b"<html>\n<title> - PRIVACY AND CIVIL LIBERTIES IN THE HANDS OF THE GOVERNMENT POST- SEPTEMBER 11, 2001: RECOMMENDATIONS OF THE 9/11 COMMISSION AND THE U.S. DEPARTMENT OF DEFENSE TECHNOLOGY AND PRIVACY ADVISORY COMMITTEE</title>\n<body><pre>[House Hearing, 108 Congress]\n[From the U.S. Government Printing Office]\n\n\n\n \n    PRIVACY AND CIVIL LIBERTIES IN THE HANDS OF THE GOVERNMENT POST-\nSEPTEMBER 11, 2001: RECOMMENDATIONS OF THE 9/11 COMMISSION AND THE U.S. \n    DEPARTMENT OF DEFENSE TECHNOLOGY AND PRIVACY ADVISORY COMMITTEE\n\n=======================================================================\n\n                             JOINT HEARING\n\n                               BEFORE THE\n\n                            SUBCOMMITTEE ON\n                   COMMERCIAL AND ADMINISTRATIVE LAW\n\n                                AND THE\n\n                    SUBCOMMITTEE ON THE CONSTITUTION\n\n                                 OF THE\n\n                       COMMITTEE ON THE JUDICIARY\n                        HOUSE OF REPRESENTATIVES\n\n                      ONE HUNDRED EIGHTH CONGRESS\n\n                             SECOND SESSION\n\n                               __________\n\n                            AUGUST 20, 2004\n\n                               __________\n\n                             Serial No. 113\n\n                               __________\n\n         Printed for the use of the Committee on the Judiciary\n\n\n\n\n    Available via the World Wide Web: http://www.house.gov/judiciary\n\n                                     ______\n\n\n                 U.S. GOVERNMENT PRINTING OFFICE\n\n95-498                 WASHINGTON : 2005\n_________________________________________________________________\nFor sale by the Superintendent of Documents, U.S. Government Printing \nOffice Internet: bookstore.gpo.gov Phone: toll free (866)512-1800; \nDC area (202) 512-1800 Fax: (202) 512-2250 Mail: Stop SSOP, \nWashington, DC 20402-0001\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n                       COMMITTEE ON THE JUDICIARY\n\n            F. JAMES SENSENBRENNER, Jr., Wisconsin, Chairman\nHENRY J. HYDE, Illinois              JOHN CONYERS, Jr., Michigan\nHOWARD COBLE, North Carolina         HOWARD L. BERMAN, California\nLAMAR SMITH, Texas                   RICK BOUCHER, Virginia\nELTON GALLEGLY, California           JERROLD NADLER, New York\nBOB GOODLATTE, Virginia              ROBERT C. SCOTT, Virginia\nSTEVE CHABOT, Ohio                   MELVIN L. WATT, North Carolina\nWILLIAM L. JENKINS, Tennessee        ZOE LOFGREN, California\nCHRIS CANNON, Utah                   SHEILA JACKSON LEE, Texas\nSPENCER BACHUS, Alabama              MAXINE WATERS, California\nJOHN N. HOSTETTLER, Indiana          MARTIN T. MEEHAN, Massachusetts\nMARK GREEN, Wisconsin                WILLIAM D. DELAHUNT, Massachusetts\nRIC KELLER, Florida                  ROBERT WEXLER, Florida\nMELISSA A. HART, Pennsylvania        TAMMY BALDWIN, Wisconsin\nJEFF FLAKE, Arizona                  ANTHONY D. WEINER, New York\nMIKE PENCE, Indiana                  ADAM B. SCHIFF, California\nJ. RANDY FORBES, Virginia            LINDA T. SANCHEZ, California\nSTEVE KING, Iowa\nJOHN R. CARTER, Texas\nTOM FEENEY, Florida\nMARSHA BLACKBURN, Tennessee\n\n             Philip G. Kiko, Chief of Staff-General Counsel\n               Perry H. Apelbaum, Minority Chief Counsel\n                                 ------                                \n\n           Subcommittee on Commercial and Administrative Law\n\n                      CHRIS CANNON, Utah Chairman\n\nHOWARD COBLE, North Carolina         MELVIN L. WATT, North Carolina\nJEFF FLAKE, Arizona                  JERROLD NADLER, New York\nJOHN R. CARTER, Texas                TAMMY BALDWIN, Wisconsin\nMARSHA BLACKBURN, Tennessee          WILLIAM D. DELAHUNT, Massachusetts\nSTEVE CHABOT, Ohio                   ANTHONY D. WEINER, New York\nTOM FEENEY, Florida\n\n                  Raymond V. Smietanka, Chief Counsel\n                        Susan A. Jensen, Counsel\n                        Diane K. Taylor, Counsel\n                  James Daley, Full Committee Counsel\n          Stephanie Moore, Minority Counsel\n\n\n                    Subcommittee on the Constitution\n\n                      STEVE CHABOT, Ohio, Chairman\nSTEVE KING, Iowa                     JERROLD NADLER, New York\nWILLIAM L. JENKINS, Tennessee        JOHN CONYERS, Jr., Michigan\nSPENCER BACHUS, Alabama              ROBERT C. SCOTT, Virginia\nJOHN N. HOSTETTLER, Indiana          MELVIN L. WATT, North Carolina\nMELISSA A. HART, Pennsylvania        ADAM B. SCHIFF, California\nTOM FEENEY, Florida\nJ. RANDY FORBES, Virginia\n\n                     Paul B. Taylor, Chief Counsel\n                      E. Stewart Jeffries, Counsel\n                          Hilary Funk, Counsel\n                  Mindy Barry, Full Committee Counsel\n           David Lachmann, Minority Professional Staff Member\n\n\n\n\n\n\n\n\n\n\n\n\n\n                            C O N T E N T S\n\n                              ----------                              \n\n                            AUGUST 20, 2004\n\n                           OPENING STATEMENT\n\n                                                                   Page\nThe Honorable Chris Cannon, a Representative in Congress From the \n  State of Utah, and Chairman, Subcommittee on Commercial and \n  Administrative Law.............................................     1\nThe Honorable Melvin L. Watt, a Representative in Congress From \n  the State of North Carolina, and Ranking Member, Subcommittee \n  on Commercial and Administrative Law...........................     3\nThe Honorable Steve Chabot, a Representative in Congress From the \n  State of Ohio, and Chairman, Subcommittee on the Constitution..     5\nThe Honorable Jerrold Nadler, a Representative in Congress From \n  the State of New York, and Ranking Member, Subcommittee on the \n  Constitution...................................................     6\n\n                               WITNESSES\n\nThe Honorable Lee H. Hamilton, Vice Chair, National Commission on \n  Terrorist Attacks Upon the United States\n  Oral Testimony.................................................    11\n  Prepared Statement.............................................    14\nThe Honorable Slade Gorton, Commission Member, National \n  Commission on Terrorist Attacks Upon the United States\n  Oral Testimony.................................................    12\n  Prepared Statement.............................................    14\nThe Honorable John O. Marsh, Jr., on behalf of the U.S. \n  Department of Defense Technology and Privacy Advisory Committee\n  Oral Testimony.................................................    15\n  Prepared Statement.............................................    18\nMs. Nuala O'Connor Kelly, Chief Privacy Officer, U.S. Department \n  of Homeland Security\n  Oral Testimony.................................................    49\n  Prepared Statement.............................................    51\n\n                                APPENDIX\n\nPrepared Statement by the Honorable Chris Cannon, a \n  Representative in Congress From the State of Utah and Chairman, \n  Subcommittee on Commercial and Administrative Law, Commmittee \n  on the Judiciary...............................................    79\nPrepared Statement by the Honorable Steve Chabot, a \n  Representative in Congress From the State of Ohio, and \n  Chairman, Subcommittee on the Constitution.....................    80\nPrepared Statement by the Honorable Jerrold Nadler, a \n  Representative in Congress From the State of New York, and \n  Ranking Member, Subcommittee on the Constitution...............    81\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n    PRIVACY AND CIVIL LIBERTIES IN THE HANDS OF THE GOVERNMENT POST-\nSEPTEMBER 11, 2001: RECOMMENDATIONS OF THE 9/11 COMMISSION AND THE U.S. \n    DEPARTMENT OF DEFENSE TECHNOLOGY AND PRIVACY ADVISORY COMMITTEE\n\n                              ----------                              \n\n\n                        FRIDAY, AUGUST 20, 2004\n\n                  House of Representatives,\n                         Subcommittee on Commercial\n                            and Administrative Law,\n                                Committee on the Judiciary,\n                                                    Washington, DC.\n    The Subcommittee met, pursuant to call, at 10:06 a.m., in \nRoom 2141, Rayburn House Office Building, Hon. Chris Cannon \n[Chairman of the Subcommittee on Commercial and Administrative \nLaw] presiding.\n    Mr. Cannon. The Subcommittee will come to order. I want to \nthank you all for joining us, especially our panel.\n    Today, before we formally start our proceedings, Chairman \nChabot and I wanted to sincerely thank and recognize our \ncolleagues on both Subcommittees and on both sides of the aisle \nfor taking time out of their really busy schedules--for me, it \nwas difficult, but I know that it was for everyone else--so as \nto attend the hearing this morning.\n    As many of you know, August is typically when Members of \nCongress return to their districts to catch up on constituent \nmatters and spend time with their families. Wait a minute, do \nyou guys have families? It is a time when we call it our home \ndistrict work period. We want to thank everyone for coming out.\n    In these extraordinary times, we have to undertake \nextraordinary measures to deal with certain pressing issues. It \nalso goes without saying that we express our sincere gratitude \nto our esteemed witnesses, each of whom reflects the greatest \nhallmarks of public service. We appreciate your contributions \nto our deliberations today.\n    The title of today's hearing, ``Oversight Hearing on \nPrivacy and Civil Liberties in the Hands of the Government \nPost-September 11, 2001: Recommendations of the 9/11 Commission \nand the U.S. Department of Defense Technology and Privacy \nAdvisory Committee'', which we will refer to as ``TAPAC'', \nclearly explains why we are here.\n    As many of you know, the 9/11 Commission filed its final \nreport last month. What some of you may not know, however, is \nthat the report includes several recommendations intended to \nprotect our citizens' privacy and civil liberties. In addition, \nit recommends that the Federal Government set standards for the \nissuance of birth certificates and sources of identification \nsuch as driver's licenses to promote secure identification \ninformation.\n    While most media headlines have emphasized the Commission's \nantiterrorism proposals, I believe the privacy and civil \nliberties recommendations are among those most critical to our \nNation's future and which will form part of the focus of our \nhearing.\n    Today's proceedings will also focus on certain \nrecommendations the TAPAC Committee made regarding safeguarding \ninformational privacy. By way of background, TAPAC was \nestablished by Secretary Rumsfeld as an independent, bipartisan \ncommittee to examine the privacy ramifications presented by \ndata mining activities by the Defense Department. I think we \nall agree that Secretary Rumsfeld is to be commended for taking \nthis initiative and for ensuring that TAPAC's membership \nincluded some of our Nation's most respected experts in the \nfields of constitutional and privacy law. I am informed that \namong the many luminaries who testified before TAPAC was our \ncolleague from New York, Mr. Nadler. Thank you.\n    Advances in technology have increasingly facilitated the \ncollection and dissemination of personally identifiable \ninformation, but have also correspondingly increased the \npotential for misuse of such information. As the recently \nrenamed Government Accountability Office observed, these \nadvances bring substantial Federal information benefits, as \nwell as increasing responsibilities and concerns.\n    Interestingly, TAPAC over the course of its deliberations \ndetermined that as the Defense Department was not alone in its \nconduct of data mining activities, it was necessary for it to \naddress this issue through a series of Government-wide \nrecommendations. The purpose of today's hearing is to examine \nthe validity of these recommendations and those of the 9/11 \nCommission that relate to privacy and civil liberties and to \ndetermine whether they warrant a legislative response.\n    We would especially appreciate any guidance from our \nwitnesses about how the Congress, in crafting such legislation, \ncan best protect our citizens' privacy without compromising \nlegitimate law enforcement and terrorism detection efforts.\n    As our witnesses know, it has been 30 years since the \nPrivacy Commission was established as part of the Privacy Act \nof 1974. I would be interested in having our witnesses comment \non whether now is the time to reestablish a privacy commission \nthat would specifically focus on Government privacy issues, \nespecially given all the technological developments that have \noccurred since the Commission filed its final report in 1977 \nand the current state of our Nation's security concerns.\n    I should also note that both my Subcommittee, the \nSubcommittee on Commercial and Administrative Law, and Chairman \nChabot's Subcommittee, the Constitution Subcommittee, have \nplayed a major role with respect to protecting personal privacy \nand civil liberties in this era of heightened security under \nthe leadership and guidance of Mr. Sensenbrenner, the Chairman \nof the full Judiciary Committee.\n    As both the 9/11 Commission Report and the TAPAC concluded, \nit is no easy task to balance the competing goals of keeping \nour Nation secure and protecting the privacy rights of our \nNation's citizens. I believe that our respective Subcommittees \nof the Judiciary Committee are uniquely and best suited to \nstudy and resolve these issues.\n    Our accomplishments, to date, include the establishment of \nthe first statutorily-created privacy office in a Federal \nagency, namely the Department of Homeland Security. We have \nalso spearheaded the creation of a similar office in the \nJustice Department, which is contained in the legislation now \npending in the Senate. In addition, both my Subcommittee and \nthe Constitution Subcommittee have considered and supported \nlegislation requiring a Federal agency to prepare a privacy \nimpact analysis for proposed and final rules, and to include \nthis analysis in the notice of public comment issued in \nconjunction with the publication of such rules.\n    I will conclude my opening remarks with a quote from one of \nour Founding Fathers. As I think you will agree, Mr. Hamilton's \nobservations and warnings--and here we are dealing with the \nearlier Mr. Hamilton--are as meaningful today as they were when \nhe wrote them more than 200 years ago. ``Safety from external \ndanger is the most powerful director of national conduct. Even \nthe ardent love of liberty will, after a time, give way to its \ndictates. The violent destruction of life and property incident \nto war, the continual effort and alarm attendant on a state of \ncontinual danger, will compel nations the most attached to \nliberty to resort for repose and security to institutions which \nhave a tendency to destroy their civil and political rights. To \nbe more safe, they at length become willing to run the risk of \nbeing less free.''\n    I will now turn to my colleague, Mr. Watt, the \ndistinguished Ranking Member of my Subcommittee and ask him if \nhe has any opening remarks.\n    [The prepared statement of Mr. Cannon follows in the \nAppendix]\n    Mr. Watt. Thank you, Mr. Chairman. I thank the Chairman of \nthis Committee and the Chairman of the Constitution \nSubcommittee for deciding to have a hearing on the issues \ninvolved today and to do it jointly so that we do not end up \nduplicating efforts and pulling in different directions \npossibly.\n    I would like to start really by expressing thanks to the \nwitnesses for being here today. And by expressing a special \nthanks to Lee Hamilton and Slade Gordon, the members of the \nCommission, for the outstanding job that they did under some \nvery, very, very difficult circumstances; and getting through \nthe process without any appearance of partisanship, and being \nsingle-focused on the issue at hand, which was protecting \nAmerican citizens and others from terrorism.\n    Who knows where the recommendations of the Commission will \ngo? And it is hard to even contemplate where they may go \nlegislatively or administratively. But the thing that I think \nis most important is that before they go anywhere, we \nunderstand exactly what the recommendations are and have a \nbetter understanding of all of the implications of the \nrecommendations.\n    I sense that several Committees have headed off in the \ndirection of dealing only with the security side of the balance \nthat must be struck. And I think it is our obligation in this \nCommittee not only to look at the security side, but to be ever \ncognizant of the privacy implications and the personal liberty \nimplications of what is being done. And the only way we can do \nthat is to really have hearings about what is being proposed \nand what we should be implementing.\n    I am extremely encouraged that the Commission recognize \nthis delicate balance itself in its recommendations, making \nthree specific recommendations pertaining to the protection of \ncivil liberties. First, the report calls for the President to \n``safeguard the privacy of individuals about whom information \nis shared among intelligence and investigation agencies.''\n    Second, the report requires that in order to retain a \nparticular governmental power, the executive first demonstrate \nthat the ``power actually materially enhances security,'' and \nthat adequate oversight exist ``to ensure protection of civil \nliberties.'' so it is very apparent that the Commission is \nalready wrestling with what the appropriate balance should be \nbetween safeguarding our citizens by protecting them from \nterrorism and, on the other hand, safeguarding our citizens by \nprotecting them against overstepping by governmental agencies \nwho say that they have our interests at heart.\n    So that is a very delicate balance which I think this \nhearing can only enlighten the American public on and enlighten \nthe Members of this Committee on as we move forward, and \nenlighten our colleagues in the broader House and Senate as we \nmove forward.\n    Finally, the report recommends the creation of a board \nwithin the executive branch to oversee adherence to the \nguidelines, and it recommends the commitment the Government \nmakes to defend civil liberties. So that board is again \nsupposed to walk that delicate balance between adhering to the \nguidelines and recommending a commitment to defend civil \nliberties. And I think that is absolutely critical as we move \nforward.\n    So I am delighted that the Chairman has convened this \nhearing for the purpose of discussing, and I hope nobody takes \nthis as any indication that we in this Committee are not as \ncommitted to the defense of our citizens from terrorism, rather \nthat they take it as an equal commitment that we understand the \nhistorical imperative, the constitutional imperative of also \nsafeguarding the security and individual rights and privacy of \ncitizens as we authorize the Government to take the actions \nthat are necessary to safeguard us against terrorism.\n    That is going to be a very, very delicate balance to walk. \nAnd if we are going to do it, this is the place to start, right \nhere in the Committee on the Judiciary, in the Constitution \nSubcommittee, in the Commerce and Administrative Law \nSubcommittee where it is our responsibility to look at these \nissues and make some very difficult choices.\n    I thank the Chairman and the members of the Commission and \nour other witnesses for being here to enlighten us on where \nthat delicate balance should be.\n    Thank you, Mr. Chairman.\n    Mr. Cannon. Thank you, Mr. Watt.\n    Mr. Cannon. Mr. Watt and I have, on occasion, disagreed \nvery sharply, and by ``sharply,'' meaning he has a very sharp \nmind and it is hard to disagree with him.\n    On the other hand, there are many issues where we do not \ndisagree at all and this is one of those areas where we have \ndifficult issues and we may differ on some points, but we will \ncome up with, I hope, some thoughtful resolutions. So I want to \nthank the minority Ranking Member.\n    I would also like to thank Mr. Chabot for being here today \nand his Ranking Member, Mr. Nadler.\n    Mr. Chabot, would you like to make a statement?\n    Mr. Chabot. Thank you, Mr. Chairman. I first of all want to \nthank you for holding this hearing, as well as Mr. Watt, Mr. \nNadler, the Ranking Member on the Subcommittee that I have the \ngood fortune to chair; and I want to thank all of my Committee \nMembers who are in attendance today. And I want to offer a \nspecial welcome to all of the witnesses, but especially the \nHonorable Congressman Hamilton whose district in Indiana \nabutted mine in the southwest corner of Ohio, in the time that \nI have been in Congress, for a number of years.\n    Lee was also the Chairman of the Committee on International \nRelations and served for many years with distinction. When my \nparty took over in 1994, he was the Ranking Member for the time \nthat I served here, but nonetheless he served with great \ndistinction. He was really a role model for many of us, \nespecially in the area of international affairs. So I want to \nthank him for his leadership in that respect.\n    Also, Senator Gorton, who served the people of Washington \nfor so many years so well. I want to thank all of the witnesses \nfor being here today.\n    I want to thank especially Senator Gorton and Senator \nHamilton for the last 20 months that they have served on the 9/\n11 Commission. Our Nation owes you a great debt of gratitude \nfor your work, and I am confident that we will all benefit from \nyour expertise here this morning and in the future as we \nimplement all or most of the recommendations that you have \nmade.\n    As we know far too well, September 11 changed our world. It \nchanged the way in which we must deal with terrorism and the \nway in which we as a country must protect ourselves. Since that \ntragic day, Congress and the Administration have taken steps to \nhelp better protect our Nation at home and abroad. Through \npassage of the PATRIOT Act and the creation of the Department \nof Homeland Security, we have provided law enforcement with \nenhanced investigative tools and improved our ability to \ncoordinate abilities designed to protect against the future \nthreat of terrorism. And make no mistake, that threat continues \nto face our Nation.\n    Through the heroic actions of the brave men and women \nserving in our Armed Forces, we have also pursued the \nterrorists and those who assist them in places like Afghanistan \nand Iraq. Yet these actions are not enough to guarantee our \nNation's security or freedom. This can only be accomplished \nthrough continued vigilance and willingness to challenge \nconventional wisdom. We must continue to improve our \nintelligence capability, strengthen our defenses and always be \na step ahead of our enemies.\n    To help accomplish these critical goals, it is imperative \nthat Congress provide a comprehensive and expeditious review of \nthe 9/11 Commission recommendations and then move forward with \ninitiatives that will further improve our ability to combat \nterrorism and defend our citizens.\n    As the Commission notes, we must also be mindful of the \nprotections afforded by our Constitution and our need to guard \nthose protections as we work to better protect our country. \nIgnoring important civil liberties will not only erode our \nfreedoms, but will undermine efforts to increase our security. \nThese challenges are not new, and our two Subcommittees have \nbeen extensively involved in these issues over the last couple \nof years.\n    In the PATRIOT Act, for example, we worked to include \nprotective measures such as a sunset provision to strengthen \ncongressional oversight. When authorizing the Department of \nHomeland Security, a privacy officer position was established \nto examine the implications of the agency's rules and \nregulations on privacy and to address any issues that may \nresult.\n    I look forward, as I know the other Members do, to \ndiscussing the Commission's recommendations with our witnesses \ntoday in determining what Congress can do to better protect the \nprivacy of our citizens. I particularly look forward to hearing \nfrom our panel their views on the Federal Agency Privacy \nProtection Act of 2004, which passed the House during the 107th \nCongress and was recently voted out of the full Judiciary \nCommittee. It was back on, I believe, July 7.\n    I believe that this, which was formerly known as the \nDefense of Privacy Act, would require Federal agencies to \npublish privacy impact analyses when promulgating rules and \nregulations. I believe it would be an effective step forward in \nour efforts to protect our country and our privacy rights.\n    As we move forward, it is important to remember that having \neffective antiterrorism measures does not necessarily \ncompromise the protections afforded by our Constitution, as one \nis not the enemy of the other. The enemy is terrorism.\n    I yield back my time and thank the Chairman once again for \nholding this hearing.\n    Mr. Cannon. Thank you, Mr. Chairman. I thank you for that \nopening statement.\n    [The prepared statement of Mr. Chabot follows in the \nAppendix]\n    Mr. Cannon. Mr. Nadler, would you like to make an opening \nstatement?\n    Mr. Nadler. Thank you, Mr. Chairman. Mr. Chairman, given \nthe importance of this matter and the fact that nearly 3 years \nhave elapsed since the attacks of September 11, I am pleased \nthat we have returned to consider the recommendations of the 9/\n11 Commission now without waiting, as some have suggested, \nuntil next year.\n    I want to welcome our former colleagues Representative \nHamilton and Senator Gorton and to thank them for the important \nwork they and their colleagues have done.\n    I am also pleased that we have Secretary Marsh here today. \nThe issues that gave rise to the Secretary's Technology and \nPrivacy Advisory Committee are also implicated in the \nCommittee's recommendation, so it is important that we have the \nbenefit of our work.\n    Finally, I want to welcome back Ms. O'Connor Kelly. The 9/\n11 Commission has recommended in somewhat general terms that we \nset up a civil liberties oversight board. The TAPAC commission \nhas similarly recommended that the Secretary of Defense create \na policy level privacy officer. Congress will have to work out \nthe details.\n    I hope that your experience as the privacy officer of the \nDepartment of Homeland Security can shed some light on how we \nmight ensure the independence and effectiveness of the offices \ncreated pursuant to these recommendations.\n    The need to improve capabilities and coordination within \nthe intelligence and law enforcement communities was all too \nwell demonstrated on September 11. Thousands of innocent \ncitizens who did nothing more than board an aircraft or go to \nwork were barbarically slaughtered. We ignored our Nation's \nperil, the lesson we can draw from the intelligence failures \nleading up to those crimes and from other recent intelligence \nfiascoes.\n    At the same time, increased Government powers carry with \nthem increased threats to the rights of all citizens. We expect \nour Government to keep it safe, but we are also a nation with a \nhealthy mistrust of unfettered governmental power.\n    Our whole system of Government combines limited powers with \nchecks and balances that must maintained. Rights sacrificed at \na time of emergency are often lost forever. Actions taken in \nthe heat of the moment are often a source of shame and regret \nto later generations. So our job is to strike an appropriate \nand workable balance.\n    That is not easy. As the members of the Commission have \nnoted in their report, ``While protecting our homeland, \nAmericans should be mindful of threats to vital personal and \ncivil liberties. This balancing is no easy task, but we must \nconstantly strive to keep it right. This shift of power and \nauthority to the Government calls for an enhanced systems of \nchecks and balances to protect the precious liberties that are \nvital to our way of life.''\n    A little further on the Commission notes, it talks in \ngeneral terms about the provision of the PATRIOT Act and some \nof the beneficial provisions of the PATRIOT Act, and then it \nsays, ``Because of concerns regarding the shifting balance of \npower to the Government, we think that a full and informed \ndebate on the PATRIOT Act would be healthy.'' The Commission \nthen makes three general recommendations for specific measures \nto balance civil liberties and national security.\n    Mr. Justice Marshall in a noted decision of the Supreme \nCourt 200 years ago in Marbury v. Madison, a decision that has \nbeen somewhat criticized by one Member of this Committee, \nnoted, and I am paraphrasing here because I do not have the \nexact quote before me, ``It is emphatically the province of the \njudiciary to say what the law is.''\n    And that is true. It is emphatically the province of the \nJudiciary Committee to begin the process of having Congress \nstrike the proper balance between national security, homeland \nsecurity, and protection of our civil liberties. That is our \njob.\n    I appreciate the beginning guidance that the Commission has \ngiven us and recommended that we strike that balance, but we \nhave to determine how to strike that balance. And I am glad and \nI appreciate the Chairman calling this hearing as a beginning \nof that process so we can carefully consider all of the things \nwe have to consider to strike that balance, and with all \ndeliberate speed, enact legislation to do that.\n    So I am glad we are having this hearing and I thank you.\n    Thank you, Mr. Chairman.\n    Mr. Cannon. I thank the gentleman.\n    [The prepared statement of Mr. Nadler follows in the \nAppendix]\n    Mr. Cannon. I would like to just point out to my co-Chair \nof this hearing, Mr. Chabot, Ranking Member Watt, and Ranking \nMember Nadler, we have worked together on issues not unlike \nthis for some period of time, including the PATRIOT Act and \nother issues. And there is a genuine, I believe, feeling for \ndoing the right thing here, and I hope that that will result in \nlegislation in an area that is very, very difficult and improve \nthat legislation.\n    Without objection, the gentlemen's entire statements will \nbe placed in the record. Also, without objection, all Members \nmay place their statements in the record at this point. Any \nobjection?\n    Hearing none, so ordered.\n    Without objection, the Chair will be authorized to declare \nrecesses of the hearing at any point. Hearing none, so ordered.\n    I ask unanimous consent that Members have 5 legislative \ndays to submit written statements for inclusion in today's \nhearing record. Without objection, so ordered.\n    Mr. Cannon. Now I am pleased to introduce our witnesses for \ntoday's hearing. Our first witness is Lee Hamilton, who is Vice \nChair of the 9/11 Commission. Former Congressman Hamilton \ncurrently is President and Director of the Woodrow Wilson \nInternational Center For Scholars. Before undertaking these \nresponsibilities at the Center in 1999, Congressman Hamilton \nserved for 34 years in the House, representing Indiana's Ninth \nDistrict. During his tenure, he served as Chairman and Ranking \nMember of the forerunner of the House Committee on \nInternational Relations and served on the Permanent Select \nCommittee on Intelligence and the Select Committee To \nInvestigate Covert Arms Transactions with Iran.\n    After his tenure in Congress, he served on the Commission \non National Security in the 21st Century, also known as the \nHart-Rudman Commission, and was co-Chair with former Senator \nHoward Baker of the Baker-Hamilton Commission to investigate \ncertain security issues at Los Alamos. He is currently a member \nof the President's Homeland Security Advisory Council.\n    Mr. Hamilton is a graduate of DePauw University and Indiana \nUniversity Law School, as well as the recipient of numerous \nhonorary degrees and national awards for public service. And I \nhope I have said privately to Mr. Hamilton what I would like to \nsay now and that is that when I came to Congress I looked \naround at the various Members of Congress to decide who I \nwanted to model, he was very clearly one of the people who I \nthink did a remarkably good job in a complex institution; and \nhe has been an explicit model in my life in my office.\n    I welcome you back, Mr. Hamilton.\n    Our second witness is former Senator Slade Gorton who also \nappears on behalf of the 9/11 Commission. Senator Gorton is \ncurrently of counsel at Preston, Gates & Ellis. Prior to \njoining the firm, he represented Washington State in the United \nStates Senate for 18 years, from 1982 to 2000. While in the \nSenate, Mr. Gorton served on the Appropriations, Budget, \nCommerce, Science and Transportation, and Energy and Natural \nResources Committees. He also chaired the Interior \nAppropriations Subcommittee, and was a member of the Republican \nLeadership as Counsel to the Majority Leader.\n    Senator Gorton began his political career in 1958 as a \nWashington State representative and then went on to serve as \nthe State house majority leader. In 1968, he was elected \nAttorney General for the State of Washington where he argued 14 \ncases before the United States Supreme Court. Mr. Gorton also \nserved on the President's Consumer Advisory Council, as well as \non many other Federal and State commissions. Most recently, \nSenator Gorton served on the National Commission on Federal \nElection Reform.\n    Senator Gorton received his undergraduate degree from \nDartmouth College and his law degree from Columbia University.\n    We welcome you back and appreciate your service in the \nSenate where we had some very pleasant interactions over a \nperiod of time.\n    Our third witness is John Marsh, who appears today on \nbehalf of TAPAC. Secretary Marsh, like his fellow witnesses, \nhas served our Nation in a number of distinguished ways, I \nmight just say a very different and a remarkable history of \nservice, most prominently as Secretary of the Army and as the \nrepresentative of Virginia's Seventh Congressional District. \nAfter an exemplary period of service with the U.S. Army, \nSecretary Marsh received his law degree in 1951 from Washington \nand Lee University and began his practice of law in Strasburg, \nVA. Thereafter, he was elected to four terms of Congress from \nthe Seventh District of Virginia and served on the House \nAppropriations Committee.\n    After choosing not to seek a fifth term, Secretary Marsh \nresumed the practice of law. In 1973, however, he returned to \nFederal service as Assistant Secretary of Defense for \nLegislative Affairs. The following year, he became the \nAssistant for National Security Affairs to Vice President Ford, \nand in August 1974 became Counselor, with Cabinet rank, to \nPresident Ford. He chaired the Presidential Committee for the \nReorganization of the U.S. Intelligence Community from 1975 to \n1976.\n    Later sworn in as Secretary of the Army in 1981, Secretary \nMarsh served until 1989 achieving a tenure that was the longest \nof any Secretary of the Army or Secretary of War in American \nhistory. During 1988, he served concurrently as Assistant \nSecretary of Defense for Special Operations and Low Intensity \nConflict.\n    Secretary Marsh has been awarded numerous honors and \ndecorations. He is currently a Distinguished Professor of Law \nat George Mason University concentrating on cyberterrorism and \nnational security law. He is also a member of the Special \nCongressional Panel on Terrorism to assess Federal, State and \nlocal response to weapons of mass destruction, known as the \nGilmore Commission.\n    Our final witness is Nuala O'Connor Kelly, the Chief \nPrivacy Officer at the Department of Homeland Security. We \nwelcome you back.\n    As many of you know, Ms. O'Connor Kelly testified earlier \nthis year as part of my Subcommittee's continuing oversight of \nher office. Ms. O'Connor Kelly is especially commended for \nparticipating in today's hearing as she is currently on \nmaternity leave and having difficulty getting enough sleep. So \nwe will send someone out for a coffee or a Coke if you need \nthat at some point.\n    As I previously noted in my remarks, my Subcommittee with \nthe support of our Chairman, Mr. Sensenbrenner, played a major \nrole in establishing Ms. O'Connor Kelly's office at the \nDepartment of Homeland Security. The legislation creating her \noffice not only mandated the appointment of a privacy officer, \nbut specified the officer's responsibilities.\n    One of the principal responsibilities of the DHS privacy \nofficer, as set out by statute, is the duty to assure that the \nuse of technologies sustain and do not erode privacy \nprotections relating to the use, collection and disclosure of \npersonal information. In addition, the privacy officer must \nassure that personal information is handled in full compliance \nwith the Privacy Act and assess privacy impacts with the \nDepartment's proposed rules.\n    Pursuant to this legislation, DHS Secretary Tom Ridge last \nyear appointed Ms. O'Connor Kelly to serve as the Department's \nChief Privacy Officer. Since her appointment, Ms. O'Connor \nKelly has played a key role in various terrorist detection \ninitiatives undertaken by DHS. Prior to her current \nappointment, she served as the Chief Privacy Officer at the \nCommerce Department.\n    Before entering public service, Ms. O'Connor Kelly was the \nVice President for Data Protection and the Chief Privacy \nOfficer for DoubleClick, an online media services company that \nmade great headlines just prior to her taking that position.\n    In that capacity, Ms. O'Connor Kelly established the \ncompany's first data protection department responsible for \ninstituting privacy protection policies and procedures for \nDoubleClick, its clients and partners.\n    Ms. O'Connor Kelly received her undergraduate degree from \nPrinceton University, a Master's degree in Education from \nHarvard University and a law degree from Georgetown University \nLaw Center.\n    I extend my warm regards and appreciate your willingness to \nparticipate in today's hearing. In light of the fact that your \nwritten statements will be included in the hearing record, I \nrequest that you limit your oral remarks to 5 minutes. \nAccordingly, please feel free to summarize or highlight the \nsalient points of your testimony.\n    You will note that we have a lighting system. I think you \nare all familiar with it. It starts at green; when 4 minutes \nhave passed, it turns yellow, and then it turns red at 1 \nminute. We do not want to cut off your thinking. In fact, I \nwould like to say this is undoubtedly the most prestigious \npanel I will ever--we have had two justices from the Supreme \nCourt recently testifying on the Administrative Conference of \nthe United States, Justices Scalia and Breyer. But there are \nonly two of them and their history is fairly narrow compared \nwith the experience we have with you.\n    So if you would just recognize the 5-minute light, we would \nappreciate it if you would draw to a close. We will have people \nthat will have the opportunity to ask questions and expand on \nissues.\n    Everyone was here at the beginning of the hearing, so we \nwill go by seniority. With Mr. Watts' help, I will try to tap \nthe gavel at 5 minutes so all Members have an opportunity to \nask questions. If there is an interest, we may go to a second \nround of questions.\n    Pursuant to the directive of the Chairman of the Committee \non the Judiciary, I am going to ask the panel to stand and \nraise your right hand and take an oath.\n    [Witnesses sworn.]\n    Mr. Cannon. Congressman Hamilton, would you proceed with \nyour testimony?\n\n    TESTIMONY OF THE HONORABLE LEE H. HAMILTON, VICE CHAIR, \nNATIONAL COMMISSION ON TERRORIST ATTACKS UPON THE UNITED STATES\n\n    Mr. Hamilton. Thank you very much Chairman Cannon, Ranking \nMember Watt, Chairman Chabot, Ranking Member Nadler and the \nother distinguished Members of the two Subcommittees. We are \nvery honored to appear before you today.\n    I want to say that the chairman of the 9/11 Commission, Tom \nKean, was not able to be here today. He led the Commission with \nextraordinary skill and deserves much of the credit for the \nCommission's success.\n    I am very pleased to be here with Senator Gorton. He made \nextraordinary contributions as a Commission member. We turned \nto him again and again for advice, and it is a pleasure to be \nwith him.\n    We especially appreciate the fact that all the Members are \nhere during August. I know that it is unprecedented, and we are \nvery grateful to you for your interest in our work.\n    I want to say that the statements made by the Chairman and \nRanking Members of the two Subcommittees were extraordinarily \ngood statements. I thank you for those. I also thank you for \nthe personal sentiments that you expressed.\n    Your Subcommittees, as well as your parent Committee, have \na very long record of concern and leadership in these issues, \nso it is a very special pleasure for us to be with you. We \nsimply point out that our Commission's recommendations were \nunanimous. I think you know that.\n    I think from the very beginning of the Commission's work, \nabout 18 or more months ago, all of us have been very conscious \nof the need to make sure that in our zeal to fight terrorism, \nwe do not compromise the very rights and liberties that make \nour system of Government and society worth defending.\n    Concern about the civil liberties of American citizens was \none of the number of reasons why the Commission rejected the \nidea of moving the domestic intelligence and counterterrorism \nresponsibilities of the FBI out of that agency and placing them \nin an MI-5 type agency. We feared that such a new agency, not \nsteeped in respect for law and the Constitution that pervades \nthe FBI and the Justice Department, and reporting to the \nNational Intelligence Director, the Director of Central \nIntelligence rather than the Attorney General, would be more \nlikely to trample on individual rights.\n    The Commission made three major recommendations with \nrespect to civil rights. The first dealt with the critical and \ncomplicated privacy issues that are at the heart of our new \ninformation society and at the heart of the necessary efforts \nto increase the amount of information gathered by our \nintelligence agencies and shared by them among themselves and \nwith State and local law enforcement officials.\n    We recommend improvements and enhancements in those \ninformation gathering abilities and in information sharing. But \nwe also recognize that with the enhanced flow of information \ncomes a need to establish guidelines and oversight to make sure \nthat the privacy of our citizens and residents is respected and \npreserved.\n    We did not conduct extensive investigation of our own on \ndata mining and other privacy issues raised by information \ngathering and sharing. We relied very much on the Markle Task \nForce. I'm sure that work is familiar to you. We believe, along \nwith the Markle Task Force, that we have the ability to gather \nand share information and protect privacy at the same time. \nThis requires, however, leadership and coordination in the \nexecutive branch.\n    No one agency can deal with this problem alone. We \nrecommend that the President lead a Government-wide effort \nthrough OMB and the National Intelligence Director to set \ncommon standards for information use throughout the \nIntelligence Community. These standards would govern the \nacquisition, accessing, sharing and using of private data so as \nto protect individual rights.\n    The same technology that facilitates the gathering and \nsharing of information can also protect us from the misuse of \nthat information. And for the balance of the statement, I turn \nto Senator Gorton.\n\n  TESTIMONY OF THE HONORABLE SLADE GORTON, COMMISSION MEMBER, \nNATIONAL COMMISSION ON TERRORIST ATTACKS UPON THE UNITED STATES\n\n    Mr. Gorton. Our second major recommendation in this area \nrelates to the USA PATRIOT Act, many of the provisions of which \nexpire at the end of next year and will be the subject of \nhearings by the House and Senate Judiciary Committees. The only \nspecific provisions of that act on which we expressed a view \nare those relating to information sharing.\n    The elimination of the wall that had severely constrained \nthe flow of information acquired through surveillance under the \nForeign Intelligence Surveillance Act from the intelligence \nside of the FBI and to the criminal side of the Agency and to \nFederal prosecutors, and the broadening of the ability of the \nJustice Department to share grand jury information with other \nintelligence and law enforcement agencies.\n    We endorse the extension of those provisions which, \nwitnesses were virtually unanimous in telling us, were \nextremely helpful to law enforcement and intelligence \ninvestigations with little, if any, adverse impact on the \nrights of potential defendants. But we did propose a general \ntest to be applied to consideration of the renewal of the other \nprovisions of the USA PATRIOT Act, and we believe that that \nprinciple should also be applied to other legislative and \nregulatory proposals designed to strengthen our security, but \nthat may impinge on individual rights.\n    The test is a simple but important one. The burden of proof \nshould be on the proponents of the measure to establish that \nthe power or authority being sought would, in fact, materially \nenhance national security, and that there will be adequate \nsupervision of the exercise of that power or authority to \nensure protection of civil liberties. If the power is granted, \nthere must be adequate guidelines and oversight properly to \nconfine its use.\n    We think that the same spirit that informed our \nrecommendation as to the burden of proof that should be applied \nto measures of this kind is also reflected in H.R. 338, \nrecently reported out of this Subcommittee and the full \nJudiciary Committee. H.R. 338 requires Federal agencies that \nare proposing rules that will require the collection of \npersonal information from individuals to conduct privacy impact \nassessments as part of their rule-making process to ensure that \nprivacy interests of individuals receive attention and \nprotection.\n    The Commission, of course, takes no position on that bill. \nBut we can observe that it proceeds from the same concerns that \nanimate our recommendations.\n    Our third recommendation flows from the first two. \nIndividual rights and liberties must be adequately protected in \nthe administration of the significant powers that Congress has \ngranted to executive branch agencies to protect national \nsecurity. There should be a central office or board that has \nthe responsibility to oversee adherence guidelines that are \nbuilt into these programs to safeguard these rights and \nliberties.\n    We make no recommendation as to how this office or board \nshould be composed or where in the executive branch it should \nbe located. Some commissioners believe that it should be a \npermanent office located in the Justice Department and \nreporting to the Attorney General, but with oversight of the \nprograms of the Department of Homeland Security and other \nagencies, as well as those of the Justice Department. Others \nenvisage a Cabinet-level interagency board or committee \nreporting to the President. But we are all agreed that some \nentity of this kind should be created.\n    And departing for just a moment from my written statement, \nboth the Chairman and Mr. Watt referred to the importance of \nthis vehicle. Yesterday, Mr. Lee Hamilton and I testified \nbefore the Senate Judiciary Committee. Thereafter, I made a \ncontact I'd made previously with Senators McCain and Lieberman \nwho are working on a bill to provide exactly this board.\n    I went and spoke at length with the staff director of the \nSenate Commerce Committee, formerly a member of my staff, on \nsuch a draft. And it may well be that you would like to contact \nthem, see the direction in which they are going and work \ntogether. It looked to me like a very constructive first draft.\n    We close with an observation from our report. We must find \nways of reconciling security with liberty since the success of \none protects the other. The choice between security and liberty \nis a false choice as nothing is more likely to endanger \nAmerica's liberties than the success of a terrorist attack at \nhome. Our history has shown us that insecurity threatens \nliberty. Yet, if our liberties are concerned, we lose the \nvalues that we are struggling to defend.\n    We will be pleased to respond to your questions.\n    Mr. Cannon. Thank you, Mr. Hamilton and Mr. Gorton.\n    [The prepared statement of Messrs. Hamilton and Gorton \nfollows:]\n          Prepared Statement of Lee Hamilton and Slade Gorton\n    Chairman Cannon, Ranking Member Watt, and other distinguished \nmembers of the Subcommittee: We are honored by the opportunity to \nappear before you today. We appreciate the opportunity to discuss with \nyou the findings and recommendations of the Commission with respect to \nprivacy and civil liberties. These Subcommittees, as well as your \nparent Committee, have a long record of concern with these issues, so \nit is a special pleasure to discuss with you the important question of \nhow the measures we must take to protect our nation against the threat \nof terrorist attacks can be reconciled with the individual rights and \nliberties we hold so dear.\n    We want to emphasize that the Commission's views on these issues--\nas well as all others dealt with in our Report--were unanimous. We are \nfive Republicans and five Democrats, but we are united in our \ncommitment to make our country safer and more secure in the face of the \nnovel threat posed by transnational terrorism. And we can report to you \nthat from the very beginning of the Commission's work some eighteen \nmonths ago, all of us have been conscious of the need to make sure that \nin our zeal to fight the scourge of terrorism we do not compromise the \nvery rights and liberties that make our system of government and our \nsociety worth defending.\n    Concern about the civil liberties of American citizens was one of a \nnumber of reasons why the Commission rejected the idea of moving the \ndomestic intelligence and counterterrorism responsibilities of the FBI \nout of that agency and placing them in a new MI-5-type agency. We \nfeared that such a new agency, not steeped in the respect for the law \nand the Constitution that pervades the FBI and the Justice Department, \nand reporting to the National Intelligence Director or the Director of \nCentral Intelligence rather than to the Attorney General, would be more \nlikely to trample on individual rights.\n    The Commission made three major recommendations with respect to \ncivil liberties. The first dealt with the critical and complicated \nprivacy issues that are at the heart of our new ``information society'' \nand at the heart of the necessary efforts to increase the amount of \ninformation gathered by our intelligence agencies and shared by them \namong themselves and with state and local law enforcement officials. \nThe Commission recommends improvements and enhancements in those \ninformation-gathering abilities and in information sharing. But we also \nrecognize that with the enhanced flow of information comes a need to \nestablish guidelines and oversight to make sure that the privacy of our \ncitizens and residents is respected and preserved.\n    We did not conduct extensive investigation of our own on data-\nmining and other privacy issues raised by information gathering and \nsharing. Instead, we relied on the excellent work done by the Markle \nFoundation Task Force, reflected in two reports, in 2002 and 2003. The \ninsights of the Markle Task Force have been reinforced by the more \nrecent investigation and report by the Technology and Privacy Advisory \nCommittee established by Secretary Rumsfeld to advise him on the \nprivacy implications of the Department's Terrorism Information \nAwareness Program--a report that this Subcommittee is also focusing on \ntoday.\n    We believe, along with the Markle Task Force, that we have the \nability to gather and share information and protect privacy at the same \ntime. But this requires leadership and co-ordination in the executive \nbranch. No one agency can deal with this problem alone. Instead, we \nrecommend that the President lead a government-wide effort, through OMB \nand the National Intelligence Director, to set common standards for \ninformation use throughout the intelligence community. These standards \nwould govern the acquisition, accessing, sharing and using of private \ndata so as to protect individual rights. The same technology that \nfacilitates the gathering and sharing of information can also protect \nus from the misuse of that information.\n    Our second major recommendation in this area relates to the USA \nPATRIOT Act, many of the provisions of which expire at the end of next \nyear and will be the subject of hearings by the House and Senate \nJudiciary Committees. The only specific provisions of that Act on which \nwe expressed a view are those relating to information-sharing: the \nelimination of the ``wall'' that had severely constrained the flow of \ninformation acquired through surveillance under the Foreign \nIntelligence Surveillance Act from the intelligence side of the FBI to \nthe criminal side of the agency and to federal prosecutors, and the \nbroadening of the ability of the Justice Department to share grand jury \ninformation with other intelligence and law enforcement agencies. We \nendorsed the extension of those provisions, which witnesses were \nvirtually unanimous in telling us were extremely helpful to law \nenforcement and intelligence investigations with little if any adverse \nimpact on the rights of potential defendants.\n    But we did propose a general test to be applied to consideration of \nthe renewal of other provisions of the USA PATRIOT Act, and we believe \nthat that principle should also be applied to other legislative and \nregulatory proposals that are designed to strengthen our security but \nthat may impinge on individual rights. The test is a simple but \nimportant one: The burden of proof should be on the proponents of the \nmeasure to establish that the power or authority being sought would in \nfact materially enhance national security, and that there will be \nadequate supervision of the exercise of that power or authority top \nensure protection of civil liberties. If the power is granted, there \nmust be adequate guidelines and oversight to properly confine its use.\n    We think the same spirit that informed our recommendation as to the \nburden of proof that should be applied to measures of this kind is also \nreflected in H.R. 338, recently reported out of this Subcommittee and \nthe full Judiciary Committee. H.R. 338 requires federal agencies that \nare proposing rules that will require the collection of personal \ninformation from individuals to conduct privacy impact assessments as \npart of their rulemaking process to ensure that privacy interests of \nindividuals receive attention and protection. The Commission, of \ncourse, takes no position on that bill. But we can observe that it \nproceeds from the same concerns that animate our recommendations.\n    Our third major recommendation flows from the first two. Individual \nrights and liberties must be adequately protected in the administration \nof the significant powers that Congress has granted to executive branch \nagencies to protect national security. There should be a central office \nor board that has the responsibility to oversee adherence to guidelines \nthat are built into these programs to safeguard those rights and \nliberties. We make no recommendation as to how this office or board \nshould be composed or where in the executive branch it should be \nlocated. Some Commissioners believe that it should be a permanent \noffice located in the Justice Department and reporting to the Attorney \nGeneral, but with oversight of programs in the Department of Homeland \nSecurity and other agencies as well as in the Justice Department. \nOthers envision a Cabinet-level interagency board or committee, \nreporting to the President. But we are all agreed that some entity of \nthis kind should be created.\n    We close with an observation from our Report:\n\n        We must find ways of reconciling security with liberty, since \n        the success of one protects the other. The choice between \n        security and liberty is a false choice, as nothing is more \n        likely to endanger America's liberties than the success of a \n        terrorist attack at home. Our history has shown us that \n        insecurity threatens liberty. Yet, if our liberties are \n        curtailed, we lose the values that we are struggling to defend.\n\n    We would be pleased to respond to your questions.\n\n    Mr. Cannon. Mr. Marsh.\n\n  TESTIMONY OF THE HONORABLE JOHN O. MARSH, JR., MEMBER, U.S. \nDEPARTMENT OF DEFENSE TECHNOLOGY AND PRIVACY ADVISORY COMMITTEE\n\n    Mr. Marsh. Thank you, Mr. Chairman, Members of the \nCommittee and leaders of the Committee. I thank you for calling \nthis hearing. I would point out to you that I am here \nrepresenting an advisory committee appointed by Secretary of \nDefense to the Department of Defense composed of members who \ngave their time to make this study. Therefore, I am not \nspeaking for the Department of Defense of what action may or \nmay not occur in reference to our recommendations, but I am \nvery sanguine about that.\n    I would also like to point out, as resource people for the \ncommittee, which I hope you will avail yourself of, the staff \ndirector of the Defense TAPAC Committee, Ms. Lisa Davis; an \nextraordinary writer, Fred Cate, who helped prepare all this \ntestimony; a technologist and attorney, Lee Zeichner, who is \nhere, and also the critical infrastructure protection \ncapabilities of George Mason University where I teach and that \nassisted in this.\n    Mr. Minow could not be here, but I can tell you he \nperformed a yeoman's task of guiding this committee, and his \nenormous prestige and ability I think is reflected in this \nwork.\n    A little history, if I might. This committee occurred \nbecause of what was discerned to be abuses, or concerns about \nabuses, largely outside of the Department of Defense on a \ncommon technique that is growing and needs to be addressed \ncalled ``data mining.'' Data mining is the result of massive \nvolumes of information, either people in or out of Government \nor organizations, and the use of that data mining can be very, \nvery helpful in the intelligence process.\n    There is a dichotomy here because although the Defense \nDepartment got in trouble with the pursuit of this, \nnevertheless, the statute to the homeland security authorized \nand encouraged them to engage in data processing. The data \nprocessing that was occurring in the Pentagon was called TIA. \nIts original name was terrorism information awareness or total \ninformation awareness or terrorist information awareness, \nwhichever one you want, but it raised very serious questions in \nthe media and in the Congress of the United States.\n    When that happened, Mr. Rumsfeld named this committee, and \nhe gave them six questions that he wished to be answered as to \nthe validity of that type of technology and whether it could be \neffective, and how do we protect individual liberty and \nprivacy.\n    Incidentally, I prefer the term ``liberty.'' It is a far \nstronger word than ``privacy.'' Privacy occurs because of \nliberty. Privacy is a subset of liberty.\n    Now, these four questions were the questions to which we \ndevoted our time and attention. And our first overtures were to \nTIA, which was being done under DARPA, the Defense Advanced \nResearch Project Agency, that has done extraordinary work and \nis indeed the agency that developed the Internet. It became \napparent to the committee that to address this one program, \nTIA, would be putting a finger in a dike where many, many \nfingers were going to be necessary.\n    This is a widespread practice in the Federal Government and \nperhaps at State levels. A GAO survey indicated, as we were \nfinishing up our work, that there were 88 departments and \nagencies engaged in data mining, or were planning to, that \nthere were an additional 34 about to, and in all, there were \n122 data mining programs ongoing in our national Government, \nnot just in the Department of Defense. It became very apparent \nto us, as we began to examine people, that data mining was \ngoing on in other departments of Government. And there weren't \nthat many controls in my view and, I think, in the committee \nview as to how that should be handled.\n    So what we sought to do--this report is seeking to provide \nsome guidelines as to how to utilize data mining, which we \nthink is essential only if it is used in a proper way, and we \nbelieve that it can be. It can use the FICE Accord. It can use \ntechnologies of minimization where in order to achieve certain \ninformation you do not have to collect as much as you perceive \nthat you have to collect.\n    And also, there is the issue of anonymization. There are \ntechnologies today in seeking records, you can anonymize the \nrecords so that the people examining the records or capturing \nthe information do not know--do not know at the time what that \ninformation is or they do not associate it with an individual. \nAt a later date, under certain guidelines, you can unlock that \nand find that out.\n    But one of the things, and it seems to me to be a rule, \nwhere U.S. persons are involved and you have a particularized \narea of interest in that U.S. person and you go into data \nmining, you use and resort to the FICE Accord. We place stress \nor emphasis on the role of the FICE Accord.\n    Now, out of this would come--and I submit to the Committee \nthat I will not go through it all; your staff has seen it--\nthere came 12 recommendations. Seven of those recommendations \nrelate to the Department of Defense, because it was the \nDepartment of Defense that had asked for these inputs. Five of \nthose relate to the Federal Government at large.\n    I was very impressed with the legislation that's proposed, \nH.R. 338, that came out of this Committee, because as you read \nour report and read the proposed statute, you begin to see that \nthere's a synchronization or there's a common theme through \nthere. It may not be the answer yet, but it seems to me steps \ntoward an answer.\n    So we talk about here how you can establish a process for \ndata mining inside the Department of Defense. And the idea was, \nyou create a mechanism in the Department of Defense that has \naudit trails, that has overview, that has training, that has \nauthorization for certain techniques, and then you extrapolate \nthat and replicate those systems of protection into the general \nFederal Government. And this evolved because we got in, we saw \nwe had a far, far greater problem.\n    It is not simply the Department of Defense, but there are \nother departments and agencies of the Government, and indeed \ndata mining is done by the States. The program called Matrix, \nwhich is a law enforcement program in the State of Florida, \nuses data mining; and Matrix, I think you will find, has \nsignificant Federal funding from certain other Federal \nagencies, not the Department of Defense.\n    But we also place an emphasis on congressional oversight of \nwhat's to be done. There needs to be a protocol or culture of \nprivacy that we need to encourage and develop. So we commend \nthose to you.\n    I thank you for what you're doing. The stakes are very, \nvery high. As I commented to my assistant professor, Ms. Angie \nChen of George Mason University, who is here today, ``the law \nis going to have to address this.''\n    In September of 1787, as Washington was submitting the \ndraft Constitution to the convention, of the articles--to the \nCongress--of the Confederation, it had a resolution in it. I \ncommend to you that resolution because it read, and it was \nWashington's dilemma, a resolution probably written by Madison.\n    Washington fully concurred. The biggest problem, Washington \nsaid, was drafting a document that was able to reconcile the \nissue of liberty on one side and security on the other.\n    That's the problem that we have today. And we see our \nNation's capital, the people's House is a citadel, with the \nJersey walls and hydraulic gates and the limitation. Visitation \nhere used to be about 22,500. It is down now I understand to \nabout 2,000. These are evidences of the oppression and \nintimidation that we are having to suffer because of the \nproblems with terrorism. But we will address that and we will--\nand we will be stronger for it.\n    I would say to you, I was teaching these issues before 9/\n11. We are feeling that we are being overwhelmed by rapid \nadvances in technology, particularly in the information \ncommunication and information technology which gives the \nterrorists enormous weapons.\n    Prior to 9/11, we would not sort out how we were going to \nhandle that, and the law was falling behind that technology. \nAnd the Congress at the time was having trouble coming to grips \nwith it in a jurisdictional sense because of its pervasive \neffort. Hopefully, through these types of efforts, we will, \none, be able to establish jurisdiction, and, secondly, be able \nto achieve a very favorable and satisfactory result.\n    I thank you, Mr. Chairman.\n    Mr. Cannon. Thank you, Mr. Marsh.\n    [The prepared statement of Mr. Marsh follows:]\n              Prepared Statement of John O. Marsh, Jr.\\1\\\n---------------------------------------------------------------------------\n    \\1\\ I gratefully acknowledge the assistance in the preparation of \nthis statement of Fred H. Cate, a Distinguished Professor and director \nof the Indiana University Center for Applied Cybersecurity Research, \nwho served as Reporter for the Technology and Privacy Advisory \nCommittee.\n---------------------------------------------------------------------------\n    Chairmen Chabot and Cannon, Distinguished Members:\n    I appreciate the opportunity to testify today about the work and \nfinal recommendations of the Technology and Privacy Advisory Committee \nappointed by Secretary of Defense Rumsfeld and chaired by the Honorable \nNewton N. Minow, one of the nation' most experienced and distinguished \npublic servants. The Committee was created to examine the issues that \nare the subject of today's hearing--the impact of the government's use \nof personal information on privacy and civil liberties. Although our \ncharge focused on the Department of Defense, we rapidly discovered that \nthe issues, as well as the data mining activities that raise them, \noccur throughout the government and require attention.\n    I applaud your leadership and that of your colleagues on the \nCommittee in holding today's hearing. As a former Member of Congress \nand Secretary of the Army, I know that few issues could be more \nimportant than the security of the Republic or the civil liberties of \nits citizens. Ensuring that both are rigorously protected is a critical \nobligation of all branches of Government--but especially of the \nCongress--and I congratulate you for embracing that responsibility in \nthis hearing today.\n           the tension between privacy and national security\n    The final report of the 9/11 Commission report does a masterful job \nof describing the horrendous terrorist attacks that took place on the \nmorning of September 11, 2001, and of analyzing the factors that \ncontributed to our nation's vulnerability to those attacks. The report \ngoes on to make a number of thoughtful recommendations, including the \nurgent need that we use all of the information at our collective \ndisposal to protect against further attacks, but that we do so only in \nways that are consistent with protecting personal privacy.\n    The 9/11 Commission report does not suggest how we might exploit \nthat information without invading privacy. The report identifies the \ngoal, without providing any guidance as to the means. The Technology \nand Privacy Committee had spent the prior year addressing many of these \nissues about how we use information to protect national security \nwithout infringing on privacy.\n                          background of tapac\n    The history of TAPAC is fully laid out in our final report, the \nexecutive summary from which I attach to my prepared testimony, so I \nwill only briefly recite it here. In early 2002, the Defense Advanced \nResearch Projects Agency (``DARPA'') announced that it was developing \nadvanced information technologies which could access personally \nidentifiable information in the fight against terrorism. The project--\ncalled ``Terrorism Information Awareness'' (``TIA'') \\2\\ soon prompted \nserious public and congressional criticism centered on the possible use \nby government of personal information on U.S. citizens and permanent \nresident aliens.\n---------------------------------------------------------------------------\n    \\2\\ When first announced, the program was entitled ``Total \nInformation Awareness.'' The title was changed to ``Terrorism \nInformation Awareness'' in May 2003.\n---------------------------------------------------------------------------\n    To address these and other concerns, in February 2003 Secretary \nRumsfeld appointed the Technology and Privacy Advisory Committee, the \nmembers of which were private citizens, independent from the government \nand ``selected on the basis of their preeminence in the fields of \nconstitutional law and public policy relating to communication and \ninformation management.'' Establishment of the Technology and Privacy \nAdvisory Committee, 68 Fed. Reg. 11,384 (2003) (DOD, notice). He \ncharged TAPAC with answering four questions:\n\n        1.  Should the goal of developing technologies that may help \n        identify terrorists before they act be pursued?\n\n        2.  What safeguards should be developed to ensure that the \n        application of this or any like technology developed within DOD \n        is carried out in accordance with U.S. law and American values \n        related to privacy?\n\n        3.  Which public policy goals are implicated by TIA and what \n        steps should be taken to ensure that TIA does not frustrate \n        those goals?\n\n        4.  How should the government ensure that the application of \n        these technologies to global databases respects international \n        and foreign domestic law and policy? U.S. Department of \n        Defense, Technology and Privacy Advisory Committee Charter \n        (2003).\n\n    In June 2004, TAPAC released its final report, containing its \nconclusions and 7 and 5 12 recommendations addressing data mining \nwithin the Department of Defense and throughout the federal government. \nBefore turning to those conclusions and recommendations, I want to \nstress two features of the Committee and its work.\n    First, the panel was strictly bi-partisan, both in its membership \nand in the way it pursued its work. It was chaired by the Honorable \nNewton N. Minow, Senior Counsel to the law firm of Sidley Austin Brown \n& Wood, who served as chairman of the Federal Communications Commission \nunder President Kennedy, and later served as chairman of the Carnegie \nCorporation, Public Broadcasting Service, and The RAND Corporation, and \nvice chairman of the Commission on Presidential Debates. It would be \nhard to find a more impartial, skillful, or experienced public servant.\n    The other Committee members with whom I was privileged to serve \nwere:\n\n        Floyd Abrams, a partner in the New York law firm of Cahill \n        Gordon & Reindel, the William J. Brennan, Jr. Visiting \n        Professor of First Amendment Law at the Columbia Graduate \n        School of Journalism, and one of the nation's leading experts \n        on the First Amendment.\n\n        Zoe Baird, President of the Markle Foundation, and previously \n        was senior vice president and general counsel of Aetna, Inc., \n        and an attorney in White House and in the Justice Department.\n\n        Griffin Bell, formerly Managing Partner of King & Spalding, a \n        judge on the U.S. Court of Appeals for the Fifth Circuit, and \n        Attorney General of the United States.\n\n        Gerhard Casper, President Emeritus of Stanford University and \n        the Peter and Helen Bing Professor in Undergraduate Education \n        at Stanford.\n\n        William T. Coleman, Jr., Senior Partner and the Senior \n        Counselor in O'Melveny and Myers; he served as Secretary of \n        Transportation during the Ford Administration.\n\n        Lloyd N. Cutler, founding partner of the law firm of Wilmer, \n        Cutler & Pickering; he served as Counsel to Presidents Clinton \n        and Carter.\n\n    The second feature is that Secretary Rumsfeld charged the Committee \nwith considering not only laws applicable to privacy, but also \n``American values related to privacy.'' This important addition to the \nCommittee's mandate obligated us to ask not only what the law \nconcerning government use of personal information was, but what it \nshould be.\nthe prevalence of government data mining and the limits of relevant law\n    From the outset, the Committee was struck by two discoveries. The \nfirst was how widespread, not only in the Department of Defense, but \nthroughout the federal government, data mining was. In fact, report by \nthe General Accounting Office, released in May 2004 after the TAPAC \nfinished its work, found 42 federal departments or agencies--including \nevery cabinet-level agency that responded to the GAO's survey--engaged \nin (88), or were planning to engage in (34), 122 data mining efforts \ninvolving personal information. Thirty-six of those involve accessing \ndata from the private sector; 46 involve sharing data among federal \nagencies. U.S. General Accounting Office, Data Mining: Federal Efforts \nCover a Wide Range of Uses (GAO-04-548), May 2004, at 3, 27-64, tables \n2-25.\n    The Committee's second discovery was how limited the federal law \napplicable to the government's use of personal information really was. \nThe law that does exist is often too narrow to ensure either that the \ngovernment can access the data it really needs to protect national \nsecurity and fight crime effectively or that individual privacy is \nprotected in the process. In particular, that law depends significantly \non whether the individual(s) involved are U.S. citizens, where the \nsearch takes place, whether the information has ever been disclosed to \nthird parties, and the government's motivation for the search. In the \nface of new terrorist threats posed within the territory of the United \nStates and global information technologies this system has grown \nincreasingly unworkable.\n    So what the Committee found was widespread data mining, and little \nclarity in the law.\n                        tapac's recommendations\n    As a result, the Committee focused its deliberations, and \nultimately its recommendations, on what the law should be to ensure \nthat information is used to enhance national security without impinging \non individual privacy or liberty. We unanimously agreed that the United \nStates should use data mining to enhance national security; our \nrecommendations then were focused on assuring that the privacy \ninterests of U.S. persons are not compromised when it does so. Because \nthose recommendations are included in the attached executive summary, I \nwill not recite all of them here, but I would like to focus on six that \nare most relevant to today's hearing.\n1. Privacy Tools\n    First, we thought it imperative that government data mining \nprograms take advantage of the technological and other tools available \nto protect privacy. So, for example, we recommended requiring:\n\n        a.\n            Data minimization--the least data consistent with the \n        purpose of the data mining should be accessed, disseminated, \n        and retained.\n\n        b.\n            Data anonymization--whenever practicable data mining should \n        be performed on databases from which information by which \n        specific individuals can be commonly identified (e.g., name, \n        address, telephone number, SSN, unique title, etc.) has been \n        removed, encrypted, or otherwise obscured. Where it is not \n        practicable to use anonymized data, or access to identifying \n        information is required, the agency should comply with \n        Recommendation 2.4 below.\n\n        c.\n            Audit trail--data mining systems should be designed to \n        create a permanent, tamper-resistant record of when data have \n        been accessed and by whom.\n\n        d.\n            Security and access--data mining systems should be secured \n        against accidental or deliberate unauthorized access, use, \n        alteration, or destruction, and access to such systems should \n        be restricted to persons with a legitimate need and protected \n        by appropriate access controls taking into account the \n        sensitivity of the data.\n\n        e.\n            Training--all persons engaged in developing or using data \n        mining systems should be trained in their appropriate use and \n        the laws and regulations applicable to their use. \n        (Recommendation 2.2)\n\n    We also recommended special protection when data mining would \ninvolve the use of data from the private sector or other government \nagencies. (Recommendation 2.3)\n2. Privacy Culture\n    Second, we thought it was critical that concern for privacy and \nother civil liberties be instilled at every level within agencies that \nengage in data mining. We therefore proposed that agency personnel \nreceive appropriate training (Recommendation 2.2(e)), the creation of a \npolicy-level privacy officer to help promote sensitivity to privacy \nthroughout agencies (Recommendation 4), the appointment of external \nprivacy advisors to help provide privacy-related input from outside of \nthe agency (Recommendation 5), and that the agency head be charged \nspecifically with creating ``culture of sensitivity to, and knowledge \nabout, privacy issues'' throughout the agency (Recommendation 7).\n3. Internal Accountability\n    Third, we believed that accountability was absolutely critical to \nprotecting privacy, to ensuring that data mining was conducted \nefficiently and effectively, and to building public confidence in the \ngovernment's data mining efforts. This objective undergirded many of \nour recommendations. We thought of accountability as occurring in two \ndistinct settings: internal and external.\n    Internal accountability would be enhanced, we believed, first by \nensuring that no agency engage in data mining involving personal \ninformation without making a conscious, thoughtful decision to do so, \nor without fully appreciating the potential privacy ramifications of \nits actions. So, for example, we recommended that data mining require \nwritten authorization by the agency head. (Recommendation 2.1) That \nwritten finding would demonstrate that a senior government official had \nthought through:\n\n        a.\n            the purposes for which the system may be used;\n\n        b.\n            the need for the data to accomplish that purpose;\n\n        c.\n            the specific uses to which the data will be put;\n\n        d.\n            that the data are appropriate for that use, taking into \n        account the purpose(s) for which the data were collected, their \n        age, and the conditions under which they have been stored and \n        protected;\n\n        e.\n            that other equally effective but less intrusive means of \n        achieving the same purpose are either not practically available \n        or are already being used;\n\n        f.\n            the effect(s) on individuals identified through the data \n        mining (e.g., they will be the subject of further investigation \n        for which a warrant will be sought, they will be subject to \n        additional scrutiny before being allowed to board an aircraft, \n        etc.)\n\n        g.\n            that the system has been demonstrated to his or her \n        satisfaction to be effective and appropriate for that purpose;\n\n        h.\n            that the system complies with the other requirements of \n        this recommendation as enacted by law, executive order, or \n        other means;\n\n        i.\n            that the system yields a rate of false positives that is \n        acceptable in view of the purpose of the search, the severity \n        of the effect of being identified, and the likelihood of \n        further investigation; and\n\n        j.\n            that there is a system in place for dealing with false \n        positives (e.g., reporting false positives to developers to \n        improve the system, correcting incorrect information if \n        possible, remedying the effects of false positives as quickly \n        as practicable, etc.), including identifying the frequency and \n        effects of false positives. (Recommendation 2.1)\n\n    That written finding would also serve to ensure that a policy-level \nofficial (in almost every case an official whose appointment was \nsubject to Senate confirmation), was involved in making the \ndetermination to go forward.\n    We believed internal accountability would also be fostered through \nthe creation of a senior policy-level privacy officer (Recommendation \n5), by regular audits of all data mining programs (Recommendation 2.5), \nby seeking the advice of external privacy experts (Recommendation 5), \nand through renewed efforts by the agency head to ensure the \n``effective operation of meaningful oversight mechanisms'' \n(Recommendation 6).\n4. External Accountability\n    Fourth, while accountability within an agency is essential, it is \nno substitute for external accountability, and it was here that our \nstrongest--and most controversial--recommendations were focused. I \nsuspect it is the failure to provide for meaningful external \naccountability that has contributed to public unrest about programs \nsuch as TIA and CAPPS II. Our goal was to help diffuse some of that \ncontroversy in the future by providing for meaningful external \noversight.\n    TAPAC recognized that programs to enhance national security and \npublic safety will often involve classified information or require \nspeedy action, and so traditional accountability measures (such as \npublic notice and opportunity to comment, or judicial review) may not \nwork. Nevertheless, we believed that significant tools are available \nand should be required when the government accesses personal \ninformation about its citizens or legal aliens.\n\n        a.\n            Judicial Review\n\n    One critical external accountability measure we recommended is \nrecourse to the courts before conducting data mining with personally \nidentifiable information about U.S. persons. (Recommendation 2.4) We \nrecommended the Foreign Intelligence Surveillance Act court, to help \nprovide for speedy and confidential review, but the particular court is \nnot nearly as important as the concept of judicial review. The public \nunderstandably derives confidence from knowing that an independent, \njudicial authority is reviewing government data mining efforts. This is \nespecially true when, because of secrecy concerns, the public may not \nhave access to information about those efforts.\n    We stressed that judicial review could be obtained for specific \nsearches or for entire data mining programs (Recommendation 2.4(a)(v)), \nand we provided that, in exigent circumstances, the review could be \nobtained after-the-fact (Recommendation 2.4(c)). Our goal in crafting \nthese provisions was not merely to ensure that the process of judicial \nreview not interfere with national security, but also to highlight that \neven the exigencies of the war on terrorism do not justify abandoning \nthe vital principle of judicial review.\n\n        b.\n            Congressional Oversight\n\n    The other essential component of external accountability is \noversight by the Congress. You are the people's elected representatives \nand it is your unique duty to ensure that the people's business is \ncarried out effectively, efficiently, and without compromising the \npeople's rights. TAPAC therefore recommended that each agency's privacy \nofficer have a direct reporting line to Congress, as you provided with \nregard to the Department of Homeland Security's privacy officer--a \nposition ably filled by Ms. Nuala O'Connor Kelly, who appeared before \nTAPAC. We went a step further, however, to recommend that the agency \nhead appear as well, and that the privacy officer and agency head \njointly brief you, at least annually, on\n\n        a.\n            the agency's compliance with applicable privacy laws;\n\n        b.\n            the number and nature of data mining systems within the \n        agency, the purposes for which they are used, and whether they \n        are likely to contain individually identifiable information \n        about U.S. persons;\n\n        c.\n            the number and general scope of agency findings authorizing \n        data mining;\n\n        d.\n            the number and general scope of agency findings and court \n        orders authorizing searches of individually identifiable \n        information about U.S. persons; and\n\n        e.\n            other efforts to protect privacy in the agency's collection \n        and use of U.S. person data. (Recommendation 11)\n\n    These are serious obligations; we meant them to be. Nothing less \nguarantees you the information and regular access to senior personnel \nnecessary to provide the accountability that the public expects.\n    To carry out these obligations, we made an equally bold \nrecommendation that you take the steps necessary to streamline \ncommittee jurisdiction:\n\n        To facilitate this reporting process and consistent, \n        knowledgeable oversight, each house of Congress should identify \n        a single committee to receive all of the agencies' reports. \n        Other committees may have jurisdiction over specific agencies \n        and therefore also receive reports from those agencies, but we \n        believe it is important for a single committee in each house to \n        maintain broad oversight over the full range of federal \n        government data mining activities. To the extent the \n        jurisdiction of congressional committees overlaps, we believe \n        it is essential for Congress to clarify and clearly articulate \n        the relative responsibilities of each committee, to avoid \n        undermining either privacy protection or national security \n        efforts. (Recommendation 11)\n\n    As a former Member of Congress, I am well aware of the uphill \nbattle that such an effort involves, but we believed it is essential \nfor meaningful oversight of both privacy and security.\n5. Consistent Laws and Processes\n    Fifth, TAPAC recommended that all of the actions outlined above be \ncarried out across the government. This would include adopting a single \nframework of legal, technological, training, and oversight mechanisms \nnecessary to guarantee the privacy of U.S. persons in the context of \nnational security and law enforcement activities; the appointment of a \nprivacy officer in every federal agency; and the creation of an inter-\nagency coordinating committee and the use of external advisors to help \nensure the consistent application of privacy laws and principles. \n(Recommendations 8-10)\n    TAPAC recognized that privacy protections would not necessarily be \nthe same in every setting, but we believed it essential that they be \nconsistent, based on common principles, and subject to uniform \noversight.\n    The recent report of the 9/11 Commission only highlights the \nimportance of these recommendations. It makes little sense to \ncoordinate this nation's intelligence and national security activities, \nwithout going one step further to coordinate the laws and processes \nthat ensure those activities respect our privacy and civil liberties.\n6. Research\n    Finally, TAPAC recognized the importance of research into \ntechnological and other tools for making data mining more precise and \naccurate and for protecting privacy, as well as into the development of \npolicies and laws to facilitate both data mining and privacy. \n(Recommendations 7, 12) One unfortunate consequence of Congress \nblocking further development of TIA was to prohibit further research by \nDARPA into both data mining and privacy.\n    This is regrettable; our nation desperately needs to understand \nbetter the technological, behavioral, and policy tools for using \ninformation effectively and appropriately, whether to fight terrorism, \napprehend criminals, or otherwise serve the public. There are many \nprivate initiatives to expand our understanding--my own program at the \nGeorge Mason School of Law is one example--but if we are serious about \nusing information to fight terrorism and serious about protecting \nprivacy while doing so, it is going to require the investment of public \nfunds.\n             the link between privacy and national security\n    I began by describing the tension between privacy and national \nsecurity; I would now like to highlight what TAPAC saw as the essential \nlink between the two. Many of our recommendations that may have been \nmotivated by a desire to protect privacy, also contribute to enhancing \nsecurity as well. Data minimization, for example, is a key privacy \ntool, but it also helps protect intelligence agencies from being \noverwhelmed by irrelevant data. Tools for data correction are another \nexample: data mining with inaccurate data certainly threatens privacy \nand civil liberties, but it also threatens security as well. Any system \nof data analysis that is not concerned with data quality and accuracy \nis likely to compromise both privacy and security.\n    Privacy and national security are also inherently linked because \nAmerican values will not accept the latter at the cost of the former. \nRecent protests over TIA, CAPPS II, and other programs have shown that \nthe American public will not either. Inadequate, unclear, or uncertain \nprivacy laws are slowing the development of new and promising data \nmining programs, they are undermining research into this important \nweapon in the war on terrorism, and they are hampering the very data \nsharing that the 9/11 Commission wisely recommended. Clearing up this \nmess is critical both to protecting our privacy and to protecting our \nsecurity.\n                  the role of the judiciary committee\n    TAPAC took no position on which committee in Congress should take \nthe lead on this vital effort, but I believe the Committee on the \nJudiciary is an ideal choice. The issues involve come within the \njurisdiction of many committees--Armed Services, Intelligence, \nCommerce, Ways and Means, and others--but the foundational issue that \ncuts across all of these different settings is the constitutional and \nlegal framework applicable to data mining. That is the fundamental \nquestion--the starting place for all other analysis. That is your turf. \nAnd I assume that is why you have called these important hearings \ntoday.\n                               conclusion\n    Throughout Washington, throughout the nation, citizens are lining \nup to be searched before entering federal buildings or boarding \naircraft. The mail is delayed so it can be scanned. Luggage is x-rayed \nand rummaged through. Roads are closed, entrances blocked with concrete \nbarricades, access to public resources denied. Surveillance cameras and \nidentity checks are replacing anonymity. The result is not just \ninconvenience or annoyance, it is a vast toll on our economy and \nproductivity and a profound intrusion on our privacy and most basic \ncivil liberties.\n    Think of the effect on government. The threat of terrorism has \nturned the People's House into an armed citadel. The Capitol, the very \nheart of democratic government, is under siege, and with it our \nprivacy, liberty, and most cherished values.\n    Data mining--as both the 9/11 Commission and TAPAC noted--is a \nvital weapon in the war on terrorism. It poses grave risks to privacy, \nbut there are numerous steps, many (but certainly not all) of which are \noutlined in the TAPAC report, that can reduce or eliminate those risks. \nThose steps may not only protect privacy, but also enhance security as \nwell. More importantly, when pursued effectively and subject to \nappropriate safeguards, data mining may threaten privacy and civil \nliberties far less than the other tools on which we rely so heavily and \nso regrettably today.\n    Thank you.\n\n                               ATTACHMENT\n\n\n<GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n\n\n    Mr. Cannon. Ms. O'Connor Kelly.\n\nTESTIMONY OF NUALA O'CONNOR KELLY, CHIEF PRIVACY OFFICER, U.S. \n                DEPARTMENT OF HOMELAND SECURITY\n\n    Ms. O'Connor Kelly. Chairman Cannon, Ranking Member Watt, \nChairman Chabot, Ranking Member Nadler, Members of \nSubcommittees and distinguished colleagues on the panel, it is \nmy great honor to be before you on behalf of the United States \nDepartment of Homeland Security's Privacy Office, which I am \nprivileged to lead as the Department's first Chief Privacy \nOfficer.\n    I am pleased to offer my reflections on the findings and \nrecommendations of the 9/11 Commission Report and also on the \nReport of the Department of Defense, TAPAC, particularly as \nthey relate to the privacy of individuals.\n    As the first statutorily-mandated Privacy Officer in the \nFederal Government in a role that provides both investigative \noversight and policy advice, I am keenly aware of the \nchallenges presented by the Commission's role. In every \nrespect, the 9/11 Commission has met those daunting challenges \nadmirably, and I know I join every American in thanking them \nfor their work.\n    The Report teaches us that one of the reasons the United \nStates failed to prevent the September 11 attacks was its \nfailure to think creatively.\n    As the Commission's work points out, our future requires \nnew and creative modes of thinking and demands that we \ninstitutionalize new and imaginative mindsets within the very \nculture and structure of our Federal Government. Most \nimportantly, we must perform our tasks in a manner that \nrespects the privacy, the dignity and the personal freedoms of \neach individual in the United States.\n    Just as the Commission recommends institutionalizing \nimagination, we at the Department of Homeland Security have \nalready begun operationalizing privacy awareness within the \nvery culture of our organization. This has meant both \nresponding to privacy complaints from within and outside the \nDepartment and actively raising privacy awareness across each \nof our directorates.\n    We have crafted privacy training and privacy policies for \nmany of our new programs, ensured that the statutorily-required \nprivacy impact assessments and system of record notices are \nwritten and reviewed, and counseled DHS officials regarding the \neffective and responsible uses of new technologies.\n    Outside of our organization, we have reached to advocacy \ngroups, to our partners in the European Union and throughout \nthe world and to the general public for input and guidance on \nour programs. We are vigorously pursuing our statutory mission \nof ensuring that the Department's technologies and programs \nsustain, and do not erode, privacy protections relating to the \ncollection, use and disclosure of personal information.\n    No one has been a greater champion in these efforts than \nSecretary Tom Ridge, who from the very inception of our \nDepartment has recognized that privacy is a vital thread that \nruns through the fabric of the United States. Privacy is a \nvalue today that we seek to protect, as we protect both the \ntangible and intangible assets of our country through all of \nour endeavors at the Department.\n    I wish to thank Secretary Ridge and also Deputy Secretary \nLoy and commend them for their leadership and active support of \nmy role and for the efforts of the DHS Privacy Office, \nincluding our more than 430 Privacy and Freedom of Information \nAct specialists throughout the Department.\n    The wisdom that Congress demonstrated when it mandated a \nChief Privacy Officer and an integrated Privacy Office within \nthe Department of Homeland Security represents precisely the \nkind of bold and creative thinking that will be demanded of our \nleaders and policymakers in the post-9/11 world. As the United \nStates transforms its Federal intelligence and law enforcement \ncommunities, operationalizing privacy protections across the \nFederal Government, it is imperative that we sustain this \ndialogue among policymakers, technologists, intelligence \nprofessionals, law enforcement officials and also the private \nsector.\n    The Commission's recommendations raise a number of points \nthat are crucial to bear in mind as we move ahead in this new \nprocess. The Commission points out that the choice between \nsecurity and liberty is a false choice. We as a Nation must \nabandon the pessimistic and misguided notion that in order to \nbe safe we must sacrifice the privacy of our personal \ninformation. The Department of Homeland Security's Privacy \nOffice has worked tirelessly to demonstrate that the dichotomy \nbetween liberty and security is a false one by working in \npartnership with program and policy personnel to embed privacy \nwithin successful security initiatives from the very beginning.\n    As we seek to combine information in new and creative ways \nin the Federal Government, we must also establish and enforce \nconcrete safeguards that prevent the Federal Government from \nexceeding its boundaries. As the Commission correctly points \nout, the burden should be on policymakers to prove that any new \npower granted to the Government is accompanied by adequate \nguidelines and oversight to properly confine its use.\n    The Commission's report findings heavily underscore the \nneed to abandon the compartmentalized structure of our \nintelligence bureaucracy that existed before 9/11 and move to a \nmore integrated system. Congress should permit agencies to \nshare and disclose information collected for counterterrorism \npurposes if such sharing and disclosure is necessary and \nappropriate to achieve a security function. However, agencies \nshould also demonstrate an adherence to privacy principles and \nfair information practices, including educating employees about \nthe purposeful and responsible use of information.\n    A final matter is the recommendation of the Commission that \nthe President appoint a board within the executive branch to \noversee adherence to these guidelines and recommend the \ncommitment the Government makes to defend its civil liberties.\n    We are keenly aware in our office of the benefit of having \na central, coordinating privacy authority that is both \nknowledgeable about organizational structures and yet \nindependent enough to act as an effective privacy advocate. It \nis one of the greatest challenges and opportunities of our \noffice that we serve both outside and inside roles in the \nstructure of our agency. The Chief Privacy Officer is appointed \nby the Secretary, but also is a position created by Congress \nand reports to Congress. The dual aspects of this role have \nallowed our office to turn a critical eye on the most \ncontroversial and also mundane aspects of the Department's \noperations, while offering a supporting hand to our key \ndecisionmakers.\n    Any privacy oversight body in a sense must also be both \noutside and inside the Federal Government. Any such body must \ncombine real knowledge of ongoing activities with real \nauthority to confront and prevent abuse. I look forward to \nsharing my own experiences and participating in the public \ndialogue on such a matter in the coming months.\n    I extend my deepest gratitude to Chairman Cannon and to the \nMembers of the Subcommittee for your oversight and interest in \nour office, and I thank you for your time and attention.\n    Mr. Cannon. Thank you, and thank you to all the Members of \nthe panel.\n    [The prepared statement of Ms. O'Connor Kelly follows:]\n               Prepared Statement of Nuala O'Connor Kelly\n    Chairman Cannon, Ranking Member Watt, Members of the Subcommittee, \nand distinguished colleagues on this panel, it is an honor to testify \nbefore you today regarding the 9/11 Commission on behalf of the United \nStates Department of Homeland Security's Privacy Office, which I am \nprivileged to lead as the first Chief Privacy Officer.\n    I am pleased to offer my reflections on the findings and \nrecommendations of the 9/11 Commission's report. That Commission was \ncharged by Congress and our President with the important yet daunting \ntask of investigating this tragic event in our history with an eye \ntoward implementing future changes. As the first statutorily-mandated \nPrivacy Officer in the Federal Government, and as someone who provides \nboth investigative oversight and policy advice, I am keenly aware of \nthe challenges presented by the Commission's role. It is a role that \nrequires both tenacity and discretion, persistent determination and \nunyielding patience, meticulous attention to detail and perceptive \nunderstanding of the ``bigger picture''. In every respect, the 9/11 \nCommission has met those daunting challenges admirably, and I know that \nI join every American when I commend and thank them for their fine \nwork.\n    We have heard from the Commission's Report that among the many \nreasons for the United States government's failure to prevent those \ndreadful attacks was a failure to think creatively about the challenges \nwe faced and to act upon information we received. In the words of the \nCommission, we suffered a ``failure of imagination''. Looking forward, \nit is clear from the Commission's work that the years ahead will \nrequire new and creative modes of thinking and will demand that we \n``institutionalize'' new, imaginative mindsets within the very culture \nand structures of our government. Most importantly, we must perform \nthese tasks in a manner that respects the privacy, dignity, and \npersonal freedoms of every individual who lives in and visits the \nUnited States. Indeed, years from now, we will be said to have suffered \nyet another tragic ``failure of imagination'' if, while undertaking \nefforts to reform our intelligence community and protect our security, \nwe fail to think and act creatively to protect privacy as well.\n             one year onward: protecting privacy within dhs\n    My firm belief, which has been affirmed by my experiences during \nthe past year, is that protecting both privacy and security is well \nwithin the grasp of our collective imagination. In fact, during my \nfirst year as the Chief Privacy Officer of our Department, I have \noperated under that very premise, and have worked to ensure that \nprivacy and security go hand-in-hand as we carry out our protective \nmission. In much the same way that the 9/11 Commission recommends \n``institutionalizing imagination'', we at the Department of Homeland \nSecurity have begun instituting and operationalizing privacy awareness \nwithin the very culture of our organization. We have done so by working \nside-by-side with senior leadership and by ensuring that as programs \nmove forward to implementation, they have been carefully and thoroughly \nanalyzed for their impact on personal privacy. This has meant \nresponding to privacy complaints from inside and outside the Department \nand actively raising awareness of privacy across all of our \ndirectorates. We have crafted privacy training and privacy policies for \nmany of our programs, ensured that statutorily-required Privacy Impact \nAssessments and System of Records Notices are written and reviewed, and \ncounseled DHS officials regarding the effective and responsible use of \ntechnology. Beyond our organization, we have reached out to advocacy \ngroups and the general public for input and guidance. Moreover, on the \ninternational level, we have reached important agreements with our \npartners in the EU and elsewhere, and have participated in fruitful \ndiscussions with organizations like the International Association of \nData Protection and Privacy Commissioners. In short, my office is \nvigorously pursuing its statutory missions, including ensuring that DHS \ntechnologies ``sustain, and do not erode, privacy protections relating \nto the use, collection, and disclosure of personal information.''\n    It is not an accident that DHS in its very first year began linking \nthe values of homeland security and privacy protection as being \ncompatible rather than opposing goals. It was a well thought out \nlegislative design, firmly embedded in Section 222 of the Homeland \nSecurity Act, to reflect fundamental American values. No one has been a \ngreater champion of this pairing of values than Secretary Tom Ridge, \nwho from the very beginning has set the direction ``from the top'' that \nprivacy, matters of individual dignity, and civil liberties define the \nfabric of America that we seek to protect in all of our endeavors at \nDHS. Today, I wish to thank Secretary Ridge publicly and commend him \nfor his leadership and active support for the role and efforts of the \nPrivacy Office at DHS and the entire Privacy team, which includes more \nthan 430 Privacy Act and Freedom of Information specialists who work \nthroughout the Department.\n         looking forward: privacy across the federal government\n    The wisdom Congress demonstrated when it mandated a Privacy Officer \nwithin DHS represents precisely the kind of bold and creative thinking \nthat will be demanded of our leaders and policy-makers in a post 9/11 \nworld. As the United States transforms its federal intelligence and law \nenforcement communities, operationalizing privacy protections across \nall of government will be more imperative, and more challenging, than \never. It will require, first and foremost, sustained dialogue among \npolicy makers, technologists, intelligence professionals, law \nenforcement officials, and the private sector. The Commission's Report \nhas provided an excellent starting point for that dialogue. Their \nrecommendations raise a number of points that are crucial to bear in \nmind as we move ahead in this process.\n    First, as the Commission quite correctly points out, ``the choice \nbetween security and liberty is a false choice''. We as a nation must \nabandon, once and for all, the notion that in order to be safe, we must \ngive up our right to keep our personal information private. As the \nrecent TAPAC Report concluded, ``The stakes on both sides--guarding \nagainst attacks and protecting privacy--could not be higher. We must \nnot sacrifice one for the other. . . .'' Within DHS, the Privacy Office \nhas worked tirelessly to prove this point, and to demonstrate that the \nsometimes perceived dichotomy between liberty and security is a false \none. As I have said on numerous occasions, the protection of privacy is \nneither an adjunct, nor the antithesis to, the mission of the \nDepartment of Homeland Security. Rather, privacy protection is, in \nfact, at the core of that mission. Likewise, privacy protection must \nalso be at the core of our national mission as we devise ways to reform \nand improve our intelligence and anti-terrorist efforts.\n    One way that we as a nation can put to rest the perceived dichotomy \nbetween liberty and security is by unleashing the vast potential of our \ntechnology. Too often, advances in technology are met with concern and \ntrepidation. Yet, just as our technology can be misused to suppress \nprivacy, so too can it be used to enhance and protect it. During my \ntime as Chief Privacy Officer, I have observed first-hand how \ntechnology solutions can greatly enhance the privacy of individuals. \nTechnical features such as encryption, audit trails, one-way hash \nfunctions, and tiered access control modules, among others, make it \npossible to analyze information in a way that protects people's safety \nwhile limiting access to personal information and preserving the \nintegrity of data. Moreover, as technologists know quite well, \ninformation security is paramount to protecting privacy. Therefore, the \nkey to ensuring that technologies used by our government sustain and do \nnot erode privacy will be to harness the creative energy of those who \ndesign and implement our technical infrastructures, challenging them to \ndevise new solutions that secure and protect our personal information.\n                        oversight and guidelines\n    Technology and privacy awareness, while important, will not be \nenough to address our current challenges. As we move forward, we will \nalso need to establish and enforce concrete safeguards that prevent \ngovernment from exceeding its proper bounds. As the Commission \ncorrectly points out, the burden should be on policy-makers to prove \nthat any new power granted to government is accompanied by ``adequate \nguidelines and oversight to properly confine its use.'' The idea here \nis an important one--privacy protections must be put in place at the \nfront-end of our governmental processes when programs are in their \ninfancy, rather than later, after privacy abuses and mistakes have \nalready taken place.\n    The United States has a firm foundation upon which to build \nadditional privacy protections. Existing laws such as the Privacy Act \nof 1974, the Freedom of Information Act, and the E-Government Act all \nseek to embed ``fair information practices'' and a general respect for \nprivacy into the daily operations of our government. Coupled with our \nConstitutional provisions, these statutes form an essential part of a \nprivacy culture that will only become more relevant in the years to \ncome. As we build upon this legacy of privacy protection, we must find \nways to embed these values within the new statutory frameworks that \nwill govern the collection, use, sharing, and retention of intelligence \nand other personal information.\n    Much of the 9/11 Commission Report's comments in this area address \nthe need to integrate and coordinate the data that are collected for \nour antiterrorism efforts more effectively. The Report's findings \nunderscore the need to abandon the compartmentalized structure of our \nintelligence bureaucracy that existed before 9/11 and move to a more \nintegrated system. It is my view that Congress should permit agencies \nto establish clear parameters for sharing information to protect \nprivacy. As some have said, we must move from a ``need to know'' to a \n``need to share''. Establishing reasonable limits on access and \nembedding fair use principles will be important, not only because it \nwill protect individuals, but also because it will engender the kind of \ntrust in government that is necessary to achieve the cooperation of \nboth the public and private sectors. In failing to abide by these \nprinciples, we risk replacing the problem of ``stove-pipes'', in which \ndisparate pieces of information are never adequately integrated, with \none of ``leaky pipes'', in which personal information is exposed for \nall to see.\n       creating an oversight body for privacy and civil liberties\n    I would like to address, as a final matter, the recommendation of \nthe Commission that the President appoint ``a board within the \nexecutive branch to oversee adherence to the guidelines we recommend \nand the commitment the government makes to defend our civil \nliberties.''\n    I am keenly aware of the benefits of having a central, coordinating \nprivacy authority that is both knowledgeable enough about \norganizational structures to obtain information and yet independent \nenough to act as an effective privacy advocate. It has been one of the \ngreatest advantages of my position at DHS that I serve concomitant \nroles both inside and outside the structures of our agency. The Chief \nPrivacy officer is appointed by the Secretary, but is a position \ncreated by statute and required to report to Congress. The dual aspects \nof this role have allowed me to turn a critical eye on the most \ncontroversial and the most ordinary aspects of the Department's \noperations, while also offering a supportive hand to key decision-\nmakers. I do not see my office as the enemy of the missions of the \nDepartment. Rather, I see it as crucial to achieving that mission \nsuccessfully.\n    Implementing such an oversight position for the entire federal \ngovernment is admittedly a different task, one that would require \nattention to matters of a completely different nature and scale. Since \nthe government's response to the 9/11 Commission's recommendations is \nstill being formulated, it is too early to say precisely what type of \nbody will best address the privacy needs of our Federal Government. \nWhile the challenges and responsibilities faced by the person or \npersons who undertake this responsibility will be distinct from those \nfaced by the Chief Privacy Officer at DHS, I look forward to sharing my \nown experiences and participating in the public dialogue on this matter \nin the coming months.\n                               conclusion\n    Each and every one of the issues raised by the 9/11 Commission \nregarding the upholding of personal privacy presents a unique but \nhighly important challenge to our nation. Facing these challenges will \nrequire extraordinary imagination. The exercise of that imagination and \nthe implementation of the resulting changes certainly will not be easy. \nAnd yet as Thomas Jefferson wisely noted, ``It is part of the American \ncharacter to consider nothing as desperate; to surmount every \ndifficulty with resolution. . . .'' If there is any over-arching lesson \nto be learned from the fine work of the 9/11 Commission, it is \nprecisely that. Three years after the 9/11 attacks on New York and \nWashington, and in the memory of those who passed in the fields of \nPennsylvania, our nation is united in its desire to learn from the past \nby re-organizing and reforming antiterrorism efforts. At the same time, \nwe seek to renew our foundational commitment to respecting the privacy \nof each individual, as a matter of law and policy. As the DHS Privacy \nOfficer, I work daily to ensure that this sacred commitment--our \nunwavering determination to secure both our liberty and our land--is a \nguiding force behind every decision at the Department of Homeland \nSecurity. Thanks to the fine work of this Subcommittee, I am quite \nconfident that our commitment to the protection of individual privacy \nwill continue to guide anti-terrorism efforts not only within DHS, but \nacross our entire Federal Government.\n    I would like to extend my deepest gratitude to you, Chairman Cannon \nand to the Members of the Subcommittee for your tireless work and \nenduring contribution to our nation. Thank you today for your time and \nattention. I would be happy to respond to your questions.\n\n    Mr. Cannon. I think we are going to proceed by seniority on \neach side of the dais, beginning with the co-Chairman of this \npanel, Mr. Chabot.\n    Mr. Chabot. I did mention in my opening statement that I \nhave a particular interest in H.R. 338, the Federal Agency \nProtection of Privacy Act, formerly known as the Defense of \nPrivacy Act, it is basically the same bill, and I think, \nSenator Gorton and Secretary Marsh, you have both mentioned \nthat in your testimony.\n    A number of us were very concerned and have been for years \nthat too often when regulations or rules were promulgated by \nvarious agencies that privacy protections of the American \npeople too often were kind of an afterthought and were not \nnecessarily taken into consideration, and they should be up \nfront.\n    In essence, what this Act requires is--we all know about \nenvironmental impact statements--is basically a privacy impact \nstatement. What it amounts to is to determine whether or not \nthe agency has taken into consideration privacy issues and \nmaybe there was an alternative way to be less intrusive on \nthose privacy rights, just to make sure we are looking at these \nthings ahead of time.\n    I actually introduced this back in the 106th Congress; and \nour colleague, Congressman Bob Barr, took it up in the 107th. \nWe reintroduced it; and I want to thank my Ranking Member, Mr. \nNadler from New York, for cosponsoring this and also Chairman \nCannon for cosponsoring this as well. But it passed in the \nJudiciary Committee back on July 7, so it will be moving \nhopefully to the floor in the near future.\n    But I would be interested to hear from the panel members as \nto how they think--and I know, Senator, I think you stated you \ncannot necessarily recommend for or against legislation, but \nhow do you think this could potentially impact the issues that \nwe are talking about here relative to the 9/11 Commission?\n    Mr. Gorton. We in the 9/11 Commission took sort of a self-\ndenying ordinance, you know, in not going beyond the \nrecommendations that we made. We were perhaps as surprised as \nwe were delighted that we were able to come out unanimously, \nand that required a degree of self-restraint. So we cannot take \na particular position on your bill. But we can say it is quite \nconsistent. It certainly seems to proceed from the same \nphilosophy that guided us in asking for the creation of this \nboard to see to the protection of the civil liberties from any \nnew powers granted in the war against terrorism.\n    Mr. Chabot. Thank you.\n    Secretary Marsh, I didn't know if you wanted to add \nanything.\n    Mr. Marsh. I believe that it would be helpful to give it \nmore of a defense or national security flavor for those \nportions that involve the Department of Defense or the \nIntelligence Community, and they have to be singled out because \nthey are going to have to be treated differently. But I think \nit is a step in the right direction.\n    If you look at the recommendations of the Committee Report, \nthey are very elaborate recommendations on establishing a \nregime or protocol of how to do this, and it involves the \nPresident of the United States. We are suggesting also \noverview, not because they are not going to do a good job but \nsimply to emphasize the importance of what is being done by the \nlegislation.\n    I think the legislation is a very good starting point, \nCongressman; and I welcome it. It is responsive to one of our \nproblems.\n    Mr. Chabot. Thank you very much.\n    I am probably not going to be able to get into a lot, I \nhave 1 minute left, but one of the other areas that I wanted to \ndelve into, maybe some of my colleagues will, is one of the \nrecommendations of the 9/11 Commission Report that stated, ``At \nthis time of increased and consolidated Government authority, \nthere should be a board within the executive branch to oversee \nadherence to the guidelines we recommend and the commitment the \nGovernment makes to defend our civil liberties.''\n    I think prior to deciding the structure of an organization \nthere must be a clear understanding of that organization's \nmission. So there are a number of questions that I think at \nsome point it would be very helpful to get into, such as does \nthe 9/11 Commission view the board recommended in the report as \nbeing limited to examining privacy, or should it weigh in on \nall things related to the nexus between civil liberties and \nGovernment action, and would the board be charged with \nevaluating security against privacy protections and would it be \na watchdog or a facilitator.\n    There are many aspects that I think we would be interested \nto get into, but my time has already wound up here, so I will \nyield back my time at this point.\n    Mr. Cannon. The gentleman yields back.\n    Mr. Nadler, would you like to take the next 5 minutes?\n    Mr. Nadler. Thank you, Mr. Chairman.\n    Congressman Hamilton, Senator Gorton, in your statement, in \nyour joint statement, you said that the test, referring to the \nPATRIOT Act and some other things, the test is a simple but \nimportant one. The burden of proof should be on the proponents \nof the measure to establish that the power or authority being \nsought would in fact materially enhance national security and \nthat there will be adequate supervision of the exercise of that \npower or authority to ensure protection of civil liberties. It \nis sort of a but-for test: but for this power, would we be less \nsafe?\n    This Committee has repeatedly asked the Attorney General \nthat question with respect--or at least some Members of this \nCommittee have repeatedly asked the Attorney General that \nquestion with respect to various provisions of the PATRIOT Act, \nand we have been unable to get any specific responses.\n    In other words, if this power which the PATRIOT Act grants \nhad existed pre-9/11, would--if that power had existed pre-9/\n11, would it have made a difference in preventing 9/11, for \nexample, in your opinion? We have been unable to get any \nanswers on that.\n    So my question is, in light of that experience, with \nrespect to the privacy board or privacy officers you are \nproposing, what steps do you think that we need to take to \nensure that these officials, one, are independent; two, are \nable to get the information that they need to get in order to \ndo their work--information, as I said, this Committee can often \nnot get; and, three, that they have the clout needed to have an \nimpact?\n    Mr. Hamilton. Well, Mr. Nadler, those are difficult \nquestions to answer because they really go to the power of the \nCongress to conduct effective oversight. And my view, I guess \nnot the Commission's view--I shouldn't try to speak for the \nCommission at this point--but I am very concerned about the \nlack of robustness, if you would, or aggressiveness, in \ncongressional oversight today.\n    We did not try to get into the specifics of the PATRIOT \nAct, except with regard to the one provision on the wall of \nseparation, but we did suggest this test for any official, and \nthat is as deeply as we went into it.\n    When the executive does not respond to the Congress--and, \nincidentally, we hear that complaint often in our appearing \nbefore different Committees. It appears to me that the problem \nis quite pervasive in the executive-congressional relationship. \nIt is not anything that is new. It goes back for a good many \nyears.\n    I think there is a lot of timidity in the Congress with \nregard to its exercise of oversight and, at the end of the day, \nthey are only going to pay attention to you if you have budget \nauthority with them.\n    Mr. Nadler. That brings up the real question I am asking, \nwhich is not simply--I think that this Congress has been very \ntimid in exercising oversight, too, but that is really a \nseparate issue.\n    My point was that we have been unable to get the \ninformation, and in light of that experience, if we are to \nestablish this privacy board, these privacy officers that you \nare recommending, what do we have to do to make sure that they \ncan get the information that we have not been able to get, that \nthey can get information that they need once we have \nestablished that they are independent and that they have the \nclout? What powers do we have to give them, what authority do \nwe have to give them to make sure they can do the job that you \nare outlining for us?\n    Mr. Hamilton. Mr. Nadler, we simply did not try to get into \nthe details of the powers that the board would have.\n    You mentioned I think a moment ago that Congress has to \nfill in the details, and this is a major detail that you would \nhave to fill in. My own personal view is the board should have \nquite robust powers. But the important thing here to recognize \nis that what we have recommended calls for a great deal of \nGovernment intervention and strengthening of Government powers \nover individual lives. That is just inherent in \ncounterterrorism policy. You are greatly expanding the role of \nGovernment when you are fighting terrorists, and we think it is \nnecessary because of the threat.\n    Mr. Nadler. Could I have 1 additional minute?\n    Mr. Cannon. Without objection.\n    Mr. Hamilton. You have to have some check on that \nexpansion.\n    Mr. Nadler. Which brings me to the other question I wanted \nto ask, and that is an internal board cannot take the place, in \nmy opinion, of meaningful court oversight, so to what extent do \nyou think--so Secretary Marsh is probably the better person to \nask this question to--to what extent should there be court \njudicial review of the actions or lack of actions of this board \nor these privacy officers?\n    Mr. Marsh. Well, we recommend that there be oversight \ninternally and that the oversight will be in the courts. We \nfeel that court review at various junctures of this is a very, \nvery powerful method of protecting----\n    Mr. Nadler. So it shouldn't be an arbitrary and capricious \nstandard. You should have better access?\n    Mr. Marsh. We insist on access to the FISA courts wherever \nyou are dealing with a U.S. person.\n    Mr. Cannon. The gentleman's time has expired.\n    Mr. Nadler. Thank you, Mr. Chairman.\n    Mr. Cannon. Do you want another minute or two?\n    Mr. Nadler. I would.\n    Mr. Cannon. Without objection, the gentleman is recommended \nfor an additional 2 minutes.\n    Mr. Nadler. Senator Gorton seems to be interested in \nanswering this, too. The question I would like you to address \nis, the courts should have oversight, but very often, in fact, \neven usually, the courts' oversight of administrative agencies \nis limited to an arbitrary and capricious standard, which means \nthat what the agency does generally goes, unless their conduct \nis really egregious. Should we establish some other standard \nfor reviews and give the courts more power, in effect, to \nsecond-guess what this board or these privacy officers might do \nor not do?\n    Mr. Gorton. Mr. Nadler, I have three points in answer to \nyour very good question.\n    First, in the two areas, really both relating to the wall \nand on which we did express an opinion, that portion of the \nPATRIOT Act met the tests that we had set out. That was number \none.\n    Number two, you all, in your wisdom, of course, passed the \nPATRIOT Act with an expiration date.\n    Mr. Nadler. Part of it has an expiration date.\n    Mr. Gorton. At least as far as that part is concerned, you \nhave the ultimate power. The Justice Department, obviously, is \ngoing to have to answer your questions, or you are going to \nhave to lie down and ignore a failure to do so. But that is \nprobably the greatest single power that you reserved to \nyourself, to see to it that you as the Congress get----\n    Mr. Nadler. But the privacy officers and this board are not \ngoing to have to the power to do this. What do we give them?\n    Mr. Gorton. We recommended the creation of a board that \ncould protect these rights. As Lee said, we have not gone into \nall of the details as to where it should be. Some the Members \nthought it ought to be in the Department of Justice. I think, \ngiven your questions, you are probably inclined to believe that \nit ought to be an independent agency or board.\n    Those are decisions for you all to make, as are the \ndecisions as to the degree of the review for it or the right of \nan individual to sue outside of the system with respect to the \nlaw.\n    Mr. Nadler. I am less concerned where we put it than what \npowers they have, how independent it is, and how we can enforce \nthe executive branch to comply with the decisions it makes.\n    Mr. Gorton. It should be independent, and it should be \npowerful enough so that it gets listened to.\n    Mr. Nadler. Thank you. Thank you, Mr. Chairman.\n    Mr. Cannon. The gentleman yields back.\n    I hope the panel and also the Members of the two Committees \nwill consider that, in dealing with these details, we may not \nhave enough information. We may need to be considering a \ncommission that will help us think through some of the details, \nbecause I share the concerns of the gentleman from New York on \nhow we go about this.\n    The gentleman from Arizona, Mr. Flake, is recognized for 5 \nminutes.\n    Mr. Flake. I thank the Chairmen, both Mr. Chabot and Mr. \nCannon, for organizing this hearing and the witnesses for \ncoming.\n    I want to thank the 9/11 Commission for its particular \nfocus on secure sources of identification. That has been \nsomething that I have been concerned about for a couple of \nyears. I introduced legislation last year, H.R. 3461, to \nrequire States, if they want their State driver's license used \nas a form of Federal identification, or identification for \nFederal purposes, that there have to be some kind of standards \nthere. Because, as it stands, if a State like California \ndoesn't use the same kind of standards or uses lax standards, \nit doesn't affect just the citizens of California, it affects \nall of us, because it is used increasingly as the closest form \nof a national ID as we have. When it is used for air travel and \nother things, there is certainly a Federal nexus there.\n    We also have created more of a Federal nexus when we allow, \nwith the Help America Vote Act, an individual State to allow \nthem to use a driver's license as a form of identification to \nregister to vote. So there is a Federal nexus here, and I am \npleased with the Commission's focus on this.\n    I would just like to get your thoughts on it and how \nquickly we ought to move to that. My bill specifically says if \na State wants its drivers' licenses used as a form of Federal \nID, it has to have some kind of standard.\n    You have also talked about standards for birth \ncertificates, because those are the sort of breeder documents \nthat are then used to secure these forms of ID. Can you give \nsome elaboration on those things? Mr. Hamilton?\n    Mr. Hamilton. Mr. Flake, thank you for the question.\n    I think we do suggest in our recommendations that there be \nFederal standards applied to these identification documents, \nbirth certificates, driver's licenses and a lot of other \nthings. That has to be seen in a broader context, and the \ncontext is that we need, we believe, a modern border \nimmigration system. You have to look at all the ways that \npeople get into the United States, and you need to stress \nbiometric exit and entry systems. You have got to give these \nofficials that check people coming into the country, whether it \nis by land, sea or air, access to information with regard to \nvisitors and immigrants.\n    You have to have in your Intelligence Community the ability \nto look at the indicators of terrorist travel. Terrorists have \nto travel a lot. You have to develop an exchange of information \nwith other countries so that you can make, for example, a real-\ntime verification of passports, and you are going to have to \ninvolve a lot more local and State officials.\n    Now, all of those things go together with what you are \ntalking about; and the secure identification of U.S. citizens \nbecomes very, very important in letting the right people in and \nkeeping the bad people out.\n    Mr. Flake. What I found was quite striking as well. In \nArizona, my 16-year-old son just went and got his driver's \nlicense. His driver's license is good, I think, until he is age \n65. He can get a driver's license theoretically, and he did, \nfor 44 years.\n    Now, somebody entering the country, for other States to do \nthis--gratefully, Arizona does this right. It doesn't anymore \noffer a driver's license for a period longer than the \nexpiration of a visa. But only 11 States operate that way.\n    In other States that offer--and I don't know how many will \nallow you to get a 44-year license, but if you come on a \nstudent visa for 6 months or a year or 2 years, you can get a \nlicense for up to 20 or 30 or perhaps even 44 years, and there \nis your de facto ID. And we know that two of the terrorists on \n9/11 had overstayed, yet they had licenses from States that \nexisted for longer than their visa.\n    Senator Gorton, do you feel that is an important part as \nwell, to ensure that a driver's license, because it is used as \na form of Federal ID, if you will, not be issued for a longer \nperiod than the stay of the visa?\n    Mr. Gorton. Well, again, the Commission didn't judge that \nspecific idea. We did speak, as Lee has said, to birth \ncertificates and driver's licenses, because driver's licenses \nare the most common form of identification and our \nconcentration was on having uniform standards for them. You are \ntalking about a form of uniform standards, at least.\n    We are concerned not so much about their length, though \nthat is an important consideration, as their validity, as \nreally identifying who a person is. That is where our \nconcentration lies.\n    Mr. Flake. Thank you.\n    Thank you, Mr. Chairman.\n    Mr. Cannon. The gentleman yields back.\n    I am quite certain the gentleman from Iowa, when he has the \nopportunity to speak, is going to be concerned about that \nissue, as I think many of the members of this panel are.\n    Mr. Scott, would you like to take 5 minutes?\n    Before you do so, let me just point out that the Ranking \nMember has graciously agreed to defer in the event that others \nhave to leave. So we have not skipped over Mr. Watt, but he has \nbeen gracious in letting others go first.\n    Mr. Scott.\n    Mr. Scott. Thank you, Mr. Chairman.\n    Mr. Hamilton, with the extra powers for information \ngathering, wiretapping, data mining and whatnot, did the \nCommission limit these extra powers to terrorism-related \ninvestigations? The PATRIOT Act was not limited to terrorism, \nand some of us had some concerns about that. Had it been \nconfined to terrorism, it might not have been as controversial. \nThese extra powers may be extended to any kind of criminal \ninvestigation.\n    Mr. Hamilton. Well, Mr. Scott, our focus was on terrorism, \nand when we recommended, as we do in several places, an \nexpansion of Government power, we were limiting it to \nterrorism.\n    Mr. Scott. Do I understand that you did not recommend a \nnational ID card?\n    Mr. Hamilton. We did not.\n    Mr. Scott. The no-fly lists have obviously been over-\ninclusive from time to time, as the recent situation with \nSenator Kennedy is just one of the most recent examples. How \nmany false positives should we be tolerating before we--I guess \nthe more people you stop and keep off the plane, the more \nlikely it is that one of them might actually be a terrorist. \nWhat kind of tolerance should we have for these false \npositives?\n    Mr. Gorton. Well, you know, our goal should be no false \npositives. But one of the reasons that we were so interested in \nthis subject is that on 9/11 the FAA's no-fly list had 16 or 18 \nnames on it. That is all. Part of our reason for a National \nIntelligence Director and a National Counterterrorism Center, \nwas at the same time the State Department had a list of several \nthousand people that it suspected to be terrorists and the FAA \ndidn't even know that the list existed. They learned about it \nat one of our hearings earlier this year.\n    So we do think that there should be an integration of valid \nterrorist information about the methods that these terrorists \nused to attack the United States. But it is obviously wrong to, \nyou know, confuse one name for another. Just because there is \none bad guy named Edward Kennedy doesn't mean Senator Kennedy \nshould be kept off. We have got to be very careful, it seems to \nme, to see to it that the lists are real lists that identify \nreal people and don't have a significant number of false \npositives.\n    Mr. Scott. Thank you.\n    Secretary Marsh, a lot of the data mining information went \nto the level of personalization of the lists and the \ninformation but didn't really go to the kind of information \nthat we are talking about. What kind of information can be \nobtained in this data mining? Are we talking about, I guess, \nlibrary records, travel records, credit, medical? Exactly what \nare we talking about?\n    Mr. Marsh. The databases actually can cover a very broad \nrange of different subjects. They could cover travel, they \ncould cover finance, they can cover possibly health records, if \nyou get an exception.\n    The data mining is an accepted and very effective process. \nIt is not new. We did data mining with fingerprints and law \nrecords years ago, but it is now so sophisticated because of \ncomputerization and it can reach so far and it reaches across \nboundaries and it can be international.\n    What we need are methodologies, and I think a number are \nbeing developed, whereby we can confine those lists very \nquickly and minimize what we have to have, and then anonymize, \nso there is no disclosure of who you are looking at until you \nreach the point.\n    Mr. Scott. One of the things we had--I am not sure what the \nstatus of it is now--the FBI guidelines used to be that you \nwouldn't gather information unless you were actually \ninvestigating a specific crime or had some specific \ninvestigation. You just wouldn't gather information.\n    Mr. Marsh. I believe that was in law enforcement, wasn't \nit?\n    Mr. Scott. Well, are we mining this data just for \ngeneralized----\n    Mr. Marsh. That which is done--defense criteria on data \nmining is different than law enforcement. But in defense that \nis done toward a specific objective, and inside the NSA you \nwill find that they are very specifically oriented. I think \nthere are 650 million intercepts a day that are filtered \nthrough. But they are very specific; and they are looking at a \nsuspicious, threatening person and using a general pattern \nsearch to try and find that person.\n    Mr. Cannon. Does the gentleman desire additional time?\n    Mr. Scott. Could I follow through on that, Mr. Chairman?\n    Mr. Cannon. Without objection, the gentleman is recognized \nfor an additional 2 minutes.\n    Mr. Scott. Thank you.\n    Well, are we looking after a specific person to track him \ndown in terms of travel and who he is contacting? Still, you \nare looking at one specific person, not just going into a \ndatabase and seeing what pops out.\n    Mr. Marsh. Right. Correct.\n    Mr. Scott. So you mentioned in law enforcement we are \nrelegated to waiting until you are actually investigating a \ncrime. In this case, are you just gathering information?\n    Mr. Marsh. For intelligence purposes, yes.\n    Mr. Scott. Is this United States citizens?\n    Mr. Marsh. A United States citizen comes under a court \norder.\n    Mr. Scott. So you have to have particularized suspicion.\n    Mr. Marsh. That is right.\n    Mr. Scott. And probable cause.\n    Mr. Marsh. All the rules change when you have a U.S. \nperson, which is a United States citizen, a permanent foreign \nresident or a U.S. Corporation that is not foreign controlled.\n    Mr. Scott. Thank you, Mr. Chairman.\n    Mr. Cannon. The gentleman yields back.\n    I guess we are at Mr. Forbes. Would you like to be \nrecognized for 5 minutes?\n    Mr. Forbes. Thank you, Mr. Chairman.\n    Mr. Chairman, I would like to echo what you said earlier \nabout the privilege that we have to be with such a \ndistinguished panel and also to appreciate the comments of the \nRanking Member today.\n    We have had a number of hearings in different Committees, \nand there have been some individuals who have run out to press \nconferences or made comments in the Committees about why we \nweren't just enacting all the recommendations without hearings. \nI think the comment that said that before we go anywhere we \nneed to understand what the recommendations are and the \nramifications of those recommendations is so true, and I thank \nyou all for being here today and your patience in helping us do \njust that.\n    Let me go to my fellow Virginian for a question. Mr. Marsh, \nI would like to follow up on what Congressman Scott was saying. \nThe first question I would have is so many people today are \ntelling us that the only way we can have an adequate defense is \nto do some sort of risk assessment, some sort of risk \nassessment where we are concentrating our defenses, because we \njust have so many vulnerable areas, so it would be impossible \nto cover them all. Can we be effective in that risk assessment \nif we are not doing an effective job with data mining?\n    Mr. Marsh. The panel concluded that data mining is an \nabsolutely essential tool for a counterterrorist program but \nthat data mining program must be formalized, it must be \nestablished, it must be controlled, it must have procedures, it \nmust be audited, and, if you are dealing with U.S. citizens, \nyou must use the FISA court.\n    Mr. Forbes. Recently, we had a private citizen--that it was \ndetermined through the use of open-source information that a \nU.S. National Guardsman was plotting terrorist activities on \nhis fellow soldiers. This was, obviously, a very ingenious way \nto find a terrorist before they could commit a terrorist act. \nCould you tell us if the TAPAC recommendations limit data \nmining for open source information?\n    Mr. Marsh. No. Not completely, no.\n    Mr. Forbes. They wouldn't.\n    One final thing. Do we have any idea what foreign countries \nare doing right now with data mining and how they are utilizing \nit? I am sure you studied that and analyzed that.\n    Mr. Marsh. There are significant private efforts offshore. \nSome of their programs are more strict and stern than ours. I \nbelieve the oldest is--I may be mistaken here, somebody help \nme--is Sweden.\n    What you have touched on, Mr. Congressman, a concern that \nexists in this community with this technology is that we have a \nlead, and we must maintain that lead, and there are abilities \npossibly by others to overtake us in that technological lead, \nand staying--staying in that lead is absolutely essential.\n    One of the recommendations of our panel is research on data \nmining that does not necessarily mean go do data mining but do \nthe research to find what you can do, what are the capabilities \nyou can achieve by doing it, simply in order to maintain a \nsupremacy and lead, which we think in this struggle is \nabsolutely essential.\n    Mr. Forbes. We found the same concern, as you know, with \nbiological weapons. Because we had stopped a lot of our \nresearch on creating some of those weapons, so the counter to \nthat was we also had stopped our research on the defense of \nthose weapons. As you mentioned, this is a technological edge \nthat we could lose in a matter of months if we are not careful \nin how we are handling that.\n    Mr. Marsh. It is my recollection that this very fine report \ntalks in terms of addressing these research programs to achieve \nsome of these ends, if I am not mistaken.\n    Mr. Hamilton. Yes, we address that in very general terms.\n    Mr. Forbes. Mr. Chairman, thank you very much. Thank you.\n    Mr. Cannon. The gentleman yields back.\n    I think that Mr. King is next in line. The Vice Chairman of \nthe Committee is going to be penultimate or next to \npenultimate. But, Mr. King, you are recognized for 5 minutes.\n    Mr. King. Thank you, Mr. Chairman. Again, I thank you for \nholding these hearings today and also Chairman Chabot.\n    I appreciate the testimony of the panelists. I know you put \na lot of hours and days into this endeavor and this interesting \nreport that brings some solid recommendations out, and I have \nsome questions about a number of those.\n    I reflect back, though, across some of the other questions \nand testimony, and Congressman Flake made mention of the Help \nAmerica Vote Act. I would just point out there is not a \nrequirement for a picture identification to be presented at \nthis point. So there is an allowance there for a poll worker to \nrequest identification, but not a requirement. So when it comes \nto voting, we don't have any more credibility there than we \nhave sometimes getting into the United States. Both of those \nthings are important.\n    With the passport exception for the Western Hemisphere, one \ncan come into the United States from any Nation in the Western \nHemisphere, other than Cuba, alleging to be a United States \ncitizen, simply by making, and I believe the language, \nstatutory language, is a credible allegation of citizenship. If \nit were not for that, I might still be in Jamaica, by the way, \nand that is how I know that law. That might not be so bad. And \nI hear your recommendations on tightening that up.\n    With regard to Congressman Flake's questions, I would also \nadd this point that I would associate myself with the remarks \nof Congressman Hamilton with regard to the security. I direct \nmy first question to you, Congressman Hamilton--would you \nconsider a biometric Social Security card to be a national ID \ncard?\n    Mr. Hamilton. I don't think we tried to make those kind of \njudgments. We on the Commission were no experts on this whole \nfield--and it is a difficult one--of biometric measures, and we \ndid not address that.\n    Mr. King. Thank you. I wanted to make just a few remarks on \nthe security of our borders and how we might tighten that up. \nBut I really would focus my interests instead, because I think \nwe have a gap in our focus here, on where these recommendations \nof the Commission might go. Some of the statements that were \nmade and some of the language causes my curiosity to be piqued.\n    The failure to think creatively I recognize that, and I \nagree with that. But we have a Commission recommendation to \nbring this all under one leadership, one voice, and you looked \nat MI-5 and stepped away from that because it was a higher \nprobability of violating privacy and individual liberty. So the \nsoaring rhetoric of--let me see, what was that word I was \nlooking for--the institutionalization of imagination, it \ncaptures my imagination.\n    I would like to be able to institutionalize imagination. I \nwould like to be able to inspire that in all the people that \ncan think outside the box and think creatively, and I would \nlike to find a way to root out some of the linear thinkers \nwithin our intelligence departments and replace them with \ncreative thinkers. And yet, if I were going to form an \norganization that would be shaping group-think, I would want to \nhave one person at the top, all information underneath there. I \nwould want to have control of the budget and the hiring and \nfiring process, and I would just about bet you if you put me at \nthe top of that, I could create group-think within that \norganization. I might even do it without wanting to do so.\n    So my concern is that we end up creating an organization \nthat does exactly what we are trying to avoid, and I direct my \nquestion or request for a response for that remark to Ms. \nO'Connor Kelly first.\n    Ms. O'Connor Kelly. Well, I would have to defer to the \nexperts on the 9/11 Commission, as I am not the expert on the \nIntelligence Community.\n    Mr. King. You are the institutionalization of imagination \nthough, and I that is why I went to you.\n    Ms. O'Connor Kelly. Sure. Absolutely. And I think we were \nquoting language from the report. I think there are so many \ndifferent ways we can create privacy oversight and privacy \nvalues in the Federal Government. We can look not only at our \nexperience with the Department of Homeland Security and having \na Privacy Office within the ministry or the Department, we can \nlook internationally at the creation of privacy czars, privacy \ncommissioners, data protection officials throughout the world, \nmany of which sit as part of the Federal service but outside of \nany Federal agency. We can certainly look at our own history \nwith privacy commissions in previous decades.\n    So I think that point is an excellent one. You can't \nlegislate creativity. That is precisely a very good point. But \nyou can create bodies that will be both self-analyzing and also \ncreate oversight structures within and outside the Federal \nGovernment that could hope to create the kind of value \nstructure that you are all talking about today in protecting \nprivacy and respecting individuality, while also achieving the \nsecurity mission.\n    Mr. King. Mr. Marsh, would you comment?\n    Mr. Marsh. Congressman, I think the real danger in your \nbill, in our recommendations, is that they will go through some \nsort of baptism of bureaucracy and they will become very, very \nbureaucratic, and instead of doing the innovative, creative \nthings that they need to do. I think we need to avoid the \ncreation of a bureaucracy there, and that is going to depend on \nthe leadership. Because the nature of these types of programs \nare regulatory, and my experience has been with regulatory \nthings you get into, actually, a very helpful and useful \nbureaucracy, but I am not sure that is the goal you are driving \nfor here.\n    Mr. King. Mr. Chairman, could I ask unanimous consent for \nan extra additional minute?\n    Mr. Cannon. Without objection, so ordered.\n    Mr. King. Thank you, Mr. Chairman.\n    I would just direct my question to Senator Gorton then. Did \nyou examine the successes, the historical successes of \nintelligence, as you put these recommendations together?\n    Mr. Gorton. The answer to that question is, yes, of course \nwe have had successes in our intelligence during the course of \na 45-year Cold War. But I think I would really like to answer \nyour previous question, if I may.\n    We have had a decentralized system. We have had an FBI that \ndidn't talk to the CIA, and a CIA that didn't talk to the \nDepartment of Defense intelligence agencies. Decentralization's \nultimate reward was 9/11. What we are trying to do is to cure \n9/11. And this is not to say that there wasn't imagination. I \nthink there was a great deal of imagination on the part of the \nFBI agents in Arizona. I think there was imagination on the \npart of those who arrested Moussaoui. I think similar things \nhave taken place in the CIA. But, in many cases, they didn't \neven get to the top of their own agencies, much less anyone in \nauthority, say, in the White House, who could get the benefit \nof that imagination.\n    Our recommendations for a National Counterterrorism Center \nand for the National Intelligence Director are so that there is \na focal point, someone who is entitled to get all of the \ninformation, say, on counterterrorism that comes up from each \nof these agencies, put that work together, task them to do \nthings to fill in gaps or to fill in holes, and have it there \nbefore the National Security Council, before the policy centers \nso they can act on it.\n    If you read our report through, I think you will join me in \nsaying we had a couple of presidents who had to be frustrated. \nThey just weren't getting the information that they needed from \nthis current stovepipe system where people were hugging onto \nbits of information they got, rather than using them and \nsharing them.\n    Mr. King. Did any agency get it right?\n    Mr. Cannon. Would the gentleman like an additional 2 \nminutes?\n    Mr. King. One would be plenty, Mr. Chairman.\n    Mr. Cannon. Without objection, so ordered.\n    Mr. King. Did any agency get it right?\n    Mr. Gorton. Well, if you say did any agency get it right in \na way that prevented 9/11, of course, the answer to that \nquestion is an obvious no.\n    Did the FBI get it right when it prosecuted those who \nperpetrated the first World Trade Center, yes, they did, \ntreating it as a law enforcement matter. But then there was \nthis wall. They couldn't talk to one another with their \nintelligence people, and that clearly contributed to 9/11.\n    Mr. King. Thank you very much.\n    Mr. Hamilton. Mr. King, some agencies got it more right \nthan others. The CIA understood the threat of terrorism as well \nas anybody. They spoke about it; and in 1998 the Director of \nthe CIA said, we have got a war going on here. The only problem \nis, nobody paid any attention to him. Nobody even within the \nCIA paid any attention to him, and the other intelligence \nagencies didn't pay any attention to him.\n    If you want a competition of ideas, which your question \nsuggests, you have got to have a free flow of information, and \nthat is what we didn't have. If you want group-think, it is the \nstatus quo that developed group-think. And what we are \nsuggesting, I believe, is more vitality, more information in \nthe system, which I think will bring about more competitive \nanalysis.\n    Everybody wants more competitive analysis in theory; not \neverybody wants it in practice. But if you increase the flow of \ninformation from foreign intelligence and defense intelligence \nand homeland security intelligence and if you increase the flow \nof information from the CIA and the NSA and the NGA and the NRO \nand all of these other agencies that you have that now collect \nintelligence but keep it to themselves, or at least they did \nprior to 9/11, I think improvements have been made since 9/11, \nbut what we are trying to do is, to pick up one your words, is \nto institutionalize all of this, to get more information \nflowing through the system.\n    We are certainly not trying to put all of the power in the \nNational Intelligence Director so that that director controls \nwhat becomes the intelligence product.\n    Mr. King. Thank you, Mr. Chairman.\n    Mr. Marsh. Mr. King, in reference to your earlier \nquestion----\n    Mr. Cannon. Mr. Marsh, we have had a note from the C-SPAN \npeople. Many of you are not speaking closely enough into the \nmikes. I think, Mr. Hamilton, you have been doing that, so I \ndidn't interrupt. If you would pull that mike closer to you.\n    That is much better.\n    Mr. Marsh. In order to make those sorts of regulatory \nefforts effective, you need to place a burden on the most \nsenior officials of the Department--I am talking about the \nSecretary--and you need to establish a role for the President \nto have a responsibility, and then you need to have your senior \npeople come in here and respond to your Committee as a form of \noversight and as a form of legislative audit. Then I think you \nwill see the system will function much better.\n    Mr. King. Thank you.\n    Mr. Cannon. The gentleman yields back.\n    The gentleman from Florida, Mr. Feeney, is recognized for 5 \nminutes.\n    Mr. Feeney. Thank you, Mr. Chairman, for these hearings.\n    Mr. Marsh, along those lines, I have read the TAPAC report. \nIt is very well done. But the first seven of your 12 \nrecommendations rely totally on the good will of the Secretary, \nand it is only the executive branch and congressional oversight \nthat is addressed in your last five recommendations that will \nmake sure future secretaries in not just this but other \nagencies will not just be dependent on goodwill. I would like \nto get back to that in a minute.\n    But the other report that is fascinating is the 9/11 \nReport, and I really commend the entire Commission represented \nhere today by Senator Gorton and Congressman Hamilton. It is \nnot just the detail and the breadth and the extraordinary way \nthat you have addressed a host of wide-ranging issues, but it \nalso I think puts you at a new standard of literary work for \nGovernment reports. It really is an animated way to deal with \nthe technological and historical issues that led up to 9/11 and \nthe terror we experienced on that day.\n    I have to tell you that I might be the only Member here \nthat in the midst of a hurricane had a flashlight out because I \ncouldn't put down the book. It is not Hemingway or Shakespeare, \nbut I think Arthur Conan Doyle would be proud of what you have \ndone.\n    Mr. Hamilton. Put it right up there with Harry Potter.\n    Mr. Feeney. Yes, and, unfortunately, I don't think you will \nreceive any of the commissions for that.\n    But, having said that, Congressman Scott talked about some \nvery interesting issues earlier, and he sort of drew the line \nbetween citizens and noncitizens and the right to access, to \ncourts, et cetera. But it seems to me one of the things your \nreport touches on is the huge difference in kind, not degree, \nbut difference in kind between fighting crime and fighting \nactual intelligence threats.\n    What we do with respect to bank robbers is put 99 percent \nof our resources into capturing, prosecuting and then punishing \nthe bank robber. That model doesn't work when the next plane \ncould be full of biological, chemical or nuclear weapons. I \nthink that is something Americans have to understand. We are \ndealing with a difference, not in degree, but of kind, in the \nway that we fight these things.\n    Much has been made of the stovepipes, and Congressman \nHamilton just talked about the critical nature of the free flow \nof information internationally and then across Federal agency \nlines. I don't find much in your report on the recommendations, \nand I heard very little emphasis on the free flow of \ninformation to State and localities.\n    The last time the continental U.S. was attacked by a \nserious foreign threat was 1812 when the British burned down \nour Capitol. We now have for the first time since 1812 State \nlaw enforcement, we have got sheriffs, we have got police \nchiefs, we have got fire departments, we have the private \nsector, people that run flight schools in Florida, for example, \nthat have got to be part of the information flow, both from the \nlocal level up, because they are really your largest set of \neyes and ears about imminent threats.\n    Then, of course, the other way, you have to be able to \nshare information. Along those lines, a lot of States have \nprivacy protections that are, for example, in Florida, built \ninto our Constitution. We have an explicit privacy clause.\n    So I would like, Mr. Marsh, as you talk about data mining, \nand also the Senator and the Congressman, to tell us what, if \nanything, as we decide whether or not to set up a privacy \noffice in every single agency or every single sub-agency, \nwhether we decide to put it at one major level of the Federal \nGovernment, whether that is inside the White House or whether \nthat is independent--those debates are obviously ongoing. But I \nwould like to have you tell us what we ought to focus on as we \nuse the 280 million sets of eyes and ears around the country in \nsharing information up and down and how privacy can be \nadversely impacted if we are not careful in that flow of \ninformation stream as well.\n    Mr. Hamilton. Mr. Feeney, I will try a cut at it, and I am \nsure others will want to contribute.\n    The first point I want to make is with regard to the link \nyou suggest between intelligence and law enforcement. That is a \nvery important link, and that is one of the reasons we didn't \ngo to an MI-5, incidentally.\n    The fellow who is out here investigating a crime with the \nidea of prosecution in court will often pick up information \nthat is very valuable to the intelligence side of the FBI, and \nvice versa. The person doing intelligence, looking at terrorist \nactivity, often will pick up information that is very vital to \nthe law enforcement side. So we think there is a natural \nsynergy or link, if you would, between the two sides of the \nFBI.\n    The second point, we really did address quite frequently \nthe need to push information down to the State and local \nofficials. My recollection is somewhere in the report we say \n18,000 local officials, police officials and others, are \nenormously important assets for us in terms of counterterrorism \nactivity. And we did find, as I think maybe your question \nsuggested, that that flow of information was not nearly as good \nas it ought to be. I think here, too, there have been \nimprovements, incidentally, but there is a long way to go.\n    I believe I am correct in saying that a major concern of \nDirector Mueller--I certainly don't want to try to speak for \nhim--is to try to improve that flow of information to agents in \nthe field; and in some cases, like New York City, I believe the \nrelationship between the FBI and the New York City police is \nbeing worked out quite well.\n    But it is a huge advantage for us in counterterrorism to be \nable to take advantage of the local law enforcement people, and \nthey simply must be brought into the information pool to a much \ngreater extent than has been true in the past.\n    Now, the third point I am not sure I caught with regard to \nprivacy. You wanted to know how it was adversely impacted by \nall of this?\n    Mr. Feeney. Well, we have talked a lot about international \nprivacy protections, sharing amongst Federal agencies. But as \nwe go up and down from local, State and Federal and the other \nway, what do we need to think about in terms of protecting \npeople's privacy there, too?\n    Mr. Hamilton. It is a pervasive problem, because if you \nmust, as we believe on the Commission, increase the flow of \ninformation, that means the privacy concerns are greater, and \nthat is why we think there has to be some overall direction on \nit within the executive branch and a lot of review, as some of \nthe other Members of the Committee have suggested, by courts \nand the Congress.\n    Mr. Gorton. Mr. Chairman, may I comment on Mr. Feeney's \nquestion?\n    Mr. Cannon. Absolutely. I think you will note I am fairly \nstrict on the time frame for asking questions but try to allow \nsome extension of that time, whereas we have not interrupted \nthe answers which we find and I think the rest of the Committee \nfinds fascinating. So, please, Mr. Gorton, go ahead.\n    Mr. Gorton. Mr. Feeney, I think you did have two separate \nquestions. There has been a traditional and very legitimate \nobjection on the part of local law enforcement officials all \nacross the country that communications are one way, that the \nFBI wanted to get information from them, and rarely if ever \nshared it with them. Director Mueller has made significant \nattempts in this connection. The creation of a Joint Terrorism \nTask Force in every major FBI office in the country has done \nso.\n    Two weeks ago, I visited with the mayor of Seattle, the \nchief of police, and the fire chief and found that my city had \ndone an excellent job in setting up and following some of our \nrecommendations on emergency response, setting up the single \ncommand structure and the like, and asked him just that \nquestion. And the answer to that question was, yes, it is \nbetter, but it still has a long way to go. We are not getting \nall of the information down that we need, but progress has been \nmade.\n    With respect to your other question on privacy, I think I \nmight refer you to another report. I am a member of the Markle \nFoundation's study. In fact, with the permission of the \nChairman, I am going to leave here in about 30 minutes. I am \ndue at its meeting in Colorado this evening.\n    It has spent a tremendous amount of very constructive time \non data mining, the questions that Mr. Scott asked, on what can \nbe shared and how it ought to be shared and, very specifically \non this sharing, how will we bring these thousands of local law \nenforcement agencies into this field with a very strong \nprotection of human rights. It has now had two reports. Its \nsecond came out about 6 or 8 months ago. We referred to it in \nour opening testimony here, and I think it will be of great \nvalue to you in answering that question.\n    Mr. Marsh. Mr. Feeney, on the classification, you should be \naware there are two systems to the classification in our \ncountry that involve national security and law enforcement. The \nnational security is Confidential, Secret, Top Secret, \nCodeword. That is generally the result of an executive order \nover on the defense side. Clearance for those are extremely \nexpensive, very hard to obtain. There is inability in our \nGovernment to transfer those from Department to Department, \nwhich is a major problem.\n    The second relates to the law enforcement type of issues \nthat Senator Gorton spoke about. I served for 4\\1/2\\ years on \nthe Gilmore Commission, which looked at local responders. The \nsingle most frequent complaint that we received from first \nresponders from across the Nation was the failure to get \nsensitive or classified information to them that they needed \nfor their security purposes. That has improved somewhat by a \nrecent order of the Department of Homeland Security but not \nanywhere near where it needs to be.\n    This is another area, where some information comes down, \nand it is marked ``law enforcement sensitive.'' Now, it is a \nform of classification. Very frequently, law officers with law \nenforcement sensitive information do not transfer that to other \npeople who need to know it inside the community. You have \nbroached a matter that is a major, major problem that is really \nadministrative but has enormous impacts in other ways of \noperation.\n    Ms. O'Connor Kelly. Mr. Feeney, as the operational Privacy \nOfficer on the panel, I note that a major focus of our work \nthis past year has been addressing exactly the issue you have \nraised of information sharing both across the Federal \nGovernment but also with the State and local partners.\n    Obviously with the major homeland security efforts being \nundertaken at the State level, we are being forced to share--\nand we should be sharing--information with our State and local \nhomeland security directors. I see it as sort of a four-tiered \nissue.\n    First of all, Homeland Security is made up of 22 different, \nseparate parts of agencies. So we had to first construct a \nstructure that allows information sharing within the \nDepartment, which was actually a major undertaking given the \nprivacy act systems that existed in those agencies.\n    Then to share with other agencies--our partner agencies at \nboth Defense and Justice and other parts of the Federal service \nto make those agencies more efficient in the use of \ninformation--then to share with our State and local partners. \nAnd finally to share with the private sector. With over 85 \npercent of our critical infrastructures in the hands of the \nprivate sector in this country, we have a need to share and a \nneed to know information about their efforts.\n    And, of course, as has been pointed out, with the new rules \nunder critical infrastructure sharing and sensitive homeland \nsecurity information, we have hopefully heightened the ability \nto share, but also created good rules around the sharing that \nallows our employees to know what should be shared and what \nshould not be shared, particularly when it pertains to \nindividuals.\n    Mr. Feeney. Thank you.\n    Mr. Cannon. I would like to thank the very thoughtful Vice \nChairman of the Subcommittee for that thought-provoking \ninquiry.\n    And now the Chair recognizes the very patient Ranking \nMember of this Subcommittee for his opportunity to question for \n5 minutes.\n    Mr. Watt.\n    Mr. Watt. Thank you, Mr. Chairman.\n    And I think I will use my 5 minutes to follow up on some \nlines of questioning that other people have already opened \nbefore I go to one final overarching question that I would like \nto pose. First, Mr. Nadler raised an interesting question about \nif Congress can't get information from executive agencies, how \nwe could set up a board or commission oversight board, and how \nthey would get information to do the necessary job that we \nwould give them.\n    It occurred to me that Ms. Kelly might be in a good \nposition to respond to that. She is inside the Government, \ninside the executive branch.\n    How would we structure, you think, a board, oversight \nboard, to do the kinds of things that the 9/11 Commission \nreport has suggested, and give them the kind of authority and \nmechanisms to get the information that they need when we appear \nto be having trouble getting that kind of information \nourselves? Can you share any light on that, either now or \nsubsequent to the hearing?\n    If you have got some thoughts now, I would love to hear \nthem.\n    Ms. O'Connor Kelly. Yes.\n    Mr. Watt. If you have follow-up thoughts I would love to \nhear them, too.\n    Ms. O'Connor Kelly. Well, I have certainly been thinking \nabout this issue for many years, and people wiser than me have \nbeen thinking about it for many decades.\n    So I think there are a number of ways--and I don't want to \npreempt people in the Administration who may have thoughts on \nthis themselves--but I think you hit on the exact point that \nthe information on--perhaps it is human nature for people to \nnot want to air their dirty laundry in public.\n    And so to have a privacy office within the Federal agency, \nalthough it is looked upon somewhat quizzically elsewhere in \nthe world, has actually been a very effective structure because \nwe are seen as a helpmate in the mission of the Department, but \nalso someone who has criticized from within in advance of \nprograms being launched. And perhaps that idea is being \nenacted.\n    But we also do rest heavily on our external role. And we \nhave issued some critical reports of the Department, which we \nwill be sharing with you in our annual report to Congress, \nwhich should be printed and finalized, hopefully, within a \nmatter of weeks.\n    Mr. Watt. I take it that what the Commission has \nrecommended goes beyond privacy officers or bodies within \nagencies.\n    Ms. O'Connor Kelly. Right.\n    Mr. Watt. You may be suggesting that each agency that is \ndealing in this arena needs a privacy officer. But what the \nCommission, I think, is suggesting is something that--that is--\n--\n    Ms. O'Connor Kelly. Overseeing.\n    Mr. Watt.--kind of overseeing all of this. And it may be a \nmore difficult problem to get agencies to give up the \ninformation to that external body than even to an internal \nbody.\n    Ms. O'Connor Kelly. That may certainly be the case. And I \nthink for that question, we should look to the experience of \ncountries which already have operationalized independent data \nprotection authorities. And there is ample evidence of their \nsuccess, both in the European Union and also elsewhere in the \nworld. It certainly might be worth even actually talking to \nsome of those officials who lead those bodies.\n    There is an International Association of Data Protection \nindividuals, which we participate in and represent the United \nStates to the extent that we are welcomed in that body. They \nhave met with greater and lesser success in their own countries \nin doing exactly what you have suggested, getting Federal \nagencies to share information about their operations, \nparticularly when it might be damaging or embarrassing to the \nagency--but perhaps a very necessary process.\n    Mr. Hamilton. Mr. Watt.\n    Mr. Watt. What I might suggest is ask--well.\n    Mr. Hamilton. Mr. Watt, the key requirement----\n    Mr. Watt. I would just say one other thing that Ms. Kelly \nsuggested, she maybe follow up with----\n    Ms. O'Connor Kelly. I would be happy to. Okay.\n    Mr. Watt.--some written suggestions in response to this, \nbecause I am going to run out of time. That is what I am \nworried about.\n    Mr. Hamilton. Well, the key requirement is that Government \nagencies must be required to respond to the board. Now, the \nexperience of the 9/11 Commission is that we had to have the \nsubpoena power. We didn't use it very frequently. But if we had \nnot had it, our job would have been much, much more difficult. \nAnd if this board is not able to require agencies to respond in \ndetail to your questions, it will be ineffective.\n    Mr. Watt. Okay.\n    Mr. Watt. Mr. Chairman, I guess I am going to have to ask \nunanimous consent for a couple of extra minutes to get to the \nnext two questions that I have.\n    Mr. Cannon. Without objection, so ordered.\n    Mr. Watt. Let me go. We used the whole 5 minutes on that \none question.\n    I wanted to follow up on this national ID question that \nseveral people have kind of skirted around. The Commission's \nReport says--and I am quoting, I think--secure identification \nshould begin in the United States. The Federal Government \nshould set standards for the issuance of birth certificates and \nsources of identification such as driver's licenses. And then \nit goes on and says some other things.\n    Now, Representative Hamilton did a great job of telling us \nwhat he is not suggesting, which is a national ID. What I am a \nlittle unclear about, and what other people have raised a \nnumber of questions about, is what, short of a national ID, is \nthe Commission suggesting here? Because it sounds like the only \nway you can get to where you are talking about is to have some \nkind of national identification system.\n    Mr. Cannon. If the gentleman would yield.\n    Could I just add to that, if you have Federal standards and \na free-flow information system between the States and the \nFederal Government and law enforcement agencies and the Federal \nagencies, what is the difference between standards and a \nnational ID?\n    Mr. Gorton. Very simply, everyone in the United States, or \nalmost everyone in the United States, is comfortable with the \nidea that you have to have a driver's license in order to \ndrive. Fifty states and all of the other jurisdictions issue \ndriver's licenses. And they do so so that people can be \nidentified, you know, when they are driving and when they are \narrested.\n    What we are saying is that it is very important in the \nfight for the struggle for national security that people be \nable to be identified. We now have 50 or 54, whatever it is, \ndifferent systems for that. And we are simply saying, take \nsomething that everyone accepts now and have it standardized in \na way that it really identifies the people who are holding onto \nit. And we have also incidentally--and we have mentioned it in \npassing--that we ought to sort of have--it would be a great \nidea to have a standard form of birth certificates; because as \none of the Members up here said, almost everything stems from \nthat, you know, for Americans, all kinds of things you have to \nget a copy of your birth certificate for. And it ought to be \nsomething that is valid, that people can rely on.\n    We would like them to rely on driver's licenses. You don't \nhave to get a driver's license if you don't want one. But if \nyou want to drive, you do. Let's make it into--let's make it \ninto something that really does say, when I pulled my driver's \nlicense out, you could be confident that this is really me and \nnot somebody else.\n    Mr. Cannon. Would the gentleman yield?\n    Mr. Watt. Yes.\n    Mr. Cannon. What I hear you saying, Senator Gorton, is that \nyou want a national ID, you want to get that through the back \ndoor by using something that everybody already accepts. But \nthat is, I think you stated very clearly, that you want or you \nthink the Commission wants the national ability to identify \npeople and using an already accepted purpose. So if you want, \nif you want to drive in America, you have to be part of a \nfederalized system of identification?\n    Mr. Gorton. I think there is a great deal of difference, \nMr. Chairman, between something that you voluntarily go out and \nget and something that is mandated.\n    Mr. Watt. Well, you might--you might be--this might be a \nsemantic discussion. And, I mean, I think the discussion about \na national ID has been going back and forth for a number of \nyears. But it does seem to me that if you are suggesting a \nstandardized birth certificate, that is not optional. So for \nnewly born individuals, that is a national ID; for people who \nobtain a driver's license, that is a national ID.\n    So you have left out people who have come into the United \nStates who weren't born here and who don't get a birth \ncertificate, or people who have opted not to get a driver's \nlicense. But you are not very far have having a requirement \nthat you have some kind of national identification for those \npeople, too, I would think.\n    Mr. Hamilton. Well, I would----\n    Mr. Gorton. Mr. Watt, you have already got a national ID \nYou have one or the other. You just don't know whether it is \nany good.\n    Mr. Hamilton. Mr. Watt, just to let you know our concern \nhere, all of these hijackers, except one, had U.S. \nIdentification. And what we are saying is that secure \nidentification is very, very important in terms of \ncounterterrorism.\n    And we--we did not endorse a national ID. We think there is \na distinction, as Senator Gorton has said, between Federal \nstandards and having a national ID. But do not be deceived here \nwith regard to the importance of identification. Keep in mind \nthat these hijackers were extremely skillful in being able to \nfind the gaps in our system. And we are trying to protect \nagainst that as best we can.\n    Mr. Watt. And do let me be clear that I am not either \nsupporting or condemning a national identification system. All \nI am trying to do is figure out what--what those options are \nand be clear on what the Commission is suggesting. Because for \nus to move from the onset that you have expressed to the \nreality of what you have expressed requires our understanding \nwhat you had in mind. And that is all I am trying to do.\n    Let me do one other thing, Mr. Chairman. And I don't really \nthink this question may be--well, anybody will want to answer--\nbut I think I have got to ask it because there is, it appears \nto me, to be a real rush politically to act on the 9/11 \nCommission's Report and a real rush to--for security purposes \nto act on.\n    And I guess the thing that I am wrestling with here in \nlight of all of the questions that have been raised in this \nhearing is how we can proceed responsibly to get to a real good \nproduct without giving the public the perception that we are \nsomehow dragging our feet and being picky and not paying \nattention to details.\n    Did the Commission have any ideas about the timetable? I \nmean, obviously, we are 3 years beyond 9/11. Did the Commission \nhave any ideas about the timetable for the implementation or \npassage of whatever legislative initiatives are required to \nimplement the 9/11 Commission's recommendations?\n    Mr. Gorton. Most of the attention so far to our \nrecommendations has been to those two, or several that have to \ndo with the structure of our intelligence system, the national \nintelligence director, the national counterterrorism center. \nThe former of those has been recommended by probably a dozen \ncommissions over years.\n    I have got--one of our people yesterday had--no, no, \nmeeting over in the Senate yesterday--he showed me a list of 48 \ncommissions since 1947 that have talked about restructuring our \nintelligence agencies none of which was successful.\n    It came from here, you know. The joint--the Joint \nIntelligence Committees of the House and the Senate 2 years ago \nmade a recommendation that is at least similar to that. \nSpeaking for myself, I am inclined to hope that you do do \nsomething before the election in that respect.\n    Mr. Watt. Can we do something on that front without doing \nsomething on the fronts that we have been discussing here \ntoday?\n    Mr. Gorton. Well, certainly you can.\n    Mr. Watt. I mean, is it advisable? I know the answer is we \ncan.\n    The question is, would it be advisable to do something on \nthat front without--without setting up these security measures \nfor individual liberties and privacy that we all know need to \nbe in place at the same time that the protections need to be in \nplace.\n    Mr. Gorton. We believe that the recommendations that relate \nto the Committee, the subject of this Committee, are very, very \nimportant, Mr. Watt. We wouldn't have included them if we \ndidn't. And we thought about them a great deal and dealt with \nthem advisedly.\n    I guess the other side of that coin is simply this. We know \nthose terrorist organizations are still out there. We know they \nhave declared war against the United States of America. We know \nthat, while either through good preparation or good fortune, in \nthe almost 3 years since 9/11 no other terrorist attack has \ntaken place in the United States. We also know that lots of \nthem have taken place other places in the world.\n    So figuratively we have, if not literally, out there in the \nstreets somewhere, is a bomb with a fuse and the fuse is lit. \nAnd we have no idea whether that fuse goes off in 5 days, 5 \nweeks, 5 months or 5 years. But it is going to be awfully hard \nto stop the blame game if it goes off when we have done \nnothing.\n    Mr. Watt. Thank you, Mr. Chairman. You have been very \ngenerous with your time. And I yield back.\n    Mr. Cannon. Thank you. I want to thank the Ranking Member \nfor some very insightful questions.\n    I was not clear when we came into this hearing how clear \nyou are from the Commission on the need for a national ID or a \nsystem of national identification. I think that has become \nvery, very clear here.\n    In addition, I think the question about coming up with a \ngood product versus looking like we are dragging our feet is a \nvery insightful question. And my reaction to that is we need to \ndo some things. I am appreciative of the Administration. I am \nthankful daily that we haven't had in America another serious \nterrorist activity.\n    Although I was doing a cottage meeting last night and had a \nvery conservative person there who expressed, at some length \nand with some eloquence, appreciation for that, but recognized \nthat we have terrorist groups in America that aren't associated \nwith al Qaeda, groups that are doing things that by any \ndefinition are terrorist--and that includes some of our gang \nmembers, some of our ethnic gang members. We have some very \nserious problems to deal with. We have been very, very blessed. \nAl Qaeda or violent Islam is not our only problem. It is \ninternal problems.\n    I just feel like we need to point out here--generally \nspeaking, I almost never preach from the podium here, but often \nuse this to ask questions. I was thinking about George \nWashington, since his name came up a couple of times. He was \nasked at one point what the purpose of the other body was. And \nhe had cup of very hot coffee. And he took the cup and poured \nsome in the saucer, swirled it around and then drank from the \nsaucer. And he said, the People's House, Congress, the House of \nRepresentatives, is like a turbulent boiling, scalding cup of \ncoffee. And the Senate, by the way this is before the 17th \namendment--I am not sure it still holds--but the Senate is the \narea where we cool it down and sip.\n    I feel like we have barely sniffed the coffee, let alone \ngotten ready to cool it down or taste it here. So we have a \nvery long way to go, but some things are really remarkable in \nour time.\n    In the first place, I look at Ms. O'Connor Kelly. We have \nhad a long and very productive discussion. I think she has done \na remarkably good job at what she has done. She represents \nprivate industry bringing the most current state-of-the-art \nunderstanding of technology into the Government. And Government \nis much better because of that.\n    And so as you are looking at the questions, Representative \nfrom Ohio--or Iowa, pardon me. As I am trying to go through \nthese complex issues, my dear friend Mr. King suggested \nbureaucratization sets in. But Government is radically improved \nby the interface between free enterprise and new technology and \nour bureaucratic process.\n    But at the same time we are getting these little inputs \nthat make DHS a much more successful agency, we are \nfederalizing more and more issues. And we are doing it because \nit is easier to deal with many of the issues that face us today \nat a Federal level. And some of those are absolutely important \nto be federalized.\n    The State of Utah just recently passed a spyware bill. So \nmy IT companies are thrilled with that bill. And I have to \nadmit, the other day when I was talking to one of them, I said \nthat I asked the governor to veto it. And the reason I asked \nher to veto it--obviously not very successfully--is because \nthis is truly a Federal issue. You have to deal with that issue \nfederally. And if you don't do it that way, you have chaos in \nour system. So we have this period of time where we are truly \nchallenged. But the other side, we are responding to those \nchallenges, sometimes appropriately, sometimes inappropriately \nwith federalization of issues.\n    And I am just deeply concerned that in a time of conflict, \nthat men of zeal without understanding, or people with zeal \nwithout understanding, are going to assert that we need to do \nthings federally for which there is no alternative. There is \ntheoretically another way to deal with that.\n    And, Mr. Marsh, you spoke twice about anonymizers. Now I \nthink the original Web site that anonymized for people is \nactually in my district. Very cool. This goes way back--by the \nway--we are not claiming all the benefits of modern technology. \nBut we have great opportunities with--with technology. And if \nwe go down a path of federalization too quickly, we will end up \nwith remarkable problems.\n    I cannot drive through my major city, Provo, Utah, my most \ncentral city, without being keenly aware that every stoplight \nhas a camera. I am no computer wonk, but I know the process to \nbe able to focus, with some artificial intelligence, the camera \non the driver and get a picture of the driver, and on the \nlicense plate and get a picture of the license plate of every \ncar that goes through every intersection that has a stoplight \nand a camera in that city.\n    That gives me the willies, and I think it gives Americans a \nbit of pause. On the one hand, a young woman who was kidnapped \nand the kidnapper was captured very quickly, in part by using \nsome of this technology. We do want to stop kidnappers. We do \nwant to stop terrorists.\n    But I just feel like here in this Subcommittee and in the \nConstitution Subcommittee as well, we need to be looking at \nthese issues very carefully and drinking from that saucer and \nnot scalding our tonsils as we chug the coffee immediately.\n    I also just feel the need to point out that what happened \non 9/11 was tragic, and a great cost, but it was not entirely \nunanticipated. I think perhaps the magnitude of it was \nunanticipated. But when we set up the CIA and the FBI there was \na debate, and that debate centered on the core principles that \nwe have used to build all of our institutions in America, and \nthat is separation of powers. And while, you know, as we look \nat that today, we need to be thinking in terms of the values \nincorporated and what was a system that didn't work very well \nand what we can do with technology today, which allows us to \nbridge the gap and still maintain separate centers of power, \ndivision of power.\n    If you read one of the most remarkable Founding Fathers, \nThomas Jefferson, he spoke over and over and over again about \ntaking power from the highest level of Government and shifting \nor keeping everything down at the lowest level. And if you fly \nover America today and you see the big squares; that is, the \nparticular application of Thomas Jefferson's vision of how to \norganize society.\n    We did square townships so that towns could grow up in a \ncontext, and those townships could have smaller units all the \nway down to what we called wards, which were 100 families. And \nhis idea of Government was that you govern at the 100-family \nlevel. And I believe the idea behind the concept of the well-\norganized militia for the second amendment, was that people in \nthat 100-family unit would be able to assert police authority \nwithin that group.\n    Now, that is a concept that is embedded in our very \ngeography in America, but which is not being considered, I \ndon't think, today as we are looking at global attacks. And yet \nas I said earlier, all the attacks aren't global. Many of the \nattacks we have are home grown, homemade. They are not even \nforeign or different ethnicities from the bulk of the Northern \nEuropeans who settled America. They are among us today, not \nappealing their sentences, because of the possibility of a \ndeath penalty if they get a new trial, or if he gets a new \ntrial. So I am just--I am just deeply concerned about those \nthings.\n    I wanted to touch on another couple of points that you \nmade, Mr. Marsh.\n    You talked about a protocol or a culture of privacy. I \nremember thinking as a kid, no one, no employee of the IRS \nwould ever give anyone information that the IRS collected. And \nthen we had two Presidents, one of each party, who appear to \nhave made even FBI raw data files available to people in the \npress. With that culture destroyed fundamentally--and that is \nnot many people, if they have faith that their files are going \nto be kept private--we have to rebuild that culture somehow. \nRebuilding that culture means going to people with technology \nat the lowest level where they can be protected and anonymizers \nare great possibilities. But you have other issues, like a \ncertified identification, which hasn't been mentioned I don't \nthink in any of these processes, which today is not used for \nanything but to avoid that little pop-up on your screen that \nsays you are not a secure user. And you apparently can now pay \n$49 to get that pop-up eliminated. But it doesn't do anything \nfor the issue of identification that we have been talking about \nhere today.\n    And then finally, I just want to point out that there is a \nlot of vagueness in most Americans' thinking about what they \nwant out of privacy. And so I would like to just pause at one \nof the problems, or weigh how to think about that.\n    If you saw the movie ``Enemy of the State'' with Will \nSmith, you have an innocent citizen who has something stashed \nin a bag that that then makes him the target of the vast \nbureaucracies of the CIA. And the appalling thing is the \ntechnology is all there. It was a very cool movie from that \npoint of view.\n    The likelihood of any of us being the subject of a hunt by \nthe CIA is almost nonexistent. But the premise of the film, if \nyou will recall, is a Congressman of integrity who wouldn't \nvote in a certain way and therefore was murdered.\n    Now, I would like to think that all of my colleagues were \nmen of, A, integrity and, B, they have never done anything they \ncould be blackmailed with or that could be used to encourage \nthem to vote a different way. But in most issues in America \ntoday, votes at the congressional level and the House of \nRepresentatives and the other body, or in city council, tend to \nbe fairly narrow because we have hard choices. And the ability \nof evil men to get information on decisionmakers at any level \nof Government and thereby pervert decisions, that is what we \nare trying to avoid here.\n    And so while driving, I am not worried when my license \nplate is captured, my face is captured by a camera at an \nintersection. But cumulatively in America, we need to be \nconcerned about that. Because if you can prove that a city \ncouncilman was at an intersection near the house of a woman he \nwas purported to be having an affair with, there is something \nwrong with that. It's important to the large process of how we \ngovern ourselves and how we get good men and women to perform \npublic functions without the threat of embarrassment when an \nissue comes up that they need to exercise their judgment on.\n    Those are the areas at all levels of Government and in the \njudiciary as well, where I think the issues we are dealing with \nhere are important and are worthy of being dealt with \nthoughtfully and carefully over time.\n    And I suspect that this Subcommittee, perhaps, the \nConstitution Subcommittee in addition, is going to have a lot \nto say about how we at least approach that problem. And I think \nthat means a commission with people who are very thoughtful, \nwho have significant background, and who are people who are \nwilling to say we don't necessarily need to Federalize this \nprocess. And if we do Federalize this process, it shouldn't \njust be the damn Feds sucking information out of the local \nfolks. It ought to be the local folks who get something back. \nAnd to do that you ought to have some kind of protection, maybe \nan anonymizer. It may be a culture that existed at one time in \nthe Federal Government, I am not sure what it is. It is vital \nto America and it is, I think, the cornerstone of what our \ngrandchildren are going to enjoy or suffer in the future.\n    So with that, are there any comments by anyone else on the \npanel or additional comments that you on the panel would like \nto make?\n    Thank you. I apologize for preaching, but we are adjourned.\n    [Whereupon, at 12:35 p.m., the Subcommittees were \nadjourned.]\n                            A P P E N D I X\n\n                              ----------                              \n\n\n               Material Submitted for the Hearing Record\n\n Prepared Statement of the Honorable Chris Cannon, a Representative in \n    Congress From the State of Utah, and Chairman, Subcommittee on \n                   Commercial and Administrative Law\n    The Subcommittees will please come to order.\n    Before we formally start today's proceedings, Chairman Chabot and I \nwant to sincerely thank and recognize our colleagues on both \nSubcommittees and on both sides of the aisle for taking time out of \ntheir busy schedules to attend this important hearing. As many of you \nknow, August is typically when Members of Congress return to their \ndistricts to catch up on constituent matters and spend time with their \nfamilies. Unfortunately, in these extraordinary times, however, we must \nundertake extraordinary measures to deal with certain pressing issues.\n    It also goes without saying that we express our sincere gratitude \nto our esteemed witnesses, each of whom reflect the greatest hallmarks \nof public service. We appreciate your contributions to our \ndeliberations today.\n    The title of today's hearing--Oversight Hearing on Privacy and \nCivil Liberties in the Hands of the Government Post-September 11, 2001: \nRecommendations of the 9/11 Commission and the U.S. Department of \nDefense Technology and Privacy Advisory Committee (which we'll refer to \nas ``TAPAC'')--clearly explains why we're here.\n    As many of you know, the 9/11 Commission filed its final report \nlast month. As some of you may not know, however, is that the report \nincludes several recommendations intended to protect our citizens' \nprivacy and civil liberties. In addition, it recommends that the \nfederal government set standards for the issuance of birth certificates \nand sources of identification, such as drivers' licenses, to promote \nsecure identification information. While most media headlines have \nemphasized the Commission's anti-terrorism proposals, I believe the \nprivacy and civil liberties recommendations are among those most \ncritical to our nation's future and which will form part of the focus \nof our hearing.\n    Today's proceedings will also focus on certain recommendations that \nthe TAPAC Committee made regarding safeguarding informational privacy. \nBy way of background, TAPAC was established by Secretary Rumsfeld as an \nindependent, bipartisan committee to examine the privacy ramifications \npresented by data mining activities by the Defense Department. I think \nwe all agree that Secretary Rumsfeld is to be commended for taking this \ninitiative and for ensuring that TAPAC's membership included some of \nour nation's most respected experts in the fields of constitutional and \nprivacy law. I am informed that among the many luminaries who testified \nbefore TAPAC was our colleague from New York (Mr. Nadler).\n    Advances in technology have increasingly facilitated the collection \nand dissemination of personally identifiable information, but have also \ncorrespondingly increased the potential for misuse of such information. \nAs the recently renamed Government Accountability Office observed, \n``These advances bring substantial federal information benefits as well \nas increasing responsibilities and concerns.'' Interestingly, TAPAC, \nover the course of its deliberations, determined that as the Defense \nDepartment was not alone in its conduct of data mining activities, it \nwas necessary for it to address this issue through a series of \nGovernment-wide recommendations.\n    The purpose of today's hearing is to examine the validity of these \nrecommendations and those of the 9/11 Commission that relate to privacy \nand civil liberties and to determine whether they warrant a legislative \nresponse. We would especially appreciate any guidance from our \nwitnesses about how the Congress, in crafting legislation, can best \nprotect our citizens' privacy without compromising legitimate law \nenforcement and terrorism detection efforts. And, as our witnesses \nknow, it has been 30 years since a privacy commission was established \nas part of the Privacy Act of 1974. I would be interested in having our \nwitnesses comment on whether now is the time to re-establish a privacy \ncommission that would specifically focus on government privacy issues, \nespecially given all the technological developments that have occurred \nsince the commission filed its final report in 1977 and the current \nstate of our nation's security concerns.\n    I should also note that both my Subcommittee--the Subcommittee on \nCommercial and Administrative Law--and Chairman Chabot's Subcommittee--\nthe Constitution Subcommittee--have played a major role in with respect \nto protecting personal privacy and civil liberties in this era of \nheightened security under the leadership and guidance of Jim \nSensenbrenner, the Chairman of the Judiciary Committee. As both the 9/\n11 Commission Report and TAPAC Report concluded, it is no easy task to \nbalance the competing goals of keeping our nation secure and protecting \nthe privacy rights of our nation's citizens. I believe that our \nrespective Subcommittees and the Judiciary Committee are uniquely and \nbest suited to study and resolve these issues.\n    Our accomplishments to date include the establishment of the first \nstatutorily created privacy office in a federal agency, namely the \nDepartment of Homeland Security. We have also spearheaded the creation \nof a similar office in the Justice Department, which is contained in \nlegislation now pending in the Senate. In addition, both my \nSubcommittee and the Constitution Subcommittee have considered and \nsupported legislation requiring a federal agency to prepare a privacy \nimpact analysis for proposed and final rules and to include this \nanalysis in the notice for public comment issued in conjunction with \nthe publication of such rules.\n    I will conclude my opening remarks with a quote from one of our \nfounding fathers. As I think you'll agree, Mr. Hamilton's observations \nand warnings are as meaningful today as they were when he wrote them \nmore than two hundred years ago:\n    ``Safety from external danger is the most powerful director of \nnational conduct. Even the ardent love of liberty will, after a time, \ngive way to its dictates. The violent destruction of life and property \nincident to war, the continual effort and alarm attendant on a state of \ncontinual danger, will compel nations the most attached to liberty to \nresort for repose and security to institutions which have a tendency to \ndestroy their civil and political rights. To be more safe, they at \nlength become willing to run the risk of being less free.''\n\n                              ----------                              \n\n Prepared Statement of the Honorable Steve Chabot, a Representative in \n  Congress From the State of Ohio, and Chairman, Subcommittee on the \n                              Constitution\n    I'd like to thank Chairman Cannon for holding this important \nhearing today.\n    September 11, 2001, changed our world. It changed the way in which \nwe view terrorism and the way in which we, as a country, must protect \nourselves.\n    Since that tragic day, Congress acted quickly to protect the \ncountry from future terrorist attacks. For example, through the Patriot \nAct, we provided our law enforcement officials with enhanced \ninvestigative tools to prevent the planning of future attacks, and we \nauthorized the creation of the Department of Homeland Security to \nbetter coordinate activities within our country to protect against the \nfuture threat of terrorism.\n    In taking action, we have been mindful of the protections afforded \nby our Constitution and our need to protect them as we protect our \ncountry. In the Patriot Act, we included protective measures, such as \nthe sunset provisions. When authorizing the Department of Homeland \nSecurity, we ensured that a privacy officer position was established to \nexamine the implications of the agency's rules and regulations on \nprivacy and to address any issues that may result.\n    Over the last 20 months, the National Commission on Terrorist \nAttacks Upon the United States (9/11 Commission) has investigated the \ncircumstances and events leading up to and on September 11.\n    In their report, the 9/11 Commission identified deficiencies within \nthe federal government and made recommendations, including \nrecommendations to safeguard privacy, to better protect the American \npublic. While we must move expeditiously to make our country safer, we \ntake care to do so in a thoughtful and Constitutional manner.\n    I look forward to discussing the Commission's recommendations with \nour witnesses today and determining what Congress can do to better \nprotect the privacy of our citizens.\n    As we move forward, it is important to remember that having \neffective anti-terrorism measures does not necessarily comprise the \nprotections afforded by our Constitution, as one is not the enemy of \nthe other. The enemy is terrorism.\n\n                              ----------                              \n\n<GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n\n\n                                 <all>\n\x1a\n</pre></body></html>\n"