[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]




            TRANSPORTATION SECURITY: ARE OUR AIRPORTS SAFE?

=======================================================================

                                HEARING

                               BEFORE THE

                         COMMITTEE ON OVERSIGHT
                         AND GOVERNMENT REFORM
                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED FOURTEENTH CONGRESS

                             FIRST SESSION

                               __________

                              MAY 13, 2015

                               __________

                           Serial No. 114-27

                               __________

Printed for the use of the Committee on Oversight and Government Reform

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


         Available via the World Wide Web: http://www.fdsys.gov
                      http://www.house.gov/reform
                                   ______

                         U.S. GOVERNMENT PUBLISHING OFFICE 

95-252 PDF                     WASHINGTON : 2015 
-----------------------------------------------------------------------
  For sale by the Superintendent of Documents, U.S. Government Publishing 
  Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; 
         DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, 
                          Washington, DC 20402-0001
                                              
                      
                      
                      
                      
                      
                      
                      
                      
                      
              COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM

                     JASON CHAFFETZ, Utah, Chairman
JOHN L. MICA, Florida                ELIJAH E. CUMMINGS, Maryland, 
MICHAEL R. TURNER, Ohio                  Ranking Minority Member
JOHN J. DUNCAN, Jr., Tennessee       CAROLYN B. MALONEY, New York
JIM JORDAN, Ohio                     ELEANOR HOLMES NORTON, District of 
TIM WALBERG, Michigan                    Columbia
JUSTIN AMASH, Michigan               WM. LACY CLAY, Missouri
PAUL A. GOSAR, Arizona               STEPHEN F. LYNCH, Massachusetts
SCOTT DesJARLAIS, Tennessee          JIM COOPER, Tennessee
TREY GOWDY, South Carolina           GERALD E. CONNOLLY, Virginia
BLAKE FARENTHOLD, Texas              MATT CARTWRIGHT, Pennsylvania
CYNTHIA M. LUMMIS, Wyoming           TAMMY DUCKWORTH, Illinois
THOMAS MASSIE, Kentucky              ROBIN L. KELLY, Illinois
MARK MEADOWS, North Carolina         BRENDA L. LAWRENCE, Michigan
RON DeSANTIS, Florida                TED LIEU, California
MICK MULVANEY, South Carolina        BONNIE WATSON COLEMAN, New Jersey
KEN BUCK, Colorado                   STACEY E. PLASKETT, Virgin Islands
MARK WALKER, North Carolina          MARK DeSAULNIER, California
ROD BLUM, Iowa                       BRENDAN F. BOYLE, Pennsylvania
JODY B. HICE, Georgia                PETER WELCH, Vermont
STEVE RUSSELL, Oklahoma              MICHELLE LUJAN GRISHAM, New Mexico
EARL L. ``BUDDY'' CARTER, Georgia
GLENN GROTHMAN, Wisconsin
WILL HURD, Texas
GARY J. PALMER, Alabama

                    Sean McLaughlin, Staff Director
                 David Rapallo, Minority Staff Director
 James Robertson, Staff Director for Transportation and Public Assets 
                              Subcommittee
                Michael Kiko, Professional Staff Member
                        Melissa Beaumont, Clerk
                        
                        
                        
                        
                        
                        
                        
                        
                        
                        
                        
                        
                        
                        
                        
                        
                        
                        
                        
                            C O N T E N T S





                              ----------                              
                                                                   Page
Hearing held on May 13, 2015.....................................     1

                               WITNESSES

The Hon. John Roth, Inspector General, U.S. Department of 
  Homeland Security
    Oral Statement...............................................     6
    Written Statement............................................     8
Ms. Jennifer Grover, Acting Director, Homeland Security and 
  Justice, U.S. Government Acountability Office
    Oral Statement...............................................    20
    Written Statement............................................    22
Mr. Rafi Ron, President & CEO, New Age Security Solutions
    Oral Statement...............................................    37
    Written Statement............................................    39

                                APPENDIX

Timeline of OGR Interaction with TSA/DHS.........................    68
Statement of Rep. Connolly.......................................    69
Statement of TSA before the Comm. on Oversight and Government 
  Reform.........................................................    71

 
            TRANSPORTATION SECURITY: ARE OUR AIRPORTS SAFE?

                              ----------                              


                        Wednesday, May 13, 2015

                  House of Representatives,
      Committee on Oversight and Government Reform,
                                            Washington, DC.
    The Committee met, pursuant to notice, at 10:25 a.m., in 
room 2154, Rayburn House Office Building, Hon. Jason Chaffetz 
(chairman of the Committee) presiding.
    Present: Representatives Chaffetz, Mica, Duncan, Jordan, 
Walberg, Amash, DesJarlais, Massie, Meadows, DeSantis, Buck, 
Walker, Blum, Hice, Grothman, Palmer, Cummings, Maloney, 
Norton, Clay, Lynch, Connolly, Duckworth, Kelly, Lawrence, 
DeSaulnier, and Lujan Grisham.
    Chairman Chaffetz. The Committee on Oversight and 
Government Reform will come to order. Without objection the 
chair is authorized to declare a recess at any time.
    We have an important hearing today dealing with the TSA. 
Airport security is pivotal to our Nation's safety and 
security. We appreciate the thousands and thousands of men and 
women who serve at the TSA. I think they work hard. They are 
dedicated. They are committed. They don't know what they are 
going to see. We have an inordinate amount of guns that are 
still trying to be taken through airports, weapons of all 
kinds. It's a very difficult situation with literally tens and 
tens of thousands of security badges that are out there.
    We need to continue to have a good, vibrant discussion in 
this country about the safety and security of our airports and 
how to do that. And one of the things I like to say, and I've 
said it many times, and I'm sure I'll continue to say it is, 
we're different in this Nation in that we are self-critical. We 
do take a good, hard look at our security parameters and 
challenge the notion that the standard status quo is 
acceptable.
    One of the things that stuck out to me in the 9/11 report, 
the commission that came together, is that often government 
lacks imagination, where terrorists and would-be nefarious 
characters who want to do harm and provide mayhem, death, and 
destruction to the United States of America will often be more 
creative than our security personnel. And so to have this type 
of discussion, it's good that we hear a variety of 
perspectives. We have had some good work from the inspector 
general. We have had good work from the GAO. We have a good 
perspective from others who have had to deal with highly 
targeted areas such as Israel. And that's the type of 
discussion we have today.
    But it does require that we have a very good communication 
between the Congress and Homeland Security, specifically the 
TSA. We have had an exceptionally difficult time, exceptionally 
difficult time, getting information from the TSA on some very 
basic matters.
    One of the things, for instance, that we asked for, this is 
a blank, ladies and gentlemen, this is a blank form, a blank 
form, not filled out, a blank form that people are to use as 
they assess security. We asked to see a copy of it. We were 
allowed to see it in camera, but members here were not allowed 
to see that. And so we asked for a copy of it. This is what 
they give us, 100 percent redacted. This is a blank form that 
they will not even allow Congress to see. Now, if that's the 
type of cooperation we're going to get from the TSA, we're 
going to have some very difficult times.
    Now, we had invited Mr. Caraway, who is the acting 
administrator, to come before the Committee. At first we heard 
a variety of excuses. We needed more than 2 weeks. Then we had 
a big dustup because for weeks we had planned to do this, in 
fact, more than a month we had planned to do this. Felt that he 
as the acting administrator would be pivotal to this 
discussion.
    But Homeland Security objected to Mr. Ron's presence on the 
panel. They felt that it was demeaning, demeaning, to actually 
have the acting administrator sit on the same panel as a 
nongovernment witness. That's absurd. That's offensive. It's a 
waste of the Committee's time. It's a waste of Congress' time. 
We don't need two panels to have this discussion. We want to 
have one panel.
    Now, we had decided in a very bipartisan, mutual way, that 
cabinet level secretaries, if they come to testify before the 
Committee, will be the sole person to testify. If you're below 
a cabinet level secretary, we're not going to separate you out 
into your own panel. But the TSA, different than others that we 
have had--I would remind you that we have had a variety of 
other people come before this Committee who sit side-by-side 
with regular people from the outside, from the private sector--
and so unfortunately the TSA has refused, and Mr. Carraway has 
refused the Committee's invitation to appear before Congress.
    We have been working on this since the first part of April. 
They've had plenty of notice, and up until late, late, late 
yesterday, he was going to be here if it was a separate panel. 
But now because we are not going to waste this Committee's 
time, we are not going to waste members' time, they are not 
sitting here today, and we will have less of a hearing because 
of it. It's an embarrassment that they would do that. They made 
these decisions themselves, but that is not the way it's going 
to work around here.
    TSA had said, well, maybe we'll give you somebody else. 
It's not the TSA's decision as to who Congress calls to 
testify. That is not their decision. It is the decision of 
Congress to understand and to be informed by those that they 
invite before Congress. But that's where we find ourselves 
today.
    So with that I'm going to now yield to--I took a little 
extra time there with that explanation--but now I would like to 
now recognize the chairman of the Subcommittee on 
Transportation, Mr. Mica of Florida.
    Mr. Mica. Thank you. Thank you, Mr. Chairman, and the 
Ranking Member for holding this meeting. I think it's an insult 
to the Committee that TSA would not send the acting 
administrator to this panel with due notice. This is a very 
important oversight hearing. We spend about $7 billion a year 
now on TSA's activities. And if anyone takes time to read this 
report--we're going to hear from John Roth in a few minutes, 
the inspector general who produced this report--but every 
Member of Congress and people throughout the country should 
read this report.
    This report is an indictment of the failure of TSA, not 
just in one area, but in almost every one of their functions. 
It's supposed to be a multi-tiered transportation security 
system they set up; and in every aspect--just glance through 
the report--everything from passenger baggage screening and 
passenger screening, one indictment after another on systems to 
provide access for people who don't pose a risk, and we all 
support TSA PreCheck. They, in fact--and it's designed to 
expedite passengers who don't pose a risk. In fact, we find 
instances in which they failed to connect the dots and found a 
passenger who was a convicted terrorist, Sara Jane Olson--this 
is a press report--who went through TSA. Their system failed to 
find these people.
    The most important thing we're trying to do is find people 
who pose a risk. The TSA agent who saw her go through actually 
identified her because she was such a well-known terrorist from 
her picture. And then what is even more astounding is he went 
to a superior, and he actually authorized the expediting of a 
terrorist through this system. This is an outrageous history.
    And I have to say, the chairman is not Jason-come-lately. 
If you read further in the report, they talk about equipment 
purchases and the failure of buying. You have to have the best 
technology when someone comes through, not just an expedited 
system, but to see what they have that poses a risk, whether 
it's arms or now explosives and other devices that might harm 
us.
    Back in 2009 the chairman introduced legislation to 
restrict the purchase of some equipment that actually didn't do 
the job, and this is a press account back then, and he was 
thwarted. They ended up buying equipment--read the report, an 
indictment of buying billions of dollars worth of equipment 
that failed. They bought puffers that failed. They bought this 
Rapiscan equipment. And it's interesting, the history of it is 
also interesting that Linda Daschle represented one company--
people might be familiar with that name L-3, and then Rapiscan 
which the chairman had raised some questions about privacy 
issues and not using it.
    They went ahead and spent--they split the contract, a half 
a billion dollar contract between the two competing lobbyists. 
A half a billion for the equipment is one thing. Then it cost 
another quarter of a billion per set of equipment to install 
this stuff. But this is an indictment of even the remaining 
equipment. The Rapiscan the chairman had raised questions about 
had to be taken out, had to be taken out. But then on top of 
that, this report says the equipment they have, they can't 
maintain. They don't know whether it works or not, and they 
don't have people properly trained to run the equipment.
    This is a very sad day, and I can see why TSA did not want 
to show up today. They have 61,000 employees. They have 15,000 
administrators because we have a cap of 46,000 screeners. And 
this whole report outlines in each area, training,recruitment, 
acquisition of equipment, how they've failed. I see why that 
seat is empty today and TSA would not show their face to this 
Committee today. I yield back.
    Chairman Chaffetz. Thank the gentlemen.
    Chairman Chaffetz. I now recognize the Ranking Member, Mr. 
Cummings.
    Mr. Cummings. Thank you very much, Mr. Chairman, and I do 
thank you for calling this very important hearing. The 
Transportation Security Administration has an incredibly 
challenging mission. It has to strike just the right balance 
between passenger safety and passenger convenience. Everyone 
who has been to an airport in the past 15 years can relate to 
the frustration of waiting in long lines at security 
checkpoints.
    But after 9/11, we are painfully aware of the dangers we 
face on a continuing basis. The challenge of the TSA is to 
develop programs that maximize safety and convenience, programs 
that protect the traveling public without making their 
experience unbearable.
    Last year Congress directed TSA to increase the number of 
passengers enrolled in the PreCheck program. Under the program, 
travelers submit background information, criminal histories and 
fingerprints. This information is run against terrorist watch 
lists and criminal data bases. If these searches turn up no 
problems, passengers are given known traveler numbers, and that 
allows them to pass through expedited security lines with fewer 
restrictions.
    When Congress passed this law, it gave TSA specific 
targets. For example, Congress directed TSA to certify that 25 
percent of all passengers are eligible for expedited screening 
without lowering security standards, and that the agency has 
been working toward that goal. But, however, the inspector 
general and the Government Accountability Office have raised 
concerns about this process. For example, the current program 
relies on passengers to provide information about any new 
criminal convictions or similar information after they have 
enrolled in the program. In other words, the system relies on 
passengers to self-update.
    According to the inspector general, TSA should develop a 
system to conduct 24-hour recurrent vetting of PreCheck members 
against law enforcement and intelligence data bases. I know 
many people and many agencies have been working for years to do 
just that. I also understand how difficult it is to link 
various local State and Federal data systems. However, this may 
be one area in which our Committee can offer unique assistance, 
especially with our wide jurisdiction that cuts across all 
levels of government.
    GAO and the inspector general have also raised concern with 
the Managed Inclusion program. Under this program TSA officers 
identify passengers that are not enrolled in the PreCheck 
program and direct them to pass through the PreCheck security 
lanes if they appear to be low risk. TSA uses behavioral 
detection officers to identify passengers with low risk 
indicators, such as children and the elderly, and they also 
employ explosive trace detection and K-9 teams.
    GAO reported that although TSA has tested the individual 
pieces of the Managed Inclusion program, it has not tested them 
as a whole system. In addition, the inspector general 
recommended that TSA halt the Managed Inclusion program until 
technology can be developed to connect terrorist watch lists to 
individual airport security checkpoints.
    Another concern is perimeter security. One of our witnesses 
today, Mr. Rafi Ron, of the New Age Security Solutions, has 
flagged this as an issue that needs much more attention, 
particularly given the various entities that play a role in 
this process, including local airport police, airport 
operators, and TSA.
    After a 15-year-old hopped a fence at the San Jose 
International Airport, climbed into an aircraft wheel well, and 
traveled to Hawaii, the Associated Press initiated the 
investigation of perimeter breaches. AP reported that 
approximately 268 perimeter security breaches have occurred 
since 2004 in airports that handle three-quarters of the 
Nation's commercial passenger traffic. We're better than that. 
We're only as strong as the weakest link in our chain, so it is 
important to ensure that all of these issues are addressed. It 
is easy to simply criticize the agency, but it is much more 
difficult, and it takes much more effort to identify solutions 
to these problems and ensure that they are well-implemented.
    I want to thank Chairman Chaffetz for calling this hearing, 
and, Mr. Chairman, I agree; Mr. Carraway ought to be here. And 
as I said to you before the hearing began, we need to fix a 
date for him to come in so that we can hear from him. I know 
the chairman has focused on these issued extensively, and I 
want to thank him for all of his hard work in this area, and I 
also look forward to the testimony today; and with that I yield 
back.
    Chairman Chaffetz. I thank the gentleman.
    Chairman Chaffetz. I will hold the record open for 5 
legislative days for any members who would like to submit a 
written Statement.
    Chairman Chaffetz. But now will recognize our panel of 
witnesses. As I mentioned earlier, Mr. Melvin Carraway, Acting 
Administrator for the Department--of Transportation Security 
Administration at the Department of Homeland Security was 
scheduled to testify but has not arrived, has not shown up, has 
elected to not testify today, which was not an optional 
activity.
    We are pleased to have the Honorable John Roth, Inspector 
General for the Department of Homeland Security; Ms. Jennifer 
Grover, Acting Director of Homeland Security and Justice at the 
Government Accountability Office; and Mr. Rafi Ron, President 
and CEO of New Age Security Solutions, who also has extensive 
airport security work that he has personally participated in, 
in Israel.
    We welcome you all. Pursuant to Committee rules, all 
witnesses will be sworn before they testify, so if you will 
please rise and raise your right-hand.
    Do you solemnly swear or affirm that the testimony you are 
about to give will be the truth, the whole truth, and nothing 
but the truth?
    Thank you. Let the record reflect that all witnesses 
answered in the affirmative. In order to allow time for 
discussion, we would appreciate it if you would limit your 
testimony to 5 minutes. Your entire written record will be 
obviously made a part of the record. We're pretty liberal on 
your verbal comments, but try to keep it close to 5. And we'll 
start with you, Mr. Roth. You're now recognized for 5 minutes.

                       WITNESS STATEMENTS

              STATEMENT OF THE HONORABLE JOHN ROTH

    Mr. Roth. Chairman Chaffetz, Ranking Member Cummings, and 
members of the Committee, thank you for inviting me here to 
testify today about airport security issues. Each day TSA is 
required to screen about 1.8 million passengers and about 3 
million carryon bags at 450 airports nationwide. TSA faces a 
classic asymmetric threat. It cannot afford to miss a single, 
genuine threat without potentially catastrophic consequences. A 
terrorist, on the other hand, only needs to get it right once. 
TSA's 50,000 transportation security officers spend long hours 
performing tedious tasks that require constant vigilance. 
Complacency can be a huge problem. Ensuring consistency across 
DHS' largest work force would challenge even the best of 
organizations. Unfortunately, although nearly 14 years have 
passed since TSA's inception, we remain deeply concerned about 
its ability to execute its mission.
    Since 2004 we have published more than 115 audit and 
inspection reports about TSA's programs and operations. We have 
issued hundreds of recommendations to attempt to improve TSA's 
efficiency and effectiveness. We have conducted a series of 
covert penetration tests, essentially testing TSA's ability to 
stop us from bringing in simulated explosives and weapons 
through checkpoints, as well as testing whether we could enter 
secure areas through other means. Although the results of those 
tests are classified, and we would be happy to brief any Member 
or their staffs in a secure setting with regard to our specific 
findings, we identified vulnerabilities caused by human and 
technology-based failures.
    We have audited and reported on TSA's acquisitions. Our 
audit reports show that TSA faces significant challenges in 
contracting for goods and services. Despite spending billions 
on aviation security technology, our testing of certain systems 
has revealed no resulting improvement.
    We have examined the performance of TSA's work force, which 
is largely a function of who is hired and how they are trained 
and managed. Our audits have repeatedly found that human error, 
often a simple failure to follow protocol, poses significant 
transportation security vulnerabilities. We have looked at how 
TSA plans for, buys, deploys, and maintains its equipment and 
have found challenges at every step in the process. These 
weaknesses have real and negative impact on transportation 
security as well.
    Additionally, we have looked at how TSA assesses risk in 
determining expedited screening. We applaud TSA's efforts to 
use risk-based passenger screening because it allows TSA to 
focus on high or unknown risk passengers instead of known, 
vetted passengers who pose less risk. However, we have deep 
concerns about some of TSA's decisions about the level of risk.
    We recently assessed the PreCheck Initiative. As a result 
of that inspection, we concluded that some of the methods that 
the TSA used in determining risk are sound approaches to 
increasing the PreCheck population. But other methods, 
specifically some of TSA's risk assessment rules, create 
security vulnerabilities. Based on our review, we believe TSA 
needs to modify the Initiative's vetting and screening 
processes. Unfortunately TSA did not concur with the majority 
of our recommendations. We believe that this represents TSA's 
failure to understand the gravity of the situation.
    As an example of PreCheck's vulnerabilities, we recently 
reported that, through risk assessment rules, a notorious felon 
was granted expedited screening through PreCheck. The traveler 
was a former member of a domestic terrorist group and while a 
member was involved in numerous felonious criminal activities 
that led to arrest and conviction. After serving a multiple-
year prison sentence, the traveler was released. 
Notwithstanding the fact that the transportation security 
officer recognized the traveler based on media coverage, that 
traveler was permitted to use expedited screening.
    TSA has taken some steps to implement our recommendations 
and address security vulnerabilities. Nevertheless, some 
problems appear to persist. While TSA cannot control all risks 
to transportation security, many issues are well within their 
control. Sound planning and strategies for efficiently 
acquiring, using, and maintaining screening equipment that 
operates at full capacity to detect dangerous items, for 
example, would go a long way toward improving overall 
operations. Better training and better management of 
transportation security officers would help mitigate the 
effects of human error, which can never be eliminated but can 
be reduced. Taken together, TSA's focus on its management 
practices and its oversight of its technical assets and work 
force would help enhance security as well as customer service 
for air passengers.
    Mr. Chairman, this concludes my prepared Statement. I 
welcome any questions you or other members of the Committee may 
have.
    Chairman Chaffetz. Thank you. And thanks to you and your 
staff who spent a lot of time putting this information 
together. We do appreciate it.
    [The prepared Statement of Mr. Roth follows:]
    
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
    Chairman Chaffetz. Ms. Grover. You're recognized for 5 
minutes.

                  STATEMENT OF JENNIFER GROVER

    Ms. Grover. Good morning, Chairman Chaffetz, Ranking Member 
Cummings, and other members and staff. Thank you for the 
opportunity to discuss TSA's oversight of passenger and airport 
worker screening effectiveness.
    Screening systems must work properly to deliver the 
security protections that they promise. Over several years GAO 
has found weaknesses in TSA's oversight of its screening 
systems, raising questions about whether TSA is falling short 
in its ability to ensure aviation security. TSA has taken some 
steps to improve oversight of these systems, but additional 
actions are needed.
    Today I will focus on four areas. First, a Secure Flight 
program which matches passenger information against Federal 
Government watch lists to ensure that those who should not fly 
or should receive enhanced screening are identified. Second, 
AIT systems, which are the full body scanners that are used to 
screen passengers for prohibited items at the checkpoint. 
Third, the Managed Inclusion screening process which TSA uses 
to provide expedited screening to passengers who were not 
previously identified as low risk; and, fourth, criminal 
history checks done to vet airport workers.
    Regarding Secure Flight, we found in September 2014 that 
TSA did not have timely and reliable information about the 
extent or causes of system matching errors which occur when 
Secure Flight fails to identify passengers who were actual 
matches to the watch list. In response to our recommendation, 
TSA has developed a mechanism to keep track of the known 
matching errors, and they are considering methods to evaluate 
overall Secure Flight matching accuracy rates on an ongoing 
basis.
    Regarding AIT, we found in March 2014, that TSA did not 
include information about screener performance when they were 
evaluating AIT effectiveness. Rather, TSA's assessment was 
limited to the accuracy of the AIT systems in the laboratory. 
However, after an AIT identifies a potential threat, a 
screening officer must do a targeted pat down to resolve the 
alarm. Thus, the accuracy of the screeners in conducting their 
pat downs properly and identifying all threat items is key to 
understanding the effectiveness of the AIT systems in the 
airport operating environment.
    DHS concurred with our recommendation to measure AIT 
effectiveness as a function of both the technology and the 
screening officers who operate it but has not yet fully 
addressed the recommendation.
    Similarly, in December 2014, we found that TSA had not 
tested the security effectiveness of the Managed Inclusion 
system as it functions as a whole. As part of Managed 
Inclusion, TSA uses multiple layers of security, as you noted 
in your opening Statements, such as explosive detection devices 
and canines, to mitigate the inherent risk that's associated 
with screening randomly selected passengers in a system that 
was specifically designed for low-risk passengers. However, if 
the security layers are not working as intended, then TSA may 
not be sufficiently screening passengers. As you noted, TSA has 
tested the individual layers of security used in Managed 
Inclusion and has reported finding them effective, although GAO 
has raised concerns about the effectiveness of some of these 
layers such as behavior detection officers. At the time of our 
report, TSA was planning to complete testing of the Managed 
Inclusion system by mid-2016.
    Finally, regarding TSA's involvement in airport worker 
vetting, we found in December 2011 that the criminal history 
information available to TSA and airports for background checks 
was limited. Specifically, TSA's level of access to FBI 
criminal history records was excluding many State records. In 
response to our recommendation, TSA and the FBI confirmed that 
there was a risk of incomplete information, and the FBI has 
since reported expanding the criminal history records 
information that is available to TSA for these security threat 
assessments.
    In conclusion, TSA has made progress in improving its 
screening oversight such as by taking steps to understand the 
vulnerabilities in the Secure Flight program, and by working 
with the FBI to obtain access to more complete criminal 
background information. Yet more work remains to ensure that 
Secure Flight, AIT, and Managed Inclusion are working as TSA 
intends.
    Chairman Chaffetz, Ranking Member Cummings, this concludes 
my Statement. I look forward to your questions.
    Chairman Chaffetz. Thank you.
    [Prepared Statement of Ms. Grover follows:]
    
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
    Chairman Chaffetz. Mr. Ron, you are now recognized for 5 
minutes.

                      STATEMENT OF RAFI RON

    Mr. Ron. First of all, I would like to thank the chairman 
and the members of the Committee for inviting me to testify 
again before you. I have chosen to speak today not on passenger 
screening, as the other witnesses have referred to this in 
details, but rather go into what Mr. Cummings mentioned 
earlier, and that is the failure to deal with what I would 
describe as the airport facility security, which is an 
extremely important part of our airport and aviation security 
system.
    What I wish the Committee to understand is that the 
importance of perimeter security has to be measured against the 
threat of somebody being able to access an aircraft parked on 
the ground without knowledge, without detection. And in the 
case of a stowaway, as we have witnessed in the past, they 
tried to get--to take hide in the wheel well, but instead of 
that, certainly instead of 120 pounds of bone and flesh of a 
person, they leave behind a 2-pound device that will not be 
noticed.
    The measures that are being implemented today are simply 
unable to do that. So if I would put that into a nutshell, I 
would say that while we invest billions of dollars every year 
in screening passengers and at the same time we leave the 
perimeter, I don't want to say unattended, but I would say 
unattended to a satisfactory level. What we actually do is 
invest all our resources on the front door and leaving the back 
door open. But at the end of the day it is the same aircraft 
that we are trying to protect by the screening that would be 
harmed by a relatively easy access of individuals through the 
perimeter.
    So perimeter is certainly something that we have noticed in 
the past. It was discussed in this Committee, and I haven't 
seen a lot of development during the last few years despite the 
fact that it made a lot of headlines.
    The other subject that made it out of headlines lately, is 
the issue of the threat of the insider, or in other terms when 
employees become part of an operation, to carry out illegal 
activity that could be also translated into terrorist threat 
immediately. We saw the case in Atlanta. Although here in this 
case I have to say that TSA had responded to it rather quickly 
by increasing the background checks and the frequency of those 
checks. But as we just heard from the other witnesses, there is 
still an open question about the quality of the background 
check itself, whether that really provides us with the security 
that we need.
    And the third point that I'd like to refer to is the issue 
of how well do we protect the public and the employees at the 
airport against ground attacks as we witnessed a couple of 
years ago at LAX when an active shooter started shooting at the 
checkpoint and the security forces in the airport responded in 
a way that certainly can lead us to conclusions. There is a lot 
of room for improvement in this area.
    The common denominator of all these three points that I 
made is that none of them are related to passengers, and yet 
they are falling back, even in comparison with the quality of 
screening passengers, and that means that the reason for that, 
in my view, is that in 2001, when TSA was established, it was 
established both as an implementer of security, as well as a 
regulator.
    And I don't know any other example in government structures 
where an entity is actually regulating itself. There has to be 
a certain level of independence to the regulator, independence 
and authority, for the regulator to first of all, issue 
regulations that sometimes may not be comfortable for the 
implementer, but still have to be performed. And certainly when 
you look for the performance that doesn't meet the regulatory 
requirements but you are in charge of implementation, that's a 
conflict of interest, and I strongly recommend that the 
Committee will have a look at it and will consider a solution 
to that.
    And the last point that I'd like to make is that, when we 
look at police forces in airports around the country, we see 
the more or less standard law enforcement organizations as we 
meet in the city center. But we have to understand that at the 
airport, the police function, the police priority should be 
security and prevention rather than law enforcement and 
reaction. Because when a terrorist attack takes place, it's all 
over. There's very little that you can do except deal with the 
damages. If we talk about explosive devices, and even when we 
talk about active shooters, they are willing to perform better. 
And that certainly calls for a different type of airport 
policing.
    Airport police should be a dedicated, specialized force 
where the people are selected on the basis of their ability to 
perform those roles. They have to be trained and certified, and 
their certification has to be maintained. Exercises should be 
carried out on a regular basis, and at the end of the day, we 
have to make sure that the capability to prevent, or in cases 
where we need to respond, would be quick and effective. And 
this is not where we are today. Thank you very much.
    Mr. Mica [presiding]. Thank you, Mr. Ron, and all of the 
witnesses.
    [Prepared Statement of Mr. Ron follows:]
    
   [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] 
    
    Mr. Mica. We're going to move now to a round of 
questioning, and I'll start. First of all, what you just said 
was interesting. You said TSA tries to do everything, and there 
are very few models of this. I think only Romania, Bulgaria, 
and some Third World countries have that structure.
    And there should be some separation. The government should 
be in charge of security information, for example, getting the 
intelligence and preparing the list so even if you prepare a 
list, and you testified--well, first I'll let you respond. Am I 
correct in what I stated about the structure being flawed?
    Mr. Ron. Yes, you are correct.
    Mr. Mica. So that's something again the Committee--we never 
set it up to have TSA continue to operate this huge screening 
force. Never in our wildest imagination would we imagine 46,000 
screeners and 15,000 administrators. Stop and think about that. 
And, again, the report that has been released today, again you 
see why Carraway wouldn't show up. Just go over it. This isn't 
my findings.
    Are you fairly independent, Mr. Roth? You're the inspector 
general?
    Mr. Roth. I am, sir.
    Mr. Mica. Have you looked at this, and it's the whole truth 
and nothing but the truth? First thing, we conducted a series 
of covert penetration tests. I also asked the staff, many of 
the members are new. You have not participated in a closed 
briefing, you need to get a closed briefing and hear about the 
rate of failures. You will be appalled.
    It's appalling, the failure rate--you don't have to give 
any specifics that are classified, but it's an appalling 
failure rate. Right, Mr. Roth?
    Mr. Roth. We are deeply concerned----
    Mr. Mica. We have identified vulnerabilities caused by 
human and technology failures. We will set that up, in the 
Committee and Members of Congress. If audited TSA's 
acquisitions, point No. 2, the acquisition history is a 
complete fiasco. I cited the competing lobbyists and buying 
equipment that didn't work, people weren't trained for. And now 
the report back, OK, here's the GAO technology report, Ms. 
Grover, and you said in fact, you cited that some of the 
technology oversight in this report of March last year does not 
enforce compliance with operational directives. That's still 
the case, that TSA does not--in fact, I think from March 2011 
through February 2013, about half the airports with AIT systems 
did not report any IED checkpoint results. Is this correct?
    Ms. Grover. Yes, sir, that's correct and----
    Mr. Mica. And not much improvement according to what you 
found, Mr. Roth, on operation, training and auditing. Is that 
correct?
    Mr. Roth. That's correct.
    Mr. Mica. OK. The third point. These aren't my points. This 
is what he found. We have examined the performance of TSA's 
work force which is largely a function of who is hired and how 
they are hired and trained and managed. Still problems with 
recruiting. Right, Mr. Roth? Still problems with training, Mr. 
Roth?
    Mr. Roth. Correct.
    Mr. Mica. Still problems with managing. Right?
    Mr. Roth. Yes.
    Mr. Mica. And their responsibility in conducting audit and 
oversight within the system. Right?
    Mr. Roth. Yes.
    Mr. Mica. Audits have been repeatedly found of human error. 
And often a simple failure to follow protocol poses significant 
vulnerabilities. Is that your Statement, sir?
    Mr. Roth. It is, sir.
    Mr. Mica. OK. Let's go to the last one here. We have looked 
at how TSA plans to buy, deploy and maintain its equipment. 
Well, I read the history, people don't realize that the threat 
is very serious and ongoing and that the bad guys are one step 
ahead of us. Just look at the history. The shoe bomber, TSA 
never detected it. Right?
    Mr. Roth. Correct.
    Mr. Mica. The diaper bomber, never detected it. Right?
    Mr. Roth. Correct.
    Mr. Mica. The New York Times Square bomber, he bought his 
ticket on the phone, went to JFK and went through all the 
screening systems and was not stopped until he got on the plane 
and it wasn't TSA. Right?
    Mr. Roth. That's my understanding.
    Mr. Mica. OK. That's my understanding. But these are 
failures of this very expensive, $7 billion, 61,000 people, 
system. This is an indictment, and it's very concerning. The 
equipment failure is also very concerning because that's sort 
of your last line of defense. We have advanced imaging 
technology, and yet people are not trained to operate it or 
detect threats. Is that right, Mr. Roth? Is that what you 
found?
    Mr. Roth. We found significant human error.
    Mr. Mica. And the last thing is, these guys are smart. When 
the members and staff get the next briefing, the thing that 
concerns me is right now all these systems are pretty much 
metal or nitrate based. Is that pretty much an assumption, that 
they detect metal or nitrates for explosives?
    Mr. Roth. I can't testify about that.
    Mr. Mica. OK. Well, I can tell you that that is what they 
are. We tried to put in place a behavior detection system, 
which was a total failure. Other Committees have looked at how 
we did it. It's wrong. Israel does it, but Israel can profile. 
We can't profile. Israel can do other things that we can't do, 
and behavior detection as far as you're concerned and in one of 
these reports is a failure, too. That's looking at people, 
detecting behavior.
    Mr. Roth. Both the IG as well as GAO have done work on 
that.
    Mr. Mica. And then finally, some of the safeguards aren't 
in place for the passengers' PreCheck system and making sure 
that we eliminate people who pose a risk. That's still the 
case? Yes or no?
    Mr. Roth. Yes.
    Mr. Mica. That's still the case, Ms. Grover?
    Ms. Grover. Yes, sir.
    Mr. Mica. And what's most astounding is this particular 
individual I cited before, the woman, was so notorious that the 
TSA officer identified her by other pictures he'd seen of the 
terrorist, went to a supervisor, and she got not only a free 
pass, but expedited through TSA. That's a failure, is it not, 
Mr. Roth?
    Mr. Roth. Yes.
    Mr. Mica. Ms. Grover?
    Ms. Grover. Well, the system in that case actually worked 
as TSA intended for it to work. That's my understanding.
    Mr. Mica. But her data never came up because she was----
    Ms. Grover. She was not on the watch list.
    Mr. Mica. Exactly. Exactly. So that's where we need to get 
this information, people who pose the risk we can identify, go 
after them or stop them.
    Finally, the badge issue, the badge issue. Was it a couple 
of years that the TSA approved the badges at Atlanta where they 
gave badges out and didn't do the proper background checks. Is 
that right, Mr. Roth?
    Mr. Roth. We have done some work on that. In 2013, we had 
an audit where we found that the backlog was so great that TSA 
allowed airports simply to grant the SITA badges without a 
background check being done at the time.
    Mr. Mica. And of the items that was cited by Mr. Ron, one 
of the issues is people inside the system who pose a risk; the 
perimeter also he mentioned, which poses a risk that we don't 
have systems in place for; and then the outdated structure that 
we have where TSA tries to do everything and does nothing very 
well, which is well-documented by your report.
    Thank you, Mr. Roth. And I yield now to Ms. Maloney, the 
gentlelady from New York.
    Mrs. Maloney. I thank the panelists for your testimony and 
your work, and I thank the ranking member and chair for calling 
this important hearing. And I agree completely with the 
Statements of Mr. Roth when he said that the terrorist only has 
to be right once. We have to be right 100 percent of the time. 
We have got to stop them from coming through.
    I would say nothing is more important than protecting our 
people. And I will say that since 9/11, the New York City 
Police Department has documented well over 17 attempts to 
murder New Yorkers, and they have been thwarted through the 
combined efforts of all of law enforcement, including TSA, 
which is working every day to stop it.
    For some reason in our classified intelligence briefings, 
airlines continue to be a top priority for terrorists, a top 
target. They keep trying different ways. We hear it from press 
reports, your reports, and reports from airline stewardesses 
and captains of how they're trying to break the perimeter, how 
they are trying to get into the cockpit in different ways. And 
so I see this as a collective effort to fight back. It's not 
just TSA but all of us working with them to fight back.
    The PreCheck program, we also need commerce to work, and at 
first airlines were so backed up people weren't even flying 
anymore. I will say now that in New York the PreCheck program 
is a success. Now the PreCheck line is longer than the normal 
line. More people are in the PreCheck line than in the other, 
so many people are in it, which I think speaks well that we 
have processed a lot of people and made it more efficient.
    So I want to ask Ms. Grover, apparently 33 percent of the 
passengers now pass through PreCheck. Is that correct? About 
how many people are in PreCheck now, would you say?
    Ms. Grover. Well, the last data that I saw was almost half 
were receiving expedited screening in one form or another.
    Mrs. Maloney. Half were receiving it in one form or 
another.
    Ms. Grover. Right.
    Mrs. Maloney. That is a remarkable achievement from where 
you started. I see this also an effort in many ways we are 
trying to crack down also on terrorist financing. Many of the 
banks are complaining about having to do PreCheck or they have 
to validate every single one of their customers, and there's 
been some ideas about letting their system work with Homeland 
Security on combining a PreCheck list. They have to report, you 
have to report, on who's in PreCheck. I think that's a valuable 
new tool that we could look at in making it more efficient and 
also stopping more people. And I wonder, Ms. Grover, what you 
think about that, and I have a proposed outline of a pilot 
project in that area that I'd like you to look at and have your 
department get back to us.
    Ms. Grover. Thank you. We would be happy to do that. Right 
now the background check for individuals who sign up for 
PreCheck are conducted by TSA, and it includes a criminal 
background check, a check on immigration status, and a third 
aspect of the check, and that's against the terrorist screening 
data base. And so I'd be interested in talking with your staff 
about the specific work you'd like to do in terms of 
opportunities to expand that.
    Mrs. Maloney. Well, there are other units in our country 
that are also doing background checks, so if we could compile 
them together and make it more efficient and knowing who these 
people are and increasing our ability to keep the bad people 
out of New York or out of the country, out of the country 
period. But as one who represented many people, many families 
who perished on 9/11, it's an issue of grave concern to me. And 
when we created this whole system of review at airports, it was 
hotly debated whether it should be private or government, and 
many believed that our police and fire, who are charged in 
protecting us, are government. And TSA has the same level of 
importance in protecting our people and are now a huge target 
area which continues for some reason, airlines. I believe it 
should remain a government function. It's too important, 
protecting lives of citizens. There is a movement in Congress 
to privatize it. I'm opposed to that. I believe it would weaken 
the system, not strengthen it.
    But I welcome this hearing of ideas of how we can 
strengthen this very important program. But the bottom line, we 
haven't had another tragedy in a long time. When was the last 
time we had--we had many attempts--but when was the last time 
there was a terrorist attack that was successful on the 
airlines? Ms. Grover.
    Ms. Grover. Well, I guess the 2009 attack would probably be 
the last significant one.
    Mrs. Maloney. And what happened in 2009?
    Ms. Grover. And that was an attempt to take down an 
airline. It was the gentleman that was bringing explosives on 
to the plane, and that was stopped on the plane. And in 
response to that, TSA put additional systems in place to be 
able to detect nonmetallic explosives, and they also started 
expanding the watch lists. But as part of our work we have 
found that there are weaknesses in the ability of the current 
systems to be able to identify even all of the people who are 
on the watch list. In fact, there are still errors in that. We 
also have work that has exposed weaknesses in the AIT systems 
and TSA's knowledge of how well they work; so there is still 
work to be done.
    Mrs. Maloney. Well, it's a work in progress, and the bottom 
line, it was stopped. And so we join you in your efforts, and 
thank you for your testimony. My time is expired. Thank you.
    Mr. Mica. Thank you. Mr. Walberg.
    Mr. Walberg. Thank you, Mr. Chairman. Mr. Ron, why do you 
believe preventing perimeter breaches should be a top priority?
    Mr. Ron. Sir, would you repeat the question?
    Mr. Walberg. In your testimony you mentioned perimeter 
breaches. You mentioned a wheel well situation, but why do you 
believe perimeter breaches should be a top priority?
    Mr. Ron. Because at the end of the day, everything that we 
do at the checkpoint can be boiled down to the need to prevent 
a passenger from bringing an explosive device or a weapon that 
will allow an attack against the aircraft, the flying aircraft. 
The same target can be achieved simply by breaching the 
perimeter. The problem with breaching the perimeter is that--we 
have reports about 230-something cases that the Associated 
Press reported lately, but those are the cases that we know 
about.
    Keep in mind that most airports around the country do not 
have a detection system on their perimeter, and therefore one 
could enter and leave the airport without leaving any traces. 
There's no systematic way to prevent that. And if at the end of 
the day that leads to the same result that we are trying to 
prevent at the checkpoint, I would consider it as being 
critical.
    Mr. Walberg. Kind of negates all the effort then. Do you 
think that TSA is taking theinsider-outsider threat seriously?
    Mr. Ron. I think that the fact that there's a division 
between Federal responsibility and local responsibility. It 
leads to the failure to upgrade standards on perimeter 
security. While when it comes to a direct responsibility and 
implementation responsibility of TSA, we see all the resources 
available, and the screening operation takes the major, almost 
all of TSA's operational budget. When it comes to perimeter 
security, it is expected that the airport will take care of 
that. The airport doesn't have neither the manpower to do that. 
The number of police officers is too short for that.
    The ability to invest in a detection technology around the 
perimeter, which doesn't come cheap, is also very limited. If 
in the past, and I have referred to prior to 9/11 when FAA was 
the regulator, only the regulator, and it also controlled the 
AIP program which provides grants to airports for improvements, 
security was part of it. Now the security is not very much a 
priority for FAA because it has pushed toward a DHS court. The 
idea of funding those, the necessary steps, is falling between 
the chairs.
    Mr. Walberg. So the coordination is out of whack as well 
with the resources. Let me just move on. I'm asking each of you 
to respond to this question. Do you believe TSA overprescribes 
technological solutions and fails to think creatively about 
airport security?
    Mr. Ron. Yes, I do. I think that basically we do not pay 
enough attention to the passenger himself. The fact that we 
have started implementing steps in that direction, like 
PreCheck, should be welcome, although we need to carefully look 
carefully at what is being done as was suggested here earlier. 
But I think it is a step in the right direction. I also think 
that behavior detection is a part after it, but obviously I 
have a dispute on that with some of the other witnesses here.
    Mr. Walberg. Ms. Grover, could you respond?
    Ms. Grover. I would answer your question by saying that I 
think TSA is overemphasizing getting the programs up and 
running and underemphasizing evaluating their effectiveness, 
regardless of whether we're talking about technology solutions 
or other solutions.
    Mr. Walberg. Are we looking imagination and creativity?
    Ms. Grover. You know, TSA is open to different options, and 
they put different strategies in place; but creativity is not 
helpful if TSA doesn't have evidence to show it works.
    Mr. Walberg. Mr. Roth.
    Mr. Roth. Just briefly, yes. I believe that the best 
technology solutions in the world, if the work force is not 
trained to use them, does not follow the protocols that they're 
supposed to use, is useless.
    Mr. Walberg. I guess my concern is as I've traveled through 
Detroit and Washington most generally, I see TSA agents 
attempting to perform their functions in most cases with 
courtesy, doing their jobs as it's clear they have been told to 
do. But I just wonder if there aren't some great ideas that 
could come from TSA agents themselves that people like Mr. 
Carraway and others aren't willing to listen to or aren't given 
time to listen to, on how to deal with our passengers and our 
security risk, which includes the perimeter. Because they hear 
about it just like us and know for a fact that all that they've 
done at the PreCheck line or the general line can be taken out 
of any type of positive results simply because we haven't 
looked at all the places we could go.
    So thank you for your testimony. I see my time is expired. 
I yield back.
    Mr. Mica. Mr. Lynch, you're recognized.
    Mr. Lynch. Thank you, Mr. Chairman. Mr. Chairman, if I 
could just ask, I know that because of the scope and depth of 
the problem here, Mr. Carraway's attendance here would be very, 
very important. I'm just wondering if the Committee has any 
plans to subpoena him, Mr. Chairman?
    Mr. Mica. I honestly don't know. I discussed that with the 
staff before----
    Mr. Lynch. Can I yield to the ranking member?
    Mr. Cummings. What was the question?
    Mr. Lynch. Well, the fact that--I mean, we got some wide 
problems here, from perimeter security to people that are on 
the PreCheck list that are felons, and it's a pretty wide gap 
in our security. And Mr. Carraway's attendance would be 
extremely important to us, and I'm just wondering, are we going 
to get him in here because a lot of my questions are for him?
    Mr. Mica. Same here. Oh, you yielded.
    Mr. Lynch. I did want to ask the ranking member.
    Mr. Cummings. Chairman Chaffetz and I did discuss this. He 
was trying to avoid a subpoena. What we were going to try to 
work out--and I mentioned it a little bit earlier in my 
opening--I agree, we really do need Carraway here, and so I 
asked the chairman to set a date certain for him to come in so 
that we can get him in here to ask questions, because you're 
absolutely right.
    Mr. Mica. I would agree with Mr. Lynch, if you would, you 
asked me in the beginning. We talked about it with the 
chairman, and I would be supportive of a subpoena if necessary.
    Mr. Lynch. If it's needed, I just want to voice my support 
for that as well. And the fact that the gentleman is not here 
sort of feeds into the whole narrative here that we have a 
bureaucracy that's not really responding to the problem that's 
out there. But I do want to thank the witnesses who are here. 
That should not diminish your attendance. I appreciate your 
valuable testimony. It's already been helpful.
    As I said, we have got some major gaps in security. There 
have been several notable security breaches. I note that on 
September 14, 2013, a TSA employee was arrested along with five 
others for participating in a scheme to smuggle undocumented 
immigrants into the United States.
    Additionally, two airline employees were arrested in 
December 2014 for smuggling weapons, guns and ammunition, on at 
least 20 flights from Atlanta to New York over an 8-month 
period. And two TSA security screeners at San Francisco 
International Airport were also arrested in March 2015 for 
allegedly operating a drug-smuggling conspiracy. In addition, 
on March 9 there was a report that was in the press. I believe 
NBC had a story about these 1,400 badges that were--and these 
were security badges for employees to access secure areas. They 
had gone missing over roughly 2 years. That was at the 
Hartsfield-Jackson Atlanta International Airport.
    And as well, in the city of Boston, there's closing 
arguments today on the death penalty question for one of the 
Marathon bombers; and the brother who is now deceased, was 
missed. He actually left the United States, left Boston. Went 
to Dagestan. We had a report from the Russians to our security 
offices, the FBI and the CIA, to alert them that he had been 
engaged in alarming behavior, contacting terrorist groups in 
Chechnya or Dagestan. And he was on the TIDE list, 700,000 
names.
    So this is widespread. Mr. Roth, you've done a great job in 
terms of authenticating some of the gaps here, but do we need 
to give you more power to actually try to address some of this 
stuff? There seems to be a division of labor here between the 
airports and the TSA in terms of whose responsibility it is to 
set these security protocols?
    Mr. Roth. It is a massive job. When you talk about the 
number of SITA badges that are out there. For example, in 2012, 
we reported that there were 3.7 million badges for secured 
areas, so the idea of trying to keep that secure with that 
size, 450 airports across the country, it's just a massive job; 
50,000 TSOs, 46,000 transportation security officers. We have 
initiated a number of criminal investigations against 
individuals, which is I think typical any time you get a work 
force that size who has that responsibility, so it is a massive 
job.
    Mr. Lynch. Is there a lot of turnover among these TSOs, 
transportation security officers?
    Mr. Roth. I have not looked at that. I'm not sure if GAO 
has looked at that or not, but I'm not sure.
    Mr. Lynch. Well, I actually think a lot of the things we 
need to talk about probably are going to have to take place in 
a classified briefing unfortunately, so I won't waste any more 
time. So I look forward to that opportunity. Thank you. I yield 
back.
    Mr. Mica. Mr. Grothman.
    Mr. Grothman. Thank you. I have just have a couple 
questions. First of all, you said before, how many supervisors 
do you have as part of TSA?
    Ms. Grover. So I'm not sure exactly how many supervisors 
there are, sir. That would be a better question for TSA.
    Mr. Grothman. OK. None of you up there would even have an 
opinion?
    Mr. Roth. We have not looked at that policy.
    Mr. Grothman. OK. When you review or when you audit them, I 
have heard from TSA agents that they feel that there's some 
overstaffing going on here. Do you concur with that, or do you 
feel there is? Or do you think they're trying to do what they 
can to kind of tighten things up a little?
    Ms. Grover. So we haven't looked specifically at the 
question of whether or not there is too much in the supervisory 
area. But we did do a report in 2013 that looked specifically 
at the issue of misconduct and found that there were about 
9,600 misconduct cases that were adjudicated by TSA over a 3-
year period, and at that point the total personnel was about 
56,000.
    Mr. Grothman. How many?
    Ms. Grover. Total personnel was about 56,000 I believe at 
that point, and so I would say there is certainly a need for 
some supervision.
    Mr. Grothman. OK. Could you give me, rattle off like the 
three major causes of doing things wrong, and misconduct?
    Ms. Grover. Sure. The largest category of misconduct was 
attendance and leave issues, so essentially being absent from 
work without prior approval or extensive tardiness. The second 
category of misconduct was screening and security errors. That 
counted for a full fifth, 20 percent of those roughly 10,000 
misconduct cases; and those would be instances where the SOPs 
were not followed, such as screeners allowing individuals or 
their bags to bypass screening or where TSOs were bypassing the 
equipment check, so those are types of misconduct cases that 
could lead to a degradation of security.
    Mr. Grothman. So collectively you feel, if anything, they 
ought to be tightening things up a little bit more?
    Ms. Grover. I don't know if that necessarily translates to 
a need for additional supervisors.
    Mr. Grothman. Oh, no, no.
    Ms. Grover. But certainly, yes, there is room for 
addressing those issues.
    Mr. Grothman. OK. Well, different people have opinions on 
that, but thanks. I will yield the rest of my time.
    Mr. Mica. Thank you. Just on your time. Now, the figures we 
have are that there were 61,000 TSA personnel, that's the 
latest that I had. And we had a cap of 46,000 screeners, so 
which leaves you with about 15,000 people who are not 
screeners; is that correct? And we had just under 4,000 people 
in Washington, DC. within the close proximity making on average 
$104,000 apiece, pretty hefty overhead, wouldn't you say?
    Ms. Grover. Thank you, sir. I am not familiar with the 
exact numbers. Those sound right to me.
    Mr. Mica. Those are pretty close. But we've built a huge 
bureaucracy, never intended it to be that way, and we've got to 
get it under control, better managed, whether it's training, 
acquisition of equipment, performance, the passenger 
facilitation systems that don't work, a lot of deficits.
    And then Mr. Ron mentioned the issues of perimeter 
security, I just visited an airport this past week in 
Knoxville, and looking at their vulnerabilities, but you can 
take any airport and just, whether it is LaGuardia where you 
can get a little rubber raft and end up on the runway, or any 
major airport in the country is easily penetrable by their 
perimeters, some of the issues you raised, Mr. Ron.
    Let me conclude--I yield back your time. You have the----
    Mr. Grothman. Just one question.
    Mr. Mica. You have the time.
    Mr. Grothman. A few years ago they instituted these new 
things to see through you or whatever, they were kind of 
controversial at the time. Have you ever thought about 
restricting their use or could you just comment in general on 
them?
    Mr. Roth. What you're referring to are what's called the 
AIT machines, which is Advanced Imaging Technology machines, 
where you have to sort of put your hands up and then the things 
go. We are doing some covert testing on that as we speak. We'll 
write a classified report with regard to that. Early returns 
give us some concern.
    Mr. Grothman. Concern of what nature?
    Mr. Roth. Whether they are effective.
    Mr. Grothman. Good, maybe you won't need them.
    Mr. Mica. Well, I might point out just for the record 
that--and I pointed it out at the beginning, I don't know if 
you were here, sir, but the acquisition of that equipment was 
very controversial, and Mr. Chaffetz objected to them buying 
some of the equipment that was--what he felt violated people's 
rights. They went ahead and split the contract, as I mentioned, 
between Mr. Chertoff's client, which was Rapiscan, and then 
between L3, which was Nastachel, a half billion dollars worth 
of contracts split evenly. They ended up the Rapiscan could not 
be changed so that it wouldn't violate people's privacy and 
those--that equipment after being installed was pulled out.
    So we've been through that three-ring circus, now that this 
report focuses on the deployment of some of that equipment, for 
example the advanced imaging detection which is millimeter 
wave, where you put your hands up. And we have problems with 
maintaining the equipment, operating the equipment, auditing 
the performance of the equipment all outlined by these 
witnesses.
    Mr. DeSaulnier, the gentleman from California is 
recognized.
    Mr. DeSaulnier. Thank you, Mr. Chairman. Let me begin by 
opening comments recognizing the enormity of the 
responsibilities that you have and assuming there have been 
many successes. But Mr. Roth, I wanted to talk about really two 
subject areas, and Mr. Ron, the second part is the perimeter 
given that I'm from the Bay Area and we've had a lot of news 
coverage on that case and other cases.
    But Mr. Roth, you mentioned in your opening comments that 
complacency is a huge problem and that human error is too 
common and basically it's--the human error is simply to follow 
protocol. And also you mentioned that you have to be--TSA has 
to be right every time and a terrorist only has to be right one 
time. So we have lots of examples in proper quality assurance 
in different fields, in similar situations, at hospitals or 
industrial facilities. Is there a basic--or maybe Mr. Ron knows 
this or Ms. Grover, a basic management tool when you have these 
kind of situations to make sure that complacency isn't the 
order of the day?
    Mr. Roth. I think it is severalfold. You know, one is 
oversight, TSA itself has what they call I think red teams, 
which go in and do testing on systems and individuals to ensure 
that they get it right. We obviously do covert testing as well. 
And then I think it is it is a matter of training. As in the 
military, if there is a training culture that you do a certain 
protocol the same way every single time, then you're going to 
at least lower the incidence of human error.
    Mr. DeSaulnier. So that's not sufficient in this instance, 
is that your view?
    Mr. Roth. The results that we have found have shown that 
there is room for improvement.
    Mr. DeSaulnier. Is there in your view misprioritization? 
Should there be more emphasis on this as opposed to technology?
    Mr. Roth. I think there needs to be more of an emphasis on 
training, yes.
    Mr. DeSaulnier. Mr. Ron, your comment about very alarming 
that we put a lot of emphasis on the front door, but the back 
door is wide open, and given your comments and your experience 
both in Israel and Massachusetts, are there best practices both 
on a low-threshold cost, sort of a medium and higher level? 
Because you also mention basically we don't have the resources 
to do the higher level.
    Mr. Ron. Thank you. I think that one thing that I find 
missing at the base is the lack of comprehensive approach to 
the challenges of aviation security. We are defining the 
relatively narrow angles and we take care of those angles, but 
sometimes we miss the wider picture.
    I think again that perimeter security is a perfect example 
for that, because while we're trying to prevent exactly the 
same event on one side of the operation we invest a lot and on 
the other side of the operation we allow the situation to 
remain as poor as it is for many years, despite all the red 
lamps that they blink at us.
    Mr. DeSaulnier. So in your previous experience you had to 
balance your resources, your funding with the risk assessment. 
Are we doing that sufficiently in this instance?
    Mr. Ron. Yes, I think that risk assessment is an ongoing 
process. It has to be part of our operation continuously. It 
needs to be present all the time. It has to be done at every 
level. So when we talk about passengers, for example, there's 
room for individual risk assessment per passenger in order to 
identify the of level of risk of that passenger. I think that 
the criminal background check is not enough. For that----
    Mr. DeSaulnier. I was speaking more about in relationship 
to the front door to the back door. Are we putting enough? Is 
this a proper risk assessment that we should put more in the 
front door and not on the back door? You implied in your 
opening comment that we weren't.
    Mr. Ron. Yes, my answer is reasonable for that as well, 
yes.
    Mr. DeSaulnier. Ms. Grover, do you care to comment on 
either the complacency problems or the perimeter problems?
    Ms. Grover. Yes, sir. In earlier work that we did looking 
at perimeter security issues, what we found is that TSA had not 
been able to do a complete risk assessment because they weren't 
sufficiently assessing the vulnerability of different airports. 
They have since made steps in that area and we do have a review 
underway now to look at that issue.
    The other thing, the other issue that I would raise to TSA 
is a question about whether or not they are making adequate use 
of the data that they have. They do require airports to report 
all incidents to TSA, but when we looked at that data set 
previously we found that it wasn't organized or reported in a 
way that TSA could specifically identify how many of those 
incidents were related to perimeter or access breaches. Again, 
they have made some changes and so we'll be able to report back 
in the future on whether they are able to analyze that data.
    Mr. DeSaulnier. Thank you. Thank you, Mr. Chairman.
    Mr. Mica. I thank the gentleman. Mr. Hice is recognized.
    Mr. Hice. Thank you, Mr. Chairman. This past February NBC 
News reported that over 1,400 security badges were missing in 
Hartsfield-Jackson Atlanta International Airport just over the 
last 2 years alone. Mr. Roth, could you briefly explain how TSA 
responds when some of these security badges turn up missing?
    Mr. Roth. We are doing some ongoing review of TSA's 
security controls, so my answer will be preliminary, but my 
understanding based on my conversations with TSA officials is 
once a badge goes missing, it is turned off. So this has to be 
sort of a two-factor authentication, you have to take the badge 
and swipe it to be able to enter secure areas.
    The difficulty of course is this idea of piggybacking, 
somebody else opens the door and you walk through, or other 
ways to be able to gain access to these secure areas. And that 
is the whole challenge behind these access badges, right? If 
you work in a McDonald's at the airport, you get a badge, and 
then you quit the next day and you still have that badge. And 
it's incumbent on the airport to report that to TSA so that 
badge gets turned off, and it is a vulnerability.
    Mr. Hice. So you would say that the responsibility rests 
then with the airport, not with TSA?
    Mr. Roth. It is a joint responsibility, as I understand it.
    Mr. Hice. Right, it ought to be a joint responsibility. And 
the airport--Atlanta airport was just the only airport 
reporting on that particular study, 1,400 badges missing in 2 
years. How many would there be across the entire Nation?
    Mr. Ron, just a yes or no type question regarding this, 
would you consider 1,400 just out of one airport security 
badges showing up missing a major security breach and a 
potential problem?
    Mr. Ron. Well, obviously it is a matter of proportions. 
Atlanta is one of the largest airports in the country and I 
assume that the number of badges that they issue is larger than 
most airports around the country, and I do not know what is the 
percentage, but I would say that every airport the worldwide 
that I know suffers from that problem.
    Mr. Hice. OK, my question, is this a security threat of 
significance that needs to be looked into, yes or no?
    Mr. Ron. It is, it is.
    Mr. Hice. OK, all right. That's--because obviously we've 
got a major problem here. We've got badges that are missing, 
stolen for whatever reason, but to the tune of thousands across 
the country. And what I'm hearing from you, Mr. Roth, is 
there's really no--at least to your awareness--no policy to 
deal with this. And yet we've got a major potential security 
breach going on here of insider threats, really.
    Assess the, real quickly, the vulnerability of insider 
threat?
    Mr. Roth. Well, if you have access to secure areas, that 
means you have access to the aircraft, the dangers there I 
think are self-evident.
    Mr. Hice. All right. Let me go back to another situation in 
Atlanta, Mr. Roth, and I'll just continue with you. As we all 
know, there was a gun smuggling insider ring at the Atlanta 
airport that was discovered this last December. To your 
knowledge, has there been any changes in security checks and so 
forth since that gun smuggling ring was discovered?
    Mr. Roth. As I said, we're in the middle of an audit of 
this exact problem, so unfortunately I can't give you a 
complete answer as I sit here today.
    Mr. Hice. Should there be changes?
    Mr. Roth. Oh, absolutely.
    Mr. Hice. All right. What changes would you suggest?
    Mr. Roth. Well, at this point I think I'd have to defer 
until we get our audit completed so we can make recommendations 
to TSA, first figure out what it is that we find and then make 
recommendations that make some sense.
    Mr. Hice. All right. What kind of--what needs to be done 
with verifying that those who have security badges do not have 
a criminal history?
    Mr. Roth. We are about to come out with a report with 
regard to that, to check the TSA's efficacy on doing criminal 
background checks. And I know GAO has done some work on that in 
the past.
    Mr. Hice. How many background checks are there?
    Mr. Roth. Well, there would be one for every TSA employee 
who has a SIDA badge. So----
    Mr. Hice. OK. So in that scenario, there would be one 
background check. Is there anything to protect the public from 
one of these individuals getting involved in criminal activity 
after they have already had the initial check?
    Mr. Roth. No. And you know, we have a number of 
investigations that are set forth in my testimony in regard----
    Mr. Hice. Should there be?
    Mr. Roth. Well, absolutely there needs to be vigilance or 
criminal investigative presence against the TSA employees.
    Mr. Hice. I would ask you please to report back to our 
office on this type of thing. I would very much appreciate it.
    Mr. Roth. Absolutely.
    Mr. Hice. Thank you.
    Mr. Mica. Thank the gentleman.
    Mr. Clay.
    Mr. Clay. Thank you, Mr. Chairman, thank you, Ranking 
Member Cummings for conducting this hearing. I appreciate the 
efforts to streamline the security screening process for low-
risk individuals and shift focus to those who are deemed at 
higher risk. My understanding is that all airline passengers 
are compared to Federal Government terrorism watch lists 
through the Secret Flight program. Ms. Grover, is that correct?
    Ms. Grover. Yes, sir, that's correct.
    Mr. Clay. OK. But only individuals enrolled in the PreCheck 
Program are also checked against other law enforcement lists 
such as immigration and criminal data bases; is that correct?
    Ms. Grover. If they apply for PreCheck, then yes, then they 
are checked against the criminal background information.
    Mr. Clay. And the PreCheck program requires individuals to 
self-report any new criminal activity or convictions after they 
are enrolled. In other words, individuals have to self-report 
any new crimes; is that correct?
    Ms. Grover. Sir, I'm not actually sure if that's true for 
PreCheck. I do know that's the case for the aviation workers at 
the airport, that there is no followup background check, and I 
believe the same thing applies to PreCheck as well.
    Mr. Clay. Mr. Roth, does this self-reporting requirement 
pose a potential security risk?
    Mr. Roth. It does. And in fact, in the PreCheck program it 
does require self-reporting, there is no continuous pinging of 
the criminal justice system to figure out whether, you know, if 
I apply for PreCheck and then I get convicted of a crime a year 
later my PreCheck is still good for 5 years. If I don't report 
that to TSA, TSA is not going to know about it.
    Mr. Clay. Any idea of how many have self reported?
    Mr. Roth. I don't have that information.
    Mr. Clay. Ms. Grover, any idea?
    Ms. Grover. No, sir.
    Mr. Clay. OK. Ms. Grover, GAO's recent report identified 
instances in which Secure Flight did not accurately identify 
passengers on government watch lists; is that correct?
    Ms. Grover. Yes, sir, that's right.
    Mr. Clay. What were GAO's findings with regards to the 
ability of Secure Flight data appropriately designating 
individuals at low risk?
    Ms. Grover. So the Secure Flight system, the first thing 
that it does is it's used to identify individuals who are on 
the watch list. And we know that sometimes that there are 
errors there, that Secure Flight doesn't always identify people 
on those high-risk watch lists. So after that set of 
identifications is done and those people are tagged, then the 
remaining passengers are also screened to see if they are a 
known low-risk traveler, and that's the way that they are then 
identified for PreCheck.
    And then there's another tier where there's some automated 
assessments done where people can get additional PreCheck, 
that's how come sometimes PreCheck shows up on your boarding 
pass even if you haven't signed up for it in advance.
    Mr. Clay. What measures can be taken to ensure that Secure 
Flight accurately assesses the risk level of all passengers?
    Ms. Grover. We've recommended that TSA should have a new 
performance measure in place so that they can keep track on an 
ongoing basis of how well Secure Flight is doing actually 
identifying everyone on those Federal watch lists. And they are 
working on it, but that is not in place yet.
    Mr. Clay. Then how do you keep from I guess stereotyping or 
profiling travelers? I mean, what are the precautions put in 
place to not do the profiling?
    Ms. Grover. Well, that issue would be most relevant, say, 
at the airport when individuals are being selected, say for 
Managed Inclusion. And the TSOs are supposed to use like iPads 
that have randomizers in there, so there should be some 
protection from profiling there. But there have been questions 
raised about the behavior detection officers over many years 
about whether profiling could be factoring into their 
decisions, and they are part of that Managed Inclusion process.
    Mr. Clay. OK. Mr. Roth, you made 17 recommendations to TSA 
in your March report, and many of them dealing with the ability 
of the PreCheck initiative to effectively assess risk level of 
the individual. Can you briefly walk through the areas you see 
as needing improvement?
    Mr. Roth. Unfortunately most of those are either sensitive 
security information or classified, so it is difficult to talk 
about them. But we have made recommendations that TSA really 
needs to rethink how it is that they use the risk assessment 
rules. They have largely disagreed with our recommendations.
    Mr. Clay. That's unfortunate. Thank you all for your 
responses. And Mr. Chairman, I yield back.
    Mr. Mica. You have 9 seconds, if I could have them.
    Mr. Clay. Sure, I yield.
    Mr. Mica. Just a couple of points. You testified that the 
employees--well, first of all, they are not checking the 
backgrounds before they are employed, that's part of your 
finding--and the worst instance was Atlanta. Then they are not 
checking afterwards. In other words, there is not a check if 
they appear on some criminal list or watch list afterwards 
that's correct on employees.
    And then I wanted to know about PreCheck. Is there any 
going back and checking people after they've been cleared for 
PreCheck? I know in Israel they control whoever gets sorted to 
PreCheck, and then they are always reexamining those 
individuals and the information is brought in, and they can 
stop the pass or access from the information that is 
concurrently and continuously being examined. Tell us about 
PreCheck and employees.
    Mr. Roth. My answer, Mr. Clay, was referring to the 
PreCheck employees, that there was no recurrent vetting and it 
required sort of a voluntary disclosure. I'm not sure about the 
employees.
    Mr. Mica. Do you know?
    Ms. Grover. So with respect to PreCheck enrollees, the only 
recurrent check is that they would be checked against the 
Federal watch list every time, but not for criminal background. 
And as far as aviation workers, it's basically the same thing. 
They are checked regularly against the Federal watch lists. 
Although TSA has recently announced that they are going to 
start redoing criminal background checks every 2 years. I don't 
know if that's in place yet.
    Mr. Mica. OK. Thank you. Mr. Duncan.
    Mr. Duncan. Well, thank you, Mr. Chairman. And I apologize 
to the panel because I've been at another hearing and I'm 
trying also to meet with constituents, but I did want to ask 
about something in Mr. Ron's testimony that really stood out to 
me. You say although most aviation employees are honorable, 
hardworking Americans, recent reports indicate serious problems 
that range from firearms and so forth and so on. And so what is 
particularly troublesome is that the crimes are rarely the 
actions of an isolated individual, and networks of employees 
are flaunting the law and bypassing security for their personal 
motives. Such individuals are very susceptible to terrorist 
influences and so forth.
    Now, I know that a lot of times with this 24-hour news 
cycle, we're almost sensationalizing even minor incidents. But 
that seems to me to be a pretty sensational type Statement, Mr. 
Ron, when you say networks of employees. And I'm wondering, I 
know you mention the Atlanta incident or the Atlanta smuggling, 
but I'm wondering, is this oversensationalized or is this 
happening in all the major airports? You say networks of 
employees. How widespread is this?
    Mr. Ron. Most of the crimes that could generate benefits 
for employees that are willing to act criminally are involved 
with illegal materials like drugs and weapons that fly through 
the airport. It is never a single individual person that is 
involved. Usually there is somebody who delivers the substance. 
There is somebody who actually takes care of it and puts it on 
the aircraft.
    And if I take for example a case, of a few years ago, 
concerning a flight from Miami to San Juan, Puerto Rico. Once 
again, there was a matter of weapon smuggling through the 
aircraft. It was a duffle bag, if I'm not mistaken, 14 
different weapons, including an AR-15----
    Mr. Duncan. But you said that's a case from several years 
ago.
    Mr. Ron. That's several years ago, yes. But this 
indicated--this case, that was brought by one employee into the 
restricted area. There was another employee that actually took 
the flight and received the bag in order to fly with the bag to 
San Juan according to media reports. So this is I think a very 
good example as to how these things work. You can assume that 
similar involvement of more than one person is the case more 
frequently than otherwise.
    Mr. Duncan. Well, let me ask you something else, you were 
director of security at the Tel Aviv airport, I understand. 
What are some things you were able to do in Tel Aviv that 
people in your similar security field wouldn't be able to do or 
aren't doing here?
    Mr. Ron. Well, Tel Aviv system is based very much on our 
ability to recognize the level of threat of individual 
employees, based on a much deeper background check to start 
with. And they are implementing----
    Mr. Duncan. So we need to give much deeper background 
checks to all airport employees?
    Mr. Ron. Well, there is a lot of--yes, background checks is 
one very important rule.
    Mr. Duncan. All right.
    Mr. Ron. Beyond that I would say--and that has to do with 
the smaller size of Ben Gurion Airport in comparison to 
airports like Atlanta. But we were able to actually keep our 
finger on the pulse in terms of what happens with the employees 
at the airport. If somebody was behaving in a way that 
indicated that he may be involved in illegal activity, then we 
were immediately investigating it. There was a dedicated--there 
is a dedicated unit that is actually looking exactly only after 
that. They are making sure not only concerning security but 
also concerning regular criminal activity----
    Mr. Duncan. So do you think we should have some type of 
incentive programs for airline--airport employees that turn in 
or recognize unusual criminal activity or something?
    Mr. Ron. I'm sorry, I didn't understand the question.
    Mr. Duncan. Well, in other words, should we teach other 
airline employees or airport employees things to watch for when 
you say that airport employees are acting in unusual ways?
    Mr. Ron. Yes. I mean, obviously, there is--at the end of 
the day there is limited access to every badge holder, but when 
you speak about employees, this is different because by the way 
badges are also issued to non employees. But in the case of 
employees, we are able through the human resources and through 
our intelligence activity at the airport and through our 
ability to survey a city, those parts of the airport that are 
vulnerable to criminal activity in a way that makes it very 
effective.
    Mr. Duncan. Let me ask, I've run out of time. Let me ask 
Mr. Roth one last question. Mr. Roth, we're spending mega 
billions now for security at the airports when you add it all 
together. Are we getting a bang for our bucks? Or----
    Mr. Roth. I think there is significant room for 
improvement. It is a massive task. I mean when you talk about, 
for example, security background checks on individuals that 
hold the passes to the secure areas, you're talking about 3.7 
million people that you would have to give a background check 
for. This is a massive, massive challenge.
    Can TSA tighten up? Absolutely. And the reports that we 
have written over the course of the years I think show there 
are areas where they can tighten up, but we need to understand 
the scope and significance of the problem that TSA faces.
    Mr. Duncan. All right, thank you very much.
    Mr. Mica. I thank the gentleman. If FedEx can track a 
package and American Express can detect instantaneously from an 
incidence with your credit card, certainly we can get this 
right and have many more people to deal with. Let's yield to 
Ms. Kelly from Illinois.
    Ms. Kelly. Thank you, Mr. Chair, and thank you, Ranking 
Member Cummings, for holding a hearing on a pressing issue like 
our aviation security. I would also like to thank our witnesses 
who have taken time out of their busy schedules to speak with 
us today.
    Mr. Chairman, with the summer travel season fast 
approaching, our Nation's airports will be pressed to the 
maximum capacity. This means long security lines, overworked 
TSA agents and control tower officials. It also means detecting 
and neutralizing a security threat in a crowded airport can be 
as difficult as finding a needle in a haystack. This is 
something all Americans, and of course my constituents in 
particular, know all too well. The greater Chicago area is 
currently served by two airports. I'm sure most people in this 
room here today at some point or another have missed a 
connecting flight or had a long layover in one of our airports. 
I hear complaints from my colleagues all the time. A culture of 
delays, overcrowded hallways and long security lines are not 
only frustrating and inefficient, but also unsafe. A need for a 
third airport in Chicago has been known for years.
    I have been working with Secretary Foxx and Administrator 
Huerta to make a south suburban airport a reality. I am pleased 
to say that the project is close to becoming a reality and I 
will continue to push for its creation. Therefore, I'd like to 
ask the witnesses to provide their insights into this matter.
    How does the fact that major airports are operating at 
capacity impact our national security? I'll ask both my 
questions. Impact our national security. And the other, would 
construction of new airports improve our national security by 
easing pressures on current airports? And whoever wants to take 
the question.
    Ms. Grover. So I can start. I agree with the other 
panelists that TSA is pressed, just the press of business is 
difficult. And as airports are operating more and more at 
capacity, there are some inherent challenges that go along with 
that. But what I would suggest is that the challenges that TSA 
faces in improving security across their systems are 
independent of exactly how many airports we have up and running 
and exactly whether they are working to capacity, because they 
are inherent systemwide efforts, and I'd like TSA to spend some 
more time focusing on how well their systems are working.
    Mr. Ron. I want to repeat a point that I mentioned earlier 
that I think is relevant to your question, and that is once 
again the need to approach the subject or the challenge 
comprehensively. Right now, in my view, this is one of the 
weakest points in the strategy, because of a lack of 
comprehensiveness, we do leave corners unattended. And as we 
discussed here earlier, we talked about perimeter threats and 
there might be some others. And a much more comprehensive 
approach would allow us to evaluate and to run a more balanced 
system, which by the way will never be perfect.
    Mr. Roth. I think any time that you add size, you get 
complexity, and so enhanced complexity of course always leads 
to challenges, but to your specific question, unfortunately we 
haven't done any specific work in that area so it's difficult 
for me to comment.
    Ms. Kelly. Thank you for your response, I appreciate it. I 
yield back.
    Mr. Mica. Mr. Cummings. Thank you.
    Mr. Cummings. Ms. Grover, are you familiar with the 
concerns the GAO raised about the Managed Inclusion program?
    Ms. Grover. Yes, sir.
    Mr. Cummings. Can you explain what steps TSA is taking to 
address those concerns?
    Ms. Grover. What TSA has told us is that they have an 
effectiveness study underway and they expect to have results 
toward the latter half of 2016. I believe specifically they are 
evaluating the role of the behavior detection officers and K-9, 
the K-9 teams as part of that.
    Mr. Cummings. So the DHS inspector general recommended that 
the Managed Inclusion program be halted until technology exists 
to connect Secure Flight data to airport checkpoints. And this 
would prevent passengers that are known security threats from 
trespassing--bypassing rather more rigorous security 
inspections according to the IG.
    Now, Mr. Roth, has TSA halted the Managed Inclusion 
program?
    Mr. Roth. My understanding based on conversations with TSA 
is that they are reducing both Managed Inclusion and some of 
the other methods they use to put people into expedited 
screening. And as more people apply to PreCheck and get vetted 
they are going reduce that. But it is still something that they 
use, something that we are concerned about.
    Mr. Cummings. And tell me what your concerns are?
    Mr. Roth. Well, my concerns are that these are unknown 
passengers, they are unknown to TSA, which means they are 
unknown risk. And any time you have an unknown risk passenger 
going through expedited screening, which is inherently less 
secure, you have a security vulnerability.
    Mr. Cummings. And what have they done about your concerns?
    Mr. Roth. Well, we made a number of recommendations, again 
many of those are nonpublic recommendations, but they've 
largely nonconcurred with those recommendations, which we 
believe shows a lack of appreciation of the seriousness of the 
problem.
    Mr. Cummings. And did they give you excuses or what I 
mean----
    Mr. Roth. They simply disagree with the level of risk. They 
believe it is a level of risk that's acceptable. As the IG I 
believe that it is not. One of the reasons I invite a 
classified briefing on this is because every time I give a 
classified briefing, Members of Congress tend to agree that it 
is an unacceptable risk.
    Mr. Cummings. So you think they just discount your 
concerns? Do you get the impression that they don't see you as 
the expert and they see themselves as so being?
    Mr. Roth. Well, we're the independent auditor, so that 
means we are objective and we look, you know, while we are in--
--
    Mr. Cummings. That's not what I asked you.
    Mr. Roth. I apologize for that. Yes, we have a 
disagreement, a fundamental disagreement about what level of 
risk is acceptable.
    Mr. Cummings. So now, let's go to this issue of the 
perimeter, Mr. Roth. We've seen a disturbing report of a 15-
year-old boy who traveled from San Jose International Airport 
to Hawaii in a wheel well of an aircraft. Mr. Roth, what steps 
can TSA take to improve perimeter security and ensure that 
incidents like this don't happen in the future. What can they 
do?
    Mr. Roth. My understanding of TSA's position is that, that 
is the responsibility of the airport itself and not of TSA. We 
have not looked at that specific issue, so I don't have any 
specifics with regard to their response.
    Mr. Cummings. Mr. Ron, do you have an opinion on that?
    Mr. Ron. Yes, I think that this is one of the problems that 
we have and this is why it falls between the chairs because why 
TSA does not consider it part of its responsibility. I think as 
a regulator it has to make sure that somebody else does it, and 
at the moment this is not really happening. The airports are 
not willing and in many cases are unable to provide what it 
takes to protect their security with an intrusion detection 
systems and the manpower that requires to respond to alarms.
    Mr. Cummings. And how is that done in other airports where 
you've been?
    Mr. Ron. Well, if I take for example Tel Aviv airport, Tel 
Aviv airport there is no division of responsibility. The 
responsibility structure is very, very clear and there's only 
one security organization that takes care of all aspects of 
security, whether it is passengers or the facility, and that 
makes it much easier to calculate the priorities.
    Mr. Cummings. So Mr. Roth, whose responsibility did they 
say it was, the perimeter?
    Mr. Roth. My understanding is that TSA takes the position 
that it's the airport's responsibility and not TSA's. Again, 
that's based on my understanding, but we haven't done any work 
in this area.
    Mr. Cummings. Ms. Grover, you want to say something?
    Ms. Grover. Yes, sir, if I may. TSA does take the position 
that it is the airport's responsibility to decide how their 
perimeter will be secured. What TSA does is they come in and 
they check--they do a paper check essentially to say given what 
the airport has decided to put in place for the perimeter, does 
that match up with the requirements? And then they also do an 
annual compliance inspection where they actually observe to 
make sure that those measures are in place. And we do have a 
study underway now to do an assessment of what is going on.
    Mr. Cummings. Wait a minute, back up.
    Ms. Grover. Yes, sir.
    Mr. Cummings. You said they--they--TSA says this is what we 
think it ought to be; is that right?
    Ms. Grover. Yes. Yes, sir, there are regulations, and then 
TSA issues security directives, for example, that lay out sort 
of at a high level what the requirements need to be to secure 
the perimeter. And then at each individual airport, the airport 
decides exactly how they are going to meet that requirement.
    Mr. Cummings. OK.
    Ms. Grover. Right. So it could be a fence or maybe the 
airport would say, well, we don't really need a fence because 
we have a body of water there. So then TSA comes in and they 
review that airport's security program. That's a paper review 
where TSA basically says, check, check, check, check, check. 
OK, yes, we think it's reasonable that you are securing your 
perimeter in all of these ways. And then once a year TSA also 
comes in and does a compliance inspection where they say walk--
they walk the perimeter and they confirm is the fence there and 
does it have holes in it.
    Mr. Cummings. What happens the day after the inspection 
somebody cuts a hole in the fence? I mean, how does that work? 
And do we then have a gap?
    Ms. Grover. That is the airport's responsibility to 
monitor.
    Mr. Cummings. Yes. You know, one of the things that 
concerns me, and we saw this on the Transportation Committee, 
you have these folks who constantly claim that everything is 
tight and there are no problems and then they say when the 
rubber meets the road, everything is going to be fine. But then 
we find that there are gaps because everybody is assuming that 
the other person's doing it, and then it ends up that there is 
a problem.
    And I am just wondering, you know, if you have--I mean, 
when we look at what's happening around the world and we look 
at organizations like ISIS and others, I mean, to create a hole 
in a fence and folks figure out well, maybe they are not 
looking at that fence as often as they should. They had an 
inspection yesterday and now I have got a whole year to wait. 
Are you satisfied with that procedure or you don't get into 
that.
    Ms. Grover. So there are definite vulnerabilities, and we 
have identified them before, and we have called out to TSA and 
let them know that we didn't think that they had sufficient 
vulnerability assessments in place to check on the airports. So 
that's part of the issue we are going to be looking at again 
right now, and we would be happy to report back to you on it.
    Mr. Cummings. Yes, I would love to have that, because 
that's of great concern. Thank you all very much, your 
testimony has been very informative.
    Mr. Mica. Thank you. Mr. Cummings. If you could--if you 
could patch that fence, then you could put five pounds of 
plastic explosives on a drone, and drive it into an airplane as 
it's taking off or use shoulder fired missile, come into the 
market, do the same thing. It all gets back to intelligence, 
finding these people before they can commit the act.
    Mrs. Lawrence you're recognized,
    Mrs. Lawrence. Thank you, Mr. Chair. Talk about the issue 
of access through the IDs, on March 9, 2015, NBC News reported 
that 1,400 badges that granted access to secure areas had gone 
missing over a 2-year period. Are you familiar with this 
report, Mr. Roth?
    Mr. Roth. I am.
    Mrs. Lawrence. What happens when an ID badge is lost or 
reported stolen?
    Ms. Grover. So as soon as the badge has been reported lost 
or missing, then the airport should deactivate it immediately. 
It's my understanding that there's a threshold of 5 percent. So 
once 5 percent of the badges for any particular area have been 
reported as missing, then the airport is responsible for 
reissuing all of the badges to all the employees who have 
access in that area.
    Mrs. Lawrence. Do you know how the airports keep track of 
this? Are you engaged in that tracking process?
    Ms. Grover. So we have not done a specific review of how 
well the tracking process is working, but I can tell you 
generally that the way it works is that the airports are 
required to do a 100 percent audit of the badges once a year. 
That's a paper exercise, so it involves the airport taking a 
list of all of the badges that have been issued and checking it 
up against the contractor lists to say, do our lists still 
match? And then twice a year they do an additional 10 percent 
random sample, that's also a paper exercise. And TSA's 
responsibility is to come behind and make sure that the airport 
has done their job in doing those checks.
    Mrs. Lawrence. So that's my followup. When the TSA is 
supposed to come behind, so there is an audit process that is 
given to any airport. Is there an inspection process? How do 
you know that--how do you verify that the airports are in 
compliance, because the concern that we have about these 
missing ID badges is we provide all the security under TSA that 
we have the expectations, how do--how does TSA verify that 
there's an inspection needed because the audit has failed? And 
what is the procedure?
    Mr. Roth. It's a couplefold. It's my understanding is that 
TSA will go through and they will in fact audit these things 
and have an entire office of inspection----
    Mrs. Lawrence. How frequently?
    Mr. Roth. I don't have the answer to that. One of the other 
things that we do, for example, what we are doing now is we are 
conducting an independent audit of TSA's processes and controls 
for doing this. We were as concerned as I suspect you were with 
regard to the media reports. And so we are taking a look at 
that very issue.
    Mrs. Lawrence. I just want to say that I'm glad to hear 
that you are conducting the audit of that process. It is 
disturbing to me that the access to secure areas, this number 
is too high. And in doing that audit I really want to State for 
the record that I feel it's too high. You're going to have to 
convince me otherwise.
    And things like the frequency, when is there accountability 
issued for the airports and for employees for these loss of 
badges. And the question of the answer after a certain period 
that everyone gets their badges reissued, how frequently is 
that happening? And what triggers that number?
    So those are the concerns I have. As we are--it should be a 
comprehensive approach. I would hope that the media would not 
drive our response to these issues, that's troubling to me. It 
should have been something that has been triggered by our own 
internal audits, if we are doing that, instead of saying, oh, 
it's in the media now, we need to respond. So thank you.
    Mr. Mica. I thank the gentlelady, and I guess there are no 
further members. I'll conclude the hearing, but it's not 
acceptable for TSA to respond to the chief investigative and 
oversight of Congress Committee with pages and pages of 
redacted information. Do you have trouble, Mr. Roth, getting 
information from them or----
    Mr. Roth. We do not.
    Mr. Mica. You do not, but we do. And your report I think it 
is about as comprehensive as I have seen. It covers a whole 
host of areas. I think you did an excellent job. The problem is 
it just highlights that after years and years, we have created 
a very expensive, dysfunctional, transportation security 
system, and there are many potentials for risks that are not 
addressed.
    The more I--on having helped create TSA in the beginning 
and create the system, the more I look at this the more I am 
convinced that you go back to intelligence, intelligence, 
intelligence. Get TSA out of the screening business. As you 
heard Mr. Ron say, we're the only country in the world that 
the--where the agency is the regulator, the auditor, the 
systems manager, and it doesn't do any of them well.
    But if we could concentrate on connecting the dots so that 
we have the information in the data base that we can clear 
people we know who's traveling and poses a risk. If we can 
track people. Almost everyone most recently that--Boston 
bombers, other people, we failed to connect the dots. The dots 
were there. But we have concentrated a huge number of people in 
managing an unmanageable system that others can do to conduct a 
screening process through, then concentrate on getting the 
intelligence, the security information setting the protocols 
and altering them to meet the threat. Mr. Ron, isn't that what 
we should do?
    Mr. Ron. Yes.
    Mr. Mica. I didn't want to take words out of your mouth.
    Mr. Ron. Relatively speaking, yes.
    Mr. Mica. Yes. And the Israelis have done a great job. They 
have a different system, been there many times. After 9/11 they 
helped us in many areas and have continued to lend their 
expertise. And I can tell you, and in this hearing, if it 
wasn't for Israeli intelligence and British intelligence we 
would have been taken down several times, because they don't 
have to deal with some of the laws and protections and barriers 
that we have, because we have a different society and different 
laws.
    But this is a very serious situation. This is an indictment 
of TSA's values and we need to change this. I've never said to 
do away with TSA, we need to change their role so that they are 
in charge of again security, intelligence, connecting the dots, 
and then auditing the system and getting out of this craziness 
that is using all of our manpower and money for a system that 
shakes down little old ladies, veterans, and people who pose no 
risk. And Mr. Roth agrees with that Statement, don't you, Mr. 
Roth?
    Mr. Roth. Yes, sir.
    Mr. Mica. OK. Ms. Grover is a little bit hesitant but she 
might agree.
    Ms. Grover. We agree that there are vulnerabilities in the 
system that definitely need to be addressed.
    Mr. Mica. Need to be addressed.
    Ms. Grover. Yes, sir.
    Mr. Mica. So with those Statements what I am going to do is 
ask unanimous consent that the record be left open for a period 
of 10 business days. You may get additional questions, and I 
think there will be some coming to TSA, maybe wrapped in a 
subpoena for Mr. Carraway, but in any event the record will be 
left open. Without objection, so ordered.
    Mr. Mica. There being no further business before this full 
Committee hearing of Government Oversight and Reform Committee 
and the Subcommittee on Transportation and Public Assets, this 
hearing is adjourned. Thank you.
    [Whereupon, at 12:19 p.m., the subcommittee was adjourned.]


                                APPENDIX

                              ----------                              


               Material Submitted for the Hearing Record

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                                 [all]