PDF Version




                       SECURITY CLEARANCE REFORM

=======================================================================

                                HEARING

                               before the
                            SUBCOMMITTEE ON
                         INTELLIGENCE COMMUNITY
                               MANAGEMENT

                                 of the

                            PERMANENT SELECT
                               COMMITTEE
                            ON INTELLIGENCE

                       ONE HUNDRED TENTH CONGRESS

                             FIRST SESSION

                               __________

           Hearing held in Washington, DC, February 27, 2008


                  Printed for the use of the Committee






                     U.S. GOVERNMENT PRINTING OFFICE

41-733 PDF                 WASHINGTON DC:  2008
---------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing
Office  Internet: bookstore.gpo.gov Phone: toll free (866)512-1800
DC area (202)512-1800  Fax: (202) 512-2250 Mail Stop SSOP, 
Washington, DC 20402-0001





















               PERMANENT SELECT COMMITTEE ON INTELLIGENCE

                    SILVESTRE REYES, Texas, Chairman
LEONARD L. BOSWELL, Iowa             PETER HOEKSTRA, Michigan
ROBERT E. (BUD) CRAMER, Alabama      TERRY EVERETT, Alabama
ANNA G. ESHOO, California            ELTON GALLEGLY, California
RUSH D. HOLT, New Jersey             HEATHER WILSON, New Mexico
C.A. DUTCH RUPPERSBERGER, Maryland   MAC THORNBERRY, Texas
JOHN F. TIERNEY, Massachusetts       JOHN M. McHUGH, Texas
MIKE THOMPSON, California            TODD TIAHRT, Kansas
JANICE D. SCHAKOWSKY, Illinois       MIKE ROGERS, Michigan
JAMES R. LANGEVIN, Rhode Island      DARRELL E. ISSA, California
PATRICK J. MURPHY, Pennsylvania
ADAM B. SCHIFF, California
          Nancy Pelosi, California, Speaker, Ex Officio Member
       John A. Boehner, Ohio, Minority Leader, Ex Officio Member
                    Michael Delaney, Staff Director
































 
                     HEARING ON SECURITY CLEARANCES

                              ----------                              


                      WEDNESDAY, FEBRUARY 27, 2008

                  House of Representatives,
        Permanent Select Committee on Intelligence,
         Subcommittee on Intelligence Community Management,
                                                    Washington, DC.
    The subcommittee met, pursuant to call, at 9:31 a.m., in 
room 340, Cannon House Office Building, the Hon. Anna G. Eshoo 
(chairwoman of the subcommittee) presiding.
    Present: Representatives Eshoo, Holt, Ruppersberger, 
Tiahrt, and Issa.
    Chairwoman Eshoo. Okay, I think we will begin.
    Good morning, everyone. I thank you for being here.
    I again offer not only my apology but the apologies of the 
subcommittee for your very long wait in December. As I said to 
you informally, it was a day that quickly turned into chaos 
with all that we had on the floor. And your time is just as 
important as everyone else's, so, again, my apologies and also 
my welcome this morning for this important hearing.
    Security clearances are the gateway to our national 
security establishment. Everyone in the Intelligence Community 
has to possess a security clearance to do their job, not just 
government employees but also the contractors who build 
satellites, maintain computer systems and protect government 
officials. The security clearance process fundamentally affects 
who is hired by the Intelligence Community, how agencies share 
information and coordinate, and how well we deter and prevent 
espionage.
    For years, our security system was plagued by delays and 
inefficiencies. This hurt our national security, I believe, by 
making it harder to hire good people who couldn't wait months 
or, in some cases, years to know if they have a job. It hurt 
contractors who couldn't get clearances fast enough to bid on 
classified programs.
    The clearance system was primarily developed for the Cold 
War, when the concern was communism. In that environment, we 
tended to exclude people who had relatives overseas. This meant 
that our Intelligence Community was not very diverse. Today we 
need people who can blend this all over the world. We need 
people who understand the cultural context and speak the 
languages of countries where terrorists are likely to hide.
    When the clearance system was developed, we dealt in paper 
records, not electronic files. Investigators knocked on doors; 
I think, in many cases, they still do. Today, people make 
paperless, complex financial transactions over the Internet and 
use social-networking programs. So we have to find ways to 
leverage these technological developments in the clearance 
process to both streamline the system and identify security 
risks.
    Three years ago, Congress passed the Intelligence Reform 
and Terrorism Prevention Act. The legislation established some 
requirements for improving the security clearance process, 
governmentwide.
    The House Armed Services Committee recently held a similar 
hearing as this one to discuss the DOD's progress on improving 
the security clearance process. Many of the agencies that this 
committee oversees are responsible for their own security 
clearance processes and, thus, may have a different perspective 
on the government's progress.
    I hope the witnesses--and, again, welcome to each one of 
you--will address a few key questions. One, how does the 
Intelligence Community handle their security clearance process 
compared to the rest of the government? Two, what are the 
strengths and weaknesses of the Intelligence Community's 
current security clearance process? Three, how do we evaluate 
the effectiveness of the pilot program for security clearance 
reform? Four, how do we ensure that the security clearance 
process helps meet our Nation's goals to hire good people and 
to protect classified information? So those are the key areas I 
think that we need to explore.
    Today's witnesses are the Honorable Clay Johnson, III, 
Deputy Director for Management at OMB; Mr. Eric Boswell, 
Assistant Deputy DNI for Security; Ms. Kathy Dillaman, 
Associate Director of the Federal Investigative Services at 
OPM; Ms. Brenda Farrell, the Director of Military and Civilian 
Personnel and Health Care--this is a real mouthful--Defense 
Capabilities and Management at the GAO.
    Mr. Johnson, Mr. Boswell and Ms. Dillaman will provide 
testimony about the efforts to transform the security clearance 
process, and Ms. Farrell is going to provide the members with 
historical perspective on the challenges we faced in the past 
with the security clearance process and what strengths and 
weaknesses exist in the current system.
    The GAO has issued many reports over the last decade, 
decade and a half. I have plowed through several of them, and 
they are highly instructive, and I thank you for your work.
    She is also going to advise committee members on what 
objective metrics we should use to evaluate the progress under 
the administration's reform efforts.
    So we look forward to the witnesses' testimony.
    And I would like to welcome and recognize Mr. Issa, another 
member of the California congressional delegation, who is the 
distinguished ranking member of the subcommittee.
    Mr. Issa.
    Mr. Issa. Thank you, Madam Chair. This is the California 
subcommittee of the House intelligence.
    Mr. Johnson, Ambassador Boswell, Ms. Dillaman and Ms. 
Farrell, there is nothing more bipartisan on the House 
Intelligence Committee than, in fact, getting the clearance 
process right. Your testimony is greatly appreciated.
    And reforming the security process will be the subject 
today, and I do appreciate that there have been improvements. 
The development of electronic forms and that reduction of 
paperwork and the continuity is a critical direction that was 
long overdue.
    But we still hear of major concerns in a number of areas, 
most notably the Arab, Muslim and the other communities of 
outreach most essential if we are to understand and be able to 
make effective contact in the areas that, today, occupy most of 
our defense and intelligence resources.
    Our intelligence community relies heavily upon domestic, 
human assets to analyze information from areas of the world 
that are quite alien to us. One of the most important and 
volatile areas of the world, the Middle East, is an area in 
which the people analyzing it often have no firsthand knowledge 
of that part of the world. Americans with such knowledge apply 
for security clearances every day, in hopes that they can serve 
their country in an intelligence capacity. Sadly, many 
applicants are turned down because of foreign contacts they 
maintain in the Middle East.
    While we need to ensure that security clearances only go to 
applicants whose loyalties to the United States are 
unquestionable, we should not assume that individuals' 
allegiances are suspect simply because they have friends or 
family in the Middle East. The very reason they have detailed 
knowledge of the reason and its language and its customs is 
primarily because of those contacts and their history.
    The Intelligence Director, Mike McConnell, addressed this 
issue of hiring Arab and Muslim Americans at his nomination 
hearing over a year ago. Though he is not here today, I am 
interested to hear what the Intelligence Community has done 
under his leadership to improve the ability of Arab Americans 
and others to successfully apply for security clearances.
    Beyond the specific issue of Arab-American security 
clearances, Congress has tried to improve the security 
clearance process by placing certain provisions in the 
Intelligence Reform and Terrorism Prevention Act of 2004. That 
required the administration to drastically reduce timelines and 
modernize the process by leveraging technology.
    Unfortunately, we did not address the broader issues, such 
as how facility clearances are obtained and maintained, how 
information systems are certified and accredited. And I 
understand that, in addition to gaining personnel clearances, 
both the security-related issues greatly impact industry's 
ability to deliver capability on behalf of the Nation's 
security. In short, we do not have a system for a cleared 
defense contractor or contract person to go from facility to 
facility and take, in a seamless way, their capability with 
them.
    I appreciate the fact that the Intelligence Community has 
found ways to make it relatively easy for Members of Congress 
to travel around the world to both public and private places, 
and somehow our clearances quickly arrive, and we seem to 
always be well-screened and immediately put through. It would 
be wonderful if that same level of capability were there for 
all of those who have real need to know and real contribution 
to give.
    Also, I understand the administration has designated the 
Office of Personnel Management, OPM, as the lead agency for 
security clearance reform efforts. My question is, does the OPM 
own the entire end-to-end process? I rather doubt it.
    I understand that the impression that the OPM performed all 
background investigations is simply not true. The adjudication 
and access granted individually by each agency and each agency 
having their own individual process makes it impossible to 
truly say that the OPM is anything other than an interesting 
umbrella group.
    I am not proposing today that we strip individual agencies 
of their capability to make the final decisions, but it is very 
clear that if we are to have a 30-day or 60-day clearance 
process to become a reality, that we are going to have to have 
a single form, a single sheet, a single process, and ultimately 
a take-it-or-leave-it by the various agencies. That does not 
exist today.
    I am looking forward to your testimony and the questions 
beyond the scope of just this introduction. And I thank you 
very much for being here today.
    And hopefully OPM-bashing is not what you interpret that I 
am doing, but rather recognizing that, inherently, if we give a 
lead agency some authority but not all authority, we really 
give them no authority.
    Thank you, Madam Chair. And I yield back.
    Chairwoman Eshoo. Thank you, Mr. Issa.
    I call on Mr. Tiahrt, a diligent, thoughtful member of the 
subcommittee and the full committee.
    Mr. Tiahrt. Thank you, Madam Chair. And I guess I am from 
eastern California.
    Mr. Issa. We will make you honorary for today only.
    Mr. Tiahrt. I am glad to be here from Kansas. I am very 
concerned about the clearances. I do have a hearing at 10 
o'clock, and I am the ranking member and have to attend. But I 
appreciate the testimony and especially the good work the GAO 
has done. And I am looking forward to whatever the comments are 
going to be.
    Chairwoman Eshoo. Thank you.
    Thank you for being here this morning.
    We will start with Ambassador Boswell, with his testimony, 
and move across the table.
    And I think, if I might suggest this, that you keep your 
comments brief or maybe summarize what you would like to say, 
so that we can have a good give-and-take in asking questions 
and really drill down to some of these areas. I know you come 
fully prepared. I don't want you to think we are diminishing 
what you have to offer. But I think, in these hearings, the 
more we get to ask questions and hear your answers, there is a 
fullness of what we will draw out of the hearing.
    So, again, good morning.
    And thank you to you, Ambassador Boswell. This is your 
time.

 STATEMENTS OF MR. ERIC BOSWELL, ASSISTANT DEPUTY DIRECTOR OF 
 NATIONAL INTELLIGENCE FOR SECURITY; HON. CLAY JOHNSON, DEPUTY 
 DIRECTOR FOR MANAGEMENT, OFFICE OF MANAGEMENT AND BUDGET; MS. 
 KATHY L. DILLAMAN, ASSOCIATE DIRECTOR, FEDERAL INVESTIGATIVE 
 SERVICES DIVISION, OFFICE OF PERSONNEL MANAGEMENT; MS. BRENDA 
 S. FARRELL, DIRECTOR OF DEFENSE CAPABILITIES AND MANAGEMENT, 
                GOVERNMENT ACCOUNTABILITY OFFICE

                   STATEMENT OF ERIC BOSWELL

    Mr. Boswell. Thank you, Madam Chairwoman. I am happy to be 
here at this ``California subcommittee.'' I feel quite at home 
here; I am a California resident myself.
    Mr. Issa. They will all move to California eventually.
    Mr. Boswell. Chairwoman Eshoo, Mr. Issa and distinguished 
members of the subcommittee, thank you for the opportunity to 
be here to discuss security clearance reform. I am very pleased 
to be with my colleagues, Mr. Clay Johnson, Ms. Kathy Dillon, 
and my GAO colleague.
    As this subcommittee is very aware, the Intelligence Reform 
and Terrorism Prevention Act of 2004 established the first-ever 
legislated measures of success with regard to the timeliness of 
security clearance processing with goals for 2006 and 2009. 
While helpful, these measures include only the investigation 
and adjudication segments of the process and do not, on their 
own, provide for end-to-end process performance measures nor 
capture all of the opportunities for improvement that would 
result in a timelier, less burdensome process for applicants.
    While the Intelligence Community agencies that conduct 
their own investigations and adjudications are compliant with 
current IRTPA goals, the existing process is not, in our 
estimation, likely to allow these agencies to achieve the 
additional efficiencies to meet the 2009 objectives.
    Recognizing that transformational change will be required 
to meet such future need, the Director of National Intelligence 
has agreed that security clearance reform should be a top 
priority, as evidenced by its inclusion in his 100-day and 500-
day plans. The DNI's call for improvements to the security 
clearance process is matched by the Secretary of Defense, who 
has placed security clearance reform as one of the Department 
of Defense's top transformation priorities.
    The intelligence and defense partnership on this issue is a 
driving force in shaping the efforts to achieve meaningful 
change. Together, these senior leaders established the Joint 
Security Clearance Process Reform Team, which I will call the 
Joint Team from here on. The two leaders of this team are 
behind me here: John Fitzpatrick, who is Director of the 
Special Security Center at the ODNI, and Elizabeth McGrath, who 
is a Deputy Under Secretary for Defense.
    The Joint Team conducts its activities with the oversight 
and concurrence of OMB and the participation of other agency 
partners. Most notable in this regard is OPM, whose Director 
has joined the DNI, DOD and OMB as a champion of the newly 
integrated security and suitability reform effort.
    This expanded partnership highlights the finding that the 
process for determining eligibility for access to classified 
information, suitability for Federal employment, eligibility to 
work on a Federal contract, and granting access to federally 
controlled facilities and information systems rely on very 
similar background data. However, the processes for collecting 
and analyzing that data are not sufficiently coordinated. 
Therefore, the overall scope of the reform effort now 
encompasses aligning security clearances and Federal employment 
suitability to ensure that the executive branch executes these 
authorities within a framework that maximizes efficiency and 
effectiveness.
    The importance of this project was underscored on February 
5th of this year when the President issued a memorandum 
acknowledging the work of the combined group and directing the 
heads of executive departments and agencies to provide all 
information and assistance requested by the Director of OMB in 
this important endeavor.
    The memo also directs the Director of OMB, the Director of 
OPM, the Assistant to the President for National Security 
Affairs, the DNI and the Secretary of Defense to submit to the 
President an initial reform proposal not later than April 30, 
2008, that includes, as necessary, proposed executive and 
legislative actions to achieve the goals of this reform.
    In the current phase of its activity, the Joint Team is 
conducting concurrent work in three areas: information 
technology, policy development, and targeted demonstration 
activity that seeks to validate innovations in the new process 
design.
    The primary innovations driving the transformation involve 
the use of more automated processes and data-collection 
mechanisms that aim to significantly reduce processing times 
across the security clearance life cycle by eliminating manual, 
time-consuming processes. The new process proposes the use of 
new investigative tools, an end-to-end information management 
system, a continuous risk-management philosophy, and efficient 
standardized business practices. There is more detail on this 
in my statement for the record.
    While the Joint Team will make every effort to identify and 
recommend deployment of near-term improvements, it is equally 
important to note that end-to-end transformation across the 
government will take time, resources and the concerted effort 
of all implementing agencies.
    In another important area, an area that Mr. Issa mentioned 
in his statement, modifications to Intelligence Community 
hiring policies are being made to allow for the hiring of 
first- and second-generation Americans or ``heritage'' 
Americans. This effort includes careful consideration of ways 
to balance risk while increasing opportunity for such citizens 
to be considered by the clearance process.
    We have studied existing programs within the community that 
may offer a model for other IC agencies to build upon. We fully 
expect a near-term outcome of this DNI-level policy change to 
result in more applications from heritage Americans and 
ultimately a more robust mission capability within the IC.
    I am confident that sufficient executive commitment exists 
to ensure that security clearance reform will be achieved.
    Madam Chairman, that concludes my statement, and I welcome 
any questions.
    [The statement of Mr. Boswell follows:] 


    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]

    
    Chairwoman Eshoo. Thank you.
    I would like to welcome to the hearing this morning 
Congressman Holt, another diligent, very thoughtful, 
intelligent member of this subcommittee.
    Mr. Johnson, welcome. And we look forward to your 
testimony.

                   STATEMENT OF CLAY JOHNSON

    Mr. Johnson. Thank you. Chairwoman Eshoo, Ranking Member 
Issa, members, thank you for having this hearing today. I will 
be very, very brief, so we can get to questions, and I will try 
not to duplicate what I know Kathy is going to talk about and 
what Eric has already talked about.
    I want to make it very clear to this committee that 
significant progress--significant progress--has been made to 
reform the security clearance process. Yes, the emphasis has 
been on improving the timeliness of the process, but that has 
been the primary problem. There are other issues, which you 
have identified in your opening statements, but the primary 
issue that we have been addressing here is the primary issue, 
which is timeliness.
    We talked about the opportunity for technology and 
paperless, quicker access to electronic records and so forth 
being a huge opportunity. Our focus to date, for the last 2 
years, has been--while we have developed plans to pursue these 
other opportunities, our primary focus in the last 2 years has 
been on the basics, which is expand the capacity to do the 
work--that was the primary problem--and to improve the 
accountability for doing the work as called for. We have 
accomplished that. Kathy will talk about the investigative 
capacity expansion at OPM. But we have made significant 
strides.
    This is great, but we are not where anybody wants to be. 
The Intelligence Community I think reluctantly agrees that 
there has been some improvement, but they believe that there is 
more to go still, and we do too. And everybody wants to be at a 
different place than we are now, even though we have made 
significant strides.
    Currently, it takes too long to retrieve all records and 
information. It takes too long to adjudicate particularly 
industry requests. And it takes too long to move information 
and files around.
    Longer term, as Eric talked about, we need to transform the 
system. There is a very impressive effort under way, involving 
everybody, to make this happen. I am confident that we are 
going to end up where we want to be.
    One of the really fantastic parts about this process is 
everybody wants this to work. Everybody is committed to making 
this happen. Nobody likes any aspect of the current state of 
affairs. Industry wants it to change, agencies want it to 
change, you want it to change. There is not divisiveness on 
this. It is, ``Let's do it, let's do it well, and let's do it 
magnificently.'' And that is our plan. And our goals are high, 
and we are working very hard on it and making great strides.
    [The statement of Mr. Johnson follows:]


    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    Chairwoman Eshoo. Thank you.
    Ms. Dillaman.

                  STATEMENT OF KATHY DILLAMAN

    Ms. Dillaman. Madam Chairwoman, it is my privilege to be 
here today to testify on behalf of the Office of Personnel 
Management and to provide you an update of the progress we have 
made thus far, plus our continuing reform efforts.
    As you know, OPM's mission is to ensure the government has 
an effective civilian workforce. To accomplish this mission, we 
provide the background investigations for over 100 Federal 
agencies that are used to support suitability decisions and 
security clearance determinations. Last year, we conducted over 
2 million investigations.
    As you noted, we are not responsible for all of the 
government's background investigations, but we do handle 90 
percent, with delegations to the Intelligence Community for the 
balance. We do, however, support the Department of Defense 
entirely, including their industrial clearance investigations.
    Since implementation of the Intelligence Reform Act, we 
have made significant progress in improving the overall 
timeliness and eliminating the backlog of investigations. We 
have focused on four critical areas that have to be managed 
effectively to make this progress efficient: first, workload 
projections; then the processes agencies use to request 
investigations; the investigations; and the adjudication 
processes.
    To staff the investigations and adjudications programs 
responsibly, clearance-granting agencies have to be able to 
project their workload needs annually. We have established a 
goal of a 5 percent margin, and significant progress has been 
made in getting agencies to project effectively.
    For the submission processes, that previously was a very 
labor-intensive paper process, a form filled out every time you 
had to go through the process, again and again. We have 
expanded OPM's Web-based online system. It is called the 
Electronic Questionnaires for Investigations Processing, e-QIP, 
which allows subjects to fill out their information online and 
eliminates the paper. This allows them to submit the request to 
their governing agency, and, in turn, they can submit the 
request to us.
    For the first quarter of fiscal year 2008, 83 percent of 
the clearance investigations we received to conduct were 
submitted electronically. Fourteen agencies and Department of 
Defense's industry submissions are at 100 percent electronic 
submission.
    For investigations timeliness, the Intelligence Reform Act 
required that, by the end of the 2006, 80 percent of the 
background investigations for initial clearances be completed 
in an average of 90 days or less. We have exceeded that 
statutory goal. In fact, of the 586,000 initial clearance 
investigations we received to process in fiscal year 2007, 80 
percent were completed in an average of 67 days. Top Secret 
took 92 days. Those are much more extensive. And Secret/
Confidential took an average of 63 days.
    We have increased our staff to over 9,400 Federal and 
contractor employees. And, as a result, there is no backlog of 
investigations related to insufficient resources. While 
eliminating the backlog, we have substantially reduced the time 
it takes to complete the investigations.
    Other factors have contributed to this improvement. Working 
closely with Federal, State and local agencies, we have 
improved processes for obtaining third-party information, 
getting the required records we need much faster.
    We are not done yet; there is still work to be done. But 
great improvements have been noted.
    We have worked closely with the Department of Defense and 
the State Department, and we have deployed an international 
team to get the required overseas coverage necessary. In fact, 
in 2007, we had 360 agents who were detailed abroad, and they 
completed more than 24,000 international contacts or record 
searches.
    While improving the timeliness of investigations, we have 
also been vigilant in maintaining the quality of those 
investigations. Our training programs and material, as well as 
our internal quality-control processes, ensure that the 
investigations we conduct meet the national investigative 
standards and the needs of the adjudication community.
    We are also continuing to work with the agencies to reduce 
the time it takes to deliver completed investigations between 
OPM and the adjudicating offices and for them to record their 
adjudication action in a central records system. This includes 
implementation of an imaging system that lets me move completed 
investigations in an electronic format to the adjudicating 
offices.
    Last year, we went online with Department of Army, and to 
date we have sent over 113,000 investigations to them 
electronically, making the process between OPM and Army 
virtually paperless. We anticipate up to 10 more agencies this 
year will come online with receiving electronic submissions.
    We are also continuing to optimize our current processes by 
maintaining adequate staffing, building partnerships with 
information suppliers, and through greater use of information 
technology. EPIC, which is our automated suite of tools that 
support investigations and adjudications, will allow for total, 
end-to-end paperless processing for those agencies that are 
prepared to use them.
    We are also partnering, as I noted, with the Office of the 
Director of National Intelligence and the Department of Defense 
for more significant reforms to the overall process. This 
reform effort is challenging traditional processes, from 
application through adjudication. The ultimate outcome will be 
a governmentwide system that continues to protect national 
security through modern processes that are secure, dependable, 
scaleable, time- and cost-efficient.
    This concludes my remarks. I would be happy to answer any 
questions you have.
    [The statement of Ms. Dillaman follows:]

    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    Chairwoman Eshoo. Thank you.
    Ms. Farrell.

                 STATEMENT OF BRENDA S. FARRELL

    Ms. Farrell. Madam Chairwoman, with your permission, I 
would like to summarize my written statement. I promise you 
that my remarks won't be as long as the written statement, but 
I think it will be a good segue into the conversation that you 
wish to have today.
    Chairwoman Eshoo. Thank you.
    Ms. Farrell. Thank you for the opportunity to be here today 
to discuss the Federal Government's personnel security 
clearance reform efforts.
    My remarks today are based on GAO's numerous reports that 
give us a historical view of key factors that should be 
considered in clearance reform.
    Our reviews have identified delays and other impediments in 
DOD's program, which maintains about 2.5 million clearances, 
including clearances necessary to carry out intelligence 
functions. These longstanding delays resulted in our adding the 
DOD personnel security clearance program to our high-risk list 
in January of 2005.
    In the past few years, several positive changes have been 
made to the clearance processes because of increased 
congressional oversight, recommendations from our body of work, 
and new legislative and executive requirements, most notably 
the passage of the Intelligence Reform and Terrorism Prevention 
Act of 2004, which many of you had a hand in passing.
    One important change is the formation of an interagency 
team, of which members of that team are present here today on 
the panel. The interagency team plans to deliver a transformed, 
modernized, fair and reciprocal security clearance process that 
is universally applicable to DOD, the Intelligence Community 
and other U.S. Government agencies.
    Two of the four key factors in my written statement 
essential to the interagency team achieving the goal of 
reciprocal security clearance process involve: one, 
incorporating quality-control steps; and two, establishing 
metrics for assessing all aspects of the process.
    First, government agencies have paid little attention to 
quality, despite GAO's repeated suggestions to place more 
emphasis on it. For example, the government uses the percentage 
of investigative reports returned for insufficiency during the 
adjudicative phase as the primary metric for assessing quality. 
As you may know, GAO has identified this metric by itself as 
inadequate.
    Prior work examined a different aspect of quality: the 
completeness of documentation in investigative and adjudicative 
reports. We found that OPM provided incomplete investigative 
reports to DOD adjudicators, which the adjudicators then use to 
determine Top Secret eligibility. Almost all, 47 of 50, of the 
sampled investigative reports GAO reviewed were incomplete 
based on requirements in the Federal investigative standards.
    In addition, DOD adjudicators granted eligibility without 
requesting additional information for any of the incomplete 
investigative reports and did not document what they considered 
some adjudicative guidelines when adverse information was 
present in some of those reports.
    In addition, our October 2007 report documented the 
reluctance of some agencies, particularly the DHS and the FBI, 
to accept clearances issued by other agencies. To achieve 
greater reciprocity, clearance-granting agencies need to have 
confidence in the quality of the clearance process.
    The second key factor I wish to discuss is establishing 
metrics for assessing all aspects of the clearance processes. 
Many efforts to monitor clearance processes emphasize measuring 
timeliness, but additional metrics could provide a fuller 
picture of the clearance process.
    Similar emphasis on timeliness appears to be emerging for 
the future of governmentwide clearance process. In the DNI's 
500-Day Plan for Integration and Collaboration, the core 
initiative to modernize the security clearance process 
identified only one type of metric--processing times--about how 
success will be gauged.
    GAO reports have highlighted a variety of metrics that have 
been used to examine clearance programs, such as: one, 
completeness of investigative and adjudicative reports; two, 
staff and customers' perceptions of the processes; and three, 
the adequacy of internal controls. Including these and other 
types of metrics could add value in monitoring clearance 
processes and provide better information to allow greater 
congressional oversight.
    In summary, the current interagency team to develop a new 
governmentwide security clearance system represents a positive 
step to address past impediments and manage security reform 
efforts. Still, as already noted by the panel members, much 
remains to be done. And GAO stands ready to assist the 
Congress.
    Thank you, and I am ready for questions when you are.
    [The statement of Ms. Farrell follows:]


    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    Chairwoman Eshoo. Thank you very much, to each one of you.
    Let me start this off with an observation. I think that 
some progress is being made. I am encouraged by what the 
President called for. I am encouraged with the work and some of 
the statistics that are offered. I mean, I did read all of the 
backup.
    And I would like to acknowledge all of our staff, both from 
the majority and the minority side of the committee, because, 
without them, we wouldn't have what is presented to us and help 
set up the hearings. So I want to acknowledge their very fine 
work. They care about this, and they help carry us.
    Let me start out with what is the directive of the 
Congress, which is the IRTPA. We have----
    Mr. Issa. We could have done better on the acronym, 
couldn't we?
    Chairwoman Eshoo. Exactly. We could have, Darrell. We could 
have.
    At any rate, that legislation set forth requirements in the 
area of reciprocity, and I want to examine that. There were at 
least four requirements that were set down in that that all 
agencies--I think you know what they are, so I don't have to 
repeat them.
    What we have learned from a roundtable that the 
subcommittee had is the FBI acknowledged, in the roundtable, 
that neither the FBI or DHS, they do not have a clearance 
reciprocity with other agencies 3 years after the enactment of 
the legislation.
    Do any of you want to comment on that? In the interagency 
team, has that been addressed? Has it been examined? Can you 
tell us more about that?
    Because I think that there is a shortcoming there; at least 
this is what they have told us.
    Mr. Johnson. Eric needs to talk about the Intelligence 
Community.
    And Kathy needs to correct me if I am wrong on this fact, 
but the clearest indication of there not being reciprocity is 
an agency requests a new investigation of somebody that already 
has an investigation for a clearance level at the level that 
they are going to have at the new agency. My understanding is 
that if somebody requests that OPM does an investigation and 
they already have a clearance for that level, Kathy does not do 
the investigation.
    Chairwoman Eshoo. So does that leave a gap? Are we where we 
need to be?
    Ms. Dillaman. No, I don't believe we are where we need to 
be. But there are controls in place. Last year, I think, we 
rejected about 25,000 requests, where agencies came in and 
asked for unnecessary investigations. They were forced to not 
duplicate the process. Now, we conducted 800,000 clearance 
investigations last year. And so that is certainly one 
indicator.
    And I don't believe that is just malicious, not accepting 
other agencies. Sometimes it is just not using the transparency 
we have made available into the clearance actions. One of the 
requirements of the act was that there be a national database 
of clearances so that there would be transparency.
    Now, OPM and the Department of Defense, together, have 
linked the master databases that provide for transparency into 
someone's clearance. If you looked at my record, you would see 
that there is a Top Secret clearance, sponsored by the Office 
of Personnel Management, based on an investigation that was 
conducted. That database is made accessible across government 
to all agencies.
    Now, it does not include the clearances in the Intelligence 
Community, by the very nature of those clearances in that data 
system. If we had tied those systems together, it would have 
made the whole system classified, and then it would not be 
usable to a broad section of the government.
    Chairwoman Eshoo. Was it the Congress' directive in the 
legislation that has produced this, or is it that we simply 
haven't gotten to it?
    Ms. Dillaman. I think it is the practical understanding 
that, by and large----
    Chairwoman Eshoo. What does that mean?
    Ms. Dillaman. By and large, outside of the Intelligence 
Community, the need for transparency into the investigative and 
adjudicative history of an individual is outside of the 
classified arena. Within the Intelligence Community, that is 
maintained.
    And so, instead of one system, there are two: the system 
that is OPM and DOD tied together, which has 90 percent of the 
unclassified clearance information, and that inside the 
Intelligence Community, which I am sure Eric can discuss.
    Mr. Johnson. Let me say that I contend that reciprocity of 
security clearances exists. Are there exceptions? Sure. What 
does not exist is, to my knowledge--I believe this is true--is 
reciprocity of suitability clearance.
    You have had an investigation that deems you suitable for 
employment--forget security clearance--that deems you suitable 
for employment at the Interior Department. Now you are being 
considered for employment at the Treasury Department. Forget 
the clearance. Suitability, that is a separate process.
    And we did not, nor did IRTPA, charge this group----
    Chairwoman Eshoo. Let's call it the legislation.
    Mr. Johnson [continuing]. The legislation charges us to 
look at suitability.
    But everybody has agreed, which is why the task force now 
looks at aligning suitability issues of this sort with 
clearance issues of this sort. Because to reform one without 
the other leaves a broken system.
    But I generally will contend--and, again, if it is not a 
fair statement, let me know, let the committee know--that 
clearance reciprocity exists; suitability reciprocity does not.
    Chairwoman Eshoo. And why do you think that is the case? 
What contributes to that?
    Ms. Dillaman. I think suitability is a little different 
science, in that it considers the position that the individual 
is applying for.
    Let me give you an example. An individual may have a Top 
Secret clearance with an agency and, in their past, have a 
history of drug use, but considering the whole-person concept, 
it was not sufficient to deny a security clearance. At the same 
time, that person may not be suitable for all positions across 
government, especially if there is a nexus between drug use and 
the position, like a DEA agent would be.
    There are other types of disqualifiers where the individual 
may get a clearance in one agency but not be suitable to work 
in another type of position.
    Chairwoman Eshoo. Aren't these all processes, though? 
Aren't the results the same? And that is that it inhibits the 
movement of people, jobwise, obviously, suitability clearance? 
I mean, they are all connected. They are not, in my view--I 
mean, they are----
    Mr. Johnson. But there are separate rules and statutes and 
so forth. So that is why the committee is looking at it.
    Chairwoman Eshoo. Where are we----
    Mr. Johnson. Take Kathy's example of somebody who is moving 
to an agency where drug use is an issue. It would be 
appropriate to dig deeper on the issue of their past drug 
usage, to look at whether they are suitable to work at DEA.
    Chairwoman Eshoo. Don't you think just common sense would 
dictate that that might be an issue, no matter where someone 
is? At what agency is it acceptable for someone to have a drug-
use background? It doesn't make sense to me.
    Mr. Johnson. If drug use was 30 years ago in college.
    Chairwoman Eshoo. Timeliness. Okay.
    Mr. Johnson. What we want to make sure doesn't happen is, 
if you want to dig deeper on one issue, you don't begin the 
investigation all over again. You accept the investigative 
work, if it is current, done to date, and you add to it.
    And that is not the case in most of these situations or 
historically, where if you needed to look at something in 
greater detail, you looked at the whole thing all over again. 
And that is the absence of reciprocity. Reciprocity means look 
at additional things but accept what has already been done.
    Mr. Boswell. Madam Chair, can I jump in with one thing?
    Chairwoman Eshoo. Certainly.
    Mr. Boswell. Within the IC, reciprocity works pretty well. 
It is the rules of the road, and it operates.
    The IC is served by one common database, as Kathy 
mentioned. It is a classified database, for good reasons. I 
think what we are talking about here, though, is that we need a 
database for the government. Reciprocity is not well-served by 
the existing architecture, the IT architecture. And we are 
working, in the Joint Team, to try to find some way to make 
that happen.
    Chairwoman Eshoo. I appreciate your adding that, but one of 
my favorite subjects is technology. Obviously, my district is 
the driver of it.
    Mr. Issa. Our State, you mean.
    Chairwoman Eshoo. Our State. Thank you. Our district makes 
our State that much better, and our country.
    But the requirements of the legislation really set forward 
several areas. The evaluation is supposed to assess the 
application of technologies in at least five areas: granting 
interim clearances--you know what they are--expediting the 
initial security clearance processing, including the 
verification of information submitted by the applicant; ongoing 
verification of suitability--we have touched on that; the use 
of technologies to augment the periodic investigations; and 
assessing the impacts of the above, without going into the 
detail of it.
    It is my understanding that only one area has been 
addressed, and that is expediting the initial security 
clearance process. And I would like you to comment on that. Is 
this incorrect? What are the timelines for the other four 
areas?
    I can't help but think that there must be some frustration 
on the part of people representing the various parts of this 
system, because you are working hard to make up for, I 
shouldn't say, the sins of the past, in order to revolutionize 
the system.
    But in oversight, we want to drill down on where there are 
still, you know, some shortfalls. And so I would ask you to 
comment on that.
    And then I am going to go to Mr. Issa for his questions.
    Mr. Johnson. I should have been listing the four items in 
particular. But when the full reform effort began in 2006--
latter part of 2005, and began to see some impact in 2006--the 
priority was placed on initial investigations versus 
reinvestigations. And there, as a result, has been--it was 
capacity and accountability which was the primary focus.
    So, as a result of that, significant--significant--
improvement had been made in the time it takes to investigate--
first of all, at the beginning, the time it takes to get a 
request for an investigation from the person signing it to the 
investigative entity, the time it takes to investigate it, and 
the time it takes to adjudicate it. There have been significant 
improvements in adjudication timeliness, investigative 
timeliness, transmission of the original application 
timeliness. So the whole process has made significant strides.
    The other three areas were?
    Chairwoman Eshoo. Well, one of them is granting interim 
clearances. I mean, that was one of the--that was supposed to 
come out of this. Ongoing verification of suitability of 
personnel with access to classified information. The use of 
technology to augment----
    Mr. Johnson. The technology pieces that we have focused on 
have been an idea toward timeliness and given current 
technology--the deployment utilization of the technologies that 
exist today. So that has been e-QIP, as Kathy talked about. 
That has been transmission of files from the investigative unit 
to the adjudicated unit, which can cut weeks off of this 
process.
    The longer-term issues, like an entirely different 
architecture for the database, going paperless, all of the 
things that have huge potential are still before us. They are 
longer-term issues that require investment of funds; it is 
technology that does not exist today.
    Another form of technology application here has been 
getting access to digital records as opposed to paper records. 
Kathy has done a great job working with different industries 
and database record sources to be able to accomplish that. So 
there has been attention to that.
    I wouldn't say that the community is frustrated over where 
it is; the community is quite proud of what has been 
accomplished. But the goals laid out by IRTPA, for all the 
right reasons, are very, very aggressive. And that is our goal. 
Our goal is to completely change this and take it to several-
orders-of-magnitude-greater levels of performance, and that is 
what our focus is.
    Chairwoman Eshoo. I think what was spelled out in the 
legislation is really needed. When one goes through and reads 
the GAO reports that have been issued over quite a long period 
of time, it is a system that really needs overhaul. I am glad 
that we are taking some steps. I think we still have a ways to 
go.
    Let me acknowledge my friend and colleague, Mr. Issa.
    Mr. Issa. From the telecom valley of the south.
    One of the challenges we face--you know, certainly, if we 
looked at industry and we said, ``Would you do things the way 
we were doing them 3 years ago?'', the answer--those truths 
were self-evident, that they had long ago given up the systems 
we were using.
    But let's take a company; let's take General Motors. Could 
you imagine if an executive in the Chevy division were 
transferred to the Cadillac division and they said, ``Well, 
yeah, we know you took a polygraph''--I am stretching this a 
little--``a polygraph in the Chevy division, but we have our 
own people, and we are going to re-ask you the same questions 
in order to employ you in the Cadillac division.'' Would that 
be considered to be one company?
    You know, Ambassador, on the base it of all, the fact that 
we still--or, Ms. Farrell, I know you have looked at this--the 
fact that we still repolygraph people when they move, looking 
at the same data, at a desk next to each other, but if they 
move from ownership of one agency to another, we repolygraph 
them, in some cases.
    Is there any basis under the intent of Congress to continue 
doing that?
    Mr. Boswell. If I can touch on that, first, I think that 
reciprocity within the Intelligence Community works rather 
well. And, second, I would like to get on the record that I 
don't----
    Mr. Issa. Is this the part that you think works well, 
though?
    Mr. Boswell. Reciprocity of security clearances.
    We also have, obviously, a joint duty requirement, which 
has been instituted by the DNI, and all members of the 
Intelligence Community have agreed to accept the clearances of 
the originating agency when folks move from one position to a 
joint duty position.
    Polygraphs are not a particular impediment toward security 
clearances. They are not a big piece of the timeline. And----
    Mr. Issa. Ambassador, isn't it true that we have a critical 
shortage of people to do polygraphs, that that, in fact, is one 
of the bottlenecks? I am trying to understand why it is not an 
impediment if we don't have enough people to administer them.
    Mr. Boswell. It is not an impediment in terms of the amount 
of time in the process. Only a few of the intelligence agencies 
require polygraphs. We still leave it up to the individual 
agencies, and only five of them--I think it is five--require a 
polygraph. So it is really not a substantial impediment.
    Mr. Issa. Okay. Maybe I am--yes, Ms. Farrell?
    Ms. Farrell. If I could build on what my colleagues have 
said, OPM has the bulk of the investigations to do; it is about 
90 percent----
    Mr. Issa. But you have all those Confidential and Secret 
clearances that, quite frankly, you know, they are pro forma 
almost; you know, see if the guy actually did get convicted of 
a felony when he said he didn't. I mean, let's go through the 
bulk and slim it down.
    We are here today primarily talking about our most 
sensitive access, and that is not 2 million last year. That is 
how many, Ms. Dillaman?
    Ms. Dillaman. 90,000 to 100,000 for Top Secret clearances, 
and a like number for the reinvestigations that we do.
    Mr. Issa. Right. Okay. But within your purview, 90,000 to 
100,000 at TS, and then, above that, a fraction of that 90,000 
to 100,000 that would be even more thorough.
    So we are talking about 90,000 to 100,000. I just want to 
make sure that we don't keep looking at 2 million. You know, as 
a second lieutenant, I had to have a Secret clearance. 
Actually, as a private, I had to get that Secret clearance. 
Candidly, they didn't know that much about me.
    Ms. Farrell. Top Secret takes longer; it costs more. And 
perhaps sharing clearances among the Federal agencies is not an 
issue, but those that are associated with the Intel Community 
are an issue.
    But it appears to us that from--for example, I mentioned 
our October 2007 report, where we went in and looked at, I 
believe it was, 54 fusion centers that are a mechanism for 
helping collaboration of information-sharing. It was through 
that work that it came to our attention that there was this 
reciprocity issue, especially with the DHS and the FBI, which 
you acknowledge you had discussions at your roundtable about, 
that they were unwilling to share other Federal agencies' 
investigations.
    But my point being, OPM does the investigations for Top 
Secret for the vast majority. Perhaps there is not an issue of 
transfering clearances from the Agricultural Department to 
Commerce. There is this issue of suitability that Mr. Johnson 
was explaining, and there is some overlap with security 
clearances. There is some duplicative effort there that could 
be streamlined. I believe the joint working group is working 
toward that, which is a good thing.
    But then, within the IC community, you have this issue of 
reciprocity. Maybe amongst them there is not an issue of going 
from DIA to the CIA, but there is this issue of someone outside 
the community coming in with a clearance. We haven't done work 
specifically looking at the Intelligence Community, but we have 
a little insight from the October 2007 work that I mentioned.
    Mr. Issa. Okay. Well, I think I see a pattern that--I want 
to, sort of--I am going to bifurcate a little bit of the 
community versus all others, because it appears as though we 
are heading down that road.
    Mr. Johnson. What road? I am sorry.
    Mr. Issa. The road of--basically, there is the IC 
community's real, core clearances, and then there is all 
others. I mean, that is becoming pretty evident, that it is not 
about what level of clearance, it is about who gave you the 
clearance. I mean, I think even though you are disagreeing on 
this, you are agreeing in a sense.
    And let me just give you the example. ``Factors used to 
determine eligibility for security clearances''--this is saying 
it is a clearance: Allegiance to the United States, foreign 
influence, foreign preference, sexual behavior, personal 
conduct, financial considerations, alcohol consumption, drug 
involvement, psychological conditions, criminal conduct, 
handling protected information, outside activities--I guess 
that would be soccer and so on--and use of information 
technology systems.
    Stamp collecting, exactly. Clearly not a Californian.
    Now, the question is, are these actually eligibility for 
security clearance, or do these get down that nonreciprocity 
side, that it is okay to give you a TS with a drug background, 
just not a TS for DEA? Is that what we are really talking 
about? Even though they are printed on a document that actually 
gets attached when somebody gets rejected, that, in fact, we 
are mixing the two.
    Does Congress need to understand clearly the difference 
between you can see the information and you can have access to 
where you might be able to generate or pass on differently? Is 
that what we are talking about here? Because I would like to 
understand that in addition to the two communities, if you 
will, of clearances.
    Ms. Farrell.
    Ms. Farrell. Those guidelines I believe you were citing is 
what the adjudicator looks at to determine the eligibility. 
And, again, I think the issue here is who is doing the 
investigation and the quality of the investigation, which has 
Federal guidelines that the investigators should adhere to in 
terms of conducting the investigation--you know, doing the 
background check, the financial check, their social check, 
employment, education. They put the package together, and then 
those other guidelines you referred to are used by the agency 
or the adjudicator to determine that person's eligibility for 
that Top Secret clearance.
    Mr. Issa. But it is not for the Top Secret clearance, as it 
turns out. Some of this is for do you get the job or not. You 
have been offered a job, in this case, at the CIA. But when 
they go through this, the truth is, if you were working for 
DOD, you might get your Top Secret, but you are not going to 
get it for the CIA, because, in the case of the rejection 
here--it was cited by Elizabeth York, so I am assuming this is 
completely unclassified, since it was sent through ordinary 
mail with no designation at a center in Maryland.
    ``During your security testing session, October 2005 to 
January 2006, you noted on two occasions that you had direct 
contact with officials of foreign government, including two 
non-U.S. ambassadors and a foreign minister.'' This is part of 
the fact that this person is being told they can't do it.
    Now, the fact that this person was an employee of the 
Department of Energy in an unclassified environment, that this 
person, in fact, is multilingual and an Oxford graduate--by the 
way, they also note her attendance at Oxford as a period of 
time outside the country in her rejection.
    When we are looking at a system that--Ms. Dillaman, you are 
doing a great job of making it digital--when we are looking at 
a system in which somebody applies and it turns out that 
exactly when the DNI is basically being confirmed, in December 
of 2005, as we are saying we want to bring in Arabs and 
Muslims, we add a directive, which the language of the 
directive is cited right here, that actually says that foreign 
contact is going to be a limiting factor in getting it--it 
should be a consideration for a limiting factor.
    So if you have family and friends overseas, you are not 
going to get the clearance, while we tell people, Arabs and 
Muslims, that already speak the language, we want them. You 
don't speak the language fluently without contacts in the 
community that, if you don't have contacts over there, they are 
going to have contacts.
    So before we go on to some of the wonderful work being done 
digitizing stuff, how do we get past this impasse when, in 
fact, we are taking Oxford grads, law students who happen to be 
fluent in Arabic and Spanish and, oh, by the way, can talk to a 
foreign minister in their native tongue at a 3/3 level, how do 
we reject these people and cite that they had those very 
contacts overtly?
    Yes, Ms. Farrell?
    Ms. Farrell. I hope that the reform committee is looking at 
that, because you keep talking about GAO's reports going back 
years. I know that they went back at least until 1974, before I 
started at GAO.
    Mr. Issa. Before you graduated high school, for goodness' 
sake.
    Ms. Farrell. That is in my background investigation.
    But we have had these issues of quality and incompleteness 
in 1999, 2001, 2006, and we are getting ready to go in and look 
again and see what it is. We have talked about the need for a 
massive overhaul of this system, which is what the reform 
committee is trying to do.
    We would hope to see, in their revised plan, one of the 
issues that you are bringing up: Are they going to look at the 
policies and update them or amend some, eliminate them, in 
order to bring them up and into, quite frankly, the 21st 
century so that it can take into account individuals that would 
be acceptable today that wouldn't have been acceptable perhaps 
during the Cold War?
    Mr. Issa. Yeah. I guess, great question. Are you?
    Mr. Johnson. Am I what? Sorry.
    Mr. Issa. Are you going to look at these factors? Are you 
going to make these differences a part of the restructuring? Or 
are we gong to rely on a directive that came out of 2005, where 
we say we want to recruit and then, by the way, we are making 
it almost impossible to succeed. We get the applications and 
then we reject them at a high level.
    Yes, Mr. Ambassador?
    Mr. Boswell. As you noted in your opening statement, Mr. 
Issa, the DNI has made it a priority to facilitate bringing 
heritage Americans----
    Mr. Issa. A priority publicly, and a directive that makes 
it much more difficult privately.
    Mr. Boswell. We had a tough time during the DNI's Senate 
confirmation hearing, because one member of the panel brought 
up an example of a job application within the IC that basically 
said, if you have a foreign-born parent or immediate family 
member, don't even bother to apply. That was an error, of 
course. It has never been the standard that it prohibits 
employment in the Intelligence Community.
    But what is changing--and it is not final yet--but what is 
changing is that, in the past, having an immediate family 
member that was a heritage American, to bring that person on 
board required a waiver. And the mere existence of that 
requirement discouraged people from applying. The DNI is going 
to change that policy--it is in the final stages of interagency 
coordination--to eliminate that waiver requirement. The 
standard will remain tests of loyalty to the United States, but 
the waiver requirement will be gone.
    Mr. Issa. Okay. Because we want to alternate here, I would 
appreciate if, actually in a classified response, we could get, 
item by item, changes that you are going to make so that we 
have a better understanding. Because the committee, at least 
the Chairwoman and myself, both have substantial foreign 
contacts and/or--well, we meet with foreign heads of state all 
the time when we travel. But also, we both have family and 
influence that go directly back, oddly enough, both to the 
Middle East.
    So, you know, it is a deep concern that we are the people 
who are trying to make sure America is safe, while in fact we 
are going to take people just as loyal as the Chairwoman or 
myself and potentially exclude them. We don't have that luxury. 
There just aren't enough people who understand or have the 
ability to get a jumpstart on our Middle East needs. And that 
is our biggest problem, is the pool is pretty small to then cut 
off, as you said, arbitrarily.
    One last question, and then I am very much have used all my 
time. The differences between--and we will just use the CIA as 
an umbrella for an agency or the NSA and all other clearances, 
I am detecting a lot.
    Let me ask you a real question, because we talked about the 
two databases--one that is broad but not deep, one that is deep 
but not available. When we did our reform, should we 
potentially have said that there are two tiers of this reform, 
one tier for the vast majority and one tier for the most 
sensitive, and that, in fact, each had to have harmony?
    And I noted, Ms. Farrell, you said 47 percent of DOD 
applications were incomplete but approved.
    Ms. Farrell. 47 out of 50 cases.
    Mr. Issa. Oh, 47 out of 50, so twice the percentage.
    Well, the CIA often rejects because you didn't give them 
one fact of one foreign contact, even though you gave them half 
a dozen or a dozen. You just missed one. So the standards are 
so different in who gets the job.
    I will ask each of you--and you can respond here and 
further, obviously, behind closed doors--did we err and should 
we, in fact, be looking at two levels of sensitivity, so that 
the vast majority of clearances, including Top Secret, are 
done? And then, if you will, we will call it the compartmented 
mentality, that the next level is a matter of DEA, NSA, CIA and 
others saying, okay, for sensitive beyond, let's say, base TS, 
we are going to have another umbrella of harmonization.
    I don't have a problem with there being two databases. I 
have a problem that if I have the need to know, those two 
databases aren't equally accessible. I have a problem not with 
TSs not being equally run around. I have a problem that at a 
given level it is not clear that they can move around. And I 
have no problem at all, as a second lieutenant with a Secret 
clearance, being told it only goes so far. But, at some point, 
our most sensitive information being available to somebody, we 
need to have that.
    Can you respond to that? I know it is a broad question, but 
it goes to the core of do we need to take further action?
    Ms. Farrell. Well, I think----
    Mr. Issa. Thank you for your courage.
    Mr. Johnson. We are all for further action. I am not sure I 
understand the question.
    Mr. Issa. Well, it doesn't appear as though you are going 
to get to, if you will, a one-paper process at the most 
sensitive level unless we segregate it from the vast majority 
of others. It looks like Ms. Dillaman has high confidence--Ms. 
Farrell, you seem to have high confidence--that we can get 1.8 
million approvals done, and most of those will have great 
reciprocity, great capability. It just isn't going to work at 
the agency or at the CIA, it is not going to work at the NSA, 
it is not going to work at the NSC.
    I mean, I think----
    Mr. Johnson. Ambassador Boswell said it is working. I don't 
understand--you pointed to one example that, by the way, is 
over 2 years old, if I understood the dates correctly, before 
Mike McConnell was put in as the DNI and has adopted these 
policies and initiated these reforms.
    Mr. Issa. That was the start. The end is much more current.
    Mr. Johnson. Okay, well, I misunderstood. But I think Eric 
said that there is reciprocity with the intelligence community.
    Mr. Issa. So I can get a clearance at the TS level, X, Y, 
Z, that goes through, let's say, for DOD. And I get up from DOD 
as somebody working in the Deputy Assistant Secretary's Office 
for ``Blank,'' and I can be on the Pak-Afghan border the next 
day and have no problem being read in to the most sensitive 
counterintelligence if that is the same level? No. We don't 
have that ability. So, you know----
    Mr. Johnson. For all the right reasons.
    Mr. Boswell. But, sir, I think what you are getting at is 
the question that the Chairwoman also mentioned, which is that 
the existence of a database and the ability to move information 
across from one agency to another.
    And the problem, of course, as Kathy Dillaman mentioned as 
well, that one database is classified and the rest are not. 
Well, we are looking for--the intention is a unitary system to 
address exactly the questions that you raised. That is the 
intention of the Joint Team, and we hope to get there.
    Mr. Johnson. Let me make one comment about----
    Mr. Issa. You seem to have a different opinion, and I am 
going to ask you to make the last--and then yield back my time.
    Chairwoman Eshoo. You don't have any time to yield back.
    Mr. Issa. I know I don't.
    Ms. Dillaman. If I may?
    Chairwoman Eshoo. But I appreciate--I want this to be free-
flowing, because there is a lot of questioning.
    Ms. Dillaman. There is a very broad base of need across 
government, some classified, some unclassified. There is 
absolutely no restriction on the classified world having access 
to our information; it is only the reverse.
    And so, for that population that stays outside of that 
classified arena and moves around, the system supports it well. 
For the classified world, who needs to draw from the 
unclassified, that system will support it well. And for the 
limited number that may move out of the Intelligence Community 
into the nonclassified world, there is a delayed process. But I 
believe, even then, with the information-sharing progress we 
are making, that will not be excessive.
    And so we have cut down the risk of individuals being 
stalled in that fluid movement around government significantly, 
not to the ideal state you just described, but certainly to the 
point where every possible user in government has access and 
isn't hampered because they themselves aren't working inside 
the classified world.
    Mr. Issa. Thank you.
    Mr. Johnson. Mr. Issa, can I make one quick point----
    Mr. Issa. Talk to the Chair.
    Mr. Johnson [continuing]. That addresses this issue?
    If you move from, like, an under secretary at DOD to, all 
of the sudden, now you are in Pakistan or Iraq or something, 
doing intelligence work--I spent a couple, 3 hours with John 
out at NSA. And this gets to the issue of what this community 
is trying to do, which is move from risk aversion to risk 
management, which is a general concept we talk about, where we 
have somebody who is Iraqi or Pakistani, and if they are 
working on something over here that is domestic, high-level, 
very top-secret, whatever, their being Pakistani or Iraqi may 
not be an issue. But, all of a sudden, if they are working at 
NSA on Iraqi or Pakistani issues, they may be listening to 
conversations by relatives of theirs.
    So there is a security management issue there that has to 
be addressed. And what NSA is doing, for instance, is you 
manage the risk; you don't say, yes, you can do this, no, you 
don't. What is the risk, and how can we manage it? So, for 
instance, maybe you put them in a separate facility, or maybe 
you put them here, or maybe you put some controls, or maybe you 
do some extra quality control.
    In general, now, we are talking about more emphasis on 
reinvestigations, be it Secret or Top Secret, throughout this 
whole process, what changes the overall approach to this, risk 
management versus risk aversion. The original security 
clearance thing, which is 50-plus years old, is a risk-aversion 
process. We want all to go, I think, by and large, to a risk-
management process.
    Risk management gets us into--and this is the NSA example--
into being able to hire the foreign speakers. So even though 
there are significant risks, you don't say, ``Ooh, there is a 
little risk.'' No, there is some little risk, let's find out a 
way to manage it, because this person wants to do a good job, 
we need to have that job, we need their language skills, let's 
do it. There is a really strong commitment within the IC to do 
that.
    It was something that was irrelevant. It was an irrelevant 
issue 5 or 10 years ago. It is highly relevant now. And my 
impression is and firsthand knowledge of it, albeit sparse, is 
they are doing a very aggressive, good job of managing those 
risks, not saying no to all those people with foreign 
relatives.
    Chairwoman Eshoo. All right. I would like to thank you, Mr. 
Issa. Good line of questioning.
    Mr. Holt.
    Mr. Holt. Thank you, Madam Chair. Thanks for holding these 
hearings.
    I thank the witnesses for coming.
    Let me pursue two lines of questioning. And forgive me, I 
was out of the room for part of the time. I may have missed 
this. But it wouldn't hurt to summarize it for me and for the 
record, if you have already talked about this.
    Maybe this goes particularly to Ms. Dillaman, but to 
anyone: What is the limit? Okay, so we have cut the time down 
to maybe a few months for Secret and Top Secret. Doing it the 
way we are doing it, and digitizing it as necessary, asking the 
questions we are asking, collecting the information we are 
collecting, what is the limit? What will be the shortest time 
for a TS? What will be the shortest time for an S, a Secret?
    Ms. Dillaman. Sir, the process relies on the voluntary 
cooperation of tens of thousands of different sources of 
information--the public.
    Mr. Holt. So that means you have good data, you have good 
statistics.
    Ms. Dillaman. We do, yes.
    Mr. Holt. So using those good statistics, what will it be?
    Ms. Dillaman. It can be as little, for some individuals, as 
15 days. It can be as long, for some individuals, as 15 months.
    Mr. Holt. Because you have good statistics--because there 
are thousands and thousands and thousands of these that you are 
doing, you can get very good statistics. So what will the 
median be, the median time? Half the people will take longer 
than that, half the people will take shorter than that.
    Mr. Johnson. In what time frame? I mean, when? A year from 
now? Five years from now?
    Mr. Holt. If you can do everything you want to do, digitize 
it and so forth, what is the best we will achieve on a steady-
state basis?
    Ms. Dillaman. Today, we are at 80 percent, averaging in the 
low 60 days. But the Top Secrets take longer because of the 
information we are collecting.
    I believe that if there are not significant reforms in the 
way information is shared around government, we can make some 
more improvements. But all improvements related to just having 
enough people to do the job we have realized. We have enough 
people----
    Mr. Holt. So by so-called streamlining, you think that we 
are approaching the asymptote here, to speak mathematically. In 
other words, you just won't reduce the median time much more.
    Ms. Dillaman. I think there are still some----
    Mr. Holt. By digital fingerprints and using the Internet 
and, everything we can do?
    Ms. Dillaman. I think there are additional improvements, 
but it is going to rely on other systems outside of our 
immediate control to also have reform brought to them.
    Let me give you an example, sir. Every investigation 
requires that I obtain the FBI's records. And if the FBI is 
incapable of providing all of their records timely--and they 
provide most of their records timely, but not all--then those 
investigations where I can have all of the rest of the work 
done but I need to wait for the FBI to provide their essential 
information won't be completed until that final piece. For an 
individual, if I need to do a subject interview to resolve 
issues and that individual is deployed to a war zone, I have to 
wait until I have access to that individual. So there are 
factors that can delay specific investigations.
    But on the flip side of that, out of the 580,000 that we 
did, 145,000 of them were done in less than 45 days; some of 
them in less than 30 days.
    Mr. Holt. What I would ask is, did you actually look at the 
median, that is a meaningful number, half to longer, half 
toward shorter, and find out what that is? And if it means 
going to the FBI and asking how much more can they shorten 
their process.
    The median: Now some will take longer and some will take 
shorter, but the median. Have they reached their limit? Have 
they come to the asymptote? And there is not going to be much 
improvement.
    Ms. Dillaman. That is what we have been doing over the last 
2 years is working with every one of these. There are 26,000 
local law enforcement agencies that I rely on, 50 State records 
systems, dozens of Federal records systems, and every one of 
those has to be fine-tuned to be responsive.
    And I also need to get the cooperation and responsiveness 
of the citizens that have to be interviewed. I can't just 
demand that they shut down and stop and talk to me. I work 
around their schedules as well.
    So you are right, there is a limit for how far we can cut 
the time on this to the point where we have been so aggressive 
that we cut off the very information that is essential to us. 
And it is finding that delicate balance.
    There is more to be gotten out of this. There are further 
improvements. And if today is 63 days, whether that improvement 
is down to 40 days or 38 days is yet to be determined. It 
depends on just how much reform we can bring.
    Mr. Holt. How will that be determined? It is a question we 
need to ask and that we really need an answer to.
    We shouldn't be flogging people in the government to be 
getting it down to 20 days when the best we are ever going to 
do is 40 days. So if OPM can't go to the FBI and get that 
information for what is the best for FBI--maybe we need the DNI 
to go to the FBI and get--if one of your necessary ingredients 
is this FBI check, and it currently takes 71 days, or whatever 
it is, for Top Secret, you need to know and we need to know 
what is the best they can do.
    Mr. Johnson. If we--this is grossly overgeneralized but if 
we wanted to digitize every FBI record, we could get access to 
every FBI fact about somebody in seconds, a day. I bet we would 
decide we don't want to do that. The cost of doing that, the 
time, the--I am not sure we would want to do that. I mean, so 
that is not likely to happen, but an example of what could 
happen that would take something that takes 30 days and now to 
get it down to seconds.
    The reform effort, there is a transformation effort under 
way, led by Defense Department, the ODNI and OPM, looking at 
all the things we can do to transform the system, not small 
incremental changes, but all the kinds of issues that have been 
addressed; and they have been charged by the President to start 
coming forward, starting on April 30, with what do they know 
now we should be adopting to transform the system.
    And then as soon as they have other recommendations they 
want to make that can be validated as being worthwhile and 
worth cost, being a good relationship to benefit, they come 
forward as quickly after April 30 as they have something they 
want to recommend to the President.
    This is being done on a very aggressive time frame to look 
at, how quickly can this be done? Not ideally, but what should 
this system, this desired different way of doing this, what 
should it look like? And what is the implementation plan?
    And some of these things we can do in months or a year or 
so, and they can start having an impact. And some of them, like 
going totally paperless, will take more money and some more 
time, or significantly more time. It is not going to be done in 
months, it is going to be done in years to do it. But we are in 
the process.
    There is a formal effort to address all the things that can 
be done, and as a part of that, try to quantify the impact it 
will have on the process. So you add up all the impacts, and 
that is how quickly might it be done.
    Mr. Holt. And who is responsible for quantifying that? 
Where is that being done?
    Mr. Johnson. The reform team, which is led by John 
Fitzpatrick and Beth McGrath here, that is answerable to the 
champions, which is DOD, ODNI, and OPM with a little 
orchestration from me.
    When they recommend something, it is, Here is what is 
suggested to us.
    Why is it valid?
    It is a worthwhile change to recommend to you, Mr. 
President; and here's the benefit and here's the cost of doing 
it.
    So that team, as a part of their evaluation, will come 
forward with their assessments.
    Mr. Boswell. Can I add to that, sir?
    Clay referred to the deadline of April 30. The reform team 
will have an acquisition strategy developed by April to be 
folded into it. The acquisition strategy will determine the 
cost and the implementation time lines the best we can. And we 
will also look for low-hanging fruit, near-term improvements as 
well as the long-term improvements.
    Mr. Holt. I would urge, plead, whatever, that we make it 
quantitative. When you have got this many people, you have good 
data, or you should have good data. You can get good data.
    Mr. Johnson. We have got fantastic data.
    Mr. Holt. And, therefore, it really should be quantitative, 
and you should know from an engineering operations point of 
view what the critical path is, what are the limiting time 
periods; if changes were made in those critical limiters, what 
would then become the limiting time period, and what is the 
median time there and how much can that median be shortened.
    You should be able to quantify it. I hope that is what you 
are doing.
    Ms. Dillaman. Sir, if I may, because I live and breathe 
data, with the amount of work that we do, we track this down to 
a source level. And we have, since the clearance reform team 
was formed under OMB, we have provided full transparency to how 
long every aspect of an--not only how long they take, but how 
effective they are, how many times they net out the results 
that have to be considered.
    Two short years ago, the average time for a Top Secret 
clearance was in excess of a year; the average time for a 
Secret Confidential was in excess of 6 months. And bringing the 
change to this and reform to this and watching it week in and 
week out incrementally go down, while the inventory of pending 
investigations dropped, meant we have to stay on top of data.
    Mr. Holt. But, of course, you get smaller and smaller 
marginal returns with more and more investment of money. And at 
some point it is going to level off at an asymptote. We need to 
know what that is, and for each of the ingredients as well as 
the total process.
    Now let me turn to the bigger question, which is the more 
important question. We may be streamlining a fallacious 
process. Again, when I have asked this question to people 
before, I have not been satisfied with the answer, and I would 
like to push it a little bit more.
    How do we know that we are asking the right questions, that 
we are making the right determinations, that the process has 
any legitimacy? I must say I get on to this line of questioning 
because I have been convinced for many years that polygraphs, 
for example, are pseudoscience, bogus, just bogus; and yet, I 
know various agencies rely on it. Yes, you can use it to scare 
the daylights out of people, and maybe they will come forward 
with something. That is not science. But it makes me question 
whether the process is what it should be.
    So who is asking the questions?
    In fact, GAO said we need better metrics and, in fact, in 
GAO's words, we need better measures of clearance quality, 
which I take to mean, we are asking not just what are internal 
quality controls, but we are also asking, have we cleared--have 
we rejected the people who should be rejected, and have we 
cleared the people who should be cleared? Have we avoided false 
positives? Have we avoided false negatives? How are we 
determining that?
    And we know there have been some false positives. They go 
by the names of Ames, and you know the list, and maybe there 
are a lot of others we don't know. And I happen to know some 
false negatives, constituents and others who have been 
rejected, I am pretty convinced, unfairly, unreasonably, 
illogically, or fallaciously.
    So however we streamline the process, I hope somebody is 
asking how we quantify, whether we are doing the right thing.
    Ms. Farrell, since GAO addressed this, maybe I should start 
with you.
    Ms. Farrell. Thank you for bringing that up, because our 
concern is the quality of the investigations. The numbers are 
going in the right direction for timeliness, and the agencies 
should be commended for that; OMB should be commended for their 
commitment and their strong leadership.
    As I noted earlier, everyone here wants to make it better, 
but our concern is that we may have a product that has a quick 
turnaround but is of poor quality. And it does no good to do 
something better and still end up with a product that doesn't 
meet the standards that you want.
    Our concern is that we haven't seen metrics, and we haven't 
seen quality built into the investigations and the adjudication 
process.
    The one metric that has been cited, that of returning 
investigations--that is one of six phases of this process, just 
one aspect of six phases--so there are more metrics that could 
be built into not only the investigative phase, but the appeals 
process, the application, all six phases.
    Mr. Holt. Who should be responsible for building those in? 
Where should it rest? Should it be this general group? Should 
it be the DNI or the Secretary of Defense themselves? How can 
we be sure this is going to be done or is being done now?
    Ms. Farrell. You have a number of things going on 
simultaneously. So the answer right now is, multiple players 
should be doing this.
    Mr. Holt. And is that bad? I mean, part of the security 
clearance that we see is more uniformity, more consolidation. 
That may or may not be good.
    Should this be question about whether the process is even 
right, whether it is fallacious or not, should that also be 
centralized, or should that be decentralized?
    Ms. Farrell. Right now, we have multiple processes, and we 
are trying to move to a process that would have a common 
framework that we share. The issue is, in the long term, will 
it be shared by not only the OPM investigators, but those that 
are doing investigations for the IC community as well. Right 
now, we hope that OPM has taken action on some of our 
recommendations to build in quality control measures for the 
situation that is today.
    We also hope that the reform committee will be looking 
ahead. And, as part of their strategic thinking--again, it is 
going back to, if you are going to overhaul a system that has 
been in place for decades, you probably need new policies and 
new procedures; and this is an opportunity to make sure that 
quality is built in to all the phases of that uniform process.
    Mr. Holt. Thank you. Mr. Johnson seems eager to speak. We 
have a vote on the floor. I am delighted to see the Chair is 
back.
    Mr. Johnson. While you are here, let me make a very strong 
statement.
    We do not have a quality--a security clearance quality 
problem in the Federal Government.
    Mr. Holt. How do we know?
    Mr. Johnson. No bill has been passed. There has been no 
evidence that we are issuing----
    Mr. Holt. Absence of evidence is not evidence of absence.
    Mr. Johnson. I appreciate your conversations here and 
statements about the math of all this, but let me address 
something here.
    The issue, the primary issue--by far, the primary issue--is 
not that we are giving clearances to people that shouldn't have 
them or that we are occasionally depriving the people that 
should get them. There are appeals processes that people are 
allowed to go through if they believe they are unjustly denied 
clearance.
    We have--what we have here and what the IRTPA attempted to 
challenge the Federal Government, and I believe we are rising 
to that challenge--is a timeliness issue, far and away, orders 
of magnitude, that difference. That is the issue.
    On the issue of what is central and what is decentralized, 
we are centralizing, we have centralized the investigative 
matter. The adjudication is decentralized now. It is by agency. 
The responsibility for deciding who should get a clearance and 
who should come to work at an agency needs to be that agency's 
responsibility, because each one of their missions is different 
and they need to look at what are the specifics.
    So there is not centralized adjudication, there is 
decentralized adjudication. There needs to be consistency of 
training and expertise and so forth, but how they weigh the 
factors should be, and is, agency-specific.
    Chairwoman Eshoo. Thank you. Let me try to pick up where we 
left off when I had to go over to the Capitol to vote.
    It seems to me that--in a nutshell, that the IC community 
is dealing with reciprocity and that the rest of the system is 
dealing with timeliness.
    Do you agree with that, or is that too--is that too much 
shorthand?
    Mr. Boswell. The IC has a timeliness issue, too. We are in 
pretty good shape in terms of the 2006 timelines. But we are 
not in good shape in terms of the 2009 timelines, and that is 
why we need a transformed system.
    Chairwoman Eshoo. I think that Mr. Issa's line of 
questioning was helpful. And I can't help but think of the word 
``jointness'' in all of this, because the legislation that the 
Congress put forward really was, I think, at the heart of it. 
And there are many manifestations of that, is that--that is our 
goal, is jointness.
    I understand that the needs of the Intelligence Community 
vary and differ in some ways--not in all ways, but in some 
ways--from the rest of the system. And, as he said, maybe there 
should be two different systems. I don't know; I think that we 
still have to probe on that. But I think that there are many 
parts of this in terms of security clearance that are shared 
across the government.
    So how we achieve the jointness that the Congress directed, 
I guess is the question, and how we measure that. And I know 
Ms. Farrell in her testimony--and then your summary, you talked 
about metrics. So I want to examine the issue of metrics.
    But first, let me ask you, Ms. Dillaman, does OPM conduct 
any clearances for the Intelligence Community contractors?
    Ms. Dillaman. Only those that would be considered under the 
Department of Defense. Yes. So we do all of the work for 
Department of Defense and for industry.
    Chairwoman Eshoo. You do?
    Ms. Dillaman. Yes, ma'am.
    Chairwoman Eshoo. Do you provide any assistance to 
contractors of prospective employees to navigate the clearance 
process? Or is that something that those that are seeking them 
are on their own to do?
    Ms. Dillaman. That belongs to the clearance granting agency 
themselves, in this case, Department of Defense.
    Chairwoman Eshoo. They do?
    Ms. Dillaman. Yes, ma'am. And the initial application 
process is an OPM-developed application process. So all of the 
online collection of information, and all the assistance, and 
tools that go with that, was developed by my agency.
    Chairwoman Eshoo. Now, let me get to Ms. Farrell and the 
whole issue of metrics.
    What, in your work and how your work has instructed you, 
should the DNI use to validate the entire team's results?
    Ms. Farrell. I am going to go back to quality because--
although I mentioned four factors in the statement--
requirements, quality, quality measures, and long-term funding 
costs--because you are going to need money and people to carry 
out the reforms, but we would hope that quality would be built 
in to the process.
    Timeliness is an issue. We have heard that not only is it 
an issue with the DOD agencies, but it is an issue, as well, in 
the Intelligence Community.
    But the quality metrics that we would be looking for would 
be the completeness of the investigations and the adjudication 
reports, or the training. And that has come up, that these 
adjudicators are working for the multiple agencies that have 
multiple processes carrying out the eligibility function. So 
one metric would be looking at the number of training hours, 
the course content. Is it meeting the needs of that training 
community, especially for a new system that is being put in 
place? Other metrics could include surveys of the affected 
people, the adjudicators and the investigators, how well they 
think the process is working, as well as building in other 
internal controls for fraud, waste, and abuse, making sure that 
there is independence in the system to oversee and that there 
is no harm done.
    Chairwoman Eshoo. Do you agree with that description? And 
to the extent that these are the observations of the GAO, are 
they built into your work?
    Mr. Boswell. I think an end-to-end enterprise system will 
have a much better way to measure the kinds of things that 
GAO----
    Chairwoman Eshoo. Do you agree with the specifics of the 
metrics?
    Mr. Boswell. I agree with what Mr. Johnson said, which is 
that the issue at hand here is less the quality--we are 
confident in the security clearances that we are providing. We 
are confident in the quality of that system.
    What we are working on is the timeliness of the system.
    Chairwoman Eshoo. So do you agree or disagree with what Ms. 
Farrell said about these metrics?
    I mean, if you disagree, it is all right.
    Mr. Johnson. I disagree.
    Chairwoman Eshoo. Tell us why.
    Mr. Johnson. The majority of the metrics she talks about 
are input metrics. And if you are implementing something, we 
look at training, we look at what the industry thinks of--we 
poll the industry on a regular basis, frequent, ongoing basis 
on how--they are a customer--how they view the process, the 
timeliness, quality, customer service, and so forth.
    Chairwoman Eshoo. We have done that in roundtable meetings, 
and they are not very pleased.
    Mr. Johnson. They are not. And that is the point. Their 
understanding, their perception is different than the reality 
in terms of timeliness; and so we need to make sure it tells 
us----
    Chairwoman Eshoo. What does that mean, ``their perception 
is different'' than yours?
    Mr. Johnson. They say that----
    Chairwoman Eshoo. Their experience is not the way they 
describe, the experience is not accurate?
    Mr. Johnson. It is what they feel. I mean, it is--their 
impression of the information is that times are not improving 
as our statistics suggest they are. And so that says we need to 
do a better job of working with them and getting statistics and 
getting a common understanding of what is going on here and 
what the opportunities are and what the obstacles are and so 
forth.
    So that is not something to dispose of or pay no attention 
to what they think. It is, we need to do a better job of 
linking up with industry, an even better job. And it is the 
agency's responsibility, in this case, with industry, DOD.
    Chairwoman Eshoo. I am not so sure I understand why you 
disagree with what Ms. Farrell said. Let me get back to that.
    Mr. Johnson. She talked about paying attention to training. 
Of course, we pay attention to training. And a part of this 
will be--and one of the things we started working on in 2006 
was the adjudication, what consistencies and inconsistencies 
there are, the adjudicators, adjudicating activity across 
agencies, and what is the level of training and what level a 
person is that does the work and so forth. And there has been 
an ongoing effort to look at that and bring that all to be more 
consistent, more aligned across the agencies so there can be 
greater confidence in the quality of the adjudications done by 
all the different agencies.
    That is ongoing. But that is an input; you can do all that 
and still have bad adjudications. But nobody feels, nobody has 
said yet that we are granting clearances to people that 
shouldn't have them.
    Chairwoman Eshoo. Let me just go to Ms. Farrell.
    Is that what you intended as you came up with the metric, 
that there are people that are getting, receiving security 
clearances that shouldn't?
    Ms. Farrell. We don't know. I think the answer to that is, 
you don't know. Because the last time we went in and looked at 
the 50 top secret cases, 47 of them had incomplete information 
that were related to residence, employment, education. And I am 
not talking about missing ZIP Codes.
    For example, talk social references. There is a requirement 
that the investigator interview two colleagues of the applicant 
that the colleague has provided, and then the investigator is 
to develop two social references. We found cases where the 
investigator only relied upon the information provided by the 
applicant.
    That is what we are talking about with ``missing and 
incomplete.'' Also, 27 of the 50 cases had unresolved issues 
that hadn't been followed up. So my response to that is, we 
don't know. They don't know because of missing information.
    It is alarming when you look at the numbers in terms of 
incomplete investigations. The focus has been on timeliness--
and that should be commended, the progress that has been made; 
again, the numbers are going in the right direction. But we 
don't want to do a product quicker and have a poor-quality 
product.
    Mr. Johnson. The commitment in everything--we want to go 
quicker with no diminution in quality. So there is no effort, 
there is no inattention to quality here.
    But with reference to employees that have gone bad, and 
Director McConnell talks about there are 128-or-something spy 
cases in the last whatever period of time. I think all of them, 
if I am not misunderstanding it, went bad after they got here, 
and 124 of them----
    Chairwoman Eshoo. That is a whole other area.
    Mr. Johnson. That gets into the risk management and the 
continuous reinvestigation.
    The suggestion was, because of the 128 people, that 
suggests that we are missing some people as they came in. They 
were--there was not risk when they were brought in. It is a 
risk management, it is management of risk and attention to--
greater attention to their behavior after they are here.
    I do not believe that there is evidence that we have a 
quality issue that we need to categorically address. We are 
firmly committed to quality of investigations, quality of----
    Chairwoman Eshoo. I don't think there is lack of commitment 
in this. I think that you all are struggling to turn, the 
equivalent to me of a trying to make a huge cruise ship--trying 
to make a U-turn in a small bay.
    This is--we are dealing with a system that is very old and 
was set up to produce different outcomes at a different time. 
And I think it, you know, is characteristic of so many other 
efforts since--most frankly, since our country was attacked.
    And so I don't think that is--I don't doubt commitment from 
any of you. I think that you are all superbly committed. It is 
a matter of drilling down and seeing if, in fact, the 
directives of the legislation have been met; where there are 
shortcomings, that we work harder to correct them.
    I know, Ms. Dillaman, you wanted to say something.
    Ms. Dillaman. Thank you, ma'am. And with all due respect to 
my colleague from GAO, I also think we need to put this in 
context.
    When GAO looked at investigations, they looked at 
investigations conducted during the period of time when the 
Department of Defense investigations program was transferred to 
OPM--investigations, in fact, that were reviewed, started under 
DOD's leadership.
    Now, that is not pointing fingers. That is to say that the 
two agencies had different standards applied to how 
investigations were conducted. One of the major benefits of 
combining the programs was uniformity, and we immediately did 
launch a massive training effort to get everybody, contractors 
and Federal employees alike, working toward the same standards; 
revised a standard, one standard handbook. And so the outcome 
of that merger effort is a more uniform program where the 
investigative standards are implied.
    There is work that needs to be done on the investigative 
standards, too, because when they were first drafted, it was 
almost a like a punch list. You would talk to two neighbors. 
Whether two neighbors were to know this individual or not, you 
had to talk to two neighbors. And in today's transient world, 
there are people whose neighbors know nothing about them, and 
they may not be the right source to testify to someone's 
character.
    Chairwoman Eshoo. We have already covered that ground in 
the subcommittee, and there have been references made by other 
members, by members of the full committee as well.
    On this issue of quality, I think it would be helpful if 
there were objective measures to prove that there is quality; 
and that is not picking on an agency or to say that the things 
that you are working on are not important. But it is very 
important to have yardsticks by which we measure these things.
    I think that every single one of us is for quality. Nobody 
is going to doubt that or question that; and I am not going to 
question that with any of you. It would increase confidence, I 
think, here if in fact there were----
    Mr. Johnson. I don't think asking what investigators think 
of the process is an important quality measure. One of the 
metrics opposed by GAO is to ask on an ongoing basis what the 
investigators or adjudicators think of the process. I don't 
believe that is a good quality measure.
    Mr. Issa. Why? Why wouldn't you think that was important?
    Mr. Johnson. Because I don't think what their impressions 
are of the system have anything to do with whether it is a 
quality product.
    Chairwoman Eshoo. Well, you just talked about impressions 
of the contractor community. Why are impressions from one 
community okay and from another part of the community are not? 
I sense that there are some tensions between what GAO's 
recommendations----
    Mr. Johnson. I am not a big fan of GAO using 2-year-old 
data to talk about the absence of quality in the process.
    Chairwoman Eshoo. Do you sit down and talk to each other?
    Mr. Johnson. All the time.
    Chairwoman Eshoo. And you can't get this worked out?
    Mr. Johnson. I have communicated very clearly that I 
believe a lot of their data they refer to----
    Chairwoman Eshoo. How flexible are you? I think more than 
anything else it is--look, if there is anyone that understands 
jurisdictions and how people fight over them, Congress is the 
best case.
    Mr. Johnson. GAO loves the management part of OMB, and we 
work very closely with GAO. And--we have our differences of 
opinion, and I don't believe that measuring inputs or using 2-
year-old data is the way to measure quality.
    Chairwoman Eshoo. I would be happy to yield.
    Mr. Issa. You did your study 2 years after you said, Let's 
make a change, and you are complaining that it is 2 years old.
    My question is, 2 years after Congress acted, these are the 
results you have. So they are valid 2 years after Congress 
empowered the administration to make a change. And, quite 
frankly, Mr. Johnson, you have been with the administration 
long enough to know that this administration, for which I 
personally voted and support--but this administration has been 
here 7 years; so we are going to be looking back at year 2, 3, 
4, 5, and 6 of this administration, well into the next 
administration.
    The question is, was it valid at the time Ms. Farrell did 
the study? And what has been changed, that the two of you can 
agree on, has been changed since that time? That is what we 
want to know.
    Mr. Johnson. Let me answer your question.
    The time period, if I am understanding correctly, for the 
50 cases she talks about, was December and January of 2005 and 
2006; that is when the reform effort began. And the 
investigation, the study was of cases--as Kathy said, of cases 
that were investigated by DOD, not by OPM. So it is pre-reform; 
it was an analysis of the pre-reform situation. The before, not 
the after.
    And there is not an assessment that is current or of the 
reform where, after the responsibilities were changed.
    Mr. Issa. By the way, we are only here on 2-year terms. So 
we are kind of funny about 2 years seeming like an eternity.
    Ms. Farrell. We are presenting the facts for you to do with 
as you wish.
    The sample in question was taken in January and February 
2006. At the end of that calendar year is when, by law, you 
were wanting the IRTPA requirement to begin with its 
milestones. The 50 cases that we looked at were cases that OPM 
investigated. Keep in mind that OPM had had 2 years to plan for 
the transfer from DOD's investigation service to them, so we 
are pretty sure that those cases are OPM's. I have talked to 
the staff, and they do not remember any of those cases 
belonging to the DOD investigators; they had already 
transferred. And, again, OPM let these go through their quality 
assurance program.
    So what were their quality standards? Even if they 
inherited them--and I am not saying that they did, but if they 
inherited them, what quality procedures were in place to keep 
them from slipping through? And that is what is lacking, it is 
the quality procedures.
    We believe in measurements of goals in order to determine 
where you are going. OMB has led the government in such 
measurements. The ones that we suggested are suggestions. We 
think those would be good. There are more metrics that could be 
done. We would hope that the current reform committee would 
consider this issue of quality and build quality in, as well as 
timeliness for the future.
    Chairwoman Eshoo. I just have a couple of more questions 
and then we will go back to Mr. Issa. And I don't think that 
Mr. Holt is going to be able to come back, so I think we will 
start winding down. But it has been most helpful.
    Now, in the legislation, there was a mandate that the 
President designate a single agency to direct the day-to-day 
oversight for investigations and adjudications for personnel 
security clearances.
    My question is, who did the President designate under the 
act? And do they actually maintain day-to-day oversight?
    Mr. Johnson. The President designated OMB. And I was 
designated.
    Chairwoman Eshoo. So you are the point person.
    Now, why do some intelligence agencies still conduct their 
own investigations and adjudications? We have kind of gone 
around that, but so it is----
    Mr. Johnson. How I will answer that is the following:
    Particularly in the Intelligence Community, the 
investigation, the clearance investigation, is one and the same 
with the suitability investigation, and----
    Chairwoman Eshoo. So clearance and suitability are shared 
across the government?
    Mr. Johnson. No. In Intelligence Community it is super 
critical of those. That is one and the same: Do they get the 
clearance and are they suitable for employment? It is pretty 
much the same issue, but they are less one in the Interior 
Department, for instance. And that is a gross 
overgeneralization.
    But also, the feeling was, it was being done on a 
reasonably timely basis already in the Intelligence Community. 
And so does the Intelligence Community continue to do their 
investigations and their adjudications, while we focused on 
reforming where there were timeliness issues, which was the 
primary issue, and that was outside the Intelligence Community?
    Chairwoman Eshoo. My sense in the kind of collective 
testimony today is that you all have essentially placed your 
pedal to the metal on timeliness. And that is important, 
timeliness. There is no one that is going to question or 
suggest that being untimely is okay. It is not.
    But I think that there are other issues to be dealt with 
here. That is my sense, and I think that some of the testimony 
points to that.
    So, again, is there, in your view, a necessity to have some 
intelligence agencies conduct their own investigations and 
adjudications? I mean, is that----
    Mr. Johnson. They do it now.
    Chairwoman Eshoo. I know that they do.
    Mr. Johnson. Or are you saying, should we change that?
    Chairwoman Eshoo. Yes.
    Mr. Johnson. I don't know of a reason to change that.
    Mr. Boswell. I certainly agree with that in spades.
    And just to emphasize a point that was made: A condition of 
employment in, for example, CIA is that everyone is cleared at 
the Top Secret and has SCI access. That is very different from 
what it is in most other organizations.
    Chairwoman Eshoo. So I am gathering from Mr. Johnson and 
Ambassador Boswell that you don't think that in terms of 
efficiency and other factors, it would make sense to have one 
agency manage all security clearances?
    Mr. Johnson. Do you mean, all do the investigation? Because 
right now, the adjudication is done by each hiring agency.
    Chairwoman Eshoo. I understand.
    Mr. Johnson. You mean, have one entity do all the 
investigations?
    Chairwoman Eshoo. One entity in charge of all security 
clearances.
    Mr. Johnson. I do not believe that there should be one 
agency making all adjudication and all investigation.
    Chairwoman Eshoo. And I appreciate that.
    Mr. Johnson. Because it is the responsibility of each 
agency. Because they are the pursuer of their mission. They are 
the ones that understand their mission, and they understand 
where there might be risk and where there may not be risk, and 
they are best equipped to make that adjudication.
    Chairwoman Eshoo. That has been a very long-held view, and 
that is one view. And I wanted to question about that.
    I can see how extraordinarily strongly you feel about it, 
and I am not diminishing what your view is, and it is a very 
strongly held one.
    I am going to stop there. I will go to Mr. Issa now again.
    Mr. Issa. Ms. Farrell, thank you very much for the work you 
did. I am sorry that we don't have continuous improvement in 
the government, that every month you don't get two or three 
records to look at so that--like polling data or like tracking 
of any organization.
    UPS knows every day whether they are getting better or 
worse, because there is some amount of quality circle every 
night on every part of the company. Because, by definition, 
they don't wait for a big study, and then when it comes out say 
it is 2 years old; they, in fact, do it every day.
    So I am sorry that we don't give you that capacity more.
    I would hope that as quickly as possible you could do at 
least a mini update on what you currently have that is now 
being accused of being dated, because I personally, as least as 
one member, have great confidence that you will find a 
substantial number of the same problems. I am sure there will 
be some improvements, but if you would look again, I think we 
would all benefit from it.
    Mr. Johnson, I am going to be less kind, perhaps, than the 
chairwoman. I don't like the way you are treating this 
committee. I think, in fact, you haven't talked to your boss. I 
think that, in fact, both the President, the Secretary, the DNI 
have all made it very clear that we want to end stovepiping.
    So when you say that this joint task force that is supposed 
to be finding a way to use clearance process reform as part of 
the ending of stovepiping, you don't think we are going to get 
there and don't think you should, I think you are out of line. 
When you become disingenuous on its face, when you tell me that 
there is no problem with reciprocity, but then of course we are 
going to continue to have different agencies have different 
fiefdoms in order to determine who is going to be fit to work 
there, and then we think they are going to openly let each 
other agency with different standards look at each other's 
information, which ultimately is what you say will have to 
happen.
    Now, Ms. Eshoo and I both, we travel, we have the 
opportunity to work with many of the people in the most 
sensitive areas around the world, and we do see a tremendous 
improvement in jointness. We see a tremendous improvement in 
the attitude of the operatives and the management in the Pak-
Afghan border region, in other areas of interest. So I am not 
going to say that there isn't progress being made. I have seen 
it, the chairwoman has seen it.
    What I am saying is that the Congress was unambiguous in 
saying that we wanted to get to, essentially, oneness of 
standard, oneness of process, not levels, but process; so that, 
in fact, at a given level--and I appreciate what you said 
earlier, that not everyone that can see one document can see 
the other, even if they have the same level of clearance--but 
the quality and acceptance of each other's clearance in the 
process.
    Today, you have sort of demonstrated, and I think Ms. 
Farrell shook her head as much as she can, she is probably 
going to have to go take an Advil at the end of this thing, to 
say that, No, I don't think that a fair oversight of a year and 
a half ago, 2 years ago says that you are making that progress, 
and today you are not giving us the confidence that you are.
    Now, I want to be wrong. And I certainly am not going to 
lecture you and then not give you a chance to respond. But both 
for you and for Ambassador Boswell, I have got to tell you, I 
think my interpretation is that Congress wants everybody who 
can be cleared, be cleared to be used in the best place they 
can. That is part of the outreach that the DNI talked about.
    Two, we want to have somebody who has a need to know 
something to have been cleared at a level, be able to get it. 
And simply going from one agency's information to another is 
not a reason to redo the same level of security clearance. If 
there are different levels, fine. But as someone rises to them, 
and the chairwoman and I have the luxury of rising to the 
highest level. And, by the way, not because we would have 
passed your screening test under the rules, but we do have that 
luxury, so we get to see how important it would be for one 
person to see something else in order to get to the bad guys 
before they get to us.
    So I would like to hear your response on it. I do think 
Congress was unambiguous in saying that we envision no separate 
standards, no inability to port somebody from the NSA to the 
CIA, et cetera, based on these other factors of individuality 
being excluded, but not based on the documentation or the 
transparency of that documentation as appropriate.
    And I would love to hear your comments.
    Mr. Johnson. I don't think you would find any difference, 
first of all, in terms of what I am suggesting versus what the 
President and Mike McConnell and Secretary Gates and so on 
would want. I would love to have you go back, or have your 
staff go back through the transcript of this meeting and call 
me; and I will come up, and you tell me where, based on what 
was said here--not what was heard, but what was said here--
where I disagree with what you think the President's and Gates' 
and McConnell's intents are. Because I do not intend to deviate 
from what they have directed us to do.
    What we are saying by ``reciprocity'' is that all prior 
investigative work should be accepted. You should not have to 
redo somebody's investigative work simply because you want to 
take another look in another department about whether 
suitability or clearance over here equates to clearance over 
here.
    I will bet you, if you asked the Members of the House or 
Senate or anybody in the executive branch, senior capacity, 
whether your access to Top Secret information at Interior would 
qualify you for access to Top Secret information at CIA, you 
would hear a resounding ``no.''
    Mr. Issa. Then the question, and the Chair--look, not all 
Top Secret is created equal, not all Secret might be created 
equal, although mostly it is sort of post-CNN usually. And as 
we go up the levels, I don't have a problem with you saying 
something is a higher level. But I do--I do disagree.
    If you categorize something at a given level, and there is 
a need to know in the course of legitimate doing of somebody's 
job, which in this case is finding the bad guys, which takes 
all these different agencies, including probably a Department 
of Agriculture person who is seeing some movement of something 
that can blow up a building or whatever, then, yes, the 
categorization should be consistent. That is what Congress told 
you all.
    So when you say, No, it can't, yes, you are on the record 
saying exactly what we think is different than what we said and 
what the administration said they heard.
    Mr. Johnson. Okay. Well, that is not what was said, sir.
    Mr. Boswell. Sir, I hope I didn't misunderstand what you 
said with your comments earlier. TS/SCI within the Intelligence 
Community is entirely reciprocal. I mean, there is no 
stovepiping. An enormous progress has been made on this. It is 
entirely reciprocal. You may find some cases where--you know, 
we all have our stories, but it is entirely reciprocal.
    You mentioned earlier polygraphs. A CI polygraph done by 
one intelligence agency is entirely accepted by any other 
intelligence agency. There is no repolygraphing.
    Mr. Issa. We are glad to hear that. We don't know that to 
be true at this point. So, hopefully, we are both hearing the 
same thing.
    Mr. Boswell. Likewise, a full-scope polygraph done by one 
agency is reciprocal to another agency. And they are accepted 
within the agencies that do--or the few agencies that do full-
scope polygraphs.
    Mr. Issa. So if I am at NSA and I am short of polygraph 
people, CIA can help me out and it is completely going to be 
reciprocal?
    Mr. Boswell. I can tell you that the DNI, for example, in 
polygraphing its own people, relies on several agencies to do 
it. They polygraph to common standards.
    Mr. Issa. That is very good to hear.
    One last thing in closing: The 128 that was mentioned of 
people who have betrayed their country, the statement that they 
all went bad after they had the job, I think flies in the face 
of what this committee has heard in the classified setting 
about individuals who--one or more individuals, who clearly 
cheated to get into one agency, cheated to get into another 
agency, had lied throughout the process, and is currently in 
the news.
    So I would hope that that would be double-checked before it 
was repeated again, because I don't think we can fairly think 
that that person or people are outside the 128.
    Thank you.
    Chairwoman Eshoo. Thank you, Mr. Issa.
    Let me just ask one more question, and then I will make 
some brief closing comments in thanking all of you. I think 
this has been worthwhile. I have learned from it, and that is 
what hearings are for.
    Ambassador Boswell, you said in your testimony that there 
not be any diminution of quality. And I want to get back to the 
issue of quality, because it is so important in what we do.
    Can you tell us about what proposals you are validating in 
the team effort? How you are addressing this? What metrics you 
are using? Are there any?
    Mr. Boswell. Yes, ma'am.
    Chairwoman Eshoo. Give us some confidence in this.
    Mr. Boswell. There are a number of what we call 
``demonstration projects'' that are going on. Now, they will be 
done in time for us to make our proposal to the President. 
There is a substantial degree of quality control and quality 
checking. These are all to validate the quality in addition to 
speed up the process, but to validate the quality of the new 
system that we hope to have in place.
    So quality control and attention to quality is absolutely 
central in this process.
    Chairwoman Eshoo. Well, let me thank you all for--first of 
all, for your service to our country. That is what we are all 
here for, and we can never, ever lose sight of that. Our work, 
our oversight, the work of the Congress is really on behalf of 
our country and the American people.
    The questions that we raise and what you do in your 
respective areas of the executive branch, we are partners in 
this. And so while some of the questions may ruffle feathers, 
so to speak, that is very healthy. I think it is very healthy, 
and I hope that you accept the questions and the observations 
with the highest sense of purpose that, hopefully, we have 
asked the questions.
    And so thank you to you, to all of your colleagues that are 
here that are not at the table testifying, for the work that 
you do.
    I want to acknowledge the work of our staff again. I can 
never thank them enough, because they provide the consistency 
of all of this, and we simply can't do the work of all of them.
    Mr. Ruppersberger has joined us. And I would like to invite 
you, even though it is the tail end of our hearing. We have 
completed the questions.
    Mr. Ruppersberger. I just want to thank you for having this 
hearing, because this is such an important issue for us in the 
Intelligence Community. You and I have been here for 5 years. 
And we have so many issues that we have to deal with, if we 
don't deal with this and get it where we need to be and pull it 
together--and it seems there were a lot in the past, a lot of 
different agencies and turf and OMB; and now we----
    Chairwoman Eshoo. We have gone through some of that.
    Mr. Ruppersberger. It is all about the end game, doing it 
right. I don't need to go any farther.
    Chairwoman Eshoo. Thank you for coming to say that.
    With that, we will adjourn the hearing. Thank you.
    [Whereupon, at 11:38 a.m., the subcommittee was adjourned.]