Skip to main content

tv   Key Capitol Hill Hearings  CSPAN  December 12, 2013 5:00am-7:01am EST

5:00 am
question whether the law and other safeguards currently in place strike the right balance between protecting our civil liberties and our national security. and that balance is a very important balance. but it's a balance that for personal liberty as well as national security, both have constitutional implications. you can't forget one or the other. this is especially so concerning the public revelation that under section 215 of the patriot act, the government is collecting america phone meta data in bulk. why are many americans so concerned? well, it isn't hard to find an example of what can happen to americans' personal information when the government overreaches, mismanages and fails the american people. it's been two months since the administration tried to bring obama care website online. and the american people are
5:01 am
suffering under that issue. many finding they can't keep the insurance play planned and like. their premiums are rising. uncertainty is growing about which parts of the law the president will decide to uphold. but in just these few months we have already seen reports of incidents where obama care hasn't adequately protected americans' personal data. in one reported instance in minnesota, an insurance broker was accidentally provided the personal information of 2,400 people. moreover, there are many unanswered questions about the website's ability to protect privacy going forward. now i expect, in fact, i understand that the standards of the dedicated professionals in our intelligence community do not compare to those of the contractors who failed to set up the website that i've referred to. but it's easy to see why many americans tend to be skeptical,
5:02 am
then, that the government can adequately maintain their privacy when it collects vast amounts of information. the president's disengagement on these important matters doesn't help. he claims he was unaware of the problems with the obama care website before it was launched. now reports say he was unaware of the reported surveillance of many world leaders. as i did back in october, i called on the president to lead. many of these programs are critical to our national security. the president needs to contribute to the national debate by publicly explaining and defending them. prince, a visit to ft. meade would help. i'm convinced there is a role for greater transparency, oversight and accountability in the fisa process. the public trust of our
5:03 am
intelligence community must be rebuilt. we must ensure intelligence authorities are exercised in a manner consistent with our laws and constitution. these proposals should be subject to the same rigorous and critical examination to which we're subject iing -- these proposals should address the specific concerns that are brought to light. these proposals shouldn't have a terrorist abroad -- shouldn't provide a feterrorist abroad wi rights similar to u.s. citizens here at home. these proposals shouldn't make it more burdensome for authorities to investigation a terrorist than it is to investigate a common criminal. these proposals shouldn't return
5:04 am
us to pre-9/11 posture. the balance between protecting individual liberties and our national security is a delicate one. and reasonable people can disagree about precisely where that balance must be struck. and that's our responsibility here in the congress of the united states. our witnesses on both panels today represent a wide range of you. and i look forward to hearing their point of view. before you start, mr. chairman, i'd like to explain further something you brought up that i had a conflict. at 2:30 secretaries -- i'm skeptical of that agreement. but i have a responsibility to learn more about it. but i have to weigh going to that hearing to be here because i'm also, as leader of the republicans, know the importance of fisa and whatever work is
5:05 am
done there for our national security as well. the chairman did accommodate us to some extent by moving this ahead by a half hour. i'm going to stay beyond that half hour anyway to ask questions at least of the first panel. i had asked the meeting to be rescheduled, and this chairman's prerogative to lead this committee as he sees necessity to do it. but i think it's too bad this could not be worked out so that senators could attend both of these matters together. >> thank you. i wish i could be at the other hearing, too. but we've had to reschedule this once already. and everybody has agreed to be here today. i didn't think it was fair to our witnesses to reschedule it again. besides, a lot of these classified briefings, the one you just referred to, i've had to miss in the past because of
5:06 am
conflicts. i find i can usually read almost all of what was said there in the paper the next day anyway. usually in more detail. >> i agree with you on that point. >> i'll share my -- >> it kind of makes a mockery of what they call secured. >> well, it depends upon whose ox is being gored, i guess it's more of a question who can get it out quickest. i do recall one of these very highly classified matters that we had. the very first thing that came out top secret was a photograph of the cover of that -- one of that week's news magazines. it went downhill from there. our first witness is general keith alexander who's the director of the national security agency. began service at the u.s. military academy at west point. previously served as the commanding general of the u.s.
5:07 am
army intelligence in security command. director of intelligence, u.s. central command. of course, general, i thank you for being here. your full statement will be made part of the record. but in the time you have, please feel free to hit any points you want or summarize any way you'd like. >> chairman, thank you. i'll keep my opening remarks short. but i would like to hit a few key things. first, nsa is a foreign intelligence agency. those acts and too manies that we do are to connect what we know about foreign intelligence to what's going on here in the united states. we need tools to bring that together. i want to talk briefly about some of those too manies. and some of those tools, like section 215, in my opinion, and i think in the court's, are constitutional. were authorized by congress. they're legal. they're necessary.
5:08 am
and they've been effective. from my perspective, the threats are growing. when we look at what's going on in iraq today, what's going on in syria, the amount of people killed from 1 september to 3 december is over 5,000 from terrorist related acts in iraq, syria and several other countries around the world. in iraq alone, in 2012 the total number killed was 2,400. from 1 september to 3 december, that has risen to 2,200 plus in a three-month period. it's on the verge of a sectarian conflict. the crisis in the middle east is growing. and the threat to us from terrorist activities or safe havens and those being radicalized are growing. what we found out in 9/11, and i go back to senator grassley, your comments. we can't go back to a pre-9/11 moment. sir, i absolutely agree with that. so we have to find out what is the right way for our nation to
5:09 am
defend ourselves and our allies and protect civil liberties and privacy. i think the way we're doing section 215 is actually a good model, not just for our country but for the rest of the world. it has the courts, congress and the administration all involved. why do i say that? the reason is, if you look at all the information that is out there, the billions and billions of books of information that are out there, there is no viable way to go through that information if you don't use meta data. in this case meta data is a way of knowing where those books are in the library and a way of focusing our collection the same that our allies do to look at where are the bad books. from our perspective, from the national security agency's perspective, what we do is get great insights into the bad actors overseas. under that information, we can take the information, the to, from. i put that on a little card. it says from number. the to number. the date. time group of the call.
5:10 am
and the duration. that's the element of information we use in the 215. there is no content. there are no names. no e-mail addresses. from my perspective, that is the least intrusive way that we can do this. if we could come up with a better way, we ought to put it on the table and argue our way through it. the issue that i see right now is there isn't a better way. what we've come up with is can we change one. senator grassley, you brought out a great point. 9/11, we couldn't connect the dots because we didn't have this capability to say, someone outside the united states is trying to talk to someone inside the united states. >> we also had people in the administration that refused to listen to fbi agents who had picked up on what was happening here in the united states when they were told it's not important, even though anybody with a brain in their head would have known it was. but go ahead. i understand your point. thank you. let's stick to the facts. we're not talking about a
5:11 am
library. i had my first library card when i was 4 years old. i understand libraries. let's talk about the nsa. >> i think the important part for us, mr. chairman, is how do you know -- how do you bring information you know from outside the country to that which we have inside? how do you connect the dots? that's the issue with the meta data program. there is no other way that we know of to connect the dots. so that gets us back to do we not do that at all? given that the threat is growing, i believe that is an unacceptable risk to our country. so what we have to do is, can we do more on the oversight and compliance? and there are things that are being looked at. but taking these programs off the table from my perspective is absolutely not the thing to do. i do agree with this discussion with industry as well that you brought up, chairman. industry ought to be a player in here. they have been hurt by this. and i think unfairly hurt. we ought to put this on the table from two perspectives.
5:12 am
industry has some technical capabilities that may be better than what we have. if they have ideas of what we could do better to protect this nation and our civil liberties and privacy, we should put it on the table. and i think we should have a way of bringing government and industry together for the good of the nation. and we ought to take those steps. so, mr. chairman, i just want to conclude with this statement. we're a foreign intelligence agency. our job is to figure out what's going on outside the united states and to provide that level of information to the fbi and others who are operating inside the united states. to date, we've not been able to come up with a better way of doing it. i'm not wet. -- wed, i don't think anybody is wed to a specific program. we do need something to help connect the dots. something to help defend this country. we think these programs have been effective. that's all i have, mr. chairman. >> thank you, chairman leahy,
5:13 am
ranking member -- quite all right. >> james cole first joined the department of justice in 1979. served for 13 years in the colonel division. he later become deputy chief of the division's public integrity section before entering private practice. and was sworn as the deputy attorney general on january 3rd, 2011. please go ahead, mr. cole. >> thank you, chairman leahy, ranking member grassley and distinguished members of the committee for inviting us here to talk about the foreign intelligence surveillance act. i'm going to focus my opening remarks just on the 215 program. as has been mentioned, it involves the collection of meta data from telephone calls, including the number that was dialed, the date and the time of the call and the length of the call. it does not include the content of any phone calls, any names, addresses or financial
5:14 am
information of any party to the call. and under 215, it does not include any cell site location information. the government can search this data only if it has a reasonable arctic ewe labl suspicion that the phone number being searched is associated with certain terrorist organizations. only a small number of analysts can make that determination. and that determination must be documented so it can be reviewed by a supervisor and later reviewed for compliance purposes. and only a small portion of these records actually end up being searched. this program is conducted pursuant to authorization by the fisa court. since the court originally authorized this program back in 2006, it has been reapproved on 35 separate occasions by 15 individual article 3 judges on the fisa court. oversight of the 215 program involves all three branches of
5:15 am
government. within the executive branch, numerous entities and nsa, the department of justice and the office of the director of national intelligence are involved in assessing compliance. we report any compliance incidents to the fisa court immediately. with respect to congress, we have reported any significant compliance problems such as those uncovered in 2009 to the intelligence and judiciary committees of both houses. documents related to those 2009 problems have since been declassified and have been released by the dni. over the past several months, we've also gone to great lengths to better explain publicly why the program is lawful. under section 215 there must be reasonable grounds to believe that the records that are collected are relevant to an authorized investigation to protect against international terrorism. as both the fisa court's opinions and our own 22-page white paper explained, relevant is a very broad term. in its ordinary sense,
5:16 am
information is relevant to an investigation if it bears upon or is pertinent to that investigation. courts have held that large repositories of information can satisfy relevance standard where the search of the whole repository is necessary in order to identify the critical documents. this is precisely the rationale that underlying the 215 collection program, and it was recognized by the fisa court. the court found that the entire collection of bulk meta data is relevant to an authorized international terrorism investigation because it is necessary, a necessary part of the process, to allow nsa to identify phone calls between terrorists and other persons. as judge egan's recent opinion reauthorized and the program recognized, and i quote, because the subset of terrorist communications is ultimately
5:17 am
contained within the whole of the meta data produced, but can only be found after the production is aggregated and queried using identifiers determined to be associated with the identified international terrorist organizations, the whole production is relevant to the ongoing investigation out of necessity. in addition to compliance with 215, nsa's program must also comply with the fourth amendment of the constitution. here the supreme court's decision in smith versus maryland is directly on point. in smith the court held that telephone users who convey information to phone companies for the purpose of routing their calls have no reasonable expectation of privacy in that information. now, the smith case is a number of years ago. and some have questioned the applicability of it because it didn't concern a situation where the government collected and retained the bulk meta data and aggregated it all in one place. however, a recent opinion of the
5:18 am
fisa court addressed this specific issue, and it noted where one individual does not have a fourth amendment interesting with grointeres interest, grouping together a large number of similarly situated individuals cannot -- springing into existence. i understand that there is interest in legislating reforms to the 215 program and other aspects of fisa including the nature of the court process itself. we welcome this public debate and this public discussion about whether the current version of 215 and other provisions of fisa strike the right balance between our national security and the privacy of our citizens. both of which are important and have to be honored. we look forward to working with the committee to address these issues and to find the right balance. thank you, mr. chairman. >> thank you. thank you very much, mr. cole.
5:19 am
and our last witness on this panel will be robert litt. confirmed by the senate in 2009. he served as general counsel of the office of the director of national intelligence. prior to joining odni he was partner with the law firm arnold porter. worked at the department of justice. and has testified before this committee before. welcome back, mr. litt. >> thank you, mr. chairman. ranking member grassley. members of the subcommittee. we do appreciate the opportunity to appear today to continue our discussions about the intelligence activities that are conducted pursuant to the foreign intelligence surveillance act. it's critical to assume that the public dialogue on this topic is grounded in fact rather than in misconceptions. and we therefore understand the importance of helping the public to understand how the intelligence community actually uses the legal authorities provided by congress to gather foreign intelligence and the extent to which there is vigorous oversight of those activities to ensure they comply
5:20 am
with the law. as you know the president directed the intelligence community to make as much information as possible available without certain intelligence programs that were the subject of unauthorized disclosure. consistent with protecting national security and sensitive sources and methods. since that time, the director of national intelligence has declassified and released thousands of pages of documents about these programs. including court orders and a variety of other documents. we're continuing to do so. these documents demonstrate both that the programs were authorized by law and that they were subject to vigorous oversight, as general alexander said, by all three branches of government. it's important to emphasize that this information was properly classified. it's been declassified only because in the present circumstances, the public interest in declassification outweighs the national security concerns that originally prompted classification. in addition to declassifying documents, we've taken significant steps to allow the public to understand the extent to which we use the authorities in fisa going forward.
5:21 am
specifically, as we described in more detail in the written statement that we submitted for the record, the government will release on an annual basis the total number of orders issued under various fisa authorities and the total number of targets affected by those orders. moreover, we recognize that it's important for companies to be able to reassure their customers about how often, or more precisely how rarely, the companies provide information to the government. and so we've agreed to allow the companies to report the total number of law enforcement and national security legal demands they receive each year and the number of accounts affected by those orders. we believe that these steps strike the proper balance between providing the public relevant information about the use of these legal authorities, while at the same time protecting important collection capabilities. a number of bills that have been introduced in congress including the usa freedom act which you sponsored, mr. chairman, contain provisions that would require or authorize additional disclosures. we share the goals that these
5:22 am
laws and bills provide of providing the public with greater insight into the government's use of fisa authorities. however, we are concerned that some of the specific proposals raise significant practical or operational concerns. in particular, we need to make sure that any disclosures are operationally feasible with a reasonable degree of effort and that they would provide meaningful information to the public. we also need to make sure that the disclosures do not compromise significant intelligence collection capabilities by providing our adversaries information that they can use to avoid surveillance. mr. chairman, i do want to emphasize our commitment to work with this committee and others to ensure the maximum possible transparency about our intelligence activities consistent with national security. we're open to considering any proposals so long as they are feasible and do not compromise our ability to collect the information we need to protect our nation and its allies. and we've been in discussion with the staff of this committee and the intelligence committee on some proposals and some
5:23 am
alternate means of trying to provide greater transparency while protecting our critical sources and methods. we look forward to continuing to work with you in this regard. thank you. >> thank you, mr. litt. senator, normally i'd ask questions at this point. but i'm going to first ask senator grassley who does want to make the other briefing. senator grassley. >> i appreciate very much that accommodation. mr. cole, back on october 2nd, i wrote a letter to the assistant attorney -- or to the attorney general requesting information about cases of willful and intentional abuse of authority by nsa employees. some of them were referred to the justice department for prosecution. i'd like to know whether these cases were prosecuted, and if not, why not? i ask for a response by december 1st. do you know the answers to these questions? and if not, when would i be able
5:24 am
to expect an answer? >> i don't know the specific answers on each of the ones you cited, senator grassley. but we're in the process of collecting that information. a number of them were not prosecuted. a number of them involved the risk of further damaging the national security by having to release more information. other sanctions were found that were adequate in those cases. but we're trying to put together that information so that we can give you an assessment of what happened in those cases. >> i thank you for that courtesy. mr. cole, i want to make sure that i understand the administration's positions on the usa freedom act. in your prepared testimony, that bill isn't specifically mentioned. but in your testimony you state that the administration, quote, does not support legislation that would have the effect of ending the 215 program, end of quote, because the administration maintained that it is a lawful and valuable to
5:25 am
protect national security. the answer may be obvious, but i want to be clear for the record. do you understand the usa freedom act to be, quote, legislation that would have the effect of ending the section 215 program, end of quote, that you described in your testimony? >> senator, the -- you kind of asked me a legal question. i'm going to have to give you a bit of a lawyer's answer. it's going to depend on how the court -- if the usa freedom act becomes law, it's going to depend on how the court interprets any number of the provisions that are in it and any number of the additional requirements that are contained in it over what's here now. i think it will have an impact on what is currently done under 215. but 215 covers more than just bulk data collection. it covers individualized business record acquisition. and depending on what kinds of records are being sought, what the facts and circumstances are, will depend on the nature and extent of the freedom act's
5:26 am
impact on it. on the bulk data, i think it's going to be a question of the court's interpretation. right now the interpretation of the word "relevant" is a broad interpretation. adding pertinent to a foreign agent or somebody in contact with a foreign agent could be another way of talking about relevance, as it is right now. we'd have to see how broadly the court interprets that or how narrowly. >> i appreciate your legal view. just from a standpoint of how our process of legislation works, and since the president's commander in chief, the number one person in charge of our national security, i would hope that we would have a firm statement from the administration of whether or not this legislation is harmful or not. and it would be better to know that before courts get a decision, which would be years -- would be now and i think the administration owes that to all of us, both proponents and opponents of what
5:27 am
that situation is. other than -- my other question to you as well, other than 215, the usa freedom act would also make other significant changes to the tools used to investigate terrorism and espionage cases. for example, the bill would raise the legal standard to issue national security letters to require the information sought be both relevant and material, as well as the information -- as well as the information pertained directly or indirectly to a foreign power or an agent of that power. this is a change from the current standard, which is mere relevance. question, what operational effect, if any, will these changes have on the ability of your department and the fbi to protect the nation from terrorist attack? >> senator grassley, probably the largest effect that it would have on the nsl situation is the
5:28 am
addition of the requirement that it be relevant to or there is information that it is connected to a foreign power. many times nsls are used in a very preliminary stage of an investigation in order to determine if the person who's being looked at is, in fact, a foreign power or an agent of a foreign power. and so the question is sometimes being answered through the use of national security letters. if you must answer that question before you can get a national security letter, it would reduce the availability of those -- of that tool in terrorism investigations. >> thank you, mr. chairman. and i have two questions that i'll submit -- can i answer one more? mr. litt, one of the issues this committee has been looking at is whether or how to add more of an adversarial element in the fisa court process. the chairman invited a former fisa court judge to be a witness at our hearing in july.
5:29 am
judge james karr explained in his answers to questions for the record that he did, quote, not believe that having independent counsel review all government applications before the fisk would be necessary or desirable, end of quote. this appears to be reflected in the legislation passed by the senate intelligence committee, in contrast, as i understand it, the freedom act requires the government to provide every application to the advocate. question, between the different advocate proposals in the u.s. freedom act and the senate intelligence committee bill, which do you believe is a better approach to making the fisa court process more adversarial, and why? >> so, senator grassley, since the department of justice is the agency that really conducts the litigation before the fisa court, i'm going to defer the answer to that to deputy attorney general cole. although i will say that there's been a lot of interagency
5:30 am
discussion about the appropriate approach there which i think he can lay out. >> senator grassley, i think we've said on a number of occasions, we find that there is a use and a value to having an independent legal representative in the fisa court process, in the appropriate circumstances. we would not advocate or recommend having one for all of the procedures that go on there. many of them, like in normal criminal cases, are routinely done in an ex parte basis. they're done usually with a fair degree of expedience and efficiency. and we think a permanent public advocate might impede that process some if it's applying to every single thing that's there. there would also be, i think, some constitutional issues of standing for a public advocate on every single issue. we would propose that it be an amicus appointed by the court. when the court feels that they have the need for another perspective and another point of
5:31 am
view, when it's a significant issue involving privacy issues, civil liberty issues, that the court would like to have another view on, that would be a good example of a time. something like the bulk data collection programs where somebody may want to have a view of what the law is other than the government's view, we think that would be a good area. but i think the court's in the best position to determine when and where it's going to need those kinds of things and do it only for those issues. >> general alexander, it'll take you five seconds to answer this question. as our hearing in july your deputy director testified that the nsa conducting an investigation into highly classified information was compromised by a single contractor. he stated the nsa would report back to congress about the individual on systemic responsibilities of what occurred. when can we expect that report. >> we'll send that up right away. we've actually taken 41 different actions. we'll get that report on what those are. >> what is right away? >> over the next week.
5:32 am
>> okay. so we'll have it by wednesday. >> thank you, mr. chairman. >> next wednesday. >> by then. thank you. i go to this last question about 215 phone records and fisa courts or fisk courts or so on. it's been said these laws have been authorized. they've never been up on appeal. we've never had an appellate court rule on them. the bill that i have does not require an advocate in every fisa court case. it would be only when the court agreed that it might be helpful. we also have statements from judges that if that was the case, there might be more credibility with the courts.
5:33 am
or at least more of a willingness on the part of the public to accept courts that operate in secret. would you agree with that, mr. cole? >> i think that that would help the public have better confidence. i think the court does run well. i think there's a great deal of independence from my experience with the court in its rulings. it is not by any means a rubber stamp. but i think there's a value with the public to having some other person, some other advocate, in the appropriate kinds of cases. and i think there's a value to that, senator, mr. chairman. so i think that is a good idea as long as we keep it into the -- in the right matters. so i would agree with that. >> senator klobuchar will submit questions for the record. the cell phone location records. it's reportedly gathering information -- or communications
quote quote
5:34 am
information from online gaming sites. the stories suggest the activities are directed abroad. we know the nsa was making plans to obtain cell site location information under section 215. we also know that the nsa engaged in bulk collection of internet meta data under the fisa pen registered statute. it suggests to me under that kind of legal interpretation of fisa the nsa could collect the same amounts of information domestically that this research suggests they're collecting abroad. mr. litt, maybe i should direct it first at you. i know the program authorized the bulk parts of internet data was shut down in 2011 because it wasn't operationally useful. but under the current law, would the nsa be able to restart the bulk collection of internet
quote quote
5:35 am
data? >> if the nsa and the department of justice were able to make a showing to the fisa court that the collection of internet meta data in bulk, which, of course, is a category of information that's not protected by the fourth amendment, that if it were relevant to an authorized investigation and could convince the fisa court of that, then, yes, it would be authorized. >> it was shut down before as not being operationally useful. would you have to go to the court? >> i believe -- >> to restart the bulk collection of internet data, would you have to go to the court? >> i believe we would. >> mr. cole? >> yes, mr. chairman. under the fisa statute, i think you would have to get court authority just like you would under 215 to be able to do that. and that would only last for a period of time. it would have to be renewed periodically. there's no active authority for it right now. >> thank you. setting aside any techny logical
5:36 am
limitations, would the fisa pen register statute authorize you to obtain all internet meta data, not just e-mail meta data? >> i think that is correct. again, it would be limited to the meta data in that regard. >> if i could just add on that. >> if i could just make sure i understand mr. cole's answer. the only limitation would be that it would be meta data? >> it cannot be content. in the latest order of the fisa court under 215, it specifically excluded cell site location as well. >> i was going to add only that you'd have to show that the categories of meta data that you're seeking was, in fact, relevant to the authorized investigation. >> mr. cole, you've talked about the legislation that senator lee and i talked about to update the electronics communication privacy act. we want to require in criminal
5:37 am
matters, i'm talking just about criminal matters now, the government obtain a probable cause warrant to gain access to the contents of electronic communication stored by a third party provider. section 215 of the usa patriot act requires the government to show only relevance to an authorized intelligence investigation or to obtain records. i'm not talking about bulk collection. but the more standard usage of 215. has section 215 ever been relied upon to obtain the contents of stored communications from a third party provider? >> not that i'm aware of, mr. chairman. >> mr. litt? >> i'm hesitant to give an answer to that just because it's not a question i've ever asked. i'd prefer to get back to you on that, sir. i just don't know the answer sitting here. >> can you get back to me by the end of the week? >> i will try.
5:38 am
>> if they haven't, as a legal matter, could section 215 be used to obtain the contents of communication? >> i would have to think about that. considering that it is the -- it's limited to the types of information you can get with a grand jury subpoena, i'd have to look. because of the aspects of stored communications and things of that nature, i'd have to check. but i'm not sure -- i'd have to go back and look at that. so without a check of the legal authorities, i'll get back to you on that, mr. chair. >> and i appreciate you checking those. i think you understand by the question i -- >> yes. >> there are some serious legal ramifications to your answer. >> i agree. >> good. we're going to go to senator franken. but general alexander, you
5:39 am
talked about using -- and i'll get to you in my next round -- about going to the private sector and looking for best practices from them. you can imagine i'm going to ask if those best practices had been use e used, would a 29-year-old contractor been able to walk away with all your secrets like mr. snowden did? senator franken? >> you're going to ask that in the next round? >> sure. >> do you want it answered now? i mean -- >> no. that's okay. you've been waiting patiently. i'll wait my turn. >> well, okay. gener general, you'll have plenty of time to think about that. except i have a question for you. let's see if you can do both at the same time. i have a bill, too, surveillance transparency act that i think you're all familiar with. among other things, general alexander, the would
5:40 am
require nsa to tell the american people how many of them have had their communications collected by the nsa. do you think the american people have the right to know, roughly, how many of them have had their information collected by the nsa? >> i do, senator. i think the issue is how do you describe that? those that are under a court order -- so under fisa, as you know, to collect the content of a communications, we have to get a warrant. the issue would be almost in the title iii court. do you tell someone, a u.s. person, who may not be a u.s. citizen, that we're tracking them here in the united states or that we have identified that. >> i'm not suggesting that you have to tell people they're being surveilled. that they personally are a suspect. what i'm saying is the american people have a right to know how
5:41 am
many american people have had their information collected. that's a different question. i wasn't suggesting we tip people off that are suspects. >> yeah, so i think in broad terms, absolutely. and let me give you an example. >> in broad terms? >> yeah, so for example, under 215 today, less than 200 numbers are approved for reasonable arctic you labl suspicion. >> that's 200 orders or 200 people? >> 200 numbers. some of them may be multiple numbers per person. those numbers could be both foreign and domestic. in fact, they are. but that's the total number for that category, for section 215 today under that program. the other one that i think -- and i think the deputy attorney general mentioned, we can also put out more about what we're doing under the faa 702 program,
5:42 am
that we've compelled industry to do in a more transparent manner. the issue is how do we do that without revealing some of our own capabilities. we're working through the inner agency to get a resolution on that. did i say that right? >> okay. i'm being told by staff that that's actually the number of people that have had their phone numbers searched, not collected. >> so under 215, all the data is going into repository. >> metadata. >> so if, for example, i'm talking to a foreign terrorist, my number would automatically hit that link. in fact, you probably would want to know that. i know the white house would. >> right, we need to know that. >> that's right. so the issue would be, how many of those? we would look at those, and based on our analysis, give those numbers that are appropriate to the fbi for them to then go through their appropriate process to look at those numbers. >> okay.
5:43 am
there's a difference between collected and searched, but that's okay. but let's talk about 702. that's supposed to target nonamericans, right? foreign persons. >> reasonably believed to be outside the united states, correct. >> right. are americans -- shouldn't the american people know how many americans have gotten caught up in that? >> that, again -- and i don't mean to hedge. let me just tell you the difficulties. if a terrorist that we're going after is talking to another person, in that communication, there's nothing that says, i'm an american and here's my, you know, my social security number. so the fact is, when we're tracking a terrorist, if they're talking to five people and one of those is american, chances of us knowing that are very small. if we find out that's an
5:44 am
american, then there are procedures the attorney general and the courts have given us that we have to do to minimize that data on that american. >> okay. well, i guess my question is, my bill calls for the nsa to report how many americans' information has been searched, has been looked at by agents. and i'm not talking about necessarily a precise number, but 702 says that you can only look at non-americans. and -- look, my feeling is this. the american people are skeptical of executive power. >> right. >> that when there is a lack of transparency, they tend to suspect that something -- they
5:45 am
tend to be very skeptical and suspect abuse. and part of the reason to have transparency is for people to be able to make their decisions based on some real information about whether or not this power is being abused or not. now, i believe that you gentlemen have our national security at interest. that's your interest. that is your interest. but i also believe that -- you know, you keep saying there's oversight from all three branches of government. we're one of the branches. we're doing the oversight, okay. >> we're feeling it. >> and my feeling in doing the oversight is that i would be more comfortable and the american people would be more comfortable and feel that they can decide for themselves if they knew how many americans were being caught up in a
5:46 am
program like 702 that is designed by law not to target americans. >> so i think, senator, absolutely. i would just put into this that what we're going to do is if asked to do that, we're going to give you faithfully and truthfully that which we know. my concern would be two days later we find out that was also an american. so we could report that later, but we're not doing to -- do you see what i mean? >> what i'm talking about in my legislation isn't a precise number. it's a range. and what i've been told by odni is that producing this estimate would be very difficult, but i don't think it would be that difficult. >> so maybe i would just offer, senator, to have you come up and we could sit down and show you this and come up with perhaps a way to do that. because i do think -- actually, i agree with you.
5:47 am
i think this is the right thing to do because the number isn't that big. i think if we could explain it to the american people and you as one of our three elements of our government, could say here's what we see and here's what the administration sees and here's what the courts and all three of us together say that's the best number we can come up with. when the american people understand that, they'll know we're doing this right. so i agree with you. >> i see mr. litt, who i know quite well, we've discussed this a lot, sort of jumping out of his seat. >> no, i'm firmly planted, sir. >> well, eager to answer. that's why i'm afraid i've run out of -- no, i'm sorry. go ahead. i see that you're -- i've never seen him this eager, frankly. >> mr. chairman, if i might for a minute. this is a good example of the thing i was talking about in my opening remarks. i think we all agree that the question you pose is a reasonable one, which is how many americans are being caught up in this?
5:48 am
the problem is trying to find a way to provide that information in a manner that's both operationally feasible and doesn't compromise sources and methods. we've got some ideas in that regard. they're not fully fleshed out yet. we want to work with your staff and see if there are ways we can arrive at something that will give at least some sort of reasonable proxy that gives americans the impact of this surveillance. >> thank you. i'm glad i've got this answered today. this has been part of my discussions with odni where you said this may be too difficult to do. but it sounds like we've got a little bit of movement on this. i want eed to ask a question abt what you were referring to, mr. chairman, about location information, but i really am way over my time. thank you for your indulgence.
5:49 am
this is on the capacity issue. general alexander, in a he hearing -- let me go beyond that. last week "the washington post" asked an intelligence official speaking on the record to estimate how many americans had had their location information collected by the nsa. the official answer, quote, it's awkward for us to try to provide any specific numbers. right after he said that, the article says that an nsa spokesman interrupted the conversation to change that answer. do you believe it's difficult for this administration to estimate how many americans have had their information collected, or do you think it's awkward? >> i think it's difficult, but i think we're talking by each other, if i might explain. >> okay, good. >> you should the business record fisa, there was a series
5:50 am
of questions on cell site location information that others have asked. we have walked down that road. as you know, that's one the courts said we're not going that, we don't do that. there has been a few records that were done to check to see if technically it could be done. that was the first set of issues on the business record fisa. so there is no cell site location data under business record fisa we're using today, period. second, if an american travels overseas and communications are collected, the chances are in that collection, we may not know that's been collected, that it's an american position. but if you collect, you'll probably get the cell site location with that. the issue would be, how many of those have been collected. the answer is we're really not looking for that. it may have been collected because they talked to, you know -- and i don't mean any of these people are bad. >> you seem to point to them a lot. >> i just want you to be careful because they're right behind
5:51 am
you. but i am concerned, senator, that in that case, we won't know at all who are the americans and who aren't in those issues for the same reason before. but what we can tell you is i think good numbers on those that we target overseas that are americans under those procedures that we have. we can give you those numbers. 703, 4, and 5 that fall into that. i think that's, perhaps, what we're really looking for. does that make sense? >> yes. thank you. mr. chairman, thank you for your indulgence. i also want to go down to the briefing. thank you, gentlemen. >> say hello to everybody for me. >> i will. >> general, i'll go back to the question i asked, and not facetiously, i assure you. you said that your work with private industry and proving
5:52 am
techniques and so forth, and i assume you would. let's go back to the snowden case. as you know, i've expressed grave concerns about how a 29-year-old subcontractor can come walking in, and that your system of checks and balances and all was not good enough to stop him from walking out with a huge amount of data. i see something similar, all the different type of data, when our own state department and department of defense put huge numbers of highly classified and highly sensitive cable traffic from some of our embassies into one location where a private first class, i believe he was,
5:53 am
was able to go in and take it all out on a lady gaga cd. and we know the enormous, enormous problems caused to our diplomacy and the security of a lot of americans and our allies because of that situation. i've never found anybody to say what we ever gained by putting all that material in one place. so now we go to the snowden case. whether somebody thinks he's a hero or a villain is not so much the question as it is, i think we can all agree, that a lot of the material that has been released because of him has been very damaging to the united states. it's certainly been damaging to our allies, our relationships with our allies.
5:54 am
i realize as you and others do that some of our allies have said how terrible it is we're doing this. has to make one think of the scene in the movie "casablanca." i'm shocked to see this going on knowing they're doing very similar things. but having said that, there were things that created great problems for us. so any question is, first, have -- can you say with confidence that you now have checks and balances at nsa to stop this from happening again? and secondly, has anybody been disciplined at nsa for dropping the ball so badly? >> so first, chairman, on the
5:55 am
checks and balances and the things we've done, that's the 41 different actions that i discussed for senator grassley that our technology director is using. that does employ best industry and best practices that we have. it has drastically improved that capability. >> these are subsequent to the snowden -- >> that's correct. this is all since the snowden thing. this gets into compartmentalizing and encrypting data to creating communities of interest. and we do have three cases that we're currently reviewing, working our way through that i don't want to prejudge given my position, that we will fully inform this committee of action we've taken once that action is complete. so we are doing that. >> now, first off, those 41 steps or 35 or whatever, i would
5:56 am
hope that this makes it better. the obvious question comes up. why weren't these steps taken before? was it because there is a sense of confidence that we are the nsa, we will not make a mistake, or was it just -- well -- >> actually, chairman, the reason is happened is his job was to move data. he was the person who was to move the books from point "a" to point "b." he was the share point server, web server administrator. his job was, in fact, to do what he did. and therein lies part of the problem. we had one individual who has a responsibility to move that data who betrayed that trust. we believe that they would execute that duty faithfully and in a manner that everybody had agreed should be done.
5:57 am
>> to use your analogy, general, let us say i run a company that sells millions of dollars worth of diamonds. i'm going to have to transfer them from my warehouse in this state to my warehouse in this state. now, am i negligent if i say, boy, look, we got this 29-year-old subcontractor, here's the keys to the car, the truck that carries all these diamonds, get them there safely. by the wary, here's a map. or is it better off i have two or three people who check on how it gets there? >> so prior to this event, it was standard that one person would do one job and he'd have back-up help. you'd have oversight of that. but in doing that job, it's very difficult, if not impossible, to see that person replicates a copy of what he took.
5:58 am
a little bit different than in the diamond case, but your point is well taken. you wouldn't give the guy the keys to the car to drive your diamonds across state, especially when you didn't know him. in this case, what we've done is input a two-person rule just like you would for that for these specific issues. you'll see that in parts of the write-up. i would also point out one of the notes i got is from the wikileaks. we were all implementing the wikileaks issues that had been found through the inner agency process. so we were implementing that. this specific vulnerability that he exploited was not found in the wikileaks area. and there were some specific things that i'd prefer not to go into here because -- >> can i suggest that there's still going to be people out there who are going to want to find more things? would we both agree on that? >> absolutely. >> and can we also agree that the vast majority of people work with you, and i do believe this, are very honest and would not
5:59 am
want to do anything to betray the country they serve. is that correct? >> absolutely, chairman. >> thank you. i talked about the collection programs. that's one thing. the other thing is do we really need to be collecting massive amounts of data on innocent americans just to keep us safe? just simply because you can do something, does it make sense to do it? we had a question entirely different before this committee once when i raised the question about roadblocks being set up by our border people in vermont and one of our interstate highways about 40 or 50 miles from the canadian border. they said with great enthusiasm that, well, over a period of "x"
6:00 am
amount of time, they found four or five illegal immigrants and collected "x" amount of marijuana and some cocaine. i said, wonderful. they spent a huge amount of money to set up this roadblock inconveniencing everybody. i said, look how much more you could collect if we set those roadblocks on every single bridge coming into washington, d.c. in the morning. a couple hundred thousand, 200,000 people come in from maryland. a number from virginia and west virginia. unless we have something cataclysmic like two inches of snow. then of course we have to close. vermont, anything under ve inches of snow is called a dusting. i digress. but the fact is -- but not much. the fact is, if we set those kind of roadblocks, we'd collect hundreds of illegal immigrants. we would collect huge amounts of
6:01 am
illegal drugs. and probably other contraband. would we do it? no. i mean, the place would come to a screaming halt, and there would be those people who are totally innocent who might be screaming about it, including chairs of various oversight committees. but my point is, we've already established that the 215 section phone records program was uniquely valuable in one terrorism case. the nsa shut down a collection program related to internet metadata because it wasn't meeting operational expectations. and i was concerned learning nsa has done an assessment on the effectiveness of about collection under section 702
6:02 am
despite the fact the program mistakenly led to the collection of thousands of domestic e-mails, including their contents. we can do a huge amount, but then at some point you have to ask, what did we get out of it? so general, i'd ask you this. shouldn't the nsa assess the utility of its various collection methods in a systematic way, especially if they pose a risk of obtaining americans' communications? i mean, the question would be very simple if we were talking about going into everybody's home to look at their letters and their files and their -- those personal things. but somehow we're looking at it different by because it's out there electronically. >> senator, chairman, that was exactly why under the pen register trap and trade the e-mail metadata program when we
6:03 am
looked at that, we -- and i was the key nsa official to say this program does not meet the operational requirements for the amount that we're putting in, and we recommend to the dni and the white house that we stop that and inform congress. so we made that operational decision based on what we got for what we put into it to what it cost us. we're doing the same on the business records, fisa, the metadata program. here's the issue quite candidly -- >> you're doing that now on the prtt? >> we did the prtt back in 2011 when we stopped that program. that was based on my recommendation based on working with our people to look at what we're doing. >> did you find any terrorism plots? >> with the pen register trap and trade? i'd have to go back and get you the specifics on that. that'll take more than
6:04 am
wednesday, though. but i will get you that answer. >> okay. because i'm thinking when the deputy director testified, there was only one time where section 215 -- >> right, so now we're going to 215. the issue i have on 215 and why i am so concerned, i agree that what congress, the courts and the administration had given us here is extremely intrusive taken in its whole, but the way we've put the oversight in compliance and the regiment we have around it and the oversighted in congress ensure we're doing this right. the frequency that we look at that, less than 200 numbers now approved, and less than 300 for all of 2012, from my perspective, that shows that we're being judicious in how we do it. there is oversight by all three branches of the government and complete audit ability in every action that we do.
6:05 am
we can't -- we don't have a better way of doing this. that goes into that question of industry. so my question is, i don't know a better way to do it. and i'm being completely candid. i'm concerned with all that our country's going to face, that we will have failed the nation if an attack gets through. so you've asked us to do that. i can't think of a better way. i think this is where industry -- do they have a better way of doing it? we ought to put it on the table and argue that through all branches of the government. nobody has come up with a better way. and so that's my concern with the metadata program we have today. i can't think of a better way. it's like holding on to a hornet's nest. you know, we're getting stung. you've asked us to do this for the good of the nation, to defend the nation, to get the intelligence we need. nobody's come up with a better way. if we let this down, i think we'll have let the nation down. so that's why i'm concerned.
6:06 am
>> general, i realize the world changes, but i think back to my days as a young prosecutor, and without going into war stories, i remember when as a member of the executive board of the national da's association, we had a meeting with j. edgar hoover. four or five of us, we went across the spectrum politically. we were all chilled by what we heard from him, his disregard of the constitution, his willingness to do things -- he explained to us, there's no such thing as organized crime in america, even though of course there's a massive organized crime operation at that time. but we had to fear communists. he even suggested to us that "the new york times" in its editorial policy was very close to becoming a communist newspaper and he was about to investigate it as such.
6:07 am
i'm serious. i'm thinking what it would have been like if he had the power that you and the nsa have. and that's -- i had a friend who died in the towers, 9/11. i think about that all the time. i think of my wife who is a medical surgical nurse at arlington hospital going there, even though she'd retired, to volunteer to help with the wounded coming from the pentagon and told there were no wounded. you were either alive and walking or you were dead. there was nothing in between. these things sere in your mind. you don't want this to ever happen again. but i also think of the j. edgar hoover type thing. i think as an american, it's very easy to go to another country and complain to them about their police state. i'm not suggesting that's what you are, but their ability to go and listen in on everybody,
6:08 am
search everybody. we give up a lot of our privacy in this country. and frankly, i worry about giving up too much. and can we be totally secure? of course we cannot. you can't be totally secure going out to dinner in the evening from some random shooter, who isn't even aiming for you. so, i mean, i look at the administration declassifying a number of fisa court opinions. they get credit for doing that, but there's been no release of any fisa court opinion from the 2006 time period contending legal and constitutional analysis of the section 215 phone records program. is that because it didn't exist or hasn't been declassified? and i ask this question -- and
6:09 am
i'll let mr. cole give me an answer to that at some appropriate point, but i really feel that our oversight has not been adequate or that so much of it is done secretly that it's too easy to say, if you knew what we knew, you wouldn't ask us questions. and i worry as technology gets greater and greater the temptation, whether it's this administration, the next administration, or the administration after that, for people to misuse it. so i know i've been critical of these things. i hope none of you take it personally. but as a vermonter, i'm very concerned about my privacy and everybody els. did you want to add anything mr. cole, mr. litt, or general? >> mr. chairman, you know, i think that we are all concerned to make sure that we get this
6:10 am
balance right and that an important part of that balance is transparency to the american public, keeping their trust in what we're doing, making sure that while doing that we don't compromise our abilities to be able to use classified techniques that will help keep them safe. but that's -- there's a tension between those two. and there always has been. and finding that right balance is always something that is difficult, but it is our job. and it is our collective job in all three branches of government, including with oversight from the united states congress as a very important part of that. so i think the path that we are on now is very much the one you're describing of trying to make sure that we find that line and find that balance of giving the information that we can give providing the transparency while maintaining the operational integrity of what we're doing. we shouldn't be saying to you, particularly from an oversight function, if you only knew what we knew, you would say we're
6:11 am
doing fine. we should be in a position to be able to tell you what we're doing. >> mr. chairman, if i can just add a couple points. the first is, as i'm sure you know, there's nobody in the intelligence community today who operates on the assumption that you ascribed to j. edgar hoover before that i don't care what the constitution says. everybody is singularly in focus on complying with the constitution and the law. as you know, in all the material that's come out, there's been no suggestion of any willful abuse or violation of privacy of people. the compliance violations that have occurred have been technical. they've been unintentional. nobody's been out there attempting to illegally spy on americans or anything else. but the other point i want to make is sort of a more philosophical one. because the point you raise about worrying about the next person is of course something that was a concern all the way back to the framers of the constitution, which is why they set up the constitution with checks and balances to try to
6:12 am
ensure that the innate fen den si of human beings with power to seek to abuse that power is checked. that's what we've tried to accomplish within the intelligence community with the degree of oversight that we have. the number of people who are looking over other people's shoulders, the number of reports that have to be done, the technological controls we have in place. as general alexander said earlier, if there are ways we can do that better, we're open to that. we'd like to ensure that there's oversight that is sufficient to persuade the american people that we are doing the right thing on their behalf. but we do think it's important that the -- in considering what to do we don't throw out that the baby of national security with the bath water of oversight. >> and if there are better ways of doing things, if there's any silver lining in the snowden matter, you are taking, as i
6:13 am
understand from general alexander's testimony, you are taking the steps to make sure that colossal mistake wouldn't happen again. >> we're going to do our best. >> general? >> chairman -- >> and after you speak, general, i'm going to turn the gavel over to senator whitehouse. he's a nicer person. >> chairman, first, two things. as you correctly stated, there was one unique case under 215 where the metadata helped. there were seven others where it contributed and four where it didn't find anything of value and we were able to tell the fbi that. now, that last part of value, i want to point that out. this summer there was a big issue on terrorism that we all went through. this program helped us understand was that focused on the united states or elsewhere. we used that program to determine none of those leads were coming into this country and were able to focus our efforts elsewhere, which really
6:14 am
helped both the intelligence community and the fbi in that case. the second part, you know, i've been in this job for a little over eight years. and my experience from dealing with the people that we have, dealing with congress, the courts, and the administration on this is our folks take the constitution to heart. we have to -- we see this as two roles. defend the nation and protect our civil liberties and privacy. everybody at nsa, including myself, takes an oath to that constitution that we'll support and defend the constitution. and you know the rest of that. and i would tell you that the oversight we have, especially by the courts, ensures that what happened that you brought up will not happen here. from my perspective, we have great oversight in this program. and at times, i complain that the oversight was so robust that it was crippling, but now you can see that everything that we've done, all the things that have come out, were either self-reported or brought out. they weren't revealed by
6:15 am
snowden. we had already reported those incidents. i think you can see that we're acting well and faithfully to discharge those duties. just to correct one thing to add to what bob said. there have been no willful or intentional violations under the 215 or 702. as you do know, there were 12 under executive order 12333. in both cases, all the violations we know about we've self-reported. some of those we knew would be significant. we brought them up to the white house, to the dni, to the department of justice, to the courts and to congress. we made a mistake. these were not intentional. they were significant. and you've read the court things and you read some of those. but from my perspective, i think we should take great pride in the fact this agency in every case reports on itself, tells you what it did wrong, and does everything we can to correct it. >> thank you.
6:16 am
senator, why don't you take over here. i apologize to the next panel that i'm going to -- i may not be able to get back. i'm going to try to. you want to take the seat here? >> sure. i'll do that when the panels shift. but let me just take a little bit of time myself right now with this panel before they're excused. first of all, we are at a time where we have entered a new technological era. the era of big data. and i'll loosely and unprofessionally define big data as the ability to have enormous amounts of data that don't get looked at and figure out once they're aggregated how to search for things in that big heap of data. that raises questions about whether the aggregation is a search or not a search until a human being actually asks a
6:17 am
question and the information gets to another human mind. some of these are pretty difficult questions we have to work our way through. i think the attention the committee is paying to this is a very sensible attention. but our national intelligence establishment is not the only group that is playing in this big data area. we all know that google and other private sector providers are very, very actively in big data, data mining and doing things like that. what can you tell me about what other governments are doing without ses if iing names and releasing any security information. i take it that other foreign sovereigns are doing very aggressive things in this space to try to pull as much information as they can as well out of the cloud and out of the capacities of big data. who'd like to take that?
6:18 am
general? >> senator, i have some experience in that. my opinion, none of them have the oversight by all three branches like we do. either their parliaments, congress, courts and their administration. >> understood. my point is that they're all out there doing it. >> they do. well, not all. >> well, the ones who have capability. the most powerful ones all do it. >> that's right. >> and if we were to pass a law that prevented our intelligence and defense establishment from operating in that big data atmosphere, we would be essentially unilaterally disarming in an arena in which other governments are very active. is that true? >> that's true. in fact, i think some have likened it to -- because we have a powerful intel community or powerful navy, we would tell our submarines to surface in those areas where people -- their subs aren't as good.
6:19 am
>> so they're -- and the actual collection of data in the sense that it is brought to the awareness of a human mind somewhere has to be overseen very scrupulously. as i understand it, this operation is overseen by multiple inspectors general, multiple general councils, multiple federal executive agencies, nsa connects in ways that provide varying levels of visibility, but in most cases complete visibility to our department of defense, to the fbi, to the department of justice, jim, to the odni, the office of -- the director of national intelligence, to the president, to the national security council. so there's considerable attention that is being
6:20 am
dedicated to this. we have a court that is dedicated to this that reports to the supreme court. we have this legislative committee, the senate intelligence committee and the house committees. so it's hard for me to think of whatever we might do to add to the level of oversight. i think we may make it more efficient and effective, but i don't want anybody to leave this hearing thinking we just kind of leave this question to the nsa. we have built a system in which every branch of government and within those branches of government, in many cases multiple different agencies and in some cases within those agencies and some independent sectors all compete to have a look and make sure the right things are being done. so i'll let you all go. i appreciate what you're doing. i understand that we need to get this right.
6:21 am
but i think it would be a mistake to yunilaterally walk away from the realm of big data to protect our national security when we're perfectly comfortable with private companies doing that to make money and to find out more about us so they can market to us better and when foreign governments are energetically penetrating this space in order to accomplish similar results. and i think nobody should leave this hearing not aware that the layers of oversight and checking and double checking and triple checking that are done here are very, very rigorous and considerable. i know you have to live with that all the time. if you'd like to make any closing comment to that, you can do that. otherwise, i'll let you go. >> i think you summarized it very well, senator. >> all right. we'll leave with that. i appreciate very much you all being here. thank you for your service to our country. >> thank you, senator. >> we'll take a minute and call up the next panel.
6:22 am
6:23 am
>> it was hard to get bob litt out of here, professor. he loves it so much being in front of us. all right. let me ask the panel to stand to be sworn. do you affirm that the testimony you're about to give to this committee will be the truth, the whole truth, and nothing but the truth so help you god? thank you very much. please be seated. i am delighted to welcome our second panel on this important issue, and why don't i just go
6:24 am
right across the table and ask each of you to make your opening statements and we'll do collective questions at the end. we may be rejoined by a number of my colleagues. this is the time that the administration briefing on iran is taking place in the classified area. so obviously that's of interest. we'll start with ed black, who has been the president and ceo of the computer and communications industry association since 1995. he previously served as chairman of the state department's advisory commit' on international communications and information policy, and he worked as chief of staff and legislative director for two members of congress. mr. black, welcome. please proceed. >> thank you, senator whiteho e whitehouse -- for the opportunity to be here. thank you, senator whitehouse. this is an important subject.
6:25 am
i want to start out by just pointing out that 16 years ago the white house charted a course for a vibrant internet economy into perceptive magazine report. the first u.s. government policy statement addressing the needs of internet commerce. that policy statement correctly identified user trust as the foundation of internet commerce. it noted, quote, if internet users do not have confidence their communications and data are safe from unauthorized access or modification, they will be unlikely to use the internet on a routine basis for commerce. that may sound rudimentary today, but we should not take for granted decades of progress in kree yagt security and fostering user trust. and we should not discount out easily that foundation can be damaged. the broad nsa surveillance regime and the way it has been received internationally has harmed u.s. companies, u.s. competitiveness, and the internet itself. the u.s. government must be proactive in addressing these
6:26 am
concerns. the status quo is no longer an option. if we do not act, we will put at risk our economic security and undercut our diplomatic ability to influence the future of the internet. therefore, mr. chairman, c, i supports the usa freedom act and look forward to working with the commit' and staff on this important piece of legislation. a healthy global internet is a source of american competitive advantage. the u.s. itc documented a growing digital trade surplus. our global competitiveness is not just good for commerce. it is an essential component of our long-term national security. the internet doesn't only benefit the u.s., however. the open internet provides great global commercial benefits. the internet economy in g-20 countries is expected to reach $4.2 trillion by 2016. 21% of economic growth in mature economies over the past five
6:27 am
years is attributed to the internet. traditional industries are the beneficiary of 75% of the economic value derived from the internet. thus, we should not underestimate the internet's role in global economic development, which in turn has its own security benefits for the united states and the rest of the world. the nsa's practices clearly impact the business of u.s. internet companies. so much of online commerce today is fundamentally based on trust. if users are going to turn over very sensitive, personal, and confidential information to accompany e-mail and other cloud services, they need to believe the company will act as a responsible steward of their data. although, traditional debate on utility of broad surveillance has focused on hard power arguments, one must not overlook the effect on soft power. it is important to recognize the dramatic effect these revelations have had on our international and diplomatic authority. particularly in regard to the
6:28 am
future of internet governance. last year's conference showed us that through this deep international division of over whether to subordinate the open internet to world governments, including repressive regimes, the u.s. needs to be a beacon for freedom and openness in this battle. given these risks, we propose enhanced transparency and procedural reform, clearer protection for americans, and baseline protections for international users. with regard to transparency and procedural reform, we think all governments should share with citizens meaningful information about their surveillance laws, their legal interpretations, and judicial procedures that govern the exercise of this powerful authority. of course, the u.s. cannot demand this from others unless it leads by example. furthermore, companies should be permitted to disclose publicly to their users the precise volumes of requests from governments.
6:29 am
businesses should not only be prermted to release transparency reports but encouraged to do so. we categorically reject the notion that open government will cause undue damage to security. transparency and criminal surveillance have been the norm for years and have not appeared to materially affected law enforcement. in order to present a robust check on the government, the fisc must also evolve to include a well-resourced advocate to provide an alternative view point, particularly in situations involving novel questions of law. second, focusing on protection for americans. federal laws addressing the circumstances in which the government may collect american data for national security purposes are badly in need of reform. collection of metadata is one area that is most obvious as it reveals a great deal of sensitive, private information. furthermore, important first amendment rights of association are implicated by the government assembling its own version of
6:30 am
your social network and their own analysis. the usa freedom act addresses this problem by explicitly prohibiting this type of collection, both on the internet and on telephone net works. that's one of the reasons we are supporting it. third and finally, protections for foreigners. a difficult subject to deal with but despite the global interconnected nature of the internet, the u.s. national security policy continues to presume u.s. citizens deserve protection from unwanted surveillance while others do not. if foreigners lack baseline privacy assurances, foreign competitors will supplant u.s. leadership in internet innovation and digital commerce. thus, undermining strategic economic and other security interests. this is especially true going forward as foreign markets are increasingly important. thank you very much for the opportunity to testify. look forward to your questions. >> thank you very much, mr. black. our next witness is julian sanchez, who is currently a
6:31 am
research fellow at the cato institute, focusing on the intersection of technology, prooif circumstances and civil liberties with a focus on national security and surveillance issues. he previously served as the washington editor for a technology news site and has written for a wide array of publications. mr. sanchez, welcome. >> thank you, senator whitehouse. it's a privilege to address this committee. i want to begin my suggestion to step back from the details of the disclosures in recent months, we find a disturbing pattern across multiple programs and authorities focusing in particular on the metadata program, the now defunct internet metadata program and upstream collection under section 702 of the fisa amendments act. in each of these cases what we see is extraordinary but nevertheless limited authorities were secretly interpreted in
6:32 am
ways that permitted far more extensive collection than certainly members of the general public and even i think many legislators believed at the time of passage had been authorized. this was done in part because the fisa court, which was established on the premise that it would be authorizing and finding probable cause in cases of specific and traditional targeted surveillance, instead found itself in the position of addressing broad programs of surveillance, often involving novel, legal, or technological issues. it's not clear that body was well established to consider. in the metadata cases, these interpretations took to form of an unprecedented reading of relevance that held entire databases containing information about millions of admittedly innocent americans to be relevant on the grounds that a fishing expedition through those records might ultimately turn up evidence that would not otherwise be detected in the absence of some specific grounds
6:33 am
for suspicion. that is probably true, but it is of course true of any phishing expediti expedition. there is no real limiting principle in that argument for any type of records. i was particularly disturbed to hear earlier, mr. litt refuse to reassure us that the scope of the records obtainable under section 215 does not exclude the contents of digital communications or cloud stored documents. it's also particularly troubling to see this applied in the case of the internet metadata program, because in that case, the short-sighted holding of smith versus maryland was applied as though it referred to metadata generally, which is certainly not a term we find in had the 1975 decision. when in this case, it involved e ma e-mail metadata that's never processed by the internet
6:34 am
backbone provider from whom it was presumably obtained. there's an additional constitutional question in that case. in the case of 702, we know the supreme court relied on the recent ruling in amnesty v. clapper on representations that only communications to or from specific overseas targets were being intercepted. we now learned, of course, that also communications referring to overseas targets would be intercepted and in many cases for technical reasons, a single e-mail meeting selection criteria would lead to the entire inbox of the commune cant being obtained, including again potentially entirely domestic e-mails on what the court believed could be a scale of many tens of thousands per year under that one collection program. in each case, additionally, we learned that for months or years the actual technical details of how these programs operated were misrepresented to the fisa court, which was of course therefore not able to
6:35 am
effectively conduct oversight and in each case, again, elaborate safeguards and restrictions imposed by the fisa court as a condition of authorizing those programs were effectively neglected because of the vast scale and complexity of those programs. additionally in many cases, we found that the claims of efficacy made at the time don't appear to have held up well over scrutiny from many dozens of foiled terror plots we've gotten down in the case of the metadata case to one instance involving funding and material support where it appears to have played some uniquely valuable role. given the limitations imposed by the fisc, it's not clear why more traditional targeted records -- orders could not have been used without incidentally sweeping in millions of innocent persons' records. we are assured that the problems detected with these programs have not been willful or intentional. this is not especially comforting to me for several reasons. the first is that if we look to history, we find that in
6:36 am
general, abuses of intelligence powers were committed by people who were well aware of the oversight mechanisms in place who often took elaborate steps to gain those restrictions. in the cases of bradley manning and edward snowden, steps were taken to evade oversight mechanisms. we know that certainly happened many times in the past. it's why abuses went undetected for so long. additionally, the scale of collection itself makes abuse more difficult to detect and less likely to be detected when it does occur. think of the case of illegal wiretaps it of the southern christian leadership conferences' offices. that at least was halted by an attorney general who found the suspicious fact the wiretap existed and there was record of it. when you're doing collection on this scale, the mere existence of communications or records about an innocent party are not themselves that kind of essential indicator. finally and most generally, i would just encourage the committee to think architectu l
6:37 am
architecturally. we should not authorize extraordinary architectures of surveillance on the basis that we now have great confidence in the probity of the persons controlling the levers. james otis, whose condemnation of the writ of assistance was part of the inspiration for the fourth amendment, condemned those writs saying it is from their mere existence that every household or in the province becomes less secure. and there is a sense in which while they may serve some role in protecting us against foreign attacks, we are less secure when the government maintains vast databases on americans without particularized suspicion. i thank you and look forward to your questions. >> thank you, mr. sanchez. our final witness is professor kerry cordero, whose bio i have just mislayed, but i'm sure you can get me another one very
6:38 am
quickly. thank you. she is an adjunct professor of law and the director of national security studies at the georgetown university law school. she's previously held several national security related positions with the department of justice and the office of director of national intelligence. she's also testified before this committee before. welcome back, professor. please proceed. >> mr. chairman, thanks very much. thanks for the opportunity to return to the committee. since the october hearing, the conversation, i would suggest, has shifted somewhat from where it first was. first, i would suggest that the conversation has evolved from objections to specific programs to a discussion of our understanding of intolerance for foreign intelligence surveillance activities more broadly. second, the legislative proposals are coming closer to scaling back national security legal authorities in a way that might take the country back to pre-9/11 standards. and third, the path forward on authorized public disclosure in a way that's responsive to the concerns of the previous sector remains a worthy goal but still a significant challenge.
6:39 am
with respect to the metadata collection under the business records provision of fisa, the power of metadata. basically, this argument is that metadata is a powerful tool, can reveal an awful lot about us and there should be limits on the collection and use of it. i don't disagree with the general proposition, but the problem with the argument made on 215 is that the worrisome assemblage of americans' metadata bears no relation to the existing 215 program congress is currently considers. it does collect an enormous volume of americans' telephone detail records, but the collected information does not appear to include content of phone calls, names of subscribe subscribers, payment information or location information. the vast majority of it is never viewed by human eyes and the records are handled under court order rules. so of the arguments that congress should outlaw collection altogether for better or for worse, every day americansout-law bulk
6:40 am
communication all together, we all, regular people, government leaders, as well as those who are national security threats, use the internet, computers and smart phones to communicate. and so just as everyday citizens should not with expected to con ve convert to the postal service or land lines. it is just as unrealistic to expect citizens to unplug as it is to expect or require the nsa or the fbi to use 20th century collection, analytic or investigative techniques to protect the nation from 21st century threats. a few observations on s-1599, the usa freedom act that has been submitted. sections 101 and 201 would change the legal standards to implement devices by applying connection to an agent of a foreign power.
6:41 am
the likely intended effect of these provisions is to eliminate the 215 bulk telephone program. it would have far more existing consequences. the standardings are currently aligned on the national security side with investigative authorities in the criminal context which operate on a relevant standard. by raising the standard, these zexzs would render these techniques nearly useless which is when they are precisely most useful. these changes could return us to the days prior to 9/11. similarly, section 501 would amend the national security letters by requiring the requested record to also have a connection to an agent of a foreign power. this would have a similar effect in sterms of severely limiting
6:42 am
the fbi's ability to kublgt investigation. 301 would appear to inhibit the intelligence community from section 702 of fisa to search for u.s. personifications. the nsa can query the communications already acquired under 702. the proposed legislation would only take place with a criminal warrant prior to judicial approval based on probable cause. and in my written statement, i give an example of how this could po tenl shlly play out in practice. a few words just on a particular
6:43 am
proposal to enhance transparency that's in the bill. in my view, there's substantial value with the executive branch of the private sector to rebuild confidence between them. but a particularly problematic proposal is section 502. i believe that this is not only targets but persons of communications who are incidentally collected. if that's the sbent, it would actual actually grade the sbel juns community personnel, look at, grade, keep records aport and record on information for records that they would otherwise be in pursuit of discovering, analyzing and reporting only foreign intelligence information.
6:44 am
so, again, thank you for the opportunity to be hear today and i look forward to your questions. >> thank you very much. let me start with a question for mr. black. there is legitimate concern that the knowledge of our national security activities cast a shadow on the ability of american companies to compete internationally. that was the basis of your testimony. do you believe that foreign customers, if they sign up for a service with waweah, that the chinese government is not looking into this data? or the russian government, if they sign up, in areas under its jurisdiction, or the french government, for that matter? do you think that the yiegts government is the only government that's frying to take
6:45 am
advantage of big government? >> ill do think the reality is that governments in general are inclined to want more and more information. too much. it's what we address in our testimony is, in fact, standard that all governments should be asked to undertake disclosure in terms of limits. the difficulty is that the yiegts is in a difficult position in credibility when we -- >> are you saying the russians are more advanced than the united states is? >> i'm not doing a come parson. i'm simply saying that i don't think most people, the citizens and the customers of the world,
6:46 am
think that united states laws -- first of all, i do believe you have to protect the balance of this, don't get me wrong. >> but are there any other countries for the next behavior? >> is there another country that has a bet ere -- >> i think there's many that don't do as much as we do. >> i can name some. there's very tiny little countries that probably don't have a phone system. but in terms of the major economic and political actors on the stage. >> what do we want? tremendous empowerment, tremendous dip low matic and political opportunities and -- for billions of people around
6:47 am
the world? do we want one where people can have association with other people without being spied on by their government ord our government or any other government? is that a desirable outcome. if so, how do we take steps in that direction? or do we accept the reality to go into maximum collection and go in the big brother direction as far as we can go. i don't think that's a future i look forward to. it's difficult to want to restrain especially with our government who really do believe in the motivation of what they're doing. but they are zealous and more effective. and they are, in fact, in a position where they are able to gather a great deal of information. >> so you think our government security services are more dangerous to civil services than china and russia?
6:48 am
>> are they more interested? absolutely. no doubt about it. >> you agree that our government ov overof our national oversite is far more -- >> once again, i can't compare to other people. i don't know the details. i certainly had a presumption of that. do i any we have lived up to the best intent and good faith of our constitution with the legal constructions, no, i don't think we've lived up to the principles. the core prince pms of the first amend. and fourth amenldsment, as faithfully as we cocould. are we better? of course. that's not a question that i think is fair.
6:49 am
you take a different view than the courts that have overlooked this. >> i think some are in a position of higs tor kal base. >> with the business records -- >> there's no present decision by any court that suggest that is there's been -- that this is operated in violation of the fourth amendment. it would take a new dwgs to decision to make that conclusion that has not yet been rebderred by any court. is that correct? >> i'm not confident enough. i have some great councils that work for me. i would suggest the various efforts to get those questions raised. >> you're the one that said this is in operation of the fourth amendment. i'm asking you if you can support a case for that proposition? >> kouncounselor -- you know, i believe the fisa court made ruling that certain practices -- >> orders! the ord rs. . >> that's not in the
6:50 am
constitution. >> professor, for how long has incidental collection with communication with people who are not the sublt of the warrant been a fact in law enforcement? >> well, both on the criminal side and on the national security side, there always is going to be incidental collection. so the criminal tieltle three wiretaps hanldle it in one way. on the national security side, it's for the u.s. personalization. it's always been a factor. the min mization procedures, particularly on the -- any of the fisam min mization features are approved in the kourlt. >> so, for as long as there has been any authorized government exceptions communicationings.
6:51 am
>> that's right. >> i wonder if you could tell me your position on some kind of adversarial process as i have advocated as a constitutional advocate and other forms in the fisa that might be feasible. >> i would step back from a moment and just say that in cases where you have something that is an authority clearly envision something relatively targeted to acquisition and records with nexus to terror espionage schts. the appropriate move, at that point, is if it's believed that some sort of bulk position used
6:52 am
in that authority, is to return to congress and not leave that decision in the hands of the fisa court. >> when a request is brought too effectively, i think it would be better to have congressional authorization. in closer cases, i any what we can see from some of the opinions that have been release ds first, i think it would benefit the court's proceedings to have. but also, i think in particular to have technical expertise. i alluded to earlier with respect to the use of pen register authority to use interim data where you don't just have the number and the content. but layerings of method data and content.
6:53 am
>> do you think that we aught to have a constitutional advocate? >> i think that would be extraordinarily helpful. but, also, i think a technical adds vise ri capacity of some kind would be useful. sometimes, the most difficult about the ways they intersect in surprising ways where, often, there isn't on point. >> i galter there is no need for some sort of an adversarial process. you would be willing to support some sort of process? >> thank you, senator. sernlly, since the oblgt hairing, this conversation has evolved. there are different proposals. in my view, as we just said in the prior hearing, based on the kurnts procedures that take place wnl the department of justice and the intelligence
6:54 am
community and the court, in my view, i think that the kurnts process is independent. these are independent article iii judges who make judges on their own. in my view, there doesn't need to be an adversarial process and i think the current process is su fishlt. however, tweenl the proposals between us establish iing betwe an advocate if the court believes it needs it. >> and that's because your loathe to create a bureaucracy? or what is the reason? >> sure, several reasons. there's multiple offices and legal aufgss and different layers of management that are involved in reviewing fisa matters.
6:55 am
i think it is already bureaucracy heavy. and the wail that the aufgs is describing these legislative proposals, it would simply add to that process. i am concerned that overtime, there has been a very constructive relationship between the executive brampk and the fisa court. i also worry that the office of special advocate would in so some way advocate harm that sort of established relationship of trust by being in the middle. with respect to the proposals to- >> sntd the problem this relationship of trust has actually undermined trust in the american public? and really threatens to completely e vis rate comforts and operates in skrelt and makes
6:56 am
secret law. and, in the end, the relationship of trust would undermine the whole system? it will have to operate in secret, too. so just as the creation of the fisa court in 1978 and the creation of the office that worked in the justice department that was an independent, not political office at the time was created to be this independent participant in the process. now, people don't put -- in terms of the meeds future, i don't actually think in the long term, because it will operate in secret. >> it will operate in secret
6:57 am
that could provide for some greater measure of transparency. it affects americans around the world or at least in our country. but anyway, my time is expired and thank you to the witnesses for being here today. thank you, senate tosh. i'm also grateful to the witnesses to help conform about this committee. we go about our decisions. i welcome them. and we have two weeks? we will hold the record of this hearing open for wasn't additional week for any further materials anybody wishes to submit. and with that, we will adjourn the hearing.
6:58 am
[captioning performed by national captioning institute] of what he took.[captions copyright national cable satellite corp. 2013] >> treasury secretary jack lew
6:59 am
will be on capitol hill this financial systems. you can see that on c-span three at nine 30 a.m. eastern. in a few moments, today's headlines and your calls live on "washington journal." the house of representatives is in session for general speeches at 10 eastern with legislative business at noon. today's agenda includes consideration of a budget proposal for the next two years, a bill that was worked out with the leaders of the congressional budget committee. in 45 minutes, we will discuss withpposed the budget deal kurt schrader of oregon, a member of the budget committee and will be joined i budget committee member representative sean duffy, rep -- i wisconsin republican. small we will look at how
7:00 am
businesses are being affected by the affordable care act. ♪ good morning, everyone. it is thursday, december 12. it has been an all miter on c- span 2. republicans protesting last months rule change on filibusters. it will be a busy day on the house for -- floor. they're slated to vote on the two-year budget deal to avoid another government shutdown. also on the docket, a farm bill extension. and the defense authorization bill. live coverage on c-span at