[House Hearing, 113 Congress]
[From the U.S. Government Publishing Office]



 
                  EXAMINING RECOMMENDATIONS TO REFORM 
                            FISA AUTHORITIES 

=======================================================================

                                HEARING

                               BEFORE THE

                       COMMITTEE ON THE JUDICIARY
                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED THIRTEENTH CONGRESS

                             SECOND SESSION

                               __________

                            FEBRUARY 4, 2014

                               __________

                           Serial No. 113-62

                               __________

         Printed for the use of the Committee on the Judiciary

      Available via the World Wide Web: http://judiciary.house.gov


                               ----------
                         U.S. GOVERNMENT PRINTING OFFICE 

86-549 PDF                       WASHINGTON : 2013 
-----------------------------------------------------------------------
  For sale by the Superintendent of Documents, U.S. Government Printing 
  Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800 
         DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, 
                          Washington, DC 20402-0001



                       COMMITTEE ON THE JUDICIARY

                   BOB GOODLATTE, Virginia, Chairman
F. JAMES SENSENBRENNER, Jr.,         JOHN CONYERS, Jr., Michigan
    Wisconsin                        JERROLD NADLER, New York
HOWARD COBLE, North Carolina         ROBERT C. ``BOBBY'' SCOTT, 
LAMAR SMITH, Texas                       Virginia
STEVE CHABOT, Ohio                   ZOE LOFGREN, California
SPENCER BACHUS, Alabama              SHEILA JACKSON LEE, Texas
DARRELL E. ISSA, California          STEVE COHEN, Tennessee
J. RANDY FORBES, Virginia            HENRY C. ``HANK'' JOHNSON, Jr.,
STEVE KING, Iowa                       Georgia
TRENT FRANKS, Arizona                PEDRO R. PIERLUISI, Puerto Rico
LOUIE GOHMERT, Texas                 JUDY CHU, California
JIM JORDAN, Ohio                     TED DEUTCH, Florida
TED POE, Texas                       LUIS V. GUTIERREZ, Illinois
JASON CHAFFETZ, Utah                 KAREN BASS, California
TOM MARINO, Pennsylvania             CEDRIC RICHMOND, Louisiana
TREY GOWDY, South Carolina           SUZAN DelBENE, Washington
RAUL LABRADOR, Idaho                 JOE GARCIA, Florida
BLAKE FARENTHOLD, Texas              HAKEEM JEFFRIES, New York
GEORGE HOLDING, North Carolina       DAVID N. CICILLINE, Rhode Island
DOUG COLLINS, Georgia
RON DeSANTIS, Florida
JASON T. SMITH, Missouri
[Vacant]

           Shelley Husband, Chief of Staff & General Counsel
        Perry Apelbaum, Minority Staff Director & Chief Counsel



                            C O N T E N T S

                              ----------                              

                            FEBRUARY 4, 2014

                                                                   Page

                           OPENING STATEMENTS

The Honorable Bob Goodlatte, a Representative in Congress from 
  the State of Virginia, and Chairman, Committee on the Judiciary     1
The Honorable John Conyers, Jr., a Representative in Congress 
  from the State of Michigan, and Ranking Member, Committee on 
  the Judiciary..................................................     4

                               WITNESSES

The Honorable James Cole, United States Department of Justice
  Oral Testimony.................................................     7
  Prepared Statement.............................................    10
Peter P. Swire, Review Group on Intelligence and Communications 
  Technology
  Oral Testimony.................................................    17
  Prepared Statement.............................................    19
David Medine, Privacy and Civil Liberties Oversight Board
  Oral Testimony.................................................    49
  Prepared Statement.............................................    51
Steven G. Bradbury, Dechert, LLP
  Oral Testimony.................................................   121
  Prepared Statement.............................................   124
David Cole, Georgetown University Law Center
  Oral Testimony.................................................   145
  Prepared Statement.............................................   147
Dean C. Garfield, Information Technology Industry Council
  Oral Testimony.................................................   158
  Prepared Statement.............................................   160

                                APPENDIX
               Material Submitted for the Hearing Record

Material submitted by the Honorable Bob Goodlatte, a 
  Representative in Congress from the State of Virginia, and 
  Chairman, Committee on the Judiciary.....................184
                       deg.OFFICIAL HEARING RECORD
      Material Submitted for the Hearing Record but not Reprinted

Report from the Privacy and Civil Liberties Oversight Board, January 
    23, 2014, submitted by the Honorable Jerrold Nadler, a 
    Representative in Congress from the State of New York, and Member, 
    Committee on the Judiciary. This report is available at the 
    Committee and can also be accessed at:

        http://www.pclob.gov/SiteAssets/Pages/default/PCLOB-Report-on-
        the-Telephone-Records-Program.pdf


          EXAMINING RECOMMENDATIONS TO REFORM FISA AUTHORITIES

                              ----------                              


                       TUESDAY, FEBRUARY 4, 2014

                        House of Representatives

                       Committee on the Judiciary

                            Washington, DC.

    The Committee met, pursuant to call, at 10:14 a.m., in room 
2141, Rayburn House Office Building, the Honorable Bob 
Goodlatte (Chairman of the Committee) presiding.
    Present: Representatives Goodlatte, Sensenbrenner, Coble, 
Smith of Texas, Chabot, Bachus, Issa, Forbes, King, Franks, 
Gohmert, Jordan, Poe, Chaffetz, Gowdy, Labrador, Farenthold, 
Holding, Collins, DeSantis, Smith of Missouri, Conyers, Nadler, 
Scott, Lofgren, Jackson Lee, Cohen, Johnson, Chu, Deutch, 
DelBene, Garcia, Jeffries, and Cicilline.
    Staff Present: (Majority) Shelley Husband, Chief of Staff 
and General Counsel; Branden Ritchie, Deputy Chief of Staff & 
Chief Counsel; Allison Halataei, Parliamentarian & General 
Counsel; Caroline Lynch, Counsel; Sam Ramer, Counsel; Kelsey 
Deterding, Clerk; (Minority) Perry Apelbaum, Minority Staff 
Director & Chief Counsel; Danielle Brown, Parliamentarian; and 
Aaron Hiller, Counsel.
    Mr. Goodlatte. Good morning. The Judiciary Committee will 
come to order. And without objection, the Chair is authorized 
to declare recesses of the Committee at any time.
    Before we begin today's hearing, I would like to take a 
moment to welcome the newest Member of the House Judiciary 
Committee, David Cicilline of Rhode Island's First 
Congressional District.
    Born in Providence, Congressman Cicilline moved to 
Washington, D.C., shortly after law school to work as a public 
defender before returning to Rhode Island. In 1994, he was 
elected to the Rhode Island State legislature and ultimately 
elected Mayor of Providence in 2002 and again in 2006.
    He was elected to the U.S. House of Representatives in 2010 
and is also a Member of the House Committee on Foreign Affairs. 
And we welcome you to the Judiciary Committee. [Applause.]
    Mr. Conyers. Mr. Chairman?
    Mr. Goodlatte. And I would like to recognize the Ranking 
Member for any comments that he would like to make.
    Mr. Conyers. Thank you.
    On behalf of all of us on this side of the aisle, we join 
Chairman Goodlatte in welcoming our newest Member to the 
Committee, Congressman David Cicilline, First District, Rhode 
Island. A Mayor, a public defender, practiced law in Rhode 
Island, and I am confident that his depth of experience will be 
a great asset to this Committee.
    Mr. Cicilline, we welcome you and look forward to working 
with you. [Applause.]
    Thank you.
    Mr. Goodlatte. And we welcome everyone to this afternoon's 
hearing on Examining Recommendations to Reform FISA 
Authorities, and I will begin by recognizing myself for an 
opening statement.
    Today's hearing will examine the various recommendations to 
reform programs operated under the Foreign Intelligence 
Surveillance Act, or FISA. Last summer's unauthorized public 
release of these classified programs has sparked a national 
debate about the extent of these programs and whether they pose 
a threat to Americans' civil liberties and privacy.
    There have been myriad proposals to reform or end these 
programs. We are here today to vet these proposals and discuss 
their impact on America's national security and their value in 
enhancing civil liberty protections.
    Following last year's leaks, Obama administration officials 
appeared before this and other Committees in Congress to defend 
these programs and urge Congress not to shut them down, 
including the bulk metadata collection program operated under 
Section 215 of the PATRIOT Act. But just 2 weeks ago, President 
Obama announced that he supports ``a transition that will end 
Section 215 bulk metadata program as it currently exists and 
establish a mechanism that preserves the capabilities we need 
without the Government holding this bulk metadata.''
    I am glad the President has finally acknowledged what I and 
many others concluded long ago, namely that the Section 215 
bulk metadata program is in need of significant reform in order 
to restore the trust of the American people and to protect 
Americans' civil liberties. But I am disappointed that the 
President was unable or unwilling to clearly articulate to 
Congress and the American people the value of this information 
in thwarting terror plots.
    Instead, he simply declared that it is ``important that the 
capability that this program is designed to meet is 
preserved,'' while simultaneously announcing that he was ending 
the program as it currently exists.
    The 5-year storage of bulk metadata by the NSA is arguably 
the most critical and the most controversial aspect of the 
Section 215 program. But transferring storage to private 
companies could raise more privacy concerns than it solves.
    We need to look no further than last month's Target breach 
or last week's Yahoo breach to know that private information 
held by private companies is susceptible to cyber attacks. And 
transferring storage to private companies would require the 
Government to request data from multiple companies to connect 
the dots it currently stores, thereby complicating its ability 
to quickly and efficiently compile valuable intelligence.
    Of equal importance is the impact such a storage mandate 
would have on the ability of American companies to compete in a 
global market. American technology companies are experiencing a 
lack of customer trust and a loss of international business as 
a result of the Snowden leaks, based upon the fear that 
information about their customers is readily and routinely 
turned over to the American Government.
    I suspect requiring these companies to now house the data 
specifically so the Government can access it will only 
reinforce those fears. American companies, in fact, have sought 
permission to publicly report national security requests from 
the Government to inform and, hopefully, assuage the concerns 
of their American and foreign customers.
    To that end, I am pleased the Justice Department worked 
jointly with American companies to identify information that 
can be publicly reported about the size and scope of national 
security requests. This is one step that will help provide 
greater transparency to the American people about the nature of 
our intelligence gathering programs.
    On January 17th, President Obama also announced his desire 
to transfer the query approval of metadata from the NSA to the 
FISA court. I am interested to hear from today's witnesses 
whether such a reform will, in fact, result in greater privacy 
protections without weakening national security.
    President Obama also endorsed additional privacy 
protections for foreigners overseas. He instructed the Attorney 
General and Director of National Intelligence to take the 
unprecedented step of extending certain protections that we 
have for the American people to people overseas. Specifically, 
President Obama called for limiting the duration that personal 
information about foreign nationals is stored while also 
restricting the use of this information. Is it wise to restrain 
our national security agencies by extending to foreigners the 
rights and privileges afforded Americans?
    In addition to President Obama's proposed reforms, two 
panels, the President's Review Group on Intelligence and 
Communications Technology and the Privacy and Civil Liberties 
Oversight Board, have issued reports with their own proposals 
and conflicting legal analysis. On December 12th, the review 
group issued its report.
    While the review group questioned the value of the bulk 
collection of telephone metadata by the Government, the review 
group did conclude that the program is constitutional, legal, 
and has not been abused and recommended the program continue 
with third-party or company storage.
    A majority of the PCLOB, however, issued a report on 
January 23 that questioned whether the program is 
constitutional and concluded operated illegally under the 
statute since 2006. And recommended the metadata program end 
entirely.
    I look forward to a discussion today of the constitutional 
and statutory analysis and recommendations of these two panels. 
The House Judiciary Committee has primary jurisdiction over the 
legal framework of these programs and has conducted aggressive 
oversight on this issue.
    Any reforms Congress enacts must ensure our Nation's 
intelligence collection programs effectively protect our 
national security and include real protections for Americans' 
civil liberties, robust oversight, and additional transparency.
    It is now my pleasure to recognize the Ranking Member of 
the Committee, the gentleman from Michigan, Mr. Conyers, for 
his opening statement.
    Mr. Conyers. Thank you.
    I welcome the witnesses today, the Deputy Attorney General 
in the first panel, and the witnesses coming up in the second 
panel.
    Now the 9/11 Commission, observing that Congress had 
``vested substantial new powers in the investigative agencies 
of the Government'' with the passage of the PATRIOT Act, argued 
that it would be healthy for the country to engage in full and 
informed debate on these new authorities.
    The commission concluded that when that debate eventually 
takes place, the burden of proof for retaining a particular 
Government power should be on the executive to explain that the 
power actually and materially enhances security. Today, we are 
now engaged in that debate.
    For the first time, the public understands that our 
Government is engaged in widespread domestic surveillance. This 
surveillance includes, but isn't limited to, the Government's 
collection of records on virtually every phone call placed in 
the United States under Section 215 of the PATRIOT Act.
    Consensus is growing that this telephone metadata program 
is largely ineffective, inconsistent with our national values, 
and inconsistent with the statute as this Committee wrote it. 
As the 9/11 Commission proposed, the burden rests with the 
Government to convince us otherwise.
    Reasonable people can disagree with me about whether or not 
the Government has met that burden, but there are several 
points to guide us in this debate that I believe are 
incontrovertible. First, the status quo is unacceptable. 
President Obama, his own Review Group on Intelligence and 
Communication Technology, and the Privacy and Civil Liberties 
Oversight Board all agree that the telephone metadata program, 
as currently exists, must end.
    The review group had full access to the leadership of the 
intelligence community. It concluded that there has been no 
instance in which the National Security Agency could say with 
confidence that the outcome of a case would have been different 
without the Section 215 metadata program.
    The Privacy and Civil Liberties Oversight Board came to the 
same conclusion and also observed that the operation of the 
bulk telephone record program bears almost no resemblance to 
the actual text of the statute.
    In his remarks at the Department of Justice, President 
Obama observed that because expanding technological 
capabilities place fewer and fewer technical restraints on what 
we can do, we have a special obligation to ask tough questions 
about what we should do. The President ordered immediate 
changes to the telephone metadata program and asked the 
Attorney General and the Director of National Security to 
develop options for a new approach that takes these records out 
of Government hands.
    I commend President Obama for his willingness to make these 
necessary changes. It cannot be easy for a sitting President to 
restrain his own intelligence capabilities, even if it is the 
right thing to do. After all, in the President's own words, 
there is an inevitable bias within the intelligence community 
to collect more information about the world, not less.
    My second point is that the Administration cannot solve 
this problem without Congress. The House Judiciary Committee 
must act. We are the primary Committee of jurisdiction in the 
House for the Foreign Intelligence Surveillance Act, the 
exclusive means by which the Government may conduct domestic 
surveillance.
    We are the proper forum for a debate about constitutional 
rights and civil liberties. More acutely, the Government is 
dependent on this Committee to renew the legal authorities now 
under review.
    Section 215 is scheduled to sunset on June 1, 2015. If it 
expires, all Section 215 programs, not merely bulk collection, 
expire with it. We should address bulk collection today, or we 
risk losing all of Section 215 this time next year. Unless this 
Committee acts and acts soon, I fear we will lose valuable 
counterterrorism tools, along with the surveillance programs 
many of us find objectionable.
    And finally, as this Committee moves forward, H.R. 3361, 
the USA FREEDOM Act, represents a reasonable consensus view and 
remains the right vehicle for reform. I am struck by the 
growing partisan--bipartisan consensus here. More and more of 
us seem to agree that the Congress should end bulk collection 
under Section 215 but allow the FBI's continued use of normal 
business records orders on a case-by-case basis.
    We should retain the basic structure of Section 702 of the 
Foreign Intelligence Surveillance Act but enact additional 
protections for United States persons whose communications are 
intercepted without a warrant. We should create an opportunity 
for an independent advocate to represent privacy and civil 
liberties interests before the FISA court.
    And in the service of meaningful public debate, we should 
declassify significant opinions of the FISA court, enhance 
reporting to the Congress, and allow companies to disclose more 
about their cooperation with the Government.
    These reforms are consistent with the President's remarks, 
the recommendations of the review group, and the report of the 
Privacy and Civil Liberties Oversight Board. They are also, 
point for point, the main objectives of the measure called the 
USA FREEDOM Act.
    Our colleague and former Chairman of this Committee, Mr. 
Sensenbrenner, is credited as the original author of the 
PATRIOT Act, is our lead on this bill in the House. Senator 
Leahy has introduced an identical measure in the Senate.
    The USA FREEDOM Act enjoys the support of 130 Members in 
the House, evenly divided between Democrats and Republicans. 
More than half of this Committee now supports the bill, and our 
numbers grow every week.
    And so, Mr. Chairman, I urge that you bring this bill up 
for consideration before the House Judiciary Committee as soon 
as possible because our mandate is clear. We have heard from 
the President, from his panel of experts, and from an 
independent oversight board. We will examine their proposals 
today, but the time for reform is now.
    And so, at the risk of making too much reference to the 
attacks of September 11, 2001, I close my remarks with another 
passage from the 9/11 Commission report.
    ``We must find ways of reconciling security with liberty 
since the success of one helps protect the other. The choice 
between security and liberty is a false choice, as nothing is 
more likely to endanger America's liberties than the success of 
a terrorist attack at home.
    ``Our history has shown that insecurity threatens liberty. 
Yet if our liberties are curtailed, we lose the values that we 
are struggling to defend.''
    I thank you and yield back my time.
    Mr. Goodlatte. Thank you, Mr. Conyers.
    And without objection, all other Members' opening 
statements will be made a part of the record.
    It is now our pleasure to welcome our first panel today, 
and if the members of the panel would rise, I will begin by 
swearing in the witnesses.
    [Witnesses sworn.]
    Mr. Goodlatte. Let the record reflect that all of the 
witnesses responded in the affirmative.
    Thank you, and I will begin by introducing our witnesses.
    Our first witness is Mr. James Cole, the Deputy Attorney 
General of the United States at the Department of Justice. Mr. 
Cole first joined the agency in 1979 as part of the Attorney 
General's Honors Program and served the department for 13 years 
as a trial lawyer in the Criminal Division.
    He entered private practice in 1992 and was a partner at 
Bryan Cave, LLP, from 1995 to 2010, specializing in white-
collar defense. Mr. Cole has also served as chair of the 
American Bar Association White Collar Crime Committee and as 
chair-elect of the ABA Criminal Justice Section.
    Mr. Cole received his bachelor's degree from the University 
of Colorado and his J.D. from the University of California at 
Hastings.
    Our second witness is Mr. Peter Swire, a member of the 
Review Group on Intelligence and Communications Technologies. 
The review group's mission is to review and provide 
recommendations on how, in light of advancements in 
communications technologies, the United States can employ its 
technical collection capabilities in a manner that optimally 
protects national security and advances our foreign policy 
while respecting our commitment to privacy and civil liberties, 
recognizing our need to maintain the public trust, and reducing 
the risk of unauthorized disclosure.
    Mr. Swire is also a senior fellow at the Future of Privacy 
Forum and the Center for American Progress, and policy fellow 
at the Center for Democracy and Technology. Mr. Swire is a 
professor at the Scheller College of Business at Georgia Tech, 
having previously served as a C. William O'Neill Professor of 
Law at the Ohio State University.
    Mr. Swire worked for the Clinton administration as chief 
counselor for privacy in the U.S. Office of Management and 
Budget, where he held Government-wide responsibility for 
privacy policy. In 2009 and 2010, Mr. Swire served as Special 
Assistant to President Obama for Economic Policy, serving in 
the National Economic Council with Lawrence Summers. Mr. Swire 
earned his undergraduate degree from Princeton and his juris 
doctor from Yale Law School.
    Our third witness is Mr. David Medine, the chairman of the 
Privacy and Civil Liberties Oversight Board. Mr. Medine started 
full time as chairman on May 27, 2013. Prior to serving as 
chairman, he was an attorney fellow for the Securities and 
Exchange Commission and a special counsel at the Consumer 
Financial Protection Bureau.
    From 2002 to 2012, he was a partner in the law firm Wilmer 
Hale, having previously served as a senior adviser to the White 
House National Economic Council from 2000 to 2001. From 1992 to 
2000, Mr. Medine was the Associate Director for Financial 
Practices at the Federal Trade Commission. Before joining the 
FTC, he taught at Indiana University School of Law and the 
George Washington University School of Law.
    Mr. Medine received his bachelor's degree from Hampshire 
College and his juris doctor from the University of Chicago Law 
School.
    I want to welcome all of you. I would ask each of you 
summarize your testimony in 5 minutes or less, and to help you 
stay within that time, there is a timing light on your table. 
When the light switches from green to yellow, you will have 1 
minute to conclude your testimony. When the light turns red, it 
signals the witness' 5 minutes have expired.
    And we will begin with Deputy Attorney General Cole. 
Welcome.

            TESTIMONY OF THE HONORABLE JAMES COLE, 
              UNITED STATES DEPARTMENT OF JUSTICE

    Mr. James Cole. Thank you, Mr. Chairman, Ranking Member 
Conyers, and Members of the Committee, for inviting us here to 
continue the discussion of certain intelligence collection 
activities and our efforts to protect privacy and civil 
liberties at the same time.
    We have all invested a considerable amount of energy over 
these past few months in reviewing specific intelligence 
collection programs and the legal framework under which they 
are conducted. I think it is fair to say that all of us--the 
members of the Privacy and Civil Liberties Oversight Board, the 
members of the Presidential review group, the Administration, 
and the Congress--want the same thing--to maintain our national 
security while upholding the liberties that we all cherish.
    It is not always easy to agree on how best to accomplish 
these objectives, but we will continue to work in earnest to 
advance our common interests, and we appreciate the good faith 
in which everyone has engaged in this endeavor.
    We have benefited from the consideration of these difficult 
issues by the PCLOB and the PRG, and it's a pleasure to appear 
with them today. In his speech on January 17th, the President 
laid out a series of measures to reform our surveillance 
activities that draw upon many of the core recommendations 
issued by the PCLOB and the PRG.
    The work to develop or carry out these measures is well 
underway, and I would like to highlight just a few of the most 
significant initiatives announced by the President that the 
Department of Justice is working to implement in close 
coordination with the intelligence community.
    First, we are examining alternatives to the collection of 
bulk telephony metadata under Section 215, which, as you noted, 
the President has said will end as it currently exists. The 
President has said that the capability that this program was 
designed to provide is important and must be preserved, but we 
must find a new approach that does not require the Government 
to hold this bulk metadata.
    The Section 215 program, as currently constituted, is 
subject to an extensive framework of laws and judicial orders 
and to oversight by all three branches of Government, designed 
to prevent abuse. Neither the PCLOB nor the PRG has questioned 
the rigor of that oversight system, nor has anyone identified 
any intentional misuse of the telephony metadata.
    Nevertheless, we recognize that any time large amounts of 
data are collected, whether by the Government or private 
companies, there is a potential for misuse, and it will be 
important that the new approach remains subject to a rigorous 
oversight regime. Insofar as the legality of the program is 
concerned, it is important to remember that the courts, the 
final arbiters of the law, have repeatedly found the program 
lawful, including 15 separate judges of the Foreign 
Intelligence Surveillance Court and two District Courts. There 
has been only one contrary District Court ruling, which is now 
on appeal.
    The PCLOB undertook its own analysis of the legality, but 
the members were unable to agree on whether it was authorized 
under the statute. Although we continue to believe the program 
is lawful, we recognize that it has raised significant 
controversy and legitimate privacy concerns. And as I have 
said, we are working to develop a new approach, as the 
President has directed.
    Second, we are working to develop additional restrictions 
on Government's ability to retain, search, and use in criminal 
cases U.S. person information incidentally collected when we 
target non-U.S. persons overseas under Section 702 of FISA.
    Third, the President recognized that our global leadership 
position requires us to take steps to maintain the trust and 
cooperation of people not only here at home, but around the 
world. Accordingly, he has also determined that as a matter of 
policy, certain privacy safeguards afforded for signals 
intelligence containing U.S. person information will be 
extended to non-U.S. persons where consistent with national 
security. We will be working with our colleagues in the 
intelligence community to implement that policy directive.
    Fourth, the department is working to change how we use 
national security letters so that the nondisclosure 
requirements authorized by statute will terminate within a 
fixed time unless the Government demonstrates a need for 
further secrecy. Although these nondisclosure obligations are 
important in preserving the viability of national security 
investigations, these reforms will ensure that secrecy extends 
no longer than necessary.
    Fifth, the President called upon Congress to authorize the 
establishment of a panel of advocates from outside the 
Government to provide an independent voice in significant cases 
before the FISC. We believe the ex parte process has functioned 
well. The court, however, should be able to hear independent 
views in certain FISA matters that present significant or novel 
questions. We will provide our assistance to Congress as it 
considers legislation on this subject.
    Sixth, we have already taken steps to promote greater 
transparency about the number of national security orders 
issued to technology companies, the number of customer accounts 
targeted under those orders, and the legal authorities behind 
those requests. As a result of the procedures that we have 
adopted in this regard, technology companies have withdrawn 
their lawsuit concerning this issue.
    Through these new reporting methods, technology companies 
will be permitted to disclose more information to their 
customers than ever before. We look forward to consulting with 
Congress as we work to implement the reforms outlined by the 
President and as you consider various legislative proposals to 
address these issues.
    I'll be happy to take any questions you may have.
    [The prepared statement of Mr. James Cole follows:]

    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                               __________

    Mr. Goodlatte. Thank you.
    Mr. Swire, welcome.

 TESTIMONY OF PETER P. SWIRE, REVIEW GROUP ON INTELLIGENCE AND 
                   COMMUNICATIONS TECHNOLOGY

    Mr. Swire. Thank you, Mr. Chairman and Ranking Member 
Conyers and Members of the Committee.
    I appreciate the opportunity to testify today on behalf of 
the five members of the review group and the invitation and the 
request was rather than this being my personal statement, that 
it be reflecting the group's effort and our report that was 
issued in December.
    The review group is a group of five people. I'll briefly 
describe them in the context of our work and how we came to our 
recommendations.
    One of the members is Michael Morell, who had more than 30 
years in the CIA as a professional intelligence officer, and he 
finished his time there as Deputy Director of the CIA. So we 
had the benefit in our group of somebody with many years of 
deep experience in the intelligence community.
    Richard Clarke had been the senior cybersecurity and anti-
terrorism adviser, both to President Clinton and President 
George W. Bush. So he came to this with both technological and 
Government experience in many different respects.
    Cass Sunstein is, I think, the most cited law professor in 
the United States, a professor at Harvard right now, and he has 
spent 5 years as the Director of the Office of Information and 
Regulatory Affairs at OMB, with a detailed knowledge of the 
Government and how it operates.
    And Geoffrey Stone is the former dean of the University of 
Chicago Law School, and he's an expert, among other things, on 
civil liberties in the time of war.
    So I felt privileged to be working with these four 
distinguished gentlemen. My own background is primarily in the 
area of privacy, technology, and law, how these come together, 
and I'll mention two parts of the background that are relevant 
to today's hearing.
    For one, when I worked under President Clinton, I was asked 
to chair an administration process to propose legislation on 
how to update wiretap laws for the Internet. And in the fall of 
2000, this cleared administration proposal came before this 
Committee for a hearing where the Department of Justice 
testified, and some of the people here today asked questions of 
that. So how to do the law around wiretaps on the Internet is 
something we've been wrestling with for quite some time.
    The second thing is that in 2004, I published an extensive 
article on the history and issues surrounding FISA, which 
touches on some of the issues we'll address today.
    In terms of the review group, in August, the five of us 
were invited to come meet with the President and be named to 
the review group, and I'd like to just take a moment on the 
charter of our group. The charter was to try to bring together 
things that are hard to bring together.
    How do we do national security? How do we maintain our 
foreign allies and relationships with other countries, 
including commercial relationships? How do we preserve privacy 
and civil liberties in this new technological age? How do we 
maintain public trust? And finally, how do we address the 
insider threat, which we've seen can be a very--a big problem 
in terms of maintaining classified secrets?
    So, within these national security, commercial, civil 
liberties and public trust things, how do we put this all 
together in a package? The--our job was to be--as tasked by the 
President, was to be forward looking. Where should we go from 
here? So I'd like to emphasize we did not do a constitutional 
analysis of any of the programs. That was not what we thought 
our job was.
    We also did not do a specific statutory analysis of whether 
something was or was not lawful that was being done 
specifically around 215. Others have taken on those tasks. Our 
group did not do that constitutional or statutory analysis. We 
thought putting these five major goals together into a report 
was plenty for us to take on during the fall.
    One of the things about our group is that we, in addition 
to being forward looking, were not limited to counterterrorism 
in our mission. And so, the PCLOB, as David Medine will talk 
about, has statutory authorities specifically focused on 
counterterrorism. We were asked to take on broader issues 
around foreign affairs, et cetera, that in some cases go beyond 
that scope.
    We met during the fall each week. We got briefed 
extensively on a classified basis from the agencies. We had 
detailees from the agencies. Every question we asked for, we 
got answered. The agencies were outstanding in their 
cooperation.
    We presented our preliminary findings orally to the 
President's top advisers during the fall and, on December 11th, 
transmitted our report to the White House. This was our report. 
It was submitted for declassification review to make sure we 
weren't releasing classified secrets, but the recommendations 
were the group of five, it was our own.
    And as it turned out, after we did this work together, the 
civil liberties people in our group, the anti-terrorism, the 
CIA people in the group, all of us came to consensus. So every 
sentence of the report turned out to be agreed to by all five 
of us. As I testify and as I answer your questions today, my 
effort will be to accurately reflect the report that brought 
these disparate views together.
    Our--we met with the President after the report was 
submitted. Our report was released in mid December, has been 
extensively discussed in the press and elsewhere, and the 
review group formally ceased to exist after the President's 
speech.
    So I'm here as a private citizen, but doing my very best to 
reflect the views of the five people on the review group. So I 
look forward to taking questions from you all.
    Thank you.
    [The prepared statement of Mr. Swire follows:]

    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
                               __________

    Mr. Goodlatte. Thank you.
    Mr. Medine, welcome.

                  TESTIMONY OF DAVID MEDINE, 
          PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD

    Mr. Medine. Thank you, Mr. Chairman, Ranking Member 
Conyers.
    Mr. Goodlatte. You want to hit the button there on your--
good. Pull it close to you as well.
    Mr. Medine. There we go. Thank you, Mr. Chairman, Ranking 
Member Conyers, and Members of the Committee, for the 
opportunity to testify regarding recommendations to reform the 
Nation's intelligence gathering program.
    I'm the chairman of the Privacy and Civil Liberties 
Oversight Board, an independent, bipartisan agency in the 
executive branch tasked with ensuring that our Nation's 
counterterrorism efforts are balanced with the need to protect 
privacy and civil liberties.
    I'd like to offer both my statement and the board's report 
for the record. The board's report focuses on the 215 program 
and the operations of the Foreign Intelligence Surveillance 
Court. And most of the recommendations are unanimous in our 
report. I will highlight some of the areas where there was lack 
of unanimity.
    But before I start, I'd like to express the board's respect 
and admiration for the men and women in the intelligence 
community, who work tirelessly to protect our country day and 
night and uphold our values. We hold them in the highest 
regard, based on everything we have observed during the course 
of conducting our study.
    In June, many Members of Congress and the President asked 
us to prepare a report on the 215 and 702 programs conducted by 
NSA. Our 702 report will be issued in a couple of months.
    In the course of conducting our study, we had briefings 
with a number of intelligence agencies and had an opportunity 
to see the 215 program in action. We held two public events to 
get public input, as well as soliciting public comment, and met 
with industry groups, trade associations, and advocates 
regarding this program. This culminated in our release on 
January 23 of our report addressing, again, the 215 program and 
reforms to the FISC.
    With regard to the 215 program, we conducted a statutory 
analysis and concluded that the program lacks a viable 
foundation in the law. We also looked at the First and Fourth 
Amendment of the Constitution and concluded that the program 
raised serious concerns under both of those amendments.
    We examined the privacy and civil liberties consequences of 
the program and found them serious because the program contains 
highly sensitive information. Citizens may be chilled in 
exercising their associational rights, in engaging with 
reporters or religious groups or political organizations, 
knowing that the Government is collecting information about 
them.
    This is also information that's subject to potential abuse. 
We did not see any abuse now, but we certainly know lessons 
from the 20th century where there were abuses of surveillance 
of civil rights leaders and anti-war activists and others. And 
so, gathering this information by the Government does raise 
serious privacy and civil liberties consequences.
    But we also looked at the efficacy of the program, and we 
looked at each of the instances in which there were claimed 
successes in the program. We had classified information, and we 
checked our facts with the intelligence community. And after 
that analysis, we concluded that the benefits of the program 
are modest at best, and they are outweighed by the privacy and 
civil liberties consequences.
    As a result, a majority of the board recommended that the 
program be discontinued, and the entire board recommended that 
there be immediate changes to the program to add privacy and 
civil liberties protections. The dissenting members of the 
board felt that the Government's interpretation of the program 
in the law was reasonable and that with the privacy changes 
that we are proposing on the interim basis, that they would be 
comfortable with having the program continue with those 
changes.
    Turning to the Foreign Intelligence Surveillance Court, the 
board unanimously recommends changes to the operation of the 
court, both to bolster the court's confidence with the public 
and as well as let the court benefit from adversary 
proceedings, which are the heart of the judicial process.
    So, accordingly, the board recommends that a panel of 
special advocates be created, made up of private attorneys 
appointed by the court in cases involving significant legal and 
policy issues and new technologies so that there is another 
side presented besides the Government's position, to argue on 
both statutory and constitutional grounds.
    We also recommend that there be an opportunity to appeal 
decisions of the court by the advocate. There have only been 
two appeals ever to the Foreign Intelligence Surveillance Court 
of Review, and we think there's a benefit from the appellate 
process and, therefore, recommend a mechanism by which we think 
you can constitutionally have the special advocate obtain 
appellate review of the decisions.
    And then we also encourage the court to obtain more 
technical assistance and outside legal views because these are 
complex issues that the court is confronting, and the court 
could benefit from technology advice.
    And lastly, the board focused on transparency issues. In 
our democracy, there's a tension between openness and secrecy 
with regarding our intelligence programs. We've made 
recommendations that we believe serve both of those values, and 
most of those recommendations are unanimous as well.
    So thank you very much for the opportunity to appear, and 
I'd be happy to answer your questions.
    [The prepared statement of Mr. Medine follows:]

    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
    

                               __________

    Mr. Goodlatte. Thank you, Mr. Medine.
    I will begin the questioning and will start with Deputy 
Attorney General Cole. Both the PCLOB and the review group have 
questioned the value of the bulk metadata program. Congress has 
been waiting for a long time for the Administration to explain 
exactly why bulk collection is crucial to national security.
    So, Deputy Attorney General Cole, this is the 
Administration's opportunity to explain to Congress why bulk 
collection, as opposed to other intelligence measures, is 
necessary to protect our citizens.
    Mr. James Cole. Well, Mr. Chairman, I think to understand 
this, we first have to understand the value of trying to make 
the connections, connect the dots between people who we know 
are involved in terrorist activity or have reasonable, 
articulable suspicion to believe are, and the other people that 
they may be acting with, both inside and outside of the United 
States.
    That's a very useful tool. It's not the only piece of 
evidence you would need in an investigation. And in fact, in my 
years as a prosecutor, there is rarely one piece of evidence 
that makes the case. It's a whole fabric of evidence that's 
woven together, small pieces that relate to each other that 
become useful once they're compared with and connected with 
many others.
    This is a tool that gives us one of those pieces of 
information, the connections from one person to another. And in 
order to be able to get it in a useful way, the initial view 
and the most expeditious way to do it was to have the bulk 
collection of the mass of telephone records with significant 
restrictions on how we could access it.
    So that we could, when we find a phone number associated 
with a certain terrorist group, we can search through the other 
records and find those connections. Now we can find other ways, 
and we are finding other ways to try and approximate and gain 
that same kind of information.
    Mr. Goodlatte. Let me ask you about one subset of that that 
is very, very important and seems to be the thing that concerns 
many people the most. The President's review group has 
recommended that the storage of bulk metadata be transferred to 
a third party or to company storage. The President also 
indicated that it is his preference as well.
    How does third-party storage protect Americans' privacy 
more than Government storage, and does the President have 
additional ideas for reform beyond third-party storage?
    Mr. James Cole. Well, Mr. Chairman, we're trying to work 
through the best way to go about this, and the President has 
given us this direction, and we are looking for all the 
possible alternatives. The President's review group made that 
recommendation. The PCLOB noted that there are issues with all 
of the different alternatives that you can use here.
    I think one of the issues that comes to mind is that the 
Government has certain powers that private groups don't have, 
and there is a concern among the American people when the 
Government has possession of all of those records and the 
powers that go with the Government, that they would prefer that 
the Government not have those records, that some private party 
have them.
    Obviously, we need to make sure that strict controls are 
put on, as they were when the Government possessed the bulk 
data, to make sure that they're not abused. And it's very, very 
important to make sure that those strict controls, as had been 
done under the bulk collection, are continued regardless of 
where these records reside.
    Mr. Goodlatte. Let me ask you one follow up to that. That 
is really a critical question here. The third-party storage is 
really an idea that is still in progress.
    If the Administration finds that third-party storage is not 
a viable option, what would be the President's recommendation 
for moving forward, continue the bulk collection program or 
ending it?
    Mr. James Cole. I think that's the process we're going 
through right now. I don't want to try and get too far ahead of 
it and hypothesize about where we may end up by the time we 
have to make recommendations to the President and he makes a 
decision. But obviously, the providers already----
    Mr. Goodlatte. You have heard the Ranking Member. There is 
legislation before the Committee. There are other legislative 
ideas than the one he referenced. But he and many others are 
chomping at the bit to move forward, and having the 
Administration's position on this critical aspect of this is 
important.
    So we need to know the answer to that sooner rather than 
later.
    Mr. James Cole. And we're working on trying to get that 
answer, and we'll provide it to you. The providers already keep 
these records for a certain period of time, and some keep it 
longer than what is required under regulations.
    And so, we have to work through what we think is the 
optimal period of time that the records need to be kept if 
there's going to be a provider keeping it solution.
    Mr. Goodlatte. And I want to direct one question to Mr. 
Medine before my time expires. The PCLOB majority recommends 
ending the bulk collection of telephony metadata under Section 
215. The majority also recommends, however, that the program 
continue with certain modifications.
    Why did the majority not recommend the immediate end to the 
program?
    Mr. Medine. The majority looked to how other programs have 
been continued when, say, courts have struck them down. Even 
the Supreme Court has found programs unconstitutional and, 
nonetheless, gave the Government an opportunity to transition 
to a new program.
    And so, rather than shut it off, we felt we followed the 
approach that the courts have taken, which is to say let's 
quickly transition into another program, either keeping the 
information with providers or some other mechanism as 
developed.
    Mr. Goodlatte. Well, you are talking about courts in other 
cases because the court----
    Mr. Medine. Nothing--not in this case.
    Mr. Goodlatte. I haven't heard them say that in this case.
    Mr. Medine. But we've looked at precedent of how, if a 
program has been found to be illegal or unconstitutional, 
courts oftentimes don't just shut it down. They give an 
opportunity to transition, and we thought that--especially 
since we're not a court, that it was reasonable to recommend 
that there be a period of transition, hopefully brief, to a 
different program.
    Mr. Goodlatte. Thank you.
    The gentleman from Michigan, Mr. Conyers, is recognized for 
5 minutes.
    Mr. Conyers. Thank you.
    And I thank the witnesses.
    I would like to begin by asking Mr. Medine about the 
telephone metadata program. Let us get right to it. Is the 
telephone metadata program consistent with the plain text of 
Section 215?
    Mr. Medine. Ranking Member Conyers, in the view of the 
majority of the board, it is not for a number of reasons. As I 
think you indicated in your statement, in many ways, it barely 
reflects the language of the statute.
    Mr. Conyers. And it also makes it clear that it must be 
relevant, and relevant does not mean everything. And I think 
that that is a very important way for us to begin looking at 
this.
    Mr. Swire, the review group's report proposes the 
Government only seek business records under Section 215 on a 
case-by-case basis. Why is targeted collection a preferable and 
sufficient alternative to bulk collection?
    Mr. Swire. Thank you, Congressman.
    The review group in many instances thinks that targeted 
collection to face serious threats is traditional law 
enforcement and national security practice. When you identify 
particular people who create risks, it's wise to follow up on 
those.
    We also, on bulk collection, on 215 in particular, found 
that there had not been any case where it had been essential to 
preventing an attack. The review group did find, as a group, 
that there was usefulness in Section 215 bulk collection, and 
we thought that transitioning it away from Government holding 
of the data was better within our system of checks and balances 
than having it held by the Government.
    Mr. Conyers. Thank you.
    The report also says that the Government should no longer 
hold telephone metadata. If the Government can only collect 
metadata with a particularized showing of suspicion and the 
Government cannot hold information in bulk, what is left of the 
telephone metadata program?
    Mr. Swire. Well, what's left is similar to metadata in 
other circumstances. This Committee knows about trap and trace 
and pen register authorities, which are done under standards 
much less than probable cause. It's much easier to get the 
metadata as step one to an investigation, and everything in our 
approach is consistent with using a judicial step, but a step 
with less than probable cause to go forward with the 
investigations.
    Mr. Conyers. Mr. Deputy Attorney General, in his January 
17th remarks, President Obama asked the Justice Department to 
develop options for a new approach that can match the 
capabilities and fill the gaps that the Section 215 program was 
designed to address without the Government holding this 
metadata itself.
    What range of options might we consider as alternatives to 
the Government storing this information, if your group has 
gotten that far in its work?
    Mr. James Cole. Well, certainly, Mr. Ranking Member, there 
are three options that come to mind just off the top of my 
head, which is--or two options. One is a third party who would 
gather all of the data together so that the access could be 
across providers, which was the--one of the efficient and 
effective aspects of the metadata bulk collection program.
    The other is to have the providers keep it. At this point, 
under regs, they're required to keep it for about 18 months. It 
might require legislation, if we deem that not to be a 
sufficient amount of time, to require them to keep it longer. I 
don't think they really favor that option.
    We're also trying to think outside the box and see if there 
are any other options that we can come up with. There's a lot 
of very talented and very capable people trying to think 
through this problem and trying to find whatever creative 
solutions we can.
    Mr. Conyers. Thank you.
    And my last question is to Mr. Medine. Both your board and 
the review group find that the bulk collection program has 
never disrupted a terrorist--a terror plot. The report also 
closely examines the 12 cases in which the Government says the 
telephone metadata program has contributed to a success story 
in a counterterrorism investigation.
    What were those contributions, and do any of them to you 
justify a massive domestic call records database?
    Mr. Medine. Mr. Ranking Member, we have analyzed carefully 
all of the success stories and, as you indicate, did not find 
any instance in which a plot was disrupted or an unknown 
terrorist was identified. However, there are some aspects of 
the program that have produced some benefits. One, a material 
assistance case benefited from use of the 215 program.
    And there are also the ``peace of mind'' concept, which is 
sometimes it's helpful to know there isn't a U.S. connection to 
a potential plot that's underway overseas. But we found in 
those and any other instances where the program had had 
successes, that those successes could have been replicated 
using other legal authorities without the need to collect bulk 
telephone metadata and all of the privacy and civil liberties 
problems associated with that collection.
    Mr. Conyers. Mm-hmm. Thank you, Mr. Chairman.
    Mr. Goodlatte. Thank you.
    The Chair recognizes the gentleman from Wisconsin, the 
Chairman of the Crime, Terrorism, Homeland Security, and 
Investigations Subcommittee, Mr. Sensenbrenner, for 5 minutes.
    Mr. Sensenbrenner. Thank you very much, Mr. Chairman.
    I was the principal author of the PATRIOT Act that was 
signed by President Bush in 2001, and I also was the principal 
author of the two reauthorizations in 2006 and in 2011. Let me 
say that the revelations about Section 215 were a shock and 
that if the bulk collection program was debated by the Congress 
in each of these three instances, it never would have been 
approved.
    And I can say that without qualification. Congress never 
did intend to allow bulk collections when it passed Section 
215, and no fair reading of the text would allow for this 
program.
    The PCLOB said, ``The Section 215 bulk telephone records 
program lacks a viable legal foundation under Section 215, 
implicates constitutional concerns under the First and Fourth 
Amendments, raises serious threat to privacy and civil 
liberties as a policy matter, and has shown only limited 
value.''
    I agree with that. Now the Administration, the argument 
that they use under Section 215 is essentially that if the 
Administration and the intelligence community wants something, 
it is relevant. And that is not a limiting principle, which 
everybody thought relevant was, it is a vacuum cleaner, and 
that is why there has been such outrage, both here and 
overseas, that has impacted our intelligence community and also 
implicated the commercial relationship between us and foreign 
countries, particularly major trading partners in the European 
Union.
    And I am very worried about an intelligence review 
structure where the Administration and the FISCs could sanction 
this. That is why Mr. Conyers and I, together with a lot of 
Members equally divided between Republicans and Democrats, have 
sponsored the USA FREEDOM Act.
    We attempted to make the FREEDOM Act a balance between the 
civil liberties concerns that have been expressed in the last 7 
months, as well as the need to have an active intelligence 
operation. Now Section 215 expires in June of next year. And 
unless Section 215 is fixed, you, Mr. Cole, and the 
intelligence community will end up getting nothing because I am 
absolutely confident that there are not the votes in this 
Congress to reauthorize Section 215.
    Now the FREEDOM Act is the only piece of legislation that 
attempts to comprehensively address this problem in a way that 
I think will get the support of a majority of the Members of 
both the House and the Senate. The Feinstein bill I think is a 
joke because it basically prohibits bulk collection, except as 
authorized under a subsection, which authorizes the 
intelligence community to keep on doing business as usual.
    Mr. Cole, I think that we are smart enough to recognize 
that for what it is. And it is a joke. There hasn't been 
anything else that has come from the Administration or 
elsewhere to deal with this issue, and the clock, sir, is a-
ticking. And it is ticking rapidly, and this is going to have 
to be addressed in this year, even though it is an election 
year.
    Now will the Department of Justice, Mr. Cole, support the 
FREEDOM Act? And all I need is a ``yes'' or ``no'' answer.
    Mr. James Cole. Uh----
    Mr. Sensenbrenner. Not ``yes, but'' or, ``no, of course.'' 
But ``yes'' or ``no.''
    Mr. James Cole. The Department of Justice is a big place, 
Senator, and at this point, we have not taken a position on the 
FREEDOM Act. We'd be more than happy to----
    Mr. Sensenbrenner. Well, then I----
    Mr. James Cole [continuing]. Work with you on that.
    Mr. Sensenbrenner. Well, then--well, I haven't seen any 
indication of that to date, and I would urge you to hurry up 
and to get the big place together. Because the FREEDOM Act are 
reasonable reforms that have been emphasized as necessary and 
responsible by both the PCLOB and the review panel. There is 
nothing else out there to fix this up.
    So you have a choice between reaching something that will 
be supported by a majority of the Congress or letting the clock 
tick, and come June 1 of next year, there will be no authority 
for anything under Section 215.
    Now if the Administration has got problems with the Leahy-
Sensenbrenner-Conyers bill, let us talk about it. But it is 
past time for genuine reform, and I can tell you, sir, that if 
the Administration doesn't want to weigh in on this, I am sure 
that Congress will do so. And I don't want to hear any ex post 
facto complaining.
    My time is up.
    Mr. Goodlatte. The Chair recognizes the gentleman from New 
York, Mr. Nadler, for 5 minutes.
    Mr. Nadler. Thank you very much, Mr. Chairman.
    Let me first do something I rarely do, which is to express 
my complete and total agreement with the gentleman from 
Wisconsin. [Laughter.]
    Both in his analysis of the misuse and abuse of Section 215 
and of what will happen to Section 215 if it is not 
substantially modified either this year or early next year.
    Mr. Conyers and I and various others opposed the Section 
215 version that was adopted back in 2001 and again in 2006 and 
2011. We thought it was too broad. But now we have even that 
very broad version completely taken over the side by the 
Administration, by two Administrations, actually, and by the 
FISC.
    And the fact that the FISC several times determined that 
the use of Section 215 as authorization for what amounts to a 
general warrant, all right? You can collect all data, and then 
you can access that data without a specific warrant to access 
it or even a court order to access it, based on reasonable and 
articulable suspicion, but simply by an NSA or CIA officer 
saying, ``We really need to look at that particular phone,'' is 
a derogation of all of American history, frankly, since 17--it 
is why we put the Fourth Amendment in because we objected to 
the British general warrants.
    And we have, in effect, reestablished that here. And that 
will not stand. It cannot be allowed to stand.
    So let me simply echo that it has got to change. There is 
no excuse for picking everything and then allowing access to 
that without some sort of a specific court order.
    And the fiction that the warrant that the FISA court grants 
and says Verizon or AT&T shall give the Government access, you 
know, all telephone metadata over a 3-month period is a 
warrant, is a specific warrant that negates the necessity for a 
warrant or a court order for more specific information is just 
that, a fiction, and it is a general warrant. And it cannot be 
permitted to stand, and it won't be permitted to stand.
    So I will second Mr. Sensenbrenner and urge you to swiftly 
get the department together and to if you don't want the 
FREEDOM Act to pass it the way it is or Section 215 simply to 
not be extended, which might be the best solution, frankly, 
from my point of view, you better come in with very specific 
recommendations.
    Now let me say last week in testimony before the Senate, 
some Administration officials suggested that terrorist plots 
thwarted is not the appropriate metric for evaluating the 
effectiveness of the program. And yet for months, the 
Administration has made precisely the opposite argument.
    For example, in a September letter to NSA employees, 
General Alexander wrote that the agency has ``contributed to 
keeping the U.S. and its allies safe from 54 terrorist plots.''
    We have heard this 54 terrorist plots line repeated on 
several other occasions, although PCLOB and a lot of others 
have discredited it. Why has the argument changed? Why are we 
now to apply a different set of metrics to the program?
    Mr. James Cole. I assume that's directed to me, Mr. Nadler.
    Mr. Nadler. Yes, it is.
    Mr. James Cole. Well, first of all, I think to a degree 
you're going to have to ask the people who made those 
statements. I don't think any of them were from the Department 
of Justice.
    We have been, and actually, some of the members of the 
PCLOB have agreed that that is--the past success or failure is 
not the only metric to use, or necessarily the best one. That 
there are many different ways to assess the utility of the 215 
program that doesn't always have to be, as I said earlier, the 
smoking gun or the nail in the coffin that gives you the single 
piece of evidence that will lead to success. It's one piece of 
evidence.
    Mr. Nadler. Okay. Thank you.
    I am sorry to cut you off, but I have another question I 
must get in. National security letters empower the FBI and 
other Government agencies to compel individuals and 
organizations to turn over many of the same records that can be 
obtained by Section 215. But NSLs are issued by FBI officials, 
not by a judge or by a prosecutor in the context of a grand 
jury investigation.
    As the Government has explained their use of this to this 
Committee, NSLs are used primarily to obtain telephone records, 
email subscriber information, and banking and credit card 
records. The FBI issued 21,000 NSLs in fiscal year 2012. The 
oversight and minimization requirements for these NSLs are far 
less rigorous than those in place for Section 215 orders.
    The review group recommends ``that all statutes authorizing 
the use of national security letters should be amended to 
require the use of the same oversight minimization, retention, 
and dissemination standards that currently govern the use of 
Section 215 orders.''
    Should we adopt that recommendation? Is there any reason 
that the two programs should not be harmonized? For that 
matter, is there any reason that NSLs should exist in addition 
to Section 215 authorization in whatever form we extend it, if 
we do?
    Mr. James Cole. Well, actually, under the NSL program, you 
can't get the same records you can get with 215. It's much more 
limited under NSLs as to just specific categories of records. 
Whereas, 215, grand jury subpoenas, things like that, the 
records are almost unlimited as to the nature or the type that 
you can get.
    So there's a restriction in NSLs. They're used really in 
the main as part of preliminary inquiries----
    Mr. Nadler. Yes, but my point is if you can get it as under 
215, if, in fact, 215 is broader, why do you need NSLs ever?
    Mr. James Cole. It may just be a question of, again, how 
many times you need that information and whether or not you go 
to a court. In a grand jury situation, subpoenas are issued 
without the involvement of the court many, many, many times, 
probably as frequently, if not more so, as NSLs.
    Mr. Sensenbrenner [presiding]. The gentleman's time has 
expired.
    Mr. Nadler. Thank you.
    Mr. Sensenbrenner. The gentleman from North Carolina, Mr. 
Coble?
    Mr. Coble. I thank the Chairman.
    Gentlemen, good to have you all with us.
    Mr. Cole, I was going to talk to you about bulk collection, 
but I think that has been pretty thoroughly examined.
    Mr. Swire, let me go to you. The review group's report 
recommended a transition of Section 215 bulk metadata from 
Government storage to storage providers or third parties. This 
recommendation is consistent with recent guidance put forth by 
the Administration after its own review.
    Last week, it was reported by Yahoo that information 
relating to email accounts and passwords, likely in the hands 
of such a party database, had been compromised due to a 
security breach. Are you concerned that Section 215 metadata 
could be similarly compromised after transitioning to a private 
provider or third-party storage?
    Mr. Swire. Thank you, Congressman.
    A couple of observations. One is, of course, that the 
National Security Agency itself has had leaks and lack of 
complete security for its documents. So we're not comparing 
perfect with perfect. We face these challenges for databases in 
each case.
    A second observation is that the telephone companies hold 
telephone records. That's part of what they do and have done, 
and one of the options that we put forward is that the 
telephone companies would continue to hold these.
    So it's not a question of some new risk that we bring into 
the world. It's a risk that we face both from the Government 
side and the private sector side when we have these databases.
    I'm not sure if I--your----
    Mr. Coble. I think that was appropriate. Thank you, sir.
    Mr. Swire. Okay.
    Mr. Coble. Mr. Medine? The FISA court has repeatedly upheld 
through its orders approving the NSA metadata program 
production of records to an agency other than the FBI. Did the 
privacy and civil liberties oversight majority take this into 
account?
    Mr. Medine. Yes, sir. Section 215, on its face, only 
permits the FBI to make requests and obtain access to telephone 
records, despite the fact that under the current system it is 
the NSA that obtains that information. And so, we think that 
was one of a number of respects in which the current program 
does not match the requirements of Section 215.
    Mr. Coble. So you have no discomfort with that?
    Mr. Medine. Excuse me?
    Mr. Coble. You have no discomfort or problem with that?
    Mr. Medine. Yes. We have discomfort with a number of 
aspects of compliance. As was discussed earlier, the scope of 
relevance under the statute, the fact that information has to 
be linked to a specific investigation, and something that we 
haven't touched on yet, which is the Electronic Communications 
Privacy Act does not permit telephone companies to provide 
information to the Government under the 215 program at all in 
either an individual request or on a bulk basis.
    The Electronic Communications Privacy Act only has an 
exception for national security letters and a few other areas. 
So we think that it makes sense to discontinue--the majority 
does, to discontinue the 215 program and move to other legal 
authorities.
    Mr. Coble. Thank you again, gentlemen, for being with us 
this morning.
    I yield back, Mr. Chairman.
    Mr. Sensenbrenner. The gentleman from Virginia, Mr. Scott?
    Mr. Scott. Thank you, Mr. Chairman.
    Mr. Cole, you offered several procedural changes as 
recommendations. To paraphrase President Reagan, we need to 
trust, but codify. Would you object to those recommendations 
being codified rather than just remaining as administrative 
process?
    Mr. James Cole. I think as the President mentioned in his 
speech, he's anxious to work with Congress on many of these 
things to try and find the right solutions that we have. I know 
the USA FREEDOM Act, many of the goals that are set out there 
are goals that we share.
    As I said in my opening, sometimes we have different ways 
of getting there, but we all seem to share the right goal 
together.
    Mr. Scott. And follow-up, several other questions. We 
frequently hear that the information gathered was helpful. I 
find that legally irrelevant. So let me just ask a question. If 
a collection of data were illegal, would a finding that it was 
helpful provide retroactive immunity for illegally collecting 
evidence?
    Mr. James Cole. No, Mr. Scott, it would not. If the 
collection is illegal, the standard would not be met.
    Mr. Scott. Thank you.
    Mr. Swire, there was a case a couple of months ago in DNA 
that found that if DNA is legally collected, that there is no--
there is no prohibition against running it through the database 
to see if the person had committed another crime. If I were to 
go up to you, if a law enforcement agency would go up to you 
and say, ``I would like some DNA to see if you have committed 
crime,'' that would be legally laughable.
    There appears to be no statutory limitation on what you can 
do with this information. So I guess my question is under--you 
recommended under 702 that if you have collected information 
about a U.S. person, you can never use it in any proceeding. 
That would, of course, eliminate any incentive to get the 
information in the first place if it was for something other 
than foreign intelligence.
    If that is your recommendation for 702, would that also be 
your recommendation on 215, that you cannot use this data for 
other proceedings?
    Mr. Swire. Thank you, Congressman.
    Under Section 702, the target, by statute, is supposed to 
be somebody outside the United States. But sometimes they're in 
communication with people in the United States, and the concern 
behind our recommendation here is the possibility, which we 
have not seen in practice, is the possibility that the 702, do 
it overseas, could turn out to be a way to gather lots of 
information about United States people.
    And so, we made a recommendation to say that that would not 
be used in evidence in court as a way to prevent that 
temptation to use the authority to go after U.S. persons.
    In terms of 215, we don't have the same statute that's 
specifically targeted at overseas. 215 can be for domestic 
phone calls as well. So we didn't have this using our overseas 
authorities to get people domestically----
    Mr. Scott. But you're using foreign intelligence excuse to 
gather information that is subsequently used for criminal 
investigation.
    Mr. Swire. We did not make a recommendation about 
subsequent use, but we, I think--I think all of us recognize 
using foreign intelligence powers for purely domestic phone 
calls has been something that's drawn a huge amount of 
attention to these issues and is something that historically 
has been something that's been looked at carefully when the CIA 
or other agencies have done it.
    So that's a concern using foreign intelligence issues 
authorities for domestic purposes.
    Mr. Scott. Let me follow through with another question that 
has been kind of alluded to, and that is that you want to limit 
Section 215 by ensuring that there is reasonable grounds to 
believe that it is relevant to an authorized investigation and 
the order is reasonably focused in scope and breadth.
    Can you explain how that recommendation varies from what 
everybody up here thought was present law?
    Mr. Swire. Well, I think when we talk about like a 
subpoena, an order should be reasonable in focus, scope, and 
breadth.
    Mr. Scott. We wouldn't have to put that in a statute to 
assume that to be the case, right?
    Mr. Swire. Well this gets into the statutory interpretation 
of the current 215. Our group did not take a position on that. 
The Government and the Privacy and Civil Liberties Oversight 
Board have come to different views on that.
    Mr. Scott. That we would have to put reasonable in scope 
and breadth in the statute for that to be assumed?
    Mr. Swire. Our recommendation was that a judge be involved 
in these things and that there be a reasonable breadth 
requirement explicitly in statute so that it's clear from 
Congress that that's what you intend.
    Mr. Scott. You also indicated a recommendation that the NSA 
not be involved in collection of data other than foreign 
intelligence. Can you explain what the NSA is doing that is not 
involved in foreign intelligence?
    Mr. Swire. In our--in our report, we talk about two other 
areas the NSA currently has or bears very important 
responsibilities. Currently, the Director of the NSA is also 
the Director of Cyber Command, which is part of the military 
operation for combat-related activities in cyberspace. We 
thought that was quite a different function from foreign 
intelligence collection.
    The NSA also has responsibilities for what's called 
information assurance, protecting our classified and other 
systems, and we thought that defensive role is quite different 
from the offensive role of gathering intelligence and 
recommended those functions be split. The President has not 
decided to adopt either of those recommendations.
    Mr. Scott. Thank you.
    And Mr. Cole, are you aware of any abuses in the use of 
classified information? Things like I think there is a thing 
called LOVEINT. Are you familiar with that?
    Mr. James Cole. I've heard that phrase, yes, sir.
    Mr. Scott. What is that?
    Mr. James Cole. I think it's when you have somebody who is 
dating somebody, and they have access to one of these databases 
or a database and uses it to look at their--the person they're 
dating and find out who they're talking to and who they're in 
contact with. That's what I understand it to mean.
    Mr. Scott. And that happens?
    Mr. James Cole. I think there have been a few instances. I 
think the NSA had noted a few instances of it. I don't think 
they existed under 215. I think they may have existed under 
other authorities, but I think there has been just a handful of 
those over time.
    Mr. Scott. And what happens?
    Mr. James Cole. And they've been dealt with immediately.
    Mr. Scott. And what has happened to the culprits?
    Mr. James Cole. I know that most, if not all of them, lost 
their jobs. There were referrals in many of those cases to the 
Justice Department to consider whether or not prosecution would 
be appropriate.
    Mr. Scott. Thank you, Mr. Chairman.
    Mr. Goodlatte [presiding]. Thank you.
    The Chair recognizes the gentleman from Alabama, Mr. 
Bachus, for 5 minutes.
    Mr. Bachus. Thank you.
    I would ask all three of the panelists is relevancy for 
purposes of intelligence gathering different from relevancy for 
purposes of, say, a criminal investigation or civil 
investigation? Shouldn't it be a--shouldn't the standard be 
somewhat different, or is it? Start with Mr. Cole.
    Mr. James Cole. I think as you've seen from the court's 
opinions, they borrow both from criminal investigations, civil 
proceedings, and do that and use those as analogies to get to 
the standard in foreign intelligence. And they find it to be 
the same standard.
    Mr. Bachus. You know, as just a Member of Congress, I sort 
of have the opinion that it is much more urgent for us to 
defend ourselves as a country. But does sometimes applying a 
civil court standard of relevancy or even a criminal court 
standard of relevancy sort of diminish their ability at--in 
defending the country from terrorists?
    Mr. James Cole. Well, I think if you look at Judge Eagan's 
opinion from the FISA court, her view and her finding was that 
the term ``relevancy'' was very broad and was very useful in 
both criminal, civil, and foreign intelligence investigations 
and can be applied very broadly when it's necessary.
    It's not without limitation. It's not completely 
unrestrained. It's only when there is an actual need to get a 
broad scope of documents that it's authorized under that 
standard. And so, I think she had corporately found that scope.
    Mr. Bachus. All right. Ask the other two gentlemen.
    Mr. Medine. The majority of the PCLOB has also considered 
relevancy in the context of criminal and civil proceedings as 
the statute suggests. And we looked at every case cited by the 
Government and more on criminal discovery, and I'm using the 
relevance standard, grand jury subpoenas, as well as civil. And 
our conclusion was that the 215 program far exceeded in scope 
anything that had been previously approved ever, and even the 
Government's white paper acknowledges that.
    And so, we in our--at least the majority's view, it goes 
well beyond the face of the statute and a reasonable reading of 
relevance.
    Mr. Bachus. Right. Now that was a majority opinion.
    Mr. Medine. That's correct.
    Mr. Bachus. So did two members dissent from that?
    Mr. Medine. Yes, they did. And they--and they felt that the 
Government's reading of the statute was a reasonable one, as 
was the court's interpretation.
    Mr. Bachus. Okay. Mr. Swire?
    Mr. Swire. Yes, Congressman. So our group did not do that 
legislative history and statutory analysis as part of our work. 
In our forward-looking recommendation, we used the word 
``relevant'' for the scope of a 215 order but said like a 
subpoena, it should be reasonable in focus, scope, and breadth. 
So we tried to hem it in with that reasonable scope language.
    Mr. Bachus. I just, if we are talking about an EPA 
violation or we are talking about a criminal offense, a minor 
criminal offense, just applying those standards in that case 
law to public enemy and our foreign enemies of the United 
States, I feel like that lacks somewhat.
    Judge John Bates wrote a letter I think after both of you 
all's reviews came out, and I think he raised some very 
legitimate concerns over things you have assigned to the court, 
including reviewing every national security letter, a public 
advocate. He and I think others in judiciary believe that could 
be a hindrance.
    After his letter, have you reviewed it, and do you agree 
that he brings up some very valid points that ought to be 
considered? Mr. Swire? Professor?
    Mr. Swire. After our report was complete, we did receive 
the judge's letter. In terms of the public advocate, I'd make a 
following observation, which is the PCLOB report did extremely 
thorough analysis of the legality under the statute of 215 that 
was really much more detailed than anything any of the District 
Courts had done.
    And I think for just myself, not speaking for the whole 
group, I think that that supports our group's recommendation 
that having detailed briefing with thorough analysis on these 
issues not just from the Government can really help us 
understand the statute better. So that's part of why we thought 
the advocate would be helpful in some way because there would 
be a sort of thoroughness of a position----
    Mr. Bachus. Could you--could you all review his letter and 
maybe give this Committee additional comments in view of his 
letter? Particularly with the increasing caseload, if you are 
going to increase their caseload, you are going to have to 
increase their resources.
    Mr. Medine. I should add that the PCLOB's recommendation is 
that there be a special advocate only in those cases which 
involve unique law and technology issues, not the everyday 215 
order where judges are very well equipped to make those 
judgments.
    Mr. Bachus. Yes, but I am talking about their caseloads. 
You have assigned--under you all's--both of your all's 
proposals, it is going to increase quite a bit.
    Mr. Medine. Yes. Sure.
    Mr. Bachus. Thank you.
    Mr. Goodlatte. The gentlewoman from California, Ms. 
Lofgren, is recognized for 5 minutes.
    Ms. Lofgren. Well, thank you, Mr. Chairman.
    And thank you to all the witnesses for your appearance here 
today and for answering our questions.
    I would like to concur with many of the comments made by 
our colleague Mr. Sensenbrenner as to the surprise that many of 
us had at the interpretation of the word ``relevant'' in 
Section 215. I would like to explore--we have talked a lot 
about the metadata for telephone records. But what I would like 
to explore with you, Mr. Cole, and perhaps others of you have 
an opinion, is not what is happening now, but what you believe 
the statute would authorize if, if the bulk collection of 
telephone data is relevant because there might be in that 
massive data information that would be useful for an 
investigation.
    What other tangible items would the statute authorize, not 
saying that we are doing this, the Government to collect? Would 
we be authorized to collect bulk credit card records, Mr. Cole?
    Mr. James Cole. Ms. Lofgren, I think what you have to look 
at, which is a very important part of the analysis that Judge 
Eagan described, I thought, quite well, is that it's not 
everything. It's what is necessary to gather the relevant 
information.
    Ms. Lofgren. Well, let me--what we are trying to explore 
here is really the role of the Government versus the citizen.
    Mr. James Cole. Correct.
    Ms. Lofgren. And if you can compile the record of every 
communication between every American because within that 
massive data there might be something useful to keep us safe, I 
am trying to explore with you, if that is your reading of 
Section 215 vis-a-vis metadata and the phone company, would 
that include cookies?
    Mr. James Cole. Cookies?
    Ms. Lofgren. Yes. Could it?
    Mr. James Cole. Again, I think the issue here really is 
under 215 with telephony metadata, the issue that was presented 
to the court was we needed the connections from one phone 
number to another.
    Ms. Lofgren. Okay. Well, let me----
    Mr. James Cole. And so, that was necessary. In a credit 
situation----
    Ms. Lofgren. Let me ask you ask you this. Let me go to Mr. 
Swire because you are clearly not going to address this issue.
    Mr. James Cole. I'm trying to, Congresswoman.
    Ms. Lofgren. I think you are trying to use up my time. If 
relevance allows for the collection of mass data because within 
that haystack, to use General Alexander's words, there is the 
needle, would 215, under that reading of the act, allow for the 
collection of all the photos taken at ATM machines, all the 
cookies selected by commercial providers?
    We have special standards for records of gun sales and 
credit card records, but it doesn't preclude their selection. 
Did your group look at that from a legal basis, not what we are 
actually doing?
    Mr. Swire. Well, we did not go through that list. But what 
I would observe is that a judge would have to make that 
decision. So the Department of Justice would need to go to the 
judge and say----
    Ms. Lofgren. Right.
    Mr. Swire [continuing]. We want ATM photographs for this 
reason, and the judge would have to say that it meets all the 
other standards for 215. So that's something beyond just the 
Justice Department on its own.
    Ms. Lofgren. Right. Let me ask about NSLs because NSL, as I 
think Rich Clarke gave some very pointed comments about how 
many were collected, thousands each day, with no supervision 
whatsoever. And that is directed to electronic communications.
    Could you under the Section I think, what is it, 502, do 
mass collection under 502? It doesn't seem to be precluded as--
--
    Mr. Swire. So I'm not remembering the section. Under NSLs, 
we were not aware of bulk collection under NSLs.
    Ms. Lofgren. I am not saying what is happening. Do you 
think it provides the legal authority to do so? It is not 
precluded.
    Mr. Swire. I haven't seen a theory under which the NSL 
authority could be used in that bulk way. I'm not aware of such 
a document that would----
    Ms. Lofgren. All right. What about 702, and do you think 
that 702 provides the legal authority for bulk collection?
    Mr. Swire. 702, that partly depends on your idea of bulk. 
702 does allow targeting of people outside the United States 
and allows content and allows accumulation of allotted data 
about those individuals and the people they're in communication 
with.
    That, by itself, would not be the way that we'd have the 
entire database of everything that happens. It has to be 
targeted to an individual overseas.
    Ms. Lofgren. Just a final question. Have the metadata of 
Senators and Members of Congress been collected?
    Mr. Swire. I'm not aware of any way that they're scrubbed 
out of the database. So whatever databases exist, I don't know 
why your phone calls would be screened out. We haven't heard 
any evidence--I'm not aware of any evidence that that screening 
out happens.
    Mr. Goodlatte. The time of the gentlewoman has expired.
    Ms. Lofgren. My time has expired. Thank you.
    Mr. Goodlatte. The Chair recognizes the gentleman from 
California, Mr. Issa, for 5 minutes.
    Mr. Issa. Thank you, Mr. Chairman.
    Following up on that, the gentlelady's question was do you 
collect? Your answer apparently is, yes, you do because you 
scrub everything. Is that correct?
    Mr. Swire. Is--so----
    Mr. Issa. You take it, yes?
    Mr. Swire. In terms of whether Members of Congress' records 
are collected, first of all, the names are not listed. It's 
based on phone numbers.
    Mr. Issa. Well, no, but the simple question. 202-225 and 
four digits. Do you collect it?
    Mr. Swire. At this point, I'm not the U.S. Government, and 
maybe----
    Mr. Issa. Okay. Mr. Cole, do you collect 202-225 and four 
digits afterwards?
    Mr. James Cole. Without going specifically, probably we do, 
Congressman.
    Mr. Issa. So separation of powers, this is the--another 
branch. You gather the logs of Members of the House and Senate 
in their officials calls, including calls to James Rosen. Is 
that right?
    Mr. James Cole. We're not allowed to look at any of those, 
however, unless we make a reasonable, articulable suspicion 
finding that that number is associated with a terrorist 
organization. So while they may be in the database, we can't 
look at any of those numbers under the court order without 
violating the court order.
    Mr. Issa. Well, speaking of court orders, Mr. Rosen, is he, 
in fact, a criminal?
    Mr. James Cole. Is he, in fact, a criminal?
    Mr. Issa. Well, the Attorney General had said that James 
Rosen, a Fox reporter, you know, there was a wiretap placed on 
his family, he and his family. Correct? Not, and this was----
    Mr. James Cole. No, there was not a wiretap, sir.
    Mr. Issa. There wasn't? I am sorry. You collected personal 
emails. Let me get it correct.
    There was a warrant for personal emails, but there was also 
the--they wiretapped his family.
    Let me rephrase that. Let me go on, and I will come back to 
that because I want to make sure I get the terminology right.
    Do you screen executive branch numbers?
    Mr. James Cole. We don't screen any numbers, as far as----
    Mr. Issa. So you collect all numbers? The President's phone 
call log record is in the NSA database?
    Mr. James Cole. I believe every phone number that is with 
the providers that get those orders comes in under the scope of 
that order.
    Mr. Issa. Would you get back to us for the record as to 
whether all phone calls of the executive branch, including the 
President, are in those logs?
    Mr. James Cole. Be happy to get that back to you, 
Congressman.
    Mr. Issa. Okay. Especially if he calls Chancellor Merkel, 
it would be good to know.
    The freedom of association is a basic constitutional right, 
wouldn't you agree, Mr. Cole?
    Mr. James Cole. Yes, it is.
    Mr. Issa. And if you are looking at our associations, and 
then if we have associations with somebody that you believe is 
``a terrorist,'' then you take the next step, right?
    Mr. James Cole. Well, we don't look at your associations, 
Congressman.
    Mr. Issa. Well, what does the metadata do if it is not----
    Mr. James Cole. We don't look at the metadata unless we 
have a reasonable, articulable suspicion that the specific 
phone number we want to query is associated with terrorists. 
That's the only way we can get into that metadata.
    Mr. Issa. Do you collect the phone number metadata of all 
embassies here in Washington, all the foreign embassies?
    Mr. James Cole. I believe we would. Again, we don't screen 
anything out, to my knowledge. But that's something that NSA 
would know. My understanding is we don't screen anything.
    Mr. Issa. And they have conversations with large amounts of 
numbers back in their home countries, right?
    Mr. James Cole. All the telephone numbers have large 
amounts of conversations with lots of other telephone numbers. 
We don't look at them unless we have that reasonable, 
articulable suspicion for a specific----
    Mr. Issa. But isn't it true that the reasonable, 
articulable suspicion goes a little like this? I talk to 
somebody in Lebanon, who talks to somebody in Lebanon, who 
talks to somebody in Lebanon, who talks to somebody in Lebanon, 
who talks to somebody in Lebanon.
    If you gather all that data, then I have talked to somebody 
who has indirectly talked to a terrorist. Isn't that right?
    Mr. James Cole. That's not how it would work, Congressman, 
no.
    Mr. Issa. How do I know that? How do I know that a 12-step 
removed, somebody talked to somebody, who talked to somebody, 
who talked to somebody, who talked to somebody who is on the 
list wouldn't occur? And I will just give you an example.
    The Deputy Prime Minister of Lebanon at one time gave 
$10,000 to a group associated with a Hezbollah element. If I 
called the Deputy Prime Minister, which I did, from my office, 
wouldn't I have talked to somebody who was under suspicion of 
being connected to a terrorist organization?
    The answer, by the way, is yes. But go ahead and give 
yours.
    Mr. James Cole. Well, we wouldn't be querying your phone 
number, Congressman, unless we had evidence that you were, in 
fact, involved with a terrorist organization. That's the 
requirement under the court order----
    Mr. Issa. But you would query the Deputy Prime Minister, 
who had made a contribution and was under suspicion, right?
    Mr. James Cole. If we queried his phone number, we might 
find that connection.
    Mr. Issa. And at that point, you would have a connection 
between somebody who you had a warrant for and me. So you could 
have a warrant for me. Is that right?
    Mr. James Cole. Well, I do not think we would necessarily 
have enough to have a warrant for you with just that one phone 
call, Congressman. That is not how it works. Again, there are a 
lot of restrictions in those court orders and in the rest of 
the law as to what we can do, and we can get warrants for, and 
what we cannot get warrants for.
    Mr. Issa. Well, we will follow up with the James Rosen 
thing later. Thank you. I yield back.
    Mr. Goodlatte. The Chair recognizes the gentlewoman from 
Texas, Ms. Jackson Lee, for 5 minutes.
    Ms. Jackson Lee. Let me thank the Chair and the Ranking 
Member for someone who was here, as a number of other Members, 
in the aftermath of 9/11 and the intensity of writing the 
PATRIOT Act that came out of this Committee in a bipartisan 
approach. Ultimately it did not reach the floor of the House in 
that way.
    As I try to recollect, I do not remember testimony that 
contributes to the massive data collecting that we have now 
wound up with. So I will pose as quickly as I can a series of 
questions. And, first, thank everyone for their service. It is 
good to see you, General Cole, and all of the other witnesses, 
the head of the Privacy and Oversight Board, and Mr. Swire as 
well. We thank you.
    Quickly, you have been, I think, a lifer to a certain 
extent, working for United States justice and the United States 
of America. Again, we thank you. Did you all have an immediate 
interpretation of mega collecting under the final passage of 
the PATRIOT Act? Was that what first came to mind?
    Mr. James Cole. I was not in the government at the time the 
PATRIOT Act was passed, so I can honestly tell you I did not 
really think about it at that moment.
    Ms. Jackson Lee. As you proceeded to be in government and 
as you have continued in service now and over these past couple 
of years, was that a firm conclusion that you could gather 
everything?
    Mr. James Cole. As I became aware of what was being done 
under 215, and looking at the prior court precedents that came 
out that it had been approved and the descriptions of it, and 
some of the notices that were given to Congress, I was of the 
view that it was lawfully authorized under the PATRIOT Act and 
under 215.
    Ms. Jackson Lee. Well, you are as well required to follow 
the law, but I note that justice is in the U.S. Department of 
Justice, and what you are suggesting is that no lawyers as far 
as you know may have gathered to say that this may be extreme?
    Mr. James Cole. I am not aware of anybody saying that at 
the time, but again, I was not in the Justice Department at the 
time.
    Ms. Jackson Lee. Not at that time. I am coming forward now 
in the time that you have been in the Justice Department.
    Mr. James Cole. As far as the legal basis, I think everyone 
that I have talked to has been comfortable with the legal 
basis.
    Ms. Jackson Lee. So as you have listened to Members of 
Congress, what is your commitment to coming back to us, working 
with the Department of Justice to address and to help change 
what we are presently dealing with?
    Mr. James Cole. Well, I can tell you is that the 
President's commitment, and we work for the President, and we 
are there to fulfill that commitment to try and change 215 on 
the telephony metadata as we know it and find another way where 
the government does not hold----
    Ms. Jackson Lee. So you have a commitment based upon the 
President's representation to come back and look at a better 
way of handling the trolling of Americans' data that may not be 
relevant.
    Mr. James Cole. We are looking for another way that will 
accomplish what we have been accomplishing under 215 as best we 
can and not involve the government holding the metadata.
    Mr. Goodlatte. You may want to use an adjoining microphone 
if you can get to one.
    Ms. Jackson Lee. Can you all hear me?
    Voice. No.
    Ms. Jackson Lee. You cannot hear?
    Voice. No, we cannot hear. We cannot hear.
    Ms. Jackson Lee. Testing, testing. Can you hear me now? 
Thank you. That is what happens when you start trolling and 
collecting data. [Laughter.]
    I am sorry. Mr. Chairman, will I be indulged my time? Thank 
you.
    Mr. Goodlatte. No. [Laughter.]
    Ms. Jackson Lee. I did not hear that. [Laughter.]
    Please indulge me, Mr. Chairman. Technological troubles 
here.
    In the report, there was a comment, ``The idea of balancing 
has an element of truth, but it is also inadequate and 
misleading.'' Mr. Swire, when we are talking about security and 
privacy, what do you think that means? And I am going to go 
ahead to my good friend over the Oversight Board, Mr. Medine. 
Thank you very much. I think it is going to be in your hands to 
be as aggressive as you possibly can be, and I want you to give 
me your interpretation of two things: the question of relevance 
and the question of the importance of having an advocacy for 
the people in the FISA Court. Mr. Swire?
    Mr. Swire. The review group supported having an advocate, 
exactly. Had to have amicus versus party, so there are some 
tricky legal issues. And we did not make a legal decision about 
our view on the word ``relevance.''
    Mr. Goodlatte. Without objection, the gentlewoman will be 
granted an additional minute on her time.
    Ms. Jackson Lee. Thank you. Mr. Medine, could you answer 
the question as extensively as you can on that? Thank you, and 
thank you for your service.
    Mr. Medine. You are welcome. Nice to see you again. On 
relevance, again, the majority of the board is concerned about 
the almost unlimited scope of relevance, and I think that we 
have heard questioning earlier today that it encompasses 
Members of Congress, the executive branch, and also dissidents, 
and protestors, and religious organizations. And so we think 
that it is written too broadly under this program, and there 
should be much more targeted requests for information, which 
can be legitimately done without the need to gather bulk 
information. Right now, relevance is almost whatever the 
government can pull in and analyze as the scope of relevance. 
And we think that there needs to be a narrower concept to 
protect privacy and civil liberties.
    I mean, with regard to having an advocate in the Foreign 
Intelligence Surveillance Court, I think it is critical that 
there be another voice to respond to the government. As Mr. 
Swire mentioned earlier, if all the briefing that we have done 
on this program could have been presented to the Court, the 
Court could have made a more balanced decision. It was not 
until 2013 that the Court issued its first opinion regarding 
the legality of this program. We think in the adversary 
process, the Court would have carefully considered all the 
arguments pro and con, rendered its decision. And we also 
recommend that there be an opportunity for appeal to the FISCR, 
which is the Court of Appeals, and ultimately to the Supreme 
Court to resolve these important statutory and constitutional 
issues.
    Ms. Jackson Lee. Let me just indicate that in addition as 
an aside, the President put on the record that he thought that 
we needed to haul in, from another perspective, the contractors 
dealing with the vetting of all those who work in this area 
just as a protection. If we are so interested in trolling 
Americans, we need to also make sure that our contractors or 
our workers in the intelligence are fully vetted. Just in your 
own mindset, do you think the government can handle its vetting 
and narrow the sort of outside contractors that are doing that 
now?
    Mr. Goodlatte. The time of the gentlewoman has expired. The 
gentleman will be allowed to answer the question.
    Mr. Medine. And actually with due respect, that is not on 
our board's domain, but maybe the deputy attorney general might 
be able to address that.
    Mr. Goodlatte. Mr. Cole?
    Mr. James Cole. I am sorry, could you repeat the question?
    Ms. Jackson Lee. The President indicated that maybe we 
should reduce our outside contractors that are vetting those 
who have access to our security data. Would you be also in 
agreement with that approach?
    Mr. James Cole. I think we need to make sure that we take 
care of the insider threat. That has been something the 
President has talked about. We need to make sure that people 
who work for the government are suitable and have been vetted 
properly. We have always thought that from both a cost 
perspective and a security perspective, the more we can reduce 
contractors the better. But as we hire contractors, we hire 
employees as well. They just need to be vetted very well when 
they are given very sensitive and classified positions.
    Ms. Jackson Lee. I thank the Chairman, and I thank the 
witness. I yield back.
    Mr. Goodlatte. The Chair recognizes the gentleman from 
Virginia, Mr. Forbes, for 5 minutes.
    Mr. Forbes. Mr. Chairman, thank you, and, gentlemen, thank 
you so much for taking your time and your expertise to be here 
with us today.
    Mr. Cole, it is my understanding that the review group's 
recommendation was that the use of private organizations to 
collect and store bulk telephony metadata should be implemented 
only if expressly authorized by the Congress. My question to 
you is not for the word ``should,'' but we have watched the 
President when he was all in on healthcare and promised us all 
we could keep our insurance if we wanted it. It later changed. 
We listened to his words say he could not change immigration 
laws without Congress. He changed. We listened to him about 
military force without congressional permission. He changed. We 
heard his State of the Union where he said he had a pen and he 
had a phone regardless of what Congress did.
    My question to you is, in your professional opinion, do you 
believe that the President of the United States has the 
authority to use private organizations to collect and store 
bulk telephony metadata without the express approval of the 
Congress of the United States?
    Mr. James Cole. Congressman, that is an issue that is 
probably part of the mix that we are looking at----
    Mr. Forbes. My question to you is do you have it, and we 
have seen you kind of slide off of the answers to the questions 
today. I am not asking you what ultimately would be determined. 
I am talking about your professional opinion today sitting 
there, is it your professional opinion that the President has 
authority or does not have the authority?
    Mr. James Cole. I am going to give you a lawyer's opinion.
    Mr. Forbes. That is what we hired you for.
    Mr. James Cole. Okay. There may be ways we could find for 
him either through contract or executive order to do it. It 
could also be done through legislation. There may be a number 
of different ways that you can----
    Mr. Forbes. So then basically if this Congress wants to 
avoid that, we had better to get to work and expressly prohibit 
the President from doing that, because he could do that the 
same way he is threatening to do certain other things.
    Mr. James Cole. I think the President has clearly indicated 
he is looking forward to working with Congress to achieve a lot 
of these things.
    Mr. Forbes. Yes, but he also said that ``working'' means if 
Congress does not do what he says, he has got the pen, he will 
do it anyway.
    Mr. Swire, if I could ask you, and I appreciate your 
comments about wanting to have specific and targeted 
collection, I believe, as opposed to bulk collection. Is that a 
fair representation?
    Mr. Swire. Our report emphasizes the usefulness of the 
targeted collection.
    Mr. Forbes. Mr. Swire, I represent a lot of people. We have 
a lot communications from groups in the country who believe 
that even with specific and targeted collection, they are 
concerned because they have seen what the IRS, the Justice 
Department, and other agencies have done in targeting 
conservative groups and individuals in the faith community. 
What would you suggest that we do to try to protect those 
groups, because it is not going to be much consolation to them 
to say we can do specific and targeted collection if they have 
seen that they have been specifically targeted already by this 
Administration. Any suggestions that your group might have for 
that?
    Mr. Swire. Well, we have a couple of statements or 
conclusions in our report that I think are relevant to that. 
One is we found no evidence that there was in these 
surveillance activities any political targeting of Americans. 
So this is not where they are picking phone numbers based on 
politics or faith groups or whatever, and that includes people 
with a lot of experience in the intelligence community who are 
on our group.
    And the second thing is we found a very substantial 
compliance effort, much of which has been built up over the 
last 4 or 5 years, and so, a very earnest effort to comply with 
these rules, and so, in both of those cases, not political 
targeting and following the rules. We were distinctly heartened 
by what we found as we went through our----
    Mr. Forbes. Well, let me ask you this because it is also my 
understanding that your group did not conclude that the Section 
215 Bulk Telephony Metadata Collection Program had been 
operating illegally with respect to these statutes or the 
Constitution. You further found no allegations in the report of 
abuse of this authority by members of the law enforcement and 
intelligence community. You further found that there was no 
allegation that the National Security Letter Program operated 
illegally, that no allegation of misuse or abuse by the law 
enforcement or intelligence community was made in the report. 
And yet you made substantial recommendations to change them.
    So as to these groups who are very concerned about that, 
what would be your recommendations to protect the interests of 
those groups?
    Mr. Swire. Congressman, we were interested in traditional 
American checks and balances and having the different branches 
of government doing their jobs, and going forward having within 
the executive branch bulk collection held in secret without 
judicial or congressional participation in that. We thought 
that was not a good way to go. And so, for the bulk collection, 
we recommended being very skeptical of the bulk collection, and 
we recommended having judicial safeguards in instances where it 
went forward as a way to maintain these sorts of checks and 
balances.
    Mr. Forbes. Good. Mr. Chairman, thank you, and I yield back 
the balance of my time.
    Mr. Goodlatte. The Chair thanks the gentleman, and 
recognizes the gentleman from Tennessee, Mr. Cohen, for 5 
minutes.
    Mr. Cohen. Thank you, Mr. Chairman. Would it be improper 
for me to recognize the Delta Sigma Thetas, who are here today?
    Mr. Goodlatte. I think it would be very proper.
    Mr. Cohen. Well, welcome. They are here and a great 
sorority that does a lot of good for our country. Thank you, 
Mr. Chairman.
    Mr. Cole, before we talk about the NSA, which is indeed the 
subject of this, I want to go to another subject and give you 
some praise. You recently spoke before the New York State Bar 
Association, and I was so encouraged by your speech. It was 
about criminal justice issues that relate to this Committee as 
well.
    And you indicated that the President is open to using his 
commutation power in a much more manifest way than he has in 
the past. You called on attorneys to come forward and try to 
help people with clemency requests, and that notice will be 
given to individuals in prison maybe with mandatory minimums 
that are unjust, people who had no violence in their 
background, may be first-time offenders who were sentenced for 
long times who judges said, I hate this, but I have to. And you 
give them notice. I thank you for that. And you and the 
President deserve praise for this effort.
    It is my opinion that the President can leave a legacy for 
justice that could be unmatched if he used that power that you 
have discussed, and I am sure you have worked with him on, in a 
manifold way. There are thousands of people that need justice 
and should receive it, and this is probably the only way they 
can. I know he is waiting on the legislature, the Congress, to 
act. I think he should probably act on his own.
    The FISA Court is appointed entirely by the Chief Justice, 
and I have great regard for the Chief Justice. He and I are 
friends. But I do not know that that makes for a good balance 
of power on the FISA Court. His appointments, and it may just 
folks he kind of knows, but 10 of the 11 judges who have been 
currently sitting were appointed by Republicans presidents. And 
it may just be how that happened, you know, but it could be 
that there is a certain ideological link there, and it should 
be changed.
    I would think that the FISA Court ought to have a wide 
expanse of ideology, and some people are more skeptical of the 
government's perspective and more inclined toward looking 
toward civil liberties. I do not know that we have that in that 
Court. Does it trouble you, Mr. Cole, that the Chief Justice 
names every single of those people?
    Mr. James Cole. Congressman, I do not think it particularly 
troubles me. I think we have seen judges throughout the Court, 
and everyone that I have dealt with at the Court has just been 
straight down on the facts and the law, and making sure that 
they honored civil liberties. We have seen released any number 
of opinions of judges when there were compliance problems, and 
the judges coming down hard on the Justice Department and on 
NSA to make sure that we fix them, and to make sure that we 
protected people's privacy and people's civil liberties.
    So I think you have got a good group of judges that have 
been there over the years.
    Mr. Cohen. Let me ask you this. You said the judges down 
the line. Do they not almost unanimously agree? How many times 
have you seen a split opinion?
    Mr. James Cole. Well, there is only one judge that looks at 
a FISA application, so you would not have the split. And what 
has been discussed any number of times is that we present these 
applications to the FISA Court. They go to the staff. They go 
to the judges. Sometimes the judges will kick them back, and 
they will say you need more information about this, or, I do 
not find you have met the standard on that. And sometimes we 
will provide more information, other times we will withdraw it.
    So the statistics of how many have been granted that were 
submitted are a little bit misleading because it does not take 
into account some of the dialogue that goes on between the 
Justice Department and the Court that results in the 
applications being withdrawn.
    Mr. Cohen. And they do not sit en banc?
    Mr. James Cole. No. There is a review group, an appellate 
group, which is 3 judges, and they will sit as 3 judges.
    Mr. Cohen. How often are they split?
    Mr. James Cole. I would have to go back and look. I do not 
really know the statistics off the top of my head.
    Mr. Cohen. Would ``rare'' be a good term to apply to their 
outcomes?
    Mr. James Cole. It might be, but I just do not know the 
statistics.
    Mr. Cohen. Did the President not come out for some type of 
change and think that maybe each of the judges should rotate 
and pick somebody?
    Mr. James Cole. I think that is one of the things that has 
been proposed in some of the pieces of legislation. I think 
generally as long as we get good judges who are there and we do 
not inject politics into it, I think we are happy as long as we 
have got judges that are there, and that fully staff the----
    Mr. Cohen. I understand not getting politics in it, but the 
Pope is politics. I mean, everything is politics. The justices 
are politics. Would it be wrong if the congressional leaders, 
equal Democrat and Republican, suggested some people to the 
judges and they pick from that group so there would be more of 
a check and balance on the choices?
    Mr. James Cole. I think there are any number of models that 
might be workable in this regard to try and find a way to staff 
that Court. We are more than happy to work with the Congress on 
trying to find good ways to do that.
    Mr. Cohen. Thank you. Thank you. I appreciate it, and I 
thank the Chairman for his indulgence in recognizing the 
greatest group of ladies in red since the Biograph Theater.
    Mr. Goodlatte. That is an interesting comparison. 
[Laughter.]
    The gentleman from Texas, Mr. Gohmert, is recognized for 5 
minutes.
    Mr. Gohmert. Thank you, Mr. Chairman, and I appreciate the 
witnesses being here. Mr. Cole, if you had been testifying in 
front of this Committee back before Edward Snowden took the 
documents he did, and you were asked if it was possible that 
any contractor would be able to access and take the documents 
that we now know he did, based on your comment that nobody can 
access these documents without proper cause, back then you 
would have said nobody could access those documents without 
proper cause and authorization, would you not?
    Mr. James Cole. I think what I was saying, Congressman, is 
under the law and the court order nobody is allowed to do that 
without violating the----
    Mr. Gohmert. So you are making a distinction that it is 
possible that they could access those documents, just like 
Edward Snowden did, correct?
    Mr. James Cole. Things are possible. You know, this is 
something that we would like to nail down, but exactly what----
    Mr. Gohmert. Well, you answered my question on that. The 
answer, though, accurately would be that not only Members of 
Congress, but anybody is subject to having that data looked at 
or accessed by someone who may not follow the law.
    But let me tell all of you witnesses, in my first term we 
went through the process of debating whether or not we were 
going to renew the PATRIOT Act, and 215 was of particular 
importance. And I asked the question, for example, you know, 
under 215 where it says that you would only access these 
documents to protect against international terrorism or 
clandestine intelligence activities. I said what is 
``clandestine intelligence activities,'' and I was assured that 
since we are talking about international terrorism, our 
intelligence activities have to do with foreigners, and we were 
assured that was the case. And Chairman Sensenbrenner at the 
time assured that he had been assured that that was the case, 
and that is why he was initially totally opposed to any more 
sunsets that I fought so hard for and we did finally get in 
here. And now we find out those representations were not 
accurate.
    And let me tell you something else that concerns me is, 
yes, I know the Constitution and the Fourth Amendment does say 
that we have the right to be secure in our persons, houses, 
papers, and effects against unreasonable searches and seizures. 
And that is not to be violated, and no warrants are to be 
issued but upon probable cause supported by oath or 
affirmation, particularly describing places, persons, or things 
to be seized.
    And when we saw the copy of this order from the FISA Court, 
all those assurances from my terms as a freshman went out the 
window because you have a judge, based on this before the FISA 
Court, who just says give all call detail records, telephony 
metadata. And then it defines telephony metadata basically as 
everything that you would desire about information and calls 
being made.
    I cannot find in that order any particularity or any 
specificity as at least appellate courts have always required. 
So this causes me great concerns without regard for discussion 
about Snowden, the fact that we had information provided to us 
that were misrepresentations of what was being done by this 
government.
    So let me also ask, since we have been told repeatedly how 
critical this FISA ability under 215 is, we have been told that 
all of these different plots have been foiled. And when it 
comes right down to it, it appears it was basically a subway 
bombing, and there are articles that indicate that, well, gee, 
they intercepted some information, so they went back and got 
all the phone logs for communication. But you do not need FISA 
Court, you do not need 215 when you have probable cause from a 
terrorist, a known terrorist, calling an American citizen. You 
would be able to get a warrant for that, would you not? I ask 
all of you.
    Mr. James Cole. Well, I think there are a couple of issues 
there.
    Mr. Gohmert. Well, the question is, you would be able to 
get a warrant if you showed that a known foreign terrorist made 
calls to an American citizens. You could go in and get 
basically any court to grant a warrant to get those logs, could 
you not?
    Mr. James Cole. It depends on whether you get it under 
FISA, in which case you would have to show that it was an agent 
of a foreign power or a terrorist or an intelligence----
    Mr. Gohmert. That was part of my question, a known foreign 
terrorist.
    Mr. James Cole. Right. You may well be able to do that.
    Mr. Gohmert. Mr. Swire, do you think we could get that?
    Mr. Swire. Congressman, to date the courts have not held 
that that was a search, so they say there is not a Fourth 
Amendment constitutional protection in the metadata. And we 
recommend----
    Mr. Gohmert. In other words, you do not need 215 to get 
that, do you?
    Mr. Swire. Well, you need some statutory basis to require 
the companies to turn over the data, but it is not a 
constitutional protection. It is statutory right now.
    Mr. Goodlatte. The time of the gentleman has expired.
    Mr. Gohmert. If I could get an answer from our last 
witness.
    Mr. Medine. Again, we agree that under Supreme Court law 
there is not a constitutional Fourth Amendment issue, but we 
also do believe this information could be obtained through 
other authorities, a warrant, subpoena, or possibly national 
security----
    Mr. Gohmert. Without 215?
    Mr. Medine. Yes.
    Mr. Gohmert. Okay. Thank you very much.
    Mr. James Cole [continuing]. Would only be required for the 
listening of the call, not for the data.
    Mr. Gohmert. Thank you. I yield back.
    Mr. Goodlatte. The Chair recognizes the gentleman from 
Georgia, Mr. Johnson, for 5 minutes.
    Mr. Johnson. Thank you, Mr. Chairman. The revelation that 
U.S. intelligence agencies were collecting telephone and email 
metadata on foreign to domestic, domestic to foreign, as well 
as domestic to domestic communications caused an uproar. This 
disclosure has given rise to the suspicion that intel agencies 
have been spying on Americans. The intel community denies 
spying on Americans, and states that the purpose of the 
metadata collection is to protect Americans from terrorist 
attacks like 9/11.
    Now, in the wake of the death of Osama bin Laden, who was 
one of the 5 top leaders of Al-Qaeda, and, in fact, 4 of the 5 
top leaders of Al-Qaeda, including Osama bin Laden, are no 
longer living. And Al-Qaeda has, thus, decentralized with 
affiliates worldwide acting independently to establish an 
Islamic state through violence. These groups all share a Salafi 
jihadist ideology, which is that violence is the only pathway 
to achieving a world governed by what Al-Qaeda calls true 
Islam. Those groups are working toward that goal.
    Given the nature of the Al-Qaeda threat, or actually the 
Salafi jihadist threat, given the nature of that threat, and 
also assuming that those organizations use cell phones, chat 
rooms, emails, Facebook, and Twitter to conduct their 
operations, do you believe that that the universal data 
collection by U.S. intel agencies has the potential to disrupt 
Al-Qaeda's operations throughout the world? And secondly, and I 
think we already have answers to this from two of you, is 
metadata actually private information, and, if so, who does the 
information belong to? Is it the customer or is the service 
provider? Starting with you, Mr. Cole.
    Mr. James Cole. Congressman Johnson, I think that the 215 
program is a tool, and it is a tool that is helpful. It is not 
going to solve all the problems all on its own in finding 
terrorists. It is one piece of what we use as a number of tools 
to try and find terrorists before they attack the country. In 
and of itself, it has some utility, but I do not think we 
should overstate the utility of it, but it is helpful, and I 
think it is something that we have determined that we do not 
want to give up that capability because it is helpful.
    Mr. Johnson. All right. Let me go to----
    Mr. Swire. Congressman, yes. One of the major themes of our 
reports is that we have to use our communication system for 
multiple goals. We have to use it to capture dangerous people 
and find them. It is the same communication system we used for 
commerce and we use for free speech and all these other things.
    And so, our report tried to figure out ways to be really 
good at finding the threats and also protect these other goals. 
People are all struggling with how to build that, and it is a 
big challenge.
    Mr. Medine. Congressman, you raised the question about 
whether Americans were improperly being spied on. We did not 
find any evidence of that, but the mere fact that people 
believe that could be affects their behavior, their 
association, their speech rights. And that is one of the major 
reasons we recommend, the majority of the board, to not 
continue the 215 bulk collection program because there are 
other methods that are more particularized to gather this 
information without storing everyone's phone records.
    Mr. Johnson. How would that affect the ability of our 
intelligence agencies to protect Americans from a threat like 
9/11?
    Mr. Medine. The majority believes that the ability to 
collect this information could be transferred to the providers 
instead of maintained in a bulk collection and maintain the 
same level of efficiency.
    Mr. Johnson. Okay. What would cause the private providers 
to have adequate security as to who in their operations had 
access to the, for lack of a better term, private information, 
the private metadata? What are the consequences? What are the 
ramifications of that?
    Mr. Medine. Well, under current law, the Federal 
Communications Commission requires telephone providers to 
maintain those records for 18 months, and also maintain the 
security of that information. So that is current law, and that 
happens every day that the providers maintain that information. 
What we are saying is instead of having them dump all of their 
information into a government database, it should be kept with 
them and obtained from them on a case by case basis.
    Mr. Johnson. Anyone else?
    Mr. James Cole. I think one important point, and it goes to 
a question Mr. Gohmert asked, is that there are lots of 
security protections in lots of different databases. You can 
get around them every now and again. You can get around them in 
a government database. You can get around them in a provider's 
database. People can hack in. We tried to put in protections 
and legal restrictions to prevent that from happening, but 
nothing is completely foolproof.
    Mr. Goodlatte. The time of the gentleman has expired.
    Mr. Johnson. Thank you.
    Mr. Goodlatte. The gentleman from Ohio, Mr. Jordan, is 
recognized for 5 minutes.
    Mr. Jordan. Thank you, Mr. Chairman. Mr. Cole, are you 
familiar with the name Barbara Bosserman?
    Mr. James Cole. I have heard that name, yes.
    Mr. Jordan. Is she an attorney who works at the Justice 
Department?
    Mr. James Cole. She is.
    Mr. Jordan. And she is part of the team that is 
investigating the targeting of conservative groups by the 
Internal Revenue Service, is that correct?
    Mr. James Cole. She is a member of that team.
    Mr. Jordan. A member of that team. I would dispute that and 
say she is leading the team, but I will take your word for it. 
Now, in the last 5 days, Mr. Cole, you have sent me two 
letters, one January 30th, last week, one just yesterday, where 
we had invited Ms. Bosserman to come testify in front of the 
Oversight Committee, and you sent me two letters saying that 
she is not going to come. And I counted them up. In these two 
letters, I think it is 7 different times you say this is an 
ongoing investigation, and that is why Ms. Bosserman cannot 
come to our Committee and testify. Do you recall those two 
letters you sent me, Mr. Cole?
    Mr. James Cole. I do.
    Mr. Jordan. Yes, and you signed both of them?
    Mr. James Cole. I did.
    Mr. Jordan. And you referenced many times ongoing an 
investigation?
    Mr. James Cole. Yes, it is.
    Mr. Jordan. So here is my question. How can the President 
of the United States go on TV on Superbowl Sunday and say that 
there is not a smidgen of corruption in this investigation, not 
a smidgen of corruption in the IRS with how they targeted 
conservative groups? How can he be so sure when it is an 
ongoing investigation, something you told me 7 times in two 
letters in 5 days? How can the President make that statement?
    Mr. James Cole. Congressman, I think you should probably 
address that question to the White House.
    Mr. Jordan. Did you brief the President on the status of 
this investigation?
    Mr. James Cole. I have not.
    Mr. Jordan. Do you know if the Attorney General has briefed 
the President on the status of this investigation?
    Mr. James Cole. Not that I am aware of.
    Mr. Jordan. Do you know if Ms. Bosserman, part of this 
team, who is investigating the targeting of conservative 
groups, do you know if she has talked to the President?
    Mr. James Cole. Generally, the Justice Department does not 
brief the White House on----
    Mr. Jordan. So how is the President so sure?
    Mr. James Cole. Congressman, I am not in a position to 
answer----
    Mr. Jordan. He did not say I do not think there is, there 
probably is not, nothing seems to point that way. He said there 
is not a smidgen of corruption. He was emphatic. He was 
dogmatic. He knew for certain. And no one has briefed him?
    Mr. James Cole. No one I am aware of, Congressman.
    Mr. Jordan. So you know what I think, Mr. Cole? I mean, you 
know, just a country boy from Ohio. You know what I think? I 
think the President is so emphatic and he knows for certain 
because his person is running the investigation, because Ms. 
Bosserman gave $6,750 to the Obama campaign and to the 
Democratic National Committee, and she is heading up the 
investigation. I think the President is so confident because he 
knows who is leading the investigation. And that is a concern 
not just for me, and Members of this Committee, and Members of 
the Oversight Committee, but, more importantly, the American 
people who have to deal with the IRS every single year. Does 
that raise any concerns with you, Mr. Cole?
    Mr. James Cole. Congressman, Ms. Bosserman is a member of 
the team. She is not leading this investigation.
    Mr. Jordan. How was the team picked?
    Mr. James Cole. The team was assigned in normal course by 
career prosecutors. It includes the FBI, the IG for the----
    Mr. Jordan. How many members are on the team? This is 
something the FBI has refused to answer for the last year 
because I have been asking the question. They have refused to 
meet with us. They initially said they were going to meet with 
us. Then they talked with lawyers of the Justice Department and 
they said, no, we are going to rescind that offer, Mr. Jordan. 
We are not going to come meet with you. So how was the team put 
together, and how many members are on the team?
    Mr. James Cole. Congressman, off the top of my head, I have 
no idea how many members are on that team. And generally, we do 
not brief elected officials on ongoing investigations. That is 
a standard----
    Mr. Jordan. But again, we are not asking for a full 
briefing. We understand it is ongoing. We would just like to 
know who is heading it up. How many agents have you assigned? 
How many lawyers have you assigned? Who is heading it up? If it 
is not Ms. Bosserman as I think it is, who actually does head 
it up?
    Mr. Johnson. Mr. Chairman, parliamentary inquiry, please?
    Mr. Goodlatte. The gentleman will state his parliamentary 
inquiry.
    Mr. Johnson. Is it proper for a Member of the Committee to 
question a witness about a matter that is not relevant to the 
matter that the hearing has been noted for?
    Mr. Goodlatte. It is proper, and it has been done many 
times before in this hearing, this Committee.
    Mr. Jordan. I would just point out----
    Mr. Goodlatte. The gentleman will continue.
    Mr. Jordan. Mr. Cole sent me two letters in the last 5 
days. It is a pretty important issue. And when you appoint 
someone or you assign someone who gave $6,750 to the very 
person who--the President could be a potential target in this 
investigation, and yet the person leading the investigation 
gave $6,000 to his campaign? She has got a financial stake in 
an outcome, a specific outcome. And Mr. Cole says ``normal 
course of duty.'' We have got 10,000 lawyers at the Justice 
Department, and, oh, it just happened to work out that Ms. 
Bosserman heads up the team. Really?
    Mr. James Cole. She is not heading up the team, 
Congressman. There are many people----
    Mr. Jordan. It is not what the witnesses we have talked to 
have said. Mr. Cole said she asked all the questions when they 
have been interviewed.
    Mr. James Cole. She is not the head of the team, and there 
are many people who will be making the decision as to what to 
do with this case based on the evidence, the facts, and the 
law, just like every single investigation the Department of 
Justice does.
    Mr. Jordan. Okay. All I know is the President said----
    Mr. James Cole. And including FBI agents----
    Mr. Jordan. All I know is the President said there is not a 
smidgen of corruption.
    Mr. James Cole [continuing]. Including eight----
    Mr. Jordan. The President has already reached a decision.
    Mr. James Cole [continuing]. And the Inspector General's 
office.
    Mr. Jordan. Mr. Chairman, if I could real quickly. I sent 
my letters to Ms. Bosserman. She did not write me back. You 
did, Mr. James Cole. Did you talk to her about coming to 
testify? Did you tell her not to come testify?
    Mr. James Cole. I did not tell her not to testify.
    Mr. Jordan. Did you have any conversation with Ms. 
Bosserman about the request I gave her to come testify in front 
of our Committee?
    Mr. James Cole. Congressman, there is a standard----
    Mr. Jordan. No, no, I did not ask that. I said did you talk 
to Ms. Bosserman about that specific request I sent to her. My 
letter was to her, and I got responses back from you.
    Mr. James Cole. And I am answering your question, 
Congressman. There is a very long-held policy in the Department 
of Justice that line attorneys are not subjected to the 
questioning by Members of Congress.
    Mr. Jordan. Did you ask her if she wanted to testify?
    Mr. James Cole. If I may finish, Congressman, they are not 
subjected to questioning----
    Mr. Johnson. Regular order, Mr. Chairman.
    Mr. James Cole [continuing]. By Members of Congress, and we 
do not send people up here to talk about ongoing 
investigations. We have done that in every Administration.
    Mr. Jordan. But you are not answering my question. Answer 
my question.
    Mr. Goodlatte. The time of the gentleman has expired. The 
gentleman may answer the question.
    Mr. James Cole. I think I have answered it.
    Mr. Jordan. I do not think you have.
    Mr. Goodlatte. The Chair recognizes the gentlewoman from 
California, Ms. Chu, for 5 minutes.
    Ms. Chu. Mr. Medine, the PCLOB's report urges Congress to 
enact legislation that would allow the FISA Court to seek 
independent views from the special advocates. These advocates 
would step in where there are matters involving interpretation 
of the scope of surveillance authorities or when broad 
collection programs are involved.
    The report stresses that the Court should have discretion 
as to when these advocates step in. But is it advisable for the 
Courts to have that discretion? Is it possible that the Courts 
may leave the advocates out of the process when such important 
questions are before them?
    Mr. Medine. First, we do think it is important for 
advocates to be involved in issues of new technology and new 
legal developments. In terms of how they get involved, our 
feeling was that there are cases where they should certainly, 
obviously, be involved such as in a novel program that is being 
proposed. But there may be other cases which may not seem as 
novel on its face, but the judge is aware of the facts and 
circumstances, and wants to bring them in as well.
    So we felt it was appropriate to give the judge discretion 
as to when to involve the advocate, but we also called for 
reporting. And under the Court rules, Rule 11, the government 
is required to indicate to the Court if it is making an 
application that involves a new technology or a new legal 
issue. And so, what we have asked is that there be reporting of 
every Rule 11 case, and how many of those instances has a 
special advocate been appointed, and that way there can be 
oversight of the court process of appointment.
    But we do, again, think that it is appropriate for the 
judges to maintain some discretion.
    Ms. Chu. Would that report also include times when special 
advocates were not included, though?
    Mr. Medine. Right. How many times has Rule 11 application 
been forwarded, and how many of those instances has an advocate 
been appointed or not appointed? So again, if it is a 
significant case, one would assume it is likely that they would 
be, but there will be accountability to the public by the Court 
as to when they make those appointments.
    Ms. Chu. Now, you also advocate for the ability of the 
special advocates to request appellate review of court rulings. 
Why did you recommend this, and how would this strengthen 
privacy protections?
    Mr. Medine. In our American judicial system, we have a 
process by which district judges get reviewed by appellate 
bodies and ultimately the Supreme Court. We think that works 
effectively to have a dispassionate review by 3 judges at the 
appellate level and the 9 justices at the Supreme Court. And we 
think that the FISA Court process would be improved by 
encouraging that development.
    And so, we would like to empower the advocate to bring to 
the FISA Court of Review, which is their appellate body, 
adverse decisions to the advocate and in favor of the 
government so that there could be greater review. Again, much 
as there would be in any case in the District Court system.
    Ms. Chu. Mr. Swire, many of us think that, of course, the 
language in the statute in which the Section 215 bulk 
collection of metadata is broad, but that the government's 
interpretation of the relevant standard is even broader. The 
review group proposed a standard that the Court may only issue 
a 215 order if the government has reasonable grounds to believe 
that the particular information sought is relevant to an 
authorized investigation. And like a subpoena, the order has 
reasonable and focused scope and breadth.
    Can you tell us how this standard would narrow the 
government's inquiry so we could protect the American public in 
terms of its privacy interests? And how is this standard an 
improvement?
    Mr. Swire. Well, one change is that it would be a judge 
involved, and that is something that President Obama has 
recently said they are going to work with the FISA Court to do. 
A next change is to try to have these narrowing of scopes so 
that the bulk collection by the government prior to judicial 
looking at it would not occur. So it would be a narrowing in 
that respect as well.
    Ms. Chu. Also, the review group recognizes that 
intelligence programs, some, should remain secret. But you are 
also proposing that a program should be kept secret from the 
American public only if the program serves a compelling 
governmental interest, and if the efficacy of the program would 
be substantially impaired if our enemies were to know of its 
existence.
    If this proposed standard were in existence today, would 
the government have been compelled to disclose Section 215 bulk 
collection program? How is your standard an improvement over 
what we have today?
    Mr. Swire. Right. Well, our recommendation 11 talks about a 
compelling government interest, and there would be a process 
within the government. When that process happens, we emphasized 
having not only intelligence perspectives, but, for instance, 
economic perspectives, civil liberties perspectives, as part of 
a sort of comprehensive review.
    And I also note that on bulk collection, the President has 
asked John Podesta to lead a process for private and public 
sector bulk data which is supposed to come back with additional 
recommendations about bulk data within, I think, 60 days.
    Ms. Chu. Thank you. I yield back.
    Mr. Goodlatte. The time of the gentlewoman has expired. The 
Chair recognizes the gentleman from Texas, Mr. Poe, for 5 
minutes.
    Mr. Poe. Thank you, Mr. Chairman. I have great concerns 
about this whole process. This is reminiscent to me of the old-
fashioned star chamber where courts met in secret, issued their 
verdicts and edicts in secret. No one knew what happened until 
the sentence was carried out.
    I also spent some time in the Soviet Union when it was the 
Soviet Union. Everything I did and all the citizens did was 
spied on by the Soviets. And here we are in 2014 trying to 
justify what I think is spying on American citizens.
    Mr. Cole, I have a question for you, but I want to quote 
Mr. Medine in his testimony. He said, ``Based on the 
information provided to the Board, including classified 
briefings and documentation, we have not identified a single 
instance involving a threat to the United States in which the 
program made a concrete difference in the outcome of a 
counterterrorism investigation.'' Mr. Cole, name one criminal 
case that has been filed based upon this vast surveillance and 
metadata collection.
    Mr. James Cole. Congressman, I think there was one which 
was a material support case that was filed based on the 215 
metadata where we were able to identify someone. And again, as 
I have said, this is not----
    Mr. Poe. Reclaiming my time, as you know our time is 
limited. So how many criminal cases have been filed based upon 
this massive seizure?
    Mr. James Cole. Well, the criminal support statute is a 
criminal----
    Mr. Poe. I understand. My question is how many.
    Mr. James Cole. I do not know off the top of my head, 
Congressman.
    Mr. Poe. There is one.
    Mr. James Cole. There may be one.
    Mr. Poe. There may be one. So we have this vast metadata 
collection on Americans, and the reason is, oh, we have to 
seize this information or we are going to all die because of 
terrorists. And you are telling me as a former prosecutor--I am 
a former judge and prosecutor--all this information has 
collected one criminal case, is that what you are saying, that 
you know of?
    Mr. James Cole. Well, Congressman, the point of this is not 
necessarily to make criminal cases.
    Mr. Poe. I am not asking you----
    Mr. James Cole. The point of it is to gather intelligence.
    Mr. Poe. Reclaiming my time. My question is, one criminal 
case. That is all you can show for criminal cases being filed 
against individuals, right?
    Mr. James Cole. I think that is the correct number, but I 
would have to go back and check to be sure.
    Mr. Poe. It may not even be one.
    Mr. James Cole. The point of the statute is not to do 
criminal investigations. The point of the statute is to do 
foreign intelligence investigations.
    Mr. Poe. But the collection is on American citizens. When a 
warrant is signed--I signed a lot of warrants, Fourth 
Amendment. You know, I actually believe in the Fourth 
Amendment. A warrant is served. Police officers go out and 
investigate. They return the warrant, and it is filed as a 
public document in State courts and in Federal courts. But when 
collection on American citizens of their information, this is 
not made public to them. They never know that this information 
was seized from them, do they?
    Mr. James Cole. Well, as I think even the PCLOB and the 
President's review group have noted, the Fourth Amendment does 
not cover the collection of metadata under the current law. So 
it would not have those requirements.
    Mr. Poe. I know that is the current law, but that is not my 
question. My question is, the information is seized from them. 
They do not know that their personal information was seized by 
the Federal Government. They do not know that. They are not 
protected under our current statute under the PATRIOT Act. Is 
that correct or not?
    Mr. James Cole. The information does not come from them. It 
comes from the companies that they have phone service with. 
And, no, they are not informed directly that that metadata from 
those phone companies has been collected.
    Mr. Poe. Do you have a problem with that information being 
seized on Americans through a third party and Americans never 
know that that they are the subject to this metadata 
collection? I mean, do you have a personal problem with that, 
or do you think that is okay, the government ought to do that?
    Mr. James Cole. These are the issues we grapple with every 
day, Congressman, as far as trying to do national security 
investigations and trying to protect people's civil liberties. 
And we take leads from the Court as to the scope of the Fourth 
Amendment and where people's reasonable expectations of privacy 
are. And these are difficult lines to deal with, and just what 
we are doing right now is trying to find where that right line 
is.
    Mr. Poe. Well, I think it is an invasion of personal 
privacy, and it is justified on the idea that we have got to 
capture these terrorists. And the evidence, based on what you 
have told me, is all of this collection has resulted in one bad 
guy having criminal charges filed him. I think that is a bit 
over reaching to justify this massive collection on 
individuals' personal privacy. That is just my opinion. I yield 
back to the Chair.
    Mr. Goodlatte. The Chair thanks the gentleman, and 
recognizes the gentleman from Florida, Mr. Deutch, for 5 
minutes.
    Mr. Deutch. Thank you, Mr. Chairman. General Cole, I am 
going to come at the judge's line of questioning from a 
slightly different angle, but I think trying to get at the same 
point. In a September letter to NSA employees, General 
Alexander wrote that ``The Agency has contributed to keeping 
the U.S. and its allies safe from 54 terrorist plots,'' and 
that 54 terrorist plots has been repeated on several occasions.
    Last week in testimony before the Senate, there were some 
officials from the Administration who suggested that terrorist 
plots thwarted is not the appropriate metric for evaluating the 
effectiveness of the program. And I would just like to 
understand has the argument changed, and if it has, why should 
we now apply a different metric to determine the success of 
this program if it is not criminal prosecutions and if it is 
not terrorist plots thwarted?
    Mr. James Cole. A couple of things, Congressman. The 54 
number, as I recalled it, was both 702 and 215. And the bulk of 
it, frankly, was 702 coverage. And that is a very, very 
valuable program, and, frankly, probably more valuable than 
215.
    215 has a use, and it has a number of different uses. They 
are not as dramatic as 702, but they provide pieces of a 
puzzle. They provide tips and leads that allow us to then go 
and investigate and then gather other information. And that is 
really the value of 215.
    Mr. Deutch. But even if that 54 number that had been used 
does not apply primarily to the 215 program, you are telling me 
that the notion of terrorist plots thwarted even as it applies 
to this program is not the metric we should be using.
    Mr. James Cole. It is not the only metric. Certainly it is 
a great metric, but I do not think it is the only metric we 
should be using. I think if we are gaining evidence that is 
valuable to us in doing investigations that help keep the 
country safe, that is a valuable metric.
    Mr. Deutch. Right. And Mr. Medine had told us earlier in 
his testimony, their first recommendation was to end the 215 
program, and said that whatever successes you are referring to 
could have been replicated in other ways. Mr. Medine, is that 
right? And how could that have been accomplished?
    Mr. Medine. Well, there are other authorities--grand jury 
subpoenas, search warrants, national security letters--that 
allow for access to the information without the need to collect 
bulk records.
    Mr. Deutch. And would have accomplished all of the same 
things that the 215 program does successfully.
    Mr. Medine. Substantially. Even the material support we 
talked about, but in many other cases. We looked at a lot of 
different metrics and based our recommendations on that.
    Mr. Deutch. Right. And when we talked about the suggestions 
going forward, the idea of moving this information away from 
the government, Mr. Swire, you had said that when we are 
talking about metadata held by or the suggestion of metadata to 
be held by private providers or private third parties instead 
of by the government. And, Mr. Cole, I think you said people 
are thinking outside the box about how to store this 
information.
    My question is this. The metadata that is being collected 
that you are comfortable moving to the private parties puts 
that metadata, does it not, and here is what I am concerned 
about. It puts the metadata that Mr. Medine and others believes 
is unnecessary to gather because it does not accomplish what is 
necessary. We can do it in other ways without intruding on 
people's civil liberties. But if it is stored by private 
contractors, private parties, it is at risk then, is it not, of 
being stored with all of the other data, dramatically more 
intrusive personal data, that we turn over to private parties 
regularly when we go on the internet, regularly.
    It puts it in the same place with all of the information 
that we have been assured time and time again today this 
program does not do in terms of intruding on the specifics of 
our emails and the specifics of what we do on the internet, et 
cetera. It puts it all together. Why should that not be a 
concern of ours?
    Mr. Swire. Congressman, I think part of the question is are 
we creating extra risk as we shift things around----
    Mr. Deutch. Exactly right.
    Mr. Swire [continuing]. And find ways to shift things 
around. When it comes to phone company telephone records, as 
has been mentioned earlier, the Federal Communications 
Commission already requires it to be there for 18 months. Phone 
companies have been holding phone company data for an awfully 
long time.
    Mr. Deutch. Right, and, no, I understand, and that point 
has been made earlier. But there was another suggestion made. I 
think one of your suggestions was that we may need to have some 
other party. We may need to look outside of the box. My concern 
is that we are creating more risk than already exists in the 
program that we do not even need.
    Mr. Swire. Right. And what we said, and our entire report 
is prefaced by a transmittal letter saying this is our best 
effort in the time we had to come up with things. And one of 
the suggestions we had was in addition to possibly the phone 
companies, maybe a private sector entity could hold this with 
the right sorts of safeguards, and that we should look for ways 
to transition.
    We did not say we had the magic answer. Each one of these 
has downsized. But we thought getting it away from a huge 
government database was a better way to go.
    Mr. Deutch. Right, to a private database where risks could 
be even greater than they already are. I appreciate it, and I 
appreciate all the witnesses being here. I yield back. Thank 
you.
    Mr. Goodlatte. The Chair thanks the gentleman, and 
recognizes the gentleman from Arizona, Mr. Franks, for 5 
minutes.
    Mr. Franks. Well, thank you, Mr. Chairman, and thank all of 
you for being here. You know, it occurs to me that this 
Committee, the Judiciary Committee, has a unique role in 
Congress in the sense that it sort of epitomizes the entire 
purpose of government. Our job is to protect the lives and the 
constitutional rights of Americans. And sometimes it is 
difficult to make that balance work out right.
    You know, everyone on this Committee, I believe, wants to 
try to do everything that we can to protect the national 
security, to protect the lives of American people. But we also 
want to protect their constitutional rights in that process, 
and that requires us to make a clear distinction on how we go 
about that to where we maximize both.
    And I just have to suggest to you, without trying to sound 
argumentative, that this Administration has made it very 
difficult for us, because as Mr. Deutch has said and others, we 
feel that we have been blatantly deceived on what some of these 
programs have done and what they did. And consequently, it is 
hard for us sometimes to come up with the kind of architecture 
for any policy because we simply do not trust the 
Administration to be forthright with American people or us. And 
at the same time, I want to do the right thing here.
    So let me just ask you this question, Deputy Attorney 
General Cole. The President has made several recommendations 
for changing these data collection programs, including ending 
outright the bulk collection program. And then the last time 
the authorities were up for renewal, then the Administration, 
after they had said this, came before us and asked us to renew 
them completely. Now, help me understand that. Help me 
understand the contradiction there.
    Mr. James Cole. I do not believe it is a contradiction, 
Congressman. I think it is just an evolution as people come to 
the debate and try to figure out the best way to do it, as we 
get the recommendations from the PCLOB and the President's 
review group, as we look at the value of what we get from these 
programs. And I think what the President has said is he does 
believe that the 215 program is valuable, but he is trying to 
find ways and has charged us with trying to find ways to 
accomplish as much and most of what that gives in other ways 
that will cause less concern for the American people, 
legitimate concern that they have about what is being done.
    Despite all of the court restrictions that are put on, 
despite the fact that as both groups found, there has been no 
intentional abuse of any of this, it has been well regulated 
and well minded, and it has been reported to the courts and 
Congress and the executive branch. There is still a faith that 
we want to keep with the American people about making sure that 
they are satisfied we are doing everything we can do. So that 
is where we are. It is an evolution more than a contradiction.
    Mr. Franks. Attorney General Cole, I appreciate that. I 
just would suggest to you that the American people are clearly 
at odds with that understanding. They feel that they have been 
deceived, and I certainly cannot possibly come back to them and 
tell them they have not.
    But if I could shift gears and ask you, Mr. Medine, a 
question regarding 2315 that the Attorney General brought up. 
How can a bulk collection that potentially violates the First 
and Fourth Amendments be potentially unconstitutional, but 
individual collection is not? Help me understand the dichotomy 
there. I mean, if as, you know, the majority suggests here that 
the bulk collection of telephony metadata under Section 215 is 
constitutionally unsound, would the same not be true for 
individual 215 orders?
    Mr. Medine. First, the board did not say that the bulk 
collection was unconstitutional. What we did say is that there 
is a Supreme Court precedent, Smith v. Maryland, that says that 
records held by third parties are not entitled to Fourth 
Amendment protection. But we have also looked at the Jones case 
involving GPS tracking and seen a potential trend, especially 
in the voices of five justices, suggesting that this type of 
information was entitled to constitutional protection because 
of the breadth of its collection.
    So collecting information on hundreds of millions of 
Americans over an extended period of time is very different 
from collecting information on one person who may be a suspect 
for a short period of time. So we did not reach constitutional 
conclusion on that, but I think there is a distinction between 
those two scenarios.
    Mr. Franks. All right. Well, quickly, Judge Bates, who 
formerly sat on the FISC, recently wrote a letter objecting to 
the creation of a public advocate position, like Mr. Obama has 
suggested. He wrote that, ``Given the nature of FISA 
proceedings, the participation of an advocate would neither 
create a truly adversarial process nor constructively assist 
the courts in assessing the facts.''
    Attorney General Cole, I will ask you, do you agree with 
Judge Bates' conclusion and tell me why.
    Mr. James Cole. Well, I think the history of the Court has 
been that it has functioned quite well, and that the judges 
have been very earnest about trying to look at both sides. But 
I think, again, as we have started to think through this, there 
may be instances where the Court could benefit from another 
point of view, not in every instance. And the instances may be 
quite infrequent. But there are those where we think that 
another perspective may be helpful to the Court in reaching its 
conclusions.
    Mr. Franks. Mr. Chairman, I am out of time. Thank you, sir.
    Mr. Goodlatte. The Chair thanks the gentleman, and 
recognizes the gentlewoman from Washington, Ms. DelBene, for 5 
minutes.
    Ms. DelBene. Thank you, Mr. Chair, and thanks to all of you 
for being here today. Mr. Medine, I would like to talk about 
transparency and the impact of the Administration's step to 
allow technology companies to be able to provide greater 
disclosure about the number of government requests they 
receive.
    Just yesterday many companies took advantage of the 
agreement reached with the DoJ and have provided new 
information to the public, which I think is a welcomed 
development. Do you think legislation that allows companies to 
provide more details to the public would be helpful? In 
particular, can you talk about the distinction between what the 
agreement last week allows and what you believe should happen? 
I am also a co-sponsor of the USA Freedom Act, and we also 
outline recommendations there. And I would love your opinion on 
that.
    Mr. Medine. Our board's report recommends a number of areas 
where transparency could be greater so that there could be more 
public confidence in our intelligence programs, and so 
transparency with regard to the government's request to 
companies is certainly a part of that.
    What our Board recommended is that companies be given an 
opportunity, in some cases a greater opportunity, to disclose 
government requests consistent with national security. And so, 
we have not had a chance to evaluate the arrangement that was 
struck with the Justice Department, but certainly it is a move 
in the right direction to allow the companies to make it clear 
what is collected and also to disabuse people, particularly 
overseas, and clarify that there is less collection going on 
than they think, which I think will actually help American 
businesses down the road. So we are very supportive in 
principle of doing this, but we have not examined the specifics 
of it.
    In terms of whether there is a need for legislation, I 
think we could evaluate how well the government struck its 
balance. But there are important national security concerns in 
revealing information, and it is important to do it in the 
right way.
    Ms. DelBene. Okay. We would be interested in your opinion 
on that after you have had a chance to look at it in more 
detail.
    Mr. Cole, you stated last week the Administration had 
determined that the public interest in disclosing this 
information now outweighs the national security concerns that 
required its classification. And, you know, my position is that 
even greater disclosure is warranted in order to restore the 
credibility and trust of the American in our government.
    But I want to focus one particular element of the 
transparency agreement announced last week. In the letter you 
shared with companies' general counsels last week outlining the 
terms of the agreement, you state that the government is able 
to designate a service or designate a new capability order, and 
thereby delay reporting on that service for 2 years. And I 
wondered what the criteria was that you would be using in 
making the decision of what a new capability would encompass.
    Mr. James Cole. Well, I think the criteria is set out in 
the letter. It is a new platform or a service or a capability 
that we have not had before that would indeed be something new 
and that we would be, I think, going to the court and having it 
incorporated in the order. And so, it would be something where 
we have gained a new capability to intercept communications 
that we have not had before, so that if people are relying on 
our inability to be able to intercept that information--
terrorists and people like that--that they will not all of a 
sudden see a spike if we come to adopt that view or that 
capability, and, no oh, I better get off this platform.
    Ms. DelBene. But given that that is a rather vague 
definition of what a new capability is, because of a new 
version of what you are doing right now, how do we know that 
that is not going to be used in such a broad way that basically 
ends up preventing disclosure of a lot of information that 
otherwise is covered in the agreement?
    Mr. James Cole. I believe there is an avenue for the 
companies to go to the Court and challenge that, and certainly 
come to the Justice Department and challenge that, and say it, 
in fact, is not a new capability. And we can try and work that 
through, and the Court could find that it is not.
    Ms. DelBene. And why do you believe that there has to be 
such a caveat in the agreement at all?
    Mr. James Cole. From a national security standpoint so that 
people who are comfortable communicating over a certain type of 
capability do not all of a sudden realize that we can now 
intercept that capability.
    Ms. DelBene. But do have a specific example in mind from 
what----
    Mr. James Cole. Nothing that I would want to talk about in 
an open hearing.
    Ms. DelBene. Thank you, and I will yield back, Mr. Chair.
    Mr. Goodlatte. The Chair thanks the gentlewoman, and 
recognizes the gentleman from South Carolina, Mr. Gowdy, for 5 
minutes.
    Mr. Gowdy. Thank you, Mr. Chairman. Mr. Chairman, I was 
going to pursue a line of questioning related to the balancing 
of constitutional principles, and two of them are at play here, 
national security and privacy. And then I was going to pursue a 
line of questioning related to the expectation of privacy and 
whether or not it can change with culture and technology. But 
two things happened, Mr. Chairman, on the long, arduous walk 
from your chair to mine.
    One was something my friend from Tennessee said, suggesting 
a link between appointing judges and how they rule. In fact, 
Mr. Chairman, our colleague from Tennessee said everything is 
politics, justices are politics. So I want to ask Mr. Swire, I 
am going to read you a list of names, and everybody on this 
list has at least two things in common, and I want you to see 
if you can guess what those two things are, okay?
    Mr. Swire. It is arduous for us, too, Congressman, but go 
ahead.
    Mr. Gowdy. David Souter, John Paul Stevens, Harry Blackmun, 
William Brennan, Earl Warren, and Anthony Kennedy. What do all 
of those justices have in common?
    Mr. Swire. I suspect you are pointing to the fact that they 
are Supreme Court justices nominated by Republican presidents.
    Mr. Gowdy. That is exactly what I am referring to. And what 
would be the second thing they have in common? Would you agree 
that they wildly underperformed if they were put there to 
pursue a conservative agenda?
    Mr. Swire. I am hesitant to say all these justices wildly 
underperformed on any criteria.
    Mr. Gowdy. You do not think Brennan wildly underperformed 
if we put him there to pursue a conservative agenda?
    Mr. Swire. I am sorry, which----
    Mr. Gowdy. Blackmun, Brennan. They cannot get you in 
trouble anymore. [Laughter.]
    Judges cannot take up for themselves, Mr. Chairman. They 
either cannot or will not. I just do not think it is 
appropriate to try to make links between who put somebody on 
the bench and how they are going to turn out because I just 
pointed to a half dozen that did not turn out the way we though 
they were going to turn out.
    The second thing that happened, Mr. Chairman, was Mr. 
Jordan's line of questions. Mr. Cole, I am not going to ask you 
about the IRS targeting scandal for two reasons. Number one, 
you cannot comment on it, and I know you cannot comment on it, 
so I am not going to put you in a position of having to 
repeatedly say you cannot comment on it. The second thing you 
cannot do is explain to us why the President said what he said 
Sunday. So because you cannot explain it any more than anyone 
can explain it, I am not going to ask you about it.
    I am going to ask you to do one thing, and you do not have 
to comment on it. I am just going to ask you to do one thing, 
prosecutor to prosecutor. I am going to ask you to consider, in 
my judgment, how seriously the President undermined the 
integrity of that investigation by what he said, ``not a 
smidgen.'' Lay aside that is not a legal term, ``not a 
smidgen'' or scintilla of evidence to support corruption or 
criminality.
    This investigation is ongoing. I assume no conclusions have 
been reached, hence the word ``ongoing.'' And for him to 
conclude that there is no evidence of criminality whatsoever in 
the midst of an investigation I think undermines the hard work 
that the men and woman of your Department do. And I do not 
expect you to comment. I do not want you to comment, other than 
I would ask you to consider anew appointing special counsel 
under the regulations. The special counsel of regulation say it 
is appropriate in extraordinary circumstances.
    What we have been discussing all day today is the 
extraordinary circumstance of whether can you target under the 
Fourth Amendment. The IRS case is whether government has 
targeted people for the exercise of their First Amendment 
rights. So I do not think anyone would argue it is not 
extraordinary if there is an allegation that government is 
targeting someone.
    And the second part of the regulation speaks to the public 
interest. So I would just ask you to please respectfully 
reconsider in light of what was said Sunday night, which was 
there is nothing here, not a smidgen of criminality in the 
midst of an investigation that matters greatly to lots of 
people. The Chief Executive said move on. For no other reason 
than to protect the integrity of the justice system, which I 
know you care about and I care about, I would ask you 
respectfully to consider appointing someone as special counsel 
in light of what the President said Sunday night, because he 
seriously undermined the integrity, in my judgment, of what is 
an ongoing investigation. And with that, I will yield, Mr. 
Chair.
    Mr. Goodlatte. The Chair thanks the gentleman, and 
recognizes the gentleman from New York, Mr. Jeffries, for 5 
minutes.
    Mr. Jeffries. I thank the Chair as well as the witnesses 
for your participation in today's hearing.
    Mr. Cole, I want to go over a few questions related to the 
relevancy standard. I recognize this may have been ground 
covered earlier in the hearing, but if you would just indulge 
me. They will be pretty brief.
    Since the passage of the PATRIOT Act, which I believe was 
done in late 2001, how many actual terrorist plots have been 
thwarted connected to the new tools made available to law 
enforcement pursuant to this act?
    Mr. James Cole. Well, I do not think that 215 was around in 
the original version of the PATRIOT Act. That came some time 
later. I do not know the exact number.
    Mr. Jeffries. Right. I am asking about the overall PATRIOT 
Act.
    Mr. James Cole. I do not know the exact number.
    Mr. Jeffries. Okay. Now, as it relates to the bulk 
collection of metadata allegedly authorized by 216 that came 
subsequent to the initial creation of the PATRIOT Act, how many 
terrorist plots can be directly linked to this bulk collection? 
Am I correct that the answer is zero?
    Mr. James Cole. I think the question is directly linked. 
There are tips and there are leads that come from the 215 
metadata as I have said a number of----
    Mr. Jeffries. Can you provide us with one example where a 
tip or a link actually led to the thwarting of a terrorist plot 
connected to this bulk collection?
    Mr. James Cole. Well, alleged charges. It does not mean 
that there were not other tips and leads that led to further 
investigations that were valuable and helpful to the 
government.
    Mr. Jeffries. But it is fair to say there is no substantial 
connection between this bulk collection and the resolution or 
thwarting of any terrorist plot related to this particular 
authorization under 215, correct?
    Mr. James Cole. I think that may be correct, but I think 
that that is not always the only standard that is used.
    Mr. Jeffries. Right. Now, you referenced that earlier in 
your testimony. Can you give an example to the American people 
to justify this bulk collection outside of its alleged 
relevance, given that there has been no evidence, not a 
scintilla of evidence, presented that it has been relevant to 
any terrorist investigation?
    Mr. James Cole. Well, I think it is relevant in a couple of 
ways. One is to be able to rule out that there are connections 
within the United States from terrorist plots that may be 
starting outside the United States. So it is very valuable to 
be able to know that so we can direct our resources very much 
at the core of what we are trying to look for.
    Mr. Jeffries. Now, do you think that the current relevance 
standard is a robust one?
    Mr. James Cole. I think the current relevance standard is 
one that is used in both criminal and civil law, and it is a 
very broad standard.
    Mr. Jeffries. It is a very permissive standard in terms of 
what the government has been able to get access to, correct?
    Mr. James Cole. It is not unfettered. It has to be done in 
a way that is necessary. We cannot just take whatever we want 
any time we want for any purpose. We have to go to a court and 
justify the fact that we need this volume of records in order 
to find the specific things we are looking for under very 
restricted circumstances. And then the court has to say you 
have permission to do this.
    Mr. Jeffries. Right, but what is very troubling, and I 
would like to talk to Mr. Swire about this, it is my 
understanding that once that bulk collection has been obtained, 
that the standard of reasonable articulable suspicion as it 
currently exists is a decision made by a NSA supervisor, not by 
an independent member of the judiciary, correct?
    Mr. Swire. In the first instance, it is made by the 
analyst, and it is reviewed by a supervisor.
    Mr. Jeffries. Now, how is the Review Board proposing to 
change the absence of judicial consideration?
    Mr. Swire. As was true in 2009 when there were some 
difficulties with compliance, we recommended that it go to the 
FISA Court in individual instances for a judge to review.
    Mr. Jeffries. Are you saying in the first instance in terms 
of the authorization of bulk collection or subsequent 
collection to search the data there must be a judicial 
determination made?
    Mr. Swire. In this case, there is collection, and then 
there is reasonable articulable suspicion about some phone 
number. And at that point you would go to the judge and say, 
judge, here is our RAS, and here is why we think we should look 
at it.
    Mr. Jeffries. Okay. Now, as it relates to collection, there 
has been discussion and debate about which entity would be most 
appropriate, putting aside the question as to whether it is 
even proper for this information to be collected, and I think 
the jury is still out on that, and the balance of facts suggest 
that it is not. But assuming that this information is 
collected, I guess the proposals have included the private 
sector, telephone companies, and an independent third party yet 
to be identified. Has there been any consideration given to the 
judicial branch as a separate, but co-equal, branch of 
government independent from the executive creating the 
mechanism to retain this data given the fact that a judicial 
determination at some point is going to be made as to whether 
it should be searched?
    Mr. Swire. Yes. I am not aware of the judicial branch 
holding databases and running those except for their own court 
records. So that would be quite a different function than I 
think what we have seen previously
    Mr. Jeffries. Okay, thank you. I yield back.
    Mr. Goodlatte. The Chair thanks the gentleman, and 
recognizes the gentleman from Texas, Mr. Farenthold, for 5 
minutes.
    Mr. Farenthold. Thank you, Mr. Chairman. Mr. Medine, you 
talked a little bit earlier in response to some questions about 
limited Fourth Amendment protections for information held by 
third parties. I think a lot of that is what Section 215 kind 
of bootstraps on. It gives the government broad authority to 
get a hold of that information.
    Just so the folks watching this and everybody understands, 
there is a difference between, like, if I have a file on my 
computer or if I have a file on something on a cloud storage. I 
have more privacy, correct, in what is on my computer, more 
protection.
    Mr. Medine. Under current Supreme Court law, that is right.
    Mr. Farenthold. And the same would be true for something 
sent by postal mail. I would have more privacy than something 
sent by email. That is kind of more traditional. And I would 
assume that, you know, a canceled check that I have in my 
drawer is more protected than the bank record. Is that 
something you think most Americans understand the difference in 
this day and age about information that is held electronically 
or held by third parties? Do you think most Americans 
understand that it is basically fair game?
    Mr. Medine. I suspect that they do not, but I think the key 
thing here is that, as you say, technology has changed 
dramatically since the Supreme Court's decision in Smith v. 
Maryland, which was collecting a limited amount of information 
for one person over a short period of time as opposed to----
    Mr. Farenthold. Our ability to gather information has 
changed. So the courts could revisit this, but is it also not 
appropriate that Congress could revisit this and say you 
actually do have a reasonable expectation of privacy in certain 
things?
    Mr. Medine. That is exactly what the majority of our board 
has recommended is that based upon our legal analysis of 
Section 215, our constitutional analysis, which we say is 
heading in the direction of adding protections, and also our 
balancing national security with privacy and civil liberties, 
we saw a great impact of this program on----
    Mr. Farenthold. So let me just ask Mr. Cole, and I suspect 
I know the answer to this question. So if any of my information 
is held by a third party, do you see any substantial limitation 
on what Section 215 allows you guys to get?
    Mr. James Cole. Yes, I see very significant limitations on 
what we could get being held by a third party.
    Mr. Farenthold. All right. Let us just talk about some 
things that are probably held in bulk. We talked a lot about 
the metadata on telephone calls. Could geolocation data that is 
routinely reported back from cell phones be gathered?
    Mr. James Cole. If there is a need, it may or it may not.
    Mr. Farenthold. Bank records, credit card transactions, 
things like that?
    Mr. James Cole. They may not be. It depends on whether 
there would be a need to show the connections where you would 
need the whole group----
    Mr. Farenthold. But under the rationale that you get all 
telephone records, could that not be extended to say, all 
right, we need all credit card transaction records, or all 
geolocation data so we can go back and mine it after the fact, 
from what we hear from the folks to your left, is a very 
limitedly effective program.
    Mr. James Cole. Well, we are not mining the data, 
Congressman. That is not something----
    Mr. Farenthold. Or go back and searching it, I guess.
    Mr. James Cole. Well, and we are searching only in a very 
limited way.
    Mr. Farenthold. Right, but the same argument that says you 
can collect all the phone data, could the exact same argument 
not be used for any other sorts of data that are collected by 
businesses in bulk?
    Mr. James Cole. Not necessarily because the phone data 
connects two different people, and you have to look at those 
two different sets of information.
    Mr. Farenthold. Right. So the geolocation data does the 
same thing. I go----
    Mr. James Cole. Not necessarily because it only focuses on 
one person and not----
    Mr. Farenthold. Right. But if you got the geolocation data, 
you could get everybody who is within 150 feet of me by rather 
than searching the person's phone, you could search the law and 
where they are, and you could tell everybody who's in this room 
right now.
    Mr. James Cole. But there may be other ways to go about 
that without collecting all of the data for every single cell 
tower in the United States.
    Mr. Farenthold. Okay. But do you believe that it would be 
legal for you all to do that?
    Mr. James Cole. Only if there was a need. The Court's 
rulings have really focused on the fact that there is a need 
under the facts and circumstances----
    Mr. Farenthold. All right. I see I am almost out of time, 
and I wanted to follow up on something that came up in the 
Oversight and Government Reform Committee last week. Can you 
tell us whether the NSA is playing any role in identifying, 
assessing, or classifying information about security threats or 
vulnerabilities associated with the healthcare.gov website? Are 
you aware of anything?
    Mr. James Cole. I am not aware of anything, Congressman. 
Nothing that I am aware of.
    Mr. Farenthold. Thank you very much. I yield back.
    Mr. Goodlatte. The Chair thanks the gentleman and 
recognizes the gentleman from Rhode Island, Mr. Cicilline, for 
5 minutes.
    Mr. Cicilline. Thank you, Mr. Chairman. I thank you and the 
Ranking Member for the warm welcome, and I look forward to the 
work of this Committee. Thank the witnesses for being here and 
for your testimony.
    I am, too, a proud sponsor of the USA Freedom Act and 
really associate myself with the remarks of my colleague, Mr. 
Sensenbrenner, and hope the urgency of action is clear to all 
of the witnesses and hopefully to our colleagues in the 
Congress.
    I share the view of many people that it is very difficult 
for me to understand how the existing statute authorizes this 
massive data collection of all Americans, and I am struggling 
to understand how that authorization is provided in the 
statute. But I want to ask a couple of very specific questions.
    One is I think there has been testimony from all three 
witnesses that there is not a lot of evidence, if any, that 
this action, this metadata data collection, has led to the 
interruption of a terrorist attack, but it has been useful in a 
variety of different ways. And since the private industry holds 
these records for 18 months, has anyone looked at in the 
instances it has been useful what the time period has been? Has 
it been beyond the 18 months? If we were to change that to 24 
months, would we cover all of the useful moments and not have 
to have the government collecting any of this data? Does anyone 
know the answer to that?
    Mr. James Cole. I think that is one of the factors that we 
are trying to look at to see how long you need the data for. 
This was one of the issues when the President said, and we 
talked about cutting it down to 3 years instead of 5 years for 
holding it, is one step. And we may look further to see what 
the right amount of time is.
    Mr. Cicilline. So with respect to the information we have 
currently, the benefits of in these instances where it has been 
useful, we do not know what that time period has been.
    Mr. James Cole. We are looking into that.
    Mr. Cicilline. Okay. The second thing I want to ask is, you 
know, we have this very deeply held belief in this country that 
the key parts to our justice system or two of the key parts are 
an independent neutral magistrate or judge. The current system 
allows the queries to be made by decisions made by someone 
other than a judge. And one of those reforms that has been 
recommended is that a FISA Court judge make that determination 
as a result of hopefully some adversarial process so that 
arguments can be made on both sides. That seems a very common 
sense reform.
    I would like to ask your thoughts about the national 
security letters because it seems to me the same kind of 
information can be collected through the national security 
letters that do not require a judicial determination. And it 
would seem to me that that would be a fairly easy reform to 
implement that says these letters can broadly collect lots of 
information without any judicial determination that it is 
necessary or appropriate. Why not impose the same requirement? 
And I know, you know, the argument always is, oh, it is too 
much, you know. It will require lots of extra hours.
    Setting aside the fact that it will be a lot of work for 
some folks and that we are prepared to fund that, does it not 
make sense that we ensure that there is a judicial 
determination as to the propriety of the information sought 
that can be quite broad? And I would like all three of you to 
comment on that.
    Mr. James Cole. First of all, you have to understand 
national security letters are not as broad as other things, 
other kinds of subpoenas, grand jury subpoenas, even 
administrative subpoenas under the Controlled Substances Act or 
215 authorities. It is more limited. That being said, it is 
much like an administrative subpoena or a grand jury subpoena, 
which does not involve any prior judicial approval before they 
are issues. Any judicial involvement comes on the back end if 
people do not comply with it.
    And they are very routine. They are used----
    Mr. Cicilline. But those grand juries--excuse me for 
interrupting--those grand jury subpoenas require the 
participation of grand jurors, of citizens, to make a 
determination----
    Mr. James Cole. They do not issue them themselves. There 
usually can be just a blanket authority from the grand jury to 
go issue----
    Mr. Cicilline. But it requires action of citizens to 
authorize it. In this case, the national security letters, 
there is no participation of citizens. It can be a NSA official 
that makes that determination with no either citizen 
participation or judicial participation.
    Mr. James Cole. Actually grand jurors usually do not 
participate in the decision to issue a subpoena. They receive 
the evidence that comes as a result of it and consider it, but 
they do not usually get involved in the issuance of the 
subpoena. That is usually done by the prosecutor.
    Mr. Cicilline. So is it your position that having a 
judicial determination of the national security letter request 
is not appropriate? Would that not provide additional 
protection against an intrusion into the privacy rights of 
citizens with a de minimis kind of intervention by a judicial 
officer?
    Mr. James Cole. I do not think it would provide any 
significant protection against privacy invasions for citizens. 
There are still administrative subpoenas, grand jury subpoenas, 
lots of things like that that go well beyond what a national 
security letter can do. I do not see the point of it.
    Mr. Cicilline. Mr. Swire?
    Mr. Swire. Our report came out in a different place, and we 
did recommend a judge. And in terms of the comparison with a 
grand jury subpoena, here are two differences that are not 
always stressed. One is that the NSLs stay secret under current 
law probably for 50 years, and that is very different. And the 
second way from what happens in a criminal investigation where 
if there is a problem with the investigation, the criminal 
defendant and his or her lawyer find out about it quickly, and 
that is a check on over reach.
    With NSLs, the person who is being looked at does not get 
that kind of notice, so you do not have a built in check 
against using it too much.
    Mr. Medine. Our board unanimously recommended that the RAS 
determinations, reasonable articulable suspicion, immediately 
go to the Court, after the fact, for judicial oversight of that 
program.
    Going forward, the only thing I would say is, because we 
have not studied national security letters on our Board as yet, 
to consider that we not make it a higher standard to collect 
counterterrorism information than we do in ordinary criminal 
cases, to look more broadly overall at how are these programs 
operating.
    Mr. Cicilline. Thank you. I thank you, and I yield back.
    Mr. Goodlatte. The Chair recognizes the gentleman from 
North Carolina, Mr. Holding, for 5 minutes.
    Mr. Holding. Thank you, Mr. Chairman. Mr. Swire, with 
private parties holding metadata, what kind of liability do 
those private parties have for any misuse of the metadata?
    Mr. Swire. So a phone company today, if it is hacked into 
or if they turn it over when they are not supposed to turn it 
over?
    Mr. Holding. First, you know, if they are hacked into, I 
guess there would be some determination as to whether they have 
taken adequate steps to protect the data. So what liability do 
they have there? What liability do they have if they turn it 
over to the government, and for some reason the government 
misuses it? Are there any immunities that these third parties 
have?
    Mr. Swire. So there is not an immunity if they lack 
reasonable security. Most of them have privacy policies where 
they said they are going to use reasonable security measures. 
The Federal Trade Commission or the Federal Communications 
Commission could bring a case against it. Private tort suits 
have not succeeded mostly, but the government could come in.
    When it comes to the second part, I think that comes up 
with the scope of the immunity that Congress included in the 
law the last time around. I do not know all the contours of 
that, but it is quite immunity is my understanding.
    Mr. Holding. And, of course, if we set it up so these third 
parties are retaining this information for a longer period of 
time, I assume that they would want additional assurances of 
immunities.
    Mr. Swire. I predict they would want that, yes.
    Mr. Holding. Mr. Cole, you would certainly agree that we 
live in a dangerous world.
    Mr. James Cole. I am sorry?
    Mr. Holding. We live in a dangerous world.
    Mr. James Cole. Yes, we do.
    Mr. Holding. And the dangers are overseas, and they are at 
home.
    Mr. James Cole. That is correct.
    Mr. Holding. There are plenty of people who wish us great 
harm. And in the years subsequent to 9/11, the danger may have 
changed, but I do not think the danger has diminished.
    Mr. James Cole. That is correct.
    Mr. Holding. In fact, it may have increased.
    Mr. James Cole. It has become different, and it has become 
a lot more difficult to detect.
    Mr. Holding. And you have mentioned several times and the 
other Members have mentioned several times about the use of the 
metadata in 215. And, you know, some people pointed out that, 
you know, no criminal case has been brought, you know, on the 
basis of metadata queries. But you pointed out that it is a 
part of a fabric of an investigation. I would like to think of 
it as a mosaic when you are putting together an investigation, 
whether it is public corruption, or a sophisticated drug 
conspiracy, or indeed, you know, a terrorism investigation.
    I want to give you a few minutes to spin a hypothetical 
based on your experience as a prosecutor and as, you know, 
someone who oversees a lot of investigations, a hypothetical 
where the Section 215 metadata is used as a piece of that 
mosaic. And to give some context to the conversations, you 
know, that we have had back and forth, and kind of what that 
mosaic looks like.
    Mr. James Cole. Well, obviously there is any number of 
different ways it could play out. But one possible scenario is 
you have reasonable articulable suspicion that a certain phone 
number is connected with a certain terrorist group, and you 
then inquire about it, and you see calls to and----
    Mr. Holding. Now let us back up a little bit. And how would 
you come about one of these telephone numbers?
    Mr. James Cole. Well, that could be from any number of 
other sources of intelligence, and without going into too much 
detail, there is a lot of information that feeds in that helps 
inform how we come to those conclusions if there is, in fact, 
reasonable articulable suspicions. But it has to be documented. 
It is not just something that is floating in the air. It has to 
actually be written down so somebody can read it, look at. A 
supervisor can determine that, in fact, it is reasonable 
articulable suspicion, and authorize the inquiry to be made.
    At that point, we just have the phone number. We then look 
at who that phone number has called, and we may see that there 
are a number of calls to another number. At that point, we do 
not know who that is, but we may then give that information to 
the FBI. They may then through a national security letter or 
something else determine who that number belongs to. They may 
then be able to look at other holdings that they have and other 
information they have that indicates that that other number is, 
in fact, somebody that they have been investigating for 
terrorism. And then they start putting that together, and the 
investigation starts to blossom from there. That is one of the 
ways that this could play out.
    Mr. Holding. So the metadata may not be the smoking gun, 
but it certainly puts not only a piece of the mosaic, but it 
might be like the cement that kind of puts the mosaic together, 
hooks it to another part.
    Mr. James Cole. It is tip or a lead. It starts the process 
going.
    Mr. Holding. Thank you. Mr. Chairman, I yield back.
    Mr. Goodlatte. I thank the gentleman, and the Chair 
recognizes the gentleman from Georgia, Mr. Collins, for 5 
minutes.
    Mr. Collins. Thank you, Mr. Chairman. I appreciate the 
time. And I am probably not going to spend the whole time 
because one of the things that I want to focus on here is 
probably the question, is I think from the sense--Mr. Cole, you 
have been here many times, and we have had these conversations. 
Others have been here as well. Today the Committee, especially 
Judiciary, reminds me more of a P90X workout. One side you are 
going hard for 5 minutes, and then the next time, whew, I rest 
for 5 minutes. [Laughter.]
    Hard for 5 minutes, rest for 5 minutes. And what happens 
here is you see a unilateral sort of discussion and 
understanding that what we have that nobody is comfortable 
with. They are not. They do not want to put our national 
security at risk. Nobody on this panel, nobody in this 
Congress, and many people in the country, they do not want to 
put--but they are also very uncomfortable with the collection. 
They are very uncomfortable with the way it has been dripped 
out of this is what is happening now, this is what is happening 
now, 2 weeks later here is what is happening. By the way, we 
are now angry birds, you know. Whatever it is, it is just 
dripping out.
    And so, every time we begin to maybe put a hold on it, it 
becomes a deeper problem with another revelation, and some of 
that was definitely not intended. Some of that was leaked 
maliciously, and I recognize all that. And from my part of 
Georgia, people understand national security. They understand 
patriotism. That is not the problem. What they do not 
understand is a loss of trust in the government, frankly a loss 
of trust in this Administration, a loss of trust.
    So what I really would like to focus on just for a moment, 
and if you have a lot you want to say, great. If you do not, 
then that is okay. But I think we have discussed a lot of 
specific recommendations. We have talked about have you found 
out, have you showed it. The mosaic, as my dear friend from 
North Carolina talked about, about investigations. But mine 
goes back to an essential question that this Congress will have 
to ask, and I believe it is the only reason that the President 
came out and said we need to change this, we need to look at 
this, is because, frankly, the poll numbers are bad. You have 
been looking at this for 5 years. You knew it for 5 years. And 
now it is, well, this is getting bad, we need to get ahead of 
this, let us show leadership, the whole crowd is up there, let 
me run in front and lead. The problem is trust.
    So my question as we look at this, no matter what 
recommendations may come here, and I have associated with many 
on both sides of the aisle of the problems that we have, is in 
my district and in many others, NSA has become not a three-
letter word, but a four-letter word. It has become something 
that they just do not understand and they do not trust anymore.
    So my question is, no matter what recommendations we give--
any of you want to talk about it--for just a moment, how do we 
restore that? And that is the basic question here. How do we 
restore trust?
    Mr. James Cole. Congressman, I think you raise a very, very 
important point, which is trust. We come to this through years 
of both Republican and Democratic Administrations where the 
intelligence community has determined that it is appropriate to 
classify a lot of things information that we are now talking 
about in open hearings. And they had a good faith determination 
at the time that it should be classified for the national 
security and safety of our country.
    It is out, and we are talking about it. And the American 
people deserve to have answers, and they deserve to have a 
level of transparency that makes them comfortable about these 
things. And I think that this Administration, quite frankly, 
has taken the bull by the horns, and these are not easy issues. 
These are not easy resolutions. These are not easy balances to 
find. But this Administration has gone very far in trying to be 
transparent, in trying to bring these programs back into line, 
in trying to balance how far we can go, how transparent we can 
be, how many civil liberties and privacy interests we have to 
respect, and how much of the national security side we have to 
respect, and where that balance is. And these are tough 
balances.
    You are not going to do it overnight. You are not going to 
sit there and say, oh, that is easy. Let us just go over and 
disclose all of this, or let us just not collect this 
information. These are things that if you do not collect it and 
something blows up, people are going to be very angry. But 
these are also things that if you do over collect, and you do 
over classify, and you do inhibit people's civil liberties, 
they are going to be upset about that, too. So we have to find 
that balance, and I wish it were easier, but it is not.
    Mr. Collins. And, look, I respect that, and you have been 
up here, and you are an advocate of what the Administration is 
doing, and I get that. But I think the trust factor is the 
biggest issue, and I think it was not grabbing the bull by the 
horns. I think it was grabbing a microphone and saying I will 
make you feel better, and I understand that. But at the same 
point, it does not go to the heart of the question. It does not 
go to that trust issue on how we in this Congress can explain 
that, and how the Administration can make it look more instead 
of a public appearance and we are going to PR, how we actually 
solve this.
    Look, I respect everyone. Thank you for being here. But 
that goes back to the real issue. This is a trust issue. We can 
do the recommendations, but we have got to get back to trust, 
and we just do not have that trust right now.
    Mr. Chairman, I yield back.
    Mr. Goodlatte. The Chair thanks the gentleman, and the 
Chair thanks all of our witnesses on this first panel. You have 
taken a large number of questions, and we appreciate the input 
to the Committee.
    I want to ask unanimous consent to place the following 
documents into the record: Annex A of the PCLOB report, 
separate statement of board member Rachel Brand; Annex B of the 
PCLOB report, separate statement of board member Elizabeth 
Collins Cook; comments of the judiciary on proposals regarding 
FISA; a letter written by the Honorable John D. Bates, director 
of the Administrative Office of the United States Courts on 
January 10, 2014;* Presidential Policy Directive Number 28, the 
President's directive regarding signals intelligence issued 
January 17, 2014.**
---------------------------------------------------------------------------
    *The corrected date of the submitted letter is January 13, 2014.
    **See Appendix for submitted material.
---------------------------------------------------------------------------
    I want to thank all the members of the panel, and you are 
excused. And we will----
    Mr. Nadler. Mr. Chairman?
    Mr. Goodlatte. Yes?
    Mr. Nadler. May I ask unanimous consent that we admit into 
the record the entirety of the PCLOB report since the 
dissenting views are going be----
    Mr. Goodlatte. Without objection, that will be made a part 
of the record as well.***
---------------------------------------------------------------------------
    ***The PCLOB report document submitted for the record is not 
reprinted here but can 
be accessed at: http://www.pclob.gov/SiteAssets/Pages/default/PCLOB-
Report-on-the-Telephone-Records-Program.pdf.
---------------------------------------------------------------------------
    Mr. Nadler. Thank you.
    Mr. Goodlatte. And we thank all of our panelists.
    Mr. James Cole. Thank you, Mr. Chairman.
    Mr. Goodlatte. And we will move onto to the next panel. We 
are expecting a vote soon, but we want to keep moving.
    [Pause.]
    Mr. Goodlatte. We welcome our second panel today, and if 
all of you would please rise, we will begin by swearing you in.
    [Witnesses sworn.]
    Mr. Goodlatte. Thank you very much. Let the record reflect 
that all of the witnesses answered in the affirmative.
    Our first witness of the second panel of witnesses is Mr. 
Steven G. Bradbury, an attorney at Dechert, LLP, here in 
Washington, D.C. Formerly, Mr. Bradbury headed the Office of 
Legal Counsel in the U.S. Department of Justice during the 
Administration of George W. Bush, handling legal issues 
relating to the FISA court and the authorities of the National 
Security Agency.
    He served as a law clerk for Justice Clarence Thomas on the 
Supreme Court of the United States and for Judge James L. 
Buckley of the United States Court of Appeals for the D.C. 
Circuit. Mr. Bradbury is an alumnus of Stanford University and 
graduated from Michigan Law School.
    Our second witness is Mr. Dean C. Garfield, president and 
CEO of the Information Technology Industry Council, a global 
trade association that is a voice advocate and thought leader 
for the information and communications technology sector. 
Previously, Mr. Garfield served as executive vice president and 
chief strategic officer for the Motion Picture Association of 
America.
    Mr. Garfield is a regular contributor to the Huffington 
Post and has been featured in several national and 
international publications representing the ICT industry. Mr. 
Garfield holds degrees from Princeton University and New York 
University School of Law.
    Our third witness is Mr. David Cole, a professor of law at 
Georgetown University Law Center. He is also the legal affairs 
correspondent for The Nation and a regular contributor to the 
New York Review of Books. He is the author of seven books.
    Mr. Cole previously worked as a staff attorney for the 
Center for Constitutional Rights from 1985 to 1990 and has 
continued to litigate as a professor. He has litigated many 
constitutional cases in the Supreme Court. Mr. Cole received 
his bachelor's degree and law degree from Yale University. Mr. 
Cole has also received two honorary degrees and numerous awards 
for his human rights work.
    I want to thank you all for being here today. We ask that 
each of you summarize your testimony in 5 minutes or less, and 
to help you stay within that time, there is a timing light on 
your table. When the light turns from green to yellow, you will 
have 1 minute to conclude your testimony. When the light turns 
red, it signals the witness' 5 minutes have expired, but I 
think you all know that.
    And I thank you all. And we begin with Mr. Bradbury. 
Welcome.

         TESTIMONY OF STEVEN G. BRADBURY, DECHERT, LLP

    Mr. Bradbury. Thank you, Mr. Chairman.
    The independent judges of the FISA court have repeatedly 
upheld the legality of the NSA programs, and the President has 
strongly affirmed that they remain necessary to protect the 
United States from foreign attack. While I welcomed the 
President's defense of the programs in his recent speech, I'm 
disappointed that he decided, evidently at the last minute, to 
pursue changes in the telephone metadata program recommended by 
his review group.
    The President wants to move the metadata into private 
hands. I don't believe that's workable, not without seriously 
affecting the operation of the program and creating new data 
privacy concerns.
    The current program allows NSA to combine data from 
multiple companies into a single, efficiently searchable 
database and preserve it for historical analysis. This database 
is among the most effective tools we have for detecting new 
connections with foreign terrorist organizations. Moving this 
database outside NSA would require ceding control to a private 
contractor, since no single phone company has the capacity to 
manage all the data.
    Putting a private contractor between NSA and the data would 
compromise the utility and responsiveness of this asset. It 
would also reduce the security of the data. Today, the database 
is kept locked down at Fort Mead, with access strictly limited 
by court order and stringent oversight. If it were outsourced 
to a contractor, the data would likely reside in a suburban 
office park on much less secure servers.
    It would be vulnerable to privacy breaches and cyber 
incursions from foreign governments and terrorist groups. It 
could be exposed to court-ordered discovery by litigants in 
civil lawsuits, and the contractor's employees would be much 
less subject to direct oversight by the executive branch, the 
FISA court, and Congress. Those are not desirable outcomes.
    The President also intends to require FISA court approval 
of the reasonable suspicion determinations before NSA could 
query the database. This change moves us back toward the pre-9/
11 approach. It will inevitably hamper the speed and 
flexibility of the program, particularly if it requires 
separate court approval of each query, and it will place a 
substantial new burden on the FISA court. Requiring the 
involvement of lawyers and court filings will impose a 
legalistic bureaucracy on a judgment call more appropriately 
made in real time by intelligence analysts.
    Finally, the President ordered NSA not to analyze calling 
records out to the third hop from the seed number, something 
the NSA only does when there's a specific intelligence reason. 
Why should we needlessly forego these potentially important 
intelligence leads?
    Beyond the changes endorsed by the President, I urge this 
Committee to reject most of the other major proposals for 
curtailing FISA. The most sweeping proposal would restrict the 
use of Section 215 to individual business records directly 
pertaining to a specific person.
    A similar proposal would limit NSA to conducting queries of 
the telephone calling records only while the data is retained 
by the companies in the ordinary course of business. These 
restrictions would kill the metadata program by denying NSA the 
broad field of data needed to conduct the necessary analysis.
    At the same time, denying NSA the ability to access 
metadata in bulk would preclude the historical analysis of 
terrorists' calling connections, which is among the most 
valuable capabilities of the 215 program. Any requirement to 
shorten the data retention period would degrade our ability to 
discover important historical connections.
    One further proposal would attempt to convert FISA into an 
adversary process by establishing some form of public advocate. 
This proposal would raise significant constitutional concerns, 
both if the President is required to share sensitive national 
security secrets with an adversary and if the public advocate 
were given the power to oppose each FISA application and to 
appeal a decision of the FISA court.
    Such an officer would lack the Article III standing 
necessary to initiate an appeal and would occupy a gray zone 
outside the three branch framework established in the 
Constitution.
    Instead of creating a formal office of public advocate, the 
President wants to set up a panel of pre-cleared outside 
advocates who could be called upon by the FISA judges to submit 
amicus briefs on significant questions. This proposal is less 
objectionable if it leaves to the FISA judges the decision to 
call for amicus input and preserves the President's discretion 
to decide whether the amicus gets access to classified 
information.
    Of course, any requirement that an outsider be granted 
access to the intelligence information available to the court 
will chill the executive branch's willingness to disclose the 
most sensitive details relevant to FISA applications. As the 
FISA judges recently pointed out, this disincentive would 
threaten the relationship of trust between the Justice 
Department and the FISA court, something this Committee should 
strive to avoid.
    Many of these reforms, Mr. Chairman, run the risk of re-
creating the type of cumbersome, overlawyered FISA regime that 
proved so inadequate in the wake of 9/11. If our Nation were 
attacked again, I am concerned that a future President may feel 
the need to fall back on Article III authority to conduct the 
surveillance necessary to protect the country, and I don't 
think any of us would like that outcome.
    Thank you very much.
    [The prepared statement of Mr. Bradbury follows:]

    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
        

                               __________

    Mr. Goodlatte. Thank you, Mr. Bradbury.
    Mr. Cole, welcome.

                   TESTIMONY OF DAVID COLE, 
                GEORGETOWN UNIVERSITY LAW CENTER

    Mr. David Cole. Thank you, Mr. Chairman, Ranking Member, 
for inviting me here to testify.
    I want to make three brief points in my opening remarks. 
First, that technological advances employed by the NSA raise 
substantial privacy and liberty concerns and demand new legal 
responses if we are not going to forfeit our privacy by 
technological default. Second, that Congress is particularly 
well situated to adopt rules to protect Americans' privacy in 
the digital age. And third, that the USA FREEDOM Act, sponsored 
by Representative Sensenbrenner and Senator Leahy, is an 
excellent start toward restoring the privacy and the 
accountability that has been infringed by NSA practices.
    First, the NSA metadata program illustrates the profound 
threat to our privacy and to our associational freedoms brought 
on by the capabilities of the digital age. At the time of the 
framing or even 50 years ago, if the Government wanted to know 
what we read, what we listened to, who we spoke and associated 
with in the privacy of our home, they would have to get a 
warrant based upon probable cause.
    Today, virtually everything we do in the home and out, 
including what we read, with whom we associate, where we go, 
and even what we are thinking about leaves a digital trace that 
reveals the most personal details of our lives.
    According to the Administration's interpretation of Section 
215, there is no limit on the Government getting these digital 
details of our lives, whether they be phone records or email 
records or Internet browsing data records or business or bank 
records. There is no limit on their ability to get them because 
they might at some point be useful to search through for a 
connection to terrorism.
    According to the Government's reading of the Fourth 
Amendment, the Fourth Amendment provides no constitutional 
limit on the Government's ability to get all of this data about 
all of us because, by sharing it with Google or AT&T or 
Verizon, we have forfeited our--any interest in privacy that we 
might have.
    But many people who have looked at this problem, including 
President Obama, including the President's review group, 
including the Privacy and Civil Liberties Oversight Board, 
including Justice Alito, including Justice Sotomayor, and 
including Justice Scalia, have said and acknowledged that when 
technology advances in this way, it is critical that we adapt 
our laws to ensure that we retain the privacy that we had at 
the time of the framing.
    We're in a brave new world. And unless we adapt our laws to 
reflect that fact, we will effectively forfeit the privacy that 
is so critical to our own human relations and to a free and 
open democracy.
    Second, Congress is well situated to act. As Justice Alito 
said in the Jones case, a legislative body is well situated to 
gauge changing public attitudes, to draw detailed lines, and to 
balance privacy and public safety in a comprehensive way. When 
it comes to adjusting law to deal with advances in technology, 
Congress has historically done so, and it has historically done 
so where the Supreme Court has either declined to protect 
Americans' privacy or failed to address sufficiently Americans' 
privacy.
    So when the Supreme Court said the Fourth Amendment does 
not protect the privacy rights of people vis-a-vis pen 
registers, Congress responded by enacted statutory limits on 
the Government's use of pen registers. When the Supreme Court 
said we have no privacy rights in our bank records, Congress 
responded by enacting the Right to Financial Privacy Act. FISA 
itself imposes restrictions on the Government's ability to 
gather information that the court has not yet said is 
constitutionally protected.
    That intervention is necessary here because the 
Administration has essentially interpreted Congress' prior law 
to give it carte blanche. I was around when we debated the 
changes on the PATRIOT Act, and I am absolutely certain that 
had the Administration come to Congress and said we'd like to 
amend the business records law, which at that time allowed the 
Government to get records on specific targets, and we'd like to 
amend it by giving us the authority to get records, phone 
records and other business records on literally every American 
and amass them in a single database and keep them for 5 years, 
there is no way that this Committee would have approved of 
that. There is no way that this Congress would have approved of 
that.
    And yet that's the interpretation that the Administration 
has put on this law in secret. And therefore, I think it's 
critical that Congress respond, and I think the USA FREEDOM 
Act, by ending dragnet collection and requiring a nexus between 
business records sought and terrorism investigations, is the 
best way to go.
    Thank you very much.
    [The prepared statement of Mr. David Cole follows:]

    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
    
                               __________

    Mr. Goodlatte. Thank you, Mr. Cole.
    Mr. Garfield, I don't know how the introductions and the 
seating got reversed there. Our apologies to you, but you get 
the last word of the testimony. Then we are going to take a 
recess to go vote, and we will come back and ask questions of 
all members of the panel.

                TESTIMONY OF DEAN C. GARFIELD, 
            INFORMATION TECHNOLOGY INDUSTRY COUNCIL

    Mr. Garfield. Thank you, Chairman Goodlatte, Ranking Member 
Conyers.
    On behalf of some of the most dynamic and innovative 
companies in the world, we thank you for hosting this hearing 
and for inviting us to testify.
    My testimony today will be infused with a healthy dose of 
humility because we recognize that the phrase, ``We don't know 
what we don't know,'' is particularly apt in the area of 
national security. That being said, given the multinational and 
multisectoral nature of the tech sector and our business, we 
know we have something important to contribute to this 
conversation.
    As you instructed, rather than repeating my written 
testimony, which has been submitted for the record, I'll focus 
on the economic impact; second, the societal implications; and 
then, third, offer some solutions.
    With regard to the first, the economic impact is 
significant and ongoing. We live in a world where innovations 
that were previously the province of your imagination or solely 
the movies are now found in technology that positively impact 
all of our everyday lives.
    Those innovations are not just cool and potentially 
lifesaving. They have positive economic benefit, with the 
United States benefiting significantly.
    By way of example, the data solutions industry, which is 
fast growing, is expected to create over 4 million new jobs in 
the next 3 years. Nearly a third of those jobs are expected to 
be created in the United States, which we all benefit from.
    Unfortunately, because of the NSA disclosures, ``made in 
the USA'' is no longer a badge of honor, but a basis for 
questioning the integrity and the independence of U.S.-made 
technology. In fact, a number of industry experts have 
projected that the losses from the NSA disclosures in the cloud 
computing space alone will be in the tens of billions of 
dollars.
    Second, with regard to the societal implications, the 
impact is significant there as well. Many countries are using 
the NSA's disclosures as a basis for accelerating their 
policies around force localization and protectionism. We've all 
read about what's happening in Brazil and their efforts to 
create a walled garden around their data.
    Brazil is not alone. Some of our other allies, including 
Europe, are questioning the safe harbor that enables cross-
border data flows. As well, many European countries are 
advocating the creation of country-specific clouds.
    If that is able to proceed and turns into a contagion, we 
run the real risk of going down the path of a Smoot-Hawley like 
protectionist downward spiral that dramatically impacts U.S. 
businesses and actually impacts businesses all around the world 
and transfer what is an open, global Internet instead into a 
closed, siloed Internet, which is not something that none of us 
would like to see.
    Congress is in a great position to avoid that, and so I'll 
turn to solutions. I offer 3 sets of solutions that build on 8 
principles that we released 2 weeks ago.
    First, we think that additional transparency is critical. 
The previous panel spoke to some of the steps that have 
recently been taken by the Justice Department to enable greater 
disclosures. We view those steps as a positive step forward but 
still think that legislation is necessary to cement those gains 
and to build on them.
    Second, we think greater oversight is also very important, 
and developing a framework that enables a civil liberty 
advocate to be a part of the FISC court process--I'm sorry, the 
FISA court process is also important.
    The last round of questions for the first panel revolved 
around trust, and we think that rebuilding trust is also 
critically important. And there are a number of steps we can 
take in that regard.
    One is around the standard-setting processes around 
encryption. The NSA disclosures have significantly undermined 
the encryption standard-setting process, and the President in 
his speech passed on the opportunity to affirm the integrity of 
those processes. We think that it's critically important that 
that occur.
    Second, and finally, the issue that's been much debated in 
the first panel around Section 215. We think the work that 
you're doing today and, hopefully, will do in the future around 
examining and reexamining 215 is critically important. In 
addition to considering national security, we would advocate 
considering other factors, including economic security, civil 
liberties, cost, as well as the impact on our standing with 
U.S. citizens and around the world.
    Those same factors are equally apt as we consider whether 
that data should be stored by a third party.
    Again, I thank you for this opportunity and look forward to 
your questions.
    [The prepared statement of Mr. Garfield follows:]

    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
    
                               __________

    Mr. Goodlatte. Thank you, Mr. Garfield.
    The Committee will stand in recess, and we will return as 
soon as these votes are over to begin the questioning.
    [Recess.]
    Mr. Goodlatte. The Committee will reconvene. We are missing 
one of our witnesses. We will go ahead and start with you, Mr. 
Bradbury, and I am sure we will be joined by Mr. Garfield 
shortly. There he is. You were safe. We were starting with Mr. 
Bradbury anyway.
    Do you see any legitimacy in Justice Sotomayor's concern 
that there is a cumulative effect to the data collected? Does 
the evolution of technology necessitate a reevaluation of the 
concept of a legitimate expectation of privacy?
    Mr. Bradbury. Well, first, Justice Sotomayor in the Jones 
case was not addressing anything like the telephone metadata 
program. There was a criminal investigation targeted at a 
specific individual where they were tracking him around, and 
they put a device on his car, and they were collecting data 
about everywhere he went and everything he did. It was focused 
on a dragnet, if you will, on that particular individual. And 
there is nothing like that here. The only focus in this program 
in this program is on terrorist groups and their connections.
    Number two----
    Mr. Goodlatte. Well, let me just interject there because I 
understand that concern, but I think the concern that a lot of 
Americans have is that while that is the purpose and intent of 
this, the collection of data, which as we know technology today 
allows us to do pretty incredible things, and not just the 
government, but it is certainly done in the private sector. It 
is done in presidential elections, for example, to mix data and 
come up with very, very informative facts from the advanced use 
of technology. And the long-term storage of that data at the 
same time is, I think, whether it is what she is concerned 
about or what many of us are concerned about.
    Nonetheless, I know it is a concern of many of my 
constituents that when you put those two things together, there 
has to be a much greater degree of trust in what government is 
going to do with that data over an extended period of time.
    Mr. Bradbury. Certainly that is true, and I think it is 
important for Congress and an appropriate role for Congress to 
study if statutory changes are appropriate with regard to 
developments and the use of data and the creation of data and 
data records.
    But the same concern, which I think is a hypothetical 
concern about the potential for abuse, would apply to broad 
data collections that are all done by all manner of Federal 
regulatory agencies under subpoena authorities, administrative 
subpoena powers, that are based on the exact same language of 
this statute, but that do not involve----
    Mr. Goodlatte. But let me point out one difference, and it 
really goes to my next question. And that is, do you believe it 
is possible that because the FISC operates in secrecy and all 
those other agencies you cite, and you are correct about that, 
they do not operate in secrecy. Is it possible for the 
evolution of the law in that court to become so ossified or to 
go off track because it does not get challenged in the same way 
that regular Federal courts, or Federal regulatory process for 
that matter, are challenged? And if so, what would be the 
damage in having a panel of experts, maybe like yourself, 
available to argue a counterpoint to make sure that the FISC 
has all points of view?
    Mr. Bradbury. Well, I do think that there is nothing wrong 
or objectionable, as I have indicated, with a panel of experts 
that could be called upon as amicus to provide views on a 
difficult question, provided the constitutional issues I 
identify could be addressed.
    But the other agencies I mentioned do not have to go 
through a court, so there are no court decisions unless the 
subject of an administrative subpoena challenges it in court, 
which is rare because this standard is so generous to those 
agencies. So the Securities Exchange Commission, Federal Trade 
Commission, Consumer Financial Protection Bureau, they get vast 
amounts of data about transactions affecting private interests 
of Americans in vast quantities.
    Now, I am not saying it is the same quantity as here, true. 
But here, the interests are very different. They are the 
protection of the Nation from foreign attack. That is the 
paramount mission of the National Security Agency. The reason 
for the secrecy in the FISA process is because it involves the 
most sensitive national security secrets and threats to the 
country. It simply cannot be exposed.
    Mr. Goodlatte. I understand that, but there is an element 
of trust here that will ultimately cause this to fail unless 
the American people believe that what the protections are 
available to them are actually being asserted and exercised in 
the judicial process. And they do not get to see that like they 
do in other proceedings. And your point is well taken about 
those other agencies. Maybe we should be looking at what they 
do with their data as well.
    But finally, let me ask you, do you believe that the 
government acquisition of third party data should be permitted 
indefinitely, or should there be some limit on how much of this 
data should be permitted?
    Mr. Bradbury. Well, in terms of time limit, the government 
does impose a time limit if the court order includes a time 
limit that requires all this data to be deleted, purged, after 
5 years. The reason they chose 5 years, it is a standard time 
in the NSA programs because it is an important period to look 
back and do historical analysis. We know there was a cell 
operating in a particular operation 3 years ago. We see a new 
number now. It is important to know if it----
    Mr. Goodlatte. There is always an example of, you know, if 
you saved it further. I think it declines, however, 
exponentially, for example, the example of the Boston bombing. 
The data that was used to determine whether he had phone 
contacts with people that might be engaged in a conspiracy that 
we are going to launch another attack, which his certainly a 
concern that law enforcement and the general public would have, 
would not need to have storage for 5 years.
    But let me just also suggest that it is not just about the 
length of time. The gentlewoman from California asked the 
question of the first panel related to what is the limit on 
what kind of data can be gathered. It is not just telephone 
data. It is not just financial services data. It could be 
almost anything. And, therefore, when you put together that 
wide array of data over an extended period of time, there 
becomes a great deal of mistrust about how this system could be 
abused.
    Mr. Bradbury. Yes, and I think once the disclosures were 
made and this became the subject of public debate--I think it 
is a healthy debate--I think it was incumbent on the President 
to come out early and often to explain to the American people 
the nature of the program, the limitations, the lack of abuse, 
and to defend the program. I was happy to see that he did that 
in his speech on the 17th. I think that came a little late in 
the day, and unfortunately it was combined with a decision to 
change the program in material respects.
    So I think it is first the role of the President to defend 
these programs. And second, I think the Chairs and Ranking 
Members of the intelligence committees that oversee the 
programs have an important role in terms of explaining and 
defending the programs.
    Mr. Goodlatte. Thank you. I am going to ask one more 
question, and that is directed to you, Mr. Garfield. Can you 
list for us the problems that your member companies anticipate 
they will face if they are required to store all the data the 
NSA is currently storing?
    Mr. Garfield. It would probably be a long list, but we have 
talked about many of them. Some of them include having to keep 
data that goes beyond the business purpose of that data, the 
time period for keeping it that extends beyond the time period, 
security concerns, cost concerns, as well as the broader 
concern around trust, which is a critical component of how we 
operate in the tech sector.
    Mr. Goodlatte. Thank you. The Chair recognizes the 
gentleman from Michigan, Mr. Conyers, for 5 minutes.
    Mr. Conyers. Thank you, Mr. Chair. In her concurrence in 
U.S. v. Jones, Justice Sotomayor wrote this: ``It may be 
necessary to reconsider the premise that an individual has no 
reasonable expectation of privacy in information voluntarily 
disclosed to third parties.'' Well, here is where that leads 
us: your phone number, the website address, the email address, 
the correspondence with the internet service providers, the 
books, groceries, and medications that we purchase online 
retailers, and so forth and so on.
    How should we, Professor David Cole, how we should we 
rethink the right to privacy in what Justice Sotomayor called 
the digital age?
    Mr. David Cole. Thank you, Representative Conyers. I think 
that Justice Sotomayor is onto something. I think Justice Alito 
said much the same thing. He did not speak specifically to the 
third party disclosure rule, but he did speak specifically to 
the risks to our privacy that are posed by the fact that the 
government has technology today that allows it to learn 
information about all of us without going through the steps 
that were required at the time that the Constitution was 
adopted. And historically, the Fourth Amendment has been 
adapted to deal with those kinds of technological advances, 
whether it is the phone, or the use of the beeper, or the use 
of a GPS, or the use of a thermal imaging device.
    So I think the Supreme Court can and should recognize that 
in the modern era, there is a difference between my voluntarily 
sharing information with, say, Mr. Bradbury and, therefore, 
voluntarily assuming the risk that he will turn around and 
provide that information to the government. That is a voluntary 
risk that assume.
    There is a difference between that and the fact that to 
live in the modern age today you necessarily have to share 
information with businesses. Every place you walk, you are 
sharing with the cell phone company where you are. Every time 
you make a search on the internet, you are sharing with Google 
what you are thinking about. Every time you send an email, you 
are sharing with Google or your internet service provider who 
your friends are, who you are addressing.
    And the notion that we somehow as Americans have 
voluntarily surrendered our privacy and all that incredibly 
intimate detail is probably telling about what we think and 
what we do than anyone who knows us knows about us. I mean, I 
do not think my wife knows as much about me as my computer 
knows about me, and yet if you adopt a third party disclosure 
rule without any change to recognize the advance in technology, 
you have just forfeited privacy.
    But that is for the Supreme Court. I think even if the 
Supreme Court does not change the rules, this Congress can 
recognize that Americans demand more privacy than that. And as 
I said in my opening and as I say in my written statement, 
Congress has frequently done that. And I think this is an 
appropriate time to do that yet again to protect the privacy 
that all Americans deserve.
    Mr. Conyers. What do you think of the USA Freedom Act that 
I worked with both our U.S. Senator Leahy and with our former 
Chairman, Jim Sensenbrenner? Do you think that----
    Mr. David Cole. I think that is precisely the type of 
response I think that is needed and that is justified because 
what it does is it says we are going to end the notion that the 
government, simply by calling something business records and 
claiming that at some point in the future they may want to look 
through those business records, the government can collect 
everybody's records. Instead, what the USA Freedom Act says is 
the NSA, the FBI, they can collect records if they demonstrate 
that those records have a nexus either to a target of an 
investigation--a suspected terrorist or a foreign agent--or to 
a person known to or associated with that target.
    That seems to me a perfectly reasonable and tailored 
response. Indeed, I think that is how the Administration sold 
what they were asking Congress to do when Section 215 was 
amended with the PATRIOT Act. And again, as I said in the 
opening, I do not think anybody in Congress thought when they 
said we are going to allow you to get relevant records that are 
relevant to an authorized investigation. I do not think a 
single Member of Congress thought what we meant by that is 
there are no limits on the business records that you can get. 
You can get records on every American, every phone call without 
any showing of any connection to terrorism. That is clearly 
unacceptable in terms of protecting the privacy of Americans.
    The USA Freedom Act protects that privacy. It ensures that 
security interests are balanced by giving the government the 
ability to get those records where it has a basis for 
suspecting that a person has that nexus.
    Mr. Conyers. Thank you so much. I have got a question for 
Mr. Dean Garfield, but I am going to give it to him and ask him 
to submit it in writing so it will go in the record.
    Thank you, Mr. Chairman.
    Mr. Goodlatte. Thank the gentleman, and the Chair 
recognizes the gentleman from Alabama, Mr. Bachus, for 5 
minutes.
    Mr. Bachus. Thank you. First, Professor Cole, I am a part 
of a bipartisan group that is looking at sentencing reform, 
which is a different area. We are not dealing with that today, 
but I know you have been very active in advocating for changes 
in our criminal justice system, and I applaud you for that.
    Mr. David Cole. Thank you.
    Mr. Bachus. And I will ask the first question to you. It is 
not just the technology that has changed over the last 30 or 40 
years. It is really the amount of information out there. We 
share so much information on Facebook, Tweeter, or Twitter, 
InstaGram. You know, that information is there in the public 
realm. I think Smith v. Maryland, those cases that were decided 
in the 70's and 80's on privacy and our expectations on 
privacy. How does the fact that there is so much more 
information out there, and we are sharing so much more 
information, how does that affect our expectation of right to 
privacy or how should it?
    Mr. David Cole. Well, I think that is the key question, and 
I think the answer may lie in the decision of Justice Alito in 
the Jones case where he says that there is a difference between 
following a car from point A to point B in public. You do not 
have an expectation of privacy with respect to your going from 
point A to point B in a car in public. There is a difference 
between that and using a GPS to follow that car from point A to 
point B to point C to point D to point E to point F all the way 
to point Z, 24/7 for 28 days. You are still in public, but the 
notion that the government could have followed you 24/7 for 28 
days without the technology, it just could not have. It would 
have cost remarkable resources they would not have. And Justice 
Alito says, therefore, people had a reasonable expectation of 
privacy with respect to that information because it was just 
onerous for the government to collect it.
    The same thing is true with all this information. You know, 
we generate all this information, but what has changed is that 
now every time we make a decision and take an action, it 
generates a digital record. And now we have computers that have 
the ability to collect and amass all of that data and to 
examine it for connections and ties, which tells whoever is 
looking, whether it be the NSA, or the FBI, or the IRS, whoever 
is looking, tells them a whole lot more about an individual 
than they ever possibly could have known before the advent of 
this technology and before the blossoming of these digital 
traces.
    And, you know, it seems to me that both the Constitution, 
the Fourth Amendment doctrine, and the statutory law of this 
Congress needs to be adapted to recognize that fact. Otherwise, 
as Justice Scalia said in the Kyllo case involving thermal 
imaging devices, we will simply forfeit our privacy to advances 
in technology.
    We have a choice, and the choice is whether we want to 
preserve our privacy or not. It does not go automatically. It 
goes if we let it go. And Congress has the power to stop it.
    Mr. Bachus. Okay. Mr. Bradbury, would you like to comment?
    Mr. Bradbury. Well, I think there is a big difference 
between what has been referred to as the third party doctrine, 
records being held by a third party, and the notion that 
metadata, which is transactional data, simply data about 
communications, not the content of the communications, is not a 
search because there is not a reasonable expectation of 
privacy. That is data created by a company to conduct its 
business. And the people involved in the communications as 
subscribers know the company is creating that record, that 
data. It is not your personal record. It is not something that 
includes the content4 of the communication.
    There may be a communication that is stored in a cloud some 
place and somebody might try to argue that is held by a third 
party and it is not subject to protections. But this Congress 
has given it protections under the Electronic Communications 
Privacy Act and the Stored Communications Act. And I think 
there is an argument that the Court would recognize it as 
protected because it still includes the substance and private 
communications. So I think there is a big difference between 
that pure transactional metadata and every other kind of third 
party stored data.
    The last thing I would comment on, Congressman, is with 
respect to the Jones case and what has been called the mosaic 
theory is that at a certain point when you put enough 
information about an individual together in an investigation, 
voila, that becomes a search suddenly, I think that Court has 
not gone there yet. There is a lot of scholarship about it and 
discussion. But if the Court goes there, that could really 
seriously interfere with criminal investigations of all kinds.
    I mean, think about organized crime investigations where 
the prosecutors who are investigating or the FBI puts up on the 
wall an organization chart with the pictures of the members of 
the organization and collects all kinds of public data about 
the goings-on of those particular members of the organization. 
Does that constitute a search that would require a warrant to 
put that kind of profile together from all manner of public 
available information? No, it cannot. If it does, then criminal 
investigations would come to a halt.
    Mr. Bachus. Thank you.
    Mr. Goodlatte. The Chair recognizes the gentleman from New 
York, Mr. Nadler, for 5 minutes.
    Mr. Nadler. I thank the Chairman. Let me first observe that 
because of the evolving technology, people may, in fact, if 
they think about it, realize that the metadata on their phones 
is in the possession of somebody, but still have an expectation 
of privacy when they are using the phone because you do not 
think about it in everyday terms. And if you did and you said, 
gee, I do not want this in the public domain because it might 
go into the public domain because the phone company is keeping 
it for billing records and maybe because of something else, you 
would have no privacy at all. So I think our law has to change. 
Maybe for 40 or 50 years the expectation of privacy theory was 
valid, you know, and was sufficient, but no longer as privacy 
becomes more invaded.
    But let me ask you the following, Professor Cole. You wrote 
in your testimony, ``The bill would''--the bill, that is to 
say, the USA Freedom Act--``would restore an approach to 
privacy that is governed in this country since its founding, 
namely the notion that the government should only invade 
privacy where it has some individualized objective basis for 
suspicion,'' which, of course, is not the bulk collection of 
information under Section 215.
    But you are describing exactly what we always wanted to do 
to avoid the general warrant. The Fourth Amendment was written 
specifically to say no general warrants. You have to describe 
the thing to be searched. We do not want the king's officer to 
be able to come and say show me everything based on nothing 
except that you live in Boston.
    What we have now, is this not the type of general warrant 
that Section 215, the way it has been interpreted, precisely 
the general warrant that the Fourth Amendment was enacted to 
prevent?
    Mr. David Cole. I think it is. I think that when you have 
an order that says go out and collect literally every 
American's every phone call record, how is that different from 
a general warrant? It is not targeted. It is not predicated on 
individualized suspicion. It is as expansive as a general 
warrant, and that is precisely the concern that was raised.
    Now, Mr. Bradbury says, well, but it is only getting 
metadata, not content. I think that is a very evanescent----
    Mr. Nadler. Because you can learn a lot from metadata.
    Mr. David Cole. Well, and here is what Stewart Baker, who 
is general counsel of the NSA, said about that. He said, 
``Metadata absolutely tells you everything about somebody's 
life. If you have enough metadata, you do not really need 
content. It is sort of embarrassing how predictable we are as 
human beings.''
    Mr. Nadler. Okay. I thought the moment I heard about it, I 
thought it was precisely the general warrant. And we certainly 
had no intention of authorizing Section 215. And the FISA 
Court, if it were not the kind of kangaroo court it is because 
it only gets one side, and it is done in secret, probably would 
not have decided it that way.
    But let me ask you a second question. The review board 
established by the President recommended, among other things, 
that we harmonize the standards for national security letters 
for Section 215 collection. This makes sense to me, 
particularly as many of the standards for NSL's minimization of 
initial approval process are less rigorous. What is your 
opinion? Should we harmonize the standards by requiring that 
NSL meet the same and presumably amended standards since it 
will fix the problem that now exists with the Administration 
and FISA Court's interpretation of what is relevant?
    In other words, should we make the NSLs match 215, and, for 
that matter, if we do, why bother having NSLs at all anymore?
    Mr. David Cole. Right. Well, yes, I think they should be 
harmonized. The USA Freedom Act would harmonize them and would 
employ the same standard to define the nexus required to get 
business records generally and the nexus required to get NSLs.
    Right now, NSLs in Section 215 have the same standards. 
It's just that it is this relevance standard which the 
government has read to be meaningless. So the USA Freedom Act 
would keep parity between----
    Mr. Nadler. It would harmonize them?
    Mr. David Cole. Huh?
    Mr. Nadler. It would harmonize them.
    Mr. David Cole. Right.
    Mr. Nadler. Good.
    Mr. David Cole. It is harmonized, yes. But I think it needs 
to be harmonized and elevated to----
    Mr. Nadler. Harmonized up, not down.
    Mr. David Cole. Yes.
    Mr. Nadler. Mr. Garfield, in the few seconds I have, last 
week the government agreed to allow to Facebook, Microsoft, 
Google, Yahoo, Apple, and other tech companies to make 
information available to the public about the government's 
request for email and other internet data. Are these new 
disclosure rules sufficient? Should Congress take additional 
steps? And assuming that the NSA continues to collect telephone 
metadata under Section 215, will the government reach a similar 
deal with telephone companies for disclosures about call record 
requests?
    Mr. Garfield. I will answer the first two questions, which 
I am in a good position to answer.
    Mr. Nadler. That is why I asked you.
    Mr. Garfield. The agreement last week I think is a positive 
step in allowing greater transparency, which is something we 
strongly believe in.
    The answer to your second question as to whether 
legislation would be helpful is yes. It goes part way, but not 
far enough. For example, it is important that the private 
sector have transparency reports and disclosures, but it is 
also important that the public sector do as well. And so, in 
that respect, among others, I think having legislation would be 
very helpful.
    Mr. Nadler. Thank you. My time has expired. Thank you.
    Mr. Goodlatte. The Chair recognizes the gentlewoman from 
California, Ms. Lofgren, for 5 minutes.
    Ms. Lofgren. Thank you, Mr. Chairman, and thanks for this 
hearing. You know, Mr. Conyers read the exact quote from 
Justice Sotomayor's opinion that I had been looking at. And I 
have been thinking a lot about we have the role of writing the 
statutes, but behind that is, you know, what the Constitution 
requires. And I think that it is not just the Court that needs 
to examine that. I think the Congress has an obligation to do 
that as well.
    And as I have been thinking about this, I have been 
thinking about two longstanding doctrines, one, the third party 
data, there is no expectation of privacy, as well the plain 
sight doctrine. And just as you have said, I mean, 30 years 
ago, if I walked out my front door, I knew that my neighbors 
could see me. I did not expect that my picture would be taken 
every place I walked and compiled, and using facial recognition 
technology someone could say where I was every moment of every 
day.
    Yes, if I went in and checked into a hotel, I knew that 
that was not private information, but I did not expect that 
every email I send, every website, that if I went on my 
Constitution document that somebody could track how often I 
read the Fourth Amendment. That was not part of the third party 
doctrine.
    So I think Congress needs to not delegate this to the 
Court, but to head on take on these issues because I think if 
you look at where the Court is going, you know, I do not know 
how long it is going to take them to get there. You know, we 
cannot discuss what we are told in closed sessions, but I will 
just read the news reports that we had a few days ago, reports 
that that the NSA is spying using leaky mobile apps; a few days 
before that the NSA collected over 200 million text messages; 
that in late December that cookies were being used to track 
people; that there were 5 billion records of mobile phone 
location data collected daily; that there was collection of 
pornographic website visits used to blackmail potential so-
called terrorists; that money transfers were being tracked. And 
it goes on and on.
    So I guess, you know, one of the questions I have, 
Professor Cole, is if the Congress should step forward to 
interpret the Fourth Amendment in light of big data, how would 
we do that, statute by statute? And I am a co-sponsor of Mr. 
Sensenbrenner's bill, but that really relates to just a portion 
of this question. Do you have thoughts on that?
    Mr. David Cole. Well, I think it is a great question. I 
think it is the defining question of privacy for the next 
generation, which is how do we preserve privacy in the face of 
these advances in technology, which make it possible for the 
government to learn everything about us.
    And I think, you know, it is absolutely critical that 
Congress play a role, that Congress has historically played a 
role, not waited for the Supreme Court to act, in some 
instances acting before the Supreme Court does so, FISA for 
example. In other areas when the Supreme Court has said there 
is no expectation of privacy, Congress has come on the heels of 
that and said, wait a minute, the American people disagree with 
you. We want our privacy. And so, I think that is what you did 
with respect to bank records, video rental records, PIN 
registers, and the like.
    So there is a real history of Congress stepping up here and 
doing so. And I am not sure you can do it in a global way, but 
the USA Freedom Act, as I suggested earlier, is a useful start 
because it puts in place the principle of individualized 
suspicion, rejecting this general warrant notion.
    Ms. Lofgren. I am going to follow up with you and I am 
going to ask one additional question of Mr. Garfield. On the 
technology issues, one of the very distressing reports was that 
the government, rather than alert people to zero day events, 
simply exploited them. I am worried about the balkanization of 
the internet. We see what Brazil is doing, certain 
authoritarian regimes insisting that servers be placed in their 
country. I am worried about governance and whether ICON will be 
able to continue to be the governing body, or whether efforts 
to dismantle that will be enhanced by these revelations.
    I am wondering if we should make obligations to the 
government to proactively take steps to preserve the global 
internet both through mandates not to weaken encryption, 
mandates as to assisting in zero day events, and if you have 
thoughts on that.
    Mr. Garfield. Yes, I absolutely do. We worry as well about 
the potential balkanization and what the NSA disclosures mean 
for internet governance. I think it is very important for 
Congress to act in this area. I think the President missed an 
opportunity by not speaking to the encryption standards issue 
and the need to bolster the integrity of encryption standards. 
And so, to the extent that Congress has the ability to do that, 
we would encourage it.
    Ms. Lofgren. My time has expired. Thank you, Mr. Chairman.
    Mr. Goodlatte. The Chair thanks the gentlewoman, and 
recognizes the gentleman from Virginia, Mr. Scott, for 5 
minutes.
    Mr. Scott. Thank you, Mr. Chairman. Mr. Garfield, can you 
just say another word about the effect of global 
competitiveness on this issue and how American companies are 
actually pretty much at a disadvantage if we do not get this 
straight?
    Mr. Garfield. No, absolutely. So trust, integrity, security 
are key components of technology and doing well in technology 
and developing your business in that area. The United States 
has played a significant leadership role around the world. And 
to the point in my testimony, rather than continuing to be a 
badge of honor, today because of the NSA disclosures, countries 
and customers around the world are questioning the integrity 
and independence of U.S. technology companies, which puts us at 
a competitive disadvantage overseas, but also here where the 
American people also have those same trust concerns.
    Mr. Scott. And do you have a choice in vendors in a lot of 
products, whether it is an American company or a foreign 
company?
    Mr. Garfield. I am sorry?
    Mr. Scott. Is there a choice in vendors in products?
    Mr. Garfield. Almost always, I mean, but the tech sector is 
highly competitive. We represent both domestic and 
international companies. The impact, interestingly enough, is 
global because to the extent that innovations that are being 
led by the United States do not occur, the whole world is 
disadvantaged because we all benefit from those innovations. 
And so, it creates a global problem, but one that is 
particularly acute for U.S. companies.
    Mr. Scott. Does your council have a position on where 
information should be stored if the decision is made to collect 
and store this data where it ought to be stored at NSA or some, 
say, department store or something like that?
    Mr. Garfield. Yes. Our view is that the same considerations 
that we offer in evaluating 215 are apt in considering where 
that data is stored. For example, if the goal is to rebuild 
trust, it is not clear how having that data stored in a third 
party addresses the trust concern. If it is around data 
integrity and security, it is not clear how having it stored in 
a third party addresses that data integrity or security 
question.
    And so, in the examination, we think it is important to 
come up with certain principles and have those principles guide 
the examination both of 215 as well as where the data is 
stored.
    Mr. Scott. So are you suggesting it could be stored at the 
NSA as long as they separate it down the hall, across the 
street, but have NSA control it rather than the private sector?
    Mr. Garfield. I am not suggesting that at all.
    Mr. Scott. Well, where would it be?
    Mr. Garfield. The beginning comment that I made, which is 
that there is a lot that I am not privy to for a whole host of 
reasoning, including security clearance. And so, I do not feel 
I am in a position to give advice to the U.S. government on 
national security. What I feel that I have the confidence to do 
is to make sure that certain important factors, in addition to 
national security, are considered. Economic security, privacy, 
civil liberties, as well as our standing in the world, are some 
of the factors that we think should be considered.
    Mr. Scott. Thank you. Mr. Cole, the Administration has 
offered a lot of administrative changes. What would be the 
shortcomings if those changes are not codified?
    Mr. David Cole. If those changes are not codified?
    Mr. Scott. Right.
    Mr. David Cole. Well, I think those changes are important 
ones, in particular the notion that the NSA cannot search 
through the bulk collection without first getting approval from 
a court. That seems to me an important modification. The notion 
that there would be an independent advocate in the FISC seems 
to be important. And one implication of not doing that, I think 
as we see, we see repeated instances of what we have now 
learned about, right?
    So Mr. Bradbury said 15 judges of the FISA Court approved 
of the use of Section 215 to get all of our phone data. What he 
did not say is that when that program was first approved by the 
first judge in May 2006, he did not even write an opinion. He 
did not address the constitutional questions. He did not say 
why he thought the limitation on relevance was somehow met by 
giving the NSA access to everybody's information. No opinion.
    Every 90 days thereafter, a different Federal judge, and 
this is how he gets to 15, signed an order that extended the 
program. No analysis of the constitutional question, no 
analysis of the statutory question. It was not until Edward 
Snowden disclosed it to the public that the FISC finally wrote 
an opinion 7 years after the program had been up and running 
explaining retroactively why they thought what they had been 
doing for 7 years was okay. And it is, as the privacy board has 
shown in its analysis, a very, very doubtful construction of 
the statute, one that, as Representative Sensenbrenner has, was 
not in anybody's mind who adopted the statute.
    So I think the Administration's proposals are important, 
but I think they do not go far enough. And particularly the key 
way in which they do not far enough is that they do not end 
bulk collection. They do not end dragnet collection. They just 
put it somewhere else. I think with the USA Freedom Act would 
do is end it, and that is a much better response.
    Mr. Scott. You were not here when Mr. Cole answered the 
question about retroactive immunity. I asked the question that 
you keep hearing that the collection of the data was helpful. 
It was an illegal collection, finding that it was helpful does 
not give you immunity for the collection. Do you have a comment 
on what relevance it is that people keep saying we need because 
it is helpful as a justification for getting the data?
    Mr. David Cole. Yes, absolutely. I mean, it would be 
helpful if the police could, without a warrant, search every 
one of our homes on a daily basis without any basis for 
suspicion. That would be helpful because they might find some 
bad guys who are hiding behind the privacy that we all expect 
from our home. But that does not make it right.
    But number two, I think when they say it is helpful, you 
have got to look behind that, as the privacy board did, met 
with them in classified sessions, looked at classified 
materials, looked at the ``success stories,'' and found, and 
here I am quoting from them on page 146, ``We have not 
identified a single instance involving a threat to the United 
States in which the telephone records program made a concrete 
difference in the outcome of a counterterrorism investigation. 
Moreover, we are aware of no instance in which the program 
directly contributed to the discovery of a previously unknown 
terrorist plot or the disruption of a terrorist attack.''
    Mr. Scott. Well, to justify the program because it was 
helpful, it just adds insult to injury. It was not even 
helpful. But even if it had been helpful, it would not 
retroactively make the collection legal, would it?
    Mr. David Cole. That is right.
    Mr. Bachus [presiding]. Mr. Scott, your time has expired.
    Mr. Scott. Thank you, Mr. Chairman.
    Mr. Bachus. Thank you. Mr. Chaffetz.
    Mr. Chaffetz. Thank you. I appreciate the hearing. I know 
it has been a long one, and I appreciate your patience here.
    Mr. Garfield, one of the terms that has been thrown out 
there is this so-called balkanization of the internet or 
internet balkanization. I would like you to expand on that. You 
have talked about bits and parts of it. You know, there have 
been some concerns about what is going on in Brazil, the 
European Union. They have announced some policies that would 
disadvantage the United States based companies. Can you kind of 
expand your thoughts on that?
    Mr. Garfield. Yes. I know this is not just theoretical, it 
is actually real, so you point to Brazil where the government 
of Brazil is moving forward with policies that would 
essentially create a wall garden around data that is developed 
in Brazil. They have already said that the email systems being 
used by the government can only be stored or developed by 
Brazilian companies. So as a result, U.S. companies that have 
previously held a leadership position in the technology 
innovation in that space are being dispossessed.
    It is an economic issue, but it also a broader internet 
governance issue. If it turns out that the open internet that 
we have all gotten used to becomes a balkanized series of 
walled gardens, then a lot of the innovation, a lot of the 
societal benefits that we have experienced will be limited.
    Mr. Chaffetz. Thank you. In your written testimony you 
state the need to rebuild trust regarding the National 
Institute of Standards and Technologies, or NIST, and their 
commitment to cryptographic standards developed and vetted by 
experts globally. Could you explain the importance of this in 
your opinion?
    Mr. Garfield. Yes. The reason why technologies work across 
geographic boundaries is you get off the plane and your phone 
will work in Europe as well as the United States, is because of 
standards that are driven through consensus and multi 
stakeholder voluntary processes. Some of the disclosures have 
suggested that the United States has exploited vulnerabilities 
in cryptography, which erodes trust. And so, in order to ensure 
that our technology will work across borders, it is critical to 
rebuild that trust.
    The President missed an opportunity in his speech to speak 
to this issue. We hope that he will, but Congress has the 
opportunity to correct that error.
    Mr. Chaffetz. Thank you. I think you have touched on two of 
the concerns that globally the communication that we enjoy. 
These things are so important. So I appreciate all of your 
expertise being here today. I appreciate this Committee talking 
about such an important issue.
    Mr. Chairman, I think you wanted me to yield you some time 
if that is correct? I will yield back or yield to you, whatever 
you choose.
    Mr. Bachus. Yes, yield to me, if you will.
    Mr. Chaffetz. Yes.
    Mr. Bachus. And let me say this. I am going to pursue that 
same line. I had intended to. And, Mr. Garfield, are there 
other countries that are demanding information from your member 
companies about their citizens or foreign citizens?
    Mr. Garfield. It happens in a number of countries. And so, 
as we think about internet governance and jurisdiction issues, 
we are always careful about the salutary impact. And so, the 
rules that we live by in one market set a precedent for how we 
operate globally, and that is in part why in our 
recommendations we strongly encourage more multilateral 
dialogue around these surveillance and security issues so we 
can get greater harmonization around the rules that are 
created.
    Mr. Bachus. Right. And are other countries tapping into 
your member company systems for spying purposes?
    Mr. Garfield. The question presumes that that is happening 
anywhere, including here in the United States.
    Mr. Bachus. Well, say, in other countries.
    Mr. Garfield. No. So our companies are always working hard 
to make sure that cryptography and security measures are 
robust.
    Mr. Bachus. But what I am talking about is, you know, they 
have databases, and they maintain those in other countries. Can 
they come and use that platform to access information for 
spying purposes?
    Mr. Garfield. We work hard to make sure that is not, in 
fact, the case. I mean, the previous panel made the point that 
we live in a world in which cyber warfare and efforts on 
undermining cyber security are quite aggressive, including by 
companies as well as nations. We are always working because it 
is a first priority of ours to maintain the data integrity to 
fight against that.
    Mr. Bachus. Well, let me say this. If you are required to 
store some of this data, say, even the U.S. government, then it 
could be subject to requests in civil proceedings, divorce 
proceedings, once you maintain it. So you may want to consider 
to start maintaining that data.
    Mr. Garfield. Exactly, and there are two issues. One is 
data stored by private companies at the request of the U.S. 
government, and then data stored at a third party. We are 
unequivocally opposed to data being stored by the private 
sector, us, beyond the need for business purposes for the very 
reason you highlight, which is the data integrity issue. It 
creates additional vulnerabilities. We are always fighting 
against that, but we do not want to create more targets.
    Mr. Bachus. Thank you. The gentlelady from Texas is 
recognized for 5 minutes.
    Ms. Jackson Lee. Let me thank you again, and let me take 
note that this is a long hearing, and we thank you very much 
for your participation here.
    I was, Professor Cole, reading the old 215, and I guess I 
continue to be baffled, having been here when we crafted the 
PATRIOT Act in the waning hours, months, and days after 9/11. 
And everyone was in a perplexed state, and the idea was, of 
course, to protect our citizens. But I notice 215 in Section 
501 particularly pointed out, they listed books, records, 
papers, documents, and other items. There goes the mega data. 
But they also said protect against international terrorism or 
clandestine intelligence activities. Further down, it goes onto 
again emphasize that we should specify that there is an effort 
to protect against international terrorism, clandestine 
intelligence.
    And I only raise that because it looks to me that we have 
firewalls, but what resulted is this massive acknowledgement of 
the gathering of telephone records of every single American. 
And I want to find a way to politely push back on Justice 
Sotomayor's reflection, and I think it is a reflection, and I 
think it is one in the reality of today, which is maybe we can 
have privacy, and have you muse, if you will, on the new 
legislation that we have introduced where we enunciate a whole 
list of reasons. And I do not know if you have been able to 
look at that number 1 section that we have here that goes on to 
as relevant material, obtain foreign intelligence not 
concerning a United States person, protect against 
international terrorism. It sort of lays it out.
    And I ask you, can we comfortably find a way to answer 
Justice Sotomayor and say, yes, we can? I might use that. And 
is there something else we should add in the legislation that I 
have co-sponsored enthusiastically, and we will be looking 
forward to it moving forward. Can we add something else because 
as I look at 215, Section 501, it looks as if we had all that 
we need to have to say, you know what? I do not think they 
wanted you to get the mega data. Are we where we need to be in 
this new legislation?
    Mr. David Cole. Thank you for that question. You know, I 
agree that Section 215, if you read it with its ordinary 
meaning, sought to put constraints on the types of records and 
the amounts of records that the government could obtain because 
it did not say you are hereby authorized to obtain all business 
records on all Americans. It said you are authorized to obtain 
business records that are relevant to an authorized 
investigation.
    And as the privacy board's report shows in exhaustive 
detail, very powerful analysis, no court in any other setting 
has ever read a relevance limitation as expansively as saying 
you can pick up every American's every record. No court, not in 
a grand jury context, not in a civil discovery context. So 
Congress did seek to put in limited language.
    Ms. Jackson Lee. We did.
    Mr. David Cole. But the Administration essentially took it 
out. So I think what Congress needs to do is to push precisely 
as Justice Sotomayor suggests, and I think that the key is to 
identify when it is obviously justified to sweep up the kinds 
of records that disclose so much about our intimate and 
personal lives. And I think the USA Freedom Act does a good job 
because it says you can do so when those records pertain to a 
foreign agent or a suspected terrorist, when they pertain to an 
individual in contact with or known to a suspected agent of a 
foreign power or a terrorist who is a subject of an 
investigation.
    So that says you can get records on the target. You can get 
records on people connected to the target. But, no, you cannot 
get records on every single American because Americans want 
security, but they also want privacy, and they want to use 
their phones. And we should not have to give up any one of 
those three. I think the USA Freedom Act ensures that we have 
all three.
    Ms. Jackson Lee. And diligence is part of that. Mr. 
Gardner, let me ask you this. I know you may have been asked 
and answered over and over again. What will be the burden of 
the private sector hold onto this vast amount of data if it was 
to be crafted in that way? What would be the cost? What would 
be the problems?
    Mr. Garfield. It is hard to put a precise number on it. I 
think it suffices to say the burden would significant, not only 
in cost, but the impression that it creates. One of the 
challenges we face as a result of the NSA disclosures is there 
is a question around the integrity as well as the independence 
of U.S.-based companies. If we are to store that data, that 
would call into question whether we are, in fact, independent. 
And so, there are financial costs as well as broader costs as 
well.
    Mr. Bachus. Thank you.
    Ms. Jackson Lee. Mr. Chairman, if you would just indulge me 
for 30 seconds, a group question.
    Mr. Bachus. A brute question? But a very short response.
    Mr. Garfield. Okay.
    Ms. Jackson Lee. Thank you very much. I will not follow up. 
I just want to get Mr. Bradbury and Mr. Cole in again, and I 
will group my question together. Mr. Gardner makes a valid 
point on the perception issue. Why is it not better that we 
have a monitored holding of the data of whatever it may be, and 
the fact that we have now laid out a framework by the Federal 
Government instead of the private sector.
    And then just an aside with respect to how we do our 
intelligence. Do you think it is time that we haul in all of 
the outside contracting and do a better job of vetting and 
doing this in house dealing with our intelligence access? If I 
can get a quick answer. I think I put two questions in at once. 
Mr. Bradbury?
    Mr. Bradbury. Thank you, Congresswoman. I do think there 
are risks with outside contractors, and I think putting the 
data in private hands would raise those risks. I think it would 
increase privacy concerns and make the program less effective.
    So I think it is monitored now while it is being held by 
the NSA, closely overseen. I do not think it is an excess or 
abuse of the relevant standard. I think if this Committee 
changes the relevance standard, it should not single out the 
NSA and the intelligence community. It should consider applying 
the same narrowing standard to all Federal regulatory agencies, 
which collect vast amounts of records and data for their own 
investigatory purposes. They do not just limit themselves to 
those narrow individual records that are directly pertaining to 
their investigation. They get databases so that they can search 
it for relevant queries.
    And so, if the same standards applied across the board, I 
think it would really inhibit the functioning of government. I 
do not think the NSA should be singled out when its mission is 
the most important.
    Ms. Jackson Lee. Thank you. Mr. Cole, can you----
    Mr. David Cole. I think if you adopt the USA Freedom Act, 
which I think you should, then the problem of where to store 
the bulk collection is solved because there is no bulk 
collection, right? If you say the NSA can only collect data 
where it is actually connected to a terror suspect or someone 
who is connected to a terror suspect, there is no bulk 
collection, and there is not the problem of storage. The 
problem of storage arises only if you continue to permit bulk 
collection. I do not think that should continue to be 
permitted.
    Ms. Jackson Lee. I thank you, Mr. Chairman. I think we have 
got strong support for the H.R. 3361, and I look forward to 
moving forward on such legislation. With that, I yield back.
    Mr. Bachus. This concludes today's hearing. The Chairman 
thanks all of our witnesses for attending.
    Without objection, all Members will have 5 legislative days 
to submit additional written questions for the witnesses or 
additional materials for the record.
    This hearing is adjourned. Thank you.
    [Whereupon, at 3:09 p.m., the Committee was adjourned.]



                            A P P E N D I X

                              ----------                              


               Material Submitted for the Hearing Record

Material submitted by the Honorable Bob Goodlatte, a Representative in 
  Congress from the State of Virginia, and Chairman, Committee on the 
                               Judiciary

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                               

                                 
