[House Hearing, 113 Congress]
[From the U.S. Government Publishing Office]
EXAMINING DATA SECURITY AT THE UNITED STATES POSTAL SERVICE
=======================================================================
HEARING
before the
SUBCOMMITTEE ON FEDERAL WORKFORCE,
U.S. POSTAL SERVICE AND THE CENSUS
of the
COMMITTEE ON OVERSIGHT
AND GOVERNMENT REFORM
HOUSE OF REPRESENTATIVES
ONE HUNDRED THIRTEENTH CONGRESS
SECOND SESSION
__________
NOVEMBER 19, 2014
__________
Serial No. 113-157
__________
Printed for the use of the Committee on Oversight and Government Reform
Available via the World Wide Web: http://www.fdsys.gov
http://www.house.gov/reform
______
U.S. GOVERNMENT PUBLISHING OFFICE
93-230 PDF WASHINGTON : 2015
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800;
DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC,
Washington, DC 20402-0001
COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM
DARRELL E. ISSA, California, Chairman
JOHN L. MICA, Florida ELIJAH E. CUMMINGS, Maryland,
MICHAEL R. TURNER, Ohio Ranking Minority Member
JOHN J. DUNCAN, JR., Tennessee CAROLYN B. MALONEY, New York
PATRICK T. McHENRY, North Carolina ELEANOR HOLMES NORTON, District of
JIM JORDAN, Ohio Columbia
JASON CHAFFETZ, Utah JOHN F. TIERNEY, Massachusetts
TIM WALBERG, Michigan WM. LACY CLAY, Missouri
JAMES LANKFORD, Oklahoma STEPHEN F. LYNCH, Massachusetts
JUSTIN AMASH, Michigan JIM COOPER, Tennessee
PAUL A. GOSAR, Arizona GERALD E. CONNOLLY, Virginia
PATRICK MEEHAN, Pennsylvania JACKIE SPEIER, California
SCOTT DesJARLAIS, Tennessee MATTHEW A. CARTWRIGHT,
TREY GOWDY, South Carolina Pennsylvania
BLAKE FARENTHOLD, Texas TAMMY DUCKWORTH, Illinois
DOC HASTINGS, Washington ROBIN L. KELLY, Illinois
CYNTHIA M. LUMMIS, Wyoming DANNY K. DAVIS, Illinois
ROB WOODALL, Georgia TONY CARDENAS, California
THOMAS MASSIE, Kentucky STEVEN A. HORSFORD, Nevada
DOUG COLLINS, Georgia MICHELLE LUJAN GRISHAM, New Mexico
MARK MEADOWS, North Carolina Vacancy
KERRY L. BENTIVOLIO, Michigan
RON DeSANTIS, Florida
Lawrence J. Brady, Staff Director
John D. Cuaderes, Deputy Staff Director
Stephen Castor, General Counsel
Linda A. Good, Chief Clerk
David Rapallo, Minority Staff Director
Subcommittee on Federal Workforce, U.S. Postal Service and the Census
BLAKE FARENTHOLD, Texas, Chairman
TIM WALBERG, Michigan STEPHEN F. LYNCH, Massachusetts,
TREY GOWDY, South Carolina Ranking Minority Member
DOUG COLLINS, Georgia ELEANOR HOLMES NORTON, District of
RON DeSANTIS, Florida Columbia
WM. LACY CLAY, Missouri
C O N T E N T S
----------
Page
Hearing held on November 19, 2014................................ 1
WITNESSES
Mr. Randy S. Miskanic, Vice President of Secure Digital
Solutions, United States Postal Service
Oral Statement............................................... 5
Written Statement............................................ 8
Mr. Guy J. Cottrell, Chief Postal Inspector, United States Postal
Service
Oral Statement............................................... 18
Written Statement............................................ 20
Ms. Tammy Whitcomb, Deputy Inspector General, United States
Postal Service
Oral Statement............................................... 28
Written Statement............................................ 30
Mr. Timothy H. Edgar, Visiting Fellow, Watson Institute for
International Studies, Brown University
Oral Statement............................................... 35
Written Statement............................................ 37
Mr. Charles E. Hamby II, Captain, Narcotic Enforcement Division,
Prince George's County Police Department
Oral Statement............................................... 49
Written Statement............................................ 51
APPENDIX
Letters to DEI requesting hearings, submitted by Mr. Cummings.... 72
Answers to QFRs from Rep. Connolly to Tammy Whitcomb, USPS OIG... 84
Answers to QFRs from Rep. Connolly to Guy Cottrell, USPS......... 92
Answers to QFRs from Rep. Connolly to Timothy Edgar, Brown
University..................................................... 102
EXAMINING DATA SECURITY AT THE UNITED STATES POSTAL SERVICE
----------
Wednesday, November 19, 2014,
House of Representatives,
Subcommittee on Federal Workforce, U.S. Postal
Service and The Census,
Committee on Oversight and Government Reform,
Washington, DC.
The subcommittee met, pursuant to notice, at 11:40 a.m., in
room 2154, Rayburn House Office Building, Hon. Blake Farenthold
(chairman of the subcommittee) presiding.
Present: Representatives Farenthold, Walberg, Lynch, Clay,
and Cummings.
Also present: Representative Davis.
Staff present: Melissa Beaumont, Majority Assistant Clerk;
Will L. Boyington, Majority Deputy Press Secretary; Molly Boyl,
Majority Deputy General Counsel and Parliamentarian; Adam P.
Fromm, Majority Director of Member Services and Committee
Operations; Jeffrey Post, Majority Senior Professional Staff
Member; Laura L. Rush, Majority Deputy Chief Clerk; Andrew
Shult, Majority Deputy Digital Director; Sarah Vance, Majority
Assistant Clerk; Jaron Bourke, Minority Administrative
Director; Marianna Boyd, Minority Counsel; Aryele Bradford,
Minority Counsel; Jennifer Hoffman, Minority Communications
Director; Tim Lynch, Minority Counsel; Dave Rapallo, Minority
Staff Director; Katie Teleky, Minority Staff Assistant.
Mr. Farenthold. The subcommittee will come to order. It is
an interesting day. We have Mr. Issa staring over my shoulder
now and Mr. Hoffield looking at me from over here. The pictures
have been rearranged.
Anyway, I would like to begin this hearing by stating the
Oversight Committee's mission. We exist to secure two
fundamental principles: first, Americans have the right to know
that the money Washington takes from them is well spent and,
second, Americans deserve an efficient, effective Government
that works for them. Our duty on the Oversight and Government
Reform Committee is to protect these rights.
Our solemn responsibility is to hold the Government
accountable to taxpayers, because taxpayers have a right to
know what they get from their Government. We will work
tirelessly in partnership with citizen watchdogs to deliver the
facts to the American people and bring genuine reform to the
Federal bureaucracy. This is the mission of the Oversight and
Government Reform Committee.
I will now recognize myself for a short opening Statement.
We have called this hearing today to talk about the Postal
Service's mail covers program. As we will hear from our panel
this morning, mail covers have a long-running history at the
Postal Service as a way of helping law enforcement
investigations. But they remain a concern for privacy
advocates.
Today, the mail covers program is managed by the Postal
Service Inspection Service. This is the law enforcement arm of
the Postal Service and it manages all incoming requests,
oversees data security, and ensures mail covers are properly
executed.
A mail cover itself is a fairly simple thing; it is a
record of all the information on the outside of a mail piece
for classes of mail that are sealed against inspection. Mail
covers can be requested either by the United States Postal
Service Inspection Service or outside law enforcement agencies.
This information is often transcribed by hand, usually by
Postal Service supervisors, just before a mail piece is
delivered.
A mail cover can consist only of a single package or can
cover all mail going to and from an addressee for 30 days or
more. The vast majority of the 49,000 mail covers issued for
Fiscal Year 2013 were 1-day covers internally requested by the
Postal Service as part of drug investigations. However, more
than 6,000 mail covers were requested by outside law
enforcement agencies and approved by the Postal Service, while
nearly 3,000 multi-day mail covers were requested internally by
the Inspection Service.
On its May 2014 audit report, the Postal Service Office of
Inspector General uncovered a number of troubling facts
regarding the management and oversight of external mail cover
requests. Of the audited covers, 21 percent were not approved
by authorized individuals and 13 percent were approved without
adequate justification contained in the request.
Moreover, despite receiving more than 6,700 requests of
mail covers in Fiscal Year 2013, the Inspection Service denied
just 10. That is an approval rate of 99.85 percent. That is
better than my server is up. This fact raises serious questions
about the current management of the mail covers program.
We will hear testimony from a number of witnesses who will
be able to share the significant law enforcement benefits that
this program can bring, as well as the privacy risk posed by
this program if it continues to be poorly managed. We will also
have the opportunity to hear from both the Postal Inspection
Service and the IG with updates as to how the problems
identified with the audit report are being addressed.
In addition to our discussion of mail covers program, we
will probably get into discussing the data breach the Postal
Service announced on November 10th, 2014. With respect to that
data breach, the Postal Service has confirmed that personally
identifiable information for more than 800,000 current and
former Postal Service employees, including their name,
addresses, and Social Security numbers, have been compromised.
While I understand some information regarding this breach
may be still sensitive in nature, it is my hope that we can
have a discussion about how the breach occurred, the extent of
the data lost, and, most importantly, what actions are being
taken to mitigate the risk of a similar breach in the future.
On that note, I greatly appreciate the written testimony
that will be presented by Mr. Miskanic today. His testimony
provides a clear time line of events leading up to the November
10th announcement that before today had not been available.
With that, I would like to thank all of our witnesses for
being here today and allow the ranking member, the gentleman
from Massachusetts, Mr. Lynch, to make an opening Statement.
Mr. Lynch. Thank you, Mr. Chairman.
First, I want to apologize for being tardy. We have
elections going on in the Democratic caucus, as well as the
Republican caucus.
Mr. Farenthold. Hope you did well in whatever you ran for.
Mr. Lynch. Well, they haven't counted the votes yet. But
that is another story.
Mr. Chairman, thank you very much for holding this hearing;
I appreciate that. I also want to thank the members of the
panel for your willingness to help this committee with its
work.
Through the mail covers process, law enforcement agencies
may request that the Postal Service record information on the
outside of a piece of mail to obtain evidence of a crime,
locate fugitives, identify property, and to protect the
national security. According to Federal regulations, however,
the Postal Service may not open or inspect the contents of a
sealed piece of mail without a Federal search warrant.
Importantly, the mail covers program can serve as a
valuable investigative tool through which postal investigators
and law enforcement officials can further their investigations
into the abuse of our mail system for terrorists or other
criminal activity. However, our constitutional commitment to
individual privacy and due process requires that we conduct
meaningful oversight of this program in order to ensure that it
is not unnecessarily broad in scope. Toward this end, the
Postal Service inspector general recently reported some program
deficiencies.
The IG reported that the chief postal inspector should,
these are recommendations, No. 1, improve controls to ensure
that responsible Postal Inspection Service personnel process
the mail covers program as required; and, No. 2, the IG
recommended that the Postal Service establish procedures to
ensure periodic reviews of mail covers and that those are
conducted as required; third, the Service recommended that we
improve controls to ensure Postal Service facility personnel
processes mail covers in a timely manner; and also, fourth, to
implement system controls to ensure that data integrity in the
Postal Inspection Service mail covers application.
The Postal Service has agreed with these recommendations
and has fully implemented recommendation No. 2, establishing
periodic review procedures. The agency has also made
substantial progress on implementing the other three
recommendations. Chief Inspector Cottrell expects all of the
recommendations to be fully implemented by June 2015, so we
will keep a watch on that.
On October 27, 2014, the New York Times published a story
asserting that the mail covers program was more extensive than
had been previously reported. In response, the Postal Service
has reported to committee staff that the increase in mail
covers was largely due to a change in accounting practices,
which is easily understandable once the details are revealed.
According to the Postal Service, starting in 2012, the
Inspection Service began using 1-day mail covers on each
individual piece of mail that the law enforcement agencies
requested. Previously, a single mail cover could reflect Postal
Service monitoring of multiple pieces of mail. So, naturally,
this change in practice resulted in an increase in the number
of total mail covers without necessarily reflecting an increase
in the use of the mail covers program.
According to Chief Cottrell's testimony, there has been a
reduction in the total number of mail covers used by law
enforcement agencies over the past several years, and I look
forward to hearing the details of these changes and surrounding
each of the inspector general's recommendations.
On November 10th, 2014, the Postal Service publicly
announced that its computer networks had been significantly
breached. Personally identifiable information of his employees
may have been compromised, including names, addresses, dates of
birth, Social Security numbers, dates of employment, and other
information. News reports indicate over 800,000 employees could
be affected. This data breach comes on the heels of several
other attacks in both the public and private sector, including
Home Depot, Kmart, Target, JP Morgan Chase, USIS, the Community
Health Partners, and most recently the U.S. State Department.
On November 10th, Ranking Member Cummings sent a letter to
Postmaster General Donahoe requesting additional information
about the breach, including the extent of the cyber attack, the
nature of the data that was breached, and the number of
potential employees and customers affected, and the Postal
Service notification process regarding the breach. The ranking
member also highlighted the need for greater collaboration to
improve data security in light of the increased numbers of
public and private data sector breaches.
I look forward to hearing from the Postal Service
especially on the data breach piece of this, and how it plans
to address the specific data security issues raised by the
postal data breach and ensure that its employees and consumers
are protected from such breaches in the future.
Thank you, Mr. Chairman. I yield back.
Mr. Farenthold. Thank you, Mr. Lynch.
Other members will have 7 days to submit opening Statements
for the record.
Mr. Lynch. Mr. Chairman? I am sorry, I forgot. I would ask
unanimous consent that Mr. Davis, the gentleman from Illinois,
be allowed to participate. Mr. Davis is a former chairman of
this subcommittee and has been a strong and eloquent advocate
on behalf of postal employees and the postal system.
Mr. Farenthold. Without objection, it will be an honor to
let him join us today.
Mr. Davis. Thank you, Mr. Chairman.
Mr. Farenthold. All right, our panel today, distinguished
panel, Mr. Randy Miskanic is Vice President of Secure Digital
Solutions for the United States Postal Service. Welcome, sir.
Mr. Guy Cottrell is the Chief Postal Inspector for the
United States Postal Service Inspection Service. Welcome to you
as well.
Ms. Tammy Whitcomb is Deputy Inspector General for the
United States Postal Service Office of Inspector General.
Welcome, ma'am.
Mr. Tim Edgar is Visiting Fellow at the Watson Institute
for International Studies at Brown University. Go Bears.
Mr. Charles Hamby is a Captain with the Narcotics
Enforcement Division of the Prince George's County, Maryland
Police Department. Captain, a privilege to have you in front of
us, as well, today.
Pursuant to the committee rules, we ask that all witnesses
be sworn in before they testify. Would you all please rise? And
if you will raise your right hand. Do you solemnly swear or
affirm that the testimony you are about to give will be the
truth, the whole truth, and nothing but the truth?
[Witnesses respond in the affirmative.]
Mr. Farenthold. Let the record reflect that all witnesses
have answered in the affirmative.
You all may be seated now.
We have had you all submit written testimony, so in order
to allow us time to ask you questions, we ask that you
summarize your testimony in 5 minutes or less. You will see in
front of you a little timer. Green means go, yellow means hurry
up, and red means stop.
So we will start with Mr. Miskanic. You are recognized for
your summary of your testimony.
WITNESS STATEMENTS
STATEMENT OF RANDY S. MISKANIC
Mr. Miskanic. Good morning, Chairman Farenthold, Ranking
Member Lynch, and members of the subcommittee. Thank you for
calling this hearing on data security at the Postal Service.
My name is Randy Miskanic and I serve as Vice President of
the Secure Digital Solutions Group for the United States Postal
Service. In this role I lead the Postal Service's digital
product development initiatives. I am also a postal inspector,
and I previously served as the Deputy Chief Inspector of the
United States Postal Inspection Service. My experience as
Deputy Chief included leading cyber investigations. Given this
experience, the postmaster general appointed me to the role of
Incident Commander in response to the cyber intrusion that
became public last week.
On September 11th, the Postal Service Office of Inspector
General was notified by US-CERT regarding four Postal Service
servers that were sending unauthorized communication outside of
the organization, indicating that these systems may have been
compromised. On that date, we had limited information about the
nature of the activity and we began a forensic investigation.
During the next several weeks, OIG agents and postal
inspectors configured and installed the technical architecture
and tools necessary to identify impacted servers and
workstations on the Postal Service network.
By October 17th, it became apparent that the intrusion was
very sophisticated and had been developed specifically to
exploit the Postal Service computing environment. As the scale
and the scope of the intrusion became evident, we greatly
escalated our response. We also worked closely with US-CERT,
the FBI, and other forensic experts to develop a strategy for
protecting our information systems.
By November 4th we were able to confirm that a compromised
employee data set had been copied and removed from our network.
This confirmation triggered our decision to quickly notify our
employees.
Throughout this process, our guiding principles were to
protect our information systems from additional harm, to ensure
our employees' and customer data was secure, and to allow the
investigation to proceed unnoticed by our adversary. One of our
biggest challenges was maintaining secrecy regarding the
remediation of our infected systems.
During the course of the investigative efforts, we learned
of the sophisticated nature of the adversary and the dynamic
tactics they employ to evade detection by most commercial
information security tools. I can't get into too much detail
about our processes except to say that it was critically
important that the adversary not know that we were watching
their activity. Any premature leak about our remediation steps
might have caused this adversary to cover their tracks or take
countermeasures that might have further harmed our network.
Over the weekend of November 8th and 9th, the Postal
Service took a number of remediation steps that required
shutting down and then restoring certain systems. Immediately
afterward, on Monday, the 10th, the Postal Service notified its
employees, customers, business partners, and other stakeholders
about the intrusion. This occurred roughly 1 week after
confirming the contents of the stolen employee data.
The compromised data included employee personally
identifiable information. Additionally, customer call center
data was also compromised. To date, we have seen no evidence
that the compromised employee data has been used for malicious
purposes such as identity theft. In an abundance of caution,
however, the Postal Service is providing a 1-year creditor
monitoring product at no cost to its employees, in addition to
other services.
Mr. Chairman, the Postal Service operates one of the
largest computer environments in the Federal Government. Until
this recent intrusion, we have been successful in maintaining
the integrity of our data and the security of our systems.
Since being notified of the suspicious activity, the Postal
Service has been engaged in a very intense process of
evaluating and developing new strategies to protect our
information systems. In parallel to complex investigative
activities, we developed and continue to implement a detailed
mitigation plan to stop the compromise and protect the Postal
Service network.
On November 10th, the postmaster general notified our
employees about the compromised data and made a commitment to
strengthen the security of our systems to match these
sophisticated new threats. The Postal Service will be taking
numerous steps over the coming months to improve processes and
technologies to better protect against future intrusions.
We live in a world that requires perpetual vigilance and
staying a step ahead of our adversaries. We are committed to
doing so on behalf of our employees, our customers, and the
American public.
Thank you, Mr. Chairman. This concludes my remarks.
[Prepared Statement of Mr. Miskanic follows:]
[GRAPHIC] [TIFF OMITTED]
Mr. Farenthold. Thank you very much. I look forward to
questioning you.
Mr. Cottrell, you are up.
STATEMENT OF GUY J. COTTRELL
Mr. Cottrell. Good morning, Chairman Farenthold, Ranking
Member Lynch, and members of this subcommittee. I am Guy
Cottrell, Chief Postal Inspector of the United States Postal
Service. On behalf of the men and women of our agency, I
appreciate this opportunity to present the testimony of the
U.S. Postal Inspection Service in support of this hearing on
data security at the U.S. Postal Service.
My testimony today will discuss the Postal Service mail
cover program and the controls in place to ensure appropriate
privacy protections are maintained. I will also update the
committee on the progress made regarding recommendations
contained in the Postal Service Office of Inspector General
Report released in May 2014 on the mail cover program.
The Postal Service respects the privacy of its customers
and the sanctity of the mail. A mail cover is the process by
which a nonconsensual recording is made of any data appearing
on the outside cover of any sealed or unsealed class of mail
matter. Any personal information obtained in connection with
the mail cover program is treated as restricted, confidential
information and is not publicly available.
Over the past 5 years, law enforcement use of mail covers
has generally declined, with one significant exception. We
revised procedures in connection with criminal investigations
into dangerous mail and narcotics in Fiscal Year 2012. These
programs emphasized the safety of postal employees and strive
to protect them from handling mail that contains harmful
substances, narcotics, and trafficking proceeds, and the
violence associated with drug crimes.
Equally important, they aid our efforts to help keep
illegal drugs off the streets and out of school yards across
the Country. We now assign mail covers to individual mail
pieces in these investigations, which drove the spike in
overall mail cover volume the last three fiscal years.
Recently, the Postal Service inspector general conducted
its review of the mail cover process, releasing a report in May
2014 containing four recommendations to improve program
security and accountability. We have addressed these
recommendations as follows:
We have worked to improve controls to ensure responsible
Postal Inspector Service personnel process mail covers as
required.
We have examined the administration of the program and our
processes, updating standard operating procedures, improving
training, testing application workflow enhancements, creating
performance metrics, and formulating a disbarment process.
We have established procedures to ensure periodic reviews
of the mail cover program are conducted at national
headquarters and in the field as part of our annual compliance
review process.
We are leveraging existing Postal Service tools to better
assess program compliance at the local post office level and
facilitate communication.
We have also initiated a project to upgrade the mail cover
process, allowing us to better ensure data integrity,
compliance, and accurate reporting.
We are on target to completely address all audit
recommendations by June 2015.
I am certain these actions will provide necessary
safeguards to ensure the program is administered as required.
Recent media coverage has confused three independent mail
programs, the mail cover program, mail imaging, and mail
isolation control and tracking, or MICT, creating a false
impression that there is a vast mail monitoring system in
operation. This simply is not true. These programs are distinct
and have very different purposes.
I have already discussed the mail cover program. Mail
imaging was developed in the early 1990's to help automate mail
processing. The images are not maintained in a centralized data
base, not profiled for mailing habits, nor are they mined or
analyzed electronically.
Mail isolation control and tracking, MICT, is a set of
safety procedures developed in response to the anthrax mailings
of 2001, and it is triggered when a potentially contaminated
mail piece is identified to help determine potential
contamination of mail processing equipment, facilities, and
vehicles. Safety is the ultimate goal of MICT, although the
contamination path can be relevant for law enforcement
purposes.
In closing, I would like to thank the committee for
inviting me to appear here today to discuss with you our
commitment to strengthening the mail cover process, allowing us
an opportunity to better explain our use of this important
investigative tool and the safeguards in place to protect the
privacy of the American public.
Thank you, Mr. Chairman.
[Prepared Statement of Mr. Cottrell follows:]
[GRAPHIC] [TIFF OMITTED]
Mr. Farenthold. Thank you very much.
Ms. Whitcomb.
STATEMENT OF TAMMY WHITCOMB
Ms. Whitcomb. Mr. Chairman and members of the committee,
thank you for the opportunity to discuss our recent audit
report on mail covers.
Mail covers have been an investigative tool for more than
100 years, used for tracking financial frauds, drug
trafficking, and other criminal activity. A mail cover involves
postal officials recording the information from the outside of
a mail piece, such as the sender's address. However, the mail
cover program does not permit opening letters and packages that
are sealed against inspection, as this requires a search
warrant. To be clear, the program should not be confused with
the operational imaging of mail pieces to manage mail flows.
The U.S. Postal Service processed approximately 49,000 mail
covers in Fiscal Year 2013. Mail covers can be requested either
by external investigators, including my office, or by the
Postal Inspection Service. There are different types: mail
covers that target individuals in suspected criminal matters,
mail covers that target postal facilities where mail and
parcels associated with criminal activity are passing, and
special mail covers used for national security purposes.
The OIG is responsible for auditing the investigative
activities of the Postal Inspection Service. As part of this
work, and in response to public concern, we conducted an audit
of the handling of external mail covers. The report was issued
in May. For this initial audit, we examined samples of both
external criminal mail cover requests and special mail cover
files. We are now beginning an audit of internal mail covers.
Federal, State, and local law enforcement agencies can
request a criminal mail cover by sending a hard copy form to
the Postal Inspection Service's Criminal Investigation Service
Center in Chicago. The request must specify the statute thought
to have been violated and include a description of how the mail
cover will further the investigation. These forms are manually
entered into an electronic system for approval. Only the chief
postal inspector, the manager of the Criminal Investigation
Service Center, or their designees, can approve mail covers.
Most criminal mail covers are approved. In Fiscal Year
2013, the Postal Inspection Service received more than 6,000
outside requests and denied 10.
When a mail cover is approved, it is forwarded to the
appropriate facility, where Postal Service staff photocopy the
mail pieces or log the information. The facility then mails the
records to the Inspection Service to pass on to the original
requesters. Requesters are instructed not to copy mail cover
records and must return them within 60 days after the mail
cover period ends.
Our audit found that mail cover procedures are not always
followed.
In 13 percent of cases, external mail cover requests were
approved without adequate justification, either because the
requester did not include sufficient justification in the
request or the justification was not adequately entered into
the electronic system;
Authority to approve mail covers was not always delegated
appropriately. Twenty-one percent of mail cover requests were
not approved by authorized individuals;
The Postal Inspection Service did not ensure that outside
law enforcement returned mail cover information on time. In 61
percent of cases, mail cover records were not returned within
60 days as required.
The computer system used to process mail covers had flaws.
We found more than 900 cases where the system incorrectly
showed a mail cover was active, even though the cover period
had ended. System problems also prevented mail covers from
being extended and sometimes the same tracking number would be
issued to different requests;
There were delays in processing mail covers both by the
Postal Inspection Service and at Postal Service facilities.
Finally, the Postal Inspection Service did not carry out
its required annual reviews of the program.
Our audit recommended the Postal Service and Inspection
Service improve controls over the mail covers program,
establish procedures to ensure the required program reviews are
conducted, and fix the electronic system. The Postal Service
and the Inspection Service agreed with our findings and
recommendations and set target dates to implement solutions.
Two of the four original target dates have now been extended to
March 2015. My office will continue to track the Postal
Service's progress.
Mail covers are an important law enforcement tool, but
adequate supervision is critical to ensure the protection of
the public.
Thank you.
[Prepared Statement of Ms. Whitcomb follows:]
[GRAPHIC] [TIFF OMITTED]
Mr. Farenthold. Thank you very much.
Mr. Edgar.
STATEMENT OF TIMOTHY H. EDGAR
Mr. Edgar. Thank you very much, Mr. Chairman.
I served in the Obama White House as the first privacy and
civil liberties official for the National Security Council,
focusing on cybersecurity. Under President Bush, I was the
deputy for civil liberties for the Director of National
Intelligence. And from 2001 to 2006 I was the national security
policy counsel for the American Civil Liberties Union.
I am going to talk today a little bit about the history of
the privacy of the mail and why that is important.
When I was given this opportunity to testify, many of my
friends and colleagues had one Statement: Is nothing sacred?
The public is used to a lack of privacy on the Internet. They
know about the NSA controversy; they know about Google reading
their email for targeted ads. But they expect the Postal
Service to have a higher standard for privacy and to be
different; and there is a reason for that, which is that, going
back to the days of George Washington, the United States has
treated mail as something very sacrosanct.
We had a choice in 1792, when the first law was passed
establishing the Post Office. We could have gone in a different
direction. The European governments of the time had secret
rooms in which they monitored mail of political dissidents, of
foreign diplomats. The United States decided not to set up such
a room and to just ban the opening of mail altogether without a
warrant; and shortly after the Civil War, the Supreme Court
reinforced that notion, said that a sealed envelope, at least,
basically had the same level of privacy as your home, really a
pretty remarkable Statement of privacy in correspondence,
handled, after all, by a Government agency. So this is an
important part of our culture and of our system of
constitutional protections for privacy.
During the cold war we got off track. There were several
mail monitoring programs run by the CIA and the FBI that were
investigated by this Congress, by the Church Committee, in the
mid-1970's. The largest of those was called HTLINGUAL. It was a
CIA program that actually started as a mail covers program in
the early 1950's. The CIA got the cooperation of the Postal
Service to obtain copies of every item of mail that was going
to or from the Soviet Union, generally in New York.
And it got off the rails in part really just because the
CIA did a lot of deceptive tactics to conceal the fact that not
only were they photographing the outside of mail, which the
Supreme Court had said does not violate the Fourth Amendment,
although it should be more highly regulated, but they were
actually opening mail as well. They monitored the American
Friends Service Committee, they monitored author John
Steinbeck. Members of Congress, including Frank Church himself,
were on the list of people whose mail should be opened if
encountered.
So when this was discovered it was ended, but it had really
been a major breach of Americans' privacy and civil liberties.
But what are the lessons for today?
I think one important lesson is that the Postal Service
needs to be a stickler for privacy. They really need to insist
that privacy requirements be followed to the letter, if you
will. And they didn't really do that during these cold war
abuses. They looked the other way. They allowed other agencies
that had important national security missions to trump their
concerns. I think they felt this is the CIA, this is national
security, let's let them do their thing. And that was the wrong
way to go. They needed to be the ones standing up and saying,
hey, what are you doing with those pieces of mail? We need to
see what you are doing. We need to look and to ask our counsels
what is going on.
So that is what is troubling about these missteps by the
Post Office, is that you see a certain laxity in the way that
they have enforced their rules on mail covers, and that is a
troubling one.
Finally, I think this issue of the mail imaging software is
an important one for this committee to look at. It may be a
separate program from mail covers, but it raises real questions
about what is essentially a bulk collection of postal metadata,
and it raises questions about the security of those computer
files, who has access to them, and privacy risks. Back during
the cold war, you actually had to have a program for the CIA to
photograph mail. Now that is being done automatically as part
of the system delivering it. It may be a separate program, but
it raises privacy and security risks, especially with these
recent breaches.
Thank you very much.
[Prepared Statement of Mr. Edgar follows:]
[GRAPHIC] [TIFF OMITTED]
Mr. Farenthold. Thank you very much.
Captain Hamby.
STATEMENT OF CHARLES E. HAMBY II
Mr. Hamby. Good morning. Thank you, sir. On behalf of Chief
Mark Magaw and the Prince George's County Police Department, I
would like to thank Chairman Farenthold, Ranking Member Lynch,
and the members of the Subcommittee on Federal Workforce, U.S.
Postal Service and the Census for the opportunity to discuss
the mail cover program and the role this investigative tool
plays in our criminal investigations.
My name is Captain Charles Hamby and I am currently
assigned as the Assistant Commander of the Narcotic Enforcement
Division for the Prince George's County Police Department.
Let me begin by stating that the Prince George's County
Police Department is in support of the U.S. Postal Inspection
Service mail covers program.
Various investigative units within the police department,
including, but certainly not limited to, our fugitive
apprehension teams and narcotic enforcement units, have
utilized mail covers as supplemental investigative tools to
further their cases. Mail covers are able to provide assistance
to law enforcement agencies as they are conducting criminal
investigations by providing identification information on names
and addresses of entities, individuals, and also locations that
are associated with the subject being investigated. Fugitive
teams may utilize mail covers to identify individuals and
locations that could lead to the appreciation of the wanted
subject. Narcotic investigations also benefit from mail covers
by providing information regarding coconspirators, locations,
and methods used by the various activities that occur in drug
trafficking.
For example, during an investigation that I conducted of a
drug trafficking organization that was smuggling multiple
kilograms of cocaine from Miami, Florida to Prince George's
County, Maryland, a mail cover was used to develop evidence on
one of the 14 co-conspirators. In this case, the mail cover
provided identification of names and addresses associated with
the target of the investigation, and the specific target was
suspected of receiving the proceeds from the drug sales here in
Prince George's County and shipping them to Miami, Florida.
The suspect would facilitate the transfer of those funds to
the source of supply in Miami, and that money which the suspect
was sending to the source was payment for the following
shipment of cocaine. During this conspiracy, it was typical for
the organization to purchase and receive here in Maryland 10
kilograms or more of cocaine in a single shipment. All of that
cocaine was subsequently distributed either in Washington, DC.
or in Prince George's County, Maryland.
The information received from that mail cover identified
previously unknown aliases that the subject was using. That
information led to eventually further identification of the
entire system that was being used to pay for the drugs. This
case culminated with Federal indictments and successful
prosecution of this suspect and her 13 fellow conspirators,
which actually resulted in the dismantling of that cocaine
trafficking organization.
As described previously, the mail covers used by law
enforcement investigators can really provide significant
information and further investigations, and also provide
evidence of criminal acts.
In closing, thank you very much for the opportunity to
present this information to the committee. The mail cover
program clearly remains an important tool that continues to
benefit criminal investigations by law enforcement agencies.
Thank you very much.
[Prepared Statement of Mr. Hamby follows:]
[GRAPHIC] [TIFF OMITTED]
Mr. Farenthold. Thank you very much, captain. I have quite
a few questions. I do not want to give the mail covers program
short shrift, because I think there are a lot of issues we need
to discuss with that, but I do want to start with the cyber
attacks, since they are most recently in the news. And if I run
out of time, we will do a second or even third round of
questioning until all the members are satisfied that they have
gotten their questions answered.
So, Mr. Miskanic, let me ask a couple questions to reassure
the American people. Are we relatively confident that no
customer data was compromised during this attack?
Mr. Miskanic. Chairman Farenthold, as Stated in my written
and oral testimony, there was customer call center data that
was compromised. It did not contain sensitive information.
Mr. Farenthold. Could you explain what customer call center
data is, for those who don't know?
Mr. Miskanic. Yes, sir. The data itself was when an
individual contacts the Postal Service for followup on a mail
item or makes an inquiry.
Mr. Farenthold. So you are not going to have their Social
Security number or something like that in that data base.
Mr. Miskanic. No, sir, there was not Social Security
numbers contained in that data base.
Mr. Farenthold. All right. What about information or copies
of mail cover data or the imaging data that Mr. Cottrell talked
about used in the processing of mail, was any of that
compromised?
Mr. Miskanic. No, sir, Chairman Farenthold, there was no
indication of compromise of any of the mail cover data, nor of
any of the mail imaging data.
Mr. Farenthold. All right. I just wanted to reassure the
American folks. Our postal workers obviously appreciate what
you all are doing with respect to their credit monitoring.
I am concerned about how long it actually took the Postal
Service to act. It was quite some time when CERT notified you
all of some data leaking out before you did something. Now, I
understand the need to figure out who did it and how it was
tracked. Do you see some needs or things that need to be done
to, where if the Postal Service is hacked again or another
Government agency is hacked, how we can more rapidly shut off
the flow of the ex-fill of data and get the tracking tools in
the system quicker?
Mr. Miskanic. Yes, Mr. Chairman. On September 11th, what we
were told was there was suspicious activity on four of our
pieces of computer equipment, and to give you some scope of
that, we have over 225,000 servers or workstations. That
indicated that there was simply just suspicious activity or
potentially malicious code. Through a complex investigation, we
learned that data had actually been compromised.
Mr. Farenthold. Were these mission-critical servers or were
they just random servers?
Mr. Miskanic. These were not our mission-critical servers,
they were not our primary and core systems; they were secondary
systems. Some of them might have been in a field unit in one of
our processing facilities or post offices; some were in our
data centers, but they were not necessarily the primary core
data centers themselves.
Mr. Farenthold. On my computer network I have software that
monitors data flow on my network in my house, and when I see
something weird coming out of one of my computers, the first
thing I do is go unplug that computer. So, again, would you
explain why maybe that wasn't the initial solution and then do
forensic investigations to determine where that data was going?
Mr. Miskanic. Well, in this particular instance, the actor
was very sophisticated, and once we had learned the respective
access, it was necessary to understand the scope of the
intrusion to properly mitigate it. We were very concerned
during this period that if the actor themselves could further
embed themselves into our network where they could potentially
cause harm, it could impact our ability to deliver mail and
serve the American public.
Mr. Farenthold. So how much of this was done internally by
the Postal Service versus relying on either Government agencies
or contractors? I guess what I am getting at, should CERT or
the FBI or NSA or some Government agency have a program where
you call them and they send in a SWAT team? How was this
handled and how do you think it could be handled better?
Mr. Miskanic. Chairman Farenthold, that is a very good
question and, actually, US-CERT does have a SWAT team and the
FBI does have a team that came in and assisted the Postal
Service with this incident. They provided expert technical
guidance. In addition to that, we also relied upon external
technical experts from various companies who have been engaged
with similar incident response issues.
Mr. Farenthold. Do you think that that interagency system
worked well or does it need some polishing? I would certainly
say by your time line it needs speeding up.
Mr. Miskanic. The interagency team was faced with a very
complex challenge. It was a very complex investigation in
understanding the scope and the breadth across the USPS network
and the complexities of that network. We are in the process of
still investigating the matter; however, we do intend to
produce an after-action report on the actions and activities
that occurred during throughout the investigation remediation,
and we would be happy to share that.
Mr. Farenthold. I would like to see that. And if there is a
classified or security-sensitive version, that would probably
be something that this subcommittee probably needs to see in
private as well. So please keep us on your list for that.
Sorry, I went a minute over, so we will give Mr. Lynch 6
minutes here.
Mr. Lynch. All right. Thank you, Mr. Chairman. I appreciate
that.
I am going to revisit that in a minute, Mr. Miskanic. Let
me ask, though, I only have one question on the covers, the
postal covers. Do we have technology that would allow us to
read the mail without opening it, read the contents of the
mail? I went online to do sort of an anecdotal search about
some companies out there that do say we have technology that
can read your email without opening it, without indicating to
the party who receives the email that their email has been
opened and read; and there are a number of firms that actually
have very high technology package inspection that can read
through envelopes and see the contents. So I am just wondering
if we have the technology available right now to read the mail,
the contents of the mail, without opening it.
Mr. Cottrell. We do not, sir.
Mr. Lynch. You don't. OK. All right. Who is we?
Mr. Cottrell. The Postal Service does not have the
technology to do that.
Mr. Lynch. Is it out there?
Mr. Cottrell. Not that I am aware of.
Mr. Lynch. OK. It would seem to be pretty simple, just
probably high resolution x-ray or something like that. OK, so
that is one thing I am concerned about.
As the courts have said repeatedly, there is no expectation
of privacy in the outside of what is on your envelope, and that
probably makes sense. But my concern is that there may be
technology out there that actually would allow folks to scan
the outside and also glean whatever the contents of the letter
might be as well.
Let's go back to Mr. Miskanic. I really am concerned about
the way the Postal Service handled the breach. When were we
first aware of this breach of employee data or a breach of the
data base at the United States Postal Service?
Mr. Miskanic. Congressman Lynch, we were notified of the
actual data being, we had confirmed the actual data being taken
on November 4th.
Mr. Lynch. No, no, no, no, no, no, no, no, no.
Mr. Miskanic. We had suspected----
Mr. Lynch. Let's go back. I am talking about when did you
first get any indication that you had a breach. I am not
talking about official notification.
Mr. Miskanic. So on October 16th we learned that data had
actually been compromised. However, we had fragments of that
data and could not----
Mr. Lynch. OK, so retroactively, looking back, when did you
first have a breach?
Mr. Miskanic. We were notified on September 11th that there
was suspicious activity on the system by US-CERT.
Mr. Lynch. Is that the earliest date that you have right
now, have knowledge of, that you had a breach?
Mr. Miskanic. That I have knowledge of, yes.
Mr. Lynch. OK. When did you notify the employees that their
Social Security numbers had been compromised?
Mr. Miskanic. We notified the employees on November 10th,
and that was due to the need to----
Mr. Lynch. That is about the day I learned about it, on
November 10th, in the Wall Street Journal and New York Times.
So why the delay? Why the delay?
Mr. Miskanic. Over the entire period it was necessary to
understand the scope and the impact. Once we learned, on
October 16th, that there might have been some data taken, we
needed to confirm what that was and reconstruct it
forensically. Over that period, it was also very imperative
that we initiated remediation and mitigation activity.
Mr. Lynch. Based on the files, the contents of the files
that have been accessed, you should have had some notification
right then that there was risk to the employees' data.
Mr. Miskanic. Sir, during that period, we did not have the
full scope of what files were accessed. Second, it was very
important for the overall security posture of the Postal
Service to conduct the detailed mitigation and remediation that
occurred on November 8th and 9th----
Mr. Lynch. Look, I am just telling you that the way this
should work is as soon as you know that a file has been
compromised and that it contains personally identifiable
information, Social Security numbers, that employee should be
notified. If we go with your plan, if we go with your plan, an
agency, a U.S. Government agency could have the Social Security
numbers for all its employees compromised, and you will decide,
you will decide based on your own interests when the employees
will be notified that their Social Security numbers have been
stolen.
That doesn't work. That doesn't work for the American
taxpayer; it doesn't work for the American people. It doesn't.
So the secret school squirrel stuff, you know, we have to
figure out how sophisticated these people were and what
information they have, that doesn't fly. This is very, very
important information. These people are at risk and they
received zero.
The unions, the employee unions who represent these people
got zero notice, like I did, and I am just telling you if we
have to do something legislatively to make sure you cough up
that information when people's Social Security numbers--you
know, I keep hearing about how the private sector has had this
problem as well. Target didn't disclose Social Security
numbers; Neiman Marcus didn't; JP Morgan didn't. This was all
credit card information; this was not their Social Security
numbers, which would allow identity theft and an assortment of
other problems for these employees.
So I have to tell you I am very, very disappointed in the
way you handled this. I am. I think the American people deserve
better. And if this is the standard that we are using now, we
are opening up a huge area of exposure to the American people.
If people like yourself and your agency is going to decide when
it is good for you to let people know that their Social
Security numbers have been stolen, when you are good and ready,
that is not good enough. So we have to figure something out.
Maybe it is legislatively we need to mandate this. But you have
to be more forthcoming with the people that you are supposed to
be protecting than you have been in this case.
I yield back.
Mr. Farenthold. Thank you very much, Mr. Lynch.
We will now go to the vice chair of this subcommittee, the
gentleman from Michigan, Mr. Walberg.
Mr. Walberg. Thank you, Mr. Chairman, and thank you to the
witnesses for being here today.
Inspector Cottrell, according to the USPS inspector
general, last year only 10 of more than 6700 external law
enforcement mail cover requests were rejected. That was given
in testimony today. Do you know anything about why those 10
were rejected?
Mr. Cottrell. I don't know the specifics, sir, but there
are specific requirements to get a mail cover: it has to be a
law enforcement agency; you have to be investigating the
commission of a crime, locating a fugitive or trying to track
down victims or assets or proceeds. So those are the
requirements, so obviously those 10 did not meet those specific
requirements.
Mr. Walberg. So it would be assumed, then, that it is
normal for 99-plus percent of external mail cover requests be
approved in any given year?
Mr. Cottrell. Well, 10 were outright denied. We have to
send several back for people to include additional information,
but we don't track that sort of data. So 10 were actually
denied.
Mr. Walberg. So we don't know the percentage, normal
percentage of a normal year of mail cover requests that are
approved in any normal year?
Mr. Cottrell. It fluctuates year to year. Just this past
year we declined 94 of them.
Mr. Walberg. In your testimony you mentioned the
distinction between sealed and unsealed classes of mail. Can
you elaborate a little more on that?
Mr. Cottrell. Well, sealed mail is first class mail sealed
against an inspection; you need a Federal search warrant to get
inside of that. Other classes of mail are standard, do not have
the same level of protection.
Mr. Walberg. So how does that all impact mail cover?
Mr. Cottrell. Mail covers are still information from the
outside of a mail piece. Standard mail would be advertising
mail, circulars, things like that.
Mr. Walberg. It has been noted that the inspector general
audit found that 13 percent of external mail cover requests
lacked appropriate justification, yet were still approved. If
we were to conduct a full audit of active mail covers today,
would the number be any different?
Mr. Cottrell. I think it would improve. The IG report was
from several months ago, and they gave us some excellent
recommendations on how to make improvements. What they found is
the justification wasn't always included in the system as well.
But we have made great strides there and we are continuing to
work to improve that process.
Mr. Walberg. What other recommendations were given?
Mr. Cottrell. Well, they recommended that we do an annual
review of this, which we are doing; they recommended that we
improve our mail cover system that we have, where we enter the
requesting information in; and they recommended that we train
our employees; we fix our internal standard operating
procedures. And all of those fixes are in progress.
Mr. Walberg. The inspector general audit also found that 21
percent of external mail cover requests were approved by
individuals without authorization. Has that been changed?
Mr. Cottrell. Yes, sir. We have made improvements there in
improving the delegation process to ensure that we have proper
delegations of authority on file for individuals to approve the
mail covers.
Mr. Walberg. So we have them on file, but could you explain
a little bit more in depth on how we make sure that, though
they are on file, they are actually the ones that are approved?
Mr. Cottrell. Well, when you delegate authority, you need
to have a record that you have delegated that authority, and we
did not have proper delegations of authority on file for those
individuals, so we have corrected that. We have the correct
individuals in place now to approve the mail cover requests
that come in.
Mr. Walberg. Thank you.
Ms. Whitcomb, from your testimony it appears that your
audit report focused mainly on mail cover requests made by
external law enforcement agencies and that a new report is in
the works looking at internal requests. Is that true?
Ms. Whitcomb. It is true.
Mr. Walberg. Is there an estimated completion date for that
report to end? Are there early conclusions you can share with
us today?
Ms. Whitcomb. Not at this point. We are just beginning that
work. But I imagine that we will have some results probably in
the next three or 4 months, and we will be happy to come and
share those results when we have them together.
Mr. Walberg. In your testimony you mention that the
Inspection Service did not carry out its required annual
reviews of the mail cover program. Was your agency able to
determine any reason for this failure beyond what we have
heard?
Ms. Whitcomb. Not that I am aware of. They just weren't
conducted. I believe one of three of the reviews were
conducted. We expected to see annual reviews over 3 years and
we saw one review being conducted.
Mr. Walberg. Are you confident that that is changing now?
Ms. Whitcomb. Our process is, when we make a
recommendation, the agency provides us a response date, a date
when the action in response or recommendation is to be
completed. In this case the dates that we received in response
to our report have been extended, so when those dates or when
the Inspection Service has completed their work, they will come
back to us and provide us with documentation to show that they
have completed that work, and then we will evaluate that and
either close that recommendation or can keep it open. So at
this point these recommendations are still open, awaiting that
documentation to come back to us. So we anticipate that these
efforts that are being undertaken will be successful, but at
this point it is impossible for us to know.
Mr. Walberg. Thank you.
Thank you, Mr. Chairman.
Mr. Farenthold. Thank you, Mr. Walberg.
We will now recognize the ranking member of the full
committee, Mr. Cummings, for 5 minutes.
Mr. Cummings. Thank you very much, Mr. Chairman. Mr.
Chairman, I am extremely concerned about the increased
frequency and sophistication of data breaches on both public
and private entities. We have seen attacks in the past year at
Target, Home Depot, Community Health Systems, and USIS, as well
as the Postal Service and, most recently, the State Department.
I am concerned about all Americans whose personally
identifiable information was stolen and privacy compromised in
a rash of data breaches this past year. That is why I requested
four times this year that Chairman Issa join me in conducting
oversight into the breaches at these various companies.
Unfortunately, Chairman Issa ignored my repeated requests to
examine data breaches in the private sector, and this committee
has missed a significant opportunity as a result.
Turning to the Postal Service, I must say that I am
troubled by the chain of partisanship here. In a joint
Statement, Chairman Farenthold and Chairman Issa said they
called today's hearing in part because they wanted to know why
the Postal Service ``waited 2 months before making the news of
this attack public.'' For the record, the Postal Service
voluntarily provided to this committee two fulsome and
classified briefings, one on October 22d, another on November
7th. Is that right, Mr. Miskanic?
Mr. Miskanic. Yes, sir, that is correct, October 22d and
November 7th, sir.
Mr. Cummings. So we know why the Postal Service did not
make this news public earlier, because they told us directly.
Now, Mr. Miskanic has also provided a detailed testimony,
including a time line of what the Postal Service knew and when,
how and why it made certain decisions, what agencies and
experts it has been working with to remediate the breach. That
is what I call transparency. By contrast, not a single company
that was breached this year came voluntarily to brief this
committee.
I am asking Chairman Issa, in his remaining time as
chairman, that he finally agree to work with me on ways to
improve data security in both public and private entities, and
I am hoping that he will agree to my request on January the
14th, September 9th, September 11th, and September 15th.
I would like to thank the Postal Service for working with
the committee as it rectifies this intrusion.
Mr. Miskanic, as you know, I wrote to Postmaster General
Donahoe last week to request more information on the data
breach at the Postal Service. When can I expect a written
response?
Mr. Miskanic. Thank you, Congressman Cummings. We are
preparing the written response and we will have it, I believe,
within a 2-week period, sir. We are still conducting part of
the investigation and would like to provide you a most thorough
and detailed response as possible, sir.
Mr. Cummings. And you are saying you will have it in 2
weeks?
Mr. Miskanic. Yes, sir.
Mr. Cummings. In this year, though.
Mr. Miskanic. Correct, sir. Yes.
Mr. Cummings. All right.
I am going to ask unanimous consent that letters that I
have sent to Chairman Issa requesting investigations into the
other entities, private and public, be entered into the record.
I have a letter dated September 15th, 2014, September 9th,
2014, September 11, 2014, and January 14, 2014, Mr. Chairman.
Mr. Farenthold. Without objection, so ordered. And I join
you in thinking especially the Government needs to do more with
respect to data security and look forward to continuing to work
with you both this year and in the future.
Mr. Cummings. Thank you very much, Mr. Chairman. I yield
back.
Mr. Farenthold. Thank you very much.
We will now to go to Mr. Davis, I guess, for his questions.
Oh, Mr. Clay is back. Are you ready, sir?
Mr. Clay. Yes, I am ready.
Mr. Farenthold. You are up.
Mr. Clay. I am sorry, Mr. Chairman.
Mr. Farenthold. No, no. We just skipped to Mr. Davis.
Mr. Clay. OK.
Let me ask Mr. Miskanic. News reports indicated that over
800,000 employees could be affected. We learned that personally
identifiable information of Postal Service employees may have
been compromised, including names, addresses, dates of birth,
Social Security numbers, dates of employment, and other
information.
Can you tell us any more information about the extent of
people affected by the breach?
Mr. Miskanic. Yes, Congressman Clay. We are still
conducting forensic analysis of the impacted servers and, as a
result, as mentioned, we have approximately 800,000 records of
current and former employees that had personally identifiable
information, the 2.9 million customer care records which were
calls to our customer center with either a customer followup.
In addition, we are still processing the evidence and there is
the possibility of additional compromise specifically as it
relates to some workers' compensation files.
Mr. Clay. Have you identified the perpetrators, or can you
discuss that?
Mr. Miskanic. The adversary we cannot release; it is a
classified matter, sir.
Mr. Clay. Based on your testimony, I understand the Postal
Service has been following the advice and guidance of several
Federal and private sector cybersecurity experts since the
Postal Service's initial discovery of the breach. Is that
correct?
Mr. Miskanic. Yes, Congressman Clay. We have been following
the guidance of US-CERT, getting assistance from Carnegie
Mellon CERT/CC, and several private security technical experts
for this matter.
Mr. Clay. OK. And I know there has been a great deal of
controversy over whether the Postal Service notified its
employees and customers about the breach in a timely manner,
but it seems to me that the Postal Service relied heavily on
the intelligence and expertise it was receiving from its
advisors in making these determinations.
For example, in your testimony you Stated that experts from
supporting agencies provided prudent warnings that short-term
remediation efforts would be seriously compromised if the
threat actor became aware that the intrusion had been
discovered. If provided advance warnings of network actions
intended to expel and block the intruder from the Postal
Service network, the advisory could take bolder steps to
further infiltrate or sabotage systems.
Mr. Miskanic, is this why the Postal Service chose not to
inform its employees and customers about the breach when it was
originally discovered in mid-September?
Mr. Miskanic. Yes, Congressman Clay. The concern that was
raised by the technical experts both from the Federal
Government and the private sector regarding the adversary
potentially conducting malicious acts were very significant and
could have harmful impacts for our ability to deliver the mail
to each and every American citizen, and we wanted to ensure,
first of all, protect any further breach of data, but ensure
that those systems were adequately protected and then implement
the mitigation activities, which are quite complex. We are in
the first phase of several phases for those mitigation
activities, and they will go on for several months.
Mr. Clay. And I understand that the Postal Service agreed
to offer free credit monitoring for its employees for 1 year,
is that correct?
Mr. Miskanic. That is correct, sir, free credit monitoring
and identity theft protection, sir.
Mr. Clay. And based on your experience in handling these
issues, are you confident that the Postal Service will be able
to effectively address the current data breach and prevent
further breaches from occurring in the future?
Mr. Miskanic. Yes, sir, I am confident, and you have our
commitment that we will address all of the issues and be very
vigilant in the future, sir.
Mr. Clay. And you cannot tell us if you have identified the
culprit.
Mr. Miskanic. No, sir. I believe that is a matter that is
best discussed with the intelligence community, sir.
Mr. Clay. I see. Thank you for your responses.
I yield back, Mr. Chairman.
Mr. Farenthold. Thank you very much.
Mr. Davis?
Mr. Davis. Thank you very much, Mr. Chairman. I want to
thank you and the ranking member for giving me the opportunity
to participate in this hearing, though I am not a member of
this subcommittee.
Like several of my colleagues, I am concerned about the
length of time that it took to notify employees, as well as
customers, of the breach. Mr. Miskanic, can you share something
by November 10th that you had learned that you didn't know,
say, September the 11th that gave you the level of
comfortability to now notify these individuals of the breach
that had not been notified earlier?
Mr. Miskanic. Sir, on September 11th we had no indication
that there was data that was compromised or accessed in an
unauthorized manner; we simply had information that there were
four servers out of several hundred thousand workstations that
had potentially malicious code on them. In order to adequately
investigate, over the period of the next 2 months, we had to
come to learn the sophistication of the actor and then came to
find that they had indeed compromised data; however, we had
fragments of that data and needed to recreate that to make the
adequate notice to our employees.
On November 4th is when we actually confirmed through our
investigation that that information had indeed left the Postal
Service network, and not before that time, sir.
Mr. Davis. So the investigation then gave you the
information that you needed to have in order to have a level of
assurance that what you were announcing or reporting was in
fact accurate and adequate. Let me ask you have there been any
interactions or conversations with representatives of the
employees, such as the unions, to discuss the issue and see how
jointly the Service and the employees may be able to work
together finding a solution?
Mr. Miskanic. Individually, I have not engaged with those
discussions; however, I know the postmaster general and staff
have engaged the unions, and they will continue to engage them
throughout this entire process.
Mr. Davis. Thank you very much.
Let me ask you, Captain Hamby. I understand that you have
been involved in this kind of activity for a pretty extensive
period of time. How valuable do you view the mail covers
program?
Mr. Hamby. Congressman Davis, I think it is a very valuable
tool. It is not used that often, quite frankly, in
investigations, it is only when it is warranted; and usually it
takes time, it is usually in a long-term investigation that is
going to be used in any event.
But in my experience, it provides a very unique piece of
information in criminal investigations. There are so many types
of information out there. The mail cover can provide very, very
unique pieces of information, so in that instance it is very
valuable. It really can't be duplicated as far as mail coming
and going from a specific address.
Mr. Davis. Thank you very much.
Mr. Miskanic, let me just reinforce that the employees that
I have been speaking with or have had conversation with, I
guess they, like others, are very skeptical when they think
that there has been some breach of their information. So I
think they would be reassured to know that the Postal Service
is in fact interacting with their leadership to try and find a
resolve, so I thank you very much.
And I thank all of you for your participation and the
questions that you have answered.
Mr. Chairman, I yield back.
Mr. Farenthold. Thank you very much.
I think we have gotten to everybody, so we will startup
with a second round of questioning and I will kick it off.
Mr. Miskanic, you will be happy to know you have almost all
my questions answered. I want to go on to the mail covers
program a little bit more.
Mr. Cottrell, the IG's report has a picture of a guy
writing down information off of a package, and your testimony
said often this is done manually. How much of this is done
electronically? Is it just photocopied, is it scanned? Can you
break down the percentages of how that data is captured?
Mr. Cottrell. Yes, Mr. Chairman. It is all done manually.
The only electronic piece would be to actually photocopy the
pieces of mail. That is the only electronic part of this
process. It is all manual.
Mr. Farenthold. And you also mentioned that you have some
internal programs where you actually image the covers of the
mail for processing.
Mr. Cottrell. Yes, sir.
Mr. Farenthold. So that is basically where you scan the
front, bar code the address. How long is that stored, and are
those computers on a network that do that?
Mr. Cottrell. Those mail processing machines are at all of
our facilities around the Country. The images are only on that
one mail processing machine and the data is overwritten
depending on the volume of the mail processing machine.
Mr. Farenthold. So are we talking days, weeks?
Mr. Cottrell. Days. Three to 7 days.
Mr. Farenthold. All right. Can you assure me that there is
not some NSA-like system that is tracking all mail covers,
storing that data for later search and retrieval?
Mr. Cottrell. Yes, I can. There is no such system in the
Postal Service doing anything like that.
Mr. Farenthold. And can you tell me is there a similar
process for mail covers for shipments made through your
competitors, UPS, FedEx, and the like? Are you aware of any
similar programs?
Mr. Cottrell. I am not aware of any.
Mr. Farenthold. Mr. Edgar, you are the privacy expert. How
is the Postal Service different from FedEx and UPS?
Mr. Edgar. I don't believe there is any real difference
here, but the point I was trying to make, I think, in my
written Statement about this concern is just that the data is
potentially vulnerable. We have heard about data breaches of
other systems at the Post Office, so it is important to really
look very closely at how this data is stored and how it----
Mr. Farenthold. As a Government efficiency expert, it
troubles me that there has to be a hard copy request that is
then entered into a data base that is then sent to the local
post office and is then done manually, and then I guess you
mail the mail covers to the law enforcement agent. So, as a
government efficiency expert, that troubles me. As a privacy
advocate, I kind of like it.
Mr. Edgar. I think that is a good point. I think that in
some ways my personal fears about this were probably in part
because I didn't realize how inefficient the mail covers
program was. And maybe that is a good thing because it allows
us to, as we improve the mail covers program and if there is
any effort to integrate it with any of these systems, to do it
in a very careful fashion.
Mr. Farenthold. Right.
Let me go on. Mr. Cottrell, what about the contents? Are
there drug dogs that check? There has to be some additional
stuff for the contents so you guys aren't at least doing
something to combat the belief that you are the biggest
deliverer or contraband in the world.
Mr. Cottrell. Absolutely not. The U.S. mail should not be
the provider of choice for narcotics. That is why you see this
spike in mail covers is indicative of our efforts to combat
this very offense. But to raise the level, to get into a
package, obviously you need to get to probable cause. Sometimes
that is one method, but a hit with a drug dog is obviously one
of the ways we can get that problem.
Mr. Farenthold. Ms. Whitcomb, you talked about the
designees. Do you know how many designees there are that
authorize mail covers and what kind of training that they
receive?
Ms. Whitcomb. I don't know the answer to that question.
Mr. Farenthold. Mr. Cottrell, do you know?
Mr. Cottrell. I am sorry, Mr. Chairman, could you repeat
that?
Mr. Farenthold. How many designees are there to authorize
mail coverings and what kind of training do they receive.
Mr. Cottrell. I would like to give you a full and thorough
answer. I believe there are two, but if I could provide an
answer for the record.
Mr. Farenthold. And then we talked about how few of the
requests were denied. Were they denied on substantive grounds
or were they denied because all the Is weren't dotted and Ts
crossed? Mr. Cottrell or Ms. Whitcomb, either one.
Mr. Cottrell. It would be because they did not meet those
requirements of it is from a law enforcement agency, it is
looking to obtain evidence in the commission of a crime, locate
a fugitive.
Mr. Farenthold. So you all really don't have that many
substantive checks, it is predominantly that you have met all
the requirements; it is not like a judge reviewing a search
warrant or something like that.
Mr. Cottrell. It is not, but it has to be a sworn law
enforcement agency.
Mr. Farenthold. OK. Finally, I want to ask one question
about you said the policy was 60 days to you send the mail
covers to a law enforcement agency, they have 60 days to return
them. I guess Ms. Whitcomb said that. How does that work? It
seems to me that if my mail covers were used in a prosecution,
I would want to have access to those mail covers and there
needed to be preserved through the process of--I would want my
defense attorney to have access to those if I were prosecuted
as a result of those. Anybody want to comment on how that is
mailed available to the defendants in a criminal proceeding?
Either of you guys know?
Mr. Cottrell. They could request an extension to retain
that for a trial purpose.
Mr. Farenthold. OK. That just kind of struck me as being an
issue. Thank you very much.
Mr. Lynch, you had some second questions?
Mr. Lynch. Please, yes. Thank you, Mr. Chairman.
Mr. Miskanic, I want to go back to the 800,000 postal
employees who had their Social Security numbers stolen. In that
file that had their names, addresses, and Social Security
numbers that were stolen, that information would be very
helpful to someone engaged in identity theft, would it not?
Mr. Miskanic. Yes, sir, that information could be used for
identity theft.
Mr. Lynch. So I am just wondering do we have, part of the
thing I am struggling with is that it took so long for us to
figure out, for the Postal Service to figure out what the
adversary stole. And you would think that the Social Security
numbers, names, and addresses of our 800,000 employees would be
sensitive information that might be segregated so that it might
gain greater protection. You follow me?
Mr. Miskanic. Yes, sir.
Mr. Lynch. So I know we encrypt it, but we encrypt it. We
should be able to know what has been stolen. Just a basic
concept there. How come it took so long for us to figure out
that they had stolen the Social Security numbers, addressed,
and names of 800,000 postal employees? I can't understand that
piece. Can you explain it?
Mr. Miskanic. Yes, sir. The adversary had encrypted the
file that had been taken themselves and produced a new name of
that file, and we had to decrypt that file to understand that
that had actually been stolen and left the USPS network.
Mr. Lynch. But if we had segregated that file and knew it
had been accessed, as was reported on September 11th, then we
could have alerted people that we are concerned. The thing for
me is if someone has my Social Security number, the best
defense is for me to know that so that, as a consumer, I can
watch out for my savings account, credit card activity, things
like that. But if I don't have that information, I am
defenseless.
So that is what I am getting at. If we knew that that file
had been accessed, like we knew on September 11th, it just
raised a red flight to the people who might be vulnerable
because of that intrusion. That is what I am trying to get at.
Mr. Miskanic. Sir, we did not know that that file was
accessed on September 11th. On October 16th we had partial
information that there was fragments of a file that were
recovered that had been deleted by the adversary. Through that
period of time we needed to adequately reconstruct what
happened to make notice to our employees, because we didn't
know if it was one or 800,000 at the time.
Mr. Lynch. But we knew that there were four servers that
were accessed on September 11th, is that correct?
Mr. Miskanic. Which none of them contained this
information; it was a different vector of the attack, sir.
Mr. Lynch. Well, we need to figure out a way that the most
sensitive information that we have on these employees that
would introduce severe vulnerability on behalf of our
employees, we need to find a way to segregate that so if it is
accessed or if there are indications it has been tampered with,
that we cannotify them. Are we doing that now as part of this
corrective action or can we expect this to happen again?
Mr. Miskanic. Sir, we have actually segregated systems for
our most critical data. Unfortunately, this was a sub-business
process, a reporting process that caused this file to be
subject to a vulnerability. We have corrected that issue. We
will continue to correct any of those issues in moving forward
to ensure that this doesn't occur again.
Mr. Lynch. OK. I am concerned about this because so far
what I see is there is no negative consequences to the United
States Postal Service because these 800,000 employees' Social
Security numbers were stolen. Zero. Nothing bad is going to
happen. And we are lining up here that it is business as usual
and, oh, this happened in the private sector. The private
sector, customers will move away from a company that is not
protective of their information.
We have a captive audience in the employees of the American
Postal Workers Union and some of the other workers there as
well, so I am just concerned about a perverse incentive here
that if there is no negative consequences to what just
happened, it is going to happen again. I am just trying to
avoid that eventuality and I am having trouble getting
cooperation to make sure that doesn't happen. I think we are
whistling through the graveyard here and we are not taking it
seriously enough.
Tell me I am wrong.
Mr. Miskanic. Sir, you have our full cooperation and
commitment that we will continue the efforts that we have
undertaken to remediate the impacts of this breach and continue
to improve our systems and our networks. This is a very
sophisticated adversary and it is necessary for the Postal
Service then to learn the traits of the sophisticated
adversaries. We look forward to working with our Federal
Government partners to better learn those tactics. I can assure
you that we will improve our systems in the future.
Mr. Lynch. Thank you, Mr. Miskanic.
I yield back.
Mr. Farenthold. Thank you very much.
Mr. Cummings, you have some more questions for us?
Mr. Cummings. Yes, I do. Yes, I do.
Let me ask you this. Tell me what is the likelihood of this
happening again? I know you are still looking into it. I always
talk about transformational moments that should lead to a
movement. Sometimes when these kinds of things happen, it makes
us realize how vulnerable we are, and we constantly say to
ourselves that when the rubber meets the road, that we will be
prepared; and then when it comes time for the rubber to meet
the road, we discover there is no road. So I am just trying to
figure out what the likelihood of this happening again is and
exactly what are we doing to make sure it doesn't, if we can.
Mr. Miskanic. As you Stated, Congressman Cummings, this is
a transformational moment in the way that the Postal Service
addresses IT security. It is necessary for us to be more
actively engaged with these emerging threats that are well
resourced and have a long time period to affect their
activities. No IT security professional can State
unequivocally, 100 percent, that they will never be breached
again, but we must remain vigilant and we must improve our
processes to ensure that it does not.
Mr. Cummings. Do we have the necessary people with the
appropriate skills and technology to address these problems or
is more needed?
Mr. Miskanic. Speaking from the Postal Service, that is
what I have been tasked with, is understanding if we have the
proper skills and technology.
Mr. Cummings. You are saying you are trying to figure that
out, is that what you are saying?
Mr. Miskanic. We are embarking upon that because obviously,
sir, we need to improve our skills and our tools and our
tactics to ensure this doesn't happen again.
Mr. Cummings. And what will it take to do that? In other
words, are there people out there that we are not benefited or
worked with to get their expertise? Do we have it in-house? Do
we need to go out-house? I mean, what is needed? Because I have
some of the same concerns as Mr. Lynch and others. It is one
thing for things to go wrong, and we realize that you said,
there is no 100 percent failsafe system. We got that.
But I want to know that we are doing, and I think the
American people want to know that we are doing the very best
that we can. So if there is a lack of anything, we want to know
exactly what it is and what we can do about it.
Mr. Miskanic. To adequately fight these very significant
and persistent threats, it is necessary that we form teams that
are both across the Federal Government and the private sector.
In the case of Postal Services is ensuring that we are actively
engaged with obtaining the information on the threat actors
from the intelligence community to process that and make it
actionable and put it into tactics to better protect the USPS
network.
Mr. Cummings. One of the purposes of this hearing is to
evaluate the Postal Service's progress in implementing the
recommendations made by the Postal Service Office of Inspector
General. Ms. Whitcomb, your office made four recommendations to
the Bureau as it relates to mail covers program, is that
correct?
Ms. Whitcomb. Yes.
Mr. Cummings. And Chief Inspector Cottrell, does the Postal
Service agree with all four of those recommendations?
Mr. Cottrell. Yes, Ranking Member Cummings.
Mr. Cummings. But based on your testimony, I understand
that you have completely implemented one of the
recommendations, is that correct?
Mr. Cottrell. That is correct.
Mr. Cummings. I would like to discuss this recommendation
in detail. First, based on your testimony, I understand that
the Inspection Service has already implemented periodic review
procedures that the IG recommended, is that correct?
Mr. Cottrell. Yes, that is correct.
Mr. Cummings. And, chief inspector, can you tell us a
little bit more about the revisions you made to review the
procedures that you discussed in your testimony?
Mr. Cottrell. Yes. Just briefly, Congressman, every year we
go out and we review our high risk programs, and we have added
this mail cover review to our annual review of high risk
programs, and we have already begun those reviews in response
to the IG's recommendations.
Mr. Cummings. And so the other recommendations, what about
those?
Mr. Cottrell. Those are still in progress. Some of them
involve IT upgrades and issues, and the training and getting
folks trained, and republishing our standard operating
procedures and some of our internal training manuals. But we do
expect to be complete in the timeframe the IG allotted.
Mr. Cummings. Do you think you have the resources to
accomplish all of that?
Mr. Cottrell. Yes, I do.
Mr. Cummings. All right.
Thank you very much, Mr. Chairman.
Mr. Farenthold. Thank you very much.
Mr. Davis, do you have some more questions?
Mr. Davis. Yes, Mr. Chairman. Thank you very much.
I would just like to followup a little bit more on the
recommendations that have been made and how effective we think
we have been in completing those or in coming up with the
processes used to complete those recommendations.
Mr. Cottrell, could you embellish that a bit?
Mr. Cottrell. Yes, Congressman. What the IG found is that
opportunities exist to improve our controls, so there are
several controls in place, so they recommended we establish
improvements to ensure responsible personnel process mail
covers as required; establish procedures to ensure that
periodic reviews, as we spoke about; ensure mail covers are
processed in a timely manner; and implement controls to ensure
data integrity.
Likewise, we are reviewing and updating our standard
operating procedures, our instructions to our own employees, as
well as to outside law enforcement agencies, and we are
updating our internal training guides as well, to be sure. We
are also developing a disbarment process for external agencies
for noncompliance, so that we can bar them from ever getting
mail covers again. So we have uncovered some additional things
we would like to do, in addition to what the IG recommended as
part of that review to make it a stronger, tighter process.
Mr. Davis. Ms. Whitcomb, would you agree with this
assessment?
Ms. Whitcomb. The actions that they have undertaken sound
very responsive to the recommendations that we have made, but I
have to say that we haven't made an assessment of the actions
that they have taken in response to our recommendations. As I
mentioned, we are looking into internal mail covers now and, as
a part of that, will likely check in on the actions that they
have taken in response to our recommendations on the external
mail covers.
Mr. Davis. Well, thank you very much. It appears to me that
we are indeed making progress.
Mr. Chairman, I have no further questions and yield back
the balance of my time.
Mr. Farenthold. Thank you very much.
I just have two quick questions. Mr. Lynch says he has
another question, so we will do a quick third round of
questions.
Captain Hamby, Mr. Cottrell and Ms. Whitcomb basically
indicated that if a law enforcement agency dots all the Is,
crosses all the Ts, it seems like it is almost certain that
they will get approval of the request for covers. Can you talk
a little bit about how you found out about this program, how
you were trained about it, how you train your personnel in how
to use it, and a little bit about the decisionmaking process to
make sure it isn't abused to infringe upon the privacy of an
individual person, yet still available to track the bad guys?
Mr. Hamby. Yes, sir, Chairman Farenthold. As far as
learning about the program, as investigators, our investigators
start out with basic training in the police department. We are
talking about my agency here. To become an investigator, you
pretty much have to prove your metal; you get selected as an
investigator, then you go to basic investigator school. It will
be mentioned in basic investigator school, but for narcotic
investigators this is one of the tools that you would learn
about in narcotic investigator school.
As far as utilizing it as an investigator, as the new
investigator, you are usually paired with one who has more
experience, and this is one of the tools, like many of them,
that this isn't a fishing expedition tool; this is an initial
tool. This is one that is only used, in my experience--and I
have been doing this as a narcotic investigator for 12 years--
we have only used this tool when there are reasonable grounds.
Mr. Farenthold. Is there management approval for it or can
any investigator just request? Suppose some investigator wants
to make sure her spouse isn't sending love letters to somebody
else.
Mr. Hamby. Yes, sir, there is, and the process is, first of
all, the completion of the request form for the U.S. Postal
Service, but it also requires a cover letter from a supervisor;
and that supervisor would have to complete the cover letter and
notify his commander. So that is the process we would use in
our agency to ensure that requests are authorized throughout
our agency, and it would be in the Postal Service.
Mr. Farenthold. Thank you very much.
Mr. Miskanic, your answer to another question suggested
another question for me. I am sorry, you are not off the hook
from me yet. You indicated that there were four servers that
were breached, but this sensitive data did not reside on one of
those four servers. So I am assuming those four servers were
used as a gateway to further penetrate the network. Can you
tell us how many devices or servers were penetrated?
Mr. Miskanic. Yes, Chairman Farenthold. Approximately 100
servers were penetrated. And to give you some scope, there is
approximately larger servers like that. It is over 25,000, and
then there are, like I mentioned, over 200,000 workstations. So
100 workstations and/or servers were impacted.
Mr. Farenthold. Was there any indication, and if I am
getting into a classified area, please stop me and we can talk
about this in an appropriate environment for that. Was there
any indication that there was more sensitive information other
than employee data that was targeted?
Mr. Miskanic. There is no indication o that at this present
time, sir.
Mr. Farenthold. OK. Thank you very much.
Mr. Lynch?
Mr. Lynch. Thank you.
Mr. Miskanic, the Social Security numbers for the 800,000
employees, I understand in one of these reports say those were
copied by the adversary. Is that correct?
Mr. Miskanic. Yes.
Mr. Lynch. So we don't have to worry about them coming back
and trying to hack that portion of it, because they have that
information.
Mr. Miskanic. They copied a file, sir, yes.
Mr. Lynch. Yes. So how are we helping out these employees
because their information is out there now?
Mr. Miskanic. We are providing, through a commercial
service, creditor monitoring to them and also identity theft
protection. In addition to that, through our human resources
service center, we have contact numbers for them to contact us
if they need additional details or if they suffer any negative
consequences.
Mr. Lynch. OK. I am pretty sure, I have a bunch of family
that work for the Post Office and I am sure they have employee
numbers. Is there any thought to creating a firewall by
discontinuing the use of Social Security numbers, which the
vulnerability is far greater than would be if we were using an
employee number to identify these folks?
Mr. Miskanic. As part of our undertaking, we look at all of
our data retention policies, data storage policies, which
includes the storage of personally identifiable information.
That is an excellent suggestion, sir, that we have undertaken
previously, but obviously we need to also consider the further
use of that. There are in some instances the need, from a
payroll reporting perspective, to have a Social Security
number, but it is, first and foremost, something that we are
doing to see if we can shield those in some other way possible
to make them less vulnerable or not vulnerable at all for
theft.
Mr. Lynch. OK. And the wider group, including the folks
that complained, they called the customer call office, their
information was compromised as well. How many of those were
there?
Mr. Miskanic. There was 2.9 million records that were
taken.
Mr. Lynch. That is on top of the 800,000 employees?
Mr. Miskanic. That is correct, sir. That did not contain
any sensitive information; it was essentially their name and
address, and if they left a telephone number.
Mr. Lynch. Are we looking at how long we hang on to that
information?
Mr. Miskanic. That is something we are doing as well. The
data retention policy for the entire Postal Service will be
under review, and specifically how long we hold that customer
data is very first and foremost that we need to understand
whether we have a business need for that or not, sir.
Mr. Lynch. OK. Thank you, Mr. Miskanic.
I yield back.
Mr. Farenthold. Thank you very much.
Mr. Cummings, you have any more?
Well, thank you all very much. I really do appreciate the
panel taking their time to answer our questions. We have a
couple of followups we look forward to hearing from you on. We
appreciate your service to the Country and/or your communities.
With that, we are adjourned.
[Whereupon, at 12:15 p.m., the subcommittee was adjourned.]
APPENDIX
----------
Material Submitted for the Hearing Record
[GRAPHIC] [TIFF OMITTED]
[all]