Chaired by: Representative Robert Goodlatte (R-VA)
Witnesses:
James Cole, Deputy Attorney General, U.S. Department of Justice
John Inglis, Deputy Director, National Security Agenc
Robert Litt, General Counsel, Office of Director of National Intelligenc
Stephanie Douglas, Executive Assistant Director of the National Security Branch, Federal Bureau of Investigatio
REPRESENTATIVE ROBERT GOODLATTE (R-VA): Good morning. The Judiciary Committee will come to order, and, without objection, the chair is authorized to declare recesses of the committee at any time. We welcome everyone to this morning’s hearing on oversight of the administration’s use of FISA authorities, and I’ll begin by recognizing myself for an opening statement.
Today’s hearing will examine the statutory authorities that govern certain programs operated under the Foreign Intelligence Surveillance Act, or FISA. Since the unauthorized public release of these programs, many members of Congress and their constituents have expressed concern about how these programs are operated and whether they pose a threat to American civil liberties and privacy. We have assembled two panels of witnesses today to help us explore these important issues.
Last month, Edward Snowden, an unknown former NSA contractor and CIA employee, released classified material on top-secret NSA data collection programs. On June 5th, The Guardian released a classified order issued by the Foreign Intelligence Surveillance Court requested by the FBI to compel the ongoing production for a three-month period of call detail records or telephony metadata. Telephony metadata includes the numbers of both parties on a call, unique identifiers, and the time and duration of all calls.
On June 6th, classified information regarding a second program, the PRISM program, was reported by The Guardian and The Washington Post. News reports describe the program as allowing the NSA to obtain data from electronic service providers on customers who reside outside the United States, including email, chats, photos, videos, stored data and file transfers. Both of these programs are operated pursuant to statutory provisions in FISA, or the FISA Amendments Act.
FISA was enacted to provide procedures for the domestic collection of foreign intelligence. When FISA was originally enacted in 1978, America was largely concerned with collecting intelligence from foreign nations such as the Soviet Union or terrorist groups like the FARC in Colombia. FISA set forth procedures for how the government can gather foreign intelligence inside the United States about foreign powers and their agents.
The intelligence landscape has changed dramatically over the last 30 years. Today, we are confronted with ongoing threats from terrorist organizations, some of which are well-structured but most of which are loosely organized, as well as threats from individuals who may subscribe to certain beliefs but do not belong to a specific terrorist group.
The FISA business records provision, often referred to as Section 215 of the Patriot Act, allows the FBI to access tangible items, including business records, in foreign intelligence, international terrorism and clandestine intelligence investigations. Unlike grand jury or administrative subpoenas in criminal investigations, which can simply be issued by a prosecutor, a FISA business records order must first be approved by a federal judge.
Similar to grand jury or administrative subpoenas, a FISA business record order cannot be used to search a person’s home, to acquire the content of emails or listen to telephone calls. It can only be used to obtain third-party records. Critics of the metadata program object to its breadth – namely, the ongoing collection of all customers’ telephony metadata – and question whether this program conforms to Congress’s intent in enacting Section 215 of the Patriot Act.
I hope to hear from today’s witnesses about this; about how the collection of this metadata is relevant to a foreign intelligence or terrorism investigation, and about whether a program of this size is valuable and cost-effective in detecting and preventing terrorist plots.
In the 40 years since FISA’s enactment, communications technologies have changed dramatically and revolutionized the transmission of international communications. The shift from wireless satellite communications to fiber-optic wire communications alter the manner in which foreign communications are transmitted. The use of wire technology inside the United States to transmit a telephone call that takes place overseas had the unintended result of requiring the government to obtain an individualized FISA court order to monitor foreign communications by non-U.S. persons.
Congress enacted in 2008 and reauthorized just last year the bipartisan FISA Amendments Act to update our foreign intelligence laws. The FAA permits the attorney general and the director of national intelligence to target foreign persons reasonably believed to be located outside the United States to acquire foreign intelligence information. The act requires for the first time in U.S. history prior court approval of all government surveillance using these authorities, including court approval of the government’s targeting and minimization procedures.
The PRISM program derives its authority from Section 702 of the FAA. It involves the collection of foreign intelligence information about non-U.S. persons located outside the United States. To the extent the program captures information pertaining to U.S. citizens, such interception can only be incidental and the handling of such information is governed by court-approved minimization procedures.
I look forward to hearing from our witnesses today in greater detail about how the government limits its targeting under 702 to non- U.S. persons outside the U.S. and a description of the oversight performed by the administration and the FISC of this program, including the effectiveness of the current auditing of Section 702.
The terrorist threat is real and ongoing. The Boston bombing reminded us all of that. I’m confident that everyone in this room wishes that tragedy could have been prevented. We cannot prevent terrorist attacks unless we can at first identify and then intercept the terrorist.
However, Congress must ensure that the laws we have enacted are executed in a manner that is consistent with congressional intent and that protects both our national security and our civil liberties. We must ensure that America’s intelligence-gathering system has the trust of the American people.
It’s now my pleasure to recognize the ranking member of the full committee, the gentleman from Michigan, Mr. Conyers, for his opening statement.
REPRESENTATIVE JOHN CONYERS (D-MI): Thank you, Chairman Goodlatte, members of the committee.
We on Judiciary, which is the committee of primary jurisdiction for both of the authorities we are here to discuss today – Section 215 of the Patriot Act and Section 702 of the FISA Amendments Act – over the past decade, the members of this committee have vigorously debated the proper balance between our safety and our constitutional right to privacy. And so I join in welcoming the two panels for each – very fairly made up to this discussion today. I think it’s an important one. But we never at any point during this debate have approved the type of unchecked, sweeping surveillance of United States citizens employed by our government in the name of fighting the war on terrorism.
Section 215 authorizes the government to obtain certain business records only if it can show to the FISA court that the records are relevant to an ongoing national security investigation. Now, what we think we have here is a situation in which if the government cannot provide a clear public explanation for how its program is consistent with the statute, then it must stop collecting this information immediately. And so this metadata problem, to me, has gotten quite far out of hand, even given the seriousness of the problems that surrounded and created its need.
Now, I have another concern that pertains to the administration’s track record of responding to the criticisms of these programs. We know Director Clapper’s misstatements and others’. National Security Agency Director General Keith Alexander had to make retractions. Even FBI Director Robert Mueller is not empowered to rewrite history.
But what we have is our conversation, which requires focusing on improving both more public scrutiny and congressional oversight of these programs. Over the last weeks, the administration has asserted that its conduct of this surveillance with congressional support, because they’ve briefed some members of these programs in the past.
But that is not sufficient since we’re in a Catch-22 situation, in a classified briefing, in a secure setting, and we cannot discuss it publicly, certainly not even with our constituents. But if we skip the briefing, we risk being uninformed and unprepared.
One simple solution to this problem would be to publicly release significant FISA court opinions, or at the very least unclassified summaries of these opinions. This solution would have the added benefit of subjecting the government’s legal claims to much-needed public scrutiny. And over the past decade, the court has developed a body of law that instructs the government about what it may do with the information it collects.
There’s no legitimate reason to keep this legal analysis from public interest any longer. And if we are to strike the right balance with these surveillance authorities, which I think it is an important purpose of the hearing today, then we must bring the public into the conversation as soon as it’s appropriate and without delay.
And I am not talking about releasing any classified information. Instead I’m simply asking our constituents to trust us, as I am asking you and the executive branch to trust them. And the need for more declassification, I think, is very dominant, in my opinion, as to how we should move this today.
And I thank the chair.
REP. GOODLATTE: I thank the ranking member for his comments and would say, in regard – I share his concern about some classified information that does not need to be classified. I also would say that because of the nature of the questions that we would like to ask, some of which cannot be asked or answered here in an open hearing, we will definitely be planning a second hearing on this subject where we can ask those questions in a classified setting to again assure ourselves of the answers that we need.
Before we begin with questions for our witnesses, I want to stress that the – oh, first of all, without objection, all members’ opening statements will be made a part of the record.
Before we begin with questions for our witnesses, I must stress that the programs this hearing is addressing remain classified. I expect the witnesses appearing before us today, particularly on our first panel, to answer questions from members with as much candor as possible, given the unclassified setting.
But I also wish to caution members of the committee that they should be cognizant of this unique dynamic when phrasing their questions. The simple fact that certain programs have been leaked does not mean that they have been declassified. And members and witnesses alike would be violating the law were they to disclose classified information during this hearing.
I would also like to note that the committee intends to hold a subsequent classified briefing for members so that we have an opportunity to more closely examine those programs and pose questions to our witnesses that are not appropriate in this open setting.
We welcome our first panel today. And if you would all please rise, we will begin by swearing in the witnesses.
Do you and each of you swear that the testimony that you are about to give shall be the truth, the whole truth, and nothing but the truth, so help you God?
WITNESSES: (Off mic.)
REP. GOODLATTE: Thank you very much.
Let the record reflect that all the witnesses responded in the affirmative. And we’ll now proceed to introduce our witnesses.
Our first witness is Mr. James Cole, the deputy attorney general of the United States at the Department of Justice. Mr. Cole first joined the agency in 1979 as part of the attorney general’s honors program and served the department for 13 years as a trial lawyer in the Criminal Division. He entered private practice in 1992 and was a partner at Bryan Cave LLP from 1995 to 2010, specializing in white- collar defense.
Mr. Cole has also served as chair of the American Bar Association White-Collar Crime Committee and as chair-elect of the ABA Criminal Justice Section. Mr. Cole received his bachelor’s degree from the University of Colorado and his juris doctor from the University of California at Hastings. We are fortunate to have him and his expertise with us today.
Our second witness is Mr. Robert S. Litt, the second general counsel of the Office of the Director of National Intelligence. Previously Mr. Litt was a partner at Arnold & Porter LLP and served as a member of the advisory committee to the Standing Committee on Law and National Security at the American Bar Association.
From 1994 to 1999, he served as deputy attorney general at the U.S. Department of Justice, where he worked on issues of national security, including FISA applications. He began his legal career as a clerk for Judge Edward Weinfeld of the southern district of New York and Justice Potter Stewart of the United States Supreme Court.
Mr. Litt earned his bachelor’s degree from Harvard University and his law degree from Yale. We welcome his experience and expertise.
The third member of our first witness panel is Mr. John C. Inglis, the deputy director and senior civilian leader of the National Security Agency, acting as the agency’s chief of operations.
Mr. Inglis began his career at NSA as a computer scientist within the National Computer Security Center. Promoted to NSA’s senior executive service in 1997, he subsequently served in a variety of senior leadership assignments and twice served away from NSA headquarters, first as a visiting professor of computer science at the United States Military Academy, and later as the U.S. special liaison to the United Kingdom.
Mr. Inglis is a graduate of the United States Air Force Academy, subsequently completing nine years of active service and 21 years as a member of the Air National Guard. He holds advanced degrees in engineering and computer science from Columbia University, Johns Hopkins University and the George Washington University. And we thank him for joining us and sharing his expertise as well.
And finally on the first panel, Ms. Stephanie Douglas, executive assistant director of the National Security Branch of the Federal Bureau of Investigation.
Ms. Douglas began as a special agent with the FBI in November 1989. She first reported to the Washington field office, where she worked violent crime, public corruption and national security matters.
Before returning to the FBI headquarters in 2007, she served as an FBI detailee to the CIA’s Counterintelligence Center as well as supervisory special agent for a counterintelligence squad at the Washington field office, directing sensitive national security investigations.
Before assuming her current post, Ms. Douglas was special agent in charge of the San Francisco division. Ms. Douglas earned her bachelor’s degree in history at the University of Tennessee. And we are pleased to have her share her expertise with us today as well.
We thank all of you for joining us. And we will turn first to Mr. Cole for his testimony.
GENERAL JAMES COLE: Thank you, Mr. Chairman, Mr. Ranking Member and members of the committee, for inviting us here to speak about the 215 Business Records program and Section 702 of FISA.
With these programs and other intelligence activities, we are constantly seeking to achieve the right balance between the protection of national security and the protection of privacy and civil liberties. We believe these two programs have achieved the right balance.
First of all, both programs are conducted under laws passed by Congress. Neither is a program that has been hidden away or off the books. In fact, all three branches of government play a significant role in the oversight of these programs. The judiciary, through the Foreign Intelligence Surveillance Court, plays a role in authorizing the programs and overseeing compliance. The executive branch conducts extensive internal reviews to ensure compliance. And Congress passes the laws and oversees our implementation of those laws and determines whether or not the current laws should be reauthorized and in what form.
I’d like to explain in more detail how this works with respect to each of the two programs. The 215 program, as many of you have already heard, involves the collection of metadata from telephone calls. These are telephone records maintained by the phone companies. They include the number that was dialed, the date and time of the call, and the length of the call. They do not include names or other personal identifying information. They do not include cell site or other location information. And they do not include the content of any phone calls. These are the kinds of records that under long- standing Supreme Court precedent are not protected by the Fourth Amendment.
The short court order that you have seen published in the newspapers only allows the government to acquire these phone records. It does not allow the government to access or use them. That is covered by another, more detailed court order. That court order provides that the government can only search the data if it has a reasonable, articulable suspicion that the phone number being searched is associated with certain terrorist organizations. Deputy Director Inglis will explain in more detail how this process works. But suffice it to say that there are many restrictions imposed on NSA to ensure that only properly trained analysts may access the data and that they can only access it with reasonable, articulable suspicion as a predicate and when it has been met and documented.
The documentation of the analyst’s justification is important. It exists so that it can be reviewed by supervisors before the search is done and audited afterwards to ensure compliance with the court’s orders.
In the criminal context, the government could obtain these types of records with a grand jury subpoena without going to courts. But here, we go to court every 90 days to seek the court’s authorization to collect the records. As part of the renewal process, we inform the court whether there have been any compliance problems; and if there have been, the court will take a very hard look and make sure we’ve corrected these problems.
As we have explained before, the 11 judges on the FISA court are far from rubber stamps. Instead, they review all of our pleadings thoroughly, the question us, and they don’t sign off until they are satisfied that we have met all statutory and constitutional requirements.
The 702 program is different. Under that program, the government does collect content of communications. Under 702, the government applies to the FISA court for an order allowing it to collect the communication of non-U.S. persons reasonably believed to be overseas. This order lasts for one year. The statute does not allow us to collect communication – or – excuse me – does allow us to collect communications even if the person on the other end of that phone call or email is in the United States or a U.S. person, but only if that is the result of a non-U.S. person outside the United States having the – having initiated the call.
Importantly, the statute explicitly prohibits us from what is known as reverse targeting. We can’t use Section 207 indirectly to obtain the communications of U.S. persons anywhere or any persons located in the United States by targeting a non-U.S. person overseas. Moreover, all U.S. person information collected is subject to what we call minimization. These rules are designed to restrict the dissemination, the use and the retention of the information about U.S. persons collected. These rules are reviewed and approved by the court every year to ensure that we are handling U.S. person information in a manner consistent with the statute and the Fourth Amendment.
Both programs involve significant oversight by all three branches of government. The FISA court reviews and approves the certifications and the government’s targeting and minimization rules, and it oversees the government’s compliance with these rules, the statute and the Fourth Amendment. Within the executive branch, multiple parts of the government – NSA, its inspector general, the Office of the Director of National Intelligence and the Department of Justice – conduct robust compliance reviews and provide extensive reports on implementation and compliance to the FISA court and to the Intelligence and Judiciary Committees. And Congress conducts oversight, decides whether to reauthorize the 702 authority, as it did in 2012, and as a did with 215 authority in 2011.
We take very seriously our responsibility to the American people to implement these programs in a manner that complies with all laws and the Constitution and strikes the right balance between protecting their safety and their privacy.
I know others on the panel have brief statements to make, and then we are all ready to answer any questions you may have.
Thank you.
REP. GOODLATTE: Thank you, Mr. Cole.
Mr. Litt, welcome.
ROBERT LITT: Thank you, Mr. Chairman, Mr. Ranking Member. We appreciate your having this hearing. We think it’s very important to correct some of the misimpressions that have been created about these activities, which, as the deputy attorney general explained, are entirely lawful and appropriate for protecting the nation. In the – in my opening statement, I’d like to make three related points about the Foreign Intelligence Surveillance Court.
The first is that the activity that this court regulates, which is the acquisition of foreign intelligence for national security purposes, was historically outside of all judicial supervision. In fact, courts have held that the Fourth Amendment does not require a warrant at all for the conduct of surveillance for foreign intelligence purposes. FISA was passed in 1978 and at that time established for the first time a requirement that we get a judicial order in order to conduct certain kinds of foreign intelligence or counterintelligence activities within the United States.
But at the time FISA was passed, it was clear that the Congress did not intend that FISA would cover electronic surveillance directed at non-U.S. persons outside of the United States for foreign intelligence purposes. And as you noted in your opening statement, because of technological changes in the way international communications are carried, over time, more and more surveillance – that is to say, foreign intelligence surveillance directed at non-U.S. persons outside of the United States – more and more of that began to fall within the technical definitions that required FISA court approval, even though that was not what Congress had intended.
So in the FISA Amendments Act, Congress set up the procedure of Section 702, which the deputy attorney general described, to provide a degree of judicial supervision over some kinds of foreign intelligence surveillance of foreigners outside the United States.
Properly viewed then, Section 702 is not a derogation of the authority of the FISA court but an extension of the court’s authority over a type of surveillance that Congress originally had not intended would be subject to the court at all. The extent to which this nation involves the courts in foreign intelligence surveillance goes well beyond what is required by the Fourth Amendment and, I think, beyond what other countries require of their intelligence services.
The second point I want to make is to – is to forcefully rebut the notion that some have advanced that the FISA court is a rubber stamp. It is true that the court approves the vast majority of applications that the government presents to it. But that does not reflect any independence or lack of care on the part of the court. Quite the contrary, the judges of the court and their full-time professional staff review each application carefully, ask questions and can request changes or limitations. And an application is not signed unless and until the judge is satisfied that the application complies with the statute and the Fourth Amendment. And these are some of the best and most experienced federal judges in the country, and they take seriously their twin obligations to protect national security and to protect individual rights.
Finally, we agree with the ranking member that we should – and the chairman – that we should strive for the maximum possible transparency about the activities of the court, consistent with the need to protect sensitive sources and methods. We have been working for some time to declassify the court’s opinions to the extent possible.
But legal discussions and court opinions don’t take place in a vacuum. They derive from the facts of the particular – of the particular case. And I want to quote here from Judge Walton, who is now chief judge of the FISA court, who said in a letter to the foreign – to the Senate Intelligence Committee, quote, “Most FISC opinions rest heavily on the facts presented in the particular matter before the court. Thus in most cases, the facts and legal analysis are so inextricably intertwined that excising the classified information from the FISC analysis would result in a remnant void of much or any useful meaning,” close quote.
That’s an excellent and pithy summary of the challenge we face in trying to declassify these opinions. Of course, as you know, we do provide copies of all significant opinions of the FISC to the Judiciary and the Intelligence Committees of both houses. And I can tell you that in light of the recent disclosures, we are redoubling our efforts to try to provide meaningful public insight into the rulings of the FISA court, again, to the extent we can do that consistent with the need to protect our intelligence activity.
With that, Mr. Chairman, I’m glad to answer any questions you have. Thank you.
REP. GOODLATTE: Thank you, Mr. Litt.
Mr. Inglis, welcome.
JOHN INGLIS: Good morning, sir.
Mr. Chairman, Mr. Ranking Member, members of the committee, thank you for the opportunity to join with my colleagues here today from the executive branch to brief and discuss with the committee issues that you’ve identified in your opening remarks. I’m privileged today to represent the work of thousands of NSA, intelligence community and law enforcement personnel who employ the authorities provided by the combined efforts of the Congress, federal courts and the executive branch.
For its part, NSA is necessarily focused on the generation of foreign intelligence, but we’ve worked hard and long with counterparts across the U.S. government and our allies to ensure that we discover and connect the dots, exercising only those authorities explicitly granted to us and taking care at once to ensure the protection of civil liberties and privacy.
In my opening remarks, I would like to briefly review the two NSA programs leaked to the media a little more than a month ago, their purpose and the controls imposed on their use – the so-called 215 program authorizing the collection of telephone metadata, and the so- called PRISM program authorized under Section 702 of the Foreign Intelligence Surveillance Act amendment.
Let me first say that these programs are distinguished but complementary tools, with distinct purposes and oversight mechanisms. Neither of the programs was intended to stand alone, delivering singular results that tells the whole story about a particular threat to our nation or its allies. Useful intelligence, the kind decision- makers should use as the foundation of thoughtful action, is usually the product of many leads, some of which focus and sharpen the collection of additional data, some of which help connect and make sense of that data, and the sum of which is intended to yield the decisive and actionable conclusions that enable timely and precise employment of traditional instruments of national power, such as law enforcement and diplomacy.
The first program, which we undertake under Section 215 of the Patriot Act, as you heard described earlier today, authorizes the collection of telephone metadata only. It does not allow the government to listen to anyone’s phone calls. The program was specifically developed to allow the U.S. government to detect communications between terrorists who are operating outside the United States and who are communicating with potential operatives inside the United States – a gap highlighted by the attacks of nine-one-one. In a phrase, this program is designed and solely focused on the seam between foreign terrorist organizations and the U.S. homeland.
However useful the data might be – that is acquired under this program – for other purposes, its use for any other purpose is prohibited. The metadata acquired and stored under this program may be queried only when there is a reasonable, articulable suspicion – one that you can describe and write down – based on specific facts that a selector, which is typically a phone number, is associated with a specific foreign terrorist organization.
During 2012, we only initiated searches for information in this data set using fewer than 300 unique identifiers. The information returned from these searches only included phone numbers, not the content, the identity or location of the called or calling party. Under rules approved by the court, only 22 people at NSA are allowed to approve the selectors used to initiate the search in this database. All queries are audited. Only seven positions at NSA, a total of 11 people, are authorized to release the query results believed to be associated with persons in the United States. Reports are filed with the court every 30 days that specify the number of selectors that have been approved and the disseminations made to the FBI of reports that contain numbers believed to be in the U.S.
The Department of Justice conducts on-site review of the program every 90 days. The executive branch, the Department of Justice, reports to the court and the Congress on renewal orders every 90 days, with an update on types of records sought, received or denied on an annual basis.
The second program which we operate under Section 702 of the FISA, the Foreign Intelligence Surveillance Act, authorizes the collection of communications for the purpose of foreign intelligence with the compelled assistance of an electronic communications service providers, sometimes called telecommunications providers. Under this authority, NSA can collect communications for foreign intelligence purposes only when the person who is the target of our collection is a foreigner who is at that moment outside the United States.
As you heard earlier, we cannot use this authority to intentionally target any U.S. citizen or other U.S. person, any person known to be in the United States, a person outside the United States if our purpose in targeting that person is to acquire information from a person inside the United States. This program has been key to our counterterrorism efforts. More than 90 percent of information to support the 50 disruptions that you’ll hear my colleague from the FBI briefly describe, came from Section 702 authorities.
A bit more about the oversight. The oversight on these programs operates under controls both internal and external to NSA, including actions taken by the Department of Justice, the Office of the Director of National Intelligence. There are regular on-site inspections and audits. There are semi-annual reports provided to the Congress and the Foreign Intelligence Surveillance Court. The men and women at NSA are not simply committed to compliance with the law and the protection of – protections of privacy and civil liberties, but they are actively trained and must be held accountable to standards for that performance. This is also true of contractors. The actions of one contractor should not tarnish all contractors, because they also do great work for our nation.
In concluding, I would note that our primary responsibility at the National Security Agency – not alone, but across the federal government – is to defend the nation. These programs are core parts of those efforts. We use them to protect the lives of Americans and our allies and partners worldwide. Over 100 nations are capable of collecting signals intelligence or operating a lawful intercept capability like the one you’re hearing described today. I think our nation’s amongst the very best in protecting privacy and civil liberties.
We look forward to the discussions that you’ve encouraged today, but I also appreciate that this discussion takes place at an unclassified level. I especially appreciate that the committee chairman and the committee have allowed for the possibility that we might have classified discussions in an appropriate setting, because the leaks that have taken place of classified information have constituted an irresponsible and real damage to the capabilities that we will describe today.
Finally, whatever choices are made by this nation on the matter before us, in consultation and collaboration across the three branches of government, I assure you that NSA will faithfully implement those choices in both spirit and mechanism. To do otherwise would be to fail to take the only oath that we take, to support and defend the whole of the U.S. Constitution – that includes the protection both of national security and civil liberties.
And sir, I look forward to your questions.
REP. GOODLATTE: Thank you, Mr. Inglis.
Ms. Douglas, welcome.
STEPHANIE DOUGLAS: Thank you, and good morning, Chairman Goodlatte, Ranking Member Conyers and members of the committee, and thank you for an opportunity to be here today.
As you know, NSA and FBI enjoy a unique relationship, one which has been invaluable since the events of 9/11. The authorized tools available under the Business Records 215 in FISA 702 complement many of the other investigative tools we apply toward national security cases. Together with human sources, physical surveillance and other logical investigation, 215 and 702 play a role in providing us a more full understanding of our risks and gives us an opportunity to proactively address national security threats.
I’d like to give you just a few examples of where these tools have played a significant role specifically in counterterrorism investigations. And the first case I want to note is one that is very familiar to this committee, and that’s of Najibullah Zazi.
In early September 2009, NSA, using their authorities under 702, intercepted a communication between an al-Qaida courier located in Pakistan and an unknown U.S. person – U.S.-based person. This U.S.- based person was inquiring about efforts to procure and use explosive materials, and there was some urgency in his communication. NSA advised the FBI as to this communication, as it represented a potential imminent threat to the homeland.
Based on the nature of the threat information, the FBI initiated a full investigation and submitted a national security letter to identify the subscriber. The subscriber came back to an individual named Najibullah Zazi and located in Denver, Colorado. Additionally, NSA ran a phone number identifiable with Mr. Zazi against the information captured under 215. NSA queried the phone number and identified other Zazi associates. One of those numbers came back to Adis Medunjanin, an Islamic extremist located in Queens, New York.
The FBI was already aware of Mr. Medunjanin, but information derived from 215 assisted in defining his – Zazi’s network and provided corroborating information relative to Medunjanin’s connection to Zazi. Just a few weeks after the initial tip by NSA, both Zazi and Medunjanin were arrested with – along with another co-conspirator. They were charged with terrorist acts and a plot to blow up the New York City subway system.
As you already know, the Zazi case was the most serious threat to the homeland since 9/11. The importance of the Zazi case is that it was initiated on information provided by NSA which they acquired under 702 – their coverage of an al-Qaida operative overseas. Without this tip, we can only speculate as to what may have happened.
This was a fast-paced investigation, and one in which time was of the essence. The combined tools of 702 and 215 enabled us to not only begin the investigation, but to better understand the possible network involved in an active plot to the homeland.
I’d like to also represent one case to you, specific to the Business Record 215 authority. In 2003, the FBI initiated a case on an individual identified as Visaly Mullahlin (sp). It was based on anonymous tips that he was somehow connected to terrorism.
In 2004 the case was closed without sufficient information to move forward on the investigation. However, three years later in October 2007, NSA provided a phone number to the FBI with an area code which came back to an area consistent with San Diego. NSA found this phone number was in contact with an al-Qaida East African affiliated person.
Once provided to the FBI, we initiated an investigation, submitted a national security letter for the subscriber of the phone number and determined that it was Mr. Mullahlin (sp), the subject of the previously closed case. Subsequent investigation led to the identification of others, and to date Mullahlin (sp) and three others have been convicted of material support for terrorism.
The relevance of this case to 215 is that if that information had not been tipped to the FBI, it is unknown if we would have ever looked at Mr. Mullahlin (sp) again.
As you know, there are many other instances of the use of these authorities and their application to counterterrorism investigations.
Thank you, and I am happy to answer your questions.
REP. GOODLATTE: Thank you, Ms. Douglas.
And I’ll begin the questioning.
With regard to the point raised by the ranking member with regard to declassification, I just want to say that with regard to the Section 702 surveillance of non-citizens of the United States outside the United States, I think there would be few Americans who would be surprised that our government engages in intelligence gathering with regard to those individuals. And they would know it even more clearly by looking at the statutes and the amendments to the statutes that have been passed over the years that this type of activity is clearly authorized in the law.
With regard to 215, there’s some controversy about whether this particular program is authorized under the law, and you’ll hear more about that shortly, and I’ll have a question myself.
But my first question to you is why would it not have made sense – given the magnitude of this program, I’m frankly surprised it has remained secret until recently, for the several years that it has. Why not simply have told the American people that we’re engaging in this type of activity in terms of gathering the information? It doesn’t give away any national security secrets in terms of the particular information gathered that might lead to successes like the one just described by Ms. Douglas, but it might have engendered greater confidence in the public with regard to understanding how the program works and public support for it.
Mr. Cole, Mr. Litt, would you care to answer that?
And so the judgment was made a number of years ago when this program was started that it should be kept classified. It was not, of course, withheld from the oversight committees in Congress, and as others have noted, it was – briefings on it were offered to all members of Congress before it was reauthorized.
But the decision was made that this is the sort of sensitive source and methods that we don’t want to disclose.
REP. GOODLATTE: Do you think a program of this magnitude, gathering information involving a large number of people involved with telephone companies and so on could be indefinitely kept secret from the American people?
REP. GOODLATTE: I understand that. (Laughter.)
So, let me ask a follow-up question to you and Mr. Cole, and that would be, how exactly does Section 215’s wording authorize the government to operate a program for the collection of metadata? Can you walk the committee through the government’s interpretation of the statute that lends itself to arguing that you can do metadata collection?
GEN. COLE: Certainly, Mr. Chairman.
I think you have to start with the fact that when you look at 215 and the orders that the court issues under 215, there’s two of them. You can’t look at them separately. You have to look at how they interact and operate together, and I think that’s very, very important in understanding how this is relevant to an investigation concerning these terrorist organizations.
You can’t just wander through all of these records. There are very strict limitations on how you can access or how you can use these under what’s called the primary order. You have to have reasonable, articulable suspicion that a specific phone number, which they call a selector, is involved with one of these specified terrorist organizations. And then and only then, after you have documented that reasonable, articulable suspicion, can you query this database to find out what other phone numbers that specific terrorist-related phone number has been in contact with.
REP. GOODLATTE: Let me follow up on that question, because how is the collection of all of a telephone company’s telephone metadata relative to a foreign intelligence or international terrorism investigation – an investigation?
GEN. COLE: It is only relevant to the extent that you need all of that information in order to do the query of the reasonably articulated suspicion.
REP. GOODLATTE: Well, certainly the acquisition of the type of information collected under this program is relevant to an investigation of an individual or group suspected of terrorism, but how do you and how does the FISC rationalize the collection of all of the data as being relevant to an investigation?
GEN. COLE: There’s two main reasons. One is the length of time that these records are kept by the phone companies varies, and they may not keep them as long as we keep them under this program. The court allows us to keep them for a five-year period. The phone companies don’t necessarily do that. The periods vary, and some can be as short as 15 or 18 months.
REP. GOODLATTE: Mr. Inglis, with regard to Section 702, what happens if you incidentally collect information from a U.S. person? Can you explain how the minimization procedures apply to that, and what do you mean by minimization?
If the communication is pertinent to foreign intelligence then we must take further action to essentially protect the identity of that U.S. person unless knowledge of that identity is important, pursuant to the foreign intelligence purpose.
We would therefore suppress the identity of that U.S. person in any report that we would make that focused on the target of our interest, and we would take action if that communication was not of foreign intelligence relevance to essentially destroy that communication in place.
REP. GOODLATTE: How long do you retain information collected under 702? And is – you may have just answered it, but is incidentally collected information about U.S. persons retained as well?
REP. GOODLATTE: And other information – how long is that retained?
REP. GOODLATTE: Thank you. My time is expired.
The chair recognizes the gentleman from Michigan, the ranking member, Mr. Conyers, for five minutes.
REPRESENTATIVE JOHN CONYERS (D-MI): Thank you, Chairman Goodlatte.
There is a couple of questions here that haven’t come up, and I’d like to direct them to Attorney Douglas. If only relevant conversations can be secured under Section 215 of the Patriot Act, then why on earth would we find now that we are collecting the names of everybody in the United States of America who made any calls for the last six years or more?
REP. CONYERS: Well, how do you consider that to be relevant to anything, you know, if there is just collecting only the names? I mean, look, if this is an innocent pastime that we just do to keep busy or for some other reason, why on Earth would we be collecting just the names – just the numbers of everybody in the United States of America for at least six years?
REP. CONYERS: Well, here, we’re faced with the fundamental problem in this hearing. We’re not questioning access. We’re talking about the collection in the first instance. In the first instance, when you collect the phone numbers of everybody in the United States for over six years, there wasn’t anything relevant in those conversations. Now, you have them and what I’ve been getting out of this is that they may – this access may become valuable, Mr. Ranking Member. And so, that’s why we do it this way.
But I maintain that the Fourth Amendment to be free from unreasonable search and seizure means that this metadata collected in such a superaggregated fashion can amount to a Fourth Amendment violation before you do anything else. You’ve already violated the law as far as I am concerned.
And that is, in my view, the problem. And of course to help further document the first question that the chairman of this committee asked is why didn’t we just tell everybody about it, is because the American people would be totally outraged as they are getting now as they become familiar with this, that every phone number that they’ve ever called is already a matter of record.
And we skip over whether the collection was a Fourth Amendment violation. We just say that the access proved in one case or two that it was very important. And that’s why we did it this way. I see this as a complete failure to take in – you know, we changed the Patriot Act to add relevancy as a standard because of this very same problem that has now been revealed to be existing.
And so, I feel very uncomfortable about using aggregated metadata on hundreds of millions of Americans, everybody including every member of Congress and every citizen who has a phone in the United States.
(Audio break.)
REP. COBLE: (In progress) – Patriot Act.
GEN. COLE: In particular, Mr. Coble, they do not apply to the metadata records. There is a case, Smith versus Maryland, where the Supreme Court ruled that these kinds of cases – there is no reasonable expectation of privacy, so there’s no Fourth Amendment protection.
REP. COBLE: Let me follow up with another question. So does a person then have a reasonable expectation of privacy in third-party business records?
GEN. COLE: That’s for – people generally do not, when they’re in third-party hands, because other people already have them. So the expectation of privacy has been severely undermined.
REP. COBLE: Is it true that a 215 order provides greater privacy protection than does a grand jury or administrative procedure or administrative subpoena, which can be used to obtain the same types of business records in a criminal investigation without prior court approval?
GEN. COLE: Yes, it does. There are a number of provisions in 215 that provide much greater protection than a grand jury process would. First you have to go to a court. The court has to specifically review the program and the description of the relevance of these records, how they will be accessed, how they will be overseen, how there will be auditing, how there will be reporting on it, how there will be compliance with all of the rules of the court. None of that takes place in a grand jury context.
REP. COBLE: Mr. Cole, if the Fourth Amendment applies to foreign countries, do other American protections under the Bill of Rights apply, such as the Second Amendment or the due process clause?
GEN. COLE: Not necessarily, sir. The Fourth Amendment applies to U.S. persons who are outside of the United States, but it generally does not apply to non-U.S. persons who are outside of the United States.
REP. COBLE: Mr. Cole, for the benefit of the uninformed – and sometimes I feel I’m in that category – describe for the committee the makeup of the FISA court – who sits on it, where it resides, and how it operates.
GEN. COLE: The FISA court is made up of judges, Article III judges, who have been nominated by the president. They cover any number of different administrations. They have been confirmed by the United States Senate for a life appointment. They have their regular duties as district court judges. They are appointed by the chief justice of the United States to serve a term on the FISA court. There are 11 of them at any given time when you have a full complement. Each of them serves for a week at a time. They do not take care of their other court duties back in their home districts. They come and serve on the FISA court for that week, handling the applications.
There is a staff there as well that helps them and goes through it and is their clerks and some of their legal research assistants in this matter. And of these last for, I believe, a term of seven years that each judge can sit on the court.
REP. COBLE: And I believe you, Mr. Cole, or one of the members of the panel may have indicated this, that to some extent there is confusion as to the number of denials that has been criticized – leveled at the court, indicating very few denials. But I think you addressed that – well, one of you addressed that earlier. Is there something you want to add to that?
GEN. COLE: Yes. The level of denials is very similar to the same level of denials – which is small – for normal Title III in a criminal context – wiretap applications that are made to judges in regular courts. These are also done in chambers and with one party. And the reason that the number is so low, first of all, is under the FISA, you have to have either the attorney general or myself or the assistant attorney general for the national security division sign off on the application. It’s very high-ranking officials in the department. So those applications are done very carefully in the first place.
Number two, the court, if they’re not satisfied with an application that comes in, will tell us. And they’ll say: You need more information; you need more restrictions; you need more requirements. So we will respond to that. And unless we satisfy them on all of their requirements, they will not sign them. But more often than not, we can go back and find the additional information that they will need.
So there is something of an iterative process, but it’s not unlike what goes on with a normal court every day in the Title III or the wiretap process.
REP. COBLE: Thank you, Mr. Cole.
Mr. Chairman, I see my amber light on. I’d like to make one final statement. And this may not be the day for it. But, Mr. Chairman, at some point I’d like to know the cost that has been expended in implementing this matter. If you would concur with that, I will pursue that at a later date. Thank you.
REP. GOODLATTE: I do concur with that. That’s a very important piece of information to have, but I believe that is classified and would entail the subsequent hearing that I anticipate we will have in a classified setting, where we get answers to questions like that.
REP. COBLE: Thank you, Mr. Chairman. And good to have you all with us.
I yield back, Mr. Chairman.
REP. GOODLATTE: The chair thanks the gentleman and recognizes the gentleman from Virginia, Mr. Scott, for five minutes.
REPRESENTATIVE BOBBY SCOTT (D-VA): Thank you.
Mr. Cole, did I understand you to say that you do not have an expectation of privacy on your phone records?
GEN. COLE: The Supreme Court ruled in Smith v. Maryland that you do not have a sufficient expectation of privacy in the phone records, as we’ve talked about it. The two from –
REP. SCOTT: OK. That’s fine.
Ms. Douglas, you indicated that you do not – you just get the numbers, not the names. Is there – if the numbers are relevant under whatever standard you’re using, why are not the names equally relevant?
REP. SCOTT: Well, I mean, where is the limitation? If you can get the numbers, why can’t you get the names?
REP. SCOTT: No, I mean – I mean, you – why don’t you get it all at once? Where’s the – where’s the statutory limitation?
REP. SCOTT: Wait – all right, where is the –
REP. SCOTT: Where is the statutory limitation –
REP. SCOTT: OK, OK. You have – you have – you have made up – that’s because you have made up the program. I asked you a specific question: Where – if this is available, where is the statutory limitation to which you can get? There is no statutory limitation. You’re kind of making it up as you go along.
REP. SCOTT: OK, what –
REP. SCOTT: OK. Once you get the information, we know through the – at least in the case on DNA, once you get DNA from somebody, you can use it in ways that you could not have obtained information, but once you’ve got it, you can run it through, no probable cause or anything, through the – through the database. My question is, once you get this metadata, where is the limitation on what you can use it for?
REP. SCOTT: Where is the statutory limitation?
REP. SCOTT: Well, is there a limit in criminal investigations or an exception for criminal investigations without probable cause?
REP. SCOTT: Once you’ve got the metadata, can you run a criminal investigation without probable cause?
REP. SCOTT: And –
REP. SCOTT: Wait a minute. Well – wait, no, no – you’re talking about minimization?
REP. SCOTT: Well, what – how does the court get – why is the court required to place that limitation on it?
REP. SCOTT: Is there an – is there an exception under minimization for criminal investigations?
REP. SCOTT: Section G, minimization procedure, 2C says that, notwithstanding subparagraphs A and B, procedures that allow for the retention and dissemination of information that is evidence of a crime which has been, is being, or about to be committed and that is to be retained or disseminated for law enforcement purposes are exempted from the minimization requirements.
REP. SCOTT: Well, is that – does that – is that –
REP. SCOTT: OK. OK. And so the minimization exception for criminal investigations doesn’t apply? If you trip over some criminal – some crimes where – are they –
REP. SCOTT: Well – OK, well, then that’s not what – that’s not what the code section says, but if that’s what you want, maybe we need to change it. Does exclusionary rule apply? If you trip over some crimes and try to use it, does it – and including the principle of the poisoned tree, evidence of a poison tree – does that apply? Do those exclusions apply to stuff you may trip over that you’ve gotten through this?
REP. SCOTT: Well, you have – Mr. Chairman, I apologize, but the limitation – the minimization exception for criminal investigation – and when I asked the attorney general, Gonzales, about what you could use these – this information for, he specifically indicated criminal – and it’s G2C (ph) under minimization requirements procedures – he specifically said you can run a criminal investigation without the necessity – apply it without the necessity for probable cause that you usually need to do to get information.
Thank you, Mr. Chairman.
REP. GOODLATTE: The chair thanks the gentleman, recognizes the gentleman from Alabama, Mr. Bachus, for five minutes.
REPRESENTATIVE SPENCER BACHUS (R-AL): Thank you.
Let me start by saying I’m satisfied at least from what limited knowledge I have that the motivation behind this was legitimate and necessary for our national security to start this process. You know, establishment of a core and that from your testimony you’ve not – apparently not abused individual rights or – and you have been an effective tool for terrorism. You know, but my concern is this could evolve into something that is quite different.
The Star Chamber, I mean, in England started out as a very good – and was very popular with the people. It allowed people to get justice that otherwise would not. But it evolved over time into a powerful weapon for political retribution by the king. And my question is – in fact, I was reading the Supreme Court.
It said it symbolized the disregard of basic individual rights and they talk about actually the right against self-incrimination was a direct result of what happened in England when this court evolved into something quite different from what it was intended to do. So my first question to all of you is how do we – how do we keep this from evolving into a weapon, an unchecked weapon by the government to violate people’s constitutional rights. And I’m more concerned about Americans’ rights, not terrorists’ rights.
It’s done through statutes that are passed by this body where we report back to his body and tell you what we have done with it and how it works and let you know what problems we’ve had and how we’ve fixed them. And it is also done with a lot of oversight within the executive branch, with inspectors general and a number of different executive branch agencies that audit and oversee exactly how it’s done and make sure it’s done right. I think that’s how.
REP. BACHUS: Anyone else? You know, when I learned about this, I was not aware of it at all. And I think the original response was that 14 members of Congress knew something about this. Was that – were those reports erroneous?
REP. BACHUS: How about the Judiciary Committee?
REP. BACHUS: All right.
REP. BACHUS: Do you have any objection to the court opinions and periodic reports being made available to all members of Congress?
REP. BACHUS: Sure, and I think that’s my – what my response would be. I want to think about it.
REP. GOODLATTE: The time of the gentleman has expired.
REP. BACHUS: Thank you.
REP. GOODLATTE: The gentlewoman from California, Ms. Lofgren, is recognized for five minutes.
REPRESENTATIVE ZOE LOFGREN (D-CA): Well, thank you, Mr. Chairman. And thanks to our witness. I was thinking back to September 11th, one of the worst days I’ve ever spent in the Congress and remembering that that weekend after the attack that members of the White House, the intelligence community, members of this committee and our staff sat right at that table and sat around that table and worked together to craft the Patriot Act.
And it’s worth remembering that that original act was passed unanimously by the House Judiciary Committee. And it had the balance that we thought was important to protect the country but also looking forward to protect the rights of Americans under the Constitution. And I share the concern expressed by Mr. Sensenbrenner that things have gone off in a different direction from that day. Now, I, as Mr. – as my colleague has indicated from Alabama, I don’t question your motivation which is to keep America safe.
I mean, I know that that’s what you’re trying to do and certainly we all want that. But the concern is that the statute that we crafted so carefully may not be being adhered to as envisioned by us and as reported to us. And I just want to say this. I mean, yes, we have a system where there are checks and balances. But part of that is that the legislative branch needs to have understanding of what the executive branch and the judicial branch is doing. And we can’t do that without information. It’s been discussed that we get these ample reports. And I just want to – I just recently reviewed the annual report on Section 215. Is it true, Mr. Cole, that the – or isn’t it true that the annual 215 report to the committee is less than a single page and not more than eight sentences?
GEN. COLE: I think that the 215 annual reports are quite a bit less than the 702 annual reports.
REP. LOFGREN: I just asked a question. Is that about the size, to your recollection?
GEN. COLE: I’d have to go back and take a look to answer that completely.
REP. LOFGREN: All right. Is it true that the report of the number of applications really gives the committee information as to the amount of records and the number of entities impacted?
GEN. COLE: I’m sorry?
REP. LOFGREN: The number of applications, is there a direct correlation between the number of entities impacted by those applications or the number of records?
GEN. COLE: Well, the number of entities impacted will depend on how many phone numbers have been called by the –
REP. LOFGREN: Right. So you could report the number of applications but it would have no relationship to the amount of records actually acquired.
GEN. COLE: It would not necessarily, no. But you can –
REP. LOFGREN: Thank you very much. I just – looking at this letter that was sent to Mr. Sensenbrenner, and I thank him for sending it out. And by the way, he and I have sent a letter to Attorney General Holder and to Director Clapper asking that U.S. companies be authorized to publish information regarding the government request for user data under FISA. I think it’s terribly unfair that these companies that are being discussed around the world have no capacity legally to say what has been asked of them.
So I know the letter was just sent. I would ask that you respond to that as promptly as possible just out of basic fairness to the companies involved. But going back to the letter, it seems to me that if you take a look at page two of the letter, it’s the second paragraph. It indicates that NSA has reported in the last calendar year fewer than 300 unique identifiers. This means that only a very small fraction of the records is ever reviewed by any person and is actually relevant to the records.
Per se, that sentence indicates that getting all the data is clearly not relevant to a specific inquiry. And then if you go onto the next page – and this really gets to my question, and you’ve referred to it in the testimony as well – the consistency allegedly with the Constitution.
Now, it’s true that the Constitution in the Smith case indicated that there’s no expectation of – reasonable expectation of privacy with information held by a third party. Is it your position that the Constitution – that constitutional provision trumps a statute? Can the Congress say the Constitution would allow you to capture every phone record, every photograph taken of an American at an ATM machine, because that’s in plain sight, and that that constitutional provision would trump the ability of Congress to say no, we’re going to authorize less?
GEN. COLE: No, as long as whatever Congress does is consistent with or within the bounds of –
REP. LOFGREN: So Congress can –
GEN. COLE: – the constitutional provisions, they can do that, certainly.
REP. LOFGREN: Can do that. I would just like to say that, you know, as to the FISA court – and I’m sure that the judges take their obligation as seriously as you do – but the whole system of our justice system is set up in an adversarial way. And when you have only one party there – you don’t have a counterparty making a case before the court. The expectation that our system will work well, as it does in other environments, I think, is misplaced.
I share with Mr. Sensenbrenner the belief that this will not be able to be sustained. I look forward, Mr. Chairman, to our classified briefing. But I think that, very clearly, this program has gone off the tracks legally and needs to be reined in. And I thank the chairman for yielding to me.
REP. GOODLATTE: The chair thanks the gentlewoman and recognizes the gentleman from Virginia, Mr. Forbes, for five minutes.
REPRESENTATIVE RANDY FORBES (R-VA): Thank you, Mr. Chairman.
And ladies and gentlemen, thank you for being here today.
I don’t want to scream at you or yell at you, but, you know, we’ve got a lot of people across the country that would like to do that. And the reason this room is packed so much today and people were waiting in long lines is not just about this program. They kind of feel their country is shifting. And they feel, rightly or wrongly, that this administration has adopted the philosophy that somehow the end justifies the means.
They feel like, more than any administration in history, this is an administration that’s used taxpayer resources to advocate their political agenda. They feel like, more than any administration in history, this is an administration that has decided which laws they want to obey, which ones they want to ignore, and which ones they want to just rewrite.
They feel like, more than any nation in history, this is an administration that’s used enormous power of government agents to oppress and harass U.S. citizens, like they’ve seen with the IRS. And now they see this administration using this unprecedented amount of data collection, first in their campaign and then in government, on amounts of data to use for the aforementioned goals.
And they don’t know – every time they see a Benghazi, they don’t know how many more boards they’re going to pull up, and there’s one that they don’t know about, or IRS programs that they pull up and they don’t know another one that they might see, and that there are other data programs that they don’t know about.
And this is something that I just don’t think we realize enough, because over and over again we hear the administration coming over here and saying this to us. They say, well, this isn’t illegal, and you need to change the law. And we need to emphasize, part of this committee, is just because something is not illegal, it doesn’t mean that it’s not wrong.
And when we look at something – you’ve got a difficulty because you can’t even really come in here and explain what this program does. You can’t tell us how many people are involved with it. You can’t tell us the cost. You can’t tell us what the court is saying.
But this is my question for you. There has to be an enormously large number of individuals administering this program. Can you tell us if any of those individuals have abused the power that they have within this program that has not been disclosed to the Congress or the American people? One, because it would be hard for us to believe that there hasn’t been some abuses.
Number two, what is your process for collecting that information to make sure those abuses don’t take place? And how do you distribute that information?
And three, has anybody ever been disciplined for abusing that information? And any of you who have that information, I would love for you to offer it to us.
GEN. COLE: Let me, if I can, Mr. Forbes, start by answering the questions that you’ve put.
First of all, I think it’s important to note that this program has been going on across a number of administrations, and it’s not unique, by any means, to this administration. It’s been for prior administrations too.
It is also done pursuant to court authorization and pursuant to statute. And so it is done not as some rogue matter but as some matter that, in fact, has been authorized by law, authorized by the courts, and carefully scrutinized.
And that gets to the main part of the question that you’ve asked, which is we know of no one – and I can let Mr. Inglis expand on this – who has ever intentionally or in any kind of wrongful way abused this. There may have been technical problems that have happened here and there, but there has been nobody who has abused this in a way that would be worthy of or cause discipline.
This program goes under careful audit. Everything that is done under it is documented and were viewed before the decision is made and reviewed again after these decisions are made, to make sure that nobody has done the things that you’re concerned about happening.
And those are valid concerns, and we take them into account by having these audit procedures and having the reporting that we do and the consultation, both with the court and with Congress, to make sure that those things don’t happen.
We have not, to my knowledge, disciplined anybody for this, because our controls made sure this doesn’t happen. But we do look for it, and we look for it hard, and we haven’t found it.
How would those be identified? In much the same way that Mr. Cole talked about, that there are a number of processes that review the formation of the selectors, the results generated by those selectors, not just at NSA, but between NSA and the Department of Justice and the court. And there are any number of opportunities then to turn up a misappropriation of the resources dedicated to this program for some other purpose. And would those persons who abuse this program then be disciplined? Of course they should be.
REP. FORBES: And my time has expired. And I don’t mean to cut you off, but I’d love to have your responses for the record. But when you guys tell me nobody’s abused it, I thought Mr. Snowden abused it pretty badly. And, you know, I can’t imagine if we have somebody like that doing it that we don’t have at least that capacity. But I’d love to have your responses for the record, because I don’t want to abuse other people’s time.
And Mr. Chairman, I yield back my time.
REP. GOODLATTE: Mr. Inglis, if you’d care to respond to the chairman from Virginia’s comment about Mr. Snowden, we’d be happy to have that.
REP. FORBES: But in all due respect – and I said I wasn’t going to yell at you, and I’m going to try not to – but that’s exactly what the American people are really worried about, that somebody’s getting their data and using it to disclose it in some other situation. And for the life of me, I don’t understand how you guys parse that issue that’s there.
So Mr. Chairman, that’s what’s infuriating the American people. They’re not – they’re understanding that if you collect this amount of data, people can get access to it and use it in ways that can harm them, not just the United States of America. And that’s what’s concerning them, I think, in a lot of areas.
So Mr. Chairman, I hope we get a more elaborate response maybe for the record.
REP. GOODLATTE: The chair thanks the gentleman and recognizes the gentlewoman from Texas, Ms. Jackson Lee, for five minutes.
REPRESENTATIVE SHEILA JACKSON LEE (D-TX): Let me thank you very much.
And I thank it’s very important to make sure that, as those of us who represent Americans, we appreciate what the intelligence community does. But the very idea that the chairman and ranking member have held this hearing and that you’re having any number of hearings, I think the issue is that we have to do something. We have to do more to be able to ensure the trust of the American people. And I raise these questions in the context of that.
One point that our ranking member made, that if we cannot prove the necessity of this metadata collecting, then why are we necessarily doing it? And then we join with the chairman says that it must show value, but we must also have the premise and the respect for the civil liberties of the American people.
So I pose the first question, that deals with the idea that witnesses have testified in recent hearings that phone record data were queried 300 times last year. How do you define a query, and do you define the necessity of what I call trolling? And someone wanted to have me rephrase that, but the gathering of millions and millions – a metadata gathering. How do you define query, first, but then how do you justify that gathering?
So, first, the court has approved procedures by which we can form a selector. The reasonable, articulable suspicion standard was what we described earlier. And less than 300 times in 2012 we approved a selector for entering the database.
The court also approves what’s called –
REP. JACKSON LEE: So the query is based upon permission by the FISA court.
REP. JACKSON LEE: So the query is made without a warrant. You go by criteria that’s been set and then you make a query and a preliminary oversight, if you will. Is that what you’re saying?
REP. JACKSON LEE: Once you do the query out of the 300, then what are the next steps?
In many cases when a query is performed nothing of consequence turns up – no connections that are untoward turn up, therefore no report would be made.
REP. JACKSON LEE: Let me ask Mr. Cole – thank you very much.
Let me ask Mr. Cole, when does the DOJ become engaged? The FBI of course is the investigatory arm. What is the DOJ’s oversight role more specifically, and how do you utilize the FISA court?
And as you do that, I have introduced bipartisan legislation dealing with the whole issue of the FISA court. It specifically asks for the release and the reporting of non-classified opinions, which I think would contribute more to the trust of the American people. Would the Justice Department consider that, as you answer the question?
GEN. COLE: Thank you, Ms. Jackson Lee.
Certainly we will consider that and work with you in regard to that.
The Justice Department’s involvement here is to first make sure that the provisions of the statute in making the application to the court meet the standards that have been set out under law. So we are in the process of the application and making sure through legal advice that this in fact meets the standards set out by the statute as passed by Congress.
We also engage with the court for any questions that the court may have as to how this will be done, what kind of oversight will be done, what kind of limitations will be done so that we end up with what is a court-authorized system, as described by Mr. Inglis, where we go and make those – have NSA make that determination.
REP. JACKSON LEE: Mr. Cole –
GEN. COLE: We audit as well, the determinations on a random basis to make sure that they are in compliance with what the court has ordered. And if they are not in compliance, we will then report that to the court and then oversee, with the court’s supervision, fixing those compliance issues to make sure that they do comply.
REP. JACKSON LEE: Let me interrupt you so I can just get this last question in to Mr. Inglis. Mr. Inglis – thank you very much.
Mr. Inglis, let me just put this question out. We’ve had a release of data and a suggestion that the release that has been given by an individual that is now traveling around the world, has a dastardly impact on knowing the system of collection of data, in the person of Mr. Snowden. Can you speak generally to the idea of the impact, and can you also express the reason for 70 percent of the intelligence budget being used for contractors? I offer to you 2434 that is asking for a study for that – a bill that I’ve introduced. But I would like to know those two questions quickly, please.
Mr. Litt would like to take the second question on contractors.
There’s another category of contractors which we call core contractors, which are the people who work in the building side by side with us. We have been working very hard to reduce the number of core contractors. I think in the last five years we’ve reduced it by 36 percent. Obviously as a result of what’s happened recently we’re looking again at whether certain categories of employees should not be contractors but should be made government employees.
REP. JACKSON LEE: Mr. Litt, we’ve had this discussion before. I think you need help and I’d like to work with you on the legislation.
REP. GOODLATTE: The time of the gentlewoman has expired and the –
REP. JACKSON LEE: Thank you, Mr. Chairman. I’d like to work with Mr. Litt to get that done and get that more –
REP. GOODLATTE: The time of the gentlewoman has expired.
REP. JACKSON LEE: I yield back.
REP. GOODLATTE: The gentleman from Iowa, Mr. King, is recognized for five minutes.
REPRESENTATIVE STEVE KING (R-IA): Thank you, Mr. Chairman. I appreciate this hearing and the testimony of the witnesses.
And I’d first turn to Mr. Litt. And if I remember in your opening statement you made mention that there was no restriction on foreign intelligence surveillance prior to 1978 and the FISA court. Am I correct on that?
REP. KING: And I would submit that every nation that I know of does foreign surveillance, and I don’t know of other nations that have judicial interference with the national security activity of foreign surveillance. And are you aware of any?
REP. KING: So we’re relatively unique in that. And neither do I understand why we would be concerned about the privacy or the – I’ll say the manufactured constitutional rights of foreign persons in foreign countries communicating with other foreign persons in foreign countries. I don’t know why we’d worry about their privacy. And I don’t know why we’d worry about their privacy if there’s a nexus that might happen to be in the United States, provided it didn’t interfere with the rights of a U.S. person. Would you agree with that?
It’s nonetheless true that we don’t go out indiscriminately, even as to foreigners. We only collect intelligence that has a valid foreign intelligence –
REP. KING: Yeah, I understand the decency of the American people, but are we safer when we have judges deciding what we can surveil in foreign countries when they’re foreign persons?
REP. KING: Yeah, I’m hearing that.
Just another way of asking questions about this – the phone companies collect a lot of data, and it was mentioned that you like to keep that data for five years – the metadata, but some only keep it for a year and a half. If an agreement could be reached with the phone companies to maintain that data for a five-year period of time, the duration that you request, wouldn’t that be a firewall that would be more reliable than having to have the facility to store all that data? And I – certainly, Mr. Inglis.
I think that there are some challenges that could be overcome. The first is that those companies collect that data for their own business purposes, not necessarily for the government’s. And so to rely upon what they hold themselves there would have to be some basis by which you could either compel them or have some confidence that –
REP. KING: A contractual agreement, perhaps?
REP. KING: A contractual agreement, perhaps?
Two, you’d have to have some confidence that you could efficiently, quickly query that data.
REP. KING: Sure.
REP. KING: Can I ask you to take a careful look at that and come back to me with really a serious, reasoned answer? You’re giving me a good answer so far. I’d just like you to dig into it –
REP. KING: Serious?
REP. KING: OK. Well, my clock is ticking down, but I’ll stick with you, Mr. Inglis.
I’m just going to ask this question and it’s not really a hypothetical, but pointed out this way – and I’m going to go through the list, so you’ll have to check on each one and I’ll come back if I need to.
Do we have the ability to not necessarily listen in but track every phone call in the United States? That’s one question.
Second one – do we have the ability to track any email in the United States? Do we have the ability to track website activity – any website activity in the United States? Do we have the ability to enter into active chat rooms and in real time monitor? Do we have the ability to track any electronic debit or credit transaction, including the ATM transaction mentioned by the gentlelady from California? Do we have the ability to locate cell phones that are active? Do we have the ability to track GPS locators, whether they’re on vehicles or other devices?
And then I know my clock is running down, so I want to pour a little more in here.
It’s reported by the Obama campaign that they profiled voters with open-source data and used that data to target voters for turnout and voter suppression. The IRS has used their search engine to target the president’s political enemies.
Now, if we can go this far, if all of these things are happening, if the answer’s relatively yes to this list that I’ve given, then I would charge that it would be likely impossible to drive from Bangor, Maine, to Los Angeles without leaving a data trail in this country. And all of these things can be justified by the Constitution, by statute, by case law. Am I close? And, how would you respond to that big question?
But the National Security Agency, as a foreign intelligence entity, lacks the authority and, frankly, lacks the collection to do the things that are on that list of eight questions.
REP. KING: I’d like to drill into that a little deeper if I had the time. But I thank you and I’ll yield back.
REP. GOODLATTE: The chair thanks the gentleman and recognizes the gentleman from Tennessee, Mr. Cohen, for five minutes.
REPRESENTATIVE STEVE COHEN (D-TN): Thank you, Mr. Chair.
First, I’d like to make a point. One of the previous questioners took the opportunity to attack the administration and said this administration has used the ends to justify the means in many areas. I believe, Mr. Cole, you said that all these programs started under the Bush administration and have not – have not differed from Republican to Democrat. Is that correct?
GEN. COLE: That’s correct, sir.
REP. COHEN: I appreciate your clearing it up. And then, to its – questions of the president and this administration on the IRS, I believe it’s come out that they not only looked at Tea Party but they looked at liberal groups and any group that they felt was more than 50 percent political – to look at in IRS. And it’s wrong to question this president on those issues once the facts have come out to show that it was not a partisan or issue-driven area. And I find – take umbrage on behalf of the administration at such questions and such allegations.
Now, let me ask you this, sir. Mr. Snowden – what security status did he have? He could see anything there that he wanted to? Was he limited in what he had access to?
GEN. COLE (?): Let me put that over to Mr. Inglis.
REP. COHEN: Sure.
REP. COHEN: Generally, how many people – how many people generally are on the same level as he was to access this information?
REP. COHEN: So tens of thousands of people could have done what Snowden did?
Like any organization, NSA has a side of its information architecture that is intended to make information available to people, so that they might discover capabilities, they might find each other, they might pass email to each other. It’s intended to be a free exchange of information. But then there’s a production side that is much more rigorously controlled, and there’s a need-to-know rule, philosophy, on that side.
Mr. Snowden took ruthless advantage of the former and did not have access to the latter, except in some limited circumstances in the training that he undertook in the last few months of his –
REP. COHEN: I asked in a letter and you responded to me – I believe I got it last night – about the background, on the security processing of Mr. Snowden. And I was concerned that a high school dropout – not that there can’t be great high school dropouts – but it shows you can’t meet certain criteria, because basically finishing high school is you’re going to jump through the hoops. The guy wouldn’t jump through the hoops and he’s shown at other place he wouldn’t jump through the hoops, and he wouldn’t do that. That – to put him in that type of top-security level, I think, is questionable.
But it was said that the associate director for security and counterintelligence begins the clearance process. Is any of the work of the associate director for security and counterintelligence contracted out or is that all done by government employees?
REP. COHEN: Does it concern you at all? Should it be contracted out or should that be strictly in-house?
REP. COHEN: And how did Mr. Snowden take this data with him? He’s got certain information in Moscow with him now. Did he – how did he do that?
REP. COHEN: But he would’ve probably taken it on some type of a disc or some type of a little – with him – from a secure facility, I presume.
REP. COHEN: Well, should there not be some changes in the procedures to make sure that people don’t leave that secure facility with discs or anything else?
REP. COHEN: All right. Let me ask Mr. Cole. You mentioned that the judges come from different administrations, the FISA judges. Would it surprise you to know that 10 of the 11 judges all came – were appointed by Republican presidents?
GEN. COLE: These are – it wouldn’t surprise me. It wouldn’t surprise me either way. These are selections that are made by the chief –
REP. COHEN: By the chief justice, who’s a Republican appointee, and he’s picked – 10 of the 11 judges he’s picked were appointed by Republican presidents. Yet if you go back over history, back to Jimmy Carter, it’s about the same number of years. There’s a difference of four – of Democratic and Republican presidents – but he chose Republicans.
Do you think there should be some change to make sure that there’s possibly an ideological balance on that FISA court?
REP. GOODLATTE: You can answer the question. The gentleman’s time has expired, but you can answer the question.
GEN. COLE: I think those are issues that we can discuss – that we try to take partisan politics out of the judicial aspect of it. And it operates, I think, best when it is insulated from that.
REP. COHEN: I thank the panel and I thank the gentleman from the Palmetto State.
REP. GOODLATTE: Thank the gentleman from the Volunteer State.
The chair would now recognize the gentleman from Texas, Judge Poe.
REPRESENTATIVE TED POE (R-TX): Thank the chair.
Thank you for being here. My background is, as the chairman just mentioned, a judge. I spent 22 years at the criminal courthouse is Houston, trying everything from stealing to killing. So I don’t like criminals at all.
But I have looked at the Constitution and read it, and I’m going to just read you one thing, one phrase, that all of you have to know, probably, by memory. It’s the Fourth Amendment: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue” except upon probable cause, “supported by Oath or affirmation,” and particularly describing the place to be seized and searched and the persons or things to be seized.
And as we all know, generally speaking, historically, warrants are brought to judges by law enforcement and the judge signs or doesn’t sign the warrant, issuing the paper to go out and seize that person in that specific place.
Now, I have read that numerous times, and I don’t see in here anywhere as an exception for national security. Do any of you see a national security exemption to the Fourth Amendment?
REP. POE: OK. I just have a little bit of time. I understand your answer. We’re not talking now about foreign intelligence. Let’s set the foreign issue and terrorists overseas where they’re running wild, set that aside. Let’s talk about searches and seizures in the United States of American citizens.
Question: Is there a national security exception to the Fourth Amendment when it comes to American citizens in the United States? Do you see that in the Fourth Amendment, any of you?
We can be collecting foreign – valid foreign intelligence there even though that person is an American. It happens that the Congress in the FISA has established warrant requirements for electronic surveillance and so on. But –
REP. POE: I understand that. But the Fourth Amendment doesn’t give that exemption.
REP. POE: OK. We’re going to argue till the sun goes down. The Fourth Amendment doesn’t mention national security exception when it comes to the Fourth Amendment. That has been expanded throughout the years because of FISA, because of court rulings. But it’s not in the Fourth Amendment.
And I think that we should remember that the Fourth Amendment was written because of what was going on with King George III, how he was going into people’s homes in the United States – the colonies in those days – and seizing things with his Redcoats without a warrant. That’s the basis of it. And I hope we don’t get to a point in this country in the name of national security that we infringe and bruise the Fourth Amendment. I don’t know about any of the four of you –
REP. GOODLATTE (?): Would the – would the gentleman yield?
REP. POE: I won’t, sorry. I don’t know about the four of you, but I have been in the former Soviet Union when it was – we can’t use this word anymore – “communistic.” And I was there. And the actions of the citizens were constantly under surveillance by government. And anything that was done, the government would say: We’re doing this for national security reasons, because of those bad old Americans overseas. We go into your homes, we bruise the concept of rights all in the name of national security. That concerns me. And I hope as we move forward as a Congress we reign in the concept that it’s OK to bruise the spirit of the Constitution in the name of national security.
Question – people who have had their – the law NSA violated – that – I think Snowden – I don’t like him at all, but, you know, we would have never have known what happened if he hadn’t have told us – do they have a recourse against the government for improperly (sic) seizure of their records? Is there a recourse?
REPRESENTATIVE TREY GOWDY (R-SC): You may answer the judge’s question. His time has expired, but you may answer the judge’s question.
GEN. COLE: It depends on the nature of that – of that seizure, depending on where they came from. For example, if it comes from a third party, it’s not necessarily their records, but the phone company can certainly challenge the subpoenas. And if it was to be used against them in a court, they would be in a position to be able to challenge that use.
REP. POE: I thank the chairman. I have other questions I’d like to submit for the record for the full panel.
REP. GOODLATTE: And I am confident that one of your colleagues will yield you time, Your Honor, since you made it known that you want it. And if they won’t, I’ll give you mine.
The chair will now recognize the gentleman from Georgia, Mr. Johnson.
REPRESENTATIVE HANK JOHNSON (D-GA): Thank you, Mr. Chairman.
Mr. Cole, to follow up on some of the principles that you were just talking about, are you familiar with the case of State (sic) v. Maryland back in 1979, U.S. Supreme Court –
GEN. COLE: Smith v. Maryland?
REP. JOHNSON: – yes –
GEN. COLE: Yes, I am, sir.
REP. JOHNSON: – having to do with telephone records, is that correct?
GEN. COLE: That’s correct – that’s correct.
REP. JOHNSON: And the question was whether or not there was a Fourth Amendment privacy interest in telephone records held by the telephone company.
GEN. COLE: That’s correct. That was the issue.
REP. JOHNSON: And how did the court rule on that issue?
GEN. COLE: The court ruled that there was no reasonable expectation of privacy in those records because they really belonged to the telephone company; they didn’t belong to the individual who they related to.
REP. JOHNSON: Now, is that case applicable to the case – or to the issue of collection of metadata?
GEN. COLE: Yes, sir, it is.
REP. JOHNSON: All right. And so it was the collection of metadata, domestic-to-domestic phone calls metadata, not content but metadata – domestic-to-domestic, domestic-to-foreign, foreign-to- domestic – is that correct?
GEN. COLE: That’s correct. That’s the metadata that we’re talking about here.
REP. JOHNSON: That is the program that Edward Snowden revealed, is that correct?
GEN. COLE: That is correct.
REP. JOHNSON: And he also revealed a program called the PRISM program, isn’t – is that correct?
GEN. COLE: That is correct.
REP. JOHNSON: The PRISM program was a program that enabled the collection of Internet metadata, not content, is that correct?
GEN. COLE: No, that’s not correct.
REP. JOHNSON: That is not correct, OK. Explain to me what the PRISM program –
GEN. COLE: PRISM – and I can defer to some of my colleagues if I get any of this wrong – PRISM was under the 702 provision, which allows collection of content, but it’s only content of non-U.S. persons who are reasonably believed to be outside of the United States.
REP. JOHNSON: OK. So that is the PRISM program, which collects data, including content, from foreign communications, and then there is a minimalization process of eliminating domestic-to-foreign or foreign-to-domestic communications that were not relevant to national security, is that correct?
GEN. COLE: That’s generally correct – or some serious impending death or something like that if there is an emergency. But generally that’s correct.
REP. JOHNSON: Now, that program – certainly we don’t want our adversaries to know of what we’re doing to watch them and to surveil them, foreign intelligence collection. We certainly don’t want that to be exposed to the public.
GEN. COLE: No, sir, we do not.
REP. JOHNSON: We need that to be kind of secret. But with respect to the data collection of domestic-to-domestic metadata, why is it necessary that the American people not know of that program? Why is it that that program has to be confidential, classified, secret?
GEN. COLE: I wasn’t there at the time that it was classified, but I can give a little bit of speculation. The more people know about the way we go about trying to identify terrorist networks, the more they will avoid the kinds of ways that we use to do that. They may start to avoid communicating through phones.
REP. JOHNSON: If they can’t communicate through phones and can’t communicate over the Internet, what will they do? Take a can on end and put a string through it and a can on the other end? Well they communicate like that?
GEN. COLE: Well, it may be more difficult for them to communicate, but they may find other ways or other mechanisms or other avenues to do it.
REP. JOHNSON: Well, it’s always going to be a cat-and-mouse game in that regard.
GEN. COLE: That’s correct.
REP. JOHNSON: The American people, in my opinion, should know of the activities that affect them. The collection of telephone metadata is not personal information. However, the government collecting this information and creating this database with which it can then use to investigate information that is acquired from foreign sources related to national security, a terrorist act, the American people may conclude that they want their government to collect that data.
But if they don’t know that the government is collecting the data, then they – and then they find out after it’s leaked by someone who thinks that it’s illegal, they find out in that way and then they start to lose confidence in their government. Is that the situation that we find ourselves in today, anyone?
REP. GOODLATTE: The gentleman’s time has expired. You may answer the question.
GEN. COLE: This –
REP. JOHNSON: And by the way, I’m a former judge, too. (Laughter.)
REP. GOODLATTE: Your Honor, had I known that, I would have addressed you appropriately. Please accept my apology, Your Honor.
REP. JOHNSON: Thank you, Mr. Chairman.
GEN. COLE: I think that’s always the kind of issue that we wrestle with, which is the issue of trying to balance the need to protect the secrecy of some of these programs so that they will be effective with that need to be as transparent as we can about it, because that’s the kind of society we live in, where people participate in the decisions of government. So those are always difficult balances to find. And that’s the one we’re trying to find and we find ourselves in right now.
REP. JOHNSON: Thank you.
REP. GOODLATTE: Thank you, Judge Johnson.
The chair would now recognize the gentleman from Idaho, Mr. Labrador.
REPRESENTATIVE RAUL LABRADOR (R-ID): Thank you, Mr. Chairman.
You know, I think more important than balancing those needs is to balance our liberties with our security. And I think that’s what we’re all concerned about today. We’re looking at a system that is allowing the government to collect everybody’s metadata. And you know, just recently I had the opportunity to travel through a series of countries and I won’t mention which country it is.
But I was told before I went to that country that it was a police state. And I had heard that term my entire life. I had never really understood what it meant. I had heard about the USSR and other nations that were constantly surveilling their citizens and the people who visited that country. And I had never experienced what I experienced when I was there, where I actually felt literally like I was being observed in every place that I went. And the place was very secure. The place was very safe. There was very little crime. There was very little few things happening. But it was because people had given up their liberty in exchange for security.
And I think that’s what this committee, and I think what most Americans are concerned about – that we’re going to give up our liberties in exchange for security. So, I just have a few questions.
Mr. Litt, you said in your introductory statement that this was not a rubber stamp – that the judges were not a rubber stamp. But I had a hard time following your argument because your argument seems to be that because the judges are actually reading the material, it is not a rubber stamp. That seems to be a nonsensical argument to me. I can either rubberstamp something by reading the material or not reading the material. That doesn’t seem to be a determination of whether somebody’s rubberstamping something. It seems to me that the difference – I was a criminal defense attorney, never a judge, just a criminal defense attorney.
REP. GOODLATTE (?): There’s still time, sir.
REP. LABRADOR: No, thank you. (Laughter.)
And it seems to me that there’s always a check and balance on the power of the government. Even when you go get a warrant, when something happens, you still have an adversary on the other side who can contest it in court, who can contest it in hearings, who can contest all those things. But that’s not happening in the FISA court. How can we address that?
REP. LABRADOR: OK.
REP. LABRADOR: And I understand that. But let me stop you there. And again, like Judge Poe just a minute ago, I’m not so worried about Section 702. I’m not so worried about foreign intelligence. I’m worried about you’re gathering my information. It’s my personal data that right now the United States has. And I’m concerned about that. I’m concerned about you having the data, the metadata of every single American.
And I think there should be some mechanism for us to be able to counter whatever the – you know, and I have all the respect for judges. I served, you know, as a lawyer for 15 years. They were usually right and I was usually wrong, or at least I would tell them that. (Laughter.)
And I have a great respect for the legal system, for the judicial system – judiciary system. But I am concerned when you don’t have somebody on the other side advocating for the rights of citizens of the United States. And it’s something that we need to discuss here in this committee and we need to figure out.
Now, let’s go to Smith v. Maryland. Mr. Cole, you mentioned Smith v. Maryland. It’s totally not an analogous case, I believe, to what we’re talking about here. What, in the FISA statute or in the Patriot Act, allows you to collect the data of every single American? That’s not what I’m understanding because even if you follow Smith v. Maryland, you’re talking about one individual who was suspected of committing a crime. And now, you’re telling me and we have just recently learned that we are collecting the metadata of every single American, and that concerns me.
GEN. COLE: I think there’s two different issues that are involved here. Smith v. Maryland only goes to the issue of whether the Fourth Amendment applies to this kind of data, not whether the Fourth Amendment prohibits or allows the kind of collection under 215. That’s a separate issue. And that’s governed by the provisions of the statute, of Section 215, which requires that in order for a court to approve the collection methods being put forth, it must have demonstrated to it that it is relevant to the investigation of these specified groups.
The relevance is found in the combination of the two orders. The limitations first – where the court says you can’t just roam through this any time you want for any purpose you want, any day you want, any time you want. That cannot be done. You must find reasonable articulable suspicion that the number you want to query is related to one of these terrorist groups –
REP. LABRADOR: And I – and I understand –
GEN. COLE: Only then –
(Cross talk.)
REP. LABRADOR: – my time has expired. But I think that determination has to occur before you collect the data, not after you collect the data. And I think that’s what’s wrong with what you guys are doing at this time. But I appreciate your service. I appreciate you being here today.
REP. GOWDY: I thank the gentleman from Idaho. The chair would now recognize the gentlelady from California, Ms. Chu.
REPRESENTATIVE JUDY CHU (D-CA): Thank you, Mr. Chair. I was listening to the steps that you outlined for actually doing a query for the metabase – metadata. And you were describing it as a way of showing what kind of constraints you use on this information.
So Mr. Inglis, I’d like to ask this. It sounds to me like, first, you have determined that the phone numbers of all the American people is relevant. Then, in order to actually query the database, you have to establish reasonable articulable suspicion. And in order to do that, you have said that 22 people at NSA can approve the query.
I wonder, why is it that these 22 people have this power? They appear to be acting like court judges. And why would they be performing the job that the FISA courts were set up to do? In other words, shouldn’t the agency go to a FISA court to seek to retrieve data from third party database when they actually have need of specified information? And, who are these 22 people?
GEN. COLE: The only issue that I would take some differing with what you – how you describe it is by saying that you first have to define or find that all of those records are relevant. This is a combination of two different court orders that come together and they have to be read together as you look at this. So it’s not just one or the other. It is a whole program that is put together and presented to the court with the limitations and the oversight and the restrictions on how it can be accessed. Only with all of those considered as a whole does the court then make the relevancy determination.
REP. CHU: Well then let me continue on with the description that you gave with regard to how you proceed along these lines which is that after they approve it then it appears that after the fact you have an audit and then you file papers with the court on this audit and then the Department of Justice reviews it.
GEN. COLE: It’s not exactly in that order. And again, Mr. Inglis can correct me if I’m wrong. There is the documented reasonable articulable suspicion that takes place ahead of time. That is then reviewed again by supervisors ahead of time to make sure that it is being done properly and the standards are being applied properly. The query is then made.
On a periodic basis, the Department of Justice and the Office of the Director of National Intelligence, the inspector general for NSA all sample and look at these things to make sure that in fact it’s being applied properly and that it’s being done properly and that there aren’t any misapplications of it. And there are periodic reports that go to the court on any compliance problems. We have to talk about every 90 days getting renewed authority.
And when there are any issues that come up and any problems that are discovered, they’re reported to the Congress and to the Intelligence and Judiciary Committees as well. so there’s a lot of different checks and balances and audits that go on both before the query is made as well as after the query is made. And if there’s problems found with the query, then that’s all fixed, and whatever is collected is remediated.
REP. CHU: Well, my concern with regard to this second half is that it is retroactive and it seems that more of the protection should be on the first half of these steps that you’re talking about. And are those documents – with regard to your DOJ reviews of the queries, are those available to this committee?
GEN. COLE: I would imagine that those would probably be classified documents. I’d have to go back, but that’s – certainly would look at the facts that we have and how we get them and what the nature of them is. So my guess would be that those would be classified.
REP. CHU: Are they – well, you said they were reviewed by Congress, but where?
GEN. COLE: I think that the review takes place. There are reports that are made. When leadership of the committee or other aspects of the committee want briefings in classified settings, those are arranged as well.
REP. CHU: Well, let me ask also about the issue of court documents. I understand that secrecy is essential when conducting any intelligence investigations, but we have to ensure that these efforts are working within the legal framework of the Constitution. We learned earlier this week that a FISA court agreed to declassify documents from a 2008 case in which Yahoo! raised concerns about NSA’s data collecting program, and other requests have been filed by companies that are in similar situations. What is the harm in releasing this type of information? Shouldn’t the American public be informed about how this type of information is collected and used? And why couldn’t you redact the information that is of security concern?
REP. GOWDY: You may answer the questions. The gentlelady’s time is expired, but you may answer her questions.
GEN. COLE: I think we all agree that that’s something that should be done. It’s difficult to do because frequently the classified information is fully intertwined with the legal analysis, but we recognize that it’s our obligation to make as much of this available to the public as we can, and we’re working as hard as we can to accomplish that.
REP. CHU: Thank you.
REP. GOWDY: Thank the gentlelady from California.
The chair would now recognize the gentleman from Texas, Mr. Farenthold.
REPRESENTATIVE BLAKE FARENTHOLD (R-TX): Thank you, Mr. Chairman.
I don’t know where to start here. I’ve got so many questions.
I guess I’ll start with Mr. Cole. Is there – do you see any limitation under the Fourth Amendment or the Patriot Act on the government’s power to gather information en masse on people?
GEN. COLE: Yes, sir, I see many limitations from both the Fourth Amendment and from the Patriot Act and from the FISA act. There are many, many limitations that are put in and many, many checks and balances, both through the United –
REP. FARENTHOLD: All right, so let’s go over a couple of those. I assume you’d have to go to the FISA court and those are the – one of the checks and balances. Could you go to the FISA court and argue that you had a right to obtain, say, either an individuals or a groups – or every American’s tax return? Could you argue that with a straight face?
GEN. COLE: Well, I think they –
REP. FARENTHOLD: I’ve got a long list of them. Yes or no?
GEN. COLE: An individual’s tax return? There are separate laws that cover the acquisition of tax returns –
REP. FARENTHOLD: All right, so you could get tax returns. Could you get at somebody’s permanent record from school?
GEN. COLE: If it was relevant to the investigation, you could go to the FISA court and ask them –
REP. FARENTHOLD: OK. Could you get – could you get somebody’s hotel records?
GEN. COLE: If it was relevant to the –
REP. FARENTHOLD: Could you get records of everybody who stayed in a particular hotel at any time?
GEN. COLE: If you can demonstrate to the court that it is relevant to the investigation –
REP. FARENTHOLD: OK. Could you get – you could get my Visa and MasterCard records?
GEN. COLE: If I can demonstrate to the court that it was relevant –
REP. FARENTHOLD: All right. Could you argue with a straight face, you could demonstrate the court to create a database of everybody’s Visa and MasterCard, every financial transaction that happened in the country? Does Visa and MasterCard only keep those for a couple of years?
GEN. COLE: Mr. Farenthold, that’s all dependent on exactly what I’m investigating and what the relevance of the information would be and how it would be used and how it would be limited.
REP. FARENTHOLD: Could you get –
GEN. COLE: All of those have to go into it. It is not a simple yes or no, black or white issue. It’s a very complicated –
REP. FARENTHOLD: Could you Google search it?
GEN. COLE: I’m sorry, sir?
REP. FARENTHOLD: Could you get all those searches I made on a search engine?
GEN. COLE: Again, it would depend. I’d have to make a showing to the court that that kind of information was relevant to the investigation.
REP. FARENTHOLD: All right. Could you – could you get all Google searches and then come back and say we’re going to search them later when we’ve got that information?
GEN. COLE: It would depend on the way that I would be able to search them. And again, under 215 of this statute that we’re talking about, it’s only if I can show that it’s related to specific terrorist organizations. It’s not for any –
REP. FARENTHOLD: You could get data from the phones, too, probably?
GEN. COLE: I’m sorry?
REP. FARENTHOLD: You could probably make a good argument for getting the GPS data out of my phones or the mapping software I use on my phone, too.
GEN. COLE: Again, there’s great limitations on how I can do that, and only if it is relevant to an investigation of those specific terrorist organizations.
REP. FARENTHOLD: All right. But how is having every phone call that I make to my wife, to my daughter, relevant to any terror investigation?
GEN. COLE: I don’t know that every call you make to your wife or your daughter –
REP. FARENTHOLD: But you got them.
GEN. COLE: I don’t know that they would be relevant, and we would probably not seek to query them because we wouldn’t have the information that we would need to make that query.
REP. FARENTHOLD: But, you know, somebody like Mr. Snowden might be able to query them without your knowledge.
GEN. COLE: I don’t believe that’s true, but Mr. Inglis could answer that. I don’t think he would have access to that or be able to do it.
REP. FARENTHOLD: OK.
REP. FARENTHOLD: All right. That’s slightly reassuring.
The Fourth Amendment specifically was designed, as Judge Poe pointed out, to prohibit general warrants. How could collecting every piece of phone data be perceived as anything but a general warrant?
GEN. COLE: Because the phone data, according to the Supreme Court, is not something within which citizens have a reasonable expectation of privacy. It belongs to the phone company.
REP. FARENTHOLD: Do I have an expectation of privacy in any information that I share with any company – my Google searches, the email I send? Do I have a reasonable expectation of privacy in anything but maybe a letter I hand-deliver to my wife in a SCIF?
GEN. COLE: Those are all dependent on the facts and circumstances of the documents we’re talking about. In the case of metadata, the Supreme Court specifically ruled that there was not coverage by the Fourth Amendment because of no reasonable expectation of privacy.
REP. FARENTHOLD: I just want to point out how concerned I am about this data being so easily available, and just with a stroke of a pen Congress and the president could change the search criteria as to what’s circular, change the definition of a terrorist or search the – the fact that this data exists in the hands of the government – we saw what the IRS has done with tax returns, targeting people for political belief.
Let me ask you one other quick question. Why do these orders not violate the First Amendment? We’ve talked a lot about the Fourth Amendment, but why doesn’t it violate the First Amendment, my right to freedom of association and my freedom of speech, having the government know who I’m talking to and when?
GEN. COLE: Again, these are issues that are looked at by the court in determining whether any constitutional rights are involved. We don’t know who it is that has this specific phone number that’s being called.
REP. FARENTHOLD: And you can’t look that up on one page of the Internet?
I yield back.
REP. GOWDY: The gentleman’s time is expired.
The chair would now recognize the gentleman from Florida, Mr. Deutch.
REPRESENTATIVE TED DEUTCH (D-FL): Thank you, Mr. Chairman.
Mr. Chairman, like many Americans I was shocked by the revelations that the NSA has been secretly collecting phone records, Internet data on millions of Americans, thanks to the lawfully issued warrant approved by the Foreign Intelligence Surveillance Court, often called the FISA court. Many members of Congress, myself included, were left completely in the dark about the extent of the NSA’s data mining program, and I worry about the balance between legitimate national security needs and the constitutionally protected rights of all Americans.
The government is stockpiling sensitive personal data on a grand scale. Intelligence officers, contractors and personnel only need a rubber stamp warrant from the FISA court to then learn virtually everything there is to know about an American citizen.
The American people have a right to know about this program and at the very least know that such a program is operating within our system of checks and balances. I believe Congress has a constitutional obligation to protect individual privacy rights, and I believe it’s time to reexamine the Patriot Act, insert greater accountability into the FISA court, and ensure that our laws cannot be interpreted behind the backs of the American public.
With this hearing this committee has begun this important work of oversight and repair, and I thank the chairman and the ranking member for calling this hearing. I thank the witnesses as well for participating.
Mr. Cole, I want to ask you about the October 2011 letter sent by then-Assistant Attorney General Ronald Weich to senators Wyden and Udall regarding Section 215. The disturbing information that senators Wyden and Udall learned, however, was classified and was thus kept from the American public and even most members of Congress.
Now, Mr. Weich seemed to imply in his response to Senators Wyden and Udall that because Congress – or at least the select number of members of Congress, anyway – received intelligence briefings in accordance with the Patriot Act that there’s no cause for alarm that the government was using some sort of secret law – secret law to expand its surveillance activities.
Now, the Patriot Act was passed in response to the horrific attacks on 9/11, designed to bolster national security by expanding the investigative techniques used by the government and law enforcement officials to hunt down suspected terrorists, something that we all agree is important. But Section 215 had a standard of relevance, and there had to be concrete information linking a person to a terrorist organization before the NSA could secure that person’s information.
Instead what we’ve learned is that the FISA court has essentially rewritten Section 215 to say that any and all persons’ records may be considered relevant, therefore allowing the NSA to indiscriminately collect sensitive data on all Americans.
The fact is, in 2012 the government made 1,789 requests to conduct electronic surveillance. The court approved 1,788. The government withdrew the other.
Now, as a member of Congress who was not privy to those intelligence briefings, I had to accept Mr. Weich assurance that there’s no secret law. But in the aftermath of these recent leaks, however, it seems that there may be secret laws; laws not passed by Congress, laws not publicly interpreted by the Supreme Court, but rather secret laws borne out of a classified interpretation of the Patriot Act by the FISA Court.
The New York Times recently reported that the FISA court has quietly become almost a parallel Supreme Court, serving as the ultimate arbiter on surveillance issues, I would point out, with only the arguments of the federal government alone to be considered.
Now, even a former FISA judge has come forward with concerns that the body has become a de facto administrative agency, which makes and approves rules for others to follow.
Now that it’s become public that FISA courts have broadly, perhaps even unconstitutionally, redefined the relevance standard in Section 215, is it still the department’s position that the government isn’t essentially operating with a secret playbook?
GEN. COLE: Mr. Deutch, I don’t think we’re operating with a secret playbook. There is, again, as we’ve discussed in many instances in our hearing today, the tension that exists between maintaining the integrity and the secrecy of some of the national security investigative tools that we use and making sure that people know about it.
We have, in the course of the reauthorization of the Patriot Act, on several occasions done classified briefings, made individual –
REP. DEUTCH: Mr. Cole, I’m sorry to cut you off, but I only have a second left. Let me just broaden the question, then, for a second, because I’m speaking about these decisions that the FISA courts make as the supreme arbiter of this law. And stepping back for a moment, at a more basic level, does the panel understand why the American people may find this revelation shocking, that secret court rulings could expand the powers of the federal government beyond perhaps what was originally authorized by law, and that an entire chapter in our laws is being written outside of the three branches of government altogether?
GEN. COLE: I think, again, this is an area where we are looking to see what kinds of opinions from the FISA court we can make public. These are things that we are trying to do and trying to go through. All significant opinions and all significant pleadings that have been filed with the FISA court are made available to the committees, to the Intelligence Committee and the Judiciary Committee, so they can see them.
We’re not trying to keep them secret. We’re just trying to maintain the classified nature of some of these. But these are issues that we’re trying to grapple with and trying to determine what we can let out so that we can have this broader discussion.
REP. GOWDY: I thank the gentleman from Florida.
The chair would now recognize the gentleman from North Carolina, the former United States attorney, Mr. Holding.
REPRESENTATIVE GEORGE HOLDING (R-NC): Thank you, Mr. Chairman.
In a different professional capacity, I successfully used FISA warrants to investigate, disrupt and prosecute terrorists and terrorist acts. And I can attest that not only are they effective, but there are very high burdens and hurdles to use FISA warrants, and they are significant.
But I want to step, for the few moments that I have, outside of the prosecution of terrorism and the investigation of terrorism and just talk about the use of telephone records in everyday garden- variety criminal cases, whether they are public-corruption cases, fraud cases, drug cases.
And Mr. Cole, I’ll direct my questions to you. If you could step through for us how the Department of Justice prosecutors and investigative agencies obtain telephone records, just in garden- variety cases, and how they’re ultimately used.
GEN. COLE: There’s two different ways we do it, pursuant to the law. Historical telephone records that exist for prior calls we can get with grand jury subpoenas in a normal criminal case. Those can be issued by a prosecutor, delivered to the telephone provider, and ask for a range of data –
REP. HOLDING: So no judicial involvement; just a grand jury involvement.
GEN. COLE: There’s no judicial involvement; just the grand jury involvement. And the prosecutor defines the scope and the nature and the numbers that are involved.
REP. HOLDING: So it could – the prosecutor could request telephone records going back as long as they want to, and the only limitation being does the telephone company still have those records.
GEN. COLE: There would be one additional limitation. The telephone company could challenge the subpoena as being overly burdensome and irrelevant to any reasonable investigation. And the court could take that up, which would be in a sealed proceeding because it’s a grand jury proceeding, so it wouldn’t be public.
REP. HOLDING: And what would the standard that the judge be using to evaluate the motion to quash?
GEN. COLE: Generally relevance to the investigation.
REP. HOLDING: So the Fourth Amendment doesn’t come into play there.
GEN. COLE: Not for telephone records, it does not.
REP. HOLDING: And this is available to prosecutors, federal prosecutors, across the country.
GEN. COLE: Yes, it is.
REP. HOLDING: And the only showing that they have to make to the grand jury is what, that it’s relevant?
GEN. COLE: That it’s relevant.
REP. HOLDING: And once you have gotten the telephone records and it shows, let’s say, hits between the person, the subject that you’re investigating and a relevant other person in the investigation, then what do you do to start listening to those telephone calls?
GEN. COLE: Well, if we wanted to listen to any telephone calls, then that would obviously be just telephone calls that would start happening into the future. We would have to go to the court and seek authorization under Title III of the U.S. Code to get a wiretap. And we would have to show probable cause to believe that, in fact, the person talking on the phone was involved in criminal activity and that, through that phone, they were discussing criminal activity. And we would obtain evidence of that criminal activity by listening to the call.
GEN. HOLDING: Would you hazard to make a case of how many wiretaps are in use on a daily basis?
GEN. COLE: I couldn’t hazard a guess, but there are a fair number of them.
REP. HOLDING: Hundreds, perhaps?
GEN. COLE: Probably.
REP. HOLDING: As far as my friend, Mr. Scott, was talking about, you know, if you find evidence of some other criminal conduct during an investigation, let’s say during a Title III wiretap, you know, you’re investigating one crime. You hear a conversation that suggests that another crime is being committed. Are there any limitations on use?
GEN. COLE: Generally not, other than the restrictions on how you can use wiretap information. There’s restrictions on that and the secrecy that’s involved in those and the protection of innocent calls. But generally you can use that information as it relates to other criminal conduct, according to the rules of procedure and the law.
REP. HOLDING: So my takeaway, you know, having heard you describe in detail how the 215 program works and the 702 program works, the restrictions and limitations on use from those two programs is much more restrictive and limited than what prosecutors and law enforcement are using on a daily basis throughout the United States, investigating garden-variety crimes being committed by U.S. citizens.
GEN. COLE: In the main, there are some differences here and there. For example, the burden to get a wiretap may be a higher burden than for 702 coverage, but it certainly – and it – but it’s a different burden if we wanted to do a FISA for somebody in the United States. That would be, again, a probable-cause standard, but probable cause that they’re involved in foreign intelligence.
GEN. HOLDING: Thank you very much.
I yield back.
REP. GOWDY: Thank the gentleman from North Carolina.
The chair would now recognize the gentlelady from Washington, Ms. DelBene.
REPRESENTATIVE SUZAN DELBENE (D-WA): Thank you, Mr. Chair.
And thank all of you for being here today.
Last month, when Director Mueller appeared before this committee, I stated that I agree with those who believe that greater transparency about the requests the governmental entities are making to Internet companies and providers will help inform the discussion that we’re having on balancing national security with privacy rights and civil liberties.
One of the questions that I asked the director was how the FBI and the Department of Justice will respond to the request by Google that it be permitted to provide reports of the number of FISA national-security requests it receives, as well as their scope. And at the time, Director Mueller noted that this was being looked at.
And so I was wondering, Mr. Cole, if you’re able to share with us what the response is to this request.
GEN. COLE: Unfortunately, this is a matter that is currently before the court in litigation, so I can’t say too much about it other than to reiterate what Director Mueller said, which is this is a matter that we are, in fact, looking at and take seriously.
REP. DELBENE: Now, we do have some data that is out there already, because in March of this year, Google worked with – I believe Google worked with the DOJ and the FBI did disclose in broad strokes the number of national security letters that Google received. Correct?
GEN. COLE: That’s correct.
REP. DELBENE: And so we do have some information. Do we know whether that information that was released has had any impact on national security?
GEN. COLE: Generally, it’s hard to tell unless you have a substantial period of time afterwards as to whether or not it has an impact. So we haven’t had enough time yet.
REP. DELBENE: OK. Thank you.
The public also now knows that the telephone metadata collection is under Section 215, the Business Records provision of FISA, and that allows for the collection of tangible things. But we’ve also seen reports of a now-defunct program collecting email metadata. With regard to the email metadata program that is no longer being operated, can you confirm that the authority used to collect that data was also Section 215?
GEN. COLE: It was not. It was the Pen Register Trap and Trace Authority under FISA, which is slightly different, but it amounts to the same kind of thing. It does not involve any content. It is, again, only to and from. It doesn’t involve, I believe, information about identity. It’s just email addresses. So it’s very similar, but not under the same provision.
REP. DELBENE: And could you have used Section 215 to collect that information?
GEN. COLE: It’s hard to tell. I’d have to take a look at that.
REP. DELBENE: Because I think it’s important for us to know whether or not there’s any limitations on the types of information within Section 215 that prevent you from collecting, whether it’s email metadata or GPS and geolocation information, et cetera, and how broad is that authority.
GEN. COLE: Again, it’s only as broad as what the courts can find under 215 that is relevant. But there’s different authorities in FISA, so we’d have to look at see how those all work together.
REP. DELBENE: Mr. Litt, were you going to –
REP. DELBENE: Although you could argue that geolocation information may also be existing, and would you consider that to be metadata as well?
REP. DELBENE: But you understand it’s important for us to know what the breadth and limitations are, as we look at policy. And clearly there’s some confusion here right now, so we need to understand how it’s being used and what information might be collected so we can make sure (intent’s delivered ?) appropriately.
So I agree with the president’s view that we need to set up a national conversation on balancing privacy and security, but in order to have that conversation, have a productive conversation, we need information that’s going to help fuel that conversation – information like the breadth of Section 215, et cetera. And so I hope we can continue that and have – and get access to more information so that we can have a productive discussion going forward.
And thank you for your time. I yield back.
REP. GOWDY: Thank the gentlelady from Washington.
The chair would now recognize the gentleman from Texas, Judge Gohmert.
REPRESENTATIVE LOUIE GOHMERT (R-TX): Thank you, Mr. Chairman.
In answer to some of the other questions, you provided an adequate defense. The trouble is we have seen the abuses of government. We’ve seen the gathering of data. And I can tell you, from having been here, not when the Patriot Act was passed originally, but when it was extended back in my first term in Congress. It got down to where there were only two Republicans demanding any type of safeguards, I thought, and there were two of us that wanted sunsets. I was the one that argued for 25 minutes in a 30-minute pre-hearing meeting, demanding sunsets. And then my friend, Dan Lungren, had the amendments and we got at least two sunsets, on 206 and 215.
And the argument I made for 25 minutes that turned my colleagues, Republicans, around in our meeting was I’ve seen how there can be violations of due process if everyone is not very diligent. And we need the safeguards in order to have proper oversight. And what we’ve seen and what’s been disclosed of the monitoring scares me.
We’ve had hearings in this room. People like Jerry Nadler have argued about the dangers of government having too much information. And from my experience as a judge and chief justice, with state judges and federal judges and having practiced before a very conservative federal judge named Bill Steger and a very liberal judge named William Wayne Justice, I couldn’t imagine anybody granting the kind of orders we’ve now seen granted – just a blanket summary. Go – I mean, go get all of these phone records.
And I understand the assurances, “No, we don’t have names with them.” But isn’t it true that you can go on public or private data, any individual, and secure the names for different numbers? Isn’t that true?
GEN. COLE: There are ways to secure the names for any number of numbers. Maybe not every single one.
REP. GOHMERT: Well, and I recall back in 2002 as a chief justice at a conference getting into a debate with a CIA lawyer who was arguing, look, banks have all your financial records; why shouldn’t the government? And I was pointing out – (chuckles) – (as a conservative ?) – it’s because banks can’t show up at your house, put you in handcuffs, throw you to the ground and drag you off to jail, which has been done by the government. So there is an important distinction.
And then we find out that though m any of us opposed it, the Consumer Financial Protection Bureau has been gathering information on everybody’s financial records, but they say the same thing that most of you are saying; look, we’re not putting the names with it. But isn’t it true that the federal – that even the NSA can get access to the information gathered by the Consumer Financial Protection Bureau?
REP. GOHMERT: But you’re entitled to go – I mean, we’ve had this debate in here. You’re entitled to go on the Internet or go to private sources that any private citizen could and gather that information without violating any constitutional rights, isn’t that correct?
REP. GOHMERT: But if you can gather the information that a private individual could and couple that with information that only the federal government, we’re now learning, is gathering, then it really constitutes a grave threat to privacy. The –
By the way, the Consumer Financial Protection Bureau said this; their director said this in testimony before Congress. The bureau has also issued regulations that limit the circumstance in which it may disseminate internally, share with other agencies, or disclose to the public confidential information. Share with other agents. So they know they can share with other agencies, if another agency or they feel it’s helpful.
This begins to be a little scary, and the justification we get seems to be, well, but look, there are a handful of cases we have – where we have avoided terrorism by really gathering all this private information. And it makes me think, how many times could King George III have argued that? Look, by putting officers in every one of your homes that we were uncomfortable with, we ended up being able to avoid a couple of problems of violence. We don’t want people in our homes, and that includes the federal government watching through a big eye, through our computers.
And I appreciate your being here today. Thank you.
REP. GOWDY: Thank the gentleman from Texas.
The chair would now recognize the gentleman from New York, Mr. Jeffries.
REPRESENTATIVE HAKEEM JEFFRIES (D-NY): Thank you, Mr. Chair.
Mr. Cole, am I correct that it’s your position and the position of everyone on the panel that the telephone records of essentially hundreds of millions of Americans in the form of metadata, as has been discussed today, is relevant to a national security investigation?
GEN. COLE: They are relevant when they are only queried under the limitations that are described by the court, where you have to have reasonable, articulable suspicion that it’s connected to some terrorist matter and investigation.
REP. JEFFRIES: So fundamentally, it’s your position that they’re relevant because the court, the FISA court, has articulated a set of criteria by which further inquiry can be undertaken. Is that correct?
GEN. COLE: They are, and they’re relevant because you have to have the – it’s the old adage of, if you’re looking for the needle in the haystack, you have to have the entire haystack to look through. But we’re not allowed to look through that haystack willy-nilly – (inaudible).
REP. JEFFRIES: Right. Now, in terms of looking through that haystack of these phone records that are acquired, based on reasonable, articulable suspicion, am I correct that it’s 22 NSA individuals who are authorized to make the determination of reasonable, articulable suspicion? Is that right?
GEN. COLE: I’ll give that to Mr. Inglis to give you the numbers.
REP. JEFFRIES: OK. So these individuals don’t have to go back to the court in order to determine whether they can move forward with a more invasive inspection of the phone records of the Americans contained in the database that you’ve acquired? Is that correct?
GEN. COLE: They use the rules of the court to make the limited query that the court –
REP. JEFFRIES: Right, they’re using the rules of the court, but they’re making the determination, not the court, as to the invasiveness of the further inspection, am I correct?
GEN. COLE: On a case-by-case basis, they determine the (selection ?).
REP. JEFFRIES: OK. Now, Mr. Litt, you’ve indicated that in your view, the FISA court is not a rubber stamp, correct? That was your testimony?
REP. JEFFRIES: And I think in response to the distinguished gentleman from Idaho, you said, well, it’s not a rubber stamp because they read, they ask questions, they push back; there’s careful study and analysis. Is that an accurate characterization of your testimony?
REP. JEFFRIES: OK. Now, we just had a baseball All-Star Game yesterday, and of course, we know, you know, nothing is as American as baseball and apple pie. And if you think back on the history of baseball – I just took a quick look – I’m a baseball fan myself – Stan “The Man” Musial, a great hitter from St. Louis – his batting average lifetime was close to being in the top 25, .331, Stan “The Man” Musial. Babe Ruth, 10th all time – his lifetime batting average was .342. Ted Williams, the great lefty from the Boston Red Sox – his lifetime batting average was .344. Ty Cobb, “The Georgia Peach” – I may disagree with some of his views on social justice issues, but he was a great hitter – the number-one hitter of all time – 0
REP. JEFFRIES: – based on average – .366.
REP. JEFFRIES: Pretty impressive though.
REP. JEFFRIES: I’m still going to continue to ask you questions about this amendment. (Laughter.)
Now, you know, I took a look – so these are the greatest hitters of all time – I took a look at what your batting average is as it relates to the FISA court. And I’m a little troubled at what we were able to determine. So am I correct that in terms of the total applications submitted since 1979, there were 33,949 applications submitted? Is that accurate?
REP. JEFFRIES: OK. And of that total number of applications, 490, it appears, were modified, is that correct? You have no reason to disagree with that number, is that right?
REP. JEFFRIES: OK, so –
REP. JEFFRIES: Well, let me – let me just – let me just make an observation –
REP. JEFFRIES: – and I’ve got limited time here – 1.4 percent of the total number of applications made were modified. But what’s even more troubling – since 1979, 11 applications were denied, is that correct? Eleven.
REP. JEFFRIES: OK. So your success rate, your batting average, was 99 percent of the time that you’ve applied to acquire information that could possibly include communications from one American to another American. Yet you’ve taking the position that the FISA court is an independent check to protect the civil liberties and constitutional rights of Americans, is that correct?
REP. JEFFRIES: Right. Those modifications – and I know my time has run out – only took place 1.4 percent of the time, and that’s why I think we’re all concerned – or many of us are concerned – that there’s not an appropriate check on behalf of the Americans whose records could be subjected to an invasive search.
I thank you all for your service, yield back the balance of my time.
GEN. COLE: May I – may I say one thing briefly, Mr. Chairman?
REP. GOWDY: Sure.
GEN. COLE: The number for modification there, I think, does not reflect the full number of times in which the court asks questions and comes back to us. My understanding is that that simply – that comes at the very end of the process, but there’s a substantial give-and- take before we get to that point. So that’s not a full reflection.
REP. GOWDY: The chair thanks the gentleman from New York and now recognizes the gentleman from Utah, Mr. Chaffetz.
REPRESENTATIVE JASON CHAFFETZ (R-UT): I thank the chairman, and I thank the four of you for your service. I know how much you care for your country. And we do as well and appreciate the dialogue. It’s what differentiates the United States of America from most others.
So Mr. Cole, is geolocation information metadata, or is it content?
GEN. COLE: That is an area of the law that’s, I think, evolving in light of the Jones case. And it’s one that I think the courts are now grappling with. It’s not clearly as –
REP. CHAFFETZ: The courts – the courts did rule in the Jones case 9 to nothing. They were pretty clear. Justice Alito was also fairly clear that Congress needed to grapple with this as well. Have you – has the Department of Justice issued any guidance on Jones?
GEN. COLE: We’re in the process of looking through that. Jones was based mostly on a trespassing (case ?) as opposed to a search-and- seizure –
REP. CHAFFETZ: I know what it was. Have you issued any guidance on Jones?
GEN. COLE: We’re in the process of looking through that to do it.
REP. CHAFFETZ: That is not an accurate answer. My understanding is there are at least two documents that the Department of Justice has issued to the Federal Bureau of Investigation, for instance. It was uncovered through a FOIA request. Almost every page of this was redacted. So you have indeed actually issued guidance on Jones, correct?
GEN. COLE: I’ll stand to be corrected. If you have those, yes.
REP. CHAFFETZ: Will the Department of Justice provide to this body, to this committee, the guidance on Jones?
GEN. COLE: That’s something we’ll have to look into. There’s lots of law enforcement –
REP. CHAFFETZ: It’s a – no, no, no – I know there are law enforcement issues. I know there are things – why would you not provide for the United States Congress, the Committee on the Judiciary – why would you not provide the – a copy of that guidance for this committee?
GEN. COLE: If it discloses law-enforcement-sensitive information and techniques of how we go about fighting crime and finding criminals, then we may not feel free to disclose it.
REP. CHAFFETZ: And to the chairman of this committee, I think this is one of the great concerns. So let me ask you again, is geolocation metadata, or is it content?
GEN. COLE: It’s not content, as that would be called. It doesn’t give you the content of anybody’s calls. All it gives you his information about where they are.
REP. CHAFFETZ: So you’re saying in other words that geolocation – you would classify as metadata?
GEN. COLE: I’m not sure that it’s one or the other. I think there are times where there’s things that are in between, and this may be one of those. It’s certainly not content. It probably tends more toward metadata, but again, this is a – this is an evolving area of the law.
REP. CHAFFETZ: How is it evolving? I mean, we haven’t – this is what scares me about what you’re doing and how you’re doing it. If you knew exactly where I was standing, you’re telling me that that’s not content.
GEN. COLE: That’s not the content of your conversation, no. And other people may see you –
REP. CHAFFETZ: So the –
GEN. COLE: If you’re standing out in public, any number of other people may see you there.
REP. CHAFFETZ: So – but if I was standing on private property –
GEN. COLE: This is part of what Jones talks about, is the trespass issue.
REP. CHAFFETZ: And they ruled nine to nothing that it was an overstep and an overreach. So are you collecting that data?
GEN. COLE: We are not collecting that data, not under 215.
REP. CHAFFETZ: Let me ask the NSA – is the NSA collecting this data?
REP. CHAFFETZ: How – going back to you, Mr. Cole, what other bits of information fall in this gap between metadata and content? What is this third category that you’re talking about? What’s the right word for it?
GEN. COLE: I’m not sure it’s just a third category, Mr. Chaffetz. I think there is metadata that was described by the court in Smith v. Maryland, which is telephone records that we’ve been talking about today that were recovered by the 215 program that we’ve been discussing today. There’s content, which is the actual – the conversations themselves that people have. And there are any number of things that may fall in between those. And it’s not just a third category; it’s probably a continuum.
REP. CHAFFETZ: What else would be in that continuum?
GEN. COLE: I’m sorry, sir?
REP. CHAFFETZ: What else would be in that continuum?
GEN. COLE: It’s hard for me to just hypothesize about all the many different things that could be out there and where they would fall in that continuum.
REP. CHAFFETZ: There’s a report out today about license plates and that information that’s being collected by thousands of camera readers and stored about specific location. Does that fall within this category?
GEN. COLE: In which category?
REP. CHAFFETZ: License plate readers.
GEN. COLE: The whole issue comes down to the reasonable expectation of privacy, and this is what the court bases its rulings on.
REP. CHAFFETZ: Do you believe that I have a reasonable expectation of privacy about my specific whereabouts?
GEN. COLE: It depends on where you are and how many other people see you as –
REP. CHAFFETZ: Do I have a reasonable expectation of privacy on private property?
GEN. COLE: In general, I think the courts are saying that there is a trespass theory that gives you a reasonable expectation of privacy depending on whose property it is, whether it’s your own or somebody else’s, how many other people are there. These are all the types of issues that would go into that.
REP. CHAFFETZ: My time is expired, but Mr. Chairman, this is something we have to much more thoroughly understand. There is guidance out there, and I think this committee should be able to see it.
I yield back.
REP. GOODLATTE: We are working our way in that direction and there will be another hearing and you’ll be able to ask even more questions in a classified manner about questions you couldn’t get answered here.
So we thank the gentleman, and the chair now recognizes the gentleman from South Carolina, Mr. Gowdy, and thanks him for presiding for a period of time as well.
REP. GOWDY: Thank you, Mr. Chairman.
I was listening to my colleagues and our witnesses discuss these issues and for whatever reason, Mr. Chairman, my mind went to a guy by the name of Joseph Hartzler. I don’t know whether he’s still with the department or the U.S. Attorney’s Office or not. He was the lead prosecutor in a case called United States vs. Timothy McVeigh. And I thought to a presentation that Mr. Hartzler gave me years ago in the role that business records played in his ability to successfully prosecute that horrific act of domestic terrorism.
And Mr. Chairman, I thought to myself, all right, we asked you, Mr. Hartzler, to prosecute the crime after it took place. What if we challenged you with the responsibility to prevent the next act of terrorism? What tools would you need to be able to prevent crime as opposed to prosecute it in its aftermath?
And while this is at some level a debate between privacy and public safety, to me it’s also a debate between the difference between prosecuting something after it happens and then preventing it from happening in the first place.
You know, Mr. Hartzler used hotel records. He used business records where McVeigh went and purchased certain materials. He used – that was a very tedious, difficult case to prosecute, and the role the business records played in it.
So this is what I would like to ask. I don’t want to ask specific questions about the sections. I want to go to where the people of my district are, who are not trained attorneys for the most part, trained law enforcement officials.
Mr. Litt, you would agree that the Constitution kind of sets the minimum standard by which government must conduct itself.
REP. GOWDY: It’s the minimum standard.
REP. GOWDY: Exactly. So in Roper v. Simmons, the Supreme Court says you cannot put someone to death who was under the age of 18 at the time they committed the offense. That does not keep Congress from saying we’re going to raise it to 21.
REP. GOWDY: Right. So who does get to decide whether or not our fellow citizens have a reasonable expectation of privacy?
REP. GOWDY: I want to stop you. You say the Supreme Court is the ultimate arbiter. Are they the exclusive arbiter? Can the people weigh in on what they think they have a reasonable expectation of privacy in?
REP. GOWDY: But the Supreme Court doesn’t have the benefit of public input.
REP. GOWDY: Well, I would hope they wouldn’t listen to it. I mean, their job is not to weigh and balance – you know, to Jason’s point, if you’re on private property but there’s a helicopter above versus if you’re on private property and there are four other people at the picnic with you. I mean, you have no expectation of privacy in your face. I don’t think anyone would argue you have an expectation of privacy in your face, but that does not mean that our fellow citizens want government to collect facial imagery data.
REP. GOWDY: And technology can impact that, agreed? Technology can impact that?
REP. GOWDY: Technology – technology can impact someone’s reasonable expectation of privacy?
REP. GOWDY: Culture?
REP. GOWDY: I mean, there are already currently business records that an AUSA cannot access with a subpoena. Unless the world has changed you can’t get medical records with a subpoena.
REP. GOWDY: You can’t get IRS tax returns with a subpoena.
REP. GOWDY: Both of those are business records, right?
REP. GOWDY: So the notion that Miller stands for the proposition that all business records you have no expectation of privacy because there was a third party involved – we just came up with two examples where that’s not the case.
REP. GOWDY: But there was also a statute in play at Miller. There was a banking statute in play in Miller. You’ve read it more recently than I have –
REP. GOWDY: But my point – my time is up. My point is this: All of us are asked back home by people who are not as well trained in the law as y'all are, and there is this growing skepticism about the conduct of government. And to the extent that the people can weigh in on what they have an expectation of privacy in, you can accept – you can expect to see that scale balance back towards privacy and away from public safety unless we do a better job of regaining their trust and explaining why these programs are necessary.
We think we’ve struck that balance in the right place, but if the people and the Congress determine that we’ve struck that balance in the wrong place, that’s a discussion that we need to have.
REP. GOWDY: Thank you, Mr. Chairman.
REP. GOODLATTE: The chair thanks the gentleman.
And on that note we thank this panel for giving a lot of answers. I think there are some that could not be answered here today and therefore you might anticipate that we will have a subsequent hearing in a classified setting and ask additional questions, whether it’s of you four or someone else I don’t know.
But I want to thank each one of you for helping us to engage in a very thorough examination of the issues related to these two sections of the law, and excuse you now. Thank you again.
GEN. COLE: Thank you.
REP. GOODLATTE: Folks, if we could ask everyone to clear the hearing room, we’re going to start with our second panel. No, just clear the area around the witness tables.
(Off mic conversations.)
REP. GOODLATTE: And we would now invite our second panel to take their seats. And once you’ve taken your seats we’ll invite you to stand back up again and be sworn.
So we’ll welcome our second panel and ask that each of you rise and be sworn in.
Do you and each of you solemnly swear that the testimony you are about to give shall be the truth, the whole truth, and nothing but the truth, so help you God?
WITNESSES: (Off mic.)
REP. GOODLATTE: Thank you very much.
Let the record reflect that all the witnesses responded in the affirmative. And we’ll now introduce our witnesses.
Our first witness is Mr. Stewart Baker, a partner at Steptoe & Johnson law firm here in Washington, D.C.
And we’d ask that the door in the back be closed so we can have a little more – Mr. Stewart Baker is a partner at Steptoe & Johnson here in Washington, D.C. Mr. Baker also serves as a distinguished visiting fellow at the Center for Strategic and International Studies.
Previously he served as the first assistant secretary for policy at the U.S. Department of Homeland Security. He also served as general counsel of the NSA, where he led NSA and interagency efforts to reform commercial encryption and computer security law and policy.
Mr. Baker has been a visiting fellow at the Hoover Institution and a fellow of the University Center for National Security Law. Mr. Baker received his bachelor’s degree from Brown University and his J.D. from the UCLA School of Law, where he was chief articles editor of the UCLA Law Review. And we are very fortunate to have him and his expertise with us today.
Our second witness is Mr. Jameel Jaffer, deputy legal director of the American Civil Liberties Union, and also serves as director of the group Center for Democracy. Mr. Jaffer previously directed the ACLU’s National Security Project.
Prior to joining the ACLU, Mr. Jaffer clerked for Amalya Kearse, the U.S. Circuit Court of Appeals for the 2nd Circuit, and the right honorable Beverley McLachlin, chief justice of Canada. Mr. Jaffer earned degrees from Williams College, Cambridge University and Harvard Law School. And we welcome his expertise and experience as well.
Our third witness today is Mr. Steven G. Bradbury, an attorney at Dechert LLP here in Washington, D.C. Formerly, Mr. Bradbury headed the Office of Legal Counsel in the U.S. Department of Justice during the administration of George W. Bush, handling legal issues relating to the FISA court and the authorities of the National Security Agency. He served as a law clerk for Justice Clarence Thomas on the Supreme Court of the United States and for Judge James L. Buckley of the United States Court of Appeals for the D.C. Circuit.
Mr. Bradbury is an alumnus of Stanford University and graduated magna cum laude from Michigan Law School. We thank him for serving as a witness today and look forward to his insight into this complex topic.
Our final witness on the first panel is Ms. Kate Martin, director of the Center for National Security Studies since 1992. She was formerly a lecturer at Georgetown University Law School and has also worked in the position of general counsel to the National Security Archives.
She is currently a member of the Constitution Project’s bipartisan Liberty and Security Committee. Previously Ms. Martin was a partner with the Washington, D.C. law firm of Nussbaum, Owen & Webster. She graduated from the University of Virginia Law School, where she was a member of the Law Review, and from Pomona College with a B.A. in philosophy. We welcome her dedication and expertise in this area.
Thank you all for joining us. And we’ll begin with Mr. Baker. Each witness should summarize his or her testimony in five minutes or less. Your entire statement will be made a part of the record. And to help you stay within that time, there is a timing light on your table. When the light switches from green to yellow, you will have one minute to conclude your testimony. When the light turns red, it signals that the witness’s five minutes have expired.
Mr. Baker, welcome.
STEWART BAKER: (Off mic.)
REP. GOODLATTE: You may want to pull the microphone close and turn it on.
It’s a pleasure to be here. And I will say that this is not as unprecedented climate as it may seem. I thought I’d take advantage of the fact that it’s my birthday to talk a little about the history of FISA.
Here’s a quote from the Cato Institute. “If congressional report cards were handed out to presidents, the president would receive an F, an appalling grade for any president, let alone a former professor of constitutional law.”
About the same time that they were saying that, the FISA court judge, chief judge, felt obliged to say we are not a rubber stamp; I carefully review every one of these applications.
This was the second term of Bill Clinton. And many of these criticisms were very prominent. And quite frankly, I think they contributed to the FISA court at the time adopting – it turns out, without legal justification – a set of restrictions on the conduct of intelligence that built a wall between law enforcement and intelligence that contributed directly to the FBI not being able to find the hijackers when they knew they were in the country but were not allowed to look for them because they were on the wrong side of the wall.
I say that because this climate and the search for ever greater protections for civil liberties does have a cost, and we don’t know where that cost will be paid. That’s why it seems to me that we need to be as careful as we can to ask the question, what sorts of protections are there, really? And I will confess, I was very surprised and a little troubled when I saw that initial metadata ordered.
Only when I came to realize that the order allowed the collection but not the actual searching of that data, and that the searches were so carefully circumscribed that only 300 were made in a particular year, that I realized that when you look at the two sets of orders together, that there is actually ordinary limitations on the ability of anyone at NSA to look at metadata of any individual.
I contrast that to the fact that there are hundreds of thousands of subpoenas issued every year from metadata by state and local law enforcement, with far fewer guarantees of protection for that data.
And then, finally – and I’ll close with this – the other cost that we are likely to pay here is that we are not the only audience for the debates that we are going through. It may feel like a family fight, but the neighbors are listening. And, indeed, Europe has already made it clear that they intend to punish everybody who participated in these programs if they possibly can. They intend to try to restrict our intelligence-gathering by going after the companies only did their duty in responding to orders that were lawful under U.S. law.
This is a fixed feature now of European public policy and diplomacy. It ignores the fact that, by and large, the U.S. record on protecting civil liberties and even this kind of data is much better.
According to the Max Planck Institute, you’re 100 times more likely to be surveilled by your own government if you live in the Netherlands or you live in Italy. You’re 30 to 50 times more likely to be surveilled if you’re a French or a German national than in the United States.
Only in the United States and Japan are there limitations on simply volunteering information to government if you happen to have this metadata. As long as you have a good reason, by and large, you can give it over. And certainly law enforcement would appear to be a good reason.
And on this question of assembling a database of metadata, the Europeans don’t do that because they passed a law telling every one of their carriers, you assemble the database; you maintain it. And if law enforcement comes calling or if you want to volunteer the information, you’ll have it.
We’ve never done that. We’ve never had a data retention law in the United States for civil liberties reasons. And that’s one of the reasons why we have ended up trying to collect this data and then imposing a set of limitations on when it is searched.
I will reserve and answer any questions you may have at the end of the discussion.
REP. GOODLATTE: Thank you, Mr. Baker.
Mr. Jaffer, welcome.
JAMEEL JAFFER: Thank you.
Mr. Chairman, Mr. Ranking Member, members of the committee, on behalf of the ACLU, thanks for the invitation to testify today.
Over the last six weeks, it’s become clear that the NSA is engaged in far-reaching, intrusive and unconstitutional surveillance of Americans’ communications. Under Section 215, the NSA’s tracking every single phone call made by residents of the United States – who they called, when they called them, for how long they spoke. Until recently, it was tracking ordinary Americans’ Internet activity as well.
Under Section 702, and on the pretext of monitoring people outside the United States, the NSA is using Section 702 of FISA to build massive databases of Americans’ domestic and international communications, not just so-called metadata but content as well.
Those programs have been made possible by huge advances in the technology of surveillance, but in many respects they resemble the generalized warrants, the generalized surveillance programs that led to the adoption of the Fourth Amendment more than 200 years ago. The FISA Court orders resemble general warrants, albeit general warrants for the digital age.
That the NSA is engaged in this kind of unconstitutional surveillance is the result of defects in the statute itself and in the current oversight system. FISA affords the government sweeping powers to monitor the communications of innocent people; excessive secrecy has made congressional oversight difficult and public oversight impossible. Intelligence officials have repeatedly misled the public, Congress and the courts about the nature and the scope of the government’s surveillance activities. And structural features of the foreign intelligence surveillance court have prevented that court from serving as an effective guardian of constitutional rights.
To say that the NSA’s activities present a grave danger to American democracy is not an overstatement. Thirty-six years ago, after conducting a comprehensive investigation into the intelligence abuses of the previous decade, the Church committee warned that inadequate regulations on government surveillance, quote, threatened to undermine our democratic society and fundamentally alter its nature. That warning should have even more resonance today than it did in 1976 because in recent decades, the NSA’s resources have grown, statutory and constitutional limitations have been steadily eroded, and the technology of surveillance has become exponentially more powerful and more intrusive.
Because the problem that Congress confronts today has many roots, there is no single solution to it. But there are a number of things that Congress should do right away. It should amend Section 215 and 702 to expressly prohibit suspicion-less or dragnet monitoring or tracking of Americans’ communications. It should require the executive to release basic information about the government’s use of foreign intelligence surveillance authorities, including those relating to pen registers and national security letters. The executive should be required to disclose for each year how many times each of those provisions was used, how many individuals’ privacy was implicated by the government’s use of each provision.
And with respect to any dragnet, generalized or bulk surveillance program, it should be required to disclose the types of information that were collected: are they collecting medical records, are they collecting educational records, are they collecting firearms records. That should be disclosed to the American public.
Congress should also require the publication of FISA Court opinions that evaluate the meaning, scope or constitutionality of the foreign intelligence law. The ACLU recently filed a motion before the FISA Court arguing that the publication of those opinions is required by the First Amendment, but Congress need not wait for the FISA Court to act. Congress has the authority and the obligation to ensure that Americans are not governed by a system of secret law.
Finally, Congress and this committee in particular should hold additional hearings to consider further amendments to FISA, including amendments to make FISA Court proceedings more transparent. Congress should not be indifferent to the government’s accumulation of vast quantities of sensitive information about Americans’ lives. This committee in particular has a crucial role to play in ensuring that the government’s efforts to protect the country don’t compromise the freedoms that make the country worth protecting. Thank you.
REP. GOODLATTE: Thank you, Mr. Jaffer. Mr. Bradbury, welcome.
STEVEN BRADBURY: Thank you Mr. Chairman, Ranking Member Conyers and distinguished members of the committee. I believe both of the recently disclosed NSA programs are critical to our national security, and I have every confidence that each is authorized by statute consistent with the Constitution and appropriately protective of privacy and civil liberties.
The first program involves the acquisition of telephone metadata under a Section 215 business records order. This metadata consists only of tables of numbers indicating which phone numbers called which numbers, and the time and duration of the calls. It doesn’t reveal any other subscriber information, and it doesn’t enable the government to listen to anyone’s phone calls. There’s no monitoring or tracking of phone calls.
The Constitution does not require a warrant supported by probable cause to acquire this metadata. Courts have held that there isn’t a reasonable expectation of privacy in the phone numbers that are dialed. And the production of business records like these doesn’t involve a Fourth Amendment search. This acquisition is authorized under the terms of Section 215 because the use of the metadata is relevant to counterterrorism investigations. Acquiring a comprehensive database enables better analysis of the telephone links and calling patterns of terrorist suspects, which is often the only way to discover new phone numbers being used by terrorists. To connect the dots effectively requires the broadest set of telephone metadata. The same relevant standard applies in other contexts such as administrative subpoenas and grand jury subpoenas which unlike Section 215 typically do not require court approval.
While the metadata order is extraordinary in the amount of data acquired, it’s also extraordinarily narrow and focused because of the strict limitations placed on accessing the data. There is no data mining or trolling through the database looking for suspicious patterns. By court order, the data can only be accessed when the government has a reasonable suspicion that a particular phone number is associated with a foreign terrorist organization. And then, that number is tested against the database to discover its connections. If it appears to be a U.S. number, the necessary suspicion can’t be based solely on First Amendment-protected activity.
Because of this limited focus, only a tiny fraction of the total data has ever been reviewed by analysts. The database is kept segregated and is not accessed for any other purpose, and FISA requires the government to follow procedures overseen by the court to minimize any unnecessary dissemination of U.S. numbers. Any data records older than five years are continually deleted from the system. The order must be reviewed and re-approved every 90 days. And my understanding is that since 2006, 14 different federal judges have approved this metadata.
Let me now turn to the surveillance program that targets foreign communications. This program is authorized under Section 702 of FISA. And if we just track through the provisions of Section 702, we can see the outline of this program. With court approval, Section 702 authorizes a program of foreign-focused surveillance for periods of one year at a time. This authority may only be used if the surveillance does not, one, intentionally target any person of any nationality known to be located in the United States; two, target a person outside the U.S. if the purpose is to reverse-target any particular person believed to be in the U.S.; three, intentionally target a U.S. person anywhere in the world; and four, intentionally acquire any communication as to which the sender and all recipients are known to be in the U.S.
Section 702 mandates court approval of the targeting protocols and of minimization procedures to ensure that any information about U.S. persons that may be captured in this surveillance will not be retained or disseminated except as necessary for foreign intelligence purposes. From everything that’s been disclosed about this program, including the so-called Prism Internet collection, I don’t think there’s any reason to doubt that this foreign-targeted surveillance is just what Section 702 was designed to authorize.
Thank you, Mr. Chairman.
REP. GOODLATTE: Thank you, Mr. Bradbury.
Ms. Martin, welcome.
KATE MARTIN: Thank you Mr. Chairman and Ranking Member Conyers and other distinguished members of this committee for inviting me to testify today. I want to first of all thank the committee for having asked some questions of the government witnesses that I hoped the committee would ask, and congratulate you upon obtaining answers, at least in part, to some of those questions.
I want to raise two overarching concerns today about these programs, and note first of all that I think it does not make sense for the committee to consider the 215 program and the 702 program separately, and instead that they need to be looked upon as part of an overall set of foreign surveillance authorities that work together to allow the government to collect and keep massive amounts of information about Americans, and to do so in secret – and that that’s the real nut of the problem. We have an incredibly complex set of laws governing those authorities and setting up safeguards, as this committee is well aware, and we need to understand how those work together, where the holes are and where the potential changes are.
So I would urge the committee in going forward to expand your oversight and your questions to look at not just 215 and 702, but the entire FISA program – FISA authorities and not just as exercised by the National Security Agency but equally significantly with regard to how the information is shared between the NSA, the FBI, the DHS and perhaps the White House or the NCTC as well, that those are equally critical questions for both civil liberties and for evaluating the effectiveness and the necessity of the program.
I think that I would agree with Mr. Jaffer and many of the members here today that there is a lot to be concerned about, that we are seeing the unprecedented massive collection of information on Americans, the creation of secret databanks which are available for government analysis, queries and data mining by ever increasingly sophisticated computerized tools and the dissemination of both raw information and the results of such analysis or data mining throughout the executive branch.
I think that the question is whether or not these new activities by the government have the potential to fundamentally change the relationship between citizens and the state. I think that was the concern that many members of this committee were raising today. And in connection with the question of what is the harm here, I very much appreciate that the administration and the NSA has been very detailed about the internal safeguards that they have created to ensure that no rogue employee or contractor can access the personal information of an individual American and misuse it.
I do not believe, however, that that is the primary worry of the American people about these programs. I think rather the primary worry and the primary concern when FISA was first drafted was that the government would succumb to the temptation to use information that it has about individual Americans to chill political dissent, to challenge its political opponents, et cetera. I think this is one of those instances where when you discuss it in advance you can never believe that this would actually happen but that when you look at history, it’s happened too many times already in my own lifetime.
Just a couple of specific comments about information which I believe would be crucial for this committee’s consideration, first on questions about what does the – kinds of authorities does the government have under Section 215. One of the members asked about the collection of Internet metadata.
I would urge you to find out specifically whether or not under the government’s current understanding of its legal authorities under 215 it could make an application for the collection of all Internet metadata on communications within the United States, whether or not it could make an application under 215 for bulk collection of geolocation data or bulk collection of financial records or credit card records.
I think it’s important to know when the government makes one of these 300 queries to the 215 database, is that require the database to do a chain linked – a chained analysis, not simply what numbers have been in contact with first number but then to do a chain linked analysis. I know my time is up and if I might just make one last comment, on the overall question of this is foreign intelligence and it traditionally is in secret. It’s always done by government and it has a high cost when it’s discussed in public.
It’s foreign intelligence when it’s directed against foreigners and other governments overseas. We’re talking about massive authorities for massive collections on Americans. And that may be foreign intelligence. It’s also at the core of the concerns of the constitutional framers. I think that what we’ve seen about the cost of secrecy here is –
REP. GOODLATTE: Sorry. We’ll have more opportunity to speak in just a moment.
REP. GOODLATTE: But we’ll begin with the questioning and I’ll start with Mr. Jaffer. If the acquisition of metadata is the type of mosaic of information that Sotomayor warned about in the Jones case, how would you limit the government from collecting it?
And I just don’t see how you can possibly justify the collection of everybody’s phone records on that standard. And I think many members rightly pointed out that no other court has ever granted a subpoena, has ever upheld a subpoena that sought records on that scale.
REP. GOODLATTE: That’s with regard to 215. One objection you have to 702 information collected is that information about Americans can be swept up in the search for foreign intelligence information. But isn’t that the case with any title III wiretap?
REP. GOODLATTE: If the FBI’s conducting a wiretap of a business that’s also part of a criminal conspiracy, innocent third parties sometimes are involved and they’re monitored. That information is minimized to protect the people’s privacy. How is this different from section 702 surveillance which must also be minimized?
And they allow us to evaluate the extent to which those procedures actually protect Americans’ privacy. And I think it’s quite clear from the procedures that they don’t protect Americans’ privacy.
They allow the government to sweep up Americans’ communications both domestic and international, to retain those communications forever to the extent that they include foreign intelligence information, a term that’s defined very broadly under the statute Even if the communications don’t contain foreign intelligence information, they can be retained for as long as five years. So these are procedures that don’t do very much to protect Americans’ privacy.
REP. GOODLATTE: Let me turn to Mr. Baker or Mr. Bradbury and ask them if they want to comment on Mr. Jaffer’s observation and tell us why it is necessary to collect a broad set of metadata under section 215. Does this help the government connect the dots?
And so, to ask the companies to keep it for the government’s convenience, to consolidate the database for the government’s convenience is something that is really asking quite a bit of a private citizen just to help the government do its job. So the government did this and then asked –
REP. GOODLATTE: But let me interject that depending upon the cost of the government taking it and gathering it and holding it, we’re asking all those phone companies’ customers who are also taxpayers of the United States to bear that burden. So I understand the problem with asking the phone companies to do it. But we also have to evaluate whether the benefits derived from this are justified by the costs of it.
In the end, though, the searches can’t be done without a reasonable and articulable suspicion, which in practice has turned out to be much tougher than the standard for serving a subpoena on an individual telephone company. As I said, there are hundreds of thousands – perhaps a million such subpoenas.
REP. GOODLATTE: I understand.
But that also leaves aside the question of whether the Congress intended to give the NSA the authority to gather the data in the fashion they did under the business record provision. But let me ask Mr. Bradbury another question – and he can comment on this as well if he’d like – Mr. Jaffer’s testimony claims the government is tracking all American phone calls under the 215 program. Is this what is happening?
It would be the same if we had a suspicion that a terrorist had come into the country but we didn’t know exactly on what flight or where, and you could use 215 to get the flight manifests of all flights in and out of the country during a period of time. And you could put it in a database, and you could query the person’s number – a name – to find out when he came in. It’s a relevant –
REP. GOODLATTE: You raise a good analogy, but my debate professor said analogy was the weakest form of argument. So are you suggesting that it would be appropriate – if the airlines did not keep that data for a sufficient period of time, that it would be appropriate for the government to tell all the airlines to provide them with all of the flight records of all American citizens so they could hold it in a database and check it when they needed to?
REP. GOODLATTE: Well, I wouldn’t argue that there might be occasions when that information would be useful, but it has to be weighed against both the cost of storing the data – and that’s just not, you know, computer capability but also people to manage that – and the risks that are entailed by those people abusing that system, if that indeed occurs.
Let me turn to Ms. Martin, however. And your testimony includes a number of suggestions for increasing the visibility into the – increasing visibility into the FISA programs. Which of these would you prioritize as a way to both preserve our national security efforts while also giving the public a better understanding of how the programs work?
So I’d basically prioritize knowing the law and understanding how that works and the government’s understanding of the legal authorities, and then after that, some idea – some idea, not the specifics – of the scope of the collection that’s being done on Americans.
REP. GOODLATTE: Thank you very much. My time is expired; the chair recognizes the gentleman from Michigan, the ranking member – (off mic) – Conyers for five minutes.
REPRESENTATIVE JOHN CONYERS (D-MI): Thank you, Chairman Goodlatte.
This has been a very important hearing. And I wanted to begin by asking Professor Martin about the decision by Justice Alito – a 5-4 decision, as usual – responding, who dismissed a number of groups for a lack of standing, reasoning that respondents can’t manufacture standing by choosing to make expenditures. Is the harm alleged by, among others, Amnesty International and ACLU hypothetical, which was the basis of this conservative decision?
I do think that it’s an appropriate question for the Congress to worry about as to if you designed a system that allows the government to collect massive amounts of information about Americans in secret, but somehow you haven’t set up any mechanism that the Supreme Court is going to recognize as granting standing to anybody to challenge the fact that information about them has been collected, that that’s a problem that Congress can solve and should solve. And that’s a fundamental difference, of course, between foreign intelligence collection authorities that we’re talking about today and the kind of criminal justice collection authorities that were discussed – which is that there is the possibility of an open, adversarial court challenge to criminal collection, which doesn’t exist in this context.
So my colleagues are –
REP. CONYERS: Can I ask, Mr. Jaffer, in addition to your four recommendations, is there a way that we can reconcile our concern against terrorism and at the same time permit the largest usefulness of privacy possible? You know, after all, if it hadn’t been for a couple people leaking, we wouldn’t have known about any of this, as far as I’m concerned. Some say that – somebody made a statement on the floor of the House – if you happened to have caught it, you could go back and track it – but I think I’m more concerned about the collection legality than I am about the uses to which it is put.
If you remember during the 1960s and ‘70s, some state governments used subpoenas served on the NAACP as an effort to chill association with the NAACP. And it was just the acquisition of that information that was chilling. And those governments knew it.
REP. CONYERS: And more chilling now than anything is the fact that they’ve got information through phone numbers, which can easily be attached to names, of everybody in the country for at least six years. And that is probably the most disturbing aspect of this matter to me that I’ve been hearing today.
But if you think about the 300 number in relation to what was said on the previous panel about three hops, you know, the first hops – the first hop takes you to, say, 100 people, whose communications are pulled up. The second one takes you to 10,000. And the third one takes you to a million. And you do that 300 times, I think it’s safe to say that every American’s communications have been pulled up at least once.
REP. CONYERS: Thank you very much.
REP. GOHMERT: I will recognize myself now. And I appreciate your being here.
It is intriguing, and – what we’re talking about. We’re talking about the privacy that – type of concerns that spawned a revolution back over 200 years ago. We hear all this information about the FISA Court, and that’s, you know, the bulk of what you are being – you’re talking about.
Anybody care to just briefly tell us what happened before there was a FISA Court? We know there have been national security secrets since the revolution itself. What happened before there was a FISA Court to protect us from ourselves?
REP. GOHMERT: But here we’re talking about surveillance of Americans, in-country American citizens. And that’s what I’m talking about. If someone wanted to gather intelligence information about American citizens on American soil, normally, having been a judge and chief justice, it’s my understanding you went to a court. You might be requesting in-camera review of documents. You might request that the court documents be sealed. But we were able to work pretty well getting court orders before there was ever a FISA Court, was my understanding.
And of course that did lead to the abuses because the executive was making determinations about what he thought was a foreign threat. And there – lines were crossed, and abuses occurred. That’s why Congress and the executive branch reached a compromise in 1978 and created the FISA process to involve Article III judges in the review and approval of those surveillance orders and also involved the Congress through the creation of the special intelligence committees for oversight, which hadn’t occurred before.
And so we have this compromise situation, where the branches have come together to involve all three branches. And of course limitations were discovered after 9/11. A lot of debate occurred, and ultimately Section 702 was passed in 2008 to enable a very broad, programmatic order for foreign collection directed at non-U.S. persons –
REP. GOHMERT: And that’s a great distinction, because I know in my freshman term, '05 and 0'6, what we were told is this is only for – you have to be a foreign agent, a foreign individual. And as long as it’s an American citizen, you’re on American soil, with distinction for American citizens, where intelligence gathering in another country didn’t violate local law. There were all those distinctions being discussed.
But even through all of that, my experience with conservative and liberal judges would have indicated that you wouldn’t have an order from a judge under our Constitution that requires specificity as to a place and information be gathered that would say something like this order from this court does: all call detail records between the United States and abroad or wholly within the United States, including local telephone calls. I think that pretty much covers everything. I see no specificity here – oh yeah, just get all the records – and you should be comforted by the fact that, you know, you can get this stuff. It’s OK.
So I’m just concerned – I’ve now seen the incredible abuse by the FISA Court, in my opinion. And I’m just wondering if we’re better off going back to – going to a system where we don’t require a FISA Court, there’s not this star chamber. What would be another alternative? And I’ll – that will be my last question.
But it was always recognized that what we’re talking about is searches and seizures of Americans. And now they’ve basically taken the concept of a FISA Court to kind of, in my view, put a fig leaf on a totally different kind of collection direction at Americans. It’s not particularized. It’s totally in secret. And that includes the 702 program, which –
REP. GOHMERT: Right. Well –
REP. GOHMERT: OK. Well, let me tell you, we’ve got votes coming up in just a few minutes, and so I want to get to people who want to ask questions. But I would ask the witnesses, if you have any proposals, if you could provide that in writing to us, any alternatives, any major changes, because I think this justifies major changes.
And with that – OK – I recognize the gentleman from New York, Mr. Nadler.
REP. NADLER: Thank you.
Mr. Jaffer, various administration officials have used comparison of Section 215 authority to what could be obtained through a grand jury subpoena, something we expressly include in the statute itself as a limiting principle. Are you aware of any examples where by virtue of a grand jury subpoena law enforcement has been able to engage in the type of ongoing bulk collection, what you described as dragnet collection of information done under Section 215?
REP. NADLER: Mr. Baker, are you aware of any such?
REP. NADLER: There are – there are subpoenas, the grand jury subpoenas for, in effect, everything in the world, without being specific, all metadata?
REP. NADLER: No – a single database, but has there ever been a grand jury subpoena that says, let’s see the outside of every postcard or letter sent in the United States; or, let’s see the phone numbers of everybody who called anybody in the United States?
REP. NADLER: Has there ever been a – has there ever been a subpoena for every flight record in the United States?
REP. NADLER: A subpoena for every flight –
REP. NADLER: You must provide the name of every individual on every flight?
REP. NADLER: And that’s a subpoena? Excuse me – that was a subpoena, or that’s a law?
REP. NADLER: A law. It’s a little different from a subpoena, OK.
Mr. Bradbury, you talk about how the metadata that is acquired and kept under this program can be – can be queried when there’s reasonable suspicion as if that meets the statute. The statute talks about collection. You seem to be talking about queries. There’s a difference between collection and query.
Mr. Jaffer, let me ask you this.
Does the Fourth Amendment talk to collection or to queries?
REP. NADLER: Collection. So a broad – OK. Let me go to the next question, because I have a bunch, quickly.
Mr. Jaffer, you talked – Mr. Baker, rather – you talked about Section 702 as the discussion of 702 has really hurt us because it’s told the Europeans and everybody else what we’re doing, and foreigners. But nothing – as I think you pointed out in your testimony too, nothing that we have learned about Section 702 – I can’t think of anything we’ve learned about Section 702 from Mr. Snowden, or however you pronounce his name, that wasn’t included in the debate in 2008 on Section 702 when we knew we were going to be collecting across the board on everybody.
And the question in that debate was – and I thought the resolution of that debate was inadequate, which is why I voted against it – how were we going to protect Americans against being caught up. And this is what we’ve been talking about. But the assumption there was that foreigners have no constitutional right. We can get – no privacy rights. We can get all the information on them anyway.
So how is this information now harmful in a way that the congressional debate wasn’t?
REP. NADLER: But they would have extracted that cost just because of the congressional debate if they were paying attention.
REP. NADLER: All right, that – that’s a separate discussion; that may be. But – OK.
Ms. Martin, how can we – how can Congress solve the problem? We have a basic problem here. Every challenge to abuse of constitutional rights by the Bush administration and the Obama administration has been met in the same way – either the use of the safe secrets doctrine to say you can’t go to court on that – the subject matter, the discussions are a state secret; therefore move to dismiss the case ab initio – or you have no standing because you cannot prove that you personally were harmed by this.
Now, Mr. Snowden may have done a public service in giving some people standing by proving that they were harmed by this, because anyone who’s a Verizon subscriber arguably can now go into court and say that.
How can we deal with these two problems that an administration, any administration, can violate constitutional rights from here to kingdom come, subject to no court review because of either the state secrets doctrine or standing problems, because they don’t admit what they’re doing in the first place? It’s secret. It’s secret what we’re doing to you. Therefore, you have no standing because you can’t prove what we’re doing to you.
REP. GOHMERT: The time has expired, but you may answer briefly.
REP. NADLER: Disclosed what information?
We have some kind of public debate about what the government shouldn’t do and whether or not we end up with an individual remedy in the court, I think, is a question that I would be glad to think about some more. I know there are now five lawsuits seeking individual remedies that have a better chance than they did before. They do – but they all depend upon public disclosure by the administration of information.
REP. NADLER: Or by Mr. Snowden or somebody else.
REP. GOHMERT: We’re going to have to – in order to get the other two Democrats and one Republican left, we’re going to need to move on. But I would ask, if you have additional information, if you’d provide that in writing in response to that question.
Now, at this time we yield five minutes to the gentleman from Idaho, Mr. Labrador.
REPRESENTATIVE RAUL LABRADOR (R-ID): Thank you, Mr. Chairman.
Mr. Jaffer, I’m trying to figure out how we got from Smith versus Maryland to the moment that we’re at today. And can you try to explain to me what exactly maybe the proponents of these laws and this interpretation of these laws are trying to say? Because I’m not following Smith versus Maryland very well. I’ve read it a couple of times and –
REP. LABRADOR: – but I’m not sure that you can get to the collection of metadata all over the United States.
We’re now talking about seven years of surveillance of every American’s phone calls. So I don’t think that it’s a serious argument to say that Smith justifies what the government is doing now. I think that the more relevant case is Jones, which was decided just last year. A 9-0 court found that the tracking of individuals’ location over the long term constituted a search under the Fourth Amendment. And, you know, even in Jones, the surveillance was narrower and shallower than the kind of surveillance we’re talking about today.
REP. LABRADOR: And they said that the tracking of individuals over a long period of time resulted in search and seizure. Can you explain why they said that? Because there’s now an argument that collecting all this data actually gives you very personal information about the individual.
Now, that’s not to say that the government should never have access to the phone records. There are circumstances in which the government has to have that access. But we just want to make sure that that is limited to cases, specific cases, in which the call records are, in fact, relevant to –
REP. LABRADOR: And in Smith versus Maryland, there was a specific reason why it was relevant, correct?
REP. LABRADOR: OK. So – because what concerns me is that, you know, I think, as a government official, as a legislator, I’d like to stop gang membership, for example, or I’d like to stop child pornography or I’d like to stop bank robberies. And I could, you know, maybe pass a law that would require the government to collect everybody’s data, right, everybody’s metadata, so we can stop those crimes. What do you think about that, Ms. Martin?
REP. LABRADOR: Mmm hmm. (Acknowledging.) Exactly.
REP. LABRADOR: So, Mr. Baker, what’s the difference? You know, I want to stop all these crimes. And I would think that everybody in this Congress would think that that would be inappropriate for me to pass a law that would allow me to collect all the metadata of every American so I could stop child pornography. What’s the difference between that and what’s happening here in this instance?
REP. LABRADOR: I understand that, but – and I agree with that. And that’s why maybe I don’t have as much problem with the 702 program. But you’re collecting the data or the government’s collecting the data of American citizens and saying that it may become relevant after we collect it. Why not just collect the data of every American so we – because they might become relevant in a child pornography case later?
REP. LABRADOR: Well, and I just find it fascinating that the author of the Patriot Act and most of the members of Congress who voted for the Patriot Act had no idea that the government would go to these lengths to collect data. And I hope that we can continue to have these hearings.
Thank you very much for being here.
REP. GOHMERT: The time is expired. Thank you very much.
REP. LABRADOR: I yield back my time.
REP. GOHMERT: I yield to the gentleman from Virginia, Mr. Scott, for five minutes.
REPRESENTATIVE BOBBY SCOTT (D-VA): Thank you, Mr. Chairman.
I know we’re trying to get three members in in a very short period of time. So let me just pose a question for Mr. Jaffer real quick. I’m interested in what you can do with the data after you’ve gotten it. There’s a real question as to whether you have the legal authority to get all the phone calls. But after you’ve got it, we found out in the DNA case that if you get someone’s DNA legally and you find out it’s not them, you can still run that DNA through the database without any probable cause, no articulable suspicion, anything.
You have the data and you can use it. What is the limitation on the data after you have acquired it?
Now, they say you have to have articulable suspicion to query the data that you have obtained. But the section 215 doesn’t require any such limitation. It just tells you describe what you’re getting. This seems to be a little gratuitous policy, not a limitation by statute. And so, can you say a word about where the limitation is after you’ve gotten the data, what you can do with it?
REP. SCOTT: Well, let me – in the minimization procedures specifically has – the witness before was a little murky on this – has – specifically has a criminal justice exception. So running a criminal justice investigation with data that you now have can be done without articulable suspicion or probable cause or anything. You just go look to see, as the gentleman was suggesting, who’s been committing gang crimes. If you’ve got a gang member, you can send his little thing around to find out who he’s talking to. Is there a limitation on what you can do after you’ve gotten it?
REP. SCOTT: Now, if you’re running a criminal investigation without probable cause by virtue of getting information in the hands of the FBI – and we’ve removed that firewall that used to be there – what would be the sanction against improperly using that information? Would the exclusionary rule kick in?
REP. SCOTT: Would fruit of a poison tree kick in?
REP. SCOTT: Thank you. Mr. Chairman, as a courtesy to my colleagues, I’ll yield back at this time.
REP. GOHMERT: I thank the gentleman from Virginia. At this time, we yield to Mr. Johnson for five minutes.
REPRESENTATIVE SHEILA JACKSON LEE (D-TX): Excuse me, Mr. Gohmert. This is regular order.
REP. GOHMERT: OK. Well, I was just going by the list that the clerk gave me.
REP. JACKSON LEE: No, the list goes from the beginning of the committee. I think Mr. Johnson knows. Thank you.
REP. GOHMERT: Right, exactly. All right, then we’ll yield five minutes to my friend from Texas, Ms. Jackson Lee.
REP. JACKSON LEE: I thank you very much. Let me just say that this has been not eye-opening but it raises more questions than it probably gives answers. And I think I want to start immediately with the question, Mr. Jaffer, on the 215 Patriot Act which grants the FBI broad authority, as we’ve seen in the previous hearing and what we’ve read, and could put and does put civil liberties at risk. From your perspective, what danger might occur or what would happen if we did not renew section 215?
But I would just say that while I think that your concern about 215 is totally justified, I think that the committee ought to be concerned about 702 as well. And the government keeps emphasizing that this is a program directed at people abroad. And that’s true. But in the course of surveillance of people abroad, the government is building huge databases of Americans’ phone calls, not just the metadata but the contents as well.
REP. JACKSON LEE: So you’re saying that reverse targeting is occurring, even though language put in the bill to not have that occur.
REP. JACKSON LEE: So to hold them until they believe something rises to the top.
REP. JACKSON LEE: So it’s sort of like storing in your Internet or storing pictures in your iPhone or something of the sort.
REP. JACKSON LEE: Let me go to Mr. Baker. You’ve sat before the homeland security a number of years. Thank you for your service. Thank all of you for your service. But you made the point that – on your blog that you thought that the FBI could have caught the people in 9/11 but there was too liberal – civil liberties were too much in the way.
What are you suggesting, when the idea of 9/11 was, one, these were foreign nationals. So the FBI had opportunity to deal with them in the construct of our civil liberties. And it was basically connecting the dots or not finding out that guys were learning to take off and not land in a plane training place down in Florida. What civil liberties need to be violated in order to have protected us from 9/11?
And out of fear that the FISA court would punish them for talking and for going to look for these, the Cole taskforce stood down. We lost our best chance to catch those guys at that time. And it was because the FISA court was so aggressively enforcing a doctrine that frankly it shouldn’t have adopted in the first place but which it adopted pretty clearly for civil liberties reasons.
REP. JACKSON LEE: Let me ask your comment on that.
They knew that they wanted to carry out an attack against the United States. They knew that they had gotten visas and they didn’t tell the FBI to go find those people inside the United States. And the wall had nothing to do with preventing the CIA from telling the FBI to go find known al-Qaida terrorists in the United States. The record is just much more complicated than Mr. Baker is making it out.
REP. JACKSON LEE: Well, let me just finish. So let me just make this comment. Maybe I’ll be short of the red light. One, I maintain that we have too many contractors unknown and unbeknownst in the intelligence community. I thank them for their service but they need to reign in this rampant proliferation of contracts even though the government tried to defend it – it’s satellites, it’s this – and really have a profound staff that is here in the United States government.
The last point is the FISA court can stand a lot of review. One, I think there should be something about the balance of Democratic- appointed judges and Republican. But I also think the release of opinions should be something that we should be able to allow to the public and therefore find a way to reign in all of this. I yield back.
REP. GOHMERT: Thank you. We have four-and-a-half minutes – four minutes, ten seconds left in the vote. So I yield to the gentleman for such time. Mr. Johnson?
REP. JOHNSON: Thank you, Mr. Chairman. Section 702 collecting foreign data, intelligence data, metadata, content of communications and so forth, is that correct?
REP. JOHNSON: Yes, and collection of – the scope you don’t disagree with. In other words, content, metadata –
REP. JOHNSON: – and minimalization procedures in place that perhaps may not be as stringent as they should perhaps. I’m not saying that that’s the case or not. But with respect to the data collected under 702 of Americans that are just incidentally caught up in foreign to foreign communications or a foreign target that is communicating with someone in the U.S., who owns that data? Is it the person who initiates the call? Is it the person who accepts the call? Or is it both –
REP. JOHNSON: – or is it the provider, the service provider who owns the data?
REP. JOHNSON: Have there been cases specifically on that point?
REP. JOHNSON: Yes, OK. So now, I would submit that when you’re talking about surveillance, when you look at the definition of the word “surveillance,” it includes keeping a close watch on people or things. And so you can surveil a thing, and that thing may not have a constitutional right, but a person certainly does. I think we should make – I think we should be prepared to distinguish between surveillance, what kind of surveillance we’re talking about. That’s a term that kind of gets everybody excited.
That’s about really all I have to say. Anybody got any comments about that? I’ll yield back, Mr. Chairman.
REP. GOHMERT: (Off mic) – has been yielded back. And at this time, this concludes today’s hearings. Thanks to all of our witnesses for attending. We know it’s been a long day for you, and we appreciate you bearing with it. It is an important subject. It’s only our future, our security and our privacy. So thank you. And we look forward to your comments that we anticipate receiving back in writing things that you wish you had said or wanted to say, and to direct us to that. So thank you very much.
Without objection, all members will have five legislative days to submit additional written questions for the witnesses or additional materials for the record. This hearing is now adjourned. (Sounds gavel.)
Joint Unclassified Statement of
Bradley Brooker
Acting General Counsel
Office of the Director of National Intelligence
Stuart J. Evans
Deputy Assistant Attorney General for Intelligence
National Security Division
Department of Justice
Grant Mendenhall
Acting Assistant Director for Counterterrorism
National Security Branch
Federal Bureau of Investigation
Paul Morris
Deputy General Counsel for Operations
National Security Agency
and
Stephen Vanech
Deputy Chief, Office of Counterterrorism
National Security Agency
Before the
Committee on the Judiciary
United States House of Representatives
At a Hearing Entitled
“Section 702 of the FISA Amendments Act”
March 1, 2017
Open Hearing: USA FREEDOM Act (H.R. 3361)
Senate Select Committee on Intelligence
Location: 216 Hart Senate Office Building, Washington, D.C.
Date: Thursday June 5, 2014 | Time: 2:30 p.m. EDT
Chairman Feinstein, Vice Chairman Chambliss, and distinguished members of the Committee we are very pleased to appear before you to express the Administration’s strong support for the USA Freedom Act, H.R. 3361, as recently passed by the House of Representatives. The Deputy Attorney General has provided an in-depth overview of the USA Freedom Act passed by the House last month, but I wanted to touch on a few key points in my remarks.
Over the past year, the nation has been engaged in a robust discussion about how the Intelligence Community uses its authorities to collect critical foreign intelligence in a manner that protects privacy and civil liberties. We take great care to ensure the protection of individual privacy and civil liberties in the conduct of intelligence activities. Nevertheless, we have continued to examine ways to increase the confidence of our fellow citizens that their privacy is being protected while at the same time providing the Intelligence Community with the authorities it needs to fulfil its mission and responsibilities.
To that end, we have increased our transparency efforts, and the Director of National Intelligence has declassified and released thousands of pages of documents about intelligence collection programs including court decisions, and a variety of other documents. We’re continuing to do so.
These documents demonstrate the commitment of all three branches of government to ensuring these programs operate within the law and apply vigorous protections for personal privacy. It is important to emphasize that although the information released by the Director of National Intelligence was properly classified originally.
The DNI declassified it because the public interest in declassification outweighed the national security concerns that originally prompted classification. In addition to declassifying documents, we’ve already taken significant steps to allow the public to understand how we use the authorities in FISA, now and going forward. For example, we are currently working to finalize a transparency report that will outline on an annual basis the total number of orders issued under various FISA authorities and an estimate of the total number of targets affected by those orders.
Moreover, we recognize that it’s important for companies to be able to reassure their customers about the limited number of people targeted by orders requiring the companies to provide information to the government. And so we support the provisions of the House bill that allow the companies to report information about the national security legal demands and law enforcement legal demands that they receive each year. We believe that this increased transparency provides the public with relevant information about the use of these legal authorities, while at the same time, protecting important collection capabilities.
Making adjustments to our intelligence activities – and, as appropriate, our authorities – is also part of this effort. For several years, the government has sought – and the FISA Court has issued – orders under Section 215 of the USA PATRIOT Act allowing the bulk collection of metadata about telephone calls. The President has ordered a transition that will end this bulk collection in a manner that maintains the tools intelligence agencies need for national security. We are committed to following this mandate.
The Intelligence Community believes that the new framework in the USA Freedom Act preserves the capabilities the Intelligence Community needs without the government holding this metadata in bulk. The USA Freedom Act would prohibit all bulk collection of records pursuant to Section 215, the Pen Register Trap and Trace provision of FISA, and National Security Letter statutes going forward. Let me repeat that: The Intelligence Community understands and will adhere to the Bill’s prohibitions on all bulk collection under these authorities.
Moreover, the USA Freedom Act makes other important changes by further ensuring that individuals’ privacy is appropriately protected without sacrificing operational effectiveness. To that end, we support the USA Freedom Act as an effective means of addressing the concerns that have been raised about the impact of our intelligence collection activities on privacy while preserving the authorities we need for national security.
We urge the Committee to give the House bill serious consideration, as expeditiously as possible, consistent with this Committee’s deliberations. And we are ready to work with the Senate to clarify any language in the bill as necessary. We appreciate this committee’s leadership and, particularly your support over the past year in considering issues related to our intelligence collection activities, and privacy and civil liberties.
We also appreciate your support for the men and women working throughout the Intelligence Community to include those at NSA who remain dedicated to keeping our nation safe and protecting our privacy, and who have upheld their oath by conducting themselves in accordance with our nation’s laws.
We look forward to answering your questions.
Via DNI.gov
Watch video of the full hearing via CSPAN
Continued Oversight of U.S. Government Surveillance Authorities
Senate Judiciary Committee
December 11, 2013
Dirksen Senate Office Building, Room 226, 2:00 p.m.
Thank you, Mr. Chairman, Ranking Member Grassley, members of the subcommittee.
We do appreciate the opportunity to appear today to continue our discussions about the intelligence activities that are conducted pursuant to the Foreign Intelligence Surveillance Act.
It’s critical to assume that the public dialogue on this topic in grounded in fact rather than in misconceptions. And we, therefore, understand the importance of helping the public understand how the intelligence community actually uses the legal authorities provided by Congress to gather foreign intelligence and the extent to which there is vigorous oversight of those activities to ensure that they comply with the law.
As you know, the president directed the intelligence community to make as much information as possible available about certain intelligence programs that were the subject of unauthorized disclosure consistent with protecting national security and sensitive sources and methods.
Since that time, the Director of National Intelligence has declassified and released thousands of pages of documents about these programs, including court orders, and a variety of other documents. We’re continuing to do so.
These documents demonstrate both that the programs were authorized by law, and that they were subject to vigorous oversight, as General Alexander said, by all three branches of government.
It’s important to emphasize that this information was properly classified. It’s been declassified only because in the present circumstances, the public interest in declassification outweighs the national security concerns that originally prompted classification.
In addition to declassifying documents, we’ve taken significant steps to allow the public to understand the extent to which we use the authorities in FISA going forward. Specifically, as we described in more detail in the written statement that we submitted for the record, the government will release on an annual basis the total number of orders issued under various FISA authorities, and the total number of targets affected by those orders.
Moreover, we recognize that it’s important for companies to be able to reassure their customers about how often, or more precisely, how rarely, the companies provide information to the government. And so we’ve agreed to allow the companies to report the total number of law enforcement and national security legal demands they receive each year, and the number of accounts affected by those orders.
We believe that these steps strike the proper balance between providing the public relevant information about the use of these legal authorities, while at the same time, protecting important collection capabilities.
A number of bills that have been introduced in Congress, including the USA Freedom Act, which you’ve sponsored, Mr. Chairman, contain provisions that would require or authorize additional disclosures. We share the goals that these laws and bills provide, providing the public with greater insight into the government’s use of FISA authorities.
However, we are concerned that some of the specific proposals raise significant practical or operational concerns. In particular, we need to make sure that any disclosures are operationally feasible with a reasonable degree of effort, and that they would provide meaningful information to the public.
We also need to make sure that the disclosures do not compromise significant intelligence collection capabilities by providing our adversaries information that they can use to avoid surveillance.
But, Mr. Chairman, I do want to emphasize our commitment to work with this committee and others to ensure the maximum possible transparency about our intelligence activities, consistent with national security. We’re open to considering any proposals, so long as they are feasible and do not compromise our ability to collect the information we need to protect our nation and its allies.
And we’ve been in discussion with the staff of this committee and the Intelligence Committee on some proposals and some alternate means of trying to provide greater transparency while protecting our critical sources and methods. We look forward to continuing to work with you in this regard.
Thank you.