[Senate Hearing 113-365]
[From the U.S. Government Publishing Office]



                                                        S. Hrg. 113-365

 
               THE SURVEILLANCE TRANSPARENCY ACT OF 2013

=======================================================================


                                HEARING

                               before the

                        SUBCOMMITTEE ON PRIVACY,

                         TECHNOLOGY AND THE LAW

                       COMMITTEE ON THE JUDICIARY

                          UNITED STATES SENATE

                    ONE HUNDRED THIRTEENTH CONGRESS

                             FIRST SESSION

                               __________

                           NOVEMBER 13, 2013

                               __________

                          Serial No. J-113-40

                               __________

         Printed for the use of the Committee on the Judiciary




                  U.S. GOVERNMENT PRINTING OFFICE
89-466                   WASHINGTON : 2014
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC 
area (202) 512-1800 Fax: (202) 512-2104  Mail: Stop IDCC, Washington, DC 
20402-0001


                       COMMITTEE ON THE JUDICIARY

                  PATRICK J. LEAHY, Vermont, Chairman
DIANNE FEINSTEIN, California         CHUCK GRASSLEY, Iowa, Ranking 
CHUCK SCHUMER, New York                  Member
DICK DURBIN, Illinois                ORRIN G. HATCH, Utah
SHELDON WHITEHOUSE, Rhode Island     JEFF SESSIONS, Alabama
AMY KLOBUCHAR, Minnesota             LINDSEY GRAHAM, South Carolina
AL FRANKEN, Minnesota                JOHN CORNYN, Texas
CHRISTOPHER A. COONS, Delaware       MICHAEL S. LEE, Utah
RICHARD BLUMENTHAL, Connecticut      TED CRUZ, Texas
MAZIE HIRONO, Hawaii                 JEFF FLAKE, Arizona
            Bruce A. Cohen, Chief Counsel and Staff Director
        Kolan Davis, Republican Chief Counsel and Staff Director
                                 ------                                

            Subcommittee on Privacy, Technology and the Law

                    AL FRANKEN, Minnesota, Chairman
DIANNE FEINSTEIN, California         JEFF FLAKE, Arizona, Ranking 
CHUCK SCHUMBER, New York                 Member
SHELDON WHITEHOUSE, Rhode Island     ORRIN G. HATCH, Utah
CHRISTOPHER A. COONS, Delaware       MICHAEL S. LEE, Utah
MAZIE HIRONO, Hawaii                 JOHN CORNYN, Texas
                                     LINDSEY GRAHAM, South Carolina
                 Alvaro Bedoya, Majority Chief Counsel
                Elizabeth Taylor, Minority Chief Counsel


                            C O N T E N T S

                              ----------                              

                    STATEMENTS OF COMMITTEE MEMBERS

                                                                   Page

Franken, Hon. Al, a U.S. Senator from the State of Minnesota.....     1
    prepared statement...........................................    34
Flake, Hon. Jeff, a U.S. Senator from the State of Arizona.......     3
Leahy, Hon. Patrick J., a U.S. Senator from the State of Vermont, 
  prepared statement.............................................    36

                               WITNESSES

Witness List.....................................................    33
Heller, Hon. Dean, a United States Senator from the State of 
  Nevada.........................................................     3
Litt, Hon. Robert S., General Counsel, Office of the Director of 
  National Intelligence, and J. Bradford Wiegmann, Deputy 
  Assistant Attorney General, National Security Division, 
  Department of Justice, Washington, DC..........................     5
    prepared statement...........................................    37
Bankston, Kevin S., Senior Counsel and Director, Free Expression 
  Project, Center for Democracy & Technology, Washington, DC.....    18
    prepared statement...........................................    43
Rosenzweig, Paul, Principal, Red Branch Consulting, PLLC, and 
  Professorial Lecturer in Law, George Washington University, 
  Washington, DC.................................................    20
    prepared statement...........................................    58
Salgado, Richard, Director, Law Enforcement and Information 
  Security Matters, Google, Inc., Mountain View, California......    21
    prepared statement...........................................    65

                               QUESTIONS

Questions submitted by Senator Leahy for Kevin Bankston..........    72
Questions submitted by Senator Flake for Paul Rosenzweig.........    73

                         QUESTIONS AND ANSWERS

Responses of Kevin Bankston to questions submitted by Senator 
  Leahy..........................................................    74
Responses of Paul Rosenzweig to questions submitted by Senator 
  Flake..........................................................    93

                MISCELLANEOUS SUBMISSIONS FOR THE RECORD

Alexander, Keith B., Director, NSA, statement....................    95
Felten, Edward W., Professor of Computer Science and Public 
  Affairs, Princeton University, statement.......................   102


               THE SURVEILLANCE TRANSPARENCY ACT OF 2013

                              ----------- 


                      WEDNESDAY, NOVEMBER 13, 2013

                               U.S. Senate,
                         Subcommittee on Privacy,  
                           Technology, and the Law,
                                Committee on the Judiciary,
                                                    Washington, DC.
    The Subcommittee met, pursuant to notice, at 10:03 a.m., in 
Room SD-226, Dirksen Senate Office Building, Hon. Al Franken, 
Chairman of the Subcommittee, presiding.
    Present: Senators Franken, Leahy, Blumenthal, Flake, and 
Lee.

 OPENING STATEMENT OF HON. AL FRANKEN, A U.S. SENATOR FROM THE 
                       STATE OF MINNESOTA

    Chairman Franken. This hearing will come to order. Welcome 
to the Senate Judiciary Subcommittee on Privacy, Technology, 
and the Law. The subject of this hearing is my bill, the 
Surveillance Transparency Act of 2013. I am proud to say that 2 
weeks ago I reintroduced this bill with the support of my 
friend and colleague, Senator Dean Heller of Nevada, who we 
will be hearing from in just a moment.
    This bill is urgently necessary. Americans understand that 
we need to give due weight to privacy, on the one hand, and 
national security, on the other. But Americans are also 
naturally suspicious of executive power, and when the 
Government does things secretly, Americans tend to think that 
power is being abused. This is exactly the place where 
congressional oversight is useful and necessary.
    For months now, there has been a steady stream of news 
stories about the NSA's surveillance programs. And yet right 
now, by law, Americans cannot get really the most basic 
information about what is going on with these programs. 
Consider this: It has been months since the PRISM program and 
the telephone call records program were revealed to the public. 
And yet to this day, Americans do not know the actual number of 
people whose information has been collected under those 
programs; they do not know how many of those people are 
American; and they have no way of knowing how many of these 
Americans have had their information actually seen by 
government officials--as opposed to just being held in a 
database.
    The administration has taken good steps in good faith to 
address this problem. But I am afraid that these steps are too 
little and that they are not permanent.
    And so Americans still have no way of knowing whether the 
Government is striking the right balance between privacy and 
security or whether their privacy is being violated. I believe 
there needs to be more transparency.
    I have written a bipartisan bill to address this. It will 
require that the NSA disclose to the public how many people are 
having their data collected under each key foreign intelligence 
authority. It would make the NSA estimate how many of those 
people are American citizens or green card holders and how many 
of those Americans have had their information actually looked 
at by government agents.
    My bill would also lift the gag orders on Internet and 
phone companies so that those companies can tell Americans 
general information about the number of orders they are getting 
under each key authority and the number of users whose 
information has been produced in response to those orders.
    Right now, as a result of those gags, many people think 
that American Internet companies are giving up far more 
information to the Government than they likely are. The 
Information Technology & Innovation Foundation estimates that 
American cloud computing companies could lose $22 to $35 
billion in the next 3 years because of concerns about their 
involvement with surveillance programs. The analytics firm 
Forrester puts potential losses much higher, at around $180 
billion.
    A few companies have litigated and secured permission to 
publish limited statistics about the requests that they get. 
But again, this is too little, and it is not permanent.
    My bill would permanently ensure that the American people 
have the information they need to reach an informed opinion 
about government surveillance. And it would protect American 
companies against losing business from misconceptions about 
their role in these programs.
    I am pleased to say that this bill is the leading 
transparency proposal in the Senate, supported by a strong 
coalition of tech companies and civil liberties groups. The 
version as introduced gained the support of 12 senators, 
including the Chairman of the full Judiciary Committee, Patrick 
Leahy. I anticipate that we will soon be adding our original 
supporters onto the new bipartisan bill, hopefully with some 
additional support as well.
    The purpose of this hearing is to make the case for this 
bill and to improve it by getting the feedback of top experts 
in the administration, privacy groups, and the private sector. 
I have specifically asked the Office of the Director of 
National Intelligence and the Department of Justice to provide 
candid comments on this bill, especially any concerns they 
have. I have already added provisions to the bill to protect 
national security, but I want to know of any further concerns 
that they have. I suspect that I will agree with them in some 
cases and disagree with them in others. In those cases, I want 
to have an open exchange about the disagreements.
    That said, I want it to be clear at the outset that I have 
the utmost respect for the men and women of our intelligence 
community. I think they are patriots, and I think they have and 
do save lives.
    I look forward to starting this conversation. With that, I 
will turn to our Ranking Member, Senator Flake.
    Senator.

 OPENING STATEMENT OF HON. JEFF FLAKE, A U.S. SENATOR FROM THE 
                        STATE OF ARIZONA

    Senator Flake. Thank you, Senator Franken, and I appreciate 
those who will testify today. This is the first Subcommittee 
hearing we have had, and I suppose that given the rate at which 
technology develops, this will be an important Subcommittee as 
we go along to try to strike that balance that you talked about 
between privacy issues, between transparency, and national 
security. I look forward to this hearing to see if we have this 
legislation, if this bill before us actually strikes that 
balance. And I come to this hearing with an open mind and 
realize that this is really a struggle the Congress goes 
through continually.
    I was around when the PATRIOT Act passed. There were issues 
with that, where we authorized it but then sunsetted a lot of 
the provisions that we needed to deal with later and then dealt 
with those later. We were continually with technology 
developing, continually trying to strike the right balance. The 
security leaks that we have had in the past couple of years and 
certainly in the past couple of months have undermined the 
confidence that the public has in what we are doing here, and 
that I think is damaging.
    So I look forward to more transparency, whether in this 
legislation or some version of it or in some other way to make 
sure that people are confident that their public officials have 
transparency in mind and the best interests of the public in 
mind here.
    So, with that, I look forward to hearing the testimony.
    Chairman Franken. Thank you, Senator Flake. This is the 
first hearing of this Subcommittee in this Congress, and I am 
happy to have you as the new Ranking Member of this 
Subcommittee.
    It is now my pleasure to introduce your friend and 
colleague, the Senator from Nevada, Senator Heller. Two weeks 
ago, Senator Heller and I introduced an improved version of 
this bill. I think that Senator Heller's support for this bill 
and his presence here speaks to the fact that transparency is a 
bipartisan issue. Some of the best work in the Judiciary 
Committee on the issue of transparency has come from our 
Chairman and others on our side working with folks like the 
Ranking Member, Senator Grassley, and Senator Cornyn and many 
others. This bill is an effort to continue that tradition.
    Senator Heller.

STATEMENT OF HON. DEAN HELLER, A UNITED STATES SENATOR FROM THE 
                        STATE OF NEVADA

    Senator Heller. Thank you, Mr. Chairman, and to Senator 
Flake, I am pleased to be here today. I would also like to 
thank you for inviting me to testify. I want to thank you for 
holding this hearing, and, Mr. Chairman, I want to thank you 
for your leadership that you have brought to the table on 
transparency to the bulk collection programs run by the NSA.
    This is a strong bill rooted in the belief that Nevadans, 
Minnesotans, and all Americans should be provided access to 
reports that explain the personal communication records that 
the Government is collecting and how many Americans have had 
their information caught up in that collection.
    By now most people are aware of the bulk collection 
practices by the Federal Government that are authorized by 
sections of the PATRIOT Act and sections of the FISA Amendments 
Act. I am confident the full Judiciary Committee will have a 
robust debate on the bulk collection practices and whether or 
not this program should continue. I believe that the bulk 
collection program mostly authorized under Section 215 of the 
PATRIOT Act should come to an end.
    Subsequently I agreed to join with Judiciary Chairman Leahy 
as a principal sponsor with Senator Lee and Senator Durbin on 
the USA Freedom Act. While there is disagreement on whether 
this program should continue, I am confident all of us can 
agree that these programs deserve more transparency. This is 
why I joined Senator Franken to introduce the Surveillance 
Transparency Act of 2013.
    This legislation would call for reports from the Attorney 
General detailing the requests for information authorized under 
the PATRIOT Act and the FISA Amendments Act. The reports would 
detail the total number of people whose information has been 
collected under these programs, how many Americans have had 
their information collected, and also how many Americans 
actually had their information looked at by the NSA.
    Furthermore, this legislation would allow telephone and 
Internet companies to tell consumers basic information 
regarding the FISA Court orders they receive and the number of 
users whose information is turned over. The principles outlined 
in this bill to increase transparency for Americans and private 
companies would clear up a tremendous amount of confusion that 
exists with these programs. That is why transparency reform is 
included in multiple NSA reform proposals, including the 
Intelligence Oversight and Surveillance Reform Act introduced 
by Senator Wyden, the USA Freedom Act introduced by Chairman 
Leahy and myself, and the FISA Improvement Act introduced by 
Senator Feinstein.
    Mr. Chairman, while positions on the bulk collection 
program may differ, many of us agree on the need for more 
transparency. That is why I urge support for the Franken-Heller 
legislation before this Subcommittee today. We are talking 
about millions of Americans' calls that are collected and 
stored by the NSA. Americans should have access to some basic 
information regarding the amount of data collected and what is 
actually being analyzed so that my constituents, your 
constituents, can determine for themselves whether they believe 
this program is worthy to continue or not.
    And with that, again, thank you for the opportunity to have 
me testify, Mr. Chairman. I want to repeat thank you very much 
for your leadership on this issue.
    Thank you.
    Chairman Franken. Thank you for yours, Senator Heller. I am 
looking forward to working together with you on this as we go 
through this process. You are excused, and your panel is 
adjourned.
    Chairman Franken. I would now like to introduce our second 
panel of witnesses.
    Robert Litt is the General Counsel of the Office of the 
Director of National Intelligence. He was confirmed by the 
Senate by unanimous consent in 2009. Before joining the ODNI, 
Mr. Litt was a partner with the law firm of Arnold & Porter. 
From 1994 to 1999, Mr. Litt worked in the Department of Justice 
where he served as Deputy Assistant Attorney General in the 
Criminal Division and then as Principal Associate Deputy 
Attorney General.
    Brad Wiegmann is a Deputy Assistant Attorney General for 
National Security at the Department of Justice. He has served 
as a career government attorney for the past 17 years, 
including positions at the State Department, the Department of 
Defense, and the National Security Council. His government 
service has focused on national security and international law, 
including counterterrorism, intelligence activities, and 
counterproliferation.
    Welcome, gentlemen. ODNI and DOJ have submitted joint 
written testimony, which will be made part of the record. You 
each have 5 minutes for any opening remarks that you would like 
to make. Mr. Litt, would you begin?

 STATEMENT OF HON. ROBERT S. LITT, GENERAL COUNSEL, OFFICE OF 
    THE DIRECTOR OF NATIONAL INTELLIGENCE, AND J. BRADFORD 
WIEGMANN, DEPUTY ASSISTANT ATTORNEY GENERAL, NATIONAL SECURITY 
        DIVISION, DEPARTMENT OF JUSTICE, WASHINGTON, DC

    Mr. Litt. Thank you. Mr. Chairman, Ranking Member Flake, 
Senator Blumenthal, thank you for the opportunity to appear 
before you today to discuss this very important issue of how 
best to inform the public about sensitive intelligence 
activities consistent with the needs of national security. And 
I want to say that I appreciate the support that you have shown 
for the intelligence community over the last few months in 
their activities.
    The recent unauthorized disclosures have led to a public 
dialogue about intelligence collection activities, particularly 
those conducted under the Foreign Intelligence Surveillance 
Act. But it is critical to ensure that that public dialogue is 
grounded in fact rather than in misconceptions. And, therefore, 
we agree that it is important to help the public understand how 
the intelligence community uses the legal authorities that 
Congress has provided it to gather foreign intelligence and the 
vigorous oversight of those activities to ensure that they 
comply with the law.
    As you know, some months ago the President directed the 
intelligence community to make as much information as possible 
about certain intelligence programs that were the subject of 
those unauthorized disclosures available to the public, 
consistent with the need to protect national security and 
sensitive sources and methods. Since then, the Director of 
National Intelligence has declassified and released thousands 
of pages of documents about these programs, and we are 
continuing to review documents to release more of them.
    These documents demonstrate that these programs are all 
authorized by law and subject to vigorous oversight by all 
three branches of government. And it is important to emphasize 
that this information was properly classified. It is being 
declassified now only because in the present circumstances the 
public interest in declassification outweighs the national 
security concerns that require classification. But we still 
have to take those national security concerns into account.
    In addition to declassifying documents, we have also taken 
significant steps to allow the public to know the extent to 
which we use the authorities under FISA, and I agree with both 
you and Senator Heller that it is appropriate to find ways to 
inform the public about this consistent with national security.
    Specifically, as we set out in more detail in our written 
statement for the record, the Government is going to release on 
an annual basis the total number of orders issued under various 
FISA authorities and the total number of targets affected by 
those orders.
    Moreover, recognizing that it is important for the 
companies to be able to reassure their customers about how 
often or, more precisely, how rarely the companies actually 
provide information about their customers to the Government, we 
have agreed to allow them to report the total number of law 
enforcement and national security legal demands they receive 
each year and the number of accounts affected by those orders.
    We believe that this approach strikes the proper balance 
between providing the public information about the use of the 
legal authorities and protecting our important intelligence 
capabilities, and I would be glad to discuss that with you in 
more detail as we move ahead.
    Turning to the Surveillance Transparency Act of 2013, which 
you and Senator Heller have cosponsored, we have reviewed the 
bill and we share the goal of providing the public greater 
insight into the Government's use of FISA authorities. And we 
appreciate the effort that you have made in this bill to try to 
accommodate transparency and national security. We have had 
good discussions with your staff about that bill.
    Many of the bill's provisions are consistent with the steps 
we have taken so far, and we support them. But we do continue 
to have concerns that some of the provisions raise significant 
operational or practical problems. These concerns are set out 
in more detail in the written statement for the record, and I 
will just summarize now that they fall into two broad 
categories.
    First, while we believe that it is possible and appropriate 
to reveal information about the number of targets of 
surveillance, counting the number of persons or of U.S. persons 
whose communications are actually collected, even if they are 
not the target, is operationally very difficult, at least 
without an extraordinary investment of resources, and maybe not 
even then.
    For example, it is often not possible to determine whether 
a person who receives an e-mail is a U.S. person. The e-mail 
address says nothing about the citizenship or nationality of 
that person. And even in cases where we would be able to get 
the information that would allow us to make the determination 
of whether someone is a U.S. person, doing the research and 
collecting that information would perversely require a greater 
invasion of that person's privacy than would otherwise occur.
    It is for these reasons that the Inspectors General of the 
National Security Agency and of the intelligence community have 
stated in letters to the Congress that this kind of information 
simply cannot be reasonably obtained.
    Second, we have significant concerns with allowing 
individual companies to report information about the number of 
orders to produce data that they receive under particular 
provisions of the law. Providing that information in that level 
of detail could provide our adversaries a detailed roadmap of 
which providers and which platforms to avoid in order to escape 
surveillance. We believe that the reporting we have already 
agreed to provides the right balance between transparency and 
national security.
    Mr. Chairman, I want to emphasize our intention to work 
with the Congress and with this Committee to ensure the maximum 
possible transparency about our intelligence activities that is 
consistent with national security. The President is committed 
to this. The Director of National Intelligence is committed to 
this. The Attorney General is committed to this. General 
Alexander is committed to this. We are open to considering any 
proposals so long as they do not compromise our ability to 
collect the information we need to protect this Nation and our 
allies, and we look forward to working with you in this regard.
    Thank you.
    Chairman Franken. Thank you, Mr. Litt.
    Mr. Wiegmann.
    Mr. Wiegmann. Thank you, Mr. Chairman. Thank you for having 
me here today. I do not want to replicate what Bob Litt has 
just explained, so I do not want to waste the Committee's time, 
but we at the Department of Justice very much agree with what 
Bob has just explained. We very much support the transparency 
efforts that the intelligence community is engaged in now. We 
also, as Bob said, share the goals of the bill that you have 
prepared in terms of increasing transparency, but we have some 
technical concerns about how those proposals can be implemented 
that we are happy to discuss today.
    I guess I would just say a couple of other things. One is 
that I think this is an area where the details very much 
matter. We are very much in support of transparency, but we 
want to do so in a way that is consistent with our national 
security needs. You have seen a number of documents 
declassified over the last several months, and I am sure from 
the outside it looks very slow and ad hoc, as you said earlier. 
That is because these documents involve a lot of detailed 
classified information, and it takes a lot of time to go 
through the documents and determine what can safely be revealed 
and what cannot, and there are a lot of equities of different 
components of the intelligence community that have a stake in 
the information in play. So our transparency efforts are a work 
in progress. We continue to work on them as we go forward, but 
we are trying to do so in a careful and deliberate way. But I 
do not doubt that to the outsider it looks as if it is slow and 
ad hoc, but that is because we are trying to protect national 
security while also promoting transparency goals.
    So, with that, I guess I will just--the other thing I guess 
I would say in addition, though, is to contrast the U.S. 
response to these disclosures to those of some foreign 
governments. We have, in response to these unauthorized 
disclosures, tried to be more transparent, and that has not 
always been the case with other governments that have 
experienced this, either in the past or more recently. So I do 
think we are working in good faith to try to be more open about 
our intelligence collection activities, and we are happy to 
work with the Committee to continue to promote that goal.
    That is all I have.
    [The prepared statement of Messrs. Litt and Wiegmann 
appears as a submission for the record.]
    Chairman Franken. Thank you, Mr. Wiegmann, and thank you 
both. As I said, you submitted joint testimony, and, of course, 
that will be part of the record. I appreciate your not taking 
every minute of your time here.
    I will say about the disclosures--that I have said that 
these have been, I think, in good faith. It is just that there 
is nothing in the law about them, so there is nothing permanent 
about what you are doing, and what we are trying to do is 
create a framework where people have a little bit more 
confidence or understanding or can decide for themselves 
whether they should have confidence.
    Mr. Litt, you indicated that ODNI may lack the technical 
ability to estimate the number of U.S. citizens and permanent 
residents whose information has been collected under the 
different surveillance authorities. I find this kind of 
troubling, and here is why.
    We give the intelligence community broad legal power to 
conduct surveillance precisely because that surveillance is 
supposed to be targeted at foreign adversaries, not at 
Americans. Many of the broadest laws we have written, like 
Section 702 of FISA, explicitly say that you can only use this 
law only to target foreign people. You cannot use it to target 
U.S. persons.
    Mr. Litt, isn't it a bad thing that NSA does not even have 
a rough sense of how many Americans have had their information 
collected under a law, Section 702, that explicitly prohibits 
targeting Americans?
    Mr. Litt. So I have to preface everything here by 
emphasizing that I am a lawyer, not an engineer or a computer 
scientist, and so everything I say here gets filtered through 
that prism. But----
    Chairman Franken. Well, if you were an engineer or a 
computer scientist, we would have you working on something 
else.
    [Laughter.]
    Mr. Litt. But I think it is important to differentiate here 
between the concept of who is targeted for collection and whose 
communications are incidentally collected.
    Because of the legal requirement, for example, under 
Section 702 that NSA only target non-U.S. persons, NSA does the 
research necessary when they have a target to determine whether 
that person is or is not a U.S. person. They need to be able to 
make that determination.
    That is a very, very different process from saying we are 
going to look at all of the communications that are collected, 
and we are going to evaluate every single party to every one of 
those communications to determine whether or not that is a U.S. 
person.
    So they do have the ability to try to make the 
determination as to whether somebody is or is not a U.S. person 
for the purpose of targeting that person, but that is a 
different proposition.
    Chairman Franken. Okay. Well, I think an estimate, though, 
could be made through statistical sampling, a method that has 
been used in comparable circumstances before the FISA Court. I 
would like to add to the record two pieces of testimony that to 
me suggest that the NSA could be able to estimate how many 
Americans have had their information collected under foreign 
intelligence authorities. The first is from General Alexander. 
He testified in September that the NSA employs over a thousand 
mathematicians, more than any other employer in the United 
States, more than every university in Minnesota, more than MIT 
or CalTech.
    The second piece of testimony is from Ed Felten, the 
Princeton professor and the former technologist for the Federal 
Trade Commission. He said, ``Yes, the Government has the 
ability to give a rough estimate of the number of American 
citizens and permanent residents whose metadata and content has 
been collected.''
    [The statements appear as a submission for the record.]
    Chairman Franken. Let us move on to the disclosure by the 
companies. Mr. Litt, in your testimony you warn that, quoting 
from your testimony, ``More detailed company-by-company 
disclosure threatens harm to national security by providing a 
roadmap for our adversaries on the Government's surveillance 
capabilities . . .'' This concern makes sense. But I have 
difficulty reconciling your testimony with the Government's 
actions with respect to major companies like Google. The 
Government lets Google publish the number of national security 
letters it receives each year and the number of users affected. 
And 2 months ago, Michael Hayden, the former Director of NSA 
and of CIA, gave a speech in which he said, ``Gmail is the 
preferred Internet service provider of terrorists worldwide.'' 
That is a verbatim quote, according to the Washington Post.
    Mr. Litt, it seems to me that if the former head of the CIA 
and the NSA does not think it is a problem to let everyone know 
that terrorists just love Gmail, then why do you think that a 
company-by-company disclosure threatens national security? He 
evidently does not.
    Mr. Litt. A couple of thoughts on that. To my knowledge, 
General Hayden did not talk to us before making those 
statements. I do not know that we would have authorized that 
statement to be made. I just do not know what was done there.
    The point is that if we allow the companies on an annual 
basis to publish these statistics, it is going to simply 
provide additional information out there as new companies come 
online and pop up. You may have a company that, for example, 
for a period of years shows no orders and then all of a sudden 
starts showing orders, and that conveys a message that says we 
have got the capability to collect this now.
    The more detail we provide out there and the more we break 
this down by authorities and companies, the easier it becomes 
for our adversaries to know where to talk and where not to 
talk.
    What we have agreed to allow the companies to do is to 
report the aggregate number of times in which they provide 
information about their customers to the Government. And that, 
it seems to me, is an adequate way of providing the public the 
information they need to know about the minuscule proportion of 
times in which that actually happens. And breaking it down 
further in our view crosses the line of the appropriate balance 
between transparency and national security.
    Chairman Franken. We are going to have testimony from some 
privacy people and from Google talk about that aggregation. I 
do not think that aggregation is all that helpful because you 
really are not giving people an idea of how much is--I mean, 
you are mixing apples and oranges, so you are having how many 
wiretaps there are on mobsters with--I mean, to me it does not 
create the kind of transparency that creates the kind of 
knowledge the American people--I have some time--gives the 
American people a way to judge the program.
    Let me ask Mr. Wiegmann something. I am the Chairman. I 
guess I can go over my own times, but I have got 9 seconds, and 
I will try to ask a question. Mr. Wiegmann, I understand that 
you think that my bill would require too much detail in 
government reporting. I am going to weigh that feedback very 
carefully. But I do want to point out that when I drafted the 
government reporting requirements in the bill, I modeled them 
after the wiretap report that the Department of Justice 
releases every year.
    If you look at last year's report, it breaks down the 
number of wiretaps not just nationally but by specific 
jurisdiction and then breaks down those numbers by the nature 
of the wiretap--a mobile phone, a home phone, a business phone. 
Last year's wiretap report shows that federal prosecutors in 
Manhattan secured wiretap orders for mobile phones 48 times in 
2012, while their colleagues in Brooklyn only did this 5 times 
in the same period.
    The wiretap report contains a wealth of information, yet 
nobody is arguing that criminals in Manhattan are reading the 
wiretap report and fleeing to Brooklyn because, you know, they 
are less likely to get their phone tapped there.
    My bill would not even require anything near this level of 
reporting. It would require the Government to report national 
statistics, and any time the number of Americans affected was 
lower than 500, the report would just say ``fewer than 500.''
    Mr. Wiegmann, why would the reporting requirements in my 
bill raise national security concerns if the far more detailed 
reporting requirements in DOJ's wiretap reports do not raise 
public safety concerns?
    Mr. Wiegmann. So that is a good question. The regular 
wiretaps under the Wiretap Act do not involve classified 
techniques, so there are platforms that we use in the 
intelligence context that it is unknown to the outsiders or 
anyone outside the executive branch as to whether we can 
collect on a particular communications technology. So the 
difference----
    Chairman Franken. But I am not having you----
    Mr. Wiegmann. What is that?
    Chairman Franken. The disclosure would not be talking about 
a technology other than it is on the Internet or phone.
    Mr. Wiegmann. Right.
    Chairman Franken. We know those technologies.
    Mr. Wiegmann. We think that our adversaries can surmise--
let us say, for example, in year one we know that there is a 
company that has a particular number of surveillance requests 
and that number is published. They then introduce a new 
capability, a new service that they provide, and then all of a 
sudden that number goes up dramatically in the following year. 
That is something that our adversaries could glean information 
from that and surmise as to whether we have the capability to 
collect on a new technology. So that is the type of thing that 
I am talking about that is different than in the wiretap 
context where everyone knows that a basic phone tap is 
something that you can do. So that is the difference there.
    I would also like to address briefly your last question to 
Mr. Litt about NSLs. The reason why NSLs are different than 
other collection methods, is that it is just collecting 
business records. It is not an interception capability. You are 
not intercepting communications in real time. You are just 
collecting business records that the companies have, and so 
that is the distinction there that we do not have the same 
concerns about revealing those numbers in aggregate that we 
would with intercept capabilities.
    Chairman Franken. Well, thank you. I thank the Ranking 
Member for his indulgence. I have gone way over my time. I 
thank you too, but please continue.
    Senator Flake. Well, thank you. They have been useful 
questions and some of the same questions that I had as well.
    Mr. Litt, if you could kind of drill down a bit in terms of 
increased manpower and what it would take to actually make some 
determination of the percentage of individuals who are U.S. 
citizens who are surveilled, what would that look like, without 
revealing more than you need to reveal here? What would that 
take to actually go through and determine what percentage?
    Mr. Litt. So I can offer actually an example in that 
regard. The Chairman made reference to the FISA Court opinion 
that we have released from 2011, which involved a compliance 
violation under the collection under Section 702. And in 
connection with that, NSA did do a statistical sample to try to 
determine how many wholly domestic communications may have been 
intercepted through one portion of this collection, and they 
did a statistical sample where they reviewed I think 
approximately 50,000 communications, which was a very small 
percentage of that.
    My understanding is that it took a number of NSA analysts 
about 2 months to do that, and that even in that regard, there 
were a number of instances where they simply could not come up 
with the necessary information, that the actual information was 
in a wide--ended up with numbers in a wide range based on a lot 
of assumptions. And the last point I want to make on that is 
that that was actually an easier task than the one that is 
being asked here, because they were looking for wholly domestic 
communications, which means that anytime they found a 
communication where there was one non-U.S. person they could 
immediately throw it out and not look any further. So they 
never did actually go through and look at every single party to 
every single communication to determine whether or not it was a 
U.S. person.
    So I think that that example gives a sense of the resource 
intensiveness that would be required and the difficulty, even 
if you apply all those resources, in coming up with reliable 
numbers at the end of the process.
    Senator Flake. So you maintain that it would take--it would 
probably lead a lot of resources away from the main task just 
to comply with this provision?
    Mr. Litt. Yes, I think those thousand mathematicians have 
other things that they can be doing in protecting the Nation 
rather than trying to go through and count U.S. persons.
    Senator Flake. In your testimony you mention that it may 
have a greater impact on privacy to actually have to drill down 
and determine who is a U.S. person and who is not. What level 
of detail do you typically have to have? You have to run--I 
guess search what other communications have come to this person 
or whatever else, and those are the things that--can you kind 
of explain what you mean by saying that you impact more on 
people's privacy by drilling down and complying with this law 
than are currently out there?
    Mr. Litt. Yes, that is exactly right. NSA's mission is to 
collect foreign intelligence. They are looking for the foreign 
side of the thing, and it is not what they ordinarily do to go 
out and try to find U.S. persons. And so if you impose upon 
them some sort of obligation to identify U.S. persons, they are 
going to take an e-mail address that may be, you know, 
[email protected], and they are going to have to dig down and 
say, ``What else can we find out about [email protected]?'' And 
that is going to require learning more about that person than 
NSA otherwise would learn.
    Senator Flake. Mr. Wiegmann, we allowed the companies out 
there, Google and others, to reveal more than they were able to 
reveal before. Google has procedures that they follow. What 
other companies have taken advantage of the opportunity they 
have to reveal more information about what is surveilled and 
what is not? Is it universal, all of them are taking advantage 
of this, or some of them, or what?
    Mr. Wiegmann. I would have to get back to you and give you 
the list of companies. I believe Microsoft has issued a 
Transparency Report with certain data, Facebook I believe. I 
would have to get you the complete list. I do not want to give 
you the wrong list of companies here, but I could get you the 
information about which ones have taken advantage of the 
Government's offer thus far.
    Senator Flake. All right.
    I am sure we will learn more in the next panel, but is it 
your understanding that all--how universal is the request for 
the ability to give broader information or more information 
about what is being surveilled and what is being collected, 
whatever else?
    Mr. Wiegmann. I think it is fair to say that a lot of the 
major Internet service providers do want to provide more 
information about how their users are affected by government 
surveillance. A number of them in the initial stages of this in 
the wake of the initial Snowden unauthorized disclosures came 
to us, and so we work with them on the proposal that Bob 
described, which was that we would release the aggregate number 
of law enforcement plus national security demands in the 
aggregate for those companies. I think they found that useful 
at the time because they put out press statements and so forth 
saying--you know, identifying those numbers and showing that 
that was a tiny fraction, I think in most cases less than one 
ten-thousandth or one one-hundred thousandths of their user 
base was affected by not only the national security demands but 
also the law enforcement demands together. So whether you slice 
out the national security or whether you include the law 
enforcement, it is a tiny, tiny fraction of their total user 
accounts, and that is what they wanted to be able to show, as 
Senator Franken was saying, to debunk the idea that we are 
engaged in some kind of dragnet surveillance whereby we are 
getting access to all of their users. In fact, the opposite is 
true, that it is a tiny, tiny number. And they were able to do 
that with the disclosures that we authorized at that time.
    Senator Flake. Thank you.
    Mr. Litt, getting back to what we were talking about 
before, in order to comply with the provisions of this 
legislation, would you sometimes require more of the companies 
in terms of trying to follow down and drill down on how many 
U.S. persons were affected here? Might there be additional 
concerns from the private providers that were--I do not know. 
Might they be more uncomfortable with additional requests to 
try to determine--we already have minimization procedures that 
apply in order to exclude U.S. persons, but this would seem to 
be a lot more drilling down, as you mentioned before. What 
concerns do others have about this? And should they be 
concerned about more intrusiveness on the part of the 
Government to determine who is a U.S. person and who is not 
just for the purpose of complying with the Act?
    Mr. Litt. Well, I do think that people should be concerned 
about the greater intrusiveness. I am not sure technically 
whether it would require any more of the companies or not. I 
think that more likely NSA would simply rely on its own 
internal resources rather than--because they would need some 
additional authority to go back to the companies to get 
subscriber information or whatever. So I am not sure that it 
would impose an additional burden on the companies, which does 
not in any way mitigate the intrusion on the individual.
    Senator Flake. But you do not anticipate having to go back 
to the companies and say we would need additional information 
in order to determine--or to comply with the law?
    Mr. Litt. I would not say that I do not anticipate it, but 
I am not sure that it would happen or that, frankly, there 
would be a way we could do it legally to get that information 
from the companies.
    Senator Flake. Thank you, Mr. Chairman.
    Chairman Franken. Thank you. And I will say that we are 
going to have testimony from Google, and they have signed on to 
this, as have those companies. So we will hear from them.
    Senator Blumenthal.
    Senator Blumenthal. Thank you, Mr. Chairman. Thank you for 
your leadership on this bill. Thank you to our Ranking Member 
and to Senator Heller. I am a cosponsor of this measure and 
really want to express my gratitude to you, Senator Franken, 
for spearheading this effort. But, of course, it really 
embodies the general truth that what you do not know can hurt 
you. And what the American people do not know about much of 
what you do, and it is important, indeed essential work to our 
national security, can create misinformation and deception and 
undermine the trust and credibility in the entire program of 
surveillance and intelligence vital to national security. So 
what the American people do not know can hurt them if it 
becomes a source of mistrust and loss of credibility here and 
around the world.
    So I think that this bill is very important, albeit only a 
first step, and I propose other measures such as a 
constitutional advocate that I think fits with the concept of 
this bill in terms of preserving an adversarial and 
accountability measure, as well as greater transparency and 
accountability in other ways.
    I would like to focus on the technical issues that you have 
raised. Don't these pale compared to the importance of the 
objective? And aren't they surmountable with relatively few 
resources if we define narrowly what those technical problems 
are?
    Mr. Litt. Well, taking--I mean, I guess I would say no and 
no. Taking your second point first, the judgment of people who 
have looked at this, not only people within NSA but, as I said, 
two Inspectors General who have also looked at it, is that this 
is not surmountable with a relatively modest application of 
resources, that it would be very resource intensive, and as I 
said, particularly with respect to U.S. persons, very--require 
additional intrusions on privacy.
    Our judgment is that this is not the best way to try to 
strike the balance between privacy and national security. I 
understand the view that there is important information out 
there. But one of the necessities of conducting intelligence 
operations is that not all the information that might be of use 
to the public is going to come out in the public.
    So I think that our view is that the steps that we have 
taken are appropriate ones, and we are prepared to work with 
the Committee and the Congress on additional steps that might 
be taken. But----
    Senator Blumenthal. But I do not understand--and forgive me 
for interrupting, but my time is limited. I do not understand 
what resource intensive--you know, that is a code word. It is a 
term of art maybe that is used to say it looks pretty difficult 
to do. It looks like it is going to cost a lot. How resource 
intensive really is it to accomplish these purposes?
    Mr. Litt. I do not know that we have done an actual cost 
estimate. The only yardstick I can give you is what was 
required to do the smaller and easier task that was done in 
connection with the FISA Court opinion that required, I 
believe, a half dozen analysts 2 months to do and still come up 
with an estimate that had wide ranges in it. And so that----
    Senator Blumenthal. Maybe you can give us some idea of what 
those ranges are.
    Mr. Litt. If you give me a second.
    Chairman Franken. This will not come out of the Senator's 
time.
    Mr. Litt. It is a long opinion, and it is going to take me 
a second to find the right place.
    [Pause.]
    Mr. Litt. I am sorry. I should have marked this in advance.
    So as I said, the issue was to determine what were wholly 
domestic communications, which I said is a different task, and 
as a result of this review, they determined that there were 
between 996--essentially between 1,000 and 5,000 communications 
that met that test. So you have a fivefold range there, and 
there are other estimates in here, for example, that say, well, 
it would not be any greater than this number. But they are all 
based on assumptions and estimates, and I do not know that 
there is any comfort that we could accomplish this with any 
degree of reliability.
    Senator Blumenthal. But you have given me a number for the 
communications but not a number for the dollars. To put it 
perhaps oversimplistically, how do you measure resource 
intensive?
    Mr. Litt. I mean, you have to look at the number of people 
who would be required and the amount of time that would be 
required.
    Senator Blumenthal. And can you give us some idea of what 
they would be?
    Mr. Litt. As I said, the only metric that I have is what 
was required to get this number, and my understanding is that 
that was, I believe, six analysts for a 2-month period. You 
would have to multiply that across a much larger sample, a much 
more difficult task, and additional FISA authorities. So you 
are talking, you know, some number of man-years that would be 
required to do this.
    Senator Blumenthal. Thank you. Let me just move on. In the 
interest of perhaps anticipating the testimony we are going to 
receive from the next panel, I do not know whether you have had 
a chance to review that testimony, but, for example, a lot of 
it concerns the impact on communications internationally, and I 
wonder if you could comment in particular on the testimony, 
very compelling testimony, from Mr. Salgado about the need for 
transparency to enable the trust and credibility that is 
important for communications worldwide?
    Mr. Litt. So I have not had a chance to review the other 
testimony. I am generally familiar with the companies' 
position. I think we have a lot of sympathy for their position. 
The unauthorized disclosures that have come out here have put 
them in a difficult position. It is one of the many things that 
we regret about these disclosures.
    Having said that, as Brad mentioned earlier, we are 
authorizing--we are prepared to authorize the companies to 
release the total number of orders they get and to disclose 
customer information and the total number of accounts affected 
by those orders. That is going to be a minuscule number. As 
Brad said, it is something like--you know, it is a fraction of 
1 percent, and that covers all authorities. And it seems to me 
that that minuscule number is sufficient to meet the company's 
needs, and it really does not advance things anyway--when they 
are allowed to disclose that 0.0001 percent of their customer 
accounts are affected by orders to provide information to the 
Government, it does not really advance their needs to say, 
well, 0.000001 percent of those were pursuant to this authority 
and 0.000003 percent were pursuant to that authority. The 
relevant statistic is that any customer of Google or of any 
other company, there is only an infinitesimal likelihood that 
that person's information is ever going to be asked for by the 
Government.
    Senator Blumenthal. Thank you. My time has expired. Thank 
you very much.
    Thanks, Mr. Chairman.
    Chairman Franken. Thank you, Senator Blumenthal, and I am a 
cosponsor of your constitutional advocate bill.
    Senator Blumenthal. Right. Thank you.
    Chairman Franken. Senator Lee.
    Senator Lee. Thank you, Mr. Chairman. Thanks to you for 
being here with us today.
    Much of the testimony that we have received today 
highlights the consequences of unchecked government intrusion 
into the private lives of citizens and their interactions with 
private businesses.
    Senator Franken's bill would take important steps to 
increase the transparency of government requests for 
information, and I very much applaud those efforts. In fact, 
Senator Leahy and I have incorporated the vast majority of 
Senator Franken's provisions into our bill, S. 1215, the FISA 
Accountability, Privacy, and Protection Act, which makes 
broader reforms to the privacy protections within the FISA 
program.
    Our bill would tighten statutory authorities governing 
surveillance, would increase oversight and accountability, and 
would ensure that Americans' constitutional rights under the 
Fourth Amendment are protected.
    The reporting provisions in these bills guarantee that we 
have an accurate understanding of the scope of these 
information collection activities and allow businesses to 
regain the trust of the public through the reasonable 
disclosure of their interactions with government agencies as 
they provide information. It is time we started requiring a 
little more sunlight in this fairly shadowy space.
    Mr. Litt, in your written testimony, you expressed support 
for the majority of the disclosure requirements in this bill. I 
was wondering, is your support a direct result of formerly 
covert collection programs having become public? Or do you 
think that nationwide aggregate disclosures are inherently 
beneficial and should be sought out?
    Mr. Litt. I think the answer to that is that aggregate 
disclosures are a good thing, provided they do not compromise 
our ability to collect important information. I think in the 
situation we are in right now, whatever the appropriate result 
might have been 6 months ago, in the situation we are in right 
now where the Director of National Intelligence has already 
declassified the fact of certain programs and how they operate, 
that it is entirely appropriate to have aggregate disclosures 
of these activities going forward.
    For other important intelligence activities, I am not sure 
that we would reach the same balance, but to the extent that we 
are talking about these particular disclosures, we believe that 
they do strike the right balance now.
    If I could just for one thing--I know this is perhaps not 
considered a discreet thing to do. I do want to take issue with 
your suggestion that we are talking about unchecked intrusions 
into the privacy of Americans, because, in fact, they are very 
checked. We operate within the laws authorized by Congress. We 
operate with extensive oversight from all three branches of 
government, and they are highly regulated and highly checked. 
Whether or not they are appropriate or not I think is a valid 
question, but nobody should be under the illusion that we are 
operating without any checks on what we do.
    Senator Lee. That is a fair point, and I understand your 
position there. One of the concerns is always, of course, that 
what might well be handled by responsible people today, 
tomorrow might not be. We do not know whether that might happen 
a week from now or a year from now or 10 years from now, but in 
a sense, we have seen this movie before and we know how it 
ends. If you give too much power to the Government with regard 
to domestic surveillance, eventually it will be abused, and we 
need to put in place whatever procedures might be necessary.
    If I understand your answer to my question correctly, part 
of what you are saying is that prior to the declassification 
that occurred recently, this might have run afoul of--this 
might have triggered your concerns, this kind of legislation 
might have triggered your concerns in the sense that it might 
have compromised ongoing activities. But since those have now 
been declassified, there is no reason not to do this. Am I 
understanding you correctly?
    Mr. Litt. Yes, I think that is right.
    Senator Lee. Okay. Thank you, sir, and thank you, Mr. 
Chairman.
    Chairman Franken. Thank you, Senator.
    I want to thank you gentlemen not just for your testimony 
but for your service. You made a good point there about there 
are checks to what you do, and this is part of it. And you made 
a comment that there are checks on what you do, but that does 
not mean what you do is always appropriate. And that is what we 
are trying to get to here.
    You have made some disclosures that I think have been in 
good faith, but they are not permanent. They are not a part of 
the law. And so that is what we are discussing here. And, 
again, I want to thank both of you for your testimony, and now 
I want to call our third panel. So thank you both, gentlemen.
    Mr. Litt. Thank you, Mr. Chairman.
    Mr. Wiegmann. Thank you.
    Chairman Franken. Kevin Bankston is senior counsel and 
director of the Free Expression Project at the Center for 
Democracy and Technology. Mr. Bankston is a long-time advocate 
and litigator on privacy, civil liberties, and Internet policy 
matters. Mr. Bankston and the Center for Democracy and 
Technology organized and led the coalition of companies and 
civil liberties groups that called for greater transparency and 
that now is advocating the passage of this bill.
    Paul Rosenzweig is the founder of Red Branch Consulting, a 
national security consulting company, and a senior adviser to 
the Chertoff Group. From 2005 to 2009, he served as Deputy 
Assistant Secretary for Policy in the Department of Homeland 
Security. He also teaches at George Washington University Law 
School.
    Richard Salgado is Google's director for information 
security and law enforcement matters. He served as a federal 
prosecutor in the Computer Crime and Intellectual Property 
Section of the Department of Justice, where he specialized in 
technology-related privacy crimes. He has taught at Stanford 
Law School, Georgetown University Law Center, and George Mason 
University Law School.
    Thank you all for joining us. Your complete written 
testimony will be made part of the record. You each have 5 
minutes, about 5 minutes, for any opening remarks that you 
would like to make.
    Mr. Bankston, please go ahead.

 STATEMENT OF KEVIN S. BANKSTON, SENIOR COUNSEL AND DIRECTOR, 
  FREE EXPRESSION PROJECT, CENTER FOR DEMOCRACY & TECHNOLOGY, 
                         WASHINGTON, DC

    Mr. Bankston. Chairman Franken, Ranking Member Flake, and 
members of the Subcommittee, thank you for the opportunity to 
testify on behalf of the Center for Democracy & Technology, a 
nonprofit, public interest organization dedicated to keeping 
the Internet open, innovative, and free.
    I and the broad coalition of Internet companies and 
advocates that CDT brought together this summer to press for 
greater surveillance transparency are grateful to Chairman 
Franken and Senator Heller for introducing the Surveillance 
Transparency Act, a bill that would allow companies and require 
the Government to publish basic statistics about how the 
Government is using its national security surveillance 
authorities.
    Particularly in the wake of recent revelations about the 
NSA's surveillance programs, we believe this level of 
transparency about what companies do--and don't do--in response 
to government demands is critically important for three 
reasons.
    First, the American people and policymakers have a clear 
right and need to know this information so that they may have a 
more informed public debate about the appropriateness of the 
Government's use of its authorities and to better ensure that 
those authorities are not misused or abused.
    Second, the companies have a clear First Amendment right to 
tell us this information, and the Government's attempt to gag 
them from sharing even this most basic data or even to admit 
that they have received foreign intelligence demands at all is 
clearly unconstitutional. Indeed, you will see this prior 
restraint at work today in the room. Even though everyone in 
this room knows and understands that Google has received 
Foreign Intelligence Surveillance Act process, Google's 
representative is the one person in the room who cannot admit 
it.
    Third, greater transparency is urgently necessary to 
restore the international community's trust in the U.S. 
Government and in our U.S. Internet industry, which is 
projected to lose tens, if not hundreds, of billions of dollars 
in the face of widespread concern from foreign governments and 
international users.
    We must take this opportunity to demonstrate that our 
surveillance practices are necessary and proportionate and 
respectful of constitutional and human rights. And if the 
numbers show otherwise, we must take this opportunity to reform 
our surveillance laws to better protect our rights as well as 
our national security.
    Speaking of national security, there are two basic 
arguments why publishing these numbers would threaten it, but 
neither is persuasive.
    First, there is concern that such reporting will reveal 
which services have not been targeted by the U.S. Government 
such that our enemies will seek them out. However, it has 
always been the case that companies that have not yet received 
secret national security demands can say that they have not 
received secret national security demands, as was most recently 
demonstrated just last week when Apple revealed that it has 
never received an order under Section 215 of the PATRIOT Act.
    The second argument is that reporting will reveal which 
services have been targeted such that their enemies will avoid 
them. However, this concern rings somewhat hollow when top 
intelligence officials such as current NSA Director Keith 
Alexander have repeatedly and publicly announced the names of 
various services, such as Google, Facebook, Twitter, and 
Yahoo!, that they believe terrorists are using. Senator Franken 
also mentioned a comment by former NSA Director Michael Hayden.
    Put simply, and as these generals recognized, saying that 
someone on a service is being surveilled is very different from 
identifying who on that service is being surveilled, and only 
the latter is dangerous to national security. Therefore, the 
less transparent alternatives to the bill that the Government 
has suggested are unnecessary to protect national security. 
More than that, they would actually be worse than the current 
transparency status quo.
    On the Government reporting side, the DNI has announced he 
will voluntarily publish new statistics reflecting how many 
people have been ``targeted'' under various surveillance 
authorities. But such limited reporting would actually be 
misleading.
    For example, the DNI's reporting for 2012 would only have 
indicated that around 300 people had their telephony metadata 
targeted under Section 215 of the PATRIOT Act, yet we now know 
that the Government has used Section 215 to obtain the phone 
records of every single person in the country. Such falsely 
reassuring reporting would do more harm than good.
    On the company reporting side, the government advocates for 
a lot of what I will call ``fuzzing'' and ``lumping.'' They 
want to lump together into a single number all the different 
foreign intelligence authorities as well as all State, local, 
and federal law enforcement requests and then fuzz that number 
up by putting it into a range of a thousand. That kind of 
fuzzing and lumping would be a step back for transparency, 
obscuring more than it reveals, especially considering that 
companies are already engaged in detailed reporting about the 
law enforcement process they receive and in some cases have 
also been allowed to publish separate rounded numbers about the 
national security letters they receive.
    No one has ever suggested that either that reporting or the 
detailed reporting that the Government has done for decades 
about its law enforcement wiretapping has ever disrupted an 
investigation. Neither would the reporting required and allowed 
for under this bill or that provided by the transparency 
provisions of the USA Freedom Act, another bill that CDT 
strongly supports.
    Greater transparency is no replacement for substantive 
reform of our surveillance laws, but it can serve as a key 
stepping stone toward that broader reform by allowing the 
public and policymakers to better understand how the Government 
is using its powers.
    So I thank you for your consideration, and I look forward 
to your questions.
    [The prepared statement of Mr. Bankston appears as a 
submission for the record.]
    Chairman Franken. Thank you, Mr. Bankston.
    Mr. Rosenzweig.

STATEMENT OF PAUL ROSENZWEIG, PRINCIPAL, RED BRANCH CONSULTING, 
   PLLC, AND PROFESSORIAL LECTURER IN LAW, GEORGE WASHINGTON 
                   UNIVERSITY, WASHINGTON, DC

    Mr. Rosenzweig. Senator Franken, Senator Flake, members of 
the Subcommittee, I thank you very much for the invitation to 
appear today. It is always an honor to be asked to provide 
one's views to the Senate of the United States, and I thank you 
for affording me that opportunity.
    I should begin by saying that, as a current holder of a top 
secret clearance for some of the work I continue to do for DHS, 
I have limited what I have read to what has been lawfully 
declassified by the DNI, as have most of the people in my 
position, which somewhat constrains how I can speak to the 
issues today. That having been said, I would make four basic 
points.
    The first is that transparency is a good thing, but 
unlimited transparency cannot be our end goal. Secrecy itself 
has its virtues in any number of circumstances. One can think 
of everything ranging from the attorney-client privilege to the 
identity of an undercover officer in a gang in Los Angeles to 
any number of reasons why governments legitimately keep secrets 
that are subject to oversight in a classified manner, either 
through the oversight of the executive branch or the 
legislative branch or in some cases the judicial branch.
    Thus, while I fully support the overarching sentiment that 
underlies much of the bill that is before you, that is, the 
idea that we can and should seek to increase transparency with 
respect to the NSA surveillance programs, I think that we have 
to do so in a calibrated way, one that takes into account what 
the end goal of transparency in this circumstance is.
    Now, I would submit that the end goal here is greater 
oversight, greater audit, greater assurance that the NSA and 
other intelligence community activities are acting in 
conformance with the laws as we have set them out and not in 
ways that are in violation of those laws. So to my mind, the 
right answer to many of the questions that you are asking is 
how will the transparency that you are advocating advance that 
goal.
    With that in mind, my second point is that I think that the 
proper reflection on what we should be learning more about with 
respect to the NSA surveillance is to require a lot of 
disclosure of aggregate information, a lot of disclosure with 
respect to existing programs, but that we should take very 
seriously the protestations of government officials who are, 
frankly, in a better position to know than I am at least, given 
what little I know about the classified nature of these 
programs, that further disclosures will disclose sources, 
methods, capabilities that have not yet publicly been 
disclosed.
    Indeed, my single greatest constructive criticism that I 
would offer with respect to the bill before you is the idea 
that the disclosure requirements are keyed to statutory 
programs themselves like Section 215 or Section 702 and seems 
to operate from the unstated assumption that we have already 
learned all of the classified programs that are operating under 
those statutes.
    If that is the case, then the transparency that is key to 
those sections is to be welcomed indeed. I suspect, without 
knowing, that there are other programs involved, other covert 
programs that have not yet been disclosed, either lawfully or 
unlawfully, and it is at least plausible to me that further 
disclosures of particularized numbers would lead to the 
disclosure of programs that have not yet made it into the 
public record. If that were the case, I would think that that 
would be an unfortunate result.
    My third point would simply be that the most effective 
reforms, I think, are not just enhanced transparency for the 
American public but more structural reforms, things that you 
can do that are not part of this bill, that are part of, I 
think, what Congress can do, things like making the NSA 
Inspector General a Presidential appointment, expanding the 
jurisdiction of the Privacy and Civil Liberties Oversight 
Board. Those sorts of things do not sound as sexy as greater 
transparency, but I tend to think that in the end they will 
actually prove more effective than even the most detailed 
disclosure of individuated numbers within various programs.
    With that, I will conclude, and I look forward to your 
questions.
    [The prepared statement of Mr. Rosenzweig appears as a 
submission for the record.]
    Chairman Franken. Thank you, Mr. Rosenzweig.
    Mr. Salgado.

  STATEMENT OF RICHARD SALGADO, DIRECTOR, LAW ENFORCEMENT AND 
  INFORMATION SECURITY MATTERS, GOOGLE, INC., MOUNTAIN VIEW, 
                           CALIFORNIA

    Mr. Salgado. Chairman Franken, Ranking Member Flake, 
Senator Blumenthal, and Senator Lee, thank you for the 
opportunity to appear before you this morning to talk about the 
Surveillance Transparency Act of 2013. My name is Richard 
Salgado. I am the director for law enforcement and information 
security at Google. In that capacity I oversee the company's 
response to government requests for user information under 
various authorities. I am also responsible for working with 
teams across Google to protect the security of our networks and 
our user data.
    Mr. Chairman, we commend you for introducing the 
Surveillance Transparency Act of 2013. Simply stated, we 
believe that service providers should be able to disclose basic 
statistics about national security demands that we may receive.
    The revelations about the U.S. Government's and other 
governments' surveillance practices over the past few months 
have sparked a serious debate about the laws governing 
surveillance of private communications by the intelligence 
community. Google recognizes the very real threats that the 
U.S. and other countries face today, and of course, governments 
have a duty to protect their citizens. But the current lack of 
transparency about the nature of government surveillance in 
democratic countries undermines the freedom and the trust most 
citizens cherish. It also has a negative impact on our economic 
growth and security and on the promise of the Internet as a 
platform for openness and free expression.
    In the wake of press reports about the so-called PRISM 
program, governments around the world have been considering 
proposals that would limit the free flow of information. This 
could have severe unintended consequences, such as a reduction 
in data security, increased costs, decreased competitiveness, 
and harms to consumers.
    Proposals like data localization pose a significant threat 
to the free and open Internet. If they are adopted, then what 
we will face is the effective creation of a ``splinternet'' 
broken up into smaller national and regional pieces with 
barriers around it to replace the global Internet that we know 
today. Enacting the Surveillance Transparency Act would allow 
the U.S. to take a first step toward rebuilding the trust that 
is necessary.
    Transparency and national security are not mutually 
exclusive. Since 2010, we have published a Transparency Report 
where we share information about the law enforcement requests 
for user data we receive from governments around the world. 
Earlier this year, after some discussions with the Department 
of Justice, we began providing more information about the 
volume and scope of national security letters that we receive, 
although in broad ranges. There has been no intimation from the 
Department of Justice that publishing statistics concerning 
NSLs has damaged national security.
    We approached the DOJ about expanding our reporting to 
include aggregated statistics about FISA requests that we may 
receive. We were disappointed that the Justice Department 
refused. In June, we filed a motion for declaratory judgment 
before the Foreign Intelligence Surveillance Court asserting a 
First Amendment right to publish this type of information. The 
DOJ repeated that it would allow companies to add the number of 
domestic law enforcement and national security requests 
together and report the sum as falling within some broad range. 
But this would be a significant step backward for Google's 
users and the broader public. Rather than promote transparency, 
this proposal would actually obscure important information 
about the volume and type of all government demands that Google 
may receive, not just national security demands.
    As I mentioned, Google already discloses aggregate 
statistics about domestic law enforcement demands and has done 
so since 2010. Publishing future reports, where we could only 
release this type of information in ranges rather than actual 
numbers and type, would provide less transparency than we have 
now.
    In addition, there would be no discernible benefit for 
transparency around national security demands that we may 
receive. Indeed, Google would continue to be prohibited from 
even acknowledging their receipt, which would only invite 
continued speculation about the import of the range that we are 
able to report. We would also lose the benefit of providing 
information specifically about national security letters that 
we currently enjoy. In short, the DOJ proposal would not 
provide the type of transparency that is reflected in the 
Transparency Surveillance Act of 2013.
    Transparency is critical in informing the public debate on 
these issues, but it is only one step among many that are 
needed. Two weeks ago, Google, along with AOL, Apple, Facebook, 
LinkedIn, Microsoft, and Yahoo!, voiced support for broader 
FISA reform that would include substantial enhancements to 
privacy protections and appropriate oversight and 
accountability mechanisms. We strongly believe that governments 
throughout the world must revisit laws and practices governing 
state surveillance of individuals and access to private 
communications. This activity must be rule-bound, narrowly 
tailored, transparent, and subject to oversight.
    We look forward to working with the Congress on the 
Surveillance Transparency Act of 2013 and other reform 
measures. Thank you for your time and consideration.
    [The prepared statement of Mr. Salgado appears as a 
submission for the record.]
    Chairman Franken. Thank you, gentlemen, for your testimony.
    Mr. Bankston and Mr. Salgado, you heard witnesses from ODNI 
and DOJ say that it would be very difficult for the Government 
to provide an estimate of the number of U.S. persons caught up 
in surveillance. Do you agree with them?
    Mr. Bankston. I prefer to talk about what the NSA should be 
able to do rather than getting into a debate over what they 
technically could do, although I have some opinions about that 
as well.
    The authorities we are discussing today are foreign 
intelligence authorities. They are predominantly intended to 
and are sometimes limited to acquiring the communications of 
foreign persons or persons outside of the United States and 
have special protections for U.S. persons. Therefore, knowing 
how many U.S. persons have been surveilled, have been swept up 
intentionally or unintentionally under these powers is critical 
to understanding whether they are being used correctly, 
proportionately, and in line with constitutional and statutory 
limits. And the fact that the NSA is claiming that it does not 
have the ability to provide even a rough estimate as to how 
many U.S. persons have been swept up in their surveillance is, 
quite frankly, shocking and I think points to perhaps a need to 
recalibrate what we are authorizing them to do if they cannot 
even judge how their activities are impacting the American 
people.
    More importantly, I am also disappointed to hear the 
implication that the NSA has more important things to do than 
to ensure that it is not inappropriately impacting the privacy 
of U.S. persons. That should be a core priority of the NSA, one 
that it can and should dedicate a reasonable amount of 
resources to. We think that with a reasonable amount of 
resources it can, as demonstrated in the FISA Court case of 
2011, take measures to make reasonable estimates about how 
their authorities are impacting the American----
    Chairman Franken. Indeed, in the Bates FISA Court decision 
in 2011, NSA had been violating its authority, right? And they 
were able to discover that partly by doing the kind of 
estimation that they did.
    Mr. Bankston. Indeed. And if such estimates had been 
required----
    Chairman Franken. Which was important to do.
    Mr. Bankston. If those had been required earlier, we would 
have found out 3 years earlier that Americans were 
unconstitutionally being surveilled and presumably would have 
put a stop to it.
    Chairman Franken. Mr. Salgado?
    Mr. Salgado. I think it certainly makes sense to explore 
all the various ways that we can increase transparency around 
these programs whose data is being collected and what data. We 
want to be able to do that, of course, in a way that is a 
practical, reliable way. So I think it makes good sense to 
explore the different ways that that kind of an obligation 
could be satisfied by the Government and to take into account 
the costs that may be necessary to incur. But certainly the 
value of that sort of detail is significant.
    Chairman Franken. Thank you.
    Mr. Bankston, you organized an impressive coalition of 
dozens of technology companies and civil society groups all 
calling for greater transparency and endorsing my bill 
specifically. It is a broad coalition of the Nation's leading 
technology and Internet companies, including Google and Apple 
and Microsoft and Facebook, as well as many of the leading 
civil liberties groups.
    But, Mr. Salgado, could you just speak to why Google and 
Apple and Microsoft and Facebook--companies that normally 
compete with each other--are working together on this and what 
this means in terms of your business?
    Mr. Salgado. Yes, thank you, Chairman. The disclosures that 
we have seen coming out in June, and since then, have the great 
potential for doing serious damage to the competitiveness of 
these American companies. There is a potential for great damage 
to the Internet as a whole, but certainly what I think these 
companies and Google recognize is that the trust, which is 
threatened, is essential to these businesses. It is very 
important that the users of our services understand that we are 
stewards of their data, we hold it responsibly, we treat it 
with respect, and that there is not any sort of confusion 
around the rules where we may be compelled to disclose the data 
to the Government; and when there are rules around that, that 
it is clear what they are and the interaction between the 
Government and Google and the other companies as well.
    This is essential to make sure that the users have 
confidence in their ability to place and trust their data with 
us. The impact of the disclosures in June are manifest. We can 
see as an academic matter--rather, as an anecdotal matter that 
customers who may be considering using the rich services 
available in the cloud are nervous to do so now as a result of 
those disclosures. This means that companies, some abroad and 
some in the United States, may not be taking advantages of the 
efficiencies and security benefits and all the other advantages 
of the cloud as a result of this. It is a terrible result and 
one that we need to address. Transparency, among other steps, 
would help restore the confidence in the cloud and American 
companies.
    Chairman Franken. Thank you.
    The Ranking Member.
    Senator Flake. Thank you. I appreciate the testimony.
    Mr. Salgado, you heard the testimony previously and my 
question as to whether or not some of the companies would be 
concerned, would share the concern that there would be 
increased privacy concerns were this additional information to 
be gathered. Tell me why that does not make sense or tell me 
why you disagree.
    Mr. Salgado. Senator, I assume you are referring to the 
U.S. persons step within the government disclosure portion.
    Senator Flake. Yes.
    Mr. Salgado. I think I share Mr. Litt's view that it is 
unlikely that this would result in any more disclosures by 
companies to be able to make the evaluation that would be 
required of the----
    Senator Flake. So they have the data, they could simply 
drill down on their own data without asking you for additional 
information?
    Mr. Salgado. That is what I would anticipate, sir.
    Senator Flake. But revealing more information about 
drilling down on U.S. persons does not concern you as a company 
to have that additional information out there as required in 
this legislation.
    Mr. Salgado. I think that as we look at the methods by 
which the intelligence community may address the U.S. persons 
estimation, it makes sense to look at that. How do you minimize 
those additional steps? And do they, in fact, require 
intrusions where there were not any before absent that 
obligation?
    Senator Flake. Mr. Bankston, did you have any thoughts on 
that, the general privacy concerns that they raised, additional 
concerns about privacy that would be raised by drilling down on 
this information?
    Mr. Bankston. I think it is important to note that, to some 
extent, privacy is invaded and has been invaded when the 
Government collects the data itself. And to say that we cannot 
make a meaningful estimate of how many people's data we have 
collected and how many U.S. persons' data we have collected, 
because to look at some small selection of it, to make that 
estimate would harm privacy, it just does not make sense to me. 
Privacy to some great extent has already been violated. We are 
just trying now to get a gauge of how many people's privacy has 
been violated.
    Senator Flake. Mr. Salgado, you mentioned the prospect of 
different countries walling off their data or making an attempt 
to. How real of a concern and how timely of a concern is that? 
Have we seen such moves being taken by certain countries? Can 
you explain a little about that?
    Mr. Salgado. Yes, Senator, we have, so it is a very real 
threat. We have seen proposed legislation in jurisdictions to 
do just this.
    We see it in several flavors. There is the possibility of 
requiring data location; so requiring companies to exclusively 
store data within a jurisdiction. You see affirmative laws that 
are often referred to as blocking statutes which would say 
companies that operate in this jurisdiction are not allowed to 
cooperate with U.S. authorities around data disclosure. So you 
see different flavors of these things. They all tend to start 
to create a network structure, an Internet structure that is 
based on political boundaries, and the idea of a global 
Internet quickly breaks down.
    Senator Flake. Well, thank you. That is a concern that I 
think a lot of us have. This free flow across borders that has 
been so healthy and been necessary for the growth of this kind 
of communication would be disrupted.
    Mr. Rosenzweig, let me just get a general answer from you 
on this. Is the value of legislation like this--I can see the 
value in a lot of companies to be able to explain more to their 
users and give greater comfort there. Is there as much value in 
this being an additional check on Government not to go too far 
because they have to reveal this information? What is the 
greater value in legislation like this? Or is it shared that 
way?
    Mr. Rosenzweig. I think the first principle of value of the 
legislation is the one that Senator Franken expressed, which 
would be to statutorily mandate that which is now merely 
voluntary and an act of grace by the executive branch. So I 
think that that is--regularizing that, institutionalizing that 
is a positive value.
    I think that in general, legislation that requires the 
Government to explain itself is a positive value as well, 
everything from FOIA to Inspectors General statutes.
    My concern in particular would be to ensure that the 
disclosure requirements do not wind up disrupting the existence 
of heretofore undisclosed programs that are of value to us, and 
that I think I cannot answer in a generalized manner. I think 
it is a very case-by-case specific matter. I think that it is 
probably not a decision best left to the executive branch 
alone. I think it is a decision left to the executive branch in 
a classified discussion with this body and with the House of 
Representatives. It by its nature cannot be a discussion that, 
at least at the first instance, involves the American people, 
because that by its nature terminates the discussion itself.
    Senator Flake. Thank you. This has been very helpful.
    Chairman Franken. Thank you, Senator Flake.
    Chairman Leahy has graced us and has arrived. I would like 
to add this statement from the Chairman to the record.
    [The prepared statement of Chairman Leahy appears as a 
submission for the record.]
    Chairman Franken. I would like to ask him to ask his 
questions.
    Chairman Leahy. Thank you, and I also thank the courtesy of 
my friend from Connecticut, Senator Blumenthal.
    I think more and more people agree or should agree that we 
need additional transparency about our government surveillance 
activities. Without greater transparency, we are not going to 
restore public confidence. And I think Senator Franken's work 
to build a consensus around transparency legislation deserves 
praise, and I am glad that Google and other tech companies are 
lending their support to that bill.
    I think that the tech industry realizes we need more than 
just transparency. We need some substantive reform. Seven of 
the major tech companies, and I am going to read them to make 
sure I got them all right--Google, Microsoft, Yahoo!, Apple, 
Facebook, AOL, and LinkedIn--signed a letter to me supporting 
greater transparency. They want substantial enhancement to 
privacy protection, appropriate oversight, and accountability 
matters, and I know Mr. Salgado knows that letter. I recently 
introduced a comprehensive surveillance reform bill--it is 
bipartisan--the USA Freedom Act, and I appreciate these 
companies supporting stronger FISA reform.
    Mr. Salgado, let me ask you, just enhancing transparency, 
is that going to be enough to bring back global confidence in 
American technology companies? Do we need to do more? And if we 
do not do more, is this going to affect U.S. businesses?
    Mr. Salgado. Thank you, Mr. Chairman. I think it is an 
important step to have increased transparency, but I do agree 
that more is needed than that. And as you noted, we have 
expressed our support for the legislation that you have 
offered. I think we need some reform that allows users and 
others to know that the intelligence community and its 
collection of data is done under law, that it is rule-bound, 
that it is narrowly tailored, that there is oversight, there is 
accountability for it; and, of course, as we have been 
discussing today, that there is some transparency around it 
that can help bring some of the trust that all this is 
happening.
    Chairman Leahy. And aside from affecting the reputation of 
the United States, if we do not enact meaningful reforms, it is 
going to affect businesses, too, is it not?
    Mr. Salgado. Absolutely, Mr. Chairman. And, in fact, we 
have already seen impacts on the businesses. I think Chairman 
Franken cited a couple studies in the opening statement that 
reflected some serious financial consequences. I think there 
are real concerns around the entire structure of the Internet 
over these revelations if this is not addressed correctly.
    Chairman Leahy. Well, let me go a little bit on that. One 
of my biggest concerns about Section 215 phone records is that 
the legal rationale underpinning it has no limiting principle. 
If all of our phone records are relevant to intelligence 
investigations, then why wouldn't everything be considered 
relevant? And if that is the case, are companies like yours 
concerned that consumers will not trust that their data is safe 
from unwarranted government intrusion? Does Google think about 
what that might do as far as cloud technology is concerned?
    Mr. Salgado. That is right, Mr. Chairman. The confusion 
that came out as a result of the June revelations and since 
then and additional stories I think have led to a real concern, 
both inside the United States and outside of the United States, 
about what it is that is happening and what are the rules that 
govern it, what is the role of the FISA Court, what are the 
decisions that are coming out of that Court. All of those have 
played a role in the confusion and the need for some clarity.
    Chairman Leahy. Well, especially when NSA handles things so 
carelessly that they let a 29-year-old contractor walk off with 
all their secrets, and so far as I know, nobody has even been 
reprimanded for that.
    Mr. Bankston, what do you think?
    Mr. Bankston. Speaking generally, we think that 
transparency is critical to restoring trust in the U.S. 
Internet economy and in the U.S. Government itself, but that it 
alone is not sufficient and that indeed substantive reform is 
necessary. CDT supports the bill that you have introduced, the 
USA Freedom Act, and we thank you for it. We look forward to 
working with you and the Committee as it moves forward.
    Chairman Leahy. I am worried about overclassification. I 
find oftentimes--and every administration has been guilty of 
this--it is easier to classify a mistake rather than trying to 
explain it.
    Let me ask, Mr. Salgado, are you permitted to tell us 
whether Google has received any FISA Court orders?
    Mr. Salgado. I am sorry, Mr. Chairman. I would have to 
decline that answer until the bill that we are discussing today 
has passed.
    Chairman Leahy. Is our country safer because you cannot 
answer the question?
    Mr. Salgado. I cannot imagine the country is safer as a 
result of that.
    Chairman Leahy. Thank you. That answers my question.
    Mr. Bankston, concerns have been raised that company-by-
company reporting of FISA might tip off those we are trying to 
track, but there is a lot of reporting available on criminal 
surveillance. Are national security related investigations 
sufficiently different from criminal investigations so that we 
have to have this kind of secrecy?
    Mr. Bankston. I do not believe so, Chairman, no. In the 
criminal context, we are often investigating sophisticated 
organized criminals and, in fact, sometimes investigating 
terrorists. And yet we have been able to publish and the U.S. 
Government has been able to publish very detailed statistics 
about how the Government is using its authorities, both the 
Government as a whole and company by company, without any 
suggestion that that has harmed national security.
    And I just want to take the moment to address this issue of 
lumping all of those authorities together. I think that 
combining numbers for targeted FISA intercepts with FISA pen 
registers, with FISA orders for records, with FISA warrants for 
stored communications, with all the range of national security 
letters, and then combining that with all federal, State, and 
local law enforcement warrants, wiretaps, pen registers, 
subpoenas and other court orders leads to such a useless number 
as to be actually detrimental. It is like asking a doctor to 
attempt to diagnose a patient by looking at his shadow. Only 
the grossest, most obvious abuse, if even that, would be 
evident.
    Chairman Leahy. And I apologize to Professor Rosenzweig. I 
have not had time. I will submit a question for the record, Mr. 
Bankston, on your argument that companies' First Amendment 
rights have been violated, the question of prior restraint, the 
Second Circuit case. Please take a look at the question. I 
really would like your answer for the record. It is important 
to me.
    Mr. Bankston. Thank you, Senator.
    [The question from Chairman Leahy appears as a submission 
for the record.]
    Chairman Leahy. Thank you.
    Chairman Franken. Thank you, Mr. Chairman.
    Senator Blumenthal.
    Senator Blumenthal. Thank you. Thank you, Mr. Chairman and 
Mr. Chairman. Thank you to both Chairmen. And thank you all for 
being here today.
    I was interested in a number of your points, particularly 
Mr. Salgado, that additional measures are necessary, especially 
in response to Chairman Leahy's questions, to not only provide 
additional transparency but also assure that individual rights 
are protected. As you know, I have proposed that there be a 
constitutional advocate to, in effect, provide some adversarial 
process within the FISA Court. You know as lawyers courts make 
better decisions when more than one side is presented. Very few 
judges would permit a proceeding before them in which only one 
side is presented because they know that the core principle of 
our judicial system is that it is adversarial and that the 
truth emerges as differing points of view, factual 
perspectives, and evidence are presented. And so that is one 
area where I think that the system can be made more 
accountable, if not more transparent, and as well, disclosure 
of some of the rulings and opinions of the Court. Right now it 
is a secret court that operates in secret making secret 
decisions and secret law--one of the few, if only, courts in 
the United States where there is any secret proceedings of this 
kind making secret law.
    So let me elicit your comments on those kinds of additional 
protections to our constitutional rights from the perspective 
that you all have raised about our need for credibility and 
trust internationally in this system. After all, the means of 
communication, the Internet, depend on international trust and 
credibility. Otherwise, it falls apart. So let me ask that 
somewhat open-ended question.
    Mr. Salgado. Well, thank you, Senator. I am happy to take 
the first swipe at that. There are a number of proposals right 
now that are being considered, and that is a very good thing. 
And the general principles that there needs to be 
accountability and transparency with some oversight and the 
rules are clear are addressed by the various bills.
    Certainly as an example, making sure that a court that is 
reviewing applications for surveillance has an opportunity to 
hear different ideas, different sides, that makes perfect 
sense. And it is certainly at the heart of most of the judicial 
proceedings we have in the United States. So that is something 
that I think makes a good deal of sense as far as a structural 
change to the current arrangement under FISA and the obtaining 
of FISA authorities.
    The same, of course, is true with understanding the 
interpretations of the law that the Court applies to the 
different applications that come in. I think those are two good 
examples of the sorts of ideas that can help restore confidence 
that the system works.
    Mr. Rosenzweig. I am actually a fan of the idea of an 
advocate, but for slightly different reasons, I think, than Mr. 
Salgado just said. The reason that we do not have an advocate 
in the search warrant application situation, for example, which 
is an ex parte application, or in a grand jury situation is 
because those decisions are ultimately subject to ex ante 
review in a criminal proceeding where there is a defense 
attorney who presents an adversarial view on whether or not the 
issuance of the warrant was with probable cause or the grand 
jury subpoena was overbroad or things like that. We lack that 
systematic check in the intelligence context because, of 
course, the intelligence surveillance rarely, if ever, results 
in a criminal prosecution in which that kind of adversarial 
process comes forward.
    So to my mind, I would want to distinguish in allowing an 
advocate between those situations in which the FISA Court were 
making some broad new systematic determination and 
interpretation of law like the interpretation that gave us the 
relevance decision in the Section 215 law, I would like to 
distinguish that from what I would characterize--and I admit 
the line is hard to draw--``routinized applications of a 
settled law,'' where the value of an adversarial advocate would 
be much diminished, and the procedural difficulties that would 
arise from it, the costs involved, the time delay, might very 
well be adverse to national security. So cabined in that way, I 
think that would be a perfectly fine idea.
    And as for the public disclosure, I would offer the exact 
same answer I gave Senator Flake in the other context, which is 
provided that we make sure that it does not wind up with the 
adverse effect of disclosing heretofore undisclosed programs 
that are properly classified, that would be as well as 
advancement in our understanding. Again, I admit that is a hard 
line to draw, and probably in both instances the best answer 
would be to let the FISA Court make that decision itself, to 
authorize the appointment of the advocate in the situations 
where it wants to, and to authorize them affirmatively or 
direct them affirmatively to make public disclosures when they 
think the disclosure of an opinion would not adversely affect 
national security interests.
    Mr. Bankston. Thank you. The FISA Court's job used to be 
pretty straightforward. It was a pretty straightforward statute 
based on some pretty straightforward Fourth Amendment 
jurisprudence addressing some pretty straightforward 
technologies.
    Now we have the FISA Court addressing an incredibly complex 
and broad statute in the form of the FISA Amendments Act; we 
have a rapidly complexifying technological landscape; and we 
have the FISA Court, rather than simply making magisterial 
decisions, creating a body of common law on some of the hardest 
and most important Fourth Amendment questions of our time, 
sometimes in the face of what the Court has described as 
misleading conduct by the lawyers in front of it.
    In that context, I do believe that it is critically 
important not only to have great transparency regarding the 
decisions made by the Court, but also to have an advocate in 
front of the Court who is there to protect the people. And as 
such, CDT does support your legislation, Senator Blumenthal, 
and is working with your staff and with Chairman Leahy's staff 
on the issues that that might bring to bear.
    Senator Blumenthal. Thank you all.
    Thank you, Mr. Chairman.
    Chairman Franken. Thank you, Senator Blumenthal. Not to 
speak for you, but I think that the way that Mr. Rosenzweig 
described the role of a constitutional advocate is very in line 
with what you envision.
    Senator Blumenthal. Very much so. Thank you.
    Chairman Franken. Well, thank you. I want to thank all 
three of you for your testimony, and in closing I want to also 
thank the Ranking Member, Senator Flake, along with Senator 
Heller and Chairman Leahy who lent this legislation critical 
support. And, of course, I want to thank all the witnesses, 
each and every one of them who appeared today. We have heard a 
lot of valuable testimony. There was a lot that I agreed with. 
There are some things that I did not agree with, but I want to 
leave everyone with this thought:
    There is no question that the American people need more 
information about these programs. Just no question about that. 
For democracy to work, its citizens need to have at least a 
basic amount of information about the surveillance their own 
Government conducts over their affairs. I think that my bill 
will give the American people that transparency, and I am 
looking forward to continuing to work with the administration 
and my colleagues to make sure that we are getting it right.
    We will hold the record open for 1 week for submission of 
questions for the witnesses and other materials. This hearing 
is adjourned.
    [Whereupon, at 11:43 a.m., the Subcommittee was adjourned.]
    [Questions and answers and submissions for the record 
follow.]
                            A P P E N D I X

              Additional Material Submitted for the Record

[GRAPHIC] [TIFF OMITTED] 1

                 Prepared Statement of Hon. Al Franken

[GRAPHIC] [TIFF OMITTED] 

[GRAPHIC] [TIFF OMITTED] 

              Prepared Statement of Hon. Patrick J. Leahy

[GRAPHIC] [TIFF OMITTED] 

   Prepared Statement of Hon. Robert S. Litt and J. Bradford Wiegmann

[GRAPHIC] [TIFF OMITTED] 


                Prepared Statement of Kevin S. Bankston

[GRAPHIC] [TIFF OMITTED] 
                 Prepared Statement of Paul Rosenzweig

[GRAPHIC] [TIFF OMITTED] 

                 Prepared Statement of Richard Salgado

[GRAPHIC] [TIFF OMITTED] 

        Questions submitted by Senator Leahy for Kevin Bankston

[GRAPHIC] [TIFF OMITTED] 

        Questions submitted by Senator Flake for Paul Rosenzweig

[GRAPHIC] [TIFF OMITTED] 

  Responses of Kevin Bankston to questions submitted by Senator Leahy

[GRAPHIC] [TIFF OMITTED] 

[GRAPHIC] [TIFF OMITTED] 

[GRAPHIC] [TIFF OMITTED] 

[GRAPHIC] [TIFF OMITTED] 

  Responses of Paul Rosenzweig to questions submitted by Senator Flake

[GRAPHIC] [TIFF OMITTED] 

                Miscellaneous Submissions for the Record

[GRAPHIC] [TIFF OMITTED] 

                                   


