Order Code RL32366
CRS Report for Congress
Received through the CRS Web
Terrorist Identification, Screening, and Tracking
Under Homeland Security Presidential Directive 6
Updated December 23, 2004
William J. Krouse
Analyst in Social Legislation
Domestic Social Policy Division
Congressional Research Service ˜ The Library of Congress
Terrorist Identification, Screening, and Tracking Under
Homeland Security Presidential Directive 6
Summary
In Homeland Security Presidential Directive 6 (HSPD-6), the Administration
announced plans to establish a Terrorist Screening Center (TSC), as a multi-agency
effort to be administered by the Federal Bureau of Investigation (FBI), where several
watch lists are being consolidated into a single terrorist screening database (TSDB).
The TSC is the latest of three multi-agency efforts undertaken by the Administration
to better identify, screen, and track known terrorists and suspected terrorists. The
other two are the Foreign Terrorist Tracking Task Force (FTTTF) and the Terrorist
Threat Integration Center (TTIC). The TSC complements the FBI-led FTTTF’s
efforts to prevent terrorists from entering the United States and to track and remove
them if they manage to enter the country. The TTIC serves as a single locale where
terrorism-threat data from all sources are analyzed further.
The 9/11 Commission recommended building a National Counterterrorism
Center (NCTC), based on TTIC, and expanding intelligence and law enforcement
operations aimed at intercepting terrorists and constraining their mobility. In the
National Intelligence Reform Act of 2004 (P.L. 108-458), Congress included several
provisions that establish an NCTC and build upon efforts already undertaken under
HSPD-6 to better screen known and suspected terrorists, particularly in regard to
advanced prescreening of airline passengers.
Under HSPD-6, certain terrorist watch list functions previously performed by
the Department of State’s Bureau of Intelligence and Research (INR) were
transferred to the TTIC and TSC. At the TTIC, intelligence analysts are building a
Terrorist Identities Database (TID) based on TIPOFF, the U.S. government’s
principal terrorist watch list database prior to HSPD-6. From TID records, TSC
analysts have built a consolidated Terrorist Screening Database. The Administration
has increased access to, and use of, lookout records by making them available in a
“sensitive but unclassified” format to authorized federal, state, local, territorial and
tribal authorities; certain private sector entities; and certain foreign governments.
From system to system, however, there remains no standardization of data elements,
such as, name, date of birth, place of birth, nationality, or biometric identifiers.
Moreover, additional work remains to upgrade and integrate consular and border
management, intelligence, criminal history, and biometric systems.
HSPD-6 presents significant opportunities to more effectively share data and
increase security, but there are risks as well, not the least of which is a potential loss
of privacy and an erosion of civil liberties. Members of Congress have raised several
related issues. Is the Intelligence Community providing TTIC with the necessary
information to effectively identify known and suspected terrorists? Is the TSDB fast,
accurate, comprehensive, and accessible? Have procedures been established to allow
persons, who may be misidentified as terrorists or supporters, some form of redress
and remedy if they are denied civil rights or unduly inconvenienced? Are new
guidelines and oversight mechanisms needed to protect privacy and other civil
liberties? This report will be updated as needed.
Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
HSPD-6 and Terrorist Watch List Consolidation . . . . . . . . . . . . . . . . . . . . . 2
Terrorist Watch-Listing Prior to HSPD-6 . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Watch Lists and Lookout Books . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Terrorism-Related Ground for Inadmissability . . . . . . . . . . . . . . . . . . . 8
Diplomatic Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Failures to Identify, Watch-List, and Screen 9/11 Hijackers . . . . . . . . . . . . 10
Elevating and Expanding Terrorist Identification, Screening, and Tracking
under HSPD-6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Foreign Terrorist Tracking Task Force (FTTTF) . . . . . . . . . . . . . . . . . 12
Terrorist Threat Integration Center (TTIC) . . . . . . . . . . . . . . . . . . . . . 13
Terrorist Threat Integration Center and Information Analysis and
Infrastructure Protection Reporting Requirements . . . . . . . . . . . 16
Terrorist Screening Center (TSC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Expanding Use of Terrorist Watch Lists . . . . . . . . . . . . . . . . . . . . . . . 21
TSC Level of Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Legal Safeguards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
TSC Reporting Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Selected Watch List, Criminal, and Biometric Systems . . . . . . . . . . . . . . . 27
GAO Watch List Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . 28
TIPOFF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Consular Lookout and Support System (CLASS) . . . . . . . . . . . . . . . . 30
National Automated Immigration Lookout System II (NAILS II) . . . . 31
Interagency Border Inspection System (IBIS) . . . . . . . . . . . . . . . . . . . 31
“No Fly” and “Automatic Selectee” Lists . . . . . . . . . . . . . . . . . . . . . . 33
Computer-Assisted Passenger Prescreening System (CAPPS) . . . . . . 34
9/11 Commission Recommendations and Secure Flight . . . . . . . . . . . 37
National Crime Information Center (NCIC) . . . . . . . . . . . . . . . . . . . . 39
Regional Information Sharing System/Law Enforcement Online . . . . 40
Biometric Systems for Identity Verification . . . . . . . . . . . . . . . . . . . . 40
National Intelligence Reform Act of 2004 (P.L. 108-458) . . . . . . . . . . . . . 43
Advanced Airline Passenger Prescreening System . . . . . . . . . . . . . . . 43
Airport Access and Prescreening . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Chartered and Leased Aircraft Customer Prescreening . . . . . . . . . . . . 44
Appeal Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
International Passenger Prescreening . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Report on Effects on Privacy and Civil Liberties . . . . . . . . . . . . . . . . 45
Report on Criteria for Inclusion in the Consolidated TSDB . . . . . . . . 45
Foreign Air Marshal Trainees Prescreening . . . . . . . . . . . . . . . . . . . . 46
Maritime Vessel Passenger Prescreening . . . . . . . . . . . . . . . . . . . . . . 46
Possible Issues for Congress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Appendix A. Frequently Used Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
List of Figures
Figure 1. TIPOFF and Immigration/Border Inspection Systems . . . . . . . . . . . . . 7
Figure 2. Terrorist Identification, Watch-Listing, and Watch List
Determination under HSPD-6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
List of Tables
Table 1. Selected Lookout, Border Security, Criminal History, and Biometric
Computer Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Terrorist Identification, Screening, and
Tracking Under Homeland Security
Presidential Directive 6
Introduction
This report analyzes Homeland Security Presidential Directive 6 (HSPD-6) and
issues relating to (1) the establishment of a Terrorist Screening Center (TSC), (2) the
transfer of certain terrorist identification and watch list record distribution functions
from the Department of State to the Terrorist Threat Integration Center (TTIC) and
the TSC, and (3) the consolidation of terrorist watch lists into a single, stand-alone,
terrorist screening database (TSDB) under the direction of the Federal Bureau of
Investigation (FBI) at the TSC.1
In hearings during the 108th Congress, Members of Congress raised several
issues regarding the establishment of the TSDB. For example,
! Has the Intelligence Community provided TTIC with the necessary
information to identify effectively terrorists and their supporters?
! Has the Administration committed enough resources to ensure the
timely establishment of an integrated and consolidated terrorism
watch list (the TSDB)?
! Is the TSDB-supported screening process fast, accurate,
comprehensive, and accessible?
! How and to what extent should the TSDB be integrated, or made
interoperable, with other screening systems to expand the network
of screening points?
! Have procedures been established to allow persons, who may be
misidentified as terrorists or terrorist supporters, some form of
redress and remedy if they are denied civil rights or unduly
inconvenienced by a screening agency?
! Does the establishment of the TSDB require new guidelines and
oversight mechanisms to protect privacy and other civil liberties?
1 According to the Administration, the Terrorist Screening Center is a multi-agency effort
being led by the Federal Bureau of Investigation to consolidate and integrate all federal
watch lists into a single terrorist screening database; and the Terrorist Threat Integration
Center is a multi-agency effort being led principally by the Director for Central Intelligence
to analyze all-source information collected from foreign and domestic sources on
international terrorist threats. Based on the 9/11 Commission recommendations, the recently
enacted National Intelligence Reform Act of 2004 (P.L. 108-458) directs the Administration
to establish a National Counterterrorism Center on the foundation of the Terrorist Threat
Integration Center (TTIC, pronounced “tee-tick”).
CRS-2
While this report identifies some privacy issues associated with the
establishment of a consolidated TSDB, it is not intended to serve as an in-depth legal
analysis of the issues related to national security, privacy, and the government’s need
for information to combat terrorism. Rather, it is a systematic examination of the
Terrorist Screening Center’s mission and functions in relation to other entities like
the Terrorist Threat Integration Center. It identifies and describes key watch lists,
residing in several computerized systems and databases,2 that likely will be
consolidated at the TSC.
It is significant that the 9/11 Commission concluded that disrupting terrorist
travel was as powerful a weapon as targeting their money and recommended that the
United States expand terrorist travel intelligence and countermeasures.3 It is not
happenstance that many of the commission’s recommendations endorse and build
upon efforts already initiated under HSPD-6. Congress included several provisions
in the National Intelligence Reform Act of 2004 (P.L. 108-458) that are aimed at
intercepting terrorists and constraining their mobility.4 This act includes several
terrorist watch list and screening requirements — particularly in regard to advanced
airline passenger prescreening.
HSPD-6 and Terrorist Watch List Consolidation
In HSPD-65 and an accompanying memorandum of understanding (MOU),6 the
Administration announced plans to establish the TSC, as a multi-agency effort to be
administered by the FBI, where several watch lists will be consolidated into a single
terrorist screening database (TSDB).7 The MOU on the Integration and Use of
2 A computer system is composed of computer(s), peripheral equipment such as disks,
printers and terminals, and the software necessary to make them operate together (according
to the American National Standards Institute/Institute of Electrical and Electronic Engineers
(ANSI/IEEE) Standard 729-1983). A database is an organized body of machine readable
data that can be cross-referenced, updated, retrieved, and searched by computer.
3 National Commission on Terrorist Attacks upon the United States, The 9/11 Commission
Report: Final Report of the National Commission on Terrorist Attacks upon the United
States, (Washington, 2004), p. 385.
4 For further information, see CRS Report RL32635, H.R. 10 (9/11 Recommendations
Implementation Act) and S. 2845 (National Intelligence Reform Act of 2004): A
Comparative Analysis.
5 The White House, Homeland Security Presidential Directive/HSPD-6, Subject:
Integration and Use of Screening Information (Washington, Sept. 16, 2003). Available at
[http://www.whitehouse.gov/news/releases/2003/09/20030916-5.html].
6 The Terrorist Screening Memorandum of Understanding accompanying HSPD-6 is
available at [http://www.fas.org/irp/news/2003/09/tscmou.pdf].
7 Presidents may exercise executive authority by issuing various kinds of directives. Among
the oldest of these are executive orders and proclamations, both of which today are usually
published in the Federal Register. For example, President George W. Bush established the
Office of Homeland Security and the initial Homeland Security Council with E.O. 13228
of Oct. 8, 2001. With the establishment of the National Security Council in 1947, there have
(continued...)
CRS-3
Screening Information to Protect Against Terrorism was signed by Secretary of State
Colin Powell, Attorney General John Ashcroft, Secretary of Homeland Security
Thomas Ridge, and Director of Central Intelligence (DCI) George Tenet on
September 16, 2003. The measures outlined in HSPD-6 and the MOU can be viewed
as an outgrowth of the Administration’s National Strategy for Homeland Security,
which reported in July 2002 that the FBI would be establishing a consolidated
terrorism watch list that would be “fully accessible to all law enforcement officers
and the intelligence community.”8
According to the Administration’s timetable, the TSC was to be operational on
December 1, 2003.9 The Administration, however, informed Representative Jim
Turner, the ranking member of the Select Committee on Homeland Security, that the
TSC was not “fully” operational as of the end of December 2003 and that the
Nation’s multiple terrorist watch lists had yet to be consolidated.10 On March 25,
2004, TSC Director Donna Bucella testified that the TSC had established an
unclassified, but law enforcement sensitive TSDB. In addition, the TSC was
assisting federal screening agencies in identifying terrorists and their supporters with
greater certainty, and TSDB lookout records had been made available to nearly
750,000 state and local law enforcement officers.11
The TSC is the latest of three multi-agency efforts undertaken by the
Administration to better identify, screen, and track known terrorists, suspected
terrorists, and their supporters. The other two are the FTTTF and the TTIC.
According to the Administration, the TSC complements the FBI-led FTTTF’s efforts
to prevent terrorists from entering the United States, and to track and remove them
if they manage to enter the country.
Under the oversight of the DCI, the TTIC serves as a single locale where
terrorism-threat data from all sources, foreign and domestic, are further analyzed to
7 (...continued)
emerged a series of variously denominated national security directives, but these are not
published. Recently, President Bush inaugurated a similar series of Homeland Security
Presidential Directives, the first such being issued on Oct. 29, 2001. While these homeland
security directives are not published in the Federal Register, they are available from the
White House Website and appear in the Weekly Compilation of Presidential Documents.
For further information see CRS Report 98-611, Presidential Directives: Background and
Overview, by Harold C. Relyea.
8 The White House, Office of Homeland Security, National Strategy for Homeland Security
(July 2002), p. 57.
9 The White House, Fact Sheet: New Terrorist Screening Center Established (Washington,
Sept. 16, 2003), at [http://www.whitehouse.gov/news/releases/2003/09/20030916-8.html].
10 Chris Strohm, “Congressman Blasts Bush on Terrorist Screening Efforts,” Government
Executive Magazine, Jan. 13, 2004, at
[http://www.govexec.com/dailyfed/0104/011304c1.htm].
11 This testimony was given by TSC Director Donna Bucella on Mar. 25, 2004, before a
joint hearing held by the House Judiciary Subcommittee on Crime, Terrorism, and
Homeland Security and the Select Homeland Security Subcommittee on Intelligence and
Counterterrorism.
CRS-4
more critically focus on terrorism. As part of that function, under HSPD-6, the TTIC
will assume a greater role in identifying individuals who are known, or suspected, to
be terrorists, or their supporters. In its July 2004 final report, the 9/11 Commission
recommended that a National Counterterrorism Center (NCTC) be established on the
foundation of the TTIC.12 The National Intelligence Reform Act of 2004 (P.L. 108-
458) authorizes the establishment of an NCTC.13
The Administration has transferred certain terrorist identification and watch list
functions previously performed by the Department of State’s (DOS’s) INR to the
TTIC and TSC. Through a system known as TIPOFF, the DOS’s INR identified
known and suspected terrorists, produced watch list records, and distributed those
records for inclusion in consular and border inspection systems. Prior to HSPD-6,
TIPOFF was the Nation’s principal terrorist watch list.14 Based in part on TIPOFF,
the member agencies of TTIC have built a TID into which all international terrorist-
related data available to the U.S. government will be stored in a single repository.15
An oversight issue for Congress — some may maintain the most critical issue
— is whether the Intelligence Community16 is sharing the information with the TTIC
that is necessary to effectively identify known and suspected terrorists and their
supporters. While outside the scope of this report, the 9/11 Commission
recommended establishing procedures for the Intelligence Community that provide
incentives for information sharing, restoring a better balance between security and
shared knowledge; and called upon the President to lead a government-wide effort
12 National Commission on Terrorist Attacks upon the United States, The 9/11 Commission
Report: Final Report of the National Commission on Terrorist Attacks upon the United
States, (Washington, 2004), p. 403.
13 For further information on NCTC-related proposals, see CRS Report RL32558, The 9/11
Commission and a National Counterterrorism Center: Issues and Options for Congress, by
Todd Masse.
14 Watch lists are just that, lists of persons who are of interest to visa issuance and border
inspection agencies or law enforcement. Persons may be on watch lists to prevent them
from acquiring a visa or to prevent them from entering the country, or both. Persons can be
excludable from entry for reasons ranging from public health concerns to tax-motivated
citizen renunciates, in addition to being known and suspected terrorists, or their supporters.
They may also be wanted by law enforcement agencies for questioning or arrest.
15 The TID is nearly identical to the system that section 343 of the Intelligence Authorization
Act for Fiscal Year 2003 (P.L. 107-306, 116 Stat. 2399) required the DCI to establish.
16 The Intelligence Community includes the Central Intelligence Agency (CIA); the National
Security Agency (NSA); the Defense Intelligence Agency (DIA); the National Geospatial-
Intelligence Agency (GIA); the National Reconnaissance Office (NRO); the other DOD
offices that specialize in national intelligence through reconnaissance programs; the
intelligence components of the Army, Navy, Air Force, Marine Corps, and Air Force, the
FBI, the Department of Energy, and the Coast Guard; the INR at the DOS, the Office of
Intelligence and Analysis at Department of the Treasury, and elements of the DHS that are
concerned with the analyses of foreign intelligence information (50 U.S.C. §401a(4)).
CRS-5
to overcome legal, policy, and technical issues to create a “trusted information
network” to share vital intelligence among agencies charged with domestic security.17
With TID records, the TSC is building a consolidated international terrorist
watch list, which will be merged with domestic terrorist watch list records, in the
TSDB. Moreover, under HSPD-6, the use of watch lists has been expanded to
include data taken from on-going criminal and national security investigations that
are related to terrorism. In addition, the Administration plans to widen access to, and
use of, watch list records by making them available in a “sensitive but unclassified”18
format to authorized federal, state, local, territorial and tribal authorities; to certain
private sector entities; and to certain foreign governments.
Hence, HSPD-6 elevated and expanded the terrorist identification and watch-list
functions, which were previously performed by the DOS’s INR for immigration-
screening purposes. The purpose of these measures is to better identify, watch-list,
and screen known and suspected terrorists at U.S. consulates abroad and international
ports of entry. Such measures could also better enable the U.S. government to track
terrorists within the United States if they manage to enter the country.
Along these lines, the 9/11 Commission endorsed the integration of U.S. border
security systems with other systems to expand the network of screening points to
include the nation’s transportation system and access to vital facilities.19 The
establishment of the TSC and TSDB can be viewed as the first phase of an
integrating border security systems with other law enforcement and transportation
security systems. Another oversight issue for Congress is the extent to which the
TSDB should be integrated with other screening systems to expand the network of
screening points. In regard to aviation security, the National Intelligence Reform Act
of 2004 (P.L. 108-458) includes several provisions that would expand and integrate
current border screening and transportation security systems.20
17 National Commission on Terrorist Attacks upon the United States, The 9/11 Commission
Report, pp. 417-418. For additional information, see CRS Report RL32597, Information
Sharing for Homeland Security: A Brief Overview, by Harold C. Relyea and Jeffrey W.
Seifert.
18 There is no governmentwide definition of “sensitive but unclassified (SBU).” Within
certain limits set out in statutes and presidential directives, agencies have discretion to
define SBU in ways that serve their needs to safeguard information that is unclassified but
should be withheld from the public for a variety of reasons. The reasons for safeguarding
such information, are likely to include maintaining the privacy rights of individuals and the
integrity of ongoing inquiries and investigations. A provision in the Homeland Security Act
of 2002 (§892 of P.L. 107-296, 116 Stat. 2253) requires the President to implement
procedures to safeguard SBU information that is homeland security-related. For further
information, see CRS Report RL31845, “Sensitive But Unclassified” and Other Federal
Security Controls on Scientific and Technical Information: History and Current
Controversy, by Genevieve J. Kneso.
19 National Commission on Terrorist Attacks upon the United States, The 9/11 Commission
Report, p. 387.
20 For further information on the integration of aviation-security watch lists with border
(continued...)
CRS-6
At the same time, there are significant risks, not the least of which is a potential
loss of individual privacy and an erosion of civil liberties. In the Intelligence
Authorization Act for Fiscal Year 2004,21 Congress has required the President to
report back to Congress on the operations of both the TTIC and TSC. In the interest
of protecting civil liberties, among other things, the 9/11 Commission has
recommended that the President promulgate information-sharing guidelines to
safeguard the privacy of the individuals about whom the information is being shared,
and establish a board within the Executive Branch to oversee adherence to these
guidelines.22 A provision (Section 1061) based on this recommendation was included
in the National Intelligence Reform Act of 2004 (P.L. 108-458).
Terrorist Watch-Listing Prior to HSPD-6
A primary goal of lookout systems and watch lists has been to prevent terrorist
attacks, by excluding known or suspected terrorists and their supporters from entry
into the United States. Under HSPD-6, the use of watch lists has been expanded to
better screen such persons at consular offices and international ports of entry, and to
better track them both abroad and, if they manage to enter the United States, at home.
Watch Lists and Lookout Books. The Department of State’s Bureau of
Consular Affairs (CA) and the federal border inspection services, until recently the
U.S. Customs Service and the Immigration and Naturalization Service (INS), have
long maintained watch lists (or lookout books) for the purpose of excluding
“undesirable” persons from the United States. Customs and immigration inspection
activities are now carried out by the Bureau of Customs and Border Protection (CBP)
at the Department of Homeland Security (DHS).23 While these watch lists/lookout
books were just that — bound paper volumes — the development of computers,
computer software, and computer connectivity/networking, allowed these agencies
to develop and more efficiently search watch list records during the 1970s and 1980s.
Beginning in 1987, the DOS began keeping watch list (lookout) records on
known and suspected terrorists through a system known as TIPOFF. While the DOS
had maintained computerized visa records since 1965, including watch lists, the
events surrounding the first World Trade Center bombing in 1993 prompted the CA
20 (...continued)
screening systems, see CRS Report RL32541, Aviation Security-Related Findings and
Recommendations of the 9/11 Commission, Bart Elias.
21 P.L. 108-177, Stat. 2622-2625.
22 National Commission on Terrorist Attacks Upon the United States, The 9/11 Commission
Report, pp. 394-395. For further information, see CRS Report RS21915, Privacy: Key
Recommendations of the 9/11 Commission, by Gina Marie Stevens and Harold C. Relyea.
23 Until the establishment of DHS, federal border inspection services included the
Department of the Treasury’s Customs Service, the Department of Justice’s INS, the
Department of Agriculture’s Animal and Plant Health Inspection Service (APHIS), and the
Department of Health and Human Service’s Public Health Service. The Homeland Security
Act dismantled INS and transferred its constituent parts, along with Customs and elements
of APHIS, to DHS. The border inspection programs of these agencies have been
consolidated in DHS’s Border and Transportation Security Directorate, as the CBP.
CRS-7
to accelerate the development of the Consular Lookout and Security System
(CLASS), so that, among other records, TIPOFF-generated terrorist watch list records
could be more easily and efficiently searched by computer at U.S. consular posts and
embassies abroad. Consular, intelligence, immigration, and law enforcement officers
nominate individuals for inclusion in TIPOFF.
Figure 1. TIPOFF and Immigration/Border Inspection Systems
TECS/IBIS
(Customs/INS)
Consular Officers
TIPOFF
CLASS
Intelligence Community
(INR)
(CA)
Law Enforcement
NAILS II
(INS)
Source: Adopted by the Congressional Research Service from a Department of
State presentation.
The INS, meanwhile, maintained its own watch list database known as the
National Automated Immigration Lookout System II (NAILS II), a system that is
currently maintained by the DHS’s Bureau of Immigration and Customs Enforcement
(ICE).24 While the bulk of NAILS II records are related to aliens who have either
been removed, failed to depart, or failed to show up for removal hearings, NAILS II
includes terrorism-related lookouts as well.
In 1988, Congress mandated the development of the Interagency Border
Inspection System (IBIS). This system, previously maintained by the Customs
Service, allowed the DOS, INS, and Customs to share watch lists, including terrorist
lookout records, at international ports of entry. This system is currently maintained
by the Homeland Security’s Customs and Border Protection.
Prior to HSPD-6, DOS’s INR culled through terrorism-related reports produced
by the Intelligence Community to identify individuals as known or suspected
terrorists, or their supporters. INR also processed cables, known as Visa Vipers,
from consular officers abroad when they learn of individuals associated with
terrorism. And, INR processed similar data provided by federal law enforcement
24 Following the establishment of the DHS, pursuant to P.L. 107-296 (116 Stat. 2135), the
Administration merged the investigation branches of the former INS and Customs Service
into ICE, along with the immigration detention and removal program, Customs Air and
Marine Interdiction program, and the Federal Protective Service. More recently, the Air
Marshals program was transferred from the Transportation Security Administration (TSA)
to ICE.
CRS-8
agencies to produce terrorism-related lookout records. These records were stored in
TIPOFF — a classified system. Declassified TIPOFF records were then exported
into CLASS, IBIS, and NAILS II. Also, lookout records produced by immigration
officers were exported from NAILS II into TIPOFF. See Figure 1.
As underscored in recent public testimony, however, watch lists were only as
good as the information contained in them, and the agencies responsible for
producing these lookout records — principally DOS’s INR and DOJ’s INS — were
dependent upon the information they received from the Intelligence Community and
federal law enforcement.25
Terrorism-Related Ground for Inadmissability. According to the U.S.
government, the term “terrorism” means “the premeditated, politically motivated
violence perpetrated against noncombatant targets by subnational groups or
clandestine agents, usually intended to influence an audience.”26 Prompted by the
assassination of President William McKinley in 1901, Congress passed legislation
in 1903 to exclude from entry into the United States noncitizens who were anarchists,
or who advocated the violent overthrow of the U.S. government.27 As a security
measure during the First World War, the DOS and Department of Labor (DOL)28
jointly issued an order in 1917, which required noncitizens to acquire visas from U.S.
Consuls abroad and present their visas and passports to U.S. inspectors upon arrival
in the United States. This wartime requirement was codified in 1918,29 and was
made a permanent feature of U.S. immigration law in 1924.30 This requirement was
continued by the Immigration and Nationality Act (INA) of 1952.31
25 See testimony of Mary Ryan, former Assistant Secretary of State for Consular Affairs,
Department of State, and Doris Meissner, former Commissioner, Immigration and
Naturalization Service, Department of Justice, before the National Commission on Terrorist
Attacks upon the United States, Jan. 26, 2004. At [http://www.9-11commission.gov/
hearings/hearing7.htm].
26 This definition of “terrorism” is taken from 22 U.S.C. §2656f(d). U.S. Department of
State, Patterns of Global Terrorism 2002 (Washington, Apr. 2003), p. xiii.
27 P.L. 57-162, 32 Stat. 1213.
28 In 1891, Congress established the office of Superintendent of Immigration in the
Department of the Treasury. The immigration functions remained at Treasury until 1903,
when they were transferred by Congress to the Department of Commerce and Labor. In
1906, the immigration and naturalization functions were consolidated in the Bureau of
Immigration and Naturalization. In 1913, Congress transferred the Bureau to the newly
established DOL, splitting the immigration functions between a Bureau of Immigration and
a Bureau of Naturalization. The immigration and naturalization functions were combined
again in 1933, as the Immigration and Naturalization Service (INS). In 1940, President
Franklin Delano Roosevelt transferred INS to the Department of Justice. The Homeland
Security Act of 2002 (P.L. 107-296) abolished INS, transferring its immigration functions
to the DHS.
29 Act of May 22, 1918, 40 Stat. 559.
30 Act of May 26, 1924, 43 Stat. 153, 156, 161.
31 INA §§211, 212(a)(7), 221, 8 U.S.C §§1181, 1182(a)(7), 1201.
CRS-9
Visa issuance has long been viewed as a means of preventing undesirable
persons, including suspected spies, saboteurs and subversives, from entering the
United States. In the Immigration Act of 1990, Congress amended and substantially
revised the grounds for exclusion in the INA, including new provisions related to the
exclusion of terrorists from the United States.32 These terrorist exclusion provisions
were subsequently amended and widened by the Antiterrorism and Effective Death
Penalty Act33 and the Illegal Immigration and Immigrant Responsibility Act in
1996,34 and by the USA PATRIOT Act in 2001.35
Under the INA, an alien is inadmissible if there is reasonable ground to believe
the alien (1) has engaged in terrorist activity; (2) is engaged or is likely to engage in
terrorist activity; (3) has, under certain circumstances, indicated an intention to cause
death or serious bodily harm, or incited terrorist activity; (4) is a representative of a
foreign terrorist organization designated by the Secretary of State, or a political,
social, or other similar group whose public endorsement of acts or terrorist activity
the Secretary of State has determined undermines U.S. efforts to reduce or eliminate
terrorist activities; (5) is a member of a foreign terrorist organization designated by
the Secretary of State; or (6) has used his/her position of prominence within any
country to endorse or espouse terrorist activity, in a way that the Secretary of State
has determined undermines United States activity to reduce or eliminate terrorism
activities.36 The National Intelligence Reform Act of 2004 (P.L. 108-458) amends
the terrorist grounds for exclusion.37
Diplomatic Considerations. More than three years following the September
11, 2001 attacks, there is considerable momentum to watch-list additional persons
as known or suspected terrorists, or their supporters. Nevertheless, the exclusion or
watch-listing of persons for ideological or political beliefs has long been a source of
controversy. While it is clearly within the U.S. government’s mandate to screen and
track persons who are intent on inciting or engaging in terrorist activities, the
determination of who may be a member or supporter of a foreign terrorist
organization and, therefore, be prevented from entering the United States or be
32 INA §212(a)(3)(B)(i), 8 U.S.C. §1182(a)(3)(B)(i), as amended by the Uniting and
Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct
Terrorism (USA PATRIOT Act) Act of 2001 (P.L. 107-56).
33 P.L. 104-132, 110 Stat. 1214.
34 P.L. 104-208, 110 Stat. 3009-546.
35 P.L. 107-56, 115 Stat. 272.
36 P.L. 101-649, 104 Stat. 4978. For more information on the process of designation of
foreign terrorist organizations and other related foreign terrorist lists, see CRS Report
RL32120, The “FTO List” and Congress: Sanctioning Designated Foreign Terrorist
Organizations; and CRS Report RL32223, Foreign Terrorist Organizations, both by Audrey
Cronin.
37 For further information, see CRS Report RL32564, Immigration: Terrorist Grounds for
Exclusion of Aliens, by Michael John Garcia and Ruth Ellen Wasem.
CRS-10
subject to police surveillance is ultimately a subjective consideration made by
intelligence analysts and special agents based on the best information available.38
Failures to Identify, Watch-List, and Screen 9/11 Hijackers
Despite measures following the first World Trade Center bombing to more
effectively identify and screen known and suspected terrorists, all 19 hijackers who
participated in the September 11, 2001 attacks had been issued visas by the DOS in
accordance with statutorily required watch-list name checks and other visa issuance
requirements, and had entered the country legally. While watch lists will never
contain the names of all terrorists, it is generally agreed that members of the
Intelligence Community possessed sufficient information to watch-list at least two,
possibly three, of the al Qaeda hijackers. Better use of watch lists may have at least
disrupted the activities of the September 11, 2001 hijackers.
According to the congressional 9/11 Joint Inquiry, the Intelligence Community
missed repeated opportunities to watch-list two of the hijackers, Khalid al-Mihdhar
and Nawaf al-Hazmi.39 By January 2001, the CIA had identified al-Mihdhar and al-
Hazmi from surveillance photos of a major meeting of known al Qaeda operatives
in Kuala Lumpur, Malaysia on January 5 and 8, 2000. In the same month, the CIA
obtained a copy of al-Mihdhar’s Saudi passport. It was also known that al-Mihdhar
had been issued a U.S. visa in Jeddah, Saudi Arabia, in April 1999, which was valid
through April 2000. Nevertheless, the CIA did not watch-list him.40
On January 15, 2000, al-Mihdhar and al-Hazmi entered the United States at Los
Angeles International Airport (LAX). By March 2000, the CIA had learned that al-
Hazmi — an experienced Mujahadeen41 — had entered the United States through
LAX. For about five months, al-Mihdhar and al-Hazmi stayed in San Diego, taking
flight lessons. In addition to being in contact with an FBI confidential informant in
San Diego, they were also in contact with another September 11, 2001 co-
conspirator, Hani Hanjour, who subsequently piloted American Airlines Flight 77
into the Pentagon. On June 10, 2000, al-Mihdhar departed the United States; on July
38 Section 212(d) of the INA provides the Secretary of Homeland Security with authority to
waive the inadmissibility of members and supporters of foreign terrorist organizations, if it
is in the national interest to do so. Under current law, such visa denial waivers would be
granted at the request of the Secretary of State.
39 U.S. Congress, U.S. Senate Select Committee on Intelligence and U.S. House Permanent
Select Committee on Intelligence, Joint Inquiry Into Intelligence Community Activities
Before and After The Terrorist Attacks of September 11, 2001, 107th Congress, 2nd sess.,
S.Rept. 107-351, H.Rept. 107-792 (Washington: GPO, 2002), p. 12.
40 Ibid., p. 145.
41 Mujahadeen, in the sense used here, are fighters trained in insurgent and terrorist
techniques, often in training camps sponsored by or associated with al Qaeda. In the context
of the 1979-1989 war in Afghanistan, the Mujahadeen were often Muslim men from other
countries who fought with the indigenous Afghan guerillas against the Soviets. Some of
these Mujahadeen later formed the core of the al Qaeda movement.
CRS-11
12, al-Hazmi applied to the INS for a visa extension. Al-Hazmi moved to Phoenix,
AZ, linked up with Hanjour, and subsequently overstayed his visa.42
By late May 2001, the CIA transferred to the FBI the surveillance photos of the
January 2000 Kuala Lumpur meeting. While al-Mihdhar and al-Hazmi were
identified, along with Khallad bin-Atash, a leading al Qaeda operative and planner
of the USS Cole bombing, neither the CIA nor the FBI watch-listed them. On June
13, 2001, with a new passport, al-Mihdhar obtained another U.S. visa in Jeddah. He
falsely stated on the visa application that he had never been to the United States. He
reentered the United States at John F. Kennedy (JFK) airport in New York City on
July 4, 2001.
On the request of the CIA, al-Mihdhar and al-Hazmi were watch-listed on
August 23, 2001 — less than three weeks before the September 11, 2001 terrorist
attacks.43 While FBI agents in Phoenix and Minneapolis were following up other
leads that may have led them to the September 11, 2001 conspirators, the repeated
failures by the Intelligence Community, principally the CIA and FBI, to watch-list
al-Mihdhar and al-Hazmi were crucial lost opportunities associated with the
September 11, 2001 attacks, according to the 9/11 Joint Inquiry.44
The 9/11 Commission characterized these lost opportunities to watch-list al-
Mihdhar and al-Hazmi as “failures.” The Commission purports that there was
evidence to watch-list Salem al-Hazmi, Nawaf al-Hazmi’s brother, as well. Despite
the efforts of key INR officials who developed TIPOFF, the 9/11 Commission found
that within the Intelligence Community “watchlisting” was not viewed as integral to
intelligence work; rather it was viewed as “a chore off to the side....”45
Elevating and Expanding Terrorist Identification, Screening,
and Tracking under HSPD-6
On September 16, 2003, the White House issued HSPD-6, which set in motion
several measures to improve intelligence gathering and analysis on terrorists and their
activities by establishing additional mechanisms to ensure secure, effective, and
timely interagency information sharing. In other words, getting the right information
to the right people, securely and at the right time. The centerpiece of HSPD-6 is the
establishment of the Terrorist Screening Center, the latest of three multi-agency
efforts undertaken by the Administration to better identify, screen, and track known
terrorists, suspected terrorists, and their supporters. The other two are the Foreign
42 U.S. Congress, Joint Inquiry Into Intelligence Community Activities Before and After The
Terrorist Attacks of September 11, 2001, p. 148.
43 Ibid., p. 152.
44 Ibid., p. 81.
45 National Commission on Terrorist Attacks upon the United States, “Three 9/11 Hijackers:
Identification, Watchlisting, and Tracking,” Staff Statement no. 2, (Washington, 2004), p.
1.
CRS-12
Terrorist Tracking Task Force and the Terrorist Threat Integration Center, both of
which are described in greater detail below.46
Besides establishing the TSC, HSPD-6 transferred the terrorist identification and
watch list functions previously performed by the DOS’s INR to the TTIC and TSC.
The TIPOFF system was developed by the DOS’s INR to identify, watch-list, and
screen terrorists and their supporters. Consular, immigration, and customs officers
used TIPOFF-generated lookout records to exclude terrorists from entry into the
United States and, if they managed to enter, to remove them from the United States.
As part of its larger mission to assess terrorist threats, under HSPD-6, TTIC’s
member elements are now charged with identifying foreign terrorists as well. The
TSC is charged with consolidating terrorist watch lists and making that data available
in a useful format to screening agencies, and the FTTTF, with assisting federal law
enforcement agencies with tracking foreign terrorists at home and abroad.
Foreign Terrorist Tracking Task Force (FTTTF). On October 30, 2001,
President George W. Bush directed that the FTTTF be established as part of
Homeland Security Presidential Directive 2 (HSPD-2).47 On August 6, 2002, the
Attorney General placed the FTTTF administratively within the FBI. As a multi-
agency effort, the mission of the FTTTF is to provide federal law enforcement
agencies with the best possible information to (1) prevent foreign terrorists and their
supporters from entering the United States; and (2) locate, detain, prosecute, or
remove them if they manage to enter the United States. Since the issuance of HSPD-
2, the mission of the FTTTF has evolved. While the FTTTF continues to assist
federal investigators in locating terrorism-related suspects, much of its original
mission to screen terrorists at ports of entry has been passed on to the TSC, as is
more fully described below.
In many areas, the FTTTF has facilitated and coordinated information sharing
agreements among participating agencies and commercial data providers. By
accessing and analyzing this data, the FTTTF assists counterterrorism investigations
being conducted by the FBI’s National Joint Terrorism Task Force (National JTTF)48
and 84 regional Joint Terrorism Task Forces (JTTFs).49 By data-mining public and
46 Other examples of interagency groups include the Secret Service’s Document Security
Alliance Groups, the Migrant Smuggling and Trafficking in Persons Coordination Center,
and the Data Management Improvement Act Task Force. For further information on
interagency efforts, see CRS Report RL31357, Federal Interagency Coordinative
Mechanisms: Varied Types and Numerous Devices, by Frederick M. Kaiser.
47 The White House, Homeland Security Presidential Directive-2, Subject: Combating
Terrorism Through Immigration Policies, Oct. 29, 2001. Available at [http://www.white
house.gov/news/releases/2001/10/20011030-2.html].
48 The FBI established the National JTTF in 2002 at the Bureau’s Washington command
center. The mission of the National JTTF is to collect terrorism-related intelligence and
funnel it to the JTTFs, other FBI terrorism units, and partner agencies. Representatives from
nearly 30 different agencies are detailed to the National JTTF, bringing outside expertise
that includes intelligence, public safety, and state and local law enforcement.
49 Several JTTFs were first formed in the early 1980s as teams of state and local law
(continued...)
CRS-13
proprietary data systems, the FTTTF can track the “electronic footprints” of known
and suspected terrorists.50 In so doing, the FTTTF assists the 85 JTTFs nationwide,
the 56 FBI field offices, the 46 FBI legal attaches51 abroad, and the DHS in locating
suspected terrorists and their supporters.
Besides the FBI, key FTTTF players include the DOD, the DHS CBP and ICE,
the DOS, the Social Security Administration, the Office of Personnel Management,
the Department of Energy, and the CIA. The FTTTF has also established liaisons
with Canada, Australia, and the United Kingdom. The FTTTF was funded for
FY2004 as a stand alone line item in the FY2004 Consolidated Appropriations Act
in the amount of nearly $62 million.52 Congress provided the same amount in
FY2003 as well.53
Terrorist Threat Integration Center (TTIC). In the State of the Union
Address, on January 28, 2003, President George W. Bush announced the
establishment of the TTIC. On the same date, the While House issued a Fact Sheet:
Strengthening Intelligence to Better Protect America, which outlined the Center’s
mission and functions.54 They include the following:
! optimizing the use of terrorist threat-related information, expertise,
and capabilities to conduct threat analysis and inform collection
strategies;
! creating a structure that ensures information sharing across agency
lines;
! integrating domestic and foreign terrorist-related information and
form the most comprehensive possible threat picture; and
! being responsible and accountable for providing terrorist threat
assessments for our national leadership.
49 (...continued)
enforcement officers, FBI Special Agents, and other federal law enforcement officers.
According to the FBI, by combining the assets of different agencies, the JTTFs act as “force
multipliers” that allow for greater coverage in the war on terror. There are currently 84
JTTFs.
50 For further information on issues related to data mining, see CRS Report RL31798, Data
Mining: An Overview, by Jeffrey W. Seifert.
51 As part of the Foreign Attache Program, the FBI has established 46 foreign legation
offices overseas to establish cooperative efforts with foreign police partners as part of the
FBI’s domestic law enforcement mission.
52 P.L. 108-199, 118 Stat. 3.
53 P.L. 108-7, 117 Stat. 56.
54 This fact sheet is available on the White House website, at [http://www.whitehouse.gov/
news/releases/2003/01/20030128-12.html].
CRS-14
More recently, in its July 2004 final report, 9/11 Commission recommended that a
National Counterterrorism Center be established on the foundation of the TTIC.55
The National Intelligence Reform Act of 2004 (P.L. 108-458) authorizes the
establishment of an NCTC.56
The Terrorist Threat Integration Center became operational on May 1, 2003.
John Brennan, a career CIA official, was appointed by the Administration to be the
Director of TTIC. An FBI special agent serves as the Center’s Deputy Director.
Funding for TTIC is provided by participating agencies, including the DHS, DOS,
DOJ, DOD, and the Intelligence Community. While TTIC is under the DCI, the
Administration emphasizes that it is a “multi-agency joint venture,” and is not part
of the CIA. TTIC’s mission is to form the most comprehensive threat picture
possible by serving as a central hub for the fusion and analysis of all-source
information collected from foreign and domestic sources on international terrorist
threats.
TTIC’s operations encompass elements of both the FBI’s Counterterrorism
Division (CTD)57 and the DCI’s Counterterrorism Center (CTC).58 In September
2003, there were about 100 analysts on board at TTIC, and the Administration plans
to have about 300 analysts total on board in May 2004, when the Center was moved
to a location outside of the CIA.59 Collocating the DCI’s CTC and the FBI’s CTD
at TTIC is designed to encourage greater cooperation and information sharing
between the wider Intelligence Community and the FBI.60
In the past, information sharing between the CIA and FBI has been hampered
by differing priorities and methods. The CIA is banned from having any role in
domestic law enforcement or internal security functions by the National Security Act
of 1947,61 and the DCI is mandated to protect “sources and methods from
55 Commission on Terrorist Attacks upon the United States, The 9/11 Commission Report,
p. 403.
56 For further information on NCTC-related proposals, see CRS Report RL32558, The 9/11
Commission and a National Counterterrorism Center: Issues and Options for Congress, by
Todd Masse.
57 The mission of the FBI’s CTD is to detect and deter terrorist acts within the United States,
and to investigate terrorist attacks against U.S. interests and the American people at home
and abroad.
58 The mission of the DCI’s CTC is to exploit all-source intelligence to produce in-depth
strategic and tactical analyses of terrorist groups. The CTC also coordinates the Intelligence
Community’s counterterrorism activities and operations.
59 Kevin Whitelaw, “Inside the Government’s New Terrorism Threat Integration Center,”
U.S. News & World Report, Sept. 15, 2003, p. 31.
60 See also, CRS Report RL32336, FBI Intelligence Reform Since September 11, 2001:
Issues and Options for Congress, by Alfred Cumming and Todd Masse.
61 50 U.S.C. §403-3(d)(1).
CRS-15
unauthorized disclosure.”62 Like the CIA, the FBI also protects its sources and
methods, particularly the identities of confidential informants, so as not to jeopardize
on-going investigations. The FBI, however, is also bound by other criminal laws and
guidelines related to protecting grand jury information and limiting criminal
investigations, undercover operations, and covert surveillance that are, in large part,
designed to protect privacy and civil liberties. Moreover, the CIA generally takes a
long-term strategic view of intelligence gathering and analysis, while the FBI takes
a short-term tactical view that traditionally has been geared towards resolving
investigations.63
Nevertheless, according to the Administration, TTIC will not collect
intelligence; instead, as the primary consumer of terrorism-related intelligence, one
of the Center’s core functions is to ensure information-sharing across agency lines.
TTIC is also responsible for setting requirements and tasking other federal agencies
in the area of shared databases. The Attorney General is responsible for ensuring that
the FBI’s information technology modernization programs are configured to share
information easily with TTIC.
In terms of more broadly disseminating intelligence reports, an administration
official has recently testified that TTIC’s Information Sharing Program Office has
worked to reduce the number of terrorism-related documents and records that are not
under “originator control,” meaning the information contained in those records could
compromise sources and methods. Consequently, before another agency uses that
document or record, it must gain the permission of the originating agency.
Other methods being employed more frequently at TTIC are “writing for
release” and “tear lines.”64 Writing for release means producing useful, but less
sensitive intelligence reports. Tear lines are employed to divide reports. The
substance of the information appears above the tear line, and the sources and methods
by which the information was acquired appears below the tear line. To effect rapid
interagency information-sharing, TTIC has established a classified web-accessible
service: TTIC Online. TTIC is developing less sensitive mirror images of TTIC
Online to more broadly disseminate information and analysis to appropriate entities.65
See Figure 2.
62 50 U.S.C. §403-3(c)(7).
63 Frederick P. Hitz and Brian J. Weiss, “Helping the CIA and FBI Connect the Dots in the
War on Terror,” International Journal of Intelligence and Counterintelligence, spring 2004,
vol. 17, no. 1, p. 13.
64 Russell E. Travers, TTIC Associate Director for Defense Issues, Statement Before the
National Commission on Terrorist Attacks upon the United States, Jan. 26, 2004, p. 7.
65 Testimony of John Brennan, Terrorist Threat Integration Center Director, in U.S.
Congress, Senate Judiciary Subcommittee on Immigration and Border Security
(Washington, Sept. 23, 2003), p. 2.
CRS-16
TTIC has established and will maintain the TID, which will be a repository for
all-source information on known and suspected terrorists.66 The TID is envisioned
as becoming the primary source for international terrorist data provided by TTIC to
the TSC. Such information will include names, aliases, dates and places of birth,
identification and travel documents, unique and distinguishing physical features,
biometric data, and individuals’ past affiliation with terrorist acts or groups. In the
past, much of this information was stored in disparate databases maintained by
several agencies. According to the Administration, consolidating and expanding this
data could remedy systemic weaknesses that in the past prevented intelligence
analysts and investigators from positively identifying known and suspected terrorists.
To build the TID and prevent duplication of effort, functions of the DOS Bureau
of Intelligence and Research’s TIPOFF system, particularly those aspects related to
the identification of foreign terrorists, were transferred to TTIC. The entire TIPOFF
database of about 120,000 names served as the core of the TID. TIPOFF staff were
split, with part going to the TTIC and part going to the TSC. Under HSPD-6, the
President directed all heads of executive departments and agencies to provide to
TTIC on a continual basis all appropriate data regarding terrorists and related
activities to the extent that the law allows.
An oversight issue for Congress — some maintain the most critical issue — is
whether the Intelligence Community is providing TTIC with the information
necessary to effectively identify known and suspected terrorists and their supporters.
In turn, TTIC is providing the TSC with all appropriate information for the inclusion
of watch list records in the TSDB. .
Terrorist Threat Integration Center and Information Analysis and
Infrastructure Protection Reporting Requirements. Unlike the FTTTF, the
establishment of TTIC has generated some controversy.67 Some Members of
Congress have questioned whether the functions currently assigned to TTIC, like
intelligence fusion and threat assessment, would not be better housed in DHS’s
Directorate for Information Analysis and Infrastructure Protection (IAIP), as the
Homeland Security Act gave responsibility for all-source terrorist threat analysis to
the new department.68 In September 2003, William Parrish, the former DHS Acting
Assistant Secretary for Information Analysis, testified that DHS will overlay TTIC-
66 The TID is nearly identical to a system required under section 343 of the Intelligence
Authorization Act for Fiscal Year 2003 (P.L. 107-306, 116 Stat. 2399), which requires the
DCI to establish a “terrorist identification classification system” that would be a list of
individuals who are known or suspected terrorists, and organizations that are known or
suspected terrorist organizations.
67 For further information, see CRS Report RS21283, Homeland Security: Intelligence
Support, by Richard A. Best, Jr.
68 The House Select Committee on Homeland Security and the Committee on the Judiciary
held a hearing on TTIC on July 22, 2003. The Senate Judiciary Subcommittee on
Immigration and Border Security held a hearing on HSPD-6, in which the role of TTIC was
questioned, on Sept. 23, 2003.
CRS-17
generated threat assessments on IAIP-identified vulnerabilities, so that protective
measures can be developed and implemented.69
In other words, with TTIC-generated threat information, IAIP could be better
equipped to identify and prioritize the nation’s critical infrastructure that needs to be
more closely guarded so that security resources can be more efficiently deployed.
Regarding the respective roles of the DHS’s IAIP and the DCI’s TTIC, Section 359
in Intelligence Authorization Act for Fiscal Year 200470 required the President to
submit a report to the appropriate committees of Congress71 by May 1, 2004, on the
operations on both the IAIP Directorate and TTIC. This provision set out that this
report should include the following elements:
! an assessment of the operations of the IAIP and TTIC;
! an assessment of the ability of TTIC to carry out the responsibilities
assigned to it by the President;
! an assessment of the ability of IAIP to carry out the responsibilities
assigned to it under section 201 of the Homeland Security Act;72
! an action plan to bring TTIC to full operational capacity as outlined
in the President’s State of the Union address, including milestones,
funding, and sources of funding;
! a delineation of responsibilities and duties for the IAIP and TTIC;
! a delineation and summary of overlapping areas of responsibilities
and duties carried out by IAIP, TTIC, and any other element of the
federal government;
! an assessment of where these areas of overlap, if any, represent an
inefficient use of resources;
! a description of the policies and procedures adopted by IAIP and
TTIC to ensure compliance with the Constitution, any applicable
statues, executive orders, and regulations of the United States;
! an assessment of the practical impact that TTIC operations, if any,
may have on individual liberties and privacy; and
! any other information the President deems appropriate that provides
a fuller explanation as to why TTIC should be established as a “joint
venture” of participating agencies rather than as an element of IAIP.
This provision set out further that the report be presented in an unclassified format,
which could include a classified annex if necessary. Whether the Administration
delivered this report to Congress is unknown as of the latest update of this report.
69 Testimony of William Parrish, Acting Assistant Secretary for Information Analysis, in
U.S. Congress, Senate Judiciary Subcommittee on Immigration and Border Security
(Washington, Sept. 23, 2003), p. 2.
70 P.L. 108-177, 117 Stat. 2622.
71 For purposes of this provision the appropriate committees of Congress include the Senate
committees on Intelligence, Governmental Affairs, the Judiciary, and Appropriations; and
in the House, the committees on Intelligence, Homeland Security, the Judiciary, and
Appropriations.
72 P.L. 107-296, 116 Stat. 2145.
CRS-18
Nonetheless, in August 2004, the DHS Office of Inspector General issued a
report finding that, despite its border security mission, DHS was not playing a lead
role in consolidating terrorist watch list information. Instead, as noted in this report,
watch list consolidation was being managed by entities — the TSC and TTIC — that
were principally associated with agencies charged with identifying terrorist threats
prior to DHS’ formation — namely the FBI and CIA.73
Terrorist Screening Center (TSC). According to the Administration, the
primary mission of the TSC is to consolidate all federal terrorist watch lists into a
consolidated terrorist screening database, so that all federal agencies would have
access to the best and most complete information. A TSA official, Donna Bucella,
has been detailed to the FBI and appointed head of the TSC. A DHS official,
Richard Kopel, has been appointed second-in-command at the TSC. As a multi-
agency effort, the Center’s staff will include designees from the DOS, DOJ, and
DHS, as well as other intelligence community entities. TSC personnel are to be
given access to TTIC databases, including the TID, as well as any relevant
intelligence that advances terrorist screening.
Under HSPD-6, the Administration envisions that terrorist watch lists will be
used much more frequently in the future. In the past, terrorism-related watch lists
were used principally for purposes of screening noncitizens applying for visas abroad
at consular offices and at the border when applying for admission at international
ports of entry. Today, as described more fully below, state and local law enforcement
officers are able to screen persons stopped for routine traffic violations against
terrorist TSDB lookout records. See Figure 2 below.
The TTIC Director, the TSC Director, the heads of federal departments or
agencies, or their designees “nominate” persons for inclusion in the TSDB by
notifying either the TTIC or the FBI. The TSC Director is responsible for
establishing procedures to review these records when new information is developed
concerning the persons about whom the records are maintained. According to the
Administration, TTIC is providing international terrorism data, and the FBI is
providing domestic terrorism data for inclusion in the TSDB. Both sets of data are
merged in the TSC-maintained TSDB.
According to the FBI, international terrorists include those persons who carry
out terrorist activities under foreign direction. For this purpose, they may include
citizens or noncitizens, under the rationale that citizens could be recruited by foreign
terrorist groups. Or, noncitizens (aliens) could immigrate to the United States and
naturalize (become citizens), having been unidentified terrorists before entry, or
having been recruited as terrorists sometime after their entry into the United States.
By comparison, domestic terrorists are not under foreign direction, and operate
entirely within the United States. According to the Administration, when
73 U.S. Department of Homeland Security, Office of Inspector General, DHS Challenges in
Consolidating Terrorist Watch List Information (OIG-04-31), (Washington, Aug. 2004), 48
pp.
CRS-19
appropriate, both sets of data will include information on “United States persons.”74
Criteria for the inclusion of U.S. persons in the database will be developed by an
interagency working group. The term “United States persons” includes U.S. citizens
and legal permanent residents (immigrants).
For agencies responsible for screening terrorists, the TSC Director and agency
designees will determine the “screening processes” that will be supported and the
amount and type of data that will be provided, depending on an agency’s mission.
Based on recent congressional testimony, it is clear that the TSC is supporting the
screening missions of the State’s Consular Affairs and Homeland Security’s Customs
and Border Protection. It is less clear how much support the TSC is providing the
DHS’s TSA and ICE. To determine whether to allow screening agencies access to
certain records, the TSC is to consider, but not be limited to, the following elements:
! the nature of the person’s association with terrorism;
! the quality of data, including credibility, reliability, and extent of
corroboration;
! the extent of uniquely identifying personal data;
! the authority or authorities under which the data were obtained, and
any restrictions on how these data may be shared or used;
! the authority or authorities of the screening entity;
! the circumstances, including changes in the Homeland Security Alert
Level, under which screening will occur; and
! the action the screening agency will take if a person is identified as
a person in the TSC’s terrorist screening database.
These elements serve as a rough guide to what should be included in lookout
records. Nevertheless, HSPD-6 does not speak to the issue that the FBI-administered
TSC will need to fully assess the missions of many different agencies in order to
provide the appropriate amount of information and handling codes in the lookout
records, which will then be disseminated from the consolidated TSDB. While
departmental and agency designees will have a voice at the table, and each agency
will determine which known or suspected terrorists are placed in the respective
lookout systems under HSPD-6, the FBI will be the lead agency and likely play an
important role in the final decision.
74 The definition of “United States person” is found at 50 U.S.C. §1801(i): a citizen of the
United States, an alien lawfully admitted for permanent residence (as defined §1101(a)(2)
of Title 8), an unincorporated association a substantial number of members of which are
citizens of the United States or aliens lawfully admitted for permanent residence, or a
corporation which is incorporated in the United States, but does not include a corporation
or an association which is a foreign power, as defined in subsection (a)(1), (2), or (3) of this
section.
CRS-20
Figure 2. Terrorist Identification, Watch-Listing, and Watch List Determination under HSPD-6
Source: Adapted by the Congressional Research Service from a Department of State Presentation.
CRS-21
Expanding Use of Terrorist Watch Lists. Prior to September 11, 2001,
watch lists were used principally for federal border and transportation security, and
law enforcement. In HSPD-6, the Administration has clearly signaled that the use
of watch lists will be expanded beyond those purposes traditionally associated with
border and transportation security, and federal law enforcement. Under HSPD-6, to
the extent permitted by law, the consolidated TSDB will be made available to
! state, local, territorial, and tribal law enforcement agencies;
! other appropriate state, local, territorial, and tribal authorities;
! private sector entities charged with managing critical infrastructure
or organizers of large events (e.g., the Salt Lake City Winter
Olympics); and
! foreign governments that have entered into immigration agreements
with the United States or that are engaged in the global war on
terrorism as partners with the United States.
As described below, the Administration has made such records available to state
and local law enforcement, and plans to make such records available in limited cases
with foreign governments through the FBI’s National Crime Information Center
(NCIC) in a sensitive but unclassified format. NCIC is an FBI-administered
telecommunications system that allows authorized law enforcement officers,
including state and local officers, to access and search several automated databases
pertaining to fugitives, missing persons, stolen property, and criminal histories.
In regard to noncitizens, the Attorney General, in consultation with the Secretary
of Homeland Security, or their designees at the TSC, is to determine which records
are entered into NCIC. For all other persons, the Attorney General is to determine
which records relating to alleged terrorists are entered into NCIC. The Secretary of
State, in consultation with the Attorney General, Secretary of DHS, and the Director
of Central Intelligence, will determine which records will be made available to
foreign governments.
The Secretary of Homeland Security, or his TSC designee, is to determine
whether such records should be available to other non-law enforcement authorities
at the state, local, territorial, and tribal levels for other purposes. Such purposes may
include screening persons when they apply for driver’s licenses or licenses to transfer
hazardous material.
Along these lines, the 9/11 Commission endorsed the integration of U.S. border
security systems with other systems to expand the network of screening points to
include the Nation’s transportation system and access to vital facilities.75 The
establishment of the TSC and TSDB is in part an integration of border security
systems with other screening systems related to law enforcement and perhaps
transportation security systems. An oversight issue for Congress is the extent to
75 National Commission on Terrorist Attacks upon the United States, The 9/11 Commission
Report, p. 387.
CRS-22
which the TSDB should be integrated with other screening systems to expand the
network of screening points.
TSC Level of Operations. According to the Administration’s timetable,
TSC operations were to be phased in rapidly, and the center was to be operational by
December 1, 2003.76 According to press accounts, however, the Administration
informed Representative Jim Turner, the ranking Member of the Select Committee
on Homeland Security, that the TSC was not “fully” operational as of the end of
December and that the Nation’s multiple terrorist watch lists had yet to be
consolidated.77 Director Bucella publically testified that the TSC was operational on
December 1, 2003.78 According to that testimony, as part of phase one, the TSC has
had the ability to
! provide the names and identifying information of known or
suspected terrorists to federal, state, and local law enforcement;
! review whether a known or suspected terrorist should be included in
the agency watch lists or should be deleted from such lists;
! ensure that persons, who may share a name with a known or
suspected terrorist, are not unduly inconvenienced by screening
processes conducted by the U.S. government; and
! adjust or delete outdated or incorrect information to prevent
problems arising from misidentifications.79
On March 25, 2004, Director Bucella testified before a joint hearing of the
House Judiciary Committee’s Crime, Terrorism and Homeland Security
Subcommittee and the Select Homeland Security Committee’s Intelligence and
Counterterrorism Subcommittee.80 In that testimony, Director Bucella reported that
phase two of the TSC’s implementation had been completed and an unclassified but
law enforcement sensitive TSDB had been established. As of April 1, 2004, the
TSDB contained about 79,289 lookout records.
Through March, the TSC had provided DOS’s CA with 54,000 security advisory
opinions, of which 90 were related to terrorism, and 56 resulted in visa revocations.
In addition, the CBP’s National Targeting Center Director, Charles Bartoldus,
testified that CBP officers were routinely working with the TSC to evaluate and
assess potential matches between terrorist lookout records and individuals applying
for admission into the United States. With TSC’s assistance, CBP inspectors are
currently able to resolve potential matches more expeditiously, resulting in the more
76 U.S. Department of Justice, Fact Sheet: Terrorist Screening Center, Sept. 16, 2003, at
[http://www.fbi.gov/pressrel/pressrel03/tscfactsheet091603.htm].
77 Chris Strohm, “Congressman Blasts Bush on Terrorist Screening Efforts,” Government
Executive Magazine, Jan. 13, 2004, at [http://www.govexec.com/dailyfed/0104/
011304c1.htm].
78 Donna Bucella, Terrorist Screening Center Director, Testimony Before the National
Commission on Terrorist Attacks upon the United States, Jan. 26, 2004, p. 1.
79 Ibid., p. 2.
80 This hearing can be viewed by webcast at [http://www.house.gov/judiciary/crime.htm].
CRS-23
timely release of individuals who have been misidentified. Members also asked
Director Bucella about the TSC’s interactions with the DHS’s TSA, but it was
unclear from her responses whether TSA was consulting with the TSC about
terrorism-related hits on the “No Fly” and “Automatic Selectee” lists.81
Furthermore, TSDB-generated lookout records are currently being disseminated
to state and local law enforcement officers through the NCIC. The unclassified
portion of TSDB-generated lookout records (name, date of birth, passport number,
and country of origin) have been loaded into the NCIC’s Violent Gang and Terrorist
Organizations File (VGTOF). According to Director Bucella, the TSC has set up a
protocol for when NCIC queries by state or local law enforcement officers result in
a terrorism-related hit.
When NCIC terrorism-related hits occur, the state and local officers stand by,
while their dispatchers contact the TSC. Through the dispatchers, the TSC operators
will elicit certain information from the state or local officers to determine whether
there is a match. Such information could include identifiers, like height, weight, eye
color, hair color, tattoos, or scars, which may be classified. If the TSC deems that a
match has been made, the TSC will contact the FBI Counterterrorism Watch unit (CT
Watch unit) at FBI headquarters.
If needed, the CT Watch unit will contact and consult the appropriate JTTF and
designated case officer. Following such consultations, the TSC operators will
provide the state and local officers with the most appropriate course of action. Such
actions include four possible scenarios: arrest, detain and question, question and
release, or proceed with normal police procedure. According to Director Bucella, the
TSC is able to process most state and local NCIC terrorism-related hits within 20 to
30 minutes.
The TSC is presently engaged in a large-scale outreach program to inform state
and local law enforcement agencies about the TSC. Some Members at the hearing,
however, questioned whether most state and local agencies were aware of the TSC
or the changes to NCIC’s VGTOF. They also questioned whether some federal law
enforcement units, like the Border Patrol, had access to NCIC or the Integrated
Automated Fingerprint Identification System, and whether such queries were
routinely made on aliens attempting to enter the country between ports of entry.
As part of this outreach process, the TSC is also working with those agencies
to determine if the TSDB could be incorporated into screening processes conducted
by those agencies. In addition, the TSC is contacting other federal agencies to
determine whether they have terrorism-related records that would be of use to the
TSC. In this regard, several members raised concerns that the Department of
Defense had not done enough to transfer terrorism-related data to the TSC, and
possibly the TTIC, concerning al Qaeda and Taliban combatants who had been
81 The 9/11 Commission recommended that TSA fully utilize the larger set of watch lists by
integrating them into the current CAPPS screening system, and underscored that such
improvements should be implemented without delay. National Commission on Terrorist
Attacks upon the United States, The 9/11 Commission Report, p. 393.
CRS-24
previously detained at Guantanamo, but who had subsequently been released.
Director Bucella indicated that some data regarding these persons had been
transferred to the TSC.
Director Bucella outlined phase three of the TSC implementation. By
December 2004, the TSC is scheduled to use the TSDB as a single, integrated system
for entering known and suspected terrorist identities. At that point, the TSDB will
be integrated (“dynamically linked”) into all appropriate screening processes. In
addition, selected private sector entities, such as operators of critical infrastructure
facilities or organizers of large events, will be allowed to submit lists of persons
associated with those events to the U.S. government to be screened for any
connection with terrorism. Meanwhile, the DOS is working to establish mechanisms
by which terrorist screening information can be shared with foreign countries
cooperating with the United States in global efforts to counter terrorism.
Legal Safeguards. The TSC Director is responsible for developing policies
and procedures related to criteria for inclusion into the database; and measures to be
taken in regard to misidentifications, erroneous entries, outdated data, and privacy
concerns. As described above, according to TSC Director Bucella, procedures have
been developed regarding the inclusion of persons in the TSDB, the correction of
erroneous data, the purging of outdated data, and the incorporation of new data to
prevent further misidentifications of persons who share the same or similar names as
persons for whom terrorism-related lookout records exist.
The Administration maintains that since the TSC does not collect intelligence,
and has no authority to do so, that all intelligence or data entered into the TSDB has
been collected in accordance with the preexisting authorities of the collecting
agencies. Nonetheless, these existing agency policy and procedures probably do not
address information sharing with private entities for security purposes. Members of
Congress and other outside observers have questioned whether there should be new
policy and procedures at different levels (such as, visa issuance, border inspections,
commercial aviation security, domestic law enforcement, and security of public
events) for the inclusion of persons in the TSDB.82
Also, Members have asked how a person would find out if they were in the
TSDB, and if so, how did they get there? In congressional testimony, Director
Bucella surmised that a person would learn of being in the TSDB when a screening
agency encountered them and, perhaps, denied them a visa or entry into the United
States, or arrested them. Director Bucella also suggested that the TSC would
probably be unable to confirm or deny whether the person was in the TSDB under
current law.
Consequently, persons who have been identified or misidentified as terrorists
or their supporters by the TSC would have to pursue such matters through the
screening agency. However, the screening agency might not have been the source of
82 For further information, see CRS Report RL31730, Privacy: Total Information Awareness
Programs and Related Information Access, Collection, and Protection Laws, by Gina Marie
Stevens.
CRS-25
the record in which case, a lengthy process of referrals may have to be initiated.
Under such conditions, persons identified as terrorists or their supporters may turn
to the Freedom of Information Act (FOIA) or the Privacy Act as a last alternative.
Under FOIA,83 any person, including a noncitizen or nonpermanent resident,
may file a request with any executive branch agency or department, such as the DOS
or DHS, for records indicating they are on a watch list. Under national security and
law enforcement FOIA exemptions, the Departments may withhold records on
whether an individual is on a watch list.84
In addition to a FOIA request, a citizen or legal permanent resident may file a
Privacy Act85 request with DHS and/or Justice to discern whether the TSA or the FBI
has records on them. However, the law enforcement exemption under the Privacy
Act may permit the Departments to withhold such records. Under the Privacy Act,
a citizen or legal permanent resident may request an amendment of their record if
information in the record is inaccurate, untimely, irrelevant, or incomplete. Under
both FOIA and the Privacy Act, there are provisions for administrative and judicial
appeal. If a request is denied, the citizen or legal permanent resident is required to
exhaust their administrative remedies prior to bringing an action in U.S. District
Court to challenge the agency’s action.
The Administration has pledged that terrorist screening information will be
gathered and employed within constitutional and other legal parameters. While the
Privacy Act generally does not restrict information-sharing related to known and
suspected terrorists who are not U.S. persons for the purposes of visa issuance and
border inspections, it does restrict the sharing of information on U.S. persons
(citizens and legal permanent residents) for purely intelligence purposes, who are not
the subject of on-going foreign intelligence or criminal investigations.86
Consequently, legal questions concerning the inclusion of U.S. persons in these
systems under criminal or national security predicates may arise. Protocols have
been established for state and local law enforcement to cover the eventuality that a
positive NCIC VGTOF hit indicates that they have encountered a known or suspected
terrorist. However, it is unclear whether protocols have been established for false
positives if a person is misidentified. In addition, questions of compensation for
persons mistakenly damaged by inclusion in these databases will likely be an issue.
In the interest of protecting civil liberties, among other things, the 9/11
Commission has also recommended that the President promulgate information
sharing guidelines to safeguard the privacy of the individuals about whom the
information is being shared, and establish a board within the executive branch to
83 5 U.S.C. §522.
84 5 U.S.C. §§522(b), (c), 522a(j).
85 5 U.S.C. §522a.
86 Department of State, Testimony to the Joint Congressional Intelligence Committee, p. 5.
CRS-26
oversee adherence to these guidelines.87 While outside the scope of this paper, the
National Intelligence Reform Act of 2004 (P.L. 108-458) includes provisions
addressing privacy and civil liberty protection.
TSC Reporting Requirements. Section 360 of the Intelligence
Authorization Act for Fiscal Year 200488 required the President to submit a report to
Congress by September 16, 2004 on the operations of the TSC, as established under
HSPD-6. This provision set out that this report should include the following
elements:
! an analysis of TSC operations to ensure that the TSC does not
violate the Constitution, or any statute, executive order, or regulation
of the United States;
! a description of the TSC database architecture, including the number
of databases operated or maintained by the TSC, and an assessment
of the extent to which these databases have been integrated;
! a determination of whether the data from all the watch lists,
enumerated in the General Accountability Office report entitled
Information Technology: Terrorist Watch Lists Should be
Consolidated to Promote Better Integration and Sharing (described
below), have been incorporated into the consolidated terrorist
screening database system;
! a determination of whether any other databases ought to be
integrated into the consolidated terrorist screening database;
! a schedule setting out the dates by which identified databases, which
are not yet integrated into the consolidated terrorist screening
database system, would be integrated into that system;
! a description of the protocols that have been established to ensure
the protection of classified and sensitive information that is
contained within the consolidated terrorist screening database;
! a description of processes that have been established to ensure that
the information in the consolidated terrorist screening database is
systematically and frequently reviewed for timeliness and accuracy;
! a description of the mechanism that has been established to ensure
that the information in the consolidated terrorist screening database
is synchronized and replicated throughout that database;
! a description of the extent to which, and the criteria under which, the
TSC makes the information in the consolidated terrorist screening
database available to the private sector and critical infrastructure
components;
! the number of individuals listed in the consolidated terrorist
screening database;
! the estimated budget of, and sources of funding for, the TSC for
each of the fiscal years 2004, 2005, and 2006;
87 National Commission on Terrorist Attacks upon the United States, The 9/11 Commission
Report, pp. 394-395.
88 P.L. 108-177, 117 Stat. 2623.
CRS-27
! an assessment of the impact of the TSC and the consolidated
terrorist screening database on current law enforcement systems;
! the practical impact, if any, of TSC operations on individual liberties
and privacy; and
! such recommendations as the President deems appropriate for
modifications to law or policy to ensure the continued operations of
the TSC.
This provision required further that the report be presented in an unclassified format,
which could include a classified annex if necessary. Whether the Administration
delivered this report to Congress is unknown as of the latest update of this report.
Selected Watch List, Criminal, and Biometric Systems
To provide border and transportation security, a number of federal agencies have
long maintained watch lists, or lookout books, for the purposes of excluding certain
“undesirable” aliens, including known and suspected terrorists, from travel to, and
entry into, the United States. These watch lists reside on consular and border
management computer systems, as well as on criminal history record computer
systems. In addition, to identify individuals with greater certainty, several biometric
systems have been developed in parallel with these systems. It is notable that most
of these systems were developed separately and for different purposes that reflect
agency-specific missions and legal authorities.
The U.S. government’s principal terrorist watch list system has been the
Department of State’s TIPOFF system, which is classified. While the other members
of the Intelligence Community have begun culling through their intelligence reports
and producing additional lookout records, prior to September 11, 2001, the staff of
INR’s TIPOFF produced by far the lion’s share of terrorist lookout records. For the
purposes of visa issuance and border inspections, TIPOFF lookout records are loaded
into two unclassified systems: CA’s CLASS and DHS’s Interagency Border
Inspection System.
CLASS is a computerized system used to manage visa applications, among
other consular-related activities. Border inspectors use the IBIS system to process
travelers entering the United States at international ports of entry. Many agencies
compile watch lists for law enforcement and other purposes, which are also loaded
into IBIS. Hence, inspectors act as agents of these agencies when processing
travelers. As an integrated system, IBIS allows inspectors to seamlessly and
simultaneously search several law enforcement and border management databases.
While data sharing between some of these systems is routine, with others it is
not. For example, declassified lookout records are downloaded from TIPOFF and
uploaded into the DOS CLASS system and the NAILS II, a legacy INS system that
is currently maintained by DHS’s ICE. Prior to TIPOFF’s transfer, this was done
weekly, but priority cases could be uploaded into IBIS within minutes if needed. At
the TSC, it will be done daily, if not more often. In turn, NAILS II records are
uploaded into TIPOFF, since immigration officers produce terrorist-related lookout
records as well. It is likely that these practices will be continued at the TSC, but it
is unknown how frequently or in what manner they will be accomplished. Until
CRS-28
required to by the USA PATRIOT Act, the DOJ was unwilling to share criminal
history records with the DOS, including terrorist lookout records contained in NCIC.
Merging watch lists will not likely require integrating entire systems.
Nonetheless, there are likely to be other technological impediments. For example,
from system to system, and watch list to watch list, there remains no standardization
of data elements, such as, name, date of birth, place of birth, or nationality. In the
past decade, digitized biometrics (principally fingerprints) have been used
increasingly to identify individuals with greater certainty, but most biometric systems
have been developed separately from other systems. Integrating data from biometric
systems, such as IAFIS and IDENT, into either the TID or the TSDB could be
technologically difficult and costly. Under HSPD-6, the TTIC director has been
charged with the responsibility for setting uniform system standards for watch list
records.
At the same time, while elevating and expanding the terrorist watch list function
under HSPD-6 is an important step in the wider war on terrorism, specialists in the
area of national security have observed that homeland (border) security could be
improved by upgrading and integrating existing consular/immigration and border
management systems, criminal record history systems, and biometric systems.89
GAO Watch List Recommendations. In April 2003, the Government
Accountability Office (GAO; formerly the General Accounting Office) issued a report
that included findings and several recommendations regarding terrorist watch lists.
GAO found that at least nine agencies maintained 12 terrorist and criminal watch
lists that were used principally for border security or law enforcement purposes.
GAO reported that data sharing was hampered by incompatible system architectures
— computer hardware, software, and networking. Therefore, GAO recommended
that a central authority (leadership), spanning several departments and agencies, be
made responsible for standardizing and consolidating watch lists. According to
GAO, the new system should be developed to allow agencies to effectively carry out
their missions by enforcing all relevant laws in their unique operational
environments.90 At a minimum, lookout records from at least some of these systems
(described below) would likely be incorporated into the TSDB.
Of the 12 systems listed by GAO that include watch lists, 9 are described below.
Table 1 lists these nine systems and the departments and agencies responsible for
maintaining them. The systems that GAO listed, which are not described below,
include the U.S. Marshals’ “wants and warrants” file, the U.S. Air Force Office of
Special Investigations’ Top 10 Fugitive List, and U.S. Central Bureau for Interpol’s
terrorism watch list. These lists were not included in the treatment below because:
the Marshals’ wants and warrants file is incorporated into NCIC; the Air Force list
89 Lee S. Strickland, J.D., and Jennifer Willard, M.L.S., “Reengineering the Immigration
System: As Case for Data Mining and Information Assurance to Enhance Homeland
Security,” Homeland Security Journal, Oct. 2002, p. 9.
90 For further information, see GAO Report GAO-03-322, Information Technology:
Terrorist Watch Lists Should Be Consolidated to Promote Better Integration and Sharing
(Washington, Apr. 2003), p. 28.
CRS-29
is small by comparison to the rest; and Interpol records were reviewed by the FBI and
INR for inclusion in NCIC and TIPOFF. At the TTIC, it is likely that Interpol
records will continue to be reviewed for inclusion in the TID and, by extension, in
the TSDB.
Table 1. Selected Lookout, Border Security, Criminal History,
and Biometric Computer Systems
Department
Agency
System
State
Bureau of Intelligence and Research
TIPOFF
State
Bureau of Consular Affairs
Consular Lookout and
Support System (CLASS)
DHS
Bureau of Immigration and Customs
National Automated
Enforcement
Immigration Lookout System
II (NAILS II)
DHS
Bureau of Customs and Border
Interagency Border Inspection
Protection
System (IBIS)
DHS
Transportation Security Administration
No Fly/Automatic Selectee
Lists
DHS
Transportation Security Administration
Computer-Assisted Passenger
Prescreening System
(CAPPS)
Justice
Federal Bureau of Investigation
National Crime Information
Center (NCIC)
Justice
Federal Bureau of Investigation
Integrated Automated
Fingerprint Identification
System (IAFIS)
DHS
Bureau of Customs and Border
IDENT
Protection and Bureau of Immigration
and Customs Enforcement
Source: Table prepared by the Congressional Research Service.
Although not included in the GAO study, the Regional Information Sharing
System/Law Enforcement Online (RISS/LEO) is described below, because state and
local investigators support this system. Not only could RISS/LEO be used to share
lookout records with state and local law enforcement, but investigative files could
also be shared in some cases. In terms of biometric technology, two systems figure
prominently, IAFIS and IDENT. Furthermore, Justice has recently built a biometric
capability into NCIC. Brief mention is also given to State’s Consolidated Consular
Database, which serves as a central repository for all visa applications, including
digitized visa photos and, in some cases, fingerprints.
TIPOFF.91 TIPOFF is a classified computer lookout system, which was
maintained by the DOS’s INR to identify and watch-list known and suspected
91 Briefing with DOS’s Bureau of Intelligence and Research, Oct. 23, 2003.
CRS-30
terrorists.92 Created in 1987, it originally consisted of 3x5 index cards in a shoe box.
TIPOFF staff used specialized computer search engines to systematically cull through
all-source data, from highly classified central intelligence reports to intelligence
products based on open sources, to identify known and suspected terrorists. These
classified records are scrubbed to protect intelligence sources and methods, and
biographic identifiers are declassified, and exported into lookout systems (CLASS
and IBIS). Consular officers can query these records electronically in CLASS to
deny visas to terrorists and their supporters. Immigration and customs inspectors
query these records in IBIS to deny terrorists entry into the United States at
international ports of entry.
Following the 1993 World Trade Center bombing, the Visa Viper process was
established, as a dedicated/secure telegraphic channel that allows consular and
intelligence officers to report known and suspected terrorists to INR for inclusion in
TIPOFF. There are more than 120,000 records of terrorists and other criminals in
TIPOFF, nearly double the number on September 11, 2001. Due to the use of aliases
among terrorists, some of these records involve the same individuals. There are
nearly 81,000 distinct individual terrorist names in TIPOFF.
Until recently, all subjects of TIPOFF records were non-U.S. persons — roughly
speaking those persons who are not legal permanent residents (immigrants) or
citizens of the United States. Under HSPD-6, the terrorist identification process
currently performed by INR will be expanded and transferred to TTIC. A mirror
image of INR’s TIPOFF system has been built at TTIC to feed terrorist lookout
records into a terrorist identities database (TID). Since September 11, 2001, other
members of the Intelligence Community have combed through their products and
case files to identify additional terrorists who should be excluded from entering the
United States. As part of these efforts, records on U.S. persons (citizens and legal
permanent residents) who are the subject of ongoing criminal or national security
investigations will be entered into the TID as well. The process performed by INR
of declassifying lookout records and exporting them to the appropriate consular,
border security, and law enforcement agencies has been transferred to TSC.
Consular Lookout and Support System (CLASS).93 The CLASS system
is the DOS’s principal unclassified lookout database that is used by consular officers
abroad to check the names of visa and passport applicants against several watch lists
that are maintained for various purposes, including screening known and suspected
terrorists. While the DOS has maintained an automated visa lookout system since
1970, the development of CLASS was accelerated after the first World Trade Center
bombing and the conspiracy to blow up the Holland and Lincoln Tunnels, and the
United Nations Headquarters, in New York City.94
92 For several years past, the INR was expanding TIPOFF to include records on known and
suspected international criminals and drug traffickers as well. Under HSPD-6, this function
will remain at INR.
93 Briefing with DOS’s Bureau of Consular Affairs, Oct. 23, 2003.
94 The case of Sheikh Omar Abdel Rahman is illustrative. He had been implicated in the
assassination of Egyptian President Anwar Sadat in 1981 and watch-listed, yet he was issued
(continued...)
CRS-31
In terms of name recognition, the CLASS system is the most advanced lookout
system currently maintained by the federal government. It includes a compressed
name search capability, as well as sophisticated Arabic, Russian/Slavic, East Asian,
Hispanic, date of birth, and country of birth algorithms. The language algorithms,
for example, search for variations in name spelling based on the phonetic
transliteration of names from other languages into the Roman alphabet. The
algorithm scores the searches to arrange them in order of likelihood of a match. All
consular posts can directly access CLASS online. There are about 15.4 million
records in CLASS, including 90,000 records on suspected or known terrorists and
their supporters.95
National Automated Immigration Lookout System II (NAILS II).96 The
NAILS II system is the lookout system formerly maintained by INS, until that agency
was dismantled and its constituent parts were transferred to DHS. Today, NAILS II
is maintained by the DHS’s ICE. NAILS II contains about 3.8 million files,
including biographical and case data on persons who may be inadmissible or are
being sought by immigration officers for other reasons related to immigration
enforcement. Of these files, 58,000 files concern suspected or known terrorists and
their supporters. The NAILS II system can be searched by name, variations on the
name, alien registration number, and date of birth. The name recognition technology
in NAILS II is Soundex, a technology that was patented some 100 years ago.97
Lookout records are downloaded from TIPOFF and uploaded into NAILS II on an
hourly basis, and from NAILS II into CLASS on a weekly basis, or as needed. At the
TSC, this process will be performed daily.
Interagency Border Inspection System (IBIS).98 The IBIS system, an
unclassified system, was maintained by the Department of the Treasury’s U.S.
Customs Service, until Customs was transferred to DHS. INS was also a major
stakeholder in this system, since both Customs and Immigration inspectors screen
aliens for admission into the United States at ports of entry. The IBIS system was
congressionally mandated by the Omnibus Drug Initiative Act of 198899 in order to
share lookout records maintained separately by INS, State, and Customs. The
Customs Service supported about 17 different watch lists by downloading lookout
94 (...continued)
a visa in Khartoum, Sudan. At the time, the Khartoum consulate lookout records were on
microfiche and there were several variations of Rahman’s name. He was convicted for his
part in the conspiracy to blow up the Holland and Lincoln Tunnels, and the United Nations
Headquarters, in New York City.
95 CLASS data on immigrant and nonimmigrant visa holders are downloaded several times
daily into IBIS through NAILS II and the Treasury Enforcement Communications System
II (TECS II), which are both maintained currently by DHS.
96 Mark T. Kenmore, “Update on U.S. Ports of Entry,” Immigration & Nationality Law
Handbook, 2002-2003 Edition, vol. 1 (Washington, 2002), p. 257.
97 Dr. John C. Hermansen, Name-Recognition Technology Aids the Fight Against Terrorism,
Journal of Counterterrorism & Homeland Security International (winter 2003), p. 2.
98 Briefing with the U.S. Customs Service, Nov. 16, 2001.
99 §4604 of P.L. 100-690, 102 Stat. 4289.
CRS-32
records from other agencies into the IBIS. IBIS provides inspectors with the ability
to perform a single, all purpose query in the primary inspection lanes.100 If the system
generates a hit, the inspector diverts the traveler to secondary inspection for
additional clearance procedures. Developed by the Customs Service, IBIS utilizes
the pre-existing TECS II. Today, TECS II and IBIS are maintained by the CBP at
DHS.101
IBIS exchanges data with CLASS and several immigration systems, including
the NAILS II (described above) and the Deportable Alien Control System (DACS),
among others. It also allows inspectors to access the FBI’s NCIC and National Law
Enforcement Telecommunications System (NLETS), as well as the Drug
Enforcement Administration’s Narcotics and Dangerous Drugs Identification System
(NADDIS). The Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), U.S.
Secret Service, Internal Revenue Service, and the Royal Canadian Mounted Police
(RCMP) also provide lookout records for inclusion in IBIS. Law enforcement and
regulatory personnel from 20 other federal agencies use IBIS.
In addition, the Advanced Passenger Inspection System (APIS) was grafted onto
IBIS to establish alien entry/exit control in the airport environment (as opposed to
land border and sea ports). As required by the Border Security Act (P.L. 107-173),
the DHS has rolled out the U.S. VISIT program, a newly developed automated
entry/exit control system that includes scanners and readers to verify and collect
biometric information on foreign travelers.102 Under the U.S. VISIT program, IBIS
and the APIS interface with two systems with biometric capabilities, IDENT and the
Consular Consolidated Database.103
As in NAILS II, the name search capability in IBIS is Soundex. While IBIS is
considered superior to NAILS II in terms of systems performance and name
recognition, it is not considered as robust as the CLASS system in terms of certain
search functions. There are about 16 million records in IBIS, including nearly 80,000
records on known and suspected terrorists. In regard to IBIS another key issue for
Congress is systems availability. There have been press accounts that IBIS has been
100 In is notable that at land border ports of entry during primary inspections, the border
inspectors do not enter the names and other pertinent biographic identifiers of border
crossers who arrive in private conveyance into IBIS. Instead, the inspectors enter vehicle
license plate numbers into IBIS and visually scan the border crossers’ travel documents.
101 Under an administrative reorganization within the DHS, INS enforcement programs were
merged with Customs, and reconstituted as the CBP and the ICE. Both Customs and
Immigration Inspectors are now part of CBP.
102 For further information, see CRS Report RL32234, U.S. Visitor and Immigrant Status
Indicator Technology Program (U.S.-VISIT), by Lisa Seghetti and Stephen Vina.
103 The 9/11 Commission recommended that DHS expedite the development and deployment
of a “biometric entry-exit screening system” to increase border security and streamline
inspections for qualified travelers. National Commission on Terrorist Attacks upon the
United States, The 9/11 Commission Report, p. 389.
CRS-33
inaccessible at certain ports of entry for extended periods of time, during which
allegedly foreign travelers were not screened against watch lists.104
“No Fly” and “Automatic Selectee” Lists. The “No Fly” watch list was
created in 1990, as a list of persons who were considered to be a direct threat to U.S.
civil aviation. It was administered by the FBI until November 2001, when it was
then transferred to the FAA. The Transportation Security Administration later
assumed administrative responsibility for the list, which was split into the “No Fly”
and “Automatic Selectee” lists. Persons are place on these lists based upon
information given to TSA by other federal agencies. TSA distributes these watch
lists to the U.S. air carriers. In turn, the air carriers screen passengers against these
watch lists. The watch lists reside on the computer reservations system used by U.S.
air carriers.105 As the names of these lists imply, passengers found to be on the “No
Fly” list are to be denied boarding and referred to law enforcement, while those on
the “Automatic Selectee” list are selected for secondary security screening before
being cleared to board.
Since intelligence and law enforcement officials were concerned about the
security of the “No Fly” list, only a handful of names were on the list prior to the 9/11
attacks (less than 20).106 Since then, the lists reportedly have been expanded almost
daily.107 According to one press account, there are more than 20,000 names on the
“No Fly” list today, and TSA has been contacted by air carriers as many as 30 times
per day with potential name matches in the recent past.108 In recent months, the “No
Fly” and “Automatic Selectee” lists have been controversial for misidentifications.
In some cases, these misidentifications have included Members of Congress: Senator
Ted Kennedy, Representative John Lewis, and Representative Don Young.109 It is
unclear, meanwhile, to what extent TSA has integrated the No Fly” and “Automatic
Selectee” lists with the TSDB or other screening procedures followed by the TSC.
104 Alfonso Chardy, “Airport Terrorist Database Often Offline; Official Says Backups Are
in Place to Prevent Disaster,” Miami Herald, Mar. 8, 2002, p. B1.
105 Electronic Privacy Information Center, “‘Documents Show Errors in TSA’s ‘No Fly”
Watchlist,” Apr. 2003, available at
[http://www.epic.org/privacy/airtravel/foia/watchlist_foia_analysis.html].
106 National Commission on Terrorist Attacks Upon the United States, The Aviation Security
System and the 9/11 Attacks, Staff Statement No. 3, Jan. 27, 2004, p. 6, available at
[http://www.9-11commission.gov/staff_statements/staff_statement_3.pdf].
107 Electronic Privacy Information Center, “‘Documents Show Errors in TSA’s ‘No Fly”
Watchlist,” Apr. 2003, available at
[http://www.epic.org/privacy/airtravel/foia/watchlist_foia_analysis.html].
108 Sara Kehaulani Goo, “Faulty ‘No Fly’ System Detailed,” Washington Post, Oct. 9, 2004,
p. A01.
109 Sara Kehaulani Goo, “Committee Chairman Runs Into Watch-List Problem: Name
Similarity Led to Questioning at Anchorage and Seattle Airports, Alaska Congressman
Says,” Washington Post, Sept. 30, 2004, p. A17, and “Hundreds Report Watch-List Trials:
Some Ended Hassles at Airports by Making Slight Change to Name,” Washington Post,
Aug. 21, 2004, p. A08.
CRS-34
Computer-Assisted Passenger Prescreening System (CAPPS). TSA
also administers the classified CAPPS system, which was originally designated the
computer-assisted passenger screening (CAPS) system. The CAPS system was
developed following a known aircraft bombing and other suspicious incidents.110 The
1996 Federal Aviation Administration Act authorized the development of the CAPS
system.111 Section 307 of that act reads:
The Administrator of the Federal Aviation Administration, the Secretary of
Transportation, the intelligence community, and the law enforcement community
should continue to assist air carriers in developing computer-assisted passenger
profiling programs and other appropriate passenger profiling programs which
should be used in conjunction with other security measures and technologies.
The FAA, with Northwest Airlines, developed the CAPS system in 1996 and
1997. Additional field testing continued through 1997 and 1998. The FAA
mandated that all major U.S. air carriers maintain CAPS on their computer
reservation systems in 1999.
The operational concept behind the CAPS system is to select “high-risk”
travelers based on certain characteristics found in Passenger Name Record (PNR)
data elements, like ticket purchasing patterns and the details of their travel itineraries,
for greater scrutiny in terms of baggage screening, while expediting baggage
screening for “low-risk”passengers. In other words, the CAPS system was designed
to determine which passengers were unlikely to have an explosive device in their
checked baggage, so that limited explosive detection capabilities could be focused
on a smaller number of passengers and bags.112 The CAPS system was reviewed by
the DOJ’s Civil Rights and Criminal Divisions, along with the FBI, and was found
not to be based on characteristics related to ethnicity, gender, or religious faith.113
110 According to Cathal L. Flynn, in testimony before the 9/11 Commission, “From 1993 to
2000, aviation security was implemented in an environment shaped by several developments
and events: the memory of Pan Am 103 catastrophe and national determination that nothing
like it should happen again; the World Trade Center bombing of February 1993 and the
discovery, in the post-bombing investigations, of previously un-noticed groups within the
United States that at least seemed to be connected with Middle Eastern terrorist
organizations; the “Manila Conspiracy,” also called the “Bojinka Plot,” that aimed in early
1995 to destroy as many as twelve U.S. airlines nearly simultaneously as they flew form
airports in East Asia; growing awareness of the al Qaeda terrorist organization; and the crash
of TWA flight 800 on July 17, 1996, which initially appeared to have been caused by an on-
board bomb and thus raised national awareness of a possible terrorist threat to aviation
within the United States.” See Statement of Cathal L. Flynn to the National Commission
on Terrorist Attacks Upon the United States, Jan. 27, 2004, p. 2, available at
[http://www.9-11commission.gov/hearings/hearing7/witness_flynn.htm].
111 P.L. 104-264; 110 Stat. 3253.
112 Statement of Jane Garvey to the National Commission on Terrorist Attacks Upon the
United States, May 22, 2003, p. 11, available at
[http://www.9-11commission.gov/hearings/hearing7/witness_garvey.htm].
113 Anthony Fainberg, “Aviation Security in the United States: Current and Future Trends,”
Transportation Law Journal, vol 25, spring 1998, p. 200.
CRS-35
More recently, the CAPS system was re-designated CAPPS (Computer-Assisted
Passenger Presceening System).
The CAPPS system is largely invisible to the public, and the federal government
does not control or collect data as part of CAPPS, as the system itself resides on
airline reservations systems.114 While nine of the 19 hijackers were selected by
CAPPS for additional baggage screening, it is significant that, on September 11,
2001, CAPPS was not used to select passengers for greater screening at passenger
checkpoints.115 While checkpoint screening was the principal measure to prevent
aircraft hijackings, none of the 19 hijackers were prevented from boarding an aircraft
following passenger checkpoint screening.116 Today, CAPPS is also used by TSA to
identify persons, based on certain characteristics gleaned from the passenger name
records, who are selected for not only greater passenger-checked baggage screening,
but greater passenger checkpoint screening as well.
In the wake of the 9/11 terrorist attacks, TSA began developing a next-
generation domestic passenger screening system known as CAPPS-II. This
controversial system was designed to use sophisticated algorithms to search
government and commercial databases to acquire limited background information on
ticket-buyers to authenticate their identity. The system would have assigned travelers
a color coded categorical risk assessment.117
! Green-coded passengers would not have been considered a risk and
would only have been subject to basic screening procedures — metal
detectors and baggage x-rays.
! Yellow-coded passengers would have been deemed either an
unknown or possible risk, and would have been subject to extra
screening procedures — bag and body searches.
! Red-coded passengers would have been considered high risk and
would not have been allowed to travel, and law enforcement
officials would have been notified of their attempts to board
commercial aircraft.
Critics decried the cloak of secrecy under which TSA developed CAPPS-II, and
argued that the potential loss of privacy under such a system would not be
counterbalanced by a corresponding increase in security.118 Some legal scholars also
114 Ibid., p. 200.
115 Statement of Cathal L. Flynn to the National Commission on Terrorist Attacks Upon the
United States, (Jan. 27, 2004), p. 4, available at
[http://www.9-11commission.gov/hearings/hearing7/witness_flynn.htm].
116 National Commission on Terrorist Attacks Upon the United States, The Aviation Security
System and the 9/11 Attacks, Staff Statement no. 3, Jan. 27, 2004, pp. 6-7, available at
[http://www.9-11commission.gov/staff_statements/staff_statement_3.pdf].
117 Federal Register, Aug. 1, 2003, p. 45266.
118 Jill D. Rhodes, “CAPPS II: Red Light, Green Light, or ‘Mother, May I?,’” The Homeland
Security Journal, Mar. 2004, p. 1.
CRS-36
question whether it would be permissible to prevent a person from boarding an
aircraft on a mere suspicion of organizational affiliation.119
Meanwhile, in two statutes,120 Congress prohibited the expenditure of any
funding provided under that act to deploy or implement this new system until it had
been evaluated by the Government Accountability Office (GAO).121 Furthermore,
Congress required TSA to more adequately address eight action items before the
CAPPS II system could be deployed in any manner except testing of the system. The
specific actions required by Congress include
! establishing an internal oversight board;
! assessing accuracy of databases;
! stress-testing the system and demonstrating efficacy and accuracy;
! installing operational safeguards to protect the system from abuse;
! installing security measures to protect the system from unauthorized
access;
! establishing policies for and effective oversight of system use and
operation;
! addressing all privacy concerns; and
! creating a redress process for passengers to correct erroneous
information.
In February 2004, the GAO found that TSA had only completed one of these eight
action items: TSA had satisfactorily created an internal oversight board.122
Furthermore, GAO reported that TSA had encountered major impediments in
testing CAPPS II. In particular, the European Union and commercial airlines have
been reluctant to hand over crucial data because of privacy concerns. Moreover,
GAO underscored that the CAPPS II, as designed, would be vulnerable to terrorists
who assumed (stole) another person’s identity.123 TSA anticipated that CAPPS-II
would have been integrated with US-VISIT, DHS’s newly developed automated
entry/exit control program.124 Such a measure would have introduced a biometric
component into the CAPPS-II process for non-citizens, so that their identities could
be confirmed with greater certainty. The acting TSA Administrator, David M. Stone,
testified before the Senate Governmental Affairs Committee that CAPPS-II was
119 Ibid., p. 7.
120 P.L. 108-90, 117 Stat. 1137; and P.L. 108-176, 117 Stat. 2568.
121 U.S. General Accounting Office, Aviation Security: Computer-Assisted Passenger
Prescreening System Faces Significant Implementation Challenges, GAO-04-385, Feb.
2004, p. 4.
122 Ibid., p. 4.
123 Ibid., p. 4.
124 Federal Register, Aug. 1, 2003, p. 45266.
CRS-37
being “reshaped and repackaged” to address privacy issues.125 The reshaped and
repackaged system is presumably Secure Flight (discussed below).
9/11 Commission Recommendations and Secure Flight.126 In its July
2004 final report, the 9/11 Commission recommended that, without delay, the
Transportation Security Administration should (1) take over the air passenger pre-
screening function from the airlines; (2) improve the use of the “no fly” and
“automatic selectee” lists; (3) require the airlines to turn over passenger name
records; and (4) more fully utilize the larger set of watch lists maintained by the
federal government (at the TSC in the TSDB).127 Prompted by these
recommendations, TSA unveiled plans to discontinue the development of CAPPS-II
in favor of a test-program dubbed “Secure Flight.”128
According to TSA, the Secure Flight test program consists of three elements:
(1) a streamlined CAPPS process that will include selection on both a revised criteria
and random bases; (2) limited use of commercial data identity authentication process;
and (3) a passenger name check against the TSDB. If fully implemented, the Secure
Flight system will only be used for pre-screening domestic flights. Customs and
Border Protection is now responsible for prescreening passengers on inbound and
outbound international flights and already uses the TSDB.129
Under the Secure Flight test program, passenger name records (PNR) data will
be transmitted from U.S. air carriers to TSA. While these categories include specific
ticketing and itinerary information, airfare data, frequent flier information, form of
payment information, and special service requests, among other things, they do not
include birth date information which is not routinely collected by airlines. Birth date
information had been considered by TSA during CAPPS II as an important data
element for authenticating an individual’s identity by comparing personal data
provided by the passenger against records contained in commercial databases that are
often used for conducting credit checks. The CBP will retain the responsibility for
checking passenger identities and prescreening passengers on inbound and outbound
international flights.
TSA also plans to assume the role of conducting behavioral-based prescreening
that airlines now perform under the existing CAPPS system. The test-program,
however, will use revised rules for selecting passengers for additional screening,
which have been designed to reduce the number of passengers selected for secondary
125 Matthew L. Wald, “U.S. ‘Reshaping’ Airport Screening System,” New York Times, (July
16, 2004), Sec. A, p. 18.
126 For further information on the integration of aviation-security watch lists with border
screening systems, see CRS Report RL32451, Aviation Security-Related Findings and
Recommendations of the 9/11 Commission, by Bart Elias.
127 National Commission on Terrorist Attacks upon the United States, The 9/11 Commission
Report, p. 393.
128 U.S. Department of Homeland Security, Transportation Security Administration, “TSA
To Test New Passenger Pre-Screening System,” (Washington, August 26, 2004), 2 pp.
129 Federal Register, Sept. 24, 2004, pp. 57345-57348 and pp. 57352-57355.
CRS-38
screening. In addition, TSA noted that some individuals will still be randomly
selected for secondary screening to prevent terrorists from learning (through reverse
engineering) the specific criteria used to select individuals under the Secure Flight
program.
The test program will also access limited commercial data to verify an
individual’s identity — a core concept of the CAPPS II proposed system. This data
will be evaluated separately and on a limited basis to determine whether such data
can help to more accurately verify passenger identity during the pre-screening
process. In the original CAPPS II program, TSA had envisioned the use of
commercial databases to authenticate the identity of a passenger before that
passenger’s information was compared against government-maintained terrorist and
criminal databases. TSA has indicated that the identity authentication procedures
would only be incorporated into the Secure Flight system if the following conditions
are met:
! such measures do not result in inappropriate differential treatment of
any category of persons;
! robust data security safeguards and privacy protections can be put in
place to prevent unauthorized access to personal information; and
! the system enhances security and does not involve the U.S.
government in storing or accessing commercial data but, rather,
relies on commercial data aggregators to provide IDA services to the
TSA.130
TSA has indicated that it will strive to meet the remaining requirements for
CAPPS II implementation in the Secure Flight program, as the agency plans to
establish a redress process for individuals who believe they have been unfairly or
incorrectly singled out for additional screening or experience difficulties obtaining
boarding passes.
Data elements of the passenger name records will be checked against the larger
set of government watch lists that have been consolidated in the TSDB maintained
by the FBI-administered Terrorist Screening Center. Passenger name records will
also be checked against “No Fly” and “Automatic Selectee” watch lists, which have
been expanded since the 9/11 terrorist attacks. At this time, it is unclear whether
these watch lists will be integrated into the TSDB, remain stand-alone watch lists that
are maintained in a TSA-administered system as part of the Secure Flight program,
or be phased out once the Secure Flight program has been fully implemented.
Air passengers on international flights will continue to be screened against the
wider set of U.S. government watch lists through CBP’s Advance Passenger
Inspection System, which is part of the IBIS (both systems are described above).
Under agreement with the European Union (EU), CBP is being provided with data
from 34 specific categories of PNR data for travelers on international flights from EU
countries. For outbound international flights, it is unclear whether the CBP will have
applications in either APIS or IBIS that will examine PNR or other data to select air
130 Federal Register, Sept. 24, 2004, p. 57353.
CRS-39
passengers for additional screening at either baggage or passenger checkpoints.
Meanwhile, the National Intelligence Reform Act of 2004 (P.L. 108-458) includes
watch list provisions related to advanced airline passenger prescreening, which are
described in greater detail below.
National Crime Information Center (NCIC).131 The FBI maintains the
NCIC, a national computer database for criminal justice records. NCIC is linked to
an index system, the Interstate Identification Index (III), which points authorized law
enforcement authorities to federal, state, and local criminal records. In 1999, NCIC
2000 was brought online by the FBI. Major improvements built into NCIC 2000
include an improved name search capability, digitized right index finger prints and
mug shots, other digitized images (tattoos, scars, or stolen vehicles), a sexual
offenders file, an incarcerated persons file, a convicted person on supervised release
(probation or parole) file, user manuals on line, information linking capabilities,
online system support, and other improvements.
Another major enhancement associated with NCIC 2000 is the ability for patrol
officers to receive and send data to the system from their patrol cars or other
temporary locations with laptop computers, hand-held fingerprint scanners, or digital
cameras. The total budget to develop NCIC 2000 was about $183 million.132 For
FY2003, about $36 million was allocated by the FBI to administer and maintain
NCIC 2000.
NCIC 2000 gives law enforcement officers access to over 43 million records:
41 million criminal history records and 2.5 million hot files. Hot files would include
lookouts on suspected and known terrorists, which are included in the Violent Gang
and Terrorist Organization File (VGTOF). As in IBIS and NAILS II, however, the
name recognition technology in NCIC 2000 is Soundex, which is not nearly as robust
as the name recognition technologies built into CLASS. For example, the length of
the name field in NCIC is only 28 characters, while it is over 80 in CLASS.133
For years, Justice denied the Department of State access to NCIC on the grounds
that Consular Affairs was not a law enforcement agency, but State was given
authority to access NCIC in the USA PATRIOT Act.134 As of August 2002, between
7 to 8 million files on non-U.S. persons with FBI criminal records were added to
CLASS from NCIC.135 When Customs and Immigration inspectors query IBIS in the
primary inspection lanes, the system queries NCIC’s hot files like the U.S. Marshal
Service’s want and warrants file and the VGTOF, but full criminal background
131 For further information, click on [http://www.fbi.gov/hq/cjisd/ncic.htm].
132 U.S. Department of Justice, Federal Bureau of Investigation, National Crime Information
Center 2000 (Washington, July 15, 1999), p. 3 at
[http://www.fbi.gov/pressrel/pressrel99/ncic2000.htm]
133 Briefing with DOS’s Bureau of Intelligence and Research, Oct. 23, 2003.
134 See §403(a) of P.L. 107-56, 115 Stat. 343.
135 U.S. Department of State, Testimony to the Joint Congressional Intelligence Committee
Inquiry by Ambassador Francis X. Taylor, Coordinator for Counterterrorism (Washington,
Oct. 1, 2002), p. 2.
CRS-40
history checks are only performed when travelers are diverted into secondary
inspections for certain irregularities or suspicious behavior. Under HSPD-6, NCIC
is the platform on which additional terrorist screening records from the TSC’s TSDB
have been disseminated to duly authorized state, local, territorial, and tribal law
enforcement agencies.136
Regional Information Sharing System/Law Enforcement Online.137
The Regional Information Sharing System (RISS) is an unclassified, but secured
web-accessible system of six regional computer networks that were established to
share state and local investigative data involving criminal gangs and drug
trafficking.138 RISS is funded through the DOJ Office of Justice Programs, but is
administered and operated jointly by several state agencies.
Section 701 of the USA PATRIOT Act139 amends the Omnibus Crime Control
and Safe Streets Act of 1968 to authorize the use of RISS to share investigative data
that might involve potential terrorist conspiracies and activities. As required by law,
criminal files included in RISS must be based on “probable cause” that the subjects
of the file have committed, or are about to commit, a crime.140 While a cigarette
bootlegging conspiracy, for example, may appear to have no terrorism nexus, by
analyzing investigative data in RISS, other patterns of criminal or terrorist activity
may emerge.
Law Enforcement Online (LEO) is a secured web-accessible portfolio of
applications and information sources made available by the FBI to state and local law
enforcement agencies. More recently, RISS has been merged with the FBI’s LEO
system. The RISS/LEO merger will facilitate federal/state communications on a
secured/web accessible system, as opposed to older teletype systems like the
NLETS.141 Through RISS/LEO, the FBI will distribute to state and local law
enforcement agencies selected open source (unclassified) reports, as well as sensitive
but unclassified law enforcement reports. RISS/LEO enjoys considerable support
among state and local law enforcement agencies as a user-friendly and web-
accessible system.
Biometric Systems for Identity Verification. “Biometrics” are physical
characteristics or personal traits of an individual used to identify him, or verify his
claim to a certain identity. Examples of biometrics include fingerprints, facial and
136 Memorandum of Understanding accompanying HSPD-6, item 18, p. 5.
137 For further information, click on [http://www.iir.com/RISS/].
138 Wilson P. Dizard III, “All Points Bulletin: FBI and Justice Link, Get the Word Out,”
Post-Newsweek Business Information, Inc. (Lexus/Nexus: Oct. 7, 2003), p. 1. (Hereafter
cited as Dizzard, “All Points Bulletin: FBI and Justice Link.”)
139 P.L. 107-56, 115 Stat. 374.
140 28 Code of Federal Regulations, § 23.3(b)(3). “Criminal intelligence information means
data which has been evaluated to determine that it is relevant to the identification of and the
criminal activity engaged in by an individual who or organization which is reasonably
suspected of involvement in criminal activity.”
141 Dizard, “All-Points Bulletin: FBI and Justice Link,” p. 1.
CRS-41
hand geometry, iris and retina scans, voice recognition, and handwritten signatures.
While most biometric technologies have only been developed in the past 10 to 15
years, fingerprints have been used by law enforcement to verify identity for the past
century. For these purposes, the FBI maintains the Integrated Automated Fingerprint
Identification System (IAFIS), an automated 10-fingerprint matching system that
captures rolled prints. All 50 states are connected to IAFIS. With over 47 million
sets of fingerprints, it is the largest biometric database in the world.142
In 1995, the INS piloted the Automated Biometric Fingerprint Identification
System (IDENT) in California. In the following year, IDENT was deployed to over
34 sites on the Southwest border, and over 3,000 criminal aliens were identified
attempting to enter the United States. IDENT is a two flat fingerprint system that
includes prints of 4.5 million aliens who have been (1) apprehended while attempting
to enter the United States illegally between ports of entry or allowed to withdraw
their application for admission at a port of entry (4 million records), (2) previously
apprehended (300,000 records), or (3) convicted of aggravated felonies (240,000).
Some Members of Congress, particularly those serving on the Appropriations
Committees, were concerned that two incompatible fingerprint identification systems
were being developed within the DOJ. This issue became heated following
revelations that the INS had apprehended a suspected murderer, Rafael Resendez-
Ramirez, but allowed him to voluntarily return to Mexico. Resendez-Ramirez
subsequently reentered the United States and committed four additional murders.143
Language in the FY2000 Commerce-Justice-State appropriations act expressed
dismay that other federal, state and local law enforcement officers did not have
access to IDENT data. In response, the Attorney General put the IDENT/IAFIS
migration project under the supervision of Justice Management Division (JMD).
JMD conducted several pilot programs, which examined the feasibility of
interchanging data between the two systems.144 For example, Integrated Automated
Fingerprint Inspection System data for individuals in the “wants and warrants” file
was downloaded into IDENT. JMD also developed an IDENT/IAFIS workstation
that allowed Border Patrol agents and immigration inspectors to run IDENT prints
against IAFIS. This system had a 10 minute response time and required agents to
142 U.S. Government Accountability Office, Technology Assessment: Using Biometrics for
Border Security, GAO-03-174, Nov. 2002, p. 149.
143 U.S. Department of Justice, Office of Inspector General, The Rafael Resendez-Ramirez
Case: A Review of the INS’s Actions and the Operation of Its IDENT Automated Fingerprint
Identification System, (Washington, March 2000), at [http://www.usdoj.gov/oig/special/
0003/resenp1.htm#P131_4736].
144 IDENT is instrumental in identifying how many times an alien has been apprehended.
According to the DOJ, however, there are legal concerns, about entering such data into
criminal databases like IAFIS for aliens who may have attempted to enter the United States
illegally, but were not convicted of a criminal violation. Indeed, most aliens attempting to
enter the United States illegally between ports of entry are apprehended up to five to seven
times before they are charged with misdemeanor illegal entry. If they are subsequently
apprehended, they are charged with felony reentry.
CRS-42
process each apprehended person twice, once under IDENT and again through the
IDENT/IAFIS work station.
In addition, JMD conducted a criminality study, which examined IDENT
records from the 1998 through mid-2000 time frame and found that about 8.5% of
those individuals had some notable charge placed against them.145 The transfer of the
components of the former INS to the DHS, however, has hampered this project.
According to the DOJ Office of the Inspector General, despite a delay of two years,
a partially integrated version of the IDENT/IAFIS system was available for
deployment in December 2003. Full integration and deployment of the system,
however, may extend past FY2008.146 Meanwhile, about 4,500 FBI fingerprint files
of known or suspected terrorists have been entered into IDENT.147
The DOS, meanwhile, has established the capacity at consular posts abroad to
capture electronic records of nonimmigrant visas, including digitized visa photos,
which are transmitted and replicated in State’s Consolidated Consular Database. In
FY2001, DOS and INS conducted a pilot nonimmigrant visa data-sharing program
at the Newark International Airport. As part of this program, nonimmigrant visa
records were transmitted to IBIS, including digitized photos. These visa photos are
useful for identity verification, and reportedly this capability has been deployed at all
air ports of entry.
In its final report, the 9/11 Commission recommended that DHS expedite the
implementation of a “biometric entry-exit screening system” known as U.S.-VISIT148
to increase border security and streamline inspections for qualified travelers.149 The
National Intelligence Reform Act of 2004 (P.L. 108-458) includes a provision
requiring the expedited development and roll-out of U.S.-VISIT, and feasibility
studies on whether biometric identifiers ought to be required in passports for visitors
to the United States and for U.S. citizens as well.
In addition, the DOS has begun testing facial recognition (biometric)
technologies with nonimmigrant visa photos as a means to verify identity as well, but
these technologies are less mature than those using fingerprint. As a biometric
measurement for nonimmigrant visa applicants, however, the DOS strongly favors
facial recognition to fingerprints, because it does not require the applicant to submit
to an active measurement procedure. In addition, facial recognition biometric
measurements can be derived from photos and videotape gathered by the intelligence
145 U.S. Department of Justice, Federal Bureau of Investigation, Criminal Justice Information
Services (CJIS) Division, “DOJ Agencies Team Up To Improve The Security At U.S.
Borders,” The CJIS Link (Clarksburg, WV, spring 2002), p. 2.
146 U.S. Department of Justice, Office of the Inspector General, Report No. 1-2003-005,
Status of IDENT/IAFIS Integration, (Washington, Feb. 2004), p. 11.
147 Ibid., 18.
148 For further information, see CRS Report RL32234, U.S. Visitor and Immigrant Status
Indicator Technology Program (U.S.-VISIT), by Lisa Seghetti and Stephen Vina.
149 National Commission on Terrorist Attacks upon the United States, The 9/11
Commission Report, p. 389.
CRS-43
community in order to identify known terrorists and other persons who may be
excludable from the United States for national security reasons.150
HSPD-6 directs that the TTIC’s TID and the FBI domestic terrorist database
incorporate all available biometric data, to the extent permitted by law, including data
on persons yet to be identified (e.g., latent prints gathered at a crime scene or the
caves of Afghanistan). In addition, these systems are to be designed so that new
advancements in biometrics technology can be incorporated into them.
National Intelligence Reform Act of 2004 (P.L. 108-458)
While P.L. 108-458 does not include provisions that directly address the
Terrorist Screening Center’s mission of establishing a consolidated Terrorist
Screening Database, the act includes several provisions that require (1) TSA to
assume the airline passenger prescreening function from U.S. air carriers after it
establishes an advanced passenger prescreening system for domestic flights that
utilizes the watch lists integrated and consolidated in the TSDB;151 (2) prescreening
airport personnel against the TSDB prior to allowing them access to
secure/operational airport areas; (3) presceening persons seeking to lease or rent
aircraft over 12,500 pounds (at the operator’s request); (4) a process to be established
by which persons who are identified as security threats based on TSDB watch lists
may appeal such determinations to TSA and have such records, if warranted,
modified to alleviate such occurrences in the future; (5) prescreening passengers on
international flights against the TSDB prior to departure; (6) reports concerning the
criteria used to place persons in the TSDB and the privacy and civil liberty
implications of the further use of the “No Fly” and “Automatic Selectee” lists; (7)
prescreening foreign law enforcement officers against the TSDB prior to providing
them with air marshal training; and (8) prescreening maritime vessel passengers.
Advanced Airline Passenger Prescreening System.152 Section 4012(a)
of P.L. 108-458 requires the Transportation Security Administration Assistant
Secretary for Homeland Security to test by January 1, 2005, an advanced airline
passenger prescreening system that will allow DHS to compare air passenger
information against the “No Fly,” “Automatic Selectee,” and TSDB. Within 180
days of the successful testing of this system, DHS is required to assume the air
passenger prescreening function from U.S. air carriers. The following system
requirements are set out:
! establish a procedure for airline passengers, who are delayed or
prohibited from boarding, because they were identified by the
system as posing a security threat, to appeal such determinations
150 For further information, see CRS Report RS21916, Biometric Identifiers and Border
Security: 9/11 Commission Recommendations and Related Issues, by Daniel Morgan and
William Krouse.
151 The bill refers to the “consolidated and integrated terrorist watch list maintained by the
Federal Government,” which generally describes the TSDB maintained by the TSC.
152 Section 4012(a) amends 49 U.S.C. 44903(j)(2), with a new subparagraph (C).
CRS-44
and, if warranted, have the system’s records modified to alleviate
future delays and inconveniences;
! ensure that federal government databases used by the system to
verify the identity of passengers will not result in large number of
false positives;
! establish an internal oversight board to oversee and monitor the
manner in which the system is being implemented;
! establish sufficient operational safeguards to reduce opportunities
for abuse;
! implement substantial system security measures to prevent
unauthorized access;
! adopt policies for effective oversight of the use and operation of the
system; and
! ensure that there are no specific privacy concerns with the
technological architecture of the system.
In addition, the TSA Assistant Secretary is authorized to require air carriers, and
those providing booking services and systems to air carriers, to supply the necessary
passenger information to begin implementing this system within 180 days of the
completion of testing.
Airport Access and Prescreening.153 Section 4012(a) requires the TSA
Assistant Secretary, in coordination with the Secretary of Transportation and the
FAA Administrator, to screen all individuals who are allowed access to certain
secure/operational areas of airports against the consolidated TSDB prior to being
granted such access.
Chartered and Leased Aircraft Customer Prescreening.154 Section
4012(a) requires the TSA Assistant Secretary to establish a process by which
operators of charter and leased aircraft concerns may request that persons seeking to
lease or rent aircraft with a maximum takeoff weight of greater than 12,500 pounds
be screened against the consolidated TSDB prior to being allowed access to such
aircraft. If such persons are identified as posing a security threat following screening,
then, the operators are authorized to refuse service. In regard to such screening, the
operating requirements set out for the airline passenger screening system (listed
above) are applicable.
Also, under this provision, the Secretary for Homeland Security, in consultation
with the Terrorist Screening Center, is required to develop guidelines and procedures
for the collection, removal, and updating of data maintained in the “No Fly” and
“Automatic Selectee” lists.
Appeal Procedures.155 Section 4012(a) requires the TSA Assistant Secretary
for Homeland Security to establish a timely and fair process for individuals identified
153 Section 4012(a) amends 49 U.S.C. 44903(j)(2), with a new subparagraph (D).
154 Section 4012(a) amends 49 U.S.C. 44903(j)(2), with a new subparagraph (E).
155 Section 4012(a) amends 49 U.S.C. 44903(j)(2), with a new subparagraph (G).
CRS-45
as a threat under provisions described above — regarding airline passengers, airport
access, or chartered and leased aircraft customers — to appeal such determinations
and correct any erroneous information in those records (if warranted). The TSA
Assistant Secretary is required further to maintain records on misidentified and
delayed persons, so that such records include corrected/updated information as well
as information to authenticate their identity.
International Passenger Prescreening.156 Section 4012(a) requires the
Secretary for Homeland Security to issue proposed regulations that will allow the
DHS to attain passenger information for all international flights and compare it to the
consolidated TSDB prior to the flight’s departure. It also requires that the Secretary
establish a “timely and fair” process by which persons identified as a security threat
based on information contained in the TSDB watch lists be allowed to appeal such
determinations to DHS and to correct any erroneous information. As under the TSA
advanced airline passenger prescreening system (for domestic flights), the Secretary
for Homeland Security is required to maintain records on misidentified and delayed
persons, so that such records include corrected information as well as information to
authenticate their identity. For international flights, it is likely that CBP, with the
TSC, would maintain such records as part of their responsibilities to screen
international flights.
Report on Effects on Privacy and Civil Liberties. Section 4012(b) of
P.L. 108-458 requires the Security Privacy Officer of the DHS to submit, within 180
days of enactment, a report assessing the impact of the “No Fly” and “Automatic
Selectee” lists on privacy and civil liberties to the Committee on the Judiciary, the
Committee on Governmental Affairs and Homeland Security, and the Committee on
Commerce, Science, and Transportation in the Senate; and to the Committee on the
Judiciary, the Committee on Government Reform, the Committee on Transportation,
and the Select Committee on Homeland Security in the House of Representatives.
It also requires that this report include recommendations to eliminate or minimize the
adverse effects these watch lists may have on privacy, due process, and civil liberties,
as well as on the possible application of these lists to other modes of transportation.
Furthermore, it requires that the report include analysis on the extent to which the use
of these lists may increase the ability of the Unites States to protect itself from
terrorist attacks.
Report on Criteria for Inclusion in the Consolidated TSDB. Section
4012(c) of P.L. 108-458 requires the National Intelligence Director, in consultation
with the Secretary of Homeland Security, the Secretary of State, and the Attorney
General to report to Congress on the criteria for placing individuals in the integrated
and consolidated TSDB watch lists maintained by the TSC, including minimum
standards for reliability and accuracy of identifying information, the threat levels
posed by listed persons, and the appropriate responses if listed persons are
encountered.
156 Section 4012(a) amends 49 U.S.C. 44909(c), with a new paragraph (6).
CRS-46
Foreign Air Marshal Trainees Prescreening. Section 4018 requires that
foreign law enforcement officers be screened against the TSDB before receiving air
marshal training from DHS.
Maritime Vessel Passenger Prescreening. Section 4071 requires the
Secretary of Homeland Security, within 180 days of enactment, to implement a
procedure by which passengers and crew members on cruise ships embarking or
disembarking passengers at U.S. ports of entry would be (1) compared with the
TSDB to prevent known or suspected terrorists from boarding such vessels, and (2)
selected for additional security screening through the use of “no transport” and
“automatic selectee” lists. For passengers embarking at foreign ports of entry, this
provision provides a waiver for the use of “no transport” and “automatic selectee”
lists if the Secretary deems that use of such lists is impracticable. It would also
authorize the Secretary to require the necessary information from cruise ship
operators in order to comply with the above requirement.
Furthermore, this provision would require the Secretary of Homeland Security,
in consultation with the FBI Director, to design guidelines, policies, and procedures
regarding the maintenance of the watch list database to ensure accuracy and integrity.
Section 4071 would also require the Secretary of Homeland Security to establish a
simple and timely method for correcting erroneous entries and adding clarifying
information to minimize or eliminate false hits and misidentifications.
Possible Issues for Congress
While watch lists have long been maintained by law enforcement and border
security agencies, the Administration’s plans to expand these lists and widen their
dissemination raises issues related to individual privacy and the security of the
nation. For Congress, several immediate issues have emerged or may emerge,
including the following:
! Has the transfer of the TIPOFF terrorist identification function to
Terrorist Threat Integration Center and TIPOFF terrorist watch list
function to the Terrorist Screening Center been accomplished
without degrading the capabilities of other governmental entities
charged with identifying, screening, and tracking known and
suspected terrorists? If not, how and in what way has the system
been improved?
! Has the Intelligence Community provided TTIC (now the National
Counterterrorism Center) with the information necessary to
effectively identify known and suspected terrorists and their
supporters?
! How operational is the Terrorist Screening Center at this time? Will
the Terrorist Screening Database be fully integrated (“dynamically
linked”) with the visa issuance, border inspection, commercial
aviation security systems by the end of CY2004? Has the
Administration committed enough resources to create a single, fully
integrated TSDB?
! How and to what extent should the TSDB be integrated with other
screening systems to expand the network of screening points to
CRS-47
include the Nation’s transportation system and access to other vital
facilities, as recommended by the 9/11 Commission?
! With the bulk of the Nation’s terrorism-related lookout records in a
single, integrated TSDB, what measures have and will be taken to
insure the security of the TSDB?
! Will the TSC Director have a role in evaluating the security and
adequacy of the systems used by screening agencies?
! What measures have been or will be taken to improve the name
search capabilities of NCIC and IBIS?
! How expeditiously will the TSC be able to respond to terrorist-
related NCIC hits made by state and local law enforcement officers?
Is there a bench mark for how long such persons can be stopped for
questioning?
! If persons identified as known or suspected terrorists, or their
supporters, are not arrested or detained, what governmental entities
will be notified of their presence in the United States? What
measures will be taken to monitor their whereabouts and activities
while in the United States? What other actions might be taken by
those to whom the information is disseminated?
! What is the criteria for including persons in the TSDB as suspected
or known terrorists, or their supporters? Will sufficient safeguards
be put in place to protect constitutional rights? Should policies and
guidelines regarding the inclusion of such persons in the TSDB be
made public?
! What redress is or will be available to an individual wrongly placed
on a watch list? Will there be a formal appeals process? If so, what
agency will handle this process?
! What mechanisms will be put in place to audit system users to
determine whether they are abusing the system? Should there be
associated civil or criminal penalties for such abuse?
! Should Congress require the Administration to promulgate
information sharing guidelines to safeguard the privacy of the
individuals about whom the information is being shared, and
establish a board within the executive branch to oversee adherence
to these guidelines, as recommended by the 9/11 Commission?
! Should Congress consider requiring a statutory authorization for the
TSC, the consolidated TSDB, and related activities as a means of
assuring greater accountability?
! Are there cultural or tradecraft issues related to information sharing
that the FBI and other agencies will need to overcome in order to
more effectively share information and properly manage lookout
records for other agencies?
! Would the database and watch list functions be better located and
consolidated in a single executive branch agency with clearer lines
of authority and responsibility?
! Finally, are the TSC and TSDB, and by extension the TTIC,
temporary or permanent solutions?
CRS-48
Conclusion
There is an emerging consensus that the U.S. intelligence and law enforcement
community missed several vital opportunities to watch-list and screen several
conspirators involved in the September 11, 2001 terrorist attacks. Under HSPD-6,
the Bush Administration has taken steps to elevate and expand terrorist identification
and watch-list functions. An oversight issue for Congress — some may maintain one
of the most critical issues — is whether the Intelligence Community is providing the
Terrorist Threat Integration Center with the necessary information to identify
effectively known and suspected terrorists and their supporters.
Endorsing and underscoring measures taken under HSPD-6, the 9/11
Commission has recommended establishing a National Counterterrorism Center on
the foundation of the TTIC. In addition, the Commission has recommended the
further integration of U.S. border security systems with other systems to expand the
network of screening points to include the Nation’s transportation system and access
to vital facilities. The establishment of the Terrorist Screening Center and Terrorist
Screening Database is in part an integration of border security systems with other
screening systems.
These measures, if effectively implemented, will better equip the U.S.
government to screen and monitor the whereabouts of known and suspected
terrorists, and their supporters. Furthermore, working from common terrorist
identities and watch list databases could be an effective mechanism to break down
institutional and cultural firewalls and promote greater interagency cooperation and
data sharing.
Conversely, as the U.S. government pursues a more aggressive policy in
identifying and watch-listing known and suspected terrorists, and their supporters,
there is significant potential for a corresponding loss of privacy and an erosion of
civil liberties. While the Administration asserts that such information will be
collected according to preexisting authorities and individual agency policies and
procedures, it is inevitable that individuals will be misidentified. In such cases, most
would agree that it will be incumbent upon the U.S. government to act swiftly to
correct such mistakes, and, some argue, compensate those individuals for their
inconveniences or possible damages.
In the interest of protecting civil liberties, among other things, the 9/11
Commission has recommended that the President promulgate information sharing
guidelines to safeguard the privacy of the individuals about whom the information
is being shared, and establish a board within the executive branch to oversee
adherence to these guidelines.
Establishing a TSDB by merging watch lists will not likely require integrating
entire systems. Nonetheless, there are likely to be technological impediments to
merging watch list records. From system to system, and watch list to watch list, there
remains no standardization of data elements, such as, name, date of birth, place of
birth, or nationality. In the past decade, moreover, digitized biometrics (principally
fingerprints) have been developed to identify individuals with greater certainty, but
CRS-49
most biometric systems have been developed separately from other systems.
Integrating data from biometric systems into either the TID or the TSDB could be
technologically difficult and costly.
Under HSPD-6, the Administration has established the TSC as a “multi-agency
effort.” At the same time, establishing a consolidated TSDB and effectively
disseminating lookout records to screening agencies, including state and local law
enforcement, is not likely to be a small or short-term endeavor. At this time,
congressional input into this process is confined to oversight by several congressional
committees and appropriating funding to several participating agencies.
Nevertheless, in the National Intelligence Reform Act of 2004 (P.L. 108-458),
Congress has included several provisions that are based in part on the 9/11
Commission’s recommendations related to expanding intelligence and law
enforcement operations aimed at intercepting terrorists and constraining their
mobility. Several of these provisions endorse and build upon measures already taken
under HSPD-6.
CRS-50
Appendix A. Frequently Used Abbreviations
To aid the reader, the following list of abbreviations is provided.
APIS
Advanced Passenger Information System
CA
Bureau of Consular Affairs
CAPPS
Computer-Assisted Passenger Prescreening System
CIA
Central Intelligence Agency
CBP
Bureau of Customs and Border Protection
CLASS
Consular Lookout and Support System
CT WatchCounterterrorism
Watch
CTC
CIA’s Counterterrorism Center
CTD
FBI’s Counterterrorism Division
DCI
Director of Central Intelligence
DHS
Department of Homeland Security
DIA
Defense Intelligence Agency
DOD
Department of Defense
DOJ
Department of Justice
DOL
Department of Labor
DOS
Department of State
FBI
Federal Bureau of Investigation
FOIA
Freedom of Information Act
FTTTF
Foreign Terrorist Tracking Task Force
HSPD-6
Homeland Security Presidential Directive 6
IAFIS
Integrated Automated Fingerprint Inspection System
IAIP
Information Analysis and Infrastructure Protection Directorate
IBIS
Interagency Border Inspection System
ICE
Bureau of Immigration and Customs Enforcement
IDENT
Automated Biometric Fingerprint Identification System
INA
Immigration and Nationality Act
CRS-51
INR
Bureau of Intelligence and Research
INS
Immigration and Naturalization Service
JMD
Justice Management Division
JTTF
Joint Terrorism Task Force
LEO
Law Enforcement Online
MOU
Memorandum of Understanding
NAILS II
National Automated Border Inspection System II
NSA
National Security Agency
NCTC
National Counterterrorism Center
NCIC
National Crime Information Center
NJTTF
National Joint Terrorist Task Force
NTC
National Targeting Center
RISS
Regional Information Sharing System
TID
Terrorist Identities Database
TSA
Transportation Security Administration
TSC
Terrorist Screening Center
TSDB
Terrorist Screening Database
TTIC
Terrorism Threat Integration Center
U.S.-VISIT
U.S. Visitor and Immigrant Status Indicator Technology Program
VGTOF
Violent Crime and Terrorist Organization File