[House Hearing, 113 Congress] [From the U.S. Government Publishing Office] EXAMINING DATA SECURITY AT THE UNITED STATES POSTAL SERVICE ======================================================================= HEARING before the SUBCOMMITTEE ON FEDERAL WORKFORCE, U.S. POSTAL SERVICE AND THE CENSUS of the COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM HOUSE OF REPRESENTATIVES ONE HUNDRED THIRTEENTH CONGRESS SECOND SESSION __________ NOVEMBER 19, 2014 __________ Serial No. 113-157 __________ Printed for the use of the Committee on Oversight and Government Reform Available via the World Wide Web: http://www.fdsys.gov http://www.house.gov/reform ______ U.S. GOVERNMENT PUBLISHING OFFICE 93-230 PDF WASHINGTON : 2015 ----------------------------------------------------------------------- For sale by the Superintendent of Documents, U.S. Government Publishing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, Washington, DC 20402-0001 COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM DARRELL E. ISSA, California, Chairman JOHN L. MICA, Florida ELIJAH E. CUMMINGS, Maryland, MICHAEL R. TURNER, Ohio Ranking Minority Member JOHN J. DUNCAN, JR., Tennessee CAROLYN B. MALONEY, New York PATRICK T. McHENRY, North Carolina ELEANOR HOLMES NORTON, District of JIM JORDAN, Ohio Columbia JASON CHAFFETZ, Utah JOHN F. TIERNEY, Massachusetts TIM WALBERG, Michigan WM. LACY CLAY, Missouri JAMES LANKFORD, Oklahoma STEPHEN F. LYNCH, Massachusetts JUSTIN AMASH, Michigan JIM COOPER, Tennessee PAUL A. GOSAR, Arizona GERALD E. CONNOLLY, Virginia PATRICK MEEHAN, Pennsylvania JACKIE SPEIER, California SCOTT DesJARLAIS, Tennessee MATTHEW A. CARTWRIGHT, TREY GOWDY, South Carolina Pennsylvania BLAKE FARENTHOLD, Texas TAMMY DUCKWORTH, Illinois DOC HASTINGS, Washington ROBIN L. KELLY, Illinois CYNTHIA M. LUMMIS, Wyoming DANNY K. DAVIS, Illinois ROB WOODALL, Georgia TONY CARDENAS, California THOMAS MASSIE, Kentucky STEVEN A. HORSFORD, Nevada DOUG COLLINS, Georgia MICHELLE LUJAN GRISHAM, New Mexico MARK MEADOWS, North Carolina Vacancy KERRY L. BENTIVOLIO, Michigan RON DeSANTIS, Florida Lawrence J. Brady, Staff Director John D. Cuaderes, Deputy Staff Director Stephen Castor, General Counsel Linda A. Good, Chief Clerk David Rapallo, Minority Staff Director Subcommittee on Federal Workforce, U.S. Postal Service and the Census BLAKE FARENTHOLD, Texas, Chairman TIM WALBERG, Michigan STEPHEN F. LYNCH, Massachusetts, TREY GOWDY, South Carolina Ranking Minority Member DOUG COLLINS, Georgia ELEANOR HOLMES NORTON, District of RON DeSANTIS, Florida Columbia WM. LACY CLAY, Missouri C O N T E N T S ---------- Page Hearing held on November 19, 2014................................ 1 WITNESSES Mr. Randy S. Miskanic, Vice President of Secure Digital Solutions, United States Postal Service Oral Statement............................................... 5 Written Statement............................................ 8 Mr. Guy J. Cottrell, Chief Postal Inspector, United States Postal Service Oral Statement............................................... 18 Written Statement............................................ 20 Ms. Tammy Whitcomb, Deputy Inspector General, United States Postal Service Oral Statement............................................... 28 Written Statement............................................ 30 Mr. Timothy H. Edgar, Visiting Fellow, Watson Institute for International Studies, Brown University Oral Statement............................................... 35 Written Statement............................................ 37 Mr. Charles E. Hamby II, Captain, Narcotic Enforcement Division, Prince George's County Police Department Oral Statement............................................... 49 Written Statement............................................ 51 APPENDIX Letters to DEI requesting hearings, submitted by Mr. Cummings.... 72 Answers to QFRs from Rep. Connolly to Tammy Whitcomb, USPS OIG... 84 Answers to QFRs from Rep. Connolly to Guy Cottrell, USPS......... 92 Answers to QFRs from Rep. Connolly to Timothy Edgar, Brown University..................................................... 102 EXAMINING DATA SECURITY AT THE UNITED STATES POSTAL SERVICE ---------- Wednesday, November 19, 2014, House of Representatives, Subcommittee on Federal Workforce, U.S. Postal Service and The Census, Committee on Oversight and Government Reform, Washington, DC. The subcommittee met, pursuant to notice, at 11:40 a.m., in room 2154, Rayburn House Office Building, Hon. Blake Farenthold (chairman of the subcommittee) presiding. Present: Representatives Farenthold, Walberg, Lynch, Clay, and Cummings. Also present: Representative Davis. Staff present: Melissa Beaumont, Majority Assistant Clerk; Will L. Boyington, Majority Deputy Press Secretary; Molly Boyl, Majority Deputy General Counsel and Parliamentarian; Adam P. Fromm, Majority Director of Member Services and Committee Operations; Jeffrey Post, Majority Senior Professional Staff Member; Laura L. Rush, Majority Deputy Chief Clerk; Andrew Shult, Majority Deputy Digital Director; Sarah Vance, Majority Assistant Clerk; Jaron Bourke, Minority Administrative Director; Marianna Boyd, Minority Counsel; Aryele Bradford, Minority Counsel; Jennifer Hoffman, Minority Communications Director; Tim Lynch, Minority Counsel; Dave Rapallo, Minority Staff Director; Katie Teleky, Minority Staff Assistant. Mr. Farenthold. The subcommittee will come to order. It is an interesting day. We have Mr. Issa staring over my shoulder now and Mr. Hoffield looking at me from over here. The pictures have been rearranged. Anyway, I would like to begin this hearing by stating the Oversight Committee's mission. We exist to secure two fundamental principles: first, Americans have the right to know that the money Washington takes from them is well spent and, second, Americans deserve an efficient, effective Government that works for them. Our duty on the Oversight and Government Reform Committee is to protect these rights. Our solemn responsibility is to hold the Government accountable to taxpayers, because taxpayers have a right to know what they get from their Government. We will work tirelessly in partnership with citizen watchdogs to deliver the facts to the American people and bring genuine reform to the Federal bureaucracy. This is the mission of the Oversight and Government Reform Committee. I will now recognize myself for a short opening Statement. We have called this hearing today to talk about the Postal Service's mail covers program. As we will hear from our panel this morning, mail covers have a long-running history at the Postal Service as a way of helping law enforcement investigations. But they remain a concern for privacy advocates. Today, the mail covers program is managed by the Postal Service Inspection Service. This is the law enforcement arm of the Postal Service and it manages all incoming requests, oversees data security, and ensures mail covers are properly executed. A mail cover itself is a fairly simple thing; it is a record of all the information on the outside of a mail piece for classes of mail that are sealed against inspection. Mail covers can be requested either by the United States Postal Service Inspection Service or outside law enforcement agencies. This information is often transcribed by hand, usually by Postal Service supervisors, just before a mail piece is delivered. A mail cover can consist only of a single package or can cover all mail going to and from an addressee for 30 days or more. The vast majority of the 49,000 mail covers issued for Fiscal Year 2013 were 1-day covers internally requested by the Postal Service as part of drug investigations. However, more than 6,000 mail covers were requested by outside law enforcement agencies and approved by the Postal Service, while nearly 3,000 multi-day mail covers were requested internally by the Inspection Service. On its May 2014 audit report, the Postal Service Office of Inspector General uncovered a number of troubling facts regarding the management and oversight of external mail cover requests. Of the audited covers, 21 percent were not approved by authorized individuals and 13 percent were approved without adequate justification contained in the request. Moreover, despite receiving more than 6,700 requests of mail covers in Fiscal Year 2013, the Inspection Service denied just 10. That is an approval rate of 99.85 percent. That is better than my server is up. This fact raises serious questions about the current management of the mail covers program. We will hear testimony from a number of witnesses who will be able to share the significant law enforcement benefits that this program can bring, as well as the privacy risk posed by this program if it continues to be poorly managed. We will also have the opportunity to hear from both the Postal Inspection Service and the IG with updates as to how the problems identified with the audit report are being addressed. In addition to our discussion of mail covers program, we will probably get into discussing the data breach the Postal Service announced on November 10th, 2014. With respect to that data breach, the Postal Service has confirmed that personally identifiable information for more than 800,000 current and former Postal Service employees, including their name, addresses, and Social Security numbers, have been compromised. While I understand some information regarding this breach may be still sensitive in nature, it is my hope that we can have a discussion about how the breach occurred, the extent of the data lost, and, most importantly, what actions are being taken to mitigate the risk of a similar breach in the future. On that note, I greatly appreciate the written testimony that will be presented by Mr. Miskanic today. His testimony provides a clear time line of events leading up to the November 10th announcement that before today had not been available. With that, I would like to thank all of our witnesses for being here today and allow the ranking member, the gentleman from Massachusetts, Mr. Lynch, to make an opening Statement. Mr. Lynch. Thank you, Mr. Chairman. First, I want to apologize for being tardy. We have elections going on in the Democratic caucus, as well as the Republican caucus. Mr. Farenthold. Hope you did well in whatever you ran for. Mr. Lynch. Well, they haven't counted the votes yet. But that is another story. Mr. Chairman, thank you very much for holding this hearing; I appreciate that. I also want to thank the members of the panel for your willingness to help this committee with its work. Through the mail covers process, law enforcement agencies may request that the Postal Service record information on the outside of a piece of mail to obtain evidence of a crime, locate fugitives, identify property, and to protect the national security. According to Federal regulations, however, the Postal Service may not open or inspect the contents of a sealed piece of mail without a Federal search warrant. Importantly, the mail covers program can serve as a valuable investigative tool through which postal investigators and law enforcement officials can further their investigations into the abuse of our mail system for terrorists or other criminal activity. However, our constitutional commitment to individual privacy and due process requires that we conduct meaningful oversight of this program in order to ensure that it is not unnecessarily broad in scope. Toward this end, the Postal Service inspector general recently reported some program deficiencies. The IG reported that the chief postal inspector should, these are recommendations, No. 1, improve controls to ensure that responsible Postal Inspection Service personnel process the mail covers program as required; and, No. 2, the IG recommended that the Postal Service establish procedures to ensure periodic reviews of mail covers and that those are conducted as required; third, the Service recommended that we improve controls to ensure Postal Service facility personnel processes mail covers in a timely manner; and also, fourth, to implement system controls to ensure that data integrity in the Postal Inspection Service mail covers application. The Postal Service has agreed with these recommendations and has fully implemented recommendation No. 2, establishing periodic review procedures. The agency has also made substantial progress on implementing the other three recommendations. Chief Inspector Cottrell expects all of the recommendations to be fully implemented by June 2015, so we will keep a watch on that. On October 27, 2014, the New York Times published a story asserting that the mail covers program was more extensive than had been previously reported. In response, the Postal Service has reported to committee staff that the increase in mail covers was largely due to a change in accounting practices, which is easily understandable once the details are revealed. According to the Postal Service, starting in 2012, the Inspection Service began using 1-day mail covers on each individual piece of mail that the law enforcement agencies requested. Previously, a single mail cover could reflect Postal Service monitoring of multiple pieces of mail. So, naturally, this change in practice resulted in an increase in the number of total mail covers without necessarily reflecting an increase in the use of the mail covers program. According to Chief Cottrell's testimony, there has been a reduction in the total number of mail covers used by law enforcement agencies over the past several years, and I look forward to hearing the details of these changes and surrounding each of the inspector general's recommendations. On November 10th, 2014, the Postal Service publicly announced that its computer networks had been significantly breached. Personally identifiable information of his employees may have been compromised, including names, addresses, dates of birth, Social Security numbers, dates of employment, and other information. News reports indicate over 800,000 employees could be affected. This data breach comes on the heels of several other attacks in both the public and private sector, including Home Depot, Kmart, Target, JP Morgan Chase, USIS, the Community Health Partners, and most recently the U.S. State Department. On November 10th, Ranking Member Cummings sent a letter to Postmaster General Donahoe requesting additional information about the breach, including the extent of the cyber attack, the nature of the data that was breached, and the number of potential employees and customers affected, and the Postal Service notification process regarding the breach. The ranking member also highlighted the need for greater collaboration to improve data security in light of the increased numbers of public and private data sector breaches. I look forward to hearing from the Postal Service especially on the data breach piece of this, and how it plans to address the specific data security issues raised by the postal data breach and ensure that its employees and consumers are protected from such breaches in the future. Thank you, Mr. Chairman. I yield back. Mr. Farenthold. Thank you, Mr. Lynch. Other members will have 7 days to submit opening Statements for the record. Mr. Lynch. Mr. Chairman? I am sorry, I forgot. I would ask unanimous consent that Mr. Davis, the gentleman from Illinois, be allowed to participate. Mr. Davis is a former chairman of this subcommittee and has been a strong and eloquent advocate on behalf of postal employees and the postal system. Mr. Farenthold. Without objection, it will be an honor to let him join us today. Mr. Davis. Thank you, Mr. Chairman. Mr. Farenthold. All right, our panel today, distinguished panel, Mr. Randy Miskanic is Vice President of Secure Digital Solutions for the United States Postal Service. Welcome, sir. Mr. Guy Cottrell is the Chief Postal Inspector for the United States Postal Service Inspection Service. Welcome to you as well. Ms. Tammy Whitcomb is Deputy Inspector General for the United States Postal Service Office of Inspector General. Welcome, ma'am. Mr. Tim Edgar is Visiting Fellow at the Watson Institute for International Studies at Brown University. Go Bears. Mr. Charles Hamby is a Captain with the Narcotics Enforcement Division of the Prince George's County, Maryland Police Department. Captain, a privilege to have you in front of us, as well, today. Pursuant to the committee rules, we ask that all witnesses be sworn in before they testify. Would you all please rise? And if you will raise your right hand. Do you solemnly swear or affirm that the testimony you are about to give will be the truth, the whole truth, and nothing but the truth? [Witnesses respond in the affirmative.] Mr. Farenthold. Let the record reflect that all witnesses have answered in the affirmative. You all may be seated now. We have had you all submit written testimony, so in order to allow us time to ask you questions, we ask that you summarize your testimony in 5 minutes or less. You will see in front of you a little timer. Green means go, yellow means hurry up, and red means stop. So we will start with Mr. Miskanic. You are recognized for your summary of your testimony. WITNESS STATEMENTS STATEMENT OF RANDY S. MISKANIC Mr. Miskanic. Good morning, Chairman Farenthold, Ranking Member Lynch, and members of the subcommittee. Thank you for calling this hearing on data security at the Postal Service. My name is Randy Miskanic and I serve as Vice President of the Secure Digital Solutions Group for the United States Postal Service. In this role I lead the Postal Service's digital product development initiatives. I am also a postal inspector, and I previously served as the Deputy Chief Inspector of the United States Postal Inspection Service. My experience as Deputy Chief included leading cyber investigations. Given this experience, the postmaster general appointed me to the role of Incident Commander in response to the cyber intrusion that became public last week. On September 11th, the Postal Service Office of Inspector General was notified by US-CERT regarding four Postal Service servers that were sending unauthorized communication outside of the organization, indicating that these systems may have been compromised. On that date, we had limited information about the nature of the activity and we began a forensic investigation. During the next several weeks, OIG agents and postal inspectors configured and installed the technical architecture and tools necessary to identify impacted servers and workstations on the Postal Service network. By October 17th, it became apparent that the intrusion was very sophisticated and had been developed specifically to exploit the Postal Service computing environment. As the scale and the scope of the intrusion became evident, we greatly escalated our response. We also worked closely with US-CERT, the FBI, and other forensic experts to develop a strategy for protecting our information systems. By November 4th we were able to confirm that a compromised employee data set had been copied and removed from our network. This confirmation triggered our decision to quickly notify our employees. Throughout this process, our guiding principles were to protect our information systems from additional harm, to ensure our employees' and customer data was secure, and to allow the investigation to proceed unnoticed by our adversary. One of our biggest challenges was maintaining secrecy regarding the remediation of our infected systems. During the course of the investigative efforts, we learned of the sophisticated nature of the adversary and the dynamic tactics they employ to evade detection by most commercial information security tools. I can't get into too much detail about our processes except to say that it was critically important that the adversary not know that we were watching their activity. Any premature leak about our remediation steps might have caused this adversary to cover their tracks or take countermeasures that might have further harmed our network. Over the weekend of November 8th and 9th, the Postal Service took a number of remediation steps that required shutting down and then restoring certain systems. Immediately afterward, on Monday, the 10th, the Postal Service notified its employees, customers, business partners, and other stakeholders about the intrusion. This occurred roughly 1 week after confirming the contents of the stolen employee data. The compromised data included employee personally identifiable information. Additionally, customer call center data was also compromised. To date, we have seen no evidence that the compromised employee data has been used for malicious purposes such as identity theft. In an abundance of caution, however, the Postal Service is providing a 1-year creditor monitoring product at no cost to its employees, in addition to other services. Mr. Chairman, the Postal Service operates one of the largest computer environments in the Federal Government. Until this recent intrusion, we have been successful in maintaining the integrity of our data and the security of our systems. Since being notified of the suspicious activity, the Postal Service has been engaged in a very intense process of evaluating and developing new strategies to protect our information systems. In parallel to complex investigative activities, we developed and continue to implement a detailed mitigation plan to stop the compromise and protect the Postal Service network. On November 10th, the postmaster general notified our employees about the compromised data and made a commitment to strengthen the security of our systems to match these sophisticated new threats. The Postal Service will be taking numerous steps over the coming months to improve processes and technologies to better protect against future intrusions. We live in a world that requires perpetual vigilance and staying a step ahead of our adversaries. We are committed to doing so on behalf of our employees, our customers, and the American public. Thank you, Mr. Chairman. This concludes my remarks. [Prepared Statement of Mr. Miskanic follows:] [GRAPHIC] [TIFF OMITTED] Mr. Farenthold. Thank you very much. I look forward to questioning you. Mr. Cottrell, you are up. STATEMENT OF GUY J. COTTRELL Mr. Cottrell. Good morning, Chairman Farenthold, Ranking Member Lynch, and members of this subcommittee. I am Guy Cottrell, Chief Postal Inspector of the United States Postal Service. On behalf of the men and women of our agency, I appreciate this opportunity to present the testimony of the U.S. Postal Inspection Service in support of this hearing on data security at the U.S. Postal Service. My testimony today will discuss the Postal Service mail cover program and the controls in place to ensure appropriate privacy protections are maintained. I will also update the committee on the progress made regarding recommendations contained in the Postal Service Office of Inspector General Report released in May 2014 on the mail cover program. The Postal Service respects the privacy of its customers and the sanctity of the mail. A mail cover is the process by which a nonconsensual recording is made of any data appearing on the outside cover of any sealed or unsealed class of mail matter. Any personal information obtained in connection with the mail cover program is treated as restricted, confidential information and is not publicly available. Over the past 5 years, law enforcement use of mail covers has generally declined, with one significant exception. We revised procedures in connection with criminal investigations into dangerous mail and narcotics in Fiscal Year 2012. These programs emphasized the safety of postal employees and strive to protect them from handling mail that contains harmful substances, narcotics, and trafficking proceeds, and the violence associated with drug crimes. Equally important, they aid our efforts to help keep illegal drugs off the streets and out of school yards across the Country. We now assign mail covers to individual mail pieces in these investigations, which drove the spike in overall mail cover volume the last three fiscal years. Recently, the Postal Service inspector general conducted its review of the mail cover process, releasing a report in May 2014 containing four recommendations to improve program security and accountability. We have addressed these recommendations as follows: We have worked to improve controls to ensure responsible Postal Inspector Service personnel process mail covers as required. We have examined the administration of the program and our processes, updating standard operating procedures, improving training, testing application workflow enhancements, creating performance metrics, and formulating a disbarment process. We have established procedures to ensure periodic reviews of the mail cover program are conducted at national headquarters and in the field as part of our annual compliance review process. We are leveraging existing Postal Service tools to better assess program compliance at the local post office level and facilitate communication. We have also initiated a project to upgrade the mail cover process, allowing us to better ensure data integrity, compliance, and accurate reporting. We are on target to completely address all audit recommendations by June 2015. I am certain these actions will provide necessary safeguards to ensure the program is administered as required. Recent media coverage has confused three independent mail programs, the mail cover program, mail imaging, and mail isolation control and tracking, or MICT, creating a false impression that there is a vast mail monitoring system in operation. This simply is not true. These programs are distinct and have very different purposes. I have already discussed the mail cover program. Mail imaging was developed in the early 1990's to help automate mail processing. The images are not maintained in a centralized data base, not profiled for mailing habits, nor are they mined or analyzed electronically. Mail isolation control and tracking, MICT, is a set of safety procedures developed in response to the anthrax mailings of 2001, and it is triggered when a potentially contaminated mail piece is identified to help determine potential contamination of mail processing equipment, facilities, and vehicles. Safety is the ultimate goal of MICT, although the contamination path can be relevant for law enforcement purposes. In closing, I would like to thank the committee for inviting me to appear here today to discuss with you our commitment to strengthening the mail cover process, allowing us an opportunity to better explain our use of this important investigative tool and the safeguards in place to protect the privacy of the American public. Thank you, Mr. Chairman. [Prepared Statement of Mr. Cottrell follows:] [GRAPHIC] [TIFF OMITTED] Mr. Farenthold. Thank you very much. Ms. Whitcomb. STATEMENT OF TAMMY WHITCOMB Ms. Whitcomb. Mr. Chairman and members of the committee, thank you for the opportunity to discuss our recent audit report on mail covers. Mail covers have been an investigative tool for more than 100 years, used for tracking financial frauds, drug trafficking, and other criminal activity. A mail cover involves postal officials recording the information from the outside of a mail piece, such as the sender's address. However, the mail cover program does not permit opening letters and packages that are sealed against inspection, as this requires a search warrant. To be clear, the program should not be confused with the operational imaging of mail pieces to manage mail flows. The U.S. Postal Service processed approximately 49,000 mail covers in Fiscal Year 2013. Mail covers can be requested either by external investigators, including my office, or by the Postal Inspection Service. There are different types: mail covers that target individuals in suspected criminal matters, mail covers that target postal facilities where mail and parcels associated with criminal activity are passing, and special mail covers used for national security purposes. The OIG is responsible for auditing the investigative activities of the Postal Inspection Service. As part of this work, and in response to public concern, we conducted an audit of the handling of external mail covers. The report was issued in May. For this initial audit, we examined samples of both external criminal mail cover requests and special mail cover files. We are now beginning an audit of internal mail covers. Federal, State, and local law enforcement agencies can request a criminal mail cover by sending a hard copy form to the Postal Inspection Service's Criminal Investigation Service Center in Chicago. The request must specify the statute thought to have been violated and include a description of how the mail cover will further the investigation. These forms are manually entered into an electronic system for approval. Only the chief postal inspector, the manager of the Criminal Investigation Service Center, or their designees, can approve mail covers. Most criminal mail covers are approved. In Fiscal Year 2013, the Postal Inspection Service received more than 6,000 outside requests and denied 10. When a mail cover is approved, it is forwarded to the appropriate facility, where Postal Service staff photocopy the mail pieces or log the information. The facility then mails the records to the Inspection Service to pass on to the original requesters. Requesters are instructed not to copy mail cover records and must return them within 60 days after the mail cover period ends. Our audit found that mail cover procedures are not always followed. In 13 percent of cases, external mail cover requests were approved without adequate justification, either because the requester did not include sufficient justification in the request or the justification was not adequately entered into the electronic system; Authority to approve mail covers was not always delegated appropriately. Twenty-one percent of mail cover requests were not approved by authorized individuals; The Postal Inspection Service did not ensure that outside law enforcement returned mail cover information on time. In 61 percent of cases, mail cover records were not returned within 60 days as required. The computer system used to process mail covers had flaws. We found more than 900 cases where the system incorrectly showed a mail cover was active, even though the cover period had ended. System problems also prevented mail covers from being extended and sometimes the same tracking number would be issued to different requests; There were delays in processing mail covers both by the Postal Inspection Service and at Postal Service facilities. Finally, the Postal Inspection Service did not carry out its required annual reviews of the program. Our audit recommended the Postal Service and Inspection Service improve controls over the mail covers program, establish procedures to ensure the required program reviews are conducted, and fix the electronic system. The Postal Service and the Inspection Service agreed with our findings and recommendations and set target dates to implement solutions. Two of the four original target dates have now been extended to March 2015. My office will continue to track the Postal Service's progress. Mail covers are an important law enforcement tool, but adequate supervision is critical to ensure the protection of the public. Thank you. [Prepared Statement of Ms. Whitcomb follows:] [GRAPHIC] [TIFF OMITTED] Mr. Farenthold. Thank you very much. Mr. Edgar. STATEMENT OF TIMOTHY H. EDGAR Mr. Edgar. Thank you very much, Mr. Chairman. I served in the Obama White House as the first privacy and civil liberties official for the National Security Council, focusing on cybersecurity. Under President Bush, I was the deputy for civil liberties for the Director of National Intelligence. And from 2001 to 2006 I was the national security policy counsel for the American Civil Liberties Union. I am going to talk today a little bit about the history of the privacy of the mail and why that is important. When I was given this opportunity to testify, many of my friends and colleagues had one Statement: Is nothing sacred? The public is used to a lack of privacy on the Internet. They know about the NSA controversy; they know about Google reading their email for targeted ads. But they expect the Postal Service to have a higher standard for privacy and to be different; and there is a reason for that, which is that, going back to the days of George Washington, the United States has treated mail as something very sacrosanct. We had a choice in 1792, when the first law was passed establishing the Post Office. We could have gone in a different direction. The European governments of the time had secret rooms in which they monitored mail of political dissidents, of foreign diplomats. The United States decided not to set up such a room and to just ban the opening of mail altogether without a warrant; and shortly after the Civil War, the Supreme Court reinforced that notion, said that a sealed envelope, at least, basically had the same level of privacy as your home, really a pretty remarkable Statement of privacy in correspondence, handled, after all, by a Government agency. So this is an important part of our culture and of our system of constitutional protections for privacy. During the cold war we got off track. There were several mail monitoring programs run by the CIA and the FBI that were investigated by this Congress, by the Church Committee, in the mid-1970's. The largest of those was called HTLINGUAL. It was a CIA program that actually started as a mail covers program in the early 1950's. The CIA got the cooperation of the Postal Service to obtain copies of every item of mail that was going to or from the Soviet Union, generally in New York. And it got off the rails in part really just because the CIA did a lot of deceptive tactics to conceal the fact that not only were they photographing the outside of mail, which the Supreme Court had said does not violate the Fourth Amendment, although it should be more highly regulated, but they were actually opening mail as well. They monitored the American Friends Service Committee, they monitored author John Steinbeck. Members of Congress, including Frank Church himself, were on the list of people whose mail should be opened if encountered. So when this was discovered it was ended, but it had really been a major breach of Americans' privacy and civil liberties. But what are the lessons for today? I think one important lesson is that the Postal Service needs to be a stickler for privacy. They really need to insist that privacy requirements be followed to the letter, if you will. And they didn't really do that during these cold war abuses. They looked the other way. They allowed other agencies that had important national security missions to trump their concerns. I think they felt this is the CIA, this is national security, let's let them do their thing. And that was the wrong way to go. They needed to be the ones standing up and saying, hey, what are you doing with those pieces of mail? We need to see what you are doing. We need to look and to ask our counsels what is going on. So that is what is troubling about these missteps by the Post Office, is that you see a certain laxity in the way that they have enforced their rules on mail covers, and that is a troubling one. Finally, I think this issue of the mail imaging software is an important one for this committee to look at. It may be a separate program from mail covers, but it raises real questions about what is essentially a bulk collection of postal metadata, and it raises questions about the security of those computer files, who has access to them, and privacy risks. Back during the cold war, you actually had to have a program for the CIA to photograph mail. Now that is being done automatically as part of the system delivering it. It may be a separate program, but it raises privacy and security risks, especially with these recent breaches. Thank you very much. [Prepared Statement of Mr. Edgar follows:] [GRAPHIC] [TIFF OMITTED] Mr. Farenthold. Thank you very much. Captain Hamby. STATEMENT OF CHARLES E. HAMBY II Mr. Hamby. Good morning. Thank you, sir. On behalf of Chief Mark Magaw and the Prince George's County Police Department, I would like to thank Chairman Farenthold, Ranking Member Lynch, and the members of the Subcommittee on Federal Workforce, U.S. Postal Service and the Census for the opportunity to discuss the mail cover program and the role this investigative tool plays in our criminal investigations. My name is Captain Charles Hamby and I am currently assigned as the Assistant Commander of the Narcotic Enforcement Division for the Prince George's County Police Department. Let me begin by stating that the Prince George's County Police Department is in support of the U.S. Postal Inspection Service mail covers program. Various investigative units within the police department, including, but certainly not limited to, our fugitive apprehension teams and narcotic enforcement units, have utilized mail covers as supplemental investigative tools to further their cases. Mail covers are able to provide assistance to law enforcement agencies as they are conducting criminal investigations by providing identification information on names and addresses of entities, individuals, and also locations that are associated with the subject being investigated. Fugitive teams may utilize mail covers to identify individuals and locations that could lead to the appreciation of the wanted subject. Narcotic investigations also benefit from mail covers by providing information regarding coconspirators, locations, and methods used by the various activities that occur in drug trafficking. For example, during an investigation that I conducted of a drug trafficking organization that was smuggling multiple kilograms of cocaine from Miami, Florida to Prince George's County, Maryland, a mail cover was used to develop evidence on one of the 14 co-conspirators. In this case, the mail cover provided identification of names and addresses associated with the target of the investigation, and the specific target was suspected of receiving the proceeds from the drug sales here in Prince George's County and shipping them to Miami, Florida. The suspect would facilitate the transfer of those funds to the source of supply in Miami, and that money which the suspect was sending to the source was payment for the following shipment of cocaine. During this conspiracy, it was typical for the organization to purchase and receive here in Maryland 10 kilograms or more of cocaine in a single shipment. All of that cocaine was subsequently distributed either in Washington, DC. or in Prince George's County, Maryland. The information received from that mail cover identified previously unknown aliases that the subject was using. That information led to eventually further identification of the entire system that was being used to pay for the drugs. This case culminated with Federal indictments and successful prosecution of this suspect and her 13 fellow conspirators, which actually resulted in the dismantling of that cocaine trafficking organization. As described previously, the mail covers used by law enforcement investigators can really provide significant information and further investigations, and also provide evidence of criminal acts. In closing, thank you very much for the opportunity to present this information to the committee. The mail cover program clearly remains an important tool that continues to benefit criminal investigations by law enforcement agencies. Thank you very much. [Prepared Statement of Mr. Hamby follows:] [GRAPHIC] [TIFF OMITTED] Mr. Farenthold. Thank you very much, captain. I have quite a few questions. I do not want to give the mail covers program short shrift, because I think there are a lot of issues we need to discuss with that, but I do want to start with the cyber attacks, since they are most recently in the news. And if I run out of time, we will do a second or even third round of questioning until all the members are satisfied that they have gotten their questions answered. So, Mr. Miskanic, let me ask a couple questions to reassure the American people. Are we relatively confident that no customer data was compromised during this attack? Mr. Miskanic. Chairman Farenthold, as Stated in my written and oral testimony, there was customer call center data that was compromised. It did not contain sensitive information. Mr. Farenthold. Could you explain what customer call center data is, for those who don't know? Mr. Miskanic. Yes, sir. The data itself was when an individual contacts the Postal Service for followup on a mail item or makes an inquiry. Mr. Farenthold. So you are not going to have their Social Security number or something like that in that data base. Mr. Miskanic. No, sir, there was not Social Security numbers contained in that data base. Mr. Farenthold. All right. What about information or copies of mail cover data or the imaging data that Mr. Cottrell talked about used in the processing of mail, was any of that compromised? Mr. Miskanic. No, sir, Chairman Farenthold, there was no indication of compromise of any of the mail cover data, nor of any of the mail imaging data. Mr. Farenthold. All right. I just wanted to reassure the American folks. Our postal workers obviously appreciate what you all are doing with respect to their credit monitoring. I am concerned about how long it actually took the Postal Service to act. It was quite some time when CERT notified you all of some data leaking out before you did something. Now, I understand the need to figure out who did it and how it was tracked. Do you see some needs or things that need to be done to, where if the Postal Service is hacked again or another Government agency is hacked, how we can more rapidly shut off the flow of the ex-fill of data and get the tracking tools in the system quicker? Mr. Miskanic. Yes, Mr. Chairman. On September 11th, what we were told was there was suspicious activity on four of our pieces of computer equipment, and to give you some scope of that, we have over 225,000 servers or workstations. That indicated that there was simply just suspicious activity or potentially malicious code. Through a complex investigation, we learned that data had actually been compromised. Mr. Farenthold. Were these mission-critical servers or were they just random servers? Mr. Miskanic. These were not our mission-critical servers, they were not our primary and core systems; they were secondary systems. Some of them might have been in a field unit in one of our processing facilities or post offices; some were in our data centers, but they were not necessarily the primary core data centers themselves. Mr. Farenthold. On my computer network I have software that monitors data flow on my network in my house, and when I see something weird coming out of one of my computers, the first thing I do is go unplug that computer. So, again, would you explain why maybe that wasn't the initial solution and then do forensic investigations to determine where that data was going? Mr. Miskanic. Well, in this particular instance, the actor was very sophisticated, and once we had learned the respective access, it was necessary to understand the scope of the intrusion to properly mitigate it. We were very concerned during this period that if the actor themselves could further embed themselves into our network where they could potentially cause harm, it could impact our ability to deliver mail and serve the American public. Mr. Farenthold. So how much of this was done internally by the Postal Service versus relying on either Government agencies or contractors? I guess what I am getting at, should CERT or the FBI or NSA or some Government agency have a program where you call them and they send in a SWAT team? How was this handled and how do you think it could be handled better? Mr. Miskanic. Chairman Farenthold, that is a very good question and, actually, US-CERT does have a SWAT team and the FBI does have a team that came in and assisted the Postal Service with this incident. They provided expert technical guidance. In addition to that, we also relied upon external technical experts from various companies who have been engaged with similar incident response issues. Mr. Farenthold. Do you think that that interagency system worked well or does it need some polishing? I would certainly say by your time line it needs speeding up. Mr. Miskanic. The interagency team was faced with a very complex challenge. It was a very complex investigation in understanding the scope and the breadth across the USPS network and the complexities of that network. We are in the process of still investigating the matter; however, we do intend to produce an after-action report on the actions and activities that occurred during throughout the investigation remediation, and we would be happy to share that. Mr. Farenthold. I would like to see that. And if there is a classified or security-sensitive version, that would probably be something that this subcommittee probably needs to see in private as well. So please keep us on your list for that. Sorry, I went a minute over, so we will give Mr. Lynch 6 minutes here. Mr. Lynch. All right. Thank you, Mr. Chairman. I appreciate that. I am going to revisit that in a minute, Mr. Miskanic. Let me ask, though, I only have one question on the covers, the postal covers. Do we have technology that would allow us to read the mail without opening it, read the contents of the mail? I went online to do sort of an anecdotal search about some companies out there that do say we have technology that can read your email without opening it, without indicating to the party who receives the email that their email has been opened and read; and there are a number of firms that actually have very high technology package inspection that can read through envelopes and see the contents. So I am just wondering if we have the technology available right now to read the mail, the contents of the mail, without opening it. Mr. Cottrell. We do not, sir. Mr. Lynch. You don't. OK. All right. Who is we? Mr. Cottrell. The Postal Service does not have the technology to do that. Mr. Lynch. Is it out there? Mr. Cottrell. Not that I am aware of. Mr. Lynch. OK. It would seem to be pretty simple, just probably high resolution x-ray or something like that. OK, so that is one thing I am concerned about. As the courts have said repeatedly, there is no expectation of privacy in the outside of what is on your envelope, and that probably makes sense. But my concern is that there may be technology out there that actually would allow folks to scan the outside and also glean whatever the contents of the letter might be as well. Let's go back to Mr. Miskanic. I really am concerned about the way the Postal Service handled the breach. When were we first aware of this breach of employee data or a breach of the data base at the United States Postal Service? Mr. Miskanic. Congressman Lynch, we were notified of the actual data being, we had confirmed the actual data being taken on November 4th. Mr. Lynch. No, no, no, no, no, no, no, no, no. Mr. Miskanic. We had suspected---- Mr. Lynch. Let's go back. I am talking about when did you first get any indication that you had a breach. I am not talking about official notification. Mr. Miskanic. So on October 16th we learned that data had actually been compromised. However, we had fragments of that data and could not---- Mr. Lynch. OK, so retroactively, looking back, when did you first have a breach? Mr. Miskanic. We were notified on September 11th that there was suspicious activity on the system by US-CERT. Mr. Lynch. Is that the earliest date that you have right now, have knowledge of, that you had a breach? Mr. Miskanic. That I have knowledge of, yes. Mr. Lynch. OK. When did you notify the employees that their Social Security numbers had been compromised? Mr. Miskanic. We notified the employees on November 10th, and that was due to the need to---- Mr. Lynch. That is about the day I learned about it, on November 10th, in the Wall Street Journal and New York Times. So why the delay? Why the delay? Mr. Miskanic. Over the entire period it was necessary to understand the scope and the impact. Once we learned, on October 16th, that there might have been some data taken, we needed to confirm what that was and reconstruct it forensically. Over that period, it was also very imperative that we initiated remediation and mitigation activity. Mr. Lynch. Based on the files, the contents of the files that have been accessed, you should have had some notification right then that there was risk to the employees' data. Mr. Miskanic. Sir, during that period, we did not have the full scope of what files were accessed. Second, it was very important for the overall security posture of the Postal Service to conduct the detailed mitigation and remediation that occurred on November 8th and 9th---- Mr. Lynch. Look, I am just telling you that the way this should work is as soon as you know that a file has been compromised and that it contains personally identifiable information, Social Security numbers, that employee should be notified. If we go with your plan, if we go with your plan, an agency, a U.S. Government agency could have the Social Security numbers for all its employees compromised, and you will decide, you will decide based on your own interests when the employees will be notified that their Social Security numbers have been stolen. That doesn't work. That doesn't work for the American taxpayer; it doesn't work for the American people. It doesn't. So the secret school squirrel stuff, you know, we have to figure out how sophisticated these people were and what information they have, that doesn't fly. This is very, very important information. These people are at risk and they received zero. The unions, the employee unions who represent these people got zero notice, like I did, and I am just telling you if we have to do something legislatively to make sure you cough up that information when people's Social Security numbers--you know, I keep hearing about how the private sector has had this problem as well. Target didn't disclose Social Security numbers; Neiman Marcus didn't; JP Morgan didn't. This was all credit card information; this was not their Social Security numbers, which would allow identity theft and an assortment of other problems for these employees. So I have to tell you I am very, very disappointed in the way you handled this. I am. I think the American people deserve better. And if this is the standard that we are using now, we are opening up a huge area of exposure to the American people. If people like yourself and your agency is going to decide when it is good for you to let people know that their Social Security numbers have been stolen, when you are good and ready, that is not good enough. So we have to figure something out. Maybe it is legislatively we need to mandate this. But you have to be more forthcoming with the people that you are supposed to be protecting than you have been in this case. I yield back. Mr. Farenthold. Thank you very much, Mr. Lynch. We will now go to the vice chair of this subcommittee, the gentleman from Michigan, Mr. Walberg. Mr. Walberg. Thank you, Mr. Chairman, and thank you to the witnesses for being here today. Inspector Cottrell, according to the USPS inspector general, last year only 10 of more than 6700 external law enforcement mail cover requests were rejected. That was given in testimony today. Do you know anything about why those 10 were rejected? Mr. Cottrell. I don't know the specifics, sir, but there are specific requirements to get a mail cover: it has to be a law enforcement agency; you have to be investigating the commission of a crime, locating a fugitive or trying to track down victims or assets or proceeds. So those are the requirements, so obviously those 10 did not meet those specific requirements. Mr. Walberg. So it would be assumed, then, that it is normal for 99-plus percent of external mail cover requests be approved in any given year? Mr. Cottrell. Well, 10 were outright denied. We have to send several back for people to include additional information, but we don't track that sort of data. So 10 were actually denied. Mr. Walberg. So we don't know the percentage, normal percentage of a normal year of mail cover requests that are approved in any normal year? Mr. Cottrell. It fluctuates year to year. Just this past year we declined 94 of them. Mr. Walberg. In your testimony you mentioned the distinction between sealed and unsealed classes of mail. Can you elaborate a little more on that? Mr. Cottrell. Well, sealed mail is first class mail sealed against an inspection; you need a Federal search warrant to get inside of that. Other classes of mail are standard, do not have the same level of protection. Mr. Walberg. So how does that all impact mail cover? Mr. Cottrell. Mail covers are still information from the outside of a mail piece. Standard mail would be advertising mail, circulars, things like that. Mr. Walberg. It has been noted that the inspector general audit found that 13 percent of external mail cover requests lacked appropriate justification, yet were still approved. If we were to conduct a full audit of active mail covers today, would the number be any different? Mr. Cottrell. I think it would improve. The IG report was from several months ago, and they gave us some excellent recommendations on how to make improvements. What they found is the justification wasn't always included in the system as well. But we have made great strides there and we are continuing to work to improve that process. Mr. Walberg. What other recommendations were given? Mr. Cottrell. Well, they recommended that we do an annual review of this, which we are doing; they recommended that we improve our mail cover system that we have, where we enter the requesting information in; and they recommended that we train our employees; we fix our internal standard operating procedures. And all of those fixes are in progress. Mr. Walberg. The inspector general audit also found that 21 percent of external mail cover requests were approved by individuals without authorization. Has that been changed? Mr. Cottrell. Yes, sir. We have made improvements there in improving the delegation process to ensure that we have proper delegations of authority on file for individuals to approve the mail covers. Mr. Walberg. So we have them on file, but could you explain a little bit more in depth on how we make sure that, though they are on file, they are actually the ones that are approved? Mr. Cottrell. Well, when you delegate authority, you need to have a record that you have delegated that authority, and we did not have proper delegations of authority on file for those individuals, so we have corrected that. We have the correct individuals in place now to approve the mail cover requests that come in. Mr. Walberg. Thank you. Ms. Whitcomb, from your testimony it appears that your audit report focused mainly on mail cover requests made by external law enforcement agencies and that a new report is in the works looking at internal requests. Is that true? Ms. Whitcomb. It is true. Mr. Walberg. Is there an estimated completion date for that report to end? Are there early conclusions you can share with us today? Ms. Whitcomb. Not at this point. We are just beginning that work. But I imagine that we will have some results probably in the next three or 4 months, and we will be happy to come and share those results when we have them together. Mr. Walberg. In your testimony you mention that the Inspection Service did not carry out its required annual reviews of the mail cover program. Was your agency able to determine any reason for this failure beyond what we have heard? Ms. Whitcomb. Not that I am aware of. They just weren't conducted. I believe one of three of the reviews were conducted. We expected to see annual reviews over 3 years and we saw one review being conducted. Mr. Walberg. Are you confident that that is changing now? Ms. Whitcomb. Our process is, when we make a recommendation, the agency provides us a response date, a date when the action in response or recommendation is to be completed. In this case the dates that we received in response to our report have been extended, so when those dates or when the Inspection Service has completed their work, they will come back to us and provide us with documentation to show that they have completed that work, and then we will evaluate that and either close that recommendation or can keep it open. So at this point these recommendations are still open, awaiting that documentation to come back to us. So we anticipate that these efforts that are being undertaken will be successful, but at this point it is impossible for us to know. Mr. Walberg. Thank you. Thank you, Mr. Chairman. Mr. Farenthold. Thank you, Mr. Walberg. We will now recognize the ranking member of the full committee, Mr. Cummings, for 5 minutes. Mr. Cummings. Thank you very much, Mr. Chairman. Mr. Chairman, I am extremely concerned about the increased frequency and sophistication of data breaches on both public and private entities. We have seen attacks in the past year at Target, Home Depot, Community Health Systems, and USIS, as well as the Postal Service and, most recently, the State Department. I am concerned about all Americans whose personally identifiable information was stolen and privacy compromised in a rash of data breaches this past year. That is why I requested four times this year that Chairman Issa join me in conducting oversight into the breaches at these various companies. Unfortunately, Chairman Issa ignored my repeated requests to examine data breaches in the private sector, and this committee has missed a significant opportunity as a result. Turning to the Postal Service, I must say that I am troubled by the chain of partisanship here. In a joint Statement, Chairman Farenthold and Chairman Issa said they called today's hearing in part because they wanted to know why the Postal Service ``waited 2 months before making the news of this attack public.'' For the record, the Postal Service voluntarily provided to this committee two fulsome and classified briefings, one on October 22d, another on November 7th. Is that right, Mr. Miskanic? Mr. Miskanic. Yes, sir, that is correct, October 22d and November 7th, sir. Mr. Cummings. So we know why the Postal Service did not make this news public earlier, because they told us directly. Now, Mr. Miskanic has also provided a detailed testimony, including a time line of what the Postal Service knew and when, how and why it made certain decisions, what agencies and experts it has been working with to remediate the breach. That is what I call transparency. By contrast, not a single company that was breached this year came voluntarily to brief this committee. I am asking Chairman Issa, in his remaining time as chairman, that he finally agree to work with me on ways to improve data security in both public and private entities, and I am hoping that he will agree to my request on January the 14th, September 9th, September 11th, and September 15th. I would like to thank the Postal Service for working with the committee as it rectifies this intrusion. Mr. Miskanic, as you know, I wrote to Postmaster General Donahoe last week to request more information on the data breach at the Postal Service. When can I expect a written response? Mr. Miskanic. Thank you, Congressman Cummings. We are preparing the written response and we will have it, I believe, within a 2-week period, sir. We are still conducting part of the investigation and would like to provide you a most thorough and detailed response as possible, sir. Mr. Cummings. And you are saying you will have it in 2 weeks? Mr. Miskanic. Yes, sir. Mr. Cummings. In this year, though. Mr. Miskanic. Correct, sir. Yes. Mr. Cummings. All right. I am going to ask unanimous consent that letters that I have sent to Chairman Issa requesting investigations into the other entities, private and public, be entered into the record. I have a letter dated September 15th, 2014, September 9th, 2014, September 11, 2014, and January 14, 2014, Mr. Chairman. Mr. Farenthold. Without objection, so ordered. And I join you in thinking especially the Government needs to do more with respect to data security and look forward to continuing to work with you both this year and in the future. Mr. Cummings. Thank you very much, Mr. Chairman. I yield back. Mr. Farenthold. Thank you very much. We will now to go to Mr. Davis, I guess, for his questions. Oh, Mr. Clay is back. Are you ready, sir? Mr. Clay. Yes, I am ready. Mr. Farenthold. You are up. Mr. Clay. I am sorry, Mr. Chairman. Mr. Farenthold. No, no. We just skipped to Mr. Davis. Mr. Clay. OK. Let me ask Mr. Miskanic. News reports indicated that over 800,000 employees could be affected. We learned that personally identifiable information of Postal Service employees may have been compromised, including names, addresses, dates of birth, Social Security numbers, dates of employment, and other information. Can you tell us any more information about the extent of people affected by the breach? Mr. Miskanic. Yes, Congressman Clay. We are still conducting forensic analysis of the impacted servers and, as a result, as mentioned, we have approximately 800,000 records of current and former employees that had personally identifiable information, the 2.9 million customer care records which were calls to our customer center with either a customer followup. In addition, we are still processing the evidence and there is the possibility of additional compromise specifically as it relates to some workers' compensation files. Mr. Clay. Have you identified the perpetrators, or can you discuss that? Mr. Miskanic. The adversary we cannot release; it is a classified matter, sir. Mr. Clay. Based on your testimony, I understand the Postal Service has been following the advice and guidance of several Federal and private sector cybersecurity experts since the Postal Service's initial discovery of the breach. Is that correct? Mr. Miskanic. Yes, Congressman Clay. We have been following the guidance of US-CERT, getting assistance from Carnegie Mellon CERT/CC, and several private security technical experts for this matter. Mr. Clay. OK. And I know there has been a great deal of controversy over whether the Postal Service notified its employees and customers about the breach in a timely manner, but it seems to me that the Postal Service relied heavily on the intelligence and expertise it was receiving from its advisors in making these determinations. For example, in your testimony you Stated that experts from supporting agencies provided prudent warnings that short-term remediation efforts would be seriously compromised if the threat actor became aware that the intrusion had been discovered. If provided advance warnings of network actions intended to expel and block the intruder from the Postal Service network, the advisory could take bolder steps to further infiltrate or sabotage systems. Mr. Miskanic, is this why the Postal Service chose not to inform its employees and customers about the breach when it was originally discovered in mid-September? Mr. Miskanic. Yes, Congressman Clay. The concern that was raised by the technical experts both from the Federal Government and the private sector regarding the adversary potentially conducting malicious acts were very significant and could have harmful impacts for our ability to deliver the mail to each and every American citizen, and we wanted to ensure, first of all, protect any further breach of data, but ensure that those systems were adequately protected and then implement the mitigation activities, which are quite complex. We are in the first phase of several phases for those mitigation activities, and they will go on for several months. Mr. Clay. And I understand that the Postal Service agreed to offer free credit monitoring for its employees for 1 year, is that correct? Mr. Miskanic. That is correct, sir, free credit monitoring and identity theft protection, sir. Mr. Clay. And based on your experience in handling these issues, are you confident that the Postal Service will be able to effectively address the current data breach and prevent further breaches from occurring in the future? Mr. Miskanic. Yes, sir, I am confident, and you have our commitment that we will address all of the issues and be very vigilant in the future, sir. Mr. Clay. And you cannot tell us if you have identified the culprit. Mr. Miskanic. No, sir. I believe that is a matter that is best discussed with the intelligence community, sir. Mr. Clay. I see. Thank you for your responses. I yield back, Mr. Chairman. Mr. Farenthold. Thank you very much. Mr. Davis? Mr. Davis. Thank you very much, Mr. Chairman. I want to thank you and the ranking member for giving me the opportunity to participate in this hearing, though I am not a member of this subcommittee. Like several of my colleagues, I am concerned about the length of time that it took to notify employees, as well as customers, of the breach. Mr. Miskanic, can you share something by November 10th that you had learned that you didn't know, say, September the 11th that gave you the level of comfortability to now notify these individuals of the breach that had not been notified earlier? Mr. Miskanic. Sir, on September 11th we had no indication that there was data that was compromised or accessed in an unauthorized manner; we simply had information that there were four servers out of several hundred thousand workstations that had potentially malicious code on them. In order to adequately investigate, over the period of the next 2 months, we had to come to learn the sophistication of the actor and then came to find that they had indeed compromised data; however, we had fragments of that data and needed to recreate that to make the adequate notice to our employees. On November 4th is when we actually confirmed through our investigation that that information had indeed left the Postal Service network, and not before that time, sir. Mr. Davis. So the investigation then gave you the information that you needed to have in order to have a level of assurance that what you were announcing or reporting was in fact accurate and adequate. Let me ask you have there been any interactions or conversations with representatives of the employees, such as the unions, to discuss the issue and see how jointly the Service and the employees may be able to work together finding a solution? Mr. Miskanic. Individually, I have not engaged with those discussions; however, I know the postmaster general and staff have engaged the unions, and they will continue to engage them throughout this entire process. Mr. Davis. Thank you very much. Let me ask you, Captain Hamby. I understand that you have been involved in this kind of activity for a pretty extensive period of time. How valuable do you view the mail covers program? Mr. Hamby. Congressman Davis, I think it is a very valuable tool. It is not used that often, quite frankly, in investigations, it is only when it is warranted; and usually it takes time, it is usually in a long-term investigation that is going to be used in any event. But in my experience, it provides a very unique piece of information in criminal investigations. There are so many types of information out there. The mail cover can provide very, very unique pieces of information, so in that instance it is very valuable. It really can't be duplicated as far as mail coming and going from a specific address. Mr. Davis. Thank you very much. Mr. Miskanic, let me just reinforce that the employees that I have been speaking with or have had conversation with, I guess they, like others, are very skeptical when they think that there has been some breach of their information. So I think they would be reassured to know that the Postal Service is in fact interacting with their leadership to try and find a resolve, so I thank you very much. And I thank all of you for your participation and the questions that you have answered. Mr. Chairman, I yield back. Mr. Farenthold. Thank you very much. I think we have gotten to everybody, so we will startup with a second round of questioning and I will kick it off. Mr. Miskanic, you will be happy to know you have almost all my questions answered. I want to go on to the mail covers program a little bit more. Mr. Cottrell, the IG's report has a picture of a guy writing down information off of a package, and your testimony said often this is done manually. How much of this is done electronically? Is it just photocopied, is it scanned? Can you break down the percentages of how that data is captured? Mr. Cottrell. Yes, Mr. Chairman. It is all done manually. The only electronic piece would be to actually photocopy the pieces of mail. That is the only electronic part of this process. It is all manual. Mr. Farenthold. And you also mentioned that you have some internal programs where you actually image the covers of the mail for processing. Mr. Cottrell. Yes, sir. Mr. Farenthold. So that is basically where you scan the front, bar code the address. How long is that stored, and are those computers on a network that do that? Mr. Cottrell. Those mail processing machines are at all of our facilities around the Country. The images are only on that one mail processing machine and the data is overwritten depending on the volume of the mail processing machine. Mr. Farenthold. So are we talking days, weeks? Mr. Cottrell. Days. Three to 7 days. Mr. Farenthold. All right. Can you assure me that there is not some NSA-like system that is tracking all mail covers, storing that data for later search and retrieval? Mr. Cottrell. Yes, I can. There is no such system in the Postal Service doing anything like that. Mr. Farenthold. And can you tell me is there a similar process for mail covers for shipments made through your competitors, UPS, FedEx, and the like? Are you aware of any similar programs? Mr. Cottrell. I am not aware of any. Mr. Farenthold. Mr. Edgar, you are the privacy expert. How is the Postal Service different from FedEx and UPS? Mr. Edgar. I don't believe there is any real difference here, but the point I was trying to make, I think, in my written Statement about this concern is just that the data is potentially vulnerable. We have heard about data breaches of other systems at the Post Office, so it is important to really look very closely at how this data is stored and how it---- Mr. Farenthold. As a Government efficiency expert, it troubles me that there has to be a hard copy request that is then entered into a data base that is then sent to the local post office and is then done manually, and then I guess you mail the mail covers to the law enforcement agent. So, as a government efficiency expert, that troubles me. As a privacy advocate, I kind of like it. Mr. Edgar. I think that is a good point. I think that in some ways my personal fears about this were probably in part because I didn't realize how inefficient the mail covers program was. And maybe that is a good thing because it allows us to, as we improve the mail covers program and if there is any effort to integrate it with any of these systems, to do it in a very careful fashion. Mr. Farenthold. Right. Let me go on. Mr. Cottrell, what about the contents? Are there drug dogs that check? There has to be some additional stuff for the contents so you guys aren't at least doing something to combat the belief that you are the biggest deliverer or contraband in the world. Mr. Cottrell. Absolutely not. The U.S. mail should not be the provider of choice for narcotics. That is why you see this spike in mail covers is indicative of our efforts to combat this very offense. But to raise the level, to get into a package, obviously you need to get to probable cause. Sometimes that is one method, but a hit with a drug dog is obviously one of the ways we can get that problem. Mr. Farenthold. Ms. Whitcomb, you talked about the designees. Do you know how many designees there are that authorize mail covers and what kind of training that they receive? Ms. Whitcomb. I don't know the answer to that question. Mr. Farenthold. Mr. Cottrell, do you know? Mr. Cottrell. I am sorry, Mr. Chairman, could you repeat that? Mr. Farenthold. How many designees are there to authorize mail coverings and what kind of training do they receive. Mr. Cottrell. I would like to give you a full and thorough answer. I believe there are two, but if I could provide an answer for the record. Mr. Farenthold. And then we talked about how few of the requests were denied. Were they denied on substantive grounds or were they denied because all the Is weren't dotted and Ts crossed? Mr. Cottrell or Ms. Whitcomb, either one. Mr. Cottrell. It would be because they did not meet those requirements of it is from a law enforcement agency, it is looking to obtain evidence in the commission of a crime, locate a fugitive. Mr. Farenthold. So you all really don't have that many substantive checks, it is predominantly that you have met all the requirements; it is not like a judge reviewing a search warrant or something like that. Mr. Cottrell. It is not, but it has to be a sworn law enforcement agency. Mr. Farenthold. OK. Finally, I want to ask one question about you said the policy was 60 days to you send the mail covers to a law enforcement agency, they have 60 days to return them. I guess Ms. Whitcomb said that. How does that work? It seems to me that if my mail covers were used in a prosecution, I would want to have access to those mail covers and there needed to be preserved through the process of--I would want my defense attorney to have access to those if I were prosecuted as a result of those. Anybody want to comment on how that is mailed available to the defendants in a criminal proceeding? Either of you guys know? Mr. Cottrell. They could request an extension to retain that for a trial purpose. Mr. Farenthold. OK. That just kind of struck me as being an issue. Thank you very much. Mr. Lynch, you had some second questions? Mr. Lynch. Please, yes. Thank you, Mr. Chairman. Mr. Miskanic, I want to go back to the 800,000 postal employees who had their Social Security numbers stolen. In that file that had their names, addresses, and Social Security numbers that were stolen, that information would be very helpful to someone engaged in identity theft, would it not? Mr. Miskanic. Yes, sir, that information could be used for identity theft. Mr. Lynch. So I am just wondering do we have, part of the thing I am struggling with is that it took so long for us to figure out, for the Postal Service to figure out what the adversary stole. And you would think that the Social Security numbers, names, and addresses of our 800,000 employees would be sensitive information that might be segregated so that it might gain greater protection. You follow me? Mr. Miskanic. Yes, sir. Mr. Lynch. So I know we encrypt it, but we encrypt it. We should be able to know what has been stolen. Just a basic concept there. How come it took so long for us to figure out that they had stolen the Social Security numbers, addressed, and names of 800,000 postal employees? I can't understand that piece. Can you explain it? Mr. Miskanic. Yes, sir. The adversary had encrypted the file that had been taken themselves and produced a new name of that file, and we had to decrypt that file to understand that that had actually been stolen and left the USPS network. Mr. Lynch. But if we had segregated that file and knew it had been accessed, as was reported on September 11th, then we could have alerted people that we are concerned. The thing for me is if someone has my Social Security number, the best defense is for me to know that so that, as a consumer, I can watch out for my savings account, credit card activity, things like that. But if I don't have that information, I am defenseless. So that is what I am getting at. If we knew that that file had been accessed, like we knew on September 11th, it just raised a red flight to the people who might be vulnerable because of that intrusion. That is what I am trying to get at. Mr. Miskanic. Sir, we did not know that that file was accessed on September 11th. On October 16th we had partial information that there was fragments of a file that were recovered that had been deleted by the adversary. Through that period of time we needed to adequately reconstruct what happened to make notice to our employees, because we didn't know if it was one or 800,000 at the time. Mr. Lynch. But we knew that there were four servers that were accessed on September 11th, is that correct? Mr. Miskanic. Which none of them contained this information; it was a different vector of the attack, sir. Mr. Lynch. Well, we need to figure out a way that the most sensitive information that we have on these employees that would introduce severe vulnerability on behalf of our employees, we need to find a way to segregate that so if it is accessed or if there are indications it has been tampered with, that we cannotify them. Are we doing that now as part of this corrective action or can we expect this to happen again? Mr. Miskanic. Sir, we have actually segregated systems for our most critical data. Unfortunately, this was a sub-business process, a reporting process that caused this file to be subject to a vulnerability. We have corrected that issue. We will continue to correct any of those issues in moving forward to ensure that this doesn't occur again. Mr. Lynch. OK. I am concerned about this because so far what I see is there is no negative consequences to the United States Postal Service because these 800,000 employees' Social Security numbers were stolen. Zero. Nothing bad is going to happen. And we are lining up here that it is business as usual and, oh, this happened in the private sector. The private sector, customers will move away from a company that is not protective of their information. We have a captive audience in the employees of the American Postal Workers Union and some of the other workers there as well, so I am just concerned about a perverse incentive here that if there is no negative consequences to what just happened, it is going to happen again. I am just trying to avoid that eventuality and I am having trouble getting cooperation to make sure that doesn't happen. I think we are whistling through the graveyard here and we are not taking it seriously enough. Tell me I am wrong. Mr. Miskanic. Sir, you have our full cooperation and commitment that we will continue the efforts that we have undertaken to remediate the impacts of this breach and continue to improve our systems and our networks. This is a very sophisticated adversary and it is necessary for the Postal Service then to learn the traits of the sophisticated adversaries. We look forward to working with our Federal Government partners to better learn those tactics. I can assure you that we will improve our systems in the future. Mr. Lynch. Thank you, Mr. Miskanic. I yield back. Mr. Farenthold. Thank you very much. Mr. Cummings, you have some more questions for us? Mr. Cummings. Yes, I do. Yes, I do. Let me ask you this. Tell me what is the likelihood of this happening again? I know you are still looking into it. I always talk about transformational moments that should lead to a movement. Sometimes when these kinds of things happen, it makes us realize how vulnerable we are, and we constantly say to ourselves that when the rubber meets the road, that we will be prepared; and then when it comes time for the rubber to meet the road, we discover there is no road. So I am just trying to figure out what the likelihood of this happening again is and exactly what are we doing to make sure it doesn't, if we can. Mr. Miskanic. As you Stated, Congressman Cummings, this is a transformational moment in the way that the Postal Service addresses IT security. It is necessary for us to be more actively engaged with these emerging threats that are well resourced and have a long time period to affect their activities. No IT security professional can State unequivocally, 100 percent, that they will never be breached again, but we must remain vigilant and we must improve our processes to ensure that it does not. Mr. Cummings. Do we have the necessary people with the appropriate skills and technology to address these problems or is more needed? Mr. Miskanic. Speaking from the Postal Service, that is what I have been tasked with, is understanding if we have the proper skills and technology. Mr. Cummings. You are saying you are trying to figure that out, is that what you are saying? Mr. Miskanic. We are embarking upon that because obviously, sir, we need to improve our skills and our tools and our tactics to ensure this doesn't happen again. Mr. Cummings. And what will it take to do that? In other words, are there people out there that we are not benefited or worked with to get their expertise? Do we have it in-house? Do we need to go out-house? I mean, what is needed? Because I have some of the same concerns as Mr. Lynch and others. It is one thing for things to go wrong, and we realize that you said, there is no 100 percent failsafe system. We got that. But I want to know that we are doing, and I think the American people want to know that we are doing the very best that we can. So if there is a lack of anything, we want to know exactly what it is and what we can do about it. Mr. Miskanic. To adequately fight these very significant and persistent threats, it is necessary that we form teams that are both across the Federal Government and the private sector. In the case of Postal Services is ensuring that we are actively engaged with obtaining the information on the threat actors from the intelligence community to process that and make it actionable and put it into tactics to better protect the USPS network. Mr. Cummings. One of the purposes of this hearing is to evaluate the Postal Service's progress in implementing the recommendations made by the Postal Service Office of Inspector General. Ms. Whitcomb, your office made four recommendations to the Bureau as it relates to mail covers program, is that correct? Ms. Whitcomb. Yes. Mr. Cummings. And Chief Inspector Cottrell, does the Postal Service agree with all four of those recommendations? Mr. Cottrell. Yes, Ranking Member Cummings. Mr. Cummings. But based on your testimony, I understand that you have completely implemented one of the recommendations, is that correct? Mr. Cottrell. That is correct. Mr. Cummings. I would like to discuss this recommendation in detail. First, based on your testimony, I understand that the Inspection Service has already implemented periodic review procedures that the IG recommended, is that correct? Mr. Cottrell. Yes, that is correct. Mr. Cummings. And, chief inspector, can you tell us a little bit more about the revisions you made to review the procedures that you discussed in your testimony? Mr. Cottrell. Yes. Just briefly, Congressman, every year we go out and we review our high risk programs, and we have added this mail cover review to our annual review of high risk programs, and we have already begun those reviews in response to the IG's recommendations. Mr. Cummings. And so the other recommendations, what about those? Mr. Cottrell. Those are still in progress. Some of them involve IT upgrades and issues, and the training and getting folks trained, and republishing our standard operating procedures and some of our internal training manuals. But we do expect to be complete in the timeframe the IG allotted. Mr. Cummings. Do you think you have the resources to accomplish all of that? Mr. Cottrell. Yes, I do. Mr. Cummings. All right. Thank you very much, Mr. Chairman. Mr. Farenthold. Thank you very much. Mr. Davis, do you have some more questions? Mr. Davis. Yes, Mr. Chairman. Thank you very much. I would just like to followup a little bit more on the recommendations that have been made and how effective we think we have been in completing those or in coming up with the processes used to complete those recommendations. Mr. Cottrell, could you embellish that a bit? Mr. Cottrell. Yes, Congressman. What the IG found is that opportunities exist to improve our controls, so there are several controls in place, so they recommended we establish improvements to ensure responsible personnel process mail covers as required; establish procedures to ensure that periodic reviews, as we spoke about; ensure mail covers are processed in a timely manner; and implement controls to ensure data integrity. Likewise, we are reviewing and updating our standard operating procedures, our instructions to our own employees, as well as to outside law enforcement agencies, and we are updating our internal training guides as well, to be sure. We are also developing a disbarment process for external agencies for noncompliance, so that we can bar them from ever getting mail covers again. So we have uncovered some additional things we would like to do, in addition to what the IG recommended as part of that review to make it a stronger, tighter process. Mr. Davis. Ms. Whitcomb, would you agree with this assessment? Ms. Whitcomb. The actions that they have undertaken sound very responsive to the recommendations that we have made, but I have to say that we haven't made an assessment of the actions that they have taken in response to our recommendations. As I mentioned, we are looking into internal mail covers now and, as a part of that, will likely check in on the actions that they have taken in response to our recommendations on the external mail covers. Mr. Davis. Well, thank you very much. It appears to me that we are indeed making progress. Mr. Chairman, I have no further questions and yield back the balance of my time. Mr. Farenthold. Thank you very much. I just have two quick questions. Mr. Lynch says he has another question, so we will do a quick third round of questions. Captain Hamby, Mr. Cottrell and Ms. Whitcomb basically indicated that if a law enforcement agency dots all the Is, crosses all the Ts, it seems like it is almost certain that they will get approval of the request for covers. Can you talk a little bit about how you found out about this program, how you were trained about it, how you train your personnel in how to use it, and a little bit about the decisionmaking process to make sure it isn't abused to infringe upon the privacy of an individual person, yet still available to track the bad guys? Mr. Hamby. Yes, sir, Chairman Farenthold. As far as learning about the program, as investigators, our investigators start out with basic training in the police department. We are talking about my agency here. To become an investigator, you pretty much have to prove your metal; you get selected as an investigator, then you go to basic investigator school. It will be mentioned in basic investigator school, but for narcotic investigators this is one of the tools that you would learn about in narcotic investigator school. As far as utilizing it as an investigator, as the new investigator, you are usually paired with one who has more experience, and this is one of the tools, like many of them, that this isn't a fishing expedition tool; this is an initial tool. This is one that is only used, in my experience--and I have been doing this as a narcotic investigator for 12 years-- we have only used this tool when there are reasonable grounds. Mr. Farenthold. Is there management approval for it or can any investigator just request? Suppose some investigator wants to make sure her spouse isn't sending love letters to somebody else. Mr. Hamby. Yes, sir, there is, and the process is, first of all, the completion of the request form for the U.S. Postal Service, but it also requires a cover letter from a supervisor; and that supervisor would have to complete the cover letter and notify his commander. So that is the process we would use in our agency to ensure that requests are authorized throughout our agency, and it would be in the Postal Service. Mr. Farenthold. Thank you very much. Mr. Miskanic, your answer to another question suggested another question for me. I am sorry, you are not off the hook from me yet. You indicated that there were four servers that were breached, but this sensitive data did not reside on one of those four servers. So I am assuming those four servers were used as a gateway to further penetrate the network. Can you tell us how many devices or servers were penetrated? Mr. Miskanic. Yes, Chairman Farenthold. Approximately 100 servers were penetrated. And to give you some scope, there is approximately larger servers like that. It is over 25,000, and then there are, like I mentioned, over 200,000 workstations. So 100 workstations and/or servers were impacted. Mr. Farenthold. Was there any indication, and if I am getting into a classified area, please stop me and we can talk about this in an appropriate environment for that. Was there any indication that there was more sensitive information other than employee data that was targeted? Mr. Miskanic. There is no indication o that at this present time, sir. Mr. Farenthold. OK. Thank you very much. Mr. Lynch? Mr. Lynch. Thank you. Mr. Miskanic, the Social Security numbers for the 800,000 employees, I understand in one of these reports say those were copied by the adversary. Is that correct? Mr. Miskanic. Yes. Mr. Lynch. So we don't have to worry about them coming back and trying to hack that portion of it, because they have that information. Mr. Miskanic. They copied a file, sir, yes. Mr. Lynch. Yes. So how are we helping out these employees because their information is out there now? Mr. Miskanic. We are providing, through a commercial service, creditor monitoring to them and also identity theft protection. In addition to that, through our human resources service center, we have contact numbers for them to contact us if they need additional details or if they suffer any negative consequences. Mr. Lynch. OK. I am pretty sure, I have a bunch of family that work for the Post Office and I am sure they have employee numbers. Is there any thought to creating a firewall by discontinuing the use of Social Security numbers, which the vulnerability is far greater than would be if we were using an employee number to identify these folks? Mr. Miskanic. As part of our undertaking, we look at all of our data retention policies, data storage policies, which includes the storage of personally identifiable information. That is an excellent suggestion, sir, that we have undertaken previously, but obviously we need to also consider the further use of that. There are in some instances the need, from a payroll reporting perspective, to have a Social Security number, but it is, first and foremost, something that we are doing to see if we can shield those in some other way possible to make them less vulnerable or not vulnerable at all for theft. Mr. Lynch. OK. And the wider group, including the folks that complained, they called the customer call office, their information was compromised as well. How many of those were there? Mr. Miskanic. There was 2.9 million records that were taken. Mr. Lynch. That is on top of the 800,000 employees? Mr. Miskanic. That is correct, sir. That did not contain any sensitive information; it was essentially their name and address, and if they left a telephone number. Mr. Lynch. Are we looking at how long we hang on to that information? Mr. Miskanic. That is something we are doing as well. The data retention policy for the entire Postal Service will be under review, and specifically how long we hold that customer data is very first and foremost that we need to understand whether we have a business need for that or not, sir. Mr. Lynch. OK. Thank you, Mr. Miskanic. I yield back. Mr. Farenthold. Thank you very much. Mr. Cummings, you have any more? Well, thank you all very much. I really do appreciate the panel taking their time to answer our questions. We have a couple of followups we look forward to hearing from you on. We appreciate your service to the Country and/or your communities. With that, we are adjourned. [Whereupon, at 12:15 p.m., the subcommittee was adjourned.] APPENDIX ---------- Material Submitted for the Hearing Record [GRAPHIC] [TIFF OMITTED] [all]