07/09/04 FRI 16:35 FAX 121002

FAA Comments on Chapter 3-9/11 Commission Final Report

Section 3.3

Page 14, paragraph 2, line 4:

"But each layer relevant to suicide hijackings -intelligence, passenger prescreening, check
point screening, and onboard security was seriously flawed prior to 9/11."

None of the layers of security in place on 9/11 were relevant to suicide hijackings because such
an attack was not anticipated. It would be more accurate to say that the layers of defense in place
on 9/11 were not designed with suicide hijackings in mind, and so were not effective against
them.

The two subsequent paragraphs, which state the rationale for the "seriously flawed" judgment
regarding intelligence, are criticisms of activities beyond the control of the intelligence function
itself. The failure of other agencies to provide appropriate information to the FAA Office of Civil
Aviation Security Intelligence, despite FAA's stated requirements, should not be considered an
FAA intelligence failure.

Page 14, paragraphs

It is not correct to say that it was FAA's policy to use intelligence as the first line of defense for
civil aviation. Rather, in the aviation security realm, intelligence was used to design counter
measures which were in place every day for every flight. Ongoing analysis of new intelligence
was used to determine when adjustments or increases to countermeasures were needed. Each
layer was important to the effectiveness of the system. When the intelligence was lacking,
necessary countermeasures could not be designed.

Describing the layers as being first, second, third, lines of defense gives an inaccurate impression
that the layers worked as stand-alone, consecutive pieces. Rather, intelligence provided insights
into methods of attack, and various countermeasures responded to those methods of attack. The
countermeasures were physically applied in redundant rings around the aircraft, given the layout
of airports, and were designed to address every avenue of access to that aircraft, by passengers,
carry-on bags, checked bags, cargo, employees, air crew, catering, etc.
07/09/04 FRI 16:35 FAX

Page 147 paragraph 3, lines 3 & 4:

"The FAA's 40 person intelligence unit (created after the 1988 bombing of Pan American
Flight 103)"...

This is not accurate. The FAA Intelligence Division was created in 1986 based on lessons
learned in the hijacking of TWA flight 847 the previous year.

Page 14, paragraph 3, last sentence: The portion of the sentence:

"... or at least did not appear in its records."

This is inflammatory and should be removed. It implies that the report in question may have been
received by the FAA. In fact, it has become public that the EC was not shared promptly even
with other elements within the FBI.

Pages 14 & 15, paragraph 4, lines 5 through 8.

"Neither Administrator Garvey nor her deputy routinely reviewed daily intelligence, and
what they did was screened for them. She was unaware of a great amount of hijacking
threat information from her own intelligence unit, which, in turn was not deeply involved
in
the agency's policy making process."

Both Administrator Garvey and her Deputy were advised of all significant intelligence products.
Copies of all Information Circulars and Security Directives issued by the FAA Office of
Civil Aviation Security were sent to the Administrator's and the Deputy's Office.

Administrator Garvey and Acting Deputy Belger were regularly briefed on intelligence matters
by the Associate Administrator for Civil Aviation Security and his staff.

The function of the FAA Office of Civil Aviation Security Intelligence did not include the
promulgation or enforcement of aviation security policy. However, it played a critical role in
providing the threat information and assessments on which policy decisions were based.
Representatives from the Office of Intelligence routinely attended policy meetings to brief the
assessed threat and to respond to questions regarding the intelligence generating the assessment.

Page 15, paragraph 2, lines 2 through 8:

"But as of 9/11, the FAA's "no fly" list contained the names of just 12 terrorist suspects
07/09/04 FRI 16:36 FAX

(including 9/11 mastermind Khalid Sheikh Mohamed), even though government watchlists
contained the names of many thousands of known and suspected terrorists. This
astonishing mismatch existed despite the fact that four years earlier the Gore Commission
had called on the federal government to maximize the use of terrorist watchlists to improve
the effectiveness of prescreening."

The FAA, as a consumer of intelligence, had fonnal written "Reading Requirements" on file with
the Intelligence Community agencies which specified the information FAA needed to assess and
mitigate threats to civil aviation. Among the requirements was the "Identification and
capabilities of individuals, groups, and organizations which pose a threat (either actual or
potential) to U.S. or foreign civil aviation." The Intelligence Community owned and controlled
the use of the information that was sent to the FAA in response to those requirements. Upon
identifying individuals in the reporting who could pose a specific threat to commercial aviation,
FAA had to request permission from the originating agency to identify the individuals to the
airlines in order to prohibit boarding on aircraft within its regulatory responsibilities. These
requests were not always approved because the originating agency deemed certain name(s) too
sensitive to declassify.

The Gore Commission final report appropriately levied the responsibility to use terrorist
watchlists in prescreening on the agencies that owned and controlled the terrorist information
and databases:
"... the FBI and CIA should develop a system that would allow important intelligence
information on known or suspected terrorists to be used in passenger profiling without
compromising the integrity of the intelligence or its sources". The FAA had no control over that
initiative, yet, in the context of the Commission's report, as written, it appears as a "serious" flaw
in FAA's passenger pre-screening process.

Page 15, paragraph 2, lines 8 through 12:

"Indeed, the long-time chief of FAA's civil aviation security division testified to the
Commission that he was not even aware of the State Department's TIPOFF list of known
and suspected terrorists (some 60,000 before 9/11) until he heard it mentioned during the
Commission's January 26, 2004 public hearing".

FAA did not have access to the entire TIPOFF database, known as TIPOFF web. FAA had
access to a limited version known as TIPOFF Lite, which was also classified. FAA had access to
the 61,000 names in the TIPOFF Lite but did not have access to the all of the underlying
intelligence that served as the basis for including those names. Due to this limited content and
the technical difficulty in using the list, the FAA did not have the ability to undertake a review of
each name on the list. It was difficult to use for on going reviews of the entire list, because it did
not highlight new names or entries from the previous day or log-on session. As a result, FAA
would have had to reconcile day-to day changes in the list manually. Much of the information
that FAA did have access to was incomplete or unreliable. Many records lacked any
biographical data, which is a critical component for the identification of individuals who should
 0005
07/09/04 FRI 16:36 FAX

be denied transport. Names of dead or arrested terrorists were not purged or separated from
TIPOFF Lite. Without the underlying intelligence for names on the list, it was difficult to
identify the reporting agency that had the intelligence related to a particular name on the list,
Nothing in the TIPOFF Lite identified the reporting agency, which FAA was obligated to contact
to get permission to use a name. Therefore, TIPOFF Lite was not a useful tool for FAA.

Page 45, endnote 70.

9/11 Closed by Statute

FAA Comments on Chapter 8-9/11 Commission Final Report

Page 9, paragraph 5, line 1.

"FAA advisories generally did not relate to the terrorist threat at all."

This is not .accurate. The following FAA Information Circulars were in effect on
September 11,2001:

• 1C 98-13, Increased Aviation Security Awareness in Light of Continued Threats

from. Osama Bin Ladin, October 8, 1998.
• 1C 2001-01, Prospects for a Terrorist Hijacking, April 27, 2000.
• 1C 2000-10, Group planning to Bomb Aircraft, November 29, 2000
• ICs 2001-03/03A/03B, Recent Terrorist Activity in the Middle East, March 30,
20017 June 4, 2001/July 26, 2001
07/09/04 FRI 16:36 FAX 1^006

• ICs 2001-04/04A, Continued Middle Eastern Threats to Civil Aviation, April 18,
2001 and July 31,2001
• 1C 2001 -06, Ressam 's Plot Against LAX, June 4,2001
• 1C 2001-07/07A, Violence Increases in Israel, June 4,2001 and August 28,2001
• 1C 2001 -08, Possible Terrorist Threat Against American Citizens, June 22, 2001
• 1C 2001 -09, Possible Terrorist Threat Against American Citizens, July 2,2001
• 1C 2001-11, Possible Terrorist Threat - Arabian Peninsula, July 18, 2001

Also, a Security Directive, SD 108-01-01, was issued on August 21, 2001, It was based on
credible intelligence reporting about a terrorist threat to aviation. However, it was not clear that
U.S. civil aviation was the target. Nevertheless, the Directive was made applicable to U.S. air
carriers because available information indicated that the potential existed.