安全间隙改革 - 乐动登陆,乐动冠军,乐动体育赛事

安全检查改革=======================================================================================================================================================================================================================================================================================================================================================================================================================================================================================在美国国会第一百一十届常设特别委员会第一届大会第一届会议情报，2008年打印供委员会使用美国政府印刷局41-733 PDF华盛顿特区：2008--------------------------------------------------------------------由美国政府印刷局文件总监出售互联网：bookstore.gpo.gov电话：免费（866）512-1800 DC区（202）512-1800传真：（202）512-2250华盛顿特区SSOP邮件站20402-0001德克萨斯州西尔维斯特·雷耶斯情报常设特别委员会主席莱昂纳德·博斯韦尔爱荷华州彼得·霍克斯特拉密歇根州罗伯特·E.（巴德）克拉默阿拉巴马州特里·埃弗雷特阿拉巴马州安娜·G·埃肖加利福尼亚州埃尔顿·加莱利加利福尼亚州拉什·D·霍尔特新泽西州希瑟·威尔逊，新墨西哥州C.A.荷兰RUPPERSBERGER、马里兰州MAC THORNBERRY、德克萨斯州JOHN F.TIERNEY、马萨诸塞州JOHN M.McHUGH、德克萨斯州MIKE THOMPSON、加利福尼亚州TODD TIAHRT、堪萨斯州JANICE D.SCHAKOWSKY、伊利诺伊州MIKE ROGERS、密歇根州JAMES R.LANGEVIN、罗德岛州DARRELL E.ISSA、加利福尼亚州PATRICK J.MURPHY、宾夕法尼亚州ADAM B.SCHIFF、，加利福尼亚州南希·佩洛西，加利福尼亚州，议长，当然委员约翰·A·博纳，俄亥俄州，少数派领袖，当然委员迈克尔·德莱尼，工作人员总监，安全许可听证会-----2008年2月27日，星期三，众议院，情报常设特别委员会，情报社区管理小组委员会，华盛顿特区。小组委员会根据召集，于上午9时31分在英国坎农大厦340室举行会议。Anna G.Eshoo（小组委员会主席）主持会议。出席：代表埃肖、霍尔特、鲁珀斯贝格、蒂亚赫特和伊萨。埃肖主席。好的，我想我们开始吧。大家早上好。谢谢你来这里。我再次对你在12月漫长的等待表示歉意，也向小组委员会表示歉意。正如我非正式地告诉你们的那样，这一天我们在场上的一切很快就变成了一片混乱。你们的时间和其他人的时间一样重要，所以，再一次，我为今天上午的重要听证会表示歉意和欢迎。安全检查是通往国家安全机构的大门。情报界的每个人都必须拥有安全许可证才能开展工作，不仅是政府雇员，还有制造卫星、维护计算机系统和保护政府官员的承包商。安全审查程序从根本上影响到情报机构雇用谁，各机构如何共享信息和协调，以及我们如何阻止和防止间谍活动。多年来，我们的安全系统一直受到延误和效率低下的困扰。我认为，这损害了我们的国家安全，因为这使得雇佣优秀人才变得更加困难，而这些人不能等待数月，有时甚至数年才能知道他们是否有工作。这伤害了承包商，因为他们无法以足够快的速度获得许可，对保密项目进行投标。清关制度主要是为冷战时期发展起来的，当时人们关心的是共产主义。在这种环境下，我们倾向于排除那些在海外有亲戚的人。这意味着我们的情报界不是很多元化。今天，我们需要能够在全世界融合这一点的人。我们需要了解恐怖分子可能藏身的国家的文化背景和语言的人。在制定清关制度时，我们处理的是纸质记录，而不是电子文件。调查人员敲门；我认为，在很多情况下，他们仍然这样做。如今，人们通过互联网进行无纸化、复杂的金融交易，并使用社交网络程序。因此，我们必须找到方法，在审批过程中利用这些技术发展来简化系统并识别安全风险。三年前，国会通过了《情报改革和防止恐怖主义法》。立法规定了一些要求，以改进政府范围内的安全检查程序。众议院军事委员会最近举行了与本次类似的听证会，讨论国防部在改进安全许可程序方面的进展。该委员会监督的许多机构负责自己的安全检查程序，因此，可能对政府的进展有不同的看法。我希望证人——再次欢迎你们每一个人——将解决几个关键问题。第一，与政府其他部门相比，情报部门如何处理他们的安全审查程序？第二，情报机构目前的安全检查程序有哪些优点和缺点？第三，我们如何评估安全许可改革试点计划的有效性？四，呵呵w do we ensure that the security clearance process helps meet our Nation's goals to hire good people and to protect classified information? So those are the key areas I think that we need to explore. Today's witnesses are the Honorable Clay Johnson, III, Deputy Director for Management at OMB; Mr. Eric Boswell, Assistant Deputy DNI for Security; Ms. Kathy Dillaman, Associate Director of the Federal Investigative Services at OPM; Ms. Brenda Farrell, the Director of Military and Civilian Personnel and Health Care--this is a real mouthful--Defense Capabilities and Management at the GAO. Mr. Johnson, Mr. Boswell and Ms. Dillaman will provide testimony about the efforts to transform the security clearance process, and Ms. Farrell is going to provide the members with historical perspective on the challenges we faced in the past with the security clearance process and what strengths and weaknesses exist in the current system. The GAO has issued many reports over the last decade, decade and a half. I have plowed through several of them, and they are highly instructive, and I thank you for your work. She is also going to advise committee members on what objective metrics we should use to evaluate the progress under the administration's reform efforts. So we look forward to the witnesses' testimony. And I would like to welcome and recognize Mr. Issa, another member of the California congressional delegation, who is the distinguished ranking member of the subcommittee. Mr. Issa. Mr. Issa. Thank you, Madam Chair. This is the California subcommittee of the House intelligence. Mr. Johnson, Ambassador Boswell, Ms. Dillaman and Ms. Farrell, there is nothing more bipartisan on the House Intelligence Committee than, in fact, getting the clearance process right. Your testimony is greatly appreciated. And reforming the security process will be the subject today, and I do appreciate that there have been improvements. The development of electronic forms and that reduction of paperwork and the continuity is a critical direction that was long overdue. But we still hear of major concerns in a number of areas, most notably the Arab, Muslim and the other communities of outreach most essential if we are to understand and be able to make effective contact in the areas that, today, occupy most of our defense and intelligence resources. Our intelligence community relies heavily upon domestic, human assets to analyze information from areas of the world that are quite alien to us. One of the most important and volatile areas of the world, the Middle East, is an area in which the people analyzing it often have no firsthand knowledge of that part of the world. Americans with such knowledge apply for security clearances every day, in hopes that they can serve their country in an intelligence capacity. Sadly, many applicants are turned down because of foreign contacts they maintain in the Middle East. While we need to ensure that security clearances only go to applicants whose loyalties to the United States are unquestionable, we should not assume that individuals' allegiances are suspect simply because they have friends or family in the Middle East. The very reason they have detailed knowledge of the reason and its language and its customs is primarily because of those contacts and their history. The Intelligence Director, Mike McConnell, addressed this issue of hiring Arab and Muslim Americans at his nomination hearing over a year ago. Though he is not here today, I am interested to hear what the Intelligence Community has done under his leadership to improve the ability of Arab Americans and others to successfully apply for security clearances. Beyond the specific issue of Arab-American security clearances, Congress has tried to improve the security clearance process by placing certain provisions in the Intelligence Reform and Terrorism Prevention Act of 2004. That required the administration to drastically reduce timelines and modernize the process by leveraging technology. Unfortunately, we did not address the broader issues, such as how facility clearances are obtained and maintained, how information systems are certified and accredited. And I understand that, in addition to gaining personnel clearances, both the security-related issues greatly impact industry's ability to deliver capability on behalf of the Nation's security. In short, we do not have a system for a cleared defense contractor or contract person to go from facility to facility and take, in a seamless way, their capability with them. I appreciate the fact that the Intelligence Community has found ways to make it relatively easy for Members of Congress to travel around the world to both public and private places, and somehow our clearances quickly arrive, and we seem to always be well-screened and immediately put through. It would be wonderful if that same level of capability were there for all of those who have real need to know and real contribution to give. Also, I understand the administration has designated the Office of Personnel Management, OPM, as the lead agency for security clearance reform efforts. My question is, does the OPM own the entire end-to-end process? I rather doubt it. I understand that the impression that the OPM performed all background investigations is simply not true. The adjudication and access granted individually by each agency and each agency having their own individual process makes it impossible to truly say that the OPM is anything other than an interesting umbrella group. I am not proposing today that we strip individual agencies of their capability to make the final decisions, but it is very clear that if we are to have a 30-day or 60-day clearance process to become a reality, that we are going to have to have a single form, a single sheet, a single process, and ultimately a take-it-or-leave-it by the various agencies. That does not exist today. I am looking forward to your testimony and the questions beyond the scope of just this introduction. And I thank you very much for being here today. And hopefully OPM-bashing is not what you interpret that I am doing, but rather recognizing that, inherently, if we give a lead agency some authority but not all authority, we really give them no authority. Thank you, Madam Chair. And I yield back. Chairwoman Eshoo. Thank you, Mr. Issa. I call on Mr. Tiahrt, a diligent, thoughtful member of the subcommittee and the full committee. Mr. Tiahrt. Thank you, Madam Chair. And I guess I am from eastern California. Mr. Issa. We will make you honorary for today only. Mr. Tiahrt. I am glad to be here from Kansas. I am very concerned about the clearances. I do have a hearing at 10 o'clock, and I am the ranking member and have to attend. But I appreciate the testimony and especially the good work the GAO has done. And I am looking forward to whatever the comments are going to be. Chairwoman Eshoo. Thank you. Thank you for being here this morning. We will start with Ambassador Boswell, with his testimony, and move across the table. And I think, if I might suggest this, that you keep your comments brief or maybe summarize what you would like to say, so that we can have a good give-and-take in asking questions and really drill down to some of these areas. I know you come fully prepared. I don't want you to think we are diminishing what you have to offer. But I think, in these hearings, the more we get to ask questions and hear your answers, there is a fullness of what we will draw out of the hearing. So, again, good morning. And thank you to you, Ambassador Boswell. This is your time. STATEMENTS OF MR. ERIC BOSWELL, ASSISTANT DEPUTY DIRECTOR OF NATIONAL INTELLIGENCE FOR SECURITY; HON. CLAY JOHNSON, DEPUTY DIRECTOR FOR MANAGEMENT, OFFICE OF MANAGEMENT AND BUDGET; MS. KATHY L. DILLAMAN, ASSOCIATE DIRECTOR, FEDERAL INVESTIGATIVE SERVICES DIVISION, OFFICE OF PERSONNEL MANAGEMENT; MS. BRENDA S. FARRELL, DIRECTOR OF DEFENSE CAPABILITIES AND MANAGEMENT, GOVERNMENT ACCOUNTABILITY OFFICE STATEMENT OF ERIC BOSWELL Mr. Boswell. Thank you, Madam Chairwoman. I am happy to be here at this ``California subcommittee.'' I feel quite at home here; I am a California resident myself. Mr. Issa. They will all move to California eventually. Mr. Boswell. Chairwoman Eshoo, Mr. Issa and distinguished members of the subcommittee, thank you for the opportunity to be here to discuss security clearance reform. I am very pleased to be with my colleagues, Mr. Clay Johnson, Ms. Kathy Dillon, and my GAO colleague. As this subcommittee is very aware, the Intelligence Reform and Terrorism Prevention Act of 2004 established the first-ever legislated measures of success with regard to the timeliness of security clearance processing with goals for 2006 and 2009. While helpful, these measures include only the investigation and adjudication segments of the process and do not, on their own, provide for end-to-end process performance measures nor capture all of the opportunities for improvement that would result in a timelier, less burdensome process for applicants. While the Intelligence Community agencies that conduct their own investigations and adjudications are compliant with current IRTPA goals, the existing process is not, in our estimation, likely to allow these agencies to achieve the additional efficiencies to meet the 2009 objectives. Recognizing that transformational change will be required to meet such future need, the Director of National Intelligence has agreed that security clearance reform should be a top priority, as evidenced by its inclusion in his 100-day and 500- day plans. The DNI's call for improvements to the security clearance process is matched by the Secretary of Defense, who has placed security clearance reform as one of the Department of Defense's top transformation priorities. The intelligence and defense partnership on this issue is a driving force in shaping the efforts to achieve meaningful change. Together, these senior leaders established the Joint Security Clearance Process Reform Team, which I will call the Joint Team from here on. The two leaders of this team are behind me here: John Fitzpatrick, who is Director of the Special Security Center at the ODNI, and Elizabeth McGrath, who is a Deputy Under Secretary for Defense. The Joint Team conducts its activities with the oversight and concurrence of OMB and the participation of other agency partners. Most notable in this regard is OPM, whose Director has joined the DNI, DOD and OMB as a champion of the newly integrated security and suitability reform effort. This expanded partnership highlights the finding that the process for determining eligibility for access to classified information, suitability for Federal employment, eligibility to work on a Federal contract, and granting access to federally controlled facilities and information systems rely on very similar background data. However, the processes for collecting and analyzing that data are not sufficiently coordinated. Therefore, the overall scope of the reform effort now encompasses aligning security clearances and Federal employment suitability to ensure that the executive branch executes these authorities within a framework that maximizes efficiency and effectiveness. The importance of this project was underscored on February 5th of this year when the President issued a memorandum acknowledging the work of the combined group and directing the heads of executive departments and agencies to provide all information and assistance requested by the Director of OMB in this important endeavor. The memo also directs the Director of OMB, the Director of OPM, the Assistant to the President for National Security Affairs, the DNI and the Secretary of Defense to submit to the President an initial reform proposal not later than April 30, 2008, that includes, as necessary, proposed executive and legislative actions to achieve the goals of this reform. In the current phase of its activity, the Joint Team is conducting concurrent work in three areas: information technology, policy development, and targeted demonstration activity that seeks to validate innovations in the new process design. The primary innovations driving the transformation involve the use of more automated processes and data-collection mechanisms that aim to significantly reduce processing times across the security clearance life cycle by eliminating manual, time-consuming processes. The new process proposes the use of new investigative tools, an end-to-end information management system, a continuous risk-management philosophy, and efficient standardized business practices. There is more detail on this in my statement for the record. While the Joint Team will make every effort to identify and recommend deployment of near-term improvements, it is equally important to note that end-to-end transformation across the government will take time, resources and the concerted effort of all implementing agencies. In another important area, an area that Mr. Issa mentioned in his statement, modifications to Intelligence Community hiring policies are being made to allow for the hiring of first- and second-generation Americans or ``heritage'' Americans. This effort includes careful consideration of ways to balance risk while increasing opportunity for such citizens to be considered by the clearance process. We have studied existing programs within the community that may offer a model for other IC agencies to build upon. We fully expect a near-term outcome of this DNI-level policy change to result in more applications from heritage Americans and ultimately a more robust mission capability within the IC. I am confident that sufficient executive commitment exists to ensure that security clearance reform will be achieved. Madam Chairman, that concludes my statement, and I welcome any questions. [The statement of Mr. Boswell follows:] [GRAPHICS NOT AVAILABLE IN TIFF FORMAT] Chairwoman Eshoo. Thank you. I would like to welcome to the hearing this morning Congressman Holt, another diligent, very thoughtful, intelligent member of this subcommittee. Mr. Johnson, welcome. And we look forward to your testimony. STATEMENT OF CLAY JOHNSON Mr. Johnson. Thank you. Chairwoman Eshoo, Ranking Member Issa, members, thank you for having this hearing today. I will be very, very brief, so we can get to questions, and I will try not to duplicate what I know Kathy is going to talk about and what Eric has already talked about. I want to make it very clear to this committee that significant progress--significant progress--has been made to reform the security clearance process. Yes, the emphasis has been on improving the timeliness of the process, but that has been the primary problem. There are other issues, which you have identified in your opening statements, but the primary issue that we have been addressing here is the primary issue, which is timeliness. We talked about the opportunity for technology and paperless, quicker access to electronic records and so forth being a huge opportunity. Our focus to date, for the last 2 years, has been--while we have developed plans to pursue these other opportunities, our primary focus in the last 2 years has been on the basics, which is expand the capacity to do the work--that was the primary problem--and to improve the accountability for doing the work as called for. We have accomplished that. Kathy will talk about the investigative capacity expansion at OPM. But we have made significant strides. This is great, but we are not where anybody wants to be. The Intelligence Community I think reluctantly agrees that there has been some improvement, but they believe that there is more to go still, and we do too. And everybody wants to be at a different place than we are now, even though we have made significant strides. Currently, it takes too long to retrieve all records and information. It takes too long to adjudicate particularly industry requests. And it takes too long to move information and files around. Longer term, as Eric talked about, we need to transform the system. There is a very impressive effort under way, involving everybody, to make this happen. I am confident that we are going to end up where we want to be. One of the really fantastic parts about this process is everybody wants this to work. Everybody is committed to making this happen. Nobody likes any aspect of the current state of affairs. Industry wants it to change, agencies want it to change, you want it to change. There is not divisiveness on this. It is, ``Let's do it, let's do it well, and let's do it magnificently.'' And that is our plan. And our goals are high, and we are working very hard on it and making great strides. [The statement of Mr. Johnson follows:] [GRAPHICS NOT AVAILABLE IN TIFF FORMAT] Chairwoman Eshoo. Thank you. Ms. Dillaman. STATEMENT OF KATHY DILLAMAN Ms. Dillaman. Madam Chairwoman, it is my privilege to be here today to testify on behalf of the Office of Personnel Management and to provide you an update of the progress we have made thus far, plus our continuing reform efforts. As you know, OPM's mission is to ensure the government has an effective civilian workforce. To accomplish this mission, we provide the background investigations for over 100 Federal agencies that are used to support suitability decisions and security clearance determinations. Last year, we conducted over 2 million investigations. As you noted, we are not responsible for all of the government's background investigations, but we do handle 90 percent, with delegations to the Intelligence Community for the balance. We do, however, support the Department of Defense entirely, including their industrial clearance investigations. Since implementation of the Intelligence Reform Act, we have made significant progress in improving the overall timeliness and eliminating the backlog of investigations. We have focused on four critical areas that have to be managed effectively to make this progress efficient: first, workload projections; then the processes agencies use to request investigations; the investigations; and the adjudication processes. To staff the investigations and adjudications programs responsibly, clearance-granting agencies have to be able to project their workload needs annually. We have established a goal of a 5 percent margin, and significant progress has been made in getting agencies to project effectively. For the submission processes, that previously was a very labor-intensive paper process, a form filled out every time you had to go through the process, again and again. We have expanded OPM's Web-based online system. It is called the Electronic Questionnaires for Investigations Processing, e-QIP, which allows subjects to fill out their information online and eliminates the paper. This allows them to submit the request to their governing agency, and, in turn, they can submit the request to us. For the first quarter of fiscal year 2008, 83 percent of the clearance investigations we received to conduct were submitted electronically. Fourteen agencies and Department of Defense's industry submissions are at 100 percent electronic submission. For investigations timeliness, the Intelligence Reform Act required that, by the end of the 2006, 80 percent of the background investigations for initial clearances be completed in an average of 90 days or less. We have exceeded that statutory goal. In fact, of the 586,000 initial clearance investigations we received to process in fiscal year 2007, 80 percent were completed in an average of 67 days. Top Secret took 92 days. Those are much more extensive. And Secret/ Confidential took an average of 63 days. We have increased our staff to over 9,400 Federal and contractor employees. And, as a result, there is no backlog of investigations related to insufficient resources. While eliminating the backlog, we have substantially reduced the time it takes to complete the investigations. Other factors have contributed to this improvement. Working closely with Federal, State and local agencies, we have improved processes for obtaining third-party information, getting the required records we need much faster. We are not done yet; there is still work to be done. But great improvements have been noted. We have worked closely with the Department of Defense and the State Department, and we have deployed an international team to get the required overseas coverage necessary. In fact, in 2007, we had 360 agents who were detailed abroad, and they completed more than 24,000 international contacts or record searches. While improving the timeliness of investigations, we have also been vigilant in maintaining the quality of those investigations. Our training programs and material, as well as our internal quality-control processes, ensure that the investigations we conduct meet the national investigative standards and the needs of the adjudication community. We are also continuing to work with the agencies to reduce the time it takes to deliver completed investigations between OPM and the adjudicating offices and for them to record their adjudication action in a central records system. This includes implementation of an imaging system that lets me move completed investigations in an electronic format to the adjudicating offices. Last year, we went online with Department of Army, and to date we have sent over 113,000 investigations to them electronically, making the process between OPM and Army virtually paperless. We anticipate up to 10 more agencies this year will come online with receiving electronic submissions. We are also continuing to optimize our current processes by maintaining adequate staffing, building partnerships with information suppliers, and through greater use of information technology. EPIC, which is our automated suite of tools that support investigations and adjudications, will allow for total, end-to-end paperless processing for those agencies that are prepared to use them. We are also partnering, as I noted, with the Office of the Director of National Intelligence and the Department of Defense for more significant reforms to the overall process. This reform effort is challenging traditional processes, from application through adjudication. The ultimate outcome will be a governmentwide system that continues to protect national security through modern processes that are secure, dependable, scaleable, time- and cost-efficient. This concludes my remarks. I would be happy to answer any questions you have. [The statement of Ms. Dillaman follows:] [GRAPHICS NOT AVAILABLE IN TIFF FORMAT] Chairwoman Eshoo. Thank you. Ms. Farrell. STATEMENT OF BRENDA S. FARRELL Ms. Farrell. Madam Chairwoman, with your permission, I would like to summarize my written statement. I promise you that my remarks won't be as long as the written statement, but I think it will be a good segue into the conversation that you wish to have today. Chairwoman Eshoo. Thank you. Ms. Farrell. Thank you for the opportunity to be here today to discuss the Federal Government's personnel security clearance reform efforts. My remarks today are based on GAO's numerous reports that give us a historical view of key factors that should be considered in clearance reform. Our reviews have identified delays and other impediments in DOD's program, which maintains about 2.5 million clearances, including clearances necessary to carry out intelligence functions. These longstanding delays resulted in our adding the DOD personnel security clearance program to our high-risk list in January of 2005. In the past few years, several positive changes have been made to the clearance processes because of increased congressional oversight, recommendations from our body of work, and new legislative and executive requirements, most notably the passage of the Intelligence Reform and Terrorism Prevention Act of 2004, which many of you had a hand in passing. One important change is the formation of an interagency team, of which members of that team are present here today on the panel. The interagency team plans to deliver a transformed, modernized, fair and reciprocal security clearance process that is universally applicable to DOD, the Intelligence Community and other U.S. Government agencies. Two of the four key factors in my written statement essential to the interagency team achieving the goal of reciprocal security clearance process involve: one, incorporating quality-control steps; and two, establishing metrics for assessing all aspects of the process. First, government agencies have paid little attention to quality, despite GAO's repeated suggestions to place more emphasis on it. For example, the government uses the percentage of investigative reports returned for insufficiency during the adjudicative phase as the primary metric for assessing quality. As you may know, GAO has identified this metric by itself as inadequate. Prior work examined a different aspect of quality: the completeness of documentation in investigative and adjudicative reports. We found that OPM provided incomplete investigative reports to DOD adjudicators, which the adjudicators then use to determine Top Secret eligibility. Almost all, 47 of 50, of the sampled investigative reports GAO reviewed were incomplete based on requirements in the Federal investigative standards. In addition, DOD adjudicators granted eligibility without requesting additional information for any of the incomplete investigative reports and did not document what they considered some adjudicative guidelines when adverse information was present in some of those reports. In addition, our October 2007 report documented the reluctance of some agencies, particularly the DHS and the FBI, to accept clearances issued by other agencies. To achieve greater reciprocity, clearance-granting agencies need to have confidence in the quality of the clearance process. The second key factor I wish to discuss is establishing metrics for assessing all aspects of the clearance processes. Many efforts to monitor clearance processes emphasize measuring timeliness, but additional metrics could provide a fuller picture of the clearance process. Similar emphasis on timeliness appears to be emerging for the future of governmentwide clearance process. In the DNI's 500-Day Plan for Integration and Collaboration, the core initiative to modernize the security clearance process identified only one type of metric--processing times--about how success will be gauged. GAO reports have highlighted a variety of metrics that have been used to examine clearance programs, such as: one, completeness of investigative and adjudicative reports; two, staff and customers' perceptions of the processes; and three, the adequacy of internal controls. Including these and other types of metrics could add value in monitoring clearance processes and provide better information to allow greater congressional oversight. In summary, the current interagency team to develop a new governmentwide security clearance system represents a positive step to address past impediments and manage security reform efforts. Still, as already noted by the panel members, much remains to be done. And GAO stands ready to assist the Congress. Thank you, and I am ready for questions when you are. [The statement of Ms. Farrell follows:] [GRAPHICS NOT AVAILABLE IN TIFF FORMAT] Chairwoman Eshoo. Thank you very much, to each one of you. Let me start this off with an observation. I think that some progress is being made. I am encouraged by what the President called for. I am encouraged with the work and some of the statistics that are offered. I mean, I did read all of the backup. And I would like to acknowledge all of our staff, both from the majority and the minority side of the committee, because, without them, we wouldn't have what is presented to us and help set up the hearings. So I want to acknowledge their very fine work. They care about this, and they help carry us. Let me start out with what is the directive of the Congress, which is the IRTPA. We have---- Mr. Issa. We could have done better on the acronym, couldn't we? Chairwoman Eshoo. Exactly. We could have, Darrell. We could have. At any rate, that legislation set forth requirements in the area of reciprocity, and I want to examine that. There were at least four requirements that were set down in that that all agencies--I think you know what they are, so I don't have to repeat them. What we have learned from a roundtable that the subcommittee had is the FBI acknowledged, in the roundtable, that neither the FBI or DHS, they do not have a clearance reciprocity with other agencies 3 years after the enactment of the legislation. Do any of you want to comment on that? In the interagency team, has that been addressed? Has it been examined? Can you tell us more about that? Because I think that there is a shortcoming there; at least this is what they have told us. Mr. Johnson. Eric needs to talk about the Intelligence Community. And Kathy needs to correct me if I am wrong on this fact, but the clearest indication of there not being reciprocity is an agency requests a new investigation of somebody that already has an investigation for a clearance level at the level that they are going to have at the new agency. My understanding is that if somebody requests that OPM does an investigation and they already have a clearance for that level, Kathy does not do the investigation. Chairwoman Eshoo. So does that leave a gap? Are we where we need to be? Ms. Dillaman. No, I don't believe we are where we need to be. But there are controls in place. Last year, I think, we rejected about 25,000 requests, where agencies came in and asked for unnecessary investigations. They were forced to not duplicate the process. Now, we conducted 800,000 clearance investigations last year. And so that is certainly one indicator. And I don't believe that is just malicious, not accepting other agencies. Sometimes it is just not using the transparency we have made available into the clearance actions. One of the requirements of the act was that there be a national database of clearances so that there would be transparency. Now, OPM and the Department of Defense, together, have linked the master databases that provide for transparency into someone's clearance. If you looked at my record, you would see that there is a Top Secret clearance, sponsored by the Office of Personnel Management, based on an investigation that was conducted. That database is made accessible across government to all agencies. Now, it does not include the clearances in the Intelligence Community, by the very nature of those clearances in that data system. If we had tied those systems together, it would have made the whole system classified, and then it would not be usable to a broad section of the government. Chairwoman Eshoo. Was it the Congress' directive in the legislation that has produced this, or is it that we simply haven't gotten to it? Ms. Dillaman. I think it is the practical understanding that, by and large---- Chairwoman Eshoo. What does that mean? Ms. Dillaman. By and large, outside of the Intelligence Community, the need for transparency into the investigative and adjudicative history of an individual is outside of the classified arena. Within the Intelligence Community, that is maintained. And so, instead of one system, there are two: the system that is OPM and DOD tied together, which has 90 percent of the unclassified clearance information, and that inside the Intelligence Community, which I am sure Eric can discuss. Mr. Johnson. Let me say that I contend that reciprocity of security clearances exists. Are there exceptions? Sure. What does not exist is, to my knowledge--I believe this is true--is reciprocity of suitability clearance. You have had an investigation that deems you suitable for employment--forget security clearance--that deems you suitable for employment at the Interior Department. Now you are being considered for employment at the Treasury Department. Forget the clearance. Suitability, that is a separate process. And we did not, nor did IRTPA, charge this group---- Chairwoman Eshoo. Let's call it the legislation. Mr. Johnson [continuing]. The legislation charges us to look at suitability. But everybody has agreed, which is why the task force now looks at aligning suitability issues of this sort with clearance issues of this sort. Because to reform one without the other leaves a broken system. But I generally will contend--and, again, if it is not a fair statement, let me know, let the committee know--that clearance reciprocity exists; suitability reciprocity does not. Chairwoman Eshoo. And why do you think that is the case? What contributes to that? Ms. Dillaman. I think suitability is a little different science, in that it considers the position that the individual is applying for. Let me give you an example. An individual may have a Top Secret clearance with an agency and, in their past, have a history of drug use, but considering the whole-person concept, it was not sufficient to deny a security clearance. At the same time, that person may not be suitable for all positions across government, especially if there is a nexus between drug use and the position, like a DEA agent would be. There are other types of disqualifiers where the individual may get a clearance in one agency but not be suitable to work in another type of position. Chairwoman Eshoo. Aren't these all processes, though? Aren't the results the same? And that is that it inhibits the movement of people, jobwise, obviously, suitability clearance? I mean, they are all connected. They are not, in my view--I mean, they are---- Mr. Johnson. But there are separate rules and statutes and so forth. So that is why the committee is looking at it. Chairwoman Eshoo. Where are we---- Mr. Johnson. Take Kathy's example of somebody who is moving to an agency where drug use is an issue. It would be appropriate to dig deeper on the issue of their past drug usage, to look at whether they are suitable to work at DEA. Chairwoman Eshoo. Don't you think just common sense would dictate that that might be an issue, no matter where someone is? At what agency is it acceptable for someone to have a drug- use background? It doesn't make sense to me. Mr. Johnson. If drug use was 30 years ago in college. Chairwoman Eshoo. Timeliness. Okay. Mr. Johnson. What we want to make sure doesn't happen is, if you want to dig deeper on one issue, you don't begin the investigation all over again. You accept the investigative work, if it is current, done to date, and you add to it. And that is not the case in most of these situations or historically, where if you needed to look at something in greater detail, you looked at the whole thing all over again. And that is the absence of reciprocity. Reciprocity means look at additional things but accept what has already been done. Mr. Boswell. Madam Chair, can I jump in with one thing? Chairwoman Eshoo. Certainly. Mr. Boswell. Within the IC, reciprocity works pretty well. It is the rules of the road, and it operates. The IC is served by one common database, as Kathy mentioned. It is a classified database, for good reasons. I think what we are talking about here, though, is that we need a database for the government. Reciprocity is not well-served by the existing architecture, the IT architecture. And we are working, in the Joint Team, to try to find some way to make that happen. Chairwoman Eshoo. I appreciate your adding that, but one of my favorite subjects is technology. Obviously, my district is the driver of it. Mr. Issa. Our State, you mean. Chairwoman Eshoo. Our State. Thank you. Our district makes our State that much better, and our country. But the requirements of the legislation really set forward several areas. The evaluation is supposed to assess the application of technologies in at least five areas: granting interim clearances--you know what they are--expediting the initial security clearance processing, including the verification of information submitted by the applicant; ongoing verification of suitability--we have touched on that; the use of technologies to augment the periodic investigations; and assessing the impacts of the above, without going into the detail of it. It is my understanding that only one area has been addressed, and that is expediting the initial security clearance process. And I would like you to comment on that. Is this incorrect? What are the timelines for the other four areas? I can't help but think that there must be some frustration on the part of people representing the various parts of this system, because you are working hard to make up for, I shouldn't say, the sins of the past, in order to revolutionize the system. But in oversight, we want to drill down on where there are still, you know, some shortfalls. And so I would ask you to comment on that. And then I am going to go to Mr. Issa for his questions. Mr. Johnson. I should have been listing the four items in particular. But when the full reform effort began in 2006-- latter part of 2005, and began to see some impact in 2006--the priority was placed on initial investigations versus reinvestigations. And there, as a result, has been--it was capacity and accountability which was the primary focus. So, as a result of that, significant--significant-- improvement had been made in the time it takes to investigate-- first of all, at the beginning, the time it takes to get a request for an investigation from the person signing it to the investigative entity, the time it takes to investigate it, and the time it takes to adjudicate it. There have been significant improvements in adjudication timeliness, investigative timeliness, transmission of the original application timeliness. So the whole process has made significant strides. The other three areas were? Chairwoman Eshoo. Well, one of them is granting interim clearances. I mean, that was one of the--that was supposed to come out of this. Ongoing verification of suitability of personnel with access to classified information. The use of technology to augment---- Mr. Johnson. The technology pieces that we have focused on have been an idea toward timeliness and given current technology--the deployment utilization of the technologies that exist today. So that has been e-QIP, as Kathy talked about. That has been transmission of files from the investigative unit to the adjudicated unit, which can cut weeks off of this process. The longer-term issues, like an entirely different architecture for the database, going paperless, all of the things that have huge potential are still before us. They are longer-term issues that require investment of funds; it is technology that does not exist today. Another form of technology application here has been getting access to digital records as opposed to paper records. Kathy has done a great job working with different industries and database record sources to be able to accomplish that. So there has been attention to that. I wouldn't say that the community is frustrated over where it is; the community is quite proud of what has been accomplished. But the goals laid out by IRTPA, for all the right reasons, are very, very aggressive. And that is our goal. Our goal is to completely change this and take it to several- orders-of-magnitude-greater levels of performance, and that is what our focus is. Chairwoman Eshoo. I think what was spelled out in the legislation is really needed. When one goes through and reads the GAO reports that have been issued over quite a long period of time, it is a system that really needs overhaul. I am glad that we are taking some steps. I think we still have a ways to go. Let me acknowledge my friend and colleague, Mr. Issa. Mr. Issa. From the telecom valley of the south. One of the challenges we face--you know, certainly, if we looked at industry and we said, ``Would you do things the way we were doing them 3 years ago?'', the answer--those truths were self-evident, that they had long ago given up the systems we were using. But let's take a company; let's take General Motors. Could you imagine if an executive in the Chevy division were transferred to the Cadillac division and they said, ``Well, yeah, we know you took a polygraph''--I am stretching this a little--``a polygraph in the Chevy division, but we have our own people, and we are going to re-ask you the same questions in order to employ you in the Cadillac division.'' Would that be considered to be one company? You know, Ambassador, on the base it of all, the fact that we still--or, Ms. Farrell, I know you have looked at this--the fact that we still repolygraph people when they move, looking at the same data, at a desk next to each other, but if they move from ownership of one agency to another, we repolygraph them, in some cases. Is there any basis under the intent of Congress to continue doing that? Mr. Boswell. If I can touch on that, first, I think that reciprocity within the Intelligence Community works rather well. And, second, I would like to get on the record that I don't---- Mr. Issa. Is this the part that you think works well, though? Mr. Boswell. Reciprocity of security clearances. We also have, obviously, a joint duty requirement, which has been instituted by the DNI, and all members of the Intelligence Community have agreed to accept the clearances of the originating agency when folks move from one position to a joint duty position. Polygraphs are not a particular impediment toward security clearances. They are not a big piece of the timeline. And---- Mr. Issa. Ambassador, isn't it true that we have a critical shortage of people to do polygraphs, that that, in fact, is one of the bottlenecks? I am trying to understand why it is not an impediment if we don't have enough people to administer them. Mr. Boswell. It is not an impediment in terms of the amount of time in the process. Only a few of the intelligence agencies require polygraphs. We still leave it up to the individual agencies, and only five of them--I think it is five--require a polygraph. So it is really not a substantial impediment. Mr. Issa. Okay. Maybe I am--yes, Ms. Farrell? Ms. Farrell. If I could build on what my colleagues have said, OPM has the bulk of the investigations to do; it is about 90 percent---- Mr. Issa. But you have all those Confidential and Secret clearances that, quite frankly, you know, they are pro forma almost; you know, see if the guy actually did get convicted of a felony when he said he didn't. I mean, let's go through the bulk and slim it down. We are here today primarily talking about our most sensitive access, and that is not 2 million last year. That is how many, Ms. Dillaman? Ms. Dillaman. 90,000 to 100,000 for Top Secret clearances, and a like number for the reinvestigations that we do. Mr. Issa. Right. Okay. But within your purview, 90,000 to 100,000 at TS, and then, above that, a fraction of that 90,000 to 100,000 that would be even more thorough. So we are talking about 90,000 to 100,000. I just want to make sure that we don't keep looking at 2 million. You know, as a second lieutenant, I had to have a Secret clearance. Actually, as a private, I had to get that Secret clearance. Candidly, they didn't know that much about me. Ms. Farrell. Top Secret takes longer; it costs more. And perhaps sharing clearances among the Federal agencies is not an issue, but those that are associated with the Intel Community are an issue. But it appears to us that from--for example, I mentioned our October 2007 report, where we went in and looked at, I believe it was, 54 fusion centers that are a mechanism for helping collaboration of information-sharing. It was through that work that it came to our attention that there was this reciprocity issue, especially with the DHS and the FBI, which you acknowledge you had discussions at your roundtable about, that they were unwilling to share other Federal agencies' investigations. But my point being, OPM does the investigations for Top Secret for the vast majority. Perhaps there is not an issue of transfering clearances from the Agricultural Department to Commerce. There is this issue of suitability that Mr. Johnson was explaining, and there is some overlap with security clearances. There is some duplicative effort there that could be streamlined. I believe the joint working group is working toward that, which is a good thing. But then, within the IC community, you have this issue of reciprocity. Maybe amongst them there is not an issue of going from DIA to the CIA, but there is this issue of someone outside the community coming in with a clearance. We haven't done work specifically looking at the Intelligence Community, but we have a little insight from the October 2007 work that I mentioned. Mr. Issa. Okay. Well, I think I see a pattern that--I want to, sort of--I am going to bifurcate a little bit of the community versus all others, because it appears as though we are heading down that road. Mr. Johnson. What road? I am sorry. Mr. Issa. The road of--basically, there is the IC community's real, core clearances, and then there is all others. I mean, that is becoming pretty evident, that it is not about what level of clearance, it is about who gave you the clearance. I mean, I think even though you are disagreeing on this, you are agreeing in a sense. And let me just give you the example. ``Factors used to determine eligibility for security clearances''--this is saying it is a clearance: Allegiance to the United States, foreign influence, foreign preference, sexual behavior, personal conduct, financial considerations, alcohol consumption, drug involvement, psychological conditions, criminal conduct, handling protected information, outside activities--I guess that would be soccer and so on--and use of information technology systems. Stamp collecting, exactly. Clearly not a Californian. Now, the question is, are these actually eligibility for security clearance, or do these get down that nonreciprocity side, that it is okay to give you a TS with a drug background, just not a TS for DEA? Is that what we are really talking about? Even though they are printed on a document that actually gets attached when somebody gets rejected, that, in fact, we are mixing the two. Does Congress need to understand clearly the difference between you can see the information and you can have access to where you might be able to generate or pass on differently? Is that what we are talking about here? Because I would like to understand that in addition to the two communities, if you will, of clearances. Ms. Farrell. Ms. Farrell. Those guidelines I believe you were citing is what the adjudicator looks at to determine the eligibility. And, again, I think the issue here is who is doing the investigation and the quality of the investigation, which has Federal guidelines that the investigators should adhere to in terms of conducting the investigation--you know, doing the background check, the financial check, their social check, employment, education. They put the package together, and then those other guidelines you referred to are used by the agency or the adjudicator to determine that person's eligibility for that Top Secret clearance. Mr. Issa. But it is not for the Top Secret clearance, as it turns out. Some of this is for do you get the job or not. You have been offered a job, in this case, at the CIA. But when they go through this, the truth is, if you were working for DOD, you might get your Top Secret, but you are not going to get it for the CIA, because, in the case of the rejection here--it was cited by Elizabeth York, so I am assuming this is completely unclassified, since it was sent through ordinary mail with no designation at a center in Maryland. ``During your security testing session, October 2005 to January 2006, you noted on two occasions that you had direct contact with officials of foreign government, including two non-U.S. ambassadors and a foreign minister.'' This is part of the fact that this person is being told they can't do it. Now, the fact that this person was an employee of the Department of Energy in an unclassified environment, that this person, in fact, is multilingual and an Oxford graduate--by the way, they also note her attendance at Oxford as a period of time outside the country in her rejection. When we are looking at a system that--Ms. Dillaman, you are doing a great job of making it digital--when we are looking at a system in which somebody applies and it turns out that exactly when the DNI is basically being confirmed, in December of 2005, as we are saying we want to bring in Arabs and Muslims, we add a directive, which the language of the directive is cited right here, that actually says that foreign contact is going to be a limiting factor in getting it--it should be a consideration for a limiting factor. So if you have family and friends overseas, you are not going to get the clearance, while we tell people, Arabs and Muslims, that already speak the language, we want them. You don't speak the language fluently without contacts in the community that, if you don't have contacts over there, they are going to have contacts. So before we go on to some of the wonderful work being done digitizing stuff, how do we get past this impasse when, in fact, we are taking Oxford grads, law students who happen to be fluent in Arabic and Spanish and, oh, by the way, can talk to a foreign minister in their native tongue at a 3/3 level, how do we reject these people and cite that they had those very contacts overtly? Yes, Ms. Farrell? Ms. Farrell. I hope that the reform committee is looking at that, because you keep talking about GAO's reports going back years. I know that they went back at least until 1974, before I started at GAO. Mr. Issa. Before you graduated high school, for goodness' sake. Ms. Farrell. That is in my background investigation. But we have had these issues of quality and incompleteness in 1999, 2001, 2006, and we are getting ready to go in and look again and see what it is. We have talked about the need for a massive overhaul of this system, which is what the reform committee is trying to do. We would hope to see, in their revised plan, one of the issues that you are bringing up: Are they going to look at the policies and update them or amend some, eliminate them, in order to bring them up and into, quite frankly, the 21st century so that it can take into account individuals that would be acceptable today that wouldn't have been acceptable perhaps during the Cold War? Mr. Issa. Yeah. I guess, great question. Are you? Mr. Johnson. Am I what? Sorry. Mr. Issa. Are you going to look at these factors? Are you going to make these differences a part of the restructuring? Or are we gong to rely on a directive that came out of 2005, where we say we want to recruit and then, by the way, we are making it almost impossible to succeed. We get the applications and then we reject them at a high level. Yes, Mr. Ambassador? Mr. Boswell. As you noted in your opening statement, Mr. Issa, the DNI has made it a priority to facilitate bringing heritage Americans---- Mr. Issa. A priority publicly, and a directive that makes it much more difficult privately. Mr. Boswell. We had a tough time during the DNI's Senate confirmation hearing, because one member of the panel brought up an example of a job application within the IC that basically said, if you have a foreign-born parent or immediate family member, don't even bother to apply. That was an error, of course. It has never been the standard that it prohibits employment in the Intelligence Community. But what is changing--and it is not final yet--but what is changing is that, in the past, having an immediate family member that was a heritage American, to bring that person on board required a waiver. And the mere existence of that requirement discouraged people from applying. The DNI is going to change that policy--it is in the final stages of interagency coordination--to eliminate that waiver requirement. The standard will remain tests of loyalty to the United States, but the waiver requirement will be gone. Mr. Issa. Okay. Because we want to alternate here, I would appreciate if, actually in a classified response, we could get, item by item, changes that you are going to make so that we have a better understanding. Because the committee, at least the Chairwoman and myself, both have substantial foreign contacts and/or--well, we meet with foreign heads of state all the time when we travel. But also, we both have family and influence that go directly back, oddly enough, both to the Middle East. So, you know, it is a deep concern that we are the people who are trying to make sure America is safe, while in fact we are going to take people just as loyal as the Chairwoman or myself and potentially exclude them. We don't have that luxury. There just aren't enough people who understand or have the ability to get a jumpstart on our Middle East needs. And that is our biggest problem, is the pool is pretty small to then cut off, as you said, arbitrarily. One last question, and then I am very much have used all my time. The differences between--and we will just use the CIA as an umbrella for an agency or the NSA and all other clearances, I am detecting a lot. Let me ask you a real question, because we talked about the two databases--one that is broad but not deep, one that is deep but not available. When we did our reform, should we potentially have said that there are two tiers of this reform, one tier for the vast majority and one tier for the most sensitive, and that, in fact, each had to have harmony? And I noted, Ms. Farrell, you said 47 percent of DOD applications were incomplete but approved. Ms. Farrell. 47 out of 50 cases. Mr. Issa. Oh, 47 out of 50, so twice the percentage. Well, the CIA often rejects because you didn't give them one fact of one foreign contact, even though you gave them half a dozen or a dozen. You just missed one. So the standards are so different in who gets the job. I will ask each of you--and you can respond here and further, obviously, behind closed doors--did we err and should we, in fact, be looking at two levels of sensitivity, so that the vast majority of clearances, including Top Secret, are done? And then, if you will, we will call it the compartmented mentality, that the next level is a matter of DEA, NSA, CIA and others saying, okay, for sensitive beyond, let's say, base TS, we are going to have another umbrella of harmonization. I don't have a problem with there being two databases. I have a problem that if I have the need to know, those two databases aren't equally accessible. I have a problem not with TSs not being equally run around. I have a problem that at a given level it is not clear that they can move around. And I have no problem at all, as a second lieutenant with a Secret clearance, being told it only goes so far. But, at some point, our most sensitive information being available to somebody, we need to have that. Can you respond to that? I know it is a broad question, but it goes to the core of do we need to take further action? Ms. Farrell. Well, I think---- Mr. Issa. Thank you for your courage. Mr. Johnson. We are all for further action. I am not sure I understand the question. Mr. Issa. Well, it doesn't appear as though you are going to get to, if you will, a one-paper process at the most sensitive level unless we segregate it from the vast majority of others. It looks like Ms. Dillaman has high confidence--Ms. Farrell, you seem to have high confidence--that we can get 1.8 million approvals done, and most of those will have great reciprocity, great capability. It just isn't going to work at the agency or at the CIA, it is not going to work at the NSA, it is not going to work at the NSC. I mean, I think---- Mr. Johnson. Ambassador Boswell said it is working. I don't understand--you pointed to one example that, by the way, is over 2 years old, if I understood the dates correctly, before Mike McConnell was put in as the DNI and has adopted these policies and initiated these reforms. Mr. Issa. That was the start. The end is much more current. Mr. Johnson. Okay, well, I misunderstood. But I think Eric said that there is reciprocity with the intelligence community. Mr. Issa. So I can get a clearance at the TS level, X, Y, Z, that goes through, let's say, for DOD. And I get up from DOD as somebody working in the Deputy Assistant Secretary's Office for ``Blank,'' and I can be on the Pak-Afghan border the next day and have no problem being read in to the most sensitive counterintelligence if that is the same level? No. We don't have that ability. So, you know---- Mr. Johnson. For all the right reasons. Mr. Boswell. But, sir, I think what you are getting at is the question that the Chairwoman also mentioned, which is that the existence of a database and the ability to move information across from one agency to another. And the problem, of course, as Kathy Dillaman mentioned as well, that one database is classified and the rest are not. Well, we are looking for--the intention is a unitary system to address exactly the questions that you raised. That is the intention of the Joint Team, and we hope to get there. Mr. Johnson. Let me make one comment about---- Mr. Issa. You seem to have a different opinion, and I am going to ask you to make the last--and then yield back my time. Chairwoman Eshoo. You don't have any time to yield back. Mr. Issa. I know I don't. Ms. Dillaman. If I may? Chairwoman Eshoo. But I appreciate--I want this to be free- flowing, because there is a lot of questioning. Ms. Dillaman. There is a very broad base of need across government, some classified, some unclassified. There is absolutely no restriction on the classified world having access to our information; it is only the reverse. And so, for that population that stays outside of that classified arena and moves around, the system supports it well. For the classified world, who needs to draw from the unclassified, that system will support it well. And for the limited number that may move out of the Intelligence Community into the nonclassified world, there is a delayed process. But I believe, even then, with the information-sharing progress we are making, that will not be excessive. And so we have cut down the risk of individuals being stalled in that fluid movement around government significantly, not to the ideal state you just described, but certainly to the point where every possible user in government has access and isn't hampered because they themselves aren't working inside the classified world. Mr. Issa. Thank you. Mr. Johnson. Mr. Issa, can I make one quick point---- Mr. Issa. Talk to the Chair. Mr. Johnson [continuing]. That addresses this issue? If you move from, like, an under secretary at DOD to, all of the sudden, now you are in Pakistan or Iraq or something, doing intelligence work--I spent a couple, 3 hours with John out at NSA. And this gets to the issue of what this community is trying to do, which is move from risk aversion to risk management, which is a general concept we talk about, where we have somebody who is Iraqi or Pakistani, and if they are working on something over here that is domestic, high-level, very top-secret, whatever, their being Pakistani or Iraqi may not be an issue. But, all of a sudden, if they are working at NSA on Iraqi or Pakistani issues, they may be listening to conversations by relatives of theirs. So there is a security management issue there that has to be addressed. And what NSA is doing, for instance, is you manage the risk; you don't say, yes, you can do this, no, you don't. What is the risk, and how can we manage it? So, for instance, maybe you put them in a separate facility, or maybe you put them here, or maybe you put some controls, or maybe you do some extra quality control. In general, now, we are talking about more emphasis on reinvestigations, be it Secret or Top Secret, throughout this whole process, what changes the overall approach to this, risk management versus risk aversion. The original security clearance thing, which is 50-plus years old, is a risk-aversion process. We want all to go, I think, by and large, to a risk- management process. Risk management gets us into--and this is the NSA example-- into being able to hire the foreign speakers. So even though there are significant risks, you don't say, ``Ooh, there is a little risk.'' No, there is some little risk, let's find out a way to manage it, because this person wants to do a good job, we need to have that job, we need their language skills, let's do it. There is a really strong commitment within the IC to do that. It was something that was irrelevant. It was an irrelevant issue 5 or 10 years ago. It is highly relevant now. And my impression is and firsthand knowledge of it, albeit sparse, is they are doing a very aggressive, good job of managing those risks, not saying no to all those people with foreign relatives. Chairwoman Eshoo. All right. I would like to thank you, Mr. Issa. Good line of questioning. Mr. Holt. Mr. Holt. Thank you, Madam Chair. Thanks for holding these hearings. I thank the witnesses for coming. Let me pursue two lines of questioning. And forgive me, I was out of the room for part of the time. I may have missed this. But it wouldn't hurt to summarize it for me and for the record, if you have already talked about this. Maybe this goes particularly to Ms. Dillaman, but to anyone: What is the limit? Okay, so we have cut the time down to maybe a few months for Secret and Top Secret. Doing it the way we are doing it, and digitizing it as necessary, asking the questions we are asking, collecting the information we are collecting, what is the limit? What will be the shortest time for a TS? What will be the shortest time for an S, a Secret? Ms. Dillaman. Sir, the process relies on the voluntary cooperation of tens of thousands of different sources of information--the public. Mr. Holt. So that means you have good data, you have good statistics. Ms. Dillaman. We do, yes. Mr. Holt. So using those good statistics, what will it be? Ms. Dillaman. It can be as little, for some individuals, as 15 days. It can be as long, for some individuals, as 15 months. Mr. Holt. Because you have good statistics--because there are thousands and thousands and thousands of these that you are doing, you can get very good statistics. So what will the median be, the median time? Half the people will take longer than that, half the people will take shorter than that. Mr. Johnson. In what time frame? I mean, when? A year from now? Five years from now? Mr. Holt. If you can do everything you want to do, digitize it and so forth, what is the best we will achieve on a steady- state basis? Ms. Dillaman. Today, we are at 80 percent, averaging in the low 60 days. But the Top Secrets take longer because of the information we are collecting. I believe that if there are not significant reforms in the way information is shared around government, we can make some more improvements. But all improvements related to just having enough people to do the job we have realized. We have enough people---- Mr. Holt. So by so-called streamlining, you think that we are approaching the asymptote here, to speak mathematically. In other words, you just won't reduce the median time much more. Ms. Dillaman. I think there are still some---- Mr. Holt. By digital fingerprints and using the Internet and, everything we can do? Ms. Dillaman. I think there are additional improvements, but it is going to rely on other systems outside of our immediate control to also have reform brought to them. Let me give you an example, sir. Every investigation requires that I obtain the FBI's records. And if the FBI is incapable of providing all of their records timely--and they provide most of their records timely, but not all--then those investigations where I can have all of the rest of the work done but I need to wait for the FBI to provide their essential information won't be completed until that final piece. For an individual, if I need to do a subject interview to resolve issues and that individual is deployed to a war zone, I have to wait until I have access to that individual. So there are factors that can delay specific investigations. But on the flip side of that, out of the 580,000 that we did, 145,000 of them were done in less than 45 days; some of them in less than 30 days. Mr. Holt. What I would ask is, did you actually look at the median, that is a meaningful number, half to longer, half toward shorter, and find out what that is? And if it means going to the FBI and asking how much more can they shorten their process. The median: Now some will take longer and some will take shorter, but the median. Have they reached their limit? Have they come to the asymptote? And there is not going to be much improvement. Ms. Dillaman. That is what we have been doing over the last 2 years is working with every one of these. There are 26,000 local law enforcement agencies that I rely on, 50 State records systems, dozens of Federal records systems, and every one of those has to be fine-tuned to be responsive. And I also need to get the cooperation and responsiveness of the citizens that have to be interviewed. I can't just demand that they shut down and stop and talk to me. I work around their schedules as well. So you are right, there is a limit for how far we can cut the time on this to the point where we have been so aggressive that we cut off the very information that is essential to us. And it is finding that delicate balance. There is more to be gotten out of this. There are further improvements. And if today is 63 days, whether that improvement is down to 40 days or 38 days is yet to be determined. It depends on just how much reform we can bring. Mr. Holt. How will that be determined? It is a question we need to ask and that we really need an answer to. We shouldn't be flogging people in the government to be getting it down to 20 days when the best we are ever going to do is 40 days. So if OPM can't go to the FBI and get that information for what is the best for FBI--maybe we need the DNI to go to the FBI and get--if one of your necessary ingredients is this FBI check, and it currently takes 71 days, or whatever it is, for Top Secret, you need to know and we need to know what is the best they can do. Mr. Johnson. If we--this is grossly overgeneralized but if we wanted to digitize every FBI record, we could get access to every FBI fact about somebody in seconds, a day. I bet we would decide we don't want to do that. The cost of doing that, the time, the--I am not sure we would want to do that. I mean, so that is not likely to happen, but an example of what could happen that would take something that takes 30 days and now to get it down to seconds. The reform effort, there is a transformation effort under way, led by Defense Department, the ODNI and OPM, looking at all the things we can do to transform the system, not small incremental changes, but all the kinds of issues that have been addressed; and they have been charged by the President to start coming forward, starting on April 30, with what do they know now we should be adopting to transform the system. And then as soon as they have other recommendations they want to make that can be validated as being worthwhile and worth cost, being a good relationship to benefit, they come forward as quickly after April 30 as they have something they want to recommend to the President. This is being done on a very aggressive time frame to look at, how quickly can this be done? Not ideally, but what should this system, this desired different way of doing this, what should it look like? And what is the implementation plan? And some of these things we can do in months or a year or so, and they can start having an impact. And some of them, like going totally paperless, will take more money and some more time, or significantly more time. It is not going to be done in months, it is going to be done in years to do it. But we are in the process. There is a formal effort to address all the things that can be done, and as a part of that, try to quantify the impact it will have on the process. So you add up all the impacts, and that is how quickly might it be done. Mr. Holt. And who is responsible for quantifying that? Where is that being done? Mr. Johnson. The reform team, which is led by John Fitzpatrick and Beth McGrath here, that is answerable to the champions, which is DOD, ODNI, and OPM with a little orchestration from me. When they recommend something, it is, Here is what is suggested to us. Why is it valid? It is a worthwhile change to recommend to you, Mr. President; and here's the benefit and here's the cost of doing it. So that team, as a part of their evaluation, will come forward with their assessments. Mr. Boswell. Can I add to that, sir? Clay referred to the deadline of April 30. The reform team will have an acquisition strategy developed by April to be folded into it. The acquisition strategy will determine the cost and the implementation time lines the best we can. And we will also look for low-hanging fruit, near-term improvements as well as the long-term improvements. Mr. Holt. I would urge, plead, whatever, that we make it quantitative. When you have got this many people, you have good data, or you should have good data. You can get good data. Mr. Johnson. We have got fantastic data. Mr. Holt. And, therefore, it really should be quantitative, and you should know from an engineering operations point of view what the critical path is, what are the limiting time periods; if changes were made in those critical limiters, what would then become the limiting time period, and what is the median time there and how much can that median be shortened. You should be able to quantify it. I hope that is what you are doing. Ms. Dillaman. Sir, if I may, because I live and breathe data, with the amount of work that we do, we track this down to a source level. And we have, since the clearance reform team was formed under OMB, we have provided full transparency to how long every aspect of an--not only how long they take, but how effective they are, how many times they net out the results that have to be considered. Two short years ago, the average time for a Top Secret clearance was in excess of a year; the average time for a Secret Confidential was in excess of 6 months. And bringing the change to this and reform to this and watching it week in and week out incrementally go down, while the inventory of pending investigations dropped, meant we have to stay on top of data. Mr. Holt. But, of course, you get smaller and smaller marginal returns with more and more investment of money. And at some point it is going to level off at an asymptote. We need to know what that is, and for each of the ingredients as well as the total process. Now let me turn to the bigger question, which is the more important question. We may be streamlining a fallacious process. Again, when I have asked this question to people before, I have not been satisfied with the answer, and I would like to push it a little bit more. How do we know that we are asking the right questions, that we are making the right determinations, that the process has any legitimacy? I must say I get on to this line of questioning because I have been convinced for many years that polygraphs, for example, are pseudoscience, bogus, just bogus; and yet, I know various agencies rely on it. Yes, you can use it to scare the daylights out of people, and maybe they will come forward with something. That is not science. But it makes me question whether the process is what it should be. So who is asking the questions? In fact, GAO said we need better metrics and, in fact, in GAO's words, we need better measures of clearance quality, which I take to mean, we are asking not just what are internal quality controls, but we are also asking, have we cleared--have we rejected the people who should be rejected, and have we cleared the people who should be cleared? Have we avoided false positives? Have we avoided false negatives? How are we determining that? And we know there have been some false positives. They go by the names of Ames, and you know the list, and maybe there are a lot of others we don't know. And I happen to know some false negatives, constituents and others who have been rejected, I am pretty convinced, unfairly, unreasonably, illogically, or fallaciously. So however we streamline the process, I hope somebody is asking how we quantify, whether we are doing the right thing. Ms. Farrell, since GAO addressed this, maybe I should start with you. Ms. Farrell. Thank you for bringing that up, because our concern is the quality of the investigations. The numbers are going in the right direction for timeliness, and the agencies should be commended for that; OMB should be commended for their commitment and their strong leadership. As I noted earlier, everyone here wants to make it better, but our concern is that we may have a product that has a quick turnaround but is of poor quality. And it does no good to do something better and still end up with a product that doesn't meet the standards that you want. Our concern is that we haven't seen metrics, and we haven't seen quality built into the investigations and the adjudication process. The one metric that has been cited, that of returning investigations--that is one of six phases of this process, just one aspect of six phases--so there are more metrics that could be built into not only the investigative phase, but the appeals process, the application, all six phases. Mr. Holt. Who should be responsible for building those in? Where should it rest? Should it be this general group? Should it be the DNI or the Secretary of Defense themselves? How can we be sure this is going to be done or is being done now? Ms. Farrell. You have a number of things going on simultaneously. So the answer right now is, multiple players should be doing this. Mr. Holt. And is that bad? I mean, part of the security clearance that we see is more uniformity, more consolidation. That may or may not be good. Should this be question about whether the process is even right, whether it is fallacious or not, should that also be centralized, or should that be decentralized? Ms. Farrell. Right now, we have multiple processes, and we are trying to move to a process that would have a common framework that we share. The issue is, in the long term, will it be shared by not only the OPM investigators, but those that are doing investigations for the IC community as well. Right now, we hope that OPM has taken action on some of our recommendations to build in quality control measures for the situation that is today. We also hope that the reform committee will be looking ahead. And, as part of their strategic thinking--again, it is going back to, if you are going to overhaul a system that has been in place for decades, you probably need new policies and new procedures; and this is an opportunity to make sure that quality is built in to all the phases of that uniform process. Mr. Holt. Thank you. Mr. Johnson seems eager to speak. We have a vote on the floor. I am delighted to see the Chair is back. Mr. Johnson. While you are here, let me make a very strong statement. We do not have a quality--a security clearance quality problem in the Federal Government. Mr. Holt. How do we know? Mr. Johnson. No bill has been passed. There has been no evidence that we are issuing---- Mr. Holt. Absence of evidence is not evidence of absence. Mr. Johnson. I appreciate your conversations here and statements about the math of all this, but let me address something here. The issue, the primary issue--by far, the primary issue--is not that we are giving clearances to people that shouldn't have them or that we are occasionally depriving the people that should get them. There are appeals processes that people are allowed to go through if they believe they are unjustly denied clearance. We have--what we have here and what the IRTPA attempted to challenge the Federal Government, and I believe we are rising to that challenge--is a timeliness issue, far and away, orders of magnitude, that difference. That is the issue. On the issue of what is central and what is decentralized, we are centralizing, we have centralized the investigative matter. The adjudication is decentralized now. It is by agency. The responsibility for deciding who should get a clearance and who should come to work at an agency needs to be that agency's responsibility, because each one of their missions is different and they need to look at what are the specifics. So there is not centralized adjudication, there is decentralized adjudication. There needs to be consistency of training and expertise and so forth, but how they weigh the factors should be, and is, agency-specific. Chairwoman Eshoo. Thank you. Let me try to pick up where we left off when I had to go over to the Capitol to vote. It seems to me that--in a nutshell, that the IC community is dealing with reciprocity and that the rest of the system is dealing with timeliness. Do you agree with that, or is that too--is that too much shorthand? Mr. Boswell. The IC has a timeliness issue, too. We are in pretty good shape in terms of the 2006 timelines. But we are not in good shape in terms of the 2009 timelines, and that is why we need a transformed system. Chairwoman Eshoo. I think that Mr. Issa's line of questioning was helpful. And I can't help but think of the word ``jointness'' in all of this, because the legislation that the Congress put forward really was, I think, at the heart of it. And there are many manifestations of that, is that--that is our goal, is jointness. I understand that the needs of the Intelligence Community vary and differ in some ways--not in all ways, but in some ways--from the rest of the system. And, as he said, maybe there should be two different systems. I don't know; I think that we still have to probe on that. But I think that there are many parts of this in terms of security clearance that are shared across the government. So how we achieve the jointness that the Congress directed, I guess is the question, and how we measure that. And I know Ms. Farrell in her testimony--and then your summary, you talked about metrics. So I want to examine the issue of metrics. But first, let me ask you, Ms. Dillaman, does OPM conduct any clearances for the Intelligence Community contractors? Ms. Dillaman. Only those that would be considered under the Department of Defense. Yes. So we do all of the work for Department of Defense and for industry. Chairwoman Eshoo. You do? Ms. Dillaman. Yes, ma'am. Chairwoman Eshoo. Do you provide any assistance to contractors of prospective employees to navigate the clearance process? Or is that something that those that are seeking them are on their own to do? Ms. Dillaman. That belongs to the clearance granting agency themselves, in this case, Department of Defense. Chairwoman Eshoo. They do? Ms. Dillaman. Yes, ma'am. And the initial application process is an OPM-developed application process. So all of the online collection of information, and all the assistance, and tools that go with that, was developed by my agency. Chairwoman Eshoo. Now, let me get to Ms. Farrell and the whole issue of metrics. What, in your work and how your work has instructed you, should the DNI use to validate the entire team's results? Ms. Farrell. I am going to go back to quality because-- although I mentioned four factors in the statement-- requirements, quality, quality measures, and long-term funding costs--because you are going to need money and people to carry out the reforms, but we would hope that quality would be built in to the process. Timeliness is an issue. We have heard that not only is it an issue with the DOD agencies, but it is an issue, as well, in the Intelligence Community. But the quality metrics that we would be looking for would be the completeness of the investigations and the adjudication reports, or the training. And that has come up, that these adjudicators are working for the multiple agencies that have multiple processes carrying out the eligibility function. So one metric would be looking at the number of training hours, the course content. Is it meeting the needs of that training community, especially for a new system that is being put in place? Other metrics could include surveys of the affected people, the adjudicators and the investigators, how well they think the process is working, as well as building in other internal controls for fraud, waste, and abuse, making sure that there is independence in the system to oversee and that there is no harm done. Chairwoman Eshoo. Do you agree with that description? And to the extent that these are the observations of the GAO, are they built into your work? Mr. Boswell. I think an end-to-end enterprise system will have a much better way to measure the kinds of things that GAO---- Chairwoman Eshoo. Do you agree with the specifics of the metrics? Mr. Boswell. I agree with what Mr. Johnson said, which is that the issue at hand here is less the quality--we are confident in the security clearances that we are providing. We are confident in the quality of that system. What we are working on is the timeliness of the system. Chairwoman Eshoo. So do you agree or disagree with what Ms. Farrell said about these metrics? I mean, if you disagree, it is all right. Mr. Johnson. I disagree. Chairwoman Eshoo. Tell us why. Mr. Johnson. The majority of the metrics she talks about are input metrics. And if you are implementing something, we look at training, we look at what the industry thinks of--we poll the industry on a regular basis, frequent, ongoing basis on how--they are a customer--how they view the process, the timeliness, quality, customer service, and so forth. Chairwoman Eshoo. We have done that in roundtable meetings, and they are not very pleased. Mr. Johnson. They are not. And that is the point. Their understanding, their perception is different than the reality in terms of timeliness; and so we need to make sure it tells us---- Chairwoman Eshoo. What does that mean, ``their perception is different'' than yours? Mr. Johnson. They say that---- Chairwoman Eshoo. Their experience is not the way they describe, the experience is not accurate? Mr. Johnson. It is what they feel. I mean, it is--their impression of the information is that times are not improving as our statistics suggest they are. And so that says we need to do a better job of working with them and getting statistics and getting a common understanding of what is going on here and what the opportunities are and what the obstacles are and so forth. So that is not something to dispose of or pay no attention to what they think. It is, we need to do a better job of linking up with industry, an even better job. And it is the agency's responsibility, in this case, with industry, DOD. Chairwoman Eshoo. I am not so sure I understand why you disagree with what Ms. Farrell said. Let me get back to that. Mr. Johnson. She talked about paying attention to training. Of course, we pay attention to training. And a part of this will be--and one of the things we started working on in 2006 was the adjudication, what consistencies and inconsistencies there are, the adjudicators, adjudicating activity across agencies, and what is the level of training and what level a person is that does the work and so forth. And there has been an ongoing effort to look at that and bring that all to be more consistent, more aligned across the agencies so there can be greater confidence in the quality of the adjudications done by all the different agencies. That is ongoing. But that is an input; you can do all that and still have bad adjudications. But nobody feels, nobody has said yet that we are granting clearances to people that shouldn't have them. Chairwoman Eshoo. Let me just go to Ms. Farrell. Is that what you intended as you came up with the metric, that there are people that are getting, receiving security clearances that shouldn't? Ms. Farrell. We don't know. I think the answer to that is, you don't know. Because the last time we went in and looked at the 50 top secret cases, 47 of them had incomplete information that were related to residence, employment, education. And I am not talking about missing ZIP Codes. For example, talk social references. There is a requirement that the investigator interview two colleagues of the applicant that the colleague has provided, and then the investigator is to develop two social references. We found cases where the investigator only relied upon the information provided by the applicant. That is what we are talking about with ``missing and incomplete.'' Also, 27 of the 50 cases had unresolved issues that hadn't been followed up. So my response to that is, we don't know. They don't know because of missing information. It is alarming when you look at the numbers in terms of incomplete investigations. The focus has been on timeliness-- and that should be commended, the progress that has been made; again, the numbers are going in the right direction. But we don't want to do a product quicker and have a poor-quality product. Mr. Johnson. The commitment in everything--we want to go quicker with no diminution in quality. So there is no effort, there is no inattention to quality here. But with reference to employees that have gone bad, and Director McConnell talks about there are 128-or-something spy cases in the last whatever period of time. I think all of them, if I am not misunderstanding it, went bad after they got here, and 124 of them---- Chairwoman Eshoo. That is a whole other area. Mr. Johnson. That gets into the risk management and the continuous reinvestigation. The suggestion was, because of the 128 people, that suggests that we are missing some people as they came in. They were--there was not risk when they were brought in. It is a risk management, it is management of risk and attention to-- greater attention to their behavior after they are here. I do not believe that there is evidence that we have a quality issue that we need to categorically address. We are firmly committed to quality of investigations, quality of---- Chairwoman Eshoo. I don't think there is lack of commitment in this. I think that you all are struggling to turn, the equivalent to me of a trying to make a huge cruise ship--trying to make a U-turn in a small bay. This is--we are dealing with a system that is very old and was set up to produce different outcomes at a different time. And I think it, you know, is characteristic of so many other efforts since--most frankly, since our country was attacked. And so I don't think that is--I don't doubt commitment from any of you. I think that you are all superbly committed. It is a matter of drilling down and seeing if, in fact, the directives of the legislation have been met; where there are shortcomings, that we work harder to correct them. I know, Ms. Dillaman, you wanted to say something. Ms. Dillaman. Thank you, ma'am. And with all due respect to my colleague from GAO, I also think we need to put this in context. When GAO looked at investigations, they looked at investigations conducted during the period of time when the Department of Defense investigations program was transferred to OPM--investigations, in fact, that were reviewed, started under DOD's leadership. Now, that is not pointing fingers. That is to say that the two agencies had different standards applied to how investigations were conducted. One of the major benefits of combining the programs was uniformity, and we immediately did launch a massive training effort to get everybody, contractors and Federal employees alike, working toward the same standards; revised a standard, one standard handbook. And so the outcome of that merger effort is a more uniform program where the investigative standards are implied. There is work that needs to be done on the investigative standards, too, because when they were first drafted, it was almost a like a punch list. You would talk to two neighbors. Whether two neighbors were to know this individual or not, you had to talk to two neighbors. And in today's transient world, there are people whose neighbors know nothing about them, and they may not be the right source to testify to someone's character. Chairwoman Eshoo. We have already covered that ground in the subcommittee, and there have been references made by other members, by members of the full committee as well. On this issue of quality, I think it would be helpful if there were objective measures to prove that there is quality; and that is not picking on an agency or to say that the things that you are working on are not important. But it is very important to have yardsticks by which we measure these things. I think that every single one of us is for quality. Nobody is going to doubt that or question that; and I am not going to question that with any of you. It would increase confidence, I think, here if in fact there were---- Mr. Johnson. I don't think asking what investigators think of the process is an important quality measure. One of the metrics opposed by GAO is to ask on an ongoing basis what the investigators or adjudicators think of the process. I don't believe that is a good quality measure. Mr. Issa. Why? Why wouldn't you think that was important? Mr. Johnson. Because I don't think what their impressions are of the system have anything to do with whether it is a quality product. Chairwoman Eshoo. Well, you just talked about impressions of the contractor community. Why are impressions from one community okay and from another part of the community are not? I sense that there are some tensions between what GAO's recommendations---- Mr. Johnson. I am not a big fan of GAO using 2-year-old data to talk about the absence of quality in the process. Chairwoman Eshoo. Do you sit down and talk to each other? Mr. Johnson. All the time. Chairwoman Eshoo. And you can't get this worked out? Mr. Johnson. I have communicated very clearly that I believe a lot of their data they refer to---- Chairwoman Eshoo. How flexible are you? I think more than anything else it is--look, if there is anyone that understands jurisdictions and how people fight over them, Congress is the best case. Mr. Johnson. GAO loves the management part of OMB, and we work very closely with GAO. And--we have our differences of opinion, and I don't believe that measuring inputs or using 2- year-old data is the way to measure quality. Chairwoman Eshoo. I would be happy to yield. Mr. Issa. You did your study 2 years after you said, Let's make a change, and you are complaining that it is 2 years old. My question is, 2 years after Congress acted, these are the results you have. So they are valid 2 years after Congress empowered the administration to make a change. And, quite frankly, Mr. Johnson, you have been with the administration long enough to know that this administration, for which I personally voted and support--but this administration has been here 7 years; so we are going to be looking back at year 2, 3, 4, 5, and 6 of this administration, well into the next administration. The question is, was it valid at the time Ms. Farrell did the study? And what has been changed, that the two of you can agree on, has been changed since that time? That is what we want to know. Mr. Johnson. Let me answer your question. The time period, if I am understanding correctly, for the 50 cases she talks about, was December and January of 2005 and 2006; that is when the reform effort began. And the investigation, the study was of cases--as Kathy said, of cases that were investigated by DOD, not by OPM. So it is pre-reform; it was an analysis of the pre-reform situation. The before, not the after. And there is not an assessment that is current or of the reform where, after the responsibilities were changed. Mr. Issa. By the way, we are only here on 2-year terms. So we are kind of funny about 2 years seeming like an eternity. Ms. Farrell. We are presenting the facts for you to do with as you wish. The sample in question was taken in January and February 2006. At the end of that calendar year is when, by law, you were wanting the IRTPA requirement to begin with its milestones. The 50 cases that we looked at were cases that OPM investigated. Keep in mind that OPM had had 2 years to plan for the transfer from DOD's investigation service to them, so we are pretty sure that those cases are OPM's. I have talked to the staff, and they do not remember any of those cases belonging to the DOD investigators; they had already transferred. And, again, OPM let these go through their quality assurance program. So what were their quality standards? Even if they inherited them--and I am not saying that they did, but if they inherited them, what quality procedures were in place to keep them from slipping through? And that is what is lacking, it is the quality procedures. We believe in measurements of goals in order to determine where you are going. OMB has led the government in such measurements. The ones that we suggested are suggestions. We think those would be good. There are more metrics that could be done. We would hope that the current reform committee would consider this issue of quality and build quality in, as well as timeliness for the future. Chairwoman Eshoo. I just have a couple of more questions and then we will go back to Mr. Issa. And I don't think that Mr. Holt is going to be able to come back, so I think we will start winding down. But it has been most helpful. Now, in the legislation, there was a mandate that the President designate a single agency to direct the day-to-day oversight for investigations and adjudications for personnel security clearances. My question is, who did the President designate under the act? And do they actually maintain day-to-day oversight? Mr. Johnson. The President designated OMB. And I was designated. Chairwoman Eshoo. So you are the point person. Now, why do some intelligence agencies still conduct their own investigations and adjudications? We have kind of gone around that, but so it is---- Mr. Johnson. How I will answer that is the following: Particularly in the Intelligence Community, the investigation, the clearance investigation, is one and the same with the suitability investigation, and---- Chairwoman Eshoo. So clearance and suitability are shared across the government? Mr. Johnson. No. In Intelligence Community it is super critical of those. That is one and the same: Do they get the clearance and are they suitable for employment? It is pretty much the same issue, but they are less one in the Interior Department, for instance. And that is a gross overgeneralization. But also, the feeling was, it was being done on a reasonably timely basis already in the Intelligence Community. And so does the Intelligence Community continue to do their investigations and their adjudications, while we focused on reforming where there were timeliness issues, which was the primary issue, and that was outside the Intelligence Community? Chairwoman Eshoo. My sense in the kind of collective testimony today is that you all have essentially placed your pedal to the metal on timeliness. And that is important, timeliness. There is no one that is going to question or suggest that being untimely is okay. It is not. But I think that there are other issues to be dealt with here. That is my sense, and I think that some of the testimony points to that. So, again, is there, in your view, a necessity to have some intelligence agencies conduct their own investigations and adjudications? I mean, is that---- Mr. Johnson. They do it now. Chairwoman Eshoo. I know that they do. Mr. Johnson. Or are you saying, should we change that? Chairwoman Eshoo. Yes. Mr. Johnson. I don't know of a reason to change that. Mr. Boswell. I certainly agree with that in spades. And just to emphasize a point that was made: A condition of employment in, for example, CIA is that everyone is cleared at the Top Secret and has SCI access. That is very different from what it is in most other organizations. Chairwoman Eshoo. So I am gathering from Mr. Johnson and Ambassador Boswell that you don't think that in terms of efficiency and other factors, it would make sense to have one agency manage all security clearances? Mr. Johnson. Do you mean, all do the investigation? Because right now, the adjudication is done by each hiring agency. Chairwoman Eshoo. I understand. Mr. Johnson. You mean, have one entity do all the investigations? Chairwoman Eshoo. One entity in charge of all security clearances. Mr. Johnson. I do not believe that there should be one agency making all adjudication and all investigation. Chairwoman Eshoo. And I appreciate that. Mr. Johnson. Because it is the responsibility of each agency. Because they are the pursuer of their mission. They are the ones that understand their mission, and they understand where there might be risk and where there may not be risk, and they are best equipped to make that adjudication. Chairwoman Eshoo. That has been a very long-held view, and that is one view. And I wanted to question about that. I can see how extraordinarily strongly you feel about it, and I am not diminishing what your view is, and it is a very strongly held one. I am going to stop there. I will go to Mr. Issa now again. Mr. Issa. Ms. Farrell, thank you very much for the work you did. I am sorry that we don't have continuous improvement in the government, that every month you don't get two or three records to look at so that--like polling data or like tracking of any organization. UPS knows every day whether they are getting better or worse, because there is some amount of quality circle every night on every part of the company. Because, by definition, they don't wait for a big study, and then when it comes out say it is 2 years old; they, in fact, do it every day. So I am sorry that we don't give you that capacity more. I would hope that as quickly as possible you could do at least a mini update on what you currently have that is now being accused of being dated, because I personally, as least as one member, have great confidence that you will find a substantial number of the same problems. I am sure there will be some improvements, but if you would look again, I think we would all benefit from it. Mr. Johnson, I am going to be less kind, perhaps, than the chairwoman. I don't like the way you are treating this committee. I think, in fact, you haven't talked to your boss. I think that, in fact, both the President, the Secretary, the DNI have all made it very clear that we want to end stovepiping. So when you say that this joint task force that is supposed to be finding a way to use clearance process reform as part of the ending of stovepiping, you don't think we are going to get there and don't think you should, I think you are out of line. When you become disingenuous on its face, when you tell me that there is no problem with reciprocity, but then of course we are going to continue to have different agencies have different fiefdoms in order to determine who is going to be fit to work there, and then we think they are going to openly let each other agency with different standards look at each other's information, which ultimately is what you say will have to happen. Now, Ms. Eshoo and I both, we travel, we have the opportunity to work with many of the people in the most sensitive areas around the world, and we do see a tremendous improvement in jointness. We see a tremendous improvement in the attitude of the operatives and the management in the Pak- Afghan border region, in other areas of interest. So I am not going to say that there isn't progress being made. I have seen it, the chairwoman has seen it. What I am saying is that the Congress was unambiguous in saying that we wanted to get to, essentially, oneness of standard, oneness of process, not levels, but process; so that, in fact, at a given level--and I appreciate what you said earlier, that not everyone that can see one document can see the other, even if they have the same level of clearance--but the quality and acceptance of each other's clearance in the process. Today, you have sort of demonstrated, and I think Ms. Farrell shook her head as much as she can, she is probably going to have to go take an Advil at the end of this thing, to say that, No, I don't think that a fair oversight of a year and a half ago, 2 years ago says that you are making that progress, and today you are not giving us the confidence that you are. Now, I want to be wrong. And I certainly am not going to lecture you and then not give you a chance to respond. But both for you and for Ambassador Boswell, I have got to tell you, I think my interpretation is that Congress wants everybody who can be cleared, be cleared to be used in the best place they can. That is part of the outreach that the DNI talked about. Two, we want to have somebody who has a need to know something to have been cleared at a level, be able to get it. And simply going from one agency's information to another is not a reason to redo the same level of security clearance. If there are different levels, fine. But as someone rises to them, and the chairwoman and I have the luxury of rising to the highest level. And, by the way, not because we would have passed your screening test under the rules, but we do have that luxury, so we get to see how important it would be for one person to see something else in order to get to the bad guys before they get to us. So I would like to hear your response on it. I do think Congress was unambiguous in saying that we envision no separate standards, no inability to port somebody from the NSA to the CIA, et cetera, based on these other factors of individuality being excluded, but not based on the documentation or the transparency of that documentation as appropriate. And I would love to hear your comments. Mr. Johnson. I don't think you would find any difference, first of all, in terms of what I am suggesting versus what the President and Mike McConnell and Secretary Gates and so on would want. I would love to have you go back, or have your staff go back through the transcript of this meeting and call me; and I will come up, and you tell me where, based on what was said here--not what was heard, but what was said here-- where I disagree with what you think the President's and Gates' and McConnell's intents are. Because I do not intend to deviate from what they have directed us to do. What we are saying by ``reciprocity'' is that all prior investigative work should be accepted. You should not have to redo somebody's investigative work simply because you want to take another look in another department about whether suitability or clearance over here equates to clearance over here. I will bet you, if you asked the Members of the House or Senate or anybody in the executive branch, senior capacity, whether your access to Top Secret information at Interior would qualify you for access to Top Secret information at CIA, you would hear a resounding ``no.'' Mr. Issa. Then the question, and the Chair--look, not all Top Secret is created equal, not all Secret might be created equal, although mostly it is sort of post-CNN usually. And as we go up the levels, I don't have a problem with you saying something is a higher level. But I do--I do disagree. If you categorize something at a given level, and there is a need to know in the course of legitimate doing of somebody's job, which in this case is finding the bad guys, which takes all these different agencies, including probably a Department of Agriculture person who is seeing some movement of something that can blow up a building or whatever, then, yes, the categorization should be consistent. That is what Congress told you all. So when you say, No, it can't, yes, you are on the record saying exactly what we think is different than what we said and what the administration said they heard. Mr. Johnson. Okay. Well, that is not what was said, sir. Mr. Boswell. Sir, I hope I didn't misunderstand what you said with your comments earlier. TS/SCI within the Intelligence Community is entirely reciprocal. I mean, there is no stovepiping. An enormous progress has been made on this. It is entirely reciprocal. You may find some cases where--you know, we all have our stories, but it is entirely reciprocal. You mentioned earlier polygraphs. A CI polygraph done by one intelligence agency is entirely accepted by any other intelligence agency. There is no repolygraphing. Mr. Issa. We are glad to hear that. We don't know that to be true at this point. So, hopefully, we are both hearing the same thing. Mr. Boswell. Likewise, a full-scope polygraph done by one agency is reciprocal to another agency. And they are accepted within the agencies that do--or the few agencies that do full- scope polygraphs. Mr. Issa. So if I am at NSA and I am short of polygraph people, CIA can help me out and it is completely going to be reciprocal? Mr. Boswell. I can tell you that the DNI, for example, in polygraphing its own people, relies on several agencies to do it. They polygraph to common standards. Mr. Issa. That is very good to hear. One last thing in closing: The 128 that was mentioned of people who have betrayed their country, the statement that they all went bad after they had the job, I think flies in the face of what this committee has heard in the classified setting about individuals who--one or more individuals, who clearly cheated to get into one agency, cheated to get into another agency, had lied throughout the process, and is currently in the news. So I would hope that that would be double-checked before it was repeated again, because I don't think we can fairly think that that person or people are outside the 128. Thank you. Chairwoman Eshoo. Thank you, Mr. Issa. Let me just ask one more question, and then I will make some brief closing comments in thanking all of you. I think this has been worthwhile. I have learned from it, and that is what hearings are for. Ambassador Boswell, you said in your testimony that there not be any diminution of quality. And I want to get back to the issue of quality, because it is so important in what we do. Can you tell us about what proposals you are validating in the team effort? How you are addressing this? What metrics you are using? Are there any? Mr. Boswell. Yes, ma'am. Chairwoman Eshoo. Give us some confidence in this. Mr. Boswell. There are a number of what we call ``demonstration projects'' that are going on. Now, they will be done in time for us to make our proposal to the President. There is a substantial degree of quality control and quality checking. These are all to validate the quality in addition to speed up the process, but to validate the quality of the new system that we hope to have in place. So quality control and attention to quality is absolutely central in this process. Chairwoman Eshoo. Well, let me thank you all for--first of all, for your service to our country. That is what we are all here for, and we can never, ever lose sight of that. Our work, our oversight, the work of the Congress is really on behalf of our country and the American people. The questions that we raise and what you do in your respective areas of the executive branch, we are partners in this. And so while some of the questions may ruffle feathers, so to speak, that is very healthy. I think it is very healthy, and I hope that you accept the questions and the observations with the highest sense of purpose that, hopefully, we have asked the questions. And so thank you to you, to all of your colleagues that are here that are not at the table testifying, for the work that you do. I want to acknowledge the work of our staff again. I can never thank them enough, because they provide the consistency of all of this, and we simply can't do the work of all of them. Mr. Ruppersberger has joined us. And I would like to invite you, even though it is the tail end of our hearing. We have completed the questions. Mr. Ruppersberger. I just want to thank you for having this hearing, because this is such an important issue for us in the Intelligence Community. You and I have been here for 5 years. And we have so many issues that we have to deal with, if we don't deal with this and get it where we need to be and pull it together--and it seems there were a lot in the past, a lot of different agencies and turf and OMB; and now we---- Chairwoman Eshoo. We have gone through some of that. Mr. Ruppersberger. It is all about the end game, doing it right. I don't need to go any farther. Chairwoman Eshoo. Thank you for coming to say that. With that, we will adjourn the hearing. Thank you. [Whereupon, at 11:38 a.m., the subcommittee was adjourned.]