SECURITY CLEARANCE REFORM
=======================================================================
HEARING
before the
SUBCOMMITTEE ON
INTELLIGENCE COMMUNITY
MANAGEMENT
of the
PERMANENT SELECT
COMMITTEE
ON INTELLIGENCE
ONE HUNDRED TENTH CONGRESS
FIRST SESSION
__________
Hearing held in Washington, DC, February 27, 2008
Printed for the use of the Committee
U.S. GOVERNMENT PRINTING OFFICE
41-733 PDF WASHINGTON DC: 2008
---------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing
Office Internet: bookstore.gpo.gov Phone: toll free (866)512-1800
DC area (202)512-1800 Fax: (202) 512-2250 Mail Stop SSOP,
Washington, DC 20402-0001
PERMANENT SELECT COMMITTEE ON INTELLIGENCE
SILVESTRE REYES, Texas, Chairman
LEONARD L. BOSWELL, Iowa PETER HOEKSTRA, Michigan
ROBERT E. (BUD) CRAMER, Alabama TERRY EVERETT, Alabama
ANNA G. ESHOO, California ELTON GALLEGLY, California
RUSH D. HOLT, New Jersey HEATHER WILSON, New Mexico
C.A. DUTCH RUPPERSBERGER, Maryland MAC THORNBERRY, Texas
JOHN F. TIERNEY, Massachusetts JOHN M. McHUGH, Texas
MIKE THOMPSON, California TODD TIAHRT, Kansas
JANICE D. SCHAKOWSKY, Illinois MIKE ROGERS, Michigan
JAMES R. LANGEVIN, Rhode Island DARRELL E. ISSA, California
PATRICK J. MURPHY, Pennsylvania
ADAM B. SCHIFF, California
Nancy Pelosi, California, Speaker, Ex Officio Member
John A. Boehner, Ohio, Minority Leader, Ex Officio Member
Michael Delaney, Staff Director
HEARING ON SECURITY CLEARANCES
----------
WEDNESDAY, FEBRUARY 27, 2008
House of Representatives,
Permanent Select Committee on Intelligence,
Subcommittee on Intelligence Community Management,
Washington, DC.
The subcommittee met, pursuant to call, at 9:31 a.m., in
room 340, Cannon House Office Building, the Hon. Anna G. Eshoo
(chairwoman of the subcommittee) presiding.
Present: Representatives Eshoo, Holt, Ruppersberger,
Tiahrt, and Issa.
Chairwoman Eshoo. Okay, I think we will begin.
Good morning, everyone. I thank you for being here.
I again offer not only my apology but the apologies of the
subcommittee for your very long wait in December. As I said to
you informally, it was a day that quickly turned into chaos
with all that we had on the floor. And your time is just as
important as everyone else's, so, again, my apologies and also
my welcome this morning for this important hearing.
Security clearances are the gateway to our national
security establishment. Everyone in the Intelligence Community
has to possess a security clearance to do their job, not just
government employees but also the contractors who build
satellites, maintain computer systems and protect government
officials. The security clearance process fundamentally affects
who is hired by the Intelligence Community, how agencies share
information and coordinate, and how well we deter and prevent
espionage.
For years, our security system was plagued by delays and
inefficiencies. This hurt our national security, I believe, by
making it harder to hire good people who couldn't wait months
or, in some cases, years to know if they have a job. It hurt
contractors who couldn't get clearances fast enough to bid on
classified programs.
The clearance system was primarily developed for the Cold
War, when the concern was communism. In that environment, we
tended to exclude people who had relatives overseas. This meant
that our Intelligence Community was not very diverse. Today we
need people who can blend this all over the world. We need
people who understand the cultural context and speak the
languages of countries where terrorists are likely to hide.
When the clearance system was developed, we dealt in paper
records, not electronic files. Investigators knocked on doors;
I think, in many cases, they still do. Today, people make
paperless, complex financial transactions over the Internet and
use social-networking programs. So we have to find ways to
leverage these technological developments in the clearance
process to both streamline the system and identify security
risks.
Three years ago, Congress passed the Intelligence Reform
and Terrorism Prevention Act. The legislation established some
requirements for improving the security clearance process,
governmentwide.
The House Armed Services Committee recently held a similar
hearing as this one to discuss the DOD's progress on improving
the security clearance process. Many of the agencies that this
committee oversees are responsible for their own security
clearance processes and, thus, may have a different perspective
on the government's progress.
I hope the witnesses--and, again, welcome to each one of
you--will address a few key questions. One, how does the
Intelligence Community handle their security clearance process
compared to the rest of the government? Two, what are the
strengths and weaknesses of the Intelligence Community's
current security clearance process? Three, how do we evaluate
the effectiveness of the pilot program for security clearance
reform? Four, how do we ensure that the security clearance
process helps meet our Nation's goals to hire good people and
to protect classified information? So those are the key areas I
think that we need to explore.
Today's witnesses are the Honorable Clay Johnson, III,
Deputy Director for Management at OMB; Mr. Eric Boswell,
Assistant Deputy DNI for Security; Ms. Kathy Dillaman,
Associate Director of the Federal Investigative Services at
OPM; Ms. Brenda Farrell, the Director of Military and Civilian
Personnel and Health Care--this is a real mouthful--Defense
Capabilities and Management at the GAO.
Mr. Johnson, Mr. Boswell and Ms. Dillaman will provide
testimony about the efforts to transform the security clearance
process, and Ms. Farrell is going to provide the members with
historical perspective on the challenges we faced in the past
with the security clearance process and what strengths and
weaknesses exist in the current system.
The GAO has issued many reports over the last decade,
decade and a half. I have plowed through several of them, and
they are highly instructive, and I thank you for your work.
She is also going to advise committee members on what
objective metrics we should use to evaluate the progress under
the administration's reform efforts.
So we look forward to the witnesses' testimony.
And I would like to welcome and recognize Mr. Issa, another
member of the California congressional delegation, who is the
distinguished ranking member of the subcommittee.
Mr. Issa.
Mr. Issa. Thank you, Madam Chair. This is the California
subcommittee of the House intelligence.
Mr. Johnson, Ambassador Boswell, Ms. Dillaman and Ms.
Farrell, there is nothing more bipartisan on the House
Intelligence Committee than, in fact, getting the clearance
process right. Your testimony is greatly appreciated.
And reforming the security process will be the subject
today, and I do appreciate that there have been improvements.
The development of electronic forms and that reduction of
paperwork and the continuity is a critical direction that was
long overdue.
But we still hear of major concerns in a number of areas,
most notably the Arab, Muslim and the other communities of
outreach most essential if we are to understand and be able to
make effective contact in the areas that, today, occupy most of
our defense and intelligence resources.
Our intelligence community relies heavily upon domestic,
human assets to analyze information from areas of the world
that are quite alien to us. One of the most important and
volatile areas of the world, the Middle East, is an area in
which the people analyzing it often have no firsthand knowledge
of that part of the world. Americans with such knowledge apply
for security clearances every day, in hopes that they can serve
their country in an intelligence capacity. Sadly, many
applicants are turned down because of foreign contacts they
maintain in the Middle East.
While we need to ensure that security clearances only go to
applicants whose loyalties to the United States are
unquestionable, we should not assume that individuals'
allegiances are suspect simply because they have friends or
family in the Middle East. The very reason they have detailed
knowledge of the reason and its language and its customs is
primarily because of those contacts and their history.
The Intelligence Director, Mike McConnell, addressed this
issue of hiring Arab and Muslim Americans at his nomination
hearing over a year ago. Though he is not here today, I am
interested to hear what the Intelligence Community has done
under his leadership to improve the ability of Arab Americans
and others to successfully apply for security clearances.
Beyond the specific issue of Arab-American security
clearances, Congress has tried to improve the security
clearance process by placing certain provisions in the
Intelligence Reform and Terrorism Prevention Act of 2004. That
required the administration to drastically reduce timelines and
modernize the process by leveraging technology.
Unfortunately, we did not address the broader issues, such
as how facility clearances are obtained and maintained, how
information systems are certified and accredited. And I
understand that, in addition to gaining personnel clearances,
both the security-related issues greatly impact industry's
ability to deliver capability on behalf of the Nation's
security. In short, we do not have a system for a cleared
defense contractor or contract person to go from facility to
facility and take, in a seamless way, their capability with
them.
I appreciate the fact that the Intelligence Community has
found ways to make it relatively easy for Members of Congress
to travel around the world to both public and private places,
and somehow our clearances quickly arrive, and we seem to
always be well-screened and immediately put through. It would
be wonderful if that same level of capability were there for
all of those who have real need to know and real contribution
to give.
Also, I understand the administration has designated the
Office of Personnel Management, OPM, as the lead agency for
security clearance reform efforts. My question is, does the OPM
own the entire end-to-end process? I rather doubt it.
I understand that the impression that the OPM performed all
background investigations is simply not true. The adjudication
and access granted individually by each agency and each agency
having their own individual process makes it impossible to
truly say that the OPM is anything other than an interesting
umbrella group.
I am not proposing today that we strip individual agencies
of their capability to make the final decisions, but it is very
clear that if we are to have a 30-day or 60-day clearance
process to become a reality, that we are going to have to have
a single form, a single sheet, a single process, and ultimately
a take-it-or-leave-it by the various agencies. That does not
exist today.
I am looking forward to your testimony and the questions
beyond the scope of just this introduction. And I thank you
very much for being here today.
And hopefully OPM-bashing is not what you interpret that I
am doing, but rather recognizing that, inherently, if we give a
lead agency some authority but not all authority, we really
give them no authority.
Thank you, Madam Chair. And I yield back.
Chairwoman Eshoo. Thank you, Mr. Issa.
I call on Mr. Tiahrt, a diligent, thoughtful member of the
subcommittee and the full committee.
Mr. Tiahrt. Thank you, Madam Chair. And I guess I am from
eastern California.
Mr. Issa. We will make you honorary for today only.
Mr. Tiahrt. I am glad to be here from Kansas. I am very
concerned about the clearances. I do have a hearing at 10
o'clock, and I am the ranking member and have to attend. But I
appreciate the testimony and especially the good work the GAO
has done. And I am looking forward to whatever the comments are
going to be.
Chairwoman Eshoo. Thank you.
Thank you for being here this morning.
We will start with Ambassador Boswell, with his testimony,
and move across the table.
And I think, if I might suggest this, that you keep your
comments brief or maybe summarize what you would like to say,
so that we can have a good give-and-take in asking questions
and really drill down to some of these areas. I know you come
fully prepared. I don't want you to think we are diminishing
what you have to offer. But I think, in these hearings, the
more we get to ask questions and hear your answers, there is a
fullness of what we will draw out of the hearing.
So, again, good morning.
And thank you to you, Ambassador Boswell. This is your
time.
STATEMENTS OF MR. ERIC BOSWELL, ASSISTANT DEPUTY DIRECTOR OF
NATIONAL INTELLIGENCE FOR SECURITY; HON. CLAY JOHNSON, DEPUTY
DIRECTOR FOR MANAGEMENT, OFFICE OF MANAGEMENT AND BUDGET; MS.
KATHY L. DILLAMAN, ASSOCIATE DIRECTOR, FEDERAL INVESTIGATIVE
SERVICES DIVISION, OFFICE OF PERSONNEL MANAGEMENT; MS. BRENDA
S. FARRELL, DIRECTOR OF DEFENSE CAPABILITIES AND MANAGEMENT,
GOVERNMENT ACCOUNTABILITY OFFICE
STATEMENT OF ERIC BOSWELL
Mr. Boswell. Thank you, Madam Chairwoman. I am happy to be
here at this ``California subcommittee.'' I feel quite at home
here; I am a California resident myself.
Mr. Issa. They will all move to California eventually.
Mr. Boswell. Chairwoman Eshoo, Mr. Issa and distinguished
members of the subcommittee, thank you for the opportunity to
be here to discuss security clearance reform. I am very pleased
to be with my colleagues, Mr. Clay Johnson, Ms. Kathy Dillon,
and my GAO colleague.
As this subcommittee is very aware, the Intelligence Reform
and Terrorism Prevention Act of 2004 established the first-ever
legislated measures of success with regard to the timeliness of
security clearance processing with goals for 2006 and 2009.
While helpful, these measures include only the investigation
and adjudication segments of the process and do not, on their
own, provide for end-to-end process performance measures nor
capture all of the opportunities for improvement that would
result in a timelier, less burdensome process for applicants.
While the Intelligence Community agencies that conduct
their own investigations and adjudications are compliant with
current IRTPA goals, the existing process is not, in our
estimation, likely to allow these agencies to achieve the
additional efficiencies to meet the 2009 objectives.
Recognizing that transformational change will be required
to meet such future need, the Director of National Intelligence
has agreed that security clearance reform should be a top
priority, as evidenced by its inclusion in his 100-day and 500-
day plans. The DNI's call for improvements to the security
clearance process is matched by the Secretary of Defense, who
has placed security clearance reform as one of the Department
of Defense's top transformation priorities.
The intelligence and defense partnership on this issue is a
driving force in shaping the efforts to achieve meaningful
change. Together, these senior leaders established the Joint
Security Clearance Process Reform Team, which I will call the
Joint Team from here on. The two leaders of this team are
behind me here: John Fitzpatrick, who is Director of the
Special Security Center at the ODNI, and Elizabeth McGrath, who
is a Deputy Under Secretary for Defense.
The Joint Team conducts its activities with the oversight
and concurrence of OMB and the participation of other agency
partners. Most notable in this regard is OPM, whose Director
has joined the DNI, DOD and OMB as a champion of the newly
integrated security and suitability reform effort.
This expanded partnership highlights the finding that the
process for determining eligibility for access to classified
information, suitability for Federal employment, eligibility to
work on a Federal contract, and granting access to federally
controlled facilities and information systems rely on very
similar background data. However, the processes for collecting
and analyzing that data are not sufficiently coordinated.
Therefore, the overall scope of the reform effort now
encompasses aligning security clearances and Federal employment
suitability to ensure that the executive branch executes these
authorities within a framework that maximizes efficiency and
effectiveness.
The importance of this project was underscored on February
5th of this year when the President issued a memorandum
acknowledging the work of the combined group and directing the
heads of executive departments and agencies to provide all
information and assistance requested by the Director of OMB in
this important endeavor.
The memo also directs the Director of OMB, the Director of
OPM, the Assistant to the President for National Security
Affairs, the DNI and the Secretary of Defense to submit to the
President an initial reform proposal not later than April 30,
2008, that includes, as necessary, proposed executive and
legislative actions to achieve the goals of this reform.
In the current phase of its activity, the Joint Team is
conducting concurrent work in three areas: information
technology, policy development, and targeted demonstration
activity that seeks to validate innovations in the new process
design.
The primary innovations driving the transformation involve
the use of more automated processes and data-collection
mechanisms that aim to significantly reduce processing times
across the security clearance life cycle by eliminating manual,
time-consuming processes. The new process proposes the use of
new investigative tools, an end-to-end information management
system, a continuous risk-management philosophy, and efficient
standardized business practices. There is more detail on this
in my statement for the record.
While the Joint Team will make every effort to identify and
recommend deployment of near-term improvements, it is equally
important to note that end-to-end transformation across the
government will take time, resources and the concerted effort
of all implementing agencies.
In another important area, an area that Mr. Issa mentioned
in his statement, modifications to Intelligence Community
hiring policies are being made to allow for the hiring of
first- and second-generation Americans or ``heritage''
Americans. This effort includes careful consideration of ways
to balance risk while increasing opportunity for such citizens
to be considered by the clearance process.
We have studied existing programs within the community that
may offer a model for other IC agencies to build upon. We fully
expect a near-term outcome of this DNI-level policy change to
result in more applications from heritage Americans and
ultimately a more robust mission capability within the IC.
I am confident that sufficient executive commitment exists
to ensure that security clearance reform will be achieved.
Madam Chairman, that concludes my statement, and I welcome
any questions.
[The statement of Mr. Boswell follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
Chairwoman Eshoo. Thank you.
I would like to welcome to the hearing this morning
Congressman Holt, another diligent, very thoughtful,
intelligent member of this subcommittee.
Mr. Johnson, welcome. And we look forward to your
testimony.
STATEMENT OF CLAY JOHNSON
Mr. Johnson. Thank you. Chairwoman Eshoo, Ranking Member
Issa, members, thank you for having this hearing today. I will
be very, very brief, so we can get to questions, and I will try
not to duplicate what I know Kathy is going to talk about and
what Eric has already talked about.
I want to make it very clear to this committee that
significant progress--significant progress--has been made to
reform the security clearance process. Yes, the emphasis has
been on improving the timeliness of the process, but that has
been the primary problem. There are other issues, which you
have identified in your opening statements, but the primary
issue that we have been addressing here is the primary issue,
which is timeliness.
We talked about the opportunity for technology and
paperless, quicker access to electronic records and so forth
being a huge opportunity. Our focus to date, for the last 2
years, has been--while we have developed plans to pursue these
other opportunities, our primary focus in the last 2 years has
been on the basics, which is expand the capacity to do the
work--that was the primary problem--and to improve the
accountability for doing the work as called for. We have
accomplished that. Kathy will talk about the investigative
capacity expansion at OPM. But we have made significant
strides.
This is great, but we are not where anybody wants to be.
The Intelligence Community I think reluctantly agrees that
there has been some improvement, but they believe that there is
more to go still, and we do too. And everybody wants to be at a
different place than we are now, even though we have made
significant strides.
Currently, it takes too long to retrieve all records and
information. It takes too long to adjudicate particularly
industry requests. And it takes too long to move information
and files around.
Longer term, as Eric talked about, we need to transform the
system. There is a very impressive effort under way, involving
everybody, to make this happen. I am confident that we are
going to end up where we want to be.
One of the really fantastic parts about this process is
everybody wants this to work. Everybody is committed to making
this happen. Nobody likes any aspect of the current state of
affairs. Industry wants it to change, agencies want it to
change, you want it to change. There is not divisiveness on
this. It is, ``Let's do it, let's do it well, and let's do it
magnificently.'' And that is our plan. And our goals are high,
and we are working very hard on it and making great strides.
[The statement of Mr. Johnson follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
Chairwoman Eshoo. Thank you.
Ms. Dillaman.
STATEMENT OF KATHY DILLAMAN
Ms. Dillaman. Madam Chairwoman, it is my privilege to be
here today to testify on behalf of the Office of Personnel
Management and to provide you an update of the progress we have
made thus far, plus our continuing reform efforts.
As you know, OPM's mission is to ensure the government has
an effective civilian workforce. To accomplish this mission, we
provide the background investigations for over 100 Federal
agencies that are used to support suitability decisions and
security clearance determinations. Last year, we conducted over
2 million investigations.
As you noted, we are not responsible for all of the
government's background investigations, but we do handle 90
percent, with delegations to the Intelligence Community for the
balance. We do, however, support the Department of Defense
entirely, including their industrial clearance investigations.
Since implementation of the Intelligence Reform Act, we
have made significant progress in improving the overall
timeliness and eliminating the backlog of investigations. We
have focused on four critical areas that have to be managed
effectively to make this progress efficient: first, workload
projections; then the processes agencies use to request
investigations; the investigations; and the adjudication
processes.
To staff the investigations and adjudications programs
responsibly, clearance-granting agencies have to be able to
project their workload needs annually. We have established a
goal of a 5 percent margin, and significant progress has been
made in getting agencies to project effectively.
For the submission processes, that previously was a very
labor-intensive paper process, a form filled out every time you
had to go through the process, again and again. We have
expanded OPM's Web-based online system. It is called the
Electronic Questionnaires for Investigations Processing, e-QIP,
which allows subjects to fill out their information online and
eliminates the paper. This allows them to submit the request to
their governing agency, and, in turn, they can submit the
request to us.
For the first quarter of fiscal year 2008, 83 percent of
the clearance investigations we received to conduct were
submitted electronically. Fourteen agencies and Department of
Defense's industry submissions are at 100 percent electronic
submission.
For investigations timeliness, the Intelligence Reform Act
required that, by the end of the 2006, 80 percent of the
background investigations for initial clearances be completed
in an average of 90 days or less. We have exceeded that
statutory goal. In fact, of the 586,000 initial clearance
investigations we received to process in fiscal year 2007, 80
percent were completed in an average of 67 days. Top Secret
took 92 days. Those are much more extensive. And Secret/
Confidential took an average of 63 days.
We have increased our staff to over 9,400 Federal and
contractor employees. And, as a result, there is no backlog of
investigations related to insufficient resources. While
eliminating the backlog, we have substantially reduced the time
it takes to complete the investigations.
Other factors have contributed to this improvement. Working
closely with Federal, State and local agencies, we have
improved processes for obtaining third-party information,
getting the required records we need much faster.
We are not done yet; there is still work to be done. But
great improvements have been noted.
We have worked closely with the Department of Defense and
the State Department, and we have deployed an international
team to get the required overseas coverage necessary. In fact,
in 2007, we had 360 agents who were detailed abroad, and they
completed more than 24,000 international contacts or record
searches.
While improving the timeliness of investigations, we have
also been vigilant in maintaining the quality of those
investigations. Our training programs and material, as well as
our internal quality-control processes, ensure that the
investigations we conduct meet the national investigative
standards and the needs of the adjudication community.
We are also continuing to work with the agencies to reduce
the time it takes to deliver completed investigations between
OPM and the adjudicating offices and for them to record their
adjudication action in a central records system. This includes
implementation of an imaging system that lets me move completed
investigations in an electronic format to the adjudicating
offices.
Last year, we went online with Department of Army, and to
date we have sent over 113,000 investigations to them
electronically, making the process between OPM and Army
virtually paperless. We anticipate up to 10 more agencies this
year will come online with receiving electronic submissions.
We are also continuing to optimize our current processes by
maintaining adequate staffing, building partnerships with
information suppliers, and through greater use of information
technology. EPIC, which is our automated suite of tools that
support investigations and adjudications, will allow for total,
end-to-end paperless processing for those agencies that are
prepared to use them.
We are also partnering, as I noted, with the Office of the
Director of National Intelligence and the Department of Defense
for more significant reforms to the overall process. This
reform effort is challenging traditional processes, from
application through adjudication. The ultimate outcome will be
a governmentwide system that continues to protect national
security through modern processes that are secure, dependable,
scaleable, time- and cost-efficient.
This concludes my remarks. I would be happy to answer any
questions you have.
[The statement of Ms. Dillaman follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
Chairwoman Eshoo. Thank you.
Ms. Farrell.
STATEMENT OF BRENDA S. FARRELL
Ms. Farrell. Madam Chairwoman, with your permission, I
would like to summarize my written statement. I promise you
that my remarks won't be as long as the written statement, but
I think it will be a good segue into the conversation that you
wish to have today.
Chairwoman Eshoo. Thank you.
Ms. Farrell. Thank you for the opportunity to be here today
to discuss the Federal Government's personnel security
clearance reform efforts.
My remarks today are based on GAO's numerous reports that
give us a historical view of key factors that should be
considered in clearance reform.
Our reviews have identified delays and other impediments in
DOD's program, which maintains about 2.5 million clearances,
including clearances necessary to carry out intelligence
functions. These longstanding delays resulted in our adding the
DOD personnel security clearance program to our high-risk list
in January of 2005.
In the past few years, several positive changes have been
made to the clearance processes because of increased
congressional oversight, recommendations from our body of work,
and new legislative and executive requirements, most notably
the passage of the Intelligence Reform and Terrorism Prevention
Act of 2004, which many of you had a hand in passing.
One important change is the formation of an interagency
team, of which members of that team are present here today on
the panel. The interagency team plans to deliver a transformed,
modernized, fair and reciprocal security clearance process that
is universally applicable to DOD, the Intelligence Community
and other U.S. Government agencies.
Two of the four key factors in my written statement
essential to the interagency team achieving the goal of
reciprocal security clearance process involve: one,
incorporating quality-control steps; and two, establishing
metrics for assessing all aspects of the process.
First, government agencies have paid little attention to
quality, despite GAO's repeated suggestions to place more
emphasis on it. For example, the government uses the percentage
of investigative reports returned for insufficiency during the
adjudicative phase as the primary metric for assessing quality.
As you may know, GAO has identified this metric by itself as
inadequate.
Prior work examined a different aspect of quality: the
completeness of documentation in investigative and adjudicative
reports. We found that OPM provided incomplete investigative
reports to DOD adjudicators, which the adjudicators then use to
determine Top Secret eligibility. Almost all, 47 of 50, of the
sampled investigative reports GAO reviewed were incomplete
based on requirements in the Federal investigative standards.
In addition, DOD adjudicators granted eligibility without
requesting additional information for any of the incomplete
investigative reports and did not document what they considered
some adjudicative guidelines when adverse information was
present in some of those reports.
In addition, our October 2007 report documented the
reluctance of some agencies, particularly the DHS and the FBI,
to accept clearances issued by other agencies. To achieve
greater reciprocity, clearance-granting agencies need to have
confidence in the quality of the clearance process.
The second key factor I wish to discuss is establishing
metrics for assessing all aspects of the clearance processes.
Many efforts to monitor clearance processes emphasize measuring
timeliness, but additional metrics could provide a fuller
picture of the clearance process.
Similar emphasis on timeliness appears to be emerging for
the future of governmentwide clearance process. In the DNI's
500-Day Plan for Integration and Collaboration, the core
initiative to modernize the security clearance process
identified only one type of metric--processing times--about how
success will be gauged.
GAO reports have highlighted a variety of metrics that have
been used to examine clearance programs, such as: one,
completeness of investigative and adjudicative reports; two,
staff and customers' perceptions of the processes; and three,
the adequacy of internal controls. Including these and other
types of metrics could add value in monitoring clearance
processes and provide better information to allow greater
congressional oversight.
In summary, the current interagency team to develop a new
governmentwide security clearance system represents a positive
step to address past impediments and manage security reform
efforts. Still, as already noted by the panel members, much
remains to be done. And GAO stands ready to assist the
Congress.
Thank you, and I am ready for questions when you are.
[The statement of Ms. Farrell follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
Chairwoman Eshoo. Thank you very much, to each one of you.
Let me start this off with an observation. I think that
some progress is being made. I am encouraged by what the
President called for. I am encouraged with the work and some of
the statistics that are offered. I mean, I did read all of the
backup.
And I would like to acknowledge all of our staff, both from
the majority and the minority side of the committee, because,
without them, we wouldn't have what is presented to us and help
set up the hearings. So I want to acknowledge their very fine
work. They care about this, and they help carry us.
Let me start out with what is the directive of the
Congress, which is the IRTPA. We have----
Mr. Issa. We could have done better on the acronym,
couldn't we?
Chairwoman Eshoo. Exactly. We could have, Darrell. We could
have.
At any rate, that legislation set forth requirements in the
area of reciprocity, and I want to examine that. There were at
least four requirements that were set down in that that all
agencies--I think you know what they are, so I don't have to
repeat them.
What we have learned from a roundtable that the
subcommittee had is the FBI acknowledged, in the roundtable,
that neither the FBI or DHS, they do not have a clearance
reciprocity with other agencies 3 years after the enactment of
the legislation.
Do any of you want to comment on that? In the interagency
team, has that been addressed? Has it been examined? Can you
tell us more about that?
Because I think that there is a shortcoming there; at least
this is what they have told us.
Mr. Johnson. Eric needs to talk about the Intelligence
Community.
And Kathy needs to correct me if I am wrong on this fact,
but the clearest indication of there not being reciprocity is
an agency requests a new investigation of somebody that already
has an investigation for a clearance level at the level that
they are going to have at the new agency. My understanding is
that if somebody requests that OPM does an investigation and
they already have a clearance for that level, Kathy does not do
the investigation.
Chairwoman Eshoo. So does that leave a gap? Are we where we
need to be?
Ms. Dillaman. No, I don't believe we are where we need to
be. But there are controls in place. Last year, I think, we
rejected about 25,000 requests, where agencies came in and
asked for unnecessary investigations. They were forced to not
duplicate the process. Now, we conducted 800,000 clearance
investigations last year. And so that is certainly one
indicator.
And I don't believe that is just malicious, not accepting
other agencies. Sometimes it is just not using the transparency
we have made available into the clearance actions. One of the
requirements of the act was that there be a national database
of clearances so that there would be transparency.
Now, OPM and the Department of Defense, together, have
linked the master databases that provide for transparency into
someone's clearance. If you looked at my record, you would see
that there is a Top Secret clearance, sponsored by the Office
of Personnel Management, based on an investigation that was
conducted. That database is made accessible across government
to all agencies.
Now, it does not include the clearances in the Intelligence
Community, by the very nature of those clearances in that data
system. If we had tied those systems together, it would have
made the whole system classified, and then it would not be
usable to a broad section of the government.
Chairwoman Eshoo. Was it the Congress' directive in the
legislation that has produced this, or is it that we simply
haven't gotten to it?
Ms. Dillaman. I think it is the practical understanding
that, by and large----
Chairwoman Eshoo. What does that mean?
Ms. Dillaman. By and large, outside of the Intelligence
Community, the need for transparency into the investigative and
adjudicative history of an individual is outside of the
classified arena. Within the Intelligence Community, that is
maintained.
And so, instead of one system, there are two: the system
that is OPM and DOD tied together, which has 90 percent of the
unclassified clearance information, and that inside the
Intelligence Community, which I am sure Eric can discuss.
Mr. Johnson. Let me say that I contend that reciprocity of
security clearances exists. Are there exceptions? Sure. What
does not exist is, to my knowledge--I believe this is true--is
reciprocity of suitability clearance.
You have had an investigation that deems you suitable for
employment--forget security clearance--that deems you suitable
for employment at the Interior Department. Now you are being
considered for employment at the Treasury Department. Forget
the clearance. Suitability, that is a separate process.
And we did not, nor did IRTPA, charge this group----
Chairwoman Eshoo. Let's call it the legislation.
Mr. Johnson [continuing]. The legislation charges us to
look at suitability.
But everybody has agreed, which is why the task force now
looks at aligning suitability issues of this sort with
clearance issues of this sort. Because to reform one without
the other leaves a broken system.
But I generally will contend--and, again, if it is not a
fair statement, let me know, let the committee know--that
clearance reciprocity exists; suitability reciprocity does not.
Chairwoman Eshoo. And why do you think that is the case?
What contributes to that?
Ms. Dillaman. I think suitability is a little different
science, in that it considers the position that the individual
is applying for.
Let me give you an example. An individual may have a Top
Secret clearance with an agency and, in their past, have a
history of drug use, but considering the whole-person concept,
it was not sufficient to deny a security clearance. At the same
time, that person may not be suitable for all positions across
government, especially if there is a nexus between drug use and
the position, like a DEA agent would be.
There are other types of disqualifiers where the individual
may get a clearance in one agency but not be suitable to work
in another type of position.
Chairwoman Eshoo. Aren't these all processes, though?
Aren't the results the same? And that is that it inhibits the
movement of people, jobwise, obviously, suitability clearance?
I mean, they are all connected. They are not, in my view--I
mean, they are----
Mr. Johnson. But there are separate rules and statutes and
so forth. So that is why the committee is looking at it.
Chairwoman Eshoo. Where are we----
Mr. Johnson. Take Kathy's example of somebody who is moving
to an agency where drug use is an issue. It would be
appropriate to dig deeper on the issue of their past drug
usage, to look at whether they are suitable to work at DEA.
Chairwoman Eshoo. Don't you think just common sense would
dictate that that might be an issue, no matter where someone
is? At what agency is it acceptable for someone to have a drug-
use background? It doesn't make sense to me.
Mr. Johnson. If drug use was 30 years ago in college.
Chairwoman Eshoo. Timeliness. Okay.
Mr. Johnson. What we want to make sure doesn't happen is,
if you want to dig deeper on one issue, you don't begin the
investigation all over again. You accept the investigative
work, if it is current, done to date, and you add to it.
And that is not the case in most of these situations or
historically, where if you needed to look at something in
greater detail, you looked at the whole thing all over again.
And that is the absence of reciprocity. Reciprocity means look
at additional things but accept what has already been done.
Mr. Boswell. Madam Chair, can I jump in with one thing?
Chairwoman Eshoo. Certainly.
Mr. Boswell. Within the IC, reciprocity works pretty well.
It is the rules of the road, and it operates.
The IC is served by one common database, as Kathy
mentioned. It is a classified database, for good reasons. I
think what we are talking about here, though, is that we need a
database for the government. Reciprocity is not well-served by
the existing architecture, the IT architecture. And we are
working, in the Joint Team, to try to find some way to make
that happen.
Chairwoman Eshoo. I appreciate your adding that, but one of
my favorite subjects is technology. Obviously, my district is
the driver of it.
Mr. Issa. Our State, you mean.
Chairwoman Eshoo. Our State. Thank you. Our district makes
our State that much better, and our country.
But the requirements of the legislation really set forward
several areas. The evaluation is supposed to assess the
application of technologies in at least five areas: granting
interim clearances--you know what they are--expediting the
initial security clearance processing, including the
verification of information submitted by the applicant; ongoing
verification of suitability--we have touched on that; the use
of technologies to augment the periodic investigations; and
assessing the impacts of the above, without going into the
detail of it.
It is my understanding that only one area has been
addressed, and that is expediting the initial security
clearance process. And I would like you to comment on that. Is
this incorrect? What are the timelines for the other four
areas?
I can't help but think that there must be some frustration
on the part of people representing the various parts of this
system, because you are working hard to make up for, I
shouldn't say, the sins of the past, in order to revolutionize
the system.
But in oversight, we want to drill down on where there are
still, you know, some shortfalls. And so I would ask you to
comment on that.
And then I am going to go to Mr. Issa for his questions.
Mr. Johnson. I should have been listing the four items in
particular. But when the full reform effort began in 2006--
latter part of 2005, and began to see some impact in 2006--the
priority was placed on initial investigations versus
reinvestigations. And there, as a result, has been--it was
capacity and accountability which was the primary focus.
So, as a result of that, significant--significant--
improvement had been made in the time it takes to investigate--
first of all, at the beginning, the time it takes to get a
request for an investigation from the person signing it to the
investigative entity, the time it takes to investigate it, and
the time it takes to adjudicate it. There have been significant
improvements in adjudication timeliness, investigative
timeliness, transmission of the original application
timeliness. So the whole process has made significant strides.
The other three areas were?
Chairwoman Eshoo. Well, one of them is granting interim
clearances. I mean, that was one of the--that was supposed to
come out of this. Ongoing verification of suitability of
personnel with access to classified information. The use of
technology to augment----
Mr. Johnson. The technology pieces that we have focused on
have been an idea toward timeliness and given current
technology--the deployment utilization of the technologies that
exist today. So that has been e-QIP, as Kathy talked about.
That has been transmission of files from the investigative unit
to the adjudicated unit, which can cut weeks off of this
process.
The longer-term issues, like an entirely different
architecture for the database, going paperless, all of the
things that have huge potential are still before us. They are
longer-term issues that require investment of funds; it is
technology that does not exist today.
Another form of technology application here has been
getting access to digital records as opposed to paper records.
Kathy has done a great job working with different industries
and database record sources to be able to accomplish that. So
there has been attention to that.
I wouldn't say that the community is frustrated over where
it is; the community is quite proud of what has been
accomplished. But the goals laid out by IRTPA, for all the
right reasons, are very, very aggressive. And that is our goal.
Our goal is to completely change this and take it to several-
orders-of-magnitude-greater levels of performance, and that is
what our focus is.
Chairwoman Eshoo. I think what was spelled out in the
legislation is really needed. When one goes through and reads
the GAO reports that have been issued over quite a long period
of time, it is a system that really needs overhaul. I am glad
that we are taking some steps. I think we still have a ways to
go.
Let me acknowledge my friend and colleague, Mr. Issa.
Mr. Issa. From the telecom valley of the south.
One of the challenges we face--you know, certainly, if we
looked at industry and we said, ``Would you do things the way
we were doing them 3 years ago?'', the answer--those truths
were self-evident, that they had long ago given up the systems
we were using.
But let's take a company; let's take General Motors. Could
you imagine if an executive in the Chevy division were
transferred to the Cadillac division and they said, ``Well,
yeah, we know you took a polygraph''--I am stretching this a
little--``a polygraph in the Chevy division, but we have our
own people, and we are going to re-ask you the same questions
in order to employ you in the Cadillac division.'' Would that
be considered to be one company?
You know, Ambassador, on the base it of all, the fact that
we still--or, Ms. Farrell, I know you have looked at this--the
fact that we still repolygraph people when they move, looking
at the same data, at a desk next to each other, but if they
move from ownership of one agency to another, we repolygraph
them, in some cases.
Is there any basis under the intent of Congress to continue
doing that?
Mr. Boswell. If I can touch on that, first, I think that
reciprocity within the Intelligence Community works rather
well. And, second, I would like to get on the record that I
don't----
Mr. Issa. Is this the part that you think works well,
though?
Mr. Boswell. Reciprocity of security clearances.
We also have, obviously, a joint duty requirement, which
has been instituted by the DNI, and all members of the
Intelligence Community have agreed to accept the clearances of
the originating agency when folks move from one position to a
joint duty position.
Polygraphs are not a particular impediment toward security
clearances. They are not a big piece of the timeline. And----
Mr. Issa. Ambassador, isn't it true that we have a critical
shortage of people to do polygraphs, that that, in fact, is one
of the bottlenecks? I am trying to understand why it is not an
impediment if we don't have enough people to administer them.
Mr. Boswell. It is not an impediment in terms of the amount
of time in the process. Only a few of the intelligence agencies
require polygraphs. We still leave it up to the individual
agencies, and only five of them--I think it is five--require a
polygraph. So it is really not a substantial impediment.
Mr. Issa. Okay. Maybe I am--yes, Ms. Farrell?
Ms. Farrell. If I could build on what my colleagues have
said, OPM has the bulk of the investigations to do; it is about
90 percent----
Mr. Issa. But you have all those Confidential and Secret
clearances that, quite frankly, you know, they are pro forma
almost; you know, see if the guy actually did get convicted of
a felony when he said he didn't. I mean, let's go through the
bulk and slim it down.
We are here today primarily talking about our most
sensitive access, and that is not 2 million last year. That is
how many, Ms. Dillaman?
Ms. Dillaman. 90,000 to 100,000 for Top Secret clearances,
and a like number for the reinvestigations that we do.
Mr. Issa. Right. Okay. But within your purview, 90,000 to
100,000 at TS, and then, above that, a fraction of that 90,000
to 100,000 that would be even more thorough.
So we are talking about 90,000 to 100,000. I just want to
make sure that we don't keep looking at 2 million. You know, as
a second lieutenant, I had to have a Secret clearance.
Actually, as a private, I had to get that Secret clearance.
Candidly, they didn't know that much about me.
Ms. Farrell. Top Secret takes longer; it costs more. And
perhaps sharing clearances among the Federal agencies is not an
issue, but those that are associated with the Intel Community
are an issue.
But it appears to us that from--for example, I mentioned
our October 2007 report, where we went in and looked at, I
believe it was, 54 fusion centers that are a mechanism for
helping collaboration of information-sharing. It was through
that work that it came to our attention that there was this
reciprocity issue, especially with the DHS and the FBI, which
you acknowledge you had discussions at your roundtable about,
that they were unwilling to share other Federal agencies'
investigations.
But my point being, OPM does the investigations for Top
Secret for the vast majority. Perhaps there is not an issue of
transfering clearances from the Agricultural Department to
Commerce. There is this issue of suitability that Mr. Johnson
was explaining, and there is some overlap with security
clearances. There is some duplicative effort there that could
be streamlined. I believe the joint working group is working
toward that, which is a good thing.
But then, within the IC community, you have this issue of
reciprocity. Maybe amongst them there is not an issue of going
from DIA to the CIA, but there is this issue of someone outside
the community coming in with a clearance. We haven't done work
specifically looking at the Intelligence Community, but we have
a little insight from the October 2007 work that I mentioned.
Mr. Issa. Okay. Well, I think I see a pattern that--I want
to, sort of--I am going to bifurcate a little bit of the
community versus all others, because it appears as though we
are heading down that road.
Mr. Johnson. What road? I am sorry.
Mr. Issa. The road of--basically, there is the IC
community's real, core clearances, and then there is all
others. I mean, that is becoming pretty evident, that it is not
about what level of clearance, it is about who gave you the
clearance. I mean, I think even though you are disagreeing on
this, you are agreeing in a sense.
And let me just give you the example. ``Factors used to
determine eligibility for security clearances''--this is saying
it is a clearance: Allegiance to the United States, foreign
influence, foreign preference, sexual behavior, personal
conduct, financial considerations, alcohol consumption, drug
involvement, psychological conditions, criminal conduct,
handling protected information, outside activities--I guess
that would be soccer and so on--and use of information
technology systems.
Stamp collecting, exactly. Clearly not a Californian.
Now, the question is, are these actually eligibility for
security clearance, or do these get down that nonreciprocity
side, that it is okay to give you a TS with a drug background,
just not a TS for DEA? Is that what we are really talking
about? Even though they are printed on a document that actually
gets attached when somebody gets rejected, that, in fact, we
are mixing the two.
Does Congress need to understand clearly the difference
between you can see the information and you can have access to
where you might be able to generate or pass on differently? Is
that what we are talking about here? Because I would like to
understand that in addition to the two communities, if you
will, of clearances.
Ms. Farrell.
Ms. Farrell. Those guidelines I believe you were citing is
what the adjudicator looks at to determine the eligibility.
And, again, I think the issue here is who is doing the
investigation and the quality of the investigation, which has
Federal guidelines that the investigators should adhere to in
terms of conducting the investigation--you know, doing the
background check, the financial check, their social check,
employment, education. They put the package together, and then
those other guidelines you referred to are used by the agency
or the adjudicator to determine that person's eligibility for
that Top Secret clearance.
Mr. Issa. But it is not for the Top Secret clearance, as it
turns out. Some of this is for do you get the job or not. You
have been offered a job, in this case, at the CIA. But when
they go through this, the truth is, if you were working for
DOD, you might get your Top Secret, but you are not going to
get it for the CIA, because, in the case of the rejection
here--it was cited by Elizabeth York, so I am assuming this is
completely unclassified, since it was sent through ordinary
mail with no designation at a center in Maryland.
``During your security testing session, October 2005 to
January 2006, you noted on two occasions that you had direct
contact with officials of foreign government, including two
non-U.S. ambassadors and a foreign minister.'' This is part of
the fact that this person is being told they can't do it.
Now, the fact that this person was an employee of the
Department of Energy in an unclassified environment, that this
person, in fact, is multilingual and an Oxford graduate--by the
way, they also note her attendance at Oxford as a period of
time outside the country in her rejection.
When we are looking at a system that--Ms. Dillaman, you are
doing a great job of making it digital--when we are looking at
a system in which somebody applies and it turns out that
exactly when the DNI is basically being confirmed, in December
of 2005, as we are saying we want to bring in Arabs and
Muslims, we add a directive, which the language of the
directive is cited right here, that actually says that foreign
contact is going to be a limiting factor in getting it--it
should be a consideration for a limiting factor.
So if you have family and friends overseas, you are not
going to get the clearance, while we tell people, Arabs and
Muslims, that already speak the language, we want them. You
don't speak the language fluently without contacts in the
community that, if you don't have contacts over there, they are
going to have contacts.
So before we go on to some of the wonderful work being done
digitizing stuff, how do we get past this impasse when, in
fact, we are taking Oxford grads, law students who happen to be
fluent in Arabic and Spanish and, oh, by the way, can talk to a
foreign minister in their native tongue at a 3/3 level, how do
we reject these people and cite that they had those very
contacts overtly?
Yes, Ms. Farrell?
Ms. Farrell. I hope that the reform committee is looking at
that, because you keep talking about GAO's reports going back
years. I know that they went back at least until 1974, before I
started at GAO.
Mr. Issa. Before you graduated high school, for goodness'
sake.
Ms. Farrell. That is in my background investigation.
But we have had these issues of quality and incompleteness
in 1999, 2001, 2006, and we are getting ready to go in and look
again and see what it is. We have talked about the need for a
massive overhaul of this system, which is what the reform
committee is trying to do.
We would hope to see, in their revised plan, one of the
issues that you are bringing up: Are they going to look at the
policies and update them or amend some, eliminate them, in
order to bring them up and into, quite frankly, the 21st
century so that it can take into account individuals that would
be acceptable today that wouldn't have been acceptable perhaps
during the Cold War?
Mr. Issa. Yeah. I guess, great question. Are you?
Mr. Johnson. Am I what? Sorry.
Mr. Issa. Are you going to look at these factors? Are you
going to make these differences a part of the restructuring? Or
are we gong to rely on a directive that came out of 2005, where
we say we want to recruit and then, by the way, we are making
it almost impossible to succeed. We get the applications and
then we reject them at a high level.
Yes, Mr. Ambassador?
Mr. Boswell. As you noted in your opening statement, Mr.
Issa, the DNI has made it a priority to facilitate bringing
heritage Americans----
Mr. Issa. A priority publicly, and a directive that makes
it much more difficult privately.
Mr. Boswell. We had a tough time during the DNI's Senate
confirmation hearing, because one member of the panel brought
up an example of a job application within the IC that basically
said, if you have a foreign-born parent or immediate family
member, don't even bother to apply. That was an error, of
course. It has never been the standard that it prohibits
employment in the Intelligence Community.
But what is changing--and it is not final yet--but what is
changing is that, in the past, having an immediate family
member that was a heritage American, to bring that person on
board required a waiver. And the mere existence of that
requirement discouraged people from applying. The DNI is going
to change that policy--it is in the final stages of interagency
coordination--to eliminate that waiver requirement. The
standard will remain tests of loyalty to the United States, but
the waiver requirement will be gone.
Mr. Issa. Okay. Because we want to alternate here, I would
appreciate if, actually in a classified response, we could get,
item by item, changes that you are going to make so that we
have a better understanding. Because the committee, at least
the Chairwoman and myself, both have substantial foreign
contacts and/or--well, we meet with foreign heads of state all
the time when we travel. But also, we both have family and
influence that go directly back, oddly enough, both to the
Middle East.
So, you know, it is a deep concern that we are the people
who are trying to make sure America is safe, while in fact we
are going to take people just as loyal as the Chairwoman or
myself and potentially exclude them. We don't have that luxury.
There just aren't enough people who understand or have the
ability to get a jumpstart on our Middle East needs. And that
is our biggest problem, is the pool is pretty small to then cut
off, as you said, arbitrarily.
One last question, and then I am very much have used all my
time. The differences between--and we will just use the CIA as
an umbrella for an agency or the NSA and all other clearances,
I am detecting a lot.
Let me ask you a real question, because we talked about the
two databases--one that is broad but not deep, one that is deep
but not available. When we did our reform, should we
potentially have said that there are two tiers of this reform,
one tier for the vast majority and one tier for the most
sensitive, and that, in fact, each had to have harmony?
And I noted, Ms. Farrell, you said 47 percent of DOD
applications were incomplete but approved.
Ms. Farrell. 47 out of 50 cases.
Mr. Issa. Oh, 47 out of 50, so twice the percentage.
Well, the CIA often rejects because you didn't give them
one fact of one foreign contact, even though you gave them half
a dozen or a dozen. You just missed one. So the standards are
so different in who gets the job.
I will ask each of you--and you can respond here and
further, obviously, behind closed doors--did we err and should
we, in fact, be looking at two levels of sensitivity, so that
the vast majority of clearances, including Top Secret, are
done? And then, if you will, we will call it the compartmented
mentality, that the next level is a matter of DEA, NSA, CIA and
others saying, okay, for sensitive beyond, let's say, base TS,
we are going to have another umbrella of harmonization.
I don't have a problem with there being two databases. I
have a problem that if I have the need to know, those two
databases aren't equally accessible. I have a problem not with
TSs not being equally run around. I have a problem that at a
given level it is not clear that they can move around. And I
have no problem at all, as a second lieutenant with a Secret
clearance, being told it only goes so far. But, at some point,
our most sensitive information being available to somebody, we
need to have that.
Can you respond to that? I know it is a broad question, but
it goes to the core of do we need to take further action?
Ms. Farrell. Well, I think----
Mr. Issa. Thank you for your courage.
Mr. Johnson. We are all for further action. I am not sure I
understand the question.
Mr. Issa. Well, it doesn't appear as though you are going
to get to, if you will, a one-paper process at the most
sensitive level unless we segregate it from the vast majority
of others. It looks like Ms. Dillaman has high confidence--Ms.
Farrell, you seem to have high confidence--that we can get 1.8
million approvals done, and most of those will have great
reciprocity, great capability. It just isn't going to work at
the agency or at the CIA, it is not going to work at the NSA,
it is not going to work at the NSC.
I mean, I think----
Mr. Johnson. Ambassador Boswell said it is working. I don't
understand--you pointed to one example that, by the way, is
over 2 years old, if I understood the dates correctly, before
Mike McConnell was put in as the DNI and has adopted these
policies and initiated these reforms.
Mr. Issa. That was the start. The end is much more current.
Mr. Johnson. Okay, well, I misunderstood. But I think Eric
said that there is reciprocity with the intelligence community.
Mr. Issa. So I can get a clearance at the TS level, X, Y,
Z, that goes through, let's say, for DOD. And I get up from DOD
as somebody working in the Deputy Assistant Secretary's Office
for ``Blank,'' and I can be on the Pak-Afghan border the next
day and have no problem being read in to the most sensitive
counterintelligence if that is the same level? No. We don't
have that ability. So, you know----
Mr. Johnson. For all the right reasons.
Mr. Boswell. But, sir, I think what you are getting at is
the question that the Chairwoman also mentioned, which is that
the existence of a database and the ability to move information
across from one agency to another.
And the problem, of course, as Kathy Dillaman mentioned as
well, that one database is classified and the rest are not.
Well, we are looking for--the intention is a unitary system to
address exactly the questions that you raised. That is the
intention of the Joint Team, and we hope to get there.
Mr. Johnson. Let me make one comment about----
Mr. Issa. You seem to have a different opinion, and I am
going to ask you to make the last--and then yield back my time.
Chairwoman Eshoo. You don't have any time to yield back.
Mr. Issa. I know I don't.
Ms. Dillaman. If I may?
Chairwoman Eshoo. But I appreciate--I want this to be free-
flowing, because there is a lot of questioning.
Ms. Dillaman. There is a very broad base of need across
government, some classified, some unclassified. There is
absolutely no restriction on the classified world having access
to our information; it is only the reverse.
And so, for that population that stays outside of that
classified arena and moves around, the system supports it well.
For the classified world, who needs to draw from the
unclassified, that system will support it well. And for the
limited number that may move out of the Intelligence Community
into the nonclassified world, there is a delayed process. But I
believe, even then, with the information-sharing progress we
are making, that will not be excessive.
And so we have cut down the risk of individuals being
stalled in that fluid movement around government significantly,
not to the ideal state you just described, but certainly to the
point where every possible user in government has access and
isn't hampered because they themselves aren't working inside
the classified world.
Mr. Issa. Thank you.
Mr. Johnson. Mr. Issa, can I make one quick point----
Mr. Issa. Talk to the Chair.
Mr. Johnson [continuing]. That addresses this issue?
If you move from, like, an under secretary at DOD to, all
of the sudden, now you are in Pakistan or Iraq or something,
doing intelligence work--I spent a couple, 3 hours with John
out at NSA. And this gets to the issue of what this community
is trying to do, which is move from risk aversion to risk
management, which is a general concept we talk about, where we
have somebody who is Iraqi or Pakistani, and if they are
working on something over here that is domestic, high-level,
very top-secret, whatever, their being Pakistani or Iraqi may
not be an issue. But, all of a sudden, if they are working at
NSA on Iraqi or Pakistani issues, they may be listening to
conversations by relatives of theirs.
So there is a security management issue there that has to
be addressed. And what NSA is doing, for instance, is you
manage the risk; you don't say, yes, you can do this, no, you
don't. What is the risk, and how can we manage it? So, for
instance, maybe you put them in a separate facility, or maybe
you put them here, or maybe you put some controls, or maybe you
do some extra quality control.
In general, now, we are talking about more emphasis on
reinvestigations, be it Secret or Top Secret, throughout this
whole process, what changes the overall approach to this, risk
management versus risk aversion. The original security
clearance thing, which is 50-plus years old, is a risk-aversion
process. We want all to go, I think, by and large, to a risk-
management process.
Risk management gets us into--and this is the NSA example--
into being able to hire the foreign speakers. So even though
there are significant risks, you don't say, ``Ooh, there is a
little risk.'' No, there is some little risk, let's find out a
way to manage it, because this person wants to do a good job,
we need to have that job, we need their language skills, let's
do it. There is a really strong commitment within the IC to do
that.
It was something that was irrelevant. It was an irrelevant
issue 5 or 10 years ago. It is highly relevant now. And my
impression is and firsthand knowledge of it, albeit sparse, is
they are doing a very aggressive, good job of managing those
risks, not saying no to all those people with foreign
relatives.
Chairwoman Eshoo. All right. I would like to thank you, Mr.
Issa. Good line of questioning.
Mr. Holt.
Mr. Holt. Thank you, Madam Chair. Thanks for holding these
hearings.
I thank the witnesses for coming.
Let me pursue two lines of questioning. And forgive me, I
was out of the room for part of the time. I may have missed
this. But it wouldn't hurt to summarize it for me and for the
record, if you have already talked about this.
Maybe this goes particularly to Ms. Dillaman, but to
anyone: What is the limit? Okay, so we have cut the time down
to maybe a few months for Secret and Top Secret. Doing it the
way we are doing it, and digitizing it as necessary, asking the
questions we are asking, collecting the information we are
collecting, what is the limit? What will be the shortest time
for a TS? What will be the shortest time for an S, a Secret?
Ms. Dillaman. Sir, the process relies on the voluntary
cooperation of tens of thousands of different sources of
information--the public.
Mr. Holt. So that means you have good data, you have good
statistics.
Ms. Dillaman. We do, yes.
Mr. Holt. So using those good statistics, what will it be?
Ms. Dillaman. It can be as little, for some individuals, as
15 days. It can be as long, for some individuals, as 15 months.
Mr. Holt. Because you have good statistics--because there
are thousands and thousands and thousands of these that you are
doing, you can get very good statistics. So what will the
median be, the median time? Half the people will take longer
than that, half the people will take shorter than that.
Mr. Johnson. In what time frame? I mean, when? A year from
now? Five years from now?
Mr. Holt. If you can do everything you want to do, digitize
it and so forth, what is the best we will achieve on a steady-
state basis?
Ms. Dillaman. Today, we are at 80 percent, averaging in the
low 60 days. But the Top Secrets take longer because of the
information we are collecting.
I believe that if there are not significant reforms in the
way information is shared around government, we can make some
more improvements. But all improvements related to just having
enough people to do the job we have realized. We have enough
people----
Mr. Holt. So by so-called streamlining, you think that we
are approaching the asymptote here, to speak mathematically. In
other words, you just won't reduce the median time much more.
Ms. Dillaman. I think there are still some----
Mr. Holt. By digital fingerprints and using the Internet
and, everything we can do?
Ms. Dillaman. I think there are additional improvements,
but it is going to rely on other systems outside of our
immediate control to also have reform brought to them.
Let me give you an example, sir. Every investigation
requires that I obtain the FBI's records. And if the FBI is
incapable of providing all of their records timely--and they
provide most of their records timely, but not all--then those
investigations where I can have all of the rest of the work
done but I need to wait for the FBI to provide their essential
information won't be completed until that final piece. For an
individual, if I need to do a subject interview to resolve
issues and that individual is deployed to a war zone, I have to
wait until I have access to that individual. So there are
factors that can delay specific investigations.
But on the flip side of that, out of the 580,000 that we
did, 145,000 of them were done in less than 45 days; some of
them in less than 30 days.
Mr. Holt. What I would ask is, did you actually look at the
median, that is a meaningful number, half to longer, half
toward shorter, and find out what that is? And if it means
going to the FBI and asking how much more can they shorten
their process.
The median: Now some will take longer and some will take
shorter, but the median. Have they reached their limit? Have
they come to the asymptote? And there is not going to be much
improvement.
Ms. Dillaman. That is what we have been doing over the last
2 years is working with every one of these. There are 26,000
local law enforcement agencies that I rely on, 50 State records
systems, dozens of Federal records systems, and every one of
those has to be fine-tuned to be responsive.
And I also need to get the cooperation and responsiveness
of the citizens that have to be interviewed. I can't just
demand that they shut down and stop and talk to me. I work
around their schedules as well.
So you are right, there is a limit for how far we can cut
the time on this to the point where we have been so aggressive
that we cut off the very information that is essential to us.
And it is finding that delicate balance.
There is more to be gotten out of this. There are further
improvements. And if today is 63 days, whether that improvement
is down to 40 days or 38 days is yet to be determined. It
depends on just how much reform we can bring.
Mr. Holt. How will that be determined? It is a question we
need to ask and that we really need an answer to.
We shouldn't be flogging people in the government to be
getting it down to 20 days when the best we are ever going to
do is 40 days. So if OPM can't go to the FBI and get that
information for what is the best for FBI--maybe we need the DNI
to go to the FBI and get--if one of your necessary ingredients
is this FBI check, and it currently takes 71 days, or whatever
it is, for Top Secret, you need to know and we need to know
what is the best they can do.
Mr. Johnson. If we--this is grossly overgeneralized but if
we wanted to digitize every FBI record, we could get access to
every FBI fact about somebody in seconds, a day. I bet we would
decide we don't want to do that. The cost of doing that, the
time, the--I am not sure we would want to do that. I mean, so
that is not likely to happen, but an example of what could
happen that would take something that takes 30 days and now to
get it down to seconds.
The reform effort, there is a transformation effort under
way, led by Defense Department, the ODNI and OPM, looking at
all the things we can do to transform the system, not small
incremental changes, but all the kinds of issues that have been
addressed; and they have been charged by the President to start
coming forward, starting on April 30, with what do they know
now we should be adopting to transform the system.
And then as soon as they have other recommendations they
want to make that can be validated as being worthwhile and
worth cost, being a good relationship to benefit, they come
forward as quickly after April 30 as they have something they
want to recommend to the President.
This is being done on a very aggressive time frame to look
at, how quickly can this be done? Not ideally, but what should
this system, this desired different way of doing this, what
should it look like? And what is the implementation plan?
And some of these things we can do in months or a year or
so, and they can start having an impact. And some of them, like
going totally paperless, will take more money and some more
time, or significantly more time. It is not going to be done in
months, it is going to be done in years to do it. But we are in
the process.
There is a formal effort to address all the things that can
be done, and as a part of that, try to quantify the impact it
will have on the process. So you add up all the impacts, and
that is how quickly might it be done.
Mr. Holt. And who is responsible for quantifying that?
Where is that being done?
Mr. Johnson. The reform team, which is led by John
Fitzpatrick and Beth McGrath here, that is answerable to the
champions, which is DOD, ODNI, and OPM with a little
orchestration from me.
When they recommend something, it is, Here is what is
suggested to us.
Why is it valid?
It is a worthwhile change to recommend to you, Mr.
President; and here's the benefit and here's the cost of doing
it.
So that team, as a part of their evaluation, will come
forward with their assessments.
Mr. Boswell. Can I add to that, sir?
Clay referred to the deadline of April 30. The reform team
will have an acquisition strategy developed by April to be
folded into it. The acquisition strategy will determine the
cost and the implementation time lines the best we can. And we
will also look for low-hanging fruit, near-term improvements as
well as the long-term improvements.
Mr. Holt. I would urge, plead, whatever, that we make it
quantitative. When you have got this many people, you have good
data, or you should have good data. You can get good data.
Mr. Johnson. We have got fantastic data.
Mr. Holt. And, therefore, it really should be quantitative,
and you should know from an engineering operations point of
view what the critical path is, what are the limiting time
periods; if changes were made in those critical limiters, what
would then become the limiting time period, and what is the
median time there and how much can that median be shortened.
You should be able to quantify it. I hope that is what you
are doing.
Ms. Dillaman. Sir, if I may, because I live and breathe
data, with the amount of work that we do, we track this down to
a source level. And we have, since the clearance reform team
was formed under OMB, we have provided full transparency to how
long every aspect of an--not only how long they take, but how
effective they are, how many times they net out the results
that have to be considered.
Two short years ago, the average time for a Top Secret
clearance was in excess of a year; the average time for a
Secret Confidential was in excess of 6 months. And bringing the
change to this and reform to this and watching it week in and
week out incrementally go down, while the inventory of pending
investigations dropped, meant we have to stay on top of data.
Mr. Holt. But, of course, you get smaller and smaller
marginal returns with more and more investment of money. And at
some point it is going to level off at an asymptote. We need to
know what that is, and for each of the ingredients as well as
the total process.
Now let me turn to the bigger question, which is the more
important question. We may be streamlining a fallacious
process. Again, when I have asked this question to people
before, I have not been satisfied with the answer, and I would
like to push it a little bit more.
How do we know that we are asking the right questions, that
we are making the right determinations, that the process has
any legitimacy? I must say I get on to this line of questioning
because I have been convinced for many years that polygraphs,
for example, are pseudoscience, bogus, just bogus; and yet, I
know various agencies rely on it. Yes, you can use it to scare
the daylights out of people, and maybe they will come forward
with something. That is not science. But it makes me question
whether the process is what it should be.
So who is asking the questions?
In fact, GAO said we need better metrics and, in fact, in
GAO's words, we need better measures of clearance quality,
which I take to mean, we are asking not just what are internal
quality controls, but we are also asking, have we cleared--have
we rejected the people who should be rejected, and have we
cleared the people who should be cleared? Have we avoided false
positives? Have we avoided false negatives? How are we
determining that?
And we know there have been some false positives. They go
by the names of Ames, and you know the list, and maybe there
are a lot of others we don't know. And I happen to know some
false negatives, constituents and others who have been
rejected, I am pretty convinced, unfairly, unreasonably,
illogically, or fallaciously.
So however we streamline the process, I hope somebody is
asking how we quantify, whether we are doing the right thing.
Ms. Farrell, since GAO addressed this, maybe I should start
with you.
Ms. Farrell. Thank you for bringing that up, because our
concern is the quality of the investigations. The numbers are
going in the right direction for timeliness, and the agencies
should be commended for that; OMB should be commended for their
commitment and their strong leadership.
As I noted earlier, everyone here wants to make it better,
but our concern is that we may have a product that has a quick
turnaround but is of poor quality. And it does no good to do
something better and still end up with a product that doesn't
meet the standards that you want.
Our concern is that we haven't seen metrics, and we haven't
seen quality built into the investigations and the adjudication
process.
The one metric that has been cited, that of returning
investigations--that is one of six phases of this process, just
one aspect of six phases--so there are more metrics that could
be built into not only the investigative phase, but the appeals
process, the application, all six phases.
Mr. Holt. Who should be responsible for building those in?
Where should it rest? Should it be this general group? Should
it be the DNI or the Secretary of Defense themselves? How can
we be sure this is going to be done or is being done now?
Ms. Farrell. You have a number of things going on
simultaneously. So the answer right now is, multiple players
should be doing this.
Mr. Holt. And is that bad? I mean, part of the security
clearance that we see is more uniformity, more consolidation.
That may or may not be good.
Should this be question about whether the process is even
right, whether it is fallacious or not, should that also be
centralized, or should that be decentralized?
Ms. Farrell. Right now, we have multiple processes, and we
are trying to move to a process that would have a common
framework that we share. The issue is, in the long term, will
it be shared by not only the OPM investigators, but those that
are doing investigations for the IC community as well. Right
now, we hope that OPM has taken action on some of our
recommendations to build in quality control measures for the
situation that is today.
We also hope that the reform committee will be looking
ahead. And, as part of their strategic thinking--again, it is
going back to, if you are going to overhaul a system that has
been in place for decades, you probably need new policies and
new procedures; and this is an opportunity to make sure that
quality is built in to all the phases of that uniform process.
Mr. Holt. Thank you. Mr. Johnson seems eager to speak. We
have a vote on the floor. I am delighted to see the Chair is
back.
Mr. Johnson. While you are here, let me make a very strong
statement.
We do not have a quality--a security clearance quality
problem in the Federal Government.
Mr. Holt. How do we know?
Mr. Johnson. No bill has been passed. There has been no
evidence that we are issuing----
Mr. Holt. Absence of evidence is not evidence of absence.
Mr. Johnson. I appreciate your conversations here and
statements about the math of all this, but let me address
something here.
The issue, the primary issue--by far, the primary issue--is
not that we are giving clearances to people that shouldn't have
them or that we are occasionally depriving the people that
should get them. There are appeals processes that people are
allowed to go through if they believe they are unjustly denied
clearance.
We have--what we have here and what the IRTPA attempted to
challenge the Federal Government, and I believe we are rising
to that challenge--is a timeliness issue, far and away, orders
of magnitude, that difference. That is the issue.
On the issue of what is central and what is decentralized,
we are centralizing, we have centralized the investigative
matter. The adjudication is decentralized now. It is by agency.
The responsibility for deciding who should get a clearance and
who should come to work at an agency needs to be that agency's
responsibility, because each one of their missions is different
and they need to look at what are the specifics.
So there is not centralized adjudication, there is
decentralized adjudication. There needs to be consistency of
training and expertise and so forth, but how they weigh the
factors should be, and is, agency-specific.
Chairwoman Eshoo. Thank you. Let me try to pick up where we
left off when I had to go over to the Capitol to vote.
It seems to me that--in a nutshell, that the IC community
is dealing with reciprocity and that the rest of the system is
dealing with timeliness.
Do you agree with that, or is that too--is that too much
shorthand?
Mr. Boswell. The IC has a timeliness issue, too. We are in
pretty good shape in terms of the 2006 timelines. But we are
not in good shape in terms of the 2009 timelines, and that is
why we need a transformed system.
Chairwoman Eshoo. I think that Mr. Issa's line of
questioning was helpful. And I can't help but think of the word
``jointness'' in all of this, because the legislation that the
Congress put forward really was, I think, at the heart of it.
And there are many manifestations of that, is that--that is our
goal, is jointness.
I understand that the needs of the Intelligence Community
vary and differ in some ways--not in all ways, but in some
ways--from the rest of the system. And, as he said, maybe there
should be two different systems. I don't know; I think that we
still have to probe on that. But I think that there are many
parts of this in terms of security clearance that are shared
across the government.
So how we achieve the jointness that the Congress directed,
I guess is the question, and how we measure that. And I know
Ms. Farrell in her testimony--and then your summary, you talked
about metrics. So I want to examine the issue of metrics.
But first, let me ask you, Ms. Dillaman, does OPM conduct
any clearances for the Intelligence Community contractors?
Ms. Dillaman. Only those that would be considered under the
Department of Defense. Yes. So we do all of the work for
Department of Defense and for industry.
Chairwoman Eshoo. You do?
Ms. Dillaman. Yes, ma'am.
Chairwoman Eshoo. Do you provide any assistance to
contractors of prospective employees to navigate the clearance
process? Or is that something that those that are seeking them
are on their own to do?
Ms. Dillaman. That belongs to the clearance granting agency
themselves, in this case, Department of Defense.
Chairwoman Eshoo. They do?
Ms. Dillaman. Yes, ma'am. And the initial application
process is an OPM-developed application process. So all of the
online collection of information, and all the assistance, and
tools that go with that, was developed by my agency.
Chairwoman Eshoo. Now, let me get to Ms. Farrell and the
whole issue of metrics.
What, in your work and how your work has instructed you,
should the DNI use to validate the entire team's results?
Ms. Farrell. I am going to go back to quality because--
although I mentioned four factors in the statement--
requirements, quality, quality measures, and long-term funding
costs--because you are going to need money and people to carry
out the reforms, but we would hope that quality would be built
in to the process.
Timeliness is an issue. We have heard that not only is it
an issue with the DOD agencies, but it is an issue, as well, in
the Intelligence Community.
But the quality metrics that we would be looking for would
be the completeness of the investigations and the adjudication
reports, or the training. And that has come up, that these
adjudicators are working for the multiple agencies that have
multiple processes carrying out the eligibility function. So
one metric would be looking at the number of training hours,
the course content. Is it meeting the needs of that training
community, especially for a new system that is being put in
place? Other metrics could include surveys of the affected
people, the adjudicators and the investigators, how well they
think the process is working, as well as building in other
internal controls for fraud, waste, and abuse, making sure that
there is independence in the system to oversee and that there
is no harm done.
Chairwoman Eshoo. Do you agree with that description? And
to the extent that these are the observations of the GAO, are
they built into your work?
Mr. Boswell. I think an end-to-end enterprise system will
have a much better way to measure the kinds of things that
GAO----
Chairwoman Eshoo. Do you agree with the specifics of the
metrics?
Mr. Boswell. I agree with what Mr. Johnson said, which is
that the issue at hand here is less the quality--we are
confident in the security clearances that we are providing. We
are confident in the quality of that system.
What we are working on is the timeliness of the system.
Chairwoman Eshoo. So do you agree or disagree with what Ms.
Farrell said about these metrics?
I mean, if you disagree, it is all right.
Mr. Johnson. I disagree.
Chairwoman Eshoo. Tell us why.
Mr. Johnson. The majority of the metrics she talks about
are input metrics. And if you are implementing something, we
look at training, we look at what the industry thinks of--we
poll the industry on a regular basis, frequent, ongoing basis
on how--they are a customer--how they view the process, the
timeliness, quality, customer service, and so forth.
Chairwoman Eshoo. We have done that in roundtable meetings,
and they are not very pleased.
Mr. Johnson. They are not. And that is the point. Their
understanding, their perception is different than the reality
in terms of timeliness; and so we need to make sure it tells
us----
Chairwoman Eshoo. What does that mean, ``their perception
is different'' than yours?
Mr. Johnson. They say that----
Chairwoman Eshoo. Their experience is not the way they
describe, the experience is not accurate?
Mr. Johnson. It is what they feel. I mean, it is--their
impression of the information is that times are not improving
as our statistics suggest they are. And so that says we need to
do a better job of working with them and getting statistics and
getting a common understanding of what is going on here and
what the opportunities are and what the obstacles are and so
forth.
So that is not something to dispose of or pay no attention
to what they think. It is, we need to do a better job of
linking up with industry, an even better job. And it is the
agency's responsibility, in this case, with industry, DOD.
Chairwoman Eshoo. I am not so sure I understand why you
disagree with what Ms. Farrell said. Let me get back to that.
Mr. Johnson. She talked about paying attention to training.
Of course, we pay attention to training. And a part of this
will be--and one of the things we started working on in 2006
was the adjudication, what consistencies and inconsistencies
there are, the adjudicators, adjudicating activity across
agencies, and what is the level of training and what level a
person is that does the work and so forth. And there has been
an ongoing effort to look at that and bring that all to be more
consistent, more aligned across the agencies so there can be
greater confidence in the quality of the adjudications done by
all the different agencies.
That is ongoing. But that is an input; you can do all that
and still have bad adjudications. But nobody feels, nobody has
said yet that we are granting clearances to people that
shouldn't have them.
Chairwoman Eshoo. Let me just go to Ms. Farrell.
Is that what you intended as you came up with the metric,
that there are people that are getting, receiving security
clearances that shouldn't?
Ms. Farrell. We don't know. I think the answer to that is,
you don't know. Because the last time we went in and looked at
the 50 top secret cases, 47 of them had incomplete information
that were related to residence, employment, education. And I am
not talking about missing ZIP Codes.
For example, talk social references. There is a requirement
that the investigator interview two colleagues of the applicant
that the colleague has provided, and then the investigator is
to develop two social references. We found cases where the
investigator only relied upon the information provided by the
applicant.
That is what we are talking about with ``missing and
incomplete.'' Also, 27 of the 50 cases had unresolved issues
that hadn't been followed up. So my response to that is, we
don't know. They don't know because of missing information.
It is alarming when you look at the numbers in terms of
incomplete investigations. The focus has been on timeliness--
and that should be commended, the progress that has been made;
again, the numbers are going in the right direction. But we
don't want to do a product quicker and have a poor-quality
product.
Mr. Johnson. The commitment in everything--we want to go
quicker with no diminution in quality. So there is no effort,
there is no inattention to quality here.
But with reference to employees that have gone bad, and
Director McConnell talks about there are 128-or-something spy
cases in the last whatever period of time. I think all of them,
if I am not misunderstanding it, went bad after they got here,
and 124 of them----
Chairwoman Eshoo. That is a whole other area.
Mr. Johnson. That gets into the risk management and the
continuous reinvestigation.
The suggestion was, because of the 128 people, that
suggests that we are missing some people as they came in. They
were--there was not risk when they were brought in. It is a
risk management, it is management of risk and attention to--
greater attention to their behavior after they are here.
I do not believe that there is evidence that we have a
quality issue that we need to categorically address. We are
firmly committed to quality of investigations, quality of----
Chairwoman Eshoo. I don't think there is lack of commitment
in this. I think that you all are struggling to turn, the
equivalent to me of a trying to make a huge cruise ship--trying
to make a U-turn in a small bay.
This is--we are dealing with a system that is very old and
was set up to produce different outcomes at a different time.
And I think it, you know, is characteristic of so many other
efforts since--most frankly, since our country was attacked.
And so I don't think that is--I don't doubt commitment from
any of you. I think that you are all superbly committed. It is
a matter of drilling down and seeing if, in fact, the
directives of the legislation have been met; where there are
shortcomings, that we work harder to correct them.
I know, Ms. Dillaman, you wanted to say something.
Ms. Dillaman. Thank you, ma'am. And with all due respect to
my colleague from GAO, I also think we need to put this in
context.
When GAO looked at investigations, they looked at
investigations conducted during the period of time when the
Department of Defense investigations program was transferred to
OPM--investigations, in fact, that were reviewed, started under
DOD's leadership.
Now, that is not pointing fingers. That is to say that the
two agencies had different standards applied to how
investigations were conducted. One of the major benefits of
combining the programs was uniformity, and we immediately did
launch a massive training effort to get everybody, contractors
and Federal employees alike, working toward the same standards;
revised a standard, one standard handbook. And so the outcome
of that merger effort is a more uniform program where the
investigative standards are implied.
There is work that needs to be done on the investigative
standards, too, because when they were first drafted, it was
almost a like a punch list. You would talk to two neighbors.
Whether two neighbors were to know this individual or not, you
had to talk to two neighbors. And in today's transient world,
there are people whose neighbors know nothing about them, and
they may not be the right source to testify to someone's
character.
Chairwoman Eshoo. We have already covered that ground in
the subcommittee, and there have been references made by other
members, by members of the full committee as well.
On this issue of quality, I think it would be helpful if
there were objective measures to prove that there is quality;
and that is not picking on an agency or to say that the things
that you are working on are not important. But it is very
important to have yardsticks by which we measure these things.
I think that every single one of us is for quality. Nobody
is going to doubt that or question that; and I am not going to
question that with any of you. It would increase confidence, I
think, here if in fact there were----
Mr. Johnson. I don't think asking what investigators think
of the process is an important quality measure. One of the
metrics opposed by GAO is to ask on an ongoing basis what the
investigators or adjudicators think of the process. I don't
believe that is a good quality measure.
Mr. Issa. Why? Why wouldn't you think that was important?
Mr. Johnson. Because I don't think what their impressions
are of the system have anything to do with whether it is a
quality product.
Chairwoman Eshoo. Well, you just talked about impressions
of the contractor community. Why are impressions from one
community okay and from another part of the community are not?
I sense that there are some tensions between what GAO's
recommendations----
Mr. Johnson. I am not a big fan of GAO using 2-year-old
data to talk about the absence of quality in the process.
Chairwoman Eshoo. Do you sit down and talk to each other?
Mr. Johnson. All the time.
Chairwoman Eshoo. And you can't get this worked out?
Mr. Johnson. I have communicated very clearly that I
believe a lot of their data they refer to----
Chairwoman Eshoo. How flexible are you? I think more than
anything else it is--look, if there is anyone that understands
jurisdictions and how people fight over them, Congress is the
best case.
Mr. Johnson. GAO loves the management part of OMB, and we
work very closely with GAO. And--we have our differences of
opinion, and I don't believe that measuring inputs or using 2-
year-old data is the way to measure quality.
Chairwoman Eshoo. I would be happy to yield.
Mr. Issa. You did your study 2 years after you said, Let's
make a change, and you are complaining that it is 2 years old.
My question is, 2 years after Congress acted, these are the
results you have. So they are valid 2 years after Congress
empowered the administration to make a change. And, quite
frankly, Mr. Johnson, you have been with the administration
long enough to know that this administration, for which I
personally voted and support--but this administration has been
here 7 years; so we are going to be looking back at year 2, 3,
4, 5, and 6 of this administration, well into the next
administration.
The question is, was it valid at the time Ms. Farrell did
the study? And what has been changed, that the two of you can
agree on, has been changed since that time? That is what we
want to know.
Mr. Johnson. Let me answer your question.
The time period, if I am understanding correctly, for the
50 cases she talks about, was December and January of 2005 and
2006; that is when the reform effort began. And the
investigation, the study was of cases--as Kathy said, of cases
that were investigated by DOD, not by OPM. So it is pre-reform;
it was an analysis of the pre-reform situation. The before, not
the after.
And there is not an assessment that is current or of the
reform where, after the responsibilities were changed.
Mr. Issa. By the way, we are only here on 2-year terms. So
we are kind of funny about 2 years seeming like an eternity.
Ms. Farrell. We are presenting the facts for you to do with
as you wish.
The sample in question was taken in January and February
2006. At the end of that calendar year is when, by law, you
were wanting the IRTPA requirement to begin with its
milestones. The 50 cases that we looked at were cases that OPM
investigated. Keep in mind that OPM had had 2 years to plan for
the transfer from DOD's investigation service to them, so we
are pretty sure that those cases are OPM's. I have talked to
the staff, and they do not remember any of those cases
belonging to the DOD investigators; they had already
transferred. And, again, OPM let these go through their quality
assurance program.
So what were their quality standards? Even if they
inherited them--and I am not saying that they did, but if they
inherited them, what quality procedures were in place to keep
them from slipping through? And that is what is lacking, it is
the quality procedures.
We believe in measurements of goals in order to determine
where you are going. OMB has led the government in such
measurements. The ones that we suggested are suggestions. We
think those would be good. There are more metrics that could be
done. We would hope that the current reform committee would
consider this issue of quality and build quality in, as well as
timeliness for the future.
Chairwoman Eshoo. I just have a couple of more questions
and then we will go back to Mr. Issa. And I don't think that
Mr. Holt is going to be able to come back, so I think we will
start winding down. But it has been most helpful.
Now, in the legislation, there was a mandate that the
President designate a single agency to direct the day-to-day
oversight for investigations and adjudications for personnel
security clearances.
My question is, who did the President designate under the
act? And do they actually maintain day-to-day oversight?
Mr. Johnson. The President designated OMB. And I was
designated.
Chairwoman Eshoo. So you are the point person.
Now, why do some intelligence agencies still conduct their
own investigations and adjudications? We have kind of gone
around that, but so it is----
Mr. Johnson. How I will answer that is the following:
Particularly in the Intelligence Community, the
investigation, the clearance investigation, is one and the same
with the suitability investigation, and----
Chairwoman Eshoo. So clearance and suitability are shared
across the government?
Mr. Johnson. No. In Intelligence Community it is super
critical of those. That is one and the same: Do they get the
clearance and are they suitable for employment? It is pretty
much the same issue, but they are less one in the Interior
Department, for instance. And that is a gross
overgeneralization.
But also, the feeling was, it was being done on a
reasonably timely basis already in the Intelligence Community.
And so does the Intelligence Community continue to do their
investigations and their adjudications, while we focused on
reforming where there were timeliness issues, which was the
primary issue, and that was outside the Intelligence Community?
Chairwoman Eshoo. My sense in the kind of collective
testimony today is that you all have essentially placed your
pedal to the metal on timeliness. And that is important,
timeliness. There is no one that is going to question or
suggest that being untimely is okay. It is not.
But I think that there are other issues to be dealt with
here. That is my sense, and I think that some of the testimony
points to that.
So, again, is there, in your view, a necessity to have some
intelligence agencies conduct their own investigations and
adjudications? I mean, is that----
Mr. Johnson. They do it now.
Chairwoman Eshoo. I know that they do.
Mr. Johnson. Or are you saying, should we change that?
Chairwoman Eshoo. Yes.
Mr. Johnson. I don't know of a reason to change that.
Mr. Boswell. I certainly agree with that in spades.
And just to emphasize a point that was made: A condition of
employment in, for example, CIA is that everyone is cleared at
the Top Secret and has SCI access. That is very different from
what it is in most other organizations.
Chairwoman Eshoo. So I am gathering from Mr. Johnson and
Ambassador Boswell that you don't think that in terms of
efficiency and other factors, it would make sense to have one
agency manage all security clearances?
Mr. Johnson. Do you mean, all do the investigation? Because
right now, the adjudication is done by each hiring agency.
Chairwoman Eshoo. I understand.
Mr. Johnson. You mean, have one entity do all the
investigations?
Chairwoman Eshoo. One entity in charge of all security
clearances.
Mr. Johnson. I do not believe that there should be one
agency making all adjudication and all investigation.
Chairwoman Eshoo. And I appreciate that.
Mr. Johnson. Because it is the responsibility of each
agency. Because they are the pursuer of their mission. They are
the ones that understand their mission, and they understand
where there might be risk and where there may not be risk, and
they are best equipped to make that adjudication.
Chairwoman Eshoo. That has been a very long-held view, and
that is one view. And I wanted to question about that.
I can see how extraordinarily strongly you feel about it,
and I am not diminishing what your view is, and it is a very
strongly held one.
I am going to stop there. I will go to Mr. Issa now again.
Mr. Issa. Ms. Farrell, thank you very much for the work you
did. I am sorry that we don't have continuous improvement in
the government, that every month you don't get two or three
records to look at so that--like polling data or like tracking
of any organization.
UPS knows every day whether they are getting better or
worse, because there is some amount of quality circle every
night on every part of the company. Because, by definition,
they don't wait for a big study, and then when it comes out say
it is 2 years old; they, in fact, do it every day.
So I am sorry that we don't give you that capacity more.
I would hope that as quickly as possible you could do at
least a mini update on what you currently have that is now
being accused of being dated, because I personally, as least as
one member, have great confidence that you will find a
substantial number of the same problems. I am sure there will
be some improvements, but if you would look again, I think we
would all benefit from it.
Mr. Johnson, I am going to be less kind, perhaps, than the
chairwoman. I don't like the way you are treating this
committee. I think, in fact, you haven't talked to your boss. I
think that, in fact, both the President, the Secretary, the DNI
have all made it very clear that we want to end stovepiping.
So when you say that this joint task force that is supposed
to be finding a way to use clearance process reform as part of
the ending of stovepiping, you don't think we are going to get
there and don't think you should, I think you are out of line.
When you become disingenuous on its face, when you tell me that
there is no problem with reciprocity, but then of course we are
going to continue to have different agencies have different
fiefdoms in order to determine who is going to be fit to work
there, and then we think they are going to openly let each
other agency with different standards look at each other's
information, which ultimately is what you say will have to
happen.
Now, Ms. Eshoo and I both, we travel, we have the
opportunity to work with many of the people in the most
sensitive areas around the world, and we do see a tremendous
improvement in jointness. We see a tremendous improvement in
the attitude of the operatives and the management in the Pak-
Afghan border region, in other areas of interest. So I am not
going to say that there isn't progress being made. I have seen
it, the chairwoman has seen it.
What I am saying is that the Congress was unambiguous in
saying that we wanted to get to, essentially, oneness of
standard, oneness of process, not levels, but process; so that,
in fact, at a given level--and I appreciate what you said
earlier, that not everyone that can see one document can see
the other, even if they have the same level of clearance--but
the quality and acceptance of each other's clearance in the
process.
Today, you have sort of demonstrated, and I think Ms.
Farrell shook her head as much as she can, she is probably
going to have to go take an Advil at the end of this thing, to
say that, No, I don't think that a fair oversight of a year and
a half ago, 2 years ago says that you are making that progress,
and today you are not giving us the confidence that you are.
Now, I want to be wrong. And I certainly am not going to
lecture you and then not give you a chance to respond. But both
for you and for Ambassador Boswell, I have got to tell you, I
think my interpretation is that Congress wants everybody who
can be cleared, be cleared to be used in the best place they
can. That is part of the outreach that the DNI talked about.
Two, we want to have somebody who has a need to know
something to have been cleared at a level, be able to get it.
And simply going from one agency's information to another is
not a reason to redo the same level of security clearance. If
there are different levels, fine. But as someone rises to them,
and the chairwoman and I have the luxury of rising to the
highest level. And, by the way, not because we would have
passed your screening test under the rules, but we do have that
luxury, so we get to see how important it would be for one
person to see something else in order to get to the bad guys
before they get to us.
So I would like to hear your response on it. I do think
Congress was unambiguous in saying that we envision no separate
standards, no inability to port somebody from the NSA to the
CIA, et cetera, based on these other factors of individuality
being excluded, but not based on the documentation or the
transparency of that documentation as appropriate.
And I would love to hear your comments.
Mr. Johnson. I don't think you would find any difference,
first of all, in terms of what I am suggesting versus what the
President and Mike McConnell and Secretary Gates and so on
would want. I would love to have you go back, or have your
staff go back through the transcript of this meeting and call
me; and I will come up, and you tell me where, based on what
was said here--not what was heard, but what was said here--
where I disagree with what you think the President's and Gates'
and McConnell's intents are. Because I do not intend to deviate
from what they have directed us to do.
What we are saying by ``reciprocity'' is that all prior
investigative work should be accepted. You should not have to
redo somebody's investigative work simply because you want to
take another look in another department about whether
suitability or clearance over here equates to clearance over
here.
I will bet you, if you asked the Members of the House or
Senate or anybody in the executive branch, senior capacity,
whether your access to Top Secret information at Interior would
qualify you for access to Top Secret information at CIA, you
would hear a resounding ``no.''
Mr. Issa. Then the question, and the Chair--look, not all
Top Secret is created equal, not all Secret might be created
equal, although mostly it is sort of post-CNN usually. And as
we go up the levels, I don't have a problem with you saying
something is a higher level. But I do--I do disagree.
If you categorize something at a given level, and there is
a need to know in the course of legitimate doing of somebody's
job, which in this case is finding the bad guys, which takes
all these different agencies, including probably a Department
of Agriculture person who is seeing some movement of something
that can blow up a building or whatever, then, yes, the
categorization should be consistent. That is what Congress told
you all.
So when you say, No, it can't, yes, you are on the record
saying exactly what we think is different than what we said and
what the administration said they heard.
Mr. Johnson. Okay. Well, that is not what was said, sir.
Mr. Boswell. Sir, I hope I didn't misunderstand what you
said with your comments earlier. TS/SCI within the Intelligence
Community is entirely reciprocal. I mean, there is no
stovepiping. An enormous progress has been made on this. It is
entirely reciprocal. You may find some cases where--you know,
we all have our stories, but it is entirely reciprocal.
You mentioned earlier polygraphs. A CI polygraph done by
one intelligence agency is entirely accepted by any other
intelligence agency. There is no repolygraphing.
Mr. Issa. We are glad to hear that. We don't know that to
be true at this point. So, hopefully, we are both hearing the
same thing.
Mr. Boswell. Likewise, a full-scope polygraph done by one
agency is reciprocal to another agency. And they are accepted
within the agencies that do--or the few agencies that do full-
scope polygraphs.
Mr. Issa. So if I am at NSA and I am short of polygraph
people, CIA can help me out and it is completely going to be
reciprocal?
Mr. Boswell. I can tell you that the DNI, for example, in
polygraphing its own people, relies on several agencies to do
it. They polygraph to common standards.
Mr. Issa. That is very good to hear.
One last thing in closing: The 128 that was mentioned of
people who have betrayed their country, the statement that they
all went bad after they had the job, I think flies in the face
of what this committee has heard in the classified setting
about individuals who--one or more individuals, who clearly
cheated to get into one agency, cheated to get into another
agency, had lied throughout the process, and is currently in
the news.
So I would hope that that would be double-checked before it
was repeated again, because I don't think we can fairly think
that that person or people are outside the 128.
Thank you.
Chairwoman Eshoo. Thank you, Mr. Issa.
Let me just ask one more question, and then I will make
some brief closing comments in thanking all of you. I think
this has been worthwhile. I have learned from it, and that is
what hearings are for.
Ambassador Boswell, you said in your testimony that there
not be any diminution of quality. And I want to get back to the
issue of quality, because it is so important in what we do.
Can you tell us about what proposals you are validating in
the team effort? How you are addressing this? What metrics you
are using? Are there any?
Mr. Boswell. Yes, ma'am.
Chairwoman Eshoo. Give us some confidence in this.
Mr. Boswell. There are a number of what we call
``demonstration projects'' that are going on. Now, they will be
done in time for us to make our proposal to the President.
There is a substantial degree of quality control and quality
checking. These are all to validate the quality in addition to
speed up the process, but to validate the quality of the new
system that we hope to have in place.
So quality control and attention to quality is absolutely
central in this process.
Chairwoman Eshoo. Well, let me thank you all for--first of
all, for your service to our country. That is what we are all
here for, and we can never, ever lose sight of that. Our work,
our oversight, the work of the Congress is really on behalf of
our country and the American people.
The questions that we raise and what you do in your
respective areas of the executive branch, we are partners in
this. And so while some of the questions may ruffle feathers,
so to speak, that is very healthy. I think it is very healthy,
and I hope that you accept the questions and the observations
with the highest sense of purpose that, hopefully, we have
asked the questions.
And so thank you to you, to all of your colleagues that are
here that are not at the table testifying, for the work that
you do.
I want to acknowledge the work of our staff again. I can
never thank them enough, because they provide the consistency
of all of this, and we simply can't do the work of all of them.
Mr. Ruppersberger has joined us. And I would like to invite
you, even though it is the tail end of our hearing. We have
completed the questions.
Mr. Ruppersberger. I just want to thank you for having this
hearing, because this is such an important issue for us in the
Intelligence Community. You and I have been here for 5 years.
And we have so many issues that we have to deal with, if we
don't deal with this and get it where we need to be and pull it
together--and it seems there were a lot in the past, a lot of
different agencies and turf and OMB; and now we----
Chairwoman Eshoo. We have gone through some of that.
Mr. Ruppersberger. It is all about the end game, doing it
right. I don't need to go any farther.
Chairwoman Eshoo. Thank you for coming to say that.
With that, we will adjourn the hearing. Thank you.
[Whereupon, at 11:38 a.m., the subcommittee was adjourned.]
