国会记录：2006年9月28日（参议院）页S10463-S10471声明提出的法案和联合决议案通过阿卡卡先生（为自己和先生的Lautenberg）：S. 3968法案肯定总审计长的审计权限和评估方案，活动和情报界的金融交易，以及用于其他目的;对情报专责委员会。阿卡卡先生。主席先生，我谨介绍``的2006年情报界审计法“”参议员劳腾伯格这将重申美国总审计长和政府责任的总行，GAO，权威审核金融交易和评估情报界（IC）的方案和活动。代表本尼·汤普森，众议院国土安全委员会高级成员，推出了类似的立法。该法案的参议员劳腾伯格和我今日报价与参议员约翰·格伦，在政府事务委员会的前主席，在1987年通过立法保持以确保Iran-过后中央情报局（CIA）的更有效的监督魂斗罗丑闻。[页S10464]将需要更大的监督和信息的可用性，以适当的国会委员会是不是新的。新的情况是，国会没有失败的奢侈品在这个时代的恐怖主义。 Failure brings terrible consequence. Since 9/11, effective oversight is needed now more than ever for two very basic reasons: First, intelligence reforms have spawned new agencies with new intelligence functions demanding even more inter- agency cooperation. The Congress needs to ensure that these agencies have the assets, resources, and capability to do their job in protecting our national security. However, now the Congress cannot do its job properly, in part, because its key investigative arm, the Government Accountability Office, is not given adequate access to the intelligence community, led by the Director of National Intelligence (DNI). Moreover, intelligence oversight is no longer the sole purview of the Senate and House intelligence committees. Other committees have jurisdiction over such departments as Homeland Security, State, Defense, Justice, Energy, and even Treasury and Commerce, which, in this war on terrorism, have intelligence collection and sharing responsibilities. Nor is the information necessary for these committees to exercise their oversight responsibilities restricted to the two intelligence committees as their organizing resolutions make clear. Unfortunately, the intelligence community stonewalls the GAO when committees of jurisdiction request that GAO investigate problems despite the clear responsibility of Congress to ensure that these agencies are operating effectively to protect America. This is not always the case. Some agencies recognize the valuable contribution that GAO makes in improving the quality of our intelligence. As Lieutenant General Lew Allen, Jr., then Director of the National Security Agency (NSA), observed in testimony before the Senate Select Committee To Study Governmental Operations With Respect To Intelligence Activities, on October 29, 1975: ``Another feature of congressional review is that since 1955 resident auditors of the General Accounting Office have been assigned at the Agency to perform on-site audits. Additional GAO auditors were cleared for access in 1973, and GAO, in addition to this audit, is initiating a classified review of our automatic data processing functions.'' Not surprisingly, this outpost of the GAO still exists at the NSA. Second, and equally important, is the inability of Congress to ensure that unfettered intelligence collection does not trample civil liberties. New technologies and new personal information data bases threaten our individual right to a secure private life, free from unlawful government invasion. The Congress must ensure that private information being collected by the intelligence community is not misused and is secure. Over 30 years ago, Senator Charles Percy urged Congress to ``act now to gain control over the Government's dangerously proliferating police, investigative, and intelligence activities.'' He noted that ``we find ourselves threatened by the specter of a `watchdog' Government, breeding a nation of snoopers.'' The privacy concerns expressed by our former colleague have become vastly more complicated. As I have noted, the institutional landscape has become littered with new intelligence agencies with ever-increasing demands and responsibilities on law enforcement at every level of government since the establishment of the Department of Homeland Security and the passage of the Intelligence Reform and Terrorism Prevention Act of 2004. They have the legitimate mission to protect the country against potential threats. Congress' role is to ensure that their mission remains legitimate. The intelligence community today consists of 19 different agencies or components: the Office of the Director of National Intelligence; Central Intelligence Agency; Department of Defense; Defense Intelligence Agency; National Security Agency; Departments of the Army, Navy, Marine Corps, and Air Force; Department of State; Department of Treasury; Department of Energy; Department of Justice; Federal Bureau of Investigation; National Reconnaissance Office; National Geospatial- Intelligence Agency; Coast Guard; Department of Homeland Security, and the Drug Enforcement Administration. I ask unanimous consent that a谅解备忘录由国会研究服务处(Congressional Research Service)编写的题为《国会情报监督》(Congressional Intelligence Oversight)的报告将被列入记录。正如建立情报监督委员会的众议院第48条规则和参议院第400号决议所述，“本(宪章)中没有任何内容应被解释为修正、限制、或以其他方式改变[众议院/参议院]任何常设委员会的权力，以获得政府的任何部门或机构与该委员会管辖范围内的其他事项相关的情报活动的产品的全面和迅速的访问权。他说:“尽管发表了这一明确和毫不含糊的声明，但无论非情报委员会获取信息的能力对改善我们国家的安全有多么重要，都受到情报机构各种因素的限制。最近发生的两起事件使这一情况变得令人不安地清楚。在一场``访问延迟：修复安全许可过程,第二部分,“2005年11月9日，在政府管理监督小组委员会、联邦劳动力委员会和哥伦比亚特区委员会(我是该委员会的高级成员)面前，问责局被问及将采取哪些步骤，以确保人事管理办公室(OPM)、管理和预算办公室(Office of Management and Budget)、情报部门也达到了人事管理局安全审查战略计划中列出的目标和目标。修改安全审查程序(这是GAO的高风险清单)对我们的国家安全至关重要。但正如美国政府问责局在对参议员沃伊诺维奇提出的问题的书面答复中所指出的，“虽然我们有权力做这样的工作，但我们缺乏在这一领域完成工作所需的合作。”“情报界阻碍了GAO在这一关键领域的工作。美国政府问责局(GAO)为参议院国土安全委员会(Senate Homeland Security Committee)和众议院政府改革委员会(House Government Reform Committee)所做的一项调查也引发了类似的案件，调查内容是各机构如何分享与恐怖主义有关的、敏感但非机密的信息。该报告题为“信息共享，联邦政府需要制定政策和程序，共享与恐怖主义有关的敏感但非机密信息”(高- 06 - 385），于2006年3月发布。当国会由9-11委员会成员批评未能实施其建议时，我们应该记住，在各机构之间的恐怖主义信息共享的提高是9-11佣金。此外，2004年智力改革和恐怖主义预防法案通过建立信息共享环境来授权分享恐怖主义信息。然而，当高于对高报告的评论时，国家情报署署长拒绝的办公室拒绝，指出“智力活动的审查超越高于高的普遍存在”。“”但是，作为一个国会研究服务备忘录“‘机密’和‘敏感但非机密’信息的概述”总结道，“在某些情况下，伪分类标记似乎阻止了国土安全的信息共享。”“我请求大家一致同意，在我的发言之后将备忘录印在记录中。不幸的是，我有更多的例子，在9-11后改革之前。事实上，在2001年7月，在题为“中央情报局，对GAO获取中央情报局项目和活动信息的观察”的证词中(高- 01 - 975 t）在众议院政府改革委员会之前，GAO指出，作为一个实际问题，“我们的访问通常限于获取有关CIA的信息，当CIA没有将其审计视为监督其活动的审计时。”我提交同意，在我的评论之后也打印了这一证词。这是不可思议的是，高 - 美国国会的审计部门 - 已无法在40年内进行中央情报局的评估。[[Page S10465]]如果高级能够开展中央情报局的基本审计职能，可能在2001年9月恐怖袭击之后已经解决了一些如此明确暴露的问题。然而，在9-11之后五年后，这是一个非凡的问题持续存在。再一次提到参议员Glenn的比尔S. 1458，该法是1987年的“一般会计办事处 - 中央情报局审计法”。“在其介绍上，他说，”从长远来看，我相信CIA的高级审计将降低未来权力滥用权的概率，提高中央情报局管理的可信度，增加了原子能机构的基本支持的基本支持，协助国会进行有意义的监督，并不妥协中央情报局任务。“”1458年没有成为法律，近20年后，CIA的明显管理挑战导致了2004年智力改革法案的国家情报局长。如果参议员格伦在1987年提出的提案已被接受，也许，也许，在9-11之后，我们的情报机构明显的一些问题可能永远不会发生。我想清楚，我的立法不会减损情报委员会的权威。 In fact, the language makes explicit that the Comptroller General may conduct an audit or evaluation of intelligence sources and methods or covert actions only upon the request of the intelligence committees or at the request of the congressional majority or minority leaders. The measure also prescribes for the security of the information collected by the Comptroller General. However, my bill reaffirms the authority of the Comptroller General to conduct audits and evaluations--other than those relating to sources and methods, or covert actions--relating to the management and administration of elements of the intelligence community in areas such as strategic planning, financial management, information technology, human capital, knowledge management, information sharing, and change management for other relevant committees of the Congress. Attached is a detailed description of the legislation. I urge my colleagues to join me in supporting this legislation. I ask unanimous consent that the text of the bill be printed in the Record. There being no objection the materials were ordered to be printed in the Record, as follows:国会研究服务部，华盛顿特区，9月14日，2006年主题：智能的国会监督。来源：阿尔弗雷德·卡明，专家在情报和国家安全外交，国防和贸易司。本备忘录分别考察了由美国国会在上世纪70年代建立的情报监督结构，包括代表的美国国会众议院和参议院的创作国会选择情报委员会。它也着眼于智能监督作用，国会保留给情报委员会其他国会委员会;检查某些现有支配行政部门是如何掌握美国情报活动的国会情报委员会的法定程序;并期待在其下两个情报委员会预计将保持国会常务委员会，以及两院的情况，知情的情报活动。如果我可以进一步协助，请致电707-7739。背景在国会调查情报界的活动在70年代中期之后，美国参议院于1976年创建了情报专责委员会进行持续的基础上更有效的监督。代表的美国国会众议院建立了自己的情报监督委员会下一年。直到被创建的两个情报委员会，其他国会常设委员会 - 主要是参议院和众议院军事和拨款委员会 - 共享监督情报部门的责任。 Although willing to cede primary jurisdiction over the Central Intelligence Agency (CIA) to the two new select intelligence committees, these congressional standing committees wanted to retain jurisdiction over the intelligence activities of the other departments and agencies they oversaw. According to one observer, the standing committees asserted their jurisdictional prerogatives for two reasons--to protect ``turf,'' but also to provide ``a hedge against the possibility that the newly launched experiment in oversight might go badly.'' Intelligence Committees' Statutory Obligations Under current statute, the President is required to ensure that the congressional intelligence committees are kept ``fully and currently informed'' of U.S. intelligence activities, including any ``significant anticipated intelligence activity, and the President and the intelligence committees are to establish any procedures as may be necessary to carry out these provisions. The statute, however, stipulates that the intelligence committees in turn are responsible for alerting the respective chambers or congressional standing committees of any intelligence activities requiring further attention. The intelligence committees are to carry out this responsibility in accordance with procedures established by the House of Representatives and the Senate, in consultation with the Director of National Intelligence, in order to protect against unauthorized disclosure of classified information, and all information relating to sources and methods. The statute stipulates that: ``each of the congressional intelligence committees shall promptly call to the attention of its respective House, or to any appropriate committee or committees of its respective House, any matter relating to intelligence activities requiring the attention of such House or such committee or committees.'' This provision was included in statute after being specifically requested in a letter from then Senate Foreign Relations Chairman Frank Church and Ranking Minority Member Jacob Javits in an Apr. 30, 1980 letter to then-intelligence committee Chairman Birch Bayh and Vice Chairman Barry Goldwater. Intelligence Committee Obligations Under Resolution In an apparent effort to address various concerns relating to committee jurisdiction, the House of Representatives and the Senate, in the resolutions establishing each of the intelligence committees, included language preserving oversight roles for those standing committees with jurisdiction over matters affected by intelligence activities. Specifically, each intelligence committee's resolution states that: ``Nothing in this [Charter] shall be construed as prohibiting or otherwise restricting the authority of any other committee to study and review any intelligence activity to the extent that such activity directly affects a matter otherwise within the jurisdiction of such committee.'' Both resolutions also stipulate that: Nothing in this [charter] shall be construed as amending, limiting, or otherwise changing the authority of any standing committee of the [House/Senate] to obtain full and prompt access to the product of the intelligence activities of any department or agency of the Government relevant to a matter otherwise within the jurisdiction of such committee. Finally, both charters direct that each intelligence committee alert the appropriate standing committees, or the respective chambers, of any matter requiring attention. The charters state: The select committee, for the purposes of accountability to the [House/Senate] shall make regular and periodic reports to the [House/Senate] on the nature and extent of the intelligence activities of the various departments and agencies of the United States. Such committee shall promptly call to the attention of the [House/Senate] or to any other appropriate committee or committees of the [House/Senate] any matters requiring the attention of the [House/Senate] or such other appropriate committee or committees. Cross-over Membership Both resolutions also direct that the membership of each intelligence committee include members who serve on the four standing committees that historically have been involved in intelligence oversight. The respective resolutions designate the following committees as falling in this category: Appropriations, Armed Services, Judiciary, and the Senate Foreign Relations Committee and the House International Relations Committee. Although each resolution directs that such cross-over members be designated, neither specifies whether cross-over members are to play any additional role beyond serving on the intelligence committees. For example, neither resolution outlines whether cross-over members are to inform colleagues on standing committees they represent. Rather, each resolution directs only that the ``intelligence committee'' shall promptly call such matters to the attention of standing committees and the respective chambers if the committees determine that they require further attention by those entities. Summary Conclusions Although the President is statutorily obligated to keep the congressional intelligence committees fully and currently informed of intelligence activities, the statute obligates the intelligence committees to inform the respective chambers, or standing committees, of such activities, if either of the two committees determine that further oversight attention is required. Further, resolutions establishing the two intelligence committees make clear that the intelligence committees share intelligence oversight responsibilities with other standing committees, to the extent that certain intelligence activities affect matters that fall under the jurisdiction of a committee other than the intelligence committees. Finally, the resolutions establishing the intelligence committees provide for the designation of ``cross-over'' members representing certain standing committees that [[Page S10466]] played a role in intelligence oversight prior to the establishment of the intelligence committees in the 1970s. The resolutions, however, do not specify what role, if any, these ``cross-over'' members play in keeping standing committees on which they serve informed of certain intelligence activities. Rather, each resolution states that the respective intelligence committee shall make that determination. ____国会研究服务，2006年7月18日。备忘录主题：“分类”和“敏感但未入住”的信息来自：Harold C. Relyea，美国国家政府，政府和财务部门专家的信息，联邦政策可能需要保护或特定状态的特定信息。此备忘录提供了两种类别的此类信息政策的简要介绍和概述。第一个类别在很大程度上落在一个政策文书中 - 一项总统执行令 - 明确的焦点和相当细节：在三项伤害方面，国家安全信息的分类披露这些信息可能导致国家，导致机密，秘密和顶级秘密指定。第二类是与第一类相比之下的，在其覆盖的各种信息方面，在某些情况下甚至是模糊的点，并且在各种仪器中表达，其中大多数是非法定的：敏感但未分类（SBU）保护管理信息的标记，尽管根据信息法案（FOIA）的自由，可能允许其公开披露。在下面讨论中审查了这两类。安全分类信息当前由总统的执行令规定的安全分类安排，追溯其起源于富兰克林D.罗斯福总统发布的1940年3月指令作为E.O.8381.这一发展可能有所促使希望澄清国防社会民事人员的权威，以鉴于不断增长的全球敌对，建立更广泛的保护军事信息的更广泛的基础，似乎有酌情权力 of increasing importance to the entire executive branch. Prior to this 1940 order, information had been designated officially secret by armed forces personnel pursuant to Army and Navy general orders and regulations. The first systematic procedures for the protection of national defense information, devoid of special markings, were established by War Department General Orders No. 3 of February 1912. Records determined to be ``confidential'' were to be kept under lock, ``accessible only to the officer to whom intrusted.'' Serial numbers were issued for all such ``confidential'' materials, with the numbers marked on the documents, and lists of same kept at the offices from which they emanated. With the enlargement of the armed forces after the entry of the United States into World War I, the registry system was abandoned and a tripartite system of classification markings was inaugurated in November 1917 with General Orders No. 64 of the General Headquarters of the American Expeditionary Force. The entry of the United States into World War II prompted some additional arrangements for the protection of information pertaining to the nation's security. Personnel cleared to work on the Manhattan Project for the production of the atomic bomb, for instance, in committing themselves not to disclose protected information improperly, were ``required to read and sign either the Espionage Act or a special secrecy agreement,'' establishing their awareness of their secrecy obligations and a fiduciary trust which, if breached, constituted a basis for their dismissal. A few years after the conclusion of World War II, President Harry S. Truman, in February 1950, issued E.O. 10104, which, while superseding E.O. 8381, basically reiterated its text, but added a fourth Top Secret classification designation to existing Restricted, Confidential, and Secret markings, making American information security categories consistent with those of our allies. At the time of the promulgation of this order, however, plans were underway for a complete overhaul of the classification program, which would result in a dramatic change in policy. E.O. 10290, issued in September 1951, introduced three sweeping innovations in security classification policy. First, the order indicated the Chief Executive was relying upon ``the authority vested in me by the Constitution and statutes, and as President of the United States'' in issuing the directive. This formula appeared to strengthen the President's discretion to make official secrecy policy: it intertwined his responsibility as Commander in Chief with the constitutional obligation to ``take care that the laws be faithfully executed.'' Second, information was now classified in the interest of ``national security,'' a somewhat new, but nebulous, concept, which, in the view of some, conveyed more latitude for the creation of official secrets. It replaced the heretofore relied upon ``national defense'' standard for classification. Third, the order extended classification authority to nonmilitary entities throughout the executive branch, to be exercised by, presumably, but not explicitly limited to, those having some role in ``national security'' policy. The broad discretion to create official secrets granted by E.G. 10290 engendered widespread criticism from the public and the press. In response, President Dwight D. Eisenhower, shortly after his election to office, instructed Attorney General Herbert Brownell to review the order with a view to revising or rescinding it. The subsequent recommendation was for a new directive, which was issued in November 1953 as E.O. 10501. It withdrew classification authority from 28 entities, limited this discretion in 17 other units to the agency head, returned to the ``national defense'' standard for applying secrecy, eliminated the ``Restricted'' category, which was the lowest level of protection, and explicitly defined the remaining three classification areas to prevent their indiscriminate use. Thereafter, E.G. 10501, with slight amendment, prescribed operative security classification policy and procedure for the next two decades. Successor orders built on this reform. These included E.O. 11652, issued by President Richard M. Nixon in March 1972, followed by E.O. 12065, promulgated by President Jimmy Carter in June 1978. For 30 years, these classification directives narrowed the bases and discretion for assigning official secrecy to executive branch documents and materials. Then, in April 1982, this trend was reversed with E.O. 12356, issued by President Ronald Reagan. This order expanded the categories of classifiable information, mandated that information falling within these categories be classified, authorized the reclassification of previously declassified documents, admonished classifiers to err on the side of classification, and eliminated automatic declassification arrangements. President William Clinton returned security classification policy and procedure to the reform trend of the Eisenhower, Nixon, and Carter Administrations with E.O. 12958 in April 1995. Adding impetus to the development and issuance of the new order were changing world conditions: the democratization of many eastern European countries, the demise of the Soviet Union, and the end of the Cold War. Accountability and cost considerations were also significant influences. In 1985, the temporary Department of Defense (DOD) Security Review Commission, chaired by retired General Richard G. Stilwell, declared that there were ``no verifiable figures as to the amount of classified material produced in DOD and in defense industry each year.'' Nonetheless, it concluded that ``too much information appears to be classified and much at higher levels than is warranted.'' In October 1993, the cost of the security classification program became clearer when the General Accounting Office (GAO) reported that it was ``able to identify government-wide costs directly applicable to national security information totaling over $350 million for 1992.'' After breaking this figure down--it included only $6 million for declassification work--the report added that ``the U.S. government also spends additional billions of dollars annually to safeguard information, personnel, and property.'' E.O. 12958 set limits for the duration of classification, prohibited the reclassification of properly declassified records, authorized government employees to challenge the classification status of records, reestablished the balancing test of E.O. 12065 weighing the need to protect information vis-a-vis the public interest in its disclosure, and created two review panels--one on classification and declassification actions and one to advise on policy and procedure. Most recently, in March 2003, President George W. Bush issued E.O. 13292, amending E.O. 12958. Among the changes made by this order were adding infrastructure vulnerabilities or capabilities, protection services relating to national security, and weapons of mass destruction to the categories of classifiable information; easing the reclassification of declassified records; postponing the automatic declassification of protected records 25 or more years old, beginning in mid-April 2003 to the end of December 2006; eliminating the requirement that agencies prepare plans for declassifying records; and permitting the Director of Central Intelligence to block declassification actions of the Interagency Security Classification Appeals Panel, unless overruled by the President. The security classification program has evolved during the past 66 years. One may not agree with all of its rules and requirements, but attention to detail in its policy and procedure result in a significant management regime. The operative executive order, as amended, defines its principal terms. Those who are authorized to exercise original classification authority are identified. Exclusive categories of classifiable information are specified, as are the terms of the duration of classification, as well as classification prohibitions and limitations. Classified information is required to be marked appropriately along with the identity of the original classifier, the agency or office of origin, and a date or event for declassification. Authorized holders of classified information who believe that its protected status is improper are ``encouraged and expected'' to challenge that status through prescribed arrangements. Mandatory declassification reviews are also authorized to determine if protected records merit continued classification at their present level, a lower level, or at all. Unsuccessful classification challenges [[Page S10467]] and mandatory declassification reviews are subject to review by the Interagency Security Classification Appeals Panel. General restrictions on access to classified information are prescribed, as are distribution controls for classified information. The Information Security Oversight Office (ISOO) within the National Archives and Records Administration (NARA) is mandated to provide central management and oversight of the security classification program. If the director of this entity finds that a violation of the order or its implementing directives has occurred, it must be reported to the head of the agency or to the appropriate senior agency official so that corrective steps, if appropriate, may be taken. While Congress, thus far, has elected not to create statutorily mandated security classification policy and procedures, the option to do so has been explored in the past, and its legislative authority to do so has been recognized by the Supreme Court. Congress, however, has established protections for certain kinds of information-- such as Restricted Data in the Atomic Energy Acts of 1946 and 1954, and intelligence sources and methods in the National Security Act of 1947--which have been realized through security classification arrangements. It has acknowledged properly applied security classification as a basis for withholding records sought pursuant to the Freedom of Information Act. Also, with a view to efficiency and economy, as well as effective records management, committees of Congress, on various occasions, have conducted oversight of security classification policy and practice, and have been assisted by GAO and CRS in this regard. Sensitive but Unclassified Information The widespread existence and use of information control markings other than those prescribed for the security classification of information came to congressional attention in March 1972 when a subcommittee of what is now the House Committee on Government Reform launched the first oversight hearings on the administration and operation of the Freedom of Information Act (FOIA). Enacted in 1966, FOIA had become operative in July 1967. In the early months of 1972, the Nixon Administration was developing new security classification policy and procedure, which would be prescribed in E.O. 11652, issued in early March. Preparatory to this hearing, the panel had surveyed the departments and agencies in August 1971, asking, among other questions, ``What legend is used by your agency to identify records which are not classifiable under Executive Order 10501 [the operative order at the time] but which are not to be made available outside the government?'' Of 58 information control markings identified in response to this question, the most common were For Official Use Only (11 agencies); Limited Official Use (nine agencies); Official Use Only (eight agencies); Restricted Data (five agencies); Administratively Restricted (four agencies); Formerly Restricted Data (four agencies); and Nodis, or no dissemination (four agencies). Seven other markings were used by two agencies in each case. A CRS review of the agency responses to the control markings question prompted the following observation. Often no authority is cited for the establishment or origin of these labels; even when some reference is provided it is a handbook, manual, administrative order, or a circular but not statutory authority. Exceptions to this are the Atomic Energy Commission, the Defense Department and the Arms Control and Disarmament Agency. These agencies cite the Atomic Energy Act, N.A.T.O. related laws, and international agreements as a basis for certain additional labels. The Arms Control and Disarmament Agency acknowledged it honored and adopted State and Defense Department labels. Over three decades later, it appears that approximately the same number of these information control markings are in use; that the majority of them are administratively, not statutorily, prescribed; and that many of them have an inadequate management regime, particularly when compared with the detailed arrangements which govern the management of classified information. A recent press account illustrates another problem. In late January 2005, GCN Update, the online, electronic news service of Government Computer News, reported that ``dozens of classified Homeland Security Department documents'' had been accidently made available on a public Internet site for several days due to an apparent security glitch at the Department of Energy. Describing the contents of the compromised materials and reactions to the breach, the account stated the ``documents were marked `for official use only,' the lowest secret-level classification.'' The documents, of course, were not security classified, because the marking cited is not authorized by E.O. 12958. Interestingly, however, in view of the fact that this misinterpretation appeared in a story to which three reporters contributed, perhaps it reflects, to some extent, the current confusion of these information control markings with security classification designations. Broadly considering the contemporary situation regarding information control markings, a recent information security report by the JASON Program Office of the MITRE Corporation proffered the following assessment. The status of sensitive information outside of the present classification system is murkier than ever. ``Sensitive but unclassified'' data is increasingly defined by the eye of the beholder. Lacking in definition, it is correspondingly lacking in policies and procedures for protecting (or not protecting) it, and regarding how and by whom it is generated and used. A contemporaneous Heritage Foundation report appeared to agree with this appraisal, saying: The process for classifying secret information in the federal government is disciplined and explicit. The same cannot be said for unclassified but security-related information for which there is no usable definition, no common understanding about how to control it, no agreement on what significance it has for U.S. national security, and no means for adjudicating concerns regarding appropriate levels of protection. Concerning the current Sensitive but Unclassified (SBU) marking, a 2004 report by the Federal Research Division of the Library of Congress commented that guidelines for its use are needed, and noted that ``a uniform legal definition or set of procedures applicable to all Federal government agencies does not now exist.'' Indeed, the report indicates that SBU has been utilized in different contexts with little precision as to its scope or meaning, and, to add a bit of chaos to an already confusing situation, is ``often referred to as Sensitive Homeland Security Information. Assessments of the variety, management, and impact of information control markings, other than those prescribed for the classification of national security information, have been conducted by CRS, GAO, and the National Security Archive, a private sector research and resource center located at The George Washington University. In March 2006, GAO indicated that, in a recent survey, 26 federal agencies reported using 56 different information control markings to protect sensitive information other than classified national security materia1. That same month, the National Security Archive offered that, of 37 agencies surveyed, 24 used 28 control markings based on internal policies, procedures, or practices, and eight used 10 markings based on statutory authority. These numbers are important in terms of the variety of such markings. GAO explained this dimension of the management problem. [T]here are at least 13 agencies that use the designation For Official Use Only [FOUO], but there are at least five different definitions of FOUO. At least seven agencies or agency components use the term Law Enforcement Sensitive (LES), including the U.S. Marshals Service, the Department of Homeland Security (DHS), the Department of Commerce, and the Office of Personnel Management (OPM). These agencies gave differing definitions for the term. While DHS does not formally define the designation, the Department of Commerce defines it to include information pertaining to the protection of senior government officials, and OPM defines it as unclassified information used by law enforcement personnel that requires protection against unauthorized disclosure to protect the sources and methods of investigative activity, evidence, and the integrity of pretrial investigative reports. Apart from the numbers, however, is another aspect of the management problem, which GAO described in the following terms. There are no governmentwide policies or procedures that describe the basis on which agencies should use most of these sensitive but unclassified designations, explain what the different designations mean across agencies, or ensure that they will be used consistently from one agency to another. In this absence, each agency determines what designations to apply to the sensitive but unclassified information it develops or shares. These markings also have implications in another regard. The importance of information sharing for combating terrorism and realizing homeland security was emphasized by the National Commission on Terrorist Attacks Upon the United States. That the variously identified and marked forms of sensitive but unclassified (SBU) information could be problematic with regard to information sharing was recognized by Congress when fashioning the Homeland Security Act of 2002. Section 892 of that statute specifically directed the President to prescribe and implement procedures for the sharing of information by relevant federal agencies, including the accommodation of ``homeland security information that is sensitive but unclassified.'' On July 29, 2003, the President assigned this responsibility largely to the Secretary of Homeland Security. Nothing resulted. The importance of information sharing was reinforced two years later in the report of the Commission on the Intelligence Capabilities of the United States Regarding Weapons of Mass Destruction. Congress again responded by mandating the creation of an Information Sharing Environment (ISE) when legislating the Intelligence Reform and Terrorism Prevention Act of 2004. Preparatory to implementing the ISE provisions, the President issued a December 16, 2005, memorandum recognizing the need for standardized procedures for SBU information and directing department and agency officials to take certain actions relative to that objective. In May 2006, the newly appointed manager of the ISE agreed with a March GAO assessment that, oftentimes, SBU information, designated as such with some marking, was not being shared due to concerns about the ability of recipients to adequately protect it. In brief, it appears that pseudo-classification markings have, in some instances, had the effect of deterring information sharing for homeland security purposes. Congressional overseers have probed executive use and management of information [[Page S10468]] control markings other than those prescribed for the classification of national security information, and the extent to which they result in ``pseudo-classification'' or a form of overclassification. Relevant remedial legislation proposed during the 109th Congress includes two bills (H.R. 2331 and H.R. 5112) containing sections which would require the Archivist of the United States to prepare a detailed report regarding the number, use, and management of these information control markings and submit it to specified congressional committees, and to promulgate regulations banning the use of these markings and otherwise establish standards for information control designations established by statute or an executive order relating to the classification of national security information. A section in the Department of Homeland Security appropriations legislation (H.R. 5441), as approved by the House, would require the Secretary of Homeland Security to revise DHS MD (Management Directive) 11056 to include (1) provision that information that is three years old and not incorporated in a current, active transportation security directive or security plan shall be determined automatically to be releasable unless, for each specific document, the Secretary makes a written determination that identifies a compelling reason why the information must remain Sensitive Security Information (SSI); (2) common and extensive examples of the individual categories of SSI cited in order to minimize and standardize judgment in the application of SSI marking; and (3) provision that, in all judicial proceedings where the judge overseeing the proceedings has adjudicated that a party needs to have access to SSI, the party shall be deemed a covered person for purposes of access to the SSI at issue in the case unless TSA or DHS demonstrates a compelling reason why the specific individual presents a risk of harm to the nation. A May 25, 2006, statement of administration policy on the bill strongly opposed the section, saying it ``would jeopardize an important program that protects Sensitive Security Information (SSI) from public release by deeming it automatically releaseable in three years, potentially conflict with requirements of the Privacy and Freedom of Information Acts, and negate statutory provisions providing original jurisdiction for lawsuits challenging the designation of SSI materials in the U.S. Courts of Appeals.'' The statement further indicated that the section would create a ``burdensome review process'' for the Secretary of Homeland Security and ``would result in different statutory requirements being applied to SSI programs administered by the Departments of Homeland Security and Transportation.'' It is not anticipated that this memorandum will be updated for reissuance. ____ Testimony Before the Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations, and the Subcommittee on National Security, Veterans Affairs, and International Relations, Committee on Governmental Reform, House of Representatives United States General Accounting Office CENTRAL INTELLIGENCE AGENCY Observations on GAO Access to Information on CIA Programs and Activities国防部总经理亨利·辛顿的声明能力和管理主席先生和小组委员会的成员。我们很高兴能够在这里讨论从中央情报局（CIA）的总审计局（GAO）获取信息的主题。具体来说，我们的声明将提供高获取信息的CIA中情局和监督机制，我们的权威评审CIA程序的一些背景，历史和现状。按照要求，我们的言论将专注于我们与美国中央情报局的关系，而不是与其他情报机构。我们的意见是基于我们的历史文件，我们的法律分析，以及我们的经验与中央情报局多年来打交道审查。中情局的总结监督一般来自国会和中情局总监察长的两个选择委员会。我们有广泛的权力来评价CIA程序。但在现实中，我们对我们的审查这些计划的能力面临的法律和实际限制。例如，我们有一定的CIA``unvouchered'账户没有访问权限，不能强迫我们的国外情报和反信息访问。此外，作为一个实际问题，我们是由CIA的层次合作，已经通过多年的变化限制。我们没有积极地审核中情局60年代初期，当我们停止这样的工作，因为中情局并没有给我们提供足够的接入信息进行我们的使命。 The issue has arisen since then from time to time as our work has required some level of access to CIA programs and information. However, given a lack of requests from the Congress for us to do specific work at the CIA and our limited resources, we have made a conscious decision not to further pursue the issue. Today, our dealings with the CIA are mostly limited to requesting information that relates either to governmentwide reviews or analyses of threats to U.S. national security on which the CIA might have some information. The CIA either provides us with the requested information, provides the information with some restrictions, or does not provide the information at all. In general, we are most successful at getting access to CIA information when we request threat assessments and the CIA does not perceive our audits as oversight of its activities. Background As you know, the General Accounting Office is the investigative arm of the Congress and is headed by the Comptroller General of the United States--currently David M. Walker. We support the Congress in meeting its constitutional responsibilities and help improve the performance and accountability of the federal government for the American people. We examine the use of public funds, evaluate federal programs and activities, and provide analyses, options, recommendations, and other assistance to help the Congress make effective oversight, policy, and funding decisions. Almost 90 percent of our staff days are in direct support of Congressional requestors, generally on the behalf of committee chairmen or ranking members. The U.S. Intelligence Community consists of those Executive Branch agencies and organizations that work in concert to carry out our nation's intelligence activities. The CIA is an Intelligence Community agency established under the National Security Act of 1947 to coordinate the intelligence activities of several U.S. departments and agencies in the interest of national security. Among other functions, the CIA collects, produces, and disseminates foreign intelligence and counterintelligence; conducts counterintelligence activities abroad; collects, produces, and disseminates intelligence on foreign aspects of narcotics production and trafficking; conducts special activities approved by the President; and conducts research, development, and procurement of technical systems and devices. Oversight of CIA Activities Currently, two congressional select committees and the CIA's Inspector General oversee the CIA's activities. The Senate Select Committee on Intelligence was established on May 19, 1976, to oversee the activities of the Intelligence Community. Its counterpart in the House of Representatives is the House Permanent Select Committee on Intelligence, established on July 14, 1977. The CIA's Inspector General is nominated by the President and confirmed by the Senate. The Office of the Inspector General was established by statute in 1989 and conducts inspections, investigations, and audits at headquarters and in the field. The Inspector General reports directly to the CIA Director. In addition, the President's Foreign Intelligence Advisory Board assesses the quality, quantity, and adequacy of intelligence activities. Within the Board, there is an intelligence oversight committee that prepares reports on intelligence activities that may be unlawful or otherwise inappropriate. Finally, the Congress can charter commissions to evaluate intelligence agencies such as CIA. One such commission was the Commission on the Roles and Capabilities of the United States Intelligence Community, which issued a report in 1996. GAG's Authority to Review CIA Programs Generally, we have broad authority to evaluate agency programs and investigate matters related to the receipt, disbursement, and use of public money. To carry out our audit responsibilities, we have a statutory right of access to agency records. Federal agencies are required to provide us information about their duties, powers, activities, organization, and financial transactions. This requirement applies to all federal agencies, including the CIA. Our access rights include the authority to file a civil action to compel production of records, unless (a) the records relate to activities the President has designated as foreign intelligence or counterintelligence activities, (b) the records are specifically exempt from disclosure by statute, or (c) the records would be exempt from release under the Freedom of Information Act because they are predecisional memoranda or law enforcement records and the President or Director of the Office of Management and Budget certifies that disclosure of the record could be expected to impair substantially the operations of the government. The National Security Act of 1947 charges the CIA Director with protecting intelligence sources and methods from unauthorized disclosure. In terms of our statutory access authority, however, the law creates only one specific exemption: the so-called ``unvouchered'' accounts. The exemption pertains to expenditures of a confidential, extraordinary, or emergency nature that are accounted for solely on the certification of the Director. These transactions are subject to review by the intelligence committees. Amendments to the law require the President to keep the intelligence committees fully and currently informed of the intelligence activities of the United States. The CIA has maintained that the Congress intended the intelligence committees to be the exclusive means of oversight of the CIA, effectively precluding oversight by us. While we understand the role of the intelligence committees and the need to protect intelligence sources and methods, we also believe that our authorities are broad enough to cover the management and administrative functions that the CIA shares with all federal agencies. We have summarized the statutes relevant to our relationship with the CIA in an appendix attached to this testimony. [[Page S10469]] gao's access to the cia has been limited We have not done audit work at the CIA for almost 40 years. Currently, our access to the CIA is limited to requests for information that relates either to governmentwide reviews or programs for which the CIA might have relevant information. In general, we have the most success obtaining access to CIA information when we request threat assessments, and the CIA does not perceive our audits as oversight of its activities. gao access to cia has varied through the years After the enactment of the National Security Act of 1947, we began conducting financial transaction audits of vouchered expenditures of the CIA. This effort continued into the early 1960s. In the late 1950s, we proposed to broaden its work at the CIA to include an examination of the efficiency, economy, and effectiveness of CIA programs. Although the CIA Director agreed to our proposal to expand the scope of our work, he placed a number of conditions on our access to information. Nonetheless, in October 1959, we agreed to conduct program review work with CIA-imposed restrictions on access. Our attempt to conduct comprehensive program review work continued until May 1961, when the Comptroller General concluded that the CIA was not providing us with sufficient access to the information necessary to conduct comprehensive reviews of the CIA's programs and announced plans to discontinue audit work there. After much discussion and several exchanges of correspondence between GAO, the CIA, and the cognizant congressional committees, the Chairman of the House Armed Services Committee wrote to the Comptroller General in July 1962 agreeing that, absent sufficient GAO access to CIA information, GAO should withdraw from further audit activities at the CIA. Thus, in 1962, we withdrew from all audits of CIA activities. The issue of our access has arisen periodically in the intervening years as our work has required some level of access to CIA programs and activities. In July 1975, Comptroller General Elmer Staats testified on our relationship with the intelligence community and cited several cases where CIA had not provided us with the requested information. In July 1987, Senator John Glenn introduced a bill (S. 1458) in the 100th Congress to clarify our audit authority to audit CIA programs and activities. In 1994, the CIA Director sought to further limit our audit work of intelligence programs, including those at the Department of Defense. We responded by writing to several key members of the Congress, citing our concerns and seeking assistance. As a result, we and the CIA began negotiations on a written agreement to clarify our access and relationship. Unfortunately, we were unable to reach any agreement with CIA on this matter. Since then, GAO has limited its pursuit of greater access because of limited demand for this work from Congress, particularly from the intelligence committees. Given a lack of Congressional requests and our limited resources, we have made a conscious decision to deal with the CIA on a case-by-case basis. current access falls into three categories Currently, the CIA responds to our requests for information in three ways: it provides the information, it provides the information or a part of it with some restriction, or it does not provide the information at all. Examples of each of these three situations, based on the experiences of our audit staff in selected reviews in recent years, are listed below. Sometimes the CIA straightforwardly fulfills our requests for briefings or reports related to threat assessments. This is especially true when we ask for threat briefings or the CIA's assessments or opinions on an issue not involving CIA operations. For our review of the State Department's Anthrax Vaccination Program for the Senate Foreign Relations and House International Relations Committees, we requested a meeting to discuss the CIA's perspective on a recent threat assessment of chemical and biological threats to U.S. interests overseas. The CIA agreed with our request, provided a meeting within 2 weeks, and followed up with a written statement. While we were reviewing U.S. assistance to the Haitian justice system and national police on behalf of the Senate Foreign Relations and House International Relations Committees, we requested a meeting to discuss the Haitian justice system. The CIA agreed with our request and met with our audit team within 3 weeks of our request. For our review of chemical and biological terrorist threats for the House Armed Services Committee, and subcommittees of the House Government Reform Committee and the House Veterans Affairs Committee, we requested meetings with CIA analysts on their threat assessments on chemical and biological weapons. The CIA cooperated and gave us access to documents and analysts. On several of our reviews of counterdrug programs for the House Government Reform Committee and the Senate Foreign Relations Committee we requested CIA assessments on the drug threat and international activities. The CIA has provided us with detailed briefings on drug cultivation, production, and trafficking activities in advance of our field work overseas. During our reviews of Balkan security issues and the Dayton Peace Accords for the House Armed Services Committee and the Senate Foreign Relations Committee, we asked the CIA for threat assessments relevant to our review objectives. The CIA provided us with appropriate briefings and agreed to provide one of our staff members with access to regular intelligence reports. In some instances, the CIA provides information with certain access restrictions or discusses an issue with us without providing detailed data or documentation. During our evaluation of equal employment opportunity and disciplinary actions for a subcommittee of the House Committee on the Post Office and Civil Service, the CIA provided us with limited access to information. CIA officials allowed us to review their personnel regulations and take notes, but they did not allow us to review personnel folders on individual disciplinary actions. This was in contrast to the National Security Agency and Defense Intelligence Agency, which gave us full access to personnel folders on individual terminations and disciplinary actions. For our review of the Department of Defense's efforts to address the growing risk to U.S. electronic systems from high-powered radio frequency weapons for the Joint Economic Committee, the CIA limited our access to one meeting. Although the technology associated with such systems was discussed at the meeting, the CIA did not provide any documentation on research being conducted by foreign nations. On some of our audits related to national security issues, the CIA provides us with limited access to its written threat assessments and analyses, such as National Intelligence Estimates. However, the CIA restricts our access to reading the documents and taking notes at the CIA or other locations. Examples include our readings of National Intelligence Estimates related to our ongoing work evaluating federal programs to combat terrorism. In other cases, the CIA simply denies us access to the information we requested. The CIA's refusals are not related to the classification level of the material. Many of our staff have the high-level security clearances and accesses needed to review intelligence information. But the CIA considers our requests as having some implication of oversight and denies us access. For our evaluation of national intelligence estimates regarding missile threats for the House National Security Committee, the CIA refused to meet with us to discuss the general process and criteria for producing such estimates or the specific estimates we were reviewing. In addition, officials from the Departments of Defense, State, and Energy told us that CIA had asked them not to cooperate with us. During our examination of overseas arrests of terrorists for the House Armed Services Committee and a subcommittee of the House Government Reform Committee, the CIA refused to meet with us to discuss intelligence issues related to such arrests. The CIA's actions were in contrast to those of two other departments that provided us full access to their staff and files. On our review of classified computer systems in the federal government for a subcommittee of the House Government Reform Committee, we requested basic information on the number and nature of such systems. The CIA did not provide us with the information, claiming that they would not be able to participate in the review because the type of information is under the purview of congressional entities charged with overseeing the Intelligence Community. For our review of the policies and procedures used by the Executive Office of the President to acquire and safeguard classified intelligence information, done for the House Rules Committee, we asked to review CIA forms documenting that personnel had been granted appropriate clearances. The CIA declined our request, advising us that type of information we were seeking came under the purview of congressional entities charged with overseeing the intelligence community. conclusion Our access to CIA information and programs has been limited by both legal and practical factors. Through the years our access has varied and we have not done detailed audit work at CIA since the early 1960s. Today, our access is generally limited to obtaining information on threat assessments when the CIA does not perceives our audits as oversight of its activities. We foresee no major change in our current access without substantial support from Congress--the requestor of the vast majority of our work. Congressional impetus for change would have to include the support of the intelligence committees, who have generally not requested GAG reviews or evaluations of CIA activities. With such support, we could evaluate some of the basic management functions at CIA that we now evaluate throughout the federal government. This concludes our testimony. We would be happy to answer any questions you may have. GAO Contacts and Staff Acknowledgment For future questions about this testimony, please contact Henry L. Hinton, Jr., Managing Director, Defense Capabilities and Management at (202) 512-4300. Individuals making key contributions to this statement include Stephen L. Caldwell, James Reid, and David Hancock. Appendix I: Legal Framework for GAO and CIA gao's audit authority The following statutory provisions give GAO broad authority to review agency programs and activities: [[Page S10470]] 31 U.S.C. 712: GAO has the responsibility and authority for investigating matters relating to the receipt, disbursement, and use of public money, and for investigating and reporting to either House of Congress or appropriate congressional committees. 1 U.S.C. 717: GAO is authorized to evaluate the results of programs and activities of federal agencies. Reviews are based upon the initiative of the Comptroller General, an order from either House of Congress, or a request from a committee with jurisdiction. 31 U.S.C. 3523: This provision authorizes GAO to audit financial transactions of each agency, except as specifically provided by law. 31 U.S.C. 3524: This section authorizes GAO to audit unvouchered accounts (i.e., those accounted for solely on the certificate of an executive branch official). The President may exempt sensitive foreign intelligence and counterintelligence transactions. CIA expenditures on objects of a confidential, extraordinary, or emergency nature under 50 U.S.C. 403j(b) are also exempt. Transactions in these categories may be reviewed by the intelligence committees. gao's access-to-records authority 31 U.S.C. 716: GAO has a broad right of access to agency records. Subsection 716(a) requires agencies to give GAO information it requires about the ``duties, powers, activities, organization, and financial transactions of the agency.'' This provision gives GAO a generally unrestricted right of access to agency records. GAO in turn is required to maintain the same level of confidentiality for the information as is required of the head of the agency from which it is obtained. Section 716 also gives GAO the authority to enforce its requests for records by filing a civil action in federal district court. Under the enforcement provisions in 31 U.S.C. 716(d)(1), GAO is precluded from bringing a civil action to compel the production of a record if: 1. the record relates to activities the President designates as foreign intelligence or counterintelligence (see Executive Order No. 12333, defining these terms); 2. the record is specifically exempted from disclosure to GAO by statute; or 3. the President or the Director of the Office of Management and Budget certifies to the Comptroller General and Congress that a record could be withheld under the Freedom of Information Act exemptions in 5 U.S.C. 552(b)(5) or (7) (relating to deliberative process and law enforcement information, respectively), and that disclosure of the information reasonably could be expected to impair substantially the operations of the government. Although these exceptions do not restrict GAO's basic rights of access under 31 U.S.C. 716(a), they do limit GAO's ability to compel the production of particular records through a court action. relevant cia legislation The CIA has broad authority to protect intelligence-related information but must keep the intelligence committees fully and currently informed of the intelligence activities of the United States. 50 U.S.C. 403-3(c)(6) and 403g: Section 403-3 requires the Director of the CIA to protect ``intelligence sources and methods from unauthorized disclosure. . . .'' Section 403g exempts the CIA from laws ``which require the publication or disclosure of the organization, functions, names, official titles, salaries, or numbers of personnel employed by the Agency. With the exception of unvouchered expenditures, CIA's disclosure of information to GAO would be an authorized and proper disclosure under 31 U.S.C. 716(a). 50 U.S.C. 403j: The CIA has broad discretion to use appropriated funds for various purposes (e.g., personal services, transportation, printing and binding, and purchases of firearms) without regard to laws and regulations relating to the expenditure of government funds. The statute also authorizes the Director to establish an unvouchered account for objects of a confidential, extraordinary, or emergency nature. We recognize that the CIA's unvouchered account authority constitutes an exception to GAO's audit and access authority, but this account deals with only a portion of CIA's funding activities. 50 U.S.C. 413: This section provides a method for maintaining congressional oversight over intelligence activities within the executive branch. The statute requires the President to ensure that the intelligence committees (the Senate Select Committee on Intelligence and the House Permanent Select Committee on Intelligence are kept fully and currently informed of U.S. intelligence activities. ____ Report Language Section 1 of the Act provides that the Act may be cited as the ``Intelligence Community Audit Act of 2006''. Section 2(a) of the Act adds a new Section (3523a) to title 31, United States Code, with respect to the Comptroller General's authority to audit or evaluate activities of the intelligence community. New Section 3523a(b)(1) reaffirms that the Comptroller General possesses, under his existing statutory authority, the authority to perform audits and evaluations of financial transactions, programs, and activities of elements of the intelligence community and to obtain access to records for the purposes of such audits and evaluations. Such work could be done at the request of the congressional intelligence committees or any committee of jurisdiction of the House of Representatives or Senate (including the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate), or at the Comptroller General's initiative, pursuant to the existing authorities referenced in new Section 3523a(b)(1). New Section 3523a(b)(2) further provides that these audits and evaluations under the Comptroller General's existing authority may include, but are not limited to, matters relating to the management and administration of elements of the intelligence community in areas such as strategic planning, financial management, information technology, human capital, knowledge management, information sharing, and change management. These audits and evaluations would be accompanied by the safeguards that the Government Accountability Office (GAO) has in place to protect classified and other sensitive information, including physical security arrangements, classification and sensitivity reviews, and restricted distribution of certain products. This reaffirmation is designed to respond to Executive Branch assertions that GAO does not have the authority to review activities of the intelligence community. To the contrary, GAO's current statutory audit and access authorities permit it to evaluate a wide range of activities in the intelligence community. To further ensure that GAO's authorities are appropriately construed in the future, the new Section 3523a(e), which is described below, makes clear that nothing in this or any other provision of law shall be construed as restricting or limiting the Comptroller General's authority to audit and evaluate, or obtain access to the records of, elements of the intelligence community absent specific statutory language restricting or limiting such audits, evaluations, or access to records. New Section 3523a(c)(1) provides that Comptroller General audits or evaluations of intelligence sources and methods, or covert actions may be undertaken only upon the request of the Select Committee on Intelligence of the Senate, or the Permanent Select Committee on Intelligence of the House of Representatives, or the majority or the minority leader of the Senate or the House of Representatives. This limitation is intended to recognize the heightened sensitivity of audits and evaluations relating to intelligence sources and methods, or covert actions. The new Section 3523a(c)(2)(A) provides that the results of such audits or evaluations under Section 3523a(c) may be disclosed only to the original requestor, the Director of National Intelligence, and the head of the relevant element of the intelligence community. Since the methods GAO uses to communicate the results of its audits or evaluations vary, this provision restricts the dissemination of GAO's findings under Section 3523a(c), whether through testimony, oral briefings, or written reports, to only the original requestor, the Director of National Intelligence, and the head of the relevant element of the intelligence community. Similarly, under new Section 3523a(c)(2)(B), the Comptroller General may only provide information obtained in the course of such an audit or evaluation to the original requestor, the Director of National Intelligence, and the head of the relevant element of the intelligence community. The new Section 3523a(c)(3)(A) provides that notwithstanding any other provision of law, the Comptroller General may inspect records of any element of the intelligence community relating to intelligence sources and methods, or covert actions in order to perform audits and evaluations pursuant to Section 3523a(c). The Comptroller General's access extends to any records which belong to, or are in the possession and control of, the element of the intelligence community regardless of who was the original owner of such information. Under new Section 3523a(c)(3)(B), the Comptroller General may enforce the access rights provided under this subsection pursuant to section 716 of title 31. However, before the Comptroller General files a report pursuant to 31 U.S.C. 716(b)(1), the Comptroller General must consult with the original requestor concerning the Comptroller General's intent to file a report. The new Section 3523a(c)(4) reiterates the Comptroller General's obligations to protect the confidentiality of information and adds special safeguards to protect records and information obtained from elements of the intelligence community for audits and evaluations performed under Section 3523a(c). For example, pursuant to new Section 3523a(c)(4)(B), the Comptroller General is to maintain on site, in facilities furnished by the element of the intelligence community subject to audit or evaluation, all workpapers and records obtained for the audit or evaluation. Under new Section 3523a(c)(4)(C), the Comptroller General is directed, after consulting with the Select Committee on Intelligence of the Senate and the Permanent Select Committee on Intelligence of the House of Representatives, to establish procedures to protect from unauthorized disclosure all classified and other sensitive information furnished to the Comptroller General under Section 3523a(c). Under new Section 3523a(c)(4)(D), prior to initiating an audit or evaluation under Section 3523a(c), the Comptroller General shall provide the Director of National Intelligence and the head of the relevant element of the intelligence community with the name of each officer and employee of the Government Accountability Office who has obtained appropriate security clearances. [[Page S10471]] The new Section 3523a(d) provides that elements of the intelligence community shall cooperate fully with the Comptroller General and provide timely responses to Comptroller General requests for documentation and information. The new Section 3523a(e) makes clear that nothing in this or any other provision of law shall be construed as restricting or limiting the Comptroller General's authority to audit and evaluate, or obtain access to the records of, elements of the intelligence community absent specific statutory language restricting or limiting such audits, evaluations, or access to records. ____ S. 3968 Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as the ``Intelligence Community Audit Act of 2006''. SEC. 2. COMPTROLLER GENERAL AUDITS AND EVALUATIONS OF ACTIVITIES OF ELEMENTS OF THE INTELLIGENCE COMMUNITY. (a) Reaffirmation of Authority; Audits of Intelligence Community Activities.--Chapter 35 of title 31, United States Code, is amended by inserting after section 3523 the following: ``Sec. 3523a. Audits of intelligence community; audit requesters ``(a) In this section, the term `element of the intelligence community' means an element of the intelligence community specified in or designated under section 3(4) of the National Security Act of 1947 (50 U.S.C. 401a(4)). ``(b) Congress finds that-- ``(1) the authority of the Comptroller General to perform audits and evaluations of financial transactions, programs, and activities of elements of the intelligence community under sections 712, 717, 3523, and 3524, and to obtain access to records for purposes of such audits and evaluations under section 716, is reaffirmed; and ``(2) such audits and evaluations may be requested by any committee of jurisdiction (including the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate), and may include but are not limited to matters relating to the management and administration of elements of the intelligence community in areas such as strategic planning, financial management, information technology, human capital, knowledge management, information sharing (including information sharing by and with the Department of Homeland Security), and change management. ``(c)(1) The Comptroller General may conduct an audit or evaluation of intelligence sources and methods or covert actions only upon request of the Select Committee on Intelligence of the Senate or the Permanent Select Committee on Intelligence of the House of Representatives, or the majority or the minority leader of the Senate or the House of Representatives. ``(2)(A) Whenever the Comptroller General conducts an audit or evaluation under paragraph (1), the Comptroller General shall provide the results of such audit or evaluation only to the original requestor, the Director of National Intelligence, and the head of the relevant element of the intelligence community. ``(B) The Comptroller General may only provide information obtained in the course of an audit or evaluation under paragraph (1) to the original requestor, the Director of National Intelligence, and the head of the relevant element of the intelligence community. ``(3)(A) Notwithstanding any other provision of law, the Comptroller General may inspect records of any element of the intelligence community relating to intelligence sources and methods, or covert actions in order to conduct audits and evaluations under paragraph (1). ``(B) If in the conduct of an audit or evaluation under paragraph (1), an agency record is not made available to the Comptroller General in accordance with section 716, the Comptroller General shall consult with the original requestor before filing a report under subsection (b)(1) of that section. ``(4)(A) The Comptroller General shall maintain the same level of confidentiality for a record made available for conducting an audit under paragraph (1) as is required of the head of the element of the intelligence community from which it is obtained. Officers and employees of the Government Accountability Office are subject to the same statutory penalties for unauthorized disclosure or use as officers or employees of the intelligence community element that provided the Comptroller General or officers and employees of the Government Accountability Office with access to such records. ``(B) All workpapers of the Comptroller General and all records and property of any element of the intelligence community that the Comptroller General uses during an audit or evaluation under paragraph (1) shall remain in facilities provided by that element of the intelligence community. Elements of the intelligence community shall give the Comptroller General suitable and secure offices and furniture, telephones, and access to copying facilities, for purposes of audits and evaluations under paragraph (1). ``(C) After consultation with the Select Committee on Intelligence of the Senate and with the Permanent Select Committee on Intelligence of the House of Representatives, the Comptroller General shall establish procedures to protect from unauthorized disclosure all classified and other sensitive information furnished to the Comptroller General or any representative of the Comptroller General for conducting an audit or evaluation under paragraph (1). ``(D) Before initiating an audit or evaluation under paragraph (1), the Comptroller General shall provide the Director of National Intelligence and the head of the relevant element with the name of each officer and employee of the Government Accountability Office who has obtained appropriate security clearance and to whom, upon proper identification, records, and information of the element of the intelligence community shall be made available in conducting the audit or evaluation. ``(d) Elements of the intelligence community shall cooperate fully with the Comptroller General and provide timely responses to Comptroller General requests for documentation and information. ``(e) Nothing in this section or any other provision of law shall be construed as restricting or limiting the authority of the Comptroller General to audit and evaluate, or obtain access to the records of, elements of the intelligence community absent specific statutory language restricting or limiting such audits, evaluations, or access to records.''. (b) Clerical Amendment.--The table of sections for chapter 35 of title 31, United States Code, is amended by inserting after the item relating to section 3523 the following: ``3523a. Audits of intelligence community; audits and requesters.''. ______