[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]


 
                RISK-BASED SECURITY: ASSESSING THE PATH 
                       FORWARD FOR TSA PRE CHECK

=======================================================================

                                HEARING

                               BEFORE THE

                            SUBCOMMITTEE ON
                        TRANSPORTATION SECURITY

                                 OF THE

                     COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED FOURTEENTH CONGRESS

                             FIRST SESSION

                               __________

                             MARCH 25, 2015

                               __________

                           Serial No. 114-12

                               __________

       Printed for the use of the Committee on Homeland Security
                                     

[GRAPHIC NOT AVAILABLE IN TIFF FORMAT] 

                                     

      Available via the World Wide Web: http://www.gpo.gov/fdsys/

                               __________
                               
                               
                   U.S. GOVERNMENT PUBLISHING OFFICE
94-887 PDF              WASHINGTON : 2015                   
                               
_______________________________________________________________________________________
For sale by the Superintendent of Documents, U.S. Government Publishing Office, 
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center,
U.S. Government Publishing Office. Phone 202-512-1800, or 866-512-1800 (toll-free). 
E-mail, gpo@custhelp.com.  
2015                                
                               
                               
                               
                               
                               
                               

                     COMMITTEE ON HOMELAND SECURITY

                   Michael T. McCaul, Texas, Chairman
Lamar Smith, Texas                   Bennie G. Thompson, Mississippi
Peter T. King, New York              Loretta Sanchez, California
Mike Rogers, Alabama                 Sheila Jackson Lee, Texas
Candice S. Miller, Michigan, Vice    James R. Langevin, Rhode Island
    Chair                            Brian Higgins, New York
Jeff Duncan, South Carolina          Cedric L. Richmond, Louisiana
Tom Marino, Pennsylvania             William R. Keating, Massachusetts
Lou Barletta, Pennsylvania           Donald M. Payne, Jr., New Jersey
Scott Perry, Pennsylvania            Filemon Vela, Texas
Curt Clawson, Florida                Bonnie Watson Coleman, New Jersey
John Katko, New York                 Kathleen M. Rice, New York
Will Hurd, Texas                     Norma J. Torres, California
Earl L. ``Buddy'' Carter, Georgia
Mark Walker, North Carolina
Barry Loudermilk, Georgia
Martha McSally, Arizona
John Ratcliffe, Texas
Vacancy
                   Brendan P. Shields, Staff Director
                    Joan V. O'Hara,  General Counsel
                    Michael S. Twinchek, Chief Clerk
                I. Lanier Avant, Minority Staff Director
                                 ------                                

                SUBCOMMITTEE ON TRANSPORTATION SECURITY

                     John Katko, New York, Chairman
Mike Rogers, Alabama                 Kathleen M. Rice, New York
Earl L. ``Buddy'' Carter, Georgia    William R. Keating, Massachusetts
Mark Walker, North Carolina          Donald M. Payne, Jr., New Jersey
John Ratcliffe, Texas                Bennie G. Thompson, Mississippi 
Michael T. McCaul, Texas (ex             (ex officio)
    officio)
               Amanda Parikh, Subcommittee Staff Director
                    Dennis Terry, Subcommittee Clerk
             Vacancy, Minority Subcommittee Staff Director
                            
                            C O N T E N T S

                              ----------                              
                                                                   Page

                               Statements

The Honorable John Katko, a Representative in Congress From the 
  State of New York, and Chairman, Subcommittee on Transportation 
  Security:
  Oral Statement.................................................     1
  Prepared Statement.............................................     3
The Honorable Kathleen M. Rice, a Representative in Congress From 
  the State of New York, and Ranking Member, Subcommittee on 
  Transportation Security:
  Oral Statement.................................................     4
  Prepared Statement.............................................     5
The Honorable Bennie G. Thompson, a Representative in Congress 
  From the State of Mississippi, and Ranking Member, Committee on 
  Homeland Security:
  Oral Statement.................................................     6
  Prepared Statement.............................................     7
The Honorable Sheila Jackson Lee, a Representative in Congress 
  From the State of Texas:
  Prepared Statement.............................................     8

                               Witnesses

Mr. John Roth, Inspector General, U.S. Department of Homeland 
  Security:
  Oral Statement.................................................    10
  Prepared Statement.............................................    11
Mr. Kenneth Fletcher, Chief Risk Officer, Transportation Security 
  Administration, Department of Homeland Security:
  Oral Statement.................................................    13
  Prepared Statement.............................................    15
Ms. Jennifer A. Grover, Director, Homeland Security and Justice, 
  U.S. Government Accountability Office:
  Oral Statement.................................................    17
  Prepared Statement.............................................    19

                             For the Record

The Honorable Sheila Jackson Lee, a Representative in Congress 
  From the State of Texas:
  H.R. 48........................................................    40


   RISK-BASED SECURITY: ASSESSING THE PATH FORWARD FOR TSA PRE CHECK

                              ----------                              


                       Wednesday, March 25, 2015

             U.S. House of Representatives,
           Subcommittee on Transportation Security,
                            Committee on Homeland Security,
                                                    Washington, DC.
    The subcommittee met, pursuant to call, at 2:06 p.m., in 
Room 311, Cannon House Office Building, Hon. John Katko 
[Chairman of the subcommittee] presiding.
    Present: Representatives Katko, Rogers, Carter, Walker, 
Rice, and Thompson.
    Also present: Representatives Ratcliffe, Keating, and 
Jackson Lee.
    Mr. Katko. The Committee on Homeland Security, Subcommittee 
on Transportation Security, will come to order. The 
subcommittee is meeting today to examine TSA's PreCheck 
program. I now recognize myself for an opening statement.
    I would like to thank our witnesses for their participation 
in this hearing. We know your time is valuable, and we 
appreciate you taking the time to be here today to discuss the 
future of TSA's PreCheck program.
    At the outset, I would like to express my sincerest concern 
for the victims who were attacked last Friday night at Louis 
Armstrong New Orleans International Airport. Transportation 
Security officers have the important responsibility of securing 
our Nation's aviation systems, and once again we have seen TSA 
and law enforcement personnel act swiftly and, more 
importantly, bravely to protect passengers from a security 
threat at the checkpoint. I commend them all for that.
    I commend also the TSA and law enforcement personnel in New 
Orleans, as well as at airports across the country, for their 
service and dedication to keeping the traveling public safe.
    Over the last 3 years, TSA has adopted a more common-sense, 
risk-based approach to passenger screening through the 
implementation of its PreCheck program. Since its inception, 
TSA PreCheck has garnered a positive response from both 
passengers and transportation security industry stakeholders 
from moving away from a one-size-fits-all approach to aviation 
security. TSA PreCheck has fundamentally changed the way 
Americans think about passenger screening in a post-9/11 world, 
and I believe it should continue to expand.
    However, in order to do so, this program must grow and 
mature in a manner that saves taxpayers' dollars while also 
improving the experience of the traveling public and reducing 
security risks to aviation.
    Growth in PreCheck should not be at the expense of any of 
these core objectives, and I am concerned that several 
initiatives related to expansion of TSA PreCheck do not meet 
these criteria.
    One such initiative is the Managed Inclusion program, which 
involves conducting a real-time threat assessment to identify 
passengers who are eligible for TSA PreCheck on a flight-by-
flight basis through the use of such tools as passenger 
screening canine teams, explosives trace detection technology, 
and behavior detection officers.
    While this program may help reduce wait times and increase 
utilization of TSA PreCheck lanes, it has not been shown to 
improve the experience of travelers or reduce risks to 
aviation.
    On the contrary, passengers that go through TSA PreCheck 
enrollment process and pay $85 for expedited screening are not 
seeing the benefits that were promised to them. This is largely 
due to the fact that passengers who did not enroll and are 
unfamiliar with TSA PreCheck are being ushered into expedited 
screening lanes through Managed Inclusion with little to no 
information about the expedited screening process.
    The experience for many of these travelers is, at best, 
confusing and, at worst, infuriating when TSO screeners act as 
though travelers who have been conditioned for over a decade to 
take their shoes and belts off should suddenly know to leave 
them on.
    In addition to the poor and confusing experience many 
travelers face due to Managed Inclusion, serious questions 
remain as to overall effectiveness of the program at detecting 
threats.
    The Government Accountability Office released a report in 
December 2014 and found that TSA failed to comprehensively test 
Managed Inclusion's security effectiveness. Rather, TSA has 
tested the effectiveness of individual Managed Inclusion 
security layers, but has not yet tested the security 
effectiveness of the overall Managed Inclusion process as it 
functions as a whole.
    TSA's failure to conduct such testing leaves us without an 
accurate assessment of the program's performance. While TSA has 
cited the random nature of the Managed Inclusion program as a 
positive, I believe that the benefits of this unpredictable 
program have not been shown to outweigh the potential risks. 
Simply put, TSA should not continue operating Managed Inclusion 
if it does not address the issues I have just outlined.
    Finally, we have recently learned that a convicted felon 
and former member of a domestic terror organization was allowed 
to utilize PreCheck screening as part of TSA's risk assessment 
program. Risk assessment determines PreCheck eligibility by 
using risk algorithms built into TSA's Secure Flight system and 
grants certain passengers PreCheck status on a flight-by-flight 
basis.
    In this instance, we understand that, even though the 
traveler document-checker recognized the individual from media 
reports, a TSA supervisor allowed the passenger to proceed 
through PreCheck screening. We must be wary not to become 
complacent at screening checkpoints because of PreCheck, and it 
is important that screening officers are empowered to use their 
better judgment in the screening process.
    Fortunately, we all share the same goal, which is to 
protect the millions of passengers who use our Nation's 
critical transportation systems every day. With this in mind, 
the subcommittee looks forward to today's important dialogue on 
how to enhance risk-based security going forward.
    [The statement of Chairman Katko follows:]
                    Statement of Chairman John Katko
                             March 25, 2015
    I would like to thank our witnesses for their participation in this 
hearing. We know your time is valuable, and we appreciate you taking 
the time to be here today to discuss the future of TSA's 
PreCheckTM program.
    At the outset, I would like to express my sincerest concern for the 
victims who were attacked last Friday night at Louis Armstrong New 
Orleans International Airport. Transportation Security officers have 
the important responsibility of securing our Nation's aviation systems, 
and, once again, we have seen TSA and law enforcement personnel act 
swiftly and bravely to protect passengers from a security threat at the 
checkpoint. I commend the TSA and law enforcement personnel in New 
Orleans, as well as at airports across the country, for their service 
and dedication to keeping the traveling public safe.
    Over the last 3 years, TSA has adopted a more common-sense, risk-
based approach to passenger screening through the implementation of its 
PreCheckTM program. Since its inception, TSA 
PreCheckTM has garnered a positive response from both 
passengers and transportation industry stakeholders for moving away 
from a one-size-fits-all approach to aviation security. TSA 
PreCheckTM has fundamentally changed the way Americans think 
about passenger screening in a post-9/11 world, and I believe it should 
continue expanding. However, in order to do so, this program must grow 
and mature in a manner that saves taxpayer dollars while also improving 
the experience of the traveling public and reducing security risks to 
aviation. Growth in PreCheckTM should not be at the expense 
of any of these core objectives, and I am concerned that several 
initiatives related to expansion of TSA PreCheckTM do not 
meet these criteria.
    One such initiative is TSA's Managed Inclusion program, which 
involves conducting a ``real-time'' threat assessment to identify 
passengers who are eligible for TSA PreCheckTM on a flight-
by-flight basis through the use of such tools as passenger screening 
canine teams, explosives trace detection technology, and behavior 
detection officers. While this program may help reduce wait times and 
increase utilization of TSA PreCheckTM lanes, it has not 
been shown to improve the experience of travelers or reduce risks to 
aviation.
    On the contrary, passengers who go through the TSA 
PreCheckTM enrollment process and pay $85 for expedited 
screening are not seeing the benefits that were promised to them; this 
is largely due to the fact that passengers who did not enroll and are 
unfamiliar with TSA PreCheckTM are being ushered into 
expedited screening lanes through Managed Inclusion with little-to-no 
information about the expedited screening process. The experience for 
many of these travelers is at best confusing and at worst infuriating 
when TSA screeners act as though travelers who have been conditioned 
for over a decade to take their shoes and belts off should suddenly 
know to leave them on.
    In addition to the poor and confusing experience many travelers 
face due to Managed Inclusion, serious questions remain as to the 
overall effectiveness of the Managed Inclusion program at detecting 
threats. The Government Accountability Office (GAO) released a report 
in December 2014 and found that TSA failed to comprehensively test 
Managed Inclusion's security effectiveness. Rather, TSA has tested the 
effectiveness of individual Managed Inclusion security layers but has 
not yet tested the security effectiveness of the overall Managed 
Inclusion process as it functions as a whole. TSA's failure to conduct 
such testing leaves us without an accurate assessment of the program's 
performance. While TSA has cited the random nature of the Managed 
Inclusion program as a positive, I believe that the benefits of this 
unpredictable program have not yet been shown to outweigh the potential 
risks. Simply put, TSA should not continue operating Managed Inclusion 
if it does not address the issues I have just outlined.
    Finally, we recently learned that a convicted felon and former 
member of a domestic terror organization was allowed to utilize 
PreCheckTM screening as part of TSA's Risk Assessment 
program. Risk Assessment determines PreCheckTM eligibility 
by using risk algorithms built into TSA's Secure Flight system and 
grants certain passengers PreCheckTM status on a flight-by-
flight basis. In this instance, we understand that even though the 
Travel Document Checker recognized the individual from media reports, a 
TSA supervisor allowed the passenger to proceed through 
PreCheckTM screening. We must be wary not to become 
complacent at screening checkpoints, because of PreCheckTM, 
and it is important that screening officers are empowered to use their 
better judgment in the screening process.
    Fortunately, we all share the same goal, which is to protect the 
millions of passengers who use our Nation's critical transportation 
systems every day. With this in mind, the subcommittee looks forward to 
today's important dialogue on how to enhance risk-based security, going 
forward.

    Mr. Katko. I would like to thank each of you for being here 
today; before we get to your statements, I want to introduce 
the Ranking Minority Member of the subcommittee, the 
gentlewoman from New York, Miss Rice, for any statements she 
may have.
    Miss Rice. Thank you, Mr. Chairman.
    I want to thank you for convening this hearing, first and 
foremost.
    Before I begin, I want to take a moment to note the 
disturbing incident that occurred at Louis Armstrong New 
Orleans International Airport last Friday when an individual 
assaulted multiple TSA officers with wasp spray and a machete.
    It is a chilling reminder of the risks Transportation 
Security officers face every single day on the front lines of 
the effort to protect passengers and maintain the security of 
our Nation's aviation sector. It is a difficult, dangerous, and 
often thankless job.
    But I want you to know--and I feel safe saying I speak for 
everyone up here--that our thoughts and prayers and our 
gratitude are with you all. I also want you to know that we are 
committed to developing solutions to enhance the security at 
our checkpoints for your safety as well as that of the 
passengers you protect.
    Mr. Chairman, I want to thank you for convening this 
important hearing today so that we can examine the TSA PreCheck 
program. The TSA PreCheck program, as I understand it, is one 
of TSA's risk-based initiatives aiming to maintain effective 
security while also maximizing efficiency.
    When the Aviation and Transportation Security Act became 
law, it authorized TSA to establish requirements to implement 
trusted passenger programs and use available technologies to 
expedite the security screening of passengers who participate 
in such programs.
    This allows the TSA to vet passengers on the front end 
through the PreCheck application process. Those passengers can 
go through expedited screening, and TSA can allocate resources 
on the ground to focus on travelers who we know less about or 
suspect of criminal intent.
    I understand that more than 1 million people have now 
voluntarily submitted their biographic information in order to 
participate in this trusted traveler program. That makes sense 
to me. It seems like an appropriate balance between 
effectiveness and efficiency.
    But I also understand that certain populations who have not 
undergone this vetting on the front end are, nonetheless, 
sometimes permitted to use the expedited PreCheck screening 
lanes. That is something that doesn't make sense to me. It 
suggests to me that the balance sometimes tips maybe too far 
towards efficiency and maybe at the expense of effective 
security. But I am looking forward to hearing the comments of 
all of the panelists.
    Certainly that was the case when a convicted felon and 
former member of a domestic terrorist organization was 
permitted to use a PreCheck lane, as we learned from last 
week's report by the Department of Homeland Security's Office 
of Inspector General. That kind of breach is simply 
inexcusable.
    Of course, it is beneficial to use PreCheck so that we can 
concentrate our resources on passengers who are unknown to us 
and pose the highest potential risk. But when a passenger such 
as this individual who was known to us and clearly posed 
enormous risk is given access to the PreCheck lane, it demands 
that we take a hard look at the methods being used to calculate 
that risk.
    So that is why we are here today, to examine the risks of 
expanding PreCheck beyond pre-vetted, pre-approved passengers, 
to reassess the methodology used to assign a person to a given 
risk category, and to ensure that we never allow the pursuit of 
efficiency to compromise security.
    I look forward to hearing from all of the witnesses here 
today. I also want you to know that we are currently working 
with Ranking Member Thompson on legislation that will be 
introduced, and our hope is that the information we gather 
through today's hearing will better inform that measure.
    With that, Mr. Chairman, I thank all of the witnesses for 
joining us today and yield back the balance of my time.
    [The statement of Ranking Member Rice follows:]
              Statement of Ranking Member Kathleen M. Rice
                             March 25, 2015
    Thank you, Mr. Chairman. Thank you for convening this hearing. 
Before I begin, I want to take a moment to note the disturbing incident 
that occurred at Louis Armstrong New Orleans International Airport last 
Friday, when an individual assaulted multiple Transportation Security 
officers with wasp spray and a machete. It's a chilling reminder of the 
risks Transportation Security officers face every single day on the 
front lines of the effort to protect passengers and maintain the 
security of our Nation's aviation sector.
    It's a difficult, dangerous, and often thankless job--but I want 
you to know our thoughts, our prayers, and our gratitude are with you 
all. I also want you to know that we are committed to developing 
solutions to enhance the security at our checkpoints--for your safety 
as well as that of the passengers you protect.
    Mr. Chairman, I thank you for convening this important hearing 
today so that we can examine the TSA PreCheck Program. The TSA PreCheck 
Program, as I understand it, is one of TSA's risk-based initiatives, 
aiming to maintain effective security while also maximizing efficiency.
    When the Aviation and Transportation Security Act became law, it 
authorized TSA to ``establish requirements to implement trusted 
passenger programs and use available technologies to expedite the 
security screening of passengers who participate in such programs.''
    This allows TSA to vet passengers on the front end through the 
PreCheck application process. Those passengers can go through expedited 
screening, and TSA can allocate resources on the ground to focus on 
travelers who we know less about, or suspect of criminal intent.
    I understand that more than 1 million people have now voluntarily 
submitted their biographic information in order to participate in this 
trusted traveler program. That makes sense to me--that seems like an 
appropriate balance between effectiveness and efficiency.
    But I also understand that certain populations who have NOT 
undergone this vetting on the front end are, nonetheless, sometimes 
permitted to use the expedited PreCheck screening lanes. That doesn't 
make sense to me--that suggests to me that the balance sometimes tips 
too far towards efficiency, maybe at the expense of effective security.
    Certainly, that was the case when a convicted felon and former 
member of a domestic terrorist organization was permitted to use a 
PreCheck lane, as we learned from last week's report by the Department 
of Homeland Security's Office of Inspector General. That kind of breach 
is simply inexcusable.
    Of course it's beneficial to use PreCheck so that we can 
concentrate our resources on passengers who are unknown to us and pose 
the highest potential risk. But when a passenger such as this 
individual--who WAS known to us and clearly posed enormous risk--is 
given access to the PreCheck lane, it demands that we take a hard look 
at the methods being used to calculate that risk.
    So that's why we're here today--to examine the risks of expanding 
PreCheck beyond pre-vetted, pre-approved passengers; to reassess the 
methodology used to assign a person to a given risk category; and to 
ensure that we never allow the pursuit of efficiency to compromise 
security.
    I look forward to hearing from Mr. Fletcher--his testimony mentions 
that TSA is currently working to expand PreCheck to other low-risk 
populations. I'm eager to hear about those efforts, and about what 
methodology can ensure that these populations are indeed low-risk and 
don't pose a threat to our aviation security.
    I want to thank Inspector General Roth for being here and for his 
report last week on the security breach I mentioned earlier. I look 
forward to hearing more details about how this incident transpired, as 
well as his recommendations on how we can prevent such a breach from 
ever occurring in the future.
    I would also like to thank Jennifer Grover for being here to 
represent the Government Accountability Office, which has compiled a 
significant body of work regarding the use of risk-based security.
    I look forward to hearing from Ms. Grover and Inspector General 
Roth about the security implications of expanding the use of PreCheck 
expedited screening beyond passengers who have undergone the 
application process, as well as their recommendations for how we can 
make this program more secure going forward.
    We are currently working with Ranking Member Thompson on 
legislation that will be introduced, and our hope is that the 
information we gather through todays' hearing will better inform that 
measure.
    With that Mr. Chairman, I thank all of the witnesses for joining us 
today, and yield back the balance of my time.

    Mr. Katko. Thank you, Miss Rice.
    I want to now recognize the Ranking Minority Member of the 
full committee, the gentleman from Mississippi, Mr. Thompson, 
for any statement he may have.
    I want to note preliminarily, though, that Mr. Thompson is 
a very busy man, and it is an honor and it is a pleasure to 
have him here. I really very much appreciate his input and 
guidance on this subject matter. So thank you very much.
    Mr. Thompson. Thank you very much, Mr. Chairman. Thank you 
for holding today's hearing.
    I appreciate the subcommittee's willingness to take a hard 
look at the security vulnerabilities associated with how the 
Transportation Security Administration is administering the 
PreCheck program.
    As a frequent flyer, I have long believed that TSA should 
have a trusted traveler program where individuals identified as 
low-risk travelers are provided expedited airport security 
screening.
    When TSA was established in 2001, Congress granted TSA the 
authority to establish a trusted traveler program. However, as 
many of you may recall, it took years for TSA to get over its 
initial reluctance about modifying its screening operations for 
vetted trusted travelers.
    Former TSA Administrator John Pistole deserves great credit 
for recognizing the potential of a trusted traveler program and 
integrating the PreCheck program into TSA's risk-based airport 
screening operations. It just makes good sense to provide 
expedited screening to passengers who have voluntarily 
submitted biographical information and fingerprints and have 
been fully vetted.
    Today there are 1 million known low-risk travelers in the 
PreCheck program. That is a good start. But given that about 2 
million people fly every day, TSA needs to continue working to 
bring more Americans into the PreCheck program.
    That said, the focus of today's hearing is not on the 
vetted population that are legitimately low-risk and receive 
expedited screening. It is on what TSA has called their real-
time intelligence-based methods for identifying passengers on a 
trip-by-trip basis for expedited physical screening.
    The so-called Managed Inclusion program and the other real-
time screening methods that TSA is currently employing at our 
Nation's airports have not been scientifically validated as 
effective security approaches.
    Further, as both the Department's own inspector general and 
comptroller general have independently found, these approaches 
create security vulnerabilities.
    Last week the inspector general released a report about a 
very troubling incident involving a traveler who was granted 
enhanced security screening. Suffice it to say, the terrorist 
and criminal history of the traveler involved should have 
resulted in TSA determining that enhanced security screening 
was in order, not expedited screening.
    This is just one incident. I am sure it would have never 
come to light if not for the courageous TSA employee who came 
forward to report it, commonly referred to as a whistle-blower.
    This incident begs the question: Are these procedures 
appropriately designed to ensure that a person who actually 
presents a security risk is not given lighter screening? I have 
no confidence, based on the public and Classified information I 
have seen, that this is the case. As such, I believe that this 
situation demands legislative action.
    To this end, together with Chairman Katko and Ranking 
Member Rice, I will be introducing legislation to address these 
known vulnerabilities regarding expedited screening. It is 
important that there is not a permanent leader at TSA to 
address the security vulnerabilities that have come to light.
    I look forward to working with the leadership of this 
subcommittee to bring our concerns to the attention of Acting 
Administrator Mel Carraway to get timely action to address the 
security vulnerabilities.
    With that, Chairman and Ranking Member, I thank you for 
your prompt attention to this critical security matter and 
yield back.
    [The statement of Ranking Member Thompson follows:]
             Statement of Ranking Member Bennie G. Thompson
                             March 25, 2015
    I thank Chairman Katko for holding today's hearing.
    I appreciate the subcommittee's willingness to take a hard look at 
the security vulnerabilities associated with how the Transportation 
Security Administration is administering the PreCheck program. As a 
frequent flier, I have long believed that TSA should have a trusted 
traveler program where individuals identified as ``low-risk travelers'' 
are provided expedited airport security screening.
    When TSA was established in 2001 Congress granted TSA the authority 
to establish a trusted traveler program. However, as many of you may 
recall, it took years for TSA to get over its initial reluctance about 
modifying its screening operations for vetted, trusted travelers.
    Former TSA Administrator John Pistole deserves great credit for 
recognizing the potential of a trusted traveler program and integrating 
the PreCheck program into TSA's risk-based airport screening 
operations. It just makes sense to provide expedited screening to 
passengers who have voluntarily submitted biographical information and 
fingerprints and have been fully vetted.
    Today, there are 1 million known low-risk travelers in the PreCheck 
program. That's a good start but given that about 2 million people fly 
every day, TSA needs continue working to bring more Americans into the 
PreCheck program.
    That said, the focus of today's hearing is not on the vetted 
population that are legitimately ``low-risk'' and receive expedited 
screening. It is on what TSA has called their ``real-time/intelligence-
based methods'' for identifying passengers, on a trip-by-trip basis, 
for expedited physical screening.
    The so-called ``Managed Inclusion'' program and the other real-time 
screening method that TSA is currently employing at our Nation's 
airports have not been scientifically validated as effective security 
approaches.
    Further, as both the Department's own Inspector General and the 
Comptroller General have independently found, these approaches create 
security vulnerabilities.
    Last week, the Inspector General released a report about a very 
troubling incident involving a traveler who was granted enhanced 
security screening. Suffice as to say, the terrorist and criminal 
history of the traveler involved should have resulted in TSA 
determining that enhanced security screening was in order, not 
expedited screening.
    This is just one incident and I am sure it would have never come to 
light if not for the courageous TSA employee who came forward to report 
it. This incident begs the question, are these procedures appropriately 
designed to ensure that a person who actually present a security risk 
is not given lighter screening?
    I have no confidence, based on the public and Classified 
information I have seen, that this is the case. As such, I believe that 
the situation demands legislative action.
    To that end, together with Chairman Katko and Ranking Member Rice, 
I will be introducing legislation to address these known 
vulnerabilities regarding expedited screening. It is unfortunate that 
there is not a permanent leader at TSA to address the security 
vulnerabilities that have come to light.
    I look forward to working with the leadership of this subcommittee 
to bring our concerns to attention of Acting Administrator Mel Carraway 
and to get timely action to address the security vulnerabilities.
    With that, I yield back and thank Chairman Katko and Ranking Member 
Rice for their prompt attention to this critical security matter.

    Mr. Katko. Thank you, Mr. Thompson.
    Other Members of the committee are reminded that opening 
statements may be submitted for the record.
    [The statement of Hon. Jackson Lee follows:]
               Statement of Honorable Sheila Jackson Lee
                             March 25, 2015
    I thank Chairman John Katko and Ranking Member Rice for holding 
this morning's hearing on ``Risk-Based Security: Assessing the Path 
Forward for TSA PreCheck.''
    I welcome and thank today's witnesses: Mr. Kenneth Fletcher, chief 
risk assessment officer with the Transportation Security 
Administration; Mr. John Roth, the inspector general for the Department 
of Homeland Security; and Ms. Jenny Grover, director of homeland 
security and justice section, Government Accountability Office.
    I want to offer my well wishes to Senior Transportation Security 
Officer Carol Richel for a speedy and complete recovery.
    Officer Richel was attacked last Friday by an assailant with a 
machete at the B Concourse of the Louis Armstrong New Orleans 
International Airport.
    Officer Richel was transported to a local hospital, thankfully, 
with non-life-threatening injuries and since has been released.
    She was grazed by a bullet as a Jefferson Parrish Sheriffs deputy 
fired shots during the attack.
    The assailant also sprayed what is believed to be wasp repellent at 
three other TSA officers. During the attack, three other officers were 
sprayed by the assailant with the same substance.
    This is the latest case that reflects the potential danger that TSA 
officers face and the need to assure that air travel safety is the best 
that is can be.
    Today's hearing comes as a result of the report released last week 
entitled ``Allegation of Granting Expedited Screening through TSA 
PreCheck Improperly'' investigated a whistleblower allegation that a 
former member of a domestic terrorist group and convicted felon was 
cleared for PreCheck screening through the TSA's Secure Flight program.
    While I understand that expedited screening is an interest of the 
traveling public, it should not be employed at the expense of security.
    This new report comes just after a December Government 
Accountability Office report on PreCheck and problems with the Managed 
Inclusion program.
    Both these reports illustrate shortcomings with the methods TSA 
uses to identify low-risk passengers and demand a legislative response.
    As a senior Member of this committee and former Chair of the 
Homeland Security's Subcommittee on Transportation Security the 
establishment and security of the TSA PreCheck program is of great 
interest.
    Although the OIG Report found that TSA did not grant the traveler 
in question TSA PreCheck screening through the TSA PreCheck 
``Application Program'' or Managed Inclusion (MI). TSA did grant the 
traveler TSA PreCheck screening through risk assessment rules in the 
Secure Flight program, which is very concerning.
    This passenger had a felony conviction for murder and offenses 
related to a domestic terrorist organization that involved explosives.
    I have introduced H.R. 48, the No Fly For Foreign Fighters Act of 
2015, legislation that will help keep foreign fighters and terrorists 
from entering our country through an American airport.
    Specifically, the No Fly for Foreign Fighters Act requires the 
director of the Terrorist Screening Center to review the completeness 
of the Terrorist Screening Database and the terrorist watch list 
utilized by the Transportation Security Administration to determine if 
an individual who may seek to board a U.S.-bound or domestic flight, 
and who poses a threat to aviation or National security or a threat of 
terrorism and is known or suspected of being a member of a foreign 
terrorist organization, is included in the database and on such watch 
list.
    I am pleased that Ranking Member Thompson is now preparing 
legislation to ensure that the approach TSA uses to identify low-risk 
passengers does not create security gaps. I look forward to working 
with him and the rest of the committee to ensure the PreCheck is a safe 
and credible program.
    The OIG report, which the subject of this morning's hearing, 
reached the conclusion that TSA awarded PreCheck screening to unknown 
passengers, creates aviation security vulnerability.
    The TSO who came in contact with the traveler had personal 
knowledge of the felony conviction did not feel empowered to redirect 
the traveler from the TSA PreCheck screening to standard lane 
screening.
    The TSO is reported to have believed that supervisors and 
Behavioral Detection Officers (BDOs) had the discretion to make a 
decision to redirect a traveler, but the TSO did not think he had that 
authority.
    The OIG recommends that TSA modify standard operating procedures to 
clarify that TSOs and supervisory TSOs are authorized to refer 
passengers with TSA PreCheck boarding passes to standard screening 
lanes when they believe the passenger may be a threat to transportation 
security.
    The formal application process for TSA PreCheck requires a formal 
application and the collection of biographic information and 
fingerprints to be checked against intelligence, law enforcement, and 
immigration automated data systems to determine PreCheck eligibility.
    TSA will deny membership into the PreCheck program if the applicant 
is confirmed to be a match to an intelligence-based data system, 
convicted of any of the 28 disqualifying criminal offenses, or not a 
U.S. citizen or lawful permanent resident.
    The incident recounted in the OIG report over the last few days has 
generated a great deal media and public attention regarding the 
integrity of the program.
    The Aviation and Transportation Security Act (ATSA), 49 U.S.C. 
Statute 114(e) is the law establishing the TSA as the agency to 
coordinate security for all forms of domestic transportation, including 
aviation, rail, and other surface transportation, as well as maritime 
transportation.
    A provision of the ATSA directs the TSA to ``established standards 
to implement trusted passenger programs and adopted protocols and 
technologies to expedite security screening of passengers who 
participated in the program.''
    The Registered Traveler program was a result of this provision of 
the law.
    At the core of TSA's efforts in PreCheck is the idea of focusing 
scrutiny on ``high-risk'' passengers, while simultaneously reducing the 
hassle factor for ``low-risk'' travelers.
    This is an important aspect of what TSA does to assure air travel 
security, but what is allowed on flights is also a critical component 
of travel safety.
    On March 5, 2013, TSA publicly announced its decision to permit 
passengers, to bring previously-banned items in their carry-on baggage 
when boarding flights.
    I sponsored an amendment to the Fiscal Year Homeland Security 
Appropriations Act that successfully blocked the reintroduction of 
knives on commercial aircraft.
    The list of prohibited items that would be permitted included 
hockey or lacrosse sticks, golf clubs, and, most alarmingly, small 
knives.
    I heard from flight attendants, air marshals, pilots, passengers, 
TSA screeners, and airlines who are unequivocal in their unified view 
that allowing knives to be brought into the cabin of passenger planes 
is dangerous, unnecessary, and irresponsible.
    Because of the level of concern regarding this important issue I 
led a successful bipartisan effort that led the TSA to reverse its 
decision.
    Getting air transportation security right requires a partnership 
between the TSA, members of the Homeland Security Committee.
    I am happy to join with Members of the committee in working with 
the TSA to improve air travel security.
    I thank today's witnesses and look forward to their testimony.
    Thank you.

    Mr. Katko. We are pleased to have a distinguished panel of 
witnesses before us today on this important topic.
    Let me remind the witnesses that their entire written 
statements will appear in the record.
    Our first witness, the Honorable John Roth, assumed the 
post of inspector general of the Department of Homeland 
Security on March 10, 2014. Previously, Mr. Roth served as the 
director of criminal investigations at the Food and Drug 
Administration.
    Prior to that, he had a long and distinguished career with 
the Department of Justice, beginning in 1987 as assistant U.S. 
attorney for the Eastern District of Michigan. I will note that 
Mr. Roth had excellent on-the-job training at the Narcotic and 
Dangerous Drug Section, doing very complex organized cases, as 
did I.
    So welcome today, Mr. Roth.

 STATEMENT OF JOHN ROTH, INSPECTOR GENERAL, U.S. DEPARTMENT OF 
                       HOMELAND SECURITY

    Mr. Roth. Good afternoon, Chairman Katko, Ranking Member 
Rice, Mr. Thompson, and Members of the subcommittee. Thank you 
for inviting me here today to testify about TSA's PreCheck 
initiative. My public testimony today will focus only on the 
Unclassified portions of our recent inspection reports.
    The majority of what we found is either Classified at the 
Secret level or contains Sensitive Security Information. I look 
forward to discussing the complete results and recommendation 
of our reports in greater detail once we move into the closed 
session.
    In October 2011, TSA piloted PreCheck at four airports. 
After that program ended in 2012, Congress directed TSA to 
certify by the end of December 2013 that 25 percent of air 
passengers are eligible for expedited screening without 
lowering security standards. Congress also directed TSA to 
outline a strategy to increase the number of air passengers 
eligible for expedited screening to 50 percent by the end of 
December 2014.
    To accomplish these goals, TSA did the following:
    First, it granted some Government-vetted or known 
populations PreCheck eligibility.
    Second, it deployed Managed Inclusion to allow the general 
public opportunities to receive PreCheck benefits.
    Third, it implemented risk assessment rules to allow others 
to receive PreCheck eligibility.
    Finally, it established the PreCheck application program 
for membership.
    These actions have resulted in a massive increase in the 
population eligible to receive PreCheck. Our audits assessed 
the PreCheck initiative to determine, first, what processes and 
procedures TSA uses to vet program applicants properly; second, 
how TSA assesses member continued eligibility; and, third, how 
TSA tests is process for effectiveness and timeliness.
    We conducted field work on this from January to June 2014. 
We determined that, as a concept, PreCheck is a positive step 
towards risk-based security screening. However, TSA needs to 
modify PreCheck vetting and security processes. We also 
determined that PreCheck communication and coordination need 
improvement. Our specific findings are either Classified or 
contain Sensitive information.
    In addition, we responded to a whistle-blower disclosure 
concerning the use of the risk-based rule by the TSA Secure 
Flight program that may create a gap in aviation security. The 
inspection results of that are likewise SSI and have been 
delivered to the subcommittee.
    Finally, to further illustrate the need for modification of 
PreCheck vetting and screening processes, we issued a letter 
report this month that found a notorious felon convicted of 
domestic terrorism crimes was granted PreCheck as a result of 
TSA's risk assessment rules. We reviewed the allegation after 
receiving information alleging the convicted felon was 
improperly cleared for PreCheck screening.
    We are naturally concerned that, as evidenced by this 
incident, such rules are inadequate to ensure only low-risk 
populations receive PreCheck screening. As a result, we 
recommended TSA limit PreCheck screening to known passengers 
that TSA itself or other trusted Government partners had 
determined are members of trusted populations.
    We are concerned about TSA's response to our findings. TSA 
has not accepted the majority of our recommendations.
    Chairman Katko, this concludes my prepared statement. I 
welcome any questions that you or other Members of the 
subcommittee may have.
    [The prepared statement of Mr. Roth follows:]
                    Prepared Statement of John Roth
                             March 25, 2015
    Good afternoon Chairman Katko, Ranking Member Rice, and Members of 
the subcommittee. Thank you for inviting me here today to testify about 
the Transportation Security Administration (TSA) PreCheckTM 
initiative.
    My testimony today will focus on the Unclassified and non-Sensitive 
Security Information (SSI) results of our two recent inspection 
reports.\1\ I look forward to discussing the complete results and 
recommendations of our reports in greater detail once we move into the 
closed session. In general, we concluded that while TSA 
PreCheckTM is a positive step toward risk-based security 
screening, modifications are necessary. We made a number of 
recommendations to TSA to improve the PreCheckTM initiative.
---------------------------------------------------------------------------
    \1\ Security Enhancements Needed to the TSA PreCheckTM 
Initiative, OIG-15-29, January 2015. Allegation of Granting Expedited 
Screening through TSA PreCheckTM Improperly (OSC File NO. 
DI-14-3679), OIG-15-45, March 2015.
---------------------------------------------------------------------------
                               background
    The Aviation and Transportation Security Act of 2001 authorizes TSA 
to implement trusted passenger programs and use available technologies 
to expedite security screening of participating passengers. The intent 
is to allow airport security personnel the ability to focus more 
extensive screening on higher-risk and unknown populations. The TSA 
PreCheckTM trusted traveler initiative is a component of 
TSA's intelligence-driven, risk-based security approach to identify 
low-risk passengers for expedited airport checkpoint screening.
    In October 2011, TSA piloted TSA PreCheckTM at four 
airports. In the pilot, TSA partnered with Delta Air Lines and American 
Airlines to allow their frequent flyers to participate. TSA also 
partnered with the U.S. Customs and Border Protection (CBP) Trusted 
Traveler Programs during the pilot to identify eligible members to 
participate. TSA considers CBP Trusted Traveler Programs members a low-
risk population because they undergo background checks prior to 
enrollment.
    After the pilot program ended in 2012, Congress directed TSA to 
certify by the end of December 2013 that 25 percent of air passengers 
are eligible for expedited screening without lowering security 
standards. Congress also directed TSA to outline a strategy to increase 
the number of air passengers eligible for expedited screening to 50 
percent by the end of December 2014. To accomplish these goals TSA, 
chronologically:
   Granted other Federal Government-vetted or ``known'' 
        populations TSA PreCheckTM eligibility.--Initial 
        eligible populations included frequent flyers, CBP Trusted 
        Travelers, National Intelligence Agencies, and Federal Judges. 
        Later, TSA extended eligibility to Members of Congress, Medal 
        of Honor recipients, U.S. military personnel, and other 
        populations.
   Deployed Managed Inclusion to allow the general public 
        opportunities to receive TSA PreCheckTM benefits.--
        TSA uses Managed Inclusion to regulate passenger throughput and 
        wait times during peak hours at airport security checkpoints. 
        When operating Managed Inclusion, TSA employs at some airports 
        tools and processes beyond regular TSA PreCheckTM 
        checkpoint screening procedures. TSA Behavioral Detection 
        Officers and Passenger Screening Canine Teams conduct real-time 
        threat assessments on unknown passengers to determine their 
        eligibility for TSA PreCheckTM screening. In 
        addition, Transportation Security officers use explosive trace 
        detection swabbing and random generator technology to assess 
        and direct passengers, respectively. However, these additional 
        tools are not in place at every airport operating Managed 
        Inclusion. Furthermore, we and GAO have questioned the efficacy 
        of some of these tools.
   Implemented risk assessment rules.--These rules contain SSI.
   Established the TSA PreCheckTM Application 
        Program for membership.--The application program allows U.S. 
        citizens and Lawful Permanent Residents to apply on-line and at 
        TSA PreCheckTM enrollment centers. The non-
        refundable application fee is $85.00 and approved membership is 
        valid for 5 years. TSA incorporated the TSA 
        PreCheckTM Application Program into its existing 
        security threat assessment vetting system for the 
        Transportation Worker Identification Credential and Hazardous 
        Materials Endorsement and adopted the disqualifying offenses 
        for these programs. The TSA PreCheckTM application 
        process requires applicants to provide their biographic 
        information and immigration status on-line or in-person at an 
        enrollment center. Applicants also respond to questions 
        regarding 28 disqualifying criminal offenses. All applicants 
        must visit an enrollment center to provide identity documents 
        and have their fingerprints captured. TSA checks this 
        information against the U.S. Government watch list, criminal 
        records, and immigration data systems.
                         results of our review
    We assessed the TSA PreCheckTM initiative to determine: 
(1) What processes and procedures exist to ensure TSA vets program 
applicants properly; (2) how TSA assesses member continued eligibility; 
and (3) how TSA tests its processes for effectiveness and timeliness. 
We conducted fieldwork from January 2014 to June 2014.
    We determined that, as a concept, TSA PreCheckTM is a 
positive step towards risk-based security screening. However, TSA needs 
to modify TSA PreCheckTM vetting and screening processes. We 
also determined that TSA PreCheckTM communication and 
coordination need improvement.
    In addition, we responded to a whistleblower disclosure concerning 
the use of a risk-based rule by the TSA Secure Flight program that may 
create a gap in aviation security. The inspection results are SSI and 
have been delivered to this subcommittee.
    To further illustrate the need for modification of TSA 
PreCheckTM vetting and screening processes, we issued a 
letter report this month that found a notorious felon convicted of 
domestic terrorism crimes was granted TSA PreCheckTM 
screening through Secure Flight risk assessment rules. We reviewed the 
allegation after the U.S. Office of Special Counsel received a 
whistleblower disclosure alleging the convicted felon was improperly 
cleared for TSA PreCheckTM screening.
    We determined TSA did not grant the convicted felon TSA 
PreCheckTM screening through the TSA PreCheckTM 
Application Program or Managed Inclusion, but rather, through risk 
assessment rules. Specifically, the Transportation Security Officer 
(TSO) in this case scanned the traveler's boarding pass and received a 
TSA PreCheckTM eligibility notification. The TSO knew of the 
traveler's disqualifying criminal conviction. The TSO followed the 
standard operating procedure and reported this to the supervisory TSO 
who then directed the TSO to take no further action and allow the 
traveler through the TSA PreCheckTM lane.
    As a result, we recommended TSA limit TSA PreCheckTM 
screening to known passengers that TSA determines to be members of 
trusted populations. We also determined the TSO followed standard 
operating procedures but did not feel empowered to redirect the 
traveler from TSA PreCheckTM screening to standard lane 
screening. We recommended TSA modify standard operating procedures to 
clarify TSO and supervisory TSO authority to refer passenger with TSA 
PreCheckTM boarding passes to standard screening lanes when 
they believe the passenger may be a threat to transportation security.
    We are concerned about TSA's response to our findings. In the first 
inspection report, we made 17 recommendations and TSA did not accept 
the majority of these recommendations. In the second inspection, we 
made three recommendations but TSA nonconcurred with two. We made two 
recommendations in the third report and TSA concurred with only one. We 
are disappointed that TSA did not concur with the majority of our 
recommendations, and we believe this represents TSA's failure to 
understand the gravity of the situation.
    Chairman Katko, this concludes my prepared statement. I welcome any 
questions that you or other Members of the subcommittee may have.

    Mr. Katko. Thank you, Mr. Roth. Obviously, your testimony 
will be somewhat limited until we get into the secure portion 
of the hearing. But, nonetheless, what you can talk about in 
the open hearing here, I appreciate your input. So thank you.
    We appreciate all of you being here today, of course.
    The second witness, Mr. Fletcher, is the chief risk officer 
at the Transportation Security Administration. In this new 
position, he is responsible for developing and driving the 
long-range strategic vision and objectives for TSA with respect 
to risk-based security and risk-managed activities and 
implementing risk management across all areas of the agency.
    The Chairman will now recognize Mr. Fletcher to testify.

      STATEMENT OF KENNETH FLETCHER, CHIEF RISK OFFICER, 
TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND 
                            SECURITY

    Mr. Fletcher. Thank you, sir.
    Good afternoon, Chairman Katko, Ranking Member Rice, and 
distinguished Members of the subcommittee. I appreciate the 
opportunity to appear before you today.
    As you have already noted, this hearing closely follows the 
second brazen attack on a TSA screening checkpoint in less than 
18 months. The heroic efforts of our law enforcement partners 
in New Orleans and a TSA workforce trained in responding to 
emergency situations prevented this incident from ending in 
tragedy.
    Acting Administrator Carraway traveled to New Orleans on 
Saturday to meet with and show support for TSA and law 
enforcement personnel and was inspired by the resilience of all 
involved.
    I am confident that I speak for all of TSA when I say thank 
you to all of the TSA law enforcement and airport personnel in 
New Orleans for their swift response to this senseless attack.
    Since its creation, TSA has focused on building and 
enhancing a multi-layered aviation security system, which 
includes a well-trained workforce, state-of-the-art 
technologies, intelligence analysis and information sharing, 
explosive detection canine teams, and the Federal Air Marshal 
Service.
    For nearly a decade, TSA applied these layers in a one-
size-fits-all approach where nearly every traveler was assessed 
as posing essentially the same level of risk. This equal risk 
philosophy started changing in late 2011, when TSA began 
implementing an intelligence-driven, risk-based approach to 
aviation security.
    Commercial aviation remains the target of terrorist groups 
who have proven intelligent and adaptive as demonstrated by 
their development of nonmetallic explosive devices designed to 
evade aviation security measures. These devices remain one of 
the most serious threats to aviation.
    One way to address this threat is to implement increasingly 
strict security requirements that of necessity become more 
invasive and cumbersome to travelers and then to apply these 
measures broadly to every passenger and their baggage.
    Another way to deal with this threat is by adopting the 
intelligence-driven risk-based approach reflected in more than 
three dozen policy decisions implemented by TSA over the last 4 
years.
    The idea of a risk-based approach to aviation security is 
by no means novel. TSA's founding legislation, the Aviation and 
Transportation Security Act, mentions creating a trusted 
traveler program, and the 9/11 Commission Report recommends TSA 
establish risk-based priorities to protect transportation 
assets and then adopt practical and cost-effective means while 
balancing security and civil liberties.
    Through our risk-based policies, TSA is able to deploy our 
limited security resources to more effectively manage risk by 
concentrating on higher-risk travelers and commerce while 
facilitating the legitimate movement of those deemed to 
represent lower risk.
    Effective risk management involves identifying, analyzing, 
and communicating risk and then deciding whether to accept, 
avoid, transfer, or control that risk to an acceptable level 
considering the associated costs and benefits of any actions 
taken.
    For TSA, effective risk management considers how to provide 
the most effective security in the most efficient way to 
enhance the value TSA provides to the American people as we 
fulfill our counterterrorism mission.
    As noted by the 9/11 Commission, perfection is 
unattainable. In my view, its pursuit is unsustainable. Risk 
management is not a no-risk approach. Trying to eliminate all 
risk results in poor security, unnecessarily burdens the 
aviation industry, and will create greater pressures on civil 
rights and liberties.
    A key component of our passenger screening approach is the 
TSA PreCheck application program launched in December 2013. 
Over the past 12 months, TSA has sustained a daily average 
enrollment volume of nearly 3,500 travelers, more than double 
our original projections. Last week we exceeded 1 million 
applications to the program.
    The enrollment potential is significantly greater. Recent 
U.S. Travel Association market research indicates that more 
than 15 million U.S. travelers not currently enrolled in the 
TSA PreCheck program are likely to enroll, with an additional 
21 million undecided. These 36 million travelers are our target 
market. The key to realizing this enrollment potential is the 
continued collaboration with private-sector partners across the 
travel and tourism industry.
    Our industry and stakeholder partners are vital to TSA's 
ability to implement risk-based security. Cooperation with and 
engagement by these partners was essential in helping TSA 
establish and expand the TSA PreCheck program, which now 
includes 11 airlines representing over 85 percent of domestic 
travelers, with nearly 530 TSA PreCheck screening lanes now 
operating at 133 airports Nation-wide.
    TSA plays an important role in partnerships with airports 
and airlines in securing our Nation's commercial aviation 
system and is committed to fielding responsive risk-based 
solutions that can enhance our current security posture.
    Thank you for the opportunity to testify today and for your 
interest and support of our risk-based security initiatives. I 
look forward to your questions.
    Thank you.
    [The prepared statement of Mr. Fletcher follows:]
                 Prepared Statement of Kenneth Fletcher
                             March 25, 2015
    Good afternoon Chairman Katko, Ranking Member Rice, and 
distinguished Members of the subcommittee. I appreciate the opportunity 
to appear before you today to discuss the Transportation Security 
Administration (TSA) PreCheckTM program.
    The primary mission of TSA is to secure our Nation's transportation 
systems, while ensuring freedom of movement for people and commerce. To 
fulfill this vital mission, TSA employs a multi-layered, risk-based 
approach to security through a well-trained workforce, state-of-the-art 
technologies, intelligence analysis and information sharing, explosives 
detection canine teams, Federal Air Marshals, Visible Intermodal 
Prevention and Response (VIPR) teams, and our industry partners who 
voluntarily adopt security improvements and comply with regulations. 
These initiatives help TSA focus resources on high-risk and unknown 
travelers and commerce, while facilitating the movement of travelers 
and commerce and enhancing the customer experience for the traveling 
public.
    The 9/11 Commission Report noted that the U.S. Government should 
set risk-based priorities to protect transportation assets, and 
implement the most practical and cost-effective programs to protect 
them. By applying a risk-based approach to security, TSA is able to 
employ resources with the greatest impact in reducing risk and 
enhancing the security of the traveling public and the Nation's 
transportation systems. Expedited screening for low-risk passengers is 
key to the success of RBS in aviation security. Through RBS measures, 
TSA increased the percent of passengers receiving some form of 
expedited screening from 9.6 percent in September 2013 to 50 percent by 
November 2014. This increase resulted in an overall average of 43.5 
percent of passengers receiving some form of expedited screening by TSA 
during 2014.
    Our approach to Risk-Based Security (RBS) is to effectively manage 
security risks to maximize the value TSA provides to the Nation in 
executing our security mission. The RBS measures implemented over the 
past 3 years have significantly increased our ability to move people 
through the checkpoint, requiring fewer resources than traditional 
screening operations. As a result, TSA has gained efficiencies through 
RBS initiatives, with savings totaling $319 million over the past 2 
years.
                         tsa pre check program
    In December 2013, TSA launched our TSA PreCheckTM 
application program, which is the cornerstone of our expedited 
screening efforts. TSA PreCheckTM was one of the first 
initiatives in TSA's shift toward a risk-based and intelligence-driven 
approach to security. Through this program, U.S. citizens and lawful 
permanent residents can apply directly to participate in TSA 
PreCheckTM and undergo a background check in order to become 
eligible for a period of 5 years. Passengers may qualify for the 
program either directly through the TSA's PreCheckTM 
application program, or through the U.S Customs and Border Protection's 
Global Entry program.
    TSA has worked closely with U.S. and foreign airlines to expand the 
number of airlines participating in TSA PreCheckTM, and has 
enhanced the Known Crewmember Initiative, as well as extended 
eligibility for TSA PreCheckTM to U.S. Armed Forces 
personnel, Department of Defense personnel, and U.S. Coast Guard 
civilian employees. In November 2014, TSA extended TSA 
PreCheckTM expedited screening benefits to students of four 
U.S. service academies. More than 60,000 DOD employees benefit from TSA 
PreCheckTM each week, and that number continues to steadily 
increase.
    TSA is currently working with a number of other Federal departments 
and agencies to include other lower-risk populations into TSA 
PreCheckTM. TSA increased the number of airports with TSA 
PreCheckTM screening lanes to 125, established 481 dedicated 
and supplemental TSA PreCheckTM lanes, and added TSA 
PreCheckTM Application Program enrollment centers for a 
total of 326 centers processing more than 1 million applicants. Since 
September 2013, TSA PreCheckTM volume has increased 600 
percent with more than 300 million passengers receiving TSA 
PreCheckTM screening to date.
    This year, TSA will continue to focus on increasing participation 
in TSA PreCheckTM with the goal of providing expedited 
screening to a majority of the traveling public. We plan to accomplish 
this by identifying and enrolling more low-risk populations, expanding 
participation to additional U.S. and foreign airlines, exploring 
potential opportunities to leverage private-sector capabilities and 
expertise in the TSA PreCheckTM application process, and 
offering additional opportunities for enrollment in TSA 
PreCheckTM.
                          risk-based security
    RBS enhancements do not stop with prescreening through TSA 
PreCheckTM. Beyond efforts like TSA PreCheckTM, 
RBS screening at checkpoints includes real-time threat assessments 
through the deployment of behavior detection techniques, explosives 
detection canines and explosive trace detection equipment, and risk-
based physical screening utilizing differentiated screening procedures 
and technology applications.
    RBS is not a stand-alone program, but a strategic application of 
intelligence-driven risk mitigation principles that moves away from the 
one-size-fits-all approach to security. TSA will continue to focus on 
applying our risk-based security approaches to other aspects of 
transportation security, including checked baggage, air cargo, 
regulatory compliance, and Federal Air Marshal deployments.
                          industry engagement
    Our industry and stakeholder partners are vital to TSA's ability to 
implement risk-based security into every area of transportation 
security. Cooperation with and engagement by these partners was 
essential in helping TSA establish and expand the TSA 
PreCheckTM program across the aviation sector. Airlines 
worked with us to update their systems to handle new requirements, such 
as TSA PreCheckTM interconnectivity and boarding pass 
markings. Our airport partners also worked with us to reconfigure 
checkpoint space to accommodate a TSA PreCheckTM lane for 
passengers. To date, TSA has expanded the program to 10 domestic and 
one foreign airline at 125 airports Nation-wide, and continues to 
partner with industry to add partners and innovations to the program.
    TSA's goal of increasing the number of passengers who receive 
expedited screening can only be accomplished through continued 
collaboration with industry stakeholders. We must develop a 
collaborative governance strategy between TSA and the private sector as 
we are asking them to invest their resources to realize risk-based 
strategy-driven changes. Recent market research conducted by the U.S. 
Travel Association indicates that more than 15 million travelers are 
willing to enroll in TSA PreCheckTM, and we believe private-
sector involvement can significantly increase that enrollment 
potential.
                               oig report
    The DHS Office of Inspector General (OIG) recently concluded an 
audit of TSA PreCheckTM and made 17 recommendations, of 
which 13 are resolved but open. TSA is working to address the OIG's 
recommendations, such as working with the DHS Office of Policy and CBP 
to establish a common definition for identifying ``lower-risk'' 
travelers and low-risk trusted travelers across the Department for 
consistency in application across all DHS vetting programs. The OIG 
also recommended that TSA work to improve communications about TSA 
PreCheckTM to the public, as multiple avenues for access to 
TSA PreCheckTM can be confusing. TSA is working with OIG to 
address the intent of the outstanding recommendations, and further 
improve the program's security and access for the traveling public.
                               conclusion
    TSA plays an important role in partnership with airports and 
airlines in securing access to our Nation's airports, and is committed 
to fielding responsive, risk-based solutions that can enhance our 
current security posture. I want to thank the subcommittee for your 
interest in this important issue and your support as we consider 
recommendations and future changes to improve aviation and airport 
security Nation-wide. Thank you for the opportunity to testify today, I 
look forward to your questions.

    Mr. Katko. I am not sure if you timed that or not, but you 
are just about within a few seconds of being perfectly at 5 
minutes. That is pretty good. That is really good.
    I also want to make clear to you one thing. The PreCheck 
program with Homeland Security is the best example of what 
Government thinking outside the box can accomplish, so I 
commend TSA for that program.
    We are not here today to cast aspersions at the program. We 
are here to make sure that it is being properly implemented and 
that it is still safe. That is what we are here to do today. So 
I thank you very much for being here today.
    Our final witness, Ms. Jenny Grover, serves as director of 
homeland security and justice issues at the Government 
Accountability Office. Prior to this position, Ms. Grover was 
assistant director for GAO's health care team, where she led 
reviews on a wide range of health care issues. Ms. Grover has 
been with the GAO since 1991.
    The Chairman now recognizes Ms. Grover to testify.

 STATEMENT OF JENNIFER A. GROVER, DIRECTOR, HOMELAND SECURITY 
       AND JUSTICE, U.S. GOVERNMENT ACCOUNTABILITY OFFICE

    Ms. Grover. Good afternoon, Chairman Katko, Ranking Member 
Rice, Ranking Member Thompson, and other Members and staff. I 
am pleased to be here today to discuss TSA's implementation and 
oversight of PreCheck and Managed Inclusion.
    Three weeks ago, during the week ending March 3, nearly 
half of all U.S. aviation passengers received expedited 
screening for one of three main reasons, either because they 
were enrolled in PreCheck, because they were selected for one-
time PreCheck based on TSA's automated risk assessment, or 
because they were randomly assigned expedited screening at the 
airport through TSA's Managed Inclusion process.
    My remarks today reflect the findings from GAO's recently-
issued report on expedited screening. We support TSA's move 
toward risk-based screening as a way to operate more 
efficiently and improve passenger experience, assuming that TSA 
properly assesses and mitigates passenger risk to ensure that 
security is not compromised.
    In our recent report, we found that TSA uses several 
methods to assess passenger risk. For PreCheck enrollees, in 
some cases, TSA conducts a background check to determine low-
risk status, such as for PreCheck applicants, or accepts 
passengers into PreCheck because they have already had a 
similar assessment, such as eligible members of Customs and 
Border Protections Trusted Traveler Programs.
    In other cases, TSA enrolls passengers into PreCheck based 
on their affiliation with a specific group and who may not have 
had a background check. Examples of this would be members of 
the Congressional Medal of Honor Society, a group whose members 
have received the highest U.S. award for valor in action 
against enemy forces.
    In contrast to the groups enrolled in PreCheck, another 
group of passengers receives PreCheck on a per-flight, one-time 
basis resulting from TSA's automated risk assessment. TSA uses 
information from the Secure Flight system to score each 
passenger on each flight based on a set of risk rules. The 
score determines the likelihood that a passenger will receive 
PreCheck for that trip.
    Finally, another group of passengers are randomly selected 
for expedited screening at the airport through TSA's Managed 
Inclusion process. TSA recognizes that these passengers are of 
unknown risk, not low risk.
    To use expedited screening with this population, TSA 
developed a real-time threat assessment based, in part, on 
behavior detection activities and explosive detection 
capabilities to identify and screen out high-risk passengers. 
According to TSA, the Managed Inclusion process results in a 
higher level of security compared to standard security 
screening.
    GAO has concerns about Managed Inclusion based on our past 
work. In a November 2013 report on TSA's Behavior Detection and 
Analysis program, we concluded that TSA had not demonstrated 
that BDOs, which are their behavior detection officers, can 
reliably identify high-risk passengers by observing passenger 
behaviors for those indicative of fear, stress, or deception.
    In response, this past February TSA officials told us that 
they had developed revised behavioral indicators for the 
program and rules for using them and had started pilot testing 
the new approach in a few airports.
    Furthermore, TSA has not yet demonstrated that the overall 
Managed Inclusion process is effective at providing the 
intended level of security. TSA told us that this testing is 
underway and is expected to be completed in mid-2016.
    We have previously reported on challenges TSA has faced 
designing studies in accordance with established methodological 
standards. This is important because poorly designed studies do 
not produce reliable results and are not a good use of 
resources.
    To ensure that TSA's planned testing yields reliable 
results, we recommended that TSA ensure that its Managed 
Inclusion testing adhere to established evaluation design 
standards. DHS concurred and stated that TSA plans to implement 
a systematic evaluation of the process.
    If implemented appropriately, this would address the intent 
of our recommendation and increase the likelihood that TSA's 
testing would produce reliable results about the effectiveness 
of the Managed Inclusion process.
    Chairman Katko, Ranking Member Rice, this concludes my 
statement, and I look forward to your questions.
    [The prepared statement of Ms. Grover follows:]
                Prepared Statement of Jennifer A. Grover
                             March 25, 2015
    Chairman Katko, Ranking Member Rice, and Members of the 
subcommittee: Thank you for the opportunity to discuss our work on the 
Transportation Security Administration's (TSA) efforts in implementing 
expedited screening, including TSA PreCheckTM and the 
Managed Inclusion process. In 2011, TSA began developing new security 
procedures intended to strengthen security and improve the passenger 
experience by shortening lines and wait times. These new procedures 
applied risk-based, intelligence-driven screening concepts and enhanced 
the use of technology to determine passenger risk prior to travel. The 
procedures were intended to allow TSA to devote more time and resources 
at the airport to screening the passengers TSA determined to be higher 
or unknown risk while providing expedited screening to those passengers 
determined to pose a lower risk to the aviation system. Further, TSA 
developed the Managed Inclusion process, designed to provide expedited 
screening to passengers not deemed low-risk prior to arriving at the 
airport. In March 2015, TSA officials stated they provided expedited 
screening at essentially all of the approximately 450 airports at which 
TSA performs or oversees security screening, including 126 airports 
where TSA offers expedited screening in dedicated TSA 
PreCheckTM screening lanes. The 126 airports where expedited 
screening is offered in dedicated TSA PreCheckTM screening 
lanes represent about 95 percent of total air carrier enplanements 
based on Federal Aviation Administration calendar year 2013 data.\1\
---------------------------------------------------------------------------
    \1\ According to TSA officials, in addition to the 126 airports 
with dedicated TSA PreCheckTM lanes, TSA offers expedited 
screening at 6 airports without dedicated TSA PreCheckTM 
screening lanes. These are smaller airports where the standard 
screening lane is used for both expedited and standard screening. 
According to TSA officials, at airports without dedicated, TSA 
PreCheckTM lanes, passengers with a TSA 
PreCheckTM boarding pass can still experience expedited 
screening of ``their persons'' (i.e., passengers are not required to 
divest shoes, light jackets, and belts) and use a walk-through metal 
detector in the standard screening lane. However, they must divest 
their liquids, gels, and laptops from baggage because the screening 
process used in the standard screening lanes requires that such items 
be removed.
---------------------------------------------------------------------------
    My testimony today addresses: (1) How TSA assesses the risk levels 
of passengers to determine their eligibility to receive expedited 
screening and (2) the extent to which TSA determined the effectiveness 
of its Managed Inclusion process. This statement is based on a report 
we issued in December 2014 and selected updates from March 2015.\2\ For 
this report, we analyzed TSA documentation including expedited 
screening and Managed Inclusion procedures, memorandums of agreement, 
and decision memorandums, among other documents to gain an 
understanding of how expedited screening operated, TSA's risk 
assessment methodologies, and TSA's security assessment of the Managed 
Inclusion process. In addition we visited six airports to observe 
expedited screening and Managed Inclusion and interviewed TSA Federal 
security directors (FSD) and other TSA officials about how expedited 
screening and Managed Inclusion were implemented at these airports.\3\ 
Because we selected a nonprobability sample of airports to visit, the 
information obtained cannot be generalized to all airports. However, 
the site visits provided illustrative examples of how TSA 
PreCheckTM and Managed Inclusion operate. We also reviewed 
our prior work on the TSA's behavior detection and analysis program and 
Advanced Imaging Technology to inform our understanding of the overall 
checkpoint screening process and TSA's past experience with evaluating 
and testing security-related programs.\4\ A more detailed methodology 
can be found in the respective reports upon which this testimony is 
based.
---------------------------------------------------------------------------
    \2\ GAO, Aviation Security: Rapid Growth in Expedited Passenger 
Screening Highlights Need to Plan Effective Security Assessments, GAO-
15-150 (Washington, DC: December 12, 2014).
    \3\ FSDs are TSA officials that provide day-to-day operational 
direction for security operations at the airports within their 
jurisdiction.
    \4\ For example, see Aviation Security: Efforts to Validate TSA's 
Passenger Screening Behavior Detection Program Underway, but 
Opportunities Exist to Strengthen Validation and Address Operational 
Challenges, GAO-10-763 (Washington, DC: May 20, 2010) and Aviation 
Security: TSA Should Limit Future Funding for Behavior Detection 
Activities, GAO-14-159 (Washington, DC: Nov. 8, 2013) on TSA's behavior 
detection program, and Aviation Security: TSA Is Increasing Procurement 
and Deployment of the Advanced Imaging Technology, but Challenges to 
This Effort and Other Areas of Aviation Security Remain, GAO-1-484T 
(Washington, DC: Mar. 17, 2010) and Advanced Imaging Technology: TSA 
Needs Additional Information before Procuring Next-Generation Systems, 
GAO-14-357 (Washington, DC: Mar. 31, 2014) on TSA's Advanced Imaging 
Technology. TSA's behavior detection and analysis program was formerly 
known as Screening of Passengers by Observation Techniques (SPOT).
---------------------------------------------------------------------------
    The work upon which this testimony is based was conducted in 
accordance with generally-accepted Government auditing standards.
                               background
    When TSA began offering expedited screening at airports in the 
summer of 2011, Transportation Security officers (TSO) initially 
provided such screenings in standard lanes to passengers aged 12 and 
younger, and subsequently extended expedited screening to certain 
flight crew members and then to passengers aged 75 and older.\5\ In 
October 2011, TSA began to expand the concept of expedited airport 
screening to more of the flying public by piloting the TSA 
PreCheckTM program. This pilot program allowed certain 
frequent fliers of two air carriers to experience expedited screening 
at four airports.\6\ These frequent fliers became eligible for 
screening in dedicated expedited screening lanes, called TSA 
PreCheckTM lanes, because they had opted into the TSA 
PreCheckTM program through the air carrier with which they 
had attained frequent flier status.\7\ TSA also allowed certain members 
of the U.S. Customs and Border Protection's (CBP) Trusted Traveler 
programs to experience expedited screening as part of the TSA 
PreCheckTM pilot.\8\ TSA provided expedited screening in 
dedicated screening lanes to these frequent fliers and eligible CBP 
Trusted Travelers during the TSA PreCheckTM pilot program 
because TSA used information available to it to determine that eligible 
passengers in these groups were lower-risk. When traveling on one of 
the air carriers and departing from one of the airports participating 
in the pilot, these passengers were eligible to be screened in 
dedicated TSA PreCheckTM screening lanes where the 
passengers were not required to remove their shoes; divest light 
outerwear, jackets, and belts; or remove liquids, gels, and laptops 
from carry-on baggage.
---------------------------------------------------------------------------
    \5\ The Known Crew Member program enables TSOs to positively verify 
the identity and employment status of flight-crew members who have 
joined the program and provide expedited access to the sterile area of 
the airport for properly identified and verified, uniformed 
crewmembers. TSOs are responsible for screening passengers and their 
carry-on baggage at passenger checkpoints using X-ray equipment, 
magnetometers, advanced imaging technology, and other devices. For 
purposes of this report, references to TSOs include the employees of 
private companies performing screening activities at airports 
participating in TSA's Screening Partnership Program. See 49 U.S.C.  
44920. The sterile area of an airport is the area beyond the security 
screening checkpoint that provides passengers access to boarding 
aircraft and to which access is generally controlled by TSA through the 
screening of persons and property. See 49 C.F.R.  1540.5.
    \6\ Certain frequent fliers of Delta Air Lines were provided 
expedited airport screening at Detroit Metropolitan Wayne County 
Airport and Hartsfield-Jackson Atlanta International Airport, and 
certain frequent fliers of American Airlines were provided expedited 
screening at Dallas-Fort Worth International Airport and Miami 
International Airport.
    \7\ To participate, TSA required that eligible frequent fliers opt 
into the TSA PreCheckTM program and did not automatically 
provide TSA PreCheckTM expedited screening to these frequent 
fliers.
    \8\ To become a member of one of CBP's Trusted Traveler programs 
(NEXUS, SENTRI, and Global Entry) applicants submit to Federal 
background checks to be approved as low-risk travelers eligible to 
receive expedited processing at ports of entry. Members submit their 
assigned Trusted Traveler number to be recognized as eligible for 
expedited screening by the Secure Flight system.
---------------------------------------------------------------------------
    Since October 2011, TSA has further expanded the known traveler 
populations eligible for expedited screening. After TSA piloted TSA 
PreCheckTM with certain passengers who are frequent fliers 
and members of CBP's Trusted Traveler programs, TSA established 
separate TSA PreCheckTM lists for additional low-risk 
passenger populations, including members of the U.S. armed forces, 
Congressional Medal of Honor Society Members, members of the Homeland 
Security Advisory Council, and Members of Congress, among others.\9\ In 
addition to TSA PreCheckTM lists sponsored by other agencies 
or entities, TSA created its own TSA PreCheckTM list 
composed of individuals who apply to be pre-approved as low-risk 
travelers through the TSA PreCheckTM Application Program, an 
initiative launched in December 2013. To apply, individuals must visit 
an enrollment center where they provide biographic information (i.e., 
name, date of birth, and address), valid identity and citizenship 
documentation, and fingerprints to undergo a TSA Security Threat 
Assessment.\10\ TSA leveraged existing Federal capabilities to both 
enroll and conduct threat assessments for program applicants using 
enrollment centers previously established for the Transportation Worker 
Identification Credential Program, and existing transportation vetting 
systems to conduct applicant threat assessments.\11\ Applicants must be 
U.S. citizens, U.S. nationals, or lawful permanent residents, and 
cannot have been convicted of certain crimes. As of March 2015, about 
7.2 million individuals were eligible, through TSA 
PreCheckTM lists, for expedited screening. Figure 1 shows 
the populations for each TSA PreCheckTM list.
---------------------------------------------------------------------------
    \9\ In March 2015, TSA officials stated that the Army, Navy, Marine 
Corps, Air Force, and Coast Guard branches of the U.S. armed forces, as 
well as Reserve and National Guard personnel, were eligible to 
participate in TSA PreCheckTM by virtue of their inclusion 
on a TSA PreCheckTM list. According to TSA officials as of 
September 2014, students enrolled at the service academies were added 
to the TSA PreCheckTM list for active-duty military members. 
The service academies included the Air Force Academy, the U.S. Military 
Academy, the U.S. Naval Academy, and the U.S. Coast Guard Academy. TSA 
is working with the Department of Transportation to include members of 
the Merchant Marine Academy in the active-duty military list. 
Individuals on TSA PreCheckTM lists receive a Known Traveler 
Number that they must submit when making travel reservations to be 
identified as low-risk. See 49 C.F.R.  1560.3 (defining ``known 
traveler number'' as a unique number assigned to an individual for whom 
the Federal Government has conducted a security threat assessment and 
determined does not pose a security threat). TSA also refers to these 
lists as Known Traveler lists.
    \10\ See generally 78 Fed. Reg. 72,922 (Dec. 4, 2013). According to 
TSA officials, although the security threat assessment provisions 
applicable to industry stakeholders do not specifically apply to 
passengers, TSA applies the same principles when conducting its threat 
assessments of passengers. See 49 C.F.R.  1540.201-1540.209. For 
example, TSA would consider a passenger as posing a security threat if 
it determines that he or she is known to pose or is suspected of posing 
a threat to National security, to transportation security, or of 
terrorism more generally, and disqualification criteria and checks 
completed by TSA are consistent with such threat assessments. See  
1540.201(c), 1540.205. Further, TSA also recognizes the comparability 
of checks completed by other Government agencies and other means. See  
1540.203(f). For example, TSA determined that the vetting process for 
individuals such as Members of Congress, International Association of 
Chiefs of Police, Homeland Security Advisory Council, Medal of Honor 
recipients, and Homeland Security Advisors, among others, is 
sufficiently comparable to the TSA threat assessment process as to 
support allowing them to be issued a known traveler number and 
participate in TSA PreCheckTM.
    \11\ The Transportation Worker Identification Credential Program is 
a TSA program that issues biometric security credentials to eligible 
personnel who require unescorted access to secure areas of facilities 
and vessels, and all mariners holding Coast Guard-issued credentials.

[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]


    In addition to passengers who are included on one of the TSA 
PreCheckTM lists, in October 2013, TSA continued to expand 
the opportunities for expedited screening to broader groups of 
passengers through the TSA PreCheckTM Risk Assessment 
program and the Managed Inclusion process, both of which are described 
in greater detail below. Figure 2 shows a snapshot from February 25, 
2015, through March 3, 2015, of the percentage of weekly passengers 
receiving non-expedited screening and expedited screening, and further 
shows whether known crew members experienced expedited screening, and 
whether expedited screening occurred in TSA PreCheckTM lanes 
(for passengers designated as known travelers or through the TSA 
PreCheckTM Risk Assessment program, or passengers chosen for 
---------------------------------------------------------------------------
expedited screening using Managed Inclusion), or in standard lanes.

[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]


    As noted in figure 2, during the week ending March 3, 2015, 28 
percent of passengers Nation-wide received expedited screening were 
issued TSA PreCheckTM boarding passes, but were provided 
expedited screening in a standard screening lane, meaning that they did 
not have to remove their shoes, belts, and light outerwear, but they 
had to divest their liquids, gels, and laptops. TSA provides expedited 
screening to TSA PreCheckTM-eligible passengers in standard 
lanes when airports do not have dedicated TSA PreCheckTM 
screening lanes because of airport space constraints and limited TSA 
PreCheckTM throughput.
 tsa uses three methods to assess risk for participation in expedited 
                               screening
    As we found in 2014, TSA determines a passenger's eligibility for 
or opportunity to experience expedited screening at the airport using 
one of three risk assessment methods. These include: (1) Inclusion on a 
TSA PreCheckTM list of known travelers, (2) identification 
of passengers as low-risk by TSA's Risk Assessment algorithm, or (3) a 
real-time threat assessment at the airport using the Managed Inclusion 
process.
Passenger Eligibility Based on TSA PreCheckTM Lists of Known 
        Travelers
    TSA has determined that the individuals included on the TSA 
PreCheckTM lists of known travelers are low-risk by virtue 
of their membership in a specific group or based on group vetting 
requirements. For example, TSA determined that members of the 
Congressional Medal of Honor Society, a group whose members have been 
awarded the highest U.S. award for valor in action against enemy 
forces, present a low risk to transportation security and are 
appropriate candidates to receive expedited screening. In other cases, 
TSA determined that members of groups whose members have undergone a 
security threat assessment by the Federal Government, such as 
individuals working for agencies in the intelligence community and who 
hold active Top Secret/Sensitive Compartmentalized Information 
clearances, are low-risk and can be provided expedited screening.\12\ 
Similarly, TSA designated all active and reserve service members of the 
United States armed forces, whose combined members total about 2 
million people, as a low-risk group whose members were eligible for 
expedited screening. TSA determined that active-duty military members 
were low-risk and appropriate candidates to receive expedited screening 
because the Department of Defense administers common background checks 
of its members.
---------------------------------------------------------------------------
    \12\ For some populations, a security threat assessment includes a 
Federal background check. A typical Federal background check includes 
checks against law enforcement, immigration, and intelligence 
databases, including a fingerprint-based criminal history records check 
conducted through the Federal Bureau of Investigation. The results are 
used by TSA to decide if an individual poses a sufficiently low risk to 
transportation or National security to be issued a known traveler 
number.
---------------------------------------------------------------------------
    Except for those who joined through the TSA PreCheckTM 
Application program, the TSA PreCheckTM lists include 
populations for which TSA coordinated with a lead agency or outside 
entity willing to compile and maintain the lists.\13\ TSA has entered 
into separate agreements with these agencies and entities to administer 
these lists. Generally, according to these agreements, Secure Flight 
has responsibility for receiving and processing the lists, but the 
originating agencies or entities are to maintain them by ensuring that 
individuals continue to meet the criteria for inclusion and to update 
the lists as needed.\14\
---------------------------------------------------------------------------
    \13\ Members of the list-based, low-risk populations who requested, 
or were otherwise deemed eligible, to participate in TSA 
PreCheckTM were provided a unique known traveler number. 
Their personal identifying information (name and date of birth) along 
with the known traveler number are included on lists used by Secure 
Flight for screening. To be recognized as low-risk by the Secure Flight 
system, individuals on TSA PreCheckTM lists with known 
traveler numbers must submit these numbers when making a flight 
reservation.
    \14\ We did not review the extent to which agencies are maintaining 
the lists.
---------------------------------------------------------------------------
    TSA also continues to provide expedited screening on a per-flight 
basis to the almost 1.5 million frequent fliers who opted to 
participate in the TSA PreCheckTM program pilot. According 
to TSA, this group of eligible frequent fliers met the standards set 
for the pilot based on their frequent flier status as of October 1, 
2011. According to TSA officials, TSA determined that these frequent 
fliers were an appropriate population to include in the program for 
several reasons, including the fact that frequent fliers are vetted 
against various watch lists, such as the No-Fly list, each time they 
travel to ensure that they are not listed as known or suspected 
terrorists, and are screened appropriately at the checkpoint.
Passenger Eligibility Based On TSA PreCheckTM Risk 
        Assessments
    As we found in December 2014, the TSA PreCheckTM Risk 
Assessment program evaluates passenger risk based on certain 
information available for the passenger's specific flight and 
determines the likelihood that passengers will be designated as 
eligible to receive expedited screening through TSA 
PreCheckTM. Beginning in 2011, TSA piloted the process of 
using the Secure Flight system to obtain Secure Flight Passenger Data 
from air carriers and other data to assess whether the passenger is 
low-risk on a per-flight basis and thus eligible to receive a TSA 
PreCheckTM designation on his or her boarding pass to 
undergo expedited screening. In September 2013 after completing this 
pilot, TSA decided to explore expanding this risk assessment approach 
to every traveler. In order to develop the set of low-risk rules used 
to determine the passengers' relative risk, TSA formed an Integrated 
Project Team consisting of officials from the Offices of Security 
Operations, Intelligence and Analysis, Security Capabilities, and Risk-
Based Security. The team used data from multiple sources, including 
passenger data from the Secure Flight system from calendar year 2012, 
to derive a baseline level of relative risk for the entire passenger 
population. Our review of TSA's documentation in our 2014 report showed 
that TSA considered the three elements of risk assessment--Threat, 
Vulnerability, and Consequence--in its development of the risk 
assessment. These three elements constitute the framework for assessing 
risk as called for in the Department of Homeland Security's National 
Infrastructure Protection Plan.\15\ We found that TSA worked with a 
contractor to evaluate the data elements taken from information 
available for passengers' specific flights and the proposed risk model 
rules used to determine the baseline level of relative risk. In its 
assessment of the algorithm used for the analysis, the contractor 
agreed with TSA's analysis of the relationship between the data 
elements and relative risk assigned to the data elements.\16\ TSA 
officials stated that as of March 2015, the agency is continuing to 
refine the algorithm to include additional variables to help determine 
passenger risk.
---------------------------------------------------------------------------
    \15\ The National Infrastructure Protection Plan provides the 
overarching approach for integrating the Nation's critical 
infrastructure and key resources protection initiatives in a single 
effort. For more information, see the Department of Homeland Security, 
NIPP 2013: Partnering for Critical Infrastructure Security and 
Resilience (Washington, DC: 2013).
    \16\ As we reported in 2014, assessing the effectiveness of the TSA 
PreCheckTM Risk Assessment algorithm was beyond the scope of 
our work because our work focused on the various methods TSA uses to 
assess risk and did not assess the effectiveness of each method.
---------------------------------------------------------------------------
    As we found in December 2014, although TSA determined that certain 
combinations of data elements in its risk-based algorithm are less 
likely to include unknown potential terrorists, it also noted that 
designating passengers as low-risk based solely on the algorithm 
carries some risk. To mitigate these risks, TSA uses a random exclusion 
factor that places passengers, even those who are otherwise eligible 
for expedited screening, into standard screening a certain percentage 
of the time. TSA adjusts the level of random exclusion based on the 
relative risk posed by the combinations of various data elements used 
in the algorithm. The result is that passengers associated with some 
data combinations that carry more risk are randomly excluded from 
expedited screening more often than passengers associated with other 
data combinations. For example, TSA's assessment indicated that 
combinations of certain data elements are considered relatively more 
risky than other data groups and passengers who fit this profile for a 
given flight should seldom be eligible for expedited screening, while 
combinations of other data on a given flight pose relatively less risk 
and therefore passengers who fit these combinations could be made 
eligible for expedited screening a majority of the time. TSA developed 
a risk algorithm that scores each passenger on each flight, and 
passengers with a high enough score receive a TSA PreCheckTM 
boarding pass designation making them eligible for expedited screening 
for that trip.
Passenger Eligibility Based on Real-Time Threat Assessments Using 
        Managed Inclusion Process
    As we found in December 2014, Managed Inclusion is designed to 
provide expedited screening to passengers not deemed low-risk prior to 
arriving at the airport. TSA uses Managed Inclusion as a tool to direct 
passengers who are not on a TSA PreCheckTM list, or 
designated as eligible for expedited screening via the TSA 
PreCheckTM Risk Assessments, into the expedited screening 
lanes to increase passenger throughput in these lanes when the volume 
of TSA PreCheckTM-eligible passengers is low. In addition, 
TSA developed Managed Inclusion to improve the efficiency of dedicated 
TSA PreCheckTM screening lanes as well as to help TSA reach 
its internal goal of providing expedited screening to at least 25 
percent of passengers by the end of calendar year 2013.
    To operate Managed Inclusion, TSA randomly directs a certain 
percentage of passengers not previously designated that day as eligible 
for expedited screening to the TSA PreCheckTM expedited 
screening lane. To screen passengers who have been randomly directed 
into the expedited screening lane, TSA uses real-time threat 
assessments including combinations of Behavior Detection Officers 
(BDOs), canine teams and Explosives Trace Detection (ETD) devices to 
ensure that passengers do not exhibit high-risk behaviors or otherwise 
present a risk at the airport.\17\
---------------------------------------------------------------------------
    \17\ BDOs may be present and assessing both the standard and TSA 
PreCheckTM lanes regardless of whether Managed Inclusion is 
operational.
---------------------------------------------------------------------------
    According to TSA, it designed the Managed Inclusion process using a 
layered approach to provide security when providing expedited screening 
to passengers via Managed Inclusion. Specifically, these layers 
include: (1) The Secure Flight vetting TSA performs to identify high-
risk passengers required to undergo enhanced screening at the 
checkpoint and to ensure these passengers are not directed to TSA 
PreCheckTM expedited screening lanes, (2) a randomization 
process that TSA uses to include passengers into TSA 
PreCheckTM screening lanes who otherwise were not eligible 
for expedited screening, (3) BDOs who observe passengers and look for 
certain high-risk behaviors, (4) canine teams and ETD devices that help 
ensure that passengers have not handled explosive materials prior to 
travel, and (5) an unpredictable screening process involving walk-
through metal detectors in expedited screening lanes that randomly 
select a percentage of passengers for additional screening.
            Managed Inclusion Process
    When passengers approach a security checkpoint that is operating 
Managed Inclusion, they approach a TSO who is holding a randomizer 
device, typically an iPad that directs the passenger to the expedited 
or standard screening lane. TSA officials stated that the randomization 
layer of security is intended to ensure that passengers cannot count on 
being screened in the expedited screening lane even if they use a 
security checkpoint that is operating Managed Inclusion. FSDs can 
adjust the percentage of passengers randomly sent into the Managed 
Inclusion lane depending on specific risk factors. Figure 3 illustrates 
how these layers of security operate when FSDs use Managed Inclusion 
lanes. 

[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]


    According to TSA, it designed the Managed Inclusion process to use 
BDOs stationed in the expedited screening lane as one of its layers of 
security when Managed Inclusion is operational to observe passengers' 
behavior as they move through the security checkpoint queue. When BDOs 
observe certain behaviors that indicate a passenger may be higher-risk, 
the BDOs are to refer the passenger to a standard screening lane so 
that the passenger can be screened using standard or enhanced screening 
procedures. In our November 2013 report on TSA's behavior detection and 
analysis program, we concluded that although TSA had taken several 
positive steps to validate the scientific basis and strengthen program 
management of behavior detection and analysis program, TSA had not 
demonstrated that BDOs can reliably and effectively identify high-risk 
passengers who may pose a threat to the U.S. aviation system. Further, 
we recommended that the Secretary of Homeland Security direct the TSA 
administrator to limit future funding support for the agency's behavior 
detection activities until TSA can provide scientifically validated 
evidence that demonstrates that behavioral indicators can be used to 
identify passengers who may pose a threat to aviation security. The 
Department of Homeland Security did not concur with this 
recommendation, in part, because it disagreed with GAO's analysis of 
TSA's behavioral indicators. In February 2015, TSA officials told us 
that they had revised the behavioral indicators, were conducting pilot 
tests on the use of new BDO protocols, and anticipated concluding the 
testing at 5 airports in late 2015. At that time, TSA plans to make a 
determination about whether the new protocols are ready for further 
testing, including an operational test in 10 airports to determine the 
protocols' effectiveness, which has an estimated completion date in the 
latter half of 2016.\18\
---------------------------------------------------------------------------
    \18\ TSA officials stated that they also plan to conduct a study on 
the use of the new protocols at 50 airports to examine disparity 
questions regarding racial, ethnicity, and religious garb demographics. 
According to these officials, this study will require 12 to 18 months 
of data collection and it is not expected to be completed until 2018.
---------------------------------------------------------------------------
    According to a TSA decision memorandum and its accompanying 
analysis, TSA uses canine teams and ETD devices at airports as an 
additional layer of security when Managed Inclusion is operational to 
determine whether passengers may have interacted with explosives prior 
to arriving at the airport. In airports with canine teams, passengers 
must walk past a canine and its handler in an environment where the 
canine is trained to detect explosive odors and to alert the handler 
when a passenger has any trace of explosives on his or her person. For 
example, passengers in the Managed Inclusion lane may be directed to 
walk from the travel document checker through the passageway and past 
the canine teams to reach the X-ray belt and the walk-through metal 
detector. According to TSA documents, the canines, when combined with 
the other layers of security in the Managed Inclusion process provide 
effective security.\19\ According to TSA, it made this determination by 
considering the probability of canines detecting explosives on 
passengers, and then designed the Managed Inclusion process to ensure 
that passengers would encounter a canine a certain percentage of the 
time.\20\
---------------------------------------------------------------------------
    \19\ GAO-14-159 and GAO-10-763.
    \20\ TSA's ability to use canines is limited by various factors, 
including the availability of canine teams at airports.
---------------------------------------------------------------------------
    Our prior work examined data TSA had on its canine program, what 
these data showed, and to what extent TSA analyzed these data to 
identify program trends. Further we analyzed the extent to which TSA 
deployed canine teams using a risk-based approach and determined their 
effectiveness prior to deployment. As a result of this work, we 
recommended in January 2013, among other things, that TSA take actions 
to comprehensively assess the effectiveness of canine teams. The 
Department of Homeland Security concurred with this recommendation and 
has taken steps to address it.\21\ Specifically, according to TSA 
canine test results, TSA has conducted work to assess canine teams and 
to ensure they meet the security effectiveness thresholds TSA 
established for working in the Managed Inclusion lane, and the canines 
met these thresholds as a requirement to screen passengers in Managed 
Inclusion lanes.
---------------------------------------------------------------------------
    \21\ For more information see GAO, TSA Explosives Detection Canine 
Program: Actions Needed to Analyze Data and Ensure Canine Teams Are 
Effectively Utilized, GAO-13-239 (Washington, DC: Jan. 31, 2013) and 
Explosives Detection Canines: TSA Has Taken Steps to Analyze Canine 
Team Data and Assess the Effectiveness of Passenger Screening Canines, 
GAO-14-695T (Washington, DC: June 24, 2014).
---------------------------------------------------------------------------
    In those airports where canines are unavailable or not working, TSA 
uses ETD devices as a layer of security when operating Managed 
Inclusion. TSOs stationed at the ETD device are to select passengers to 
have their hands swabbed as they move through the expedited screening 
lane. TSOs are to wait for a passenger to proceed through the Managed 
Inclusion queue and approach the device, where the TSO is to swab the 
passenger's hands with an ETD pad and place the pad in the ETD device 
to determine whether any explosive residue is detected on the pad.\22\ 
Once the passenger who was swabbed is cleared, the passenger then 
proceeds through the lane to the X-ray belt and walk-through metal 
detector for screening. TSA procedures require FSDs to meet certain 
performance requirements when ETD devices are operating, such as 
swabbing passengers at a designated rate, and TSA data from January 1, 
2014, through April 1, 2014, show that these requirements were not 
always met. Beginning in May 2014, TSA's Office of Security Operations 
began tracking compliance with the ETD swab requirements and developed 
and implemented a process to ensure that the requirements are met. In 
March 2015 TSA officials confirmed this process was still in place.
---------------------------------------------------------------------------
    \22\ Additionally, at airports with explosives detection systems, 
ETD devices are used in conjunction with these systems to screen 
checked baggage for explosives. At these airports, if an explosives 
detection system alarms--indicating that checked baggage may contain an 
explosive or explosive device that cannot be cleared--ETD devices are 
used as a secondary screening. In July 2011, we recommended that TSA 
develop a plan to ensure that screening protocols are in place to 
resolve detection system alarms if these systems are deployed and ETD 
devices are used to resolve explosives detection system screening 
alarms. TSA has taken steps to address this recommendation. 
Specifically, in November 2013, TSA developed a plan that outlined a 
strategy to ensure that the explosives detection capability of ETD 
devices were consistent with the detection systems. See GAO, Aviation 
Security: TSA has Enhanced Its Explosives Detection Requirements for 
Checked Baggage, but Additional Screening Actions Are Needed, GAO-11-
740 (Washington, DC: July 11, 2011).
---------------------------------------------------------------------------
    According to TSA, it uses unpredictable screening procedures as an 
additional layer of security after passengers who are using expedited 
screening pass through the walk-through metal detector. This random 
selection of passengers for enhanced screening occurs after they have 
passed all security layers TSA uses for Managed Inclusion, and provides 
one more chance for TSA to detect explosives on a passenger.
 tsa has not tested the overall effectiveness of the managed inclusion 
                                process
    As we reported in December 2014, according to TSA, it designed the 
Managed Inclusion process using a layered approach to security when 
providing expedited screening to passengers via Managed Inclusion. 
Specifically, the Office of Security Capabilities' proof of concept 
design noted that the Managed Inclusion process was designed to provide 
a more rigorous real-time threat assessment layer of security when 
compared to standard screening or TSA PreCheckTM screening. 
According to the design concept, this real-time threat assessment, 
utilizing both BDOs and explosives detection, allows TSA to provide 
expedited screening to passengers who have not been designated as low-
risk without decreasing overall security effectiveness. While TSA has 
tested the security effectiveness of each of these layers of security, 
TSA has not yet tested the security effectiveness of the overall 
Managed Inclusion process as it functions as a whole.
Conducting Effectiveness Testing of the Managed Inclusion Process in 
        Accordance with Evaluation Best Practices Would Enhance 
        Reliability of the Process
    As we reported in December 2014, TSA officials stated that they 
tested the security effectiveness of the individual components of the 
Managed Inclusion process before implementing Managed Inclusion, and 
determined that each layer alone provides an effective level of 
security. For example, TSA tested the threat detection ability of its 
canines using a variety of variables such as concealment location and 
the length of time the item was concealed prior to the encounter with 
the canine team. TSA determined through the initial testing of the 
Managed Inclusion layers that Managed Inclusion provides a higher level 
of security than TSA baseline security levels. In addition, according 
to TSA standard operating procedures, Managed Inclusion passengers are 
more likely than other passengers to be screened for explosives. We did 
not evaluate the security effectiveness testing TSA conducted on the 
individual layers of the Managed Inclusion process. However, we have 
previously conducted work on several of the layers used in the Managed 
Inclusion process, including BDOs, ETD, and canine teams and raised 
concerns regarding their effectiveness and recommended actions to 
address those concerns.\23\ For example, in our November 2013 report we 
recommended that the Secretary of Homeland Security limit future 
funding support for TSA's behavior detection activities until TSA could 
provide scientifically-validated evidence that demonstrates that 
behavioral indicators can be used to identify passengers who may pose a 
threat to aviation security. As discussed earlier in this statement, 
TSA has made progress in addressing those recommendations but they have 
not yet been fully implemented. TSA officials stated that they have not 
yet tested the security effectiveness of the overall Managed Inclusion 
process as it functions as a whole, as TSA has been planning for such 
testing over the course of the last year. TSA documentation shows that 
the Office of Security Capabilities recommended in January 2013 that 
TSA test the security effectiveness of Managed Inclusion as a system. 
We reported in 2014 that according to officials, TSA anticipated that 
testing would begin in October 2014 and estimated that testing could 
take 12 to 18 months to complete. In March 2015, TSA officials provided 
us a schedule for the development and completion of BDO and Canine 
testing supporting the Managed Inclusion process. TSA scheduled a pilot 
for testing BDOs which was set to begin October 2014 and run through 
May 2015. Further, the schedule TSA provided indicates that a proof of 
concept for Canine Covert Testing was scheduled for November 2014 and 
that operational testing of canines was scheduled to begin in June 2015 
and be completed in March 2016. Testing the security effectiveness of 
the Managed Inclusion process is consistent with Federal policy, which 
states that agencies should assess program effectiveness and make 
improvements as needed.\24\
---------------------------------------------------------------------------
    \23\ GAO-14-159, GAO-10-763, GAO-13-239, GAO-14-695T, and GAO-11-
740.
    \24\ See Executive Order 13450--Improving Government Program 
Performance, 72 Fed. Reg. 64,519 (Nov. 15, 2007).
---------------------------------------------------------------------------
    We have previously reported on challenges TSA has faced in 
designing studies and protocols to test the effectiveness of security 
systems and programs in accordance with established methodological 
practices. For example, in our March 2014 assessment of TSA's 
acquisition of Advanced Imaging Technology, we found that TSA conducted 
operational and laboratory tests, but did not evaluate the performance 
of the entire system, which is necessary to ensure that mission needs 
are met.\25\ A key element of evaluation design is to define purpose 
and scope, to establish what questions the evaluation will and will not 
address.
---------------------------------------------------------------------------
    \25\ See GAO-14-357. We recommend that TSA better measure the 
effectiveness of its entire AIT system. TSA concurred with the 
recommendation.
---------------------------------------------------------------------------
    Further, in November 2013 we found methodological weaknesses in the 
overall design and data collection of TSA's April 2011 validation 
comparison study to determine the effectiveness of the behavior 
detection and analysis program.\26\ For example we found that TSA did 
not randomly select airports to participate in the study, so the 
results were not generalizeable across airports. In addition, we found 
that TSA collected the validation study data unevenly and experienced 
challenges in collecting an adequate sample size for the randomly 
selected passengers, facts that might have further affected the 
representativeness of the findings. According to established evaluation 
design practices, data collection should be sufficiently free of bias 
or other significant errors that could lead to inaccurate 
conclusions.\27\
---------------------------------------------------------------------------
    \26\ See GAO-14-159. We recommended that future funding for the 
program be limited until TSA provided scientifically validated evidence 
on the effectiveness of behavioral indicators to identify passenger 
threat. TSA did not concur with the recommendation to limit program 
funding.
    \27\ GAO, Designing Evaluations: 2012 Revision, GAO-12-208G 
(Washington, DC. Jan. 31, 2012). This report addresses the logic of 
program evaluation design, presents generally accepted statistical 
principles, and describes different types of evaluations for answering 
varied questions about program performance, the process of designing 
evaluation studies, and key issues to consider toward ensuring overall 
study quality. This report is one of a series of papers whose purpose 
is to provide guides to various aspects of audit and evaluation 
methodology and indicate where more detailed information is available. 
It is based on GAO reports and program evaluation literature. To ensure 
the guide's competence and usefulness, drafts were reviewed by selected 
GAO, Federal and State agency evaluators, and evaluation authors and 
practitioners from professional consulting firms. This publication 
supersedes Government Operations: Designing Evaluations, GAO/PEMD-
10.1.4 (Washington, DC: May 1, 1991).
---------------------------------------------------------------------------
    In our December 2014 report we concluded that ensuring the planned 
effectiveness testing of the Managed Inclusion process adheres to 
established evaluation design practices would help TSA provide 
reasonable assurance that the effectiveness testing will yield reliable 
results.\28\ The specific design limitations we identified in TSA's 
previous studies of Advanced Imaging Technology and behavior detection 
and analysis program may or may not be relevant design issues for an 
assessment of the effectiveness of the Managed Inclusion process, as 
evaluation design necessarily differs based on the scope and nature of 
the question being addressed. In general, evaluations are most likely 
to be successful when key steps are addressed during design, including 
defining research questions appropriate to the scope of the evaluation, 
and selecting appropriate measures and study approaches that will 
permit valid conclusions. As a result, we recommended that to ensure 
that TSA's planned testing yields reliable results, the TSA 
administrator take steps to ensure that TSA's planned effectiveness 
testing of the Managed Inclusion process adheres to established 
evaluation design practices. DHS concurred with our recommendations and 
began taking steps to ensure that its planned effectiveness testing of 
the Managed Inclusion process adheres to established evaluation 
practices. Specifically, DHS stated that TSA plans to use a test and 
evaluation process--which calls for the preparation of test and 
evaluation framework documents including plans, analyses, and a final 
report describing the test results--for its planned effectiveness 
testing of Managed Inclusion.
---------------------------------------------------------------------------
    \28\ GAO-12-208G.
---------------------------------------------------------------------------
    Chairman Katko, Ranking Member Rice, and Members of the 
subcommittee, this completes my prepared statement. I would be pleased 
to respond to any questions that you may have at this time.

    Mr. Katko. Thank you, Ms. Grover, for your testimony. We 
appreciate your participation here as well today, as well as 
the entire panel's.
    I now recognize myself for 5 minutes of questions.
    I am going to concentrate my questions on one area and 
possibly two. The first area is Managed Inclusion. As you heard 
from the testimony today so far, Managed Inclusion is one of 
the exceptions, if you will, to the PreCheck program. I don't 
know if ``exception'' is a proper term to use, but it is one of 
the ways that it is added to the PreCheck program.
    As a preliminary matter, I will note that the PreCheck 
program is something that people pay for. They pay for it, and 
it is a service as well as a risk-based security method. The 
fundamental premise of PreCheck is that it allows TSA to better 
focus on the higher-risk travelers by getting the ones that are 
lower-risk in the PreCheck program. But the fact remains that 
people are paying for that service, if you will, and the 
service is quicker access into the secure area of an airport.
    So, with that overview, I want to talk a little bit about 
Managed Inclusion. To start with, if you could just briefly, 
Mr. Fletcher, give us a very basic reason that TSA went to 
Managed Inclusion to start with.
    Mr. Fletcher. So I think the genesis of Managed Inclusion 
was really the Super Bowl in New Orleans. We were anticipating 
significant crowds and actually wound up with significant 
crowds.
    I think they more than doubled their peak volume of 
passenger traffic through the airport the day after the Super 
Bowl, so the airport was resource-constrained. The challenge 
really becomes: How do you eliminate the risk of this large 
crowd of people being an attractive target for a suicide 
terrorist attack?
    So there was a lot of internal discussion. The idea of 
doing a real-time threat assessment on passengers, a 
combination of explosive detection screening with passenger 
screening canine teams and behavioral detection, would provide 
sufficient value to be able to provide those travelers with an 
expedited screening process, that proved to be a very 
successful endeavor.
    As we looked at the success of that, the question became is 
there a way that we can systematically expand that concept to 
improve the efficiency. At that time, we had a very low volume 
of TSA PreCheck passengers. I think today we are at about 48 to 
50 percent. At that point, we were at 3 or 4 percent of volume, 
as I recall.
    So we had a lot of inefficiencies in the process where we 
had dedicated TSA PreCheck lanes at many of our larger 
airports, but the staff was significantly underutilized and the 
wait times in the standard screening lane were becoming 
excessive.
    So we began expanding Managed Inclusion as a way of 
conducting a one-time real-time threat assessment of the 
passengers, again, explosive screening and behavioral 
observation, to afford them an expedited screening experience 
as a way of managing wait times as well as improving the 
efficiency of the process.
    Mr. Katko. Thank you.
    A couple of things here I want to touch upon. You mentioned 
one of the things being resources and reducing the risk that 
there is an attractive target by having a large crowd in a 
nonsecure area of the airport. Correct?
    Mr. Fletcher. Yes, sir.
    Mr. Katko. Now, if we expand the PreCheck program through 
better marketing of it and it is growing on its own merit 
anyhow, does that change the calculus for wanting to use 
Managed Inclusion?
    Mr. Fletcher. It actually does.
    Mr. Katko. It does or does not? I am sorry.
    Mr. Fletcher. It does change the calculus. That is 
ultimately our goal. We want to dramatically expand the 
application program.
    Mr. Katko. So do we.
    Mr. Fletcher. As I indicated in my statement, we believe 
that the potential is upwards of 36 million travelers that 
could benefit. So we are targeting those travelers that are 
really taking three or more trips by air each year, and we 
think that that is a good value proposition. Even at an $85 
cost, the per-screening experience for the expedited process 
that they go through is worth them spending the money.
    It is a challenge. Marketing and communications and 
promotion is, quite frankly, not something the Government does 
well in many instances. So it is a marketing challenge. We have 
engaged a professional marketing firm to help us with our brand 
positioning, with creative content. We have been broadly 
expanding our partnerships across the travel and tourism 
industry.
    But our goal is to dramatically improve the number of 
travelers. So my calculation is that, to sustain a 50 percent 
expedited screening throughput rate with an entirely enrolled 
population, we need 25 million Americans enrolled in TSA 
PreCheck.
    Today, combined with our existing low-risk populations--
military, Members of Congress, et cetera--our own application 
program, and Customs and Border Protection's Trusted Traveler 
Programs, we have about 6.5 million.
    So we need to quadruple the number of individuals. That 
will take us a bit of time to do, but that ultimately is our 
goal. We would like to be able to significantly dial back on 
both Managed Inclusion and risk assessment rules and replace 
that current volume with an enrolled population.
    Mr. Katko. Thank you.
    I know I am a little over time here, but I just want to 
follow up briefly on that. Two things.
    From a resource standpoint--I know that is one of the 
genesis for the Managed Inclusion program--is it fair to say, 
though, that there is a significant number of TSA employees who 
work on a part-time basis?
    Mr. Fletcher. I believe that percentage is about 23 percent 
of the total TSO population is part-time employees.
    Mr. Katko. If you could just briefly address the fact that 
you know when the high-peak hours and high-peak traffic is 
going to be.
    Isn't it possible for TSA to better utilize the part-time 
employees to deal with the high-traffic areas and not resort to 
Managed Inclusion?
    Mr. Fletcher. I think we are doing a very credible job of 
managing those part-time resources. Again, like everything that 
TSA has been trying to do, it is taking a balanced and measured 
approach.
    I cannot afford--for example, in my experience when I was 
at Chicago O'Hare International Airport, it is difficult for me 
to work a 20-hour-a-week part-time employee 2 hours in the 
morning to cover my a.m. peak and then have them off and bring 
them back for 2 hours in the afternoon. That is an unreasonable 
human expectation for an employee that is working a part-time 
position.
    So there is a balance between the use of part-time 
employees and having them at the checkpoint when the passenger 
volume requires it and the needs of the operation versus the 
needs of the individual. I believe we do a credible job. We 
have actually--I believe we do a credible job today. I am not 
sure there is much more we can get in that regard.
    Mr. Katko. Thank you very much.
    The Chairman now recognizes the Ranking Minority Member of 
the subcommittee, Miss Rice, for 5 minutes for questions.
    Miss Rice. Thank you, Mr. Chairman.
    Mr. Fletcher, I am going to direct my questions to you.
    I think it is really important for us to--especially in 
light of your comment that you would like to take the universe 
of people that go through TSA PreCheck lines pursuant to either 
Managed Inclusion or the risk assessment rules--you would like 
to decrease that number and increase the actual number of 
people who go through the PreCheck process.
    Can you succinctly tell us what that process is from a 
person applies to they are approved?
    Mr. Fletcher. Today the individual applies either on-line 
or at one of the 320-some-odd enrollment centers. They provide 
a set of biographic information. They provide a photographic 
ID, proof of identity, and proof of citizenship. They provide 
their fingerprints.
    We do a security threat assessment against them for 
criminal disqualifiers, for immigration. Are they a U.S. 
citizen? Are they a lawful permanent resident? We do a threat 
assessment. Are they listed in the terrorism database? They get 
their known traveler number.
    I think we say that that will typically happen in 2 weeks. 
My understanding is that it typically happens within 3 or 4 
days that the individual has been vetted and approved. We mail 
them their own traveler number. They can also go on a secure 
website and retrieve that electronically. So it is a relatively 
painless process, if you will.
    Miss Rice. What would disqualify someone from obtaining 
PreCheck status?
    Mr. Fletcher. So there is a list of criminal disqualifiers 
that are permanent, and then there is a list of, I will say, 
interim disqualifiers. So a criminal conviction within 7 years 
might be a disqualifier until that time frame had elapsed.
    But there are disqualifiers, criminal convictions, that are 
permanently disqualifying. An example of that I think you have 
alluded to in your opening statement: Conviction of a 
terrorism-related offense; espionage against the Government; 
treason. Those would be permanent disqualifiers. I have a list. 
I can certainly provide that to the committee.
    Miss Rice. Are there any obstacles that you encounter as an 
agency during this PreCheck application process with getting 
relevant information from other agencies, whether it be FBI, 
you know, watch lists? Are there any impediments or obstacles 
that you have encountered in getting----
    Mr. Fletcher. I don't think there is impediments with the 
way the process is currently designed. I believe that there are 
opportunities to improve the process.
    So today we do not do, for example, recurrent vetting for 
criminal disqualifiers. We vet perpetually for the individual 
being added to a terrorism database, but we don't continually 
vet for criminal disqualifiers.
    We have been working very closely with the FBI on an 
initiative that they have recently fielded the capability for 
that will allow us to do that, but we don't have either the 
legal authority to do that today on our own accord because, in 
this instance, we are not a law enforcement agency from this 
perspective.
    So we can't run our own NCIC checks, as Customs can do as 
an investigative law enforcement agency, but we believe that 
that is an important enhancement to the program as we move 
forward.
    Miss Rice. Well, that goes into my next question I was 
going to ask you: Do you have a plan in place--and you have 
already answered this--for recurrent vetting?
    So what we would have to do is either qualify you as a law 
enforcement agency or you would do what it appears that you are 
doing now with the FBI in partnering with another agency that 
would actually carry out the recurrent vetting?
    Mr. Fletcher. That is correct.
    Miss Rice. Then share the information with you?
    Mr. Fletcher. That is correct, ma'am. I will say that that 
is not without cost. So the FBI is a fee-reimbursed program for 
that particular service. So there is some cost associated with 
that that would----
    Miss Rice. Well, it all comes out of the same pot. Right?
    Mr. Fletcher. Well, in this instance, the entire TSA 
PreCheck application program is fee-funded with the exception.
    Miss Rice. Right. That is true.
    Mr. Fletcher. So those costs would have to be absorbed by 
the individual applicant.
    Miss Rice. Well, I am talking about in terms of BDOs and 
TSA officers. I mean, there is already a built-in cost 
structure there. I don't think that is going to break the bank, 
a recurrent background check that the FBI could do.
    But very quickly--because my time is almost up--so recently 
there was a report that, since 2007, when the training for 
BDOs, Behavioral Detection Officers, was put into place, to the 
present day, there were approximately 30,000 people that were 
pulled out of the line based on observations of the Behavioral 
Detection Officer.
    It is further understood that, of those 30,000 people that 
were taken out of the line, of that universe, less than 1 
percent of them actually had an instance where it resulted in 
an arrest.
    So my question is: Do you think that the training for the 
BDOs is sufficient, given that kind of empirical data, that 
maybe they are not looking at the right things by maybe missing 
people who truly do represent a danger?
    Mr. Fletcher. So I will say that the recommendations over 
the last several years from both the GAO and the inspector 
general have been very helpful in us revamping our BDO program.
    As Ms. Grover indicated, we have just completed, I will 
say, a research foundation analysis for each of the revised 
indicators. We are in the process of doing a comprehensive 
evaluation of those new indicators. We have completely revamped 
the training program for the BDOs over the last several years.
    So if I go back to 2007, I would absolutely agree with your 
position, but I believe we have taken significant strides. In 
fact, my understanding is that, with the exception of two 
recommendations, one that we defund the BDO program and the 
other, the most recent one, about taking a holistic view of 
Managed Inclusion and the use of BDOs, that all of the 
recommendations for both the DHS IG and GAO have been closed.
    Miss Rice. So, Mr. Fletcher, first of all, that was not an 
attack question at all. That was just----
    Mr. Fletcher. I understand, ma'am.
    Miss Rice. I am one of those people who like to be--if you 
implement a plan, you have to review it to see if it is 
actually achieving the stated goals.
    So I appreciate your openness and your willingness to take 
recommendations about how the BDO--I don't think it necessarily 
has to be scrapped altogether, but I appreciate the fact that 
you are willing to take these recommendations of how it can be 
better. Thank you.
    Mr. Fletcher. If I can just add, we have actually 
established a coalition with private-sector privacy groups that 
signed a nondisclosure agreement that allow them to gain access 
to information that will help us inform the program and make 
sure that we are achieving the right balance between what we 
believe is an essential layer of our security regime and 
concerns about civil rights and civil liberties.
    Miss Rice. Thank you, Mr. Fletcher.
    Thank you, Mr. Chairman.
    Mr. Katko. Thank you, Miss Rice.
    The Chairman now recognizes the Ranking Minority Member of 
the full committee, Mr. Thompson, for questions.
    Mr. Thompson. Thank you very much, Mr. Chairman.
    I ask unanimous consent that Ms. Jackson Lee be allowed to 
sit on the panel and ask questions today.
    Mr. Katko. So approved.
    Mr. Thompson. Thank you.
    Mr. Fletcher, in the Managed Inclusion program and, more 
specifically, BDOs, how many do we have in the BDO program, how 
many BDOs?
    Mr. Fletcher. Congressman Thompson, I don't have that exact 
number. I know we have about 11 percent fewer BDOs today than 
we did 2 years ago. So that number has reduced. I believe it is 
around 3,100 total across the system, but I don't have that 
exact number.
    Mr. Thompson. Okay. You talked about a process.
    Are you aware of any scientific data that say that the BDO 
program is successful?
    Mr. Fletcher. I know we have established a scientific 
foundation behind each of the indicators. I am not personally 
aware of the scientific data that answers your specific 
question.
    Mr. Thompson. Ms. Grover, you looked at it. Are you aware 
of any?
    Ms. Grover. No, sir. I am aware that TSA has taken another 
look at the literature that is underlying each of the 
indicators that they are using.
    They are in the process of testing the use of the new 
indicators and the new rules for using them at airports right 
now, and we are awaiting the results of those tests to see what 
TSA learns about how they are actually being applied in 
practice.
    Mr. Thompson. So as of this hearing, you are not aware of 
any data that would say that that program or, from a scientific 
standpoint, that it works?
    Ms. Grover. Yes, sir. As of this hearing, I have not 
reviewed evidence from TSA demonstrating that the behavioral 
indicators are working in practice as they intend.
    Mr. Thompson. Let me go on the record, too, Mr. Chairman 
and Ranking Member. I support the PreCheck program, too, but I 
want it to have sound science behind it and not just the 
ability to look at somebody who hasn't been vetted, look at 
someone who hasn't gone through a database from a background 
standpoint, and say ``You get into the PreCheck line.''
    I think part of why we are trying to have this hearing is 
to make sure that those individuals who are in the PreCheck 
line--that there is some science behind getting them there as 
well as some vetting of who they are.
    More specifically, we talked about this whistle-blower who 
said they saw and knew someone in line that was a domestic 
terrorist, had a conviction, went to jail.
    Can you provide me, Mr. Fletcher, with whether or not there 
is authority--if a TSO sees an individual of that description, 
that they have the authority to say ``You need to go back for 
further vetting, for enhanced screening.''
    Mr. Fletcher. Congressman Thompson, TSOs have had that 
authority, that discretion, to deny an individual access to the 
PreCheck lane and send them through the standard screening 
process that existed on that day.
    Back in 2008, I believe, we started training our TSOs in 
critical thinking skills. In response to the IG's 
investigation, we reiterated that guidance and are currently 
reviewing our standard operating procedures.
    Mr. Thompson. Mr. Roth, do you want to comment?
    Mr. Roth. When we engaged in this inquiry after receiving 
the whistle-blower complaint, the TSO did not feel empowered to 
make that decision on his or her own self and checked with the 
supervisor.
    My understanding is our recommendations to TSA were to 
clarify exactly what authority the TSO has so, in fact, they do 
have that empowerment when they see a situation that they 
believe is unsafe.
    Mr. Thompson. So when they checked with the supervisor, 
what did the supervisor say?
    Mr. Roth. According to our investigation, the supervisor 
ordered that person to go through the PreCheck lane.
    Mr. Thompson. So, basically, we let a domestic terrorist 
get on a plane that, if that person had applied through 
PreCheck, that person would have--well, if that person who 
traveled had applied through the regular PreCheck program, what 
would that person's status have been?
    Mr. Roth. That person had several disqualifying criminal 
offenses which would have prohibited that person from being a 
member of PreCheck.
    Mr. Thompson. So, Mr. Fletcher, can you share with the 
committee what orientation TSOs are going through now so that 
they do feel empowered that, when those situations exist, they 
can, in effect, stop it at that point?
    Mr. Fletcher. So, Congressman, immediately the head of our 
Office of Security Operations issued written guidance to the 
field that clarified and reinforced the discretion in critical 
thinking skills that had been built in the program over the 
previous several years.
    That was followed up by information in a National shift 
briefing that went to the entire front-line uniformed workforce 
over the next several weeks to ensure that every individual TSO 
was hearing that consistent message.
    As I indicated, I think we are currently in the process of 
reviewing our standard operating procedures to make sure that 
any language about discretion and critical thinking is clear 
what our intent is so that the TSO doesn't feel inhibited or a 
lack of empowerment to be able to exercise that discretion.
    That is absolutely the key. One of the keys to aviation 
security, in my view, is the individual TSO to use their 
experience and judgment and exercise some level of 
individualized discretion.
    Mr. Thompson. Well, I think the traveling public feels that 
some system of vetting has occurred for every person who is on 
that plane. I think to whatever extent we can provide that we 
should.
    So I would encourage you to look at what you are doing so 
that the end result is that there are no anomalies in the 
system that would allow someone with an obvious criminal record 
that would have been disqualified is on that plane without the 
knowledge of the people who are traveling.
    Mr. Fletcher. So, Congressman, as you know, we rely very 
heavily on information from the National law enforcement and 
National intelligence community. So every passenger is vetted 
against terrorism databases and watch lists and identified 
initially as either inhibited and not allowed to fly, a no-fly, 
designated for enhanced screening, or prevented from being 
eligible for expedited screening through TSA PreCheck.
    In this specific instance, this individual was not and is 
not in the National Terrorist Screening Database. So that is a 
discussion that is on-going between TSA and the Terrorist 
Screening Center because this is an intelligence and an 
information-based aviation security regime and we have to have 
confidence that, if there is a domestic terrorism suspect, that 
they have been appropriately identified and watch-listed.
    In this case, that is the glitch in the system. If that 
individual had been watch-listed, they would not have been 
allowed to be designated as eligible for expedited screening.
    Mr. Thompson. Thank you.
    I yield back, Mr. Chairman.
    Mr. Katko. Thank you, Mr. Thompson.
    The Chairman will now recognize other Members of the 
subcommittee for 5 minutes each for questions they may wish to 
ask the witnesses. After we have exhausted the questions from 
each of the subcommittee Members, we will allow Ms. Jackson Lee 
5 minutes' time for questions as well.
    In accordance with our committee rules and practice, I plan 
to recognize Members who were present at the start of the 
hearing by seniority on the subcommittee. Those coming in later 
will be recognized in the order of their arrival.
    The Chairman now recognizes Mr. Rogers for 5 minutes of 
questions.
    Mr. Rogers. Thank you, Mr. Chairman.
    I want to talk some more about this Managed Inclusion 
program.
    Tell me, what was the objective when you all set that up? 
What were you trying to accomplish with this?
    Mr. Fletcher. So, Congressman Rogers, I think there was 
really multiple objectives. In the first instance, it was 
improving the--I will say one objective was to improve the 
efficiency of the TSA PreCheck lane.
    In the second instance, it was really about, how do we do a 
much more effective job of managing the wait times and standard 
screening, reducing that risk that that becomes the attractive 
target for a terrorist attack?
    Mr. Rogers. Well, did TSA conduct a comprehensive analysis 
on the impact of the entire screening process, which basically 
is reducing it to PreCheck vetting by the flip of a coin?
    Mr. Fletcher. Congressman, I don't believe it is PreCheck 
vetting by a flip of a coin.
    Mr. Rogers. Taking somebody that hasn't been screened 
through the PreCheck program and just sending them through that 
line every once in a while?
    Mr. Fletcher. So the opportunity, we believe, and--as we 
looked at the individual component parts and are in the process 
of looking at Managed Inclusion in total as a system, we 
believe that it provides a better security proposition. It is 
more effective security than standard screening based on the 
analysis that we have done to date.
    Mr. Rogers. Maybe I am confused.
    My understanding of the way Managed Inclusion works is you 
have got somebody with an iPad that taps it and it randomly 
sends somebody up through the PreCheck line that has not gone 
through the application and screening process that the people 
who paid to be in the PreCheck line went through. Is that not 
correct?
    Mr. Fletcher. Well, that is part of it. Certainly there is 
a random----
    Mr. Rogers. Isn't that taking a high risk by sending 
somebody through the PreCheck line? They are no longer going 
through the AIT machine that we told everybody in the world was 
so necessary. They are just going through a magnetometer, and 
they didn't go through the vetting process that the people in 
the PreCheck line paid to go through.
    Mr. Fletcher. They are exposed at a significantly higher 
rate to explosives screening, 100 percent of the passengers, if 
we are using passenger screening canine teams, a significant 
percentage of passengers that are ETD screened prior to that 
random selection process at the travel document check position, 
and they are also subject to additional unpredictable screening 
through ETD and now I think at more than 65 TSA PreCheck 
screening lanes with random selection for AIT as part of the 
prescreening process.
    Mr. Rogers. How do you think folks feel that paid for the 
PreCheck status about individuals who didn't pay for it and 
didn't go through the vetting being allowed to get in line with 
them?
    Mr. Fletcher. I have heard negative complaints from the 
traveling public about the Managed Inclusion process. Part of 
our desire to dial these tools back so they become a 
significantly less contributor to the overall expedited 
screening process and replace them with an enrolled population 
is both because of the pushback that we have gotten, in some 
instances, from travelers, but also because it moves those 
passengers--the enrolled passenger--provides a lower-risk 
proposition than somebody who does go through Managed Inclusion 
or through risk assessment rules.
    Mr. Rogers. You know, you mentioned explosive detection 
canines. Obviously, you know something about me or else you 
wouldn't have brought that up.
    If, in fact, we had enough of those assets so that they 
were in all these lines, I wouldn't have a problem with this. 
But, as you know, we have very limited numbers of those canine 
teams and not because I haven't been trying to change it. I 
intend to get a lot more of them in there before I leave this 
place. But currently we don't have anywhere near close to 
enough of them.
    In my opinion, this Managed Inclusion program is a reckless 
practice to take people who have not been through the proper 
vetting and put them into a lane that requires a lower level of 
screening because the people who are in that lane have paid to 
be vetted through a system that makes them less of a risk.
    So I hope that you all will rethink this program because it 
is reckless and I think the public would view it very dimly if 
they knew more about it.
    Mr. Fletcher. Yes, sir.
    Mr. Rogers. With that, I will yield back, Mr. Chairman.
    Mr. Katko. Thank you, Mr. Rogers. I appreciate it.
    Ms. Jackson Lee, I believe you are next up.
    Ms. Jackson Lee. Let me thank the Chairman and Ranking 
Member for their courtesies. This is a committee that I hold 
very dear as a very important responsibility. I thank both of 
you for your very, very astute leadership on this hearing and 
the hearing that we may have afterwards, which I hope I will be 
able to attend after another hearing.
    Let me also thank the witnesses for their service, 
certainty the representative from the GAO, for constantly 
providing us a flashlight to be able to ensure and to correct 
and to keep the American people secure.
    Let me thank all of those who are part of the Homeland 
Security team, Transportation Security Administration. Many of 
you know my great admiration for the thousands upon thousands 
of TSO officers that put their lives on the line in the 
Nation's airports to save our lives. So I want them to know how 
much I appreciate them.
    I want to acknowledge the shooting and the loss of life of 
the TSO officer in Los Angeles. We went out to Los Angeles in 
the last session.
    Let me offer my concern and best wishes for a speedy 
recovery for the TSO officer at the Louis Armstrong Airport in 
New Orleans.
    So, let me proceed with a series of points, and maybe I 
will--let me just make this point, and then my colleagues 
should hear my point. This is a team effort when we talk about 
securing the airport. I am constantly frustrated, and I 
understand local government, but I do believe this is going to 
require a Federal sort-of engagement and setting protocols. 
There is not enough coverage of the TSOs officers of armed 
personnel which in this instance, are our local law enforcement 
as hired or dictated to by the local airports.
    The first news report came out that it was a TSO officer, 
you might have heard it, that shot the perpetrator at New 
Orleans who had a machete and something else, endangering the 
lives of passengers. Not understanding what their intent was, 
not knowing whether to classify them as a terrorist or deranged 
individual. It was the brave acts of a local law enforcement, 
so I believe, and will be raising this question, of the 
protocols to be established in airports across America, there 
is not enough coverage. The airport management, they save 
money. Cities save money by not having the appropriate armed 
law enforcement present.
    Let me ask the question to Mr.--if I might--to Mr. 
Fletcher. Are your TSOs armed?
    Mr. Fletcher. No, Congresswoman, they are not.
    Ms. Jackson Lee. Approximately how many do we have across 
America, just approximately?
    Mr. Fletcher. I believe somewhere full-time, part-time 
total, about 48,000.
    Ms. Jackson Lee. Let me thank you for that, because I am 
much happier and feel much safer in spite of some of these 
downfalls, than I was in pre-9/11. So I appreciate that. So, 
they are not armed, but they are monitoring some of the world's 
largest airports, is that not correct?
    Mr. Fletcher. That is correct, ma'am.
    Ms. Jackson Lee. We, I believe without giving any 
Classified information, knowledge is, that still one of the 
more attractive targets of terrorists are airplanes, airports, 
and transportation modes. Is that a general assessment one can 
make?
    Mr. Fletcher. That is an accurate assessment, yes, ma'am.
    Ms. Jackson Lee. So in America, with our effort to secure, 
we have TSOs. We don't have any consistent understanding of 
what the armed presence is. When I use the word armed, I am 
going to be very careful to make sure that I am talking about 
local law enforcement, and not military.
    So, let me jump to this point of the situation of going 
with the TSO that knew that there was a person that was 
convicted of domestic terrorism. What was the basis of the 
supervisor who the TSO came to saying, it is all right, let him 
through?
    Mr. Fletcher. I don't have an answer to that, ma'am. I will 
have to go back and I know our security operations did an 
inquiry. I believe they have that answer. I just don't know 
that.
    Ms. Jackson Lee. So. I would make this point: Training has 
to be crucial. If the TSO had the authority, you seem to 
suggest that person did, they didn't use it. Then you have a 
training problem. One, in terms of the TSO's knowledge of what 
their opportunities and obligations and authority is, and then 
the supervisor, rightly so, that was approached by the TSO, 
gave the approval of them going through. I don't know, is it in 
the Inspector General's report as to why the supervisor, if you 
will, allowed the person to go forward? Anyone?
    Mr. Roth. The TSA has a rule that the TSOs may increase the 
level of screening a passenger receives at a checkpoint based 
on a particular belief that can be put into words and explained 
to others that is based on observations that suggest an 
individual or----
    Ms. Jackson Lee. Right, but that is an increase. This 
person decreased it by telling the TSO, let him walk on 
through. Let me finish because my colleagues have been very 
generous in their time. I want to emphasize that we have a 
double issue here in protecting the perimeter of the security 
checkpoint, where a person may need to be stopped, and may be 
agitated, and I am not suggesting a pouncing of law enforcement 
on our travellers. Let me be very clear. But I am suggesting 
that we need to protect our TSO officers. We have been very 
fortunate. We have one too many incidences, and if the reports 
are accurate, and I think you announced this report, the number 
of guns that are stopped at the security checkpoints are more 
than we might imagine. So, I think that is something else that 
we need to complement the issues of training.
    The other thing that I would like to offer to my colleagues 
is that I have introduced the No Fly for Foreign Fighters 
legislation which would appropriately be in this committee. I 
would like to have that bill presented to both the Chairman and 
Ranking Member of this committee to give you extra help on a 
list that is extremely screened or scrubbed to make sure that 
you have the most current individuals on that No-Fly list, 
particularly those who are foreign fighters. I hope that the 
agency will review my legislation because I am looking for 
tools that will help TSO officers do their job. I think there 
are two elements of weaknesses. One, when a TSO attempted to do 
the right thing, and a supervisor pushed him on, and then the 
issue of security around the perimeter.
    So, I thank you very much. If I might, I thought I had the 
bill to put into the record, but I see that I don't. But I also 
will just get this in writing. I understand that we moved to 
expand TSA PreCheck and we used a pay process. Of course, they 
are vetted, but you allow people to pay for that. I would like 
to get a report on whether or not our vetting is extensive on 
the paid process, more extensive. I yield back, and I thank the 
Chairman and Ranking Member.
    [The information follows:]
             Submitted for the Record by Sheila Jackson Lee

114TH CONGRESS

1ST SESSION

                                 H.R. 48

To require a review of the completeness of the Terrorist Screening 
Database (TSDB) maintained by the Federal Bureau of Investigation and 
the derivative terrorist watchlist utilized by the Transportation 
Security Administration, and for other purposes.


                    IN THE HOUSE OF REPRESENTATIVES

                            January 6, 2015

Ms. Jackson Lee introduced the following bill; which was referred to 
the Committee on the Judiciary

                                 A BILL

To require a review of the completeness of the Terrorist Screening 
Database (TSDB) maintained by the Federal Bureau of Investigation and 
the derivative terrorist watchlist utilized by the Transportation 
Security Administration, and for other purposes.
    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``No Fly for Foreign Fighters Act''.

SEC. 2. REVIEW OF THE COMPLETENESS OF THE TERRORIST SCREENING DATABASE 
                    (TSDB) MAINTAINED BY THE FEDERAL BUREAU OF 
                    INVESTIGATION AND THE DERIVATIVE TERRORIST 
                    WATCHLIST UTILIZED BY THE TRANSPORTATION SECURITY 
                    ADMINISTRATION.

(a) In general.--Not later than 90 days after the date of the enactment 
of this Act, the Attorney General, acting through the Director of the 
Terrorist Screening Center, shall complete a review, in coordination 
with appropriate representatives from the Department of Homeland 
Security and all other relevant Federal agencies, of the completeness 
of the Terrorist Screening Database (TSDB) and the terrorist watchlist 
utilized by the Administrator of the Transportation Security 
Administration to determine if an individual who may seek to board a 
United States-bound flight or a domestic flight and who poses a threat 
to aviation or national security or a threat of terrorism and who is 
known or suspected of being a member of a foreign terrorist 
organization is included in such Database and on such watchlist.
(b) Report.--Not later than ten days after the completion of the review 
under subsection (a), the Director of the Terrorist Screening Center 
shall submit to the Committee on Homeland Security of the House of 
Representatives and the Committee on Homeland Security and Governmental 
Affairs of the Senate a report on the findings of such review.

    Mr. Katko. Thank you, Ms. Jackson Lee for being here, 
showing an interest in the subcommittee's work and for your 
thoughtful comments and input. The Chairman now recognizes Mr. 
Ratcliffe for 5 minutes of questioning.
    Mr. Ratcliffe. Thank you, Mr. Chairman, and I very much 
appreciate you holding this hearing on the issue of security in 
our airports. As you know, I am a former terrorism prosecutor, 
a United States attorney that served after 9/11 and, you know, 
very much believe in the mission of the TSA and believe--and I 
am grateful for the testimony of the witnesses today to inform 
the opinions of this subcommittee.
    I am also, I will say, someone that goes through our 
airports through the TSA PreCheck program and so you know, I am 
very familiar with that.
    Based on the testimony that I was able to review, the one 
thing that I am concerned about, is some of the TSA's more 
flexible programs that allow for real-time assessments of 
potential risks as opposed to the TSA PreCheck, which allows 
travellers like me who qualify and submit to a background check 
to get through more expeditiously. I know, Mr. Roth, you 
commented on that in your March 16 report and talked about the 
incident involving a convicted felon who was improperly cleared 
under one of these more flexible programs.
    So, I guess let me just start there. I want to ask this 
question of you, Mr. Fletcher is, you know, why is the TSA 
using methods like Managed Inclusion and risk assessment to 
expedite the TSA PreCheck line when individuals who opted in 
the PreCheck program go through a more rigorous procedure to 
gain the benefits of the program, what it offers?
    Mr. Fletcher. Well, Congressman Ratcliffe, we talked a bit 
about Managed Inclusion. We believe it has security value, but 
we haven't spent a lot of time talking about risk assessment 
and so in partial response to your question, risk assessment, 
you know, one of the underlying principles behind TSA's risk-
based security approach, is that the vast majority of Americans 
simply want to get from their destination--to their destination 
as quickly, and as efficiently as possible and represent 
essentially no threat to aviation. So, our bias has been 
identifying ways to expedite the flow of legitimate travellers 
and reducing that burden.
    So, there is a balance that we have tried to take to, and a 
measured approach that we have tried to take to all of our 
programs. So, we look at an initiative like Managed Inclusion 
or when we look at an initiative like risk assessment rules, we 
consider the security effectiveness of the proposition. We 
consider the operational efficiency impacts. We look at what 
the impact on the passenger is. We look at what the impact on 
industry may be, and then we consider the fiscal implications 
and the policy implications. Is this the right public policy 
for the agency to adopt? Is it going to be politically 
acceptable by you, Members of our Oversight Committee? Is it 
going to be politically palatable or socially palatable to the 
American people?
    So, when we look at risk assessment rules we take a 
thoughtful approach to that. The underlying basis of our rules 
is the age, gender, and itinerary information today that we 
have been collecting since we implemented Secure Flight fully 
in 2010.
    We started that at the very beginning of the program with 
the small slice of frequent fliers that we extended eligibility 
for. But that is not the only review that we have done. We had 
an independent analysis of that approach that was completed by 
one of the Federally-funded research and development 
corporations, Metron in 2012--or in 2013. We worked very 
closely with the Civil Aviation Threat Working Group. These are 
intelligence analysts from across 13 different intelligence 
agencies, headed by the National counterterrorism. We have had 
a review in 2014 by the Homeland Security Studies and Analysis 
Institute. So there is--all of those independent reviews have 
validated the fundamental principles behind that. They have 
identified some opportunities for improvement, as has the 
Inspector General and as has GAO. But, we believe very strongly 
that the independent reviews that we have conducted, provide a 
good security and a good value proposition for the American 
people. So we have taken a thoughtful and measured approach to 
both of those programs; much more so on risk assessment rules 
than perhaps we have on Managed Inclusion, because we haven't 
done as much of the external independent validation on that 
initiative.
    Mr. Ratcliffe. Thank you, Mr. Fletcher. I see that my time 
is expired, so I would love to ask a question of the Inspector 
General, but I will yield back.
    Mr. Katko. Thank you, Mr. Ratcliffe. We are going to have a 
brief second round of questions here so you will have an 
opportunity to have some follow-ups in a moment.
    I now recognize myself for some follow-up questions, and I 
apologize for the somewhat rapid-fire manner of these 
questions, but these are questions I was hoping someone else 
would ask. Since they didn't, I want to follow up with them. 
First of all, on the convicted felon issue, just so that I am 
clear, the convicted felon that was cleared, is there any doubt 
in your mind that that was--let me rephrase the question.
    Were they in error when they cleared that convicted felon 
for that--to do a PreCheck?
    Mr. Fletcher. Mr. Chairman, I believe the error was if they 
presented a risk to aviation, if they were a convicted 
terrorism operative, then they should have been appropriately 
watch-listed as a domestic terror subject in the terror 
screening database.
    Mr. Katko. Okay, so obviously, this person would not have 
passed the PreCheck status, correct?
    Mr. Fletcher. Would not have been accepted through the 
application enrollment program, yes, sir.
    Mr. Katko. So it becomes self-evident that the risk 
assessment approach and the Managed Inclusion approach aren't 
as thorough and good as doing the PreCheck background check?
    Mr. Fletcher. I would agree with that, yes, sir.
    Mr. Katko. Okay. Now, shifting gears for a moment here. 
From a pure marketing standpoint, and PreCheck--part of 
PreCheck is, indeed, marketing. It is fair to say, is it not, 
that PreCheck, when someone has paid for PreCheck and they paid 
for a product and they see people being taken out of other 
lines that haven't paid for the product going into the line, 
sometimes ahead of them, that is not good marketing from a 
purely marketing standpoint?
    Mr. Fletcher. Well, I look at it to a certain extent as a 
free sample that you would get. So, it is a--and we know from 
interviewing travellers that many of them that have had the 
opportunity to experience expedited screening through Managed 
Inclusion and risk assessment rules, have subsequently applied 
and enrolled in the program. So, there is some benefit. It is 
not all negative.
    Mr. Katko. That is a fair point, but let's face it, though, 
for the people who have paid for the program, it is a negative.
    Mr. Fletcher. There are negative sentiments when I paid my 
money and others are getting it for free, yes, sir.
    Mr. Katko. Now, I want to ask this question only because I 
have experienced it the last two times I have been at Kennedy 
Airport and I am trying to get home, and there is a long line, 
and there is no PreCheck line open.
    So, the question I have for you is, how come PreCheck isn't 
always open when they sell a product that people have paid for?
    Mr. Fletcher. It is a matter of resource efficiency. There 
are times of day at large airports, and many more times at 
small airports where we simply don't have the passenger volume, 
where we are not running Managed Inclusion operations, where we 
can't sustain the dedicated TSA PreCheck lane.
    One of the things we did in 2013 is we gave the Federal 
security directors the flexibility to be able to shift standard 
screening lanes to expedited screening lanes when the expedited 
screening volume is there, and then you convert those lanes 
back to standard screening lanes. So, we are trying to be good 
stewards of the resources we have available to us. But in many 
of those instances, we just simply don't have the volume to 
sustain the expedited screening lane as a dedicated 
proposition.
    Mr. Katko. Okay. Mr. Roth, and Ms. Grover, I haven't 
forgotten about you two and you will be actively participating 
in the closed portion of this hearing. Trust me.
    But I do want to ask you this, either one of you. Miss Rice 
asked some very good questions about recurrent vetting, and Mr. 
Fletcher talked about there is a cost associated with that. Do 
you have any idea how costly it would be to do recurrent 
vetting?
    Mr. Roth. I don't have that answer for you, Congressman.
    Ms. Grover. No, sir, but that is a potential vulnerability 
that we have identified in our previous reports also, the 
importance of recurrent vetting.
    Mr. Katko. I think--I am very trained in asking questions 
and not pontificating because, for 20 years, the judges would 
kill me if I did that. But I will tell you that recurring 
vetting, to me, is an important and serious issue. I would ask 
either Mr. Roth or Ms. Grover or direct us to the appropriate 
entity that can try and give us an idea of what that cost might 
be, because I think that is an important factor to enter into 
these things.
    I think that recurrent vetting is, as this program matures 
and it is certainly a program that is going to be around for a 
while, as it matures and more time takes place between when 
they are initially vetted and up to the present time, I think 
that there is more opportunity for people to go bad, if you 
will. Recurrent vetting might catch that. That is an important 
part of that.
    Also, Mr. Fletcher, let me just ask you as long as we are 
on the subject, briefly, the question recurrent vetting, is it 
fair to say that there is a science of developing with 
algorithms, that can be designed, that might be able to do some 
of this recurring vetting absent a criminal history check on a 
regular basis without a lot of costs once the algorithm has 
been established?
    Mr. Fletcher. We have been working with several private-
sector companies, and DHS Science and Technology Directorate, 
on evaluating risk algorithms that are not necessarily directly 
related to criminality. But, we do believe, from my personal 
discussions with the National Association of Professional 
Background Screeners that--and in discussions with some 
private-sector data brokers, that they can do a very effective 
job of identifying criminality through publicly-available 
electronic information without having to go through the 
traditional fingerprint based NCIC check.
    Mr. Katko. Thank you. A couple more quick questions and 
then we will be able to wrap up with this portion of the 
testimony. First of all, a straightforward question here. On 
December 22, 2014 there was a Request for Proposal issued for 
TSA PreCheck application expansions. That RFP sought private-
sector implication capabilities to expand the public's 
enrollment access to PreCheck. The solicitation was taken down 
on February 7, 2015. The question I ask is: Why?
    Mr. Fletcher. There was at least one provision, Mr. 
Chairman, in there that should not have gone out in the 
original solicitation that we were concerned about. We are 
currently working with the Department to go through that entire 
RFP to make sure we get it right. I believe that that is our 
best opportunity to shut down, dial back on Managed Inclusion 
and risk assessment rules is third-party. But we have to get it 
right in the first instance.
    Mr. Katko. Do you have any idea what our time frame is 
before that RFP will be back up and running?
    Mr. Fletcher. Acting Administrator Carraway in his 
testimony last week indicated perhaps as early as the end of 
this week or next. I am hoping it will be soon.
    Mr. Katko. Excellent. The last question I wanted to--series 
of questions about marketing and enrollment for PreCheck. I 
have talked to airport operators and they have expressed a 
strong interest in providing kiosks, even at their own costs, 
so people can come and sign up for PreCheck in their airports. 
They have also offered to provide space in their airports to do 
the follow-up vetting from a PreCheck at their facilities. To 
me, that sounds like no-brainers. We have--every single airport 
in the country should have the option of being able to do one 
of those--have one of those kiosks to sign up.
    What I would envision would be a kiosk where they come in, 
they sign up, somebody is manning the kiosk. They pay the fee. 
They fill out the form. It goes to TSA and then they do their 
work. What do you think about that?
    Mr. Fletcher. I think those are options we are hoping--
innovative solutions we are hoping to get in response to the 
RFP when we get that reposted. Right now, our exclusive 
contract with Morpho Trust. It is really the relationship 
between the airport and our contractor that manages the 
existing enrollment application.
    Many airports have been very generous with space. Some of 
our major airlines have leased space on Morpho Trust's behalf 
to facilitate the enrollment process. Other airports have been 
resistant and are waiting for opportunities to be more directly 
involved as they have reviewed our proposals.
    Mr. Katko. Just so I am clear, though, so you are saying 
though, that you have a contract with a vendor that is kind-of 
preventing from you developing this program further?
    Mr. Fletcher. Right now the application program that exists 
today is through a single vendor, Morpho Trust, that runs all 
of our vetting application programs. The intent of third-party, 
the RFP, is to broadly expand that to be able to take advantage 
of those other opportunities that you just discussed and we are 
not there yet.
    Mr. Katko. Is there anything in that contract with that 
vendor that prevents--that would prevent these airports from 
opening these kiosks and collecting these applications?
    Mr. Fletcher. We actually had that discussion this morning 
about what changes to the contract that we can make to--I will 
say loosen some of the contractual restrictions or provide more 
latitude for the contractor to move forward. Today there is 
nothing to prevent an airport from entering into an agreement 
with Morpho Trust. Many of them--I think 35 or more already 
have.
    Mr. Katko. Excellent. Okay, thank you.
    I want to also note that from a convenience standpoint for 
passengers, the PreCheck is not exactly where it should be. 
Now, I will give you an example. My understanding from the 
PreCheck process in Syracuse is that if you want to get 
screened, do the follow-up in-person interview, you have to 
drive to Oswego, New York to get the interview.
    To me, that is wildly inconvenient, and I would like to see 
a process whereby passengers can get the follow-up interviews 
at the airports. Because the idea is, if you have frequent 
travellers, and those are the ones you want to target for 
PreCheck and there are millions of frequent travellers in this 
country, why not make it as absolutely convenient and user-
friendly as possible? They can sign up at the airport. They can 
do the follow-up interview at the airport while they are 
waiting for a plane or getting off a plane. That makes much 
more sense than driving 45 minutes to an hour north to Oswego, 
and if you know Oswego in the wintertime, you think Syracuse 
gets a lot of snow. They get a lot more snow than that, so it 
is not always a good idea to drive up there. So, I just want to 
let you know, we going to be looking into that as well.
    Mr. Fletcher. Yes, sir.
    Mr. Katko. Okay. Do you have any questions?
    Miss Rice. The rest of my questions are going to be at our 
closed-door session, if that is okay. Thank you, Mr. Chairman.
    Mr. Katko. I ask unanimous consent that the remainder of 
the hearing be closed to the public under rule XI, clause 
(2)(g)(2) of the Rules of the House because disclosure of such 
testimony, evidence, or other matters would endanger National 
security or compromise sensitive law enforcement information. 
Is there any objection to the motion to close the hearing?
    Hearing none, the motion is agreed to and the subcommittee 
will recess briefly to move to a secure location to continue 
its business.
    [Whereupon, at 3:30 p.m., the subcommittee proceeded in 
closed session, and was subsequently adjourned at 5:55 p.m.]

                                 [all]