[Senate Hearing 113-878]
[From the U.S. Government Publishing Office]




                                                        S. Hrg. 113-878
 
                       CONTINUED OVERSIGHT OF THE
                 FOREIGN INTELLIGENCE SURVEILLANCE ACT

=======================================================================

                                HEARING

                               before the

                       COMMITTEE ON THE JUDICIARY
                          UNITED STATES SENATE

                    ONE HUNDRED THIRTEENTH CONGRESS

                             FIRST SESSION

                               __________

                            OCTOBER 2, 2013

                               __________

                          Serial No. J-113-32

                               __________

         Printed for the use of the Committee on the Judiciary
         
         
         
         
         
         
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]       





                   U.S. GOVERNMENT PUBLISHING OFFICE
                   
 28-112 PDF                 WASHINGTON : 2018       
____________________________________________________________________
 For sale by the Superintendent of Documents, U.S. Government Publishing Office,
Internet:bookstore.gpo.gov. Phone:toll free (866)512-1800;DC area (202)512-1800
  Fax:(202) 512-2104 Mail:Stop IDCC,Washington,DC 20402-001     
         
         

                       COMMITTEE ON THE JUDICIARY

                  PATRICK J. LEAHY, Vermont, Chairman
DIANNE FEINSTEIN, California         CHUCK GRASSLEY, Iowa, Ranking 
CHUCK SCHUMER, New York                  Member
DICK DURBIN, Illinois                ORRIN G. HATCH, Utah
SHELDON WHITEHOUSE, Rhode Island     JEFF SESSIONS, Alabama
AMY KLOBUCHAR, Minnesota             LINDSEY GRAHAM, South Carolina
AL FRANKEN, Minnesota                JOHN CORNYN, Texas
CHRISTOPHER A. COONS, Delaware       MICHAEL S. LEE, Utah
RICHARD BLUMENTHAL, Connecticut      TED CRUZ, Texas
MAZIE HIRONO, Hawaii                 JEFF FLAKE, Arizona
           Kristine Lucius, Chief Counsel and Staff Director
        Kolan Davis, Republican Chief Counsel and Staff Director
        
        
                            C O N T E N T S

                              ----------                              

                        OCTOBER 2, 2013, 10 A.M.

                    STATEMENTS OF COMMITTEE MEMBERS

                                                                   Page
Grassley, Hon. Chuck, a U.S. Senator from the State of Iowa......     4
Leahy, Hon. Patrick J., a U.S. Senator from the State of Vermont.     1
    prepared statement...........................................   195
Lee, Hon. Michael S. Lee, a U.S. Senator from the State of Utah..     6

                               WITNESSES

Witness List.....................................................    67
Alexander, Hon. Keith B., Director, National Security Agency, 
  Fort Meade, Maryland...........................................    10
    prepared joint statement.....................................    68
    prepared statement...........................................    79
Clapper, Hon. James R., Director of National Intelligence, 
  Washington, DC.................................................     6
    prepared joint statement.....................................    68
Cordero, Carrie F., Adjunct Professor of Law and Director of 
  National Security Studies, Georgetown University Law Center, 
  Washington, DC.................................................    51
    prepared statement...........................................   184
Donohue, Laura K., Professor of Law, Georgetown University Law 
  Center, and Director, Georgetown's Center on National Security 
  and the Law, Washington, DC....................................    47
    prepared statement...........................................    86
Felten, Edward W., Professor of Computer Science and Public 
  Affairs, Princeton University, and Director, Center for 
  Information Technology Policy, Princeton, New Jersey...........    49
    prepared statement...........................................   171

                               QUESTIONS

Questions submitted to Hon. Keith B. Alexander by:
    Senator Grassley.............................................   199
    Senator Hirono...............................................   203
    Senator Klobuchar............................................   206
    Senator Leahy................................................   209
    Senator Whitehouse...........................................   212
Questions submitted to Hon. James R. Clapper by:
    Senator Grassley.............................................   200
    Senator Hirono...............................................   205
    Senator Klobuchar............................................   207
    Senator Leahy................................................   211
    Senator Whitehouse...........................................   213
Questions submitted to Prof. Carrie F. Cordero by Senator Franken   197
Questions submitted to Prof. Carrie F. Cordero by Senator 
  Grassley.......................................................   201
Questions submitted to Prof. Laura K. Donohue by Senator Franken.   198
Questions submitted to Prof. Laura K. Donohue by Senator Grassley   202
Questions submitted to Prof. Edward W. Felten by Senator 
  Klobuchar......................................................   208

                                ANSWERS

Responses of Hon. Keith B. Alexander to questions submitted by:
    Senator Grassley.............................................   220
    Senator Hirono...............................................   231
    Senator Klobuchar............................................   229
    Senator Leahy................................................   214
    Senator Whitehouse...........................................   224

[Note: Responses of Hon. James R. Clapper to questions for the 
  record are classified and are, therefore, provided separately.]

Responses of Prof. Carrie Cordero to questions submitted by 
  Senator Franken................................................   239
Responses of Prof. Carrie Cordero to questions submitted by 
  Senator Grassley...............................................   236
Responses of Prof. Laura Donohue to questions submitted by 
  Senator Franken................................................   252
Responses of Prof. Laura Donohue to questions submitted by 
  Senator Grassley...............................................   241
Responses of Prof. Edward Felten to questions submitted by 
  Senator Klobuchar..............................................   256

                MISCELLANEOUS SUBMISSIONS FOR THE RECORD

AOL et al., a letter on S. 1452, the Surveillance Transparency 
  Act of 2013, and H.R. 3035, the Surveillance Order Reporting 
  Act of 2013, September 30, 2013, letter........................   259
Rowley, Coleen, retired FBI agent and former FBI Minneapolis 
  Division Legal Counsel, Apple Valley, Minnesota, October 21, 
  2013, letter...................................................   261


                       CONTINUED OVERSIGHT OF THE
                 FOREIGN INTELLIGENCE SURVEILLANCE ACT

                              ----------                              


                       WEDNESDAY, OCTOBER 2, 2013

                       United States Senate
                         Committee on the Judiciary
                                                    Washington, DC.
    The Committee met, pursuant to notice, at 10 a.m., in Room
SD-226, Dirksen Senate Office Building, Hon. Patrick J. Leahy, 
Chairman of the Committee, presiding.
    Present: Senators Leahy, Feinstein, Whitehouse, Klobuchar, 
Franken, Coons, Blumenthal, Hirono, Grassley, Hatch, Sessions, 
Graham, Lee, Cruz, and Flake.

          OPENING STATEMENT OF HON. PATRICK J. LEAHY,
            A U.S. SENATOR FROM THE STATE OF VERMONT

    Chairman Leahy. Good morning, everybody. It is a strange 
time in the Congress. I would also note before we start that we 
will not allow any demonstrations during a meeting of the 
Senate.
    I know some demonstrators like to get themselves on 
television. I do not care whether they are in agreement--or 
disagreement with positions of mine. I do not want people 
blocking others who are here, by holding up signs, and I do not 
want them blocking the people who are here to watch this 
hearing. This is the United States Senate, and people have the 
ability to watch a hearing.
    We are going to conduct further oversight of the 
intelligence community's use of the Foreign Intelligence 
Surveillance Act, or FISA. No one knows for sure how long the 
Federal Government will be shut down, but I feel strongly that 
the Senate Judiciary Committee has to continue its work on this 
important subject because it does involve the security of the 
United States. I consulted with Senator Grassley about this, 
and I appreciate that Director Clapper and General Alexander 
have agreed to proceed with the hearing today as scheduled. I 
am certain that they join me in thanking all of the dedicated 
intelligence community professionals who are also doing their 
jobs today despite the needless shutdown of the Federal 
Government. That said, I have decided--and, again, I discussed 
this with Senator Grassley--to postpone the Committee's weekly 
business meeting tomorrow in light of the Government shutdown. 
I am doing this even though we have judicial emergencies on the 
agenda. I am hoping that those of us who, like myself, are on 
the Appropriations Committee will be able to get back to 
passing bills. I am concerned that we are now in October. By 
law, by the end of last month the House of Representatives was 
supposed to have sent us each of the appropriations bills so 
that we could then vote on them, vote up or vote down. They 
have yet to send over a single one. Maybe instead of looking 
for slogans we ought to just pass these appropriations bills 
and vote for them or vote against them, whichever way, but get 
it done and let people get back to work.
    I am also going to ask General Alexander and Director 
Clapper at the end of their statements if they would take an 
extra minute and tell us, because it is going to be of interest 
to many of us on this Committee who are on Appropriations, what 
the shutdown is meaning in the number of people who are not 
able to come to work and do the jobs that we expect them to do 
in our intelligence agencies.
    As we continue to reexamine the intelligence community's 
use of FISA authorities, let us be clear that no one 
underestimates the threats that our country continues to face 
or the difficulty of identifying and meeting those threats. We 
all agree that we should equip the intelligence community with 
the necessary and appropriate tools to help keep us safe. But--
and there is always a ``but''--I hope that we can also agree 
that there have to be limits on the surveillance powers we give 
to the Government. Just because something is technologically 
possible and just because something may be deemed technically 
legal does not mean that it is the right thing to do.
    This summer, many Americans learned for the first time that 
Section 215 of the USA PATRIOT Act has for years been secretly 
interpreted to authorize the collection of Americans' phone 
records on an unprecedented scale. The American public also 
learned more about the Government's collection of Internet 
content through the use of Section 702 of FISA.
    Since the Committee's last hearing on these revelations in 
late July, we have learned a great deal more. We have learned 
that the NSA has engaged in repeated, substantial legal 
violations in its implementation of both Section 215 and 
Section 702 of FISA. For example, the NSA collected, without a 
warrant, the content of tens of thousands of wholly domestic 
emails of innocent Americans. The NSA violated a FISA Court 
order by regularly searching the Section 215 phone records 
database without meeting the standard imposed by the Court.
    These repeated violations led to several reprimands by the 
FISA Court for what the FISA Court called ``systemic 
noncompliance'' by the Government. The Court has also 
admonished the Government for making a series of substantial 
misrepresentations to the Court. Now, knowing this, we have 
seen no evidence of intentional abuse of FISA authorities, but 
the pattern is deeply troubling.
    We have also learned that the NSA in 2011 started searching 
for Americans' communications in its Section 702 database--a 
database containing the contents of communications acquired 
without individualized court orders. And this past weekend--and 
all of you have seen the front page story--The New York Times 
reported that the NSA is engaging in sophisticated analysis of 
both domestic and international metadata to determine the 
social connections of Americans.
    So when you have all these revelations, it is no surprise 
that the intelligence community faces a trust deficit. And 
after years of raising concerns about the scope of FISA 
authorities, as I and others have, and the need for stronger 
oversight, I am glad that many Members of Congress in both 
parties are now interested in taking a close look at these 
programs--at both the Government's legal and policy 
justifications for them and the adequacy of the existing 
oversight regimes.
    I think it is time for a change, and I think additional 
transparency and oversight are important parts of that change. 
But I believe we have to do more. So I am working on a 
comprehensive legislative solution with Congressman 
Sensenbrenner, the Chairman of the Crime and Terrorism 
Subcommittee in the House, as well as other Members of 
Congress, again, across the full political spectrum of both 
parties. Our bipartisan, bicameral legislation will address 
Section 215 and Section 702 and a range of surveillance 
authorities that raise similar concerns.
    Our legislation would end Section 215 bulk collection. It 
also would ensure that the FISA pen register statute and 
National Security Letters could not be used to authorize bulk 
collection. The Government has not made its case that bulk 
collection of domestic phone records is an effective 
counterterrorism tool, especially in light of the intrusion on 
Americans' privacy.
    In addition, I find the legal justification for this bulk 
collection to be strained at best. I have looked at the 
classified list of cases involving Section 215. I find it to be 
unconvincing. As the Deputy Director of the NSA himself 
acknowledged at our last hearing a couple weeks ago, there is 
no evidence that Section 215 phone records collection helped to 
thwart dozens or even several terrorist plots.
    In addition to stopping bulk collection, our legislation 
would improve judicial review--and I think this is extremely 
important--by the FISA Court and enhance public reporting on 
the use of a range of surveillance activities. It would require 
Inspector General reviews of the implementation of these 
authorities--putting into law a request that Senator Grassley 
and I, along with eight other Members of this Committee, made 
last week to the Inspector General for the intelligence 
community. This is a commonsense, bipartisan bill, so I look 
forward to working on this effort in the coming months with 
those in the Senate, in the House, and others who care about 
these issues.
    I do appreciate the concrete steps that both Director 
Clapper and General Alexander have made in recent months to 
brief Members of Congress--and I have been, as you know, at 
many of those briefings--and their move toward more 
transparency and further declassification of documents. I also 
welcome the participation of the legal and technical experts on 
our second panel and would note with particular pride that my 
alma mater, Georgetown Law, is well represented among those 
witnesses. So I hope this will inform our legislative efforts.
    You know, we all agree we have to ensure our Nation's 
security, but we also have to restore the trust of the American 
people in our intelligence community, and fundamentally we have 
to protect the liberties that have kept us great and a 
diversified democracy and the envy of countries around the 
world because of our democracy.
    [The prepared statement of Chairman Leahy appears as a 
submission for the record.]
    Senator Grassley, do you want to say something before we go 
to the witnesses?

           OPENING STATEMENT OF HON. CHUCK GRASSLEY,
             A U.S. SENATOR FROM THE STATE OF IOWA

    Senator Grassley. Yes, thank you. And thanks to our 
witnesses for what they do for the security of our country, and 
to you,
Mr. Chairman, for holding the hearing, a very important 
oversight hearing, a very important function of Congress to 
make sure that our laws are faithfully executed. Although the 
Government has been partially shut down due to partisan 
differences over various issues, we are continuing our 
oversight work, as I said, a very important matter, and in this 
particular instance, because national security is the first 
responsibility of our Federal Government.
    We last held a hearing on this subject late July. At that 
time I expressed the view that the reports in the media had 
called into serious question whether the law and other 
regulations currently in place strike the right balance between 
protecting our civil liberties and our national security. This 
is especially so concerning the public revelation that under 
Section 215 of the PATRIOT Act the Government was collecting 
Americans' phone records in bulk. Additional public disclosures 
since our last hearing have underscored that concern.
    Indeed, since that time, the administration has 
declassified legal opinions reflecting significant errors by 
the Government before the FISA Court in implementing 215 and 
702. The good news is that these appear to have been for the 
most part unintentional mistakes that Government brought to the 
Court's attention on its own accord. Of course, the bad news is 
that even with all the checks and balances built into the 
system, these kinds of errors can still occur.
    Even more unsettling, other reports since July have 
suggested that there have been cases of intentional and willful 
misuse of intelligence authorities by NSA employees to spy on 
their spouses and neighbors. These disclosures have created a 
broader crisis of trust in the legitimacy of our intelligence-
gathering methods generally. In my view, had these programs 
been more transparent from the start, this trust deficit that 
the American people have would not be as severe as it is now.
    This brings me to the President's response to the crisis 
which has been very baffling to me. The President held a news 
conference in early August, a news conference that should have 
been held, and thankfully he did, in which he defended the bulk 
collection of phone records as ``an important tool in our 
effort to disrupt terrorist plots'' and suggested some areas 
for reform. Since then, as far as I know, he has not said a 
word in public about these issues. If the President really and 
truly believes in the importance of these programs, he should 
be publicly defending them as part of our national debate. He 
should not be contracting out that job solely to the 
intelligence community. Simply put, as in so many other areas, 
the President is failing to lead where he wants others to 
follow.
    In any event, I am pleased that we have taken a number of 
steps to follow up on some of these disturbing reports. Since 
July, a bipartisan group of Members of this Committee requested 
that the Inspector General of the intelligence community 
conduct a thorough review of the implementation of these 
authorities. Additionally, I wrote to the NSA Inspector General 
and received a public accounting of the handful of documented 
instances where the NSA employees intentionally abused their 
authorities. It was heartening to see how few cases of 
intentional misconduct exist, but on the other hand, it is 
alarming to know that the possibility of employees engaging in 
such behavior turns out to be very real.
    The NSA Inspector General's response to my letter reflected 
that many of these cases were referred to the Department of 
Justice for possible criminal prosecution. I was planning on 
following up with how these referrals were handled with Deputy 
Attorney General Cole at this hearing. The Chairman chose not 
to invite an administration witness to provide legal 
perspective on these matters. Therefore, I will be following up 
with the Department of Justice about these cases with a letter 
to the Attorney General today.
    The balance between protecting individual liberties and our 
national security is a delicate one. Reasonable people can 
disagree about precisely where that balance is best struck. I 
probably do not agree 100 percent with any member of the two 
panels of witnesses that we have with us today, including 
Professor Cordero, whom I have invited to share her valuable 
perspective as a lawyer with hands-on experience in the 
intelligence community. But I welcome them all, and I am 
pleased to hear their views as we consider various reforms to 
FISA and related surveillance activities.
    Something has come to my attention. Just yesterday there 
were press reports of 70 percent of the intelligence community 
being furloughed. I am concerned that if lawyers in the 
intelligence community determine that 70 percent of their 
employees are non-essential to the mission, which is a national 
security mission, the number one responsibility of the Federal 
Government, then the intelligence community either needs better 
lawyers to make big changes to the workforce or are you 
overemployed in those areas. I cannot believe that 70 percent 
of the intelligence community is being furloughed and we are 
still being able to meet our national security 
responsibilities. So that concerns me very much, and maybe you 
folks will touch on that.
    Thank you, Mr. Chairman.
    Chairman Leahy. Thank you. And, of course, as you know, we 
had the Deputy Attorney General at our last hearing, and we had 
the Deputy Attorney General at our closed-door hearing on this, 
and we will be having the Justice Department testifying again. 
Because we are limited in time here today, we kept to these two 
witnesses.
    Speaking of limitation of time, while this would be 
unusual, Senator Lee----
    Senator Grassley. Do you not want me to send my letter to 
the Attorney General?
    Chairman Leahy. Oh, you feel free to send it. You can send 
anything you want. But we have had him here twice now on this 
same subject, and I am sure we will be having him again. But, 
Senator Lee, did you want to make a very short statement?

           OPENING STATEMENT OF HON. MICHAEL S. LEE,
             A U.S. SENATOR FROM THE STATE OF UTAH

    Senator Lee. Yes, thank you, Mr. Chairman. I appreciate the 
Chairman and the Ranking Member allowing me to speak very 
briefly, as I have to leave for another Committee 
responsibility.
    Congress, of course, plays an important role when it comes 
to overseeing our Nation's intelligence and surveillance 
programs. We have to balance various competing interests, and 
it is difficult. I just wanted to highlight a couple of 
concerns that I am always looking out for.
    Number one is the breadth of metadata collection pursuant 
to Section 215 of the PATRIOT Act.
    Number two, the potential for back-door searches of 
information on Americans that is collected, you know, some 
would argue indirectly, pursuant to Section 702 of the FISA 
Amendments Act.
    And, number three, the lack of transparency within the FISA 
Court system.
    I have worked with the Chairman in the past on legislation 
to address each of these, and I look forward to working with 
him in the future on these concerns.
    Thank you very much.
    Chairman Leahy. Thank you very much.
    Our first witness is--incidentally, the most senior Member 
on our side is the Chair of the Senate Intelligence Committee, 
which helps us a great deal in this deliberation, and we will 
also be joined later by Senator Durbin, who is the Chair of 
Defense Appropriations, which handles much of the budget for 
this.
    Our first witness is James Clapper. He was sworn in as the 
fourth Director of National Intelligence on August 9, 2010. He 
served for 32 years in the United States Armed Forces, retired 
in 1995. He was a lieutenant general in the Air Force. He 
previously served as Under Secretary of Defense for 
Intelligence and the head of the Defense Intelligence Agency.
    Director, it is good to have you here. Please go ahead.

          STATEMENT OF HON. JAMES R. CLAPPER, DIRECTOR
            OF NATIONAL INTELLIGENCE, WASHINGTON, DC

    Director Clapper. Chairman Leahy, Ranking Member Grassley, 
and distinguished Members of the Committee, sir, if it is all 
right with you, I would like to answer your question about the 
impacts of the Government shutdown and furloughing our 
civilians.
    First, the legal standard against which we make decisions 
about who is furloughed and who is not is--and this is quoting 
from the law--``that which is necessary to protect against 
imminent threat to life or property.'' And so our applying that 
standard is what resulted across the board in furloughing 
roughly 70 percent. I think that will change as this--if this 
drags on, and we will make adjustments depending on what we see 
as the ``potential imminent threats to life or property,'' to 
quote the law.
    I will tell you as to impacts, I have been in the 
intelligence business for about 50 years. I have never seen 
anything like this. From my view, I think, this on top of the 
sequestration cuts that we are already taking, that this 
seriously damages our ability to protect the safety and 
security of this Nation and its citizens. I would commend to 
you Senator Feinstein's superb statement yesterday on the floor 
outlining her concerns, with which I completely agree. This 
affects our ability--this is not just a Beltway issue. This 
affects our global capability to support the military, to 
support diplomacy, and to support our policymakers. And the 
danger here is, of course, that this will accumulate over time. 
The damage will be insidious. So each day that goes by, the 
jeopardy increases.
    This is a dreamland for foreign intelligence service to 
recruit, particularly as our employees already, many of whom 
are subject to furloughs driven by sequestration, are going to 
have, I believe, even greater financial challenges. So we are 
spending our time setting up counseling services for employees 
to help them manage their finances. So from my standpoint, this 
is extremely damaging, and it will increase so as this shutdown 
drags on.
    General Alexander, do you want to add anything to that?
    General Alexander. I was going to do it at the end.
    Director Clapper. Go ahead.
    General Alexander. From our perspective, I would echo 
everything that----
    Chairman Leahy. Press the red button.
    General Alexander. Technically challenged, Mr. Chairman.
    From NSA's perspective, this has impacted us very hard. We 
have an amazing workforce. When I look at what our folks are 
capable of doing, we have over 960 Ph.D.s, over 4,000 computer 
scientists, over 1,000 mathematicians. They are furloughed. Our 
Nation needs people like this, and the way we treat them is to 
tell them, ``You need to go home because we cannot afford to 
pay you, we cannot make a deal here.''
    From my perspective, the impact, what Director Clapper 
points out is we went to the most specific threats against our 
Nation. This does not apply to all the threats against our 
Nation. We cannot cover all of those. So what we are doing is 
we are taking the most significant counterterrorism and other 
threats that we see and the support to our military forces in 
Afghanistan and overseas, that is the priority in what we are 
doing. That is the way the law has been interpreted, and that 
is what we are doing. From my perspective, it has had a huge 
impact on morale.
    Director Clapper. So, sir, if you would like, we will go 
into our statements on the subject of the hearing.
    We do appreciate your having us today to talk about the way 
ahead occasioned by the dramatic revelations about intelligence 
collection programs since their unauthorized disclosure and 
about the steps we are taking to make these programs more 
transparent while still protecting our national security 
interests.
    I am joined today, of course, by the Director of the 
National Security Agency, General Keith Alexander, and 
following my brief statement, he will have an additional 
statement.
    We think this hearing is a key part of the discussion our 
Nation needs about legislation that provides the intelligence 
community with authorities both to collect critical foreign 
intelligence and to protect privacy and civil liberties. We, 
all of us in the intelligence community, are very much aware 
that the recent unauthorized disclosures have raised serious 
concerns both here in Congress and across the Nation about our 
intelligence activities. We know that the public wants both to 
understand how its intelligence community uses its special 
tools and authorities and to judge whether we can be trusted to 
use them appropriately.
    We believe we have been lawful and that the rigorous 
oversight we have operated under has been effective. So we 
welcome this opportunity to make our case to the public.
    As we engage in this discussion, I think it is also 
important that our citizens know that the unauthorized 
disclosures of the details of these programs has been extremely 
damaging. From my vantage as DNI, these disclosures are 
threatening to our ability to conduct intelligence and to keep 
our country safe. There is no way to erase or make up for the 
damage that we know has already been done, and we anticipate 
even more as we continue our assessment as more revelations 
occur.
    Before these unauthorized disclosures, we were always 
conservative about discussing the specifics of our collection 
programs based on the truism that the more adversaries know 
about what we are doing, the more they can avoid our 
surveillance.
    But the disclosures, for better or for worse, have lowered 
the threshold for discussing these matters in public. So to the 
degree that we can discuss them, we will. But this public 
discussion should be based on an accurate understanding of the 
intelligence community, who we are, what we do, and how we are 
overseen.
    In the last few months, the manner in which our activities 
have been characterized has often been incomplete, inaccurate, 
or misleading, or some combination thereof. I believe that most 
Americans realize the intelligence community exists to collect 
the vital intelligence that helps protect our Nation from 
foreign threats. We focus on uncovering the secret plans and 
intentions of our foreign adversaries, but what we do not do is 
spy unlawfully on Americans or, for that matter, spy 
indiscriminately on the citizens of any country. We only spy 
for valid foreign intelligence purposes as authorized by law, 
with multiple layers of oversight to ensure we do not abuse our 
authorities.
    Unfortunately, this reality has sometimes been obscured in 
the current debate, and for some this has led, as you alluded, 
to an erosion of trust in the intelligence community. And we do 
understand the concerns on the part of the public.
    I am a Vietnam veteran, and I remember as congressional 
investigations of the 1970s later disclosed--and I was in the 
intelligence community then--that some intelligence programs 
were carried out for domestic political purposes without proper 
legal oversight or authorization. But having lived through that 
as a part of the intelligence community, I can now assure the 
American people the intelligence community today is not like 
that. We operate within a robust framework of strict rules and 
rigorous oversight involving all three branches of the 
Government.
    Another useful historical perspective, at least I think, is 
that during the Cold War, the Free World and the Soviet Bloc 
had mutually exclusive telecommunications systems which made 
foreign collection a lot easier to distinguish. Now world 
telecommunications are unified. Intertwined with hundreds of 
millions of innocent people conducting billions of innocent 
transactions are a much smaller number of nefarious adversaries 
who are trying to do harm on the very same network using the 
very same technologies. So our challenge is to distinguish very 
precisely between these two groups of communicants. If we had 
an alarm bell that went off whenever one terrorist communicated 
with another terrorist, our jobs would certainly be a lot 
easier. But that capability just does not exist in the world of 
technology today.
    Over the past 3 months, I have declassified and publicly 
released a series of documents related to both Section 215 of 
the PATRIOT Act and Section 702 of the Foreign Intelligence 
Surveillance Act, or FISA. We did that to facilitate informed 
public debate about the important intelligence collection 
programs that operate under these authorities. We felt that, in 
light of the unauthorized disclosures, the public interest in 
these documents far outweighed the potential additional damage 
to national security. These documents let our citizens see the 
seriousness, thoroughness, and rigor with which the FISA Court 
exercises its responsibilities.
    They also reflect the intelligence community's, 
particularly NSA's, commitment to uncovering, reporting, and 
correcting any compliance matters that occur. However, even in 
these documents, we have had to redact certain information to 
protect sensitive sources and methods, such as particular 
targets of surveillance. But we will continue to declassify 
more. That is what the American people want. It is what the 
President has asked us to do. And I personally believe it is 
the only way we can reassure our citizens that their 
intelligence community is using its tools and authorities 
appropriately and legitimately.
    The rules and oversight that govern us ensure we do what 
the American people want us to do, which is to protect our 
Nation's security and our people's liberties. So I will repeat: 
We do not spy on anyone except for valid foreign intelligence 
purposes, and we only work within the law.
    On occasion, we have made mistakes, some quite significant. 
But these are usually caused by human error or technical 
problems. And whenever we have found such mistakes, we have 
reported, addressed, and corrected them.
    The National Security Agency specifically, as part of the 
intelligence community broadly, is an honorable institution. 
The men and women who do this sensitive work are honorable 
people dedicated to conducting their mission lawfully and are 
appalled by any wrongdoing. They, too, are citizens of this 
Nation who care just as much about privacy and constitutional 
rights as the rest of us. They should be commended for their 
crucial, important work in protecting the people of this 
country, which has been made all the more difficult by this 
torrent of unauthorized damaging disclosures.
    That all said, we in the intelligence community stand ready 
to work in partnership with you to adjust foreign surveillance 
authorities to further protect our privacy and civil liberties, 
and I think there are some principles we agree on:
    One, we must always protect our sources, methods, targets, 
partners, and liaison relationship.
    Second, we must do a better job in helping the American 
people understand what we do, why we do it, and, most 
importantly, the rigorous oversight that helps ensure that we 
do it correctly.
    And, three, we must take every opportunity to demonstrate 
our commitment to respecting the civil liberties and privacy of 
every American. But we also have to remain mindful of the 
potentially negative long-term impact of overcorrecting the 
authorizations granted to the intelligence community.
    As Americans, we face an unending array of threats to our 
way of life, a more diverse array of threats than I have seen 
in my 50 years in intelligence. And I believe we need to 
sustain our ability to detect these threats. We welcome a 
balanced discussion about national security and civil 
liberties. It is not an either/or situation. We need to 
continue to protect both.
    Let me turn now to General Alexander.
    [The prepared statement of Mr. Clapper appears as a 
submission for the record.]
    Chairman Leahy. General Alexander serves the Director of 
the National Security Agency and the head of U.S. Cyber 
Command. He has testified before us both in open and closed 
sessions of this Committee and, of course, continuously in the 
Intelligence Committee.
    General, go ahead.

   STATEMENT OF HON. KEITH B. ALEXANDER, DIRECTOR, NATIONAL 
             SECURITY AGENCY, FORT MEADE, MARYLAND

    General Alexander. Chairman Leahy, Ranking Member Grassley, 
distinguished Members of the Committee, thank you for the 
opportunity to provide opening remarks.
    I am privileged today to represent the dedicated 
professionals at the National Security Agency who employ the 
authorities provided by Congress, the Federal courts, and the 
executive branch to help protect the Nation and protect our 
civil liberties and privacy.
    If we are to have an honest debate about how NSA conducts 
its business, we need to step away from sensationalized 
headlines and focus on facts.
    Our mission is defend the Nation and to protect our civil 
liberties and privacy. Ben Wittes from the Brookings 
Institution said about the media leaks and specifically about 
these two FISA programs: ``Shameful as it is that these 
documents were leaked, they actually should give the public 
great confidence in both NSA's internal oversight mechanisms 
and in the executive and judicial oversight mechanisms outside 
the Agency. They show no evidence of any intentional spying on 
Americans or abuse of civil liberties. They show a low rate of 
the sort of errors any complex system of technical collection 
will inevitably yield. They show robust compliance procedures 
on the part of the NSA. And they show an earnest, ongoing 
dialogue with the FISA Court over the parameters of the 
Agency's legal authority and a commitment both to keeping the 
Court informed of activities and to complying with its 
judgments on their legality.''
    Today I would like to discuss the facts and specifically 
address:
    Who we are in terms of both our mission and our people;
    What we do: adapt to technology and the threat; take 
direction from political leadership; operate strictly within 
the law and consistent with explicit intelligence priorities; 
and ensure compliance with all constraints imposed by our 
authorities and internal procedures;
    What we have accomplished specifically for our country with 
the tools we have been authorized; and,
    Where do we go from here?
    First, who we are, our mission. NSA is a foreign 
intelligence agency with two missions: We collect foreign 
intelligence of national security interest, and we protect 
certain sensitive information and U.S. networks--all this while 
protecting our civil liberties and privacy.
    NSA contributes to the security of our Nation, its Armed 
Forces, and our allies.
    NSA accomplishes this mission, while protecting civil 
liberties and privacy, because the Constitution we are sworn to 
protect and defend makes no allowances to trade one for the 
other.
    NSA operates squarely within the authorities granted by the 
president, Congress, and the courts.
    Who we are: our people.
    I am proud of what NSA does and more proud of our people.
    The National Security Agency employees take an oath to 
protect and defend the Constitution of the United States.
    They have devoted themselves to protecting our Nation.
    Just like you, they will never forget the moment terrorists 
killed 2,996 Americans in New York, Pennsylvania, and the 
Pentagon.
    They witnessed the first responders' efforts to save lives. 
They saw the military shift to a wartime footing. They 
committed themselves to ensuring that another 9/11 would never 
happen and our deployed forces would return home.
    In fact, they deploy with our Armed Forces into areas of 
hostility.
    More than 6,000 have deployed in support of operations in 
Iraq and Afghanistan; 22 have paid the ultimate sacrifice since 
9/11--sadly, adding to a list of NSA/CSS personnel numbering 
over 170 killed in the line of duty since our formation in 
1952.
    Theirs is a noble cause.
    NSA prides itself on its highly skilled workforce: We are 
the largest employer of mathematicians--1,013; 966 Ph.D.s and 
4,374 computer scientists; linguists in more than 120 
languages; more patents than any other intelligence community 
agency and most businesses. They are also Americans, and they 
take their civil liberties and privacy seriously.
    What we do: adapt to technology.
    Today's telecommunications system is literally one of the 
most complex systems ever devised by mankind.
    The fact that over 2.5 billion people all connect and 
communicate across a common infrastructure is a tribute to the 
ingenuity of mankind. The stark reality is that terrorists, 
criminals, and adversaries make use of the same infrastructure.
    Terrorists and other foreign adversaries hide in the same 
global network, use the same communications networks as 
everyone else, and take advantage of familiar services: Gmail, 
Facebook, Twitter, et cetera. Technology has made it easy for 
them.
    We must develop and apply the best analytic tools to 
succeed at our mission, finding the communications of 
adversaries while protecting those of innocent people, 
regardless of their nationality.
    What we do: We take direction from political leadership.
    NSA's direction comes from national security needs, as 
defined by the Nation's senior leaders.
    NSA does not decide what topics to collect and analyze.
    NSA's collection and analysis is driven by the National 
Intelligence Priorities Framework and received in formal 
tasking.
    We do understand that electronic surveillance capabilities 
are powerful tools in the hands of the state. That is why we 
have extensive mandatory internal training, automated checks, 
and an extensive regime of both internal and external 
oversight.
    What we do: We use lawful programs and tools to do our 
mission.
    The authorities we have been granted and the capabilities 
we have developed help keep our Nation safe.
    Since 9/11 we have disrupted terrorist attacks at home and 
abroad using capabilities informed by the lessons of 9/11.
    The Business Records FISA program, NSA's implementation of 
Section 215 of the PATRIOT Act, focuses on defending the 
homeland by linking the foreign and domestic threats.
    Section 702 of FISA focuses on acquiring foreign 
intelligence, including critical information concerning 
international terrorist organizations, by targeting non-U.S. 
persons who are reasonably believed to be located outside the 
United States.
    NSA also operates under other sections of the FISA statute 
in accordance with the law's provisions.
    It is important to remember that in order to target a U.S. 
person anywhere in the world under the FISA statute, we are 
required to obtain a court order based on a probable cause 
showing that the prospective target of the surveillance is a 
foreign power or agent of a foreign power.
    NSA conducts the majority of its SIGINT activities solely 
pursuant to the authority provided by Executive Order 12333.
    As I have said before, these authorities and capabilities 
are powerful; we take this responsibility seriously.
    We ensure compliance.
    We stood up a Directorate of Compliance in 2009 and 
repeatedly train our entire workforce in privacy protections 
and the proper use of capabilities.
    We do make mistakes. The vast majority of the compliance 
incidents reflect the challenge of implementing very specific 
rules in the context of ever-changing technology.
    Compliance incidents, with very rare exception, are 
unintentional and reflect the sort of errors that will occur in 
any complex system of technical activity.
    The press claimed evidence of ``thousands of privacy 
violations.''
    This is false and misleading.
    According to NSA's independent Inspector General--and the 
Vice Chairman brought up the 12 cases, so I will just go 
through that quickly. There were 12 cases of willful violation. 
All of those were under Executive Order 12333. None of those 
were in the Business Records FISA or under FAA 702.
    We hold ourselves accountable every day.
    Most of these targets involved improper tasking or querying 
regarding foreign persons in foreign places.
    I am not aware of any intentional or willful violations of 
the FISA statute.
    Of the 2,776 incidents noted in the press from one of our 
leaked annual compliance reports, about 75 percent are not 
violations of approved procedures at all but, rather, NSA's 
detection of valid foreign targets that travel to the U.S. and 
a record that NSA stopped collecting, in accordance with the 
rules. We called those ``roamers,'' and I mispronounced that in 
one of the things, and it came out as ``rumors,'' but it is 
``roamers.''
    Let me also start to clear the air on actual compliance 
incidents.
    The vast majority of the actual compliance incidents 
involve foreign locations and foreign activities, as our 
activities are regulated by specific rules wherever they occur.
    For the smaller number that did involve a U.S. person, a 
typical incident involves a person overseas involved with a 
foreign organization who is subsequently determined to be a 
U.S. person. All initial indications and research before 
collection point the other way, but NSA constantly reevaluates 
indications.
    NSA detects and corrects and, in most cases, does so before 
any information is ever obtained, used, or shared outside NSA.
    Despite the difference, between willful and not, we treat 
incidents the same: We detect, we address, we remediate, 
including removing or purging information from our databases in 
accordance with the rules. And we report.
    We hold ourselves accountable and keep others informed so 
they can do the same.
    On NSA's compliance regime, Ben Wittes said, at last 
Friday's Intelligence Committee hearing: ``But one thing we 
have learned an enormous amount about is the compliance 
procedures that NSA uses. They are remarkable. They are 
detailed. They produce data streams that are extremely 
telling--and, to my mind, deeply reassuring.''
    We welcome an ongoing discussion about how the public can, 
going forward, have increased information about NSA's 
compliance program.
    [The prepared statement of General Alexander appears as a 
submission for the record.]
    Chairman Leahy. Well, then, let us go into that discussion, 
because both of you have raised concerns that the media reports 
about the Government surveillance programs have been 
incomplete, inaccurate, misleading, or some combination of 
that. But I worry that we are still getting inaccurate and 
incomplete statements from the administration.
    For example, we have heard over and over again the 
assertion that 54 terrorist plots were thwarted by the use of 
Section 215 and/or Section 702 authorities. That is plainly 
wrong. But we still get it in letters to Members of Congress; 
we get it in statements. These were not all plots and they were 
not all thwarted. The American people are getting left with the 
inaccurate impression of the effectiveness of NSA programs.
    Would you agree that the 54 cases that keep getting cited 
by the administration were not all plots and, of the 54, only 
13 had some nexus to the U.S.? Would you agree with that--yes 
or no?
    General Alexander. Yes.
    Chairman Leahy. Okay. At our last hearing, Deputy Director 
Inglis' testimony stated that there is only really one example 
of a case where but for the use of Section 215 bulk phone 
records collection, terrorist activity was stopped. Was Mr. 
Inglis right?
    General Alexander. He was right. I believe he said two, 
Chairman. I may have that wrong, but I think he said two. And I 
would like to point out that it could only have applied in 13 
of the cases because of the 54 terrorist plots or events, only 
13 occurred in the U.S. Business Records FISA was only used in 
12.
    Chairman Leahy. I understand that. But what I worry about 
is that some of these statements that all is well and we have 
these overstatements of what is going on, we are talking about 
massive, massive, massive collection. We are told we have to do 
that to protect us. And then statistics are rolled out, and if 
they are not accurate, it does not help with the credibility 
here in the Congress, it does not help with the credibility 
with this Chairman, and it does not help with the credibility 
with the country.
    And both of you feel free to answer this next one. This 
past weekend--I mentioned The New York Times article. When I 
read that, I see them reporting that for the past several years 
the NSA has been analyzing social networks, including those of 
Americans, using communications metadata as well as location 
information, tax records, voter registration records, and more.
    Like many of us who have access to classified briefings, we 
sometimes find we get far more in a newspaper--and we get a 
crossword puzzle, too, but we get more in the newspapers than 
we do in the classified briefings that you give us. According 
to the article, it reportedly allowed the NSA to graph the 
interactions of associates and locations of Americans.
    Now, if it is accurate, it appears to contradict earlier 
representations that the NSA does not compile dossiers or files 
on the American people.
    Is the NSA compiling profiles or dossiers on American 
people through the use of its intelligence authorities? 
Gentlemen, either one of you.
    Director Clapper. Let me comment first on the value of 
Section 215, where I think, unfortunately--and we may be part 
guilty of this--the only metric used is plots foiled. I think 
there is another metric here that is a very important use for 
Section 215. I would call it the ``peace of mind metric.''
    In the case of the Boston Marathon bomber, we were using 
these tools and we were able to check out whether there was or 
was not a subsequent plot involving New York City.
    In the case of the AQAP threat this summer that occasioned 
the closure of several diplomatic facilities in the Mideast.
    There were a number of selectors that emerged from our 
collection overseas that pointed to the United States. Each one 
of them was checked out and was found not to be relevant to a 
domestic aspect of a terrorist plot.
    Chairman Leahy. Mr. Clapper, we will certainly give you 
time to add to that, if you like, but could you go back to my 
question? Is the NSA compiling profiles or dossiers on the 
American people through the use of its intelligence 
authorities?
    Director Clapper. In every case, for valid foreign 
intelligence purposes, let me go to General Alexander.
    General Alexander. Those reports are inaccurate and wrong.
    Chairman Leahy. So The New York Times is wrong in its 
article?
    General Alexander. Absolutely. Here are the facts. What 
they have taken is the fact that we do take data to enrich it. 
What is not in front of those statements is the word 
``foreign,'' foreign information to understand what the foreign 
nexus is of a problem set that we are looking at. How do you 
know what an individual is, a terrorist, without having any 
data to enrich it, with just a number? In the foreign space, we 
need that.
    The Supplemental Procedures and Guidelines Governing 
Communications Metadata Analysis, the SPCMA article that this 
was about, allows NSA to not just stop when we are tracking a 
terrorist if we hit a U.S. number, which is what we used to 
have to do. It allows us to go back and see where that goes and 
where it comes into or out of the country and what are the 
problems outside the country----
    Chairman Leahy. Which authority are you using for this 
analysis? First off, I just want to make sure I understand. You 
are saying The New York Times is flat-out wrong in their 
article.
    General Alexander. I am saying they are flat-out wrong 
saying that we are creating dossiers on American----
    Chairman Leahy. Are you going into social networks?
    General Alexander. No. Here is what we----
    Chairman Leahy. Okay. What, if anything, is accurate in The 
New York Times article?
    General Alexander. The accuracy is the Secretary of Defense 
and the Attorney General did approve the Supplemental 
Procedures Governing Communications Metadata Analysis in 2009. 
What that allows us to do is use metadata that we have acquired 
under Executive Order 12333 in chain, whether it is phone 
records or emails, through U.S. selectors to figure out social 
networks abroad.
    I will tell you that there are cases----
    Chairman Leahy. That 2009 order is still being used?
    General Alexander. That is correct. But there are cases--I 
need to clarify because I want to make sure this is 100 percent 
accurate. There are cases where the FBI might start a terrorist 
threat here in the United States. If there is a terrorist 
threat in the United States and they get a warrant to go after 
that or a FISA, then we can use SPCMA to go after that. We can 
use this to look at hostages overseas, U.S. hostages. We can 
look at this to track industries, because U.S. companies are 
also considered U.S. persons under this law, that are the 
targets of terrorist communications.
    What we are not doing: We are not creating social networks 
on our families. We are not doing that. And the insinuation 
that we are doing that is flat wrong. And I take exception to 
them taking a classified document that dealt with foreign, not 
understanding it and saying therefore it must apply to----
    Chairman Leahy. You told The Times this?
    General Alexander. Chairman?
    Chairman Leahy. Have you made this complaint or responded 
to The New York Times on this?
    General Alexander. Yes. I think the issue is, you know, 
here they have all these documents that they are trying to leak 
out without having the understanding. We did give them 
insights. They did not take all the data. I do not know what 
and why. I do not----
    Chairman Leahy. What you are doing, is it being reviewed by 
the FISA Court?
    General Alexander. Not in all cases. Some of these cases 
that deal with Executive Order 12333 are not reviewed by the 
FISA Court. Those that would fall under the Business Records 
215, 702, -3, and -4 would be. So these would not be reviewed, 
but they are reviewed by the administration, and they are 
audited by our people.
    Chairman Leahy. My time is up. You have raised more----
    Senator Grassley. I think you ought to take more time. This 
transparency--because one of the problems we have with this 
program, there is not enough transparency.
    Chairman Leahy. Thank you. You know, I worry--you say it is 
Executive authority, not FISA Court authority. Does anybody 
have oversight other than the executive branch?
    General Alexander. Well, Congress, too. And let me----
    Chairman Leahy. Has this been reported to the Congress----
    General Alexander. They get all----
    Chairman Leahy [continuing]. Either of the Intelligence 
Committees?
    General Alexander. I believe both of these have, and I 
would have to go back and check, but both of these have gone to 
the Committee. I think you have both of these. And, Chairman, 
you bring out a good point, and for the complete transparency, 
Chairman, you brought out a good question, and if I could, I 
think this will help greatly.
    The issue that we have here is how do you use metadata, 
which is the least intrusive, to understand a problem that our 
Nation could face. That is the Business Records. And so we use 
that globally, and sometimes it touches the United States.
    Chairman Leahy. Well, metadata, you say the least 
intrusive. Many might think it is the most intrusive, and I 
will tell you why. And I realize there is a lot of metadata 
going on. We shop at the grocery store; you use your grocery 
store credit card; the ads you are going to get are going to be 
different if you are buying things for young children or if you 
are buying a nice bottle of wine. We all understand that.
    But do you understand the concern as more and more things 
come out, when it turns out, for example, the NSA, some 
members--and I realize not by authority--were checking their 
love interests through using the tools of NSA. You know, 
Americans like their privacy. They like their security, but 
they like their privacy, too. And you understand the concern 
that we are getting. Simply following the metadata, a lot of 
people think if they are on social media and whatnot that there 
is some expectation of privacy, less obviously but some.
    General Alexander. So I do agree, Chairman, but I think the 
differentiation that I make in terms of metadata for these 
purposes is the phone numbers to-from or the email addressed 
to-from. And the issue that I think we face in trying to figure 
out where we take this legislation is how do we do this in such 
a way that we can ensure the American people know that we are 
doing it exactly right and protect the Nation?
    From my perspective, what we have done is set up two 
things. We have put this database, with tremendous oversight--
this has more oversight than any program in Government--the 
courts, the administration, and Congress, and our IGs and 
everyone. And every time we make a mistake, we self-report. Why 
do we need it? And General Clapper brought out a great point. 
It is the start. It does not necessarily lead us to the end. It 
tells us you need to look more here. Oftentimes we give that to 
the FBI.
    Now, yes, the FBI and we need to do better work in keeping 
the metrics of what resulted from that. But, in addition, it 
helps us looking overseas to say why is that person important 
and how do we tell you if this is a real threat or something 
that we should ignore. This summer, this was huge for us.
    Chairman Leahy. I will come back to some of my skepticism. 
One other thing. We have tried to make sure that it is kept--an 
issue like this, I want to try to maintain the bipartisan 
nature, and I want to thank Senator Grassley because he 
expressed some of these concerns. And while he would normally 
go next, the Chair of the Senate Intelligence Committee has to 
leave for another meeting, so he has yielded to her.
    Senator Feinstein. Thank you.
    Chairman Leahy. Chuck, I appreciate that.
    Senator Feinstein. Thank you very much. I appreciate that.
    Chairman Leahy. I am stepping out for a phone call, and I 
will be right back.
    Senator Feinstein [presiding]. Thank you, Mr. Chairman.
    I want to use my time to say something to my colleagues. I 
believe maybe only Senator Hatch was on the Intelligence 
Committee in 2001. In mid-year, the DCI, whose name was George 
Tenet, came in to meet with us, and what he said was that he 
predicted that within 3 months there would likely be an attack 
on this country. He did not know what. He did not know when. He 
did not know how. As a matter of fact, I went on CNN on July 1, 
2001, and said this: ``There is a major possibility of a 
terrorist incident within the next 3 months.'' That is a direct 
quote from what I said.
    Then something took place which I thought could never take 
place in this country, and that is 9/11. I never believed there 
could be training schools for pilots who would teach people how 
to fly but not to land in this country. I never thought our 
visa system was so weak that they could admit terrorists to 
this country. But I was totally wrong.
    The event happened, and it was catastrophic--for people, 
for this Nation, for our standing, but most importantly, 
because of the death and destruction that it brought about this 
country.
    And then we learned that there were stovepipes and our 
intelligence was inadequate and we could not collect enough 
data. And then we learned that there was a man by the name of 
Khalid al-Mihdhar, one of the group in San Diego. I believe 
that if this were to happen again with this program and other 
programs working in combination, we have an opportunity to pick 
that up. Absent these kinds of technological programs, we do 
not have an opportunity to pick that up.
    This is a very hard culture to meet with human 
intelligence. It is a different culture. The language is 
different. There are many dialects. The groups are tight. It is 
very difficult to permeate them.
    So our great strength today, ladies and gentlemen, in 
protecting this homeland is to be able to have the kind of 
technology that is able to piece together data while protecting 
rights. I listened to this program being described as a 
surveillance program. It is not. There is no content collected 
by the NSA. There are bits of data--location, telephone 
numbers--that can be queried when there is reasonable, 
articulable suspicion. If it looks like it is something for an 
individual in this country, it then goes to the FBI for a 
probable cause warrant, and a full investigation takes place.
    I so regret what is happening. I will do everything I can 
to prevent this program from being canceled out. There is going 
to be a bill in my Committee to do it. There is a bill in this 
Committee to do it. And, unfortunately, very few of us sat on 
that Committee when George Tenet came in in June 2001 and said, 
``We anticipate a strike, but we do not know what, we do not 
know where, we do not know when.'' That can never be allowed to 
happen in the United States of America again. And that is the 
basis for this program. It is legal. We are looking at 
increased transparency. We are looking to make some changes in 
it. But we are not looking to destroy it. To destroy it is to 
make this Nation more vulnerable.
    I just wanted to say that. I had to say it. Thank you. 
Senator.
    Senator Grassley. Go ahead with your questions.
    Senator Feinstein. Pardon me?
    Senator Grassley. Do you have any questions?
    Senator Feinstein. I do not have any questions. Thank you.
    Senator Grassley. Let me make clear something I said to the 
Chairman to keep asking his questions, because we need more 
transparency. I do not know exactly how much transparency we 
ought to have. You folks know that. I do not know your 
business. Your number one responsibility is protecting our 
national security. But whatever that balance is between 
security and transparency, we ought to have it, because I 
firmly believe that a lot of these issues that Senator 
Feinstein wants to protect would not be coming up if more had 
been told about it over the last few years. I do not think the 
impact of Mr. Snowden would have--well, I do not want to 
comment on that. But, anyway, I think that in our system, 
transparency brings accountability.
    I am going to start out where I left off, and it is not an 
accusation against the intelligence community if the 
information is accurate. I am going to ask a question, but 
before you want to answer it, I want to tell you why I am 
cynical about these statements about what sequestration and 
what the shutdown will do that you made and other people have 
made, and that comes yesterday with the closing down of the 
World War II Monument. We had World War II veterans coming in 
on honor flights, and they had barricades around something that 
I will bet 24/7/365 I could walk into that any time. And so the 
show of putting barriers around because of a shutdown and 
spending all the money to do it and then to have every other 
department talk about shutdowns causes me to be a little 
cynical.
    Now, I am not putting your work in the same category as the 
Park Service. Do not read me wrong. But if, in fact, 70 percent 
of the intelligence community is now furloughed, if that is 
true, is that an honest assessment that these employees are 
non-essential? I am concerned that if your lawyers have 
determined that 70 percent of your employees are non-essential 
to your mission, then you either need better lawyers or you 
need to make big changes to your workforce.
    Can you tell me whether those reports are accurate or not?
    Director Clapper. Well, first of all, sir, we do not 
consider any of our employees non-essential. But for purposes 
of this law, the criterion is ``necessary to protect against 
imminent threat to life or property,'' so that causes us to 
make some very, very painful choices about who we keep on and 
who we except.
    I would comment on your commentary about the monument 
closures, and that precisely illustrates the challenge we have 
in intelligence on conveying the impacts of these cuts, because 
obviously people see the impact of closing public parks.
    In the case of intelligence, it is insidious. So 
capabilities that we degrade today or give up, we may not see 
the impact of those for weeks or months or for an extended 
period. Much harder to rationalize. But I do not want any doubt 
about the necessity--the importance of all of our employees.
    And as I said earlier, as each day goes by, the impact and 
the jeopardy to the safety and security of this country will 
increase.
    Senator Grassley. General Alexander, my first question. 
FISA Court opinions show that there were significant problems 
implementing 215 phone records that were discovered in 2009, 
showing that the NSA was inadvertently assessing the phone 
record metadata without required reasonable and articulable 
connection to terrorism. Those problems were apparently not 
resolved with the Court until late that year.
    Since then, I understand that every query of the metadata 
is audited by the Department of Justice, and any compliance 
issues must be reported immediately to the FISA Court.
    My first question: Precisely when did the Department begin 
auditing every query of the metadata? Since then, has the 
Department determined on any occasion that the reasonable and 
articulable suspicion standard was not followed?
    General Alexander. So I know of--first I will answer the 
second first and walk backward. I know of no cases where we 
have not followed the reasonable, articulable suspicion 
standard, and it has always been auditable since the inception 
of the program. But the issue you bring out, if I could just 
take 1 minute on that, because we did make a mistake.
    The way we do analysis on the foreign intelligence that we 
collect was to set up what we called an ``alert list,'' and 
that alert list would run against the data that comes in and 
tell us if there was something on a terrorist that--these alert 
lists were terrorist numbers that we were tracking. What we had 
not done is reasonable, articulable suspicion on all terrorist 
numbers. What we were using it for is to say there is a lot of 
activity on this number, you ought to go do reasonable, 
articulable suspicion so you can look into the data.
    It was a discrepancy between our technical folks who set it 
up and our legal folks. And we did it wrong, and we 
misrepresented it to the Court several times in subsequent 
procedures of renewals.
    That drove us to set up a Directorate of Compliance that 
would actually look at the technical side and the legal side 
and make sure we cross-walked this 100 percent. And I think 
that has been successful, and that is something that we worked 
with both the Intel Committees and the White House.
    Senator Grassley. Second to you, how does the NSA handle 
instances when a phone number may have been connected to a 
terrorist group in the past, but NSA knows it is no longer 
associated with that group? Is there a mechanism so that a 
query of the metadata can be done that is limited only against 
the records for certain time periods?
    General Alexander. I am not sure I understand this all the 
way, but let me see if I have got it right. The answer is if a 
number changes from Person A to Person B over the life of it, 
how do we adapt to that? That is a difficult technical issue 
and one that our analysts have to look at, because what you 
would actually get is two sets of called people. Senator 
Sessions has one set of people he talks to. You have a 
different set. What you would see is those sets come together 
in different times. And the answer is, yes, our analysts can 
actually delete the second part and say those are of no 
interest, I am only looking at this first part, because part of 
the Business Records FISA does have a date-time group, a 
duration of call, and the to-and-from number.
    Senator Grassley. I would like to follow up with Mr. 
Clapper on my first question. Does America remain safe even 
with the shutdown?
    Director Clapper. I have to qualify that, sir. I do not 
feel that I can make such a guarantee to the American people, 
and it would be much more difficult to make such a guarantee as 
each day of the shutdown goes by. I am very concerned about the 
jeopardy of the country because of this.
    Senator Grassley. Can I have one more question?
    Chairman Leahy. Of course. I just want to make sure I--what 
you are saying is, it becomes cumulative? You are saying the 
danger and threat become cumulative?
    Director Clapper. Yes, sir.
    Chairman Leahy. Thank you.
    Senator Grassley. General Alexander, I hope you are 
familiar with the Inspector General's letter to me in which he 
provides certain details about 12 documented instances of NSA 
employees intentionally or willfully abusing their surveillance 
authority. The details in it are alarming to me, so I have a 
follow-up question.
    I noticed that almost all of these cases involved NSA 
employees stationed abroad. Does that suggest to you that the 
mechanism to catch this kind of conduct at your domestic 
facilities are somewhat insufficient? And what else could 
account for the disparity?
    General Alexander. So it is much more difficult to track a 
foreign number and understand when somebody is doing something 
on a foreign number that is inappropriate. Those can oftentimes 
be misleading statements by the analyst saying, ``I am looking 
at this for A,'' and actually it is a girlfriend.
    In the United States, it is different. Against a U.S. 
number or against an email address, those are flagged, and the 
system automatically sees that you are doing something against 
a U.S. person and the auditing procedures come in right away.
    Against a foreign number overseas, you do not get those 
flags, but it is an extremely important point to note that even 
on a foreign person, if we make a mistake, we hold our people 
accountable. There is no call for that. It is supposed to be 
against a foreign intelligence purpose, and you saw the outcome 
of those 12 cases, what happened in each one in that letter 
that the Inspector General sent to you.
    Senator Grassley. One follow-up: One of the pieces of 
information I asked the Inspector General for was the law or 
legal authority that the employee violated. As I read the 
response, none of these 12 cases involved either the phone 
records collection program under 215 or the collection program 
under 702. Is that correct?
    General Alexander. That is correct, Senator. And if I 
could, also it is important to note this was over a decade. 
This went from 2003 forward. And, you know, when you look at 
the number of casualties we had in Iraq, seven of those people, 
as you know, were NSA, of those 12. When you look at it, you 
are 3 times more likely to die defending our country in Iraq or 
Afghanistan than committing a willful and knowing violation 
against a foreign or U.S. person.
    Senator Grassley. My last question on this is for Mr. 
Clapper. If you cannot tell us that America is safe, why then 
do you not simply use your authority to furlough fewer 
employees?
    Director Clapper. Sir, we are going to look at that. In 
fact, we are going to do it every day to see where we need to--
what is the right talent set or analytic expertise that we 
need. We are doing that as we speak. So I anticipate, if this 
thing drags out, that we will make adjustments and probably 
recall more people, particularly in NSA's case, since they have 
a heavy military population which are not furloughed. So early 
on, NSA has kept--has excepted a very low percentage of its 
civilian employees. I am confident--I am sure that over time 
that condition cannot continue.
    Chairman Leahy. Unfortunately--one, I happen to agree with 
you, Director, what you say. Unfortunately, we have a law 
passed in the 1800s that is creating a real problem on the 
furloughing. It was passed at a time when nobody could have 
anticipated either the size of the Government or the complexity 
of Government, but it is tying your hands.
    Senator Whitehouse.
    Senator Whitehouse. Thank you, Chairman. Welcome, 
gentlemen.
    We have identified terrorist threats to our country 
overseas. Correct?
    General Alexander. Correct.
    Senator Whitehouse. And we track their electronic 
communications. Correct?
    General Alexander. Correct, Senator.
    Senator Whitehouse. Is it important to know who they may be 
in touch with within the United States, those terrorist threats 
that are overseas?
    General Alexander. Yes, it is.
    Senator Whitehouse. And they might be using intermediaries 
or cutouts between the principal that they are trying to reach 
and themselves. Correct?
    General Alexander. That is correct.
    Senator Whitehouse. That would be Tradecraft 101. Correct? 
So records of call and email connections are necessary to allow 
you to look for those networks. Correct?
    General Alexander. That is correct.
    Senator Whitehouse. Now, in the call and email connections 
are information that has for decades been declared by courts 
and demonstrated by law enforcement practice throughout this 
country to be not within the warrant requirement of the Fourth 
Amendment to the United States Constitution. Correct?
    Director Clapper. Correct.
    Senator Whitehouse. So the program is legal, but it risks 
abuse.
    Director Clapper. You are right.
    Senator Whitehouse. You concede to that. Could you 
describe--and if you want to fill this out with a request for 
the record, an answer for the record--the various oversight 
mechanisms and bodies whose job it is to assure that this 
program is kept within bounds that protect the privacy needs of 
American citizens?
    Director Clapper. Well, yes, sir. First, as General 
Alexander described----
    Senator Whitehouse. How many committees of Congress, for 
instance, have oversight over the metadata program?
    Director Clapper. Well, certainly the two intelligence 
committees do, and I think this Committee as well.
    Senator Whitehouse. And here we are, so here is another 
one, and presumably House Judiciary Committee and subcommittees 
as well----
    Director Clapper. Right, four.
    Senator Whitehouse [continuing]. That are relevant, 
presumably. Correct?
    Director Clapper. Yes, sir.
    Senator Whitehouse. The Subcommittee on Crime and Terrorism 
would have jurisdiction?
    Director Clapper. Could.
    Senator Whitehouse. How many Inspectors General have----
    Director Clapper. Well, the NSA Inspector General 
certainly; my Inspector General, who was Senate confirmed, 
does. So starting with the level of NSA itself, with the 
Director of Compliance that was set up in 2009 and, 
additionally, before shutdown, 300 compliance officers whose 
exclusive duty is to oversee the legal and technical aspects of 
this. That in turn is overseen by my office and the Attorney 
General as well as, of course, the FISA Court, which oversees 
these processes, as well, of course, as----
    Senator Whitehouse. Civil Liberties Advisory Boards?
    Director Clapper. I am sorry?
    Senator Whitehouse. Do you have Civil Liberties Advisory 
Boards?
    Director Clapper. I do. There is a Civil Liberties and 
Privacy Board, although I need to mention that is only for 
counterterrorism purposes. I have by law also a Privacy and 
Civil Liberties officer whose full-time job is to serve as the 
conscience for the entire IC on----
    Senator Whitehouse. If I could ask you just to fill--there 
is a lot, and if you could--I will make these questions for the 
record, if you could get that back, because I do not think 
there has been a clear and simple exposition of what all the 
different oversight mechanisms are, and I would like to get 
that for the record.
    I am concerned that in the wake of the Snowden incident--
let me put it this way: It is not clear to me that any legal 
redress is being considered or sought against either Dell or 
Booz Allen Hamilton, the employers of Snowden at the time that 
he committed his unauthorized release of classified 
information. I do not have the information before me to make a 
detailed analysis of whether the basic doctrine of respondeat 
superior would apply, which makes the employer liable if the 
agent acted within the course and scope of his employment or 
whether this would be an ultra vires act of some kind. But my 
concern is that there--I am not aware of even any conversation 
about that. And as we have seen from classified programs in the 
past, there is a danger that the private contractors managing 
the program begin to wag the dog and that we become so 
dependent on our private contractors that we cannot seek legal 
redress for their misdeeds because, frankly, they are now the 
ones who we depend on to the extent that we cannot use the 
authorities that are pertinent to us as customers.
    General Alexander. Senator, when this incident broke, I 
flew out to Hawaii with some of our folks and talked to the 
people that were involved, including the contracting officer 
representatives, past and present, and what we had done and 
working with our folks on this.
    I will tell you that one of the contracting officer 
representatives did exactly what you would expect her to do. 
When asked to get access to some of this, she denied it to 
Snowden formally. He worked around that, those procedures. But 
I think you can see that those things--so we have asked our 
folks to look at this. We do have that question from you, and I 
would like to take that for the record, if I could, to get you 
the answer.
    Senator Whitehouse. Good. I just want to make sure that 
they are not too big to sue.
    General Alexander. Right.
    [The information referred to appears as a submission for 
the record.]
    Chairman Leahy. Thank you, Senator Whitehouse. You have 
asked the question I want to emphasize. I am very interested in 
that answer, too.
    Senator Hatch is gone. Senator Sessions. Sorry. One of the 
problems of a broken rib, it is harder to turn around and check 
on you, but, Senator Sessions, go ahead.
    Senator Sessions. Thank you. This is an important hearing, 
and I thank you all. I would just note that the House has 
repeatedly passed funding, Director Clapper, to restore the 
Defense Department and not allow the sequester cuts to occur. 
And I hope you have not forgotten the way to 1600 Pennsylvania 
Avenue. I believe the Commander-in-Chief has a responsibility 
here, too, and the law, the Budget Control Act, of which 
sequester was a part, required us to maintain a certain level. 
Whole agencies and departments have gotten zero cuts and 
Defense has gotten too much, in my opinion. The House has tried 
to reconcile that, and I hope somehow we can soon alleviate 
some of the stress on the Defense Department and the 
intelligence community.
    So, number one, I visited NSA, General Alexander, and I was 
so impressed with the leadership there and the people I met, 
and I have said that publicly. So I was deeply disappointed--
hurt, really--to hear that somebody had looked at their 
girlfriend's messages and that kind of thing. Are you saying 
that all of that was abroad first?
    General Alexander. Senator, nine of those were abroad, 
three were CONUS but involved persons abroad on two of those, 
and one was on a spouse or girlfriend----
    Senator Sessions. Well, there is a great temptation there. 
I trust that you stepped up your emphasis and your 
determination not to allow that to happen. Even though it is 
not a large number, it is still unacceptable.
    General Alexander. Absolutely. And I will tell you that 
what Senator Grassley brought out in the letter that we sent to 
him, we are also putting out to our workforce so that more 
people understand what has happened to those people, because 
when you read that----
    Senator Sessions. They have all been disciplined?
    General Alexander. All but one, and in that case, the case 
was insufficient. I do not have the disciplinary actions in 
that one, but all either retired, resigned, received Article 
15s, or letters of reprimand with additional consequences.
    Senator Sessions. Well, I think Senator Whitehouse--and he 
is a former United States Attorney, Federal prosecutor--
clarifying something, and, General Alexander, let me just ask 
you again: So when you are looking at the metadata, you are 
referring to numbers, phone numbers, email addresses perhaps. 
No messaging are in this data. Is that right? No substance of a 
communication?
    General Alexander. That is correct. And, Senator, in the 
metadata program, it is only phone numbers. There are no email 
addresses in it.
    Senator Sessions. Now, Senator Whitehouse in his time as 
United States Attorney probably issued subpoenas, thousands, 
maybe ten thousand. In my 12 years as United States Attorney, 
no telling how many thousand subpoenas we have issued----
    Senator Whitehouse. Rhode Island is more law-abiding than 
that, Senator Sessions.
    [Laughter.]
    Senator Whitehouse. It was just in the hundreds.
    Senator Sessions. We had plenty of crooks in my district, I 
can assure you.
    [Laughter.]
    Senator Sessions. The point of which is, it does not 
require a search warrant to obtain from the telephone company 
the person's call records. That is done by simple subpoena 
without--it is simply--and the test is: Is it relevant to the 
investigation? So if somebody is thought to be a member of a 
gang and he says he does not know Bad Guy 1 and you subpoena 
his records and he has got 50 phone calls and 20 of them were 
within an hour of the crime occurring, then that is hugely 
valuable, and that is just done all the time.
    So we need to understand that the fundamental process here 
is well within, it seems to me, the traditions of our ability 
to subpoena--the records are in the possession of the phone 
company. They are the phone company's records. They are not 
your personal records. And that is the difference in it.
    Senator Feinstein's story was so fabulous, Mr. Clapper. It 
just laid the whole structure out for us. I know you have said 
this before, but could you tell us, did these leaks negatively 
impact your ability to be as effective as otherwise if they had 
not happened, and did it hurt our ability to identify an attack 
in the future?
    Director Clapper. To my mind, there is absolutely no 
question about that. We are already seeing signs of changes in 
target behavior because of their awareness as a result of the 
revelations in these unauthorized leaks. It has done great 
damage to partners overseas and our relationships with them. 
People's lives are at risk here because of data that Mr. 
Snowden purloined. So the damage, the full extent of it is yet 
to be measured.
    Senator Sessions. Well, I thank you for your work, and my 
impression from the people I have met at NSA is that they are 
dedicated, wonderful Americans who are working every day to 
preserve and defend this country, unlike Mr. Snowden, who 
damaged this country. And, fundamentally I think that we can do 
a better job of monitoring it, and the American people, I am 
glad to say, are alert. They are not going to tolerate abuses, 
and they should not. And the press has a right to do their job 
within the realm of law. But I hope that--it is unthinkable 
that we would dismantle this program, and I would certainly 
oppose that.
    Thank you, Mr. Chairman.
    Chairman Leahy. It appears a lot of it is being dismantled 
by the Government shutdown, but that is just my view.
    Senator Klobuchar.
    Senator Klobuchar. Well, thank you, Director and General.
    Chairman Leahy. And I would note that in about 15 minutes I 
am going to be slipping out, not because--I am telling you in 
advance so you will not think it is because of anything you 
said. Senator Blumenthal is going to take over the chair.
    Senator Klobuchar.
    Senator Klobuchar. Thank you very much, Director and 
General. I want to go back to some of your earlier comments 
about the effect of the shutdown on the intelligence community. 
I think it is very important as we sit here today. I note that 
in your testimony you talked about how 966 Ph.D.s, 4,374 
computer scientists, really 72 percent of the civilian 
workforce in the intelligence community are not going to be 
able to do their jobs right now, and that includes people who 
are connecting and collecting signals, engineers who put the 
systems back together, people who are on the ground across the 
world.
    You indicated that the law requires you to furlough 
employees not involved in addressing an imminent threat. Is 
that right, Director Clapper?
    Director Clapper. That is correct: against an imminent 
threat to life or property.
    Senator Klobuchar. But is it not true that a threat that is 
not considered imminent today could be imminent tomorrow?
    Director Clapper. Exactly. That is why we have to manage 
this on a day-to-day basis as best we can.
    Senator Klobuchar. So you would have to figure out if a 
threat is imminent and spend time doing that with your lawyers 
and then add someone back in?
    Director Clapper. That is exactly right, and we will have 
to shuffle people in and out depending on what we believe the 
concern of the day is.
    Senator Klobuchar. But you clearly see it as a risk to 
security?
    Director Clapper. Absolutely.
    Senator Klobuchar. And in your assessment, how much risk 
are we exposed to because we have had to furlough our 
intelligence professionals who are covering issues that you 
cannot define right now as ``imminent''?
    Director Clapper. Well, I do not know if you want 
mathematical quantification, but certainly on a percentage of 
our civilian professionals, you know, the risk is, you know, 75 
percent more than it was yesterday, I guess.
    Senator Klobuchar. Thank you very much. I think that is 
pretty significant. I appreciated Senator Feinstein's comments 
she made on the floor about this, and I know she cannot give 
out all the information, nor can you. But I think people have 
to understand that this is a significant layoff that we are 
dealing with right now, temporary as it may be. These threats, 
as I have learned, change from day to day, and you need people 
on the ground to be able to respond to them. So thank you for 
that.
    I wanted to go back. I thought our July 31st hearing was 
good and informative on the surveillance programs, and then 
right after that, I was a little surprised--and I know the 
Chairman mentioned some of this, but in mid-August the media 
began reporting about an internal audit from May 2012 which 
found that the NSA violated privacy rules over 2,000 times. We 
have gotten into some of those facts and what that really 
means, and I am just concerned about why that did not come out 
during the hearing.
    General Alexander. So, Senator, every quarter, internal to 
NSA, we put together compliance reports that track both under 
the Business Records FISA, 702, 703, -4, and our Executive 
order. We compile that because we hold our people accountable 
to it.
    Included in there are incidents. These are not privacy 
violations. These are incidents. And then we pass those up to 
the Department of Justice, to DNI, so that everybody knows that 
everything that we see has been tracked. It is important to 
note that the majority of those, roughly 75 percent, of those 
incidents are not privacy violations. Those are us tracking----
    Senator Klobuchar. No, I understand that. My point is more 
of a process one, that we have a hearing and then we find out a 
week later that these audits were out there that we did not 
learn about at the hearing.
    General Alexander. Yes, so I think what we were going over, 
we have a number of incidents that we track on 702 and 215. 
That is what we are talking about here. Most of these incidents 
that are in these reports reflect us typing in a wrong number, 
doing a search on Individual A overseas. So these are what we 
will call minor violations. The major ones were the ones that 
we brought up, which were----
    Senator Klobuchar. Okay. I actually do understand----
    Director Clapper. I think the answer to your question, 
Senator, is that the subject matter of the hearing was 215 and 
702, and these 12 violations over 10 years occurred under--the 
foreign collection under the auspices of Executive Order 12333.
    Senator Klobuchar. All right. It is just that I thought we 
were kind of broadly asking questions, and it would have been 
nice to have heard about it there, but that is behind us now, 
and I want to talk about some of the reforms that have been 
suggested. You know, there is legislation out there. One of the 
reforms that President Obama has supported is the idea that we 
would have a privacy watchdog installed at the NSA, and an 
intelligence community website would be created to disseminate 
public information on the activities. What is the status of 
these reforms?
    General Alexander. So on the first one, we do have a hiring 
action out on the street. It is probably stopped right now 
because of the furlough, but we do have one for our civil 
liberties privacy advocate for NSA.
    Director Clapper. And we have activated a web page under my 
office to put out this data.
    Senator Klobuchar. Okay. And you suggested a court-
appointed amicus for cases that involve novel and significant 
questions of law. I am just interested in how this would work 
in practice. What is an example of a novel and significant 
case?
    Director Clapper. Obviously, we are getting a little out of 
our compartment here and more into the Department of Justice, 
but some form of an advocate or amicus who would be a 
participant when called upon by the court to address issues of 
law or major surveillance questions. But I think we would need 
to defer to the Department of Justice on exactly the mechanics 
of how the administration would recommend that work.
    Senator Klobuchar. Okay. Thank you. And did you want to add 
anything, General?
    General Alexander. I agree with what he said. I learned 
what an amicus was during these briefings, so it has got to----
    Senator Klobuchar. Okay. Well, I will have some follow-up 
questions on the record, but I did want to again emphasize that 
it is really important that people understand that 72 percent 
of the civilian workforce of the intelligence agencies is now 
on furlough and the effect that that could have on our national 
security and the reason that we have to end this shutdown.
    Thank you.
    Chairman Leahy. Senator Graham.
    Senator Graham. Thank you both for your service. From my 
point of view, I am sure every organization makes mistakes, and 
if anybody has abused these programs to spy on their spouse or 
to spy on their neighbor or to do something in that fashion, I 
hope they go to jail, because I think most of the people in the 
NSA would like that outcome, because that is not exactly what 
you are there to do. Do you agree with that, General Alexander?
    General Alexander. Senator, I agree that they should be 
punished, and depending on the action, how harsh----
    Senator Graham. Yes, I mean, whatever the appropriate 
punishment is, but they are outliers.
    General Alexander. That is right, Senator. In fact, two of 
them were done under Field Grade Article 15s.
    Senator Graham. Right.
    General Alexander. And when you actually look at what they 
did, you can see that, okay, we trained them, they immediately 
did something wrong, they got no return. Oh, by the way, they 
just asked the question. They did not get information back. But 
they did something wrong, and they were held accountable.
    Senator Graham. Good. The point is that when you do things 
wrong, you should be held accountable. When you do things 
right, you should be appreciated. I think both of you are 
trying to do things right to protect our Nation, and I 
appreciate everybody that works for you, because I know many of 
them, and they are patriots as much as anybody who criticizes 
the program.
    All right. Did you tell the President of the United States 
what you just told us, that because of the Government shutdown, 
our Nation is less secure?
    Director Clapper. Yes, I did.
    Senator Graham. What did he say?
    Director Clapper. We discussed it yesterday.
    Senator Graham. Well, you just scared the hell out of all 
of us--at least I am scared, when you are telling me that 70 
percent of the NSA is unable to go to work, not because they 
are necessary but because of the statute, the way it is worded. 
Both of you made very clear presentations to this Committee 
that the Government shutdown in a post-9/11 world is making 
this Nation less safe. Is that right, General Alexander?
    General Alexander. That is correct, Senator.
    Senator Graham. Is that right, Mr. Clapper?
    Director Clapper. Absolutely. Yes, sir.
    Senator Graham. Well, to Mr. Gibbs, who told the 
President--his political adviser, former press secretary, he 
advised the President to just watch the shutdown. Do you think 
that is a responsible thing for the President to do as 
Commander-in-Chief, to not negotiate or just watch the 
shutdown?
    Director Clapper. Well, I am not going to--I would like to 
avoid the----
    Senator Graham. Well, you do not have to. I will give you 
my own opinion. I think it is irresponsible for all of us to 
let it continue, but where the hell is the Commander-in-Chief? 
If you really told him that, that our Nation is less safe and 
every day that goes by we are being less capable of detecting 
potential terrorist attacks against the homeland and the 
approach is to just watch time go by, why are the Members of 
the House and the Senate not in the White House right now to 
try to solve this problem?
    One of two things is true: You are telling us the truth, 
and the Federal Government leadership on both sides are 
ignoring it, particularly the Commander-in-Chief; or, you are 
overstating the case. I think you are telling us the truth, so 
I am not even going to go down the road you are overstating the 
case. But I want the American people to know there are 
shutdowns before 9/11 and there are shutdowns after 9/11, and 
there is a huge difference. And for the President of the United 
States, for our House Democrats to not negotiate, is 
irresponsible. For our Republican Party not to try to find a 
way to end this mess is irresponsible. So I hope that the 
President will do more than watch.
    Now, about 9/11, General Alexander, if we had had the 
technology and the programs in place today before 9/11, what 
would be the likelihood that we would have detected that 
attack?
    General Alexander. Senator, in my professional opinion, it 
would have been very high.
    Senator Graham. Do you agree with that?
    Director Clapper. I do.
    Senator Graham. I am here to tell the American people, if 
we had in place today before 9/11, the 19 hijackers who were 
here in the country, most of them in legal status, talking to 
people abroad, we would have known what they were up to. We 
would have known why the guy was just taking flying lessons to 
take the plane off and did not care about the part of the 
flying lessons to land it, which was kind of odd to me--I want 
to pay for flying lessons, but I do not care to learn to land 
the plane.
    So at the end of the day, my question to both of you is 
simple. Let us reform this program where it has gotten out of 
line. Let us be sensitive to the political--to the 
constitutional rights we all have. But here is my question: 
What is being proposed in terms of reform, will it make us less 
able to detect the next 9/11? Are we going back to that pre-9/
11 mentality? That is the question for me. Is the Congress 
taking us back to a time when we could not pick up a threat 
that was right in front of us?
    Director Clapper. Well, Senator, there are several 
proposals that have been proposed in the form of bills, and I 
guess our basic reaction to this is we are open to changes to 
make this more transparent, for more oversight, but in doing so 
we do not want to overcorrect such that we lose the operational 
utility and the agility of these programs.
    Senator Graham. Same for you, General Alexander. Will you 
tell me when you think we have crossed that line?
    General Alexander. Senator, absolutely. I feel it is my 
responsibility to tell you and the Director of National 
Intelligence and the President that they are going to hurt us.
    Senator Graham. Very quickly. About the times in which we 
live, are there active efforts by terrorist organizations to 
penetrate the United States?
    General Alexander. Yes.
    Director Clapper. Absolutely, yes, sir; as we speak.
    Senator Graham. Do you believe there are people probably 
already here as part of a fifth column movement?
    Director Clapper. There are sleeper--there is sleeper 
presence, absolutely. I would not call it a unified fifth 
column. There are various entities----
    Senator Graham. Fair enough, and I will end with this 
thought. My goal is to make sure that if a known terrorist, al-
Zawahiri, who took bin Laden's place, if he is calling someone 
in the United States, I want to know who he is talking to. Is 
that a fair thing for me to want for my country?
    Director Clapper. Yes, sir, and I think it is a fair 
requirement for any citizen.
    Senator Graham. And is it also fair to say that before you 
can keep the content or do something with the content, you have 
to get a warrant?
    Director Clapper. Yes.
    Senator Graham. Last thought. Are we at war as a Nation 
with radical Islam, or are we fighting a crime? And what is the 
difference when it comes to gathering intelligence between 
fighting a war and fighting a criminal enterprise?
    Director Clapper. Well, one difference--and it is more of a 
tradecraft difference--is the evidentiary standard that we 
struggle with since we are dealing with wispy hints, bits and 
pieces of information that probably do not necessarily meet the 
probable cause standard. That is another consideration we have 
with changes to these laws.
    General Alexander. Senator, I do believe it is a war on 
terrorism, my words, and that what we are seeing today is going 
to get worse with what we are seeing go through the Middle 
East, what is going on in Syria, the actions in Iraq over the 
last week, and in Afghanistan. The week concluding 23 
September, 972 people were killed in Kenya, Yemen, Syria, Iraq, 
Afghanistan, and Pakistan, and over 1,000 injured. When you 
look at what we--the relative safety we have here, it is no 
accident. It is the work of our military and our intelligence 
community keeping this country safe, and we need the tools to 
do that.
    Senator Blumenthal [presiding]. Thank you, Senator Graham.
    Senator Klobuchar. Mr. Chairman, I just wanted, in response 
to Senator Graham, to let him know that a few minutes ago the 
White House just announced that the congressional leaders had 
accepted their invitation to come and meet today. So they must 
have heard you from here, but also, again, if we would pass the 
Senate bill, the House would pass the Senate bill, then the 
shutdown would end. I think that is important for people to 
know.
    Senator Blumenthal. Thank you, Senator Klobuchar.
    Senator Franken.
    Senator Franken. Thank you, Mr. Chairman.
    Director Clapper, General Alexander, you and your employees 
protect our country, and I am grateful for that. Thank you.
    I have a bill, the Surveillance Transparency Act, that will 
address what I think is the central problem in this debate, and 
that is the fact that, despite the large amount of Americans' 
information that is being collected under the foreign 
intelligence law, those laws lack any substantial public 
reporting requirements. The Government does not have to give 
even a rough estimate of how many Americans' information is 
being collected, and it does not have to tell Americans how 
much of their information is actually seen by national security 
officials.
    What's more, the companies that get information requests 
are under strict orders, strict gag orders, so they are not 
allowed to give the public information.
    The American people are smart. They understand that we need 
to give weight to both national security and civil liberties. 
But when the public lacks even the most basic information about 
the scope of these programs, they have no way of knowing if we 
are getting that balance right.
    My bill would change this. It would make the Government 
give annual statistics on the number of Americans' information 
collected and the number whose information is actually 
reviewed. It would also let companies disclose agreements and 
disclose aggregate statistics on the number of requests they 
get and the number of accounts affected.
    I am very pleased to report that yesterday morning 
America's leading tech companies from Apple to Google to 
Microsoft to Facebook to Twitter to Yahoo, all of these 
companies sent a letter supporting my bill, urging this 
Committee and Congress to pass it. And, without objection, Mr. 
Chairman, I will enter a copy of this into the record.
    Senator Blumenthal. Without objection.
    [The letter appears as a submission for the record.]
    Senator Franken. For my first question, I just want to give 
an example of why I think greater transparency is so 
desperately needed. As Senator Grassley and Senator Leahy 
indicated, this past Saturday, The New York Times ran a story 
alleging that NSA gathers data on the social connections of 
U.S. citizens. The article gave a series of examples of the 
kind of sensitive data that is allegedly collected to create 
detailed graphs of some Americans' social connections. Both of 
you have clarified some of the inaccuracies in that story.
    But here is the thing. If Americans knew that this kind of 
collection was limited to a small number of people, people who 
we have reason to believe are foreign agents or involved in 
terrorism, I frankly think that most of them would be fine with 
that. But there is nothing in that article that gives any sense 
of whether this affects tens or hundreds or thousands or 
millions of people, and that is because the information just is 
not out there. This lack of information, frankly, scares people 
and causes distrust. It makes them distrust our Government.
    Director Clapper, General Alexander, don't you think that 
this just underscores the need for greater transparency about 
our surveillance programs?
    Director Clapper. Absolutely, sir, it does, Senator 
Franken, and just a couple comments about the bill.
    We were already, I think, in agreement on releasing the 
total number of orders or other process issued under various 
national security authorities, including FISA, and the total 
number of targets affected by those orders. And we are fine 
with allowing the providers to release annually the total 
number of Government requests or orders they receive for 
information about their customers and the total number of 
targets affected by those orders and certifications.
    What we are concerned about, just to be up front here, is 
the stipulation on a company-by-company basis, because then 
that gives the adversaries, the terrorists, the prerogative of 
shopping around for providers that are not covered.
    I do agree with you about doing all we can to assure the 
public of what a small proportion of these records are actually 
looked at. A case in point with 215, while the metadata stood 
at rest in essentially a lockbox, there were, I think, only 288 
queries that were actually made, which is actually in the total 
scheme of things a minuscule part of the records.
    Senator Franken. That is sort of the point. I will let you 
answer the question, General, but I just want to respond to 
that. Those are good, positive steps that you are talking 
about. But I have to be honest. I think it is just too little 
and it is not permanent. You know, first of all, the numbers of 
orders will not tell us all that much.
    For example, in 2012, there were only 212 orders issued 
under Section 215 of the PATRIOT Act. That seems like a small 
number, but now it has been declassified that a small number of 
those orders allowed the Government to collect substantially 
all of the telephone metadata handled by most of the country's 
leading telephone companies. What is more, these disclosures do 
not reveal even an estimate of how many Americans had their 
information collected, which you just mentioned. So I do not 
understand why we cannot mention that as part of the law. And 
what you are doing is sort of voluntary, and it is not 
permanent. So if you would change policy and we get another 
administration in that wants to change the policy, then that 
does nothing.
    General Alexander. Could I add to this? On the 288, the 288 
numbers were approved for reasonable, articulable suspicion to 
then do queries on.
    Senator Franken. Okay. So queries are the higher number.
    General Alexander. You might do it twice in a week, so that 
would actually be--but only 288 numbers. I think that is a key 
point.
    I agree with transparency and with what Director Clapper 
has put out. There are two parts of this. He mentioned the 
first part. The second is those companies that are compelled, 
especially under 702, are compelled to cooperate with the 
Government. They are not throwing NSA any information. They are 
not doing something inappropriate. And it is interesting to 
note that other countries demand the same of them.
    And so what our companies are doing is what our Nation 
needs them to do to help us stop terrorists and other acts. 
They are compelled in other countries in a lawful intercept way 
just the same. And so I think out of this, one of the things 
that concerns me is those companies who have acted on good 
faith--and you mentioned several of them--they are trying to do 
the right thing that we as a Nation have asked them to do, and 
it is being blown way out of proportion as if they have opened 
up their servers and stuff, and you now know that is not true.
    So I do think the transparency is very important because it 
tells you the numbers, and I think people would stop and say, 
``Well, that is it?'' And I think--so we have just got to 
figure out how to do that in such a way as to not tip the bad 
guys off to go to Point A or B. Does that make sense?
    Senator Franken. Yes. Mr. Chairman, could I--I know others 
have gone over their time. We do not get these two witnesses 
before us very often. Can I just ask one last quick question?
    Senator Blumenthal. I know if I denied you that 
opportunity, I would hear about it forever, so I am going to 
say yes.
    Senator Franken. I am not sure what that says about me, or 
you, but----
    [Laughter.]
    Senator Blumenthal. I just thought I would be your straight 
man, as usual.
    Senator Franken. Yes, thank you.
    I think one of the issues--there is trust and distrust, et 
cetera, that issue. One of the issues is the ability to--we see 
Snowden, a contractor, and he releases all this stuff. Has 
there been any thought given to doing--and where are we on 
thinking about this--two key or three key situations where, you 
know, I know that on some of the stuff that has been leaked 
that there is--and I have been briefed that we have used 
backups where someone does something, other people are alerted 
to it. Is there any change that we are making, we are talking 
about making in the way that stuff is accessed?
    General Alexander. We are making significant changes, and 
we can send you the complete report, because some of it gets 
into a classified area, but we have implemented the two-person 
control on devices into certain rooms and stuff, and we are 
piloting part of that for the intelligence community, but I 
will let the Director----
    Director Clapper. Well, there are two things underway, sir, 
that we have to--which are not going to be fixed by close of 
business next Friday. One is to go to a system of continuous 
evaluation for people who are cleared as opposed to the current 
system where someone is given an initial clearance and then 
they go 5 years or more for a top secret clearance or 10 years 
for a secret clearance. That system has got to change so we can 
do this continuously.
    Moreover, we have to finish what was started in the 
aftermath of WikiLeaks for insider threat detection. So we have 
more comprehensive means of detecting anomalous electronic 
behavior of people on the job. I can give you a lot more detail 
on that if you would like for the record.
    Senator Franken. Thank you. And thank you, Mr. Chairman.
    Senator Blumenthal. Thank you, Senator Franken.
    Senator Flake.
    Senator Flake. Thank you, Mr. Chairman. Thank you both.
    Let me follow a little bit on the lines of Senator Graham's 
comments. I was not here for your initial testimony, but I 
understand and I read from the press reports, Director Clapper, 
that you talked about the furloughs and about the shutdown and 
the negative impact that is having on the intelligence 
services, and I certainly get that.
    As you are aware, 2 days ago we passed through legislation 
quickly, very quickly, unanimously, to protect the military 
from this shutdown. Have you recommended to the President that 
he recommend to the Congress that we do something similar for 
the intelligence services? If this is, as you have put it, a 
``dreamland'' for our enemy here, would that not be 
appropriate?
    Director Clapper. I certainly think it would be, and, of 
course, the support to the military, particularly in the case 
of DOD, involves three combat support agencies, one of which is 
NSA, who, although funded in the National Intelligence Program, 
are providing support to the military day in and day out. So I 
would be a strong supporter of that.
    Senator Flake. Right. I understand there is some overlap. 
But where there is not, and you are mentioning 70 percent of 
civilian employees in the intelligence agencies have been 
furloughed. Is that correct?
    Director Clapper. That is as of yesterday. Now, as I also 
hasten to point out, we are going to manage that on a day-by-
day basis.
    Senator Flake. Right.
    Director Clapper. Right now, for example, NSA has a very 
low number of excepted civilians, depending on their military 
population, which, of course, was not furloughed. To the extent 
that this shutdown drags on, we are going to have to make some 
daily adjustments and make judgments about bringing people back 
on a day-to-day basis.
    Senator Flake. Well, I would hope, if the situation is as 
dire--and only you know. We do not have access day to day to 
the intelligence here. But if it is as you say--and I believe 
that it probably is--then I would believe it would warrant the 
President saying, okay, whatever you do, however long this is 
going to last, we have got to make sure that we are collecting 
the necessary intelligence. I can guarantee you both the House 
and the Senate would move expeditiously to do this, so if it 
really is a problem--and I believe it is--I trust that you will 
make that recommendation to the President.
    Director Clapper. Yes, sir, I will. And, again, I would--I 
am not sure you were here, but I would again commend the 
statement that Senator Feinstein made on the floor yesterday 
about this.
    Senator Flake. Thank you.
    General Alexander, last June I questioned the FBI Director 
with regard to the retention of data collected under--the 
metadata under 215. He testified that data collected under 215 
is scrubbed every 5 years, or after 5 years, I think on a 
rolling basis. Is all metadata collected under other 
authorities also discarded after 5 years?
    General Alexander. So for NSA, it depends on the type of 
data. So in the metadata repository for 215, as you stated, it 
is aged off after 5 years by court direction. If there is a 
report, that, of course, would not be aged off. That report 
will stand just like other intelligence activities.
    Within the Executive Order 12333 metadata repositories, it 
depends on the size of the repository and the type of data that 
is being done, but generally speaking, it is 5 years. There may 
be pieces of information that we retain longer than are of 
intelligence value overseas that are different than the ones we 
have in the United States. But that is all that NSA has in 
those areas.
    Senator Flake. I understand that foreign is handled 
differently. But if you have metadata that is collected under 
separate authorities, not just 215, is that bunched together in 
a way that it is retained beyond 5 years? Or how do you 
separate it? Do you hold it separately? How does that work?
    General Alexander. So NSA--I do not know of any other 
programs that would collect metadata in the United States 
outside of 215. We do not have any that I know of, and none 
have come up. So from my perspective, those would be with other 
agencies--yes, and the overseas is the one I explained. Does 
that make sense?
    Senator Flake. Okay.
    General Alexander. So I do not have any other. Telephone, 
there was an old program that we talked about, you know, that 
was stopped a few years back, and all that data was destroyed. 
That was on email. So we do not have any----
    Senator Flake. I trust when you say that there are no 
programs that I know of that you would know of them.
    General Alexander. Hopefully so, especially after the last 
3\1/2\ months.
    Senator Flake. Thank you, Mr. Chairman.
    Senator Blumenthal. Thank you, Senator Flake.
    Senator Coons.
    Senator Coons. Thank you, Mr. Chairman, and thank you, 
General Alexander and Director Clapper, for your testimony and 
for your service. I do think that the way for us to proceed is 
not to have--sort of carve out simple exceptions for different 
pieces of the National Government that we all consider vital to 
our security, but to end the shutdown, which Speaker Boehner 
can do at any moment by simply taking to the floor what has 
been passed by the Senate and allowing an open vote on it. But 
I will take seriously into account your expressed concerns. It 
does seem to me alarming if more than 70 percent of your 
civilian workforce is furloughed, and it is my hope that you 
will be reviewing on a rolling basis whether or not this is 
exposing us in any significant way. Your comments at the outset 
were a reminder.
    I, as you may know, also chair the Africa Subcommittee and 
recently spoke to our Ambassador in Kenya about the ongoing 
investigation and things we need to learn and be more attentive 
to that comes out of that tragically significant event in 
Nairobi.
    I do think that the work of the intelligence community is 
valuable, but as many of my colleagues have spoken about, 
events over the last few months have raised real concerns 
across the country, and I appreciate your stated interest in 
finding a better balance between transparency, civil liberties, 
a commitment to privacy, and yet fulfilling your duties.
    So let me, if I might, turn to that because there are a 
number of pieces of legislation introduced, being considered by 
Members of this Committee, that I think can make some positive 
contribution to resolving the legitimate anxiety many Americans 
feel about whether their privacy is being appropriately taken 
into account.
    General Alexander, you have argued both here and in other 
contexts in support of bulk collection that, in order to find 
the needle in the haystack, you have to have the haystack. But 
the very fact the NSA can tell so much about a target through 
detailed analysis of non-content bulk data, metadata, indicates 
to me that there is at least some privacy interest at stake--
maybe not a constitutional privacy interest given current 
constitutional doctrine, but a privacy interest in the sense 
that the NSA can cobble together through these random threads, 
can weave a profile of a person that can ultimately contain 
quite private details.
    Shouldn't Congress be concerned about protecting that sort 
of privacy interest against unwarranted intrusion, or you? And 
what do you suggest we should do about this together?
    General Alexander. Well, I think given the standard and the 
way it has been written, this is a lower standard than probable 
cause. Now, I am not a lawyer, so I would defer to Justice. But 
what we are talking about is in each case, when we go to query 
the Business Records FISA, we start out with a selector: Is it 
associated with al Qaeda or associated terrorist groups? So 
that is the nexus of our question. And it is really what you 
would want us to do, and it is the least intrusive.
    What we are doing is, we will look at that, create one, 
two, and potentially three hops out, and see if there are other 
nexus and numbers of interest. We know no names on the U.S. 
side. It is just numbers. If we see that, and other connections 
to foreign from some of those numbers, we would then tip that 
to the FBI. The FBI would then go through the appropriate 
process, and in this case they would have to come up with a 
probable cause standard to go after the content there.
    That was a long-winded answer to say--and I apologize for 
that--I believe the appropriate standard is there, and the 
courts agree with it. And I think Judge Eagan's statements were 
really pretty good in this area. They were excellent. We try to 
do that by ensuring that every time we look at it, you and 
others can audit, see what we did. You know, we audit it, we 
document it, and it is from my perspective very precise in what 
we do. Then and only then do we look into the data.
    So what that means from my perspective is the chances of my 
number being looked at are so many zeroes out that I am 
comfortable. My data, I am sure, is in there.
    Does that make sense?
    Senator Coons. That is a helpful answer.
    Director Clapper, I would be interested then, given the 
answer just given by General Alexander, if you can articulate 
for the American people why the Government ought not to be 
required to show that the information, such as bulk data, that 
it seeks under our surveillance authorities pertains to an 
agent of a foreign power, his activities, or persons with whom 
he is in contact, rather than this mere relevance standard?
    Director Clapper. Well, as we mentioned earlier--and, 
again, we are getting into the lawyer area here, but----
    Senator Coons. This is the Judiciary Committee. We have a 
tendency----
    Director Clapper. I understand. I think the difference here 
is in the evidentiary threshold or evidentiary standard for a 
probable cause versus what we deal with in intelligence. And 
all we are looking for here are investigatory leads which may 
not necessarily meet the probable cause standard. Ergo, we have 
relied on this reasonable, articulable suspicion as the basis 
for that.
    Now, one of the proposals that has been made is to have 
greater court scrutiny of these RAS determinations. I think we 
would be fine with doing that after the fact on a regular 
periodic basis so that any of these queries made under a 
reasonable, articulable suspicion standard as opposed to 
probable cause, which is higher, we would be fine with.
    Senator Coons. Well, what we are going to pursue is sort of 
reasonable suspicion of what, and so one of the ways that I 
think we can deal with this yawning gap of sort of trust and 
confidence by the American people about their privacy and your 
charge to defend our security is by narrowing in on exactly 
what is the standard under which these searches are being 
conducted. And I also will simply repeat what I think was 
Senator Franken's solid point, that you have made some very 
significant progress in terms of transparency and commitment to 
response to congressional oversight, but temporary changes in 
policy and practice do not provide lasting assurance. Changes 
in statute will.
    Director Clapper. I completely agree with that, that if 
these changes, whatever they are, are embedded in law, that 
will instantiate a degree of permanence that our doing it 
administratively would not.
    Senator Coons. Thank you.
    Thank you, Mr. Chairman.
    Senator Blumenthal. Thank you, Senator Coons.
    Senator Cruz.
    Senator Cruz. Thank you, Mr. Chairman.
    Director Clapper, General Alexander, I thank you for being 
here. I thank you for your service to our Nation.
    I would like to address two topics: one, the issue of the 
impact of the Government shutdown on the intelligence 
community, and then I would like to follow up with some 
specific questions about the many privacy concerns that have 
been raised.
    With respect to the shutdown, I think the testimony that 
the two of you have provided today is deeply disturbing. That 
70 percent of the civilian intelligence force has been 
furloughed is reason for concern to everyone, and I very much 
agree with Senator Lindsey Graham who observed that the person 
who should be most out front correcting this is our Commander-
in-Chief. And I do not believe President Obama should be 
playing politics with this. He should not be refusing to 
negotiate or compromise. He should be stepping forward to 
correct this problem right now.
    As Senator Flake noticed, this week we saw what Congress 
can do when there is a bipartisan cooperation to address a 
need, namely, earlier this week the United States unanimously--
the United States Senate unanimously passed legislation that 
the House had already passed to fund the men and women of our 
military. It was the right thing to do. I took to the Senate 
floor to commend Majority Leader Harry Reid for not objecting 
to that legislation, for agreeing not to hold the men and women 
of our military hostage regardless of what happens in this 
Government shutdown.
    Director Clapper has presented a recommendation here to 
this Committee today that the intelligence community needs to 
be funded, and I have heard the concerns raised by my friend 
Senator Klobuchar, my friend Senator Coons. I hope we can see 
bipartisan cooperation today, Republicans and Democrats in the 
Senate agree to come together today to pass a clean continuing 
resolution funding the Department of Defense and our 
intelligence communities. If the Senate cooperates, we could 
get this passed by the end of the day. We could respond to the 
national security threat these two gentlemen have laid out. And 
the only impediment to doing so is the prospect that Majority 
Leader Harry Reid would object to doing so.
    If, God forbid, we see an attack on the United States 
because the intelligence community was not adequately funded, 
every Member of this Committee would be horrified. So I hope 
that issues of partisan politics can be set aside and we can 
all come together and pass right now by the end of the day a 
continuing resolution to fully fund the Department of Defense 
and the intelligence community. I hope President Obama, I hope 
Majority Leader Harry Reid hear and respond to the candid and 
heartfelt recommendation, Director Clapper, that you presented 
here today.
    Let me move on to the second topic: the issue of privacy. 
General Alexander, in a recent Senate Intelligence Committee 
hearing, when asked about whether the agency wants ``the phone 
records of all Americans,'' you testified, ``I believe it is in 
the Nation's best interest to put all the phone records into a 
lockbox that we can search when the Nation needs to do it.''
    Besides phone records, what other records of all American 
citizens do you believe the Federal Government should be 
collecting?
    General Alexander. I cannot think of any right now. There 
has been--so thanks, Senator, for that question, because 
earlier this came up about the Saturday article. We do not 
collect in bulk all those things that were said. Those were 
focused on foreign, but they did not have foreign vote or 
foreign X in front of it.
    From my perspective, I cannot think of other bulk records 
that we would need, like phone. I do think as we look at the 
phone data, we are going to have to look at how that changes as 
we bring mobility, and that has been the question of it, and so 
we released to the Intelligence Committees today clarification 
so they understood the difference on locational data and those 
requirements.
    I do think that right now we are going to have to evolve as 
the threat evolves, but I cannot think of any, and that was a 
long-winded--I cannot think of any. I apologize.
    Senator Cruz. Also before the Intelligence Committee, 
General Alexander, you declined to answer whether the NSA had 
ever tried to gather data about the location of phone calls, 
and there was some suggestion from Senator Wyden that this was 
a classified matter.
    My question to you is: In your personal opinion, do you 
believe the NSA needs to collect GPS location information on 
American citizens to prevent terrorism?
    General Alexander. So we did send a statement to the 
Intelligence Committees, and if I could just read it real 
quick, because it addresses what your question is:
    ``As NSA has previously reported to the Senate and House 
Intelligence Oversight Committees, NSA does not collect 
locational information under Section 215 of the PATRIOT Act. In 
2010 and 2011, NSA received samples in order to test the 
ability of its systems to handle the data format, but that data 
was not used for any other purposes and was never available for 
intelligence analysis purposes. In a 25 June 2013 closed 
hearing with the Senate Select Committee on Intelligence, NSA 
promised to notify the Congress before any locational data was 
collected. Moreover, as noted in the Foreign Intelligence 
Surveillance Court's most recent opinion''--I think it is 
called Footnote 5--``on the program, the Government would also 
be required to seek the Court's approval of the production of 
locational data before acquiring it under this program.''
    I would just say that this may be something that is a 
future requirement for the country, but it is not right now, 
because when we identify a number, we can give that to the FBI. 
When they get their probable cause, then they can get the 
locational data that they need. And that is the reason we 
stopped in 2011.
    Senator Cruz. Thank you, General Alexander.
    If I may ask one brief follow-up question?
    Senator Blumenthal. Sure.
    Senator Cruz. Thank you, Mr. Chairman.
    Absent a search warrant particularized to an individual 
suspected terrorist, does the NSA currently have the ability 
and access to voicemail content, to text messages, or to 
financial records that are now being collected by the CFPB on 
millions of American citizens?
    General Alexander. I apologize. I am not familiar, Senator, 
with CFPB.
    Senator Cruz. The Consumer Financial Protection Bureau.
    General Alexander. Not that I know of, Senator, no. In 
fact, to be clear, if we have to go after any U.S. person--and 
it would almost always be an FBI not an NSA lead--it has to 
have a probable cause warrant, and you would have to go through 
the probable cause, whether it is under a regular court or the 
FISA Court, depending on the type of action.
    Senator Cruz. And is that answer the same for voicemail 
content and text messages?
    General Alexander. Voicemail--all content, any targeting of 
a U.S. person would have to be done that way. For metadata, it 
is always started with a nexus with al Qaeda or related--the 
queries and reasonable, articulable suspicion.
    Senator Cruz. Thank you, General Alexander. Thank you, 
Director Clapper.
    Senator Blumenthal. Thank you, Senator Cruz.
    Before I ask my questions, I am going to recognize Senator 
Hirono.
    Senator Hirono. Thank you very much, Mr. Chairman.
    I understand the serious concerns and consequences to our 
intelligence program with 70 percent plus of your people 
furloughed as a result of the shutdown. I would say that every 
day of the shutdown creates dire consequences for our families 
and our economy. So, of course, the answer to that is not to 
have had a shutdown in the first place, and we need to open 
Government, all of Government.
    We talked a bit in today's hearing about some individuals 
who had asked inappropriate or illegal queries, and, General 
Alexander, you mentioned what happened to these people. My 
question is: How did these inappropriate queries come to light 
in the first place? Do you have something in place that detects 
when these kinds of illegal actions are taken by your 
employees?
    General Alexander. Two ways, Senator, for us to detect 
those. If it is on a U.S. person phone number or email, a flag 
automatically goes up and says somebody is querying that. In 
the audit process, that makes it very quick to see.
    Under the foreign side, if you have somebody working 
overseas on a foreign number, it is much more difficult. 
Oftentimes that is found when we have a security update, when 
we go through the person's security update, because detecting a 
foreign number--so most of these were on a foreign friend, girl 
or boy friend, in a foreign place. And the number may be 
construed to a valid intelligence target or identified as such, 
and it is difficult for an auditor to see that. So that is the 
issue. So what we have done is, I think, highlighting the 
punishments that go along with this really will help cut that 
down.
    Now, to be really candid, if you think about the number of 
people that we have--and you are familiar with this, I know, 
from NSA Hawaii and others--when you look at the numbers of 
people doing queries and the few mistakes that we have had over 
a decade, that is 12. That is too many. We agree. But I think 
actually we do a good job of holding these--of detecting and 
holding people accountable.
    Senator Hirono. So you feel that we have the processes, the 
technology in place that will identify these kinds of 
inappropriate queries? I mean, nothing is foolproof.
    General Alexander. That is right. Nothing is foolproof. I 
think on the U.S. persons, we have a great track record there. 
And in some of these, that is how it was detected, in the 
minority of the cases where it involved that. The more 
difficult one I explained.
    Senator Hirono. I want to turn to The New York Times recent 
article where you have many systems in place that collect 
metadata. There is reference to MAINWAY. In the article it says 
that, in 2011, MAINWAY was taking in 700 million phone records 
per day, and it also began to receive, in 2011, 1.1 billion 
cell phone records daily, and then it goes on to say that the 
agency is pouring money and manpower into creating a metadata 
repository capable of taking in 20 billion record events daily 
and making them available to NSA analysts within 60 minutes. 
So, clearly, the surveillance technology is evolving.
    My question is: Do we also have a developing--are we also 
developing the technology to protect privacy?
    General Alexander. Senator, I think we are, and I would 
note that what was missing in The New York Times article is 
almost all of those should have said ``foreign'' in front of 
it. So here is the issue that we face, and it goes right to 
metadata, and it is for our allies as well as for us.
    A terrorist threat that spans from the Middle East to 
Europe to the United States, how do you track that and identify 
the key people. You could try to do this on content, but that 
would be too labor-intensive. So metadata tracking the 
connections is the first and the best way to start. And so the 
collection of metadata to track some of these individuals is 
the most important and the least intrusive way of doing it.
    In the United States, what was conflated was a couple of 
different programs. So the fact that Facebook and social 
networks and all those things, they jumped to the conclusion 
that that is done on Americans, that is factually incorrect. 
Only when the Americans are a subject of an investigation, like 
a terrorist investigation--so in this case it is called ``a 
U.S. person''--a terrorist in the United States is treated as a 
U.S. person. In that case, we would have the FBI have a court 
order--the FBI would have done that. Then we could go do the 
check on that.
    So I would just be clear that I think our rules for 
ensuring the privacy both of Americans and our allies is 
actually better than any country in the world.
    Senator Hirono. I have one more question, Mr. Chairman. 
General Alexander, is PRISM the only intelligence program NSA 
runs under FISA Section 702?
    General Alexander. Well, PRISM was a--yes, essentially the 
only program was that that you know as PRISM under 702, which 
operates under that authority from the Court. But we also have 
programs under 703, 704, and 705.
    Senator Hirono. So what are all of the programs run by NSA 
or other Federal agencies under FISA 702 or of the PATRIOT Act 
Section 215?
    General Alexander. So, generally speaking--and I am going 
to give you the general statements on this. So you have two 
sets: the Business Records FISA program, 215, authorizes the 
use of metadata; Section 702 allows us with one and foreign to 
go after content, so 702 is content data, which means the 
communications of a foreign person, reasonably believed to be 
foreign, outside the United States to get their communications. 
So it is a different set of things, but we may use U.S. 
infrastructure to help us gather that information. 703, -4, and 
-5 deal specifically with U.S. persons and are a much smaller 
subset.
    Did I get those right? I have got to ask the lawyer.
    So that is, generally speaking--and then there is upstream 
collection that allows us to collect the same information. We 
go through the Court; we do the same thing on that. That was 
one of the violations that we had in 2011. We worked that 
through with the Court. But it is essentially the same process, 
going after a foreign piece of information.
    So how do you track a terrorist? And these are the tools 
that you have. One is to identify in metadata who it is. And 
the second, if we identify it is a foreign target, a foreign 
terrorist piece of information, gathering more information on 
that becomes increasingly more important. All of those are 
available to this Committee, all of the information on those, 
and our Executive Order 12333, and none of that is hit.
    Senator Hirono. Thank you.
    Mr. Chairman, I think my time is up. I may be submitting 
further questions to our witnesses. Thank you.
    Senator Blumenthal. Thank you, Senator Hirono.
    Thank you both for being here, and thank you for your 
service to our Nation and to the men and women who work under 
your command. I think all of us share the view that the work 
that these dedicated patriots do for our Nation is absolutely 
vital. I think also I at least share the sense of alarm and 
astonishment not only about the percentage that you have given, 
70-plus percent of our intelligence community being furloughed, 
but also the very dire and dangerous impact on the capability 
of the Nation to protect itself during this time of shutdown. 
And you were asked, I believe, Director Clapper, whether you 
recommended to the President a change in that percentage or in 
the policy and practice. Have you made a recommendation?
    Director Clapper. I have not made directly a recommendation 
to the President, no.
    Senator Blumenthal. I understand your view that that policy 
should be changed and that more of our intelligence community 
should be at work during this shutdown. But would it not be 
advisable to make that recommendation?
    Director Clapper. It would. Also----
    Senator Blumenthal. I hope you will do it.
    Director Clapper. In fairness, though, I need to--I am 
here, we are here representing, perhaps parochially, 
intelligence. But the shutdown has a very negative impact on 
lots of other segments of the national security apparatus, to 
include the Department of Defense. I am worried, most concerned 
about the intelligence components of the Department of Defense, 
for example, but there are many other parts of the Department 
which also have an impact on national security who are also 
civilians who work in those----
    Senator Blumenthal. I understand that point, but in your 
parochial task--and I would respectfully disagree with the use 
of the word ``parochial.'' I think it is a very profoundly 
significant task. I would respectfully suggest that you make 
that recommendation.
    Let me move on to say to you both, we know and you know 
that we need to both protect national security and preserve our 
civil liberties, and that is the balance that a democracy 
requires to be made. And protecting our security enables us to 
have the freedoms and liberties that we also want to protect in 
the course of collecting that data.
    One of the suggestions that I have made, in order to 
protect the trust and confidence of our Nation in our national 
security system, is that there be an adversarial process. As 
you know, we have talked about it before, and you have 
responded to Senator Klobuchar's question about what she 
referred to as an ``advocate'' or an ``amicus.''
    My proposal very simply would provide for a constitutional 
advocate that would enable the Court to hear both sides, and 
the principle behind it is really one of common sense. Before 
you authorize a mission or assignment, you do not have a formal 
trial, but you hear both the upsides and the downsides, the 
negatives and the positives, and my feeling is that the Nation 
would be better protected by a constitutional advocate with 
security clearance that would potentially raise questions and 
challenge a security practice or procedure after it is ongoing, 
so there would be no delay.
    Let me pose to both of you, do you see a disadvantage, 
assuming that there would be no delay and no threat to security 
during that challenge, from that kind of adversarial procedure?
    Director Clapper. Let me start, sir. First, I have read 
your Harvard Law School treatise, which, speaking personally, I 
thought was excellent. I thought it was very well written, very 
temperate, and very balanced.
    Senator Blumenthal. Thank you.
    Director Clapper. And it does recognize the two poles.
    I think our general view on an advocate or your other set 
of recommendations pertaining to the composition of the Court 
and how it is appointed, the diversity, our--again, I hate to 
use the word ``parochial,'' but from our standpoint, as long as 
the Court can function operationally for us, that is the main 
concern we have, that it can move with agility, protect those 
aspects that require classification, as the Court has. I think 
our view is the Court has been a rigorous overseer, a very 
robust overseer of all these processes. But for the sake of 
enhanced transparency and trust and confidence of the American 
people, some arrangement like this I think from our standpoint 
is more than acceptable.
    Having said that, I think the official spokesperson for 
this would be the Department of Justice.
    Senator Blumenthal. General Alexander.
    General Alexander. I agree with everything Director Clapper 
said, and I would just add that there are certain cases, I 
think, that you have also noted that would not require an 
amicus or somebody to stand up and say in these--just like you 
would have in a subpoena, there are times that you go to a 
judge and do things that you do not have an adversary in the 
criminal side. I think you would model it perhaps after that, 
and your discussions with the Justice Department I think have 
already walked down that lane. So given all that, yes.
    Senator Blumenthal. And the model would be indeed the 
criminal process modified so as not to impede in any way the 
legitimate and pressing security concerns that might arise.
    I want to say for myself as to the potential legal action 
against contractors who failed in their duties to prevent the 
leaks that occurred or to do more adequately the screening and 
security clearance that was required that my hope is that legal 
redress will be pursued. My colleague Senator Whitehouse said 
he wanted to make sure that they were not too big to sue. I 
want to make sure that they are too big not to sue, too big in 
their responsibilities and the very profound harm to the Nation 
that has been caused by their failure to fulfill those 
responsibilities. They are very big in terms of the role and 
responsibility that they were legally required to fulfill and 
apparently failed to fulfill. And so I hope there is serious 
consideration underway and that you will recommend as 
appropriate that legal action is taken.
    Let me just finally ask you a couple of questions to 
clarify, General Alexander, what you said about The New York 
Times report, specifically the social network graphing that The 
Times reported. Is it your testimony here that there has been 
no social network mapping or graphing that involves American 
residents or citizens?
    General Alexander. I gave the cases in which that would not 
be true. For example, there are cases that you would graph an 
American number if that is the subject of a terrorist 
investigation, is a great example, if they are the target or if 
they are a hostage someplace, when you would expect us to look 
into those communications for those types of things. So there 
are cases where you would do that. But it does not----
    Senator Blumenthal. You would--I apologize for 
interrupting. You would map the phone numbers.
    General Alexander. The phone numbers, correct.
    Senator Blumenthal. I am talking about the social network 
emails and Facebook and other connections or information that--
--
    General Alexander. So our information is foreign, and all 
the information that we bring in, foreign, that even has U.S. 
data in it, we do the maximum that we can to filter out any 
U.S. data. So we would not have that in our repository.
    So the belief--what they jump to is a conclusion because we 
did not articulate perhaps in a classified slide that what we 
are talking about here is all foreign stuff. Everybody knows 
that who works there. But what they jump is, well, then, that 
must be on U.S. persons. That part is wrong. We do not do that. 
And the fact that people assume that we are out there mapping 
the social networks of U.S. persons is absolutely wrong.
    What we do go after is those that are the subject of a 
terrorist investigation or something like that. And even then 
we do not have all that data in there. We do not have the 
Facebook and other stuff on those people here in the U.S. It 
would have to come from the foreign side or from an FAA 702 
collection.
    Senator Blumenthal. If they became a target and only if 
they became a target would you do any of the social network----
    General Alexander. Then it would be the FBI. Then it would 
go over to the FBI. You know, so we are looking for the foreign 
nexus here, not the U.S. part.
    Senator Blumenthal. Well, let me ask you, The Times reports 
that in November 2010, SIGINT Management Directive 424 
authorized the adoption of a practice that had been tried on a 
pilot basis for about a year and a half before. Is that 
inaccurate?
    General Alexander. I am not sure, Senator, what that refers 
to on 424, to be honest. Is this the Supplemental Procedures 
Governing Communications Metadata Analysis? I am not sure what 
that means. But I will take that for the record.
    Senator Blumenthal. If you could take it for the record, I 
would appreciate your response.
    [The information referred to appears as a submission for 
the record.]
    General Alexander. And just to be clear, you know, I am 
answering questions on Business Records FISA 215 from NSA's 
perspective because that is what I am familiar with. You know, 
that is, of course, a global thing that others use as well. But 
for ours, it is just that way.
    Senator Blumenthal. And you would agree with me, would you 
not, that this practice, to the extent it requires 
authorization from FISA--and apparently this program did--would 
and should be reviewed by the FISA Court?
    General Alexander. I think all things that are authorized 
by the FISA Court should be--is reviewed by them. You mean the 
actual queries themselves?
    Senator Blumenthal. Well, the claim of social network 
mapping that went beyond perhaps the targeting of foreigners.
    General Alexander. It did not happen. So that is the part 
that I take exception to. If there is anything that goes on 
there, it is done under the 702, and that would be targeting a 
foreign into the U.S.
    So I do think--you know, this might be, Senator, a great 
opportunity for you to come out and actually see some of this. 
I think it would be very helpful in helping to shape the laws 
that are so important to the future of this country, because I 
think when you see it and you can sit down with the people and 
they go through what we do and how this was conflated on one 
slide, that all these documents that are foreign, like voter 
registration, well, we all vote here, but it is not U.S., it 
was foreign, to understand who the number that goes to this 
person and what they are all about to help us understand is 
this a threat or not.
    Senator Blumenthal. And the only point I would make--and I 
would be happy to accept your invitation and your 
recommendation--is that a constitutional advocate could bring 
this claim to the attention of the Court. It could be reviewed 
factually and legally so that the American people would not 
have to rely on a Senator, whether it is Richard Blumenthal or 
any other Senator, or an official in charge, as you are, but 
could be assured that there was some independent objective 
review after an adversarial process that tested it. And just as 
one last point, when I say ``tested it,'' we are dealing here 
with a construct, a constitutional construct, that relies on a 
1979 case, Smith v. Maryland, involving a pen register system, 
which I think you would agree is the Stone Age of surveillance, 
and technology has moved so rapidly and so profoundly, there 
may be some need for the Supreme Court to interpret and advise 
as to how these constitutional principles apply to modern 
technology.
    General Alexander. Senator, if I could also add, you know, 
the Supplemental Procedures Governing Communications Metadata 
Analysis, what I would like to do is--because that article is 
so long and there are so many things interwoven, I would like 
to take that for the record and give you back a detailed set of 
responses so every point--because, you know, what I do not want 
you to believe is I made this assertion here on what we do with 
respect to FAA 702, and that gets conflated to Business Records 
or something else. So, for clarity, we will take that for the 
record, if that is okay, and give you both an unclassified 
version so you can share that more widely with whomever you 
would like, and then a classified version that shows you why 
some of those technical details are absolutely incorrect.
    Senator Blumenthal. Not only is it okay and acceptable, but 
actually you read my mind because I was going to suggest that 
an analysis of the article, because it raises very important 
and impressive questions as to what the practices were and what 
the constitutional implications are, really would be very 
useful for this Committee, and I will ask that the Chairman 
make it part of the record, if you would submit it. Thank you.
    [The information referred to appears as a submission for 
the record.]
    Senator Blumenthal. Thank you to both of you for being here 
today. Thank you again for your service and for your very 
helpful testimony. With that, we will go to the next panel.

    [Pause.]

    Senator Blumenthal. As is the practice of this Committee, 
first of all, I welcome you here and, second, I have the duty 
to administer the oath so that you can be sworn. If you would 
please stand and raise your right hand? Do you affirm that the 
testimony that you are about to give before the Committee will 
be the truth, the whole truth, and nothing but the truth, so 
help you God?
    Professor Donohue. Yes.
    Professor Felten. Yes.
    Professor Cordero. Yes.
    Senator Blumenthal. Thank you. I am going to give very 
abbreviated introductions in the interest of time because we 
are running a bit late, but I will ask that the full summary of 
your resume be submitted for the record.
    Senator Blumenthal. First of all, Laura Donohue is a 
professor of law at Georgetown Law School and the director of 
Georgetown's Center on National Security and the Law. She 
writes on national security and counterterrorist law in the 
United States and the United Kingdom, and I understand that 
your most recent book is entitled ``The Cost of 
Counterterrorism: Power, Politics, and Liberty,'' and that you 
are currently at work also on an article or a book on the NSA's 
metadata collection program as well as drones and the War 
Powers Resolution.
    Professor Felten is a professor of computer science and 
public affairs at Princeton University and the founding 
director of Princeton Center for Information Technology Policy. 
I understand that you were the first chief technologist at the 
United States Federal Trade Commission and that you are a 
member of various scientific bodies and that your research 
includes interest in computer security and privacy, especially 
relating to consumer products and media technology law and 
policy.
    And, finally, Carrie Cordero, who is the director of 
national security studies and an adjunct professor of law at 
Georgetown University Law Center. I understand that you also 
have written and studied in the areas of national security and 
counterterrorism as well as counterintelligence investigations. 
You have had a number of very significant positions in the 
Department of Justice and helped to formulate American policy 
in these areas before your service now in the private sector. I 
will not go into all of the positions, but they are extremely 
impressive.
    So maybe we can begin with you Professor Donohue. You will 
have to turn your microphone on.

  STATEMENT OF LAURA K. DONOHUE, PROFESSOR OF LAW, GEORGETOWN 
  UNIVERSITY LAW CENTER, AND DIRECTOR, GEORGETOWN'S CENTER ON 
         NATIONAL SECURITY AND THE LAW, WASHINGTON, DC

    Professor Donohue. Thank you. Thank you for inviting me 
here today to discuss really much needed reforms to FISA, with 
particular reference to Sections 215 and 702.
    I have submitted detailed written remarks for the record, 
so for now what I would like to do is just highlight what I see 
as the most pressing concerns.
    Specifically, it is my view that the bulk collection of 
U.S. citizens' metadata is both illegal and unconstitutional. 
The Government argues that the metadata program complies with 
the Constitution. In so doing, it relies in part on the case 
that you mentioned that held that individuals lack a reasonable 
expectation of privacy in the numbers that they dial.
    The Government also suggests that the national security 
interests at stake override whatever privacy intrusions might 
result. For two reasons these arguments are problematic.
    First, the metadata program amounts to a general warrant, 
the use of which by the English played a key role in the 
American Revolution and led directly to the Fourth Amendment. A 
general warrant was a writ. It was issued by a court. It did 
not expire. And it allowed officials to collect information to 
search anywhere without any particularized suspicion.
    In 1760, the British Prime Minister, William Pitt, directed 
colonial Governors to use these writs of assistance to crack 
down on illegal behavior. James Otis famously challenged them 
as the worst instrument of arbitrary power. And John Adams 
later wrote that this oration breathed life into this Nation. 
``Then and there,'' John Adams reported, ``was the first scene 
of the first act of opposition to the arbitrary claims of Great 
Britain. Then and there the child Independence was born.''
    The Virginia Declaration of Rights subsequently included a 
clause outlawing general warrants. Similar language was adopted 
by Massachusetts and New Hampshire in their State constitutions 
and later the ratifying conventions, the most important ones--
New York, Virginia, and North Carolina--they required that a 
prohibition on general warrants be incorporated into the Bill 
of Rights.
    James Madison wrote the Fourth Amendment to prevent the use 
of general warrants. They were the definition of ``unreasonable 
search and seizure.''
    The FISC order, authorizing the telephony metadata program, 
is a general warrant. It authorizes the Government to collect 
and then to rummage through our papers and effects in the hope 
of finding wrongdoing. There is no prior suspicion of criminal 
activity, and almost none of the information obtained actually 
relates to illegal behavior.
    Second point: In defending the program, the Government 
relies on the 1979 case called Smith v. Maryland. In that case, 
Patricia McDonough was robbed in Baltimore. After giving the 
police a description of the man who robbed her and the 1975 
Monte Carlo car that he drove, she started receiving 
threatening and obscene phone calls in her own home from a man 
who said he had robbed her. Then he phoned her and had her come 
out on her front porch while he drove slowly by the house in 
the Monte Carlo. The police saw the car in the neighborhood, 
got the license plate number, and identified that the car was 
registered to Michael Lee Smith. The police asked the telephone 
company if it would put a pen register on Smith. That day he 
called Patricia McDonough's home. On the basis of this and 
other information, the police obtained a search warrant. They 
went into the house and they found a phone book turned down to 
Patricia McDonough's name.
    Michael Lee Smith had robbed, threatened, intimidated, and 
harassed Patricia McDonough. The police placed the pen register 
consistent with reasonable suspicion of criminal wrongdoing. 
The NSA would treat every American as though they were Michael 
Lee Smith, and it would collect not just the numbers dialed 
from the home of the suspected criminal, but all law-abiding 
citizens' metadata--whom we call, who calls us, how long we 
talk. Calls to a rape crisis line, a suicide hot line, or 
political party headquarters reveal much more than what was 
sought in Smith.
    The Government's argument could be extended to any sort of 
metadata: email, banking records, financial transactions, and 
Internet use. The extent to which we rely on electronic 
communications to conduct our lives is fundamentally different 
in scale and scope than what happened in 1979, and the NSA 
would do this indefinitely.
    Americans reasonably expect that their movements, 
communications, and decisions will not be recorded and analyzed 
by the Government. A majority of the Supreme Court seems to 
agree.
    In 2012 the Court considered a case involving 28-day 
surveillance using GPS chips. This case recognized that Katz's 
reasonable expectation of privacy test does not supplant the 
rights that existed when the Fourth Amendment was written. At a 
minimum, Justice Scalia wrote, the ``18th century guarantee 
against unreasonable searches . . . must provide . . . the 
degree of protection it afforded when it was adopted.'' The 
protection against the general use of warrants thus stands.
    In addition, at least five of the Justices indicated unease 
with the intrusiveness of modern technology. Justice Alito, 
joined by Justices Ginsburg, Breyer, and Kagan, suggested that 
in most criminal investigations, long-term monitoring 
``impinges on expectations of privacy.''
    Justice Sotomayor went one step further. She suggested that 
disclosing information to a member of the public for a limited 
purpose does not divest that data of Fourth Amendment 
protections.
    The telephony metadata program also violates the express 
statutory language of the Foreign Intelligence Surveillance Act 
in at least three ways:
    First, the Government argues that the NSA's telephony 
metadata program is consistent with the statute in that all 
telephone calls in the United States, including those of a 
wholly local nature, are relevant to foreign intelligence 
investigations. The use of the word ``relevant'' here is so 
absurd as to render the term and the qualifying statutory 
language meaningless.
    Second, tangible goods subject to the order must be 
obtainable by subpoena duces tecum, but no grand jury or court 
would allow the bulk collection of all Americans' metadata. It 
is illegal to use subpoenas for fishing expeditions. Subpoenas, 
moreover, are specific. They relate to a particular individual 
or crime, and they deal with current or past bad behavior. The 
metadata program in contrast is broad, non-specific, forward-
looking, not tied to a crime, and looks to anticipate future 
acts.
    FISC itself has recognized the illegality of the program. 
In March 2009 Judge Reggie Walton acknowledged that metadata 
could not otherwise be captured in bulk.
    Third, and finally, as a statutory matter, all of the 
information at issue in the bulk collection program is already 
provided for in FISA Subchapter 3 dealing with pen registers 
and trap and trace. Using Subchapter 4, the Government appears 
to be doing an end run around the restrictions that Congress 
placed on the NSA.
    The system, in my view, is badly broken. The NSA is 
engaging in activities that are illegal and unconstitutional. 
Congress has an opportunity to fix the problem and to do so in 
a way that recognizes the benefits of new technologies, the 
real threats the Nation faces, and the demands of the U.S. 
Constitution.
    Thank you.
    [The prepared statement of Professor Donohue appears as a 
submission for the record.]
    Senator Blumenthal. Thank you, Professor Donohue.
    And I might just say that all of your full statements will 
be made a part of the record, without objection.
    Professor Felten.

 STATEMENT OF EDWARD W. FELTEN, PROFESSOR OF COMPUTER SCIENCE 
AND PUBLIC AFFAIRS, PRINCETON UNIVERSITY, AND DIRECTOR, CENTER 
    FOR INFORMATION TECHNOLOGY POLICY, PRINCETON, NEW JERSEY

    Professor Felten. Mr. Chairman, Ranking Member Grassley, 
and Members of the Committee, I thank you for the opportunity 
to testify about technical issues related to surveillance.
    I am not an expert on the law, and I offer no opinion on 
the legal status of any program. Nor do I presume to say how 
best to balance the legitimate goals of conducting foreign 
intelligence surveillance against the legitimate goals of 
protecting privacy and promoting civil liberties. I hope that 
my testimony will help you appreciate the power of metadata and 
control its use appropriately, consistent with the need for 
effective foreign intelligence.
    The NSA has acknowledged that it is collecting metadata--
who called whom, when, and for how long--about nearly all phone 
calls in the U.S. Earlier, General Alexander said that the NSA 
is not currently collecting location data, but if it were to 
begin collecting location data, this would raise additional 
serious issues.
    With today's analytic tools, metadata often amounts to much 
more than just a list of numbers dialed. Often it reveals 
information that could traditionally be obtained only by 
examining the contents of communications.
    Metadata can now yield startling insights about individuals 
and groups, particularly when collected in large quantities 
across the population. It is no longer safe to assume that 
metadata is less revealing or less sensitive than the content 
it relates to. Just by using new technologies such as 
smartphones and social media, we leave rich and revealing 
trails of metadata as we move through daily life. Many of the 
details of our lives can be gleaned by examining those trails. 
And the only reliable way to avoid creating those trails would 
be to avoid using these technologies altogether.
    Metadata can be highly personal. A series of calls to an 
oncologist or an obstetrician or to a suicide hotline or to an 
alcoholism counselor or to a competitor's personnel office or 
to an Inspector General, the pattern of calls reveals content.
    Metadata also reveals relationships. Frequent late-night 
calls can reveal an intimate relationship. Calls to a counselor 
or divorce lawyer can reveal the state of a marriage. Calls to 
parents or siblings, or a lack of calls, can reveal the status 
of family relationships.
    Metadata is naturally organized in a way that lends itself 
to analysis. By contrast, content is unstructured and can be 
difficult to analyze and understand. Today a growing set of 
computing tools can turn metadata trails into penetrating 
insights, and given limited resources, analyzing metadata is 
often a far more powerful analytical strategy than 
investigating content, yielding more insight with the same 
amount of effort.
    When focused on intelligence targets, metadata collection 
can be a valuable tool. At the same time, unfocused collection 
of metadata across the whole American population gives 
Government access to many of the same sensitive facts about the 
lives of ordinary Americans that have traditionally been 
protected by limits on content collection. Metadata might once 
have seemed much less informative than content, but this gap 
has narrowed dramatically and will continue to close.
    Today's hearing is a vital step in a process that should 
continue. Technical expertise is essential for effective 
oversight of these technologically complex programs, and I 
would respectfully urge you to consider how best to integrate 
technical expertise into the oversight process.
    As an example, the Foreign Intelligence Surveillance Court 
in its declassified opinions expressed frustration that the NSA 
had not disclosed significant technical information. The NSA's 
good faith effort to summarize the technology for the Court's 
benefit could have led to the omission of information that the 
Court later found highly relevant.
    Technologists within the NSA surely knew how their program 
operated, but this information had to pass through other 
people, some of them less attuned to the significance of 
certain technical details before it could reach the Court. And 
the Court, without access to technical advice, was not able to 
ask the sort of probing technical question that might have 
elicited the missing information.
    The United States has the world's strongest pool of 
technology experts, many of whom are available to assist in the 
oversight process. I look forward to your questions today and, 
more broadly, to continued constructive engagement between 
oversight officials and technical experts.
    Thank you.
    [The prepared statement of Professor Felten appears as a 
submission for the record.]
    Senator Blumenthal. Thank you, Professor Felten.
    Professor Cordero, I want to apologize. I have to step out 
for a very quick visit with a group that has been waiting to 
meet with me. I have read your testimony. It is excellent. If I 
am not back in time, Senator Grassley can proceed to questions, 
and I should be out for just a few minutes. So please proceed.

 STATEMENT OF CARRIE F. CORDERO, ADJUNCT PROFESSOR OF LAW AND 
 DIRECTOR OF NATIONAL SECURITY STUDIES, GEORGETOWN UNIVERSITY 
                   LAW CENTER, WASHINGTON, DC

    Professor Cordero. Thank you, Mr. Chairman, Ranking Member 
Grassley, Members of the Committee. Thank you so much for the 
opportunity to be here today.
    In my written statement, I have provided the Committee with 
information about my previous experience as a national security 
law practitioner, and that statement also recounts my 
experience working at the Department of Justice on September 
11, 2001, and includes examples of how pre-9/11 law and 
interpretations of the law led to significant bureaucratic 
processes inconsistent with the speed and agility needed in 
national security activities.
    Indeed, in the years leading up to and then after 9/11, the 
FISA process was subject to the exact opposite criticism that 
it seems to be today: The Department of Justice was accused of 
being too reticent, too cautious, too unwilling to be 
aggressive under the law in order to protect national security. 
Subsequently, I had an up-front view regarding how the 
intelligence reform laws passed by Congress over the next 
several years vastly improved the intelligence community's 
ability to protect the Nation from another attack on the scale 
of September 11th.
    So I am here today to urge caution in implementing quick 
fixes that may sound appealing but that could have lasting 
consequences at a practical level that could negatively impact 
intelligence community operations and the Nation's security for 
years to come. I do not want to see us go backward.
    Since the unauthorized leaks of this summer and subsequent 
reactions, I have observed three main critiques of the current 
FISA activities. Let me take each one along with some of the 
proposed reforms.
    First, with respect to the proposals to restrict collection 
under FISA, my perspective these arguments--that these 
programs--and I am referring to both the 702 and the 215 
program--are illegal are mostly arguments about what the law 
should be, not what the law is. That said, the Government's 
interpretation of 215 is a more forward-leaning interpretation 
of the law than is its implementation of 702.
    The 702 collection is targeted against non-U.S. persons 
reasonably believed to be outside the United States. These are 
not individuals with constitutional protections, and the 
collection against them is conducted in accordance with the 
statutory framework debated extensively and passed by Congress 
in the FISA Amendments Act of 2008.
    The metadata collection under 215 is obviously large in 
scale, but I would submit that the Government's arguments in 
this are consistent with existing precedent, no matter what 
direction the courts may go in the future.
    I would comment to the Committee the recently declassified 
opinion and order by FISC Judge Claire Eagan dated August 29, 
which offers a straightforward analysis of the law that 
explains why the Court continues to approve this collection.
    In addition, senior leaders of the intelligence community 
continue to advise that the 215 program remains a valuable part 
of the protective infrastructure that was implemented after 
September 11th. Therefore, in my view, it would be premature 
for Congress to abruptly end the 215 program through 
legislation.
    Second, with respect to the proposals to enhance public 
confidence, two themes emerge in proposals to add a special 
advocate or public interest advocate to the FISA process. One 
view is that the Court could benefit from an additional view, 
particularly in cases involving technical complexity or novel 
legal issues. A second view is that a special advocate would go 
a long way in restoring public confidence. I have concerns 
about both proposals.
    If what the Court seeks--and it would be helpful to hear 
from the current Court on this issue--is simply an additional 
view beyond that which is presented by the Justice Department 
on behalf of the intelligence community, then I would submit 
that empowering the existing Civil Liberties Protection 
Officer, a position created by Congress, to present his views 
directly to the FISC would serve that purpose. This proposal 
would address the substantive concern that the Court could 
benefit from an additional view, and it would do so without 
adding substantial layers of additional bureaucracy.
    On the public confidence point, I would suggest that an 
outside advocate would not carry the weight that is hoped it 
might provide with the public in the longer term. If done in a 
manner protective of classified information, the advocate would 
necessarily work in secret, alongside the executive branch. 
With the passage of time, outside observers will just see the 
advocate as another participant in a secret process.
    So what would enhance public confidence? Perhaps the most 
frustrating part of the reaction to the leaks from my 
perspective has been the nearly complete lack of confidence in 
or comfort by the existing oversight mechanisms, particularly 
with respect to 702 collection. I can personally attest that 
the oversight is extensive and exhaustive. So I will offer a 
few suggestions of what might be some steps in the right 
direction to bolster both congressional and public confidence.
    One, Congress can ensure that the offices conducting 
oversight are staffed and funded appropriately to their 
responsibilities. The internal executive branch oversight 
process that has been built requires a lot of man-hours to do 
it right, and the quality of oversight will suffer if any of 
these offices are stretched beyond their capabilities.
    No doubt there is an irony here in making this point in the 
midst of the Government shutdown.
    Two, Congress could consider requiring an annual or 
semiannual public report that produces information currently 
contained in the classified joint compliance assessment. This 
report might help better inform Members of Congress beyond the 
Judiciary and Intelligence Committees regarding the oversight 
and compliance process.
    Three, Congress should focus its efforts in working with 
the NSA, the Justice Department, and other components in the 
intelligence community to reduce the complexity of internal 
procedures. I have explained the reasons for this 
recommendation in greater detail in my written statement, but 
to summarize, one aspect of reducing compliance incidents is 
reducing the complexity of internal operating procedures to 
ensure that operators at the working level understand the rules 
they are operating under.
    Third--and I will hit this point quickly--with respect to 
the proposals to enhance transparency, this seems to be an area 
where there is clearly room for Congress to act. My own view is 
that the seemingly ad hoc nature of the recent Government 
declassification releases is not actually helping as much as 
they might think. If declassification is the new norm, then 
there needs to be a more regularized and consistent method of 
releasing information. This might include amending the 
reporting provisions in FISA to provide additional public 
information, whether it is statistics, declassified legal 
opinions, summaries of implementation actions, or reports on 
compliance matters--semiannually, quarterly, or at some other 
appropriate regular interval. In my view, this might cut back 
on each release being an event unto itself.
    Thank you very much for inviting me here today to share my 
views, and I look forward to your questions.
    [The prepared statement of Professor Cordero appears as a 
submission for the record.]
    Senator Grassley [presiding]. Senator Whitehouse, Senator 
Blumenthal said I could go ahead.
    Senator Whitehouse. And I think you should.
    Senator Grassley. Thank you. You are in the majority, do 
not forget.
    Professor Donohue, I understand that you concluded that the 
bulk collection of phone records under 215 is illegal. I call 
to your attention that President Obama is a former 
constitutional law professor, editor of the Harvard Law Review, 
and you probably know that he has concluded that the program is 
legal both under statute and as a matter of constitutional law.
    Is it your view then that President Obama is wrong?
    Professor Donohue. Yes.
    Senator Grassley. Okay. A further question, this time of 
Professor Felten. You testified that telephone call metadata 
can reveal an incredible amount of information about a caller 
when aggregated with other data and analyzed. For example, you 
mentioned that metadata can reveal sensitive information about 
the caller's relationship, lifestyle, and activities. But under 
the FISA Court order, bulk telephone metadata collected under 
Section 215 can only be assessed and searched by the Government 
when it has reasonable and articulable suspicion that the phone 
number is connected to terrorism.
    Question: Does your testimony underscore what a valuable--
no, let me start over again. Doesn't your testimony underscore 
what a valuable tool the collection of metadata under Section 
215 is to keep the country safe? Aren't the relationships and 
the activities of suspected terrorists precisely the kind of 
information that the Government should be trying to learn about 
them as rapidly as possible?
    Professor Felten. I certainly agree, Senator, that it is 
important for the intelligence agencies to have the ability to 
get this information about terrorists and their associates, and 
this I think goes to the issue of focus that I discussed in my 
testimony where, when focused on terrorists and their 
associates, certainly I think few Americans, if any, would 
object to this sort of program. But when it is unfocused across 
the whole population, it does raise the same kinds of privacy 
and civil liberties issues that arise with content. And, 
therefore, I think it makes sense to think about how best to 
balance those issues in order to make sure that the collection 
and analysis of that data is limited--is available where 
necessary, but is also not without bound.
    Senator Grassley. Thank you. And I will go to Professor 
Cordero. I would like to describe a few aspects of how 
Government attorneys practice before FISA. For example, do 
Justice Department lawyers who appear before FISA Courts have 
an obligation to present both sides of an argument, including 
law or facts that run counter to the Government's position? And 
would you say that their presentation of opposing views is as 
vigorous as would be accomplished by an independent advocate?
    Professor Cordero. Thank you for the question. With respect 
to the practice before the Court, the practice is ex parte, in 
camera, and what that means for the attorneys for the Justice 
Department who do that practice is that they have a heightened 
obligation in the FISA Court practice. In addition, with 
respect to their ethical obligations as members of the bar, 
whenever attorneys practice ex parte, in camera, they have a 
heightened obligation to bring both the facts that are 
supportive of their case but also derogatory information or 
contrary information that might be relevant to the Court's 
judgment. And so certainly my experience at the Department of 
Justice was that that was how we conducted our business.
    In addition, the Court has legal advisers who conduct 
independent review, and then there are the members of the Court 
themselves who are independent district court judges.
    I would also commend to you Judge Walton's letter to this 
Committee in July where he explained the process between which 
the Government works with the Court and when the Court asks 
questions and how the Government responds to those questions. 
And it is a very extensive and probing process.
    Professor Donohue. Excuse me, Senator. May I add something 
to that particular response, please?
    Senator Grassley. Certainly.
    Professor Donohue. Thank you very much. I just want to 
mention in regard to the Foreign Intelligence Surveillance 
Court, they are not performing the function that they were 
originally envisioned to perform under FISA. They were supposed 
to narrowly grant orders. And what we are seeing are dozens of 
secret opinions which we have not seen. Some, as we found out 
in July, are hundreds of pages long and make rulings on very 
complex, difficult constitutional questions. There is, for 
instance, a special exception that the Foreign Intelligence 
Surveillance Court has carved out for foreign intelligence out 
of the Fourth Amendment. The Supreme Court has never recognized 
in the Special Needs Doctrine a special exception for foreign 
intelligence.
    In order to adequately air these views, having opposing 
counsel or, what Senator Blumenthal has suggested, a 
constitutional advocate, would be of great assistance.
    The recently released opinion that Judge Eagan put out is 
only three double-spaced pages on the constitutional questions 
that are far more complex than are encapsulated in that 
opinion. So, to adequately air what the Court has become, it is 
important to have somebody there as a constitutional advocate.
    Thank you.
    Senator Grassley. Could I ask one more question? This will 
be my last question for you, Professor Cordero. In your 
experience, how often does FISA Court challenge proposed 
Government applications by signaling that they may be 
insufficient? Describe the process by which Government lawyers 
attempt to resolve possible insufficiencies for the Court, 
including the role of legal staff. And does the high rate at 
which the Court ultimately approves Government applications 
reflect the process?
    Professor Cordero. Thank you. So with respect--I do not 
have a numerical sort of number to give you with respect to how 
frequently the Court questions the Government presentations. In 
my experience, which ended in Government in 2009, however, it 
was a very frequent occurrence that there would be exchanges 
and question-and-answer periods between the Government lawyers 
and the Court on a very frequent basis, and it could happen at 
various levels.
    So, for example, if there was just a routine matter and 
there might need to be sort of small clarification questions, 
that might occur at the level between the Court's legal 
advisers and staff attorneys. If there were more significant 
issues that might be at issue in a particular application or 
request, then that might involve sort of more senior levels of 
the Department of Justice engaging with either the legal 
advisers again or members of the Court. And this process can 
continue. If there were extraordinarily significant issues 
raised in a particular request, that might raise the attention 
and sort of the involvement in the discussions with the Court 
up to the level of the Assistant Attorney General for National 
Security or even the Attorney General.
    So it would be an exchange of questions and answers and an 
iterative process that, depending on the complexity of the 
matter or the judge's concerns, could either be resolved 
quickly or go on for some length of time.
    That being said, the overall numbers, as Judge Walton's 
letter had explained this summer in his letter to the Chairman, 
the overall numbers of approved applications does not reflect 
that process at all. And it also does not reflect the scenarios 
in which the Court might request changes be made to 
applications or proposed orders, whether the Court modifies the 
proposed orders, or requires that the Government proceed in a 
different way. And it also does not indicate in that statistic 
whether or not there was a circumstance that the Court 
indicated informally to the Government that I might deny an 
application and the Government then would withdraw that 
application.
    Senator Grassley. Thank you.
    Senator Blumenthal [presiding]. Thank you, Senator 
Grassley.
    Let me begin by pursuing the line of questioning that 
Senator Grassley just introduced about the constitutional 
advocate, which, as you know, I have proposed. And I know, 
Professor Cordero, you have outlined your concerns in depth, 
and I do not know whether some of those concerns would be 
addressed by the fact that the challenge or the questions to be 
raised would be done after in time the authorization of 
whatever surveillance might be indicated. Would that address 
some of your concerns? Because I think in your testimony you 
indicated that it would be a sea change for this kind of 
advocacy to be done before the authorization of whatever the 
surveillance might be.
    Professor Cordero. Thank you, yes, and in my written 
statement I did have in mind sort of at the FISC level prior to 
collection, the idea of adding an adversarial process at that 
level.
    With respect to adding an advocate at an appellate level, 
it raises some different issues. Certainly it would reduce the 
concerns about impeding operational speed and agility, so it 
certainly would, from my perspective, be better in that sense. 
But I guess the question I would ask is sort of which--what 
problem is it trying to solve and who the client would be of 
this constitutional advocate. Because I know from my 
experience, which, again, is a few years dated, but from my 
experience as the lawyers presenting these cases to the Court 
in the ex parte, in camera fashion, we operated in a culture 
that we were operating in the public interest and that our 
client was the American public and the American citizen. And 
that was sort of the culture that permeated that office at the 
time, and I do not have any reason to suggest that that has 
changed since.
    In addition----
    Senator Blumenthal. And I do not dispute that that culture 
existed then and existed now, and what we have seen, if you 
read Judge Walton's opinion about what resulted from perhaps an 
inadvertent failure to communicate--and you were here when 
General Alexander described the lack of communication between 
two areas of the intelligence community--that could happen 
again. The problem to be addressed is potentially that kind of 
mishap which constituted a violation of law and was very 
significantly criticized by Judge Walton. In fact, he 
criticized the misrepresentation. And either the violation of 
law or misrepresentation certainly could have been addressed 
not only at the appellate level but at the FISA Court level as 
well. So that is the kind of problem that could be addressed.
    And I recognize--and I was a Government lawyer myself and 
represented the United States as well as the State of 
Connecticut--that Government lawyers generally try to do the 
right thing, represent the American public, but their view may 
be affected by what they see as the public interest, which may 
be skewed to one side of an argument for granting a warrant or 
another or approving metadata collection or not. And the 
adversarial process traditionally operates to bring out the 
truth. So that is my question to your question, what is the 
problem or what is the issue or need for some constitutional 
advocate? And very simply, who is the client? The Constitution 
and the constitutional rights of the American public.
    Professor Cordero. So I guess sort of two thoughts on that. 
One would be with respect--if part of the concern then is 
addressing the Court's--what might be the Court's desire, sort 
of as expressed by Judge Carr when he has testified before and 
in his op-ed, that the Court would benefit from an additional 
view on constitutional issues, then on that point that is why I 
have suggested that it might be appropriate to consider whether 
or not the existing Civil Liberties Protection Officer, who was 
a position created by Congress to consider matters of civil 
liberties and privacy, that that person might simply be more 
formally empowered to present an independent view to the Court, 
and that way that would be a person who is up to speed, 
knowledgeable, and aware of all the complexities of the issues, 
but might have a slightly different view that it could inform 
the court about versus that presented by the Justice Department 
on behalf of the intelligence community.
    Senator Blumenthal. Thank you.
    My time has expired. I have additional questions. If there 
is no objection, I am going to turn to my colleague Senator 
Whitehouse rather than keep him here and then return to my 
questions.
    Senator Whitehouse. I think it is within the Chairman's 
right to have as many rounds as he pleases, so have at it. But 
thank you for recognizing me.
    Let me start by saying to Ms. Cordero that I think your 
practical experience in this area gives, at least to me, your 
testimony additional weight, and I appreciate it And I thought 
you made a very significant point when you talked about the 
need for ``more regularized and consistent methods of releasing 
information.'' I think that was the phrase that you used.
    We are still looking into it, but it appears to me that our 
intelligence community was caught flat-footed by the sudden, 
unexpected, unauthorized disclosure of classified information. 
And in the early days it had all of the outward appearance of a 
mad and unprepared-for scramble.
    An air crew prepares for the eventuality of a sudden, 
unexpected decompression of the aircraft, for instance, and I 
do think it is important that our intelligence community 
consider what we now know to be the virtual inevitability of 
these types of releases taking place, and have a more robust, 
immediate response to that eventuality, but also bet on it 
happening in the future and be more candid with the American 
people in the run-up, because I think a good deal of what has 
been disclosed could have been disclosed earlier, and I think 
the downside of classification in this area is very real. There 
is always an upside. It protects our sources, it protects our 
methods, it protects people who are helping us. It makes 
successful programs continue to be successful because people do 
not avoid them. If you disclosed who you were wiretapping, 
obviously your wiretap would fail, and we do not do it that way 
for very obvious reasons.
    So there is some real value to things being classified, but 
there are also all sorts of oversight and other issues that are 
raised, and I think you have a very balanced and sensible 
suggestion about trying to do that on a regular way, and I look 
forward to working with you to develop that further.
    Professor Felten, you said it was important that this 
information be available where necessary to our national 
security officials. Given the nature of the operation, that 
means it has to be somewhere. You have to be able to have the 
information. You do not get the luxury of being able to go back 
after the fact and figure out what you should have collected. 
So by your hypothesis that it needs to be available where 
necessary, I take the implication that collecting the whole 
haystack is necessary because otherwise it is not available 
where necessary. You cannot know that in advance.
    The second part of your point was that it must be available 
where necessary, but it has to be limited to help protect the 
privacy interests that are here at stake.
    Now, the way we have customarily done that over the years 
has been through mitigation techniques that go originally all 
the way back to wiretaps where the FBI agent listening in on 
the wiretap with the headphones would listen to the 
conversation, and if it looked like somebody was ordering pork 
chops from the butcher or talking to their Mom, you would flip 
off the conversation for a while, and then you would flip it 
back on to see if it was still unrelated to the criminal 
investigation, and then you flip it back off. And, obviously, 
it has gotten a lot more sophisticated since then in this new 
environment.
    But do you concede that the whole haystack method protected 
by adequate mitigation is actually necessary to accomplish the 
result that you have indicated is ideal, which is that the data 
to protect our country should be available where necessary?
    Professor Felten. I do not think it is necessary to collect 
all of the data immediately. My view is that the policy with 
respect to metadata, the policy tradeoffs with respect to 
metadata are becoming more similar to those with respect to 
content, and the example that you gave of minimization on a 
traditional wiretap even while the wiretap went on is a non-
collection of data because there is not enough reason to 
believe that it is relevant to the purpose. And this is a 
balance that has been going on with content for a long time.
    Senator Whitehouse. The difference, of course, is that that 
is one thread of information, and the necessary protection 
purpose is accomplished by staying in real time, by listening 
to that conversation as it develops. When you are trying to 
connect a network of contacts that a terrorist overseas might 
have, it is too late in the game to build that network if you 
do not have the information necessary to do that; otherwise, 
you are working--I mean, you may eventually be able to do it, 
but you risk a timing problem with by the time you have 
developed that network, you have missed important players in 
it, and the event that you are trying to prevent has taken 
place already. And it is the preparedness, I think, that is an 
important part of this. So I guess I would put myself on record 
as disputing that the haystack plus mitigation modality is not 
adequate.
    Let me ask all of you another question. We have talked a 
little bit about the--you know, it has been long established 
that the kind of metadata that is collected through these 
programs is not protected by the warrant requirement. Everybody 
who has been in law enforcement here--Chairman Leahy, Chairman 
Blumenthal, myself, Senator Klobuchar, former U.S. Attorney 
Jeff Sessions--we have all gotten access to this data without a 
warrant, and it actually is achieved pretty readily. And, in 
fact, in the early days, it was done almost informally with the 
phone company, and now it has been regularized more. So there 
is an unquestionably vast amount of both legal and practical 
precedent for that proposition.
    At the same time mitigation has taken place for a very, 
very long time and is also equally well established, both as a 
legal protection and as a practical means of doing this.
    So there you have got long-established legal and practical 
precedent, and I think it is reasonable to draw conclusions 
from that looking forward.
    Now, to my question, there is another long-established 
precedent, which is that if you are the police chief and you 
want to put a tail on somebody you suspect, you do not need a 
warrant for that either. You can take a police officer, a 
plainclothes officer, and say, ``Look, we need to know where 
this guy is going. You tail him and let us find that out.'' And 
that has been true for as long as there has been law 
enforcement. So, again, another long-established precedent.
    Then along comes United States v. Jones, and in United 
States v. Jones, the police decided that instead of just 
tailing Antoine Jones, they would put a beacon on his car, and 
they would track that beacon, which would obviously save law 
enforcement resources, take advantage of new technologies, be 
the smart thing to do, et cetera, et cetera, et cetera.
    The Supreme Court in that case said that that was a search 
and that that required a warrant, even though following him 
around would not have required a warrant. And while the 
constitutional basis for that decision I do not think is fully 
settled yet, there was a bare majority that said it is because 
of the physical trespass by putting the beacon on the car, but 
there was another majority that said, no, actually you have got 
to look at--they were unfortunately in the form of a concurring 
opinion and another concurring opinion, so they did not form 
five. But if you read Justice Sotomayor's concurring opinion 
and the concurring opinion of four, they are all saying, look, 
just under the expectation of privacy test, this is a search 
also.
    So I deduce from that that there is a point, in fact, where 
new technology and scale change the underlying nature of what 
had forever been a non-warrant-requiring search. And so I think 
it is an actually very live constitutional question how United 
States v. Jones should apply to these programs. I have yet to 
see an opinion of the FISA Court that addresses that.
    The Eagan opinion came out very recently and did not 
address it--came out since the Jones decision and did not 
address it. So I am interested in each of your views as to how 
you would expect the FISA Court to rule when a case came up 
that obliged it to look at the application of United States v. 
Jones, the beacon decision. Let me start with Professor 
Cordero.
    Professor Cordero. Okay. Thank you, Senator. Certainly the 
Jones case is on the minds of everybody who considers these 
issues. With respect to----
    Senator Whitehouse. Except Judge Eagan, evidently.
    Professor Cordero. Well, with respect, though, to Judge 
Eagan's opinion, so what she said is--and I will quote. She 
said that the production order under the 215 is ``squarely 
controlled by the Supreme Court decision in Smith v. Maryland 
and the Smith decision and its progeny have governed Fourth 
Amendment jurisprudence with regard to telephony communications 
metadata for more than 30 years.''
    There have been 14 judges of the Court who have approved 
the 215 program since 2006 34 times. The Jones case came after 
2006, but there still have been at least some of those judges 
who have continued to approve the 215 case subsequent to the 
Jones case, and so that might be perhaps one suggestion that 
the Court is still satisfied.
    Judge Eagan also said that the fact that the data was not 
collected in bulk in the Smith case or, if you take the inverse 
of that, that it currently is conducted in bulk, she said that 
that would not change her analysis.
    So that being said, as I mentioned in my written statement, 
this is certainly an area where the law may change in the 
future. In the Jones case, as you mentioned, the majority that 
held that the GPS surveillance was a search, held it on the 
trespass grounds, not on the grounds that actually following 
the person around through the GPS surveillance was the search. 
It was the second sort of concurring majority part that said 
that had they decided the decision, they would have held on 
that grounds. But as you noted earlier in your remarks, that 
actually turns what are traditional investigative techniques of 
physical surveillance on its head from formerly being one of 
the most least-intrusive techniques to now all of a sudden 
flipping it up to a warrant requirement.
    Senator Whitehouse. I think rather than ask the other two 
to respond, I have now gone so far over my time that it is 
really impolite to the Chairman, and I will----
    Senator Blumenthal. You can go further.
    Senator Whitehouse. Then we will finish with their answers, 
and I will yield, but I appreciate very much the Chairman's 
patience with this.
    Professor Felten. Well, I do not have the legal expertise 
to predict how a court would rule on--interpret Jones, but with 
respect to your discussion of law enforcement and police access 
to metadata, certainly this has been going on for a long time, 
and appropriately so.
    The modality there has not been one of transferring all 
data to law enforcement and then having them pull out the 
pieces they want later. Law enforcement and prosecutors have 
been able to go to the phone company and get the records they 
need when they need them.
    Certainly I would agree that technology provides new ways 
of managing this process, and one of those ways is to allow an 
intelligence agency to get the data that they need in a 
targeted and focused way in real time, without needing to 
transfer all of it from the beginning.
    Senator Whitehouse. Professor Donohue.
    Professor Donohue. Thank you for your question. I would 
like to address just briefly the minimization technique point 
that you raised and then move to the question that you pose.
    On the mitigation techniques, minimization was only one of 
many protections that was built into the statute. FISA also had 
prior targeting before you could place intercepts. You had 
probable cause that an individual was a foreign power or an 
agent of a foreign power. You had the Foreign Intelligence 
Surveillance Court, and you had a higher standard for U.S. 
persons. All of that has been swept aside for the 215 metadata 
program. Now there is a general order, the NSA determines RAS, 
whether there is reasonable, articulable suspicion. There is 
not a different standard----
    Senator Whitehouse. Well, it has not extremely been swept 
aside for the metadata program. The metadata program faces the 
reality that unless you are gathering the information, you do 
not have a haystack to search in. But it does not mean that a 
search actually ever gets done of the haystack, and the steps 
required to search the haystack are far more rigorous than all 
the ones that you just mentioned.
    Professor Donohue. So the problem is that in building the 
haystack, all of the protections have been thrown out. And with 
the type of information that you can get from this telephony 
metadata----
    Senator Whitehouse. And that is kind of the question, isn't 
it? Is the building of the haystack the search or not? Even if 
nobody knows what is in it. Even if nobody knows it, is there a 
privacy interest that is lost when nobody knows that you made 
those calls, but there is a haystack out there and under the 
right circumstances somebody could find out?
    Professor Donohue. And there are two responses to that----
    Senator Whitehouse. That is an interesting--that is kind of 
the crux of the question we have got.
    Professor Donohue. There are two responses to that. One is 
the Foreign Intelligence Surveillance Act is about the 
acquisition of information, which is when that information is 
acquired. And, second, I would go back to the general warrant. 
The purpose of the Fourth Amendment was to prevent general 
warrants, which was to search for information and to conduct 
searches indefinitely without any particularized showing. And 
there is a constitutional violation that goes on in that case.
    Senator Whitehouse. Although there are lots of things that 
people do in law enforcement and have since the dawn of time 
that they do not even need a general warrant for because there 
is no warrant requirement. And so you cannot use the warrant 
requirement as a criticism of the way in which that has been 
done. It has never been within it. So things that were not 
subject to a warrant requirement do not require a general--the 
general warrant problem I do not see as being pertinent here.
    Professor Donohue. No, this goes to the reasonableness or 
unreasonableness of the search itself. That was the point of 
the Founders. That was why Jefferson included this. This is why 
Madison was talking about this. This is why it was in the 
Virginia Declaration of Rights. This is why New Hampshire, 
Massachusetts--it was the actual reasonableness.
    Senator Whitehouse. And that takes us back to the question 
of what is a search.
    Professor Donohue. Of what is a search. Well, the 
reasonableness----
    Senator Whitehouse. Does human knowledge----
    Professor Donohue. And unreasonableness.
    Senator Whitehouse. Does human knowledge define the search 
or does its availability in the haystack define the search. And 
that is, I think, a really interesting and important question 
that we need to address. But I do not think you can jump across 
back and forth between those two definitions and still have a 
logical and practical discussion.
    Professor Donohue. Okay. Let me address your second point 
as well, which is this broader question, if you can use these 
powers in law enforcement, and there are two parts to this. One 
is the pen register abilities that law enforcement has, and 
second is the subpoena powers. And just on the subpoena power 
point, you cannot go on fishing expeditions. You cannot, for 
instance, convene a grand jury in Bethesda and just see what is 
happening in town and start mining it for information. You 
cannot use a subpoena to obtain generalized information. It has 
to be material and specific to a particular suspected crime or 
individual or series of activities.
    This is not what we are discussing. This is not what could 
be otherwise obtained by a subpoena duces tecum, which the 
statute requires and which the FISC judge, Judge Walton, said 
there is no other legal way you could get this information. So 
it is very different from the kind of subpoena power that 
somebody would have in law enforcement.
    On the pen register side, I think you are exactly right to 
highlight what is going on with Jones and the extent to which 
metadata and the types of things that Professor Felten is 
discussing have changed the incursions into privacy that are 
possible. In the case of Smith v. Maryland, Michael Lee Smith 
had robbed, harassed, threatened, made obscene phone calls, 
drove in front of her house, and tried to intimidate her. And 
on that basis, they got one pen register that, within a 24-hour 
period, recorded that he called her again. They went into his 
house. They got a general--or not a general, they got a 
specific warrant. They went into his house. They found the 
phone book turned down to her name. That is a completely 
different situation than collecting bulk information.
    Senator Whitehouse. The holding of the Supreme Court in 
that case--if we are going to talk about the case, the holding 
of the Supreme Court in that case was not because he behaved in 
those awful ways you are entitled to get this. The holding was 
this is not Fourth Amendment--warrant requirement protected in 
the first instance. And it did not matter whether he had been 
awful and engaged in all sorts of abusive and ghastly conduct 
or not. There is a constitutional line that it drew, and the 
holding was that that kind of pen register information simply 
does not require a warrant, period.
    Professor Donohue. And I would respond to that, you are 
absolutely right. In that situation it did not require a 
warrant. What we are talking about is the wholesale 
collection----
    Senator Whitehouse. Nor has in any situation since, right? 
It was not----
    Professor Donohue. Well, certainly. Certainly the shadow 
majority in Jones found exception to that. Justice Alito's 
opinion joined by three----
    Senator Whitehouse. Now we are back to my question about 
the shadow majority in Jones, and I will accept that. But I do 
not think it is fair to say that Smith was a case that is 
defined by its facts in any way. It has been one of the cases 
that has had the broadest practical and judicial acceptance in 
real law enforcement life of anything. It has gone on for----
    Professor Donohue. And yet Justice Sotomayor in Jones goes 
on to say that she would not extend to third-party data the 
same protections that they would otherwise not deserve under 
the Fourth Amendment precisely because of technology. We have 
seen this also in the Circuits at an appellate level. We have 
seen a number of judges express this same----
    Senator Whitehouse. So to summarize, because I have now 
gone way too far, to summarize, you do think that it would be 
incumbent upon the FISA Court to consider the Jones decision at 
a minimum, and in your view, in considering it they would 
likely further restrict the capabilities of this program.
    Professor Donohue. Not only should they consider it, but 
this also goes back to Senator Blumenthal's point of the 
necessity of having a constitutional advocate there who can 
bring up Jones and these other cases--as you note, it is 
nowhere in Eagan's opinion--and to have somebody there who can 
bring this up so that the Court does have to wrestle with this 
and address this directly.
    Senator Whitehouse. Thank you, Chairman. You have been 
immensely patient.
    Senator Blumenthal. Thank you.
    I want to thank Senator Whitehouse for raising Jones and 
this issue of technology having to be considered by the FISA 
Court because it does revive the point that I made in the 
previous panel that a lot of the constitutional jurisprudence 
seems to depend on the Smith v. Maryland case, and the 
technology there was really very primitive compared to what we 
have now. And if at least a number of you feel that Jones may 
be relevant and should be considered by the FISA Court--let me 
go back to Professor Cordero--would it not be useful to have an 
advocate to, in effect, present in an adversarial way the 
implications of the Jones case in testing surveillance 
conducted under this very, very different, profoundly different 
technology?
    Professor Cordero. Well, as this Committee is aware and as 
the Intelligence Committees also, this Committee is in a 
position to receive information that is not available to the 
public that involves pleadings or opinions that the Court has 
made beyond that which has been identified. So I do not know 
whether or not Jones has ever been considered by the FISA Court 
in any of its decisions. It may be that it has, and it may be 
that that is information that would be available to the 
Committee or the Intelligence Committees.
    But that being said, the Court has a rule that when there 
are new or novel issues of technology or law that are being 
presented to the Court, it requires a Memorandum of Law from 
the Government. And so the Government needs to explain and 
bring to the Court's attention, ``Court, this is something that 
you have not seen before, and here is our Memorandum of Law 
explaining sort of the parameters of that.'' And whether that 
would involve the Jones case or some other relevant case law, 
certainly it would be the practice of the Department as a 
general matter to inform the Court and bring to the Court's 
attention relevant case law.
    Again, I cannot speak to whether or not this specific case 
has been an issue that has arisen in a Memorandum of Law that 
the Department has provided, but I certainly----
    Senator Blumenthal. Well, you say----
    Professor Cordero. Would not be surprised.
    Senator Blumenthal [continuing]. You cannot speak to it. 
Are you saying that to your knowledge Jones has not been 
presented? Because I am not aware of Jones having been part of 
any----
    Professor Cordero. I simply do not know, sir, because I 
left Government at the end of 2009.
    Senator Blumenthal. Okay.
    Professor Cordero. So I simply do not have that 
information. Perhaps the Committees do, or perhaps the other 
Committees do.
    Senator Blumenthal. But so far as you know--and you cited a 
certain number of judges and a certain number of opinions, 14 
judges in 34, did you say----
    Professor Cordero. Instances, right, where the 215 program 
was affirmed by the Court. But speaking more----
    Senator Blumenthal. None to your knowledge has considered 
Jones?
    Professor Cordero. Well, when I am saying they have--
whether or not they have considered Jones, I am speaking a 
little bit more generally, so not just with respect to 215. As 
a general matter, if the Government were presenting novel 
issues of technology or law, they would brief the Court on 
those issues, and I would expect that they would bring 
important cases to the Court's attention.
    Senator Blumenthal. And I understand your point that the 
Government has, as you have referred to it, a ``heightened 
obligation'' because there is no one on the other side. But 
there is an institutional interest and maybe even a national 
security interest in the Government not raising for the Court, 
``By the way, Judge, you know, here are the ways that Jones 
could really challenge this whole construct of jurisprudence on 
which the warrant procedure rests, and here are the''--in other 
words, it may not be directly raised by a specific request of 
the Court, and it would take a great deal of heightened 
scrutiny or heightened obligation for counsel to, on its own 
initiative, raise a challenge of that kind.
    So we both know that courts always make better decisions if 
they hear both sides of the argument through an adversarial 
process. It is a theme that runs through our court system. It 
is one of the underpinnings of our jurisprudential system. And 
you have indicated just now that perhaps the office of--the 
Civil Liberties Protection Officer could provide some kind of 
substitute. But, of course, that Officer now under statute 
reports to the Director of National Intelligence. There is no 
way that that Officer could present an objective or independent 
view, either in litigation or even in advising the Court.
    So I come back to the question: Doesn't the question that 
Senator Whitehouse has been raising about the implications of 
Jones raise again--shouldn't the FISA Court have been hearing 
exactly these kinds of questions?
    Professor Cordero. Well, I guess, Senator, what I am 
suggesting is that I think there is a reasonable possibility 
that the Government, in fact, would brief the Court on a 
decision of such import in its capacity of providing a 
Memorandum of Law regarding the issues that it would provide in 
its ex parte, in camera process.
    In addition, with respect to the special advocate, I think 
there also could be some consideration to the relationship that 
exists currently between the Government and the FISA Court, and 
I think that relationship and sort of the exchange of 
information and the process that goes back and forth is 
explained in Judge Walton's letter.
    In considering the proposals for the advocate, I would hope 
that the Committee would sort of take into advisement whether 
or not adding an adversarial process might actually disrupt in 
some way that relationship of trust and working together that 
the Department and the Court have developed over a course of 
decades.
    Professor Donohue. Senator, may I add something to that?
    Senator Blumenthal. Yes. I was actually going to ask both 
Professor Donohue and Professor Felten to comment.
    Professor Donohue. Thank you. So I want to recognize at the 
outset, in 2009 it was the Department of Justice that actually 
recognized that there were noncompliance incidents going on, 
and they were the ones that reported it to the Foreign 
Intelligence Surveillance Court, that for the first 3 years the 
program operated, that actually of 18,000 inquiries per day as 
of January, only 1,800 or so had reasonable, articulable 
suspicion. It was DOJ that was performing its due diligence and 
reported that to the Court.
    With that said, you know, as Justice Jackson reminded us in 
Irvine v. California, the executive is hardly a disinterested, 
neutral observer when its own interests are on the line. We 
read in Federalist 47 and 48, Federalist 51, when Madison says 
the ambition of the man must be aligned with the ambition of 
the office; if Government is to govern man, we must find a way 
to get it to control itself; that these checks and balances are 
very important. And as you note, within our judicial system, we 
have adversarial processes to ensure that individual interests 
do not taint the outcome of cases.
    And so I think it is terribly important to have somebody 
there to represent constitutional concerns that does not have 
an interest that might otherwise be swayed, and that provides 
another voice to the Court, especially if they are going to be 
considering such weighty constitutional questions and then 
issuing opinions secretly, hundreds of pages long that carve 
out exceptions to the Fourth Amendment. You absolutely have to 
have an adversarial process involved in that.
    Senator Blumenthal. Thank you.
    Professor Felten.
    Professor Felten. Whether it is through an adversarial 
process or through the Government presenting the full scope of 
information to the Court, when it comes to issues of complex 
technology, it is important that the Court has access to the 
kind of expertise that it needs to make a well-informed 
decision. And perhaps that takes the form of the Court being 
able to use a court-appointed expert or a special master, 
perhaps if there is an adversarial process, whoever it is that 
is arguing on behalf of civil liberties or the public also has 
access to the expertise that they need to do that well.
    Senator Blumenthal. Thank you.
    Senator Whitehouse, did you have other questions?
    Senator Whitehouse. Mr. Chairman, I just wanted to observe 
that actually in our own procedures here we do our very best to 
try to create that adversarial exchange of views. Clearly, 
Professor Cordero and Professor Donohue have very different 
views about what should be done here. Each has acquitted 
themselves I think with very great ability in this particular 
forum, and it is a virtual constant that in our hearings we 
have witnesses from different points of view so that we can 
hear those.
    In my years on the Intelligence Committee, I really felt 
that we were--a difficulty was created for the Committee by the 
fact that in deeply classified programs there was no way that 
you could bring a different view in. And so in the same way 
that the Government has a heightened standard, I think we all 
felt very keenly the heightened standard of inquiry necessary 
because there was not public inquiry and there was not exchange 
of views. And that to me is--we vote with our feet sometimes, 
and in Congress, I think we have voted with our feet in favor 
of as close to an adversarial type method as we can in the way 
we conduct our hearings in the ordinary course.
    And so I am not sure that the mechanism of an independent 
body that is all on its own is exactly the right one, but I am 
firmly in your camp that improving that ability for the FISA 
Court to have a broader range of views presented to it and to 
build in the adversary process is an important step in the 
right direction.
    Senator Blumenthal. Thank you. I appreciate those comments 
and your questions earlier, and I want to say that this is a 
very difficult and challenging issue or set of issues, and I 
really appreciate the testimony that has been given by this 
panel. I have been enlightened by the somewhat adversarial 
exchanges here with some of you, and I think that the subject 
bears a lot more thought and consideration. I would invite each 
of you to submit additional comments and hope that I can 
consult with you, because you bring a set of experiences as 
well as expertise that I think will be very valuable as we move 
forward, and particularly to my colleagues, I will encourage 
them as well to consider all of your views.
    So thank you for being here. Thank you for your excellent 
testimony. This hearing is adjourned. We will keep the record 
open for 10 days, and please submit additional comments if you 
have any.
    Thank you very much.
    [Whereupon, at 1:38 p.m., the Committee was adjourned.]
    [Additional material submitted for the record follows.]

                            A P P E N D I X

              Additional Material Submitted for the Record
              
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]