HIS work out its communications problems, especially between Washington and Member district offices.

Mr. LEWIS. Mr. Chairman.

Mr. FAZIO. Yes.

Mr. LEWIS. I think you know that I am going to have to leave for a meeting in a short time, so I have questions that I would like to submit that are of a more technical nature. I would appreciate a response for the record.

[The information follows:]

QUESTIONS FROM MR. LEWIS

Question. Could you explain the decision making and approval process that H.I.S. goes through when awarding contracts, assigning personnel, or making other management decisions. Who is the final decision maker?

If the House Administration Chairman is informed as part of the process, is the Ranking Republican Member kept apprised?

Response. Contract awards, personnel assignments and other management decisions have their roots in H.I.S.'s planning and budgeting process. Each year a planning document is produced which contains an updated assessment of House needs and priorities, the current baseline, available technology, technical strategies to be followed, and a timetable for delivery of products and services. This statement of objectives serves as the basis for the budget request which is presented to Legislative Appropriations by the Chairman of House Administration.

When the budget has been authorized by Legislative Appropriations, H.I.S. managers revise to the extent necessary the operational budgets for their divisions. These provide a delivery schedule, staff allocation schedule, and a month-by-month expenditure budget. They are reviewed, approved, and monitored by the H.I.S. Director and his staff.

The principles guiding contract awards are these. Formal competitive procurements are conducted when the cost is substantial and there are multiple vendors which can supply the product or service. For smaller acquisitions for which there is a market, purchases are made using either the GSA schedule or the House Approved List (if applicable) or as the result of technical and cost comparisons. Noncompetitive awards are made only when the data, product or service is available only from a single vendor. In all cases, the purchase order request is forwarded for final approval of the Chairman of House Administration via a memorandum that summarizes the need of the item or service.

All personnel actions involving appointment, termination, and salary adjustment originate with the responsible manager. After scrutiny by the Personnel Office to confirm that the proposed change is in line with the performance and evaluation guidelines set out in the H.I.S. Compensation Policy, and also in line with the current budget plan, the recommendation, if approved by the Director, is forwarded to the Chairman for final disposition. Changes in assignment for managers and senior staff are approved by the Chairman. Assignment of other staff is proposed by the responsible manager to the Director for approval.

Other management decisions typically arise from the Director's weekly meeting with H.I.S. Managers. Decisions involving policy, or of a non-routine nature, are made with prior consultation and approval by the Chairman who is the final decision maker being responsible for the entire operation.

Matters of a sensitive or strategic nature are brought to the attention of the Ranking Republican Member by the Chairman as appropriate. The Ranking Republican Member, for example, participates in the assessment of new services proposed by H.I.S. and usually co-signs all announcements in the form of Dear Colleague letters concerning H.I.Š. activities.

Question. How many employees are currently at H.I.S.? How does this compare to the last three fiscal years?

Response. Currently there are 246 employees at H.I.S. In the last three years, staffing was as follows:

Question. We are all acquainted with the past issues surrounding a contract

Could you update the subcommittee on the status of this contract? Press reports have said this is a pilot project, will it be continued?

When a congressional office enrolled in the project, did the voter registration lists they receive contain the names of individuals registered in their district or the entire state?

Reponse. To date 36 Members have subscribed to the Aristotle service, each of these Members having had the opportunity to conduct a two week trial of the service in their office before the decision to subscribe. When an additional twenty Members have subscribed, i.e. a total of 56, the Subcommittee on Office Systems will decide if the subscription service should be placed on the House Approved List so that Members need not obtain waivers before subscribing. If placed on the List, the service would be expected to remain on it so long as Member interest continued and vendor performance remained satisfactory.

Congressional offices which have subscribed to the Aristotle service can obtain information only for voters in their own district. (Although the CD-ROM delivered may physically contain data for an entire state, the retrieval software provided on a separate disk is specially encoded to preclude access to voter information outside the subscribing Member's own congressional district.)

SECURITY WITH COMPUTERS

Mr. LEWIS. Let me just interject a question here concerning my file cabinet, an old-style file cabinet. I've got a lock. When we have an approved list of equipment that is all linked to one fiberoptic system, is there automatically built in every Member's office within their system the kind of security that lock provides to my private material and discussion, et cetera, or would I have, with the right formula, access to the Speaker's private files or to Mr. Fazio's private files?

Mr. ROSE. Before Hamish answers, let me say if you in your office sign on to the big network, and leave your door open when you finish your work, others can come in and walk around in your office electronically.

Mr. LEWIS. Does that mean that if I sat there in the evening and decided to have my staff kind of probe around the House to see if somebody left something open, that I might have X office door open and, by electronic means, go into that office?

Mr. ROSE. That is a possibility.

Mr. LEWIS. That is a real concern.

Mr. ROSE. And HIS has made every effort to tell people that they should close their doors and lock them electronically when they leave. And there are security packages in place, and I think HIS has an ongoing concern about security, both for committees and Member offices.

Mr. LEWIS. Charlie, today, just listening to you is the first time that question has come to my attention and let me submit that even though I am sure the Speaker has very high priority, he might very well have somewhere on the third level in his staff, somebody running a computer who doesn't have that kind of a priority. That is a very interesting problem.

Mr. MURRAY. I think, Mr. Lewis, the problem is that there is a contradiction in terms. A network is designed so you can share information.

Mr. LEWIS. Yes.

Mr. MURRAY. It is the opposite of security, which is to guard against others accessing your information. Whenever we put anyone new on the network, we stress to as many staff as we meet

show them where their lock and key are, and how they must close that filing cabinet themselves. Just as your filing cabinet, if you don't push the button, the lock is open to anyone.

Mr. LEWIS. It is an interesting question. Does the network include my district office computer operation?

Mr. MURRAY. It could.

Mr. LEWIS. So if my district office happened to leave their door open, I might not know it, and that might provide access to all my drawers?

Mr. MURRAY. The instructions for that stage of security, the security that we handle, that we give to each person on the network, is good. But if it is not followed I mean if you don't use the lock-if the bank does not lock the vault

Mr. LEWIS. Mr. Chairman, I think this is subject to discuss some other time so that we can get into some detail.

Mr. FAZIO. Sure. I think you are right. These systems cannot be invaded while they are in use by the individual office.

Mr. MURRAY. That is right.

Mr. FAZIO. So, those that are operating three hours later, for example, district offices in California, the fact that they are open and functioning doesn't in any way make them vulnerable. It is the fact that when they finish, they need to be the ones to turn it off? Mr. MURRAY. I think the ingenuity of hackers is

Mr. FAZIO. Almost unlimited.

Mr. MURRAY. Is unlimited. So we take all steps to secure the networks, to take the maximum precautions that they cannot be accessed. But as there is actually no such thing as absolute computer security, to propose the best available that is the bottom line.

Mr. FAZIO. Okay.

FRANKED MAIL AND HIS

Mr. Chairman, I wanted to ask a couple of questions and then we can move on to other issues, about the improved mail processing that you are involved with. I know it has been important to your committee and ours.

We have approved a reprogramming of funds for both the Doorkeeper and the Postmaster and approved their outgoing frank mail operations, and HIS is a major participant in that program.

Would you describe for us how your services are being used and their annual cost?

Mr. Rose. Mr. Chairman, I didn't give details about the cost in my statement, and Hamish may have some of those. I don't have all the details of the actual costs in my head, but I would like to point out a couple of things.

With the leadership that you have shown the Congress in getting a handle on the costs of our mailing operation around here, we felt that we should set in place mechanisms that would allow Members to refine and keep an accurate track of their mailing costs and, where possible, be able to mail at the lowest possible rate, so that if they desire to, they could even effect further savings in the costs of their mailing operation.

That required two things. It required that HIS become a Nation

Could you update the subcommittee on the status of this contract? Press reports have said this is a pilot project, will it be continued?

When a congressional office enrolled in the project, did the voter registration lists they receive contain the names of individuals registered in their district or the entire state?

Reponse. To date 36 Members have subscribed to the Aristotle service, each of these Members having had the opportunity to conduct a two week trial of the service in their office before the decision to subscribe. When an additional twenty Members have subscribed, i.e. a total of 56, the Subcommittee on Office Systems will decide if the subscription service should be placed on the House Approved List so that Members need not obtain waivers before subscribing. If placed on the List, the service would be expected to remain on it so long as Member interest continued and vendor performance remained satisfactory.

Congressional offices which have subscribed to the Aristotle service can obtain information only for voters in their own district. (Although the CD-ROM delivered may physically contain data for an entire state, the retrieval software provided on a separate disk is specially encoded to preclude access to voter information outside the subscribing Member's own congressional district.)

SECURITY WITH COMPUTERS

Mr. Lewis. Let me just interject a question here concerning my file cabinet, an old-style file cabinet. I've got a lock. When we have an approved list of equipment that is all linked to one fiberoptic system, is there automatically built in every Member's office within their system the kind of security that lock provides to my private material and discussion, et cetera, or would I have, with the right formula, access to the Speaker's private files or to Mr. Fazio's private files?

Mr. ROSE. Before Hamish answers, let me say if you in your office sign on to the big network, and leave your door open when you finish your work, others can come in and walk around in your office electronically.

Mr. LEWIS. Does that mean that if I sat there in the evening and decided to have my staff kind of probe around the House to see if somebody left something open, that I might have X office door open and, by electronic means, go into that office?

Mr. ROSE. That is a possibility.

Mr. LEWIS. That is a real concern.

Mr. Rose. And HIS has made every effort to tell people that they should close their doors and lock them electronically when they leave. And there are security packages in place, and I think HIS has an ongoing concern about security, both for committees and Member offices.

Mr. LEWIS. Charlie, today, just listening to you is the first time that question has come to my attention and let me submit that even though I am sure the Speaker has very high priority, he might very well have somewhere on the third level in his staff, somebody running a computer who doesn't have that kind of a priority. That is a very interesting problem.

Mr. MURRAY. I think, Mr. Lewis, the problem is that there is a contradiction in terms. A network is designed so you can share information.

Mr. LEWIS. Yes.

Mr. MURRAY. It is the opposite of security, which is to guard against others accessing your information. Whenever we put anyone new on the network, we stress to as many staff as we meet

show them where their lock and key are, and how they must close that filing cabinet themselves. Just as your filing cabinet, if you don't push the button, the lock is open to anyone.

Mr. LEWIS. It is an interesting question. Does the network include my district office computer operation?

Mr. MURRAY. It could.

Mr. LEWIS. So if my district office happened to leave their door open, I might not know it, and that might provide access to all my drawers?

Mr. MURRAY. The instructions for that stage of security, the security that we handle, that we give to each person on the network, is good. But if it is not followed I mean if you don't use the lock-if the bank does not lock the vault—

Mr. LEWIS. Mr. Chairman, I think this is subject to discuss some other time so that we can get into some detail.

Mr. FAZIO. Sure. I think you are right. These systems cannot be invaded while they are in use by the individual office.

Mr. MURRAY. That is right.

Mr. FAZIO. So, those that are operating three hours later, for example, district offices in California, the fact that they are open and functioning doesn't in any way make them vulnerable. It is the fact that when they finish, they need to be the ones to turn it off? Mr. MURRAY. I think the ingenuity of hackers is

Mr. FAZIO. Almost unlimited.

Mr. MURRAY. Is unlimited. So we take all steps to secure the networks, to take the maximum precautions that they cannot be accessed. But as there is actually no such thing as absolute computer security, to propose the best available that is the bottom line.

Mr. FAZIO. Okay.

FRANKED MAIL AND HIS

Mr. Chairman, I wanted to ask a couple of questions and then we can move on to other issues, about the improved mail processing that you are involved with. I know it has been important to your committee and ours.

We have approved a reprogramming of funds for both the Doorkeeper and the Postmaster and approved their outgoing frank mail operations, and HIS is a major participant in that program.

Would you describe for us how your services are being used and their annual cost?

Mr. Rose. Mr. Chairman, I didn't give details about the cost in my statement, and Hamish may have some of those. I don't have all the details of the actual costs in my head, but I would like to point out a couple of things.

With the leadership that you have shown the Congress in getting a handle on the costs of our mailing operation around here, we felt that we should set in place mechanisms that would allow Members to refine and keep an accurate track of their mailing costs and, where possible, be able to mail at the lowest possible rate, so that if they desire to, they could even effect further savings in the costs of their mailing operation.

That required two things. It required that HIS become a Nation