Congress Archives

Online shoppers take heed.

Within the next 6 to 12 months, Homeland Security Department officials say they expect to have a long-awaited, instantaneous system for tracking foreigners who have overstayed their visits. Lawmakers have said such a tool is crucial for removing potential terrorists.

In 2002, DHS began to build a comprehensive entry and exit system for collecting biometric data from visitors traveling to the United States but nearly a decade later the exit part still doesn't exist.

Without an exit system, the department has encountered difficulty accurately identifying overstays, according to the Government Accountability Office. DHS estimates there were 36 overstays among the 400 people convicted through international terrorism-related investigations between September 2001 and March 2010. Five of the 19 hijackers on Sept. 11, 2001, were overstays.

Those statistics may change if all goes according to plans that DHS officials outlined at a House hearing this week.

The department is looping together a multitude of databases operated by three DHS components and the intelligence community to more quickly see red flags. Once integrated, the systems maintained by Customs and Border Protection, Immigration and Customs Enforcement and US-VISIT will be able automate previously manual searches and cross-check those findings with law enforcement and intelligence data. In essence, the integrated app will generate an e-dossier on leads, testified John D. Cohen, DHS principal deputy coordinator for counterterrorism.

"Instead of us being reactive," by screening an accumulated list of potential overstays, "CBP and the technologists will be developing essentially a hot sheet," he told members of the House Homeland Security Subcommittee on Border and Maritime Security. It "will essentially create a dashboard available to ICE, on a day to day basis, that will provide them with insights about those public safety and national security risks that are either overstays or existing visa holders."

At first, the application will not be the biometric one envisioned by authorities after 9/11. It will include biographic information and certain fingerprints from travelers entering the United States, and, with advances in research, gradually grow into a robust biometric system. "You have the foundation for a biometric exit capability of the future," Cohen said.

Already, the department has taken steps toward this goal by vetting a backlog of 1.6 million overstays, Cohen said.

In May, DHS officials began by scratching off names of people who had since left the country or changed immigration status. Then, they screened in-house law enforcement and immigration records, as well as intelligence holdings from the National Counterterrorism Center, to winnow the remaining 757,000 people to 2,000 high-risk individuals. Of those, some had died or since become part of an ongoing investigation, leaving several hundred potential leads.

Two months later, all of the previously un-reviewed overstay records had been analyzed from a national security and public safety perspective, Cohen said. ICE currently is pursuing suspects, he added.

"I cannot for one tell you how much better I feel now," said Subcommittee Chairman Candice Miller, R-Mich.

Not so, said GAO.

"If we're going to focus on the national security and public safety folks, which is the thing to start with -- it gives the impression that once you're in the country, you're in. Unless you act out," Richard M. Stana, GAO director for homeland security and justice issues, said at the hearing.

Omar Abdel-Rahman -- an overstay -- had no criminal record before he was arrested for the 1993 World Trade Center bombing, Rep. Michael McCaul, R-Texas, noted.

Homeland Security officials confirmed they have nixed a project that was supposed to tie together the department's financial systems, instead opting to consider a smaller network located remotely, in the cloud.

Friday morning, Nextgov reported that DHS yanked the Transformation and Systems Consolidation program, or TASC, after current contractors on existing systems and a Web services company protested a $450 million contract the department awarded to CACI last year.

"Based upon a review and reevaluation of the solicitation, DHS is considering alternatives to meet revised requirements," DHS spokesman Chris Ortman said Friday, referring to the department's decision to stop pursuing a centralized financial, asset and acquisition management system. "The modernization of the department's financial, acquisition and asset systems remains a key priority for DHS."

In March, federal auditors, in siding with one of the protesters, Global Computer Enterprises, a provider of online financial reporting and accounting services, ruled that DHS narrowed system requirements mid-competition without letting vendors submit new proposals. Homeland Security changed directions after the White House directed all agencies halt work on financial systems, a characteristically complex kind of IT project, and either scale back features or cancel the whole operation.

As for future plans, DHS officials said a cloud-based or shared services setup, where multiple agencies share server room in a government or contractor-operated data center, could meet the department's needs. The new model would attempt to connect fewer agencies and fewer tools, just the core financial management functions at the Federal Emergency Management Agency, the U.S. Coast Guard and U.S. Immigration and Customs Enforcement.

This marks the second time the department, which also recently abandoned a more than $1 billion border virtual fence, has lost money on a failed effort to unify its financial systems. Some lawmakers remain concerned that any future project will falter due to poor planning, no matter whether the system resides in the cloud or in a physical DHS data center.

"Most of the material weaknesses still on the books are related to processes and not systems, and regardless of what decisions DHS makes on how it will integrate its information systems, the underlying processes must be corrected for that system to function properly," Rep. Todd Platts, R-Pa., chairman of the House Oversight and Government Reform Subcommittee on Government Organization, Efficiency and Financial Management, said at a Friday hearing on the department's overall financial management.

While perhaps not critical to the protection of life and property, the economic stimulus-tracking website Recovery.gov is exempt from the government shutdown. The site, which will be updated later this month, is funded through 2009 Recovery Act appropriations -- not the annual agency appropriations that Congress is debating today. A media release from the site's overseer, the Recovery Accountability and Transparency Oversight Board, states:

In the event of a government shutdown, the Recovery Board will continue its regular operations because the agency is funded from an appropriation that continues to remain available until September 30, 2011. The government shutdown will not affect the ongoing recipient reporting for the first quarter of 2011, which is scheduled to continue until April 14. Data from those recipient reports will be posted on Recovery.gov on April 30.

Senate Commerce Chairman Jay Rockefeller has postponed a computer security hearing to attend the funeral of Judge M. Blane Michael, a proponent of digital privacy who served as Rockefeller's special counsel during his first term as governor of West Virginia, aides for the senator said on Monday.

Rockefeller, D-W.Va., has not yet announced a new date for the hearing, previously scheduled for Wednesday, which was to examine the economic ramifications of cyber threats in the private sector.

Last year, Michael, who sat on the U.S. Court of Appeals for the Fourth Circuit in Richmond, lectured to students at his alma mater New York University School of Law that the Internet may undermine the Fourth Amendment's search and seizure protections: "The digital age is placing our privacy in jeopardy. Technological advances in the way we communicate and store information make us increasingly vulnerable to intrusive searches and seizures."

The disconnect between analogue-era privacy and communications laws and the evolving, online nature of criminal activity has been the subject of several congressional hearings during the past year. Lawmakers are considering updating civil liberties legislation, such as the 1986 Electronic Communications Privacy Act, as well as establishing new computer crime rules as part of comprehensive cyber legislation.

During his speech, Michael noted that people store their digital files, including love letters, diaries and financial records, on an Internet service provider's remote server, so that they can access their documents from any computer.

"But online storage also raises questions about whether we retain any Fourth Amendment privacy interest in files once we store them remotely because they are then technically accessible to the Internet service provider," he said.

Michael cited a case that involved the government's seizure of Google's email servers, which house millions of people's personal data, just to look for just a few incriminating messages.

"In evaluating whether there is a privacy interest in personal files stored online, the current framework leaves room for considering other sources of interpretation, including the Fourth Amendment's formative history and contemporary norms and circumstances," he said.

On Friday, Rockefeller said in a statement that Michael was unvarnished in his honesty, uncanny in his humor and unequaled in his humility. He called him "a brilliant judge who never took for granted the power and the responsibility of deciding the cases that impacted people's lives or righted serious wrongs.

"I will be forever fortunate to call him my dearest friend and confidant - the kind you just trust to his very core and whose deep, easy companionship abides with you for a lifetime," he said.

The Defense Department organization charged with cyber combat is reinforcing military networks by moving much of DoD's computing to a space many civilian agencies view as insecure - the cloud. Cloud computing is the practice of storing and accessing applications in a shared online environment, instead of on in-house servers.

U.S. Cyber Command chief Gen. Keith Alexander told lawmakers on Wednesday the following:

"The idea is to reduce vulnerabilities inherent in the current architecture and to exploit the advantages of cloud computing and thin-client networks, moving the programs and the data that users need away from the thousands of desktops we now use--up to a centralized configuration that will give us wider availability of applications and data combined with tighter control over accesses and vulnerabilities and more timely mitigation of the latter."

The White House has been pressing agencies to outsource information technology services to the Web as a way of phasing out the federal government's more than 2,000 expensive, energy-sucking data centers. But many federal managers are fearful of losing their data in the cloud. What happens in the event of an online outage or if the communal, off-site servers storing their programs are hacked?

Alexander's explanation as to why the cloud will offer Defense good defense:

"This architecture would seem at first glance to be vulnerable to insider threats -- indeed, no system that human beings use can be made immune to abuse -- but we are convinced the controls and tools that will be built into the cloud will ensure that people cannot see any data beyond what they need for their jobs and will be swiftly identified if they make unauthorized attempts to access data."

White House officials on Thursday morning released a 25-point implementation plan to execute one of the biggest information technology contracting overhauls since the 1996 Clinger-Cohen Act.

The problem the plan aims to tackle: Productivity gains in the private sector have outpaced government performance even though federal agencies spent about $600 billion during the past decade on technology to boost efficiency. The Obama administration's policy roadmap aims to dismantle the old way of installing new technology - which has been to design overly-ambitious systems that fall years behind in development - and create new procedures for quickly and cheaply upgrading machinery.

Here are some of the standouts on the to-do list:

• Reshape or terminate at least one-third of underperforming projects in the government's $80 billion IT portfolio within the next 18 months.
• Shift to a "cloud first" policy, where agencies consider moving to Web-based software and hardware before spending money on new systems. Each agency will identify three must-move services within three months, shift one of those services to the cloud within 12 months and then transition the remaining two within 18 months.
• Within 12 months, establish a tech fellows program modeled after the Presidential Management Fellows program to recruit graduate students with in-demand talents into IT program management.
• By mid-June, launch a website where industry and agency contracting officials can collaborate prior to the issuance of requests for proposals.

The Library of Congress, which recently shutoff access to WikiLeaks on its computers, may be unintentionally undermining the research its analysts perform for lawmakers, classification expert Steven Aftergood, who regularly publishes a government secrecy newsletter, blogged on Monday.

The Congressional Research Service, a branch of the library that scours bills, news and other primary sources to inform lawmakers of pressing issues, "will be unable to access or to cite the leaked materials in their research reports to Congress," wrote Aftergood, who runs the project on government secrecy at the Federation of American Scientists, a nonpartisan think tank.

Several current and former library employees told him that restricting access to WikiLeaks could degrade CRS analysts' research and may not have a legal basis, he added.

• "It's a difficult situation," said one CRS analyst. "The information was released illegally, and it's not right for government agencies to be aiding and abetting this illegal dissemination. But the information is out there. Presumably, any Library of Congress researcher who wants to access the information that WikiLeaks illegally released will simply use their home computers or cell phones to do so. Will they be able to refer directly to the information in their writings for the library? Apparently not, unless a secondary source, like a newspaper, happens to have already cited it."


• "I don't know that you can make a credible argument that CRS reports are the gold standard of analytical reporting, as is often claimed, when its analysts are denied access to information that historians and public policy types call a treasure trove of data," a former CRS employee said.
• In a press release, LOC explained its actions by citing an Office of Management and Budget memo regarding the obligation that federal agencies and federal employees have to protect classified information. "But LOC is statutorily chartered as the library of the House and the Senate. It is a legislative branch agency. I don't recall either chamber directing the blocking of access to WikiLeaks for/or by its committees, offices, agencies, or members," a different former analyst said.

Aftergood's summation: "If CRS is 'Congress' brain,' then the new access restrictions could mean a partial lobotomy."

During a webcast next Thursday morning, Office of Management and Budget officials will flesh out the Obama administration's recently-announced strategy to update the way agencies acquire and access information technology. The Dec. 9 Forum on IT Management Reform will be held at the White House at 8:30 a.m. and streamed live here, according to an administration official.

Federal Chief Performance Officer Jeffrey Zients and federal Chief Information Officer Vivek Kundra will discuss detailed execution plans for the initiative and take questions from government IT managers and contracting officials, as well as IT vendors.

The thrust of the strategy -- which was unveiled Nov. 19 -- is to expedite the process of upgrading IT systems by moving equipment online to the cloud; matching the technology refresh cycle with the congressional appropriations cycle; cultivating a cadre of professional program managers; encouraging communication between agency managers and the IT community; and holding in-person meetings with senior executives and program managers to review projects.

The Food and Drug Administration may have to bulk up on information technology if the House signs off on surveillance measures in a food safety bill the Senate passed Tuesday.

Three months after enactment of S. 510, FDA would have to create an online search engine that allows people to find helpful information on every recalled food, such as whether the recall is ongoing or completed.

Within two years, FDA's parent agency, the Health and Human Services Department, would have to report to Congress on new IT needed for identifying food contamination risks and collecting data from foreign governments, industry, labs, consumers and other sources, according to the bill. HHS officials also would have to detail their progress on building an electronic system that can flag indicators of health risks from the data gathered.

Similarly, the Centers for Disease Control and Prevention would be required to upgrade surveillance machines with better tools for obtaining data on disease exposures; enhancements for matching illnesses with specific foods; and mechanisms for sharing anonymous, aggregated data with the public more quickly.

Lawmakers now will reconcile differences between the House bill, H.R. 2749, approved in July 2009, and the Senate version. The Senate bill, which had been in the works for years, was prompted by several high-profile food scares, including outbreaks of salmonella in tomatoes, spinach tainted with e-coli, contaminated imports from China and the biggest beef recall in U.S. history.

Senate Majority Whip Richard J. Durbin, D-Ill., who spearheaded the legislation, said: "This bill will have a dramatic impact on the way the FDA operates - providing it with more resources for inspection, mandatory recall authority and the technology to trace an outbreak back to its source."