[House Hearing, 109 Congress]
[From the U.S. Government Publishing Office]



IMPLEMENTATION OF THE USA PATRIOT ACT: CRIME, TERRORISM AND THE AGE OF 
                               TECHNOLOGY

=======================================================================

                                HEARING

                               BEFORE THE

                   SUBCOMMITTEE ON CRIME, TERRORISM,
                         AND HOMELAND SECURITY

                                 OF THE

                       COMMITTEE ON THE JUDICIARY
                        HOUSE OF REPRESENTATIVES

                       ONE HUNDRED NINTH CONGRESS

                             FIRST SESSION

                               __________

                             APRIL 21, 2005

                               __________

                           Serial No. 109-18

                               __________

         Printed for the use of the Committee on the Judiciary


    Available via the World Wide Web: http://www.house.gov/judiciary


                                 ______

                    U.S. GOVERNMENT PRINTING OFFICE
20-710                     WASHINGTON : 2005
_____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512ï¿½091800  
Fax: (202) 512ï¿½092250 Mail: Stop SSOP, Washington, DC 20402ï¿½090001

                       COMMITTEE ON THE JUDICIARY

            F. JAMES SENSENBRENNER, Jr., Wisconsin, Chairman
HENRY J. HYDE, Illinois              JOHN CONYERS, Jr., Michigan
HOWARD COBLE, North Carolina         HOWARD L. BERMAN, California
LAMAR SMITH, Texas                   RICK BOUCHER, Virginia
ELTON GALLEGLY, California           JERROLD NADLER, New York
BOB GOODLATTE, Virginia              ROBERT C. SCOTT, Virginia
STEVE CHABOT, Ohio                   MELVIN L. WATT, North Carolina
DANIEL E. LUNGREN, California        ZOE LOFGREN, California
WILLIAM L. JENKINS, Tennessee        SHEILA JACKSON LEE, Texas
CHRIS CANNON, Utah                   MAXINE WATERS, California
SPENCER BACHUS, Alabama              MARTIN T. MEEHAN, Massachusetts
BOB INGLIS, South Carolina           WILLIAM D. DELAHUNT, Massachusetts
JOHN N. HOSTETTLER, Indiana          ROBERT WEXLER, Florida
MARK GREEN, Wisconsin                ANTHONY D. WEINER, New York
RIC KELLER, Florida                  ADAM B. SCHIFF, California
DARRELL ISSA, California             LINDA T. SANCHEZ, California
JEFF FLAKE, Arizona                  ADAM SMITH, Washington
MIKE PENCE, Indiana                  CHRIS VAN HOLLEN, Maryland
J. RANDY FORBES, Virginia
STEVE KING, Iowa
TOM FEENEY, Florida
TRENT FRANKS, Arizona
LOUIE GOHMERT, Texas

             Philip G. Kiko, Chief of Staff-General Counsel
               Perry H. Apelbaum, Minority Chief Counsel
                                 ------                                

        Subcommittee on Crime, Terrorism, and Homeland Security

                 HOWARD COBLE, North Carolina, Chairman

DANIEL E. LUNGREN, California        ROBERT C. SCOTT, Virginia
MARK GREEN, Wisconsin                SHEILA JACKSON LEE, Texas
TOM FEENEY, Florida                  MAXINE WATERS, California
STEVE CHABOT, Ohio                   MARTIN T. MEEHAN, Massachusetts
RIC KELLER, Florida                  WILLIAM D. DELAHUNT, Massachusetts
JEFF FLAKE, Arizona                  ANTHONY D. WEINER, New York
MIKE PENCE, Indiana
J. RANDY FORBES, Virginia
LOUIE GOHMERT, Texas

                      Jay Apperson, Chief Counsel

            Elizabeth Sokul, Special Counsel on Intelligence

                         and Homeland Security

                 Jason Cervenak, Full Committee Counsel

                  Michael Volkov, Deputy Chief Counsel

                     Bobby Vassar, Minority Counsel


                            C O N T E N T S

                              ----------                              

                             APRIL 21, 2005

                           OPENING STATEMENT

                                                                   Page
The Honorable Howard Coble, a Representative in Congress from the 
  State of North Carolina, and Chairman, Subcommittee on Crime, 
  Terrorism, and Homeland Security...............................     1
The Honorable Robert C. Scott, a Representative in Congress from 
  the State of Virginia, and Ranking Member, Subcommittee on 
  Crime, Terrorism, and Homeland Security........................     2

                               WITNESSES

The Honorable Laura H. Parsky, Deputy Assistant Attorney General, 
  U.S. Department of Justice
  Oral Testimony.................................................     4
  Prepared Statement.............................................     7
Mr. Steven M. Martinez, Deputy Assistant Director, Cyber 
  Division, Federal Bureau of Investigation
  Oral Testimony.................................................    27
  Prepared Statement.............................................    29
Mr. Jim Dempsey, Executive Director, Center for Democracy and 
  Technology
  Oral Testimony.................................................    32
  Prepared Statement.............................................    34
Mr. Peter Swire, Professor of Law, Ohio State University
  Oral Testimony.................................................    38
  Prepared Statement.............................................    41

                                APPENDIX
               Material Submitted for the Hearing Record

Prepared Statement of the Honorable Robert C. Scott, a 
  Representative in Congress from the State of Virginia, and 
  Ranking Member, Subcommittee on Crime, Terrorism, and Homeland 
  Security.......................................................    75
Prepared Statement of the Honorable Maxine Waters, a 
  Representative in Congress from the State of California........    76
Submission by Peter Swire entitled ``The System of Foreign 
  Intelligence Surveillance Law,'' 72 George Washington Law 
  Review 1306 (2004), available at http://papers.ssrn.com/sol3/
  papers.cfm?abstract_...........................................
id=586616........................................................    77

 
IMPLEMENTATION OF THE USA PATRIOT ACT: CRIME, TERRORISM AND THE AGE OF 
                               TECHNOLOGY

                              ----------                              


                        THURSDAY, APRIL 21, 2005

                  House of Representatives,
                  Subcommittee on Crime, Terrorism,
                              and Homeland Security
                                Committee on the Judiciary,
                                                    Washington, DC.
    The Subcommittee met, pursuant to notice, at 10:03 a.m., in 
Room 2141, Rayburn House Office Building, the Honorable Howard 
Coble (Chair of the Subcommittee) presiding.
    Mr. Coble. Good morning, ladies and gentlemen. Good to have 
you all with us for our oversight hearing on the implementation 
of the USA PATRIOT Act, sections 209, 217, and 220 of the act 
that address crime, terrorism, and the age of technology.
    Our Nation has a dependency problem, one that we need to 
nurture and protect. That dependency is on technology. 
Computers and related technology have improved every aspect of 
our lives, our health care, our education, our security, just 
to name a few.
    This same technology also aids those who threaten our 
Nation and it facilitates terrorists and criminals alike. At 
the stroke of a key someone can cause millions of dollars of 
damage to our economy or shut down 911 systems of our emergency 
responders.
    The threat has grown with the benefits of and dependency 
upon technology. Now, after September 11 attacks, the risks are 
greater. Even prior to the attacks the Judiciary Subcommittee 
on Crime, Terrorism, and Homeland Security had been working on 
legislation to improve Federal law to protect the Nation from 
cybercrime and cyberterrorism.
    In an almost prophetic effort this Subcommittee held three 
hearings on the growing threat of cybercrime and cyberterrorism 
in the summer of 2001, and was in the process of drafting 
legislation to meet those threats when the 9/11 attacks 
occurred.
    These hearings highlighted that the Border Patrol and 
checkpoints at our airports and shipping ports cannot protect 
against cybercrime and terrorism.
    This type of crime is borderless, knows no restraints, and 
can substantially harm the Nation's economy and our citizens.
    To protect our privacy and our safety, law enforcement must 
be able to deal with new technology and the associated 
challenges. The borderless nature of cyberspace causes 
jurisdictional and investigative problems for law enforcement 
and facilitates often times criminal activity.
    The law enforcement officials and private representatives 
at these hearings agreed that the criminal law needed to be 
updated and clarified.
    In the PATRIOT Act, this Committee incorporated H.R. 2915, 
the legislation produced by the Subcommittee and then Chairman 
Lamar Smith in the summer of 2001. The PATRIOT Act updated 
criminal law to address the new challenges. These updates were 
designed to help law enforcement assess whether unlawful 
conduct is the result of criminal activity or terrorist 
activity and to respond appropriately.
    The hearing today will discuss sections 209 that deals with 
stored electronic communications; 217 that addresses computer 
trespassers; and 220 that updates the service of search 
warrants for electronic communications.
    These sections are set to expire on December 31 of this 
year.
    I look forward to hearing from the testimonies from the 
witnesses, and now I'm pleased to recognize the distinguished 
Gentleman from Virginia, the Ranking Member, Mr. Bobby Scott.
    Mr. Scott. Thank you, Mr. Chairman. And thank you again for 
scheduling another hearing on the USA PATRIOT Act. I think it's 
important that we have these hearings. I think we did a good 
job as a Committee when we passed the PATRIOT Act. 
Unfortunately, our work somehow dissolved between the Committee 
and the floor of the House. But we have taken in one of the 
points of this sunset which was to give us an opportunity to 
review our work product, and these hearings are certainly 
extremely important.
    This hearing is about the investigation and prosecution of 
crimes through use of electronic evidence, section 209 of the 
act references seizure of voice mail messages pursuant to a 
warrant. However, that section authorizes access to much more 
than just voice mail and authorizes access through ways other 
than warrants, such as administrative, grand jury, and court 
issued subpoenas. And under the appropriate circumstances, 
there can also be the sneak and peak situations where they ate 
warrants, court subpoenas, or administrative subpoenas. So 
we're talking about a section that is not only misleading 
relative to the breadth of police powers that authorizes, but a 
title that is deceptive as to the extraordinary nature of those 
powers.
    Quite frankly, Mr. Chairman, the more I review the extent 
of these powers that we have extended to law enforcement 
through provisions such as section 209, the more I am pleased 
with our decision to provide for a sunset on some of those 
powers in order that we may review in earnest what we have done 
so that law enforcement authorities who get access to our 
private information pursuant to these powers will be aware that 
we are reviewing their actions.
    This is a section whose original purpose was to protect or 
electronic data against intrusion. Now, we see a big loophole 
that we carved out for the purpose of law enforcement access 
and the limitations on traditional methods of holding law 
enforcement accountable, such as prior notice for the right to 
quash and oversight of a court through return reports to the 
court within a certain number of days.
    And so I'm convinced that the sunset review in this area is 
absolutely essential to our oversight responsibilities to the 
public.
    This is especially true in the areas of electronic and 
general technology given the growing impact of technology to 
our society. I have the same concerns about section 217, which 
allows an ISP to give law enforcement wide latitude to look at 
private electronic communications without court oversight or 
review.
    It's one thing to call law enforcement to look at a 
trespass that is occurring. But it's another thing to call on 
law enforcement to look to see if anything suspicious is going 
on prior to a trespass actually occurring.
    And while I can understand the efficiency of certain 
arguments for a nationwide search warrant authority in the area 
of electronic communications, I'm also concerned with the 
sufficiency of the notice and the right to challenge an 
oversight of such warrants.
    Now for law enforcement, I think it's important to note 
that I think these powers should be available in appropriate 
circumstances. So I'm not calling for a sunset of those powers. 
However, the public's protection of their privacy as well as 
their safety, I'm saying that we need to look more precisely at 
the notice to oversight and reporting requirements for these 
powers and make appropriate adjustments.
    We should also continue this kind of oversight through 
sunsets where we have to periodically look at the use of these 
powers in an arena of evolving technologies and where law 
enforcement is aware that the use of these powers will need to 
be scrutinized and justified.
    And so, Mr. Chairman, I look forward to the testimony of 
our witnesses on how we might best do that and working with you 
on implementing our recommendations.
    Mr. Coble. I thank you, Mr. Scott.
    Lady and gentlemen, it's the practice of the Subcommittee 
to swear in all witnesses appearing before us. So if you all 
would please stand and raise your right hands
    [Witnesses sworn.]
    Mr. Coble. Let the record show that each of the witnesses 
answered in the affirmative. You may be seated.
    We have a very distinguished panel today. And I will 
introduce them before we take testimony.
    Our first witness is Ms. Laura H. Parsky, the Deputy 
Assistant Attorney General of the Criminal Division at the 
United States Department of Justice. In addition to serving at 
the Department of Justice, Ms. Parsky has served as Director of 
International Justice and Contingency Planning at the National 
Security Council. She was graduated from Yale University and 
obtained her law degree from Boalt Hall School of Law at the 
University of California at Berkeley. Following law school, Ms. 
Parsky clerked for the Honorable D. Lowell Jensen of the United 
States District Court for the Northern District of California.
    Our second witness today is Mr. Steven Martinez, Deputy 
Assistant Director for the Cyber Division of the FBI. Prior to 
beginning his current position, Mr. Martinez served in many 
capacities within the FBI, including managing the counter 
terrorism and counter intelligence efforts during the staging 
and commencement of Operation Iraqi Freedom. Mr. Martinez is a 
graduate of St. Mary's College of California and received a 
master's degree from the University of California at Berkeley.
    Our next witness is Mr. Jim Dempsey, Executive Director of 
the Center for Democracy and Technology. Prior to joining the 
Center, Mr. Dempsey was a Deputy Director of the Center for 
National Security Studies and also served as Assistant Counsel 
to the House Judiciary Committee's Subcommittee on Civil and 
Constitutional Rights. Mr. Dempsey is a graduate of Yale 
University and the Harvard Law School.
    Our final witness today is Mr. Peter Swire, Professor of 
Law at the Ohio State University's Moritz College of Law. 
Previously, Mr. Swire served in the Clinton Administration as 
Chief Counselor for Privacy in the Office of Management and 
Budget. Professor Swire is a graduate of Princeton University 
and the Yale Law School. After graduating from law school, he 
clerked for Judge Ralph K. Winter, Jr., of the United States 
District Court--strike that--of the United States Court of 
Appeals for the Second Circuit.
    Folks, it's mighty good to have all of you with us. As you 
all have been previously informed, we operate under the 5-
minute rule here, and you will see the panels before you at the 
desk when amber light appears that is your notification that 
time is elapsing rapidly. And when the red light appears, the 5 
minutes have expired. And have furthermore imposed the 5-minute 
rule against ourselves as well. So when we examine you, if you 
all could be terse, we would be appreciative of that.
    Ms. Parsky, why don't you start us off?

 TESTIMONY OF THE HONORABLE LAURA H. PARSKY, DEPUTY ASSISTANT 
          ATTORNEY GENERAL, U.S. DEPARTMENT OF JUSTICE

    Ms. Parsky. Thank you. Good morning, Mr. Chairman, Ranking 
Member Scott and honorable Members of the Subcommittee.
    It is my pleasure to appear before you to discuss sections 
209, 217, and 220 of the PATRIOT Act, provisions that have 
authorized our laws to keep pace with new technologies. These 
provisions have made commonsense changes that have harmonized 
the treatment of similar situations, that have eliminated 
unnecessary and inefficient processes, and that have given back 
to victims the rights they deserve.
    Together, they are a significant step forward in meeting 
the challenges of investigating and prosecuting crime in the 
21st century.
    Our world has changed in dramatic ways in recent years. On 
the one hand, as September 11th made tragically clear, we face 
the threat of terrorism on a scale that was previously 
unimaginable.
    On the other hand, we have experienced tremendous 
technological advancement that has given us modern wonders like 
the Internet. It is because of both of these developments that 
the PATRIOT Act is vital to our country's safety.
    As the world changes, so must our laws. We cannot go back 
to the days before September 11th, and we cannot turn back the 
clock of the digital age. Likewise, we cannot regress to 
outdated laws that defy reason in today's world.
    Sections 209, 217, and 220 are just the kinds of 
commonsense changes that we need to keep pace with technology. 
Prior to the PATRIOT Act, voice mails were subject to 
burdensome rules designed for ongoing access to live 
communications rather than those rules for a single access to 
other similar types of stored communications.
    In fact, it was easier for law enforcement to get a warrant 
to go into a person's home and listen to messages on that 
person's answering machine than it was to obtain voice mail 
messages left--stored with a third party.
    Section 209 fixed this inconsistency by making the rules 
for stored voice mail more consistent with those for other 
types of stored messages, such as electronic mail.
    Section 217 also addresses new technology, the rise of 
computer networks, such as the Internet. Section 217 makes 
clear that Federal law will not shield a person who trespasses 
on the computer system of another. Section 217 puts the power 
to decide who may enter property back where it belongs: in the 
hands of the property owner, just as has always been the case 
for homeowners.
    Finally, section 220 recognizes that today's modern 
communications technologies make it possible for records 
relating to an investigation in a particular jurisdiction to be 
stored in a distant jurisdiction, or in many cases in several 
distant jurisdictions.
    Rather than sending investigators all over the country to 
explain the same set of facts over and over again to different 
prosecutors and different judges, section 220 allows the 
investigators and prosecutors who are most familiar with the 
case to obtain authorization to gather electronic records from 
a single judge in their own district, who is also most familiar 
with the facts of the case, just as has always been the case 
with other records subject to grand jury subpoenas. This 
provision just makes practical sense in today's world of 
electronic evidence.
    In the three and a half years since Congress passed these 
provisions of the PATRIOT Act by overwhelming bipartisan 
majorities, we've had the opportunity to see these provisions 
in action. We have seen the modern tools Congress authorized 
through passage of the PATRIOT Act dramatically improve law 
enforcement's ability to protect the safety and security of the 
American people.
    We have used these tools to disrupt terrorist networks and 
to prevent terrorist attacks, to bring down international drug 
conspiracies, and to rescue children in imminent danger.
    Most significantly we have prevented another terrorist 
attack from striking us here at home. These are the facts, not 
fears.
    The PATRIOT Act has made law enforcement more effective and 
more efficient. All this has been done without impacting any of 
the constitutional protections that we as Americans hold dear.
    It is in this context that these tools must be evaluated. 
It is this record of accomplishments that should be first and 
foremost in your minds.
    We cannot go back. If Congress fails to reauthorize the 
PATRIOT Act, we will revert to old rules that hamstring law 
enforcement with inefficient processes and unnecessary delays 
in investigating 21st century crime.
    The law would once again treat similar services differently 
without good cause, and, worse, the law would protect criminals 
at the expense of their victims' rights. If these provisions 
are not renewed, law enforcement will be less efficient and 
less effective in combating not only terrorism, but other 
serious offenses, such as cyber crime, child exploitation and 
kidnapping.
    Our experience over the past three and a half years has 
proven the utility and rationality of these modernizations of 
our laws. In light of the very real threats we face today, we 
cannot afford to go back to when technology was outpacing law 
enforcement's tools.
    Therefore, I ask that you continue to move our laws forward 
by reauthorizing sections 209, 217, and 220 of the PATRIOT Act. 
The Department of Justice appreciates this Subcommittee's 
leadership in making sure that our country's laws meet the 
challenges of today and of tomorrow.
    Thank you for the opportunity to testify today and for your 
continuing support. I am happy to try to answer any questions 
you may have.
    [The prepared statement of Ms. Parsky follows:]

                 Prepared Statement of Laura H. Parsky



    Mr. Coble. Thank you, Ms. Parsky.
    Mr. Martinez?

  TESTIMONY OF STEVEN M. MARTINEZ, DEPUTY ASSISTANT DIRECTOR, 
        CYBER DIVISION, FEDERAL BUREAU OF INVESTIGATION

    Mr. Martinez. Good morning, Mr. Chairman, Ranking Member 
Scott, and Members of the Subcommittee.
    My name is Steven Martinez. I'm the Deputy Assistant 
Director of the FBI's Cyber Division. The primary mission of 
the Cyber Division is to protect the American public against a 
host of significant and potentially deadly high-tech crimes.
    The uses of technology in our society are innumerable and 
their value immeasurable. The state of technology has been 
advancing rapidly over the past 20 years, much of it to the 
benefit of people living in all corners of the world.
    Unfortunately, the picture is not always so bright.
    Technology has also been used to harm people, while 
offering a particularly effective escape route. In this digital 
age, crimes can and do occur within seconds without the 
perpetrator ever getting anywhere physically close to the 
victim.
    In such a setting, law enforcement must be equipped with 
the investigative tools necessary to meet, locate, and 
incapacitate the growing threat.
    With this background in mind, I want to thank you for the 
opportunity to appear before you today to discuss certain 
sections of the USA PATRIOT Act which are scheduled to expire 
at the end of this year, specifically sections 209, 217, and 
220. Going in numerical order, allow me to start with section 
209.
    Section 209 permits law enforcement officers to seize voice 
mail with a search warrant rather than a surveillance, or title 
III order. The importance of this provision is best understood 
in the context of how often terrorists and other criminals rely 
on technology to relay their plans to each other instead of 
risking face to face in-person meetings.
    Section 209 provides a very good example of how the USA 
PATRIOT Act simply updated the law to reflect recent 
technological developments. The drafters of the act determined 
that obtaining voicemail stored on a third party's answering 
system is more similar to obtaining voicemail stored on a home 
answering machine, which requires a search warrant, more so 
than it is to monitoring somebody's telephone calls, which 
requires a title III order.
    In passing this portion of the act, Congress made the 
statutory framework technology-neutral. Privacy rights are 
still well accounted for, since the section 209 allows 
investigators to apply for and receive a court-ordered search 
warrant to obtain voicemail pursuant to all of the pre-existing 
standards for the availability of search warrants, including a 
showing of probable cause.
    With privacy rights left firmly intact, there is a distinct 
advantage to the public's safety when law enforcement can 
obtain evidence in a manner that is quicker than the title III 
process.
    I would like to move next to section 217, the Hacker 
Trespasser Exception. Like section 209 before it, section 217 
also makes the law technology-neutral.
    Section 217 places cyber-trespassers--those who are 
breaking into computers--on the same footing as physical 
intruders. Section 217 allows the victims of computer-hacking 
crimes voluntarily to request law enforcement assistance in 
monitoring trespassers on their computers.
    Just as burglary victims have long been able to invite 
officers into their homes to catch the thieves, hacking victims 
can now allow law enforcement officers into their computers to 
catch cyber-intruders.
    Think for a moment how odd it would be if a homeowner 
yelled out to a police officer ``Hey, there's a burglar in my 
house right now, help!'', only to have the police respond, 
``Sorry, I have to apply for a court order first, try not to 
scare him off.'' The homeowner would be dumbfounded; the 
burglar would be long gone by time the police returned. This, 
in essence, is what was occurring prior to the PATRIOT Act.
    It can be said that section 217, in a very significant way, 
enhances privacy. The essence of the section--to help catch 
hackers--serves a vital function in the FBI's ability to 
enforce data privacy laws. Hackers have no respect for your 
privacy or mine.
    There has been an outpouring of concern from the American 
public to protect them from identity theft and to ensure that 
their personal records are secure. Congress has responded with 
a powerful array of laws that are designed to impose serious 
consequences on computer hackers. However, if law enforcement 
does not have the ability to quickly spot and then locate 
hackers, then the victim toll will mount and only hackers 
themselves, remaining anonymous, will be left with privacy.
    The FBI understands the importance of preventing criminals 
from stealing and selling our information, and we are resolved 
to catch those who do. Section 217 is of enormous help in this 
regard.
    Lastly, I would like to turn to section 220. Section 220 
enables Federal courts--with jurisdiction over investigation--
to issue a search warrant to compel the production of 
information, such as unopened e-mail, that is stored with a 
service provider located outside their district.
    Now, for example, a judge with jurisdiction over a 
kidnapping investigation in Pittsburgh can issue a search 
warrant for e-mail messages that are stored on a server in 
California. As a result, investigators in Pennsylvania can ask 
the judge most familiar with the investigation to issue a 
warrant rather than having to ask an Assistant United States 
Attorney in California who's unfamiliar with the case, to ask a 
district judge in California, who also is unfamiliar with the 
case, to issue the warrant.
    Lest you think this is merely a hypothetical example, it's 
not. Using section 220, our FBI office in Pittsburgh was able 
to obtain a warrant for information residing on a computer in 
California that ultimately led to the rescue of a teenage girl 
who was being sexually tortured in Virginia while being chained 
to a wall in somebody's basement.
    The man who held her hostage is now in prison, serving 
close to 20 years. The girl's life was saved.
    Other FBI Field Offices also have repeatedly stated that 
section 220 has been very beneficial to quickly obtain 
information required in their investigations.
    Mr. Chairman and Members of the Committee, let me conclude 
my prepared remarks by saying that the provisions of the USA 
PATRIOT Act I have discussed today have proven significant to a 
number of our successes and I have every reason to believe that 
the need to retain these provisions in the future is also 
significant.
    By responsibly using the statutes provided by Congress, the 
FBI has made substantial progress in its ability to enforce the 
law and protect lives, while at the same time protecting civil 
liberties. Thank you.
    [The prepared statement of Mr. Martinez follows:]

                Prepared Statement of Steven M. Martinez

    Good morning Mr. Chairman, Ranking Member Scott, and members of the 
subcommittee.
    My name is Steven Martinez and I am the Deputy Assistant Director 
of the FBI's Cyber Division. The primary mission of the Cyber Division 
is to supervise the Bureau's investigation of federal violations in 
which computer systems, including the Internet, are exploited by 
terrorists, foreign government intelligence operatives, and criminals. 
In short, our mission is to protect the American public against a host 
of significant and potentially deadly high-tech crimes.
    The uses of technology in our society are innumerable and their 
value immeasurable. The state of technology has been advancing rapidly 
over the past twenty years, much of it to the benefit of people living 
in all corners of the world. Unfortunately, the picture is not always 
so bright. Technology has also been used to harm people, while offering 
a particularly effective escape route. In this digital age, crimes can 
and do occur within seconds without the perpetrator ever getting 
anywhere physically close to the victim. In such a setting, law 
enforcement must be equipped with the investigative tools necessary to 
meet, locate, and incapacitate this growing threat. Law enforcement 
must be prepared to face sophisticated enemies and criminals who are 
known to exploit technology because of its ability to keep them far 
away from the scene of the crime, spread apart even from one another, 
and who have the ability to delete any digital evidence of their 
actions at the push of a button.
    With this background in mind, I want to thank you for the 
opportunity to appear before you today to discuss certain sections of 
the USA PATRIOT Act which are scheduled to expire at the end of this 
year, specifically sections 209, 217, and 220.
    When Attorney General Gonzales testified before the House Judiciary 
Committee on April 6, 2005, he shared his firm view that each of the 
provisions of the USA PATRIOT Act that are scheduled to sunset at the 
end of this year must be made permanent. Director Mueller provided the 
FBI's perspective in a hearing before the Senate Judiciary Committee on 
April 5, 2005, and he too spoke of the crucial need to renew these 
provisions. Based on my knowledge of the interests, capabilities, and 
motives of those who, day in and day out, are attempting to do us harm 
by means of the Internet, I want to express my full agreement about the 
importance of the PATRIOT Act and the provisions I plan to address 
today. I believe that the Act's substantial merit can be demonstrated 
by what we already have experienced as a nation; still, it is equally 
true that the Act is essential so that we are prepared to confront the 
ever-evolving threat that no doubt will come.

        SECTION 20--SEIZURE OF VOICE MAIL WITH A SEARCH WARRANT

    Going in numerical order, allow me to start with section 209. 
Section 209 permits law enforcement officers to seize voice mail with a 
search warrant rather than a surveillance, or Title III, order. Section 
209 provides a very good example of how the USA PATRIOT Act simply 
updated the law to reflect recent technological developments. The 
drafters of the Act determined that obtaining voicemail stored on a 
third party's answering system is more similar to obtaining voicemail 
stored on a home answering machine (which requires a search warrant) 
than it is to monitoring somebody's telephone calls (which requires a 
TIII order). In passing this portion of the Act, Congress made the 
statutory framework technology-neutral. Privacy rights are still well 
accounted for, since section 209 allows investigators to apply for and 
receive a court-ordered search warrant to obtain voicemail pursuant to 
all of the pre-existing standards for the availability of search 
warrants, including a showing of probable cause. With privacy rights 
left firmly intact, there is a distinct advantage to the public's 
safety when law enforcement can obtain evidence in a manner that is 
quicker than the Title III process.
    The importance of this provision is best understood in the context 
of how often terrorists and other criminals rely on technology to relay 
their plans to each other instead of risking face-to-face in-person 
meetings. Attorney General Gonzales gave a good sense of the diversity 
of those who would rely on the simple convenience of leaving voicemail 
in furtherance of their illegal activities when he pointed out that 
section 209 has already been relied upon to acquire messages left for 
domestic terrorists, foreign terrorists, and international drug 
smugglers.
    Allowing section 209 to expire would once again lead to different 
treatment for voicemail messages stored on a third party's system than 
for the same message stored on a person's home answering machine. Doing 
so would needlessly hamper law enforcement efforts to investigate 
crimes.

              SECTION 217--THE HACKER TRESPASSER EXCEPTION

    I would like to move next to section 217, the hacker trespasser 
exception. Like section 209 before it, section 217 also makes the law 
technology-neutral. Section 217 places cyber-trespassers--those who are 
breaking into computers--on the same footing as physical intruders. 
Section 217 allows the victims of computer-hacking crimes voluntarily 
to request law enforcement assistance in monitoring trespassers on 
their computers. Just as burglary victims have long been able to invite 
officers into their homes to catch the thieves, hacking victims can now 
allow law enforcement officers into their computers to catch cyber-
intruders. Think for a moment how odd it would be if a homeowner yelled 
out to a police officer ``Hey, there's a burglar in my house right now, 
help!'', only to have the police respond, ``Sorry, I have to apply for 
a court order first, try not to scare him off.'' The homeowner would be 
dumbfounded, and the burglar would be long gone by time the police 
returned. This, in essence, is what was occurring prior to the PATRIOT 
Act.
    It can be said that section 217, in a very significant way, 
enhances privacy. First, it is carefully crafted to ensure that law 
enforcement conducts monitoring against trespassers in a manner 
entirely consistent with protecting the privacy rights of law abiding 
citizens. Second, the essence of the section--to help catch hackers--
serves a vital function in the FBI's ability to enforce data privacy 
laws.
    With respect to the first point, the narrowly crafted scope of this 
legislation, section 217 preserves the privacy of law-abiding computer 
users by sharply limiting the circumstances under which the trespasser 
exception may be used. At its most fundamental level, section 217 
requires consent. Law enforcement assistance is by invitation only. The 
computer crime victim is actually seeking the FBI's help. In addition, 
a law enforcement officer may not conduct monitoring based solely on 
the computer owner or operator's consent unless the law enforcement 
officer is engaged in a lawful investigation; has reason to believe 
that capturing the communications will be relevant to that 
investigation; and can ensure that the consensual monitoring will 
acquire only those communications that are transmitted to or from the 
hacker. On top of these requirements, section 217 then goes one step 
further. Based on the definition of a ``computer trespasser,'' section 
217 does not allow law enforcement to come to the immediate aid of 
victims who are being hacked by one or more of their own customers. In 
those cases the owner or operator of the computer system cannot provide 
sufficient consent to monitor the trespasser, even if the hacker/
customer broke into areas of the computer he has no authority to see 
(including other customer account information).
    Still, despite this last limitation, the hacker trespasser 
exception has been an important tool for law enforcement to obtain 
evidence based on the consent of the victim, much of which involves 
protecting people's privacy.
    A diverse array of real-world examples from our criminal 
investigations demonstrate that this provision has been significant in 
order for the FBI to protect the privacy rights of individuals and 
businesses whose computers are being broken into for the purpose of 
stealing the personal data stored on their computers. Hackers have no 
respect for your privacy or mine. When hackers break into a computer 
network and obtain root access they get to look at, download, and even 
can make changes to, whatever information is on that network. Hackers 
can and do routinely steal social security numbers, credit card 
numbers, and drivers license numbers. Depending on the systems they 
break into, they can look at health care information and can change it 
at will. There has been an outpouring of concern from the American 
public to protect them from identity theft and to ensure that their 
personal records are secure. Congress has responded with a powerful 
array of laws that are designed to impose serious consequences on 
computer hackers. However, if law enforcement does not have the ability 
to quickly spot and then locate hackers, then the victim toll will 
mount and only the hackers themselves, remaining anonymous, will be 
left with privacy. The FBI understands the importance of preventing 
criminals from stealing and selling our information, and we are 
resolved to catch those who do. Section 217 is of enormous help in this 
regard.
    For example, under this provision, the FBI was able to monitor the 
communications of an international group of ``carders'' (individuals 
that use and trade stolen credit card information). The group used chat 
rooms and fraudulent websites to commit identity theft, but managed to 
provide themselves with privacy by using false names to get e-mail 
accounts. The most important tool in their bid to remain anonymous was 
their use of a proxy server they broke into and then reconfigured. The 
identity thieves used the proxy server to disguise where all of their 
Internet communications were coming from. The owner of the proxy server 
was himself a victim of the crime, his computer having essentially been 
hijacked and transformed into the hub of a criminal operation. When he 
determined that his computer had been hacked he provided the FBI with 
consent to monitor the intruder and hopefully to catch him. The 
computer owner's ability to bring in the FBI paid off, not just for him 
but for the countless other victims of the identity thief. By taking 
advantage of hacker trespasser monitoring, the FBI gathered leads that 
resulted in the discovery of the true identity of the subject. The 
subject was later indicted and is now awaiting trial.
    Since its enactment, section 217 has played a key role in a variety 
of hacking cases, including investigations into hackers' attempts to 
compromise military computer systems. Allowing section 217 to expire at 
the end of this year would help computer hackers avoid justice and 
prevent law enforcement from responding quickly to victims who are 
themselves asking for help.

         SECTION 220--SEARCH WARRANTS FOR ELECTRONIC EVIDENCE 
                      LOCATED IN ANOTHER DISTRICT

    Lastly, I would like to turn to section 220 of the USA PATRIOT Act. 
Section 220 enables federal courts--with jurisdiction over an 
investigation--to issue a search warrant to compel the production of 
information (such as unopened e-mail) that is stored with a service 
provider located outside their district. The practical effect of this 
section is that our FBI Agents are no longer limited to applying for a 
search warrant solely from the court that sits where the service 
provider happens to be located.
    Before discussing this section in depth, I think it is helpful to 
point out that the borderless nature of Internet crime means that more 
often than not ***the victim**** of a crime, the person who committed 
the crime, and ***the evidence**** of that crime are all located in 
different parts of the country (or indeed the world). Applying this 
fact in the context of a search warrant will demonstrate the utility 
and the necessity of section 220.
    Prior to the PATRIOT Act, if an investigator wanted to obtain the 
contents of unopened e-mail from a service provider located in the 
United States, he or she needed to obtain a warrant from a court 
physically located in the same federal district as the service provider 
was located. To accomplish this, the FBI Agent working on the case 
(this Agent typically would be located where the victim is located) 
needed to brief another FBI Agent and prosecutor who were located in 
the ISP's jurisdiction (where the evidence happened to be 
electronically stored). The second FBI Agent and prosecutor then would 
appear before their local court to obtain the search warrant. This was 
a time and labor consuming process. Furthermore, because several of the 
largest email providers are located in a few districts, such as the 
Northern District of California and the Eastern District of Virginia, 
these FBI Agents, Prosecutors, and Judges were faced with a substantial 
workload dealing with cases in which neither the victim nor the 
criminal resided, and they had to be brought up to speed about the 
details of an investigation which, both beforehand and afterwards, they 
had no need to know.
    Section 220 fixed this problem. It makes clear, for example, that a 
judge with jurisdiction over a kidnaping investigation in Pittsburgh 
can issue a search warrant for e-mail messages that are stored on a 
server in California. As a result, the investigators in Pennsylvania 
can ask the judge most familiar with the investigation to issue the 
warrant rather than having to ask an Assistant United States Attorney 
in California, who is unfamiliar with the case, to ask a district judge 
in California, who also is unfamiliar with the case, to issue the 
warrant. Lest you think this is merely a hypothetical example, it's 
not. Using section 220, our FBI office in Pittsburgh was able to obtain 
a warrant for information residing on a computer in California that 
ultimately led to the rescue of a teenage girl who was being sexually 
tortured in Virginia while being chained to a wall in somebody's 
basement. The man who held her hostage is now in prison, serving close 
to 20 years. The girl's life was saved.
    Other FBI Field Offices also have repeatedly stated that section 
220 has been very beneficial to quickly obtain information required in 
their investigations. The value of this provision in terrorism cases 
already has been demonstrated time and again. In his April 6 testimony, 
Attorney General Gonzales pointed to its important application during 
investigations into the Portland Terror Cell, the ``Virginia Jihad'', 
and the Richard Reid ``shoebomber'' case.
    It is imperative that section 220 be renewed. The provision 
expedites the investigative process and, in doing so, makes it more 
likely that evidence will still be available to law enforcement after 
it executes a court-authorized search warrant and obtains further 
leads; the provision frees up FBI, U.S. Attorney, and judicial 
personnel to more efficiently pursue other time-sensitive investigative 
matters; and, section 220 in no way lowers the protections that apply 
to the government's application for a search warrant.

                               CONCLUSION

    Mr. Chairman and Members of the Committee, the provisions of the 
USA Patriot Act I have discussed today have proven significant to a 
number of our successes and I have every reason to believe that the 
need to retain these provisions in the future is also significant. By 
responsibly using the statutes provided by Congress, the FBI has made 
substantial progress in its ability to enforce the law and protect 
lives, while at the same time protecting civil liberties. In renewing 
those provisions scheduled to ``sunset'' at then end of this year, 
Congress will ensure that the FBI will continue to have the tools it 
needs to combat the very real threats to America and our fellow 
citizens. Thank you for your time today.

    Mr. Coble. Thank you, Mr. Martinez. Mr. Dempsey?

   TESTIMONY OF JIM DEMPSEY, EXECUTIVE DIRECTOR, CENTER FOR 
                    DEMOCRACY AND TECHNOLOGY

    Mr. Dempsey. Mr. Chairman, Representative Scott, Members of 
the Subcommittee, good morning.
    Mr. Coble. Hold. If you will just suspend just a minute, 
Mr. Dempsey, I wanted to recognize the presence of the 
Gentlemen from Florida, Ohio, and Arizona to my right and the 
Gentleman from Massachusetts to our left.
    Go ahead, Mr. Dempsey, and you won't be penalized for that 
time.
    Mr. Dempsey. Thank you, Mr. Chairman. We commend you, Mr. 
Chairman, and Members of the Subcommittee and the full 
Committee leadership for undertaking this series of hearings on 
the PATRIOT Act. From this kind of detailed, objective inquiry, 
we can attain the balance that was left aside in the haste and 
emotion in the weeks after 9/11.
    My main point today is that while, of course, the law needs 
to keep pace with changing technology to ensure that the 
Government can get the information that it needs to prevent 
crime and terrorism, at the same time the law also needs to 
keep pace with changing technology to protect privacy, 
especially as technology changes in ways that make ever larger 
volumes of information available to the Government, 
particularly to acquire from third parties.
    The PATRIOT Act addressed only one side of this equation. 
Now is the time for Congress to address the privacy issues and 
finish the job.
    Perhaps the biggest change that is happening in technology 
that increases governmental access to information and that 
affects privacy is the storage of more and more information on 
computer networks, and under the control of third parties. The 
kind of information that you would normally keep in your file 
drawer, even on your laptop in your own possession, that 
information is increasingly moving out onto networks, onto web-
based storage. And the law just draws a distinction, and I 
think a now outdated distinction, between interception of 
communications in transit and access to those communications in 
storage. And it draws a further distinction between whether the 
e-mail is opened or unopened. If it's opened, it gets less 
protection than if it's unopened. If it's older, it gets less 
protection than if it's new.
    Our recommendation is that Congress should take the Justice 
Department's description of 209, for example, the so-called 
voicemail provision, take their explanation and their 
description of that at face value and make seizure of all 
stored communications subject to a warrant.
    The problem is that the way the law now works, if a stored 
voicemail is opened on your home answering machine--you listen 
to it, but you save it--it's protected fully by the fourth 
amendment, subject to a warrant. If it's opened on a third 
party server, it no longer is protected by the warrant 
requirement, which is why we say that section 209 is a little 
misleadingly named.
    If that voicemail is older than 180 days or that e-mail is 
older than 180 days, it's not protected by the warrant 
requirement on the ISP computer, even though it is fully 
protected still if you've printed it out and put it in your 
file drawer, fully protected by the warrant requirement.
    So Congress should eliminate this distinction, and, in 
fact, this Committee, the full Committee, did vote in 2000 to 
eliminate that distinction and to make all stored 
communications--whether opened or unopened, stored--I mean a 
long period of time or short period of time--subject to the 
same warrant requirement that the Justice Department refers to.
    Turning just briefly to the interception of--and also to 
apply to those provisions some of the other protections in the 
law. Again, ensuring that the Government has the access, but, 
for example, we have absolutely no reporting on how often the 
Government accesses stored e-mail. We have very good and 
detailed statistical reports on live interceptions of e-mail 
and of phone calls through the annual wiretap report. But we 
really don't have a sense of access to stored communications. 
And as Professor Swire will describe now, with Voice Over IP, 
we're actually going to be seeing entire voice conversations 
stored for perhaps lengthy periods of time as the storage 
capacity is made available.
    Section 217. This isn't quite like the homeowner. When the 
homeowner--the homeowner can invite the police into this 
property in order to find an intruder. But the homeowner cannot 
authorize the police to look in the pockets of the intruder. 
They cannot authorize the police to open up the briefcase of 
the intruder and read what's inside the briefcase. It requires 
another exception to the warrant requirement: search incident 
to an arrest, which we don't have here; protection of the 
officer, which we don't have here. So this isn't just like that 
homeowner search.
    Nationwide service of warrants I think could be very nicely 
addressed by allowing those warrants to be challenged both in 
the jurisdiction in which they are issued and in the 
jurisdiction in which they are served. I think that's an 
equitable and minor change that would rebalance that.
    Mr. Chairman, Members of the Committee, we look forward to 
working with you on these issues as we move forward between now 
and the end of the year. Thank you.
    [The prepared statement of Mr. Dempsey follows:]

                 Prepared Statement of James X. Dempsey

    Chairman Coble, Rep. Scott, Members of the Committee, thank you for 
the opportunity to testify at this important hearing. We want to 
commend the Subcommittee and the full Committee leadership for 
undertaking this series of hearings on the PATRIOT Act. From this kind 
of detailed, objective inquiry, we can attain the balance that was left 
aside in the haste and emotion of the weeks after 9/11.
    Our main point today is that while, of course, the law needs to 
keep pace with changing technology to ensure that government agencies 
have access to information to prevent crime and terrorism, the law also 
needs to keep pace with changing technology to protect privacy, as 
technology makes ever larger volumes of information available for the 
government to acquire from third parties, without going to the subject 
of interest, as it used to have to do under the Fourth Amendment. The 
PATRIOT Act addressed only one side of this equation, making government 
access easier without counterbalancing privacy improvements. Now is the 
time for Congress to finish the job and address the privacy side of the 
equation.
    In CDT's view, there are few if any provisions in the PATRIOT Act 
that are per se unreasonable. We see not a single power in the Act that 
should sunset. The question before us--and it is one of the most 
important questions in a democratic society--is what checks and 
balances should apply to those powers. With respect to the particular 
PATRIOT powers at issue in today's hearing, those time-honored checks 
and balances should include:

          Judicial review of intrusive techniques, preferably 
        judicial approval before a search.

          Second, as a general rule, individuals should have 
        notice when their communications are acquired by the 
        government.

          Finally, government surveillance needs to be subject 
        to Congressional oversight and some public accountability, 
        including through more detailed unclassified reporting.

    In one way or another, PATRIOT Act provisions fail to include these 
checks and balances.
        prevention of terrorism does not require suspension of 
                        standards and oversight
    At the outset, let me stress some basic points on which I hope 
there is widespread agreement:

          Terrorism poses a grave and imminent threat to our 
        nation. There are people--almost certainly some in the United 
        States--today planning additional terrorist attacks, perhaps 
        involving biological, chemical or nuclear materials.

          The government must have strong investigative 
        authorities to collect information to prevent terrorism. These 
        authorities must include the ability to conduct electronic 
        surveillance, carry out physical searches effectively, and 
        obtain transactional records or business records pertaining to 
        suspected terrorists.

          These authorities, however, must be guided by the 
        Fourth Amendment, and subject to Executive and judicial 
        controls as well as legislative oversight and a measure of 
        public transparency.

THE LAW NEEDS TO KEEP PACE WITH TECHNOLOGY--BOTH TO PROVIDE APPROPRIATE 
            TOOLS TO LAW ENFORCEMENT AND TO PROTECT PRIVACY

    We have been told that this hearing will focus on three sections: 
209 (misleadingly entitled ``seizure of voice-mail pursuant to a 
warrant''); 217 (interception of computer trespasser communications); 
and 220 (nationwide service of search warrants for electronic 
evidence). Sections 209, 217 and 220 are not among the most 
controversial provisions of the PATRIOT Act. The fact that they are 
subject to the sunset at all, while, for example, the ``sneak and 
peek'' authority in Section 213 and the national security letter 
expansions in Section 505 are not subject to the sunset, illustrates 
how the debate over the sunsets is somewhat misplaced.
    As with most other sunsetted provisions, there is little call for 
denying government the access to information provided under Sections 
209, 217 and 220. Rather, the questions posed by these sections are 
matters of checks and balances, related to the continuing but uneven 
effort to rationalize the standards for government access to electronic 
communications and stored records in the light of ongoing changes in 
technology. It is worth noting that Sections 209, 217 and 220 have no 
direct connection with terrorism. They apply to all criminal cases.
    These sections highlight an overarching concern about the way in 
which amendments to the surveillance laws in recent years, and 
especially in the PATRIOT Act, have served as a ``one-way ratchet'' 
expanding government power without corresponding improvements in the 
checks and balances applicable to those powers. This has been a 
departure from Congress' traditional approach to electronic 
surveillance issues. In the first major wiretap statute, Title III of 
the 1968 Omnibus Crime Control Act; in the Electronic Communications 
Privacy Act of 1986; and even in the controversial Communications 
Assistance for Law Enforcement Act of 1994, Congress and the Justice 
Department agreed on the twin goals of ensuring law enforcement 
authority to intercept communications while also strengthening privacy 
protection standards, especially in light of changing technology.
    This spirit of balance has unfortunately been lost. In recent 
years, time and again, the Department of Justice has proposed changes 
in the surveillance laws that reduce judicial oversight or increase 
Executive Branch discretion, and Congress has too often enacted them, 
without ever considering how these changes add up or whether other 
changes may be needed to increase privacy protections in response to 
advancements in technology that have made the government's surveillance 
more intrusive. Sometimes, as with the PATRIOT Act, this one-way 
expansion of government power occurs in a time of intense crisis. 
Sometimes, these changes occur stealthily, like the ``John Doe roving 
tap'' change that was added to FISA in December 2001 by the conference 
committee on the intelligence authorization act without having passed 
either the House or the Senate. Other one-sided and little debated 
expansions in the government's discretion include the expansion of 
ECPA's emergency disclosure authorities in the legislation creating the 
Department of Homeland Security, Pub. L. 107-296, Sec. 225(d). (That at 
least included a reporting requirement, which should be made annual.) A 
further exception to ECPA was made by Section 508(b) of the 
Prosecutorial Remedies and Other Tools to end the Exploitation of 
Children Today (PROTECT) Act of 2003, Pub. L. 108-21, which allowed 
disclosure without a warrant or subpoena of the contents of 
communications and subscriber identifying information to the National 
Center for Missing and Exploited Children, which in turn can disclose 
the information to law enforcement agencies. Changes to Title III's 
roving tap authority were adopted in the Intelligence Authorization Act 
for Fiscal Year 1999, Pub. L. 105-272, Title VI, Sec 604, Oct 20, 1998, 
112 Stat 2413 (permitting roving taps to be implemented if ``it is 
reasonable to presume that the person identified in the application is 
or was reasonably proximate to the instrument through which such 
communications will be or was transmitted''). And Section 731 of the 
1996 anti-terrorism act excluded interception of wireless data 
transfers and of information about electronic funds transfers from the 
coverage of Title III.
    Each of these changes is small in isolation, and each had a 
rationale. None, however, was considered in the context of other, long-
recognized changes that need to be made to strengthen the privacy 
protections of the electronic surveillance laws, including:

          extending Title III's statutory suppression rule to 
        electronic communications, a change even the Justice Department 
        once supported;

          increasing the standard for pen registers and trap 
        and trace devices, to give judges meaningful oversight, a 
        change the full Judiciary Committee supported in 2000;

          eliminating the distinctions between opened and 
        unopened email and between relatively fresh and older email, by 
        bringing all stored email under a warrant standard, another 
        change the Committee supported in 2000;

          establishing a probable cause standard for access to 
        location information, a change this Committee also supported in 
        2000;

          requiring reporting on access to email, also 
        supported by the Committee in 2000.

    With this context in mind, it is easier to see why even some of the 
minor changes in the PATRIOT Act draw concern, for they are part of a 
steady stream of uni-directional amendments that are slowly eroding the 
protections and limits of the electronic privacy laws.

    SECTION 209--SEIZURE OF VOICE-MAIL MESSAGES PURSUANT TO WARRANT

    Section 209 is described as permitting the seizure of voicemail 
messages pursuant to a search warrant. Previously, while voicemail 
messages stored on an answering machine in one's home could be seized 
by a search warrant, access to voicemail messages stored with a service 
provider had required a Title III order, which offers higher 
protections. The theory behind section 209 is that stored voice 
messages should be treated the same as stored data.
    On one level, Section 209 makes the rules technology neutral, which 
is usually desirable. If Section 209 is taken at face value, and if the 
only difference it effects is between a Title III order and a search 
warrant, both issued on probable cause, Section 209 does not represent 
a big change. For this reason, CDT has described Section 209 as one of 
the non-controversial provisions of the PATRIOT Act.
    However, as Prof. Swire points out, Section 209 is misleadingly 
titled: Because the law that was amended by 209 draws some bizarre 
distinctions between read and unread email and between newer and older 
email, Section 209 means that a lot of stored voice communications will 
be available not with a warrant but under a mere subpoena.
    Moreover, the Justice Department's explanation of Section 209 
overlooks the importance of notice under the Fourth Amendment and under 
Title III, and the absence of notice under the rules applied to stored 
material held by a service provider. When voicemail stored on your home 
answering machine is seized, you are normally provided notice at the 
time of the search. You can examine the warrant and immediately assert 
your rights. When email or voicemail is seized from a service provider 
pursuant to a warrant, you as the subscriber may never be provided 
notice unless and until the government introduces the information 
against you at trial. If you were mistakenly targeted or the government 
chooses not to use the evidence, you need never be told of the search 
of your stored communications, so you have little meaningful 
opportunity to seek redress.
    In the case of stored messages (whether email or voicemail), it is 
not even necessary from an investigative standpoint to deny 
contemporaneous notice in the way it is with live interception. Denial 
of notice is justified in the case of real-time interceptions because 
the effectiveness of the technique would be destroyed if the target 
were given contemporaneous notice. In the case of stored email or 
stored voice messages, the evidence is already created and, especially 
if notice is given immediately after seizure, the subject cannot 
destroy it. Denial of notice in the case of third party searches for 
stored email or voicemail is not justified.
    Recommendation: Congress should take the Justice Department's 
description of Section 209 at face value, and make all seizure of 
stored communications, whether voice or email, subject to a warrant. It 
could do so by eliminating the difference between opened and unopened 
stored records and between records 180 days old or less and records 
more than 180 days old. It should take the Justice Department's 
arguments at face value and adopt truly technology neutral rules for 
voice and data, whether in transit or in storage, applying the 
protections afforded under Title III:

          minimization of non-relevant material,

          notice to persons whose communications have been 
        intercepted,

          a statutory suppression rule, and

          detailed statistical reports to Congress and the 
        public.

    All of these protections apply to e-mail and voice when intercepted 
in transit. None of them apply to e-mail and voice seized from storage.
The Storage Revolution Is Rendering the Law Obsolete
    A storage revolution is sweeping the field of information and 
communications technology. Service providers are offering very large 
quantities of online storage, for email and potentially for voicemail. 
Increasingly, technology users are storing information not in their 
homes or even on portable devices but on networks, under the control of 
service providers who can be served with compulsory process and never 
have to tell the subscribers that their privacy has been invaded. New 
Voice over Internet Protocol (VoIP) services may include the capability 
to store past voice conversations in a way never available before, 
further obliterating the distinction between real-time interception and 
access to stored communications.
    Section 209 takes a seemingly small category of information out of 
the full protection of the Fourth Amendment and moves it under the 
lowered protections accorded to remotely stored communications and 
data. But stored voicemail is the tip of an iceberg. Increasingly, 
individuals are using stored email to store documents, including draft 
documents on computers operated by service providers and accessed 
through a Web interface.
    Rather than allowing growing amounts of personal information to 
fall outside the traditional protections of the Fourth Amendment, it is 
time to revisit the rules for networked storage (whether of voice or 
data) and bring them more in line with traditional Fourth Amendment 
principles, by requiring contemporaneous notice as the norm and 
covering both newer records and older records (again, whether voice or 
data) under the same probable cause standard. That would be truly 
technology neutral and would have the advantage of not allowing 
technology advances to erode privacy protections.
Section 217--Interception of computer trespasser communications
    Section 217 permits law enforcement agencies to carry out 
electronic surveillance of without a court order when the service 
provider permits the surveillance on the ground that a ``trespasser'' 
is using its system. Section 217 represents another in a steadily 
growing series of exceptions to the protections of the electronic 
communications privacy laws. (The emergency disclosure provision of 
Section 212 is another example.)
    Section 217 and similar provisions essentially allow ``off the 
books surveillance''--they define certain interceptions not to be 
interceptions, and certain disclosures not to be disclosures. Once an 
access to communications or data is excluded from the coverage of the 
surveillance laws, not only is it not subject to prior judicial 
approval, but also there are no other protections normally associated 
with electronic surveillance:

          There is never a report to a judge. (In contrast, 
        under both Title III and FISA, when electronic surveillance is 
        carried out on an emergency basis, an application must be filed 
        after the fact.)

          There is no time limit placed on the disclosures or 
        interceptions. (A Title III wiretap cannot continue for more 
        than 30 days without new approval.)

          There is never notice to the person whose 
        communications are intercepted or disclosed.

          There is no statutory suppression rule if the 
        communications were improperly seized, and there would be no 
        suppression remedy at all if the information is deemed to be 
        outside the protection of the Fourth Amendment.

          The interceptions and disclosures are not reported to 
        Congress or the public.

    The Department of Justice, in its defense of Section 217, claims 
that the privacy of law-abiding computer users is protected because 
only the communications of the computer trespasser can be intercepted. 
But what if the system operator is wrong? What if there is a legitimate 
emergency, but law enforcement targets the wrong person? Under Section 
217, a guilty person gets more notice than an innocent person--the 
guilty person is told of the surveillance or disclosure but the 
innocent person need never be notified.
    Contrary to the Department's arguments, Section 217 is not 
analogous to the case of the home trespasser. While the homeowner can 
invite in the police onto his property, the homeowner cannot authorize 
the police to go through the trespasser's pockets or read the papers in 
his briefcase. To do so requires a separate Fourth Amendment basis, 
which would require a warrant unless one of the exceptions applied, and 
in the online context, there may be no other exception available.
    Recommendation: While an emergency exception to the court order 
requirement may be appropriate for trespasser situations, interceptions 
under the trespasser rule should be treated as interceptions under 
Title III:

          As with other emergency interceptions, when 
        electronic surveillance is carried out on an emergency basis, 
        an application for judicial approval must be filed after the 
        surveillance commences

          The length of interceptions should be limited to the 
        time necessary to identify the trespasser or for 30 days, 
        whichever is less

          Interceptions under the trespasser rules should be 
        treated as interceptions for purposes of giving delayed notice 
        to the person whose communications are intercepted.

          Interceptions under the trespasser rules should be 
        treated as interceptions for purposes of the statutory 
        suppression rule.

          Interceptions under the trespasser rule should be 
        counted as interceptions for Title III purposes and included in 
        the annual Wiretap Report.

Section 220--Nationwide service of search warrants for electronic 
        evidence
    Section 220 amended 18 U.S.C. 2703 to allow judges to issue search 
warrants for electronic evidence that can be executed outside of the 
district in which the issuing court is located. In a world where the 
center of an investigation may be in one state, but the target's ISP 
has its servers in another state, this makes obvious sense. Moreover, 
unlike Section 216, which authorizes a kind of roving pen register (one 
order can be served on multiple service providers in different 
districts until the government gets the full picture it wants), it 
seems that search warrants under Section 220 have to name the service 
provider upon whom they will be served. If it turns out that that 
provider does not have the records being sought, the government will 
have to obtain a new search warrant (as it would any time a search 
warrant does not turn up the expected evidence.)
    However, as the Electronic Privacy Information Center has noted, 
Section 220 removes ``an important legal safeguard by making it more 
difficult for a distant service provider to appear before the issuing 
court and object to legal or procedural defects. Indeed, it has become 
increasingly common for service providers to seek clarification from 
issuing courts when, in the face of rapidly evolving technological 
changes, many issues involving the privacy rights of their subscribers 
require careful judicial consideration. The burden would be 
particularly acute for smaller providers.''
    Recommendation: One solution to this problem is to allow a warrant 
to be challenged not only in the district in which it was issued but 
also in the district in which it is served. While the issuing judge may 
have a better sense of the factual basis for the order, a judge in the 
district in which the order is served may be in a better position to 
interpret or redefine the scope of the order in light of issues 
concerning the system of the service provider on whom the order is 
served.
    Even aside from Section 220, whether search warrants for electronic 
evidence are issued for evidence inside or outside their jurisdictions, 
judges should question applicants to be sure that the warrant is 
narrowly drawn. Judges should use extra care in understanding what 
information is being sought, whether it will be copied or originals 
will be seized (interfering with ongoing business), and whether it is 
possible to disclose just certain fields or just records from a certain 
pertinent timeframe. These are analogous to questions that judges have 
the authority to consider in the case of physical searches, but judges 
need to understand computer systems in order to fully enforce the 
specificity requirement of the Fourth Amendment in the digital context. 
Judges should look more carefully at the return of service. While 
notice under 18 U.S. C. 2705(b) can be prohibited, judges should be 
hesitant to deny notice to the person to whom the records pertain, 
since the subscriber is really in the best position to raise legitimate 
concerns. This is just another way in which judges faced with the 
authorities of the PATRIOT Act can assert closer scrutiny and place 
conditions on the exercise of PATRIOT authorities without denying the 
government access to the information needed.

                               CONCLUSION

    CDT supports the Security and Freedom Enhancement (SAFE) Act, a 
narrowly tailored bipartisan bill that would revise several provisions 
of the PATRIOT Act. It would retain all of the expanded authorities 
created by the Act but place important limits on them. It would protect 
the constitutional rights of American citizens while preserving the 
powers law enforcement needs to fight terrorism.
    We look forward to working with this Subcommittee and the full 
Committee as you move forward in seeking to establish some of the 
checks and balances that were left behind in the haste and anxiety of 
October 2001.

    Mr. Coble. Thank you, Mr. Dempsey. Professor Swire.

          TESTIMONY OF PETER SWIRE, PROFESSOR OF LAW, 
                     OHIO STATE UNIVERSITY

    Mr. Swire. Thank you, Mr. Chairman, and Mr. Ranking Member, 
and Members of the Committee. I appreciate very much the 
opportunity to testify before you today.
    Most of my remarks today will be on section 209 of the 
PATRIOT Act, the section that expanded the Government's access 
to voicemail and many other telephone conversations without the 
need for a wiretap order.
    Before turning to that, I will briefly comment on the other 
two sections that are the subject of today's hearing.
    Both section 220, on nationwide service of warrants, and 
section 217, the computer trespasser exception, were considered 
in detail when I chaired a White House Working Group in 2000 on 
how to update surveillance law for the Internet Age. As my 
written testimony explains in greater detail, I generally 
support extension of section 220 although with some refinements 
that Jim Dempsey has in his written testimony.
    For section 217, however, modifications should be made. 
Section 217 solves some important real-world problems. It lets 
a computer system owner ask the police for help when their 
system is under attack. With the owner's permission, law 
enforcement can surf over the shoulder of the system operator 
in order to spot the hacker and track him back through the 
Internet. That's the good news.
    The bad news, though, is that there are no checks against 
abuse in the section. Section 217 says the police are only 
supposed to look at the communications of the hacker. But if 
the police look at other e-mail and web traffic they can still 
use all that information. They can use it in future 
investigations. They can use it in court. The incentives for 
law enforcement are to get permission to enter the system under 
217, and then see how much they can get to see while they're 
there.
    As my written testimony explains, there is a simple 
solution to this. It's the same solution that this Committee, 
the Judiciary Committee in full, passed in 2000, with only one 
dissenting vote. The simple solution is that the same 
suppression rule that applies to phone wiretaps should also 
apply to e-mails. If law enforcement breaks the legal rules, if 
they go too far and break the law, they should not get to use 
the fruits of the illegal search.
    The rest of my time I'm going to spend on section 209. It 
turns out that section 209 has much broader ramifications than 
most people realize--than I realized before I was asked to 
testify this week.
    Section 209 allows the Government to get access to 
voicemails and many telephone conversations with much less than 
a wiretap order. The actual textual change in 209 is simple. 
The old law said that stored electronic records were under 
looser rules of the Stored Communications Act. All the PATRIOT 
Act did was say stored wire or electronic records; wire means 
any voice, telephone calls, voicemail sorts of records.
    In many instances under section 209 now, law enforcement 
can get your stored, but also stored voice now with a grand 
jury subpoena, where there's no judge involved at all or else 
with a judicial order that requires much less than probable 
cause.
    Section 209 was given to the Congress and to the public as 
if it were only about voicemail. It does apply to voice mail, 
which are stored telephone communications, but that's not all. 
The key new thing I think we're learning is that section 209 
applies to any and all telephone conversations that are stored. 
The term ``voice mail'' does not exist in the statutory text, 
except in the title.
    Should any of us care about stored telephone conversations? 
The answer is yes. The simple technological fact is that stored 
telephone conversations are becoming much more common due to 
changing phone technology. Every major telecomm company is part 
of this shift. SBC, Comcast, Verizon, Qwest--all of them are 
implementing right now major moves into this new phone 
technology. The new technology has a clumsy name, VOIP, which 
means Voice over Internet Protocol. What it means is that 
telephone conversations are shifting to this Internet protocol. 
What that means, in turn, is that telephone conversations are 
being stored at home and in the network for millions of 
Americans.
    The numbers for this change are big and they are real. This 
is not Internet hype. The phone software called Skype has now 
recorded over 100 million downloads. Over 20 percent of all new 
business phones already use this technology, with estimates of 
over half of new business phones within 3 years. Growth rates 
in the residential sector are over 30 percent a year.
    Because VOIP uses the Internet to transmit voice, all the 
tools that make the internet work come into play. The Internet 
tool that section 209 takes advantage of is called caching. 
Just as your web browser stores graphics and images in its 
caches, ordinary users can and will have their phone 
conversations stored or cached at the Internet network level. 
People won't even realize their phone conversations are being 
stored, putting their phone calls at risk of being seized with 
much less than a wiretap order.
    What should be done with section 209? The first thing is 
that you shouldn't simply take my word for these changes. You 
should ask the Department of Justice. They're here today and my 
written testimony suggests questions you can pose to the 
Department. And this way, all of us will know what the new law 
really means.
    My written testimony suggests possible changes to be done 
to address this concern, and in conclusion I thank the 
Committee for the opportunity to share these thoughts.
    My written testimony contains citations to my law review 
and other writings on the PATRIOT Act, and if I can be of 
assistance in the future, please do not hesitate to ask.
    [The prepared statement of Mr. Swire follows:]

                  Prepared Statement of Peter P. Swire



    Mr. Coble. Thank you, professor, and we've been joined by 
the Gentlelady from California, Ms. Waters.
    We will probably, folks, have a second round today. This is 
a very important subject matter, so we'll probably do a second 
round.
    Ms. Parsky, your written testimony provides a good 
description of the distinction between communications subject 
to a wire tap communication--subject to stored communications.
    You state that the Wire Tap Act--and I assume that you 
refer to wiretaps generally--was designed to address a very 
particular type of situation: the ongoing interception of real-
time conversations. You then distinguish ongoing interception 
of real-time with the one time access to stored communications, 
such as voicemail.
    Now, if I understand Professor Swire's claims, he argued 
that the possibility--that with the possibility of future 
technology, store telephone calls over the computer--the 
distinction between wiretaps and stored communications will be 
lost.
    Cannot a person already record their phone calls through 
high-tech message machines?
    Ms. Parsky. Mr. Chairman, you raise a very important issue, 
which I think actually there are two issues raised by Professor 
Swire that I'd like to clarify.
    One is that to the extent that individual parties choose to 
store or to record conversations that they may have, whether it 
be over VOIP, which uses an Internet protocol, or over a normal 
telephone, over a wire system, once those communications are 
stored by the individual in either world they are subject to a 
search warrant. There's nothing that's special or different 
about VOIP in that context.
    You could just as easily have a conversation with--between 
two parties and one of the parties has a--makes a consensual 
recording of that conversation and stores it on a cassette in 
their home.
    The other important thing to point out is that VOIP does 
not change the obligations that are on service providers, 
whether they be a cable company or a telephone company; that to 
the extent that there's any interception and seizure of 
communications beyond that which is necessary to the provision 
of the services, they're violating the Wiretap Act, and there 
are consequences for that.
    So I think that there is much ado about the new 
technologies that are coming up in our future. But, in fact, 
there's really nothing different except for the protocol. The 
same laws, the same restrictions would apply.
    Mr. Coble. Thank you. Professor Swire, is--you indicate 
that 209 applies to all stored telephone communications and not 
just the voicemail. Is not the real distinction that law 
enforcement receives the stored communication through a one-
time access request rather than ongoing interception?
    Mr. Swire. That's the distinction the Justice Department is 
supporting. That means that if your phone conversations are 
stored at the network level by your ISP in the future, they'll 
be accessible under that Stored Communications Act. Up until 
now, those phone conversations that went through the telephone 
network, you needed a wiretap order to hear what Jim Dempsey 
and I were saying.
    Tomorrow, if it's stored at the network level, the Justice 
Department can get it, in some cases with a grand jury subpoena 
or other lower than search warrant requirements.
    Mr. Dempsey. Mr. Chairman, could I speak to this question?
    Mr. Coble. Sure.
    Mr. Dempsey. Cause this is a very good line of questioning.
    One distinction is between the sort of real-time 
interception and the stored.
    Another distinction looks to where is it stored. If you 
store a voicemail, an e-mail, a document in your office or in 
your home, no matter how old it is, no matter what you've done 
with it, if you've read it or not read it, it's protected fully 
by the fourth amendment and requires a warrant. If you store it 
outside of your home--if it's stored in the basement of the 
Capitol Building or stored on a server of the telephone 
company, which increasingly it is--it's not protected by the 
fourth amendment. It doesn't require a warrant, particularly 
after you've read that e-mail or listened to that telephone 
call, and to get one--it's not so much--there is a distinction 
between ongoing and one-time. But to get one piece of paper 
from your office, a warrant is required. To get one recorded 
phone call from your office, a warrant is required. You have to 
get it from----
    Mr. Coble. My time is about to expire. I don't want to 
overlook Mr. Martinez, since the other three--are you going to 
weigh in, Mr. Martinez?
    Mr. Martinez. Well, again, I think one of the things that 
we need to recall is that we are talking often of situations 
where consent is acquired, in fact, is initiated by a victim. 
And so this is a different situation than where we would 
initiate an investigation, you know, go through the effort to 
obtain a wiretap warrant.
    So I think we do need to recognize that there are real 
victims in these types of situations and that consent is often 
the entry point that we have as the law enforcement agency.
    Mr. Coble. My time has expired. The Gentleman from 
Virginia.
    Mr. Scott. Thank you, Mr. Chairman. Let's put a little 
bit--put this in perspective. Either search warrant versus a 
wiretap warrant, what is the exact difference between the two. 
I mean the wire tap you have to have--go to the judge, get a 
probable cause, listen in. It's limited. Search warrant can be 
done administratively without a judge looking over from time to 
time?
    Mr. Dempsey. Well, Congressman, in both cases, it requires 
a finding of probable cause by a judge. In the case of a 
wiretap, at least for voice communications, it requires in the 
Federal case, it only applies to a certain number of serious 
crimes--a list of about a hundred of the most serious crimes. 
It requires senior Justice Department approval. There are 
periodic reports to the judge. There's a statutory suppression 
rule in addition to whatever fourth amendment suppression rule 
there is. And there are these fairly detailed and useful 
reports to Congress about the use of the technique.
    Mr. Scott. Mr. Martinez, are there any things such as an 
administrative search warrant?
    Mr. Martinez. An administrative search warrant? There are 
administrative subpoenas, but again a search warrant connotes 
that a law enforcement officer has had to make findings of 
facts, provided that in an affidavit, and it is reviewed and 
becomes an order of the court to take action.
    Mr. Scott. That's the search warrant. Now, if you're going 
to this ISP off site, do you need a search warrant--you don't 
need a search warrant?
    Mr. Dempsey. If the communication is an unopened e-mail 180 
days old or less, you need a search warrant. If it's an opened 
e-mail, you use a subpoena. If it's more than 180 days old, you 
use a subpoena.
    Mr. Swire. Can I make a real quick point on that. I don't 
think we know what an unopened phone call looks like. That's 
never been defined. But if I've talked with you on the phone, 
the Justice Department may think that's already been opened, 
and they might get it under the lower standard. That's 
obviously something to clarify.
    Mr. Scott. Well, let's--Mr. Dempsey, you kind of talked 
about letting the police into my house and letting them look 
around is different from letting them look into the crooks' 
pockets. Let me know if I got this wrong. I looked at it a 
little different. I looked at it not as me letting the police 
into the house. I live in an apartment building. How about the 
apartment superintendent letting them into my apartment. Isn't 
that more akin to what's going on when AOL let's you into my e-
mails going back and forth?
    Mr. Dempsey. I think that's a very interesting way of 
looking at it. It may be another appropriate way. It is true--
and I think appropriate--that system administrators have the 
right to monitor their own systems. I think maybe the 
supervisor of the apartment, if he believes you're away, and an 
intruder breaks into your apartment, the supervisor of the 
building can call the police and say someone is in so and so's 
apartment.
    Mr. Scott. In that case, you've got kind of an assumed 
permission that if there's a leak, the water is flowing out of 
my front door and I'm not there, the superintendent can go in. 
Over my objection without me knowing, can the building 
superintendent let the police into my apartment to wander 
around?
    Mr. Dempsey. I think there are some circumstances probably 
in which they can.
    Mr. Scott. But that's not the normal situation.
    Mr. Dempsey. Now, it would be--let me say one of the ways 
in which people have talked about section 217, this trespasser 
provision, is as an emergency provision, particularly in the 
case of computer crime, in which time is of the essence; the 
hacker may be in and out; you need to get the information 
quickly.
    But if that's the justification--if we're looking at a sort 
of an emergency exception--a funny smell is coming from your 
apartment or there's terrible noises coming from your 
apartment, screaming--in those kinds of situations, there might 
be grounds to enter without a warrant. But as in emergency 
wiretaps generally, there should be then go to the judge, take 
care of the emergency, then go to the judge, get the order, 
count it as an interception, bring it under the other rules, 
count it--report it to Congress, et cetera.
    Mr. Scott. Yeah, but you got to have a check and balance. 
If you call it an emergency and go get something, and it wasn't 
an emergency, you got the exclusionary rule looking at you. So 
you don't have an incentive to trip over the fourth amendment.
    Mr. Dempsey. Correct.
    Mr. Scott. Because if you found something, you can't use 
it, so there's no incentive--and that's kind of the policing 
mechanism you have if there's no incentive, you don't do it.
    Mr. Dempsey. And here----
    Mr. Scott. But there is an incentive to cheat and get in 
there. If you can use it, then there are no sanctions because 
you're not going to be able to sue the police--a guilty person 
is not going to sue the police, and get any----
    Mr. Dempsey. Well, there are two or three provisions in the 
PATRIOT Act that I would sort of call ``off the books'' 
surveillance. What we do is we define it not as an interception 
or not as a disclosure, and then once we do that under the 
statutory structure, all of the other protections are 
eliminated, including the suppression rule. And what I think 
Professor Swire and I are saying is recognize the trespasser 
concept to some extent, but build around it some more checks 
and balances.
    Mr. Scott. It's well known that e-mails kind of survive in 
cyberspace somewhere after you thought you had erased them. Are 
voicemails similarly preserved some kind of way? If you got a 
Verizon----
    Mr. Swire. It depends on what Verizon or SBC does in their 
system. As you move towards----
    Mr. Scott. You mean we don't know?
    Mr. Swire. I don't know.
    Mr. Scott. We don't know if our voicemails are preserved in 
cyberspace. Anybody know? We have another round, gentlemen.
    Mr. Martinez. I think that you'd find in the industry that 
there are different means of doing that in different 
technologies for storage and different reasons that they might 
have for storing, including billing purposes and that type of 
thing.
    But if I may for a minute, I don't know if the analogy or 
the contrast between an emergency situation and one that is not 
emergency is really the appropriate one, because we don't want 
to take away from the victim, and again we talk about systems 
administrators. They're in the best position to determine 
whether or not their system is under attack. And there are 
instances where they may have evaluated that they have a 
situation where they can record all that--all the traffic and 
at a later date, because it's not considered particularly 
virulent to their system provide that to law enforcement and 
say I think I may have had an attack. It doesn't appear to have 
been a great one.
    Or they may determine that they are under a current attack 
and there's information being exfiltrated in real-time. We're 
forcing a distinction upon them that really ought to be up to 
them to decide. You know do I have a more expedient situation. 
But what we don't want take away from them is our ability to 
address it quickly and try to mitigate--help mitigate it for 
them.
    Mr. Coble. The Gentleman's time has expired. And as I said, 
we'll do another round. The Gentleman from Arizona, Mr. Flake.
    Mr. Flake. Thank you, Mr. Chairman--the witnesses.
    Ms. Parsky, under section 209 how long can law enforcement 
go without notifying a subscriber or a customer that their 
stored communications have been accessed? How long is it? Is it 
indefinitely? And if not, how long is the longest time that 
it's happened?
    Ms. Parsky. Well, excuse me, under section 209 actually is 
not the provision and the PATRIOT Act is not the provision that 
makes that determination. It's actually determined by ECPA. And 
under ECPA, there is a requirement that for stored electronic 
communications or wire communications, section 209 then brings 
in the wire communications, either you need to access them with 
a search warrant if they are unopened or within the first 180 
days, in which case there would be notice with the search 
warrant, or if they are older than 180 days, then you have to 
provide notice and a court order. So it's not a search warrant, 
but the provision of ECPA requires notice if a search warrant 
is not used.
    Mr. Flake. So under no circumstance is anyone's stored 
electronic communication accessed without their knowledge.
    Ms. Parsky. Well----
    Mr. Dempsey. Congressman, if I--could I respond?
    Mr. Flake. Sure. Please.
    Mr. Dempsey. I think in the case of a warrant, the notice 
is served on the service provider with the warrant. There's no 
notice to the customer ever----
    Mr. Flake. That's what I----
    Mr. Dempsey. --unless the evidence is used against them in 
court.
    Mr. Flake. That's my question.
    Ms. Parsky. That's correct.
    Mr. Flake. When will the customer know?
    Ms. Parsky. Well, as with any business records that might 
be stored by a third party, if you have a bank, for instance 
and there's a grand jury subpoena and law enforcement has, you 
know, lawful right to access those records that are being 
stored by a third party, the customer, the owner of those 
records, would not get notice either. So this isn't applying 
anything different.
    Mr. Flake. But this is--it is different, though.
    Mr. Swire. But this is the world of stored records we're 
moving to, and we're hearing that the customers never find out 
under these grand jury subpoenas and other things. This is what 
would apply to an increasing number of ordinary phone calls 
going forward.
    Mr. Flake. This is different. I would maintain that if you 
have an account at a bank, obviously you're a customer of that 
bank. Maybe you don't know that the bank is being monitored or 
surveilled or information is being gathered, but in this 
circumstance, you are the target. But, yet, because law 
enforcement gets it from a third party, then you, the target, 
are not informed, and you're saying that that is the case; that 
can be the case for an indefinite period of time?
    Ms. Parsky. That's correct. If you are the target, whether 
it's a voicemail message that's being stored, or it's your bank 
records being stored, you would have notice if there are 
criminal charges brought, and that's part of the Government's 
case, through the discovery process.
    Mr. Flake. But not until the criminal charges are brought?
    Ms. Parsky. Right.
    Mr. Flake. Surveillance----
    Ms. Parsky. It's comparable in the physical world or in the 
electronic world.
    Mr. Flake. Mr. Dempsey, you care to----
    Mr. Dempsey. Well, which means that in the case of the 
individual whose records are wrongly acquired, who's never 
charged with a crime, the person who really would want to have 
some recourse, he may never be told.
    Mr. Flake. Does that trouble you, Mr. Martinez? You seem to 
indicate concern for the victims quite a bit. Would somebody be 
considered who was wrongly believed to have information that 
would make them a suspect, but then never--they never find out 
that they were being surveilled?
    Mr. Martinez. Well, I think one analogy I could draw is in 
the world of physical surveillance. You know we follow bad 
guys, and they make contact with both other bad guys and other 
unwitting people that might not be part of their conspiracy. 
And so there is going to be times when we do have information 
or do see information that might not regard the actual crime 
that we--but what we're interested in is evidence. And we're 
going to boil it down to evidence, and I think that's the 
approach we would take.
    Mr. Flake. Ms. Parsky, what delays were experienced prior 
to section 209 that made section 209 necessary?
    Ms. Parsky. Well, I think that there is the basic fact that 
the procedures for obtaining a wiretap, which are procedures 
that are put in place for the very special circumstance and the 
increased expectation of privacy and invasion of that privacy 
when you have an ongoing interception of live communications. 
And because of that, what the Wiretap Act puts in place 
additional procedures, additional protections to the 
Constitution that are resource intensive and time consuming.
    With respect to a search warrant, there still are 
constitutional protections. There's still a standard of 
probable cause that needs to be met, and it's still presented 
to a neutral magistrate to make a neutral decision, but there 
aren't all the same hoops that need to be jumped through 
because it's a stored communication which, not under the 
PATRIOT Act, but, you know, over 20 years ago, was determined 
does not meet the same level of protection as an ongoing 
interception.
    Mr. Coble. The Gentleman's time has expired. The Gentleman 
from Massachusetts, Mr. Delahunt.
    Mr. Delahunt. Yes, thank you, and this is again, Mr. 
Chairman, I want to compliment you and the Ranking Member for 
providing us with a very informative panel, much like the one 
we just had the other day.
    Mr. Coble. Thanks.
    Mr. Delahunt. You know some of us understand the law well. 
And from past experience, we've been involved in these kind of 
investigations involving electronic eavesdropping, et cetera, 
and we're familiar with the act.
    I think what you have to understand is that many on this 
panel, and I presume in Congress, are illiterate when it comes 
to the technologies. I, for example, don't know how to use e-
mail. I don't have what do you call it a Palm Pilot or a 
Blackberry. I don't know how to turn on a computer. So I'm 
really at a disadvantage in the sense that I understand the 
law, but I really don't understand the technologies.
    But I think the overarching concern--and I think it's been 
expressed rather well by both Mr. Dempsey and Professor Swire--
the issue here is really one of privacy. And fundamentally, I 
think our purpose should be--and in this recent colloquy that 
you had I think with Mr. Flake involving notification--there's 
another piece of this, too, and that's the issue of 
transparency. I think much of the concern that the American 
people have is what's happening. You know, people like myself 
really don't know what's happening, because we're not familiar 
with the technologies. But we have this very profound unease 
that something is happening, and it may be untoward and it may 
be intrusive of our privacy.
    So I think what we ought to be doing is examining how we 
deal with the concerns that the American people have in terms 
of their privacy. I think we address that through as much 
transparency as we can without imposing impediments that are 
really unreasonable on the Government. And I would suggest 
that's the kind of balance that we want to strike. I see the--
this particular--the issues that we've been discussing here 
today as an opportunity to do just that. I mean why--what's 
magical about 180 days? And that is--is that really a false 
distinction? I don't know. I--you know.
    Mr. Swire. Congressman, can I?
    Mr. Delahunt. Sure.
    Mr. Swire. In preparing for the testimony, I went back and 
looked at the Committee report from 2000 or H.R. 5018. That's 
when this Committee, the full Committee, in great detail looked 
at many of these issues. That Committee report is written in 
pretty plain English. It explains a lot of these issues and 
hits some of the----
    Mr. Delahunt. I was on the Committee at the time, and I was 
very proud of the fact that the Committee came out with a--I 
think a fine piece of legislation unanimously and one I think 
that was very thoughtful and many of us were very much engaged 
in that. But I think the reauthorization process now provides 
us an opportunity to do some clean up and anticipate, like 
VOIP. I mean I don't even know what VOIP is. I mean I can't 
even imagine. What do you? What do you sit in front of a screen 
and talk to the screen? I don't know.
    Mr. Swire. No. It's really great now. You'll use a regular 
handset. You'll think it's a phone call, but it's going through 
the Internet.
    Mr. Delahunt. Well, that's good. I mean I don't have a 
clue.
    Ms. Parsky. If I may, I'd like to address the privacy 
issues that you raise and I think one important thing here is 
that we stay focused on the PATRIOT Act and the sunset 
provisions of the PATRIOT Act.
    Mr. Delahunt. Now, see that's where I disagree with you. 
Okay. I think we have--we can amend the PATRIOT Act without 
just addressing those provisions that are sunset. I think we 
have an opportunity here to do something again without imposing 
an impediment on the Government, but if we just focus on these 
particular sections without implicating ECPA and all these 
other rather significant ancillary pieces of our statutory 
scheme that by necessity are implicated, we're really not going 
to, I think, come up with a product that I think reassures the 
American people that their privacy is being protected, for 
example. That's my point.
    Mr. Dempsey. Congressman, if I could, just on the question 
of transparency. I think you're 100 percent correct. There are 
two ways that we provide transparency.
    One, which Congressman Flake was referring to----
    Mr. Delahunt. Notification.
    Mr. Dempsey. --notice to the individual. Under the wiretap 
law, the surveillance is conducted in secret. Absolutely. The 
technique would be ineffective. It would be worthless unless 
there were that secrecy.
    Mr. Delahunt. Right.
    Mr. Dempsey. But after, as you know, the investigation is 
closed, then notice is provided to people whose communications 
were intercepted whether they are charged with a crime or not.
    But for some of these other provisions, we do not have that 
kind of notice. And, for example, in the trespasser case, 
section 217 says that the trespasser interception is not an 
interception to be counted, to be notified, to be reported to a 
judge, et cetera. I think that could be addressed.
    The second way we do transparency is by reports to 
Congress. And I think partly the sunset has helped to draw some 
of that information out, but now if these authorities are going 
to continue, and they probably should continue, there needs to 
be that kind of statutory reporting obligation that says how 
often are they being used, how many individuals' communications 
are being implicated, et cetera.
    Mr. Coble. The Gentleman's time has expired. You may 
continue that for the second round, Mr. Dempsey. I want to say 
to my friend from Massachusetts you have assuaged my 
discomfort. I am relieved to know that I am not the lone Member 
of Congress who does not possess a Palm Pilot. [Laughter.]
    Mr. Delahunt. In fact, we are the brotherhood.
    Mr. Coble. The Gentlelady from California, Ms. Waters.
    Ms. Waters. Well, thank you very much.
    Ms. Parsky and Mr. Martinez, since sections 209, 217, and 
220 are not specified as tools solely to combat terrorism and 
terrorism-related activities, how many times have these 
sections been used in non-terrorist criminal investigations? If 
the USA PATRIOT Act was passed to aid in terrorism and 
terrorism-related investigations, then what are the purposes 
for sections 220, 217, and 209 if these sections do not limit 
investigations strictly to terrorism and terrorism-related 
investigations?
    Ms. Parsky. Let me begin and then Mr. Martinez I'm sure 
will have some followup. But the first thing that I think is 
important to make clear is that the PATRIOT Act contains 
provisions that are specifically addressed to terrorism, but it 
also contains provisions that are not specifically addressed to 
terrorism, and because there are those specifications in 
certain provisions, the other provisions by necessity are 
necessity are modernizations of all of the criminal procedures; 
and that if there had been an intent that it only be applied to 
terrorism, it would have been stated as such. These provisions 
that we're talking about today are some of those very 
provisions that are intended just to modernize the tools that 
are available to law enforcement to protect our communities 
across the board, not just the terrorists.
    Ms. Waters. May I interrupt for one moment? I want to be 
clear that you're saying that the stored communications that 
have been referenced here so many times today--the telephone 
calls, et cetera--may be accessed without notification to the 
party that is the target of the investigation, and this 
information may be used in any shape, form, or fashion that the 
interceptor would like to use it for?
    Ms. Parsky. Absolutely. What this does is it applies the 
same normal rules that would apply to any criminal 
investigation.
    Ms. Waters. No. No. No. But this is without notification--
well. This is information--these are facts. It's not as if you 
have an investigation to seek facts. Whatever is on the record 
is on the record. The telephone calls are there. The messages 
are there--what have you. They're accessed. I don't know about 
it. You don't need a warrant to get it. You can use it any way 
that you want to. Perhaps you have an investigation about 
terrorism. There is not terrorism, but you find that somebody 
may have committed another infraction or it could be considered 
a crime. Then you take this information and you pass it on to 
another law enforcement agency. Is that what you're saying?
    Ms. Parsky. Well, what I'm saying is that the same rules 
that have applied for years----
    Ms. Waters. Well, we haven't had these rules.
    Ms. Parsky. No, but the rules aside from the PATRIOT Act. 
The same rules that have applied to electronic mail, that have 
applied to physical records that are stored with a third party, 
these exact same rules. All the PATRIOT Act does is it says 
that you treat the same all types of stored communications, 
whether they are wire, whether they are electronic, whether 
they are physical or physical records. There's nothing new 
here.
    Ms. Waters. It is something new----
    Ms. Parsky. The same notice provisions apply.
    Ms. Waters. Well, let me just stop you again. As I 
understand it, under those circumstances, you have a limited 
period of time by which you can engage in the so-called search 
or investigation. I may be wrong. But this could go on forever 
and ever and ever; is that correct? Is that a difference?
    Ms. Parsky. There's nothing in the PATRIOT Act that changes 
the length of time that it may take for an investigation to be 
carried through. That's dictated by the facts of the case. But 
there are--I mean there are very significant cases. There are 
child pornography cases. There are places where we have rescued 
children from their molesters because of the very critical 
modernizations that were provided through the PATRIOT Act.
    Ms. Waters. Yeah. But, I'm not talking about that. What I'm 
talking about is this: you access my telephone messages. You 
use them in any way that you want to, not just for terrorism, 
but like you said, it's meant to apply to, you know, cases in 
the same manner that prior to the PATRIOT Act. You can do 
anything you want with that information. You can share it. You 
can give it to anybody you want to give it to, and you can 
continue to access that information for as long as you want to 
without having to report to a court or anything. Is that what 
you're telling me?
    Ms. Parsky. No. That's not correct at all. What happens is 
the exact same standards apply whether it is a wire 
communication, an electronic communication or a physical 
record. You still need to go to a court to get a court order, a 
search warrant. You still need to provide notice with that 
search warrant to the same extent----
    Ms. Waters. And that's good for how long? Thirty days?
    Ms. Parsky. Which? The search warrant?
    Ms. Waters. Yes.
    Ms. Parsky. The search warrant has to be served within 10 
days, and then you obtain the evidence that is stored.
    Ms. Waters. And how long can you look for the evidence?
    Ms. Parsky. The search gives you access for that one period 
of time to go and collect the stored records within the scope 
of the search warrant. So you are limited by the terms of the 
search warrant to a particular scope. You are limited to the 
investigation that you are carrying on, and there are other 
protections that are built into our system so, in fact, you 
cannot go and do whatever you want with it or disclose it to 
whomever you want. There are Privacy Act implications. And 
you're----
    Ms. Waters. What if you go to a provider, looking for 
information, and for whatever reasons, however they store that 
information, however they categorize that information, it's not 
easily found. You have to--they have to do a number of things 
to access the information, and how long can that go on? Do they 
have to give you the information in 10 days, 15 days, 30 days? 
Or can you work with them to get you that information over the 
next year?
    Ms. Parsky. Well, if it's a search warrant, you go in and 
you obtain the information. If it's a subpoena, then there is a 
return date on the subpoena, and by the return date, they need 
to return to the grand jury the records that have been 
requested.
    Ms. Waters. I'm talking about search warrant now I guess. 
I'm talking about search warrant.
    Ms. Parsky. In the search warrant, we go in and we obtain 
it ourselves. We don't give them a certain amount of time to 
provide it to us, because then we risk that they would destroy 
the records.
    Mr. Dempsey. Yeah, actually, Congresswoman, if I may say 
just on that one point with the service provider: actually 
Congress changed the law recently to allow the service of 
warrants by fax. So they are faxed into the service provider 
without the presence of an officer there.
    I think really what we're looking at here is sort of a 
confluence of three different things. One is the specific 
provisions of the PATRIOT Act that we're talking about today, 
relatively narrow changes. But I've been trying to say that 
they interface with other changes in technology that need to be 
addressed.
    Third, they also interface with other provisions of the 
PATRIOT Act, for example, section 203, which was the subject of 
a hearing the other day, so that in terms of what can be done 
with this information, it's not only limited any longer to law 
enforcement uses. It can be disclosed if it constitutes 
information about foreign affairs. It can be disclosed to 
national security, military, protective, immigration or 
intelligence agencies.
    Mr. Coble. Well, the Gentlelady's time has expired. We can 
continue this in the second round.
    We'll start our second round now.
    The courts have long recognized that providers of 
communications services possess a fundamental right to take 
reasonable measures to protect themselves and their properties 
against the illegal acts of trespassers. Now, I don't mean this 
to sound as subjective as it's going to sound, but who has the 
reasonable expectation of privacy under section 217? The owner 
of the computer or the criminal or terrorist hacking into the 
computer? Start with you, Ms. Parsky.
    Ms. Parsky. Thank you. You raise a very important point, 
and I think particularly when we're talking about privacy 
rights here, and when we're focusing on the provisions of the 
PATRIOT Act that are subject to pre-authorization. Section 217 
is a critical provision to protect privacy. It's a critical 
provision to protect the privacy not only of the service 
provider whose property is being unlawfully accessed. That's 
what the hacker trespasser is doing. But, you know, we are 
living in a time when there are all sorts of computer hacking 
incidents that are subjecting consumers and individuals to the 
potential for identity theft. So that to the extent that you 
have this hacker then accessing the individual account holder's 
information and providing very private information to others to 
conduct criminal activity, this is allowing law enforcement to 
protect those privacy rights of the consumers.
    Mr. Coble. Which was vague prior to the act?
    Ms. Parsky. That's correct.
    Mr. Coble. Let me hear from the rest of the panelists.
    Ms. Martinez. Congressman, if I can follow up on that. 
Again, in working--the FBI works very hard to garner good 
relationships with e-commerce businesses so that we can get the 
information we need to go at cyber crime, and there are some 
incentives and disincentives for them to do it.
    One of the things that I think we're starting to agree upon 
is that e-commerce businesses have a responsibility to protect 
the--both their intellectual property, but also the vast amount 
of personal information that they might store in the course of 
their normal business.
    Again, this expands their ability to be a responsible 
corporate citizen, to get information to us that might allow us 
to act quickly to stop an attack that might very well expose 
hundreds of thousands, millions of personal records. So again, 
anything we do that would reduce our ability, especially the 
timeliness of our ability, to address those types of situations 
when a consenting party comes to us and makes us aware of a 
problem, I think would be--would go against being able to 
protect privacy of citizens in general
    Mr. Coble. Thank you, sir. Mr. Dempsey?
    Mr. Dempsey. Mr. Chairman, I agree with Mr. Martinez. But 
the question is what if they're wrong? What if the system 
operator is wrong and points the finger at the wrong person? 
What if law enforcement comes in and acts over broadly? I'm 
saying respond to the emergency, recognize the seriousness of 
the computer crime, but build some checks and balances in that 
gives some redress when a mistake is made.
    Mr. Coble. Professor?
    Mr. Swire. Thank you. It's the expectations of privacy of 
all those phone users, e-mail users, credit card people. That's 
where the ordinary citizen's privacy is at stake. And right 
now, if the Government looks through those, either by mistake 
or because they want to look through those, they can take that 
information. They can use it in future investigations. They can 
use it in court. And the statutory suppression rule that this 
Committee has previously passed addresses that so that you have 
a rule that says they should follow the law and not be over 
broad in their searches.
    Mr. Coble. Ms. Parsky, your facial response tells me you 
want to weigh in again, and you may.
    Ms. Parsky. Thank you. Well, one thing to make clear is 
that this isn't just about an emergency. This is the equivalent 
of a normal consent situation. And there are numerous, you 
know, vast arrays of examples where in a physical world, there 
is a citizen or a company that provides law enforcement with a 
tip, and we need our citizens to bring crimes to our attention. 
They don't always pan out. There is always the potential that 
there will be access to information about individuals who don't 
end up having criminal culpability.
    Mr. Coble. I thank you for that.
    Ms. Parsky. Thank you.
    Mr. Coble. Let me beat the red light by putting another 
question to Mr. Dempsey.
    Mr. Dempsey, in your written testimony, you stated that 
section 220 of the USA PATRIOT Act makes obvious sense. 
Elaborate in some detail on that if you will.
    Mr. Dempsey. Well, I think we do have nationwide 
communication systems and for a crime in California the 
evidence may be--the electronic evidence may be stored in 
Virginia.
    It is appropriate I think for a judge in California to 
issue that warrant to be served in Virginia, to send the 
evidence back to California where the locus of the 
investigation is. My only concern is that a little bit tips the 
balance in the other direction, and if the service provider 
gets a warrant that looks over broad, that looks burdensome, 
that may sweep too broadly or it may be unclear, the person in 
California issuing the warrant may not have understood the 
computer network of the person in Virginia.
    The person in Virginia, they want to do the right thing. 
But they also want to be careful. They should have the 
opportunity to go to a judge in Virginia or in California, but 
certainly in Virginia where they are and say we want to 
cooperate. We will give it over, but we--it should be focused a 
little bit more.
    Mr. Coble. I got you. I thank you. My time has expired. The 
Gentleman from Virginia.
    Mr. Scott. Thank you, Mr. Chairman. We keep talking about 
how you're going to use the information as the kind of 
violation of privacy that you actually use it. Some of us may 
think that just looking at, because we're not talking about 
robots. We're talking about somebody who could be your 
neighbors and people are kind of thinking terrorism. Let's kind 
of think mental health records and medical records that 
people--that your neighbors may be looking at if they happen to 
work for the FBI. And when you think of it in that nature, I 
mean sometimes you don't want people looking at your medical 
records and your mental health records, and your private 
communications with your friends, colleagues, or spouse. You 
may not want the--your neighbors to know that you're having 
marital problems and all that kind of stuff. So just the idea 
that you get to look at it, I mean. And then after you get to 
sharing it all--and we're not even getting into that--but some 
people are going to be looking at your very private 
communications. And you don't know going in what's going to pop 
out of that e-mail.
    Ms. Martinez. If I may address that very example, I think 
health records is a good one. There have been intrusions into 
medical facilities and health records have been compromised. In 
working a computer intrusion investigation, it would be very 
important for us to determine what type of data was targeted. 
And it may very well be that we determine that very specific 
health records of very specific individuals were targeted. But 
without us being able to do the investigation and drill to that 
level of detail we wouldn't know and that would impede our 
ability to work that case back to identify----
    Mr. Scott. You don't know--you don't know when you start 
reading your--I mean it--doesn't the e-mail from me to my 
doctor or from a person to his priest doesn't start off by 
saying personal information enclosed. Caution. Warrant 
required. You just start reading and start tripping over all 
this information that could affect--it could be your neighbor. 
You know you didn't know that about your neighbor.
    Mr. Swire. Congressman, can I--one of the things that the 
Government's position has been if the record is stored, then 
you're pretty much out of luck. You're under much less luck 
than you used to be. Once it's stored, there's no 
constitutional protections--reasonable expectation to privacy--
you've handed that over to a third party. Once it's stored, 
you're under the Stored Communications Act at best. You're not 
getting wiretap protections anymore.
    So they're saying once these things get stored----
    Mr. Scott. And you can do it by subpoena. You don't even 
need a search warrant? Is that right?
    Mr. Swire. It depends on the time, and they have different 
things, but a lot of times you can do it through a grand jury 
subpoena, through this 2703(d) order, or you can do it through 
a search warrant. The Government gets to choose.
    Mr. Scott. Now, we keep talking about these delayed 
notices. If you trip over this embarrassing information about 
your neighbor and don't use it and don't notify anybody, there 
are, in fact, no sanctions if you're not going to use the 
information; is that right?
    Ms. Parsky. Well, if I may, I think one important thing to 
keep in mind here, particularly when we're talking about 
section 217 is that we're talking about, number one, the fact 
that when you have these communications that are going on on a 
service provider's network, there is already the ability for 
the service provider to monitor those communications. So 
regardless of whether law enforcement is involved, you have the 
service provider monitoring. But in section 217, we're talking 
about the additional situation where these private records, 
whether they be, you know, medical records or personal notes to 
a neighbor, those are being also accessed by a trespasser.
    So the additional insertion of law enforcement into that 
calculus actually adds more protections because law 
enforcement----
    Mr. Scott. But you're kind of getting over broad----
    Ms. Parsky. --is subject to other restrictions that 
criminals are not.
    Mr. Scott. Do you need a trespasser to trigger all of these 
search warrants and subpoenas?
    Ms. Parsky. Section 217 is specific to hacker trespassers 
and that is where the system--the system provider--the service 
provider can--they have the ability to monitor the 
communications. They can provide the consent to law enforcement 
to assist them in protecting their own property.
    Mr. Scott. So if AOL is listening into--is reading all of 
my e-mails, then they can invite law enforcement to look over 
their shoulder as they look at my e-mails?
    Ms. Parsky. Rather than their collecting it and providing 
it to law enforcement afterwards, when law enforcement doesn't 
have the ability to help protect them and to help solve the 
crime.
    Mr. Scott. If AOL has a privacy agreement with me, then 
they can't do that.
    Ms. Parsky. That's correct. That's a contractual matter.
    Mr. Swire. AOL can read your e-mail only for the purpose of 
protecting their service or their rights or for purposes of 
protecting the security of their system. But I think we've sort 
of shifted over a little bit--mushed up 209 and 217. Two 
seventeen is limited to trespasser cases. 209, the warrant or 
subpoena access, is for all investigations. And I think though 
one of the issues you were getting at with the question of the 
medical records, et cetera, the real-time interception cases 
have almost a two-layered protection. You get the warrant, 
which has the particularity required by the fourth amendment 
giving the Government the right to get into somebody's 
communications stream.
    The law imposes what is almost an extra protection, which 
is the minimization requirement, which says that you can only 
record specifically what is incriminating. There is no real 
minimization requirement on the stored records side. The 
minimization requirement is in title III, not on the Stored 
Records Act.
    So one you're in there and particularly because you don't 
know what you're getting until you actually open it. You don't 
know whether it's relevant or not until you actually look at 
it. The Government I think does acquire a lot of information in 
a stored capacity, bring it back, sit there, open it, go 
through it, and at that point there, they are looking at and 
they have in their possession a lot of material that turns out 
to be extraneous.
    Mr. Scott. Mr. Chairman, let me just say that one of the 
problems after you get in there and start reading and reading 
if you do not use the--if you don't want to use the material, 
there is not requirement--there's no sanction for continuing to 
read.
    Mr. Dempsey. Not really.
    Mr. Scott. With a requirement of a warrant going in, you 
don't know what you're going to get so if you mess up, if you 
break into somebody's house and get--find the drugs, you can't 
use the drugs under the exclusionary rules. So you have no 
incentive to break in.
    Under this, with this delayed notice and all that, if you 
find some goodies, you can find the notice. But if you don't 
find anything, there is no sanctions.
    Mr. Dempsey. Right.
    Mr. Coble. Well, the Gentleman's time has expired. Ms. 
Parsky, you and Mr. Martinez want to weigh in before I 
recognize the Gentleman from Massachusetts?
    Ms. Parsky. I think we both want to make a couple of brief 
comments. I thank you very much.
    Mr. Coble. And briefly if you can because we've got to move 
along.
    Ms. Parsky. Very briefly. But the one thing that I think is 
important to understand is that if you have a search warrant, 
there is very specific requirement that it be relevant to 
criminal activity and that there be a defined scope for that 
search warrant. So you don't go in and you're able to inspect 
or search or seize anything you want. You go in within the 
scope of the search warrant and there is the ability for 
someone to challenge whether, in fact, you stayed within the 
scope.
    Mr. Scott. Yes, but that doesn't apply to a subpoena?
    Ms. Parsky. But that applies to a search warrant whether 
it's for physical records or electronic records and to the same 
extent that you might have a search warrant to search physical 
files and you may have to open up the file to see if what's in 
there is within the scope of your search warrant, the same 
applies to the electronic world. I think Mr. Martinez.
    Mr. Martinez. And I think to follow up on that. Again, I'll 
make the analogy with the physical seizure of health records. 
You may, in the course of an investigation, try to determine if 
there are victims that are part of the health organization's 
records, and you may see some information about someone's very, 
very personal health profile. Again, if it doesn't go the 
specific violation that I'm trying to prove or determine 
elements of, I don't know that I would have a positive 
requirement to then go back and tell everyone whose record I 
looked at that I set aside because it wasn't pertinent to my 
investigation that I looked at your health record.
    We'd go on to the next one and aggregate evidence and move 
on from there.
    Mr. Swire. May I have one sentence just to follow? Under 
new technology, we're storing lots and lots more things than we 
used to. That may mean the laws about stored records deserves 
some reexamination.
    Mr. Coble. The Gentleman's time has expired. The Gentleman 
from Massachusetts, Mr. Delahunt.
    Mr. Delahunt. Yeah. I think that goes to--you know, and I 
appreciate the distinctions obviously between electronic 
records and physical records.
    But people understand a physical record. As I indicated 
earlier, there's a lot of us that really can't put our--we 
don't grasp the extent of and the volume of electronic records. 
That's where the unease of the American people are in terms of 
their privacy.
    And I think that was the debate and the discussion, that's 
what we have to remember, and we have to--if we're going to--
and I think we should. Okay. If we're going to give law 
enforcement the updated means to conduct investigations, at 
some time we have to do this in a way that's thoughtful enough 
to balance the concerns that Americans have about privacy. And 
the best we can do is, you know, in my judgment, is 
transparency and notification. If we do that, even though it's 
burdensome, it doesn't impede the investigation.
    You know, Mr. Martinez, I mean everything that's done post 
the investigation by virtue of that definition doesn't impede 
the Government from, you know, fulfilling its role in terms of 
protecting the American people or, you know, enhancing public 
safety. I mean that's what I'm suggesting here.
    Mr. Martinez. Well, I want to make one point about the 
emerging new technologies. I think as we look at technologies 
emerge, we have to be very careful to determine whether that 
technology is really unique. Does it really present a set of 
circumstances that did not exist before or that hasn't been 
analyzed and very, very carefully thought through before, 
because--just because it is a new technology, it doesn't 
necessarily mean that there isn't already an existing paradigm 
in the law to handle it.
    So I wouldn't want to make the assumption--you know, when 
we transition from an analog telephone to cellular telephone--
you know, we still had conversations going over it.
    Now, there were a lot of implications to that. The 
technology was indeed different, but I think much of the 
circumstance was similar to what existed before.
    Mr. Delahunt. But it's the speed.
    Ms. Parsky. Well, I think as an important----
    Mr. Delahunt. The problem you have in terms of the 
transmission, the communication itself is so quick and so 
instantaneous, you need to be upgraded. Okay. And I think what 
we have to do is look at concomitant ways to again ensure that 
those privacy rights and--if there's anything about the 
American people and in terms of the essence of our democracy 
it's the right to privacy. If you don't have privacy, that's 
the beginning in my judgment of totalitarianism. Okay.
    And that's why Americans emphasize so much this checks and 
balances issue and this transparency. And that I think is the 
framework, the mind set that should come to this. Before my 
time runs out, what I'm going to do is adopt the questions that 
were presented by Prof. Swire as mine. And I'm asking you, and 
I'm going to put this on you, Ms. Parsky, to respond to those 
questions in writing. In the past, under other Attorneys 
General, I've made those requests. Somehow it gets lost in the 
black hole. But this is a new Attorney General, a new 
Administration. I would hope that those questions, which are 
now Delahunt's questions, okay, would be responded to and, you 
know, please would you direct the answers to those questions to 
me? I'll give Mr. Coble and Mr. Scott--you can Cc: them. Right? 
But I think they're good questions, because I think they go to 
the clarify--I think really what some of this is about is 
clarification.
    Ms. Parsky. If I may just briefly respond quickly or follow 
up on what Mr. Martinez said. I think that it's important to 
recognize that there are still laws that we can apply to these 
new and complicated technologies. And as Professor Swire says, 
yes, with, you know, Internet protocol and with packets of 
information, it may be easier to store information. That 
doesn't mean that it's authorized to store information. So even 
if a network administrator may be able to store it, the same 
rules still apply in terms of what kind of contractual 
relationship, what kind of consent those working under that 
network administrator have entered into and that have----
    Mr. Delahunt. And I understand that, and I'm sympathetic, 
and I understand that.
    You know, I think what we hear from Mr. Scott in terms of 
his concerns about mental health records. I think we need to 
explain, you know, the concept of minimization and what it 
means whether we're intercepting a telephone conversation and 
how the concept of minimization in terms of review of records 
applies to electronic records.
    Mr. Dempsey. Congressman, I think that one of the things 
you mentioned was speed and volume. And it goes to 
Representative Scott's questions. Well, I remember a couple of 
years ago, FBI Director Freeh was testifying in support of his 
budget request and talking about how the FBI needed more money 
to process the data that they were collecting, and he cited one 
case----
    Mr. Delahunt. Well, didn't he get a new computer for that?
    Mr. Dempsey. Well, different issue. Different issue, 
Congressman.
    One case the FBI seized enough electronic information that 
if it were printed out, it would have filled the Library of 
Congress one and one half times over. That was FBI Director 
Freeh's testimony. That was the volume of stored records that 
were available to them in that one investigation.
    Mr. Coble. The Gentleman's time has expired. The Gentlelady 
from California, Ms. Waters.
    Ms. Waters. Thank you very much, Mr. Chairman. First, I'd 
like to ask unanimous consent to enter my statement into the 
record.
    Mr. Coble. Without objection.
    Ms. Waters. And secondly, I think the discussion was going 
in a direction that I have great interest. I think that we all 
have a very special need to believe that we have control over 
our lives, and it is very disconcerting to think about people 
having access to every tidbit of information about your life 
because they are able to store your telephone conversations, 
your e-mail messages, and on and on and on. It's just pretty 
overwhelming.
    And so I think we certainly need to understand the new 
technology and who has the ability to store what and for how 
long. And whether or not, you know, there is certain kind of 
permission needed in some cases to be able to give that 
information or share that information.
    And I do think that perhaps we need to look at this new 
body of law relative to this new technology so if nothing more 
comes out of it then disclosure to the client. We get credit 
reports. I mean we force credit card companies to give us a 
report every year to tell us what they're holding and what 
they're advising people about us.
    For our medical records, our doctors have to have written 
permission from us to give it to somebody, I just think we need 
to find out what--well, we need to develop this body of law 
that will help us feel we have some control. I recognize the 
need for, you know, the criminal justice system to be able to 
access certain things through warrants and subpoenas, but I do 
think I have a right to know whether or not my computer or 
company or my server is holding information and what form it's 
in, and how long it's held. Some of those things I think are 
just very basic to being able to have some kind of contractual 
relationship with those who are holding significant information 
about you.
    I think I would feel better if I just had disclosure, 
because I understand that the technology works in different 
ways and we don't know what technology is being used by what 
companies. Then I may have a right to choose a particular 
company because they don't keep certain information or they 
discard information after a certain period of time. So I think 
we should----
    Mr. Coble. Would the Gentlelady suspend for a moment?
    Ms. Waters. Yes.
    Mr. Coble. Reverting to Mr. Delahunt's suggestion, the 
record will remain open for 7 days folks so we can have 
exchange and this will be ongoing. This is not the day of 
finality on this matter by any means.
    Ms. Waters. So I--let me ask, Mr. Delahunt, when you 
referred to Mr. Swire's questions, I don't know what those 
were, but are they included in----
    Mr. Delahunt. They are an appendix to his testimony.
    Ms. Waters. Do they relate to the concerns that I----
    Mr. Delahunt. Some of them do.
    Ms. Waters. Just, and if I may, I have a few more seconds 
left here, Mr. Swire. Could you comment on what I tried to 
communicate just a few moments ago about possible disclosure or 
having some choices in the selection of companies that I deal 
with, et cetera, et cetera.
    Mr. Swire. I have two comments. One is when it comes to 
stored records, this Committee in the fall of 2000, in H.R. 
5018, passed I think unanimously or almost unanimously a number 
of provisions about stored records, and there's a Committee 
report about that. So that might be a place to look where 
Republicans and Democrats worked together that year.
    On disclosure, that comes up to issues of should every 
company have privacy policies they communicate out there. We do 
have most companies with privacy policies. There's no Federal 
laws that say they have to do that, and a lot of companies have 
over time watered those down in the last three or 4 years 
because they don't want to be constrained if they feel like 
using data later. And I think if you look at those privacy 
policies in general they're less detailed and less full today 
than they were 3 or 4 years ago, and that might be something 
for people to look at also.
    Ms. Waters. Well, that's a good idea. Let me just say based 
on some of the recently developed laws, we are supposed to be 
given an opportunity to opt-in or opt-out----
    Mr. Swire. Yes.
    Ms. Waters. --on information that's shared about us. But I 
don't think it gets to the stored information at all. I'll go 
back and take a look at that.
    Mr. Swire. For your medical data and financial data, the 
stored records at the bank or the hospital, those are subject 
to some of those choices the Congress put into law.
    Mr. Dempsey. Although in every case, those provisions have 
law enforcement and intelligence exceptions.
    Ms. Waters. Oh.
    Mr. Scott. What do you mean by an exception?
    Mr. Dempsey. That basically it doesn't matter what the 
privacy policy says. When the Government comes in with whatever 
compulsory process is permitted, whether it's a warrant, a 
subpoena or a court order, the privacy policy evaporates.
    Ms. Waters. But if I got disclosure, if I understand what 
it is you are storing, and, you know, how you do this, how much 
information you hold on to for what periods of time, I may have 
some options about whether or not I want to deal with you or I 
may want to handle my business in a different way. For example, 
let me just tell you here in the Congress of the United States, 
you know, people keep in their computers, you know, all of the 
daily calls. They keep telephone numbers. They keep everything. 
Well, you know, some people may want to decide I don't want 
that in the computer for whatever reasons. I want to use some 
old systems. And I knew and understood, which I'm going to ask 
now, what is being stored for how long in the systems that we 
use, then I may, you know, make some different decisions.
    Mr. Coble. The Gentlelady's time has expired. We have the 
Lady from Texas has just joined us. We will include, professor, 
your questions in our post-hearing letter. And that can be 
addressed then.
    The Gentlelady from Texas is recognized for 5 minutes.
    Ms. Jackson Lee of Texas. Thank you very much, Mr. 
Chairman. To the panelists, thank you. We are at the same time 
in a Homeland Security mark up and so I thank you for your 
testimony and apologize for my tardiness in this hearing.
    But let me just take the opportunity. This hearing deals 
with certain sections of the PATRIOT Act for reauthorization 
that are not necessarily that controversial. But I am going to 
take this opportunity to press some points that may be somewhat 
more global.
    And that is that the idea of the PATRIOT Act, of course, 
was to ensure safety or to correct some of the ailments that 
many thought could cure the tragedy that we faced on 9/11. Some 
of the weaknesses as we moved into cyber security and 
technology. We just passed a bill in Homeland Security to 
establish an Assistant Secretary in the Homeland Security 
Department for Cyber Security. Again, the whole issue of 
integration if you will to provide more security for the 
Nation.
    I raise the question, however, as an opponent of the 
PATRIOT Act and a huge skeptic of the reauthorization of any of 
the sections, meaning that I want close scrutiny is where we 
are in 2005. Some will say that the aviation industry is not 
that much safer. Questions are being raised about our security 
personnel as we--our screeners. It's certainly out of the 
jurisdiction of this Committee, but I think the main question 
is whether we have been made safer by downsizing on some of our 
civil liberties and the ability, of course, for unreasonable 
search and seizure.
    I think my colleague from California made the point that 
now vastness is a vast wasteland dealing with e-mail and I 
believe that we have lost the touch of writing the written 
letter, if you will. And so cyber security has become our means 
of communication. I am concerned with even the minimal, if you 
will elimination or impacting on the use of e-mails and the 
privacy of individuals and the intrusion by law enforcement 
entities on the basis of homeland security or national 
security.
    So I'm going to start with Mr. Swire in terms of putting 
you on the immediate hot seat for this global question that 
I've asked and that is are we safer and is the--are we 
necessarily having to do this--having to reenact these 
provisions on the PATRIOT Act to ensure that safety?
    Mr. Swire. That feels pretty hot. Are we overall safer? 
There was certainly some provisions of the PATRIOT Act that I 
supported when I was in the Clinton Administration and that 
were sensible updating to take account of new technology.
    I think that when I think of safer and downsizing civil 
liberties, the one point I stress is that the current law seems 
to be once the record is stored, once it's held at the ISP or 
the bank or something like that, you've lost all your 
constitutional protections of reasonable expectation to 
privacy. I think that hasn't been fully understood by a lot of 
people; that those stored records that we've heard so much 
about today, once they're out there, the constitutional 
protections are gone. That means Congress is the only place 
that writes those privacy rules.
    And so this Committee and the rest of the Congress has to 
think about if the courts aren't going to do it, what's the 
Congress going to do to right the law so that we have safety 
and civil liberties going forward.
    Mr. Dempsey. Congresswoman, we are safer, but not safe. 
Progress has been made, but still a lot more needs to be done.
    On the question of cyber security, I think that clearly the 
PATRIOT Act focuses almost exclusively on after the fact 
prosecutorial efforts. Clearly, a lot more needs to be done on 
building secure systems.
    But I think finally the question of civil liberties is I 
believe, and I think there should be pretty wide agreement. If 
you look at the 9/11 Commission Report, if you look at the 
Gilmore Commission Reports, the Markle Task Force, what we 
should be seeking here is not a trade-off, not a surrender of 
some civil liberties in order to purchase some security, not a 
trade-off, but a balance. But a little bit here I hear the 
Justice Department saying give us more power to deal with new 
technology, but don't adjust the privacy protections to deal 
more--with the new technology. The technology is changing. We 
need to change the laws in ways that make it easier for the 
Government, and there's some validity to that. But don't change 
the law in ways that would improve the checks and balances. And 
I think we need those checks and balances. I think they do not 
hurt us.
    Our rights are not what is wrong with our counter terrorism 
approach. We need these checks and balances. They can be 
effective with all the authorities we've talked about today.
    Ms. Jackson Lee of Texas. And this is a very strong point 
that you made, Mr. Chairman. I think--I hope the halls of 
this--or the walls of this Committee room have heard Mr. 
Dempsey and Mr. Swire and not to ignore Mr. Martinez and Ms. 
Parsky. I'm sure that I'll be able to read your testimony, but 
my point is the importance of privacy and balancing our 
national security.
    I yield back.
    Mr. Coble. I thank the lady. Mr. Martinez, Mr. Dempsey 
referred to DOJ, either one of you want to respond to that?
    Ms. Parsky. Well, I appreciate the opportunity, and I would 
like to just respond briefly that the Justice Department's 
position is that we should be able to bring our law enforcement 
tools up to speed with modern technology, while preserving all 
the checks and balances and the constitutional protections and 
other protections that are built into our criminal procedures. 
And all we are looking to do is apply those exact same checks 
and balances protections of privacy to the modern world.
    Mr. Coble. Well, this----
    Mr. Scott. Mr. Chairman? Can I ask----
    Mr. Coble. Yes.
    Mr. Scott. --one. There's one point I----
    Mr. Coble. I will. But I say to my friend from Virginia----
    Mr. Scott. It will be quick.
    Mr. Coble. Well, if you can, 'cause I got 50 constituents 
who are waiting on me for about 10 minutes now. So, Mr. Scott.
    Mr. Scott. Well, if AOL doesn't care about my privacy, 
what--and they give anybody--they give Government permission, 
where does it say--am I without safeguards, is that what I 
understand?
    Mr. Swire. That's section 217. If AOL invites the 
Government in, and the Government is supposed to only look at 
the hackers, but they look at everyone else, right now they get 
to use all that evidence in court and in future investigations.
    Mr. Scott. Or look at it, because the question, the point 
was made that if you're in the doctor's office, you can look at 
the file. You don't know what's going to be in it when you open 
it up, but you know what file you're looking at. You're not--
you didn't have--you're not in the doctor's office looking at 
all the files.
    Thank you, Mr. Chairman.
    Mr. Coble. I thank the Gentleman, and I thank the 
panelists. This has been a very worthwhile hearing it seems to 
me. As I said before, the record will remain open for 7 days, 
and I again thank the witnesses for your testimony. The 
Subcommittee very much appreciates this.
    In order to ensure full record and adequate consideration 
of this important issue, the record will be left open for 
additional submissions for 7 days. Also any written questions 
that a Member wants to submit should be submitted within that 
same 7-day timeframe. This concludes the oversight hearing on 
the ``Implementation of the USA PATRIOT Act: Crime, Terrorism 
and the Age of Technology.''
    Thank you for your cooperation and your attendance, and as 
well as those in the audience and the Subcommittee stands 
adjourned.
    [Whereupon, at 11:49 a.m., the Subcommittee was adjourned.]


                            A P P E N D I X

                              ----------                              


               Material Submitted for the Hearing Record

 Prepared Statement of the Honorable Robert C. Scott, a Representative 
      in Congress from the State of Virginia, and Ranking Member, 
        Subcommittee on Crime, Terrorism, and Homeland Security

    Thank you, Mr. Chairman, for scheduling this hearing on USA PATRIOT 
Act provisions to investigate and prosecute crimes through the use of 
electronic evidence. Section 209 of he Act references ``Seizure of 
Voice Mail Messages Pursuant to Warrant.'' However, that section 
authorizes access to much more than voice mail and authorizes access 
through ways other warrants, such as by administrative, grand jury and 
court issued subpoenas, under the appropriate circumstances. And they 
can be ``sneak and peek,'' whether warrants, court subpoenas or 
administrative subpoenas. So we are talking about a section that is not 
only misleading relative to the breadth of the police powers it 
authorizes, but a title that is also deceptive as to the extraordinary 
nature of the powers.
    Quite frankly, Mr. Chairman, the more I review the extent of the 
powers we have extended to law enforcement through provisions such 
section 209, the more I am pleased with our decision to provide for a 
sunset on some of these powers in order that we may review in earnest 
what we have done, and so that the law enforcement authorities who get 
access to our private information pursuant to these powers, is aware we 
will be reviewing them. This is a section whose original purpose was to 
protect our electronic data against intrusion. When I see the ``mack 
truck'' hole we carved out of that purpose for law enforcement access, 
and the limitations on traditional methods of holding law enforcement 
accountability such as prior notice with right to quash, and oversight 
of a court through return reports to the court within a certain number 
of days, the more I am convinced that sunset review in this area is 
absolutely essential to our oversight responsibilities to the public. 
And this is especially true in the areas of electronics and general 
technology, given the growing impact of technology on our society. I 
have the same concerns about Section 217, which allows an ISP to give 
law enforcement wide latitude to look at private electronic 
communications without court oversight or review. Its one thing to call 
law enforcement to look at a trespass that is occurring; its another 
thing to call in law enforcement to look o see if there is anything 
suspicious going on, prior to a trespass occurring. And while I can 
understand the efficiency and exigency arguments for a nationwide 
search warrant authority in the arena of electronic communications, I 
am also concerned with the sufficiency of the notice and, right to 
challenge and oversight of such warrants.
    For law enforcement, the good news in what I am saying is that I 
think these powers should be available in appropriate circumstances, so 
I am not calling for sunsetting them. However, for the public's 
protection of their privacy as well as their safety, I am saying that 
we need to look more precisely our notice, oversight and reporting 
requirements for these powers, and make appropriate adjustments. We 
should also continue this kind of oversight through sunsets, where we 
have to periodically look at the use of these powers in an arena of 
evolving technologies, and where law enforcement is aware that the use 
of these powers will need to be scrutinized and justified. So, Mr. 
Chairman, I look forward to the testimony of our witnesses on how we 
might best do that, and to working with you on implementing their 
recommendations. Thank you.

Prepared Statement of the Honorable Maxine Waters, a Representative in 
                 Congress from the State of California

    Mr. Chairman, sections 209, 217, and 220 of the Patriot Act, 
violate Americans' privacy rights and civil liberties and should not be 
renewed. None of these sections are limited in their application--they 
can be used for any kind of criminal investigation that the DOJ sees 
fit, and are not limited to terrorism.
    Mr. Chairman, section 209, the ``Seizure of Voicemail Messages 
Pursuant to Warrants'' of the Patriot Act allows law enforcement 
agencies, in some circumstances, depending on the amount of time the 
messages have been stored, to seize American citizens' stored voicemail 
messages without a search warrant or subpoena. Section 209 also is not 
subject to the exclusionary rule. Therefore, if law enforcement 
illegally seizes an American citizen's voicemail messages, the 
illegally seized voicemails still can be used as evidence against a 
person in court. Since section 209 has no notice requirement, the 
citizen would not even know she was the subject of surveillance, until 
she is brought to court.
    Mr. Chairman, even if law enforcement gains access to an American 
citizen's voicemail in adherence to section 209, there are no 
limitations as to how the information will be used or publicized. This 
power far overreaches into the constitutionally guaranteed right to 
privacy.
    Mr. Chairman, section 217, or the ``Interception of Computer 
Trespasser Communications'' section, is just as harmful as section 209. 
Under section 217, if a computer service provider claims that an 
individual is ``trespassing'' on its network, law enforcement is free 
to intercept that individual's private communications without 
permission from a judge. This section fails to address the question of, 
who qualifies as a ``trespasser.''
    Mr. Chairman, the DOJ would like Americans to believe this section 
is limited to computer hackers. However, section 217 never specifically 
describes a ``computer trespasser'' as a computer hacker. The 
definition given is ``a person who accesses a protected computer 
without authorization and thus has no reasonable expectation of 
privacy, in any communication transmitted to...the protected 
computer.'' This definition leaves open several definitions as to what 
constitutes a ``computer trespasser.''
    Mr. Chairman, this vague definition is dangerous because there is 
no judicial oversight or notice requirement in section 217. Therefore, 
this section, like many other Patriot Act provisions, allows law 
enforcement to freely and secretly spy on Americans, with no checks or 
supervision from a judge to make sure this power is not abused. Section 
217 places all power within the hands of law enforcement and the system 
owner or operator.
    Mr. Chairman, section 220, or the ``Nationwide Service of Search 
Warrants for Electronic Evidence'' section, amends the Federal Rules of 
Criminal Procedure to expand the jurisdictional authority of a court to 
authorize search warrants outside of the court's judicial district in a 
criminal investigation. This section allows law enforcement to pick and 
choose which court it can ask for a search warrant. This leaves open 
the possibility that law enforcement agents can ``shop'' for judges 
that have demonstrated a strong bias toward law enforcement with regard 
to search warrants, using only those judges least likely to say no--
even if the warrant does not satisfy the strict requirements of the 
Fourth Amendment of the Constitution. This section also has no notice 
requirement.
    Mr. Chairman, only local judges and courts should be allowed to 
grant warrants for investigations falling within their jurisdictions. 
Judicial oversight is only effective if the presiding judge is within 
the jurisdiction where the search and/or investigations are taking 
place. Local judicial oversight is a key check against unreasonable 
searches and seizures. Also, Americans have the right to due process 
and should be notified if they, or their property, are the subject of a 
search warrant or criminal investigation, even if the notice is issued 
after the search or investigation has commenced.
    Mr. Chairman, absent a clear demonstration from law enforcement 
that these new surveillance powers are necessary, sections 209, 217, 
and 220 should be allowed to expire. These sections of the Patriot Act 
threaten the basic constitutional rights of millions of Americans.
    I yield back the balance of my time.
      Submission by Peter Swire entitled ``The System of Foreign 
                    Intelligence Surveillance Law''




                                 
