Terrorist Watch List Screening: Opportunities Exist to Enhance Management Oversight, Reduce Vulnerabilities in Agency Screening Processes, and Expand Use of the List
GAO-08-110
Published: Oct 11, 2007. Publicly Released: Oct 24, 2007.
Skip to Highlights
Highlights
The Federal Bureau of Investigation's (FBI) Terrorist Screening Center (TSC) maintains a consolidated watch list of known or appropriately suspected terrorists and sends records from the list to agencies to support terrorism-related screening. Because the list is an important tool for combating terrorism, GAO examined (1) standards for including individuals on the list, (2) the outcomes of encounters with individuals on the list, (3) potential vulnerabilities and efforts to address them, and (4) actions taken to promote effective terrorism-related screening. To conduct this work, GAO reviewed documentation obtained from and interviewed officials at TSC, the FBI, the National Counterterrorism Center, the Department of Homeland Security, and other agencies that perform terrorism-related screening.
Recommendations
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Department of Homeland Security | In order to mitigate security vulnerabilities in terrorist watch list screening processes, the Secretary of Homeland Security and the Director of the FBI should assess to what extent there are vulnerabilities in the current screening processes that arise when screening agencies do not accept relevant records due to the designs of their computer systems, the extent to which these vulnerabilities pose a security risk, and what actions, if any, should be taken in response. | The Federal Bureau of Investigation's (FBI) Terrorist Screening Center (TSC) maintains a consolidated watchlist of known or suspected terrorists and sends records from the list to agencies to support terrorism-related screening. The Transportation Security Administration (TSA) uses portions of the watchlist to screen the names of passengers to identify those who may pose threats to aviation. In our October 2007 terrorist watchlist report, we recommended that the Department of Homeland Security (DHS) assess to what extent security risks exist by not screening airline passengers against more watchlist records and what actions, if any, should be taken in response. DHS generally agreed with... our recommendation but noted that increasing the number of records that air carriers used to screen passengers would expand the number of misidentifications to unjustifiable proportions without a measurable increase in security. (In general, misidentifications occur when a passenger's name is identical or similar to a name on the watchlist but the passenger is not the individual on the watchlist.) Since then, the TSA has assumed direct responsibility for this screening function from air carriers through implementation of the Secure Flight program for all flights traveling to, from, or within the United States. Secure Flight's full assumption of this function from air carriers and its use of more biographic data for screening have improved watchlist matching. This includes TSA's ability to correctly match passenger data against watchlist records to confirm if individuals match someone on the watchlist and reduce the number of misidentifications. TSA has implemented Secure Flight such that as circumstances warrant, it may expand the scope of its screening beyond the No Fly and Selectee lists to the entire terrorist watchlist. (In general, individuals on the No Fly List are to be precluded from boarding an aircraft and individuals on the Selectee List are to receive additional screening prior to boarding an aircraft.) According to the Secure Flight program's final rule, in general, Secure Flight is to compare passenger information only to the No Fly and Selectee lists because, during normal security circumstances, screening against these components of the watchlist will be satisfactory to counter the security threat. However, the rule also provides that TSA may use the larger set of "watch lists" maintained by the federal government when warranted by security considerations, such as if TSA learns that flights on a particular route may be subject to increased security risk. Also, after the attempted airline bombing in December 2009, DHS proposed and the Deputies Committee (within the Executive Office of the President) approved the Secure Flight program's expanded use of watchlist records on a routine basis to screen passengers before they board flights. In April 2011, TSA completed the transition of the Secure Flight program to conduct watchlist matching against this greater subset of watchlist records and notified air carriers that those passengers who are determined to be a match should be designated for enhanced screening prior to boarding a flight. TSA's actions fully respond to the recommendation we made in our October 2007 report.
View More |
| Federal Bureau of Investigation | In order to mitigate security vulnerabilities in terrorist watch list screening processes, the Secretary of Homeland Security and the Director of the FBI should assess to what extent there are vulnerabilities in the current screening processes that arise when screening agencies do not accept relevant records due to the designs of their computer systems, the extent to which these vulnerabilities pose a security risk, and what actions, if any, should be taken in response. | The Federal Bureau of Investigation's (FBI) Terrorist Screening Center (TSC) maintains a consolidated watchlist of known or suspected terrorists and sends records from the list to agencies to support terrorism-related screening. Screening against applicable watchlist records can occur anywhere in the nation when, for example, state or local law enforcement officers stop individuals for traffic violations or other offenses. We reported that screening agencies do not check against all watchlist records because certain records (1) may not be needed to support the respective agency's mission, (2) may not be possible due to the requirements of computer programs used to check individuals...
|
| Department of Homeland Security | To enhance the use of the consolidated terrorist watch list as a counterterrorism tool and to help ensure its effectiveness the Secretary of Homeland Security should, in consultation with the heads of other appropriate federal departments and agencies and private sector entities, develop guidelines to govern the use of watch list records to support private sector screening processes that have a substantial bearing on homeland security, as called for in Homeland Security Presidential Directive-6. | Homeland Security Presidential Directive 6 instructs the Secretary of Homeland Security to develop guidelines to govern the use of terrorist watchlist records to support private sector screening processes that have a substantial bearing on homeland security. We reported that the Department of Homeland Security (DHS) had made progress in using watchlist records to screen employees in some critical infrastructure components of the private sector, but many critical infrastructure components were not using watchlist records. The intent of the guidelines to support private sector screening was to establish basic mechanisms and rules for voluntary screening of individuals in the private sector...
|
| Department of Homeland Security | To enhance the use of the consolidated terrorist watch list as a counterterrorism tool and to help ensure its effectiveness the Secretary of Homeland Security should, in consultation with the heads of other appropriate federal departments, develop and submit to the President through the Assistant to the President for Homeland Security and Counterterrorism an updated strategy for a coordinated and comprehensive approach to terrorist-related screening as called for in Homeland Security Presidential Directive-11 (HSPD-11), which among other things, (a) identifies all appropriate screening opportunities to use watch list records to detect, identify, track, and interdict individuals who pose a threat to homeland security and (b) safeguards legal rights, including privacy and civil liberties. | In our October 2007 watchlist report, we recommended that the Secretary of Homeland Security, in coordination with the heads of appropriate federal departments and agencies, develop and submit to the President through the Assistant to the President for Homeland Security and Counterterrorism an updated strategy for a coordinated and comprehensive approach to terrorist-related screening. Among other things, the report was to (a) identify all appropriate screening opportunities to use watchlist records to detect, identify, track, and interdict individuals who pose a threat to homeland security and (b) safeguard legal rights, including privacy and civil liberties. We noted that such a...
|
| Department of Homeland Security | To enhance the use of the consolidated terrorist watch list as a counterterrorism tool and to help ensure its effectiveness the Secretary of Homeland Security should, in consultation with the heads of other appropriate federal departments, develop and submit to the President through the Assistant to the President for Homeland Security and Counterterrorism an updated investment and implementation plan that describes the scope, governance, principles, outcomes, milestones, training objectives, metrics, costs, and schedule of activities necessary for implementing a terrorist-related screening strategy, as called for in HSPD-11. | In our 2007 watchlist report, we recommended that the Secretary of Homeland Security, in consultation with the heads of other appropriate federal departments, develop and submit to the President through the Assistant to the President for Homeland Security and Counterterrorism an updated investment and implementation plan that describes the scope, governance, principles, outcomes, milestones, training objectives, metrics, costs, and schedule of activities necessary for implementing a terrorist-related screening strategy. The Department of Homeland Security (DHS) subsequently led an interagency effort to provide the president with this implementation plan, which was included as part of its...
|
| Homeland Security Council | To help ensure that governmentwide terrorist-related screening efforts have the oversight, accountability, and guidance necessary to achieve the Administration's vision of a comprehensive and coordinated approach, the Assistant to the President for Homeland Security and Counterterrorism should ensure that the governance structure proposed by the plan affords clear and adequate responsibility and authority to (a) provide monitoring and analysis of watch list screening efforts governmentwide, (b) respond to issues that hinder effectiveness, and (c) assess progress toward intended outcomes. | We recommended that the Assistant to the President for Homeland Security and Counterterrorism ensure that the governance structure for terrorism-related screening proposed by DHS affords clear and adequate responsibility and authority to (a) provide monitoring and analysis of watchlist screening efforts governmentwide, (b) respond to issues that hinder effectiveness, and (c) assess progress toward intended outcomes. This recommendation was intended to help ensure that governmentwide terrorist-related screening efforts have the oversight, accountability, and guidance necessary to achieve the Administration's vision of a comprehensive and coordinated approach. Subsequently, DHS proposed a...
|
Full Report
Public Inquiries
Topics
CounterterrorismEmergency preparednessFederal agenciesFederal intelligence agenciesHomeland securityInteragency relationsInvestigations by federal agenciesLaw enforcement agenciesPassenger screeningRecordsRecords managementRisk assessmentStandardsStrategic planningTerrorism