Terrorist Watch List Screening:

Opportunities Exist to Enhance Management Oversight, Reduce Vulnerabilities in Agency Screening Processes, and Expand Use of the List

GAO-08-110: Published: Oct 11, 2007. Publicly Released: Oct 24, 2007.

Additional Materials:

Contact:

Eileen R. Larence
(202) 512-6510
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

The Federal Bureau of Investigation's (FBI) Terrorist Screening Center (TSC) maintains a consolidated watch list of known or appropriately suspected terrorists and sends records from the list to agencies to support terrorism-related screening. Because the list is an important tool for combating terrorism, GAO examined (1) standards for including individuals on the list, (2) the outcomes of encounters with individuals on the list, (3) potential vulnerabilities and efforts to address them, and (4) actions taken to promote effective terrorism-related screening. To conduct this work, GAO reviewed documentation obtained from and interviewed officials at TSC, the FBI, the National Counterterrorism Center, the Department of Homeland Security, and other agencies that perform terrorism-related screening.

The FBI and the intelligence community use standards of reasonableness to evaluate individuals for nomination to the consolidated watch list. In general, individuals who are reasonably suspected of having possible links to terrorism--in addition to individuals with known links--are to be nominated. As such, being on the list does not automatically prohibit, for example, the issuance of a visa or entry into the United States. Rather, when an individual on the list is encountered, agency officials are to assess the threat the person poses to determine what action to take, if any. As of May 2007, the consolidated watch list contained approximately 755,000 records. From December 2003 through May 2007, screening and law enforcement agencies encountered individuals who were positively matched to watch list records approximately 53,000 times. Many individuals were matched multiple times. The outcomes of these encounters reflect an array of actions, such as arrests; denials of entry into the United States; and, most often, questioning and release. Within the federal community, there is general agreement that the watch list has helped to combat terrorism by (1) providing screening and law enforcement agencies with information to help them respond appropriately during encounters and (2) helping law enforcement and intelligence agencies track individuals on the watch list and collect information about them for use in conducting investigations and in assessing threats. Regarding potential vulnerabilities, TSC sends records daily from the watch list to screening agencies. However, some records are not sent, partly because screening against them may not be needed to support the respective agency's mission or may not be possible due to the requirements of computer programs used to check individuals against watch list records. Also, some subjects of watch list records have passed undetected through agency screening processes and were not identified, for example, until after they had boarded and flew on an aircraft or were processed at a port of entry and admitted into the United States. TSC and other federal agencies have ongoing initiatives to help reduce these potential vulnerabilities, including efforts to improve computerized name-matching programs and the quality of watch list data. Although the federal government has made progress in promoting effective terrorism-related screening, additional screening opportunities remain untapped--within the federal sector, as well as within critical infrastructure components of the private sector. This situation exists partly because the government lacks an up-to-date strategy and implementation plan for optimizing use of the terrorist watch list. Also lacking are clear lines of authority and responsibility. An up-to-date strategy and implementation plan, supported by a clearly defined leadership or governance structure, would provide a platform to establish governmentwide screening priorities, assess progress toward policy goals and intended outcomes, consider factors related to privacy and civil liberties, ensure that any needed changes are implemented, and respond to issues that hinder effectiveness.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendations for Executive Action

    Recommendation: To enhance the use of the consolidated terrorist watch list as a counterterrorism tool and to help ensure its effectiveness the Secretary of Homeland Security should, in consultation with the heads of other appropriate federal departments, develop and submit to the President through the Assistant to the President for Homeland Security and Counterterrorism an updated investment and implementation plan that describes the scope, governance, principles, outcomes, milestones, training objectives, metrics, costs, and schedule of activities necessary for implementing a terrorist-related screening strategy, as called for in HSPD-11.

    Agency Affected: Department of Homeland Security

    Status: Closed - Implemented

    Comments: In our 2007 watchlist report, we recommended that the Secretary of Homeland Security, in consultation with the heads of other appropriate federal departments, develop and submit to the President through the Assistant to the President for Homeland Security and Counterterrorism an updated investment and implementation plan that describes the scope, governance, principles, outcomes, milestones, training objectives, metrics, costs, and schedule of activities necessary for implementing a terrorist-related screening strategy. The Department of Homeland Security (DHS) subsequently led an interagency effort to provide the president with this implementation plan, which was included as part of its strategy entitled, HSPD-11, An Updated Strategy for Comprehensive Terrorist-Related Screening Procedures. The report was formally submitted to the Executive Office of the President through the Homeland Security Council in January 2008. DHS's efforts directed toward terrorist-related screening align with the cornerstones of Homeland Security Presidential Directive 11: Risk-based screening, civil liberties and privacy, governance, and information sharing. This approach enables the screening community to scale the intensity of screening to meet new and emergent terrorist threats. This was evidenced by the comprehensive interagency effort to revise the federal government's watchlisting guidance as well as enhanced screening measures federal agencies put into place in response to the attempted terrorist attack upon an aircraft in December 2009. In addition, the DHS Credentialing Framework Initiative, issued in July 2008, provides an overall framework to guide the collective efforts of DHS screening programs. The framework is designed to create a more efficient, effective, and person-centric screening and credentialing practice across the department, and identified a series of target enterprise services to achieve implementation of these objectives. These targets were memorialized through a series of policy memoranda, the Integrated Planning Guidance starting with the FY 2011 budget, the enterprise architecture, and the investment review process. The framework and associated targets are to serve as the mechanism to drive and inform the mission critical work being performed in multiple interdependent screening programs and initiatives across DHS components. These actions address our recommendation and we consider it closed as implemented.

    Recommendation: To enhance the use of the consolidated terrorist watch list as a counterterrorism tool and to help ensure its effectiveness the Secretary of Homeland Security should, in consultation with the heads of other appropriate federal departments, develop and submit to the President through the Assistant to the President for Homeland Security and Counterterrorism an updated strategy for a coordinated and comprehensive approach to terrorist-related screening as called for in Homeland Security Presidential Directive-11 (HSPD-11), which among other things, (a) identifies all appropriate screening opportunities to use watch list records to detect, identify, track, and interdict individuals who pose a threat to homeland security and (b) safeguards legal rights, including privacy and civil liberties

    Agency Affected: Department of Homeland Security

    Status: Closed - Implemented

    Comments: In our October 2007 watchlist report, we recommended that the Secretary of Homeland Security, in coordination with the heads of appropriate federal departments and agencies, develop and submit to the President through the Assistant to the President for Homeland Security and Counterterrorism an updated strategy for a coordinated and comprehensive approach to terrorist-related screening. Among other things, the report was to (a) identify all appropriate screening opportunities to use watchlist records to detect, identify, track, and interdict individuals who pose a threat to homeland security and (b) safeguard legal rights, including privacy and civil liberties. We noted that such a strategy would enhance use of the terrorist watchlist as a counterterrorism tool and to help ensure its effectiveness. The Department of Homeland Security (DHS) subsequently led an interagency effort to provide the president with an updated report, entitled, HSPD-11, An Updated Strategy for Comprehensive Terrorist-Related Screening Procedures. The update was formally submitted to the Executive Office of the President through the Homeland Security Council in January 2008. The strategy contained four key elements: Risk-based screening, civil liberties and privacy, governance, and information sharing. The report did not, however, identify appropriate screening opportunities to use watchlist records. DHS subsequently developed this list and provided it to us in October 2010. Also, in July 2010, the federal government issued revised watchlisting guidelines to help standardize the watchlisting community's nomination and screening processes. The revised guidelines provide additional details on safeguarding legal rights, including privacy and civil liberties. These actions address our recommendation and we consider it closed as implemented.

    Recommendation: To enhance the use of the consolidated terrorist watch list as a counterterrorism tool and to help ensure its effectiveness the Secretary of Homeland Security should, in consultation with the heads of other appropriate federal departments and agencies and private sector entities, develop guidelines to govern the use of watch list records to support private sector screening processes that have a substantial bearing on homeland security, as called for in Homeland Security Presidential Directive-6.

    Agency Affected: Department of Homeland Security

    Status: Closed - Implemented

    Comments: Homeland Security Presidential Directive 6 instructs the Secretary of Homeland Security to develop guidelines to govern the use of terrorist watchlist records to support private sector screening processes that have a substantial bearing on homeland security. We reported that the Department of Homeland Security (DHS) had made progress in using watchlist records to screen employees in some critical infrastructure components of the private sector, but many critical infrastructure components were not using watchlist records. The intent of the guidelines to support private sector screening was to establish basic mechanisms and rules for voluntary screening of individuals in the private sector who are not otherwise required to be screened against watchlist records as part of other DHS-administered programs. However, to support these screening programs with adequate resources, DHS collects fees from the private sector to complete private sector screening, and DHS does not have the statutory authority necessary to collect these fees and thus implement private sector screening guidelines or screening processes. While DHS continues to face hurdles in establishing the guidelines, it has taken significant strides in private sector screening processes and has established related guidelines and processes as needed. DHS currently screens populations in the private sector that have access to or may impact critical infrastructure. For example, as part of the Transportation Worker Identification Credential program, the Transportation Security Administration (TSA) screens individuals with unescorted access to secure areas of ports, vessels, outer continental shelf facilities, and credentialed merchant mariners. Over 2 million workers, including longshoremen, truckers, port employees, and others have gone through a threat assessment that includes screening against the terrorist watchlist. TSA also conducts terrorist screening for the Hazardous Materials Endorsement program, which screens individuals performing or supervising the screening of air cargo. Further, TSA conducts watchlist screening of airport workers, domestic aircraft operator employees, and flight crew on aircraft flying into, over, or out of the United States. DHS's actions demonstrate that when given the statutory authority to implement private sector screening against the watchlist, the department has developed mechanisms and rules for screening individuals. These actions address the intent of our recommendation and we consider it closed as implemented.

    Recommendation: In order to mitigate security vulnerabilities in terrorist watch list screening processes, the Secretary of Homeland Security and the Director of the FBI should assess to what extent there are vulnerabilities in the current screening processes that arise when screening agencies do not accept relevant records due to the designs of their computer systems, the extent to which these vulnerabilities pose a security risk, and what actions, if any, should be taken in response.

    Agency Affected: Department of Justice: Federal Bureau of Investigation

    Status: Closed - Implemented

    Comments: The Federal Bureau of Investigation's (FBI) Terrorist Screening Center (TSC) maintains a consolidated watchlist of known or suspected terrorists and sends records from the list to agencies to support terrorism-related screening. Screening against applicable watchlist records can occur anywhere in the nation when, for example, state or local law enforcement officers stop individuals for traffic violations or other offenses. We reported that screening agencies do not check against all watchlist records because certain records (1) may not be needed to support the respective agency's mission, (2) may not be possible due to the requirements of computer programs used to check individuals against watchlist records, or (3) may not be operationally feasible. Rather, each day, TSC exports applicable records from the consolidated watchlist to federal government databases that agencies use to screen individuals for mission-related concerns. To mitigate security vulnerabilities in terrorist watchlist screening processes, we recommended the Director of the FBI assess to what extent there are vulnerabilities in the current screening processes that arise because the FBI system that supports terrorism-related screening does not contain all watchlist records, the extent to which these vulnerabilities pose a security risk, and what actions, if any, should be taken in response. The FBI commented that to ensure the protection of civil rights and prevent law enforcement officials from taking invasive enforcement action on individuals misidentified as being on the watchlist, the FBI system that is used to support screening processes is designed to not accept certain watchlist records. The FBI explained that while law enforcement encounters of individuals on the watchlist provide significant information, unnecessary detentions or queries of misidentified persons would be counterproductive and potentially damaging to the efforts of the FBI to investigate and combat terrorism. Because of these operational concerns, the FBI noted that our recommendation to assess the extent of vulnerabilities in current screening processes that arise when its system does not accept certain watchlist records was completed and the vulnerability had been determined to be low or nonexistent. In our view, however, recognizing operational concerns did not constitute assessing vulnerabilities. Thus, while we understood the FBI's operational concerns, we maintained that it was still important for the FBI to assess to what extent vulnerabilities or security risks are raised by not screening against certain watchlist records and what actions, if any, should be taken in response. During our most recent review of the terrorist watchlist, the TSC Director and other senior FBI official provided additional evidence to support the bureau's previous assertion that the vulnerability in not screening against certain watchlist records domestically was low. For example, the officials provided data and other information that show that a small percentage of people on the watchlist are located in the United States so there are few encounters against the watchlist that occur domestically. The officials also noted that individuals also go through multiple layers of screening against the watchlist prior to obtaining entry into the country. For example, prior to a local policemen pulling over a suspected terrorist, the individual would have already been subject to two layers of screening--visa issuance by the State Department and point-of-entry screening by U.S. Customs and Border Protection. These layers of screening would provide the opportunity to collect sufficient information on the individuals to include related watchlist records in the FBI system that is used by law enforcement agencies within the United States. Based on this additional evidence provided by the FBI, we consider this recommendation to be closed as implemented.

    Recommendation: In order to mitigate security vulnerabilities in terrorist watch list screening processes, the Secretary of Homeland Security and the Director of the FBI should assess to what extent there are vulnerabilities in the current screening processes that arise when screening agencies do not accept relevant records due to the designs of their computer systems, the extent to which these vulnerabilities pose a security risk, and what actions, if any, should be taken in response.

    Agency Affected: Department of Homeland Security

    Status: Closed - Implemented

    Comments: The Federal Bureau of Investigation's (FBI) Terrorist Screening Center (TSC) maintains a consolidated watchlist of known or suspected terrorists and sends records from the list to agencies to support terrorism-related screening. The Transportation Security Administration (TSA) uses portions of the watchlist to screen the names of passengers to identify those who may pose threats to aviation. In our October 2007 terrorist watchlist report, we recommended that the Department of Homeland Security (DHS) assess to what extent security risks exist by not screening airline passengers against more watchlist records and what actions, if any, should be taken in response. DHS generally agreed with our recommendation but noted that increasing the number of records that air carriers used to screen passengers would expand the number of misidentifications to unjustifiable proportions without a measurable increase in security. (In general, misidentifications occur when a passenger's name is identical or similar to a name on the watchlist but the passenger is not the individual on the watchlist.) Since then, the TSA has assumed direct responsibility for this screening function from air carriers through implementation of the Secure Flight program for all flights traveling to, from, or within the United States. Secure Flight's full assumption of this function from air carriers and its use of more biographic data for screening have improved watchlist matching. This includes TSA's ability to correctly match passenger data against watchlist records to confirm if individuals match someone on the watchlist and reduce the number of misidentifications. TSA has implemented Secure Flight such that as circumstances warrant, it may expand the scope of its screening beyond the No Fly and Selectee lists to the entire terrorist watchlist. (In general, individuals on the No Fly List are to be precluded from boarding an aircraft and individuals on the Selectee List are to receive additional screening prior to boarding an aircraft.) According to the Secure Flight program's final rule, in general, Secure Flight is to compare passenger information only to the No Fly and Selectee lists because, during normal security circumstances, screening against these components of the watchlist will be satisfactory to counter the security threat. However, the rule also provides that TSA may use the larger set of "watch lists" maintained by the federal government when warranted by security considerations, such as if TSA learns that flights on a particular route may be subject to increased security risk. Also, after the attempted airline bombing in December 2009, DHS proposed and the Deputies Committee (within the Executive Office of the President) approved the Secure Flight program's expanded use of watchlist records on a routine basis to screen passengers before they board flights. In April 2011, TSA completed the transition of the Secure Flight program to conduct watchlist matching against this greater subset of watchlist records and notified air carriers that those passengers who are determined to be a match should be designated for enhanced screening prior to boarding a flight. TSA's actions fully respond to the recommendation we made in our October 2007 report.

    Recommendation: To help ensure that governmentwide terrorist-related screening efforts have the oversight, accountability, and guidance necessary to achieve the Administration's vision of a comprehensive and coordinated approach, the Assistant to the President for Homeland Security and Counterterrorism should ensure that the governance structure proposed by the plan affords clear and adequate responsibility and authority to (a) provide monitoring and analysis of watch list screening efforts governmentwide, (b) respond to issues that hinder effectiveness, and (c) assess progress toward intended outcomes.

    Agency Affected: Executive Office of the President: Homeland Security Council

    Status: Closed - Implemented

    Comments: We recommended that the Assistant to the President for Homeland Security and Counterterrorism ensure that the governance structure for terrorism-related screening proposed by DHS affords clear and adequate responsibility and authority to (a) provide monitoring and analysis of watchlist screening efforts governmentwide, (b) respond to issues that hinder effectiveness, and (c) assess progress toward intended outcomes. This recommendation was intended to help ensure that governmentwide terrorist-related screening efforts have the oversight, accountability, and guidance necessary to achieve the Administration's vision of a comprehensive and coordinated approach. Subsequently, DHS proposed a governance structure that consisted of three separate entities. First, the Terrorist Screening Center (TSC) established a Governance Board to support the furtherance of its mission to assist law enforcement, intelligence, diplomatic, military, and regulatory agencies in protecting the U.S. against terrorist attacks. The role of the Governance Board was to provide TSC guidance concerning issues within TSC's mission and authority that are of interagency relevance and importance. Second, DHS established the Screening Coordination Office with a primary mission to strengthen homeland security by enhancing screening processes and technologies, in order to facilitate legitimate travel and trade; ensure individual privacy and redress opportunities; and deter, detect, and deny access to and withhold benefits from those who pose a threat to the United States. Third, the Homeland Security Council provided a decisionmaking body at the highest levels of government to resolve any issues and set policy. Also, in 2011, the Executive Office of the President established a Subcommittee on Watchlisting, under the Information Sharing and Access Interagency Policy Committee, to govern watchlisting and screening processes. (Interagency Policy Committees are the main day-to-day forums for interagency coordination of national security policy, providing policy analysis and ensuring timely responses to decisions made by the President.) Among other things, the subcommittee monitors watchlist screening efforts governmentwide, addresses interagency issues that hinder effectiveness, and periodically assesses progress toward intended outcomes. These actions address our recommendation and we consider it closed as implemented.

    Jul 24, 2014

    Jul 16, 2014

    Jun 27, 2014

    Jun 24, 2014

    Jun 23, 2014

    Jun 18, 2014

    Jun 16, 2014

    Jun 11, 2014

    Looking for more? Browse all our products here