[House Hearing, 115 Congress]
[From the U.S. Government Publishing Office]





        SECTION 702 OF THE FOREIGN INTELLIGENCE SURVEILLANCE ACT

=======================================================================

                                HEARING

                               BEFORE THE

                       COMMITTEE ON THE JUDICIARY
                        HOUSE OF REPRESENTATIVES

                     ONE HUNDRED FIFTEENTH CONGRESS

                             FIRST SESSION

                               __________

                             MARCH 1, 2017

                               __________

                            Serial No. 115-2

                               __________

         Printed for the use of the Committee on the Judiciary



[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]








      Available via the World Wide Web: http://judiciary.house.gov
                                   ________
                                   
 
                         U.S. GOVERNMENT PUBLISHING OFFICE 

24-726 PDF                     WASHINGTON : 2017 
-----------------------------------------------------------------------
  For sale by the Superintendent of Documents, U.S. Government Publishing 
  Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; 
         DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, 
                          Washington, DC 20402-0001                                  














                       COMMITTEE ON THE JUDICIARY

                   BOB GOODLATTE, Virginia, Chairman
F. JAMES SENSENBRENNER, Jr.,         JOHN CONYERS, Jr., Michigan, 
    Wisconsin                            Ranking Member
LAMAR S. SMITH, Texas                JERROLD NADLER, New York
STEVE CHABOT, Ohio                   ZOE LOFGREN, California
DARRELL E. ISSA, California          SHEILA JACKSON LEE, Texas
STEVE KING, Iowa                     STEVE COHEN, Tennessee
TRENT FRANKS, Arizona                HENRY C. ``HANK'' JOHNSON, Jr.,
LOUIE GOHMERT, Texas                   Georgia
JIM JORDAN, Ohio                     TED DEUTCH, Florida
TED POE, Texas                       LUIS V. GUTIERREZ, Illinois
JASON CHAFFETZ, Utah                 KAREN BASS, California
TOM MARINO, Pennsylvania             CEDRIC RICHMOND, Louisiana
TREY GOWDY, South Carolina           HAKEEM JEFFRIES, New York
RAUL LABRADOR, Idaho                 DAVID N. CICILLINE, Rhode Island
BLAKE FARENTHOLD, Texas              ERIC SWALWELL, California
DOUG COLLINS, Georgia                TED LIEU, California
RON DeSANTIS, Florida                JAMIE RASKIN, Maryland
KEN BUCK, Colorado                   PRAMILA JAYAPAL, Washington
JOHN RATCLIFFE, Texas                BRADLEY SCHNEIDER, Illinois
MARTHA ROBY, Alabama
MATT GAETZ, Florida
MIKE JOHNSON, Louisiana
ANDY BIGGS, Arizona

           Shelley Husband, Chief of Staff & General Counsel
        Perry Apelbaum, Minority Staff Director & Chief Counsel
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
                            C O N T E N T S

                              ----------                              

                             MARCH 1, 2017

                                                                   Page

                           OPENING STATEMENTS

The Honorable Bob Goodlatte, a Representative in Congress from 
  the State of Virginia, and Chairman, Committee on the Judiciary     1
The Honorable John Conyers, Jr., a Representative in Congress 
  from the State of Michigan, and Ranking Member, Committee on 
  the Judiciary..................................................     3

                               WITNESSES

Jeff Kosseff, Assistant Professor, Cyber Science Department, 
  United States Naval Academy
  Oral Testimony.................................................     6
  Prepared Statement.............................................     8
April F. Doss, Partner, Saul Ewing LLP
  Oral Testimony.................................................    20
  Prepared Statement.............................................    22
Elizabeth Goitein, Co-Director, Liberty & National Security 
  Program, Brennan Center for Justice, NYU School of Law
  Oral Testimony.................................................    34
  Prepared Statement.............................................    36
Adam Klein, Senior Fellow, Center for a New American Strategy
  Oral Testimony.................................................    59
  Prepared Statement........................................61
                       deg.OFFICIAL HEARING RECORD
          Unprinted Material Submitted for the Hearing Record

Material submitted by the Honorable John Conyers, Jr., a Representative 
    in Congress from the State of Michigan, and Ranking Member, 
    Committee on the Judiciary. This material is available at the 
    Committee and can also be accessed at:

    http://docs.house.gov/Committee/Calendar/
ByEvent.aspx?EventID=105619

Material submitted by the Honorable Bob Goodlatte, a Representative in 
    Congress from the State of Virginia, and Chairman, Committee on the 
    Judiciary. This letter is available at the Committee and can also 
    be accessed at:

    http://docs.house.gov/Committee/Calendar/
ByEvent.aspx?EventID=105619

 
        SECTION 702 OF THE FOREIGN INTELLIGENCE SURVEILLANCE ACT

                              ----------                              


                        WEDNESDAY, MARCH 1, 2017

                        House of Representatives

                       Committee on the Judiciary

                            Washington, DC.

    The Committee met, pursuant to call, at 1:36 p.m., in room 
2141, Rayburn House Office Building, the Honorable Bob 
Goodlatte (Chairman of the Committee) presiding.
    Present: Representatives Goodlatte, Jordan, Poe, Marino, 
Labrador, Conyers, and Lieu.
    Staff Present: (Majority) Shelley Husband, Chief of Staff & 
General Counsel; Branden Ritchie, Deputy Chief of Staff & Chief 
Counsel; Zach Somers, Parliamentarian and General Counsel; Ryan 
Breitenbach, Counsel, Subcommittee on Crime, Terrorism, 
Homeland Security, and Investigations; (Minority) Joe 
Graupensperger, Chief Counsel, Subcommittee on Crime, 
Terrorism, Homeland Security, and Investigations; and Veronica 
Eligan, Professional Staff Member.
    Mr. Goodlatte. The Committee will reconvene. Today's 
unclassified hearing follows a classified panel in which 
Members of the Judiciary Committee heard testimony from the 
Federal Bureau of Investigation, National Security Agency, 
Department of Justice, and the Office of the Director of 
National Intelligence regarding the operations and 
constitutionality of Section 702 of the Foreign Intelligence 
Surveillance Act, or FISA.
    In February 2016, the Judiciary Committee held a classified 
hearing that began our consideration of the reauthorization of 
the FISA Amendments Act, which was first signed into law in 
2008 and reauthorized in 2012.
    Our hearing last year served as a good background and 
foundational update on the status of national security 
operations under the law. Much has happened since the law was 
last reauthorized, however, including the unauthorized 
disclosures of classified information by Edward Snowden in 2013 
that spawned significant public debate on U.S. Government 
surveillance.
    We also have many new Members who have not yet had an 
opportunity to directly question experts regarding the 
statute's successes or areas where reform may be needed.
    Finally, we have very recent jurisprudence upholding the 
statute's constitutionality. Like congressional oversight, 
judicial oversight of this program is an integral safeguard, so 
exploring various courts' legal analysis concerning 702 will be 
beneficial for our own oversight as well.
    Congress enacted FISA in 1978 to establish statutory 
guidelines authorizing the use of electronic surveillance in 
the United States for foreign intelligence purposes. Following 
enactment, global communications infrastructure shifted from 
satellite to fiberoptic wire, altering the manner in which 
domestic and foreign communications are transmitted.
    This technological shift had the adverse and unintended 
effect of requiring the government to obtain an individualized 
FISA court order to monitor foreign communications by non-U.S. 
persons. The government had to obtain probable cause to 
investigate a foreign national located overseas, an untenable 
proposition that served to extend rights under the U.S. 
Constitution extraterritorially and limit lawful U.S. 
intelligence activities.
    In 2008, the FISA Amendments Act corrected this anomaly by 
establishing procedures for the collection of foreign 
intelligence on targets located outside U.S. borders. At its 
core, Section 702 of the act permits the attorney general and 
the director of national intelligence to jointly authorize the 
targeting of non-U.S. persons reasonably believed to be located 
outside the United States.
    As an important safeguard, the act prohibits the use of 
Section 702 to intentionally target a person inside the United 
States and forbids so-called reverse targeting using Section 
702 to target a person outside this country if the true purpose 
of the acquisition is to target someone inside the United 
States.
    Furthermore, the government may not acquire a communication 
to which all parties are known to be inside the U.S., and all 
Section 702 acquisitions must be conducted in a manner 
consistent with the Fourth Amendment to the Constitution of the 
United States.
    Section 702 also prohibits the intentional targeting of a 
U.S. person outside the United States. Instead, Sections 703 
and 704 of the act preserve Fourth Amendment protections for 
U.S. citizens by requiring the government to obtain an 
individualized order from the FISA court, known as the FISC, to 
acquire U.S. persons' communications while they are outside the 
United States.
    America's intelligence community has deemed Section 702 its 
most important tool in battling terrorism. However, it has also 
been criticized by some as an overly broad program that 
collects communications of U.S. citizens without sufficient 
legal process. Today's classified and public panels afford 
Members an opportunity to examine Section 702 collection in 
greater detail and probe the aspects of this important 
collection with which they may be concerned.
    The Judiciary Committee has primary jurisdiction over FISA. 
During Committee consideration of the USA FREEDOM Act, I made a 
commitment to Members that the Committee would separately 
undertake fulsome oversight of the FISA Amendments Act, which 
is slated to expire on December 31 of this year. This hearing 
is the first step of this Congress toward a detailed, thorough, 
and careful examination.
    I thank all of our witnesses for testifying today. These 
individuals represent multiple viewpoints to ensure that this 
is a well-rounded debate that gives voice to diverse 
stakeholders. We must ensure that our protection doesn't come 
at the expense of cherished liberty.
    Every single one of us who has promised to uphold the 
Constitution has a duty to ensure that surveillance authorities 
are crafted and employed in a manner consistent with our oath 
and the expectation of all Americans. Strong and effective 
national security tools, like Section 702, and civil liberties 
can and must coexist.
    With that, I am pleased to welcome and recognize the 
Ranking Member of the Committee, the gentleman from Michigan, 
Mr. Conyers, for his opening statement.
    Mr. Conyers. Thank you, Chairman Goodlatte.
    And I thank the second panel of witnesses for being here 
and joining us today.
    As has been noted, last Congress we enjoyed a relative 
amount of success working together in a bipartisan fashion to 
pass the USA FREEDOM Act. We demonstrated that privacy and 
security are not necessarily mutually exclusive values.
    Our bill did not contain every reform I had hoped to see, 
but it shows that our Committee is capable of crafting 
authorities that serve the government's needs and respects our 
commitment to civil liberties. There are a few important 
lessons from that project worth repeating as we undertake this 
next round of surveillance reform.
    We're all in this together. The Members of the Committee 
include some of the most progressive Democrats and conservative 
Republicans in the Congress, but no matter. We have shown that 
both in this Committee and on the House floor we can build 
consensus around our common values. Among those values are a 
dedication to privacy, to transparency in government, and to 
the protection from unreasonable search guaranteed to the 
people by the Fourth Amendment.
    I've enjoyed working with our coalition in the past, and I 
look forward to doing so here as we seek the basic reform that 
I think is needed for Section 702.
    We cannot do this work well without the assistance of the 
intelligence community. On April 22, 2016, several Members of 
this Committee wrote to Director Clapper to request that he 
prepare a public estimate of the impact of Section 702 on 
United States citizens. We were not the first to make this 
request. As early as 2011, Senator Wyden and Senator Udall had 
asked for similar information.
    By the time we wrote our letter, more than 30 civil 
liberties organizations had petitioned the director for the 
same. I was encouraged by the government's initial response. 
ODNI and NSA took the extraordinary step of holding an 
unclassified briefing for our personal staffs. Over the next 
few months, they held additional discussion with Committee 
counsel. On December 16, our group of Members again wrote to 
Director Clapper to memorialize our understanding of the 
project.
    The government has pledged to provide us with an estimate 
of the impact of 702 on United States citizens. Both the 
estimate and the methodology used to reach it will be made 
public. The government also promised to provide this 
information in time to inform the debate on reauthorization 
when it begins.
    And without objection, I ask that both letters of mine be 
placed in the record.*
---------------------------------------------------------------------------
    *Note: The submitted material is not printed in this hearing record 
but is on file with the Committee, and can also be accessed at:

    http://docs.house.gov/Committee/Calendar/
ByEvent.aspx?EventID=105619
    Mr. Goodlatte. Without objection, they will be made a part 
of the record.
    Mr. Conyers. Thank you.
    Unfortunately, here we are at the beginning of our debate 
and the intelligence community has not so much as responded to 
our December letter, let alone completed the project. I had 
hoped for better.
    The Members of this Committee and the public at large 
require that estimate if we're to engage in a meaningful 
debate. We'll not simply take the government's word on the size 
of the so-called incidental collection.
    And this problem illustrates my final observation: We 
should all do a better job of distinguishing between technical 
legal arguments and the values at play in this discussion. 
They're both different, and they're both important.
    Here are the facts. The law prohibits the government from 
using Section 702 to target any United States citizen. 
Nevertheless, the government can and does collect massive 
amounts of information about our citizens under this authority. 
The Members here are well aware that this practice has been 
read into the statute by the government and ratified many times 
over by the Foreign Intelligence Surveillance Court.
    We know it is not unlawful in that respect. We also 
understand that the men and women of the intelligence community 
have a duty to keep us safe within the four corners of the law 
and that they take this obligation seriously.
    Our criticism comes from someplace else. The idea of using 
this authority to collect large amounts of information about 
United States citizens without a warrant or individualized 
suspicion and then applying that information to purposes having 
nothing to do with counterintelligence or counterterrorism is, 
in a word, wrong. It does not comport with our values or those 
that underscore the Fourth Amendment to the Constitution.
    And at the end of the day, as the sunset of this authority 
draws near, the manner in which one collects, retains, and 
disseminates this information is only lawful if Congress says 
it is. And so I am eager to hear those witnesses that are 
present with us today and engage in this inquiry.
    I thank the Chairman and yield back any time remaining.
    Mr. Goodlatte. The Chair thanks the gentleman.
    We would welcome our distinguished witnesses today. And if 
you would all please rise, I'll begin by swearing you in.
    Do you and each of you solemnly swear that the testimony 
you are about to give shall be the truth, the whole truth, and 
nothing but the truth, so help you God?
    Thank you.
    Let the record reflect that all the witnesses have 
responded in the affirmative.
    Mr. Jeff Kosseff is the assistant professor of the United 
States Naval Academy's Cyber Science Department. Previously, 
Professor Kosseff practiced cybersecurity and privacy law at 
Covington & Burling and clerked for Judge Milan D. Smith, Jr., 
of the United States Court of Appeals for the Ninth Circuit, 
and for Leonie M. Brinkema of the United States District Court 
for the Eastern District of Virginia.
    Before becoming a lawyer, he was a journalist for the 
Oregonian and was a finalist for the Pulitzer Prize for 
national reporting and recipient of the George Polk Award. He 
is a graduate of Georgetown University Law Center and the 
University of Michigan.
    April Doss is currently a partner at the law firm Saul 
Ewing, where she chairs the firm's Cybersecurity and Privacy 
Practice Group. From 2003 to 2016, Ms. Doss worked at the 
National Security Agency where she served in a variety of 
roles. She worked on information-sharing policy, managed 
counterterrorism programs, led innovative compliance processes 
in new technology development, served as an intelligence 
oversight program manager, lived overseas as a foreign liaison 
officer, and provided legal advice on NSA's intelligence 
activities.
    From 2014 to 2016, she was the associate general counsel 
for intelligence law responsible for providing legal advice on 
NSA's global intelligence operations, technology capabilities, 
privacy and civil liberties, and oversight and compliance 
programs. Ms. Doss is a graduate of Goucher College, Yale 
University, and UC Berkeley Law.
    Elizabeth Goitein co-directs the Brennan Center for 
Justices' Liberty and National Security Program at the New York 
University School of Law. Before joining the Brennan Center, 
she served as counsel to U.S. Senator Russell Feingold. As 
counsel to Senator Feingold, Ms. Goitein handled a variety of 
liberty and national security matters with a particular focus 
on government secrecy and privacy rights.
    Previously, she was a trial attorney in the Federal 
Programs Branch of the Civil Division of the Department of 
Justice. Ms. Goitein is a graduate of Yale University, the 
Juilliard School, and Yale Law School.
    Adam Klein. Mr. Klein is a senior fellow at the Center for 
a New American Security, a bipartisan national security 
research organization in Washington. His research centers on 
the intersection of national security policy and law, including 
government surveillance in the digital age, counterterrorism, 
and rules governing the use of military force.
    Previously, Adam served as a law clerk to Justice Antonin 
Scalia of the United States Supreme Court and Judge Brett 
Kavanaugh of the U.S. Court of Appeals for the D.C. Circuit, 
and was a senior associate at WilmerHale. He has also worked on 
national security policy at the Rand Corporation and the 9/11 
Public Discourse Project. He is a graduate of Northwestern 
University and Columbia Law School.
    Welcome to all of you. We will proceed under the 5-minute 
rule. There is a timer, I think, right in front of you there. 
When you get down to 1 minute, I think it will warn you that 
you have 1 minute left. Please summarize at that point. Your 
entire statement, written statement, will be made part of the 
record.
    We'll start with you, Mr. Kosseff. Am I pronouncing your 
name correctly?
    Mr. Kosseff. Yes.
    Mr. Goodlatte. Good.

 TESTIMONY OF JEFF KOSSEFF, ASSISTANT PROFESSOR, CYBER SCIENCE 
            DEPARTMENT, UNITED STATES NAVAL ACADEMY

    Mr. Kosseff. Mr. Chairman, Mr. Ranking Member, and Members 
of the Committee, thank you for the opportunity to testify 
about 702. My name is Jeff Kosseff, and I'm an assistant 
professor at the U.S. Naval Academy, where I teach 
cybersecurity law. The views that I express today are only my 
own and do not necessarily represent the DOD or its components.
    Some of my testimony today is drawn from a Hoover 
Institution paper that I published last year with my colleague, 
Chris Inglis, who served as the deputy director of the NSA. I 
initially was quite hesitant to work on a paper about 702 with 
the NSA's former deputy director. As a lawyer, I have 
represented media organizations sometimes adverse to government 
agencies.
    Before becoming a lawyer, I was a journalist. I suspect the 
Committee would agree with me that journalists may be an 
especially skeptical bunch, and I was highly skeptical about 
the constitutionality of a government surveillance program that 
I understood primarily through reading the media accounts of 
the Snowden leaks.
    Nonetheless, I evaluated the entirety of the program based 
not only on media reports, but also on the public primary 
source record. What I found was an effective program that is 
subject to rigorous oversight by the three branches of 
government and on balance complies with the Fourth Amendment.
    That is not to say that I easily arrived at my conclusion, 
nor do I deny that there are some aspects of the program that 
raise very, very difficult Fourth Amendment questions.
    To start with the Fourth Amendment analysis, we have to 
look at whether there was a warrant or an exception to the 
warrant requirement. I agree with the FISA Court of Review that 
foreign intelligence can be considered a special need that is 
separate from law enforcement and is exempt from the warrant 
requirement.
    The FISA court has held that this exception covers 702, and 
I agree with this conclusion for the reasons stated in my 
written testimony. Even if warrants are not required, the 
Fourth Amendment demands an assessment of the reasonableness of 
the search by balancing the intrusion on individual privacy 
with the promotion of legitimate government interests.
    The public record strongly supports the conclusion that 702 
is an effective national security program. For example, the 
Privacy and Civil Liberties Oversight Board noted that more 
than 25 percent of the NSA's reports about international 
terrorism rely at least in part on 702 information. 702 is 
simply a more nimble alternative to Title I of FISA, which was 
designed to protect subjects who are U.S. persons.
    On the other side of the balancing test, we must assess the 
invasion of the individual's privacy interests. The statute 
explicitly prohibits the government from using 702 to 
intentionally target persons known to be in the U.S. or U.S. 
persons, and it explicitly prohibits reverse targeting.
    702 programs are subject to a number of additional 
procedural safeguards, including oversight from all three 
branches of government, certification requirements, and 
minimization and targeting procedures.
    That said, the FBI's querying of 702 data for evidence of a 
crime, I believe, raises the most difficult Fourth Amendment 
issues. In a recent FISA court proceeding, amicus argued that 
each FBI query of 702 information is a separate action subject 
to the Fourth Amendment reasonableness test. Judge Hogan 
correctly rejected that formulation and instead evaluated the 
702 program as a whole.
    Judge Hogan set forth a compelling case as to why national 
security interests outweigh the intrusion on privacy. 
Importantly, the FBI and other agencies can only query data 
that has been obtained through the certification targeting and 
tasking procedures. Only a subset of the 702 information is 
available to the FBI for queries, and the FBI does not receive 
unminimized information obtained through the NSA's upstream 
process.
    On balance, the FBI's ability to query 702 data as 
described in the public record does not render 702 
unconstitutional. During the reauthorization process, Congress 
may well conclude that there are legitimate policy reasons to 
limit the FBI's ability to conduct such queries. However, my 
testimony today is limited to the application of the Fourth 
Amendment to 702.
    The intelligence community continues to increase the amount 
of information available to the public about 702, and this is 
absolutely crucial. I commend these transparency efforts 
recognizing the tremendous difficulty caused by the inherently 
classified nature of foreign intelligence programs.
    Further, and importantly, the work of the Privacy and Civil 
Liberties Oversight Board has been absolutely essential in 
informing the public debate about 702. The Fourth Amendment, 
like other important constitutional rights, is highly fact 
dependent, requiring close analysis of not only how the program 
is structured by statute, but how it actually is being 
implemented. And that analysis must be ongoing, and that's why 
transparency is so vital to our constitutional analysis.
    Thank you, and I look forward to your questions.
    [The testimony of Mr. Kosseff follows:]
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
                               __________
    Mr. Goodlatte. Thank you.
    Ms. Doss, welcome.

      TESTIMONY OF APRIL F. DOSS, PARTNER, SAUL EWING LLP

    Ms. Doss. Mr. Chairman, Mr. Ranking Member, Members of the 
Committee, thank you for the opportunity to testify about 
Section 702 of the FISA Amendments Act. My name is April Doss. 
I am a partner at the law firm Saul Ewing. Prior to that, I 
spent 13 years at the National Security Agency.
    Although my perspective is informed by the years I spent in 
the intelligence community, the views expressed here are solely 
my own and do not represent the NSA or any other agency or 
organization.
    Like many other Americans, I recall exactly where I was on 
September 11, 2001, and not long after that I began working at 
the NSA where over the years I managed counterterrorism 
programs, conducted intelligence oversight activities, and 
spent a number of years in the Office of General Counsel, 
where, among other things, I served as the associate general 
counsel for intelligence law, responsible for providing legal 
advice on all of NSA's overseas intelligence operations, 
technology development used for those operations, and privacy, 
civil liberties, and oversight and compliance programs.
    Having worked at NSA both before and after the passage of 
the FISA Amendments Act, and having worked with that authority 
from a number of perspectives, I can attest to the following 
observations from my personal experience.
    In 2008, when the law was passed, the authority was 
critically needed because of the gaps created by the ways in 
which technology and intelligence targets had changed in the 
years since the original FISA was passed, the very points that 
Mr. Chairman referred to in his opening statement.
    The 702 authority strikes an appropriate balance between 
the government's need for foreign intelligence information and 
the privacy impacts on individuals, the very same critical 
points that Mr. Ranking Member pointed to in his opening 
statement.
    The statutory framework incorporates robust oversight 
requirements and privacy protections. Those protections have 
been implemented across all three branches of government in 
meaningful and substantive ways. And the 702 authority has 
consistently, since its passage in 2008, provided critical 
intelligence information to the U.S. and to its allies, 
including intelligence critical to supporting warfighters in 
the field that would not have been obtainable in other ways.
    FISA appropriately balances individual privacy and national 
security. One point to start with, despite some public 
misconceptions to the contrary, FAA 702 is a targeted 
intelligence authority. It's not bulk collection. The 
collection can only be initiated when an analyst is able to 
articulate and document a specific set of facts to meet the 
statutory and procedural requirements for demonstrating that a 
specific facility is associated with a specific user, who's a 
non-U.S. person, reasonably believed to be located outside the 
U.S., and likely to possess or communicate foreign intelligence 
information.
    Although a large number of selectors have been targeted 
under 702, they've only been tasked for collection because on 
an individualized, particularized basis each of them meets all 
of those criteria noted in the law.
    And because of the tailored and documented and carefully 
overseen manner in which the front-end collection is carried 
out, it's neither unlawful nor inappropriate, in my view, to 
query that collection for U.S. person information when there's 
a legitimate basis to do so, and those legitimate bases may 
include both intelligence purposes and law enforcement 
purposes, as articulated by Judge Hogan in his November 2015 
court opinion.
    The government has a compelling national security need to 
be able to carry out U.S. person searches of that collected 
information in appropriate cases. As an intelligence community 
lawyer for many years, I know firsthand just how often urgent, 
time-sensitive operational needs arise. And I can tell you, 
it's my view that if it were necessary for intelligence 
analysts, who work 24 hours a day, 7 days a week, to receive 
prior approval from somewhere outside of the NSA or the CIA or 
the FBI, for instance, from the FISC to conduct a query, that 
could have a significant detrimental impact on intelligence 
activities.
    With respect to the question of estimating the amount of 
U.S. person information that's incidentally acquired in 702 
collection, this is a critically important question that goes 
to the heart of this balancing between national security and 
privacy. However, I do believe that it raises significant 
privacy implications in how that might be done.
    The challenge, of course, being how to have the reference 
information that an intelligence analyst would need to know who 
the user is of an unknown identifier or where that user is in 
the world. In my view, the collection and maintenance of that 
reference information would itself pose significant impacts to 
privacy.
    During 13 years at the NSA, I had the opportunity to 
witness firsthand the critical importance of this authority in 
supporting U.S. troops, in detecting terrorist plans and 
intentions and other critical intelligence needs, and in 
protecting the U.S. and its allies. Many of those instances 
remain classified, but the PCLOB's report, I think, points to 
the importance of that collection and its sheer volume.
    Thank you, and I look forward to the Committee's questions.
    [The testimony of Ms. Doss follows:]
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
                               __________
    Mr. Goodlatte. Thank you, Ms. Doss.
    Regrettably, we're going to have to recess for votes that 
are on the floor with about 5 minutes remaining in the call. 
And there are several votes, so it may be a little bit of time. 
So if you haven't had anything to eat or want take a break, 
please do so.
    We will reconvene as soon as the votes conclude. We'll say 
45 minutes. We'll come back just as soon as we possibly can and 
work through this. And while we're over there, we'll encourage 
our colleagues to come join us.
    Thank you. The Committee will stand in recess.
    [Recess.]
    [3:38 p.m.]
    Mr. Marino [presiding]. The Judiciary Committee will come 
to order. And I believe that, Ms. Goitein, you're up next.

TESTIMONY OF ELIZABETH GOITEIN, CO-DIRECTOR, LIBERTY & NATIONAL 
SECURITY PROGRAM, BRENNAN CENTER FOR JUSTICE, NYU SCHOOL OF LAW

    Ms. Goitein. Mr. Chairman, Members of the Committee, thank 
you for this opportunity to testify on behalf of the Brennan 
Center for Justice.
    Congress' goal when it passed the FISA Amendments Act in 
2008 was to give our government more powerful tools to use 
against foreign threats. Consistent with that goal, Section 702 
of the act has been used to monitor suspected terrorists 
overseas, to trace their networks, and to disrupt their plots. 
All of us in this room, I imagine, support that goal and those 
activities.
    We're here today because of the other things that Section 
702 has been interpreted to allow. The government is not simply 
monitoring foreign terrorists and foreign suspects. Instead, 
it's scanning the content of almost all of the international 
communications that flow into and out of the United States and 
is acquiring hundreds of millions of communications each year.
    We know from how the data is collected that it includes a 
massive amount of Americans' communications. But despite 
repeated requests by Members of this Committee, the government 
still has not managed to provide an estimate of how many 
Americans' communications are swept up.
    We also know that despite being required to minimize the 
retention and use of Americans' data, the government keeps that 
data for years and routinely searches it for information to use 
against Americans in ordinary criminal proceedings. According 
to the Privacy and Civil Liberties Oversight Board, the FBI 
searches the data when performing assessments, which are 
investigations that lack a factual predicate. That means the 
FBI is reading Americans' emails and listening to their phone 
calls without a factual basis to suspect wrongdoing, let alone 
a warrant.
    I don't believe this is what Congress had in mind when it 
passed Section 702. In writing the law, however, Congress did 
give significant discretion to the executive branch and the 
FISA court, trusting them to implement the statute in a manner 
consistent with its objective. So for instance, Congress 
allowed the targeting of any foreigner overseas, trusting the 
government to focus its efforts on those who pose a threat to 
us. Congress also left it to the executive branch and the FISA 
court to come up with specific minimization rules.
    I don't mean to imply that this trust was misplaced. In 
fact, we've seen essentially no evidence of intentional misuse. 
But what we have seen is mission creep, so that a law designed 
to protect against foreign threats to the United States has 
become a major source of warrantless access to Americans' data 
and a tool for ordinary domestic law enforcement. This outcome 
is contrary not only to the original intent of FISA, but to 
Americans' expectations and their trust that Congress will 
protect their privacy and their freedoms.
    As it now stands, law-abiding citizens of this country and 
others are vulnerable. Their personal information sits in 
massive databases where it's subject to being hacked by the 
Russian or Chinese Government, cyber criminals, or, I suppose, 
a 400-pound hacker sitting on his bed.
    American technology companies are facing the real threat 
that they'll be unable to do business with foreign companies 
and customers because of our government's collection practices.
    And yes, there is the potential for abuse. Remember that 
Congress passed FISA in 1978 because multiple Presidents had 
abused surveillance authorities to target political opponents, 
personal enemies, and disfavored ideologies and minority 
groups. In today's tumultuous political environment, we would 
be naive to think that could never happen again.
    We can't rely on the courts to supply the missing 
protections. The few judges that have reviewed Section 702 have 
upheld it. They're not delusional. They're not ``so-called 
judges.'' But they are applying Fourth Amendment precedent and 
doctrines that are hopelessly unsuited to the digital 
globalized era. This is a classic case of the law failing to 
keep up with technology.
    When that's happened in the past, Congress has acted to 
fill the gap. Just a few weeks ago, as you know, the House, by 
unanimous voice vote, passed the Email Privacy Act. Americans 
are counting on you to do the exact same thing here, to protect 
the privacy of their emails and other communications.
    Thank you, and I look forward to taking your questions.
    [The testimony of Ms. Goitein follows:]
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
                               __________
    Mr. Marino. Thank you.
    Mr. Klein.

            TESTIMONY OF ADAM KLEIN, SENIOR FELLOW, 
               CENTER FOR A NEW AMERICAN STRATEGY

    Mr. Klein. Thank you, Mr. Chairman and Members of the 
Committee. Thank you for inviting me to testify today.
    My name is Adam Klein. I'm a senior fellow at the Center 
for a New American Security, which is a bipartisan research 
organization that develops strong, pragmatic national security 
and defense policies.
    In a recent report, two colleagues and I offered more than 
60 recommendations for the future of surveillance policy, 
including Section 702. Our research was informed by private 
consultations with dozens of current and former government 
officials, technology experts, legal scholars, and privacy 
advocates.
    We concluded that Section 702 is a valuable intelligence 
tool and should be reauthorized with current authorities 
intact. In particular, we were moved by the measured but 
largely positive judgment of the bipartisan Privacy and Civil 
Liberties Oversight Board, which concluded that the program has 
been valuable and effective, found no evidence of intentional 
abuse, and reported that over a quarter of the NSA's reports on 
international terrorism were based in whole or in part on 
Section 702.
    Our report also noted, however, that important intelligence 
programs, including Section 702, will not be politically 
sustainable unless the public has confidence that they're being 
used in a lawful and appropriate way and that they are subject 
to strong oversight. So the challenge for us is to enhance 
public trust without diminishing Section 702's effectiveness as 
an intelligence tool.
    My written testimony lists more than a dozen concrete 
actionable ways Congress can do this as part of this process. 
I'll just highlight a few here.
    First, and I think this is the most urgent issue facing the 
Committee during the reauthorization process, Congress needs to 
revive the Privacy and Civil Liberties Oversight Board. The 
Board has provided excellent oversight of Section 702. Its 
positive judgment about the program is one of the best 
arguments for why the program should be reauthorized. 
Unfortunately, the Board is now paralyzed because it has no 
chairman and has too few members to take official action.
    My written testimony contains several proposals for 
reviving and enhancing the Board. I'll just note one here. The 
Foreign Intelligence Surveillance Court, before it issues the 
annual order that allows Section 702 to operate, should be 
required to confirm that the President has made nominations to 
any vacancies on the Board. This will give Presidents a real 
incentive to nominate members to the Board, something that has 
been a problem since the Board was created.
    Another area where there's room for pragmatic reform is 
queries of Section 702 information using U.S. person 
identifiers, especially FBI queries in criminal investigations 
that are not related to national security. This practice does 
raise real civil liberties concerns. But at the same time, 
there are reasons not to prohibit these queries altogether or 
at least to be very cautious before doing so.
    The 9/11 Commission explained that the inability to connect 
the dots between domestic law enforcement and foreign 
intelligence was a key reason why the government did not 
disrupt the 9/11 attacks. If there's a connection between the 
subject of an FBI investigation in the United States and a 
foreign terrorist or a spy or a proliferator who has been 
targeted under 702, we want the FBI to know that.
    Now, that said, there are ways to address privacy concerns 
short of banning these queries altogether. The most important 
is transparency. So the government should provide more 
information about the number of such queries, about how often 
they return Section 702 information, and about how the Justice 
Department uses that information downstream in the criminal 
justice system.
    Another possibility worth exploring is whether the FBI 
could continue running all the queries it runs today but in 
some subset of them receiving only the metadata of the 
responsive communications initially instead of the underlying 
content. That could be enough to reveal any connections to 
problematic foreign actors.
    One final recommendation I'd like to highlight. The USA 
FREEDOM Act created a pool of cleared advocates to present 
public interest arguments before the FISA court. Now, whether 
to appoint one of those advocates is currently in the court's 
discretion. We believe that Congress should make it mandatory 
in at least one case a year: the court's annual review of 
Section 702. That's a very easy way to strengthen judicial 
oversight of 702 with absolutely no costs for national 
security.
    Thank you, and I look forward to your questions.
    [The testimony of Mr. Klein follows:]
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
                               __________
    Mr. Marino. Thank you. We're now going to proceed into the 
5-minute questioning, the three of us, and if anyone else shows 
up will have an opportunity to question you. I'm going to 
recognize myself for the first 5 minutes of questioning.
    And, Mr. Kosseff, am I pronouncing that right, Kosseff?
    Mr. Kosseff. Yes.
    Mr. Marino. And then I would like, if you care to, each 
member to answer my first question, which would be very simple. 
Is there anyone here that believes that we should not 
reauthorize this legislation?
    Mr. Kosseff. I believe you should reauthorize.
    Mr. Marino. We should reauthorize?
    Mr. Kosseff. Yes.
    Ms. Doss. I'm in favor of a clean reauthorization.
    Ms. Goitein. I would be in favor of reauthorization if 
there were significant reform.
    Mr. Marino. Okay.
    Mr. Klein. Yes, I support it as well, reauthorization.
    Mr. Marino. Ms. Goitein, you stated that, although not 
intentional at this point, did you say thousands or millions of 
names were gathered up, information was gathered up? Did I 
paraphrase that correctly? Did you say that you thought that 
there were thousands or there may be even millions of names or 
information gathered up unintentionally?
    Ms. Goitein. Not unintentionally. It's part of the 
incidental collection. The terminology gets mixed up. 
``Incidentally'' is the terminology that's used by the 
government. But it is part of the design of the program, to 
acquire communications of foreign targets with Americans as 
well as with others. And so as an inevitable result of that, 
millions of Americans' communications, which is the best 
estimate that anyone can have until the government provides a 
more accurate estimate, are being collected.
    Mr. Marino. Can you give me another example or an example 
of how you come to that conclusion?
    Ms. Goitein. Sure. Well, one example is that there are 250 
million Internet communications that are acquired each year 
under Section 702, at least that was the case in 2011. And this 
is collecting all of the communications of the targets. If you 
assume that----
    Mr. Marino. There's the big word, okay, ``assume.''
    Ms. Goitein. Well, that's all we can----
    Mr. Marino. So are you basing this on a mathematical 
calculation?
    Ms. Goitein. Unfortunately, after a year of asking for it, 
the intelligence community still has not given the Committee 
the numbers we would need to do an actual calculation. So if 
you conservatively assume that even 1 out of 100 of every 
foreign target's communications was with an American, that 
would still be millions of Americans' communications.
    Mr. Marino. You're dealing with a career prosecutor here. I 
don't assume anything.
    Ms. Goitein. I would like not to assume. I would love to 
have the facts.
    Mr. Marino. Mr. Klein, what say you about that?
    Mr. Klein. I actually agree with Ms. Goitein's description 
of incidental collection. I mean, this is something that has 
been documented by the Privacy and Civil Liberties Oversight 
Board, that this is a realistic prospect, that this happens in 
substantial volume.
    And there have been statistical transparency reports by the 
intelligence community documenting, among other things, U.S. 
person identities that are part of disseminated intelligence 
reports. This is on page six of the 2016 transparency report.
    So this is a real thing. But at the same time, there are 
measures in place to ensure that the U.S. person information 
collected through the program is minimized, is used only in 
specified ways subject to the supervision of the FISA court. So 
there are safeguards in place, but I do think that greater 
transparency would help boost public trust in that.
    Mr. Marino. And, Mr. Kosseff and Ms. Doss, do you have a 
thought?
    Mr. Kosseff. I fully support transparency in terms of the 
numbers of incidental collections of U.S. persons' information. 
However, I also recognize there very well may be some 
logistical difficulties, as well as potential civil liberties 
concerns in terms of how you calculate and how you obtain that 
information.
    I'm not an expert on that issue. I just know that's what's 
been stated in the public record. So I think that always will 
have to be balanced with the need for transparency. But 
absolutely, if there was a way to get those numbers, that would 
be excellent.
    Mr. Marino. Ms. Doss.
    Ms. Doss. From a practical perspective, I believe that it 
would be far more intrusive on privacy and really not feasible 
to come up with those numbers in a meaningful way, and I'll 
explain briefly why. I touched on it in my written testimony as 
well.
    The challenge is that when the intelligence community is 
targeting a foreign intelligence target, there's no way a 
priori to know who the target will be in communication with. 
Intelligence analysts in their tradecraft typically look for 
communications of intelligence value, not for irrelevant ones, 
and when they see communications of value, they will inevitably 
find unknown identifiers, which might be phone numbers or email 
addresses.
    The challenge is that there is nothing inherent in the 
unknown identifiers that can definitively point not only to 
where the other communicant might be, but to what their 
nationality and citizenship and identity are. So in order to 
make that determination, my view is the intelligence community 
would be required to have a significant amount of reference 
information about U.S. people who are of no intelligence 
interest in order to identify the U.S. person communications.
    Ms. Goitein. Could I briefly respond to that?
    Mr. Marino. Briefly. My time has expired, but go ahead.
    Ms. Goitein. Okay. For two of the programs under Section 
702, it should be very straightforward to collect the 
information. For the phone collection, a country code will 
suffice as an estimate. There's no need to do research or have 
reference information. It's not 100 percent accurate, but it's 
accurate enough for the estimate that we seek.
    For the purpose of Internet communications collected 
through upstream collection, the IP address serves as a proxy 
for country. It is a reliable enough proxy that the NSA relies 
on it to try to filter out domestic, wholly domestic 
communications. If it's reliable enough for that purpose, it's 
reliable enough for the estimate that we have sought.
    The difficult program is PRISM. That's where it's a bit 
harder. And I would just say that we are aware of all of the 
problems in terms of trying to figure out the nationality of 
U.S. persons. There are privacy implications, but the privacy 
community has unanimously come down on the side of saying that 
it would be a net gain for privacy if there were a limited, 
one-time sampling under conditions that we have laid forward in 
a letter.
    So while I appreciate Ms. Doss' concerns, I think the 
privacy community feels differently.
    Mr. Marino. My time has expired.
    Congressman Lieu from California, you're up.
    Mr. Lieu. Thank you, Mr. Chair.
    Having served on Active Duty in the military, I believe 
when it comes to terrorists, we need to hunt them down and kill 
them. And I don't think anyone on this Committee has any 
problem with Section 702 and how it goes after foreign bad 
dudes and foreign Nations. I think some, and perhaps many of 
us, have a concern when we're talking about an American citizen 
and how they incidentally get caught up in this surveillance.
    And under Section 702, if you're an American citizen and 
you're caught up in this surveillance, that information can be 
passed to the FBI to then do a criminal proceeding and do a 
criminal case against you. To me, that's just a flat-out 
violation of the Fourth Amendment.
    And so for those of you who want a clean authorization, why 
do we even need that? Why don't we just require a warrant, as 
the Fourth Amendment does? How does going after American 
citizens for a criminal case that's unrelated to a target or 
foreign inquiry, how does that help our national security? And 
I guess that's my first question to those who think there 
should be no reforms to this section.
    Mr. Kosseff. Well, to touch on that, one of the main 
justifications for having that ability has been that, let's 
say, that the FBI were searching for some--their unified 
database for an American U.S. identifier. They could then come 
up with a hit on 702 and that would tell them additional 
information about a potential foreign intelligence threat. So 
that's one justification.
    And the other justification is going back to the wall 
between FBI and intelligence data that existed pre-September 
11.
    So those are two justifications for it. I also fully see 
your point on there being concerns about the FBI having that 
access.
    When it comes to a Fourth Amendment issue, that's a little 
different. I'm not aware of any cases where a subsequent query 
of data that had been lawfully collected constitutes its own 
separate Fourth Amendment search.
    So there very well may be some very strong policy reasons 
to change the FBI's ability to query that data, but I see that 
more as a privacy and policy concern than a Fourth Amendment 
issue just under the doctrinal Fourth Amendment law.
    Mr. Lieu. Thank you.
    Yes, go ahead.
    Ms. Goitein. I would disagree on the Fourth Amendment 
analysis. The notion that restrictions on searches of lawfully 
acquired information or lawfully accessed property is somehow 
not a part of the Fourth Amendment is simply not the case. It's 
actually the constitutional norm.
    The terms of access to information or property are 
generally set forth in the warrant, and they usually do require 
limits on searches.
    If I obtain a warrant to search a computer, for example, in 
a case where I have shown probable cause of a copyright 
infringement, I can take that computer, I can copy the hard 
drive, I lawfully have that information. But I am only 
permitted to search for the evidence of copyright infringement. 
After I find that, I can't go pulling up the IRS returns to 
look for evidence of tax fraud.
    Uusually that's built into the warrant as a restriction on 
searching. It is part of the terms of access. The terms of 
access of 702, of getting this information without a warrant, 
is that the government has no intent to target any American, 
any particular known American. They have to certify our 
interest is only in the foreigner, not in any particular known 
Americans. And I would argue that that serves as a 
constitutional barrier to a warrantless search after 
collection.
    Mr. Lieu. Thank you. And I think you had touched on this 
earlier. I just want to get it very clear from you. You would 
believe that responding to a request for information that this 
Committee has sent out to intelligence agencies about the 
statistics, you think that on balance it's better to get that 
information versus any privacy concern.
    Ms. Goitein. Yes, I believe so, and 30 civil liberties 
organizations have signed a letter saying that, including the 
major national privacy organizations in this country.
    Mr. Lieu. And let me conclude by just saying, you know, all 
of us here, and those intelligence agencies, took an oath not 
to an Administration or to a political party or to an agency, 
it was an oath to the Constitution.
    And what that means is even if a program may be effective 
or not effective or incredibly brilliant, if it violates the 
Constitution, we just can't execute it unless we change the 
Constitution. And I just hope people understand that that's 
what it means when we all take an oath to the Constitution, 
that that is the primary document to which we owe our 
allegiance.
    And with that, I yield back.
    Mr. Marino. The Chair recognizes the gentleman from Idaho, 
Mr. Labrador.
    Mr. Labrador. Thank you, Mr. Chairman.
    And thank you all for being here today.
    I think it is the responsibility of this Committee and 
every Member of Congress to ensure that the privacy and the 
Fourth Amendment rights of every U.S. citizens are protected 
and remain of paramount importance to this government.
    Professor Kosseff--am I pronouncing your name correctly?--
in Ms. Goitein's testimony, she highlighted that, as of 2011, 
more than 250 million Internet transactions a year are being 
collected by the government. Is it possible to subject the 
collection of 250 million transactions a year to rigorous 
oversight?
    Mr. Kosseff. Based on the procedures that the NSA has 
developed and my understanding of the procedures through the 
Privacy and Civil Liberties Oversight Board's report of it, I 
am very impressed by the multiple levels of analysis that have 
to go through, the targeting decisions, the certifications, and 
the minimization procedures, and the oversight for each, 
throughout all three branches of government.
    So I do think that it is possible. I do think the volume, 
obviously, makes it very difficult. But I also don't think 
that's a reason not to do it. If there are ways to strengthen 
the oversight, then that would definitely be something worth 
looking at. But at least from a Fourth Amendment perspective, I 
think that is possible.
    Mr. Labrador. Ms. Goitein, do you think it is possible to 
subject this to rigorous oversight?
    Ms. Goitein. I think there is some indication, even in Ms. 
Doss' testimony, that it may be a little too much of a 
challenge, that while there has been no international lack of 
compliance with the rules, there have been repeated instances 
of noncompliance with FISA court orders and with court-ordered 
procedures.
    I'm not talking about trivial technical violations. I'm 
talking about violations that were systemic, sometimes quite 
prolonged, and that resulted in significant overcollection and 
unauthorized searches.
    Again, this was not through bad faith. There's essentially 
two explanations, and one is that the oversight isn't enough or 
isn't working, and the second explanation is that the system is 
so large and so technically and legally complex that compliance 
is effectively impossible.
    Mr. Labrador. Well, let me just stop you there, because I 
only have 5 minutes.
    So, for me, a particular concern--and this is not a 
political question. It just had a chilling effect on me, 
because I've been a critic of--or at least a proponent of 
strong reforms in this system now for several years. But I was 
concerned when I saw that Michael Flynn's information was made 
public.
    So we have heard that there's supposed to be all these 
guidelines that are supposed to protect the identity of people. 
And whatever your political persuasion is, for me it had a 
chilling effect, that I thought my political opponents could 
use my personal information that they maybe gathered in some 
private communication against me in the future. So that should 
be quite terrifying to anybody, whether you're a Republican or 
a Democrat.
    Mr. Kosseff, you mention that the numerous statutory 
limitations have been put in place to limit the invasion of 
privacy. It seems that, even with these limitations to protect 
the privacy of the average Americans, somehow leaks are 
happening. In Mr. Flynn's case, these leaks not only invaded 
his privacy but also crippled and ultimately prevented the 
Commander in Chief from having his key national security 
personnel from doing its job, which you may have a political 
opinion about or not.
    How do we trust these intelligence agencies to ensure that 
our national security when they're divulging highly sensitive 
information to settle scores or--can we prevent them from using 
this personal information to settle scores?
    Mr. Kosseff. Well, I can't speak to those specific----
    Mr. Labrador. So let's use that as an example, because 
that's an example that now the American people can relate to. 
It's what some of us have been warning about for years, and all 
of a sudden it happened, and it's a real-life example, where 
somebody's sensitive information was used for a political 
purpose, whether you agree with that political purpose or not.
    Mr. Kosseff. Sure. So, putting that aside, I think in terms 
of the oversight, I think trust is by far the most important 
characteristic of a program like 702 or really any other 
intelligence program and----
    Mr. Labrador. Well, but the Fourth Amendment was put in 
place because we don't trust the government.
    Mr. Kosseff. Yes, yes.
    Mr. Labrador. Ms. Goitein, without taking a political 
position on this, shouldn't we be alarmed by this?
    Ms. Goitein. I think what you're touching on relates to 
essentially the history of FISA and why it was put in place, 
which is that surveillance was--and I'm not taking a position 
on the particular surveillance in this case. I'm taking a 
position more on your response to it and your sense that you're 
chilled, to some degree----
    Mr. Labrador. Yes.
    Ms. Goitein [continuing]. By the possibility that your 
communications could be acquired. And they could be. Under 
section 702, they could be.
    And I think that is something that really ought to be of 
concern, because the statute is not narrow enough. It doesn't 
limit the government to conducting surveillance of foreign 
threats to the U.S. And that opens the door to potential 
abuses; it opens the door to possible political surveillance. 
That's why FISA was enacted in the first place in 1978, because 
those things were happening.
    And section 702, while it responded to a real threat and it 
intended to address that threat in an effective way, it also 
eliminated some of the protections that might prevent the 
chilling that you're experiencing.
    Mr. Labrador. Thank you.
    Mr. Marino. The gentleman's time has expired.
    The Chair now recognizes the gentleman from Ohio, Mr. 
Jordan.
    Mr. Jordan. Thank you, Mr. Chairman.
    Ms. Goitein, we sent a letter a year ago--your group may 
have been part of putting this letter together; I signed on to 
it--asking Mr. Clapper the number of Americans whose 
communications have incidentally been collected under section 
702 of FISA.
    Can you hazard a guess? They wouldn't give us a number. Can 
you hazard a guess?
    Ms. Goitein. I had said earlier millions, which I think is 
conservative.
    Mr. Jordan. You think it's millions?
    Ms. Goitein. Yes. Potentially tens of millions. I don't 
know. I really hesitate to speculate. I know that that 
speculation is discouraged. I wish I had better numbers for 
you.
    Mr. Jordan. So the response they give back to me--you know, 
they give a short, little three-paragraph response. And they 
say this--the operative sentence or clause says, ``The numbers 
of Americans whose communications have been incidentally 
collected under 702 is a very difficult, if not an impossible, 
number to calculate.''
    That seems like baloney to me. It seems like that would be 
relatively easy to calculate. We're talking about the greatest 
intelligence service on the planet. You'd think they would be 
able to know that, right?
    Ms. Goitein. Well, I think if we were asking for an 
accurate calculation, it actually would be difficult. We're 
asking for an estimate.
    Mr. Jordan. Right, an estimate.
    Ms. Goitein. Certainly for two of the three programs under 
section 702, it should be quite straightforward.
    Mr. Jordan. Okay.
    I just want to make sure I know exactly how this works. So 
there's a bad guy who's not an American, who's overseas, we 
want to surveil him. And this individual's going to communicate 
with an American.
    So, on the front end, my understanding is the FISA Court 
says the procedures on how you're going to handle 
communications to and from or about Americans. On the front 
end, the FISA Court says, okay, those procedures, when you get 
in the situation, this is how you're going to conduct yourself. 
Is that right?
    Ms. Goitein. Yes.
    Mr. Jordan. Okay.
    And so now it happens; the bad guy communicates with an 
American. And we now have the American's phone conversation, 
the content of those phone conversations and the content of 
those email or whatever electronic communications, right?
    Ms. Goitein. Yes. Presumably.
    Mr. Jordan. Okay.
    And what happens when they look at--first of all, how are 
those communications stored?
    Ms. Goitein. It depends on the agency. Let's say the NSA 
collects the communications.
    Mr. Jordan. Right.
    Ms. Goitein. The NSA, through, let's say, the PRISM 
program. Then the NSA can just keep it in its own databases, 
can also give it to the FBI and to the CIA, the raw data with 
the American's information in it, to those agencies----
    Mr. Jordan. When you say ``raw data,'' is that the content 
of the--the actual email content----
    Ms. Goitein. Yes.
    Mr. Jordan [continuing]. And the actual content of those 
conversations?
    Ms. Goitein. Yes.
    Mr. Jordan. Okay. So that that content could be on multiple 
databases.
    Ms. Goitein. Correct.
    Mr. Jordan. FBI, NSA, various Federal agencies, right?
    Ms. Goitein. Correct.
    Mr. Jordan. Okay.
    Then how is it--then we have the term ``query.'' What's 
that mean?
    Ms. Goitein. A query is when an agent who is authorized to 
access the system and to run the query usually takes an email 
address or a phone number or some kind of identifier, a 
communications identifier, to search through the data for a 
particular individual's communications so that they can look at 
it.
    Mr. Jordan. Okay.
    So we have it all there, and then they--let's say Joe 
Smith's the American. They have all the information on Joe 
Smith, and they said, now we want to query that. And it can be 
triggered just by the name? It could be triggered by what?
    Ms. Goitein. I think it would be much more likely to be a 
phone number or an email address. That would be the way, I 
think, it's usually done.
    Mr. Jordan. Okay.
    Ms. Goitein. I should say that the NSA and the CIA and the 
FBI all have rules that provide some limit on when they can 
query using a U.S. person identifier.
    Mr. Jordan. Is the information that was collected under a 
702 about Americans, is it tagged differently in the databases 
that it's in, or is it just part of the overall database?
    Ms. Goitein. It's tagged differently.
    Mr. Jordan. Tagged differently. So you could selectively go 
through and just say, I want information collected only under 
702 about Americans?
    Ms. Goitein. No. I think it would be more likely, actually, 
to work the other way, that whoever's running the query, if 
they get back information that's tagged as 702, they have to be 
trained in 702 in order to then access that information. But if 
they're not trained, they just go and ask someone else who is, 
and they come look at it.
    Mr. Jordan. Okay.
    When they have that information about the American, can 
they use that information to--let's say the American's done 
something wrong. Could that American be prosecuted by 
information gained under 702?
    Ms. Goitein. By the FBI, yes.
    Mr. Jordan. And could they be prosecuted only for crimes or 
potential crimes relative to national security, or is it 
broader than that?
    Ms. Goitein. No. It's broader than that. It includes crimes 
that have no relationship to foreign intelligence or national 
security.
    Mr. Jordan. And has that happened?
    Ms. Goitein. That information is not public.
    Mr. Jordan. Yeah. We don't know.
    Ms. Goitein. And we would know if the government were more 
faithfully adhering to the notification requirements of the 
statute, under which the government is supposed to notify 
defendants when it uses information derived from section 702.
    Mr. Jordan. But do you think it has happened, where 
someone, an American, information gathered under 702 about that 
American is used to prosecute them and that's used to prosecute 
them in some area outside of national security? Do you think 
that has happened?
    Ms. Goitein. I'm really not in a position to say. I don't 
know.
    Mr. Jordan. But can you hazard a guess?
    Ms. Goitein. I'm sorry.
    Mr. Jordan. Do you think it's happened?
    Ms. Goitein. Section 702 has certainly been used in 
criminal prosecutions that have a terrorism component, such as 
material support for terrorism. As for whether it's been used 
in a case that has nothing to do with national security, I'll 
put it this way: The FBI, according to the Privacy and Civil 
Liberties Oversight Board, routinely searches the data, data 
that includes section 702 data, for Americans' information when 
it's conducting criminal investigations that have nothing to do 
with national security. So I would imagine that, if they found 
something responsive, yes, they would use it. But----
    Mr. Jordan. Which is----
    Ms. Goitein [continuing]. That is all I can say, really.
    Mr. Jordan. Yeah, which is scary.
    Okay. I thank the Chairman, and I thank the witnesses.
    Mr. Marino. Before I go to Mr. Lieu, Ms. Doss, can you give 
us a little explanation concerning your experience about how 
tagging takes place, when something's tagged, if it's tagged, 
does a U.S. citizen's name comes up when this tagging takes 
place overseas?
    Ms. Doss. Thank you. Ms. Goitein's testimony fundamentally 
misstates the facts in that regard, so thank you for the 
opportunity to clarify.
    The central challenge with identifying U.S. person 
communications in collected 702 data is that, by and large, the 
intelligence community will not have reference information to 
know who the U.S. persons are. They're targeting foreign 
persons for foreign intelligence reasons. The foreign 
intelligence target will communicate with any number of people, 
but, appropriately, the government does not have a 
comprehensive database of all of the identifiers, the phone 
numbers and email addresses, associated with the U.S. people.
    So what happens is the data gets queried, looking 
specifically for foreign intelligence. When an unknown 
identifier is revealed, if there appears to be intelligence 
value in the communication, the analyst will then go do the due 
diligence research that will help them understand whatever 
information might be available about the communicant's 
nationality, location, identity. But there's no reference 
database that says, here's the U.S. people.
    There are capacities within some--I can't speak for all of 
the databases that might hold 702 information everywhere in the 
CIA, FBI, and NSA. There are capacities to tag data as U.S.-
person-related when it's recognized, but that requires 
recognition of it. There isn't any means, certainly not that 
I'm familiar with, that allows tagging of it upon arrival.
    And one of the things that's really critically important 
that Ms. Goitein sort of slipped past in her previous testimony 
was that there's two dimensions to this: location in the U.S. 
and U.S. people anywhere in the world.
    For the question of whether somebody is located in the 
U.S., there are instances in which technical data can be 
helpful in making that determination, and it's critically 
important. It's not available for all types of 702 data, but it 
is for some, and that's critically important. That tells you 
location. That cannot tell you whether or not somebody might be 
a U.S. person anywhere else in the world, which, of course, is 
one of the key protections of 702.
    Mr. Marino. Mr. Lieu?
    Mr. Lieu. Thank you, Mr. Chair.
    So let me follow up on the gentleman from Ohio's question 
to you, Ms. Goitein. And you can also respond to what Ms. Doss 
said as well.
    So let's say an intelligence agency is targeting a foreign 
national or foreign country, and then they find out 
incidentally that an American citizen is buying marijuana 
across State lines. Could that information be given to the FBI 
to then go prosecute that American citizen?
    Ms. Goitein. Yes.
    Mr. Lieu. How is that constitutional? I don't understand 
why your Fourth Amendment rights somehow get violated just 
because of how the information got collected on you, through 
this means. I don't understand that.
    Ms. Goitein. I think if the government happens upon 
information of a crime that there is an argument that that's 
analogous to the ``plain view'' exception to the warrant 
requirement. Now, I think that that looks very different in a 
situation where you have a collection program that enables 
essentially the mass collection of hundreds of millions of 
communications a year. So I do think that's troubling. I'm much 
more troubled by the deliberate searching, which is not 
analogous to ``plain view,'' for Americans' information.
    And I do need to say that I did not say that Americans' 
information is somehow tagged as Americans' information. I 
believe I was asked the question whether section 702 data is 
tagged as 702 data. It's required to be tagged as 702 data in 
the statute.
    So I think you misunderstood my testimony----
    Ms. Doss. My apologies if I misunderstood.
    Ms. Goitein. Okay.
    Mr. Lieu. Thank you.
    So let me follow up on what you said, in terms of the scale 
of this program. So, under section 702, there's three 
categories, generally, in which intelligence agencies can go 
target. The first two I understand. One is terrorism. The 
second is, you know, nuclear nonproliferation issues and so on.
    But the third is this massive category known as foreign 
affairs. So that could apply to academic students, human rights 
activists, lawyers. It's this massive group. And do you have 
any idea of how big that group is? Because foreign affairs is 
virtually everything, potentially.
    Ms. Goitein. Again, we unfortunately have very, very little 
information about how that works in practice. Certainly it is a 
fear that under the very broad definition of ``foreign 
intelligence information'' in the statute, that would, on its 
face, encompass conversations of human rights activists, 
conversations of journalists with their sources, NGOs that work 
on important political issues, and things of that nature.
    One of the certifications on foreign intelligence topics 
was leaked, and that was the certification for foreign 
intelligence related to foreign powers. And the foreign powers 
about which the NSA is authorized to collect information that 
relates to those foreign powers includes most of the countries 
in the world, including allies of ours, including tiny 
countries that have very little role on the world stage, 
neutral countries with no history of terrorism. St. Lucia is on 
that list.
    So certainly on paper these authorities are extremely 
broad. And we are trusting in the self-restraint of the people 
who are operating these programs to not take advantage of that 
breadth.
    Mr. Lieu. Thank you.
    And then one last question on the Fourth Amendment. As you 
know, the Fourth Amendment doesn't just say government can't 
engage in warrantless searches. It also says government can't 
engage in warrantless seizures.
    So why isn't it the case that the seizure of an American 
citizen's email--that is a constitutional violation right 
there, before you even start searching. I mean, why is it the 
case that we even allow incidental collection of Americans? Why 
not just say, if there's incidental collection of Americans, we 
mask it, we delete it unless there's a warrant? Why wouldn't 
that be the case under the Constitution?
    Ms. Goitein. Certainly one thing that I believe is 
constitutionally necessary--now, as I said, I think the courts 
have been applying some very old caselaw to come to different 
conclusions, but we need much, much stricter minimization 
requirements.
    The minimization requirements that exist right now, which 
are described as strict, allow the NSA, the CIA, the FBI to 
hold on to Americans' data literally for years. If the FBI 
reviews data, sees Americans' data, comes to no conclusion 
about whether or not it is foreign intelligence, the 5-year 
limitation evaporates and they can hold on to it for some 
longer period that is still classified.
    If the information's believed to contain secret meaning, 
which I think covers every email I ever sent to my sister, then 
that also is exempt from the age-off requirement.
    Let's see, what else? The NSA is supposed to purge U.S. 
person data on detection if it doesn't contain foreign 
intelligence or evidence of a crime. The Privacy and Civil 
Liberties Oversight Board reported that this rarely, if ever, 
happens. The CIA and the FBI have no such requirement. They 
just rely on these very porous age-off requirements.
    And all three agencies can search the data using U.S. 
person identifiers.
    So if you look at these restrictions, such as they are, 
yes, there are restrictions on the use and retention of U.S. 
person data. But is that use and retention minimized? Not by 
any common sense of that word.
    Mr. Lieu. Thank you.
    I yield back.
    Mr. Marino. The Chair now recognizes the gentleman from 
Texas, Congressman Poe.
    Mr. Poe. Thank you, Chairman.
    Thank you all for being here.
    I'm going to pick up where my colleague just, I think, left 
off. And I want to keep it real simple for me--not for you, but 
for me.
    The government, under secret courts, gets a secret warrant 
to seize information from a bad guy. Let's just call him 
``terrorist outlaw.'' And they grab that information from 
terrorist outlaw from their secret court, with secret 
information. And the warrant for that document, if you want to 
call it a warrant, is never publicized to the public.
    Is that correct, Professor?
    Oh, I guess when I say ``professor,'' everybody looks at 
each other. I'll ask the witness that was just talking.
    Is it ``Goitein''?
    Ms. Goitein. Goitein.
    Mr. Poe. Goitein. I apologize.
    Is that correct? That document, we call it a warrant; I 
don't think it's a warrant. But that document is never made 
public. Is that correct? And that's part of FISA, that it's 
never made public.
    Ms. Goitein. Correct.
    Mr. Poe. Okay.
    So they seize information about outlaw terrorist, and in 
that information, they inadvertently come across data--emails, 
phone conversations--about some American. And they call that 
query. Is that correct?
    Ms. Goitein. Not if they just stumble upon it. If they're 
looking for it, then that would be called a query.
    Mr. Poe. Okay.
    Ms. Goitein. It's very technical. There are----
    Mr. Poe. I know.
    Ms. Goitein [continuing]. Different ways they can find the 
information.
    Mr. Poe. But they seize it, is the point. They seize the 
information if they come across it, whether they're not looking 
for the information because the American's not the target. If 
it was the target, oh, my goodness, we'd have to get a search 
warrant. So they're going to say that he's not a target, or the 
American is not a target; they just come across the 
information, even inadvertently. And if it's on purpose, 
they've got to get a warrant, so I'm going to say it's 
inadvertently. Let's just assume, in my hypothetical, they come 
across it inadvertently.
    And they read the information, or they have their computers 
read the information. And they seize that information, and they 
keep that information on whether it's one American or a bunch 
of Americans. Is that correct? I'm just asking.
    Ms. Goitein. Yes.
    Mr. Poe. So they got that information----
    Ms. Goitein. Seize it all together.
    Mr. Poe. Yeah, it's all together.
    And they got that information. And I think what you said 
from the last question was they, in essence, keep that 
information forever.
    Ms. Goitein. Not forever. Five years is the standard----
    Mr. Poe. But they've got excuses.
    Ms. Goitein. But there are a lot of exceptions.
    Mr. Poe. A lot of exceptions, yeah.
    So they've got this information. And I don't believe the 
NSA ever destroys information, ever, on anybody. But once they 
have that information--and then they determine that that 
information is that this person, this American, may have 
violated the law.
    Then they make that person a target, they've got more 
information, and then they can file criminal charges on that 
information. Is that right or not?
    Ms. Goitein. Well, I mean, what worries me is--I guess it 
depends what you meant by making the American a target. If they 
actually made the American a target, legally speaking, and went 
and got a warrant or a FISA Court order, we'd be in a different 
world. But that's not what happens.
    Mr. Poe. But that's not what they do. That's not what they 
do. They get the information, they read the information, it's 
inadvertent, ``Oh, this guy may be a troublemaker as well,'' 
and they get more information based upon connecting all the 
dots to his emails, his phone calls, you know, his 
conversations with his mother-in-law. They get all that 
information, and then they can file criminal charges on him.
    Ms. Goitein. That's right. And they don't just have to 
stumble upon the information. That's what the backdoor search 
is.
    Mr. Poe. Right.
    Ms. Goitein. The backdoor search is when the FBI says: I 
have a criminal investigation on Joe Blow. And, look, I have 
this huge database. There's a bunch of section 702 data in it. 
But I'm going to query that data to see what I know about Joe 
Blow.
    Mr. Poe. That's right.
    So they come across the information through a FISA warrant. 
They get the information on the American. And then they file 
criminal charges. And all of that is done without a search 
warrant under the Fourth Amendment to the Constitution of the 
United States against that American citizen, correct?
    Ms. Goitein. That's correct.
    Mr. Poe. And I think that is illegal and a violation of the 
Constitution and an abuse of power by our government on 
Americans, for whatever my opinion is worth.
    Mr. Jordan. Mr. Chairman?
    Mr. Poe. I yield back.
    Mr. Marino. Mr. Jordan.
    Mr. Jordan. If I could, Mr. Chairman.
    So, just the example that Judge Poe just went through, just 
to be clear, all the answers you gave when you get to that same 
individual, that individual could be prosecuted for you 
believe, something that's not related to national security as 
well.
    Ms. Goitein. Well, I know that that individual can be 
prosecuted for something that's not related to national 
security. You had also asked whether I think that's actually 
happening. I think the FBI uses all the authorities it has.
    Mr. Jordan. Can I also ask, Mr. Chairman, how many times 
has the FBI--do we know how many times the FBI goes into that 
database and actually uses information gathered either under 
the FISA example that the judge just described or under a 702 
example that I described in my previous round of questions? Do 
you know how many times that happens?
    We'll let the FBI answer. How about that?
    Mr. Klein. The Privacy and Civil Liberties Oversight Board 
has commented on that, and they said that it's extremely rare 
that a query in a non-national-security investigation returns 
information about a U.S. person from 702, but we don't know 
what the exact number is. Actually, the FBI has been ordered by 
the Foreign Intelligence Surveillance Court to count that 
number.
    So one pragmatic, relatively simple thing the Committee 
could do is require that number to be published, obviously not 
the details of the individual cases, but that top-line number 
could add some transparency. And if the number turns out to be 
really low, that might relieve some people's concerns about 
this practice.
    Mr. Jordan. Do you know that number, or you're currently 
trying to ascertain that number?
    Mr. Klein. No, no, I don't, but the FBI does, because it 
has to report every case where a query in a non-national-
security investigation comes back with 702----
    Mr. Jordan. Okay, then you misunderstood. The FBI knows 
that number right now.
    Mr. Klein. They're counting every case, so they know the 
number. And they're reporting it to the Foreign----
    Mr. Jordan. But you're not allowed to give it to us today.
    Mr. Klein. No. I'm a private citizen at a think tank, so 
I----
    Mr. Jordan. I thought you were with the FBI. Excuse me. I 
hadn't looked at the witness list that close. I thought you had 
some affiliation with the FBI.
    Mr. Klein. Maybe I look like it.
    Mr. Jordan. You look like it.
    Ms. Goitein. Could I add one quick thing to that? Which is 
I think it's also important, even though the court did not ask 
for this, for the FBI to report the number of----
    Mr. Marino. Okay. I have to ask you to just cease for a 
moment. The Chairman of the full Committee, Chairman Goodlatte, 
has to leave after he asks his questions, so then perhaps we 
can get back.
    So the Chair recognizes Chairman Goodlatte.
    Mr. Goodlatte. Thank you, Mr. Chairman. And I have no 
problem with going back to Mr. Jordan's questions if he'd like 
to pursue them further.
    And I do agree that we do need to address that issue with 
regard to what Fourth Amendment protections are given to U.S. 
citizens whose data goes through this process where it's taken 
by the NSA, a portion of that, a small portion, goes to the 
FBI, and the FBI saves it over a long period of time. I have 
questions both about the long-term retention of it and about 
what kind of threshold the government has to meet before they 
can use that information in a criminal case. So I think that's 
a legitimate issue that we need to consider as we reauthorize 
this program.
    I also think it's very important that we reauthorize the 
program, however. And I want to turn back to Ms. Doss, so maybe 
you can get us focused on the positive value of this. Because 
it doesn't appear well-understood that the NSA is a Department 
of Defense entity that supports the warfighter. And as former 
counsel to the NSA, I'm sure you are more familiar than the 
rest of us that NSA intelligence supports our military.
    So is 702 collection used to assist our men and women in 
uniform?
    Ms. Doss. In my experience, yes, absolutely, it is.
    And former Director of the NSA Michael Hayden, when he was 
still there, talked often about the ways in which, in a post-9/
11 world, tactical intelligence and national intelligence were 
really converging. Once upon a time, tactical intelligence to 
support warfighters on the battlefield was very much about 
troop movements.
    It still, of course, includes that, but in an era of 
asymmetric terrorist activity and asymmetric warfare, as many 
of our troops overseas are engaged in, the same information 
about terrorist plans and intentions that can protect the 
national borders and the broader national security absolutely 
has proven critical to protecting the warfighter as well.
    Mr. Goodlatte. Thank you.
    And, Mr. Klein, I appreciated your comments a moment ago. 
I'd like to follow up on the discussion about the Privacy and 
Civil Liberties Oversight Board, popularly known as PCLOB. And 
I'd like to know whether you believe that the PCLOB still 
serves as a valuable independent body for reviewing U.S. 
Government surveillance programs.
    Mr. Klein. I do. I think it does.
    Unfortunately, with only two members and soon to have one 
member, because one of the remaining members has been nominated 
for a high-ranking position in the Department of Justice, they 
do not have a quorum, which means they can't take official 
action. So, unfortunately, the Board is effectively paralyzed.
    Mr. Goodlatte. How many members of the Board are there?
    Mr. Klein. There are five.
    Mr. Goodlatte. And how long has it been that there have 
been fewer than three?
    Mr. Klein. It's relatively recent. The Chairman resigned 
last summer, which created its own problems. Only the Chairman 
can hire staff under the statute.
    Mr. Goodlatte. So is this an indication of a lack of 
interest or support in it by first the Obama administration, 
now the Trump administration? Or is it just circumstance that 
makes it ineffective right now?
    Mr. Klein. I don't think it's specific to any 
Administration. This is a longstanding problem going back to 
when the Board was created. This is back well before 2010, and 
the Board scuffled around for years struggling to find enough 
members and staff to do its work.
    I want to emphasize that this isn't just a privacy and 
civil liberties issue, although it is that. It's also an 
important issue for our national security. This is an important 
part of our case domestically but also to the international 
community that we have rigorous and multilayered oversight.
    And evidence of that is the fact that the general counsel 
of the Office of the Director of National Intelligence in his 
letter explaining all of the rigorous oversight we have to our 
allies in Europe cited the Board as one element of that 
oversight.
    So I think even if you support this program, as I do, if 
you think it's important for national security, if you want it 
to be perceived as credible, we need to keep this board going.
    Mr. Goodlatte. Should the reauthorization of the FISA 
Amendments Act look to strengthen the PCLOB?
    Mr. Klein. Yes, I think it should. I actually have three 
specific proposals that the Committee can consider.
    The most forward-leaning one is to require, as part of the 
FISA Court's annual review, it to certify that the President 
has made nominations to fill any vacancies. Now, I think it 
should be limited to nominations. We don't want this program 
getting caught up in nomination politics. But that would give 
Presidents an adequate incentive to staff something that, after 
all, doesn't report to the President; you can understand why 
it's not the number-one priority.
    Mr. Goodlatte. Are these Senate-confirmed?
    Mr. Klein. These are Senate-confirmed positions. Four of 
them are part-time, but they're all Senate-confirmed.
    Two other things that the Congress could do: The Board is 
subject to what's called the Government in the Sunshine Act. 
This applies broadly across the government to multimember 
agencies. But it's a very bad fit for this board, which, after 
all, does not exercise regulatory power. We're not talking 
about smoke-filled rooms and dealmaking here. This is just 
oversight. And four of them are part-time, so they need to 
collaborate informally. So requiring them to go through a very 
formal process just to hold a meeting really hampers them, 
unfortunately.
    Mr. Goodlatte. All right. We'll look at that. That's a good 
suggestion.
    You had a third one as well?
    Mr. Klein. Yes, I did. The Chairman is the only person who 
can hire staff. So if the Chairman resigns or is otherwise 
incapacitated, the Board is paralyzed from hiring staff.
    Now, that's not an immediate problem right now, as I 
understand it; they are pretty well staffed up. But the Senate 
Intelligence Committee has proposed this, and I think it's a 
good idea: If the Chair is vacant, allow the other members to 
unanimously exercise the powers of the Chairman.
    Mr. Goodlatte. Thank you.
    Professor Kosseff, can privacy and national security 
coexist?
    Mr. Kosseff. Absolutely. And I think 702 is a good example 
of it, in terms of the various levels of oversight from all 
three branches of the government, the development of 
minimization and targeting procedures, both by the executive 
branch and being approved by the FISA Court. I think that that 
shows a real concern for both protecting national security 
while making sure that privacy still is at the forefront.
    Obviously, all of the procedures can be improved. And, on 
the flip side, there's never going to be perfect security or 
perfect privacy, and there's always going to be some policy 
decisions to be made. But I do think 702, in many ways, is a 
model of considering both the very difficult considerations of 
security in an era when our telecommunications infrastructure 
is very different from the 1978 era, when we initially had 
FISA, while at the same time protecting privacy.
    So the answer is, yes, absolutely.
    Mr. Goodlatte. Some have argued that section 702 must 
respect human rights, essentially extending American 
constitutional rights to foreign nationals. Do you have an 
opinion on extending constitutional rights to foreigners?
    Mr. Kosseff. I think that's a tough decision--or a tough 
issue that's come up with the ICCPR issue as well as PPD-28. 
And I think, in some ways, there are a number of statutory 
provisions within 702 that do apply both to U.S. persons and 
non-U.S. persons, including the various disclosure limits, the 
purpose limits, penalties for misuse. So I'd be concerned about 
extending, just as a practical matter of government 
surveillance and intelligence operations, and I think on the--
--
    Mr. Goodlatte. It would completely change the meaning----
    Mr. Kosseff. Yeah, yeah.
    Mr. Goodlatte [continuing]. Of intelligence gathering, 
wouldn't it?
    Mr. Kosseff. Yeah.
    Mr. Goodlatte. It would put the U.S. at a severe 
disadvantage, since I'm not aware of other major countries that 
gather intelligence respecting even the rights of their own 
citizens, much less foreign nationals.
    Mr. Kosseff. I think it's a tough balance. I think there's 
a lot of concern about if the United States is not seen as 
adequately respecting privacy of non-U.S. persons, then there 
could be implications for the privacy shield, for example.
    But I don't have personal experience in intelligence 
operations, but I think it would probably create a number of 
very difficult logistical issues if we were to do that.
    Mr. Goodlatte. Very good. Thank you.
    Thank you, Mr. Chairman. And, Mr. Chairman, if you wouldn't 
mind, after you've asked the additional questions you wish to, 
just adjourn the hearing.
    Mr. Jordan [presiding]. Yep. I'd be happy to. Thank you.
    Mr. Goodlatte. Thank you.
    Mr. Jordan. I want to thank the Chairman for his questions 
and work.
    The Chairman asked the question, can privacy and security 
coexist, but--and I have utmost respect for the Chairman, but 
it seems to me the question for this Committee is not that 
question. The question for this Committee, the question for all 
of us is, is 702 consistent with the Constitution. I mean, 
that's the fundamental question.
    And, Mr. Kosseff, do you think that that's, I guess, the 
appropriate question, and do you think it's actually happening?
    Mr. Kosseff. I think it is the appropriate question. And I 
think, based on what we have in the public record of how 702 
operates, I think that it currently is consistent with the 
Fourth Amendment, but I give two important caveats.
    First, it's not a static answer. The answer could always 
change in the future based on any additional discovery of 
operational problems with 702 or how it's being used. And I 
think one key to that is figuring out exactly how you analyze 
the Fourth Amendment issues.
    Mr. Jordan. Yes.
    Mr. Kosseff. As I've testified early----
    Mr. Jordan. I guess you think it's constitutional, but it 
sounds like you think it's pretty darn important to be 
skeptical----
    Mr. Kosseff. Absolutely.
    Mr. Jordan [continuing]. Or be concerned.
    Mr. Kosseff. Absolutely.
    Mr. Jordan. I would argue that too. I mean, think about 
what we've witnessed in last several years. We saw the IRS 
target people for exercising their First Amendment free speech 
rights, go after people for political reasons. I mean, you 
could look at the Flynn situation that Congressman Labrador 
brought up.
    So, in that context, holy cow, I would almost say we better 
be more than skeptical, we better be cynical about it.
    Keep going. I'm sorry.
    Mr. Kosseff. I think there needs to be constant, rigorous 
oversight. I think that there has been, both from your 
Committee, the other Committees, as well as the FISA Court, if 
you look at some of the changes that have been made to things 
like the MCT issue in response to the FISA Court. I think there 
has been rigorous oversight. But I think it has to be constant. 
And we can't just rest on one assessment that it's operating 
fine; it has to be constantly evaluated.
    Mr. Jordan. Okay.
    Ms. Doss, do you think that's the appropriate question, is 
702 consistent with the Constitution?
    Ms. Doss. Absolutely. And, in my view, it is----
    Mr. Jordan. Okay.
    Ms. Doss [continuing]. Both as----
    Mr. Jordan. I had a feeling you were going to say that. 
Yeah, yeah.
    And, Ms. Goitein, what do you think?
    Ms. Goitein. I certainly think it's the most important 
question. In my view, it's not constitutional, but I don't 
dispute the authority of the judges who have said otherwise. I 
just think that, as I said, this is a case of the law failing 
to keep up with technology. That happens. That happens often. 
And it becomes your job to step in and fill the constitutional 
gap.
    Mr. Jordan. Mr. Klein?
    Mr. Klein. Yes, I agree that that's the first question. I 
don't think it's necessarily the last question. Even if it is 
constitutional, which I personally believe it is--and two 
courts have said so--you can ask whether it's wise or whether 
there's more information that we'd like to collect.
    So, on the subject of incidental collection, which you 
talked about before, how much of Americans' data is getting 
caught up in this, the Privacy and Civil Liberties Oversight 
Board actually recommended five categories of data, including 
several of the things that Ms. Goitein was talking about, that 
the intelligence community is supposed to collect and report to 
Congress and to publish, to the extent consistent with national 
security. That's called Recommendation 9.
    Mr. Jordan. Okay.
    Mr. Klein. That's a good place to start. So there are 
things we can do inform----
    Mr. Jordan. Let me ask about that, the dialogue you had 
with the Chairman on this Civil Liberties Protection Board or 
whatever the official title is. I asked you questions my last 
round about how many times the FBI queries the database and 
they get information that was derived from a 702. Does this 
oversight board know that number?
    Mr. Klein. Nobody knows the exact number of queries. The 
reason is that the FBI does not normally code its queries for 
nationality, because nationality is not relevant to most 
investigations. I think it would be good to have an estimate of 
the number of queries. It's a fairly routine practice, 
according to the Board, so the estimate would be high.
    Mr. Jordan. So, on the same question I started off--about a 
half an hour ago, I asked a question that we sent to Mr. 
Clapper about the number of communications or transactions 
involving United States persons subject to 702 surveillance on 
an annual basis, and we got the response back and said they 
couldn't figure that out. Does this board know that number?
    Mr. Klein. They don't, no. Nobody knows that number. To do 
that, they would have to either go through every communication, 
which is simply infeasible, or some representative----
    Mr. Jordan. We just heard--I mean, I've got to believe that 
the NSA knows that number or they can get an estimate. Does the 
Board know the estimate?
    Mr. Klein. No. There is no estimate.
    I mean, the reason why an estimate might be difficult is 
because emails typically don't disclose, on their face, the 
nationality of the people communicating. In some cases, you 
might have the information telling you the location from where 
the email was sent; in other cases, you might not. Even still, 
that's not a perfect proxy.
    And the question is, to find that out, to find out if the 
person is a U.S. citizen, what else would you have to do? Would 
you have to use other types of surveillance to get additional 
information about who that email address belongs to? That could 
create greater privacy harms.
    So, while I agree with the motivations behind the letter 
and I agree that the estimate would be worth having and a good 
thing to have, I do sympathize with the intelligence community 
because there are real, practical obstacles that they're facing 
in creating such an estimate.
    That's why I think we should look at the Recommendation 9 
from the Privacy Board. There are five types of information 
that are a decent starting point for finding out incidental 
collection. Let's get those counts, let's get them public to 
the extent possible.
    Mr. Jordan. Tell me those five.
    Mr. Klein. Let's see. I have them here.
    Mr. Jordan. Or have you given us something in writing on 
that already? Okay. That's fine.
    Mr. Klein. Yeah, I mean, I can read them, but it'd probably 
be better to give them to you in writing.
    Mr. Jordan. That's fine. That's fine. All right.
    Ms. Goitein?
    Ms. Goitein. Quickly. The NSA has determined that the IP 
address is an accurate enough indicator of a person's status as 
a U.S. person being domestically located, or being located 
overseas, to use it to filter out the wholly domestic 
communications that the NSA is prohibited from acquiring.
    If it's accurate enough to enable the NSA to comply with 
that constitutional obligation, then it's certainly accurate 
enough for the estimate----
    Mr. Jordan. It's certainly accurate enough to give us a 
count.
    Ms. Goitein [continuing]. That we're looking for.
    And just one other quick point about oversight and the 
importance of oversight, which I do not dispute; I think 
oversight is incredibly important. But it's not an end in 
itself, and it's never a substitute for adequate substantive 
limits in the law. If the law and the rules allow the FBI to 
read Americans' emails without obtaining a warrant, then the 
FBI could be scrupulously adhering to those rules and we still 
have a problem.
    Mr. Jordan. Yep. Well-said.
    I want to thank you all for being here today.
    And the Committee is adjourned.
    [Whereupon, at 4:45 p.m., the Committee was adjourned.]

                                 [all]