In July 2009, Department of Homeland Security (DHS) Secretary Janet Napolitano articulated the global breadth of the September 11, 2001, attacks: “[T]he 9/11 attackers conceived of their plans in the Philippines, planned in Malaysia and Germany, recruited from Yemen and Saudi Arabia, trained in Pakistan and Afghanistan, and carried them out in the United States.”1 Moreover, these new security threats are not targeted solely at the United States. For example, the 2008 attacks on Mumbai by a small group armed with machine guns, grenades, and fire accelerants—decisively enabled by the exploitation of commercially available information technologies—sharply clarified the breadth of the task to protect citizens from terrorist threats. Globalization, which eases the means by which people, products, and ideas (as well as national economic and political crises) are able to traverse national boundaries, also requires the United States to partner with other countries in new ways to protect U.S. security. The 2010 National Security Strategy echoes these themes:
We must … build and integrate the capabilities that can advance our interests and the interests we share with other countries and peoples…. The international order we seek is one that can resolve the challenges of our times—countering violent extremism and insurgency; stopping the spread of nuclear weapons and securing nuclear materials… ustaining global growth … resolving and preventing conflict …2
It is necessary for DHS to engage internationally, to build bilateral and multilateral partnerships, to leverage technological breakthroughs regardless of national origin, and to take a leading role in fostering a global network of collaborating partners committed to combating terrorism. Yet the fact that DHS has a critical international counterterror role to play has yet to fully permeate the policy-making process. As discussed below, some current policies have prevented or significantly delayed the Department of Homeland Security from working with others on how to best protect these networks.
DHS AND EXPORT CONTROLS
For DHS, the future lies in large part in advanced technologies and equipment to carry out screening and detection activities. The volume of people and cargo moving in international channels, for example, requires increasingly capable screening devices just to make reasonably
1 Remarks by DHS Secretary Janet Napolitano at the Council on Foreign Relations on July 29, 2009. http://www.dhs.gov/ynews/speeches/sp_1248891649195.shtm. Last accessed August 31, 2010.
2 http://www.whitehouse.gov/sites/default/files/rss_viewer/national_security_strategy.pdf. Last accessed November 11, 2010.
effective inspections possible within time limits that do not unduly disrupt travel or commerce. Under current export control policy, these technologies and equipment are subject to export controls when they have or may be considered to have a military application. Thus, at present, the department is subject to export controls when
- A DHS component needs to send a representative to international conferences where technical information that is export controlled by the United States will be discussed;
- A DHS component, or one of its vendors, submits an export control license application to share sensitive information or dual-use technologies or equipment with entities overseas; and
- A DHS component, or one of its vendors, plans to send sensitive equipment abroad to prevent the entry of terrorists and lethal materials into the United States.
The impact of these controls affects a number of DHS activities and will likely grow as DHS expands its research into and development of sensitive technologies and equipment and prepares to deploy related products to its operational components for use overseas. Following are brief descriptions of the DHS components that currently engage in activities that are subject to export controls.
DHS has a substantial overseas presence with nearly 2,000 staff abroad based in nearly 80 countries as of 2008. Eleven DHS agencies and offices are represented overseas; the largest contingent is from Customs and Border Protection with over 1,000 staff overseas and Immigration and Customs Enforcement, the Coast Guard, the U.S. Citizenship and Immigration Services, the Secret Service, and the Transportation Security Administration all support significant levels of staff abroad. These officials pursue efforts that span national borders to coordinate the protection of critical infrastructure, provide training and technical assistance to foreign counterparts, conduct outreach to private sector organizations and individuals in the local communities, assess security conditions at foreign airports and ports, screen inbound-to-the-United States travelers, and liaise on investigations and share information. These international activities are rooted in different DHS components’ core operational functions as well as in specific congressional mandates, bilateral and multilateral agreements, federal strategic directives, and DHS strategy.3
Customs and Border Protection (CBP)
The CBP is an organization that has existed in one form or another since 1789 and is “responsible for ensuring that all goods entering and exiting the United States do so in accordance with all applicable U.S. laws and regulations.”4 This activity has a critical international component in the Container Security Initiative (CSI) that was established in 2002 to
3 The DHS Office of Inspector General concluded that these activities taken together provide an imperative for active DHS engagement abroad. http://www.dhs.gov/xoig/assets/mgmtrpts/OIG_08-71_Jun08.pdf. Last accessed on November 3, 2010.
4 http://www.cbp.gov/xp/cgov/trade/basic_trade/export_docs/export_licenses.xml. Last accessed May 26, 2011.
help identify and inspect high-risk containers on vessels bound for the United States. The CSI has 32 government-to-government agreements5 that, inter alia, enable the deployment of CBP agents to work with their counterparts in the host country to inspect containers. This program and the related Secure Freight Initiative occasionally send detection equipment that is operated by CBP agents to aid with inspection. To date, all of the exports of this equipment have been handled via the dual-use licensing authority of the Commerce Department.6 CBP is also the DHS member of the interagency Automated Export System, the central point through which all export shipment data is now filed electronically.
U.S. Coast Guard
The Coast Guard is an armed military service, and most of its export-related activities fall under the Foreign Military Sales Program of the Defense Department. Coast Guard exchange programs with foreign counterpart organizations are subject to the International Traffic in Arms Regulations (ITAR).7 In January 2009 the Coast Guard signed a memorandum of agreement with the Federal Republic of Germany. As part of this agreement, a German engineer was to be embedded on board a U.S. Coast Guard cutter to directly support the U.S. Coast Guard’s National Security Cutter Project. The legal department of the Coast Guard pursued a technical assistance agreement with the State Department, which was granted in June 2010. The Coast Guard reports that requests for these kinds of foreign exchange are increasing; thus, the resolution of this case could be a precedent for similar cases in the future.8
Transportation Security Administration (TSA)
The TSA was created after the 2001 terror attacks to protect the nation’s transportation services, especially airport security. TSA is responsible for screening passengers and checked and carry-on baggage at 450 U.S. airports.9 The United States requires other countries to use TSA standards for airport security at airports for aircraft that are destined for U.S. airports. If an airport authority overseas does not meet TSA standards, then planes departing that airport must land and cargo and passengers must go through a complete inspection process at an airport that has the capability to meet TSA standards. As effective technology becomes available, TSA’s standards are likely to become more stringent. That, among other factors, will bring requests to deploy technology and related equipment abroad—some of which may be export controlled. TSA also oversees security for highways, railroads, buses, mass transit systems, pipelines, and ports. As other scientifically advanced countries develop technology for protecting domestic infrastructure, TSA will want to cooperate with them and participate in international conferences at which controlled information may be shared, which also may involve U.S.-based export-
5 Some countries have more than one port; CSI works with 58 ports in total.
6 E-mail exchanges with Adam Wysocki, CSID Program Manager, CBP, January 25, 2011.
7 See the discussion of the International Traffic in Arms Regulations in this report.
8 This information comes from two telephone conversations with Coast Guard personnel: Yael Handel on January 20, 2011, and Scott Walker on January 25, 2011.
9 For example, see Airport Passenger Screening: Background and Issues for Congress, April 23, 2009, Bart Elias, Specialist in Aviation Policy, p. CRS-2. Available at http://www.fas.org/sgp/crs/homesec/R40543.pdf. Last accessed June 14, 2011.
controlled information. At present, TSA does not typically send equipment abroad,10 but TSA’s regular involvement11 with foreign counterpart organizations and international governmental organizations is subject to export controls.
The Science and Technology Directorate
The DHS Science and Technology (S&T) Directorate12 was established under the Homeland Security Act of 2002 to advise the “Secretary regarding research and development efforts and priorities in support of the Department’s missions.”13 Its mission is to “strengthen America’s security and resiliency by providing knowledge products and innovative technology solutions for the Homeland Security Enterprise.”14 As with other science and technology enterprises in the United States, the Science and Technology Directorate must operate in a global context of “research excellence and industrial innovation [in which] the U.S. maintains scientific leadership in some” but not all areas of research important to homeland security. 15
The S&T Directorate consults with international counterpart organizations to identify and develop countermeasures to emerging terrorist threats. Most export control challenges confronted to date by the directorate have concerned discussing emerging technologies with counterpart agencies abroad. The directorate also oversees the development of software and hardware for use by DHS components within the United States, and export controls may affect the deployment of this technology and equipment when shared with overseas partners. Three cases are described here as examples of how these situations have arisen in the past and may occur in the future.
Homemade Explosives Conference
The Department of Energy National Laboratories scientists working on a project for the Explosives Division of the S&T Directorate were invited to attend an international conference of the Technical Support Working Group16 on homemade explosives in Washington, D.C., in February 2011. DHS funds the research, but the legal liability for compliance with export controls rests with the contractors, who in this case were three Department of Energy National Laboratories—Sandia, Lawrence Livermore, and Los Alamos. Their legal departments were
10 One exception has been when TSA has loaned security equipment to an overseas airport after a major hurricane.
11 TSA’s regular involvement includes, but is not limited to, working “closely with their international partners to share best practices for air cargo screening, employee security procedures, security checkpoints, checked baggage screening and behavior detection.” See http://www.tsa.gov/approach/harmonization.shtm. Last accessed November 14, 2011.
12 The organizational chart for the S&T Directorate appears in Appendix C.
13 The Homeland Security Act of 2002. http://www.dhs.gov/xlibrary/assets/hr_5005_enr.pdf. Last accessed January 5, 2010. See Appendix D for the section of the Homeland Security Act of 2002 that describes the directorate’s mission. Last accessed October 18, 2011.
15See Beyond “Fortress America,” pp. 4–5.
16 The Technical Support Working Group, a program element under the Combating Terrorism Technical Support Office (Department of Defense), conducts national interagency research and development that identifies high-priority needs for combating terrorism.
concerned that the explosives were military- grade and therefore were ITAR controlled. DHS and the National Laboratories started working with the State Department on this issue more than 6 months before the conference. Although the State Department concluded that the PowerPoint slides were not ITAR controlled, the determination did not come in time for the scientists to attend the meeting. As a result, the S&T Directorate sent representatives to the conference from the Transportation Security Administration and from the Explosives Division who were instructed to give only nontechnical presentations.
Subsequently, the directorate submitted a list of 600 chemicals that might be constituents of explosives to the Directorate of Defense Trade Controls (DDTC [State Department]) to assess whether they would be controlled by ITAR in the future. DDTC determined that they could not make that assessment for the vast majority of the chemicals without DHS further specifying their concentration levels or other relevant characteristics. For the S&T Directorate, this constituted a catch-22, as they believe that they would need licenses to obtain the information that DDTC would use to determine whether the chemical should be ITAR controlled or not. As of fall 2011, this issue remains unresolved.17
Millimeter-Wave Scanner Technology
In September 2008, DHS proposed to hold an international conference to discuss millimeter-wave technology used in body-scanning machines for security screening in airports. Some of this technology has been subject to the ITAR provisions because the military uses this technology to investigate the interior of buildings from a distance to find out whether people are present.
Seeking to develop the most advanced screening technology, the S&T Directorate initially became involved in export licensing issues related to millimeter-wave technology in the context of several requests submitted by commercial companies to export this kind of equipment.18 Because there are existing commercial uses of this technology, the export licensing normally would be conducted by the Commerce Department. However, the Defense Department recommended that the technology should be subject to ITAR control even though there are no active military uses for the technology at the short ranges required for use in body-scanning equipment. DHS was not formally a part of the interagency process that determined whether the Commerce Department or State Department should have jurisdiction over these particular license applications.19 The Commerce Department, however, advised DHS informally about the pending cases, and DHS sought to engage with the Defense Department as to why the technology should be allowed to be exported in this particular instance. The case was escalated to the undersecretary level in the State Department by its Political-Military Bureau, but it was not resolved and ultimately was sent back to lower levels within the State and Defense departments for review.
At the same time, other countries (in particular, the United Kingdom, Germany, Australia, Sweden, and Singapore) had research and development programs focusing on
17 This case was first brought to the committee’s attention by S&T Directorate staff in January 2011 and was updated at a meeting at the directorate on August 18, 2011.
18 Millimeter-wave technology has a variety of dual-use applications. One such request involved the use of millimeter-wave technology for monitoring the distance between automobiles in traffic.
19 Since 2009 DHS has had the option to review all Commodity Jurisdiction requests. See p. 60 of this report.
millimeter-wave body-scanning technology and were prepared to share their technology, which was more advanced than the millimeter-wave technology developed in the United States. The S&T Directorate convened a conference with these countries, under memoranda of understanding, to pool technology resources and advance the state of the art. Two weeks before the conference, however, the State Department informed the S&T Directorate that sharing U.S. technology at such a conference would require a technical assistance agreement for export, which could not be obtained in such a short time. DHS canceled the conference.
Finally, after 18 months of negotiations, the Defense Department agreed to allow certain levels of U.S. millimeter-wave technology, based on frequency range and resolution, to be exported. On March 25, 2010, the Commerce Department published a new regulation that specified the technology as dual use20 and subject to Export Administration Regulations21 licensing requirements rather than the ITAR.22
Counter-Man-Portable Air Defense Systems
In November 2002, terrorists launched a shoulder-fired anti-aircraft missile at an Israeli jetliner taking off from Mombasa, Kenya. While that attack was unsuccessful, it demonstrated the threat that Man-Portable Air Defense Systems (MANPADS) pose to commercial airliners. According to State Department records, over the past 40 years, some 40 civilian aircraft have been struck by shoulder-fired missiles, sometimes with devastating results.23 MANPADS, such as the Stinger, RBS-70, SA-18 and Mistral systems, have been exported to conflict regions by the United States and other nations for decades.24 In early 2003, Congress directed DHS to study the feasibility of adapting DoD technologies to protect commercial airliners. Over the following six years, the S&T Directorate spent $276 million on related studies and tests.25 Although the final report to Congress in 2010 confirmed that “it is possible to adapt existing missile countermeasure technologies to protect commercial aircraft from the threat of MANPADS” it
20 The new CCL entry, ECCN 2A984, controls concealed object detection equipment operating in the frequency range from 30 GHz to 3,000 GHz and having a spatial resolution of 0.5 milliradian up to and including 1 milliradian at a standoff distance of 100 meters. This technology encompassed all that was needed for use in body- and cargo-screening applications.
21 These regulations are associated with the Export Administration Act that gives licensing authority to the Department of Commerce. See pages 36 and 39 in this report for a more detailed discussion of the Commerce Department and export controls.
22 As a postscript, the technology was nevertheless made subject to strict unilateral export controls through a different regulatory scheme. The technology would otherwise have been classified EAR99, which means it could have been transferred to most destinations, except designated terrorist countries, without the need for an individual license application. Under the new ECCN entry, the technology was made subject to regional security (RS) controls. Even though RS2 controls are fairly strict (a license is required for export to all countries except NATO allies, Australia, Japan, and New Zealand), the licensing requirements are not as strict as the previous ITAR requirements.
24 A 2004 GAO report stated that as many as a “few thousand” MANPADS were outside government control and thousands more are vulnerable to theft: http://www.dtic.mil/cgibin/GetTRDoc?AD=ADA426235&Location=U2&doc=GetTRDoc.pdf. Last accessed January 10, 2011. Recent reports out of Libya regarding looted arms stockpiles including MANPADS further underscore the threat.
25 For a timeline of the R&D program, through March 2007, see http://www.globalsecurity.org/security/systems/cmanpads.htm. Last accessed January 8, 2011.
found significant technological, financial and regulatory barriers that would need to be overcome before deployment could occur.26
The counter-MANPADS experience points to a problem that the current regulatory system does not easily resolve: There is a strong likelihood that as the terrorist threat evolves and our technological responses to it mature, DHS will continue to conduct research that modifies DoD-originated technology for commercial use. There is also a strong likelihood that DHS will want to discuss this research with international partners in order to unify global responses to terrorism. Yet because of the military origins of such research, current export control rules will prevent DHS from undertaking these discussions.
The counter-MANPADS and millimeter-wave technology cases present significant export control issues that are not easily resolved. Would the global civilian air passenger system be safer if these military or dual-use technologies were deployed overseas, or would such deployment create too great a risk of access to U.S.-controlled technology? The air transportation system has long been a target of terrorists, dating back well before the 2001 attacks on the World Trade Center, and improved airport security measures are a high priority for the United States. The delays resulting from these kinds of export control conflicts could have a negative effect on U.S. national security. Stifling the development or implementation of secure screening systems in other countries, or the sharing of such technology between the United States and its international partners, can facilitate the work of terrorists looking to disrupt air travel to the United States or other destinations. On the other hand, imposing limited export controls on such technology or decontrolling it could help adversaries divert the technology to counter our military, or could enable terrorists to engineer work-arounds that would render U.S. technology ineffective, possibly endangering U.S. forces or citizens.
IDENTIFICATION, DEVELOPMENT, AND ACQUISITION OF FOREIGN TECHNOLOGY
DHS is the focal point for U.S. participation in international efforts to improve and coordinate the use of antiterror technology. For the United States to protect its citizens in a capable manner, DHS needs ready access to all possible technologies and equipment for protection purposes, including from international sources.
DHS cannot afford to reinvent any wheels. Budget restrictions and time pressures to meet evolving threats require DHS to find and use existing technology—even from foreign sources when that is the best available alternative. As in the United States, the science and engineering establishments of many countries are making continual improvements in detection, monitoring, and verification capabilities to counter terrorism threats; enhancing the resilience of their systems, infrastructure, organizations, and communities against attack; and working on
26 Of particular significance to this committee was the report’s statements on the likely impact of export controls on deploying counter-MANPADS technologies:
Compliance with the current ITAR/Export Administration Regulations requirements for counter MANPADS systems would cause serious operational, logistical, and financial problems for U.S. carriers and an unsustainable burden on the U.S. export licensing system.
Counter-MANPADS Program Results Fiscal Year 2008 Report to Congress: March 30, 2010. Science and Technology Directorate, Department of Homeland Security, p. vi.
methods to facilitate continuity of operations if an attack occurs. Some very capable technologies that enhance domestic security have been developed outside of the United States.27 This trend will continue. Thus, the optimization of U.S. systems for specific counterterrorism missions will be undertaken most efficiently through the close integration of foreign and domestically developed technologies. International cooperation is required if U.S. government agencies and their contractors are to be able to acquire and utilize these systems. Moreover, American presence at international conferences is essential if the United States is to sustain a leadership position in developing homeland security best practices. Thus, scientists and engineers associated with the Science and Technology Directorate must be able to attend foreign conferences and U.S.-based conferences in which representatives of foreign countries participate.
DEVELOPMENT AND DEPLOYMENT OF U.S. TECHNOLOGY OVERSEAS
DHS must be able to ensure that the products of its own research and development may be shared with other governments or, when requested, be deployed in foreign countries, including countries without a strong technology infrastructure. Access to these U.S. technologies can increase incentives for other countries to work with the United States in ways that will enhance U.S. security, because they know it will also enhance their own protection. In its international collaborations, DHS works primarily with civilian agencies of foreign governments. It also cooperates with parastatal28 and private-sector entities, such as privately run airport and seaport authorities. Use of sensitive U.S. technology by these airport and seaport authorities to protect against terrorist attacks on U.S.-bound travelers and cargo may require a determination that the security forces that safeguard the perimeters and operations of these authorities are capable of preventing diversion to unauthorized persons.
The Department of Homeland Security’s vital statutory missions require extensive international cooperation to counter present and anticipated terrorist threats, including the following:
1. Identification, development, and acquisition of foreign technology and equipment.
2. Collaboration with foreign governments and private entities.
3. Development and deployment of U.S. technology and equipment overseas.
The implementation of U.S. export control laws and regulations and related administrative processes currently prevent DHS from accomplishing some of these
27 One example is the relatively early development, in Sweden, of quick-response facial recognition software that Apple bought in September 2010.
28 A parastatal entity is a government-owned corporation, state-owned company, state-owned entity, state enterprise, publicly owned corporation, government business enterprise, or legal entity created by a government to undertake commercial activities on behalf of an owner government. Their legal status varies from being a part of government to stock companies with a state as a regular stockholder.
missions effectively and, in some cases, deny the United States access to the best technology to protect its citizens.
Recommendation for Finding I
Within the U.S. export control decision-making process, DHS should carry the primary responsibility for assessing when international collaboration is necessary to promote important homeland security interests and have an equal position to other cabinet-level agencies in assessing the conditions under which the United States should deploy selected sensitive U.S. technologies or equipment abroad for homeland security purposes.
With the Homeland Security Act of 2002, the U.S. Congress legislated the Department of Homeland Security to “prevent terrorist attacks within the United States; reduce the vulnerability of the United States to terrorism; and minimize the damage, and assist in the recovery, from terrorist attacks that do occur within the United States.”29 The Congress intended that the DHS secretary have the tools necessary to achieve these missions. The executive branch implementation of the export control system should help accomplish this congressional intent.
To shoulder this responsibility successfully, DHS should improve its internal processes on export controls as outlined in Finding II and Recommendation II. The interagency processes within which the U.S. export control system operates should be modified to allow effective participation by DHS, as outlined in Finding III and Recommendation III.
29 The Homeland Security Act of 2002. http://www.dhs.gov/xlibrary/assets/hr_5005_enr.pdf. Last accessed January 10, 2012
This page intentionally left blank.