ask unanimous consent that the text of the bill be printed in the Record. There being no objection the materials were ordered to be printed in the Record, as follows: Congressional Research Service, Washington, DC, September 14, 2006. Subject: Congressional Oversight of Intelligence. From: Alfred Cumming, Specialist in Intelligence and National Security Foreign Affairs, Defense, and Trade Division. This memorandum examines the intelligence oversight structure established by Congress in the 1970s, including the creation of the congressional select intelligence committees by the U.S. House of Representatives and the Senate, respectively. It also looks at the intelligence oversight role that Congress reserved for congressional committees other than the intelligence committees; examines certain existing statutory procedures that govern how the executive branch is to keep the congressional intelligence committees informed of U.S. intelligence activities; and looks at the circumstances under which the two intelligence committees are expected to keep congressional standing committees, as well as both chambers, informed of intelligence activities. If I can be of further assistance, please call at 707-7739. Background In the wake of congressional investigations into Intelligence Community activities in the mid-1970s, the U.S. Senate in 1976 created a select committee on intelligence to conduct more effective oversight on a continuing basis. The U.S. House of Representatives established its own intelligence oversight committee the following year. Until the two intelligence committees were created, other congressional standing committees--principally the Senate and House Armed Services and Appropriations committees--shared responsibility for overseeing the intelligence community. Although willing to cede primary jurisdiction over the Central Intelligence Agency (CIA) to the two new select intelligence committees, these congressional standing committees wanted to retain jurisdiction over the intelligence activities of the other departments and agencies they oversaw. According to one observer, the standing committees asserted their jurisdictional prerogatives for two reasons--to protect ``turf,'' but also to provide ``a hedge against the possibility that the newly launched experiment in oversight might go badly.'' Intelligence Committees' Statutory Obligations Under current statute, the President is required to ensure that the congressional intelligence committees are kept ``fully and currently informed'' of U.S. intelligence activities, including any ``significant anticipated intelligence activity, and the President and the intelligence committees are to establish any procedures as may be necessary to carry out these provisions. The statute, however, stipulates that the intelligence committees in turn are responsible for alerting the respective chambers or congressional standing committees of any intelligence activities requiring further attention. The intelligence committees are to carry out this responsibility in accordance with procedures established by the House of Representatives and the Senate, in consultation with the Director of National Intelligence, in order to protect against unauthorized disclosure of classified information, and all information relating to sources and methods. The statute stipulates that: ``each of the congressional intelligence committees shall promptly call to the attention of its respective House, or to any appropriate committee or committees of its respective House, any matter relating to intelligence activities requiring the attention of such House or such committee or committees.'' This provision was included in statute after being specifically requested in a letter from then Senate Foreign Relations Chairman Frank Church and Ranking Minority Member Jacob Javits in an Apr. 30, 1980 letter to then-intelligence committee Chairman Birch Bayh and Vice Chairman Barry Goldwater. Intelligence Committee Obligations Under Resolution In an apparent effort to address various concerns relating to committee jurisdiction, the House of Representatives and the Senate, in the resolutions establishing each of the intelligence committees, included language preserving oversight roles for those standing committees with jurisdiction over matters affected by intelligence activities. Specifically, each intelligence committee's resolution states that: ``Nothing in this [Charter] shall be construed as prohibiting or otherwise restricting the authority of any other committee to study and review any intelligence activity to the extent that such activity directly affects a matter otherwise within the jurisdiction of such committee.'' Both resolutions also stipulate that: Nothing in this [charter] shall be construed as amending, limiting, or otherwise changing the authority of any standing committee of the [House/Senate] to obtain full and prompt access to the product of the intelligence activities of any department or agency of the Government relevant to a matter otherwise within the jurisdiction of such committee. Finally, both charters direct that each intelligence committee alert the appropriate standing committees, or the respective chambers, of any matter requiring attention. The charters state: The select committee, for the purposes of accountability to the [House/Senate] shall make regular and periodic reports to the [House/Senate] on the nature and extent of the intelligence activities of the various departments and agencies of the United States. Such committee shall promptly call to the attention of the [House/Senate] or to any other appropriate committee or committees of the [House/Senate] any matters requiring the attention of the [House/Senate] or such other appropriate committee or committees. Cross-over Membership Both resolutions also direct that the membership of each intelligence committee include members who serve on the four standing committees that historically have been involved in intelligence oversight. The respective resolutions designate the following committees as falling in this category: Appropriations, Armed Services, Judiciary, and the Senate Foreign Relations Committee and the House International Relations Committee. Although each resolution directs that such cross-over members be designated, neither specifies whether cross-over members are to play any additional role beyond serving on the intelligence committees. For example, neither resolution outlines whether cross-over members are to inform colleagues on standing committees they represent. Rather, each resolution directs only that the ``intelligence committee'' shall promptly call such matters to the attention of standing committees and the respective chambers if the committees determine that they require further attention by those entities. Summary Conclusions Although the President is statutorily obligated to keep the congressional intelligence committees fully and currently informed of intelligence activities, the statute obligates the intelligence committees to inform the respective chambers, or standing committees, of such activities, if either of the two committees determine that further oversight attention is required. Further, resolutions establishing the two intelligence committees make clear that the intelligence committees share intelligence oversight responsibilities with other standing committees, to the extent that certain intelligence activities affect matters that fall under the jurisdiction of a committee other than the intelligence committees. Finally, the resolutions establishing the intelligence committees provide for the designation of ``cross-over'' members representing certain standing committees that [[Page S10466]] played a role in intelligence oversight prior to the establishment of the intelligence committees in the 1970s. The resolutions, however, do not specify what role, if any, these ``cross-over'' members play in keeping standing committees on which they serve informed of certain intelligence activities. Rather, each resolution states that the respective intelligence committee shall make that determination. ____ Congressional Research Service, July 18, 2006. Memorandum Subject: Overview of ``Classified'' and ``Sensitive but Unclassified'' Information From: Harold C. Relyea, Specialist in American National Government, Government and Finance Division Prescribed in various ways, federal policies may require the protection of, or a privileged status for, particular kinds of information. This memorandum provides a brief introduction to, and overview of, two categories of such information policy. The first category is demarcated largely in a single policy instrument--a presidential executive order--with a clear focus and in considerable detail: the classification of national security information in terms of three degrees of harm the disclosure of such information could cause to the nation, resulting in Confidential, Secret, and Top Secret designations. The second category is, by contrast with the first, much broader in terms of the kinds of information it covers, to the point of even being nebulous in some instances, and is expressed in various instruments, the majority of which are non-statutory: the marking of sensitive but unclassified (SBU) information for protective management, although its public disclosure may be permissible pursuant to the Freedom of Information Act (FOIA). These two categories are reviewed in the discussion set out below. Security Classified Information Current security classification arrangements, prescribed by an executive order of the President, trace their origins to a March 1940 directive issued by President Franklin D. Roosevelt as E.O. 8381. This development was probably prompted somewhat by desires to clarify the authority of civilian personnel in the national defense community to classify information, to establish a broader basis for protecting military information in view of growing global hostilities, and to manage better a discretionary power seemingly of increasing importance to the entire executive branch. Prior to this 1940 order, information had been designated officially secret by armed forces personnel pursuant to Army and Navy general orders and regulations. The first systematic procedures for the protection of national defense information, devoid of special markings, were established by War Department General Orders No. 3 of February 1912. Records determined to be ``confidential'' were to be kept under lock, ``accessible only to the officer to whom intrusted.'' Serial numbers were issued for all such ``confidential'' materials, with the numbers marked on the documents, and lists of same kept at the offices from which they emanated. With the enlargement of the armed forces after the entry of the United States into World War I, the registry system was abandoned and a tripartite system of classification markings was inaugurated in November 1917 with General Orders No. 64 of the General Headquarters of the American Expeditionary Force. The entry of the United States into World War II prompted some additional arrangements for the protection of information pertaining to the nation's security. Personnel cleared to work on the Manhattan Project for the production of the atomic bomb, for instance, in committing themselves not to disclose protected information improperly, were ``required to read and sign either the Espionage Act or a special secrecy agreement,'' establishing their awareness of their secrecy obligations and a fiduciary trust which, if breached, constituted a basis for their dismissal. A few years after the conclusion of World War II, President Harry S. Truman, in February 1950, issued E.O. 10104, which, while superseding E.O. 8381, basically reiterated its text, but added a fourth Top Secret classification designation to existing Restricted, Confidential, and Secret markings, making American information security categories consistent with those of our allies. At the time of the promulgation of this order, however, plans were underway for a complete overhaul of the classification program, which would result in a dramatic change in policy. E.O. 10290, issued in September 1951, introduced three sweeping innovations in security classification policy. First, the order indicated the Chief Executive was relying upon ``the authority vested in me by the Constitution and statutes, and as President of the United States'' in issuing the directive. This formula appeared to strengthen the President's discretion to make official secrecy policy: it intertwined his responsibility as Commander in Chief with the constitutional obligation to ``take care that the laws be faithfully executed.'' Second, information was now classified in the interest of ``national security,'' a somewhat new, but nebulous, concept, which, in the view of some, conveyed more latitude for the creation of official secrets. It replaced the heretofore relied upon ``national defense'' standard for classification. Third, the order extended classification authority to nonmilitary entities throughout the executive branch, to be exercised by, presumably, but not explicitly limited to, those having some role in ``national security'' policy. The broad discretion to create official secrets granted by E.G. 10290 engendered widespread criticism from the public and the press. In response, President Dwight D. Eisenhower, shortly after his election to office, instructed Attorney General Herbert Brownell to review the order with a view to revising or rescinding it. The subsequent recommendation was for a new directive, which was issued in November 1953 as E.O. 10501. It withdrew classification authority from 28 entities, limited this discretion in 17 other units to the agency head, returned to the ``national defense'' standard for applying secrecy, eliminated the ``Restricted'' category, which was the lowest level of protection, and explicitly defined the remaining three classification areas to prevent their indiscriminate use. Thereafter, E.G. 10501, with slight amendment, prescribed operative security classification policy and procedure for the next two decades. Successor orders built on this reform. These included E.O. 11652, issued by President Richard M. Nixon in March 1972, followed by E.O. 12065, promulgated by President Jimmy Carter in June 1978. For 30 years, these classification directives narrowed the bases and discretion for assigning official secrecy to executive branch documents and materials. Then, in April 1982, this trend was reversed with E.O. 12356, issued by President Ronald Reagan. This order expanded the categories of classifiable information, mandated that information falling within these categories be classified, authorized the reclassification of previously declassified documents, admonished classifiers to err on the side of classification, and eliminated automatic declassification arrangements. President William Clinton returned security classification policy and procedure to the reform trend of the Eisenhower, Nixon, and Carter Administrations with E.O. 12958 in April 1995. Adding impetus to the development and issuance of the new order were changing world conditions: the democratization of many eastern European countries, the demise of the Soviet Union, and the end of the Cold War. Accountability and cost considerations were also significant influences. In 1985, the temporary Department of Defense (DOD) Security Review Commission, chaired by retired General Richard G. Stilwell, declared that there were ``no verifiable figures as to the amount of classified material produced in DOD and in defense industry each year.'' Nonetheless, it concluded that ``too much information appears to be classified and much at higher levels than is warranted.'' In October 1993, the cost of the security classification program became clearer when the General Accounting Office (GAO) reported that it was ``able to identify government-wide costs directly applicable to national security information totaling over $350 million for 1992.'' After breaking this figure down--it included only $6 million for declassification work--the report added that ``the U.S. government also spends additional billions of dollars annually to safeguard information, personnel, and property.'' E.O. 12958 set limits for the duration of classification, prohibited the reclassification of properly declassified records, authorized government employees to challenge the classification status of records, reestablished the balancing test of E.O. 12065 weighing the need to protect information vis-a-vis the public interest in its disclosure, and created two review panels--one on classification and declassification actions and one to advise on policy and procedure. Most recently, in March 2003, President George W. Bush issued E.O. 13292, amending E.O. 12958. Among the changes made by this order were adding infrastructure vulnerabilities or capabilities, protection services relating to national security, and weapons of mass destruction to the categories of classifiable information; easing the reclassification of declassified records; postponing the automatic declassification of protected records 25 or more years old, beginning in mid-April 2003 to the end of December 2006; eliminating the requirement that agencies prepare plans for declassifying records; and permitting the Director of Central Intelligence to block declassification actions of the Interagency Security Classification Appeals Panel, unless overruled by the President. The security classification program has evolved during the past 66 years. One may not agree with all of its rules and requirements, but attention to detail in its policy and procedure result in a significant management regime. The operative executive order, as amended, defines its principal terms. Those who are authorized to exercise original classification authority are identified. Exclusive categories of classifiable information are specified, as are the terms of the duration of classification, as well as classification prohibitions and limitations. Classified information is required to be marked appropriately along with the identity of the original classifier, the agency or office of origin, and a date or event for declassification. Authorized holders of classified information who believe that its protected status is improper are ``encouraged and expected'' to challenge that status through prescribed arrangements. Mandatory declassification reviews are also authorized to determine if protected records merit continued classification at their present level, a lower level, or at all. Unsuccessful classification challenges [[Page S10467]] and mandatory declassification reviews are subject to review by the Interagency Security Classification Appeals Panel. General restrictions on access to classified information are prescribed, as are distribution controls for classified information. The Information Security Oversight Office (ISOO) within the National Archives and Records Administration (NARA) is mandated to provide central management and oversight of the security classification program. If the director of this entity finds that a violation of the order or its implementing directives has occurred, it must be reported to the head of the agency or to the appropriate senior agency official so that corrective steps, if appropriate, may be taken. While Congress, thus far, has elected not to create statutorily mandated security classification policy and procedures, the option to do so has been explored in the past, and its legislative authority to do so has been recognized by the Supreme Court. Congress, however, has established protections for certain kinds of information-- such as Restricted Data in the Atomic Energy Acts of 1946 and 1954, and intelligence sources and methods in the National Security Act of 1947--which have been realized through security classification arrangements. It has acknowledged properly applied security classification as a basis for withholding records sought pursuant to the Freedom of Information Act. Also, with a view to efficiency and economy, as well as effective records management, committees of Congress, on various occasions, have conducted oversight of security classification policy and practice, and have been assisted by GAO and CRS in this regard. Sensitive but Unclassified Information The widespread existence and use of information control markings other than those prescribed for the security classification of information came to congressional attention in March 1972 when a subcommittee of what is now the House Committee on Government Reform launched the first oversight hearings on the administration and operation of the Freedom of Information Act (FOIA). Enacted in 1966, FOIA had become operative in July 1967. In the early months of 1972, the Nixon Administration was developing new security classification policy and procedure, which would be prescribed in E.O. 11652, issued in early March. Preparatory to this hearing, the panel had surveyed the departments and agencies in August 1971, asking, among other questions, ``What legend is used by your agency to identify records which are not classifiable under Executive Order 10501 [the operative order at the time] but which are not to be made available outside the government?'' Of 58 information control markings identified in response to this question, the most common were For Official Use Only (11 agencies); Limited Official Use (nine agencies); Official Use Only (eight agencies); Restricted Data (five agencies); Administratively Restricted (four agencies); Formerly Restricted Data (four agencies); and Nodis, or no dissemination (four agencies). Seven other markings were used by two agencies in each case. A CRS review of the agency responses to the control markings question prompted the following observation. Often no authority is cited for the establishment or origin of these labels; even when some reference is provided it is a handbook, manual, administrative order, or a circular but not statutory authority. Exceptions to this are the Atomic Energy Commission, the Defense Department and the Arms Control and Disarmament Agency. These agencies cite the Atomic Energy Act, N.A.T.O. related laws, and international agreements as a basis for certain additional labels. The Arms Control and Disarmament Agency acknowledged it honored and adopted State and Defense Department labels. Over three decades later, it appears that approximately the same number of these information control markings are in use; that the majority of them are administratively, not statutorily, prescribed; and that many of them have an inadequate management regime, particularly when compared with the detailed arrangements which govern the management of classified information. A recent press account illustrates another problem. In late January 2005, GCN Update, the online, electronic news service of Government Computer News, reported that ``dozens of classified Homeland Security Department documents'' had been accidently made available on a public Internet site for several days due to an apparent security glitch at the Department of Energy. Describing the contents of the compromised materials and reactions to the breach, the account stated the ``documents were marked `for official use only,' the lowest secret-level classification.'' The documents, of course, were not security classified, because the marking cited is not authorized by E.O. 12958. Interestingly, however, in view of the fact that this misinterpretation appeared in a story to which three reporters contributed, perhaps it reflects, to some extent, the current confusion of these information control markings with security classification designations. Broadly considering the contemporary situation regarding information control markings, a recent information security report by the JASON Program Office of the MITRE Corporation proffered the following assessment. The status of sensitive information outside of the present classification system is murkier than ever. ``Sensitive but unclassified'' data is increasingly defined by the eye of the beholder. Lacking in definition, it is correspondingly lacking in policies and procedures for protecting (or not protecting) it, and regarding how and by whom it is generated and used. A contemporaneous Heritage Foundation report appeared to agree with this appraisal, saying: The process for classifying secret information in the federal government is disciplined and explicit. The same cannot be said for unclassified but security-related information for which there is no usable definition, no common understanding about how to control it, no agreement on what significance it has for U.S. national security, and no means for adjudicating concerns regarding appropriate levels of protection. Concerning the current Sensitive but Unclassified (SBU) marking, a 2004 report by the Federal Research Division of the Library of Congress commented that guidelines for its use are needed, and noted that ``a uniform legal definition or set of procedures applicable to all Federal government agencies does not now exist.'' Indeed, the report indicates that SBU has been utilized in different contexts with little precision as to its scope or meaning, and, to add a bit of chaos to an already confusing situation, is ``often referred to as Sensitive Homeland Security Information. Assessments of the variety, management, and impact of information control markings, other than those prescribed for the classification of national security information, have been conducted by CRS, GAO, and the National Security Archive, a private sector research and resource center located at The George Washington University. In March 2006, GAO indicated that, in a recent survey, 26 federal agencies reported using 56 different information control markings to protect sensitive information other than classified national security materia1. That same month, the National Security Archive offered that, of 37 agencies surveyed, 24 used 28 control markings based on internal policies, procedures, or practices, and eight used 10 markings based on statutory authority. These numbers are important in terms of the variety of such markings. GAO explained this dimension of the management problem. [T]here are at least 13 agencies that use the designation For Official Use Only [FOUO], but there are at least five different definitions of FOUO. At least seven agencies or agency components use the term Law Enforcement Sensitive (LES), including the U.S. Marshals Service, the Department of Homeland Security (DHS), the Department of Commerce, and the Office of Personnel Management (OPM). These agencies gave differing definitions for the term. While DHS does not formally define the designation, the Department of Commerce defines it to include information pertaining to the protection of senior government officials, and OPM defines it as unclassified information used by law enforcement personnel that requires protection against unauthorized disclosure to protect the sources and methods of investigative activity, evidence, and the integrity of pretrial investigative reports. Apart from the numbers, however, is another aspect of the management problem, which GAO described in the following terms. There are no governmentwide policies or procedures that describe the basis on which agencies should use most of these sensitive but unclassified designations, explain what the different designations mean across agencies, or ensure that they will be used consistently from one agency to another. In this absence, each agency determines what designations to apply to the sensitive but unclassified information it develops or shares. These markings also have implications in another regard. The importance of information sharing for combating terrorism and realizing homeland security was emphasized by the National Commission on Terrorist Attacks Upon the United States. That the variously identified and marked forms of sensitive but unclassified (SBU) information could be problematic with regard to information sharing was recognized by Congress when fashioning the Homeland Security Act of 2002. Section 892 of that statute specifically directed the President to prescribe and implement procedures for the sharing of information by relevant federal agencies, including the accommodation of ``homeland security information that is sensitive but unclassified.'' On July 29, 2003, the President assigned this responsibility largely to the Secretary of Homeland Security. Nothing resulted. The importance of information sharing was reinforced two years later in the report of the Commission on the Intelligence Capabilities of the United States Regarding Weapons of Mass Destruction. Congress again responded by mandating the creation of an Information Sharing Environment (ISE) when legislating the Intelligence Reform and Terrorism Prevention Act of 2004. Preparatory to implementing the ISE provisions, the President issued a December 16, 2005, memorandum recognizing the need for standardized procedures for SBU information and directing department and agency officials to take certain actions relative to that objective. In May 2006, the newly appointed manager of the ISE agreed with a March GAO assessment that, oftentimes, SBU information, designated as such with some marking, was not being shared due to concerns about the ability of recipients to adequately protect it. In brief, it appears that pseudo-classification markings have, in some instances, had the effect of deterring information sharing for homeland security purposes. Congressional overseers have probed executive use and management of information [[Page S10468]] control markings other than those prescribed for the classification of national security information, and the extent to which they result in ``pseudo-classification'' or a form of overclassification. Relevant remedial legislation proposed during the 109th Congress includes two bills (H.R. 2331 and H.R. 5112) containing sections which would require the Archivist of the United States to prepare a detailed report regarding the number, use, and management of these information control markings and submit it to specified congressional committees, and to promulgate regulations banning the use of these markings and otherwise establish standards for information control designations established by statute or an executive order relating to the classification of national security information. A section in the Department of Homeland Security appropriations legislation (H.R. 5441), as approved by the House, would require the Secretary of Homeland Security to revise DHS MD (Management Directive) 11056 to include (1) provision that information that is three years old and not incorporated in a current, active transportation security directive or security plan shall be determined automatically to be releasable unless, for each specific document, the Secretary makes a written determination that identifies a compelling reason why the information must remain Sensitive Security Information (SSI); (2) common and extensive examples of the individual categories of SSI cited in order to minimize and standardize judgment in the application of SSI marking; and (3) provision that, in all judicial proceedings where the judge overseeing the proceedings has adjudicated that a party needs to have access to SSI, the party shall be deemed a covered person for purposes of access to the SSI at issue in the case unless TSA or DHS demonstrates a compelling reason why the specific individual presents a risk of harm to the nation. A May 25, 2006, statement of administration policy on the bill strongly opposed the section, saying it ``would jeopardize an important program that protects Sensitive Security Information (SSI) from public release by deeming it automatically releaseable in three years, potentially conflict with requirements of the Privacy and Freedom of Information Acts, and negate statutory provisions providing original jurisdiction for lawsuits challenging the designation of SSI materials in the U.S. Courts of Appeals.'' The statement further indicated that the section would create a ``burdensome review process'' for the Secretary of Homeland Security and ``would result in different statutory requirements being applied to SSI programs administered by the Departments of Homeland Security and Transportation.'' It is not anticipated that this memorandum will be updated for reissuance. ____ Testimony Before the Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations, and the Subcommittee on National Security, Veterans Affairs, and International Relations, Committee on Governmental Reform, House of Representatives United States General Accounting Office CENTRAL INTELLIGENCE AGENCY Observations on GAO Access to Information on CIA Programs and Activities Statement of Henry L. Hinton, Jr., Managing Director Defense Capabilities and Management Messrs. Chairmen and Members of the Subcommittees: We are pleased to be here to discuss the subject of access by the General Accounting Office (GAO) to information from the Central Intelligence Agency (CIA). Specifically, our statement will provide some background on CIA and its oversight mechanisms, our authority to review CIA programs, and the history and status of GAO access to CIA information. As requested, our remarks will focus on our relationship with the CIA and not with other intelligence agencies. Our comments are based upon our review of historic files, our legal analysis, and our experiences dealing with the CIA over the years. Summary Oversight of the CIA generally comes from two select committees of Congress and the CIA's Inspector General. We have broad authority to evaluate CIA programs. In reality, however, we face both legal and practical limitations on our ability to review these programs. For example, we have no access to certain CIA ``unvouchered'' accounts and cannot compel our access to foreign intelligence and counterintelligence information. In addition, as a practical matter, we are limited by the CIA's level of cooperation, which has varied through the years. We have not actively audited the CIA since the early 1960s, when we discontinued such work because the CIA was not providing us with sufficient access to information to perform our mission. The issue has arisen since then from time to time as our work has required some level of access to CIA programs and information. However, given a lack of requests from the Congress for us to do specific work at the CIA and our limited resources, we have made a conscious decision not to further pursue the issue. Today, our dealings with the CIA are mostly limited to requesting information that relates either to governmentwide reviews or analyses of threats to U.S. national security on which the CIA might have some information. The CIA either provides us with the requested information, provides the information with some restrictions, or does not provide the information at all. In general, we are most successful at getting access to CIA information when we request threat assessments and the CIA does not perceive our audits as oversight of its activities. Background As you know, the General Accounting Office is the investigative arm of the Congress and is headed by the Comptroller General of the United States--currently David M. Walker. We support the Congress in meeting its constitutional responsibilities and help improve the performance and accountability of the federal government for the American people. We examine the use of public funds, evaluate federal programs and activities, and provide analyses, options, recommendations, and other assistance to help the Congress make effective oversight, policy, and funding decisions. Almost 90 percent of our staff days are in direct support of Congressional requestors, generally on the behalf of committee chairmen or ranking members. The U.S. Intelligence Community consists of those Executive Branch agencies and organizations that work in concert to carry out our nation's intelligence activities. The CIA is an Intelligence Community agency established under the National Security Act of 1947 to coordinate the intelligence activities of several U.S. departments and agencies in the interest of national security. Among other functions, the CIA collects, produces, and disseminates foreign intelligence and counterintelligence; conducts counterintelligence activities abroad; collects, produces, and disseminates intelligence on foreign aspects of narcotics production and trafficking; conducts special activities approved by the President; and conducts research, development, and procurement of technical systems and devices. Oversight of CIA Activities Currently, two congressional select committees and the CIA's Inspector General oversee the CIA's activities. The Senate Select Committee on Intelligence was established on May 19, 1976, to oversee the activities of the Intelligence Community. Its counterpart in the House of Representatives is the House Permanent Select Committee on Intelligence, established on July 14, 1977. The CIA's Inspector General is nominated by the President and confirmed by the Senate. The Office of the Inspector General was established by statute in 1989 and conducts inspections, investigations, and audits at headquarters and in the field. The Inspector General reports directly to the CIA Director. In addition, the President's Foreign Intelligence Advisory Board assesses the quality, quantity, and adequacy of intelligence activities. Within the Board, there is an intelligence oversight committee that prepares reports on intelligence activities that may be unlawful or otherwise inappropriate. Finally, the Congress can charter commissions to evaluate intelligence agencies such as CIA. One such commission was the Commission on the Roles and Capabilities of the United States Intelligence Community, which issued a report in 1996. GAG's Authority to Review CIA Programs Generally, we have broad authority to evaluate agency programs and investigate matters related to the receipt, disbursement, and use of public money. To carry out our audit responsibilities, we have a statutory right of access to agency records. Federal agencies are required to provide us information about their duties, powers, activities, organization, and financial transactions. This requirement applies to all federal agencies, including the CIA. Our access rights include the authority to file a civil action to compel production of records, unless (a) the records relate to activities the President has designated as foreign intelligence or counterintelligence activities, (b) the records are specifically exempt from disclosure by statute, or (c) the records would be exempt from release under the Freedom of Information Act because they are predecisional memoranda or law enforcement records and the President or Director of the Office of Management and Budget certifies that disclosure of the record could be expected to impair substantially the operations of the government. The National Security Act of 1947 charges the CIA Director with protecting intelligence sources and methods from unauthorized disclosure. In terms of our statutory access authority, however, the law creates only one specific exemption: the so-called ``unvouchered'' accounts. The exemption pertains to expenditures of a confidential, extraordinary, or emergency nature that are accounted for solely on the certification of the Director. These transactions are subject to review by the intelligence committees. Amendments to the law require the President to keep the intelligence committees fully and currently informed of the intelligence activities of the United States. The CIA has maintained that the Congress intended the intelligence committees to be the exclusive means of oversight of the CIA, effectively precluding oversight by us. While we understand the role of the intelligence committees and the need to protect intelligence sources and methods, we also believe that our authorities are broad enough to cover the management and administrative functions that the CIA shares with all federal agencies. We have summarized the statutes relevant to our relationship with the CIA in an appendix attached to this testimony. [[Page S10469]] gao's access to the cia has been limited We have not done audit work at the CIA for almost 40 years. Currently, our access to the CIA is limited to requests for information that relates either to governmentwide reviews or programs for which the CIA might have relevant information. In general, we have the most success obtaining access to CIA information when we request threat assessments, and the CIA does not perceive our audits as oversight of its activities. gao access to cia has varied through the years After the enactment of the National Security Act of 1947, we began conducting financial transaction audits of vouchered expenditures of the CIA. This effort continued into the early 1960s. In the late 1950s, we proposed to broaden its work at the CIA to include an examination of the efficiency, economy, and effectiveness of CIA programs. Although the CIA Director agreed to our proposal to expand the scope of our work, he placed a number of conditions on our access to information. Nonetheless, in October 1959, we agreed to conduct program review work with CIA-imposed restrictions on access. Our attempt to conduct comprehensive program review work continued until May 1961, when the Comptroller General concluded that the CIA was not providing us with sufficient access to the information necessary to conduct comprehensive reviews of the CIA's programs and announced plans to discontinue audit work there. After much discussion and several exchanges of correspondence between GAO, the CIA, and the cognizant congressional committees, the Chairman of the House Armed Services Committee wrote to the Comptroller General in July 1962 agreeing that, absent sufficient GAO access to CIA information, GAO should withdraw from further audit activities at the CIA. Thus, in 1962, we withdrew from all audits of CIA activities. The issue of our access has arisen periodically in the intervening years as our work has required some level of access to CIA programs and activities. In July 1975, Comptroller General Elmer Staats testified on our relationship with the intelligence community and cited several cases where CIA had not provided us with the requested information. In July 1987, Senator John Glenn introduced a bill (S. 1458) in the 100th Congress to clarify our audit authority to audit CIA programs and activities. In 1994, the CIA Director sought to further limit our audit work of intelligence programs, including those at the Department of Defense. We responded by writing to several key members of the Congress, citing our concerns and seeking assistance. As a result, we and the CIA began negotiations on a written agreement to clarify our access and relationship. Unfortunately, we were unable to reach any agreement with CIA on this matter. Since then, GAO has limited its pursuit of greater access because of limited demand for this work from Congress, particularly from the intelligence committees. Given a lack of Congressional requests and our limited resources, we have made a conscious decision to deal with the CIA on a case-by-case basis. current access falls into three categories Currently, the CIA responds to our requests for information in three ways: it provides the information, it provides the information or a part of it with some restriction, or it does not provide the information at all. Examples of each of these three situations, based on the experiences of our audit staff in selected reviews in recent years, are listed below. Sometimes the CIA straightforwardly fulfills our requests for briefings or reports related to threat assessments. This is especially true when we ask for threat briefings or the CIA's assessments or opinions on an issue not involving CIA operations. For our review of the State Department's Anthrax Vaccination Program for the Senate Foreign Relations and House International Relations Committees, we requested a meeting to discuss the CIA's perspective on a recent threat assessment of chemical and biological threats to U.S. interests overseas. The CIA agreed with our request, provided a meeting within 2 weeks, and followed up with a written statement. While we were reviewing U.S. assistance to the Haitian justice system and national police on behalf of the Senate Foreign Relations and House International Relations Committees, we requested a meeting to discuss the Haitian justice system. The CIA agreed with our request and met with our audit team within 3 weeks of our request. For our review of chemical and biological terrorist threats for the House Armed Services Committee, and subcommittees of the House Government Reform Committee and the House Veterans Affairs Committee, we requested meetings with CIA analysts on their threat assessments on chemical and biological weapons. The CIA cooperated and gave us access to documents and analysts. On several of our reviews of counterdrug programs for the House Government Reform Committee and the Senate Foreign Relations Committee we requested CIA assessments on the drug threat and international activities. The CIA has provided us with detailed briefings on drug cultivation, production, and trafficking activities in advance of our field work overseas. During our reviews of Balkan security issues and the Dayton Peace Accords for the House Armed Services Committee and the Senate Foreign Relations Committee, we asked the CIA for threat assessments relevant to our review objectives. The CIA provided us with appropriate briefings and agreed to provide one of our staff members with access to regular intelligence reports. In some instances, the CIA provides information with certain access restrictions or discusses an issue with us without providing detailed data or documentation. During our evaluation of equal employment opportunity and disciplinary actions for a subcommittee of the House Committee on the Post Office and Civil Service, the CIA provided us with limited access to information. CIA officials allowed us to review their personnel regulations and take notes, but they did not allow us to review personnel folders on individual disciplinary actions. This was in contrast to the National Security Agency and Defense Intelligence Agency, which gave us full access to personnel folders on individual terminations and disciplinary actions. For our review of the Department of Defense's efforts to address the growing risk to U.S. electronic systems from high-powered radio frequency weapons for the Joint Economic Committee, the CIA limited our access to one meeting. Although the technology associated with such systems was discussed at the meeting, the CIA did not provide any documentation on research being conducted by foreign nations. On some of our audits related to national security issues, the CIA provides us with limited access to its written threat assessments and analyses, such as National Intelligence Estimates. However, the CIA restricts our access to reading the documents and taking notes at the CIA or other locations. Examples include our readings of National Intelligence Estimates related to our ongoing work evaluating federal programs to combat terrorism. In other cases, the CIA simply denies us access to the information we requested. The CIA's refusals are not related to the classification level of the material. Many of our staff have the high-level security clearances and accesses needed to review intelligence information. But the CIA considers our requests as having some implication of oversight and denies us access. For our evaluation of national intelligence estimates regarding missile threats for the House National Security Committee, the CIA refused to meet with us to discuss the general process and criteria for producing such estimates or the specific estimates we were reviewing. In addition, officials from the Departments of Defense, State, and Energy told us that CIA had asked them not to cooperate with us. During our examination of overseas arrests of terrorists for the House Armed Services Committee and a subcommittee of the House Government Reform Committee, the CIA refused to meet with us to discuss intelligence issues related to such arrests. The CIA's actions were in contrast to those of two other departments that provided us full access to their staff and files. On our review of classified computer systems in the federal government for a subcommittee of the House Government Reform Committee, we requested basic information on the number and nature of such systems. The CIA did not provide us with the information, claiming that they would not be able to participate in the review because the type of information is under the purview of congressional entities charged with overseeing the Intelligence Community. For our review of the policies and procedures used by the Executive Office of the President to acquire and safeguard classified intelligence information, done for the House Rules Committee, we asked to review CIA forms documenting that personnel had been granted appropriate clearances. The CIA declined our request, advising us that type of information we were seeking came under the purview of congressional entities charged with overseeing the intelligence community. conclusion Our access to CIA information and programs has been limited by both legal and practical factors. Through the years our access has varied and we have not done detailed audit work at CIA since the early 1960s. Today, our access is generally limited to obtaining information on threat assessments when the CIA does not perceives our audits as oversight of its activities. We foresee no major change in our current access without substantial support from Congress--the requestor of the vast majority of our work. Congressional impetus for change would have to include the support of the intelligence committees, who have generally not requested GAG reviews or evaluations of CIA activities. With such support, we could evaluate some of the basic management functions at CIA that we now evaluate throughout the federal government. This concludes our testimony. We would be happy to answer any questions you may have. GAO Contacts and Staff Acknowledgment For future questions about this testimony, please contact Henry L. Hinton, Jr., Managing Director, Defense Capabilities and Management at (202) 512-4300. Individuals making key contributions to this statement include Stephen L. Caldwell, James Reid, and David Hancock. Appendix I: Legal Framework for GAO and CIA gao's audit authority The following statutory provisions give GAO broad authority to review agency programs and activities: [[Page S10470]] 31 U.S.C. 712: GAO has the responsibility and authority for investigating matters relating to the receipt, disbursement, and use of public money, and for investigating and reporting to either House of Congress or appropriate congressional committees. 1 U.S.C. 717: GAO is authorized to evaluate the results of programs and activities of federal agencies. Reviews are based upon the initiative of the Comptroller General, an order from either House of Congress, or a request from a committee with jurisdiction. 31 U.S.C. 3523: This provision authorizes GAO to audit financial transactions of each agency, except as specifically provided by law. 31 U.S.C. 3524: This section authorizes GAO to audit unvouchered accounts (i.e., those accounted for solely on the certificate of an executive branch official). The President may exempt sensitive foreign intelligence and counterintelligence transactions. CIA expenditures on objects of a confidential, extraordinary, or emergency nature under 50 U.S.C. 403j(b) are also exempt. Transactions in these categories may be reviewed by the intelligence committees. gao's access-to-records authority 31 U.S.C. 716: GAO has a broad right of access to agency records. Subsection 716(a) requires agencies to give GAO information it requires about the ``duties, powers, activities, organization, and financial transactions of the agency.'' This provision gives GAO a generally unrestricted right of access to agency records. GAO in turn is required to maintain the same level of confidentiality for the information as is required of the head of the agency from which it is obtained. Section 716 also gives GAO the authority to enforce its requests for records by filing a civil action in federal district court. Under the enforcement provisions in 31 U.S.C. 716(d)(1), GAO is precluded from bringing a civil action to compel the production of a record if: 1. the record relates to activities the President designates as foreign intelligence or counterintelligence (see Executive Order No. 12333, defining these terms); 2. the record is specifically exempted from disclosure to GAO by statute; or 3. the President or the Director of the Office of Management and Budget certifies to the Comptroller General and Congress that a record could be withheld under the Freedom of Information Act exemptions in 5 U.S.C. 552(b)(5) or (7) (relating to deliberative process and law enforcement information, respectively), and that disclosure of the information reasonably could be expected to impair substantially the operations of the government. Although these exceptions do not restrict GAO's basic rights of access under 31 U.S.C. 716(a), they do limit GAO's ability to compel the production of particular records through a court action. relevant cia legislation The CIA has broad authority to protect intelligence-related information but must keep the intelligence committees fully and currently informed of the intelligence activities of the United States. 50 U.S.C. 403-3(c)(6) and 403g: Section 403-3 requires the Director of the CIA to protect ``intelligence sources and methods from unauthorized disclosure. . . .'' Section 403g exempts the CIA from laws ``which require the publication or disclosure of the organization, functions, names, official titles, salaries, or numbers of personnel employed by the Agency. With the exception of unvouchered expenditures, CIA's disclosure of information to GAO would be an authorized and proper disclosure under 31 U.S.C. 716(a). 50 U.S.C. 403j: The CIA has broad discretion to use appropriated funds for various purposes (e.g., personal services, transportation, printing and binding, and purchases of firearms) without regard to laws and regulations relating to the expenditure of government funds. The statute also authorizes the Director to establish an unvouchered account for objects of a confidential, extraordinary, or emergency nature. We recognize that the CIA's unvouchered account authority constitutes an exception to GAO's audit and access authority, but this account deals with only a portion of CIA's funding activities. 50 U.S.C. 413: This section provides a method for maintaining congressional oversight over intelligence activities within the executive branch. The statute requires the President to ensure that the intelligence committees (the Senate Select Committee on Intelligence and the House Permanent Select Committee on Intelligence are kept fully and currently informed of U.S. intelligence activities. ____ Report Language Section 1 of the Act provides that the Act may be cited as the ``Intelligence Community Audit Act of 2006''. Section 2(a) of the Act adds a new Section (3523a) to title 31, United States Code, with respect to the Comptroller General's authority to audit or evaluate activities of the intelligence community. New Section 3523a(b)(1) reaffirms that the Comptroller General possesses, under his existing statutory authority, the authority to perform audits and evaluations of financial transactions, programs, and activities of elements of the intelligence community and to obtain access to records for the purposes of such audits and evaluations. Such work could be done at the request of the congressional intelligence committees or any committee of jurisdiction of the House of Representatives or Senate (including the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate), or at the Comptroller General's initiative, pursuant to the existing authorities referenced in new Section 3523a(b)(1). New Section 3523a(b)(2) further provides that these audits and evaluations under the Comptroller General's existing authority may include, but are not limited to, matters relating to the management and administration of elements of the intelligence community in areas such as strategic planning, financial management, information technology, human capital, knowledge management, information sharing, and change management. These audits and evaluations would be accompanied by the safeguards that the Government Accountability Office (GAO) has in place to protect classified and other sensitive information, including physical security arrangements, classification and sensitivity reviews, and restricted distribution of certain products. This reaffirmation is designed to respond to Executive Branch assertions that GAO does not have the authority to review activities of the intelligence community. To the contrary, GAO's current statutory audit and access authorities permit it to evaluate a wide range of activities in the intelligence community. To further ensure that GAO's authorities are appropriately construed in the future, the new Section 3523a(e), which is described below, makes clear that nothing in this or any other provision of law shall be construed as restricting or limiting the Comptroller General's authority to audit and evaluate, or obtain access to the records of, elements of the intelligence community absent specific statutory language restricting or limiting such audits, evaluations, or access to records. New Section 3523a(c)(1) provides that Comptroller General audits or evaluations of intelligence sources and methods, or covert actions may be undertaken only upon the request of the Select Committee on Intelligence of the Senate, or the Permanent Select Committee on Intelligence of the House of Representatives, or the majority or the minority leader of the Senate or the House of Representatives. This limitation is intended to recognize the heightened sensitivity of audits and evaluations relating to intelligence sources and methods, or covert actions. The new Section 3523a(c)(2)(A) provides that the results of such audits or evaluations under Section 3523a(c) may be disclosed only to the original requestor, the Director of National Intelligence, and the head of the relevant element of the intelligence community. Since the methods GAO uses to communicate the results of its audits or evaluations vary, this provision restricts the dissemination of GAO's findings under Section 3523a(c), whether through testimony, oral briefings, or written reports, to only the original requestor, the Director of National Intelligence, and the head of the relevant element of the intelligence community. Similarly, under new Section 3523a(c)(2)(B), the Comptroller General may only provide information obtained in the course of such an audit or evaluation to the original requestor, the Director of National Intelligence, and the head of the relevant element of the intelligence community. The new Section 3523a(c)(3)(A) provides that notwithstanding any other provision of law, the Comptroller General may inspect records of any element of the intelligence community relating to intelligence sources and methods, or covert actions in order to perform audits and evaluations pursuant to Section 3523a(c). The Comptroller General's access extends to any records which belong to, or are in the possession and control of, the element of the intelligence community regardless of who was the original owner of such information. Under new Section 3523a(c)(3)(B), the Comptroller General may enforce the access rights provided under this subsection pursuant to section 716 of title 31. However, before the Comptroller General files a report pursuant to 31 U.S.C. 716(b)(1), the Comptroller General must consult with the original requestor concerning the Comptroller General's intent to file a report. The new Section 3523a(c)(4) reiterates the Comptroller General's obligations to protect the confidentiality of information and adds special safeguards to protect records and information obtained from elements of the intelligence community for audits and evaluations performed under Section 3523a(c). For example, pursuant to new Section 3523a(c)(4)(B), the Comptroller General is to maintain on site, in facilities furnished by the element of the intelligence community subject to audit or evaluation, all workpapers and records obtained for the audit or evaluation. Under new Section 3523a(c)(4)(C), the Comptroller General is directed, after consulting with the Select Committee on Intelligence of the Senate and the Permanent Select Committee on Intelligence of the House of Representatives, to establish procedures to protect from unauthorized disclosure all classified and other sensitive information furnished to the Comptroller General under Section 3523a(c). Under new Section 3523a(c)(4)(D), prior to initiating an audit or evaluation under Section 3523a(c), the Comptroller General shall provide the Director of National Intelligence and the head of the relevant element of the intelligence community with the name of each officer and employee of the Government Accountability Office who has obtained appropriate security clearances. [[Page S10471]] The new Section 3523a(d) provides that elements of the intelligence community shall cooperate fully with the Comptroller General and provide timely responses to Comptroller General requests for documentation and information. The new Section 3523a(e) makes clear that nothing in this or any other provision of law shall be construed as restricting or limiting the Comptroller General's authority to audit and evaluate, or obtain access to the records of, elements of the intelligence community absent specific statutory language restricting or limiting such audits, evaluations, or access to records. ____ S. 3968 Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as the ``Intelligence Community Audit Act of 2006''. SEC. 2. COMPTROLLER GENERAL AUDITS AND EVALUATIONS OF ACTIVITIES OF ELEMENTS OF THE INTELLIGENCE COMMUNITY. (a) Reaffirmation of Authority; Audits of Intelligence Community Activities.--Chapter 35 of title 31, United States Code, is amended by inserting after section 3523 the following: ``Sec. 3523a. Audits of intelligence community; audit requesters ``(a) In this section, the term `element of the intelligence community' means an element of the intelligence community specified in or designated under section 3(4) of the National Security Act of 1947 (50 U.S.C. 401a(4)). ``(b) Congress finds that-- ``(1) the authority of the Comptroller General to perform audits and evaluations of financial transactions, programs, and activities of elements of the intelligence community under sections 712, 717, 3523, and 3524, and to obtain access to records for purposes of such audits and evaluations under section 716, is reaffirmed; and ``(2) such audits and evaluations may be requested by any committee of jurisdiction (including the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate), and may include but are not limited to matters relating to the management and administration of elements of the intelligence community in areas such as strategic planning, financial management, information technology, human capital, knowledge management, information sharing (including information sharing by and with the Department of Homeland Security), and change management. ``(c)(1) The Comptroller General may conduct an audit or evaluation of intelligence sources and methods or covert actions only upon request of the Select Committee on Intelligence of the Senate or the Permanent Select Committee on Intelligence of the House of Representatives, or the majority or the minority leader of the Senate or the House of Representatives. ``(2)(A) Whenever the Comptroller General conducts an audit or evaluation under paragraph (1), the Comptroller General shall provide the results of such audit or evaluation only to the original requestor, the Director of National Intelligence, and the head of the relevant element of the intelligence community. ``(B) The Comptroller General may only provide information obtained in the course of an audit or evaluation under paragraph (1) to the original requestor, the Director of National Intelligence, and the head of the relevant element of the intelligence community. ``(3)(A) Notwithstanding any other provision of law, the Comptroller General may inspect records of any element of the intelligence community relating to intelligence sources and methods, or covert actions in order to conduct audits and evaluations under paragraph (1). ``(B) If in the conduct of an audit or evaluation under paragraph (1), an agency record is not made available to the Comptroller General in accordance with section 716, the Comptroller General shall consult with the original requestor before filing a report under subsection (b)(1) of that section. ``(4)(A) The Comptroller General shall maintain the same level of confidentiality for a record made available for conducting an audit under paragraph (1) as is required of the head of the element of the intelligence community from which it is obtained. Officers and employees of the Government Accountability Office are subject to the same statutory penalties for unauthorized disclosure or use as officers or employees of the intelligence community element that provided the Comptroller General or officers and employees of the Government Accountability Office with access to such records. ``(B) All workpapers of the Comptroller General and all records and property of any element of the intelligence community that the Comptroller General uses during an audit or evaluation under paragraph (1) shall remain in facilities provided by that element of the intelligence community. Elements of the intelligence community shall give the Comptroller General suitable and secure offices and furniture, telephones, and access to copying facilities, for purposes of audits and evaluations under paragraph (1). ``(C) After consultation with the Select Committee on Intelligence of the Senate and with the Permanent Select Committee on Intelligence of the House of Representatives, the Comptroller General shall establish procedures to protect from unauthorized disclosure all classified and other sensitive information furnished to the Comptroller General or any representative of the Comptroller General for conducting an audit or evaluation under paragraph (1). ``(D) Before initiating an audit or evaluation under paragraph (1), the Comptroller General shall provide the Director of National Intelligence and the head of the relevant element with the name of each officer and employee of the Government Accountability Office who has obtained appropriate security clearance and to whom, upon proper identification, records, and information of the element of the intelligence community shall be made available in conducting the audit or evaluation. ``(d) Elements of the intelligence community shall cooperate fully with the Comptroller General and provide timely responses to Comptroller General requests for documentation and information. ``(e) Nothing in this section or any other provision of law shall be construed as restricting or limiting the authority of the Comptroller General to audit and evaluate, or obtain access to the records of, elements of the intelligence community absent specific statutory language restricting or limiting such audits, evaluations, or access to records.''. (b) Clerical Amendment.--The table of sections for chapter 35 of title 31, United States Code, is amended by inserting after the item relating to section 3523 the following: ``3523a. Audits of intelligence community; audits and requesters.''. ______