[Senate Hearing 113-878]
[From the U.S. Government Publishing Office]
S. Hrg. 113-878
CONTINUED OVERSIGHT OF THE
FOREIGN INTELLIGENCE SURVEILLANCE ACT
=======================================================================
HEARING
before the
COMMITTEE ON THE JUDICIARY
UNITED STATES SENATE
ONE HUNDRED THIRTEENTH CONGRESS
FIRST SESSION
__________
OCTOBER 2, 2013
__________
Serial No. J-113-32
__________
Printed for the use of the Committee on the Judiciary
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
U.S. GOVERNMENT PUBLISHING OFFICE
28-112 PDF WASHINGTON : 2018
____________________________________________________________________
For sale by the Superintendent of Documents, U.S. Government Publishing Office,
Internet:bookstore.gpo.gov. Phone:toll free (866)512-1800;DC area (202)512-1800
Fax:(202) 512-2104 Mail:Stop IDCC,Washington,DC 20402-001
COMMITTEE ON THE JUDICIARY
PATRICK J. LEAHY, Vermont, Chairman
DIANNE FEINSTEIN, California CHUCK GRASSLEY, Iowa, Ranking
CHUCK SCHUMER, New York Member
DICK DURBIN, Illinois ORRIN G. HATCH, Utah
SHELDON WHITEHOUSE, Rhode Island JEFF SESSIONS, Alabama
AMY KLOBUCHAR, Minnesota LINDSEY GRAHAM, South Carolina
AL FRANKEN, Minnesota JOHN CORNYN, Texas
CHRISTOPHER A. COONS, Delaware MICHAEL S. LEE, Utah
RICHARD BLUMENTHAL, Connecticut TED CRUZ, Texas
MAZIE HIRONO, Hawaii JEFF FLAKE, Arizona
Kristine Lucius, Chief Counsel and Staff Director
Kolan Davis, Republican Chief Counsel and Staff Director
C O N T E N T S
----------
OCTOBER 2, 2013, 10 A.M.
STATEMENTS OF COMMITTEE MEMBERS
Page
Grassley, Hon. Chuck, a U.S. Senator from the State of Iowa...... 4
Leahy, Hon. Patrick J., a U.S. Senator from the State of Vermont. 1
prepared statement........................................... 195
Lee, Hon. Michael S. Lee, a U.S. Senator from the State of Utah.. 6
WITNESSES
Witness List..................................................... 67
Alexander, Hon. Keith B., Director, National Security Agency,
Fort Meade, Maryland........................................... 10
prepared joint statement..................................... 68
prepared statement........................................... 79
Clapper, Hon. James R., Director of National Intelligence,
Washington, DC................................................. 6
prepared joint statement..................................... 68
Cordero, Carrie F., Adjunct Professor of Law and Director of
National Security Studies, Georgetown University Law Center,
Washington, DC................................................. 51
prepared statement........................................... 184
Donohue, Laura K., Professor of Law, Georgetown University Law
Center, and Director, Georgetown's Center on National Security
and the Law, Washington, DC.................................... 47
prepared statement........................................... 86
Felten, Edward W., Professor of Computer Science and Public
Affairs, Princeton University, and Director, Center for
Information Technology Policy, Princeton, New Jersey........... 49
prepared statement........................................... 171
QUESTIONS
Questions submitted to Hon. Keith B. Alexander by:
Senator Grassley............................................. 199
Senator Hirono............................................... 203
Senator Klobuchar............................................ 206
Senator Leahy................................................ 209
Senator Whitehouse........................................... 212
Questions submitted to Hon. James R. Clapper by:
Senator Grassley............................................. 200
Senator Hirono............................................... 205
Senator Klobuchar............................................ 207
Senator Leahy................................................ 211
Senator Whitehouse........................................... 213
Questions submitted to Prof. Carrie F. Cordero by Senator Franken 197
Questions submitted to Prof. Carrie F. Cordero by Senator
Grassley....................................................... 201
Questions submitted to Prof. Laura K. Donohue by Senator Franken. 198
Questions submitted to Prof. Laura K. Donohue by Senator Grassley 202
Questions submitted to Prof. Edward W. Felten by Senator
Klobuchar...................................................... 208
ANSWERS
Responses of Hon. Keith B. Alexander to questions submitted by:
Senator Grassley............................................. 220
Senator Hirono............................................... 231
Senator Klobuchar............................................ 229
Senator Leahy................................................ 214
Senator Whitehouse........................................... 224
[Note: Responses of Hon. James R. Clapper to questions for the
record are classified and are, therefore, provided separately.]
Responses of Prof. Carrie Cordero to questions submitted by
Senator Franken................................................ 239
Responses of Prof. Carrie Cordero to questions submitted by
Senator Grassley............................................... 236
Responses of Prof. Laura Donohue to questions submitted by
Senator Franken................................................ 252
Responses of Prof. Laura Donohue to questions submitted by
Senator Grassley............................................... 241
Responses of Prof. Edward Felten to questions submitted by
Senator Klobuchar.............................................. 256
MISCELLANEOUS SUBMISSIONS FOR THE RECORD
AOL et al., a letter on S. 1452, the Surveillance Transparency
Act of 2013, and H.R. 3035, the Surveillance Order Reporting
Act of 2013, September 30, 2013, letter........................ 259
Rowley, Coleen, retired FBI agent and former FBI Minneapolis
Division Legal Counsel, Apple Valley, Minnesota, October 21,
2013, letter................................................... 261
CONTINUED OVERSIGHT OF THE
FOREIGN INTELLIGENCE SURVEILLANCE ACT
----------
WEDNESDAY, OCTOBER 2, 2013
United States Senate
Committee on the Judiciary
Washington, DC.
The Committee met, pursuant to notice, at 10 a.m., in Room
SD-226, Dirksen Senate Office Building, Hon. Patrick J. Leahy,
Chairman of the Committee, presiding.
Present: Senators Leahy, Feinstein, Whitehouse, Klobuchar,
Franken, Coons, Blumenthal, Hirono, Grassley, Hatch, Sessions,
Graham, Lee, Cruz, and Flake.
OPENING STATEMENT OF HON. PATRICK J. LEAHY,
A U.S. SENATOR FROM THE STATE OF VERMONT
Chairman Leahy. Good morning, everybody. It is a strange
time in the Congress. I would also note before we start that we
will not allow any demonstrations during a meeting of the
Senate.
I know some demonstrators like to get themselves on
television. I do not care whether they are in agreement--or
disagreement with positions of mine. I do not want people
blocking others who are here, by holding up signs, and I do not
want them blocking the people who are here to watch this
hearing. This is the United States Senate, and people have the
ability to watch a hearing.
We are going to conduct further oversight of the
intelligence community's use of the Foreign Intelligence
Surveillance Act, or FISA. No one knows for sure how long the
Federal Government will be shut down, but I feel strongly that
the Senate Judiciary Committee has to continue its work on this
important subject because it does involve the security of the
United States. I consulted with Senator Grassley about this,
and I appreciate that Director Clapper and General Alexander
have agreed to proceed with the hearing today as scheduled. I
am certain that they join me in thanking all of the dedicated
intelligence community professionals who are also doing their
jobs today despite the needless shutdown of the Federal
Government. That said, I have decided--and, again, I discussed
this with Senator Grassley--to postpone the Committee's weekly
business meeting tomorrow in light of the Government shutdown.
I am doing this even though we have judicial emergencies on the
agenda. I am hoping that those of us who, like myself, are on
the Appropriations Committee will be able to get back to
passing bills. I am concerned that we are now in October. By
law, by the end of last month the House of Representatives was
supposed to have sent us each of the appropriations bills so
that we could then vote on them, vote up or vote down. They
have yet to send over a single one. Maybe instead of looking
for slogans we ought to just pass these appropriations bills
and vote for them or vote against them, whichever way, but get
it done and let people get back to work.
I am also going to ask General Alexander and Director
Clapper at the end of their statements if they would take an
extra minute and tell us, because it is going to be of interest
to many of us on this Committee who are on Appropriations, what
the shutdown is meaning in the number of people who are not
able to come to work and do the jobs that we expect them to do
in our intelligence agencies.
As we continue to reexamine the intelligence community's
use of FISA authorities, let us be clear that no one
underestimates the threats that our country continues to face
or the difficulty of identifying and meeting those threats. We
all agree that we should equip the intelligence community with
the necessary and appropriate tools to help keep us safe. But--
and there is always a ``but''--I hope that we can also agree
that there have to be limits on the surveillance powers we give
to the Government. Just because something is technologically
possible and just because something may be deemed technically
legal does not mean that it is the right thing to do.
This summer, many Americans learned for the first time that
Section 215 of the USA PATRIOT Act has for years been secretly
interpreted to authorize the collection of Americans' phone
records on an unprecedented scale. The American public also
learned more about the Government's collection of Internet
content through the use of Section 702 of FISA.
Since the Committee's last hearing on these revelations in
late July, we have learned a great deal more. We have learned
that the NSA has engaged in repeated, substantial legal
violations in its implementation of both Section 215 and
Section 702 of FISA. For example, the NSA collected, without a
warrant, the content of tens of thousands of wholly domestic
emails of innocent Americans. The NSA violated a FISA Court
order by regularly searching the Section 215 phone records
database without meeting the standard imposed by the Court.
These repeated violations led to several reprimands by the
FISA Court for what the FISA Court called ``systemic
noncompliance'' by the Government. The Court has also
admonished the Government for making a series of substantial
misrepresentations to the Court. Now, knowing this, we have
seen no evidence of intentional abuse of FISA authorities, but
the pattern is deeply troubling.
We have also learned that the NSA in 2011 started searching
for Americans' communications in its Section 702 database--a
database containing the contents of communications acquired
without individualized court orders. And this past weekend--and
all of you have seen the front page story--The New York Times
reported that the NSA is engaging in sophisticated analysis of
both domestic and international metadata to determine the
social connections of Americans.
So when you have all these revelations, it is no surprise
that the intelligence community faces a trust deficit. And
after years of raising concerns about the scope of FISA
authorities, as I and others have, and the need for stronger
oversight, I am glad that many Members of Congress in both
parties are now interested in taking a close look at these
programs--at both the Government's legal and policy
justifications for them and the adequacy of the existing
oversight regimes.
I think it is time for a change, and I think additional
transparency and oversight are important parts of that change.
But I believe we have to do more. So I am working on a
comprehensive legislative solution with Congressman
Sensenbrenner, the Chairman of the Crime and Terrorism
Subcommittee in the House, as well as other Members of
Congress, again, across the full political spectrum of both
parties. Our bipartisan, bicameral legislation will address
Section 215 and Section 702 and a range of surveillance
authorities that raise similar concerns.
Our legislation would end Section 215 bulk collection. It
also would ensure that the FISA pen register statute and
National Security Letters could not be used to authorize bulk
collection. The Government has not made its case that bulk
collection of domestic phone records is an effective
counterterrorism tool, especially in light of the intrusion on
Americans' privacy.
In addition, I find the legal justification for this bulk
collection to be strained at best. I have looked at the
classified list of cases involving Section 215. I find it to be
unconvincing. As the Deputy Director of the NSA himself
acknowledged at our last hearing a couple weeks ago, there is
no evidence that Section 215 phone records collection helped to
thwart dozens or even several terrorist plots.
In addition to stopping bulk collection, our legislation
would improve judicial review--and I think this is extremely
important--by the FISA Court and enhance public reporting on
the use of a range of surveillance activities. It would require
Inspector General reviews of the implementation of these
authorities--putting into law a request that Senator Grassley
and I, along with eight other Members of this Committee, made
last week to the Inspector General for the intelligence
community. This is a commonsense, bipartisan bill, so I look
forward to working on this effort in the coming months with
those in the Senate, in the House, and others who care about
these issues.
I do appreciate the concrete steps that both Director
Clapper and General Alexander have made in recent months to
brief Members of Congress--and I have been, as you know, at
many of those briefings--and their move toward more
transparency and further declassification of documents. I also
welcome the participation of the legal and technical experts on
our second panel and would note with particular pride that my
alma mater, Georgetown Law, is well represented among those
witnesses. So I hope this will inform our legislative efforts.
You know, we all agree we have to ensure our Nation's
security, but we also have to restore the trust of the American
people in our intelligence community, and fundamentally we have
to protect the liberties that have kept us great and a
diversified democracy and the envy of countries around the
world because of our democracy.
[The prepared statement of Chairman Leahy appears as a
submission for the record.]
Senator Grassley, do you want to say something before we go
to the witnesses?
OPENING STATEMENT OF HON. CHUCK GRASSLEY,
A U.S. SENATOR FROM THE STATE OF IOWA
Senator Grassley. Yes, thank you. And thanks to our
witnesses for what they do for the security of our country, and
to you,
Mr. Chairman, for holding the hearing, a very important
oversight hearing, a very important function of Congress to
make sure that our laws are faithfully executed. Although the
Government has been partially shut down due to partisan
differences over various issues, we are continuing our
oversight work, as I said, a very important matter, and in this
particular instance, because national security is the first
responsibility of our Federal Government.
We last held a hearing on this subject late July. At that
time I expressed the view that the reports in the media had
called into serious question whether the law and other
regulations currently in place strike the right balance between
protecting our civil liberties and our national security. This
is especially so concerning the public revelation that under
Section 215 of the PATRIOT Act the Government was collecting
Americans' phone records in bulk. Additional public disclosures
since our last hearing have underscored that concern.
Indeed, since that time, the administration has
declassified legal opinions reflecting significant errors by
the Government before the FISA Court in implementing 215 and
702. The good news is that these appear to have been for the
most part unintentional mistakes that Government brought to the
Court's attention on its own accord. Of course, the bad news is
that even with all the checks and balances built into the
system, these kinds of errors can still occur.
Even more unsettling, other reports since July have
suggested that there have been cases of intentional and willful
misuse of intelligence authorities by NSA employees to spy on
their spouses and neighbors. These disclosures have created a
broader crisis of trust in the legitimacy of our intelligence-
gathering methods generally. In my view, had these programs
been more transparent from the start, this trust deficit that
the American people have would not be as severe as it is now.
This brings me to the President's response to the crisis
which has been very baffling to me. The President held a news
conference in early August, a news conference that should have
been held, and thankfully he did, in which he defended the bulk
collection of phone records as ``an important tool in our
effort to disrupt terrorist plots'' and suggested some areas
for reform. Since then, as far as I know, he has not said a
word in public about these issues. If the President really and
truly believes in the importance of these programs, he should
be publicly defending them as part of our national debate. He
should not be contracting out that job solely to the
intelligence community. Simply put, as in so many other areas,
the President is failing to lead where he wants others to
follow.
In any event, I am pleased that we have taken a number of
steps to follow up on some of these disturbing reports. Since
July, a bipartisan group of Members of this Committee requested
that the Inspector General of the intelligence community
conduct a thorough review of the implementation of these
authorities. Additionally, I wrote to the NSA Inspector General
and received a public accounting of the handful of documented
instances where the NSA employees intentionally abused their
authorities. It was heartening to see how few cases of
intentional misconduct exist, but on the other hand, it is
alarming to know that the possibility of employees engaging in
such behavior turns out to be very real.
The NSA Inspector General's response to my letter reflected
that many of these cases were referred to the Department of
Justice for possible criminal prosecution. I was planning on
following up with how these referrals were handled with Deputy
Attorney General Cole at this hearing. The Chairman chose not
to invite an administration witness to provide legal
perspective on these matters. Therefore, I will be following up
with the Department of Justice about these cases with a letter
to the Attorney General today.
The balance between protecting individual liberties and our
national security is a delicate one. Reasonable people can
disagree about precisely where that balance is best struck. I
probably do not agree 100 percent with any member of the two
panels of witnesses that we have with us today, including
Professor Cordero, whom I have invited to share her valuable
perspective as a lawyer with hands-on experience in the
intelligence community. But I welcome them all, and I am
pleased to hear their views as we consider various reforms to
FISA and related surveillance activities.
Something has come to my attention. Just yesterday there
were press reports of 70 percent of the intelligence community
being furloughed. I am concerned that if lawyers in the
intelligence community determine that 70 percent of their
employees are non-essential to the mission, which is a national
security mission, the number one responsibility of the Federal
Government, then the intelligence community either needs better
lawyers to make big changes to the workforce or are you
overemployed in those areas. I cannot believe that 70 percent
of the intelligence community is being furloughed and we are
still being able to meet our national security
responsibilities. So that concerns me very much, and maybe you
folks will touch on that.
Thank you, Mr. Chairman.
Chairman Leahy. Thank you. And, of course, as you know, we
had the Deputy Attorney General at our last hearing, and we had
the Deputy Attorney General at our closed-door hearing on this,
and we will be having the Justice Department testifying again.
Because we are limited in time here today, we kept to these two
witnesses.
Speaking of limitation of time, while this would be
unusual, Senator Lee----
Senator Grassley. Do you not want me to send my letter to
the Attorney General?
Chairman Leahy. Oh, you feel free to send it. You can send
anything you want. But we have had him here twice now on this
same subject, and I am sure we will be having him again. But,
Senator Lee, did you want to make a very short statement?
OPENING STATEMENT OF HON. MICHAEL S. LEE,
A U.S. SENATOR FROM THE STATE OF UTAH
Senator Lee. Yes, thank you, Mr. Chairman. I appreciate the
Chairman and the Ranking Member allowing me to speak very
briefly, as I have to leave for another Committee
responsibility.
Congress, of course, plays an important role when it comes
to overseeing our Nation's intelligence and surveillance
programs. We have to balance various competing interests, and
it is difficult. I just wanted to highlight a couple of
concerns that I am always looking out for.
Number one is the breadth of metadata collection pursuant
to Section 215 of the PATRIOT Act.
Number two, the potential for back-door searches of
information on Americans that is collected, you know, some
would argue indirectly, pursuant to Section 702 of the FISA
Amendments Act.
And, number three, the lack of transparency within the FISA
Court system.
I have worked with the Chairman in the past on legislation
to address each of these, and I look forward to working with
him in the future on these concerns.
Thank you very much.
Chairman Leahy. Thank you very much.
Our first witness is--incidentally, the most senior Member
on our side is the Chair of the Senate Intelligence Committee,
which helps us a great deal in this deliberation, and we will
also be joined later by Senator Durbin, who is the Chair of
Defense Appropriations, which handles much of the budget for
this.
Our first witness is James Clapper. He was sworn in as the
fourth Director of National Intelligence on August 9, 2010. He
served for 32 years in the United States Armed Forces, retired
in 1995. He was a lieutenant general in the Air Force. He
previously served as Under Secretary of Defense for
Intelligence and the head of the Defense Intelligence Agency.
Director, it is good to have you here. Please go ahead.
STATEMENT OF HON. JAMES R. CLAPPER, DIRECTOR
OF NATIONAL INTELLIGENCE, WASHINGTON, DC
Director Clapper. Chairman Leahy, Ranking Member Grassley,
and distinguished Members of the Committee, sir, if it is all
right with you, I would like to answer your question about the
impacts of the Government shutdown and furloughing our
civilians.
First, the legal standard against which we make decisions
about who is furloughed and who is not is--and this is quoting
from the law--``that which is necessary to protect against
imminent threat to life or property.'' And so our applying that
standard is what resulted across the board in furloughing
roughly 70 percent. I think that will change as this--if this
drags on, and we will make adjustments depending on what we see
as the ``potential imminent threats to life or property,'' to
quote the law.
I will tell you as to impacts, I have been in the
intelligence business for about 50 years. I have never seen
anything like this. From my view, I think, this on top of the
sequestration cuts that we are already taking, that this
seriously damages our ability to protect the safety and
security of this Nation and its citizens. I would commend to
you Senator Feinstein's superb statement yesterday on the floor
outlining her concerns, with which I completely agree. This
affects our ability--this is not just a Beltway issue. This
affects our global capability to support the military, to
support diplomacy, and to support our policymakers. And the
danger here is, of course, that this will accumulate over time.
The damage will be insidious. So each day that goes by, the
jeopardy increases.
This is a dreamland for foreign intelligence service to
recruit, particularly as our employees already, many of whom
are subject to furloughs driven by sequestration, are going to
have, I believe, even greater financial challenges. So we are
spending our time setting up counseling services for employees
to help them manage their finances. So from my standpoint, this
is extremely damaging, and it will increase so as this shutdown
drags on.
General Alexander, do you want to add anything to that?
General Alexander. I was going to do it at the end.
Director Clapper. Go ahead.
General Alexander. From our perspective, I would echo
everything that----
Chairman Leahy. Press the red button.
General Alexander. Technically challenged, Mr. Chairman.
From NSA's perspective, this has impacted us very hard. We
have an amazing workforce. When I look at what our folks are
capable of doing, we have over 960 Ph.D.s, over 4,000 computer
scientists, over 1,000 mathematicians. They are furloughed. Our
Nation needs people like this, and the way we treat them is to
tell them, ``You need to go home because we cannot afford to
pay you, we cannot make a deal here.''
From my perspective, the impact, what Director Clapper
points out is we went to the most specific threats against our
Nation. This does not apply to all the threats against our
Nation. We cannot cover all of those. So what we are doing is
we are taking the most significant counterterrorism and other
threats that we see and the support to our military forces in
Afghanistan and overseas, that is the priority in what we are
doing. That is the way the law has been interpreted, and that
is what we are doing. From my perspective, it has had a huge
impact on morale.
Director Clapper. So, sir, if you would like, we will go
into our statements on the subject of the hearing.
We do appreciate your having us today to talk about the way
ahead occasioned by the dramatic revelations about intelligence
collection programs since their unauthorized disclosure and
about the steps we are taking to make these programs more
transparent while still protecting our national security
interests.
I am joined today, of course, by the Director of the
National Security Agency, General Keith Alexander, and
following my brief statement, he will have an additional
statement.
We think this hearing is a key part of the discussion our
Nation needs about legislation that provides the intelligence
community with authorities both to collect critical foreign
intelligence and to protect privacy and civil liberties. We,
all of us in the intelligence community, are very much aware
that the recent unauthorized disclosures have raised serious
concerns both here in Congress and across the Nation about our
intelligence activities. We know that the public wants both to
understand how its intelligence community uses its special
tools and authorities and to judge whether we can be trusted to
use them appropriately.
We believe we have been lawful and that the rigorous
oversight we have operated under has been effective. So we
welcome this opportunity to make our case to the public.
As we engage in this discussion, I think it is also
important that our citizens know that the unauthorized
disclosures of the details of these programs has been extremely
damaging. From my vantage as DNI, these disclosures are
threatening to our ability to conduct intelligence and to keep
our country safe. There is no way to erase or make up for the
damage that we know has already been done, and we anticipate
even more as we continue our assessment as more revelations
occur.
Before these unauthorized disclosures, we were always
conservative about discussing the specifics of our collection
programs based on the truism that the more adversaries know
about what we are doing, the more they can avoid our
surveillance.
But the disclosures, for better or for worse, have lowered
the threshold for discussing these matters in public. So to the
degree that we can discuss them, we will. But this public
discussion should be based on an accurate understanding of the
intelligence community, who we are, what we do, and how we are
overseen.
In the last few months, the manner in which our activities
have been characterized has often been incomplete, inaccurate,
or misleading, or some combination thereof. I believe that most
Americans realize the intelligence community exists to collect
the vital intelligence that helps protect our Nation from
foreign threats. We focus on uncovering the secret plans and
intentions of our foreign adversaries, but what we do not do is
spy unlawfully on Americans or, for that matter, spy
indiscriminately on the citizens of any country. We only spy
for valid foreign intelligence purposes as authorized by law,
with multiple layers of oversight to ensure we do not abuse our
authorities.
Unfortunately, this reality has sometimes been obscured in
the current debate, and for some this has led, as you alluded,
to an erosion of trust in the intelligence community. And we do
understand the concerns on the part of the public.
I am a Vietnam veteran, and I remember as congressional
investigations of the 1970s later disclosed--and I was in the
intelligence community then--that some intelligence programs
were carried out for domestic political purposes without proper
legal oversight or authorization. But having lived through that
as a part of the intelligence community, I can now assure the
American people the intelligence community today is not like
that. We operate within a robust framework of strict rules and
rigorous oversight involving all three branches of the
Government.
Another useful historical perspective, at least I think, is
that during the Cold War, the Free World and the Soviet Bloc
had mutually exclusive telecommunications systems which made
foreign collection a lot easier to distinguish. Now world
telecommunications are unified. Intertwined with hundreds of
millions of innocent people conducting billions of innocent
transactions are a much smaller number of nefarious adversaries
who are trying to do harm on the very same network using the
very same technologies. So our challenge is to distinguish very
precisely between these two groups of communicants. If we had
an alarm bell that went off whenever one terrorist communicated
with another terrorist, our jobs would certainly be a lot
easier. But that capability just does not exist in the world of
technology today.
Over the past 3 months, I have declassified and publicly
released a series of documents related to both Section 215 of
the PATRIOT Act and Section 702 of the Foreign Intelligence
Surveillance Act, or FISA. We did that to facilitate informed
public debate about the important intelligence collection
programs that operate under these authorities. We felt that, in
light of the unauthorized disclosures, the public interest in
these documents far outweighed the potential additional damage
to national security. These documents let our citizens see the
seriousness, thoroughness, and rigor with which the FISA Court
exercises its responsibilities.
They also reflect the intelligence community's,
particularly NSA's, commitment to uncovering, reporting, and
correcting any compliance matters that occur. However, even in
these documents, we have had to redact certain information to
protect sensitive sources and methods, such as particular
targets of surveillance. But we will continue to declassify
more. That is what the American people want. It is what the
President has asked us to do. And I personally believe it is
the only way we can reassure our citizens that their
intelligence community is using its tools and authorities
appropriately and legitimately.
The rules and oversight that govern us ensure we do what
the American people want us to do, which is to protect our
Nation's security and our people's liberties. So I will repeat:
We do not spy on anyone except for valid foreign intelligence
purposes, and we only work within the law.
On occasion, we have made mistakes, some quite significant.
But these are usually caused by human error or technical
problems. And whenever we have found such mistakes, we have
reported, addressed, and corrected them.
The National Security Agency specifically, as part of the
intelligence community broadly, is an honorable institution.
The men and women who do this sensitive work are honorable
people dedicated to conducting their mission lawfully and are
appalled by any wrongdoing. They, too, are citizens of this
Nation who care just as much about privacy and constitutional
rights as the rest of us. They should be commended for their
crucial, important work in protecting the people of this
country, which has been made all the more difficult by this
torrent of unauthorized damaging disclosures.
That all said, we in the intelligence community stand ready
to work in partnership with you to adjust foreign surveillance
authorities to further protect our privacy and civil liberties,
and I think there are some principles we agree on:
One, we must always protect our sources, methods, targets,
partners, and liaison relationship.
Second, we must do a better job in helping the American
people understand what we do, why we do it, and, most
importantly, the rigorous oversight that helps ensure that we
do it correctly.
And, three, we must take every opportunity to demonstrate
our commitment to respecting the civil liberties and privacy of
every American. But we also have to remain mindful of the
potentially negative long-term impact of overcorrecting the
authorizations granted to the intelligence community.
As Americans, we face an unending array of threats to our
way of life, a more diverse array of threats than I have seen
in my 50 years in intelligence. And I believe we need to
sustain our ability to detect these threats. We welcome a
balanced discussion about national security and civil
liberties. It is not an either/or situation. We need to
continue to protect both.
Let me turn now to General Alexander.
[The prepared statement of Mr. Clapper appears as a
submission for the record.]
Chairman Leahy. General Alexander serves the Director of
the National Security Agency and the head of U.S. Cyber
Command. He has testified before us both in open and closed
sessions of this Committee and, of course, continuously in the
Intelligence Committee.
General, go ahead.
STATEMENT OF HON. KEITH B. ALEXANDER, DIRECTOR, NATIONAL
SECURITY AGENCY, FORT MEADE, MARYLAND
General Alexander. Chairman Leahy, Ranking Member Grassley,
distinguished Members of the Committee, thank you for the
opportunity to provide opening remarks.
I am privileged today to represent the dedicated
professionals at the National Security Agency who employ the
authorities provided by Congress, the Federal courts, and the
executive branch to help protect the Nation and protect our
civil liberties and privacy.
If we are to have an honest debate about how NSA conducts
its business, we need to step away from sensationalized
headlines and focus on facts.
Our mission is defend the Nation and to protect our civil
liberties and privacy. Ben Wittes from the Brookings
Institution said about the media leaks and specifically about
these two FISA programs: ``Shameful as it is that these
documents were leaked, they actually should give the public
great confidence in both NSA's internal oversight mechanisms
and in the executive and judicial oversight mechanisms outside
the Agency. They show no evidence of any intentional spying on
Americans or abuse of civil liberties. They show a low rate of
the sort of errors any complex system of technical collection
will inevitably yield. They show robust compliance procedures
on the part of the NSA. And they show an earnest, ongoing
dialogue with the FISA Court over the parameters of the
Agency's legal authority and a commitment both to keeping the
Court informed of activities and to complying with its
judgments on their legality.''
Today I would like to discuss the facts and specifically
address:
Who we are in terms of both our mission and our people;
What we do: adapt to technology and the threat; take
direction from political leadership; operate strictly within
the law and consistent with explicit intelligence priorities;
and ensure compliance with all constraints imposed by our
authorities and internal procedures;
What we have accomplished specifically for our country with
the tools we have been authorized; and,
Where do we go from here?
First, who we are, our mission. NSA is a foreign
intelligence agency with two missions: We collect foreign
intelligence of national security interest, and we protect
certain sensitive information and U.S. networks--all this while
protecting our civil liberties and privacy.
NSA contributes to the security of our Nation, its Armed
Forces, and our allies.
NSA accomplishes this mission, while protecting civil
liberties and privacy, because the Constitution we are sworn to
protect and defend makes no allowances to trade one for the
other.
NSA operates squarely within the authorities granted by the
president, Congress, and the courts.
Who we are: our people.
I am proud of what NSA does and more proud of our people.
The National Security Agency employees take an oath to
protect and defend the Constitution of the United States.
They have devoted themselves to protecting our Nation.
Just like you, they will never forget the moment terrorists
killed 2,996 Americans in New York, Pennsylvania, and the
Pentagon.
They witnessed the first responders' efforts to save lives.
They saw the military shift to a wartime footing. They
committed themselves to ensuring that another 9/11 would never
happen and our deployed forces would return home.
In fact, they deploy with our Armed Forces into areas of
hostility.
More than 6,000 have deployed in support of operations in
Iraq and Afghanistan; 22 have paid the ultimate sacrifice since
9/11--sadly, adding to a list of NSA/CSS personnel numbering
over 170 killed in the line of duty since our formation in
1952.
Theirs is a noble cause.
NSA prides itself on its highly skilled workforce: We are
the largest employer of mathematicians--1,013; 966 Ph.D.s and
4,374 computer scientists; linguists in more than 120
languages; more patents than any other intelligence community
agency and most businesses. They are also Americans, and they
take their civil liberties and privacy seriously.
What we do: adapt to technology.
Today's telecommunications system is literally one of the
most complex systems ever devised by mankind.
The fact that over 2.5 billion people all connect and
communicate across a common infrastructure is a tribute to the
ingenuity of mankind. The stark reality is that terrorists,
criminals, and adversaries make use of the same infrastructure.
Terrorists and other foreign adversaries hide in the same
global network, use the same communications networks as
everyone else, and take advantage of familiar services: Gmail,
Facebook, Twitter, et cetera. Technology has made it easy for
them.
We must develop and apply the best analytic tools to
succeed at our mission, finding the communications of
adversaries while protecting those of innocent people,
regardless of their nationality.
What we do: We take direction from political leadership.
NSA's direction comes from national security needs, as
defined by the Nation's senior leaders.
NSA does not decide what topics to collect and analyze.
NSA's collection and analysis is driven by the National
Intelligence Priorities Framework and received in formal
tasking.
We do understand that electronic surveillance capabilities
are powerful tools in the hands of the state. That is why we
have extensive mandatory internal training, automated checks,
and an extensive regime of both internal and external
oversight.
What we do: We use lawful programs and tools to do our
mission.
The authorities we have been granted and the capabilities
we have developed help keep our Nation safe.
Since 9/11 we have disrupted terrorist attacks at home and
abroad using capabilities informed by the lessons of 9/11.
The Business Records FISA program, NSA's implementation of
Section 215 of the PATRIOT Act, focuses on defending the
homeland by linking the foreign and domestic threats.
Section 702 of FISA focuses on acquiring foreign
intelligence, including critical information concerning
international terrorist organizations, by targeting non-U.S.
persons who are reasonably believed to be located outside the
United States.
NSA also operates under other sections of the FISA statute
in accordance with the law's provisions.
It is important to remember that in order to target a U.S.
person anywhere in the world under the FISA statute, we are
required to obtain a court order based on a probable cause
showing that the prospective target of the surveillance is a
foreign power or agent of a foreign power.
NSA conducts the majority of its SIGINT activities solely
pursuant to the authority provided by Executive Order 12333.
As I have said before, these authorities and capabilities
are powerful; we take this responsibility seriously.
We ensure compliance.
We stood up a Directorate of Compliance in 2009 and
repeatedly train our entire workforce in privacy protections
and the proper use of capabilities.
We do make mistakes. The vast majority of the compliance
incidents reflect the challenge of implementing very specific
rules in the context of ever-changing technology.
Compliance incidents, with very rare exception, are
unintentional and reflect the sort of errors that will occur in
any complex system of technical activity.
The press claimed evidence of ``thousands of privacy
violations.''
This is false and misleading.
According to NSA's independent Inspector General--and the
Vice Chairman brought up the 12 cases, so I will just go
through that quickly. There were 12 cases of willful violation.
All of those were under Executive Order 12333. None of those
were in the Business Records FISA or under FAA 702.
We hold ourselves accountable every day.
Most of these targets involved improper tasking or querying
regarding foreign persons in foreign places.
I am not aware of any intentional or willful violations of
the FISA statute.
Of the 2,776 incidents noted in the press from one of our
leaked annual compliance reports, about 75 percent are not
violations of approved procedures at all but, rather, NSA's
detection of valid foreign targets that travel to the U.S. and
a record that NSA stopped collecting, in accordance with the
rules. We called those ``roamers,'' and I mispronounced that in
one of the things, and it came out as ``rumors,'' but it is
``roamers.''
Let me also start to clear the air on actual compliance
incidents.
The vast majority of the actual compliance incidents
involve foreign locations and foreign activities, as our
activities are regulated by specific rules wherever they occur.
For the smaller number that did involve a U.S. person, a
typical incident involves a person overseas involved with a
foreign organization who is subsequently determined to be a
U.S. person. All initial indications and research before
collection point the other way, but NSA constantly reevaluates
indications.
NSA detects and corrects and, in most cases, does so before
any information is ever obtained, used, or shared outside NSA.
Despite the difference, between willful and not, we treat
incidents the same: We detect, we address, we remediate,
including removing or purging information from our databases in
accordance with the rules. And we report.
We hold ourselves accountable and keep others informed so
they can do the same.
On NSA's compliance regime, Ben Wittes said, at last
Friday's Intelligence Committee hearing: ``But one thing we
have learned an enormous amount about is the compliance
procedures that NSA uses. They are remarkable. They are
detailed. They produce data streams that are extremely
telling--and, to my mind, deeply reassuring.''
We welcome an ongoing discussion about how the public can,
going forward, have increased information about NSA's
compliance program.
[The prepared statement of General Alexander appears as a
submission for the record.]
Chairman Leahy. Well, then, let us go into that discussion,
because both of you have raised concerns that the media reports
about the Government surveillance programs have been
incomplete, inaccurate, misleading, or some combination of
that. But I worry that we are still getting inaccurate and
incomplete statements from the administration.
For example, we have heard over and over again the
assertion that 54 terrorist plots were thwarted by the use of
Section 215 and/or Section 702 authorities. That is plainly
wrong. But we still get it in letters to Members of Congress;
we get it in statements. These were not all plots and they were
not all thwarted. The American people are getting left with the
inaccurate impression of the effectiveness of NSA programs.
Would you agree that the 54 cases that keep getting cited
by the administration were not all plots and, of the 54, only
13 had some nexus to the U.S.? Would you agree with that--yes
or no?
General Alexander. Yes.
Chairman Leahy. Okay. At our last hearing, Deputy Director
Inglis' testimony stated that there is only really one example
of a case where but for the use of Section 215 bulk phone
records collection, terrorist activity was stopped. Was Mr.
Inglis right?
General Alexander. He was right. I believe he said two,
Chairman. I may have that wrong, but I think he said two. And I
would like to point out that it could only have applied in 13
of the cases because of the 54 terrorist plots or events, only
13 occurred in the U.S. Business Records FISA was only used in
12.
Chairman Leahy. I understand that. But what I worry about
is that some of these statements that all is well and we have
these overstatements of what is going on, we are talking about
massive, massive, massive collection. We are told we have to do
that to protect us. And then statistics are rolled out, and if
they are not accurate, it does not help with the credibility
here in the Congress, it does not help with the credibility
with this Chairman, and it does not help with the credibility
with the country.
And both of you feel free to answer this next one. This
past weekend--I mentioned The New York Times article. When I
read that, I see them reporting that for the past several years
the NSA has been analyzing social networks, including those of
Americans, using communications metadata as well as location
information, tax records, voter registration records, and more.
Like many of us who have access to classified briefings, we
sometimes find we get far more in a newspaper--and we get a
crossword puzzle, too, but we get more in the newspapers than
we do in the classified briefings that you give us. According
to the article, it reportedly allowed the NSA to graph the
interactions of associates and locations of Americans.
Now, if it is accurate, it appears to contradict earlier
representations that the NSA does not compile dossiers or files
on the American people.
Is the NSA compiling profiles or dossiers on American
people through the use of its intelligence authorities?
Gentlemen, either one of you.
Director Clapper. Let me comment first on the value of
Section 215, where I think, unfortunately--and we may be part
guilty of this--the only metric used is plots foiled. I think
there is another metric here that is a very important use for
Section 215. I would call it the ``peace of mind metric.''
In the case of the Boston Marathon bomber, we were using
these tools and we were able to check out whether there was or
was not a subsequent plot involving New York City.
In the case of the AQAP threat this summer that occasioned
the closure of several diplomatic facilities in the Mideast.
There were a number of selectors that emerged from our
collection overseas that pointed to the United States. Each one
of them was checked out and was found not to be relevant to a
domestic aspect of a terrorist plot.
Chairman Leahy. Mr. Clapper, we will certainly give you
time to add to that, if you like, but could you go back to my
question? Is the NSA compiling profiles or dossiers on the
American people through the use of its intelligence
authorities?
Director Clapper. In every case, for valid foreign
intelligence purposes, let me go to General Alexander.
General Alexander. Those reports are inaccurate and wrong.
Chairman Leahy. So The New York Times is wrong in its
article?
General Alexander. Absolutely. Here are the facts. What
they have taken is the fact that we do take data to enrich it.
What is not in front of those statements is the word
``foreign,'' foreign information to understand what the foreign
nexus is of a problem set that we are looking at. How do you
know what an individual is, a terrorist, without having any
data to enrich it, with just a number? In the foreign space, we
need that.
The Supplemental Procedures and Guidelines Governing
Communications Metadata Analysis, the SPCMA article that this
was about, allows NSA to not just stop when we are tracking a
terrorist if we hit a U.S. number, which is what we used to
have to do. It allows us to go back and see where that goes and
where it comes into or out of the country and what are the
problems outside the country----
Chairman Leahy. Which authority are you using for this
analysis? First off, I just want to make sure I understand. You
are saying The New York Times is flat-out wrong in their
article.
General Alexander. I am saying they are flat-out wrong
saying that we are creating dossiers on American----
Chairman Leahy. Are you going into social networks?
General Alexander. No. Here is what we----
Chairman Leahy. Okay. What, if anything, is accurate in The
New York Times article?
General Alexander. The accuracy is the Secretary of Defense
and the Attorney General did approve the Supplemental
Procedures Governing Communications Metadata Analysis in 2009.
What that allows us to do is use metadata that we have acquired
under Executive Order 12333 in chain, whether it is phone
records or emails, through U.S. selectors to figure out social
networks abroad.
I will tell you that there are cases----
Chairman Leahy. That 2009 order is still being used?
General Alexander. That is correct. But there are cases--I
need to clarify because I want to make sure this is 100 percent
accurate. There are cases where the FBI might start a terrorist
threat here in the United States. If there is a terrorist
threat in the United States and they get a warrant to go after
that or a FISA, then we can use SPCMA to go after that. We can
use this to look at hostages overseas, U.S. hostages. We can
look at this to track industries, because U.S. companies are
also considered U.S. persons under this law, that are the
targets of terrorist communications.
What we are not doing: We are not creating social networks
on our families. We are not doing that. And the insinuation
that we are doing that is flat wrong. And I take exception to
them taking a classified document that dealt with foreign, not
understanding it and saying therefore it must apply to----
Chairman Leahy. You told The Times this?
General Alexander. Chairman?
Chairman Leahy. Have you made this complaint or responded
to The New York Times on this?
General Alexander. Yes. I think the issue is, you know,
here they have all these documents that they are trying to leak
out without having the understanding. We did give them
insights. They did not take all the data. I do not know what
and why. I do not----
Chairman Leahy. What you are doing, is it being reviewed by
the FISA Court?
General Alexander. Not in all cases. Some of these cases
that deal with Executive Order 12333 are not reviewed by the
FISA Court. Those that would fall under the Business Records
215, 702, -3, and -4 would be. So these would not be reviewed,
but they are reviewed by the administration, and they are
audited by our people.
Chairman Leahy. My time is up. You have raised more----
Senator Grassley. I think you ought to take more time. This
transparency--because one of the problems we have with this
program, there is not enough transparency.
Chairman Leahy. Thank you. You know, I worry--you say it is
Executive authority, not FISA Court authority. Does anybody
have oversight other than the executive branch?
General Alexander. Well, Congress, too. And let me----
Chairman Leahy. Has this been reported to the Congress----
General Alexander. They get all----
Chairman Leahy [continuing]. Either of the Intelligence
Committees?
General Alexander. I believe both of these have, and I
would have to go back and check, but both of these have gone to
the Committee. I think you have both of these. And, Chairman,
you bring out a good point, and for the complete transparency,
Chairman, you brought out a good question, and if I could, I
think this will help greatly.
The issue that we have here is how do you use metadata,
which is the least intrusive, to understand a problem that our
Nation could face. That is the Business Records. And so we use
that globally, and sometimes it touches the United States.
Chairman Leahy. Well, metadata, you say the least
intrusive. Many might think it is the most intrusive, and I
will tell you why. And I realize there is a lot of metadata
going on. We shop at the grocery store; you use your grocery
store credit card; the ads you are going to get are going to be
different if you are buying things for young children or if you
are buying a nice bottle of wine. We all understand that.
But do you understand the concern as more and more things
come out, when it turns out, for example, the NSA, some
members--and I realize not by authority--were checking their
love interests through using the tools of NSA. You know,
Americans like their privacy. They like their security, but
they like their privacy, too. And you understand the concern
that we are getting. Simply following the metadata, a lot of
people think if they are on social media and whatnot that there
is some expectation of privacy, less obviously but some.
General Alexander. So I do agree, Chairman, but I think the
differentiation that I make in terms of metadata for these
purposes is the phone numbers to-from or the email addressed
to-from. And the issue that I think we face in trying to figure
out where we take this legislation is how do we do this in such
a way that we can ensure the American people know that we are
doing it exactly right and protect the Nation?
From my perspective, what we have done is set up two
things. We have put this database, with tremendous oversight--
this has more oversight than any program in Government--the
courts, the administration, and Congress, and our IGs and
everyone. And every time we make a mistake, we self-report. Why
do we need it? And General Clapper brought out a great point.
It is the start. It does not necessarily lead us to the end. It
tells us you need to look more here. Oftentimes we give that to
the FBI.
Now, yes, the FBI and we need to do better work in keeping
the metrics of what resulted from that. But, in addition, it
helps us looking overseas to say why is that person important
and how do we tell you if this is a real threat or something
that we should ignore. This summer, this was huge for us.
Chairman Leahy. I will come back to some of my skepticism.
One other thing. We have tried to make sure that it is kept--an
issue like this, I want to try to maintain the bipartisan
nature, and I want to thank Senator Grassley because he
expressed some of these concerns. And while he would normally
go next, the Chair of the Senate Intelligence Committee has to
leave for another meeting, so he has yielded to her.
Senator Feinstein. Thank you.
Chairman Leahy. Chuck, I appreciate that.
Senator Feinstein. Thank you very much. I appreciate that.
Chairman Leahy. I am stepping out for a phone call, and I
will be right back.
Senator Feinstein [presiding]. Thank you, Mr. Chairman.
I want to use my time to say something to my colleagues. I
believe maybe only Senator Hatch was on the Intelligence
Committee in 2001. In mid-year, the DCI, whose name was George
Tenet, came in to meet with us, and what he said was that he
predicted that within 3 months there would likely be an attack
on this country. He did not know what. He did not know when. He
did not know how. As a matter of fact, I went on CNN on July 1,
2001, and said this: ``There is a major possibility of a
terrorist incident within the next 3 months.'' That is a direct
quote from what I said.
Then something took place which I thought could never take
place in this country, and that is 9/11. I never believed there
could be training schools for pilots who would teach people how
to fly but not to land in this country. I never thought our
visa system was so weak that they could admit terrorists to
this country. But I was totally wrong.
The event happened, and it was catastrophic--for people,
for this Nation, for our standing, but most importantly,
because of the death and destruction that it brought about this
country.
And then we learned that there were stovepipes and our
intelligence was inadequate and we could not collect enough
data. And then we learned that there was a man by the name of
Khalid al-Mihdhar, one of the group in San Diego. I believe
that if this were to happen again with this program and other
programs working in combination, we have an opportunity to pick
that up. Absent these kinds of technological programs, we do
not have an opportunity to pick that up.
This is a very hard culture to meet with human
intelligence. It is a different culture. The language is
different. There are many dialects. The groups are tight. It is
very difficult to permeate them.
So our great strength today, ladies and gentlemen, in
protecting this homeland is to be able to have the kind of
technology that is able to piece together data while protecting
rights. I listened to this program being described as a
surveillance program. It is not. There is no content collected
by the NSA. There are bits of data--location, telephone
numbers--that can be queried when there is reasonable,
articulable suspicion. If it looks like it is something for an
individual in this country, it then goes to the FBI for a
probable cause warrant, and a full investigation takes place.
I so regret what is happening. I will do everything I can
to prevent this program from being canceled out. There is going
to be a bill in my Committee to do it. There is a bill in this
Committee to do it. And, unfortunately, very few of us sat on
that Committee when George Tenet came in in June 2001 and said,
``We anticipate a strike, but we do not know what, we do not
know where, we do not know when.'' That can never be allowed to
happen in the United States of America again. And that is the
basis for this program. It is legal. We are looking at
increased transparency. We are looking to make some changes in
it. But we are not looking to destroy it. To destroy it is to
make this Nation more vulnerable.
I just wanted to say that. I had to say it. Thank you.
Senator.
Senator Grassley. Go ahead with your questions.
Senator Feinstein. Pardon me?
Senator Grassley. Do you have any questions?
Senator Feinstein. I do not have any questions. Thank you.
Senator Grassley. Let me make clear something I said to the
Chairman to keep asking his questions, because we need more
transparency. I do not know exactly how much transparency we
ought to have. You folks know that. I do not know your
business. Your number one responsibility is protecting our
national security. But whatever that balance is between
security and transparency, we ought to have it, because I
firmly believe that a lot of these issues that Senator
Feinstein wants to protect would not be coming up if more had
been told about it over the last few years. I do not think the
impact of Mr. Snowden would have--well, I do not want to
comment on that. But, anyway, I think that in our system,
transparency brings accountability.
I am going to start out where I left off, and it is not an
accusation against the intelligence community if the
information is accurate. I am going to ask a question, but
before you want to answer it, I want to tell you why I am
cynical about these statements about what sequestration and
what the shutdown will do that you made and other people have
made, and that comes yesterday with the closing down of the
World War II Monument. We had World War II veterans coming in
on honor flights, and they had barricades around something that
I will bet 24/7/365 I could walk into that any time. And so the
show of putting barriers around because of a shutdown and
spending all the money to do it and then to have every other
department talk about shutdowns causes me to be a little
cynical.
Now, I am not putting your work in the same category as the
Park Service. Do not read me wrong. But if, in fact, 70 percent
of the intelligence community is now furloughed, if that is
true, is that an honest assessment that these employees are
non-essential? I am concerned that if your lawyers have
determined that 70 percent of your employees are non-essential
to your mission, then you either need better lawyers or you
need to make big changes to your workforce.
Can you tell me whether those reports are accurate or not?
Director Clapper. Well, first of all, sir, we do not
consider any of our employees non-essential. But for purposes
of this law, the criterion is ``necessary to protect against
imminent threat to life or property,'' so that causes us to
make some very, very painful choices about who we keep on and
who we except.
I would comment on your commentary about the monument
closures, and that precisely illustrates the challenge we have
in intelligence on conveying the impacts of these cuts, because
obviously people see the impact of closing public parks.
In the case of intelligence, it is insidious. So
capabilities that we degrade today or give up, we may not see
the impact of those for weeks or months or for an extended
period. Much harder to rationalize. But I do not want any doubt
about the necessity--the importance of all of our employees.
And as I said earlier, as each day goes by, the impact and
the jeopardy to the safety and security of this country will
increase.
Senator Grassley. General Alexander, my first question.
FISA Court opinions show that there were significant problems
implementing 215 phone records that were discovered in 2009,
showing that the NSA was inadvertently assessing the phone
record metadata without required reasonable and articulable
connection to terrorism. Those problems were apparently not
resolved with the Court until late that year.
Since then, I understand that every query of the metadata
is audited by the Department of Justice, and any compliance
issues must be reported immediately to the FISA Court.
My first question: Precisely when did the Department begin
auditing every query of the metadata? Since then, has the
Department determined on any occasion that the reasonable and
articulable suspicion standard was not followed?
General Alexander. So I know of--first I will answer the
second first and walk backward. I know of no cases where we
have not followed the reasonable, articulable suspicion
standard, and it has always been auditable since the inception
of the program. But the issue you bring out, if I could just
take 1 minute on that, because we did make a mistake.
The way we do analysis on the foreign intelligence that we
collect was to set up what we called an ``alert list,'' and
that alert list would run against the data that comes in and
tell us if there was something on a terrorist that--these alert
lists were terrorist numbers that we were tracking. What we had
not done is reasonable, articulable suspicion on all terrorist
numbers. What we were using it for is to say there is a lot of
activity on this number, you ought to go do reasonable,
articulable suspicion so you can look into the data.
It was a discrepancy between our technical folks who set it
up and our legal folks. And we did it wrong, and we
misrepresented it to the Court several times in subsequent
procedures of renewals.
That drove us to set up a Directorate of Compliance that
would actually look at the technical side and the legal side
and make sure we cross-walked this 100 percent. And I think
that has been successful, and that is something that we worked
with both the Intel Committees and the White House.
Senator Grassley. Second to you, how does the NSA handle
instances when a phone number may have been connected to a
terrorist group in the past, but NSA knows it is no longer
associated with that group? Is there a mechanism so that a
query of the metadata can be done that is limited only against
the records for certain time periods?
General Alexander. I am not sure I understand this all the
way, but let me see if I have got it right. The answer is if a
number changes from Person A to Person B over the life of it,
how do we adapt to that? That is a difficult technical issue
and one that our analysts have to look at, because what you
would actually get is two sets of called people. Senator
Sessions has one set of people he talks to. You have a
different set. What you would see is those sets come together
in different times. And the answer is, yes, our analysts can
actually delete the second part and say those are of no
interest, I am only looking at this first part, because part of
the Business Records FISA does have a date-time group, a
duration of call, and the to-and-from number.
Senator Grassley. I would like to follow up with Mr.
Clapper on my first question. Does America remain safe even
with the shutdown?
Director Clapper. I have to qualify that, sir. I do not
feel that I can make such a guarantee to the American people,
and it would be much more difficult to make such a guarantee as
each day of the shutdown goes by. I am very concerned about the
jeopardy of the country because of this.
Senator Grassley. Can I have one more question?
Chairman Leahy. Of course. I just want to make sure I--what
you are saying is, it becomes cumulative? You are saying the
danger and threat become cumulative?
Director Clapper. Yes, sir.
Chairman Leahy. Thank you.
Senator Grassley. General Alexander, I hope you are
familiar with the Inspector General's letter to me in which he
provides certain details about 12 documented instances of NSA
employees intentionally or willfully abusing their surveillance
authority. The details in it are alarming to me, so I have a
follow-up question.
I noticed that almost all of these cases involved NSA
employees stationed abroad. Does that suggest to you that the
mechanism to catch this kind of conduct at your domestic
facilities are somewhat insufficient? And what else could
account for the disparity?
General Alexander. So it is much more difficult to track a
foreign number and understand when somebody is doing something
on a foreign number that is inappropriate. Those can oftentimes
be misleading statements by the analyst saying, ``I am looking
at this for A,'' and actually it is a girlfriend.
In the United States, it is different. Against a U.S.
number or against an email address, those are flagged, and the
system automatically sees that you are doing something against
a U.S. person and the auditing procedures come in right away.
Against a foreign number overseas, you do not get those
flags, but it is an extremely important point to note that even
on a foreign person, if we make a mistake, we hold our people
accountable. There is no call for that. It is supposed to be
against a foreign intelligence purpose, and you saw the outcome
of those 12 cases, what happened in each one in that letter
that the Inspector General sent to you.
Senator Grassley. One follow-up: One of the pieces of
information I asked the Inspector General for was the law or
legal authority that the employee violated. As I read the
response, none of these 12 cases involved either the phone
records collection program under 215 or the collection program
under 702. Is that correct?
General Alexander. That is correct, Senator. And if I
could, also it is important to note this was over a decade.
This went from 2003 forward. And, you know, when you look at
the number of casualties we had in Iraq, seven of those people,
as you know, were NSA, of those 12. When you look at it, you
are 3 times more likely to die defending our country in Iraq or
Afghanistan than committing a willful and knowing violation
against a foreign or U.S. person.
Senator Grassley. My last question on this is for Mr.
Clapper. If you cannot tell us that America is safe, why then
do you not simply use your authority to furlough fewer
employees?
Director Clapper. Sir, we are going to look at that. In
fact, we are going to do it every day to see where we need to--
what is the right talent set or analytic expertise that we
need. We are doing that as we speak. So I anticipate, if this
thing drags out, that we will make adjustments and probably
recall more people, particularly in NSA's case, since they have
a heavy military population which are not furloughed. So early
on, NSA has kept--has excepted a very low percentage of its
civilian employees. I am confident--I am sure that over time
that condition cannot continue.
Chairman Leahy. Unfortunately--one, I happen to agree with
you, Director, what you say. Unfortunately, we have a law
passed in the 1800s that is creating a real problem on the
furloughing. It was passed at a time when nobody could have
anticipated either the size of the Government or the complexity
of Government, but it is tying your hands.
Senator Whitehouse.
Senator Whitehouse. Thank you, Chairman. Welcome,
gentlemen.
We have identified terrorist threats to our country
overseas. Correct?
General Alexander. Correct.
Senator Whitehouse. And we track their electronic
communications. Correct?
General Alexander. Correct, Senator.
Senator Whitehouse. Is it important to know who they may be
in touch with within the United States, those terrorist threats
that are overseas?
General Alexander. Yes, it is.
Senator Whitehouse. And they might be using intermediaries
or cutouts between the principal that they are trying to reach
and themselves. Correct?
General Alexander. That is correct.
Senator Whitehouse. That would be Tradecraft 101. Correct?
So records of call and email connections are necessary to allow
you to look for those networks. Correct?
General Alexander. That is correct.
Senator Whitehouse. Now, in the call and email connections
are information that has for decades been declared by courts
and demonstrated by law enforcement practice throughout this
country to be not within the warrant requirement of the Fourth
Amendment to the United States Constitution. Correct?
Director Clapper. Correct.
Senator Whitehouse. So the program is legal, but it risks
abuse.
Director Clapper. You are right.
Senator Whitehouse. You concede to that. Could you
describe--and if you want to fill this out with a request for
the record, an answer for the record--the various oversight
mechanisms and bodies whose job it is to assure that this
program is kept within bounds that protect the privacy needs of
American citizens?
Director Clapper. Well, yes, sir. First, as General
Alexander described----
Senator Whitehouse. How many committees of Congress, for
instance, have oversight over the metadata program?
Director Clapper. Well, certainly the two intelligence
committees do, and I think this Committee as well.
Senator Whitehouse. And here we are, so here is another
one, and presumably House Judiciary Committee and subcommittees
as well----
Director Clapper. Right, four.
Senator Whitehouse [continuing]. That are relevant,
presumably. Correct?
Director Clapper. Yes, sir.
Senator Whitehouse. The Subcommittee on Crime and Terrorism
would have jurisdiction?
Director Clapper. Could.
Senator Whitehouse. How many Inspectors General have----
Director Clapper. Well, the NSA Inspector General
certainly; my Inspector General, who was Senate confirmed,
does. So starting with the level of NSA itself, with the
Director of Compliance that was set up in 2009 and,
additionally, before shutdown, 300 compliance officers whose
exclusive duty is to oversee the legal and technical aspects of
this. That in turn is overseen by my office and the Attorney
General as well as, of course, the FISA Court, which oversees
these processes, as well, of course, as----
Senator Whitehouse. Civil Liberties Advisory Boards?
Director Clapper. I am sorry?
Senator Whitehouse. Do you have Civil Liberties Advisory
Boards?
Director Clapper. I do. There is a Civil Liberties and
Privacy Board, although I need to mention that is only for
counterterrorism purposes. I have by law also a Privacy and
Civil Liberties officer whose full-time job is to serve as the
conscience for the entire IC on----
Senator Whitehouse. If I could ask you just to fill--there
is a lot, and if you could--I will make these questions for the
record, if you could get that back, because I do not think
there has been a clear and simple exposition of what all the
different oversight mechanisms are, and I would like to get
that for the record.
I am concerned that in the wake of the Snowden incident--
let me put it this way: It is not clear to me that any legal
redress is being considered or sought against either Dell or
Booz Allen Hamilton, the employers of Snowden at the time that
he committed his unauthorized release of classified
information. I do not have the information before me to make a
detailed analysis of whether the basic doctrine of respondeat
superior would apply, which makes the employer liable if the
agent acted within the course and scope of his employment or
whether this would be an ultra vires act of some kind. But my
concern is that there--I am not aware of even any conversation
about that. And as we have seen from classified programs in the
past, there is a danger that the private contractors managing
the program begin to wag the dog and that we become so
dependent on our private contractors that we cannot seek legal
redress for their misdeeds because, frankly, they are now the
ones who we depend on to the extent that we cannot use the
authorities that are pertinent to us as customers.
General Alexander. Senator, when this incident broke, I
flew out to Hawaii with some of our folks and talked to the
people that were involved, including the contracting officer
representatives, past and present, and what we had done and
working with our folks on this.
I will tell you that one of the contracting officer
representatives did exactly what you would expect her to do.
When asked to get access to some of this, she denied it to
Snowden formally. He worked around that, those procedures. But
I think you can see that those things--so we have asked our
folks to look at this. We do have that question from you, and I
would like to take that for the record, if I could, to get you
the answer.
Senator Whitehouse. Good. I just want to make sure that
they are not too big to sue.
General Alexander. Right.
[The information referred to appears as a submission for
the record.]
Chairman Leahy. Thank you, Senator Whitehouse. You have
asked the question I want to emphasize. I am very interested in
that answer, too.
Senator Hatch is gone. Senator Sessions. Sorry. One of the
problems of a broken rib, it is harder to turn around and check
on you, but, Senator Sessions, go ahead.
Senator Sessions. Thank you. This is an important hearing,
and I thank you all. I would just note that the House has
repeatedly passed funding, Director Clapper, to restore the
Defense Department and not allow the sequester cuts to occur.
And I hope you have not forgotten the way to 1600 Pennsylvania
Avenue. I believe the Commander-in-Chief has a responsibility
here, too, and the law, the Budget Control Act, of which
sequester was a part, required us to maintain a certain level.
Whole agencies and departments have gotten zero cuts and
Defense has gotten too much, in my opinion. The House has tried
to reconcile that, and I hope somehow we can soon alleviate
some of the stress on the Defense Department and the
intelligence community.
So, number one, I visited NSA, General Alexander, and I was
so impressed with the leadership there and the people I met,
and I have said that publicly. So I was deeply disappointed--
hurt, really--to hear that somebody had looked at their
girlfriend's messages and that kind of thing. Are you saying
that all of that was abroad first?
General Alexander. Senator, nine of those were abroad,
three were CONUS but involved persons abroad on two of those,
and one was on a spouse or girlfriend----
Senator Sessions. Well, there is a great temptation there.
I trust that you stepped up your emphasis and your
determination not to allow that to happen. Even though it is
not a large number, it is still unacceptable.
General Alexander. Absolutely. And I will tell you that
what Senator Grassley brought out in the letter that we sent to
him, we are also putting out to our workforce so that more
people understand what has happened to those people, because
when you read that----
Senator Sessions. They have all been disciplined?
General Alexander. All but one, and in that case, the case
was insufficient. I do not have the disciplinary actions in
that one, but all either retired, resigned, received Article
15s, or letters of reprimand with additional consequences.
Senator Sessions. Well, I think Senator Whitehouse--and he
is a former United States Attorney, Federal prosecutor--
clarifying something, and, General Alexander, let me just ask
you again: So when you are looking at the metadata, you are
referring to numbers, phone numbers, email addresses perhaps.
No messaging are in this data. Is that right? No substance of a
communication?
General Alexander. That is correct. And, Senator, in the
metadata program, it is only phone numbers. There are no email
addresses in it.
Senator Sessions. Now, Senator Whitehouse in his time as
United States Attorney probably issued subpoenas, thousands,
maybe ten thousand. In my 12 years as United States Attorney,
no telling how many thousand subpoenas we have issued----
Senator Whitehouse. Rhode Island is more law-abiding than
that, Senator Sessions.
[Laughter.]
Senator Whitehouse. It was just in the hundreds.
Senator Sessions. We had plenty of crooks in my district, I
can assure you.
[Laughter.]
Senator Sessions. The point of which is, it does not
require a search warrant to obtain from the telephone company
the person's call records. That is done by simple subpoena
without--it is simply--and the test is: Is it relevant to the
investigation? So if somebody is thought to be a member of a
gang and he says he does not know Bad Guy 1 and you subpoena
his records and he has got 50 phone calls and 20 of them were
within an hour of the crime occurring, then that is hugely
valuable, and that is just done all the time.
So we need to understand that the fundamental process here
is well within, it seems to me, the traditions of our ability
to subpoena--the records are in the possession of the phone
company. They are the phone company's records. They are not
your personal records. And that is the difference in it.
Senator Feinstein's story was so fabulous, Mr. Clapper. It
just laid the whole structure out for us. I know you have said
this before, but could you tell us, did these leaks negatively
impact your ability to be as effective as otherwise if they had
not happened, and did it hurt our ability to identify an attack
in the future?
Director Clapper. To my mind, there is absolutely no
question about that. We are already seeing signs of changes in
target behavior because of their awareness as a result of the
revelations in these unauthorized leaks. It has done great
damage to partners overseas and our relationships with them.
People's lives are at risk here because of data that Mr.
Snowden purloined. So the damage, the full extent of it is yet
to be measured.
Senator Sessions. Well, I thank you for your work, and my
impression from the people I have met at NSA is that they are
dedicated, wonderful Americans who are working every day to
preserve and defend this country, unlike Mr. Snowden, who
damaged this country. And, fundamentally I think that we can do
a better job of monitoring it, and the American people, I am
glad to say, are alert. They are not going to tolerate abuses,
and they should not. And the press has a right to do their job
within the realm of law. But I hope that--it is unthinkable
that we would dismantle this program, and I would certainly
oppose that.
Thank you, Mr. Chairman.
Chairman Leahy. It appears a lot of it is being dismantled
by the Government shutdown, but that is just my view.
Senator Klobuchar.
Senator Klobuchar. Well, thank you, Director and General.
Chairman Leahy. And I would note that in about 15 minutes I
am going to be slipping out, not because--I am telling you in
advance so you will not think it is because of anything you
said. Senator Blumenthal is going to take over the chair.
Senator Klobuchar.
Senator Klobuchar. Thank you very much, Director and
General. I want to go back to some of your earlier comments
about the effect of the shutdown on the intelligence community.
I think it is very important as we sit here today. I note that
in your testimony you talked about how 966 Ph.D.s, 4,374
computer scientists, really 72 percent of the civilian
workforce in the intelligence community are not going to be
able to do their jobs right now, and that includes people who
are connecting and collecting signals, engineers who put the
systems back together, people who are on the ground across the
world.
You indicated that the law requires you to furlough
employees not involved in addressing an imminent threat. Is
that right, Director Clapper?
Director Clapper. That is correct: against an imminent
threat to life or property.
Senator Klobuchar. But is it not true that a threat that is
not considered imminent today could be imminent tomorrow?
Director Clapper. Exactly. That is why we have to manage
this on a day-to-day basis as best we can.
Senator Klobuchar. So you would have to figure out if a
threat is imminent and spend time doing that with your lawyers
and then add someone back in?
Director Clapper. That is exactly right, and we will have
to shuffle people in and out depending on what we believe the
concern of the day is.
Senator Klobuchar. But you clearly see it as a risk to
security?
Director Clapper. Absolutely.
Senator Klobuchar. And in your assessment, how much risk
are we exposed to because we have had to furlough our
intelligence professionals who are covering issues that you
cannot define right now as ``imminent''?
Director Clapper. Well, I do not know if you want
mathematical quantification, but certainly on a percentage of
our civilian professionals, you know, the risk is, you know, 75
percent more than it was yesterday, I guess.
Senator Klobuchar. Thank you very much. I think that is
pretty significant. I appreciated Senator Feinstein's comments
she made on the floor about this, and I know she cannot give
out all the information, nor can you. But I think people have
to understand that this is a significant layoff that we are
dealing with right now, temporary as it may be. These threats,
as I have learned, change from day to day, and you need people
on the ground to be able to respond to them. So thank you for
that.
I wanted to go back. I thought our July 31st hearing was
good and informative on the surveillance programs, and then
right after that, I was a little surprised--and I know the
Chairman mentioned some of this, but in mid-August the media
began reporting about an internal audit from May 2012 which
found that the NSA violated privacy rules over 2,000 times. We
have gotten into some of those facts and what that really
means, and I am just concerned about why that did not come out
during the hearing.
General Alexander. So, Senator, every quarter, internal to
NSA, we put together compliance reports that track both under
the Business Records FISA, 702, 703, -4, and our Executive
order. We compile that because we hold our people accountable
to it.
Included in there are incidents. These are not privacy
violations. These are incidents. And then we pass those up to
the Department of Justice, to DNI, so that everybody knows that
everything that we see has been tracked. It is important to
note that the majority of those, roughly 75 percent, of those
incidents are not privacy violations. Those are us tracking----
Senator Klobuchar. No, I understand that. My point is more
of a process one, that we have a hearing and then we find out a
week later that these audits were out there that we did not
learn about at the hearing.
General Alexander. Yes, so I think what we were going over,
we have a number of incidents that we track on 702 and 215.
That is what we are talking about here. Most of these incidents
that are in these reports reflect us typing in a wrong number,
doing a search on Individual A overseas. So these are what we
will call minor violations. The major ones were the ones that
we brought up, which were----
Senator Klobuchar. Okay. I actually do understand----
Director Clapper. I think the answer to your question,
Senator, is that the subject matter of the hearing was 215 and
702, and these 12 violations over 10 years occurred under--the
foreign collection under the auspices of Executive Order 12333.
Senator Klobuchar. All right. It is just that I thought we
were kind of broadly asking questions, and it would have been
nice to have heard about it there, but that is behind us now,
and I want to talk about some of the reforms that have been
suggested. You know, there is legislation out there. One of the
reforms that President Obama has supported is the idea that we
would have a privacy watchdog installed at the NSA, and an
intelligence community website would be created to disseminate
public information on the activities. What is the status of
these reforms?
General Alexander. So on the first one, we do have a hiring
action out on the street. It is probably stopped right now
because of the furlough, but we do have one for our civil
liberties privacy advocate for NSA.
Director Clapper. And we have activated a web page under my
office to put out this data.
Senator Klobuchar. Okay. And you suggested a court-
appointed amicus for cases that involve novel and significant
questions of law. I am just interested in how this would work
in practice. What is an example of a novel and significant
case?
Director Clapper. Obviously, we are getting a little out of
our compartment here and more into the Department of Justice,
but some form of an advocate or amicus who would be a
participant when called upon by the court to address issues of
law or major surveillance questions. But I think we would need
to defer to the Department of Justice on exactly the mechanics
of how the administration would recommend that work.
Senator Klobuchar. Okay. Thank you. And did you want to add
anything, General?
General Alexander. I agree with what he said. I learned
what an amicus was during these briefings, so it has got to----
Senator Klobuchar. Okay. Well, I will have some follow-up
questions on the record, but I did want to again emphasize that
it is really important that people understand that 72 percent
of the civilian workforce of the intelligence agencies is now
on furlough and the effect that that could have on our national
security and the reason that we have to end this shutdown.
Thank you.
Chairman Leahy. Senator Graham.
Senator Graham. Thank you both for your service. From my
point of view, I am sure every organization makes mistakes, and
if anybody has abused these programs to spy on their spouse or
to spy on their neighbor or to do something in that fashion, I
hope they go to jail, because I think most of the people in the
NSA would like that outcome, because that is not exactly what
you are there to do. Do you agree with that, General Alexander?
General Alexander. Senator, I agree that they should be
punished, and depending on the action, how harsh----
Senator Graham. Yes, I mean, whatever the appropriate
punishment is, but they are outliers.
General Alexander. That is right, Senator. In fact, two of
them were done under Field Grade Article 15s.
Senator Graham. Right.
General Alexander. And when you actually look at what they
did, you can see that, okay, we trained them, they immediately
did something wrong, they got no return. Oh, by the way, they
just asked the question. They did not get information back. But
they did something wrong, and they were held accountable.
Senator Graham. Good. The point is that when you do things
wrong, you should be held accountable. When you do things
right, you should be appreciated. I think both of you are
trying to do things right to protect our Nation, and I
appreciate everybody that works for you, because I know many of
them, and they are patriots as much as anybody who criticizes
the program.
All right. Did you tell the President of the United States
what you just told us, that because of the Government shutdown,
our Nation is less secure?
Director Clapper. Yes, I did.
Senator Graham. What did he say?
Director Clapper. We discussed it yesterday.
Senator Graham. Well, you just scared the hell out of all
of us--at least I am scared, when you are telling me that 70
percent of the NSA is unable to go to work, not because they
are necessary but because of the statute, the way it is worded.
Both of you made very clear presentations to this Committee
that the Government shutdown in a post-9/11 world is making
this Nation less safe. Is that right, General Alexander?
General Alexander. That is correct, Senator.
Senator Graham. Is that right, Mr. Clapper?
Director Clapper. Absolutely. Yes, sir.
Senator Graham. Well, to Mr. Gibbs, who told the
President--his political adviser, former press secretary, he
advised the President to just watch the shutdown. Do you think
that is a responsible thing for the President to do as
Commander-in-Chief, to not negotiate or just watch the
shutdown?
Director Clapper. Well, I am not going to--I would like to
avoid the----
Senator Graham. Well, you do not have to. I will give you
my own opinion. I think it is irresponsible for all of us to
let it continue, but where the hell is the Commander-in-Chief?
If you really told him that, that our Nation is less safe and
every day that goes by we are being less capable of detecting
potential terrorist attacks against the homeland and the
approach is to just watch time go by, why are the Members of
the House and the Senate not in the White House right now to
try to solve this problem?
One of two things is true: You are telling us the truth,
and the Federal Government leadership on both sides are
ignoring it, particularly the Commander-in-Chief; or, you are
overstating the case. I think you are telling us the truth, so
I am not even going to go down the road you are overstating the
case. But I want the American people to know there are
shutdowns before 9/11 and there are shutdowns after 9/11, and
there is a huge difference. And for the President of the United
States, for our House Democrats to not negotiate, is
irresponsible. For our Republican Party not to try to find a
way to end this mess is irresponsible. So I hope that the
President will do more than watch.
Now, about 9/11, General Alexander, if we had had the
technology and the programs in place today before 9/11, what
would be the likelihood that we would have detected that
attack?
General Alexander. Senator, in my professional opinion, it
would have been very high.
Senator Graham. Do you agree with that?
Director Clapper. I do.
Senator Graham. I am here to tell the American people, if
we had in place today before 9/11, the 19 hijackers who were
here in the country, most of them in legal status, talking to
people abroad, we would have known what they were up to. We
would have known why the guy was just taking flying lessons to
take the plane off and did not care about the part of the
flying lessons to land it, which was kind of odd to me--I want
to pay for flying lessons, but I do not care to learn to land
the plane.
So at the end of the day, my question to both of you is
simple. Let us reform this program where it has gotten out of
line. Let us be sensitive to the political--to the
constitutional rights we all have. But here is my question:
What is being proposed in terms of reform, will it make us less
able to detect the next 9/11? Are we going back to that pre-9/
11 mentality? That is the question for me. Is the Congress
taking us back to a time when we could not pick up a threat
that was right in front of us?
Director Clapper. Well, Senator, there are several
proposals that have been proposed in the form of bills, and I
guess our basic reaction to this is we are open to changes to
make this more transparent, for more oversight, but in doing so
we do not want to overcorrect such that we lose the operational
utility and the agility of these programs.
Senator Graham. Same for you, General Alexander. Will you
tell me when you think we have crossed that line?
General Alexander. Senator, absolutely. I feel it is my
responsibility to tell you and the Director of National
Intelligence and the President that they are going to hurt us.
Senator Graham. Very quickly. About the times in which we
live, are there active efforts by terrorist organizations to
penetrate the United States?
General Alexander. Yes.
Director Clapper. Absolutely, yes, sir; as we speak.
Senator Graham. Do you believe there are people probably
already here as part of a fifth column movement?
Director Clapper. There are sleeper--there is sleeper
presence, absolutely. I would not call it a unified fifth
column. There are various entities----
Senator Graham. Fair enough, and I will end with this
thought. My goal is to make sure that if a known terrorist, al-
Zawahiri, who took bin Laden's place, if he is calling someone
in the United States, I want to know who he is talking to. Is
that a fair thing for me to want for my country?
Director Clapper. Yes, sir, and I think it is a fair
requirement for any citizen.
Senator Graham. And is it also fair to say that before you
can keep the content or do something with the content, you have
to get a warrant?
Director Clapper. Yes.
Senator Graham. Last thought. Are we at war as a Nation
with radical Islam, or are we fighting a crime? And what is the
difference when it comes to gathering intelligence between
fighting a war and fighting a criminal enterprise?
Director Clapper. Well, one difference--and it is more of a
tradecraft difference--is the evidentiary standard that we
struggle with since we are dealing with wispy hints, bits and
pieces of information that probably do not necessarily meet the
probable cause standard. That is another consideration we have
with changes to these laws.
General Alexander. Senator, I do believe it is a war on
terrorism, my words, and that what we are seeing today is going
to get worse with what we are seeing go through the Middle
East, what is going on in Syria, the actions in Iraq over the
last week, and in Afghanistan. The week concluding 23
September, 972 people were killed in Kenya, Yemen, Syria, Iraq,
Afghanistan, and Pakistan, and over 1,000 injured. When you
look at what we--the relative safety we have here, it is no
accident. It is the work of our military and our intelligence
community keeping this country safe, and we need the tools to
do that.
Senator Blumenthal [presiding]. Thank you, Senator Graham.
Senator Klobuchar. Mr. Chairman, I just wanted, in response
to Senator Graham, to let him know that a few minutes ago the
White House just announced that the congressional leaders had
accepted their invitation to come and meet today. So they must
have heard you from here, but also, again, if we would pass the
Senate bill, the House would pass the Senate bill, then the
shutdown would end. I think that is important for people to
know.
Senator Blumenthal. Thank you, Senator Klobuchar.
Senator Franken.
Senator Franken. Thank you, Mr. Chairman.
Director Clapper, General Alexander, you and your employees
protect our country, and I am grateful for that. Thank you.
I have a bill, the Surveillance Transparency Act, that will
address what I think is the central problem in this debate, and
that is the fact that, despite the large amount of Americans'
information that is being collected under the foreign
intelligence law, those laws lack any substantial public
reporting requirements. The Government does not have to give
even a rough estimate of how many Americans' information is
being collected, and it does not have to tell Americans how
much of their information is actually seen by national security
officials.
What's more, the companies that get information requests
are under strict orders, strict gag orders, so they are not
allowed to give the public information.
The American people are smart. They understand that we need
to give weight to both national security and civil liberties.
But when the public lacks even the most basic information about
the scope of these programs, they have no way of knowing if we
are getting that balance right.
My bill would change this. It would make the Government
give annual statistics on the number of Americans' information
collected and the number whose information is actually
reviewed. It would also let companies disclose agreements and
disclose aggregate statistics on the number of requests they
get and the number of accounts affected.
I am very pleased to report that yesterday morning
America's leading tech companies from Apple to Google to
Microsoft to Facebook to Twitter to Yahoo, all of these
companies sent a letter supporting my bill, urging this
Committee and Congress to pass it. And, without objection, Mr.
Chairman, I will enter a copy of this into the record.
Senator Blumenthal. Without objection.
[The letter appears as a submission for the record.]
Senator Franken. For my first question, I just want to give
an example of why I think greater transparency is so
desperately needed. As Senator Grassley and Senator Leahy
indicated, this past Saturday, The New York Times ran a story
alleging that NSA gathers data on the social connections of
U.S. citizens. The article gave a series of examples of the
kind of sensitive data that is allegedly collected to create
detailed graphs of some Americans' social connections. Both of
you have clarified some of the inaccuracies in that story.
But here is the thing. If Americans knew that this kind of
collection was limited to a small number of people, people who
we have reason to believe are foreign agents or involved in
terrorism, I frankly think that most of them would be fine with
that. But there is nothing in that article that gives any sense
of whether this affects tens or hundreds or thousands or
millions of people, and that is because the information just is
not out there. This lack of information, frankly, scares people
and causes distrust. It makes them distrust our Government.
Director Clapper, General Alexander, don't you think that
this just underscores the need for greater transparency about
our surveillance programs?
Director Clapper. Absolutely, sir, it does, Senator
Franken, and just a couple comments about the bill.
We were already, I think, in agreement on releasing the
total number of orders or other process issued under various
national security authorities, including FISA, and the total
number of targets affected by those orders. And we are fine
with allowing the providers to release annually the total
number of Government requests or orders they receive for
information about their customers and the total number of
targets affected by those orders and certifications.
What we are concerned about, just to be up front here, is
the stipulation on a company-by-company basis, because then
that gives the adversaries, the terrorists, the prerogative of
shopping around for providers that are not covered.
I do agree with you about doing all we can to assure the
public of what a small proportion of these records are actually
looked at. A case in point with 215, while the metadata stood
at rest in essentially a lockbox, there were, I think, only 288
queries that were actually made, which is actually in the total
scheme of things a minuscule part of the records.
Senator Franken. That is sort of the point. I will let you
answer the question, General, but I just want to respond to
that. Those are good, positive steps that you are talking
about. But I have to be honest. I think it is just too little
and it is not permanent. You know, first of all, the numbers of
orders will not tell us all that much.
For example, in 2012, there were only 212 orders issued
under Section 215 of the PATRIOT Act. That seems like a small
number, but now it has been declassified that a small number of
those orders allowed the Government to collect substantially
all of the telephone metadata handled by most of the country's
leading telephone companies. What is more, these disclosures do
not reveal even an estimate of how many Americans had their
information collected, which you just mentioned. So I do not
understand why we cannot mention that as part of the law. And
what you are doing is sort of voluntary, and it is not
permanent. So if you would change policy and we get another
administration in that wants to change the policy, then that
does nothing.
General Alexander. Could I add to this? On the 288, the 288
numbers were approved for reasonable, articulable suspicion to
then do queries on.
Senator Franken. Okay. So queries are the higher number.
General Alexander. You might do it twice in a week, so that
would actually be--but only 288 numbers. I think that is a key
point.
I agree with transparency and with what Director Clapper
has put out. There are two parts of this. He mentioned the
first part. The second is those companies that are compelled,
especially under 702, are compelled to cooperate with the
Government. They are not throwing NSA any information. They are
not doing something inappropriate. And it is interesting to
note that other countries demand the same of them.
And so what our companies are doing is what our Nation
needs them to do to help us stop terrorists and other acts.
They are compelled in other countries in a lawful intercept way
just the same. And so I think out of this, one of the things
that concerns me is those companies who have acted on good
faith--and you mentioned several of them--they are trying to do
the right thing that we as a Nation have asked them to do, and
it is being blown way out of proportion as if they have opened
up their servers and stuff, and you now know that is not true.
So I do think the transparency is very important because it
tells you the numbers, and I think people would stop and say,
``Well, that is it?'' And I think--so we have just got to
figure out how to do that in such a way as to not tip the bad
guys off to go to Point A or B. Does that make sense?
Senator Franken. Yes. Mr. Chairman, could I--I know others
have gone over their time. We do not get these two witnesses
before us very often. Can I just ask one last quick question?
Senator Blumenthal. I know if I denied you that
opportunity, I would hear about it forever, so I am going to
say yes.
Senator Franken. I am not sure what that says about me, or
you, but----
[Laughter.]
Senator Blumenthal. I just thought I would be your straight
man, as usual.
Senator Franken. Yes, thank you.
I think one of the issues--there is trust and distrust, et
cetera, that issue. One of the issues is the ability to--we see
Snowden, a contractor, and he releases all this stuff. Has
there been any thought given to doing--and where are we on
thinking about this--two key or three key situations where, you
know, I know that on some of the stuff that has been leaked
that there is--and I have been briefed that we have used
backups where someone does something, other people are alerted
to it. Is there any change that we are making, we are talking
about making in the way that stuff is accessed?
General Alexander. We are making significant changes, and
we can send you the complete report, because some of it gets
into a classified area, but we have implemented the two-person
control on devices into certain rooms and stuff, and we are
piloting part of that for the intelligence community, but I
will let the Director----
Director Clapper. Well, there are two things underway, sir,
that we have to--which are not going to be fixed by close of
business next Friday. One is to go to a system of continuous
evaluation for people who are cleared as opposed to the current
system where someone is given an initial clearance and then
they go 5 years or more for a top secret clearance or 10 years
for a secret clearance. That system has got to change so we can
do this continuously.
Moreover, we have to finish what was started in the
aftermath of WikiLeaks for insider threat detection. So we have
more comprehensive means of detecting anomalous electronic
behavior of people on the job. I can give you a lot more detail
on that if you would like for the record.
Senator Franken. Thank you. And thank you, Mr. Chairman.
Senator Blumenthal. Thank you, Senator Franken.
Senator Flake.
Senator Flake. Thank you, Mr. Chairman. Thank you both.
Let me follow a little bit on the lines of Senator Graham's
comments. I was not here for your initial testimony, but I
understand and I read from the press reports, Director Clapper,
that you talked about the furloughs and about the shutdown and
the negative impact that is having on the intelligence
services, and I certainly get that.
As you are aware, 2 days ago we passed through legislation
quickly, very quickly, unanimously, to protect the military
from this shutdown. Have you recommended to the President that
he recommend to the Congress that we do something similar for
the intelligence services? If this is, as you have put it, a
``dreamland'' for our enemy here, would that not be
appropriate?
Director Clapper. I certainly think it would be, and, of
course, the support to the military, particularly in the case
of DOD, involves three combat support agencies, one of which is
NSA, who, although funded in the National Intelligence Program,
are providing support to the military day in and day out. So I
would be a strong supporter of that.
Senator Flake. Right. I understand there is some overlap.
But where there is not, and you are mentioning 70 percent of
civilian employees in the intelligence agencies have been
furloughed. Is that correct?
Director Clapper. That is as of yesterday. Now, as I also
hasten to point out, we are going to manage that on a day-by-
day basis.
Senator Flake. Right.
Director Clapper. Right now, for example, NSA has a very
low number of excepted civilians, depending on their military
population, which, of course, was not furloughed. To the extent
that this shutdown drags on, we are going to have to make some
daily adjustments and make judgments about bringing people back
on a day-to-day basis.
Senator Flake. Well, I would hope, if the situation is as
dire--and only you know. We do not have access day to day to
the intelligence here. But if it is as you say--and I believe
that it probably is--then I would believe it would warrant the
President saying, okay, whatever you do, however long this is
going to last, we have got to make sure that we are collecting
the necessary intelligence. I can guarantee you both the House
and the Senate would move expeditiously to do this, so if it
really is a problem--and I believe it is--I trust that you will
make that recommendation to the President.
Director Clapper. Yes, sir, I will. And, again, I would--I
am not sure you were here, but I would again commend the
statement that Senator Feinstein made on the floor yesterday
about this.
Senator Flake. Thank you.
General Alexander, last June I questioned the FBI Director
with regard to the retention of data collected under--the
metadata under 215. He testified that data collected under 215
is scrubbed every 5 years, or after 5 years, I think on a
rolling basis. Is all metadata collected under other
authorities also discarded after 5 years?
General Alexander. So for NSA, it depends on the type of
data. So in the metadata repository for 215, as you stated, it
is aged off after 5 years by court direction. If there is a
report, that, of course, would not be aged off. That report
will stand just like other intelligence activities.
Within the Executive Order 12333 metadata repositories, it
depends on the size of the repository and the type of data that
is being done, but generally speaking, it is 5 years. There may
be pieces of information that we retain longer than are of
intelligence value overseas that are different than the ones we
have in the United States. But that is all that NSA has in
those areas.
Senator Flake. I understand that foreign is handled
differently. But if you have metadata that is collected under
separate authorities, not just 215, is that bunched together in
a way that it is retained beyond 5 years? Or how do you
separate it? Do you hold it separately? How does that work?
General Alexander. So NSA--I do not know of any other
programs that would collect metadata in the United States
outside of 215. We do not have any that I know of, and none
have come up. So from my perspective, those would be with other
agencies--yes, and the overseas is the one I explained. Does
that make sense?
Senator Flake. Okay.
General Alexander. So I do not have any other. Telephone,
there was an old program that we talked about, you know, that
was stopped a few years back, and all that data was destroyed.
That was on email. So we do not have any----
Senator Flake. I trust when you say that there are no
programs that I know of that you would know of them.
General Alexander. Hopefully so, especially after the last
3\1/2\ months.
Senator Flake. Thank you, Mr. Chairman.
Senator Blumenthal. Thank you, Senator Flake.
Senator Coons.
Senator Coons. Thank you, Mr. Chairman, and thank you,
General Alexander and Director Clapper, for your testimony and
for your service. I do think that the way for us to proceed is
not to have--sort of carve out simple exceptions for different
pieces of the National Government that we all consider vital to
our security, but to end the shutdown, which Speaker Boehner
can do at any moment by simply taking to the floor what has
been passed by the Senate and allowing an open vote on it. But
I will take seriously into account your expressed concerns. It
does seem to me alarming if more than 70 percent of your
civilian workforce is furloughed, and it is my hope that you
will be reviewing on a rolling basis whether or not this is
exposing us in any significant way. Your comments at the outset
were a reminder.
I, as you may know, also chair the Africa Subcommittee and
recently spoke to our Ambassador in Kenya about the ongoing
investigation and things we need to learn and be more attentive
to that comes out of that tragically significant event in
Nairobi.
I do think that the work of the intelligence community is
valuable, but as many of my colleagues have spoken about,
events over the last few months have raised real concerns
across the country, and I appreciate your stated interest in
finding a better balance between transparency, civil liberties,
a commitment to privacy, and yet fulfilling your duties.
So let me, if I might, turn to that because there are a
number of pieces of legislation introduced, being considered by
Members of this Committee, that I think can make some positive
contribution to resolving the legitimate anxiety many Americans
feel about whether their privacy is being appropriately taken
into account.
General Alexander, you have argued both here and in other
contexts in support of bulk collection that, in order to find
the needle in the haystack, you have to have the haystack. But
the very fact the NSA can tell so much about a target through
detailed analysis of non-content bulk data, metadata, indicates
to me that there is at least some privacy interest at stake--
maybe not a constitutional privacy interest given current
constitutional doctrine, but a privacy interest in the sense
that the NSA can cobble together through these random threads,
can weave a profile of a person that can ultimately contain
quite private details.
Shouldn't Congress be concerned about protecting that sort
of privacy interest against unwarranted intrusion, or you? And
what do you suggest we should do about this together?
General Alexander. Well, I think given the standard and the
way it has been written, this is a lower standard than probable
cause. Now, I am not a lawyer, so I would defer to Justice. But
what we are talking about is in each case, when we go to query
the Business Records FISA, we start out with a selector: Is it
associated with al Qaeda or associated terrorist groups? So
that is the nexus of our question. And it is really what you
would want us to do, and it is the least intrusive.
What we are doing is, we will look at that, create one,
two, and potentially three hops out, and see if there are other
nexus and numbers of interest. We know no names on the U.S.
side. It is just numbers. If we see that, and other connections
to foreign from some of those numbers, we would then tip that
to the FBI. The FBI would then go through the appropriate
process, and in this case they would have to come up with a
probable cause standard to go after the content there.
That was a long-winded answer to say--and I apologize for
that--I believe the appropriate standard is there, and the
courts agree with it. And I think Judge Eagan's statements were
really pretty good in this area. They were excellent. We try to
do that by ensuring that every time we look at it, you and
others can audit, see what we did. You know, we audit it, we
document it, and it is from my perspective very precise in what
we do. Then and only then do we look into the data.
So what that means from my perspective is the chances of my
number being looked at are so many zeroes out that I am
comfortable. My data, I am sure, is in there.
Does that make sense?
Senator Coons. That is a helpful answer.
Director Clapper, I would be interested then, given the
answer just given by General Alexander, if you can articulate
for the American people why the Government ought not to be
required to show that the information, such as bulk data, that
it seeks under our surveillance authorities pertains to an
agent of a foreign power, his activities, or persons with whom
he is in contact, rather than this mere relevance standard?
Director Clapper. Well, as we mentioned earlier--and,
again, we are getting into the lawyer area here, but----
Senator Coons. This is the Judiciary Committee. We have a
tendency----
Director Clapper. I understand. I think the difference here
is in the evidentiary threshold or evidentiary standard for a
probable cause versus what we deal with in intelligence. And
all we are looking for here are investigatory leads which may
not necessarily meet the probable cause standard. Ergo, we have
relied on this reasonable, articulable suspicion as the basis
for that.
Now, one of the proposals that has been made is to have
greater court scrutiny of these RAS determinations. I think we
would be fine with doing that after the fact on a regular
periodic basis so that any of these queries made under a
reasonable, articulable suspicion standard as opposed to
probable cause, which is higher, we would be fine with.
Senator Coons. Well, what we are going to pursue is sort of
reasonable suspicion of what, and so one of the ways that I
think we can deal with this yawning gap of sort of trust and
confidence by the American people about their privacy and your
charge to defend our security is by narrowing in on exactly
what is the standard under which these searches are being
conducted. And I also will simply repeat what I think was
Senator Franken's solid point, that you have made some very
significant progress in terms of transparency and commitment to
response to congressional oversight, but temporary changes in
policy and practice do not provide lasting assurance. Changes
in statute will.
Director Clapper. I completely agree with that, that if
these changes, whatever they are, are embedded in law, that
will instantiate a degree of permanence that our doing it
administratively would not.
Senator Coons. Thank you.
Thank you, Mr. Chairman.
Senator Blumenthal. Thank you, Senator Coons.
Senator Cruz.
Senator Cruz. Thank you, Mr. Chairman.
Director Clapper, General Alexander, I thank you for being
here. I thank you for your service to our Nation.
I would like to address two topics: one, the issue of the
impact of the Government shutdown on the intelligence
community, and then I would like to follow up with some
specific questions about the many privacy concerns that have
been raised.
With respect to the shutdown, I think the testimony that
the two of you have provided today is deeply disturbing. That
70 percent of the civilian intelligence force has been
furloughed is reason for concern to everyone, and I very much
agree with Senator Lindsey Graham who observed that the person
who should be most out front correcting this is our Commander-
in-Chief. And I do not believe President Obama should be
playing politics with this. He should not be refusing to
negotiate or compromise. He should be stepping forward to
correct this problem right now.
As Senator Flake noticed, this week we saw what Congress
can do when there is a bipartisan cooperation to address a
need, namely, earlier this week the United States unanimously--
the United States Senate unanimously passed legislation that
the House had already passed to fund the men and women of our
military. It was the right thing to do. I took to the Senate
floor to commend Majority Leader Harry Reid for not objecting
to that legislation, for agreeing not to hold the men and women
of our military hostage regardless of what happens in this
Government shutdown.
Director Clapper has presented a recommendation here to
this Committee today that the intelligence community needs to
be funded, and I have heard the concerns raised by my friend
Senator Klobuchar, my friend Senator Coons. I hope we can see
bipartisan cooperation today, Republicans and Democrats in the
Senate agree to come together today to pass a clean continuing
resolution funding the Department of Defense and our
intelligence communities. If the Senate cooperates, we could
get this passed by the end of the day. We could respond to the
national security threat these two gentlemen have laid out. And
the only impediment to doing so is the prospect that Majority
Leader Harry Reid would object to doing so.
If, God forbid, we see an attack on the United States
because the intelligence community was not adequately funded,
every Member of this Committee would be horrified. So I hope
that issues of partisan politics can be set aside and we can
all come together and pass right now by the end of the day a
continuing resolution to fully fund the Department of Defense
and the intelligence community. I hope President Obama, I hope
Majority Leader Harry Reid hear and respond to the candid and
heartfelt recommendation, Director Clapper, that you presented
here today.
Let me move on to the second topic: the issue of privacy.
General Alexander, in a recent Senate Intelligence Committee
hearing, when asked about whether the agency wants ``the phone
records of all Americans,'' you testified, ``I believe it is in
the Nation's best interest to put all the phone records into a
lockbox that we can search when the Nation needs to do it.''
Besides phone records, what other records of all American
citizens do you believe the Federal Government should be
collecting?
General Alexander. I cannot think of any right now. There
has been--so thanks, Senator, for that question, because
earlier this came up about the Saturday article. We do not
collect in bulk all those things that were said. Those were
focused on foreign, but they did not have foreign vote or
foreign X in front of it.
From my perspective, I cannot think of other bulk records
that we would need, like phone. I do think as we look at the
phone data, we are going to have to look at how that changes as
we bring mobility, and that has been the question of it, and so
we released to the Intelligence Committees today clarification
so they understood the difference on locational data and those
requirements.
I do think that right now we are going to have to evolve as
the threat evolves, but I cannot think of any, and that was a
long-winded--I cannot think of any. I apologize.
Senator Cruz. Also before the Intelligence Committee,
General Alexander, you declined to answer whether the NSA had
ever tried to gather data about the location of phone calls,
and there was some suggestion from Senator Wyden that this was
a classified matter.
My question to you is: In your personal opinion, do you
believe the NSA needs to collect GPS location information on
American citizens to prevent terrorism?
General Alexander. So we did send a statement to the
Intelligence Committees, and if I could just read it real
quick, because it addresses what your question is:
``As NSA has previously reported to the Senate and House
Intelligence Oversight Committees, NSA does not collect
locational information under Section 215 of the PATRIOT Act. In
2010 and 2011, NSA received samples in order to test the
ability of its systems to handle the data format, but that data
was not used for any other purposes and was never available for
intelligence analysis purposes. In a 25 June 2013 closed
hearing with the Senate Select Committee on Intelligence, NSA
promised to notify the Congress before any locational data was
collected. Moreover, as noted in the Foreign Intelligence
Surveillance Court's most recent opinion''--I think it is
called Footnote 5--``on the program, the Government would also
be required to seek the Court's approval of the production of
locational data before acquiring it under this program.''
I would just say that this may be something that is a
future requirement for the country, but it is not right now,
because when we identify a number, we can give that to the FBI.
When they get their probable cause, then they can get the
locational data that they need. And that is the reason we
stopped in 2011.
Senator Cruz. Thank you, General Alexander.
If I may ask one brief follow-up question?
Senator Blumenthal. Sure.
Senator Cruz. Thank you, Mr. Chairman.
Absent a search warrant particularized to an individual
suspected terrorist, does the NSA currently have the ability
and access to voicemail content, to text messages, or to
financial records that are now being collected by the CFPB on
millions of American citizens?
General Alexander. I apologize. I am not familiar, Senator,
with CFPB.
Senator Cruz. The Consumer Financial Protection Bureau.
General Alexander. Not that I know of, Senator, no. In
fact, to be clear, if we have to go after any U.S. person--and
it would almost always be an FBI not an NSA lead--it has to
have a probable cause warrant, and you would have to go through
the probable cause, whether it is under a regular court or the
FISA Court, depending on the type of action.
Senator Cruz. And is that answer the same for voicemail
content and text messages?
General Alexander. Voicemail--all content, any targeting of
a U.S. person would have to be done that way. For metadata, it
is always started with a nexus with al Qaeda or related--the
queries and reasonable, articulable suspicion.
Senator Cruz. Thank you, General Alexander. Thank you,
Director Clapper.
Senator Blumenthal. Thank you, Senator Cruz.
Before I ask my questions, I am going to recognize Senator
Hirono.
Senator Hirono. Thank you very much, Mr. Chairman.
I understand the serious concerns and consequences to our
intelligence program with 70 percent plus of your people
furloughed as a result of the shutdown. I would say that every
day of the shutdown creates dire consequences for our families
and our economy. So, of course, the answer to that is not to
have had a shutdown in the first place, and we need to open
Government, all of Government.
We talked a bit in today's hearing about some individuals
who had asked inappropriate or illegal queries, and, General
Alexander, you mentioned what happened to these people. My
question is: How did these inappropriate queries come to light
in the first place? Do you have something in place that detects
when these kinds of illegal actions are taken by your
employees?
General Alexander. Two ways, Senator, for us to detect
those. If it is on a U.S. person phone number or email, a flag
automatically goes up and says somebody is querying that. In
the audit process, that makes it very quick to see.
Under the foreign side, if you have somebody working
overseas on a foreign number, it is much more difficult.
Oftentimes that is found when we have a security update, when
we go through the person's security update, because detecting a
foreign number--so most of these were on a foreign friend, girl
or boy friend, in a foreign place. And the number may be
construed to a valid intelligence target or identified as such,
and it is difficult for an auditor to see that. So that is the
issue. So what we have done is, I think, highlighting the
punishments that go along with this really will help cut that
down.
Now, to be really candid, if you think about the number of
people that we have--and you are familiar with this, I know,
from NSA Hawaii and others--when you look at the numbers of
people doing queries and the few mistakes that we have had over
a decade, that is 12. That is too many. We agree. But I think
actually we do a good job of holding these--of detecting and
holding people accountable.
Senator Hirono. So you feel that we have the processes, the
technology in place that will identify these kinds of
inappropriate queries? I mean, nothing is foolproof.
General Alexander. That is right. Nothing is foolproof. I
think on the U.S. persons, we have a great track record there.
And in some of these, that is how it was detected, in the
minority of the cases where it involved that. The more
difficult one I explained.
Senator Hirono. I want to turn to The New York Times recent
article where you have many systems in place that collect
metadata. There is reference to MAINWAY. In the article it says
that, in 2011, MAINWAY was taking in 700 million phone records
per day, and it also began to receive, in 2011, 1.1 billion
cell phone records daily, and then it goes on to say that the
agency is pouring money and manpower into creating a metadata
repository capable of taking in 20 billion record events daily
and making them available to NSA analysts within 60 minutes.
So, clearly, the surveillance technology is evolving.
My question is: Do we also have a developing--are we also
developing the technology to protect privacy?
General Alexander. Senator, I think we are, and I would
note that what was missing in The New York Times article is
almost all of those should have said ``foreign'' in front of
it. So here is the issue that we face, and it goes right to
metadata, and it is for our allies as well as for us.
A terrorist threat that spans from the Middle East to
Europe to the United States, how do you track that and identify
the key people. You could try to do this on content, but that
would be too labor-intensive. So metadata tracking the
connections is the first and the best way to start. And so the
collection of metadata to track some of these individuals is
the most important and the least intrusive way of doing it.
In the United States, what was conflated was a couple of
different programs. So the fact that Facebook and social
networks and all those things, they jumped to the conclusion
that that is done on Americans, that is factually incorrect.
Only when the Americans are a subject of an investigation, like
a terrorist investigation--so in this case it is called ``a
U.S. person''--a terrorist in the United States is treated as a
U.S. person. In that case, we would have the FBI have a court
order--the FBI would have done that. Then we could go do the
check on that.
So I would just be clear that I think our rules for
ensuring the privacy both of Americans and our allies is
actually better than any country in the world.
Senator Hirono. I have one more question, Mr. Chairman.
General Alexander, is PRISM the only intelligence program NSA
runs under FISA Section 702?
General Alexander. Well, PRISM was a--yes, essentially the
only program was that that you know as PRISM under 702, which
operates under that authority from the Court. But we also have
programs under 703, 704, and 705.
Senator Hirono. So what are all of the programs run by NSA
or other Federal agencies under FISA 702 or of the PATRIOT Act
Section 215?
General Alexander. So, generally speaking--and I am going
to give you the general statements on this. So you have two
sets: the Business Records FISA program, 215, authorizes the
use of metadata; Section 702 allows us with one and foreign to
go after content, so 702 is content data, which means the
communications of a foreign person, reasonably believed to be
foreign, outside the United States to get their communications.
So it is a different set of things, but we may use U.S.
infrastructure to help us gather that information. 703, -4, and
-5 deal specifically with U.S. persons and are a much smaller
subset.
Did I get those right? I have got to ask the lawyer.
So that is, generally speaking--and then there is upstream
collection that allows us to collect the same information. We
go through the Court; we do the same thing on that. That was
one of the violations that we had in 2011. We worked that
through with the Court. But it is essentially the same process,
going after a foreign piece of information.
So how do you track a terrorist? And these are the tools
that you have. One is to identify in metadata who it is. And
the second, if we identify it is a foreign target, a foreign
terrorist piece of information, gathering more information on
that becomes increasingly more important. All of those are
available to this Committee, all of the information on those,
and our Executive Order 12333, and none of that is hit.
Senator Hirono. Thank you.
Mr. Chairman, I think my time is up. I may be submitting
further questions to our witnesses. Thank you.
Senator Blumenthal. Thank you, Senator Hirono.
Thank you both for being here, and thank you for your
service to our Nation and to the men and women who work under
your command. I think all of us share the view that the work
that these dedicated patriots do for our Nation is absolutely
vital. I think also I at least share the sense of alarm and
astonishment not only about the percentage that you have given,
70-plus percent of our intelligence community being furloughed,
but also the very dire and dangerous impact on the capability
of the Nation to protect itself during this time of shutdown.
And you were asked, I believe, Director Clapper, whether you
recommended to the President a change in that percentage or in
the policy and practice. Have you made a recommendation?
Director Clapper. I have not made directly a recommendation
to the President, no.
Senator Blumenthal. I understand your view that that policy
should be changed and that more of our intelligence community
should be at work during this shutdown. But would it not be
advisable to make that recommendation?
Director Clapper. It would. Also----
Senator Blumenthal. I hope you will do it.
Director Clapper. In fairness, though, I need to--I am
here, we are here representing, perhaps parochially,
intelligence. But the shutdown has a very negative impact on
lots of other segments of the national security apparatus, to
include the Department of Defense. I am worried, most concerned
about the intelligence components of the Department of Defense,
for example, but there are many other parts of the Department
which also have an impact on national security who are also
civilians who work in those----
Senator Blumenthal. I understand that point, but in your
parochial task--and I would respectfully disagree with the use
of the word ``parochial.'' I think it is a very profoundly
significant task. I would respectfully suggest that you make
that recommendation.
Let me move on to say to you both, we know and you know
that we need to both protect national security and preserve our
civil liberties, and that is the balance that a democracy
requires to be made. And protecting our security enables us to
have the freedoms and liberties that we also want to protect in
the course of collecting that data.
One of the suggestions that I have made, in order to
protect the trust and confidence of our Nation in our national
security system, is that there be an adversarial process. As
you know, we have talked about it before, and you have
responded to Senator Klobuchar's question about what she
referred to as an ``advocate'' or an ``amicus.''
My proposal very simply would provide for a constitutional
advocate that would enable the Court to hear both sides, and
the principle behind it is really one of common sense. Before
you authorize a mission or assignment, you do not have a formal
trial, but you hear both the upsides and the downsides, the
negatives and the positives, and my feeling is that the Nation
would be better protected by a constitutional advocate with
security clearance that would potentially raise questions and
challenge a security practice or procedure after it is ongoing,
so there would be no delay.
Let me pose to both of you, do you see a disadvantage,
assuming that there would be no delay and no threat to security
during that challenge, from that kind of adversarial procedure?
Director Clapper. Let me start, sir. First, I have read
your Harvard Law School treatise, which, speaking personally, I
thought was excellent. I thought it was very well written, very
temperate, and very balanced.
Senator Blumenthal. Thank you.
Director Clapper. And it does recognize the two poles.
I think our general view on an advocate or your other set
of recommendations pertaining to the composition of the Court
and how it is appointed, the diversity, our--again, I hate to
use the word ``parochial,'' but from our standpoint, as long as
the Court can function operationally for us, that is the main
concern we have, that it can move with agility, protect those
aspects that require classification, as the Court has. I think
our view is the Court has been a rigorous overseer, a very
robust overseer of all these processes. But for the sake of
enhanced transparency and trust and confidence of the American
people, some arrangement like this I think from our standpoint
is more than acceptable.
Having said that, I think the official spokesperson for
this would be the Department of Justice.
Senator Blumenthal. General Alexander.
General Alexander. I agree with everything Director Clapper
said, and I would just add that there are certain cases, I
think, that you have also noted that would not require an
amicus or somebody to stand up and say in these--just like you
would have in a subpoena, there are times that you go to a
judge and do things that you do not have an adversary in the
criminal side. I think you would model it perhaps after that,
and your discussions with the Justice Department I think have
already walked down that lane. So given all that, yes.
Senator Blumenthal. And the model would be indeed the
criminal process modified so as not to impede in any way the
legitimate and pressing security concerns that might arise.
I want to say for myself as to the potential legal action
against contractors who failed in their duties to prevent the
leaks that occurred or to do more adequately the screening and
security clearance that was required that my hope is that legal
redress will be pursued. My colleague Senator Whitehouse said
he wanted to make sure that they were not too big to sue. I
want to make sure that they are too big not to sue, too big in
their responsibilities and the very profound harm to the Nation
that has been caused by their failure to fulfill those
responsibilities. They are very big in terms of the role and
responsibility that they were legally required to fulfill and
apparently failed to fulfill. And so I hope there is serious
consideration underway and that you will recommend as
appropriate that legal action is taken.
Let me just finally ask you a couple of questions to
clarify, General Alexander, what you said about The New York
Times report, specifically the social network graphing that The
Times reported. Is it your testimony here that there has been
no social network mapping or graphing that involves American
residents or citizens?
General Alexander. I gave the cases in which that would not
be true. For example, there are cases that you would graph an
American number if that is the subject of a terrorist
investigation, is a great example, if they are the target or if
they are a hostage someplace, when you would expect us to look
into those communications for those types of things. So there
are cases where you would do that. But it does not----
Senator Blumenthal. You would--I apologize for
interrupting. You would map the phone numbers.
General Alexander. The phone numbers, correct.
Senator Blumenthal. I am talking about the social network
emails and Facebook and other connections or information that--
--
General Alexander. So our information is foreign, and all
the information that we bring in, foreign, that even has U.S.
data in it, we do the maximum that we can to filter out any
U.S. data. So we would not have that in our repository.
So the belief--what they jump to is a conclusion because we
did not articulate perhaps in a classified slide that what we
are talking about here is all foreign stuff. Everybody knows
that who works there. But what they jump is, well, then, that
must be on U.S. persons. That part is wrong. We do not do that.
And the fact that people assume that we are out there mapping
the social networks of U.S. persons is absolutely wrong.
What we do go after is those that are the subject of a
terrorist investigation or something like that. And even then
we do not have all that data in there. We do not have the
Facebook and other stuff on those people here in the U.S. It
would have to come from the foreign side or from an FAA 702
collection.
Senator Blumenthal. If they became a target and only if
they became a target would you do any of the social network----
General Alexander. Then it would be the FBI. Then it would
go over to the FBI. You know, so we are looking for the foreign
nexus here, not the U.S. part.
Senator Blumenthal. Well, let me ask you, The Times reports
that in November 2010, SIGINT Management Directive 424
authorized the adoption of a practice that had been tried on a
pilot basis for about a year and a half before. Is that
inaccurate?
General Alexander. I am not sure, Senator, what that refers
to on 424, to be honest. Is this the Supplemental Procedures
Governing Communications Metadata Analysis? I am not sure what
that means. But I will take that for the record.
Senator Blumenthal. If you could take it for the record, I
would appreciate your response.
[The information referred to appears as a submission for
the record.]
General Alexander. And just to be clear, you know, I am
answering questions on Business Records FISA 215 from NSA's
perspective because that is what I am familiar with. You know,
that is, of course, a global thing that others use as well. But
for ours, it is just that way.
Senator Blumenthal. And you would agree with me, would you
not, that this practice, to the extent it requires
authorization from FISA--and apparently this program did--would
and should be reviewed by the FISA Court?
General Alexander. I think all things that are authorized
by the FISA Court should be--is reviewed by them. You mean the
actual queries themselves?
Senator Blumenthal. Well, the claim of social network
mapping that went beyond perhaps the targeting of foreigners.
General Alexander. It did not happen. So that is the part
that I take exception to. If there is anything that goes on
there, it is done under the 702, and that would be targeting a
foreign into the U.S.
So I do think--you know, this might be, Senator, a great
opportunity for you to come out and actually see some of this.
I think it would be very helpful in helping to shape the laws
that are so important to the future of this country, because I
think when you see it and you can sit down with the people and
they go through what we do and how this was conflated on one
slide, that all these documents that are foreign, like voter
registration, well, we all vote here, but it is not U.S., it
was foreign, to understand who the number that goes to this
person and what they are all about to help us understand is
this a threat or not.
Senator Blumenthal. And the only point I would make--and I
would be happy to accept your invitation and your
recommendation--is that a constitutional advocate could bring
this claim to the attention of the Court. It could be reviewed
factually and legally so that the American people would not
have to rely on a Senator, whether it is Richard Blumenthal or
any other Senator, or an official in charge, as you are, but
could be assured that there was some independent objective
review after an adversarial process that tested it. And just as
one last point, when I say ``tested it,'' we are dealing here
with a construct, a constitutional construct, that relies on a
1979 case, Smith v. Maryland, involving a pen register system,
which I think you would agree is the Stone Age of surveillance,
and technology has moved so rapidly and so profoundly, there
may be some need for the Supreme Court to interpret and advise
as to how these constitutional principles apply to modern
technology.
General Alexander. Senator, if I could also add, you know,
the Supplemental Procedures Governing Communications Metadata
Analysis, what I would like to do is--because that article is
so long and there are so many things interwoven, I would like
to take that for the record and give you back a detailed set of
responses so every point--because, you know, what I do not want
you to believe is I made this assertion here on what we do with
respect to FAA 702, and that gets conflated to Business Records
or something else. So, for clarity, we will take that for the
record, if that is okay, and give you both an unclassified
version so you can share that more widely with whomever you
would like, and then a classified version that shows you why
some of those technical details are absolutely incorrect.
Senator Blumenthal. Not only is it okay and acceptable, but
actually you read my mind because I was going to suggest that
an analysis of the article, because it raises very important
and impressive questions as to what the practices were and what
the constitutional implications are, really would be very
useful for this Committee, and I will ask that the Chairman
make it part of the record, if you would submit it. Thank you.
[The information referred to appears as a submission for
the record.]
Senator Blumenthal. Thank you to both of you for being here
today. Thank you again for your service and for your very
helpful testimony. With that, we will go to the next panel.
[Pause.]
Senator Blumenthal. As is the practice of this Committee,
first of all, I welcome you here and, second, I have the duty
to administer the oath so that you can be sworn. If you would
please stand and raise your right hand? Do you affirm that the
testimony that you are about to give before the Committee will
be the truth, the whole truth, and nothing but the truth, so
help you God?
Professor Donohue. Yes.
Professor Felten. Yes.
Professor Cordero. Yes.
Senator Blumenthal. Thank you. I am going to give very
abbreviated introductions in the interest of time because we
are running a bit late, but I will ask that the full summary of
your resume be submitted for the record.
Senator Blumenthal. First of all, Laura Donohue is a
professor of law at Georgetown Law School and the director of
Georgetown's Center on National Security and the Law. She
writes on national security and counterterrorist law in the
United States and the United Kingdom, and I understand that
your most recent book is entitled ``The Cost of
Counterterrorism: Power, Politics, and Liberty,'' and that you
are currently at work also on an article or a book on the NSA's
metadata collection program as well as drones and the War
Powers Resolution.
Professor Felten is a professor of computer science and
public affairs at Princeton University and the founding
director of Princeton Center for Information Technology Policy.
I understand that you were the first chief technologist at the
United States Federal Trade Commission and that you are a
member of various scientific bodies and that your research
includes interest in computer security and privacy, especially
relating to consumer products and media technology law and
policy.
And, finally, Carrie Cordero, who is the director of
national security studies and an adjunct professor of law at
Georgetown University Law Center. I understand that you also
have written and studied in the areas of national security and
counterterrorism as well as counterintelligence investigations.
You have had a number of very significant positions in the
Department of Justice and helped to formulate American policy
in these areas before your service now in the private sector. I
will not go into all of the positions, but they are extremely
impressive.
So maybe we can begin with you Professor Donohue. You will
have to turn your microphone on.
STATEMENT OF LAURA K. DONOHUE, PROFESSOR OF LAW, GEORGETOWN
UNIVERSITY LAW CENTER, AND DIRECTOR, GEORGETOWN'S CENTER ON
NATIONAL SECURITY AND THE LAW, WASHINGTON, DC
Professor Donohue. Thank you. Thank you for inviting me
here today to discuss really much needed reforms to FISA, with
particular reference to Sections 215 and 702.
I have submitted detailed written remarks for the record,
so for now what I would like to do is just highlight what I see
as the most pressing concerns.
Specifically, it is my view that the bulk collection of
U.S. citizens' metadata is both illegal and unconstitutional.
The Government argues that the metadata program complies with
the Constitution. In so doing, it relies in part on the case
that you mentioned that held that individuals lack a reasonable
expectation of privacy in the numbers that they dial.
The Government also suggests that the national security
interests at stake override whatever privacy intrusions might
result. For two reasons these arguments are problematic.
First, the metadata program amounts to a general warrant,
the use of which by the English played a key role in the
American Revolution and led directly to the Fourth Amendment. A
general warrant was a writ. It was issued by a court. It did
not expire. And it allowed officials to collect information to
search anywhere without any particularized suspicion.
In 1760, the British Prime Minister, William Pitt, directed
colonial Governors to use these writs of assistance to crack
down on illegal behavior. James Otis famously challenged them
as the worst instrument of arbitrary power. And John Adams
later wrote that this oration breathed life into this Nation.
``Then and there,'' John Adams reported, ``was the first scene
of the first act of opposition to the arbitrary claims of Great
Britain. Then and there the child Independence was born.''
The Virginia Declaration of Rights subsequently included a
clause outlawing general warrants. Similar language was adopted
by Massachusetts and New Hampshire in their State constitutions
and later the ratifying conventions, the most important ones--
New York, Virginia, and North Carolina--they required that a
prohibition on general warrants be incorporated into the Bill
of Rights.
James Madison wrote the Fourth Amendment to prevent the use
of general warrants. They were the definition of ``unreasonable
search and seizure.''
The FISC order, authorizing the telephony metadata program,
is a general warrant. It authorizes the Government to collect
and then to rummage through our papers and effects in the hope
of finding wrongdoing. There is no prior suspicion of criminal
activity, and almost none of the information obtained actually
relates to illegal behavior.
Second point: In defending the program, the Government
relies on the 1979 case called Smith v. Maryland. In that case,
Patricia McDonough was robbed in Baltimore. After giving the
police a description of the man who robbed her and the 1975
Monte Carlo car that he drove, she started receiving
threatening and obscene phone calls in her own home from a man
who said he had robbed her. Then he phoned her and had her come
out on her front porch while he drove slowly by the house in
the Monte Carlo. The police saw the car in the neighborhood,
got the license plate number, and identified that the car was
registered to Michael Lee Smith. The police asked the telephone
company if it would put a pen register on Smith. That day he
called Patricia McDonough's home. On the basis of this and
other information, the police obtained a search warrant. They
went into the house and they found a phone book turned down to
Patricia McDonough's name.
Michael Lee Smith had robbed, threatened, intimidated, and
harassed Patricia McDonough. The police placed the pen register
consistent with reasonable suspicion of criminal wrongdoing.
The NSA would treat every American as though they were Michael
Lee Smith, and it would collect not just the numbers dialed
from the home of the suspected criminal, but all law-abiding
citizens' metadata--whom we call, who calls us, how long we
talk. Calls to a rape crisis line, a suicide hot line, or
political party headquarters reveal much more than what was
sought in Smith.
The Government's argument could be extended to any sort of
metadata: email, banking records, financial transactions, and
Internet use. The extent to which we rely on electronic
communications to conduct our lives is fundamentally different
in scale and scope than what happened in 1979, and the NSA
would do this indefinitely.
Americans reasonably expect that their movements,
communications, and decisions will not be recorded and analyzed
by the Government. A majority of the Supreme Court seems to
agree.
In 2012 the Court considered a case involving 28-day
surveillance using GPS chips. This case recognized that Katz's
reasonable expectation of privacy test does not supplant the
rights that existed when the Fourth Amendment was written. At a
minimum, Justice Scalia wrote, the ``18th century guarantee
against unreasonable searches . . . must provide . . . the
degree of protection it afforded when it was adopted.'' The
protection against the general use of warrants thus stands.
In addition, at least five of the Justices indicated unease
with the intrusiveness of modern technology. Justice Alito,
joined by Justices Ginsburg, Breyer, and Kagan, suggested that
in most criminal investigations, long-term monitoring
``impinges on expectations of privacy.''
Justice Sotomayor went one step further. She suggested that
disclosing information to a member of the public for a limited
purpose does not divest that data of Fourth Amendment
protections.
The telephony metadata program also violates the express
statutory language of the Foreign Intelligence Surveillance Act
in at least three ways:
First, the Government argues that the NSA's telephony
metadata program is consistent with the statute in that all
telephone calls in the United States, including those of a
wholly local nature, are relevant to foreign intelligence
investigations. The use of the word ``relevant'' here is so
absurd as to render the term and the qualifying statutory
language meaningless.
Second, tangible goods subject to the order must be
obtainable by subpoena duces tecum, but no grand jury or court
would allow the bulk collection of all Americans' metadata. It
is illegal to use subpoenas for fishing expeditions. Subpoenas,
moreover, are specific. They relate to a particular individual
or crime, and they deal with current or past bad behavior. The
metadata program in contrast is broad, non-specific, forward-
looking, not tied to a crime, and looks to anticipate future
acts.
FISC itself has recognized the illegality of the program.
In March 2009 Judge Reggie Walton acknowledged that metadata
could not otherwise be captured in bulk.
Third, and finally, as a statutory matter, all of the
information at issue in the bulk collection program is already
provided for in FISA Subchapter 3 dealing with pen registers
and trap and trace. Using Subchapter 4, the Government appears
to be doing an end run around the restrictions that Congress
placed on the NSA.
The system, in my view, is badly broken. The NSA is
engaging in activities that are illegal and unconstitutional.
Congress has an opportunity to fix the problem and to do so in
a way that recognizes the benefits of new technologies, the
real threats the Nation faces, and the demands of the U.S.
Constitution.
Thank you.
[The prepared statement of Professor Donohue appears as a
submission for the record.]
Senator Blumenthal. Thank you, Professor Donohue.
And I might just say that all of your full statements will
be made a part of the record, without objection.
Professor Felten.
STATEMENT OF EDWARD W. FELTEN, PROFESSOR OF COMPUTER SCIENCE
AND PUBLIC AFFAIRS, PRINCETON UNIVERSITY, AND DIRECTOR, CENTER
FOR INFORMATION TECHNOLOGY POLICY, PRINCETON, NEW JERSEY
Professor Felten. Mr. Chairman, Ranking Member Grassley,
and Members of the Committee, I thank you for the opportunity
to testify about technical issues related to surveillance.
I am not an expert on the law, and I offer no opinion on
the legal status of any program. Nor do I presume to say how
best to balance the legitimate goals of conducting foreign
intelligence surveillance against the legitimate goals of
protecting privacy and promoting civil liberties. I hope that
my testimony will help you appreciate the power of metadata and
control its use appropriately, consistent with the need for
effective foreign intelligence.
The NSA has acknowledged that it is collecting metadata--
who called whom, when, and for how long--about nearly all phone
calls in the U.S. Earlier, General Alexander said that the NSA
is not currently collecting location data, but if it were to
begin collecting location data, this would raise additional
serious issues.
With today's analytic tools, metadata often amounts to much
more than just a list of numbers dialed. Often it reveals
information that could traditionally be obtained only by
examining the contents of communications.
Metadata can now yield startling insights about individuals
and groups, particularly when collected in large quantities
across the population. It is no longer safe to assume that
metadata is less revealing or less sensitive than the content
it relates to. Just by using new technologies such as
smartphones and social media, we leave rich and revealing
trails of metadata as we move through daily life. Many of the
details of our lives can be gleaned by examining those trails.
And the only reliable way to avoid creating those trails would
be to avoid using these technologies altogether.
Metadata can be highly personal. A series of calls to an
oncologist or an obstetrician or to a suicide hotline or to an
alcoholism counselor or to a competitor's personnel office or
to an Inspector General, the pattern of calls reveals content.
Metadata also reveals relationships. Frequent late-night
calls can reveal an intimate relationship. Calls to a counselor
or divorce lawyer can reveal the state of a marriage. Calls to
parents or siblings, or a lack of calls, can reveal the status
of family relationships.
Metadata is naturally organized in a way that lends itself
to analysis. By contrast, content is unstructured and can be
difficult to analyze and understand. Today a growing set of
computing tools can turn metadata trails into penetrating
insights, and given limited resources, analyzing metadata is
often a far more powerful analytical strategy than
investigating content, yielding more insight with the same
amount of effort.
When focused on intelligence targets, metadata collection
can be a valuable tool. At the same time, unfocused collection
of metadata across the whole American population gives
Government access to many of the same sensitive facts about the
lives of ordinary Americans that have traditionally been
protected by limits on content collection. Metadata might once
have seemed much less informative than content, but this gap
has narrowed dramatically and will continue to close.
Today's hearing is a vital step in a process that should
continue. Technical expertise is essential for effective
oversight of these technologically complex programs, and I
would respectfully urge you to consider how best to integrate
technical expertise into the oversight process.
As an example, the Foreign Intelligence Surveillance Court
in its declassified opinions expressed frustration that the NSA
had not disclosed significant technical information. The NSA's
good faith effort to summarize the technology for the Court's
benefit could have led to the omission of information that the
Court later found highly relevant.
Technologists within the NSA surely knew how their program
operated, but this information had to pass through other
people, some of them less attuned to the significance of
certain technical details before it could reach the Court. And
the Court, without access to technical advice, was not able to
ask the sort of probing technical question that might have
elicited the missing information.
The United States has the world's strongest pool of
technology experts, many of whom are available to assist in the
oversight process. I look forward to your questions today and,
more broadly, to continued constructive engagement between
oversight officials and technical experts.
Thank you.
[The prepared statement of Professor Felten appears as a
submission for the record.]
Senator Blumenthal. Thank you, Professor Felten.
Professor Cordero, I want to apologize. I have to step out
for a very quick visit with a group that has been waiting to
meet with me. I have read your testimony. It is excellent. If I
am not back in time, Senator Grassley can proceed to questions,
and I should be out for just a few minutes. So please proceed.
STATEMENT OF CARRIE F. CORDERO, ADJUNCT PROFESSOR OF LAW AND
DIRECTOR OF NATIONAL SECURITY STUDIES, GEORGETOWN UNIVERSITY
LAW CENTER, WASHINGTON, DC
Professor Cordero. Thank you, Mr. Chairman, Ranking Member
Grassley, Members of the Committee. Thank you so much for the
opportunity to be here today.
In my written statement, I have provided the Committee with
information about my previous experience as a national security
law practitioner, and that statement also recounts my
experience working at the Department of Justice on September
11, 2001, and includes examples of how pre-9/11 law and
interpretations of the law led to significant bureaucratic
processes inconsistent with the speed and agility needed in
national security activities.
Indeed, in the years leading up to and then after 9/11, the
FISA process was subject to the exact opposite criticism that
it seems to be today: The Department of Justice was accused of
being too reticent, too cautious, too unwilling to be
aggressive under the law in order to protect national security.
Subsequently, I had an up-front view regarding how the
intelligence reform laws passed by Congress over the next
several years vastly improved the intelligence community's
ability to protect the Nation from another attack on the scale
of September 11th.
So I am here today to urge caution in implementing quick
fixes that may sound appealing but that could have lasting
consequences at a practical level that could negatively impact
intelligence community operations and the Nation's security for
years to come. I do not want to see us go backward.
Since the unauthorized leaks of this summer and subsequent
reactions, I have observed three main critiques of the current
FISA activities. Let me take each one along with some of the
proposed reforms.
First, with respect to the proposals to restrict collection
under FISA, my perspective these arguments--that these
programs--and I am referring to both the 702 and the 215
program--are illegal are mostly arguments about what the law
should be, not what the law is. That said, the Government's
interpretation of 215 is a more forward-leaning interpretation
of the law than is its implementation of 702.
The 702 collection is targeted against non-U.S. persons
reasonably believed to be outside the United States. These are
not individuals with constitutional protections, and the
collection against them is conducted in accordance with the
statutory framework debated extensively and passed by Congress
in the FISA Amendments Act of 2008.
The metadata collection under 215 is obviously large in
scale, but I would submit that the Government's arguments in
this are consistent with existing precedent, no matter what
direction the courts may go in the future.
I would comment to the Committee the recently declassified
opinion and order by FISC Judge Claire Eagan dated August 29,
which offers a straightforward analysis of the law that
explains why the Court continues to approve this collection.
In addition, senior leaders of the intelligence community
continue to advise that the 215 program remains a valuable part
of the protective infrastructure that was implemented after
September 11th. Therefore, in my view, it would be premature
for Congress to abruptly end the 215 program through
legislation.
Second, with respect to the proposals to enhance public
confidence, two themes emerge in proposals to add a special
advocate or public interest advocate to the FISA process. One
view is that the Court could benefit from an additional view,
particularly in cases involving technical complexity or novel
legal issues. A second view is that a special advocate would go
a long way in restoring public confidence. I have concerns
about both proposals.
If what the Court seeks--and it would be helpful to hear
from the current Court on this issue--is simply an additional
view beyond that which is presented by the Justice Department
on behalf of the intelligence community, then I would submit
that empowering the existing Civil Liberties Protection
Officer, a position created by Congress, to present his views
directly to the FISC would serve that purpose. This proposal
would address the substantive concern that the Court could
benefit from an additional view, and it would do so without
adding substantial layers of additional bureaucracy.
On the public confidence point, I would suggest that an
outside advocate would not carry the weight that is hoped it
might provide with the public in the longer term. If done in a
manner protective of classified information, the advocate would
necessarily work in secret, alongside the executive branch.
With the passage of time, outside observers will just see the
advocate as another participant in a secret process.
So what would enhance public confidence? Perhaps the most
frustrating part of the reaction to the leaks from my
perspective has been the nearly complete lack of confidence in
or comfort by the existing oversight mechanisms, particularly
with respect to 702 collection. I can personally attest that
the oversight is extensive and exhaustive. So I will offer a
few suggestions of what might be some steps in the right
direction to bolster both congressional and public confidence.
One, Congress can ensure that the offices conducting
oversight are staffed and funded appropriately to their
responsibilities. The internal executive branch oversight
process that has been built requires a lot of man-hours to do
it right, and the quality of oversight will suffer if any of
these offices are stretched beyond their capabilities.
No doubt there is an irony here in making this point in the
midst of the Government shutdown.
Two, Congress could consider requiring an annual or
semiannual public report that produces information currently
contained in the classified joint compliance assessment. This
report might help better inform Members of Congress beyond the
Judiciary and Intelligence Committees regarding the oversight
and compliance process.
Three, Congress should focus its efforts in working with
the NSA, the Justice Department, and other components in the
intelligence community to reduce the complexity of internal
procedures. I have explained the reasons for this
recommendation in greater detail in my written statement, but
to summarize, one aspect of reducing compliance incidents is
reducing the complexity of internal operating procedures to
ensure that operators at the working level understand the rules
they are operating under.
Third--and I will hit this point quickly--with respect to
the proposals to enhance transparency, this seems to be an area
where there is clearly room for Congress to act. My own view is
that the seemingly ad hoc nature of the recent Government
declassification releases is not actually helping as much as
they might think. If declassification is the new norm, then
there needs to be a more regularized and consistent method of
releasing information. This might include amending the
reporting provisions in FISA to provide additional public
information, whether it is statistics, declassified legal
opinions, summaries of implementation actions, or reports on
compliance matters--semiannually, quarterly, or at some other
appropriate regular interval. In my view, this might cut back
on each release being an event unto itself.
Thank you very much for inviting me here today to share my
views, and I look forward to your questions.
[The prepared statement of Professor Cordero appears as a
submission for the record.]
Senator Grassley [presiding]. Senator Whitehouse, Senator
Blumenthal said I could go ahead.
Senator Whitehouse. And I think you should.
Senator Grassley. Thank you. You are in the majority, do
not forget.
Professor Donohue, I understand that you concluded that the
bulk collection of phone records under 215 is illegal. I call
to your attention that President Obama is a former
constitutional law professor, editor of the Harvard Law Review,
and you probably know that he has concluded that the program is
legal both under statute and as a matter of constitutional law.
Is it your view then that President Obama is wrong?
Professor Donohue. Yes.
Senator Grassley. Okay. A further question, this time of
Professor Felten. You testified that telephone call metadata
can reveal an incredible amount of information about a caller
when aggregated with other data and analyzed. For example, you
mentioned that metadata can reveal sensitive information about
the caller's relationship, lifestyle, and activities. But under
the FISA Court order, bulk telephone metadata collected under
Section 215 can only be assessed and searched by the Government
when it has reasonable and articulable suspicion that the phone
number is connected to terrorism.
Question: Does your testimony underscore what a valuable--
no, let me start over again. Doesn't your testimony underscore
what a valuable tool the collection of metadata under Section
215 is to keep the country safe? Aren't the relationships and
the activities of suspected terrorists precisely the kind of
information that the Government should be trying to learn about
them as rapidly as possible?
Professor Felten. I certainly agree, Senator, that it is
important for the intelligence agencies to have the ability to
get this information about terrorists and their associates, and
this I think goes to the issue of focus that I discussed in my
testimony where, when focused on terrorists and their
associates, certainly I think few Americans, if any, would
object to this sort of program. But when it is unfocused across
the whole population, it does raise the same kinds of privacy
and civil liberties issues that arise with content. And,
therefore, I think it makes sense to think about how best to
balance those issues in order to make sure that the collection
and analysis of that data is limited--is available where
necessary, but is also not without bound.
Senator Grassley. Thank you. And I will go to Professor
Cordero. I would like to describe a few aspects of how
Government attorneys practice before FISA. For example, do
Justice Department lawyers who appear before FISA Courts have
an obligation to present both sides of an argument, including
law or facts that run counter to the Government's position? And
would you say that their presentation of opposing views is as
vigorous as would be accomplished by an independent advocate?
Professor Cordero. Thank you for the question. With respect
to the practice before the Court, the practice is ex parte, in
camera, and what that means for the attorneys for the Justice
Department who do that practice is that they have a heightened
obligation in the FISA Court practice. In addition, with
respect to their ethical obligations as members of the bar,
whenever attorneys practice ex parte, in camera, they have a
heightened obligation to bring both the facts that are
supportive of their case but also derogatory information or
contrary information that might be relevant to the Court's
judgment. And so certainly my experience at the Department of
Justice was that that was how we conducted our business.
In addition, the Court has legal advisers who conduct
independent review, and then there are the members of the Court
themselves who are independent district court judges.
I would also commend to you Judge Walton's letter to this
Committee in July where he explained the process between which
the Government works with the Court and when the Court asks
questions and how the Government responds to those questions.
And it is a very extensive and probing process.
Professor Donohue. Excuse me, Senator. May I add something
to that particular response, please?
Senator Grassley. Certainly.
Professor Donohue. Thank you very much. I just want to
mention in regard to the Foreign Intelligence Surveillance
Court, they are not performing the function that they were
originally envisioned to perform under FISA. They were supposed
to narrowly grant orders. And what we are seeing are dozens of
secret opinions which we have not seen. Some, as we found out
in July, are hundreds of pages long and make rulings on very
complex, difficult constitutional questions. There is, for
instance, a special exception that the Foreign Intelligence
Surveillance Court has carved out for foreign intelligence out
of the Fourth Amendment. The Supreme Court has never recognized
in the Special Needs Doctrine a special exception for foreign
intelligence.
In order to adequately air these views, having opposing
counsel or, what Senator Blumenthal has suggested, a
constitutional advocate, would be of great assistance.
The recently released opinion that Judge Eagan put out is
only three double-spaced pages on the constitutional questions
that are far more complex than are encapsulated in that
opinion. So, to adequately air what the Court has become, it is
important to have somebody there as a constitutional advocate.
Thank you.
Senator Grassley. Could I ask one more question? This will
be my last question for you, Professor Cordero. In your
experience, how often does FISA Court challenge proposed
Government applications by signaling that they may be
insufficient? Describe the process by which Government lawyers
attempt to resolve possible insufficiencies for the Court,
including the role of legal staff. And does the high rate at
which the Court ultimately approves Government applications
reflect the process?
Professor Cordero. Thank you. So with respect--I do not
have a numerical sort of number to give you with respect to how
frequently the Court questions the Government presentations. In
my experience, which ended in Government in 2009, however, it
was a very frequent occurrence that there would be exchanges
and question-and-answer periods between the Government lawyers
and the Court on a very frequent basis, and it could happen at
various levels.
So, for example, if there was just a routine matter and
there might need to be sort of small clarification questions,
that might occur at the level between the Court's legal
advisers and staff attorneys. If there were more significant
issues that might be at issue in a particular application or
request, then that might involve sort of more senior levels of
the Department of Justice engaging with either the legal
advisers again or members of the Court. And this process can
continue. If there were extraordinarily significant issues
raised in a particular request, that might raise the attention
and sort of the involvement in the discussions with the Court
up to the level of the Assistant Attorney General for National
Security or even the Attorney General.
So it would be an exchange of questions and answers and an
iterative process that, depending on the complexity of the
matter or the judge's concerns, could either be resolved
quickly or go on for some length of time.
That being said, the overall numbers, as Judge Walton's
letter had explained this summer in his letter to the Chairman,
the overall numbers of approved applications does not reflect
that process at all. And it also does not reflect the scenarios
in which the Court might request changes be made to
applications or proposed orders, whether the Court modifies the
proposed orders, or requires that the Government proceed in a
different way. And it also does not indicate in that statistic
whether or not there was a circumstance that the Court
indicated informally to the Government that I might deny an
application and the Government then would withdraw that
application.
Senator Grassley. Thank you.
Senator Blumenthal [presiding]. Thank you, Senator
Grassley.
Let me begin by pursuing the line of questioning that
Senator Grassley just introduced about the constitutional
advocate, which, as you know, I have proposed. And I know,
Professor Cordero, you have outlined your concerns in depth,
and I do not know whether some of those concerns would be
addressed by the fact that the challenge or the questions to be
raised would be done after in time the authorization of
whatever surveillance might be indicated. Would that address
some of your concerns? Because I think in your testimony you
indicated that it would be a sea change for this kind of
advocacy to be done before the authorization of whatever the
surveillance might be.
Professor Cordero. Thank you, yes, and in my written
statement I did have in mind sort of at the FISC level prior to
collection, the idea of adding an adversarial process at that
level.
With respect to adding an advocate at an appellate level,
it raises some different issues. Certainly it would reduce the
concerns about impeding operational speed and agility, so it
certainly would, from my perspective, be better in that sense.
But I guess the question I would ask is sort of which--what
problem is it trying to solve and who the client would be of
this constitutional advocate. Because I know from my
experience, which, again, is a few years dated, but from my
experience as the lawyers presenting these cases to the Court
in the ex parte, in camera fashion, we operated in a culture
that we were operating in the public interest and that our
client was the American public and the American citizen. And
that was sort of the culture that permeated that office at the
time, and I do not have any reason to suggest that that has
changed since.
In addition----
Senator Blumenthal. And I do not dispute that that culture
existed then and existed now, and what we have seen, if you
read Judge Walton's opinion about what resulted from perhaps an
inadvertent failure to communicate--and you were here when
General Alexander described the lack of communication between
two areas of the intelligence community--that could happen
again. The problem to be addressed is potentially that kind of
mishap which constituted a violation of law and was very
significantly criticized by Judge Walton. In fact, he
criticized the misrepresentation. And either the violation of
law or misrepresentation certainly could have been addressed
not only at the appellate level but at the FISA Court level as
well. So that is the kind of problem that could be addressed.
And I recognize--and I was a Government lawyer myself and
represented the United States as well as the State of
Connecticut--that Government lawyers generally try to do the
right thing, represent the American public, but their view may
be affected by what they see as the public interest, which may
be skewed to one side of an argument for granting a warrant or
another or approving metadata collection or not. And the
adversarial process traditionally operates to bring out the
truth. So that is my question to your question, what is the
problem or what is the issue or need for some constitutional
advocate? And very simply, who is the client? The Constitution
and the constitutional rights of the American public.
Professor Cordero. So I guess sort of two thoughts on that.
One would be with respect--if part of the concern then is
addressing the Court's--what might be the Court's desire, sort
of as expressed by Judge Carr when he has testified before and
in his op-ed, that the Court would benefit from an additional
view on constitutional issues, then on that point that is why I
have suggested that it might be appropriate to consider whether
or not the existing Civil Liberties Protection Officer, who was
a position created by Congress to consider matters of civil
liberties and privacy, that that person might simply be more
formally empowered to present an independent view to the Court,
and that way that would be a person who is up to speed,
knowledgeable, and aware of all the complexities of the issues,
but might have a slightly different view that it could inform
the court about versus that presented by the Justice Department
on behalf of the intelligence community.
Senator Blumenthal. Thank you.
My time has expired. I have additional questions. If there
is no objection, I am going to turn to my colleague Senator
Whitehouse rather than keep him here and then return to my
questions.
Senator Whitehouse. I think it is within the Chairman's
right to have as many rounds as he pleases, so have at it. But
thank you for recognizing me.
Let me start by saying to Ms. Cordero that I think your
practical experience in this area gives, at least to me, your
testimony additional weight, and I appreciate it And I thought
you made a very significant point when you talked about the
need for ``more regularized and consistent methods of releasing
information.'' I think that was the phrase that you used.
We are still looking into it, but it appears to me that our
intelligence community was caught flat-footed by the sudden,
unexpected, unauthorized disclosure of classified information.
And in the early days it had all of the outward appearance of a
mad and unprepared-for scramble.
An air crew prepares for the eventuality of a sudden,
unexpected decompression of the aircraft, for instance, and I
do think it is important that our intelligence community
consider what we now know to be the virtual inevitability of
these types of releases taking place, and have a more robust,
immediate response to that eventuality, but also bet on it
happening in the future and be more candid with the American
people in the run-up, because I think a good deal of what has
been disclosed could have been disclosed earlier, and I think
the downside of classification in this area is very real. There
is always an upside. It protects our sources, it protects our
methods, it protects people who are helping us. It makes
successful programs continue to be successful because people do
not avoid them. If you disclosed who you were wiretapping,
obviously your wiretap would fail, and we do not do it that way
for very obvious reasons.
So there is some real value to things being classified, but
there are also all sorts of oversight and other issues that are
raised, and I think you have a very balanced and sensible
suggestion about trying to do that on a regular way, and I look
forward to working with you to develop that further.
Professor Felten, you said it was important that this
information be available where necessary to our national
security officials. Given the nature of the operation, that
means it has to be somewhere. You have to be able to have the
information. You do not get the luxury of being able to go back
after the fact and figure out what you should have collected.
So by your hypothesis that it needs to be available where
necessary, I take the implication that collecting the whole
haystack is necessary because otherwise it is not available
where necessary. You cannot know that in advance.
The second part of your point was that it must be available
where necessary, but it has to be limited to help protect the
privacy interests that are here at stake.
Now, the way we have customarily done that over the years
has been through mitigation techniques that go originally all
the way back to wiretaps where the FBI agent listening in on
the wiretap with the headphones would listen to the
conversation, and if it looked like somebody was ordering pork
chops from the butcher or talking to their Mom, you would flip
off the conversation for a while, and then you would flip it
back on to see if it was still unrelated to the criminal
investigation, and then you flip it back off. And, obviously,
it has gotten a lot more sophisticated since then in this new
environment.
But do you concede that the whole haystack method protected
by adequate mitigation is actually necessary to accomplish the
result that you have indicated is ideal, which is that the data
to protect our country should be available where necessary?
Professor Felten. I do not think it is necessary to collect
all of the data immediately. My view is that the policy with
respect to metadata, the policy tradeoffs with respect to
metadata are becoming more similar to those with respect to
content, and the example that you gave of minimization on a
traditional wiretap even while the wiretap went on is a non-
collection of data because there is not enough reason to
believe that it is relevant to the purpose. And this is a
balance that has been going on with content for a long time.
Senator Whitehouse. The difference, of course, is that that
is one thread of information, and the necessary protection
purpose is accomplished by staying in real time, by listening
to that conversation as it develops. When you are trying to
connect a network of contacts that a terrorist overseas might
have, it is too late in the game to build that network if you
do not have the information necessary to do that; otherwise,
you are working--I mean, you may eventually be able to do it,
but you risk a timing problem with by the time you have
developed that network, you have missed important players in
it, and the event that you are trying to prevent has taken
place already. And it is the preparedness, I think, that is an
important part of this. So I guess I would put myself on record
as disputing that the haystack plus mitigation modality is not
adequate.
Let me ask all of you another question. We have talked a
little bit about the--you know, it has been long established
that the kind of metadata that is collected through these
programs is not protected by the warrant requirement. Everybody
who has been in law enforcement here--Chairman Leahy, Chairman
Blumenthal, myself, Senator Klobuchar, former U.S. Attorney
Jeff Sessions--we have all gotten access to this data without a
warrant, and it actually is achieved pretty readily. And, in
fact, in the early days, it was done almost informally with the
phone company, and now it has been regularized more. So there
is an unquestionably vast amount of both legal and practical
precedent for that proposition.
At the same time mitigation has taken place for a very,
very long time and is also equally well established, both as a
legal protection and as a practical means of doing this.
So there you have got long-established legal and practical
precedent, and I think it is reasonable to draw conclusions
from that looking forward.
Now, to my question, there is another long-established
precedent, which is that if you are the police chief and you
want to put a tail on somebody you suspect, you do not need a
warrant for that either. You can take a police officer, a
plainclothes officer, and say, ``Look, we need to know where
this guy is going. You tail him and let us find that out.'' And
that has been true for as long as there has been law
enforcement. So, again, another long-established precedent.
Then along comes United States v. Jones, and in United
States v. Jones, the police decided that instead of just
tailing Antoine Jones, they would put a beacon on his car, and
they would track that beacon, which would obviously save law
enforcement resources, take advantage of new technologies, be
the smart thing to do, et cetera, et cetera, et cetera.
The Supreme Court in that case said that that was a search
and that that required a warrant, even though following him
around would not have required a warrant. And while the
constitutional basis for that decision I do not think is fully
settled yet, there was a bare majority that said it is because
of the physical trespass by putting the beacon on the car, but
there was another majority that said, no, actually you have got
to look at--they were unfortunately in the form of a concurring
opinion and another concurring opinion, so they did not form
five. But if you read Justice Sotomayor's concurring opinion
and the concurring opinion of four, they are all saying, look,
just under the expectation of privacy test, this is a search
also.
So I deduce from that that there is a point, in fact, where
new technology and scale change the underlying nature of what
had forever been a non-warrant-requiring search. And so I think
it is an actually very live constitutional question how United
States v. Jones should apply to these programs. I have yet to
see an opinion of the FISA Court that addresses that.
The Eagan opinion came out very recently and did not
address it--came out since the Jones decision and did not
address it. So I am interested in each of your views as to how
you would expect the FISA Court to rule when a case came up
that obliged it to look at the application of United States v.
Jones, the beacon decision. Let me start with Professor
Cordero.
Professor Cordero. Okay. Thank you, Senator. Certainly the
Jones case is on the minds of everybody who considers these
issues. With respect to----
Senator Whitehouse. Except Judge Eagan, evidently.
Professor Cordero. Well, with respect, though, to Judge
Eagan's opinion, so what she said is--and I will quote. She
said that the production order under the 215 is ``squarely
controlled by the Supreme Court decision in Smith v. Maryland
and the Smith decision and its progeny have governed Fourth
Amendment jurisprudence with regard to telephony communications
metadata for more than 30 years.''
There have been 14 judges of the Court who have approved
the 215 program since 2006 34 times. The Jones case came after
2006, but there still have been at least some of those judges
who have continued to approve the 215 case subsequent to the
Jones case, and so that might be perhaps one suggestion that
the Court is still satisfied.
Judge Eagan also said that the fact that the data was not
collected in bulk in the Smith case or, if you take the inverse
of that, that it currently is conducted in bulk, she said that
that would not change her analysis.
So that being said, as I mentioned in my written statement,
this is certainly an area where the law may change in the
future. In the Jones case, as you mentioned, the majority that
held that the GPS surveillance was a search, held it on the
trespass grounds, not on the grounds that actually following
the person around through the GPS surveillance was the search.
It was the second sort of concurring majority part that said
that had they decided the decision, they would have held on
that grounds. But as you noted earlier in your remarks, that
actually turns what are traditional investigative techniques of
physical surveillance on its head from formerly being one of
the most least-intrusive techniques to now all of a sudden
flipping it up to a warrant requirement.
Senator Whitehouse. I think rather than ask the other two
to respond, I have now gone so far over my time that it is
really impolite to the Chairman, and I will----
Senator Blumenthal. You can go further.
Senator Whitehouse. Then we will finish with their answers,
and I will yield, but I appreciate very much the Chairman's
patience with this.
Professor Felten. Well, I do not have the legal expertise
to predict how a court would rule on--interpret Jones, but with
respect to your discussion of law enforcement and police access
to metadata, certainly this has been going on for a long time,
and appropriately so.
The modality there has not been one of transferring all
data to law enforcement and then having them pull out the
pieces they want later. Law enforcement and prosecutors have
been able to go to the phone company and get the records they
need when they need them.
Certainly I would agree that technology provides new ways
of managing this process, and one of those ways is to allow an
intelligence agency to get the data that they need in a
targeted and focused way in real time, without needing to
transfer all of it from the beginning.
Senator Whitehouse. Professor Donohue.
Professor Donohue. Thank you for your question. I would
like to address just briefly the minimization technique point
that you raised and then move to the question that you pose.
On the mitigation techniques, minimization was only one of
many protections that was built into the statute. FISA also had
prior targeting before you could place intercepts. You had
probable cause that an individual was a foreign power or an
agent of a foreign power. You had the Foreign Intelligence
Surveillance Court, and you had a higher standard for U.S.
persons. All of that has been swept aside for the 215 metadata
program. Now there is a general order, the NSA determines RAS,
whether there is reasonable, articulable suspicion. There is
not a different standard----
Senator Whitehouse. Well, it has not extremely been swept
aside for the metadata program. The metadata program faces the
reality that unless you are gathering the information, you do
not have a haystack to search in. But it does not mean that a
search actually ever gets done of the haystack, and the steps
required to search the haystack are far more rigorous than all
the ones that you just mentioned.
Professor Donohue. So the problem is that in building the
haystack, all of the protections have been thrown out. And with
the type of information that you can get from this telephony
metadata----
Senator Whitehouse. And that is kind of the question, isn't
it? Is the building of the haystack the search or not? Even if
nobody knows what is in it. Even if nobody knows it, is there a
privacy interest that is lost when nobody knows that you made
those calls, but there is a haystack out there and under the
right circumstances somebody could find out?
Professor Donohue. And there are two responses to that----
Senator Whitehouse. That is an interesting--that is kind of
the crux of the question we have got.
Professor Donohue. There are two responses to that. One is
the Foreign Intelligence Surveillance Act is about the
acquisition of information, which is when that information is
acquired. And, second, I would go back to the general warrant.
The purpose of the Fourth Amendment was to prevent general
warrants, which was to search for information and to conduct
searches indefinitely without any particularized showing. And
there is a constitutional violation that goes on in that case.
Senator Whitehouse. Although there are lots of things that
people do in law enforcement and have since the dawn of time
that they do not even need a general warrant for because there
is no warrant requirement. And so you cannot use the warrant
requirement as a criticism of the way in which that has been
done. It has never been within it. So things that were not
subject to a warrant requirement do not require a general--the
general warrant problem I do not see as being pertinent here.
Professor Donohue. No, this goes to the reasonableness or
unreasonableness of the search itself. That was the point of
the Founders. That was why Jefferson included this. This is why
Madison was talking about this. This is why it was in the
Virginia Declaration of Rights. This is why New Hampshire,
Massachusetts--it was the actual reasonableness.
Senator Whitehouse. And that takes us back to the question
of what is a search.
Professor Donohue. Of what is a search. Well, the
reasonableness----
Senator Whitehouse. Does human knowledge----
Professor Donohue. And unreasonableness.
Senator Whitehouse. Does human knowledge define the search
or does its availability in the haystack define the search. And
that is, I think, a really interesting and important question
that we need to address. But I do not think you can jump across
back and forth between those two definitions and still have a
logical and practical discussion.
Professor Donohue. Okay. Let me address your second point
as well, which is this broader question, if you can use these
powers in law enforcement, and there are two parts to this. One
is the pen register abilities that law enforcement has, and
second is the subpoena powers. And just on the subpoena power
point, you cannot go on fishing expeditions. You cannot, for
instance, convene a grand jury in Bethesda and just see what is
happening in town and start mining it for information. You
cannot use a subpoena to obtain generalized information. It has
to be material and specific to a particular suspected crime or
individual or series of activities.
This is not what we are discussing. This is not what could
be otherwise obtained by a subpoena duces tecum, which the
statute requires and which the FISC judge, Judge Walton, said
there is no other legal way you could get this information. So
it is very different from the kind of subpoena power that
somebody would have in law enforcement.
On the pen register side, I think you are exactly right to
highlight what is going on with Jones and the extent to which
metadata and the types of things that Professor Felten is
discussing have changed the incursions into privacy that are
possible. In the case of Smith v. Maryland, Michael Lee Smith
had robbed, harassed, threatened, made obscene phone calls,
drove in front of her house, and tried to intimidate her. And
on that basis, they got one pen register that, within a 24-hour
period, recorded that he called her again. They went into his
house. They got a general--or not a general, they got a
specific warrant. They went into his house. They found the
phone book turned down to her name. That is a completely
different situation than collecting bulk information.
Senator Whitehouse. The holding of the Supreme Court in
that case--if we are going to talk about the case, the holding
of the Supreme Court in that case was not because he behaved in
those awful ways you are entitled to get this. The holding was
this is not Fourth Amendment--warrant requirement protected in
the first instance. And it did not matter whether he had been
awful and engaged in all sorts of abusive and ghastly conduct
or not. There is a constitutional line that it drew, and the
holding was that that kind of pen register information simply
does not require a warrant, period.
Professor Donohue. And I would respond to that, you are
absolutely right. In that situation it did not require a
warrant. What we are talking about is the wholesale
collection----
Senator Whitehouse. Nor has in any situation since, right?
It was not----
Professor Donohue. Well, certainly. Certainly the shadow
majority in Jones found exception to that. Justice Alito's
opinion joined by three----
Senator Whitehouse. Now we are back to my question about
the shadow majority in Jones, and I will accept that. But I do
not think it is fair to say that Smith was a case that is
defined by its facts in any way. It has been one of the cases
that has had the broadest practical and judicial acceptance in
real law enforcement life of anything. It has gone on for----
Professor Donohue. And yet Justice Sotomayor in Jones goes
on to say that she would not extend to third-party data the
same protections that they would otherwise not deserve under
the Fourth Amendment precisely because of technology. We have
seen this also in the Circuits at an appellate level. We have
seen a number of judges express this same----
Senator Whitehouse. So to summarize, because I have now
gone way too far, to summarize, you do think that it would be
incumbent upon the FISA Court to consider the Jones decision at
a minimum, and in your view, in considering it they would
likely further restrict the capabilities of this program.
Professor Donohue. Not only should they consider it, but
this also goes back to Senator Blumenthal's point of the
necessity of having a constitutional advocate there who can
bring up Jones and these other cases--as you note, it is
nowhere in Eagan's opinion--and to have somebody there who can
bring this up so that the Court does have to wrestle with this
and address this directly.
Senator Whitehouse. Thank you, Chairman. You have been
immensely patient.
Senator Blumenthal. Thank you.
I want to thank Senator Whitehouse for raising Jones and
this issue of technology having to be considered by the FISA
Court because it does revive the point that I made in the
previous panel that a lot of the constitutional jurisprudence
seems to depend on the Smith v. Maryland case, and the
technology there was really very primitive compared to what we
have now. And if at least a number of you feel that Jones may
be relevant and should be considered by the FISA Court--let me
go back to Professor Cordero--would it not be useful to have an
advocate to, in effect, present in an adversarial way the
implications of the Jones case in testing surveillance
conducted under this very, very different, profoundly different
technology?
Professor Cordero. Well, as this Committee is aware and as
the Intelligence Committees also, this Committee is in a
position to receive information that is not available to the
public that involves pleadings or opinions that the Court has
made beyond that which has been identified. So I do not know
whether or not Jones has ever been considered by the FISA Court
in any of its decisions. It may be that it has, and it may be
that that is information that would be available to the
Committee or the Intelligence Committees.
But that being said, the Court has a rule that when there
are new or novel issues of technology or law that are being
presented to the Court, it requires a Memorandum of Law from
the Government. And so the Government needs to explain and
bring to the Court's attention, ``Court, this is something that
you have not seen before, and here is our Memorandum of Law
explaining sort of the parameters of that.'' And whether that
would involve the Jones case or some other relevant case law,
certainly it would be the practice of the Department as a
general matter to inform the Court and bring to the Court's
attention relevant case law.
Again, I cannot speak to whether or not this specific case
has been an issue that has arisen in a Memorandum of Law that
the Department has provided, but I certainly----
Senator Blumenthal. Well, you say----
Professor Cordero. Would not be surprised.
Senator Blumenthal [continuing]. You cannot speak to it.
Are you saying that to your knowledge Jones has not been
presented? Because I am not aware of Jones having been part of
any----
Professor Cordero. I simply do not know, sir, because I
left Government at the end of 2009.
Senator Blumenthal. Okay.
Professor Cordero. So I simply do not have that
information. Perhaps the Committees do, or perhaps the other
Committees do.
Senator Blumenthal. But so far as you know--and you cited a
certain number of judges and a certain number of opinions, 14
judges in 34, did you say----
Professor Cordero. Instances, right, where the 215 program
was affirmed by the Court. But speaking more----
Senator Blumenthal. None to your knowledge has considered
Jones?
Professor Cordero. Well, when I am saying they have--
whether or not they have considered Jones, I am speaking a
little bit more generally, so not just with respect to 215. As
a general matter, if the Government were presenting novel
issues of technology or law, they would brief the Court on
those issues, and I would expect that they would bring
important cases to the Court's attention.
Senator Blumenthal. And I understand your point that the
Government has, as you have referred to it, a ``heightened
obligation'' because there is no one on the other side. But
there is an institutional interest and maybe even a national
security interest in the Government not raising for the Court,
``By the way, Judge, you know, here are the ways that Jones
could really challenge this whole construct of jurisprudence on
which the warrant procedure rests, and here are the''--in other
words, it may not be directly raised by a specific request of
the Court, and it would take a great deal of heightened
scrutiny or heightened obligation for counsel to, on its own
initiative, raise a challenge of that kind.
So we both know that courts always make better decisions if
they hear both sides of the argument through an adversarial
process. It is a theme that runs through our court system. It
is one of the underpinnings of our jurisprudential system. And
you have indicated just now that perhaps the office of--the
Civil Liberties Protection Officer could provide some kind of
substitute. But, of course, that Officer now under statute
reports to the Director of National Intelligence. There is no
way that that Officer could present an objective or independent
view, either in litigation or even in advising the Court.
So I come back to the question: Doesn't the question that
Senator Whitehouse has been raising about the implications of
Jones raise again--shouldn't the FISA Court have been hearing
exactly these kinds of questions?
Professor Cordero. Well, I guess, Senator, what I am
suggesting is that I think there is a reasonable possibility
that the Government, in fact, would brief the Court on a
decision of such import in its capacity of providing a
Memorandum of Law regarding the issues that it would provide in
its ex parte, in camera process.
In addition, with respect to the special advocate, I think
there also could be some consideration to the relationship that
exists currently between the Government and the FISA Court, and
I think that relationship and sort of the exchange of
information and the process that goes back and forth is
explained in Judge Walton's letter.
In considering the proposals for the advocate, I would hope
that the Committee would sort of take into advisement whether
or not adding an adversarial process might actually disrupt in
some way that relationship of trust and working together that
the Department and the Court have developed over a course of
decades.
Professor Donohue. Senator, may I add something to that?
Senator Blumenthal. Yes. I was actually going to ask both
Professor Donohue and Professor Felten to comment.
Professor Donohue. Thank you. So I want to recognize at the
outset, in 2009 it was the Department of Justice that actually
recognized that there were noncompliance incidents going on,
and they were the ones that reported it to the Foreign
Intelligence Surveillance Court, that for the first 3 years the
program operated, that actually of 18,000 inquiries per day as
of January, only 1,800 or so had reasonable, articulable
suspicion. It was DOJ that was performing its due diligence and
reported that to the Court.
With that said, you know, as Justice Jackson reminded us in
Irvine v. California, the executive is hardly a disinterested,
neutral observer when its own interests are on the line. We
read in Federalist 47 and 48, Federalist 51, when Madison says
the ambition of the man must be aligned with the ambition of
the office; if Government is to govern man, we must find a way
to get it to control itself; that these checks and balances are
very important. And as you note, within our judicial system, we
have adversarial processes to ensure that individual interests
do not taint the outcome of cases.
And so I think it is terribly important to have somebody
there to represent constitutional concerns that does not have
an interest that might otherwise be swayed, and that provides
another voice to the Court, especially if they are going to be
considering such weighty constitutional questions and then
issuing opinions secretly, hundreds of pages long that carve
out exceptions to the Fourth Amendment. You absolutely have to
have an adversarial process involved in that.
Senator Blumenthal. Thank you.
Professor Felten.
Professor Felten. Whether it is through an adversarial
process or through the Government presenting the full scope of
information to the Court, when it comes to issues of complex
technology, it is important that the Court has access to the
kind of expertise that it needs to make a well-informed
decision. And perhaps that takes the form of the Court being
able to use a court-appointed expert or a special master,
perhaps if there is an adversarial process, whoever it is that
is arguing on behalf of civil liberties or the public also has
access to the expertise that they need to do that well.
Senator Blumenthal. Thank you.
Senator Whitehouse, did you have other questions?
Senator Whitehouse. Mr. Chairman, I just wanted to observe
that actually in our own procedures here we do our very best to
try to create that adversarial exchange of views. Clearly,
Professor Cordero and Professor Donohue have very different
views about what should be done here. Each has acquitted
themselves I think with very great ability in this particular
forum, and it is a virtual constant that in our hearings we
have witnesses from different points of view so that we can
hear those.
In my years on the Intelligence Committee, I really felt
that we were--a difficulty was created for the Committee by the
fact that in deeply classified programs there was no way that
you could bring a different view in. And so in the same way
that the Government has a heightened standard, I think we all
felt very keenly the heightened standard of inquiry necessary
because there was not public inquiry and there was not exchange
of views. And that to me is--we vote with our feet sometimes,
and in Congress, I think we have voted with our feet in favor
of as close to an adversarial type method as we can in the way
we conduct our hearings in the ordinary course.
And so I am not sure that the mechanism of an independent
body that is all on its own is exactly the right one, but I am
firmly in your camp that improving that ability for the FISA
Court to have a broader range of views presented to it and to
build in the adversary process is an important step in the
right direction.
Senator Blumenthal. Thank you. I appreciate those comments
and your questions earlier, and I want to say that this is a
very difficult and challenging issue or set of issues, and I
really appreciate the testimony that has been given by this
panel. I have been enlightened by the somewhat adversarial
exchanges here with some of you, and I think that the subject
bears a lot more thought and consideration. I would invite each
of you to submit additional comments and hope that I can
consult with you, because you bring a set of experiences as
well as expertise that I think will be very valuable as we move
forward, and particularly to my colleagues, I will encourage
them as well to consider all of your views.
So thank you for being here. Thank you for your excellent
testimony. This hearing is adjourned. We will keep the record
open for 10 days, and please submit additional comments if you
have any.
Thank you very much.
[Whereupon, at 1:38 p.m., the Committee was adjourned.]
[Additional material submitted for the record follows.]
A P P E N D I X
Additional Material Submitted for the Record
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]