[House Hearing, 113 Congress]
[From the U.S. Government Publishing Office]
THE ADMINISTRATION'S USE OF
FISA AUTHORITIES
=======================================================================
HEARING
BEFORE THE
COMMITTEE ON THE JUDICIARY
HOUSE OF REPRESENTATIVES
ONE HUNDRED THIRTEENTH CONGRESS
FIRST SESSION
__________
JULY 17, 2013
__________
Serial No. 113-45
__________
Printed for the use of the Committee on the Judiciary
Available via the World Wide Web: http://judiciary.house.gov
U.S. GOVERNMENT PRINTING OFFICE
81-982 WASHINGTON : 2013
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC
area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, Washington, DC
20402-0001
COMMITTEE ON THE JUDICIARY
BOB GOODLATTE, Virginia, Chairman
F. JAMES SENSENBRENNER, Jr., JOHN CONYERS, Jr., Michigan
Wisconsin JERROLD NADLER, New York
HOWARD COBLE, North Carolina ROBERT C. ``BOBBY'' SCOTT,
LAMAR SMITH, Texas Virginia
STEVE CHABOT, Ohio MELVIN L. WATT, North Carolina
SPENCER BACHUS, Alabama ZOE LOFGREN, California
DARRELL E. ISSA, California SHEILA JACKSON LEE, Texas
J. RANDY FORBES, Virginia STEVE COHEN, Tennessee
STEVE KING, Iowa HENRY C. ``HANK'' JOHNSON, Jr.,
TRENT FRANKS, Arizona Georgia
LOUIE GOHMERT, Texas PEDRO R. PIERLUISI, Puerto Rico
JIM JORDAN, Ohio JUDY CHU, California
TED POE, Texas TED DEUTCH, Florida
JASON CHAFFETZ, Utah LUIS V. GUTIERREZ, Illinois
TOM MARINO, Pennsylvania KAREN BASS, California
TREY GOWDY, South Carolina CEDRIC RICHMOND, Louisiana
MARK AMODEI, Nevada SUZAN DelBENE, Washington
RAUL LABRADOR, Idaho JOE GARCIA, Florida
BLAKE FARENTHOLD, Texas HAKEEM JEFFRIES, New York
GEORGE HOLDING, North Carolina
DOUG COLLINS, Georgia
RON DeSANTIS, Florida
JASON T. SMITH, Missouri
Shelley Husband, Chief of Staff & General Counsel
Perry Apelbaum, Minority Staff Director & Chief Counsel
C O N T E N T S
----------
JULY 17, 2013
Page
OPENING STATEMENTS
The Honorable Bob Goodlatte, a Representative in Congress from
the State of Virginia, and Chairman, Committee on the Judiciary 1
The Honorable John Conyers, Jr., a Representative in Congress
from the State of Michigan, and Ranking Member, Committee on
the Judiciary.................................................. 3
WITNESSES
James Cole, United States Department of Justice
Oral Testimony................................................. 6
Robert S. Litt, Office of Director of National Intelligence
Oral Testimony................................................. 8
John C. Inglis, National Security Agency
Oral Testimony................................................. 9
Stephanie Douglas, FBI National Security Branch
Oral Testimony................................................. 12
Stewart A. Baker, Steptoe & Johnson, LLP
Oral Testimony................................................. 67
Prepared Statement............................................. 69
Jameel Jaffer, American Civil Liberties Union (ACLU)
Oral Testimony................................................. 84
Prepared Statement............................................. 86
Steven G. Bradbury, Dechert, LLP
Oral Testimony................................................. 102
Prepared Statement............................................. 104
Kate Martin, Center for National Security Studies
Oral Testimony................................................. 110
Prepared Statement............................................. 112
LETTERS, STATEMENTS, ETC., SUBMITTED FOR THE HEARING
Material submitted by the Honorable F. James Sensenbrenner, Jr.,
a Representative in Congress from the State of Michigan, and
Member, Committee on the Judiciary............................. 18
APPENDIX
Material Submitted for the Hearing Record
Questions for the Record submitted to James Cole, United States
Department of Justice; Robert S. Litt, Office of Director of
National Intelligence; John C. Inglis, National Security
Agency; and Stephanie Douglas, FBI National Security Branch.... 136
Response to Questions from the Hearing from Stewart A. Baker,
Steptoe & Johnson, LLP......................................... 138
Response to Questions for the Record from Jameel Jaffer, American
Civil Liberties Union (ACLU)................................... 139
Response to Questions from the Hearing and for the Record from
Kate Martin, Center for National Security Studies.............. 141
THE ADMINISTRATION'S USE OF
FISA AUTHORITIES
----------
WEDNESDAY, JULY 17, 2013
House of Representatives
Committee on the Judiciary
Washington, DC.
The Committee met, pursuant to call, at 10:11 a.m., in room
2141, Rayburn House Office Building, the Honorable Bob
Goodlatte (Chairman of the Committee) presiding.
Present: Representatives Goodlatte, Sensenbrenner, Coble,
Smith of Texas, Chabot, Bachus, Forbes, King, Gohmert, Poe,
Chaffetz, Gowdy, Labrador, Farenthold, Holding, Collins,
DeSantis, Conyers, Nadler, Scott, Lofgren, Jackson Lee, Cohen,
Johnson, Chu, Deutch, DelBene, Garcia, and Jeffries.
Staff Present: (Majority) Shelley Husband, Chief of Staff &
General Counsel; Branden Ritchie, Deputy Chief of Staff & Chief
Counsel; Allison Halataei, Parliamentarian & General Counsel;
Caroline Lynch, ; Sam Ramer, Majority Counsel; Kelsey
Deterding, Clerk; (Minority) Perry Apelbaum, Minority Staff
Director & Chief Counsel; Danielle Brown, Parliamentarian; and
Aaron Hiller, Counsel.
Mr. Goodlatte. Good morning. The Judiciary Committee will
come to order. And without objection, the Chair is authorized
to declare recesses of the Committee at any time.
We welcome everyone to this morning's hearing on oversight
of the Administration's use of FISA Authorities, and I will
begin by recognizing myself for an opening statement.
Today's hearing will examine the statutory authorities that
govern certain programs operated under the Foreign Intelligence
Surveillance Act, or FISA. Since the unauthorized public
release of these programs, many Members of Congress and their
constituents have expressed concern about how these programs
are operated and whether they pose a threat to Americans' civil
liberties and privacy. We have assembled two panels of
witnesses today to help us explore these important issues.
Last month, Edward Snowden, an unknown former NSA
contractor and CIA employee, released classified material on
top secret NSA data collection programs. On June 5th, the
Guardian released a classified order issued by the Foreign
Intelligence Surveillance Court requested by the FBI to compel
the ongoing production for a 3-month period of call detail
records, or telephony metadata. Telephony metadata includes the
numbers of both parties on a call, unique identifiers, and the
time and duration of all calls.
On June 6th, classified information regarding a second
program, the PRISM program, was reported by the Guardian and
the Washington Post. News reports described the program as
allowing the NSA to obtain data from electronic service
providers on customers who reside outside the United States,
including email, chat, photos, videos, stored data, and file
transfers.
Both of these programs are operated pursuant to statutory
provisions in FISA or the FISA Amendments Act. FISA was enacted
to provide procedures for the domestic collection of foreign
intelligence. When FISA was originally enacted in 1978, America
was largely concerned with collecting intelligence from foreign
nations, such as the Soviet Union, or terrorist groups like the
FARC in Colombia. FISA set forth procedures for how the
Government can gather foreign intelligence inside the United
States about foreign powers and their agents.
The intelligence landscape has changed dramatically over
the last 30 years. Today, we are confronted with ongoing
threats from terrorist organizations, some of which are well
structured, but most of which are loosely organized, as well as
threats from individuals who may subscribe to certain beliefs
but do not belong to a specific terrorist group. The FISA
business record provision, often referred to as Section 215 of
the PATRIOT Act, allows the FBI to access tangible items,
including business records in foreign intelligence,
international terrorism, and clandestine intelligence
investigations.
Unlike grand jury or administrative subpoenas in criminal
investigations, which can simply be issued by a prosecutor, a
FISA business records order must first be approved by a Federal
judge. Similar to grand jury or administrative subpoenas, a
FISA business record order cannot be used to search a person's
home, to acquire the content of emails, or listen to telephone
calls. It can only be used to obtain third-party records.
Critics of the metadata program object to its breadth,
namely the ongoing collection of all customers' telephony
metadata, and question whether this program conforms to
Congress' intent in enacting Section 215 of the PATRIOT Act. I
hope to hear from today's witnesses about this, about how the
collection of this metadata is relevant to a foreign
intelligence or terrorism investigation and about whether a
program of this size is valuable and cost effective in
detecting and preventing terrorist plots.
In the 40 years since FISA enactment, communications
technologies have changed dramatically and revolutionized the
transmission of international communications. The shift from
wireless satellite communications to fiber optic wire
communications altered the manner in which foreign
communications are transmitted.
The use of wire technology inside the United States to
transmit a telephone call that takes place overseas had the
unintended result of requiring the Government to obtain an
individualized FISA court order to monitor foreign
communications by non-U.S. persons. Congress enacted in 2008
and reauthorized just last year the bipartisan FISA Amendments
Act to update our foreign intelligence laws.
The FAA permits the Attorney General and the Director of
National Intelligence to target foreign persons reasonably
believed to be located outside the United States to acquire
foreign intelligence information. The act requires for the
first time in U.S. history prior court approval of all
Government surveillance using these authorities, including
court approval of the Government's targeting and minimization
procedures.
The PRISM program derives its authority from Section 702 of
the FAA. It involves the collection of foreign intelligence
information about non-U.S. persons located outside the United
States. To the extent the program captures information
pertaining to U.S. citizens, such interception can only be
incidental, and the handling of such information is governed by
court-approved minimization procedures.
I look forward to hearing from our witnesses today in
greater detail about how the Government limits its targeting
under 702 to non-U.S. persons outside the U.S. and a
description of the oversight performed by the Administration
and the FISC of this program, including the effectiveness of
the current auditing of Section 702.
The terrorist threat is real and ongoing. The Boston
bombing reminded us all of that. I am confident that everyone
in this room wishes that tragedy could have been prevented. We
cannot prevent terrorist attacks unless we can first identify
and then intercept the terrorist.
However, Congress must ensure that the laws we have enacted
are executed in a manner that is consistent with congressional
intent and that protects both our national security and our
civil liberties. We must ensure that America's intelligence
gathering system has the trust of the American people.
It is now my pleasure to recognize the Ranking Member of
the full Committee, the gentleman from Michigan, Mr. Conyers,
for his opening statement.
Mr. Conyers. Thank you, Chairman Goodlatte and Members of
the Committee.
We are on Judiciary, which is the Committee of primary
jurisdiction for both of the authorities we are here to discuss
today, Section 215 of the PATRIOT Act and Section 702 of the
FISA Amendments Act. Over the past decade, the Members of this
Committee have vigorously debated the proper balance between
our safety and our constitutional right to privacy.
And so, I join in welcoming the two panels--four each, very
fairly made up--to this discussion today. I think it is an
important one.
But we never at any point during this debate have approved
the type of unchecked sweeping surveillance of United States
citizens employed by our Government in the name of fighting the
war on terrorism. Section 215 authorizes the Government to
obtain certain business records only if it can show to the FISA
court that the records are relevant to an ongoing national
security investigation.
Now what we think we have here is a situation in which if
the Government cannot provide a clear public explanation for
how its program is consistent with the statute, then it must
stop collecting this information immediately. And so, this
metadata problem to me has gotten quite far out of hand, even
given the seriousness of the problems that surround it and
created its need.
Now I have another concern that pertains to the
Administration's track record of responding to the criticisms
of these programs. We know Director Clapper's misstatements and
others. National Security Agency Director General Keith
Alexander had to make retractions. Even FBI Director Robert
Mueller is not empowered to rewrite history.
But what we have is our conversation, which requires
focusing on improving both more public scrutiny and
congressional oversight of these programs. Over the last few
weeks, the Administration has asserted that its conduct of this
surveillance with congressional support because they have
briefed some Members of these programs in the past. But that is
not sufficient since we are in a catch-22 situation in a
classified briefing in a secure setting, and we cannot discuss
it publicly, certainly not even with our constituents. But if
we skip the briefing, we risk being uninformed and unprepared.
One simple solution to this problem would be to publicly
release significant FISA court opinions or, at the very least,
unclassified summaries of these opinions. This solution would
have the added benefit of subjecting the Government's legal
claims to much-needed public scrutiny.
Over the past decade, the court has developed a body of law
that instructs the Government about what it may do with the
information it collects. There is no legitimate reason to keep
this legal analysis from public interest any longer. And if we
are to strike the right balance with these surveillance
authorities, which I think is an important purpose of the
hearing today, then we must bring the public into the
conversation as soon as it is appropriate and without delay.
And I am not talking about releasing any classified
information. Instead of simply asking our constituents to trust
us, I am asking you and the executive branch to trust them. And
the need for more declassification I think is very dominant, in
my opinion, as to how we should move this today.
And I thank the Chair.
Mr. Goodlatte. I thank the Ranking Member for his comments
and would say in regard I share his concern about some
classified information that does not need to be classified.
I also would say that because of the nature of the
questions that we would like to ask, some of which cannot be
asked or answered here in an open hearing, we will definitely
be planning a second hearing on this subject, where we can ask
those questions in a classified setting to, again, assure
ourselves of the answers that we need.
Before we begin with questions for our witnesses, I want to
stress that the--oh, first of all, without objection, all our
Members' opening statements will be made a part of the record.
Before we begin with questions for our witnesses, I must
stress that the programs this hearing is addressing remain
classified. I expect the witnesses appearing before us today,
particularly on our first panel, to answer questions from
Members with as much candor as possible, given the unclassified
setting.
But I also wish to caution Members of the Committee that
they should be cognizant of this unique dynamic when phrasing
their questions. The simple fact that certain programs have
been leaked does not mean that they have been declassified, and
Members and witnesses alike would be violating the law were
they to disclose classified information during this hearing.
I would also like to note that the Committee intends to
hold a subsequent classified briefing for Members so that we
have an opportunity to more closely examine those programs and
pose questions to our witnesses that are not appropriate in
this open setting.
We welcome our first panel today. And if you would all
please rise, we will begin by swearing in the witnesses.
[Witnesses sworn.]
Mr. Goodlatte. Thank you very much.
Let the record reflect that all of the witnesses responded
in the affirmative, and we will now proceed to introduce our
witnesses.
Our first witness is Mr. James Cole, the Deputy Attorney
General of the United States at the Department of Justice. Mr.
Cole first joined the agency in 1979 as part of the Attorney
General's Honors Program and served the department for 13 years
as a trial lawyer in the Criminal Division.
He entered private practice in 1992 and was a partner at
Bryan Cave, LLP, from 1995 to 2010, specializing in white-
collar defense. Mr. Cole has also served as chair of the
American Bar Association White Collar Crime Committee and as
chair-elect of the ABA Criminal Justice Section.
Mr. Cole received his bachelor's degree from the University
of Colorado and his juris doctor from the University of
California at Hastings. We are fortunate to have him and his
expertise with us today.
Our second witness is Mr. Robert S. Litt, the second
general counsel of the Office of the Director of National
Intelligence. Previously, Mr. Litt was a partner at Arnold &
Porter, LLP, and served as a member of the Advisory Committee
to the Standing Committee on Law and National Security at the
American Bar Association. From 1994 to 1999, he served as
Deputy Assistant Attorney General at the U.S. Department of
Justice, where he worked on issues of national security,
including FISA applications.
He began his legal career as a clerk for Judge Edward
Weinfeld of the Southern District of New York and Justice
Potter Stewart of the United States Supreme Court. Mr. Litt
earned his bachelor's degree from Harvard University and his
law degree from Yale. We welcome his experience and expertise.
The third member of our first witness panel is Mr. John C.
Inglis, the Deputy Director and senior civilian leader of the
National Security Agency, acting as the agency's Chief of
Operations. Mr. Inglis began his career at NSA as a computer
scientist within the National Computer Security Center.
Promoted to NSA's Senior Executive Service in 1997, he
subsequently served in a variety of senior leadership
assignments and twice served away from NSA headquarters, first
as a visiting professor of computer science at the United
States Military Academy and later as the U.S. special liaison
to the United Kingdom.
Mr. Inglis is a graduate of the United States Air Force
Academy, subsequently completing 9 years of active service and
21 years as a member of the Air National Guard. He holds
advanced degrees in engineering and computer science from
Columbia University, Johns Hopkins University, and the George
Washington University. And we thank him for joining us and
sharing his expertise as well.
And finally on the first panel, Ms. Stephanie Douglas,
Executive Assistant Director of National Security Branch of the
Federal Bureau of Investigations. Ms. Douglas began as a
special agent with the FBI in November 1989. She first reported
to the Washington Field Office, where she worked violent crime,
public corruption, and national security matters.
Before returning to the FBI headquarters in 2007, she
served as an FBI detailee to the CIA's Counterintelligence
Center, as well as supervisory special agent for a
counterintelligence squad at the Washington Field Office,
directing sensitive national security investigations. Before
assuming her current post, Ms. Douglas was special agent-in-
charge of the San Francisco Division.
Ms. Douglas earned her bachelor's degree in history at the
University of Tennessee, and we are pleased to have her share
her expertise with us today as well.
We thank all of you for joining us, and we will turn first
to Mr. Cole for his testimony.
TESTIMONY OF JAMES COLE,
UNITED STATES DEPARTMENT OF JUSTICE
Mr. Cole. Thank you, Mr. Chairman, Mr. Ranking Member, and
Members of the Committee, for inviting us here to speak about
the 215 business records program and Section 702 of FISA.
With these programs and other intelligence activities, we
are constantly seeking to achieve the right balance between the
protection of national security and the protection of privacy
and civil liberties. We believe these two programs have
achieved the right balance.
First of all, both programs are conducted under laws passed
by Congress. Neither is a program that has been hidden away or
off the books. In fact, all three branches of Government play a
significant role in the oversight of these programs.
The judiciary, through the Foreign Intelligence
Surveillance Court, plays a role in authorizing the programs
and overseeing compliance. The executive branch conducts
extensive internal reviews to ensure compliance. And Congress
passes the laws and oversees our implementation of those laws
and determines whether or not the current law should be
reauthorized and in what form. I would like to explain in more
detail how this works with respect to each of the two programs.
The 215 program, as many of you have already heard,
involves the collection of metadata from telephone calls. These
are telephone records maintained by the phone companies.
They include the number that was dialed, the date and time
of the call, and the length of the call. They do not include
names or other personal identifying information. They do not
include cell site or other location information, and they do
not include the content of any phone calls.
These are the kinds of records that under longstanding
Supreme Court precedent are not protected by the Fourth
Amendment. The short court order that you have seen published
in the newspapers only allows the Government to acquire these
phone records. It does not allow the Government to access or
use them. That is covered by another, more detailed court
order.
That court order provides that the Government can only
search the data if it has a reasonable, articulable suspicion
that the phone number being searched is associated with certain
terrorist organizations. Deputy Director Inglis will explain in
more detail how this process works.
But suffice it to say that there are many restrictions
imposed on NSA to ensure that only properly trained analysts
may access the data and that they can only access it with
reasonable, articulable suspicion as a predicate and when it
has been met and documented. The documentation of the analysts'
justification is important. It exists so that it can be
reviewed by supervisors before the search is done and audited
afterwards to ensure compliance with the court's orders.
In the criminal context, the Government could obtain these
types of records with a grand jury subpoena without going to
court. But here, we go to court every 90 days to seek the
court's authorization to collect the records. As part of the
renewal process, we inform the court whether there have been
any compliance problems. And if there have been, the court will
take a very hard look and make sure we have corrected these
problems.
As we have explained before, the 11 judges on the FISA
court are far from rubber stamps. Instead, they review all of
our pleadings thoroughly. They question us, and they don't sign
off until they are satisfied that we have met all statutory and
constitutional requirements.
The 702 program is different. Under that program, the
Government does collect content of communications. Under 702,
the Government applies to the FISA court for an order allowing
it to collect the communications of non-U.S. persons reasonably
believed to be overseas. This order lasts for 1 year.
The statute does not allow us to collect--or excuse me,
does allow us to collect--communications even if the person on
the other end of that phone call or email is in the United
States or a U.S. person, but only if that is the result of a
non-U.S. person outside the United States having initiated the
call.
Importantly, the statute explicitly prohibits us from what
is known as ``reverse targeting.'' We can't use Section 702
indirectly to obtain the communications of U.S. persons
anywhere or any persons located in the United States by
targeting a non-U.S. person overseas.
Moreover, all U.S. person information collected is subject
to what we call minimization rules. These rules are designed to
restrict the dissemination, the use, and the retention of the
information about U.S. persons collected. These rules are
reviewed and approved by the court every year to ensure that we
are handling U.S. person information in a manner consistent
with the statute and the Fourth Amendment.
Both programs involve significant oversight by all three
branches of Government. The FISA court reviews and approves the
certifications and the Government's targeting and minimization
rules, and it oversees the Government's compliance with these
rules, the statute, and the Fourth Amendment.
Within the executive branch, multiple parts of the
Government--NSA, its Inspector General, the Office of the
Director of National Intelligence, and the Department of
Justice--conduct robust compliance reviews and provide
extensive reports on implementation and compliance to the FISA
court and to the Intelligence and Judiciary Committees.
And Congress conducts oversight, decides whether to
reauthorize the 702 authority, as it did in 2012 and as it did
with 215 authority in 2011.
We take very seriously our responsibility to the American
people to implement these programs in a manner that complies
with all laws and the Constitution and strikes the right
balance between protecting their safety and their privacy. I
know others on the panel have brief statements to make, and
then we are all ready to answer any questions you may have.
Thank you.
----------
Mr. Goodlatte. Thank you, Mr. Cole.
Mr. Litt, welcome.
TESTIMONY OF ROBERT S. LITT,
OFFICE OF DIRECTOR OF NATIONAL INTELLIGENCE
Mr. Litt. Thank you, Mr. Chairman, Mr. Ranking Member.
We appreciate your having this hearing. We think it is very
important to correct some of the misimpressions that have been
created about these activities, which, as the Deputy Attorney
General explained, are entirely lawful and appropriate for
protecting the Nation.
In my opening statement, I would like to make three related
points about the Foreign Intelligence Surveillance Court. The
first is that the activity that this court regulates, which is
the acquisition of foreign intelligence for national security
purposes, was historically outside of all judicial supervision.
In fact, courts have held that the Fourth Amendment does not
require a warrant at all for the conduct of surveillance for
foreign intelligence purposes.
FISA was passed in 1978 and at that time established for
the first time a requirement that we get a judicial order in
order to conduct certain kinds of foreign intelligence or
counterintelligence activities within the United States. But at
the time FISA was passed, it was clear that the Congress did
not intend that FISA would cover electronic surveillance
directed at non-U.S. persons outside of the United States for
foreign intelligence purposes.
And as you noted in your opening statement, because of
technological changes in the way international communications
are carried, over time more and more such surveillance--that is
to say foreign intelligence surveillance directed at non-U.S.
persons outside of the United States--more and more of that
began to fall within the technical definitions that required
FISA court approval, even though that was not what Congress had
intended.
So, in the FISA Amendments Act, Congress set up the
procedure of Section 702, which the Deputy Attorney General
described, to provide a degree of judicial supervision over
some kinds of foreign intelligence surveillance of foreigners
outside the United States. Properly viewed then, Section 702 is
not a derogation of the authority of the FISA court, but an
extension of the court's authority over a type of surveillance
that Congress originally had not intended would be subject to
the court at all.
The extent to which this Nation involves the courts in
foreign intelligence surveillance goes well beyond what is
required by the Fourth Amendment and I think beyond what other
countries require of their intelligence services.
The second point I want to make is to forcefully rebut the
notion that some have advanced that the FISA court is a rubber
stamp. It is true that the court approves the vast majority of
applications that the Government presents to it. But that does
not reflect any lack of independence or lack of care on the
part of the court.
Quite the contrary, the judges of the court and their full-
time professional staff review each application carefully, ask
questions, and can request changes or limitations. And an
application is not signed unless and until the judge is
satisfied that the application complies with the statute and
the Fourth Amendment.
And these are some of the best and most experienced Federal
judges in the country, and they take seriously their twin
obligations to protect national security and to protect
individual rights.
Finally, we agree with the Ranking Member and the Chairman
that we should strive for the maximum possible transparency
about the activities of the court, consistent with the need to
protect sensitive sources and methods. We have been working for
some time to declassify the court's opinions to the extent
possible.
But legal discussions and court opinions don't take place
in a vacuum. They derive from the facts of the particular case.
And I want to quote here from Judge Walton, who is now chief
judge of the FISA court, who said in a letter to the Senate
Intelligence Committee.
``Most FISC opinions rest heavily on the facts presented in
the particular matter before the court. Thus, in most cases,
the facts and legal analysis are so inextricably intertwined
that excising the classified information from the FISC's
analysis would result in a remnant void of much or any useful
meaning.''
That is an excellent and pithy summary of the challenge we
face in trying to declassify these opinions. Of course, as you
know, we do provide copies of all significant opinions of the
FISC to the Judiciary and the Intelligence Committees of both
houses. And I can tell you that in light of the recent
disclosures, we are redoubling our efforts to try to provide
meaningful public insight into the rulings of the FISA court,
again to the extent we can do that consistent with the need to
protect our intelligence activities.
With that, Mr. Chairman, I am glad to answer any questions
that you have.
Thank you.
----------
Mr. Goodlatte. Thank you, Mr. Litt.
Mr. Inglis, welcome.
TESTIMONY OF JOHN C. INGLIS, NATIONAL SECURITY AGENCY
Mr. Inglis. Good morning, sir.
Mr. Chairman, Mr. Ranking Member, Members of the Committee,
thank you for the opportunity to join with my colleagues here
today from the executive branch to brief and discuss with the
Committee issues that you have identified in your opening
remarks. I am privileged today to represent the work of
thousands of NSA, intelligence community, and law enforcement
personnel who employ the authorities provided by the combined
efforts of the Congress, Federal courts, and the executive
branch.
For its part, NSA is necessarily focused on the generation
of foreign intelligence. But we have worked hard and long with
counterparts across the U.S. Government and our allies to
ensure that we discover and connect the dots, exercising only
those authorities explicitly granted to us and taking care at
once to ensure the protection of civil liberties and privacy.
In my opening remarks, I would like to briefly review the
two NSA programs leaked to the media a little more than a month
ago, their purpose, and the controls imposed on their use--the
so-called 215 program authorizing the collection of telephone
metadata and the so-called PRISM program authorized under
Section 702 of the Foreign Intelligence Surveillance Act
Amendment.
Let me first say that these programs are distinguished, but
complementary tools with distinct purposes in oversight
mechanisms. Neither of the programs was intended to stand
alone, delivering singular results that tells the whole story
about a particular threat to our Nation or its allies.
Useful intelligence, the kind decision-makers should use as
the foundation of thoughtful action, is usually the product of
many leads--some of which focus and sharpen the collection of
additional data, some of which help connect and make sense of
that data, and the sum of which is intended to yield the
decisive and actionable conclusions that enable timely and
precise employment of traditional instruments of national
power, such as law enforcement and diplomacy.
The first program, which we undertake under Section 215 of
the PATRIOT Act, as you heard described earlier today,
authorizes the collection of telephone metadata only. It does
not allow the Government to listen to anyone's phone calls.
The program was specifically developed to allow the U.S.
Government to detect communications between terrorists who are
operating outside the United States and who are communicating
with potential operatives inside the United States, a gap
highlighted by the attacks of 9/11. In a phrase, this program
is designed and solely focused on the seam between foreign
terrorist organizations and the U.S. homeland.
However useful the data might be that is acquired under
this program for other purposes, its use for any other purpose
is prohibited. The metadata acquired and stored under this
program may be queried only when there is a reasonable,
articulable suspicion, one that you can describe and write
down, based on specific facts that a selector, which is
typically a phone number, is associated with a specific foreign
terrorist organization.
During 2012, we only initiated searches for information in
this dataset using fewer than 300 unique identifiers. The
information returned from these searches only included phone
numbers, not the content, the identity, or location of the
called or calling party.
Under rules approved by the court, only 22 people at NSA
are allowed to approve the selectors used to initiate the
search in this database. All queries are audited. Only 7
positions at NSA, a total of 11 people, are authorized to
release the query results believed to be associated with
persons in the United States.
Reports are filed with the court every 30 days that specify
the number of selectors that have been approved and the
disseminations made to the FBI of reports that contain numbers
believed to be in the U.S.
The Department of Justice conducts onsite review of the
program every 90 days. The executive branch, the Department of
Justice, reports to the court and the Congress on renewal
orders every 90 days, with an update on types of records
sought, received, or denied on an annual basis.
The second program, which we operate under Section 702 of
the FISA--the Foreign Intelligence Surveillance Act--authorizes
the collection of communications for the purpose of foreign
intelligence with the compelled assistance of electronic
communications service providers, sometimes called
telecommunications providers. Under this authority, NSA can
collect communications for foreign intelligence purposes only
when the person who is the target of our collection is a
foreigner who is at that moment outside the United States.
As you have heard earlier, we cannot use this authority to
intentionally target any U.S. citizen or other U.S. person, any
person known to be in the United States, a person outside the
United States if our purpose in targeting that person is to
acquire information from a person inside the United States.
This program has been key to our counterterrorism efforts. More
than 90 percent of information to support the 50 disruptions
that you will hear my colleague from the FBI briefly describe
came from Section 702 authorities.
A bit more about oversight. The oversight on these programs
operates under controls both internal and external to NSA,
including actions taken by the Department of Justice, the
Office of the Director of National Intelligence. There are
regular onsite inspections and audits. There are semi-annual
reports provided to the Congress and the Foreign Intelligence
Surveillance Court.
The men and women at NSA are not simply committed to
compliance with the law and the protection of privacy and civil
liberties, but they are actively trained and must be held
accountable to standards for that performance. This is also
true of contractors. The actions of one contractor should not
tarnish all contractors because they also do great work for our
Nation.
In concluding, I would note that our primary responsibility
at the National Security Agency--not alone, but across the
Federal Government--is to defend the Nation. These programs are
a core part of those efforts. We use them to protect the lives
of Americans and our allies and partners worldwide.
Over 100 Nations are capable of collecting signals
intelligence or operating a lawful intercept capability like
the one you are hearing described today. I think our Nation is
amongst the very best in protecting privacy and civil
liberties.
We look forward to the discussions that you have encouraged
today, but I also appreciate that this discussion takes place
at an unclassified level. I especially appreciate that the
Committee Chairman and the Committee have allowed for the
possibility that we might have classified discussions in an
appropriate setting because the leaks that have taken place of
classified information have constituted an irresponsible and
real damage to the capabilities that we will describe today.
Finally, whatever choices are made by this Nation on the
matter before us, in consultation and collaboration across the
three branches of Government, I assure you that NSA will
faithfully implement those choices in both spirit and
mechanism. To do otherwise would be to fail to take the only
oath that we take, to support and defend the whole of the U.S.
Constitution. That includes the protection both of national
security and civil liberties.
And sir, I look forward to your questions.
----------
Mr. Goodlatte. Thank you, Mr. Inglis.
Ms. Douglas, welcome.
TESTIMONY OF STEPHANIE DOUGLAS,
FBI NATIONAL SECURITY BRANCH
Ms. Douglas. Thank you, and good morning, Chairman
Goodlatte, Ranking Member Conyers, and Members of the
Committee. And thank you for an opportunity to be here today.
As you know, NSA and FBI enjoy a unique relationship, one
which has been invaluable since the events of 9/11. The
authorized tools available under the business records 215 and
FISA 702 complement many of the other investigative tools we
apply to our national security cases.
Together with human sources, physical surveillance, and
other logical investigation, 215 and 702 play a role in
providing us a more full understanding of our risks and gives
us an opportunity to proactively address national security
threats. I would like to give you just a few examples of where
these tools have played a significant role, specifically in
counterterrorism investigations.
And the first case I want to note is one that is very
familiar to this Committee, and that is of Najibullah Zazi. In
early September 2009, NSA, using their authorities under 702,
intercepted a communication between an al-Qaeda courier located
in Pakistan and an unknown U.S. person--U.S.-based person. This
U.S.-based person was inquiring about efforts to procure and
use explosive materials, and there was some urgency in his
communication.
NSA advised the FBI as to this communication, as it
represented a potential imminent threat to the homeland. Based
on the nature of the threat information, the FBI initiated a
full investigation and submitted a national security letter to
identify the subscriber. The subscriber came back to an
individual named Najibullah Zazi located in Denver, Colorado.
Additionally, NSA ran a phone number identifiable with Mr.
Zazi against the information captured under 215. NSA queried
the phone number and identified other Zazi associates. One of
those numbers came back to Adis Medunjanin, an Islamic
extremist located in Queens, New York.
The FBI was already aware of Mr. Medunjanin, but
information derived from 215 assisted in defining Zazi's
network and provided corroborating information relative to
Medunjanin's connection to Zazi. Just a few weeks after the
initial tip by NSA, both Zazi and Medunjanin were arrested,
along with another co-conspirator. They were charged with
terrorist acts and a plot to blow up the New York City subway
system.
As you already know, the Zazi case was the most serious
threat to the homeland since 9/11. The importance of the Zazi
case is that it was initiated on information provided by NSA,
which they acquired under 702, their coverage of an al-Qaeda
operative overseas. Without this tip, we can only speculate as
to what may have happened.
This was a fast-paced investigation and one in which time
was of the essence. The combined tools of 702 and 215 enabled
us to not only begin the investigation, but to better
understand the possible network involved in an active plot to
the homeland.
I would like to also represent one case to you specific to
the business record 215 authority. In 2003, the FBI initiated a
case on an individual identified as Basaaly Moalin. It was
based on an anonymous tip that he was somehow connected to
terrorism.
In 2004, the case was closed without sufficient information
to move forward on the investigation. However, 3 years later,
in October 2007, NSA provided a phone number to the FBI with an
area code which came back to an area consistent with San Diego.
NSA found this phone number was in contact with an al-Qaeda
East African-affiliated person.
Once provided to the FBI, we initiated an investigation,
submitted a national security letter for the subscriber of the
phone number, and determined that it was Mr. Moalin, the
subject of the previously closed case. Subsequent investigation
led to the identification of others, and to date, Moalin and
three others have been convicted of material support for
terrorism.
The relevance of this case to 215 is that if that
information had not been tipped to the FBI, it is unknown if we
would have ever looked at Mr. Moalin again.
As you know, there are many other instances of the use of
these authorities and their application to counterterrorism
investigations.
Thank you, and I am happy to answer your questions
----------
Mr. Goodlatte. Thank you, Ms. Douglas.
And I will begin the questioning. With regard to the point
raised by the Ranking Member with regard to declassification, I
just want to say that with regard to the Section 702
surveillance of noncitizens of the United States outside the
United States, I think there would be few Americans who would
be surprised that our Government engages in intelligence
gathering with regard to those individuals.
And they would know it even more clearly by looking at the
statutes and the amendments to the statutes that have been
passed over the years, that this type of activity is clearly
authorized in the law.
With regard to 215, there is some controversy about whether
this particular program is authorized under the law. And you
will hear more about that shortly, and I will have a question
myself. But my first question to you is why would it not have
made sense--given the magnitude of this program, I am, frankly,
surprised it has remained secret until recently for the several
years that it has.
Why not simply have told the American people that we are
engaging in this type of activity in terms of gathering the
information? It doesn't give away any national security secrets
in terms of the particular information gathered that might lead
to successes like the one just described by Ms. Douglas. But it
might have engendered greater confidence in the public with
regard to understanding how the program works and public
support for it.
Mr. Cole, Mr. Litt, would you care to answer that?
Mr. Litt. Sure. The problem is that I think that a judgment
was made that to disclose the existence of this program would,
in fact, have provided information to people who were seeking
to avoid our surveillance, that it would tell them that we are
looking for the communications they are having with Americans,
and we are using that as a basis of tracking them and
identifying their confederates within the United States.
And so, the judgment was made a number of years ago when
this program was started that it should be kept classified. It
was not, of course, withheld from the oversight Committees in
Congress. And as others have noted, briefings on it were
offered to all Members of Congress before it was reauthorized.
But the decision was made that this is the sort of sensitive
source and method that we don't want to disclose.
Mr. Goodlatte. Do you think a program of this magnitude,
gathering information involving a large number of people
involved with telephone companies and so on, could be
indefinitely kept secret from the American people?
Mr. Litt. Well, we tried.
Mr. Goodlatte. I understand. [Laughter.]
So let me ask a follow-up question to you and Mr. Cole, and
that would be how exactly does Section 215's wording authorize
the Government to operate a program for the collection of
metadata? Can you walk the Committee through the Government's
interpretation of the statute that lends itself to arguing that
you can do metadata collection?
Mr. Cole. Certainly, Mr. Chairman. I think you have to
start with the fact that when you look at 215 and the orders
that the court issues under 215, there are two of them. You
can't look at them separately. You have to look at how they
interact and operate together.
And I think that is very, very important in understanding
how this is relevant to an investigation concerning these
terrorist organizations. You can't just wander through all of
these records. There are very strict limitations on how you can
access or how you can use these under what is called the
primary order.
You have to have reasonable, articulable suspicion that a
specific phone number, which they call a selector, is involved
with one of these specified terrorist organizations. And then,
and only then, after you have documented that reasonable,
articulable suspicion can you query this database to find out
what other phone numbers that specific terrorist-related phone
number has been in contact with.
Mr. Goodlatte. Let me follow up on that question because
how is the collection of all of a telephone company's telephone
metadata relevant to a foreign intelligence or international
terrorism investigation, an investigation?
Mr. Cole. It is only relevant to the extent that you need
all of that information in order to do the query of the
reasonably articulated suspicion.
Mr. Goodlatte. Well, certainly, the acquisition of the type
of information collected under this program is relevant to an
investigation of an individual or group suspected of terrorism.
But how do you and how does the FISC rationalize the collection
of all of the data as being relevant to an investigation?
Mr. Cole. There are two main reasons. One is the length of
time that these records are kept by the phone companies varies,
and they may not keep them as long as we keep them under this
program. The court allows us to keep them for a 5-year period.
The phone companies don't necessarily do that. The periods
vary, and some can be as short as 15 or 18 months.
Mr. Goodlatte. Mr. Inglis, with regard to Section 702, what
happens if you incidentally collect information from a U.S.
person? Can you explain how the minimization procedures apply
to that, and what do you mean by minimization?
Mr. Inglis. Yes, sir. There are court-approved rules that
we call minimization procedures. What they do is they say that
if in targeting a foreign person under 702 who you believe to
be in a foreign location to derive foreign intelligence, and
you discover that you have also collected a communication that
involves a U.S. person. They might be the person who has
received that communication from your person of interest. They
might be the person who sent that communication. They might be
referenced in that communication.
We have an obligation to first examine whether or not that
communication is pertinent to foreign intelligence. If the
communication is pertinent to foreign intelligence, then we
must take further action to essentially protect the identity of
that U.S. person unless knowledge of that identity is important
pursuant to the foreign intelligence purpose.
We would, therefore, suppress the identity of that U.S.
person in any report that we would make that focused on the
target of our interest, and we would take action if that
communication was not of foreign intelligence relevance to
essentially destroy that communication in place.
Mr. Goodlatte. How long do you retain information collected
under 702? And you may have just answered it, but is the
incidentally collected information about U.S. persons retained
as well?
Mr. Inglis. Yes. So the incidentally collected information,
unless it is relevant to a foreign intelligence purpose or it
is evidence of a crime or imminent death or injury to a person,
you would destroy that on site at that time.
Mr. Goodlatte. And other information, how long is that
retained?
Mr. Inglis. We would otherwise retain that for about 5
years. Typically in our holdings, under BR FISA, the
information is mandatorily destroyed at 5 years. For most of
the rest of our collection, 5 years is the reference frame. We
found that over time at about the 5-year point, it loses its
relevance simply in terms of its temporal nature.
Mr. Goodlatte. Thank you.
My time is expired. The Chair recognizes the gentleman from
Michigan, the Ranking Member Mr. Conyers, for 5 minutes.
Mr. Conyers. Thank you, Chairman Goodlatte.
There are a couple of questions here that haven't come up,
and I would like to direct them to Attorney Douglas. If only
relevant conversations can be secured under Section 215 of the
PATRIOT Act, then why on earth would we find now that we are
collecting the names of everybody in the United States of
America who made any calls for the last 6 years or more?
Ms. Douglas. Sir, we are not collecting names. 215 only
collects phone numbers, the time and date of the phone call,
and the duration of the phone call.
Mr. Conyers. Well, how do you consider that to be relevant
to anything if there is just collecting only the names--I mean,
look, if this is an innocent pastime that we just do to keep
busy or for some other reason, why on earth would we be
collecting just the names--just the numbers of everybody in the
United States of America for at least 6 years?
Ms. Douglas. I can speak to the application against
investigations. And in this case, for 215, it would be specific
to counterterrorism investigations. That information enables us
to search against connections to other--if there is
communication between a U.S.-based phone number and a phone
number that is overseas that is related to terrorism.
And I know that Mr. Inglis explained to you the reasonable,
articulable suspicion standard by which we have to actually
search against those phone numbers.
Mr. Conyers. Well, here we are faced with the fundamental
problem in this hearing. We are not questioning access. We are
talking about the collection in the first instance.
In the first instance, when you collect the phone numbers
of everybody in the United States for over 6 years, there
wasn't anything relevant in those conversations. Now you have
them, and what I have been getting out of this is that they
may--this access may become valuable, Mr. Ranking Member, and
so that is why we do it this way.
But I maintain that the Fourth Amendment, to be free from
unreasonable search and seizure, means that this metadata
collected in such a super-aggregated fashion can amount to a
Fourth Amendment violation before you do anything else. You
have already violated the law, as far as I am concerned. And
that is, in my view, the problem.
And of course, to help further document, the first question
that the Chairman of this Committee asked is why didn't we just
tell everybody about it is because the American people would be
totally outraged, as they are getting now as they become
familiar with this, that every phone number that they have ever
called is already a matter of record. And we skip over whether
the collection was a Fourth Amendment violation. We just say
that the access proved in one case or two that it was very
important, and that is why we did it this way.
I see this as a complete failure to take and--you know, we
changed the PATRIOT Act to add relevancy as a standard because
of this very same problem that has now been revealed to be
existing. And so, I feel very uncomfortable about using
aggregated metadata on hundreds of millions of Americans,
everybody, including every Member of Congress and every citizen
who has a phone in the United States of America.
This is unsustainable. It is outrageous and must be stopped
immediately.
Mr. Inglis. Sir, if I may complement the answer that Ms.
Douglas gave? With respect to the question of relevance, of
course, it must be legally relevant, and it must, therefore,
have operational relevance. I would like to address the
operational relevance and then defer to my colleagues from----
Mr. Conyers. Well, you don't--wait a minute. We are
holding--we are handling this discussion.
I asked her. Maybe somebody else can do it, but my time has
expired. And I appreciate your volunteering to help out here,
but it is clear to me that we have a very serious violation of
the law in which the Judiciary Committee deliberately put in
the issue of relevance, and now you are going to help me out
and defer to somebody else. Well----
Mr. Inglis. No, sir. I meant to actually provide additional
information. I would be happy to take the question for the
record if time is not allowing that.
Mr. Conyers. Well, in all fairness----
Mr. Goodlatte. Without objection, the gentleman is
recognized for an additional minute to allow another member of
the panel to answer the question if he so chooses.
Mr. Conyers. No, I don't so choose. I am satisfied exactly
what I have gotten from the witness that I asked the question
to.
Mr. Goodlatte. The Chair thanks the gentleman.
Mr. Conyers. You are welcome.
Mr. Goodlatte. And now recognize the gentleman from
Wisconsin, Mr. Sensenbrenner, for 5 minutes.
Mr. Sensenbrenner. Well, Mr. Chairman, at the risk of
having the flag thrown at me for piling on, I want to get at
the whole business of who decides what is relevant. Both the
Chairman and the Ranking Member have said that the PATRIOT Act
was amended in 2006 to include a relevance standard.
Yesterday, I got a letter from the Justice Department,
which was at great length explaining this, and I would ask
unanimous consent that this letter be placed in the record at
this time.
Mr. Goodlatte. Without objection, it will be made a part of
the record.
[The information referred to follows:]
__________
Mr. Sensenbrenner. Part of that letter said that, in
effect, that all of the phone calls, meaning the telephony
metadata, had to be collected pursuant to the court order, and
then it would be up to the security apparatus to make a
determination of which needles in that large haystack were
relevant to a foreign terrorist investigation.
Now doesn't that mean that instead of the court making a
determination of relevance, it is the security apparatus that
makes a determination of what is relevant and which of the less
than 300 series of phone calls get picked out, according to
your testimony? Mr. Cole, would you like to answer that?
Mr. Cole. Yes, Mr. Sensenbrenner, I am happy to address
that. What the court does is it sets out a framework and a set
of rules that we must follow to implement its orders.
Mr. Sensenbrenner. But they don't determine which specific
phone calls are relevant pursuant to the statute. You do that.
Mr. Cole. Well, we report to the court periodically on the
implementation of this. We get it re-upped every 90 days when
there are----
Mr. Sensenbrenner. But you do that. The court does not.
Mr. Cole. We--the court does not----
Mr. Sensenbrenner. Now if there was a criminal trial
involved, it would be the court that would be determining a
relevance standard pursuant to subpoena or for proffered
evidence, wouldn't it?
Mr. Cole. Not necessarily, Mr. Sensenbrenner.
Mr. Sensenbrenner. Okay. Well, then let me continue on
this. You know, I have been the author of the PATRIOT Act and
the PATRIOT Act reauthorization of 2006. Mr. Conyers was
correct in saying why the relevance standard was put in, and
that was an attempt to limit what the intelligence community
could be able to get pursuant to Section 215.
It appears to me that according to this letter and
according to the testimony of FBI Director Mueller, that
relevant was an expansion of what could happen rather than a
limitation when the law was amended, when relevant was not
included in that statute. And doesn't that make a mockery of
the legal standard because you are trying to have it both ways?
Mr. Cole. I don't think we are trying to have it both ways.
Mr. Sensenbrenner. Well, you sure are because you are
saying get--authorize, have the court authorize to get us the
records of all the phone calls that are made to and from phones
in the United States, including people who have nothing to do
with any type of a terrorist investigation.
And then what you are saying is, is that we will decide
what to pick out of that massive maybe a billion phone calls a
day on what we are looking at, rather than saying this person
is a target. Why don't you get an authorization only for that
person's telephone records?
Mr. Cole. Again, going to the analogy of the criminal
context, we would never in a grand jury situation or in an
investigation that is a traditional criminal investigation even
go to a court for the framework or the setting of rules or have
sunsetting every 90 days of the authority or having compliance
procedures----
Mr. Sensenbrenner. But, Mr. Cole, with all due respect, the
letter that I got from the department that you are the number-
two person in says that you get the FISA court order because
there are ``reasonable grounds to believe that the data is
relevant to an authorized investigation to protect against
international terrorism,'' as Section 215 requires, even though
most of the records in the dataset are not associated with
terrorist activity.
So you gobble up all of those records, and then you turn
around and say, well, we will pick out maybe 300 phone numbers
out of the billions of records that you have every day, and you
store for 5 years there, and all the rest of this stuff is
sitting in a warehouse, and we found out from the IRS who knows
who wants to have any kind of illegal access to it.
You are having it both ways. Let me tell you, as one who
has fought PATRIOT Act fights usually against the people over
on the other side of the aisle, Section 215 expires at the end
of 2015, and unless you realize you have got a problem, that is
not going to be renewed. There are not the votes in the House
of Representatives to renew Section 215, and then you are going
to lose the business record access provision of the PATRIOT Act
entirely.
It has got to be changed, and you have to change how you
operate Section 215. Otherwise, in the year and a half or 2\1/
2\ years, you are not going to have it anymore.
And I yield back.
Mr. Goodlatte. The Chair thanks the gentleman and
recognizes the gentleman from New York, Mr. Nadler, for 5
minutes.
Mr. Nadler. Thank you.
The problem, obviously, Mr. Cole, with what we are hearing
from this panel and what we have heard generally about the
relevant standard is that everything in the world is relevant.
And that if we removed that word from the statute, you wouldn't
consider or the FISA court wouldn't consider that it would
affect your ability to collect metadata in any way whatsoever,
which is to say you are disregarding the statute entirely.
Now in public briefings, including to this Committee when
we were considering reauthorization of Section 215,
Administration officials have suggested that we view the
authority of Section 215 as similar to a grand jury subpoena.
And we specified in the statute that an order under Section 215
``may only require the production of a tangible thing if such
thing can be obtained'' through a grand jury subpoena.
Now can you give me, Mr. Cole, any examples where grand
jury subpoenas were used to allow the bulk ongoing collection
of telephone metadata?
Mr. Cole. It is difficult to go into specific examples of
what grand jury subpoenas call for----
Mr. Nadler. Are there any such----
Mr. Cole [continuing]. Because those are subject to the
rules of secrecy under Rule 6.
Mr. Nadler. Oh, come on. Are there any--are there any
instances in the history of the United States that you know of
where a grand jury subpoena said get every--get all information
other than the content of a telephone call of all telephone
calls in the United States or anything like that?
Mr. Cole. The admonition in the statute is that it is the
types of records that are collected by grand jury subpoena, not
that it is an identical process to the grand jury process
because this is quite different from a grand jury process.
Mr. Nadler. All right. The type of data----
Mr. Cole. The FISA court involves----
Mr. Nadler. Excuse me. The type of data--the type of data
is metadata unlimited to specific individuals.
Mr. Cole. The type of data is metadata and that----
Mr. Nadler. Unlimited to specific individuals because it is
directed to everybody. Can you give--it is directed to every
phone call in the United States. Can you give me any example
where a grand jury subpoena has ever been used for anything
remotely like that?
Mr. Cole. These are instances where we have gone to the
court under the 215 requirements with the relevancy----
Mr. Nadler. You are not answering my question. Can you give
me any example in the history of the United States where a
subpoena, a grand jury subpoena was used for anything remotely
resembling all metadata not to specific phones or to specific
individuals?
Mr. Cole. Grand jury subpoenas have a different function
than a 215 under the PATRIOT Act----
Mr. Nadler. I understand that. But the statute says----
Mr. Cole. It is hard to equate the two, Mr. Nadler.
Mr. Nadler. You are not answering my question. You are
deliberately not answering. We know they have a different
function. But the statute says that it may only require the
production of a tangible thing if such a thing can be obtained
through a grand jury subpoena.
Could you obtain through a grand jury procedure all
metadata without being limited to specific named individuals or
specific listed telephones?
Mr. Cole. I think it would depend on the circumstances, the
limitations that the court would----
Mr. Nadler. Okay. Is there is any instance in history----
Mr. Cole [continuing]. The nature of the investigation, and
then, yes, I think there are instances where a court in the
right circumstances could authorize that.
Mr. Nadler. And could you give me any instance in history
where that has ever been done?
Mr. Cole. I am not aware of one, sitting here right now.
Mr. Nadler. You are not aware of one. Could you supply us,
please, with any instance because I believe this is totally
unprecedented and is way beyond the statute. And you can't give
me any instance because it doesn't exist.
So within a week or two, could you supply this Committee
with that information?
Mr. Cole. Depending on the restrictions of Rule 6 of the
Criminal Rules of Procedure, which prohibit disclosing grand
jury information, we will take that record back for response--
that question back for response.
Mr. Nadler. And can you give us an example where ongoing
bulk collection has been allowed by virtue of grand jury
subpoena without a showing of the connection between those
tangible things and a specific existing investigation?
Mr. Cole. Well, in this instance, we are showing it as a
relationship to a specific investigation and specific phone
number. We have to show reasonable----
Mr. Nadler. No, only for use of that information, not for
collection of it.
Mr. Cole. Well----
Mr. Nadler. The statute is talking about collection. You
are trying to confuse us by talking about use.
Mr. Cole. But the collection is only there and is only
valuable if it is used, and the use is severely restricted----
Mr. Nadler. We are not talking about the use. The abuse of
the statute, the abuse of civil liberties, the abuse of privacy
is not only misuse, but miscollection. If you are collecting
information about my telephone when you shouldn't be doing
that, that is an abuse, even if you just simply file that and
never use it.
Mr. Cole. We go to the court and describe to them exactly
how the program will work, what the limitations are----
Mr. Nadler. Well, that--excuse me. That doesn't help me.
The fact that the----
Mr. Cole. The court authorizes us to do this collection.
Mr. Nadler. Let me ask the question. The fact--the fact
that a secret court, unaccountable to public knowledge of what
it is doing, for all practical purposes unaccountable to the
Supreme Court, may join you in misusing or abusing the statute
is of no comfort whatsoever. So to tell me that you go to the
FISA court is irrelevant if the FISA court is doing the same
abuse of the statute.
So, again, can you give me some examples where ongoing bulk
collection--I am not asking about use--has been allowed by
virtue of grand jury subpoena without showing of a specific
connection--without showing the connection between those
tangible things and a specific existing investigation?
Mr. Goodlatte. The time of the gentleman has expired. Mr.
Cole will be allowed to answer the question.
Mr. Cole. We will take that similarly as a question for the
record, and again, depending on the Rules of Criminal
Procedure, we will see what we can get back to you, sir.
Mr. Nadler. And be aware, of course, that you could give it
to us on a classified basis so that we could say our
conclusions about that information.
Mr. Goodlatte. The time of the gentleman has expired.
The gentleman from North Carolina, Mr. Coble, is recognized
for 5 minutes.
Mr. Coble. Thank you, Mr. Chairman.
Lady and gentlemen, good to have you all with us today.
Mr. Cole, let me start with you. Does the Fourth Amendment
protection against unreasonable search and seizure apply to
business records that could be obtained under 215 of the
PATRIOT Act?
Mr. Cole. In particular, Mr. Coble, it does not apply to
the metadata records. There is a case, Smith v. Maryland, where
the Supreme Court ruled that these kinds of records, there is
no reasonable expectation of privacy. So there is no Fourth
Amendment protection.
Mr. Coble. Let me follow up with another question. So does
a person then have a reasonable expectation of privacy in
third-party business records?
Mr. Cole. People generally do not when they are in third-
party hands because other people already have them. So the
expectation of privacy has been severely undermined.
Mr. Coble. Is it true that a 215 order provides greater
privacy protection than does a grand jury or administrative
procedure--or administrative subpoena, which can be used to
obtain the same types of business records in a criminal
investigation without prior court approval?
Mr. Cole. Yes, it does. There are a number of provisions in
215 that provide much greater protection than a grand jury
process would. First, you have to go to a court. The court has
to specifically review the program and the description of the
relevance of these records, how they will be accessed, how they
will be overseen, how there will be auditing, how there will be
reporting on it, how there will be compliance with all of the
rules of the court.
None of that takes place in the grand jury context.
Mr. Coble. Mr. Cole, if the Fourth Amendment applies to
foreign countries, do other American protections under the Bill
of Rights apply, such as the Second Amendment under the due
process clause?
Mr. Cole. Not necessarily, sir. The Fourth Amendment
applies to U.S. persons who are outside of the United States,
but it generally does not apply to non-U.S. persons who are
outside of the United States.
Mr. Coble. Mr. Cole, for the benefit of the uninformed, and
sometimes I feel I am in that category, describe for the
Committee the makeup of the FISA court, who sits on it, where
it resides, and how it operates.
Mr. Cole. The FISA court is made up of judges, Article III
judges, who have been nominated by the President. They cover
any number of different Administrations. They have been
confirmed by the United States Senate for a life appointment.
They have their regular duties as District Court judges.
They are appointed by the Chief Justice of the United
States to serve a term on the FISA court. There are 11 of them
at any given time when you have a full complement. Each of them
serves for a week at a time. They do not take care of their
other court duties back in their home districts. They come and
serve on the FISA court for that week, handling the
applications.
There is a staff there as well that helps them and goes
through it and is their clerks and some of their legal research
assistants in this matter, and these last for, I believe, a
term of 7 years that each judge can sit on the court.
Mr. Coble. And I believe you, Mr. Cole, or one of the
members of the panel may have indicated this. That to some
extent, there is confusion as to the number of denials. There
has been criticism leveled at the court, indicating very few
denials. But I think you addressed that or one of you addressed
that earlier in your comment. Do you want to add to that?
Mr. Cole. Yes, the level of denials is very similar to the
same level of denials, which is small, for normal Title III in
a criminal context--wiretap applications that are made to
judges in regular courts. These are also done in chambers and
with one party.
And the reason that the number is so low, first of all, is
under the FISA, you have to have either the Attorney General or
myself, or the Assistant Attorney General for the National
Security Division, sign off on the application, very high-
ranking officials in the department. So those applications are
done very carefully in the first place.
Number two, the court, if they are not satisfied with an
application that comes in, will tell us, and they will say you
need more information. You need more restrictions. You need
more requirements. So we will respond to that, and unless we
satisfy them on all of their requirements, they will not sign
the application. But more often than not, we can go back and
find the additional information that they will need.
So there is something of an iterative process, but it is
not unlike what goes on with a normal court every day in the
Title III or the wiretap process.
Mr. Coble. Thank you, Mr. Cole.
Mr. Chairman, I see my amber light. I would like to make
one final statement. And this may not be the day for it, but
Mr. Chairman, at some point, I would like to know the cost that
has been expended in implementing this matter. If you would
concur with that, I will pursue that at a later date.
Mr. Goodlatte. I do concur with that. That is a very
important piece of information to have, but I believe that is
classified and would entail the subsequent hearing that I
anticipate we will have in a classified setting where we can
get answers to questions like that.
Mr. Coble. I thank you, Mr. Chairman.
And good to have you all with us. I yield back, Mr.
Chairman.
Mr. Goodlatte. The Chair thanks the gentleman and
recognizes the gentleman from Virginia, Mr. Scott, for 5
minutes.
Mr. Scott. Thank you.
Mr. Cole, did I understand you to say that you do not have
an expectation of privacy on your phone records?
Mr. Cole. The Supreme Court ruled in Smith v. Maryland that
you do not have a sufficient expectation of privacy in the
phone records, as we have talked about it. The two----
Mr. Scott. Okay. That is fine.
Ms. Douglas, you indicated that you do not--you just get
the numbers, not the names. Is there--if the numbers are
relevant under whatever standard you are using, why are not the
names equally relevant?
Ms. Douglas. Well, the names are not collected in the
metadata.
Mr. Scott. Well, where is the limitation? If you can get
the numbers, why can't you get the names?
Ms. Douglas. Well, we can through other legal process, and
that is what the FBI will do. And so, if we receive a phone
number----
Mr. Scott. No, I mean why don't you get it all at once?
Where is the statutory limitation?
Mr. Litt. If I can answer the question here, I think that
this indicates the fact that as the Deputy Attorney General
said that this program is carefully set up in such a manner----
Mr. Scott. Where is the----
Mr. Litt [continuing]. As to minimize the invasion of
privacy. One of the reasons----
Mr. Scott. Where is the statutory limitation?
Mr. Litt [continuing]. This program is found reasonable is
the fact that the collection is very limited. The access is
very limited.
Mr. Scott. Okay, okay.
Mr. Litt. And it is on that basis the court has approved
the collection.
Mr. Scott. You have made up. That is because you have made
up the program. I asked you a specific question where if this
is available, where is the statutory limitation to what you can
get? There is no statutory limitation. You are kind of making
it up as you go along.
Mr. Litt. We are not making it up. We are seeking the
approval of the court, and this collection----
Mr. Scott. Okay. What----
Mr. Litt [continuing]. Has been repeatedly approved by
numerous judges of the FISA court, found to be in compliance
with the statute.
Mr. Scott. Okay. Once you get the information, we know
through the recent case on DNA, once you get DNA from somebody,
you can use it in ways that you could not have obtained the
information. But once you get it, you can run it through, no
probable cause or anything, through the database.
My question is once you get this metadata, where is the
limitation on what you can use it for?
Mr. Litt. It is in the court's order.
Mr. Scott. Where is the statutory limitation?
Mr. Litt. The court--the statutory limitation says that we
can acquire the information as ordered by the court. The court
sets limits on what we can do with it, and we adhere to those
limits.
Mr. Scott. Well, is there a limit in criminal
investigations or an exception for criminal investigations
without a probable cause?
Mr. Litt. With respect to information obtained under
Section----
Mr. Scott. Once you have got the metadata, can you run a
criminal investigation without probable cause?
Mr. Litt. The metadata can only be used in pursuit of a
terrorism investigation, and the only thing that is done with
that is that telephone numbers are generated out of it for
further investigation. It cannot be used for a criminal
investigation unrelated to terrorism.
Mr. Scott. Wait a minute. You are talking about
minimization?
Mr. Litt. The court's order provides that we can only use
this data for purposes of a terrorism investigation.
Mr. Scott. Well, how does the court get to--why is the
court required to place that limitation on it?
Mr. Litt. Because the court looks at the application that
we are submitting and determines that with all of the
restrictions that are imposed here, this is a reasonable method
of collecting this information and that it complies with both
the statute and the Fourth Amendment.
Mr. Scott. Is there an exception under minimization for
criminal investigations? Section (g) minimization procedures
(2)(c) says that ``notwithstanding subparagraphs (A) and (B),
procedures that allow for the retention and dissemination of
information that is evidence of a crime which has been, is
being, or about to be committed, and that is to be retained or
disseminated for law enforcement purposes'' are exempted from
the minimization requirements.
Mr. Litt. The procedures applicable to this kind of
collection allow it only to be used on the terms specified by
the court, and that is limited to generating the kind of
information that you----
Mr. Scott. Well, is that----
Mr. Litt [continuing]. Talked about in pursuit of a
terrorism investigation.
Mr. Scott. Okay. And so, the minimization exception for
criminal investigations doesn't apply? If you trip over some
criminal, some crimes----
Mr. Litt. We are not allowed to use this database for a
criminal investigation unrelated to terrorism.
Mr. Scott. Well----
Mr. Cole. Mr. Scott, I think there may be some confusion--
--
Mr. Scott [continuing]. Then that is not what the code
section says, but if that is what you want, maybe we need to
change it. Does exclusionary rule apply? If you trip over some
crimes and try to use it, does it--and including the principle
of the poison tree, evidence of a poison tree, does that apply?
Do those exclusions apply to stuff you may trip over that you
have gotten through this?
Mr. Litt. We don't have the ability to trip over it in
this. All this data is, is a series of telephone numbers and
other identifiers. The only thing we can use this data for is
to submit to the pool of data a telephone number or other
identifier that we have reason to believe, based on articulable
facts, is associated with terrorism. We can then say what
numbers has that been in contact with?
Any other further investigation has to be done under some
other authority.
Mr. Scott. Well, you have--Mr. Chairman, I apologize, but
the limitation, the minimization exception for a criminal
investigation, and when I asked the Attorney General Gonzales
about what you could use this information for, he specifically
indicated criminal--it is (g)(2)(C) under minimization
requirements procedures.
He specifically said you could run a criminal investigation
without the necessity, implying without the necessity of
probable cause that you usually need to do to get information.
Thank you, Mr. Chairman.
Mr. Goodlatte. The Chair thanks the gentleman and
recognizes the gentleman from Alabama, Mr. Bachus, for 5
minutes.
Mr. Bachus. Thank you.
Let me start by saying I am satisfied, at least from what
limited knowledge I have, that the motivation behind this was
legitimate and necessary for our national security to start
this process, establishment of a court. And that from your
testimony you have not, apparently not abused individual
rights, and you have been an effective tool for terrorism.
But my concern is this could evolve into something that is
quite different. The Star Chamber, I mean, in England started
out as very good, very popular with the people. It allowed
people to get justice that otherwise would not. But it evolved
over time into a powerful weapon for political retribution by
the king.
And my question is, in fact, I was reading the Supreme
Court. It said it symbolized disregard of basic individual
rights. They talk about actually the right against self-
incrimination was a direct result of what happened in England
when this court evolved into something quite different from
what it was intended to do.
So my first question to all of you is how do we--how do we
keep this from evolving into a weapon, an unchecked weapon by
the Government to violate people's constitutional rights? And I
am more concerned about Americans' rights, not terrorists'
rights.
Mr. Cole. I think you raise a very excellent point, and I
think the way this is designed, to make sure that all three
branches of Government are involved, that this isn't just the
king or the administration or an executive branch doing it.
This is something that is done with permission of the court and
supervision of the court, with rules laid down by the court to
make sure it comports with the Constitution and the privacy
rights of U.S. citizens.
It is done through statutes that are passed by this body,
where we report back to this body and tell you what we have
done with it and how it works and let you know what problems we
have had and how we have fixed them. And it is also done with a
lot of oversight within the executive branch, with Inspectors
General and a number of different executive branch agencies
that audit and oversee exactly how it is done and make sure it
is done right.
I think that is how.
Mr. Litt. If I can just emphasize one point on that? This
Committee has a very important role in ensuring that these
authorities are not abused. We are required to report
extensively on all activities under FISA to the Intelligence
and Judiciary Committees of both houses, and we do that. We
provide--we are required to provide copies of all significant
opinions. We are required to provide reports about how these
activities are carried out.
And we welcome your participation in that oversight to
ensure that, in fact, we don't cross the bounds that the people
want us to adhere to.
Mr. Bachus. Anyone else? You know, when I learned about
this, I was not aware of it at all, and I think the original
response was that 14 Members of Congress knew something about
this. Were those reports erroneous? Did----
Mr. Litt. I can't speak to what Members actually knew. I
can tell you what we did to inform Members.
At the time when this legislation was first up for renewal
in 2009-2010, we provided a classified letter to the
Intelligence Committees that described this program in great
detail.
Mr. Bachus. How about the Judiciary Committee?
Mr. Litt. The letter was provided to the Intelligence
Committee. The Intelligence Committee, my understanding is,
sent an all-Member letter saying that this is available to all
Members. This was our intention.
We also offered classified briefings to Members of this
Committee, and I recall participating in one of those
briefings. And in fact, the letters were also referenced in a
statement on the floor by a Member of the Intelligence
Committee, saying these letters are available, and I urge you
all to come and read them. So we were not trying to hide this
program.
Mr. Bachus. Do you have any objection to the court opinions
and periodic reports being made available to all Members of
Congress?
Mr. Litt. I think we would have to take that back. I think
the answer is probably no, but I think we would have to think
about the implications of that.
Mr. Bachus. Sure, and I think that is my response would be
I want to think about it.
Mr. Goodlatte. The time of the gentleman has expired.
Mr. Bachus. Thank you.
Mr. Goodlatte. The gentlewoman from California, Ms.
Lofgren, is recognized for 5 minutes.
Ms. Lofgren. Well, thank you, Mr. Chairman, and thanks to
our witness.
I was thinking back to September 11th, one of the worst
days I have ever spent in the Congress, and remembering that
that weekend, after the attack, that members of the White
House, the intelligence community, Members of this Committee
and our staff, sat right at that table. We sat around that
table and worked together to craft the PATRIOT Act.
And it is worth remembering that that original act was
passed unanimously by the House Judiciary Committee, and it had
the balance that we thought was important to protect the
country, but also looking forward to protect the rights of
Americans under the Constitution. And I share the concern
expressed by Mr. Sensenbrenner that things have gone off in a
different direction from that day.
Now I, as my colleague has indicated from Alabama, I don't
question your motivation, which is to keep America safe. I
mean, I know that that is what you are trying to do, and
certainly we all want that.
But the concern is that the statute that we crafted so
carefully may not be being adhered to as envisioned by us and
as reported to us. And I just want to say this. I mean, yes, we
have a system where there are checks and balances, but part of
that is that the legislative branch needs to have understanding
of what the executive branch and the judicial branch is doing,
and we can't do that without information.
It has been discussed that we get these ample reports. And
I just want to--I just recently reviewed the annual report on
Section 215. Is it true, Mr. Cole, or isn't it true that the
annual 215 report to the Committee is less than a single page
and not more than 8 sentences?
Mr. Cole. I think that the 215 annual reports are quite a
bit less than the 702 annual reports.
Ms. Lofgren. I just ask the question. Is that about the
size, is it your recollection?
Mr. Cole. I would have to go back and take a look to answer
specifically.
Ms. Lofgren. All right. Is it true that the report of the
number of applications really gives the Committee information
as to the amount of records and the number of entities
impacted?
Mr. Cole. I am sorry?
Ms. Lofgren. The number of applications, is there a direct
correlation between the number of entities impacted by those
applications or the number of records?
Mr. Cole. The number of entities impacted will depend on
how many phone numbers have been called by the selector.
Ms. Lofgren. Right. So you could report the number of
applications, but it would have no relationship to the amount
of records actually acquired?
Mr. Cole. It would not necessarily, no. But you can imagine
it is small.
Ms. Lofgren. Thank you very much.
I just--looking at this letter that was sent to Mr.
Sensenbrenner, and I thank him for sending it out. And by the
way, he and I have sent a letter to Attorney General Holder and
to Director Clapper asking that U.S. companies be authorized to
publish information regarding the Government request for user
data under FISA.
I think it is terribly unfair that these companies that are
being discussed around the world have no capacity legally to
say what has been asked of them. So I know the letter was just
sent. I would ask that you respond to that as promptly as
possible just out of basic fairness to the companies involved.
But going back to the letter, it seems to me that if you
take a look at page 2 of the letter, the second paragraph, it
indicates that NSA has reported in the last calendar year fewer
than 300 unique identifiers. This means that only a very small
fraction of the records is ever reviewed by any person and is
actually relevant to the records. Per se, that sentence
indicates that getting all the data is clearly not relevant to
a specific inquiry.
And then if you go on to the next page, and this really
gets to my question and you have referred to it in the
testimony as well, the consistency allegedly with the
Constitution--now it is true that the Constitution in the Smith
case indicated that there is no expectation, reasonable
expectation of privacy with information held by third parties.
Is it your position that that constitutional provision trumps a
statute?
Can the Congress say the Constitution would allow you to
capture every phone record, every photograph taken of an
American at an ATM machine because that is in plain sight and
that that constitutional provision would trump the ability of
Congress to say, no, we are going to authorize less?
Mr. Cole. No. As long as whatever Congress does is
consistent with or within the bounds of the constitutional
provision----
Ms. Lofgren. So Congress can do less?
Mr. Cole [continuing]. They can do that. Certainly.
Ms. Lofgren. Can do less. I would just like to say that as
to the FISA court, and I am sure that the judges take their
obligation as seriously as you do. But the whole system of our
justice system is set up in an adversarial way. And when you
have only one party there, you don't have a counterparty making
a case before the court.
The expectation that our system will work well, as it does
in other environments, I think is misplaced. I share with Mr.
Sensenbrenner the belief that this will not be able to be
sustained. I look forward, Mr. Chairman, to our classified
briefing, but I think that very clearly this program has gone
off the tracks legally and needs to be reined in.
And I thank the Chairman for yielding to me.
Mr. Goodlatte. The Chair thanks the gentlewoman and
recognizes the gentleman from Virginia, Mr. Forbes, for 5
minutes.
Mr. Forbes. Thank you, Mr. Chairman.
And ladies and gentlemen, thank you for being here today.
I don't want to scream at you or yell at you, but you know
we have got a lot of people across the country that would like
to do that. And the reason this room is packed so much today
and people were waiting in long lines is not just about this
program. They kind of feel their country is shifting, and they
feel, rightly or wrongly, that this Administration has adopted
the philosophy that somehow the end justifies the means.
They feel like that more than any Administration in history
this is an Administration that has used taxpayer resources to
advocate their political agendas. They feel like more than any
Administration in history, this is an Administration that has
decided which laws they want to obey, which ones they want to
ignore, and which ones they want to just rewrite.
They feel like more than any Nation in history, this is an
Administration that has used enormous power of Government
agents to oppress and harass U.S. citizens like they have seen
with the IRS. And now they see this Administration using this
unprecedented amount of data collection, first in their
campaigns and then in Government, on amounts of data to use for
the aforementioned goals.
And they don't know, every time they see a Benghazi, they
don't know how many more boards they are going to pull up, and
there is one that they don't know about or IRS programs that
they pull up and they don't know another one that they might
see and that there are other data programs that they don't know
about.
And this is something that I just don't think we realize
enough because over and over again, we hear Administration
coming over here and saying this to us. They say, well, this
isn't illegal, and you need to change the law.
And we need to emphasize part of this Committee is just
because something is not illegal, it doesn't mean that it is
not wrong. And when we look at something, you have got a
difficulty because you can't even really come in here and
explain what this program does. You can't tell us how many
people are involved with it. You can't tell us the cost. You
can't tell us what the court is saying.
But this is my question for you. There has to be an
enormously large number of individuals administering this
program. Can you tell us if any of those individuals have
abused the power that they have within this program that has
not been disclosed to the Congress or the American people, one?
Because it would be hard for us to believe that there hasn't
been some abuses.
Number two, what is your process for collecting that
information to make sure those abuses don't take place, and how
do you distribute that information? And three, has anybody ever
been disciplined for abusing that information?
And any of you who have that information, I would love for
you to offer it to us.
Mr. Cole. Let me if I can, Mr. Forbes, start by answering
the questions that you have put. First of all, I think it is
important to note that this program has been going on across a
number of Administrations, and it is not unique by any means to
this Administration. It has been for prior Administrations,
too.
It is also done pursuant to court authorization and
pursuant to statute, and so it is done not as some rogue
matter, but as some matter that, in fact, has been authorized
by law, authorized by the courts, and carefully scrutinized.
And that gets to the main part of the question that you have
asked, which is we know of no one--and I can let Mr. Inglis
expand on that--who has ever intentionally or in any kind of
wrongful way abused this.
There may have been technical problems that have happened
here and there, but there has been nobody who has abused this
in a way that would be worthy of or cause discipline. This
program goes under careful audit. Everything that is done under
it is documented and reviewed before the decision is made and
reviewed again after these decisions are made to make sure that
nobody has done the things that you are concerned about
happening.
And those are valid concerns, and we take them into account
by having these audit procedures and having the reporting that
we do and the consultation both with the court and with
Congress to make sure that those things don't happen. We have
not, to my knowledge, disciplined anybody for this because our
controls make sure this doesn't happen. But we do look for it
and we look for it hard, and we haven't found it.
Mr. Inglis. Sir, if I can just--I concur with Mr. Cole's
remarks. Say across my time, I have been the Deputy Director
now for 7 years, there have been no willful abuse of the 215 or
the 702 program. In fact, the Senate Select Committee on
Intelligence in the summer of 2012 said that in a formal report
that in a 4-year review that they had detected no willful abuse
of the 702 program.
I would say how would those be identified? In much the same
way that Mr. Cole talked about. That there are a number of
processes that review the formation of the selectors, the
results generated by those selectors not just at NSA, but
between NSA and the Department of Justice and the court, and
there are any number of opportunities then to turn up a
misappropriation of the resources dedicated to this program for
some other purpose.
And would those persons who abused this program then be
disciplined? Of course, they should be.
Mr. Forbes. And my time is expired. And I don't mean to cut
you off, but I would love to have your responses for the
record.
But when you guys tell me nobody has abused it, I thought
Mr. Snowden abused it pretty badly. And I can't imagine if we
had somebody like that doing it that we don't have at least
that capacity. But I would love to have your responses for the
record because I don't want to abuse other people's time.
And Mr. Chairman, I yield back my time.
Mr. Goodlatte. Mr. Inglis, if you care to respond to the
gentleman from Virginia's comment about Mr. Snowden, we would
be happy to have it.
Mr. Inglis. I would be happy to take that question for the
record but would say here for the record that we do not have
any evidence that Mr. Snowden abused the program as we have
defined it today. He may have abused his trust in disclosing
classified details of that program.
Mr. Forbes. But in all due respect--and I said I wasn't
going to yell at you, and I am going to try not to. But that is
exactly what the American people are really worried about, that
somebody is getting their data and using it to disclose it in
some other situation. And for the life of me, I don't
understand how you guys parse that issue that is there.
So, Mr. Chairman, that is what is infuriating the American
people. They are understanding that if you collect this amount
of data, people can get access to it and use it in ways that
can harm them, not just the United States of America. And that
is what is concerning them, I think, in a lot of areas.
So, Mr. Chairman, I hope we can get a more elaborate
response maybe for the record on that.
Mr. Inglis. We would be happy to provide a response for the
record, sir.
Mr. Goodlatte. The Chair thanks the gentleman and
recognizes the gentlewoman from Texas, Ms. Jackson Lee, for 5
minutes.
Ms. Jackson Lee. Let me thank you very much.
And I think it is important to make sure that as those of
us who represent Americans, we appreciate what the intelligence
community does. But the very idea that the Chairman and Ranking
Member has held this hearing and that you are having any number
of hearings, I think the issue is that we have to do something.
We have to do more to be able to ensure the trust of the
American people, and I raise these questions in the context of
that.
One point that our Ranking Member made that if we cannot
prove the necessity of this megadata collecting, then why are
we necessarily doing it? And then we join with the Chairman
that says it must show value, but we must also have the premise
and the respect for the civil liberties of the American people.
So I pose the first question that deals with the idea that
witnesses have testified in recent hearings that the phone
record data were queried 300 times last year. How do you define
a query, and how do you define the necessity of what I call
trolling? And someone wanted to have me rephrase that. But the
gathering of millions and millions of megadata gathering, how
do you define query first, but then how do you justify that
gathering?
Mr. Inglis. Yes, ma'am. I will take that question. So,
first, the court has approved procedures by which we can form a
selector, and the reasonable, articulable suspicion standard
was what we described earlier. And less than 300 times in 2012,
we approved a selector for entering the database.
The court also approves what is called----
Ms. Jackson Lee. So the query is based upon permission by
the FISA court?
Mr. Inglis. Yes, ma'am. The FISA court approves the rules,
but as we have described in this hearing, the decisions about
how to form those selectors are made at the National Security
Agency and subject to auditing and review.
Ms. Jackson Lee. So the query is made without a warrant.
You go by criteria that has been set, and then you make a query
and a preliminary oversight, if you will. Is that what you are
saying?
Mr. Inglis. That is correct, ma'am. And can I just then add
that the court has also given permission to do not just first
hop analysis, meaning what numbers are in contact with that
selector, but to then from those numbers go out two or three
hops. In many of the cases that Ms. Douglas referenced earlier,
it was at the second hop. It was at that second connection that
something of interest came that then caused the Federal Bureau
of Investigation to apply their resources to essentially
uncover or add additional information to terrorist activities.
Ms. Jackson Lee. Once you do the query out of the 300, then
what are the next step?
Mr. Inglis. So that query, when it is returned, can be a
first hop query or a second or a third hop query. That
information is then reviewed by the National Security Agency
analyst, and a report would be written and disseminated to the
Federal Bureau of Investigation if we see something that would
be of interest to them.
In many cases when a query is performed, nothing of
consequence turns up. No connections that are untoward turn up.
Therefore, no report would be made. But when----
Ms. Jackson Lee. Let me ask Mr. Cole. Thank you very much.
Let me ask Mr. Cole when does the DOJ become engaged? The
FBI, of course, is the investigatory arm. What is the DOJ's
oversight role more specifically? And how do you utilize the
FISA court?
And as you do that, I have introduced bipartisan
legislation dealing with the whole issue of the FISA court. It
specifically asks for the release and the reporting of
nonclassified opinions, which I think would contribute more to
the trust of the American people. Would the Justice Department
consider that? As you answer the question.
Mr. Cole. Thank you, Ms. Jackson Lee.
Certainly, we will consider that and work with you in
regard to that.
The Justice Department's involvement here is to first make
sure that the provisions of the statute in making the
application to the court meet the standards that have been set
out under law. So we are in the process of the application and
making sure through legal advice that this, in fact, meets the
standards set out by the statute as passed by Congress.
We also engage with the court for any questions that the
court may have as to how this will be done, what kind of
oversight will be done, what kind of limitations will be
imposed. So that we end up with what is a court-authorized
system, as described by Mr. Inglis, where we go and make those
and have NSA make that determination. We will----
Ms. Jackson Lee. Mr. Cole----
Mr. Cole [continuing]. Audit as well the determinations on
a random basis to make sure that they are in compliance with
what the court has ordered. And if they are not in compliance,
we will then report that to the court and then oversee, with
the court's supervision, fixing those compliance issues to make
sure that they do comply.
Ms. Jackson Lee. Let me interrupt you so I can just get
this last question in to Mr. Inglis. Mr. Inglis--thank you very
much.
Mr. Inglis, let me just put this question out. We have had
a release of data and a suggestion that the release that has
been given by an individual that is now traveling around the
world has a dastardly impact on knowing the system of
collection of data, in the person of Mr. Snowden.
Can you speak generally to the idea of the impact, and can
you also express the reason for 70 percent of the intelligence
budget being used for contractors? I offer to you 2434 that is
asking for a study for that, a bill that I have introduced. But
I would like to know those two questions quickly, please.
Mr. Inglis. Yes, ma'am. On the first question, I would say
that the impact associated with Mr. Snowden's disclosures can
be very, very harmful. It is too soon to tell whether, in fact,
adversaries will take great note of the things that he has
disclosed. But those capabilities, sensitive capabilities give
them a playbook as to how they would avoid, right, the time and
attention of the U.S. foreign intelligence and, for that
matter, domestic intelligence organizations. So we are very
concerned about that.
Mr. Litt would like to take the second question on
contractors.
Mr. Litt. Yes, on the question about contractors, it is
important to differentiate between two kinds of contractors.
When we--when Lockheed Martin or somebody builds a satellite
for us, that is a contractor. And so, when you talk about 70
percent of the budget being contractors, and I don't know that
number offhand, but I will assume it is accurate, that includes
all the contracts for building of satellites, for rental of
space, and so on and so forth.
There is another category of contractors, which we call
core contractors, which are the people who work in the building
side-by-side with us. We have been working very hard to reduce
the number of core contractors. I think in the last 5 years, we
have reduced it by 36 percent.
Obviously, as a result of what has happened recently, we
are looking again at whether certain categories of employees
should not be contractors but should be made Government
employees.
Ms. Jackson Lee. Mr. Litt, we have had this discussion
before.
Mr. Goodlatte. The time of the gentlewoman has expired.
Ms. Jackson Lee. I think you need help, and I would like to
work with you on the legislation.
Thank you, Mr. Chairman. I would like to work with Mr. Litt
to get that done and get that more----
Mr. Goodlatte. The time of the gentlewoman has expired.
Ms. Jackson Lee. I yield back.
Mr. Goodlatte. The gentleman from Iowa, Mr. King, is
recognized for 5 minutes.
Mr. King. Thank you, Mr. Chairman. I appreciate this
hearing and the testimony of the witnesses.
And I would first turn to Mr. Litt. And if I remember in
your opening statement, you made mention that there wasn't
restriction on foreign intelligence surveillance prior to 1978
and the FISA court. Am I correct on that?
Mr. Litt. Yes, there was no judicial involvement.
Mr. King. And I would submit that every Nation that I know
of does foreign surveillance, and I don't know of other Nations
that have judicial interference with the national security
activity of foreign surveillance. And are you aware of any?
Mr. Litt. I can't speak for every Nation, but I think,
generally speaking, you are correct that other Nations do not
have their courts involved in foreign intelligence activities.
Mr. King. So we are relatively unique in that, and neither
do I understand why we would be concerned about the privacy or
I will say the manufactured constitutional rights of foreign
persons in foreign countries communicating with other foreign
persons in foreign countries. I don't know why we would worry
about their privacy.
And I don't know why we would worry about their privacy if
there is a nexus that might happen to be in the United States,
provided it didn't interfere with the rights of a U.S. person.
Would you agree with that?
Mr. Litt. Well, I think from the point of view of the
Constitution, it is correct that as the Deputy Attorney General
said, that foreigners generally aren't protected by the
Constitution. It is, nonetheless, true that we don't go out
indiscriminately even as to foreigners. We only collect
intelligence that has a valid foreign intelligence purpose.
Mr. King. Yes, I understand the decency of the American
people, but are we safer when we have judges deciding what we
can surveil in foreign countries when there are foreign
persons?
Mr. Litt. I think that we have found that the operation of
FISA so far has allowed us to collect the foreign intelligence
that we need to collect to protect the Nation.
Mr. King. And I am hearing that. Just another way of asking
questions about this. The phone companies collect a lot of
data, and it was mentioned that you like to keep that data for
5 years, the metadata. But some only keep it for a year and a
half.
If an agreement could be reached with the phone companies
to maintain that data for a 5-year period of time, the duration
that you request, wouldn't that be a firewall that would be
more reliable than having to have the facility to restore all
that data. Mr. Inglis?
Mr. Inglis. Yes, sir. A reasonable question, and I think
that there are some challenges that could be overcome. The
first is that those companies collect that data for their own
business purposes, not necessarily for the Government's.
And so, to rely upon what they hold themselves, there would
have to be some basis by which you could either compel them or
have some confidence that over time----
Mr. King. A contractual agreement perhaps?
Mr. Inglis. Pardon, sir?
Mr. King. A contractual agreement perhaps?
Mr. Inglis. Contractual agreement, possibly some liability
protection. I will leave the legal framing of that to those who
do statute and policy.
Two, you would have to have some confidence that you could
efficiently, quickly query that data.
Mr. King. Sure.
Mr. Inglis. And so, if you had multiple providers, upwards
of more than two providers, you would then run pillar to post
querying that data to----
Mr. King. Could I ask you to take a careful look at that
and come back to me with a--with really a serious, reasoned
answer? You are giving me a good answer so far. I would just
like you to dig in----
Mr. Inglis. Yes, sir, we will. So it turns out that the
Senate Select Committee on Intelligence, House Permanent Select
Committee on Intelligence, and the executive branch have all
asked us a question along those lines. We would be happy to
provide those to you.
Mr. King. Curious. Okay. Well, my clock is ticking down,
but I will stick with you, Mr. Inglis.
Now I am just going to ask this question, and it is not
really a hypothetical, but point it out this way. And I am
going to go through the list. So you have to check on each one,
and I will come back if I need to.
Do we have the ability to not necessarily listen in, but
track every phone call in the United States? That is one
question.
Second one, do we have the ability to track any email in
the United States? Do we have the ability to track Web site
activity, any Web site activity in the United States?
Do we have the ability to enter into active chat rooms and
in real time monitor? Do we have the ability to track any
electronic credit or debit transactions, including the ATM
transaction mentioned by the gentlelady from California? Do we
have the ability to locate cell phones that are active?
Do we have the ability to track GPS locators, whether they
are on vehicles or other devices? And then I know my clock is
running down, so I want to pour a little more in here.
It is reported by the Obama campaign that they profiled
voters with open source data and used that data to target
voters for turnout and voter suppression. The IRS has used
their search engine to target the President's political
enemies.
Now if we can go this far, if all of these things are
happening, if the answer is relatively yes to this list that I
have given, then I would charge that it would be likely
impossible to drive from Bangor, Maine, to Los Angeles without
leaving a data trail in this country. And all of these things
can be justified by the Constitution, by statute, by case law.
Am I close? And how would you respond to that big question?
Mr. Inglis. Yes, sir. If the predicate to each of those
eight questions is ``in the U.S.'' and if the further predicate
is ``can the NSA,'' the answer would be no to all of those
questions. Is it technically feasible to do some of those
things? Of course.
And some of those things are, in fact, done by marketing
organizations, by the telecommunications writers who attempt to
determine the flow and the allocation of resource bandwidth to
their resources. But the National Security Agency, as a foreign
intelligence entity, lacks the authority and, frankly, lacks
the collection to do the things that are on that list of eight
questions.
Mr. King. I would like to drill into that a little deeper
if I had the time, but I thank you and I will yield back.
Mr. Inglis. Sir, we would be happy to take a visit at NSA
or come down and talk to you in whatever detail you would
prefer.
Mr. Goodlatte. The Chair thanks the gentleman and
recognizes the gentleman from Tennessee, Mr. Cohen, for 5
minutes.
Mr. Cohen. Thank you, Mr. Chair.
First, I would like to make a point. One of the previous
questioners took the opportunity to attack the Administration
and said this Administration has used the ends to justify the
means in many areas.
I believe, Mr. Cole, you said that all these programs
started under the Bush administration and have not differed
from Republican and Democrat. Is that correct?
Mr. Cole. That is correct, sir.
Mr. Cohen. I appreciate your clearing it up. And then to
this question that the President and this Administration on the
IRS, I believe it has come out that they not only looked at Tea
Party, but they looked at liberal groups and any group that
they felt was more than 50 percent political to look at in IRS.
And it is wrong to question this President on those issues once
the facts have come out to show that it was not a partisan or
issue-driven area.
And I find--take umbrage on behalf of the Administration at
such questions and such allegations.
Now let me ask you this, sir. Mr. Snowden, what security
status did he have? He could see anything there that he wanted
to? Was he limited in what he had access to?
Mr. Cole. Let me put that over to Mr. Inglis.
Mr. Cohen. Sure.
Mr. Inglis. Mr. Snowden had a top secret special
compartmented intelligence clearance. That is standard for
someone in the U.S. intelligence community given access to top
secret information.
He, as a system administrator, had additional privileges
that he could then set the permissions on various devices
within the information systems, who could access things and how
you could move data around.
Mr. Cohen. Generally, how many people--how many people
generally are in the same level as he was to access this
information?
Mr. Inglis. Across the population--and again, in this
forum, I will be general in my description. But across the
population numbering in tens of thousands, and you would expect
hundreds of people would have those sorts of extraordinary
permission, system administrator permissions----
Mr. Cohen. So tens of thousands of people could have done
what Snowden did?
Mr. Inglis. No, sir. I would say that perhaps hundreds. And
could I make a further distinction between his privileges in
terms of what he could control?
Like any organization, NSA has a side of its information
architecture that is intended to make information available to
people so that they might discover capabilities, they might
find each other, they might pass email to each other. It is
intended to be a free exchange of information.
But then there is a production side that is much more
rigorously controlled, and there is a need-to-know rule,
philosophy on that side. Now Mr. Snowden took ruthless
advantage of the former and did not have access to the latter,
except in some limited circumstances in the training that he
undertook in the last few months of his----
Mr. Cohen. I asked in a letter, and you responded to me--I
believe I got it last night--about the background on the
security processing of Mr. Snowden. And I was concerned that a
high school dropout, not that there can't be great high school
dropouts, but it shows you can't meet certain criteria.
Because basically finishing high school is you are going to
jump through the loops. That guy wouldn't jump through the
loops, and he has shown at other places he wouldn't jump
through the hoops and he wouldn't do that. To put him in that
type of top security level, I think, is questionable.
But it was said that the Associate Directorate for Security
and Counterintelligence begins the clearance process. Is any of
the work of the Associate Directorate for Security and
Counterintelligence contracted out, or is that all done by
Government employees?
Mr. Inglis. I think the determinations of whether to grant
a clearance or not, that is an inherently governmental
function. And so, that would be retained by Government
employees. But in the investigation, the determination of the
facts and circumstances associated with anyone's clearance
determination, some of that would be contracted out.
And I could provide the details----
Mr. Cohen. Does it concern you at all? Should it be
contracted out, or should that be strictly in-house?
Mr. Inglis. There is an inherently governmental decision to
be made in that, and that, therefore, should be withheld and
retained inside the Government. The production of information
in terms of conducting interviews, investigations, I think that
some of that can be reasonably contracted out such that the
synthesis and an examination of that is done by someone that
has the higher trust.
Mr. Cohen. And how did Mr. Snowden take this data with him?
He has got certain information in Moscow with him now. How did
he do that?
Mr. Inglis. Sir, I don't actually know precisely how he
took the information with him, and it is a matter of
investigation. I think in due course, we will know, and we
would be happy to provide that to you.
Mr. Cohen. But he would have probably taken it on some type
of a disk or some type of a little with him?
Mr. Inglis. I just----
Mr. Cohen. From a secure facility, I presume----
Mr. Inglis. I would just be speculating. I think that that
is possible.
Mr. Cohen. Well, should there not be some changes in the
procedures to make sure that people don't leave that secure
facility with disks or anything else?
Mr. Inglis. Mr. Cohen, I would say that we are examining
all of that. There are some controls already in the system
about who can download to secondary storage devices----
Mr. Cohen. All right. Let me ask Mr. Cole. You mentioned
that the judges come from different Administrations, the FISA
judges. Would it surprise you to know that 10 of the 11 judges
all came--were appointed by Republican Presidents?
Mr. Cole. These are--it wouldn't surprise me. It wouldn't
surprise me either way. These are selections that are made by
the Chief Justice.
Mr. Cohen. By the Chief Justice, who is a Republican
appointee. And he has picked--10 of the 11 judges he has picked
were appointed by Republican Presidents. Yet if you go back
over history, back to Jimmy Carter, it is about the same number
of years. There is a difference of 4 of Democratic and
Republican Presidents. But he chose Republicans.
Do you think there should be some change to make sure that
there is possibly an ideological balance on that FISA court?
Mr. Gowdy [presiding]. You can answer the question. The
gentleman's time has expired, but you can answer the question.
Mr. Cole. I think those are issues that we can discuss,
that we try to take partisan politics out of the judicial
aspect of it, and it operates, I think, best when it is
insulated from that.
Mr. Cohen. I thank the panel, and I thank the gentleman
from the Palmetto State.
Mr. Gowdy. Thank the gentleman from the Volunteer State.
The Chair would now recognize the gentleman from Texas,
Judge Poe.
Mr. Poe. Thank the Chair.
Thank you for being here.
My background is, as the Chairman just mentioned, a judge.
I spent 22 years at the criminal courthouse in Houston trying
everything from stealing to killing. So I don't like criminals
at all.
But I have looked at the Constitution and read it, and I am
going to just read you one thing, one phrase that all of you
know probably by memory. It is the Fourth Amendment, ``The
right of the people to be secure in their persons, houses,
papers, and effects against unreasonable searches and seizures
shall not be violated. No warrants shall issue, except upon
probable cause, supported by oath or affirmation, and
particularly describing the place to be seized and searched and
the persons or things to be seized.''
And as we all know, generally speaking, historically,
warrants are brought to judges by law enforcement and the judge
signs or doesn't sign the warrant, issuing the paper to go out
and seize that person in that specific place.
Now I have read that numerous times, and I don't see in
here anywhere as an exception for national security. Do any of
you see a national security exemption to the Fourth Amendment?
Mr. Litt. There is not a national security exemption, but
several courts have held that there is--that the warrant
requirement of the Fourth Amendment does not extend to the
conduct of foreign intelligence. That is not to say that the
reasonableness requirement doesn't apply.
Mr. Poe. Okay.
Mr. Litt. But the warrant requirement----
Mr. Poe. I just have a little bit of time. I understand
your answer. We are not talking now about foreign intelligence.
Let us set the foreign issue and terrorists overseas where they
are running wild, set that aside.
Let us talk about searches and seizures in the United
States of American citizens. Question, is there a national
security exception to the Fourth Amendment when it comes to
American citizens in the United States? Do you see that in the
Fourth Amendment, any of you?
Mr. Litt. Again, there is not a national security
exception. There is a case of the Supreme Court called United
States v. United States District Court. It is possible to have
foreign intelligence collection against Americans, and I offer
you the situation of an American who is a spy for Russia. We
can be collecting valid foreign intelligence there, even though
that person is an American.
It happens that the Congress, in the FISA, has established
warrant requirements for electronic surveillance and so on.
Mr. Poe. I understand that. But the Fourth Amendment
doesn't give that example.
Mr. Litt. With due respect, there are cases that say----
Mr. Poe. Okay.
Mr. Litt [continuing]. There is an exception----
Mr. Poe. We are going to argue until the sun goes down. The
Fourth Amendment doesn't mention national security exception
when it comes to the Fourth Amendment. That has been expanded
throughout the years because of FISA, because of court rulings,
but it is not in the Fourth Amendment.
And I think that we should remember that the Fourth
Amendment was written because of what was going on with King
George III, how he was going into people's homes in the United
States--the Colonies in those days--and seizing things with his
Redcoats without a warrant. That is the basis of it.
And I hope we don't get to a point in this country in the
name of national security that we infringe and bruise the
Fourth Amendment. I don't know about the four of you----
Mr. Nadler. Would the gentleman yield?
Mr. Poe. I won't. Sorry. I don't know about the four of
you, but I have been in the former Soviet Union when it was--we
can't use this word anymore--Communistic. And I was there, and
the actions of the citizens were constantly under surveillance
by government.
And anything that was done, the government would say we are
doing this for national security reasons because of those bad,
old Americans overseas. We go into your homes. We bruise the
concept of rights all in the name of national security.
That concerns me, and I hope, as we move forward as a
Congress, we rein in the concept that it is okay to bruise the
spirit of the Constitution in the name of national security.
Question, people who have had their--the law NSA violated.
I think Snowden, I don't like him at all, but we would have
never known what happened if he hadn't have told us. Do they
have a recourse against the Government for improperly seizure
of their records? Is there a recourse?
Mr. Gowdy. You may answer the judge's question. His time is
expired, but you may answer the judge's question.
Mr. Cole. It depends on the nature of that seizure,
depending on where they came from. For example, if it comes
from a third party, it is not necessarily their records. But
the phone company can certainly challenge the subpoenas. And if
it was to be used against them in a court, they would be in a
position to be able to challenge that use.
Mr. Poe. I thank the Chairman. I have other questions I
would like to submit for the record for the four panelists.
Mr. Gowdy. And I am confident that one of your colleagues
will yield you time, Your Honor, since you have made it known
that you want it. And if they won't, I will give you mine.
The Chair will now recognize the gentleman from Georgia,
Mr. Johnson.
Mr. Johnson. Thank you, Mr. Chairman.
Mr. Cole, to follow up on some of the principles that you
were just talking about, are you familiar with the case of
State v. Maryland back in 1979, U.S. Supreme Court?
Mr. Cole. Smith v. Maryland?
Mr. Johnson. Yes.
Mr. Cole. Yes, I am, sir.
Mr. Johnson. Having to do with telephone records. Is that
correct?
Mr. Cole. That is correct.
Mr. Johnson. And the question was whether or not there was
a Fourth Amendment privacy interest in telephone records held
by the telephone company?
Mr. Cole. That is correct. That was the issue.
Mr. Johnson. And how did the court rule on that issue?
Mr. Cole. The court ruled that there was no reasonable
expectation of privacy in those records because they really
belong to the telephone company. They didn't belong to the
individual who they related to.
Mr. Johnson. Now is that case applicable to the case or to
the issue of collection of metadata?
Mr. Cole. Yes, sir, it is.
Mr. Johnson. All right. And so, it was the collection of
metadata, domestic-to-domestic phone calls metadata--not
content, but metadata. Domestic-to-domestic, domestic-to-
foreign, foreign-to-domestic. Is that correct?
Mr. Cole. That is correct. That is the metadata that we are
talking about here.
Mr. Johnson. That is the program that Edward Snowden
revealed. Is that correct?
Mr. Cole. That is correct.
Mr. Johnson. And he also revealed a program called the
PRISM program. Is that correct?
Mr. Cole. That is correct as well.
Mr. Johnson. The PRISM program was a program that enabled
the collection of Internet metadata, not content. Is that
correct?
Mr. Cole. No, that is not correct.
Mr. Johnson. That is not correct. Okay. Explain to me what
the PRISM program----
Mr. Cole. PRISM, and I can defer to some of my colleagues
if I get any of this wrong. PRISM is under the 702 provision,
which allows collection of content, but it is only content of
non-U.S. persons who are reasonably believed to be outside of
the United States.
Mr. Johnson. Okay. So that is the PRISM program which
collects data, including content, from foreign communications,
and then there is a minimalization process of eliminating
domestic-to-foreign or foreign-to-domestic communications that
were not relevant to national security. Is that correct?
Mr. Cole. That is generally correct, or some serious
impending death or something like that, if there is an
emergency. But generally, that is correct.
Mr. Johnson. Now that program, certainly we don't want our
adversaries to know of what we are doing to watch them and to
surveil them, foreign intelligence collection. We certainly
don't want that to be exposed to the public?
Mr. Cole. No, sir. We do not.
Mr. Johnson. We need that to be kind of secret. But with
respect to the data collection of domestic-to-domestic
metadata, why is it necessary that the American people not know
of that program? Why is it that that program has to be
confidential, classified, secret?
Mr. Cole. I wasn't there at the time that it was
classified, but I can give a little bit of speculation. The
more people know about the way we go about trying to identify
terrorist networks, the more they will avoid the kinds of ways
that we use to do that. They may start to avoid communicating
through phones.
Mr. Johnson. If they can't communicate through phones or
can't communicate over the Internet, what will they do? Take a
can on one end and put a string through it, and a can on the
other end? Would they communicate like that?
Mr. Cole. It may be more difficult for them to communicate,
but they may find other ways or other mechanisms or other
providers to do it through.
Mr. Johnson. Well, it is always going to be a cat and mouse
game in that regard.
Mr. Cole. That is correct.
Mr. Johnson. The American people, in my opinion, should
know of the activities that affect them, the collection of
telephone metadata is not personal information. However, the
Government collecting this information and creating a database
with which it can then use to investigate information that is
acquired from foreign sources related to national security or
terrorist act, the American people may conclude that they want
their Government to collect that data.
But if they don't know that the Government is collecting
the data and then they find out after it is leaked by someone
who thinks that it is illegal, they find out in that way and
then they start to lose confidence in their Government. Is that
the situation that we find ourselves in today, anyone?
Mr. Gowdy. The gentleman's time has expired. You may answer
the question.
Mr. Johnson. And by the way, I am a former judge, too.
[Laughter.]
Mr. Gowdy. Your Honor, had I known that, I would have
addressed you appropriately. Please accept my apologies, Your
Honor.
Mr. Johnson. Thank you. Thank you, Mr. Chairman.
Mr. Cole. I think that is always the kind of issue that we
wrestle with, which is the issue of trying to balance the need
to protect the secrecy of some of these programs so that they
will be effective with the need to be as transparent as we can
about it because that is the kind of society we live in, where
people participate in the decisions of government.
So those are always difficult balances to find, and that is
the one we are trying to find and we find ourselves in right
now.
Mr. Johnson. Thank you.
Mr. Gowdy. Thank you, Judge Johnson.
The Chair would now recognize the gentleman from Idaho, Mr.
Labrador.
Mr. Labrador. Thank you, Mr. Chairman.
You know, I think more important than balancing those needs
is to balance our liberties with our security, and I think that
is what we are all concerned about today. We are looking at a
system that is allowing the Government to collect everybody's
metadata.
And just recently, I had the opportunity to travel through
a series of countries, and I won't mention which country it is,
but I was told before I went to that country that it was a
police state. And I had heard that term my entire life. I had
never really understood what it meant.
I had heard about the USSR and other Nations that were
constantly surveilling their citizens and the people who
visited that country, and I had never experienced what I
experienced when I was there. Where I actually felt, literally,
like I was being observed in very place that I went.
And the place was very secure. The place was very safe.
There was very little crime. There were very few things
happening. But it was because people had given up their liberty
in exchange for security.
And I think that is what this Committee and I think what
most Americans are concerned about, that we are going to give
up our liberties in exchange for security. So I just have a few
questions.
Mr. Litt, you said in your introductory statement that this
was not a rubber stamp, that the judges were not a rubber
stamp. But I had a hard time following your argument because
your argument seems to be that because the judges are actually
reading the material, it is not a rubber stamp. That seems to
be a nonsensical argument to me.
I can either rubber stamp something by reading the material
or not reading the material. That doesn't seem to be a
determination of whether somebody is rubber stamping something.
It seems to me that the difference--I was a criminal defense
attorney. Never a judge, just a criminal defense attorney.
Mr. Litt. There is still time, sir.
Mr. Labrador. But no thank you. And it seems to me that
there is always a check and balance on the power of the
Government. Even when you go get a warrant when something
happens, you still have an adversary on the other side who can
contest it in court, who can contest it in hearings, who can
contest all those things. But that is not happening in the FISA
court.
How can we address that?
Mr. Litt. So I have a couple of things to say, if I would?
On your first point about the FISC being a rubber stamp, it is
not just that they read the opinions. I mean, the idea of a
rubber stamp is that they don't think about it. They just say
you are giving me this, approved. And my point is that is not
what happens.
They not only read it. They ask questions. They think about
it. They push back. They do a careful study and analysis. So it
wasn't--I didn't mean to suggest that it is only because they
read the----
Mr. Labrador. Okay. All right.
Mr. Litt. On your second point, if I can just get
philosophical for a second, this goes to one of the other
points that I made in my opening remarks, and that is that what
we have here is not--is the oversight of intelligence
activities. It is not a litigation. It is not a criminal trial.
It is not a civil trial.
This is a situation----
Mr. Labrador. And I understand that, but let me stop you
there. And again, like Judge Poe did just a minute ago, I am
not so worried about Section 702. I am not so worried about
foreign intelligence. I am worried about you are gathering my
information. It is my personal data that right now the United
States has, and I am concerned about that.
I am concerned about you having the data, the metadata of
every single American, and I think there should be some
mechanism for us to be able to counter whatever the--and I have
all respect for judges. I served as a lawyer for 15 years. They
were usually right, and I was usually wrong. At least I would
tell them that.
And I have a great respect for the legal system, for the
judiciary system. But I am concerned when you don't have
somebody on the other side, advocating for the rights of
citizens of the United States, and it is something that we need
to discuss here in this Committee and we need to figure out.
Now let us go to Smith v. Maryland. Mr. Cole, you mentioned
Smith v. Maryland. It is totally not an analogous case, I
believe, to what we are talking about here. What in the FISA
statute or in the PATRIOT Act allows you to collect the data of
every single American? That is what I am not understanding.
Because even if you follow Smith v. Maryland, you are
talking about one individual who was suspected of committing a
crime, and now you are telling me, and we have just recently
learned, that we are collecting the metadata of every single
American. And that concerns me.
Mr. Cole. I think there are two different issues that are
involved here. Smith v. Maryland only goes to the issue of
whether the Fourth Amendment applies to this kind of data, not
whether the Fourth Amendment prohibits or allows the kind of
collection under 215. That is a separate issue, and that is
governed by the provisions of the statute of Section 215, which
requires that in order for a court to approve the collection
method that is being put forth, it must have demonstrated to it
that the data is relevant to the investigation of the specified
terrorist groups.
The relevance is found in the combination of the two
orders. The limitations first, where the court says you can't
just roam through this any time you want, for any purpose you
want, any day you want, any time you want. That cannot be done.
You must find reasonable, articulable suspicion that the number
you want to query is related to one of these terrorist groups.
Mr. Labrador. And I understand that. I believe that this
argument, before my time has expired, but I think that
determination has to occur before you collect the data, not
after you collect the data. And I think that is what is wrong
with what you guys are doing at this time.
But I appreciate your service. I appreciate you being here
today.
Mr. Gowdy. I thank the gentleman from Idaho.
The Chair will now recognize the gentlelady from
California, Ms. Chu.
Ms. Chu. Thank you, Mr. Chair.
I was listening to the steps that you outlined for actually
doing a query for the metabase, the metadata. And you were
describing it as a way of showing what kind of constraints you
use on this information.
So, Mr. Inglis, I would like to ask this. It sounds to me
like, first, you have determined that the phone numbers of all
the American people is relevant. Then in order to actually
query the database, you have to establish reasonable,
articulable suspicion. And in order to do that, you have said
that 22 people at NSA can approve the query.
I wonder why is it that these 22 people have this power?
They appear to be acting like court judges, and why would they
be performing the job that the FISA courts were set up to do?
In other words, shouldn't the agency go to a FISA court to
seek to retrieve data from a third party's database when they
actually have need of specified information, and who are these
22 people?
Mr. Inglis. So the court, in its order, has prescribed that
particular procedure, has prescribed that those people, that
number of people would have that authority, and that those
people would follow court-ordered procedure and that they be
trained to a standard, again approved by the court. And so,
that is how we came to that particular implementation.
Defer to Mr. Cole for any of the legal analysis under that.
Mr. Cole. I think the only issue that I would take with how
you describe it is by saying you first have to define or find
that all of those records are relevant. This is a combination
of two different court orders that come together, and they have
to be read together as you look at this.
So it is not just one or the other. It is a whole program
that is put together and presented to the court with the
limitations and the oversight and the restrictions on how it
can be accessed. Only with all of those considered as a whole
does the court then make the relevancy determination.
Ms. Chu. Well, then let me continue on with the description
that you gave with regard to how you proceed along these lines,
which is that after they approve it, then it appears that after
the fact you have an audit, and then you file papers with the
court on this audit. And then the Department of Justice reviews
it.
Mr. Cole. It is not exactly in that order, and again, Mr.
Inglis can correct me if I am wrong. There is the documented
reasonable, articulable suspicion that takes place ahead of
time. That is then reviewed again by supervisors ahead of time
to make sure that it is being done properly and the standards
are being applied properly.
The query is then made. On a periodic basis, the Department
of Justice and the Office of the Director of National
Intelligence, the Inspector General for NSA all sample and look
at these things to make sure that, in fact, it is being applied
properly and that it is being done properly and that there
aren't any misapplications of it.
And there are periodic reports that go to the court of any
compliance problems. We have to talk about every 90 days
getting renewed authority. And when there are any issues that
come up and any problems that are discovered, they are reported
to the Congress and to the Intelligence and the Judiciary
Committees as well.
So there are a lot of different checks and balances and
audits that go on, both before the query is made, as well as
after the query is made. And if there are problems found with
the query, then that is all fixed, and whatever is collected is
remediated.
Ms. Chu. Well, my concern with regard to the second half is
that it is retroactive, and it seems that more of the
protection should be on the first half of these steps that you
are talking about. And are those documents with regard to your
DOJ reviews of the queries, are those available to this
Committee?
Mr. Cole. I would imagine that those would probably be
classified documents. I would have to go back and check, but
that is--it certainly would look at the facts that we have and
how we get them and what the nature of them is. So my guess
would be that those would be classified.
Ms. Chu. Are they--well, you said they were reviewed by
Congress, but where?
Mr. Cole. I think that the review takes place. There are
reports that are made. When leadership of the Committee or
other aspects of the Committee want briefings in classified
settings, those are arranged as well.
Ms. Chu. Okay. Well, let me ask also about the issue of
court documents. I understand that secrecy is essential when
conducting any intelligence investigations. But we have to
ensure that these efforts are working within the legal
framework of the Constitution.
We learned earlier this week that a FISA court agreed to
declassify documents from a 2008 case in which Yahoo! raised
concerns about NSA's data collecting program, and other
requests have been filed by companies that are in similar
situations. What is the harm in releasing this type of
information? Shouldn't the American public be informed about
how this type of information is collected and used, and why
couldn't you redact the information that is of security
concern?
Mr. Gowdy. You may answer the question. The gentlelady's
time has expired, but you may answer her question.
Mr. Litt. I think we all agree that that is something that
should be done. It is difficult to do because, frequently, the
classified information is fully intertwined with the legal
analysis. But we recognize that it is our obligation to make as
much of this available to the public as we can, and we are
working as hard as we can to accomplish that.
Ms. Chu. Thank you.
Mr. Gowdy. Thank the gentlelady from California.
The Chair will now recognize the gentleman from Texas, Mr.
Farenthold.
Mr. Farenthold. Thank you, Mr. Chairman.
I don't know where to start here. I have got so many
questions. I guess I will start with Mr. Cole.
Do you see any limitation under the Fourth Amendment or the
PATRIOT Act on the Government's power to gather information in
mass on people?
Mr. Cole. Yes, sir. I see very many limitations from both
the Fourth Amendment and from the PATRIOT Act and from the FISA
Act. There are many, many limitations that are put in and many,
many checks and balances, both through the United States
Congress and the courts.
Mr. Farenthold. All right. So let us go over a couple of
those. I assume you would have to go to the FISA court, and
those are one of the checks and balances. Could you go to the
FISA court and argue that you had a right to obtain, say,
either an individual's or every American's tax return. Could
you argue that with a straight face?
Mr. Cole. Well, I think they----
Mr. Farenthold. I have got a long list of them. Yes or no.
Mr. Cole. Any individual's tax return, there are separate
laws that cover the acquisition of tax returns.
Mr. Farenthold. All right. So you can get tax returns.
Could you get at somebody's permanent record from school?
Mr. Cole. If it was relevant to the investigation, you
could go to the FISA court and ask for that----
Mr. Farenthold. Could you get somebody's hotel records?
Mr. Cole. If it was relevant to the investigation.
Mr. Farenthold. Could you get records of everybody who
stayed in a particular hotel at any time?
Mr. Cole. If you can demonstrate to the court that it is
relevant to the investigation.
Mr. Farenthold. Okay. Could you--you could get my Visa/
Mastercard records?
Mr. Cole. If I can demonstrate to the court that it is
relevant----
Mr. Farenthold. All right. Could you demonstrate, could you
argue with a straight face you could demonstrate the court to
create a database of everybody's Visa and Mastercard, every
financial transactions that happened in the country because
Visa and Mastercard only keep those for a couple of years?
Mr. Cole. Mr. Farenthold, that is all dependent on exactly
what I am investigating and what the relevance of information
would be and how it would be used and how it would be limited.
All of those factors have to go into it. It is not a simple yes
or no, black or white issue. It is a very complicated issue.
Mr. Farenthold. Could you get Google searches?
Mr. Cole. I am sorry, sir?
Mr. Farenthold. Could you get all the searches I made on a
search engine?
Mr. Cole. Again, it would depend. I would have to make a
showing to the court that that kind of information was relevant
to the investigation.
Mr. Farenthold. Could you get all Google searches and then
come back and say we are going to search them later when we
have got that information?
Mr. Cole. It would depend on the way that I would be able
to search them. And again, under 215 of these--of this statute
that we are talking about, it is only if I can show that it is
related to specific terrorist organizations. It is not for
anything under the sun.
Mr. Farenthold. Can you get the GPS data from my phone,
too, probably?
Mr. Cole. I am sorry?
Mr. Farenthold. You can probably make a good argument for
getting the GPS data out of my phones or the mappings off where
I use on my phones, too?
Mr. Cole. Again, there is great limitations on how I can do
that and only if it is relevant to an investigation of those
specific terrorist organizations.
Mr. Farenthold. All right. But how is having every phone
call that I make to my wife, to my daughter relevant to any
terror investigation?
Mr. Cole. I don't know that every call you make to your
wife or your daughter----
Mr. Farenthold. But you have got them.
Mr. Cole. I don't know that they would be relevant, and we
would probably not seek to query them because we wouldn't have
the information that we would need to make that query.
Mr. Farenthold. But somebody like Mr. Snowden might be able
to query them without your knowledge?
Mr. Cole. I don't believe that is true, but Mr. Inglis
could answer that. I don't think he would have access to that
or be able to do it.
Mr. Farenthold. Okay.
Mr. Inglis. We don't believe that he could query those
without our knowledge, and therefore, those would be caught.
Mr. Farenthold. All right. That is slightly reassuring.
The Fourth Amendment specifically was designed, as Judge
Poe pointed out, to prohibit general warrants. How could
collecting every piece of phone data be perceived as anything
but a general warrant?
Mr. Cole. Because the phone data, according to the Supreme
Court, is not something within which citizens have a reasonable
expectation of privacy. It belongs to the phone company.
Mr. Farenthold. So do I have a reasonable expectation of
privacy in any information that I share with any company, my
Google searches, the email I send? Do I have a reasonable
expectation of privacy in anything, but maybe a letter I hand
deliver to my wife in a skiff?
Mr. Cole. Those are all dependent on the facts and
circumstances of the documents we are talking about. In the
case of metadata, the Supreme Court specifically ruled that
there was not coverage by the Fourth Amendment because of no
reasonable expectation of privacy.
Mr. Farenthold. I just want to point out how concerned I am
about this data being so easily available, and just with a
stroke of a pen, Congress and the President could change the
search criteria as to what is searched or change the definition
of a terrorist or search--the fact that this data exists in the
hands of the Government. We saw what the IRS has done with tax
returns, targeting people for political belief.
Let me ask you one other quick question. Why do these
orders not violate the First Amendment? We have talked a lot
about the Fourth Amendment, but why doesn't it violate the
First Amendment, my right to freedom of association and my
freedom of speech, having the Government know who I am talking
to and when?
Mr. Cole. Again, these are issues that are looked at by the
court in determining whether any constitutional rights are
involved. We don't know who it is that has a specific phone
number that is being called under this.
Mr. Farenthold. And you can't look that up on one page on
the Internet?
I yield back.
Mr. Gowdy. The gentleman's time has expired.
The Chair will now recognize the gentleman from Florida,
Mr. Deutch.
Mr. Deutch. Thank you, Mr. Chairman.
Mr. Chairman, like many Americans, I was shocked by the
revelations that the NSA has been secretly collecting phone
records, Internet data on millions of Americans, thanks to a
lawfully issued warrant approved by the Foreign Intelligence
Surveillance Court, often called the FISA court. Many Members
of Congress, myself included, were left completely in the dark
about the extent of the NSA's data mining program, and I worry
about the balance between legitimate national security needs
and the constitutionally protected rights of all Americans.
The Government is stockpiling sensitive personal data on a
grand scale. Intelligence officers, contractors, and personnel
only need a rubber stamp warrant from the FISA court to then
learn virtually everything there is to know about an American
citizen.
The American people have a right to know about this program
and at the very least know that such a program is operating
within our system of checks and balances. And I believe
Congress has a constitutional obligation to protect individual
privacy rights, and I believe it is time to reexamine the
PATRIOT Act, insert greater accountability into the FISA court,
and ensure that our laws cannot be interpreted behind the backs
of the American public.
With this hearing, this Committee has begun this important
work of oversight and repair, and I thank the Chairman and the
Ranking Member for calling this hearing. I thank the witnesses
as well for participating.
Mr. Cole, I want to ask you about the October 2011 letter
sent by then-Assistant Attorney General Ronald Weich to
Senators Wyden and Udall regarding Section 215. The disturbing
information that Senators Wyden and Udall learned, however, was
classified and was, thus, kept from the American public and
even most Members of Congress.
Now Mr. Weich seemed to imply in his response to Senators
Wyden and Udall that because Congress, or at least a select
number of Members of Congress anyway, received intelligence
briefings in accordance with the PATRIOT Act that there is no
cause for alarm that the Government was using some sort of
secret law, secret law to expand its surveillance activities.
Now the PATRIOT Act was passed in response to the horrific
attacks on 9/11, designed to bolster national security by
expanding the investigative techniques used by the Government
and law enforcement officials to hunt down suspected
terrorists, something that we all agree is important. But
Section 215 had a standard of relevance, and there had to be
concrete information linking a person to a terrorist
organization before the NSA could secure that person's
information.
Instead, what we have learned is that the FISA court has
essentially rewritten Section 215 to say that any and all
person's records may be considered relevant, therefore allowing
the NSA to indiscriminately collect sensitive data on all
Americans. The fact is in 2012, the Government made 1,789
requests to conduct electronic surveillance. The court approved
1,788, and the Government withdrew the other.
Now as a Member of Congress who was not privy to those
intelligence briefings, I had to accept Mr. Weich's assurance
that there is no secret law. But in the aftermath of these
recent leaks, however, it seems that there may be secret laws.
Laws not passed by Congress. Laws not publicly interpreted by
the Supreme Court, but rather secret laws born out of a
classified interpretation of the PATRIOT Act by the FISA court.
The New York Times recently reported that the FISA court
has quietly become almost a parallel Supreme Court, serving as
the ultimate arbiter on surveillance issues. I would point out
with only the arguments of the Federal Government alone to be
considered.
Now even a former FISA judge has come forward with concerns
that the body has become a de facto administrative agency,
which makes and approves rules for others to follow. Now that
it has become public that FISA courts have broadly, perhaps
even unconstitutionally, redefined the relevance standard in
Section 215, is it still the department's position that the
Government isn't essentially operating with a secret playbook?
Mr. Cole. Mr. Deutch, I don't think we are operating with a
secret playbook. There is, again, as we have discussed in many
instances in our hearing today, the tension that exists between
maintaining the integrity and the secrecy of some of the
national security investigative tools that we use and making
sure that people know about it.
We have, in the course of the reauthorization of the
PATRIOT Act, on several occasions done classified briefings,
made individual----
Mr. Deutch. Mr. Cole, I am sorry to cut you off, but I only
have a second left. Let me just broaden the question then for a
second because I am speaking about these decisions that the
FISA courts make as the supreme arbiter of this law.
And stepping back for a moment at a more basic level, does
the panel understand why the American people may find this
revelation shocking, that secret court rulings could expand the
powers of the Federal Government beyond perhaps what was
originally authorized by law and that an entire chapter in our
laws is being written outside of the three branches of
Government altogether?
Mr. Cole. I think, again, this is an area where we are
looking to see what kinds of opinions from the FISA court we
can make public. These are things that we are trying to do and
trying to go through.
All significant opinions and all significant pleadings that
have been filed with the FISA court are made available to the
Committees, to the Intelligence Committee and Judiciary
Committee, so they can see them. We are not trying to keep them
secret. We are just trying to maintain the classified nature of
some of these.
But these are issues that we are trying to grapple with and
trying to determine what we can let out so that we can have
this broader discussion.
Mr. Gowdy. I thank the gentleman from Florida.
The Chair would now recognize the gentleman from North
Carolina, the former United States attorney, Mr. Holding.
Mr. Holding. Thank you, Mr. Chairman.
In a different professional capacity, I successfully used
FISA warrants to investigate, disrupt, and prosecute terrorists
and terrorist acts, and I can attest that not only are they
effective, but there are very high burdens and hurdles to use
FISA warrants. And they are significant.
But I want to step for the few moments that I have outside
of the prosecution of terrorism and investigation of terrorism
and just talk about the use of telephone records in everyday,
garden-variety criminal cases, whether they are public
corruption cases, fraud cases, drug cases. And Mr. Cole, I will
direct my questions to you.
If you could step through for us how the Department of
Justice prosecutors and investigative agencies obtain telephone
records just in garden-variety cases and how they are
ultimately used?
Mr. Cole. There are two different ways we do it, pursuant
to the law. Historical telephone records that exist for prior
calls we can get with grand jury subpoenas in a normal criminal
case. Those can be issued by a prosecutor, delivered to the
telephone provider, and ask for a range of data.
Mr. Holding. So no judicial involvement, just a grand jury
involved?
Mr. Cole. There is no judicial involvement, just the grand
jury involvement, and the prosecutor defines the scope and the
nature and the numbers that are involved.
Mr. Holding. So the prosecutor could request telephone
records going back as long as they want to, the only limitation
being does the telephone company still have those records?
Mr. Cole. There would be one additional limitation. The
telephone company could challenge the subpoena as being overly
burdensome and irrelevant to any reasonable investigation, and
the court could take that up, which would be in a sealed
proceeding because it is a grand jury proceeding. So it
wouldn't be public.
Mr. Holding. And what would the standard be that the judge
would use to evaluate the motion to quash?
Mr. Cole. Generally, relevance to the investigation.
Mr. Holding. So the Fourth Amendment doesn't come into play
there?
Mr. Cole. Not for telephone records. It does not.
Mr. Holding. And this is available to prosecutors, Federal
prosecutors across the country?
Mr. Cole. Yes, it is.
Mr. Holding. And the only showing that they have to make to
the grand jury is what, that it is relevant?
Mr. Cole. That it is relevant.
Mr. Holding. And once you have gotten the telephone records
and it shows let us say hits between the person, the subject
that you are investigating and a relevant other person in the
investigation, then what do you do to start listening to those
telephone calls?
Mr. Cole. Well, if we wanted to listen to any telephone
calls, and that would obviously be just telephone calls that
would start happening into the future, we would have to go to
the court and seek authorization under Title III of the U.S.
Code to get a wiretap. And we would have to show probable cause
to believe that, in fact, the person talking on the phone was
involved in criminal activity and that through that phone they
were discussing criminal activity. And we would obtain evidence
of that criminal activity by listening to the calls.
Mr. Holding. Would you hazard to make a guess of how many
wiretaps are in use on a daily basis?
Mr. Cole. I couldn't hazard a guess, but there are a fair
number of them.
Mr. Holding. Probably hundreds perhaps?
Mr. Cole. Probably.
Mr. Holding. As far as my friend Mr. Scott was talking
about, if you find evidence of some other criminal conduct
during an investigation, let us say during a Title III wiretap,
you are investigating one crime, you hear a conversation that
suggests that another crime is being committed, are there any
limitations on use?
Mr. Cole. Generally not, other than the restrictions on how
you can use wiretap information. There are restrictions on that
and the secrecy that is involved in those and the protection of
innocent calls. But generally, you can use that information if
it relates to other criminal conduct, according to the rules of
procedure in the law.
Mr. Holding. So in my take-away, having heard you describe
in detail how the 215 program works and the 702 program works,
the restrictions and the limitations on use from those two
programs is much more restrictive and limited than what
prosecutors and law enforcement are using on a daily basis
throughout the United States investigating garden-variety
crimes being committed by U.S. citizens?
Mr. Cole. In the main, there are some differences here and
there. For example, the burden to get a wiretap may be a higher
burden than for 702 coverage, but it is a different burden if
we wanted to do a FISA for somebody in the United States. That
would be, again, a probable cause standard, but probable cause
that they are involved in foreign intelligence.
Mr. Holding. Thank you, Mr. Chairman. I yield back.
Mr. Gowdy. I thank the gentleman from North Carolina.
The Chair will now recognize the gentlelady from
Washington, Ms. DelBene.
Ms. DelBene. Thank you, Mr. Chair, and thank all of you for
being here today.
Last month, when Director Mueller appeared before this
Committee, I stated that I agree with those who believe that
greater transparency about the requests that governmental
entities are making to Internet companies and providers will
help inform the discussion that we are having on balancing
national security with privacy rights and civil liberties.
And one of the questions that I asked the Director was how
the FBI and the Department of Justice will respond to the
request by Google that it be permitted to provide reports of
the number of FISA national security requests it receives, as
well as their scope.
And at the time, Director Mueller noted that this was being
looked at. And so, I was wondering, Mr. Cole, if you are able
to share with us what the response is to this request?
Mr. Cole. Unfortunately, this is a matter that is currently
before the court. It is in litigation. So I can't say too much
about it, other than to reiterate what Director Mueller said,
which is this is a matter that we are, in fact, looking at and
take seriously.
Ms. DelBene. Now we do have some data that is out there
already because in March of this year, Google worked with--I
believe Google worked with the DOJ and the FBI to disclose in
broad strokes the number of national security letters that
Google receives. Correct?
Mr. Cole. That is correct.
Ms. DelBene. And so, we do have some information. Do we
know whether that information that was released has had any
impact on national security?
Mr. Cole. Generally, it is hard to tell unless you have a
substantial period of time afterwards as to whether or not it
has an impact. So we haven't had enough time yet.
Ms. DelBene. Okay, thank you.
The public also now knows that the telephone metadata
collection is under Section 215, the business records provision
of FISA, and that allows for the collection of tangible things.
But we have also seen reports of a now-defunct program
collecting email metadata.
With regard to the email metadata program that is no longer
being operated, can you confirm that the authority used to
collect that data was also Section 215?
Mr. Cole. It was not. It was the pen register trap and
trace authority under FISA, which is slightly different. But it
amounts to the same kind of thing. It does not involve any
content. It is, again, only to and from.
It doesn't involve, I believe, information about identity.
It is just email addresses. So it is very similar, but not
under the same provision.
Ms. DelBene. And could you have used Section 215 to collect
that information?
Mr. Cole. Hard to tell. I would have to take a look at
that.
Ms. DelBene. Because I think it is important for us to know
whether or not there is any limitations on the types of
information within Section 215 that prevent you from collecting
whether it is email metadata or GPS and geolocation
information, et cetera. How broad is that authority?
Mr. Cole. Again, it is only as broad as what the courts can
find under 215 that is relevant. But there are different
authorities in FISA. So we would have to look to see how those
all work together.
Ms. DelBene. Mr. Litt, were you going to----
Mr. Litt. No, I was just going to say that it is important
to remember that the 215 authority allows you to acquire
existing records and documents, and it is limited to that.
Ms. DelBene. Although you could argue that geolocation
information may also be existing, and would you consider that
to be metadata as well?
Mr. Litt. I think that the Director of the National
Security Agency has stated that we are not collecting that
under Section 215 and that we will come to the Congress and
consult with the Congress before any decision was made to do
so.
Ms. DelBene. But you understand it is important for us to
know what the breadth and limitations are, as we look at
policy. And clearly, there is some confusion here right now. So
we need to understand how it is being used and what information
might be being collected so we can make sure intent is
delivered appropriately.
So I agree with the President's view that we need to set up
a national conversation on balancing privacy and security. But
in order to have that conversation, have a productive
conversation, we need information that is going to help fuel
that conversation, information like the breadth of Section 215,
et cetera. And so, I hope we can continue that and have--and
get access to more information so that we can have a productive
discussion going forward.
And thank you for your time. I yield back.
Mr. Gowdy. Thank the gentlelady from Washington.
The Chair would now recognize the gentleman from Texas,
Judge Gohmert.
Mr. Gohmert. Thank you, Mr. Chairman.
In answer to some of the other questions, you have provided
an adequate defense. The trouble is we have seen the abuses of
Government. We have seen the gathering of data. And I can tell
you from having been here not when the PATRIOT Act was passed
originally, but when it was extended back in my first term in
Congress, it got down to where there were only two Republicans
demanding any type of safeguard, I thought. And there were two
of us that wanted sunsets.
I was the one that argued for 25 minutes in our 30-minute
pre-hearing meeting demanding sunsets, and then my friend Dan
Lungren had the amendments. And we got at least two sunsets on
206 and 215. And the argument I made for 25 minutes that turned
my colleagues, Republicans, around in our meeting was I have
seen how there can be violations of due process if everyone is
not very diligent, and we need the safeguards in order to have
proper oversight.
And what we have seen and what has been disclosed of the
monitoring scares me. We have had hearings in this room. People
like Jerry Nadler have argued about dangers of Government
having too much information. And from my experience as a judge
and chief justice with State judges and Federal judges and
having practiced before a very conservative Federal judge named
Bill Steger and a very liberal judge named William Wayne
Justice, I couldn't imagine anybody granting the kind of orders
we have now seen granted. Just a blanket summary, go get all of
these phone records.
And I understand the assurances, no, we don't have names
with them. But isn't it true that you can go on public or
private data, any individual, and secure the names for
different numbers? Isn't that true?
Mr. Cole. There are ways to secure the names for any number
of numbers, maybe not every single one.
Mr. Gohmert. And I recall back in 2002, as a chief justice
at a conference, getting into a debate with a CIA lawyer who
was arguing, look, banks have all your financial records. Why
shouldn't the Government?
And I was pointing out as a conservative it is because
banks can't show up at your house, put you in handcuffs, throw
you to the ground, and drag you off to jail, which has been
done by the Government. So there is an important distinction.
And then we find out that though many of us opposed it, the
Consumer Financial Protection Bureau has been gathering
information on everybody's financial records. But they say the
same thing that most of you are saying, look, we are not
putting the names with it. But isn't it true that the Federal--
that even the NSA can get access to the information gathered by
the Consumer Financial Protection Bureau?
Mr. Inglis. Sir, I imagine that could be true, but I would
say that we can't pull the telephone numbers from this database
under any circumstances other than that prescribed by the
court.
Mr. Gohmert. But you are entitled to go--I mean, we have
had this debate in here. You are entitled to go on the Internet
or go to private sources that any private citizen could and
gather that information without violating any constitutional
rights. Isn't that correct?
Mr. Inglis. Certainly. But if the premise is we would do
that to match names, identification, personal information
against the telephone numbers, we don't have access to the
telephone numbers unless we follow the prescribed rules of the
court, pursuant to a terrorism investigation.
Mr. Gohmert. But if you can gather the information that a
private individual could and couple that with information that
only the Federal Government we are now learning is gathering,
then it really constitutes a grave threat to privacy. By the
way, the Consumer Financial Protection Bureau said this, their
Director said this in testimony before Congress.
The bureau has also issued regulations that limit the
circumstance in which it may disseminate internally, share with
other agencies, or disclose the public confidential
information, share with other agencies. So they know they can
share with other agencies if another agency or they feel it is
helpful.
This begins to be a little scary, and the justification we
get seems to be, well, but look, there are a handful of cases
where we have avoided terrorism by really gathering all this
private information. And it makes me think how many times could
King George III have argued that, look, by putting officers in
every one of your homes that we were uncomfortable with, we
ended up being able to avoid a couple of problems of violence.
We don't want people in our homes, and that includes the
Federal Government watching through a big eye through our
computers.
And I appreciate you being here today. Thank you.
Mr. Gowdy. Thank the gentleman from Texas.
The Chair would now recognize the gentleman from New York,
Mr. Jeffries.
Mr. Jeffries. Thank you.
Mr. Cole, am I correct that it is your position and the
position of everyone on the panel that the telephone records of
potentially hundreds of millions of Americans in the form of
metadata, as has been discussed today, is relevant to a
national security investigation?
Mr. Cole. They are relevant when they are only queried
under the limitations that are described by the court, where
you have to have reasonable, articulable suspicion that the
phone numbert is connected to some terrorist matter and
investigation.
Mr. Jeffries. So, fundamentally, it is your position that
they are relevant because the court, the FISA court has
articulated a set of criteria by which further inquiry can be
undertaken. Is that correct?
Mr. Cole. They are. And they are relevant because you have
to have the--it is the old adage of if you are looking for the
needle in the haystack, you have to have the entire haystack to
look through. But we are not allowed to look through that
haystack willy-nilly.
Mr. Jeffries. Right. Now in terms of looking through that
haystack of these phone records that are acquired based on
reasonable, articulable suspicion, am I correct that it is 22
NSA individuals who are authorized to make the determination of
reasonable, articulable suspicion? Is that right?
Mr. Cole. I will give that to Mr. Inglis to give you the
numbers.
Mr. Inglis. That is correct, sir.
Mr. Jeffries. Okay. So these individuals don't have to go
back to the court in order to determine whether they can move
forward with a more invasive inspection of the phone records of
the Americans contained in the database that you have acquired.
Is that correct?
Mr. Inglis. They use the rules of the court to make the
limited query that the court----
Mr. Jeffries. Right. They are using the rules of the court,
but they are making the determination, not the court, as to the
invasiveness of the further inspection. Am I correct?
Mr. Inglis. On a case-by-case basis, they determine the
selector.
Mr. Jeffries. Okay. Now, Mr. Litt, you have indicated that
in your view, the FISA court is not a rubber stamp. Correct?
That was your testimony?
Mr. Litt. That is correct.
Mr. Jeffries. And I think in response to the distinguished
gentleman from Idaho, you said, well, it is not a rubber stamp
because they read. They ask questions. They pushback. There is
careful study and analysis. Is that an accurate
characterization of your testimony?
Mr. Litt. Reasonably accurate. Yes, sir.
Mr. Jeffries. Okay. Now we just had the baseball all-star
game yesterday, and of course, we know nothing is as American
as baseball and apple pie. And if you think back on the history
of baseball, I just took a quick look. I am a baseball fan
myself.
Now Stan ``the man'' Musial, great hitter from St. Louis,
his batting average lifetime, he was close to being in the top
25, .331, Stan ``the man'' Musial.
Babe Ruth, 10th all time. His lifetime batting average was
.342. Ted Williams, the great lefty from the Boston Red Sox,
his lifetime batting average was .344. Ty Cobb, the Georgia
peach--I may disagree with some of his views on social justice
issues, but he was a great hitter. The number-one hitter all
time----
Mr. Litt. .363?
Mr. Jeffries [continuing]. Based on average, .366.
[Laughter.]
Mr. Jeffries. Pretty impressive, though, but I am still
going to continue to ask you questions about this dynamic.
Now I took a look. So these are the greatest hitters of all
time. I took a look at what your batting average is as it
relates to the FISA court, and I am a little troubled at what
we were able to determine.
So am I correct that in terms of the total applications
submitted since 1979, there were 33,949 applications submitted.
Is that accurate?
Mr. Litt. I don't know the number. I wouldn't disagree with
your number. I just don't know it off the top of my head.
Mr. Jeffries. Okay. And of that total number of
applications, 490 it appears were modified. Is that correct?
You have no reason to disagree with that number. Is that right?
Mr. Litt. Again, I don't know the answer.
Mr. Jeffries. Okay. So----
Mr. Litt. But if I can just add one----
Mr. Jeffries. Well, let me just make an observation.
Mr. Litt. Okay.
Mr. Jeffries. And I have got limited time here. One-point-
four percent of the total number of applications made were
modified. But what is even more troubling, since 1979, 11
applications were denied. Is that correct, 11?
Mr. Litt. Again, I will take your word for that.
Mr. Jeffries. Okay. So your success rate, your batting
average, was 99 percent of the time that you have applied to
acquire information that could possibly include communication
from one American to another American, yet you have taken the
position that the FISA court is an independent check to protect
the civil liberties and constitutional rights of Americans. Is
that correct?
Mr. Litt. So I guess the answer is that we are not exactly
talking about baseball here. We have a--if you imagine a
situation where the kind of interaction we have with the FISA
court is the FISA court throws a pitch, and we don't hit it.
And the court says we want the pitch a little bit higher. Can
you throw the pitch a little bit higher? And it is still not
right. So make it a little more inside.
That is the interaction we have with the FISA court. They
come back to us and tell us what we need to do to submit an
application that will get approved.
Mr. Jeffries. Right. Those modifications, and I know my
time has run out, only took place 1.4 percent of the times, and
that is why I think we are all concerned, or many of us are
concerned that there is not an appropriate check on behalf of
the Americans whose records could be subjected to an invasive
search.
I thank you all for your service, yield back the balance of
my time.
Mr. Litt. May I say one thing briefly, Mr. Chairman?
Mr. Gowdy. Sure.
Mr. Litt. The number for modification there I think does
not reflect the full number of times in which the court asks
questions and comes back to us. My understanding is that that
is simply--that comes at the very end of the process, but there
is a substantial give and take before we get to that point. So
that is not a full reflection.
Mr. Gowdy. The Chair thanks the gentleman from New York and
now recognizes the gentleman from Utah, Mr. Chaffetz.
Mr. Chaffetz. I thank the Chairman.
And I thank the four of you for your service. I know how
much you care for your country, and we do as well, and
appreciate the dialogue. It is what differentiates the United
States of America from most others.
So, Mr. Cole, is geolocation information metadata, or is it
content?
Mr. Cole. That is an area of the law that is, I think,
evolving in light of the Jones case, and it is one that I think
the courts are now grappling with. It is not clearly as----
Mr. Chaffetz. The courts--the courts did rule in the Jones
case 9-0. They were pretty clear. Justice Alito was also fairly
clear that Congress needed to grapple with this as well. Has
the Department of Justice issued any guidance on Jones?
Mr. Cole. We are in the process of looking through that.
Jones was based mostly on a trespass----
Mr. Chaffetz. I know what it was.
Mr. Cole [continuing]. Opposed to a search and seizure.
Mr. Chaffetz. Have you issued any guidance on Jones?
Mr. Cole. We are in the process of looking through that to
do it.
Mr. Chaffetz. That is not an accurate answer. My
understanding is there are at least two documents that the
Department of Justice has issued to the Federal Bureau of
Investigations, for instance. It was uncovered through a FOIA
request. Almost every page of this was redacted.
So you have, indeed, actually issued guidance on Jones.
Correct?
Mr. Cole. I will stand to be corrected. If you have those,
yes.
Mr. Chaffetz. Will the Department of Justice provide to
this body, to this Committee, the guidance on Jones?
Mr. Cole. That is something we will have to look into.
There are lots of law enforcement----
Mr. Chaffetz. No, no, no. Wait a second. I know there are
law enforcement issues. I know there are other things. Why
would you not provide to the United States Congress, the
Committee on the Judiciary, why would you not provide a copy of
that guidance for this Committee?
Mr. Cole. If it discloses law enforcement sensitive
information and techniques of how we go about fighting crime
and finding criminals, then we may not feel free to disclose
it.
Mr. Chaffetz. And to the Chairman of this Committee, I
think this is one of the great concerns. So let me ask you
again, is geolocation metadata, or is it content?
Mr. Cole. It is not content, as that would be called. It
doesn't give you the content of anybody's calls. All it gives
you is information about where they are.
Mr. Chaffetz. So you are saying, in other words, that
geolocation you would classify as metadata?
Mr. Cole. I am not sure that it is one or the other. I
think there are times where there are things that are in
between, and this may be one of those. It is certainly not
content. It probably tends more toward metadata. But again,
this is an evolving area of the law.
Mr. Chaffetz. How is it evolving? I mean, we haven't--this
is what scares me about what you are doing and how you are
doing it. If you knew exactly where I was standing, you are
telling me that that is not content?
Mr. Cole. That is not the content of your conversation, no.
And other people may see you----
Mr. Chaffetz. So the content----
Mr. Cole. If you are standing out in public, any number of
other people may see you there.
Mr. Chaffetz. So, but if I was standing on private
property?
Mr. Cole. This is part of what Jones talks about is the
trespass issue.
Mr. Chaffetz. And they ruled 9-0 that it was an overstep
and an overreach. So are you collecting that data?
Mr. Cole. We are not collecting that data.
Mr. Chaffetz. Let me ask the NSA. Is the NSA collecting
this data?
Mr. Inglis. We are not collecting that data under this
program. We believe that the authority could be granted by the
courts to collect that attribute. We have not done that, and as
Mr. Cole and Litt indicated earlier, the Director of NSA has
given an affirmation to the Congress that before such time as
we would reconsider that decision, we would come back to the
Congress.
Mr. Chaffetz. How--going back to you, Mr. Cole. What other
bits of information fall in this gap between metadata and
content? What is this third category that you are talking
about? What is the right word for it?
Mr. Cole. I am not sure. It is just a third category, Mr.
Chaffetz. I think there is metadata that was described by the
court in Smith v. Maryland, which is the telephone records that
we have been talking about today that were covered by the 215
program that we have been discussing today.
There is content, which is the actual--the conversations
themselves that people have, and there are any number of things
that may fall in between those, and it is not just a third
category. It is probably a continuum.
Mr. Chaffetz. What else would be in that continuum?
Mr. Cole. I am sorry, sir?
Mr. Chaffetz. What else would be in that continuum?
Mr. Cole. It is hard for me to just hypothesize about all
the many different things that could be out there and where
they would fall in that continuum.
Mr. Chaffetz. There is a report out today about license
plates and that information that is being collected by
thousands of camera readers and stored about specific location.
Does that fall within this category?
Mr. Cole. In which category?
Mr. Chaffetz. License plate readers.
Mr. Cole. The whole issue comes down to the reasonable
expectation of privacy, and this is what the court bases its
rulings on.
Mr. Chaffetz. Do you believe that I have a reasonable
expectation of privacy about my specific whereabouts?
Mr. Cole. It depends on where you are and how many other
people see you as----
Mr. Chaffetz. Do I have a reasonable expectation of privacy
on private property?
Mr. Cole. In general, I think the courts are saying that
there is a trespass theory that gives you a reasonable
expectation of privacy, depending on whose property it is,
whether it is your own or somebody else's, how many other
people are there. These are all the types of issues that would
go into that.
Mr. Chaffetz. My time is expired. But, Mr. Chairman, this
is something we have to much more thoroughly understand. There
is guidance out there, and I think this Committee should be
able to see it.
Yield back.
Mr. Goodlatte [presiding]. We are working our way in that
direction, and there will be another hearing. You will be able
to ask even more questions in a classified manner about
questions you couldn't get answered here.
So we thank the gentleman, and the Chair now recognizes the
gentleman from South Carolina, Mr. Gowdy, and thanks him for
presiding for a period of time as well.
Mr. Gowdy. Thank you, Mr. Chairman.
I was listening to my colleagues and our witnesses discuss
these issues, and for whatever reason, Mr. Chairman, my mind
went to a guy by the name of Joseph Hartzler. I don't know
whether he is still with the department or the U.S. attorney's
office or not. He was the lead prosecutor in a case called
United States v. Timothy McVeigh.
And I thought to a presentation that Mr. Hartzler gave many
years ago and the role that business records played in his
ability to successfully prosecute that horrific act of domestic
terrorism. And Mr. Chairman, I thought to myself, all right, we
asked you, Mr. Hartzler, to prosecute the crime after it took
place. What if we challenged you with the responsibility to
prevent the next act of terrorism? What tools would you need to
be able to prevent crime, as opposed to prosecute it in its
aftermath?
And while this is at some level a debate between privacy
and public safety, to me, it is also a debate between the
difference between prosecuting something after it happens and
then preventing it from happening in the first place. Mr.
Hartzler used hotel records. He used business records where
McVeigh went and purchased certain materials. He used--that was
a very tedious, difficult case to prosecute, and the role of
the business records played in it.
So this is what I would like to ask. I don't want to ask
specific questions about the sections. I want to go to where
the people of my district are who are not trained attorneys for
the most part, trained law enforcement officials.
Mr. Litt, you would agree that the Constitution kind of
sets the minimum standard by which Government must conduct
itself----
Mr. Litt. Yes, sir.
Mr. Gowdy [continuing]. Is the minimum standard?
Mr. Litt. Yes, sir. And Congress has the power to set
higher standards.
Mr. Gowdy. Exactly. So, in Roper v. Simmons, if the Supreme
Court says you cannot put someone to death who was under the
age of 18 at the time that they committed the offense, that
does not keep Congress from saying we are going to raise it to
21?
Mr. Litt. That is correct.
Mr. Gowdy. Right. So who does get to decide whether or not
our fellow citizens have a reasonable expectation of privacy?
Mr. Litt. It depends upon the purpose for which you are
deciding it. For purpose of interpreting the provisions of the
Fourth Amendment, as the Fourth Amendment, the Supreme Court is
the ultimate arbiter. For purposes of determining what is the
appropriate behavior, how do you want to regulate the actions
of Government, that is Congress' role----
Mr. Gowdy. Well, I want to stop you. You say the Supreme
Court is the ultimate arbiter. Are they the exclusive arbiter?
Can the people weigh in on what they think they have a
reasonable expectation of privacy in?
Mr. Litt. Absolutely. But----
Mr. Gowdy. Well, the Supreme Court doesn't have the benefit
of public input.
Mr. Litt. Generally speaking, the public manages to get its
voice heard in case in----
Mr. Gowdy. Well, I would hope they would listen to it. I
mean, their job is not to weigh and balance--to Jason's point,
if you are on private property but there is a helicopter above
versus if you are on private property and there are four other
people at the picnic with you, I mean, you have no expectation
of privacy in your face.
I don't think anyone would argue you have an expectation of
privacy in your face. But that does not mean that our fellow
citizens want Government to collect facial imagery data.
Mr. Litt. You know, I think that is exactly the right way
to frame it, which is to say that the Fourth Amendment, as
interpreted by the court, sets the minimum constitutional
standard, but that the Congress, based on input from the people
and whatever sources, can determine, no, this is how we want to
regulate the behavior of our Government. And that set of
regulations that we need to adhere to.
Mr. Gowdy. And technology can impact that. Agree technology
can impact that?
Mr. Litt. I am sorry?
Mr. Gowdy. Technology? Technology can impact someone's
reasonable expectation of privacy?
Mr. Litt. Oh, absolutely.
Mr. Gowdy. Culture?
Mr. Litt. Yes. All of those factors come into play.
Mr. Gowdy. I mean, there are already currently business
records that an AUSA cannot access with a subpoena. Unless the
world has changed, you can't get medical records with a
subpoena.
Mr. Litt. Right. There are statutory restrictions on what
you can get.
Mr. Gowdy. You can't get IRS tax returns with a subpoena.
Mr. Litt. That is right. You have got to go through a more
elaborate process.
Mr. Gowdy. Both of those are business records, right?
Mr. Litt. That is correct.
Mr. Gowdy. So the notion that Miller stands for the
proposition that all business records you have no expectation
of privacy because there was a third party involved, we just
came up with two examples where that is not the case.
Mr. Litt. Well, again, that was a case interpreting what
the Fourth Amendment meant. The other examples you have given
are cases where, as you said, Congress has gone beyond the
minimum requirement----
Mr. Gowdy. But there was also a statute in play in Miller.
There was a banking statute in play in Miller. You have read it
more recently than I have. But----
Mr. Litt. No, I----
Mr. Gowdy. My point--my time is up. My point is this. All
of us are asked back home by people who are not as well trained
in the law as you all are, and there is this growing skepticism
about the conduct of Government. And to the extent that the
people can weigh in on what they have an expectation of privacy
in, you can expect to see that scale balance back toward
privacy and away from public safety unless we do a better job
of regaining their trust and explaining why these programs are
necessary.
Mr. Litt. So I couldn't agree with you more. I think that
is absolutely right. I think as Deputy Director Inglis said
before, in the intelligence community, we try very hard to keep
in mind both the protection of national security and the
privacy and constitutional rights of Americans.
We think we have struck that balance in the right place,
but if the people and the Congress determine that we struck
that balance in the wrong place, that is a discussion that we
need to have.
Mr. Gowdy. Thank you, Mr. Chairman.
Mr. Goodlatte. The Chair thanks the gentleman.
And on that note, we thank this panel for giving a lot of
answers. I think there are some that could not be answered here
today, and therefore, you might anticipate that we will have a
subsequent hearing in a classified setting and ask additional
questions.
Whether it is of you four or something else, I don't know,
but I want to thank each one of you for helping us to engage in
a very thorough examination of the issues related to these two
sections of the law and excuse you now.
Thank you again.
[Pause.]
Mr. Goodlatte. Folks, if we could ask everyone to clear the
hearing room, we are going to start with our second panel. No,
just clear the area around the witness table.
And we would now invite our second panel to take their
seats. And once you have taken your seats, we will invite you
to stand back up again and be sworn.
So we will welcome our second panel and ask that each of
you rise and be sworn in.
[Witnesses sworn.]
Mr. Goodlatte. Thank you very much.
Let the record reflect that all the witnesses responded in
the affirmative, and we will now introduce our witnesses.
Our first witness is Mr. Stewart Baker, a partner at
Steptoe & Johnson law firm here in Washington, D.C. And we
would ask that the door in the back be closed so we can have a
little more----
Mr. Stewart Baker is a partner at Steptoe & Johnson here in
Washington, D.C. Mr. Baker also serves as a distinguished
visiting fellow at the Center for Strategic and International
Studies. Previously, he served as the First Assistant Secretary
for Policy at the U.S. Department of Homeland Security.
He also served as general counsel of the NSA, where he led
NSA and interagency efforts to reform commercial encryption and
computer security law and policy. Mr. Baker has been a visiting
fellow at the Hoover Institution and a fellow of the University
Center for National Security Law.
Mr. Baker received his bachelor's degree from Brown
University and his J.D. from the UCLA School of Law, where he
was chief articles editor of the UCLA Law Review. And we are
very fortunate to have him and his expertise with us today.
Our second witness is Mr. Jameel Jaffer, Deputy Legal
Director of the American Civil Liberties Union and also serves
as Director of the group's Center for Democracy. Mr. Jaffer
previously directed the ACLU's National Security Project. Prior
to joining the ACLU, Mr. Jaffer clerked for Amalya Kearse, the
U.S. Circuit Court of Appeals for the Second Circuit, and the
Right Honorable Beverley McLachlin, Chief Justice of Canada.
Mr. Jaffer earned degrees from Williams College, Cambridge
University, and Harvard Law School, and we welcome his
expertise and experience as well.
Our third witness today is Mr. Steven G. Bradbury, an
attorney at Dechert, LLP, here in Washington, D.C. Formerly,
Mr. Bradbury headed the Office of Legal Counsel in the U.S.
Department of Justice during the Administration of George W.
Bush, handling legal issues relating to the FISA court and the
authorities of the National Security Agency. He served as a law
clerk for Justice Clarence Thomas on the Supreme Court of the
United States and for Judge James L. Buckley of the United
States Court of Appeals for the D.C. Circuit.
Mr. Bradbury is an alumnus of Stanford University and
graduated magna cum laude from Michigan Law School. We thank
him for serving as a witness today and look forward to his
insight into this complex topic.
Our final witness on the first panel is Ms. Kate Martin,
Director of the Center for National Security Studies since
1992. She was formerly a lecturer at Georgetown University Law
School and has also worked in the position of general counsel
to the National Security Archive. She is currently a member of
Constitution Project's bipartisan Liberty and Security
Committee.
Previously, Ms. Martin was a partner with the Washington,
D.C., law firm of Nussbaum, Owen & Webster. She graduated from
the University of Virginia Law School, where she was a member
of the Law Review and from Pomona College with B.A. in
philosophy. We welcome her dedication and expertise in this
area.
Thank you all for joining us, and we will begin with Mr.
Baker. Each witness should summarize his or her testimony in 5
minutes or less. Your entire statement will be made a part of
the record. And to help you stay within that time, there is a
timing light on your table.
When the light switches from green to yellow, you will have
1 minute to conclude your testimony. When the light turns red,
it signals that the witness's 5 minutes have expired.
Mr. Baker, welcome.
TESTIMONY OF STEWART A. BAKER,
STEPTOE & JOHNSON, LLP
Mr. Baker. Thank you, Mr. Chairman.
Mr. Goodlatte. You may want to pull the microphone close
and turn it on.
Mr. Baker. Thank you, Mr. Chairman and Ranking Member
Conyers. Yes, thank you very much.
It is a pleasure to be here, and I will say that this is
not as unprecedented a climate as it may seem. I thought I
would take advantage of the fact that it is my birthday to talk
a little about the history of FISA. Here is a quote from the
Cato Institute.
``If constitutional report cards were handed out to
Presidents, the President would receive an F, an appalling
grade for any President, let alone a former professor of
constitutional law.''
About the same time that they were saying that, the FISA
court judge, chief judge, felt obliged to say, ``We are not a
rubber stamp. I carefully review every one of these
applications.''
This was the second term of Bill Clinton when many of these
criticisms were very prominent. And quite frankly, I think they
contributed to the FISA court at the time adopting, it turns
out without legal justification, a set of restrictions on the
conduct of intelligence that built a wall between law
enforcement and intelligence that contributed directly to the
FBI not being able to find the hijackers when they knew they
were in the country but were not allowed to look for them
because they were on the wrong side of the wall.
I say that because this climate and the search for ever
greater protections for civil liberties does have a cost, and
we don't know where that cost will be paid. That is why it
seems to me that we need to be as careful as we can to ask the
question what sorts of protections are there already. And I
will confess, I was very surprised and a little troubled when I
saw that initial metadata order.
Only when I came to realize that the order allowed the
collection, but not the actual searching of that data, and that
the searches were so carefully circumscribed that only 300 were
made in a particular year, did I realize that when you look at
the two sets of orders together, that there are actually
extraordinary limitations on the ability of anyone at NSA to
look at metadata of any individual. I contrast that to the fact
that there are hundreds of thousands of subpoenas issued every
year for metadata by State and local law enforcement with far
fewer guarantees of protection for that data.
And then, finally, and I will close with this, the other
cost that we are likely to pay here is that we are not the only
audience for the debates that we are going through. It may feel
like a family fight, but the neighbors are listening.
And indeed, Europe has already made it clear that they
intend to punish everybody who participated in these programs
if they possibly can. They intend to try to restrict our
intelligence gathering by going after the companies that only
did their duty in responding to orders that were lawful under
U.S. law.
This is a fixed feature now of European public policy and
diplomacy. It ignores the fact that, by and large, the U.S.
record on protecting civil liberties and even this kind of data
is much better. According to the Max Planck Institute, you are
100 times more likely to be surveilled by your own government
if you live in the Netherlands or you live in Italy. You are 30
to 50 times more likely to be surveilled if you are a French or
a German national than in the United States.
Only in the United States and Japan are there limitations
on simply volunteering information to Government if you happen
to have this metadata. As long as you have a good reason, by
and large, you can give it over, and certainly law enforcement
would appear to be a good reason.
And on this question of assembling a database of metadata,
the Europeans don't do that because they passed a law telling
every one of their carriers, you assemble the database. You
maintain it. And if law enforcement comes calling or if you
want to volunteer the information, you will have it.
We have never done that. We have never had a data retention
law in the United States for civil liberties reasons, and that
is one of the reasons why we have ended up trying to collect
this data and then imposing a set of limitations on when it is
searched.
I will reserve and answer any questions you may have at the
end of the discussion.
[The prepared statement of Mr. Baker follows:]
__________
Mr. Goodlatte. Thank you, Mr. Baker.
Mr. Jaffer, welcome.
TESTIMONY OF JAMEEL JAFFER,
AMERICAN CIVIL LIBERTIES UNION (ACLU)
Mr. Jaffer. Thank you. Mr. Chairman, Mr. Ranking Member,
Members of the Committee, on behalf of the ACLU, thanks for the
invitation to testify today.
Over the last 6 weeks, it has become clear that the NSA is
engaged in far-reaching, intrusive, and unconstitutional
surveillance of Americans' communications. Under Section 215,
the NSA is tracking every single phone call made by a resident
of the United States--who they called, when they called them,
for how long they spoke. Until recently, it was tracking
ordinary Americans' Internet activity as well.
Under Section 702 and on the pretext of monitoring people
outside the United States, the NSA is using Section 702 of FISA
to build massive databases of Americans' domestic and
international communications, not just so-called metadata, but
content as well. Those programs have been made possible by huge
advances in the technology of surveillance, but in many
respects, they resemble the generalized warrants, the
generalized surveillance programs that led to the adoption of
the Fourth Amendment more than 200 years ago.
The FISA court orders resemble general warrants, albeit
general warrants for the digital age. That the NSA is engaged
in this kind of unconstitutional surveillance is the result of
defects in the statute itself and in the current oversight
system.
FISA affords the Government sweeping power to monitor the
communications of innocent people. Excessive secrecy has made
congressional oversight difficult and public oversight
impossible. Intelligence officials have repeatedly misled the
public, Congress, and the courts about the nature and the scope
of the Government surveillance activities, and structural
features of the Foreign Intelligence Surveillance Court have
prevented that court from serving as an effective guardian of
constitutional rights.
To say that the NSA's activities present a grave danger to
American democracy is not an overstatement. Thirty-six years
ago, after conducting a comprehensive investigation into the
intelligence abuses of the previous decades, the Church
Committee warned that inadequate regulations on Government
surveillance ``threaten to undermine our democratic society and
fundamentally alter its nature.''
That warning should have even more resonance today than it
did in 1976 because in recent decades, the NSA's resources have
grown, statutory and constitutional limitations have been
steadily eroded, and the technology of surveillance has become
exponentially more power and more intrusive.
Because the problem that Congress confronts today has many
roots, there is no single solution to it. But there are a
number of things that Congress should do right away.
It should amend Section 215 and 702 to expressly prohibit
suspicionless or dragnet monitoring or tracking of Americans'
communications. It should require the executive to release
basic information about the Government's use of foreign
intelligence surveillance authorities, including those relating
to pen registers and national security letters.
The executive should be required to disclose for each year
how many times each of those provisions was used, how many
individuals' privacy was implicated by the Government's use of
each provision. And with respect to any dragnet, generalized,
or bulk surveillance program, it should be required to disclose
the types of information that were collected.
Are they collecting medical records? Are they collecting
educational records? Are they collecting firearms records? That
should be disclosed to the American public.
Congress should also require the publication of FISA court
opinions that evaluate the meaning, scope, or constitutionality
of the foreign intelligence laws. The ACLU recently filed a
motion before the FISA court, arguing that the publication of
those opinions is required by the First Amendment, but Congress
need not wait for the FISA court to act. Congress has the
authority and the obligation to ensure that Americans are not
governed by a system of secret law.
Finally, Congress, and this Committee in particular, should
hold additional hearings to consider further amendments to
FISA, including amendments to make FISA court proceedings more
transparent. Congress should not be indifferent to the
Government's accumulation of vast quantities of sensitive
information about Americans' lives. This Committee in
particular has a crucial role to play in ensuring that the
Government's efforts to protect the country don't compromise
the freedoms that make the country worth protecting.
Thank you.
[The prepared statement of Mr. Jaffer follows:]
__________
Mr. Goodlatte. Thank you, Mr. Jaffer.
Mr. Bradbury, welcome.
TESTIMONY OF STEVEN G. BRADBURY, DECHERT, LLP
Mr. Bradbury. Thank you, Mr. Chairman, Ranking Member
Conyers, and distinguished Members of the Committee.
I believe both of the recently disclosed NSA programs are
critical to our national security, and I have every confidence
that each is authorized by statute, consistent with the
Constitution, and appropriately protective of privacy and civil
liberties.
The first program involves the acquisition of telephone
metadata under a Section 215 business records order. This
metadata consists only of tables of numbers indicating which
phone numbers called which numbers and the time and duration of
the calls. It doesn't reveal any other subscriber information,
and it doesn't enable the Government to listen to anyone's
phone calls. There is no monitoring or tracking of phone calls.
The Constitution does not require a warrant supported by
probable cause to acquire this metadata. Courts have held that
there isn't a reasonable expectation of privacy in the phone
numbers that are dialed. And the production of business records
like these doesn't involve a Fourth Amendment search.
This acquisition is authorized under the terms of Section
215 because the use of the metadata is relevant to
counterterrorism investigations. Acquiring a comprehensive
database enables better analysis of the telephone links and
calling patterns of terrorist suspects, which is often the only
way to discover new phone numbers being used by terrorists.
To connect the dots effectively requires the broadest set
of telephone metadata. The same relevance standard applies in
other contexts, such as administrative subpoenas and grand jury
subpoenas, which, unlike Section 215, typically do not require
court approval.
While the metadata order is extraordinary in the amount of
data acquired, it is also extraordinarily narrow and focused
because of the strict limitations placed on accessing the data.
There is no data mining or trolling through the database
looking for suspicious patterns.
By court order, the data can only be accessed when the
Government has reasonable suspicion that a particular phone
number is associated with a foreign terrorist organization. And
then that number is tested against the database to discover its
connections. If it appears to be a U.S. number, the necessary
suspicion can't be based solely on First Amendment protected
activity.
Because of this limited focus, only a tiny fraction of the
total data has ever been reviewed by analysts. The database is
kept segregated and is not accessed for any other purpose, and
FISA requires the Government to follow procedures overseen by
the court to minimize any unnecessary dissemination of U.S.
numbers.
Any data records older than 5 years are continually deleted
from the system. The order must be reviewed and reapproved
every 90 days. And my understanding is that since 2006, 14
different Federal judges have approved this metadata order.
Let me now turn to the surveillance program that targets
foreign communications. This program is authorized under
Section 702 of FISA, and if we just track through the
provisions of Section 702, we can see the outline of this
program. With court approval, Section 702 authorizes a program
of foreign-focused surveillance for periods of 1 year at a
time.
This authority may only be used if the surveillance does
not, one, intentionally target any person of any nationality
known to be located in the United States; two, target a person
outside the U.S. if the purpose is to reverse target any
particular person believed to be in the U.S.; three,
intentionally target a U.S. person anywhere in the world; and
four, intentionally acquire any communication as to which the
sender and all recipients are known to be in the U.S.
Section 702 mandates court approval of the targeting
protocols and of minimization procedures to ensure that any
information about U.S. persons that may be captured in this
surveillance will not be retained or disseminated, except as
necessary for foreign intelligence purposes. From everything
that has been disclosed about this program, including the so-
called PRISM Internet collection, I don't think there is any
reason to doubt that this foreign-targeted surveillance is just
what Section 702 was designed to authorize.
Thank you, Mr. Chairman.
[The prepared statement of Mr. Bradbury follows:]
__________
Mr. Goodlatte. Thank you, Mr. Bradbury.
Ms. Martin, welcome.
TESTIMONY OF KATE MARTIN,
CENTER FOR NATIONAL SECURITY STUDIES
Ms. Martin. Thank you, Mr. Chairman and Ranking Member
Conyers and other distinguished Members of this Committee, for
inviting me to testify today.
I want to, first of all, thank the Committee for having
asked some questions of the Government witnesses that I hoped
the Committee would ask and congratulate you upon obtaining
answers, at least in part, to some of those questions.
I want to raise two overarching concerns today about these
programs and note, first of all, that I think it does not make
sense for the Committee to consider the 215 program and the 702
program separately and, instead, that they need to be looked
upon as part of an overall set of foreign surveillance
authorities that work together to allow the Government to
collect and keep massive amounts of information about Americans
and to do so in secret.
And that that is the real nut of the problem. We have an
incredibly complex set of laws governing those authorities and
setting up safeguards, as this Committee is well aware, and we
need to understand how those work together, where the holes
are, and where the potential changes are.
So I would urge the Committee, in going forward, to expand
your oversight and your questions to look at not just 215 and
702, but all the FISA Authorities and not just as exercised by
the National Security Agency, but equally significantly
regarding how the information is shared between the NSA, the
FBI, the DHS, and perhaps the White House or the NCTC as well.
Those are equally critical questions for both civil liberties
and for evaluating the effectiveness and the necessity of the
programs.
I agree with Mr. Jaffer and many of the Members here today
that there is a lot to be concerned about, that we are seeing
the unprecedented massive collection of information on
Americans, the creation of secret data banks which are
available for Government analysis, queries, and data mining by
ever increasingly sophisticated computerized tools, and the
dissemination of both raw information and the results of such
analysis or data mining throughout the executive branch.
I think that the question is whether or not these new
activities by the Government have the potential to
fundamentally change the relationship between citizens and the
state. I think that was the concern that many Members of this
Committee were raising today.
In connection with the question of what is the harm here, I
very much appreciate that the Administration and the NSA have
been very detailed about the internal safeguards that they have
created to ensure that no rogue employee or contractor can
access the personal information of an individual American and
misuse it.
I do not believe, however, that that is the primary worry
of the American people about these programs. I think, rather,
the primary worry and the primary concern when FISA was first
drafted was that the Government would succumb to the temptation
to use information that it has about individual Americans to
chill political dissent, to challenge its political opponents,
et cetera.
I think this is one of those instances where when you
discuss it in advance you can never believe that this would
actually happen, but that when you look at history, it has
happened too many times already in my own lifetime.
Just a couple of specific comments about information which
I believe would be crucial for this Committee's consideration.
First on questions about what kinds of authorities does the
Government have under Section 215, one of the Members asked
about the collection of Internet metadata. I would urge you to
find out specifically whether or not under the Government's
current understanding of its legal authorities under 215, it
could make an application for the collection of all Internet
metadata on communications within the United States; whether or
not it could make an application under 215 for bulk collection
of geolocation data; or for bulk collection of financial
records or credit card records.
I think it is also important to know when the Government
makes one of these 300 queries to the 215 database, does that
query require the database to do a chain-linked--a chained
analysis? Not simply what numbers have been in contact with the
first number, but to then do a chain-linked analysis?
I know my time is up, and if I might just make one last
comment? On the overall question of this is foreign
intelligence, and traditionally it is done in secret; it is
always done by government. There is a high cost when it is
discussed in public.
It is foreign intelligence when it is directed against
foreigners and other governments overseas. We are talking about
massive authorities for massive collections on Americans. And
that may be foreign intelligence. It is also at the core of the
concerns of the constitutional framers. I think that what we
have seen about the cost of secrecy here is that----
Mr. Goodlatte. Sorry.
Ms. Martin. That is okay.
[The prepared statement of Ms. Martin follows:]
__________
Mr. Goodlatte. We will have more opportunity to speak in
just a moment.
Ms. Martin. Thank you.
Mr. Goodlatte. But we will begin with the questioning, and
I will start with Mr. Jaffer. If the acquisition of metadata is
the type of mosaic of information that Sotomayor warned about
in the Jones case, how would you limit the Government from
collecting it?
Mr. Jaffer. Well, one possibility would be to require the
Government to get an individualized warrant for that
information. And whatever the answer to that question is, I
think that there have to be more safeguards than are in place
right now.
Even the Government seems to concede that its surveillance
of this kind of information has to be reasonable under the
Fourth Amendment, and I just don't see you how can possibly
justify the collection of everybody's phone records on that
standard. And I think many Members rightly pointed out that no
other court has ever granted a subpoena, has ever upheld a
subpoena that sought records on that scale.
Mr. Goodlatte. That is with regard to 215. One objection
you have to 702 information collected is that information about
Americans can be swept up in the search for foreign
intelligence information. But isn't that the case with any
Title III wiretap?
Mr. Jaffer. It is the case, and that is why the courts
apply a reasonableness analysis. And all we have argued in the
context of challenges to 702 is that the same reasonableness
analysis has to be applied to the Government surveillance under
that provision.
And the Government in our constitutional challenges happen
to have actually conceded that point. The only dispute was
whether these procedures were, in fact, reasonable, and we
don't think they are.
Mr. Goodlatte. If the FBI is conducting a wiretap of a
business that is also part of a criminal conspiracy, innocent
third parties sometimes are involved, and they are monitored.
That information is minimized to protect the people's privacy.
How is this different from Section 702 surveillance, which must
be also minimized?
Mr. Jaffer. Right. I think that is a good question. I think
that one of our concerns is that the word ``minimization'' is
being used as a kind of talisman as if when the Government
invokes the prospect of minimization, that should end the
discussion. But you have to look at what the Government means
when it says minimization.
And fortunately, we now have the Government's minimization
procedures under 702. They were released by the Guardian and by
the Washington Post, and they allow us to evaluate the extent
to which those procedures actually protect Americans' privacy.
And I think it is quite clear from the procedures that they
don't protect Americans' privacy. They allow the Government to
sweep up Americans' communications, both domestic and
international, to retain those communications forever to the
extent that they include foreign intelligence information, a
term that is defined very broadly under the statute.
Even if the communications don't contain foreign
intelligence information, they can be retained for as long as 5
years. So these are procedures that don't do very much to
protect Americans' privacy.
Mr. Goodlatte. Let me turn to Mr. Baker and Mr. Bradbury
and ask them if they want to comment on Mr. Jaffer's
observation and tell us why it is necessary to collect a broad
set of metadata under Section 215. Does this help the
Government connect the dots?
Mr. Baker. The difficulty the Government faced is that each
telecommunications company keeps its records as it chooses, and
they may maintain the records for a year or two, but they won't
keep it for a long time. And you can't easily chain from one
database to the next to find out the communications of the
people who are linked to the person that you are investigating.
And so, and to ask the companies to keep it for the
Government's convenience, to consolidate the database for the
Government's convenience is something that is really asking
quite a bit of a private citizen just to help the Government do
its job. So the Government did this and then acted----
Mr. Goodlatte. But let me interject that depending upon the
cost of the Government taking it and gathering it and holding
it, we are asking all those phone companies' customers, who are
also taxpayers of the United States, to bear that burden.
So I understand the problem with asking the phone companies
to do it. But we also have to evaluate whether the benefits
derived from this are justified by the costs of it.
Mr. Baker. That is a perfectly fair point, although the
rate payers and the customers of the phone companies will pay
for it in the end if it is a cost to the companies. But I agree
with you that it is a cost to the United States. I think it is
a cost that we bear because we are trying to protect all
Americans from terrorism, and that it is fair for the U.S.
Government to bear that cost.
In the end, though, the searches can't be done without a
reasonable and articulable suspicion, which in practice has
turned out to be much tougher than the standard for serving a
subpoena on an individual telephone company. As I said, there
are hundreds of thousands, perhaps a million such subpoenas.
Mr. Goodlatte. I understand. But that also leaves aside the
question of whether the Congress intended to give the NSA the
authority to gather the data in the fashion they did under the
business record provision.
But let me ask Mr. Bradbury another question, and he can
comment on this as well, if he'd like. Mr. Jaffer's testimony
claims the Government is tracking all American phone calls
under the 215 program. Is this what is happening?
Mr. Bradbury. No. As I indicated, they are not tracking
calls. They are not monitoring calls. The data sits in a
database and is only accessed when there is a suspicious
number, and you want to find the links and connections that
that number has to other numbers.
But you need to have the whole database, and getting the
whole database is relevant to the counterterrorism
investigation because you cannot do the kind of sophisticated
link analysis that the NSA does without having a comprehensive
set of data.
It doesn't have to be every single call record, but it has
to be the largest collection you can get in order to
effectively find all of those connections. And that is because
of the technical way that they do it, but it is a super
valuable tool, and getting the database is relevant.
It would be the same if we had a suspicion that a terrorist
had come into the country, but we didn't know exactly on what
flight or where. And you could use 215 to get the flight
manifests of all flights in and out of the country during a
period of time, and you could put it in a database and you
could query the person's number, name to find out when he came
in. It is relevant.
Mr. Goodlatte. You raised a good analogy, but my debate
professor said analogy was the weakest form of argument. So are
you suggesting that it would be appropriate if the airlines did
not keep that data for a sufficient period of time, that it
would be appropriate for the Government to tell all the
airlines to provide them with all of the flight records of all
American citizens so they could hold it in a database and check
it when they needed to?
Mr. Bradbury. Well, it might be. It might be something that
you have to do to find that particular flight that you need to
protect----
Mr. Goodlatte. Well, I wouldn't argue that there might be
occasions when that information would be useful, but it would
have to be weighed against both the cost of storing the data--
and that is just not, you know, computer capability, but also
people to manage that--and the risks that are entailed by those
people abusing that system, if that, indeed, occurs.
Let me turn to Ms. Martin, however, and your testimony
includes a number of suggestions for increasing the visibility
into the--increasing visibility into the FISA programs. Which
of these would you prioritize as a way to both preserve our
national security efforts while also giving the public a better
understanding of how the programs work?
Ms. Martin. I think that it is key to obtain an
understanding of the court's understanding of its legal
authorities, not just 215, but all of them and the Government's
interpretation and understanding of those legal authorities. I
think it is also key, and the second thing that I would
prioritize is getting a report from the Government how the
existing FISA Authorities complement, overlap, and differ,
and--and what they allow and what they don't allow.
I think, otherwise, we are going to be in the situation
where we are talking about fixing 215 with regard to phone
metadata without knowing how the Government is going to use
national security letters or pen traps or 702 to get the same
kind of data. So I would prioritize knowing the law and
understanding how that works and the Government's understanding
of the legal authorities. And then after that, some idea--some
idea, not the specifics--of the scope of the collection that is
being done on Americans.
Mr. Goodlatte. Thank you very much.
My time has expired. The Chair recognizes the gentleman
from Michigan, the Ranking Member Mr. Conyers, for 5 minutes.
Mr. Conyers. Thank you, Chairman Goodlatte.
This has been a very important hearing, and I wanted to
begin by asking Professor Martin about the decision by Justice
Alito, a 5-4 decision as usual, responding who dismissed a
number of groups for lack of standing. Reasoning that
respondents can't manufacture standing by choosing to make
expenditures.
Is the harm alleged by, among others, Amnesty International
and ACLU hypothetical, which was the basis of this conservative
decision?
Ms. Martin. Thank you for that question, Mr. Conyers.
If I might answer it, that case, of course, was a challenge
to the constitutionality of the 702 collection program. And one
of the points that the Government made when it argued that the
ACLU and Amnesty didn't have the kind of particularized
standing or showing of harm that the Constitution required was
that others would be able to challenge the constitutionality of
702 collection and, in particular, individuals who were
prosecuted using the fruits of such 702 collection.
Well, now it turns out that the Government won't even tell
such people that it used the fruits of 702 collection in making
a criminal case against them, and they are not given that
opportunity to challenge the 702 collection. I do think that it
is an appropriate question for the Congress to worry about
wether you have designed a system that allows the Government to
collect massive amounts of information about Americans, in
secret, but somehow you haven't set up any mechanism that the
Supreme Court is going to recognize as granting standing to
anybody to challenge the fact that information about them has
been collected. That is a problem that Congress can solve and
should solve.
And that is a fundamental difference, of course, between
foreign intelligence collection authorities that we are talking
about today and the kind of criminal justice collection
authorities that were discussed, which is that there is the
possibility of an open, adversarial court challenge to criminal
collection, which doesn't exist in this context.
Mr. Conyers. Can I ask----
Ms. Martin. And to tell my colleagues----
Mr. Conyers. Can I ask, Mr. Jaffer, in addition to your
four recommendations, is there a way that we can reconcile our
concern against terrorism and at the same time permit the
largest usefulness of privacy possible? You know, after all, if
it hadn't been for a couple of people leaking, we wouldn't have
known about any of this, as far as I am concerned.
Some say that somebody made a statement on the floor of the
House. If you happen to have caught it, you could go back and
track it. But I think I am more concerned about the collection
legality than I am about the uses to which it is put.
Mr. Jaffer. Well, I think that you ought to be concerned
about the collection. The collection in the first instance
implicates privacy. It has a real effect on privacy. That is
where the privacy intrusion happens in the first instance.
And it also has a chilling effect on activity protected
under the First Amendment. It is the Government's collection of
that information that has the chilling effect. If you remember
during the 1960's and '70's, some State governments used
subpoenas served on the NAACP as an effort to chill association
with the NAACP.
And it was just the acquisition of that information that
was chilling, and those governments knew it. And----
Mr. Conyers. And more chilling now than anything is the
fact that they have got information through phone numbers,
which can easily be attached to names, of everybody in the
country for at least 6 years. And that is probably the most
disturbing aspect of this matter to me that I have been hearing
today.
Mr. Jaffer. Mr. Conyers, if I could just point out that
even if you accept the Government's frame here and focus only
on the uses, I don't think anybody should be misled by this 300
number, which makes it sound like this is a very targeted
program. But if you think about the 300 number in relation to
what was said on the previous panel about three hops, the first
hop takes you to, say, 100 people whose communications are
pulled up. The second one takes you to 10,000, and the third
one takes you to 1 million.
And you do that 300 times. I think it is safe to say that
every American's communications have been pulled up at least
once.
Mr. Conyers. Thank you very much.
Mr. Gohmert [presiding]. I will recognize myself now, and I
appreciate your being here.
It is intriguing, what we are talking about. We are talking
about the privacy, the type of concerns that spawned a
revolution back over 200 years ago. We hear all this
information about the FISA courts, and that is the bulk of what
you are being--you are talking about.
Anybody care to just briefly tell us what happened before
there was a FISA court? We know there have been national
security secrets since the revolution itself. What happened
before there was a FISA court to protect us from ourselves?
Mr. Jaffer. It was left up to the executive. It was
unilateral action by the executive in the area of foreign
intelligence surveillance. And in fact----
Mr. Gohmert. But here, we are talking about surveillance of
Americans, in-country American citizens, and that is what I am
talking about. If someone wanted to gather intelligence
information about American citizens on American soil, normally,
having been a judge and chief justice, it is my understanding,
you went to a court.
You might be requesting in camera review of documents. You
might request that the court documents be sealed. But we were
able to work pretty well getting court orders before there was
ever a FISA court was my understanding.
Mr. Jaffer. Actually, Mr. Chairman, prior to 1972, for any
national security investigation, or many, they were done
without court approval, without warrants. And the United States
Supreme Court in the Keith case, 1972, said when it is a
domestic security threat, there has to be a warrant.
Left a footnote was not deciding foreign security threats.
Even if it is a U.S. citizen, but associated with a foreign
power that is threatening to the United States. And the lower
courts consistently held that the President could conduct
warrantless surveillance for foreign intelligence purposes even
of U.S. citizens and that the fruits of that surveillance could
later be used in a criminal prosecution, even if it hadn't been
supported by a warrant.
That is what the lower courts held. Of course, that did
lead to abuses because the executive is making determinations
about what he thought was a foreign threat, and lines were
crossed and abuses occurred. That is why Congress and the
executive branch reached a compromise in 1978 and created the
FISA process to involve Article III judges in the review and
approval of those surveillance orders and also involve the
Congress through the creation of the Special Intelligence
Committees for oversight, which hadn't occurred before.
And so, we have this compromise situation where the
branches have come together to involve all three branches. And
of course, limitations were discovered after 9/11. A lot of
debate occurred, and ultimately, Section 702 was passed in 2008
to enable a very broad programmatic order for foreign
collection directed at non-U.S. persons outside the United
States.
Mr. Gohmert. And that is a great distinction because I know
in my freshman term, '05 and '06, what we were told is this is
only for you have to be a foreign agent, a foreign individual.
And as long as it is an American citizen here on American soil
with distinction for American citizen where intelligence
gathering in another country didn't violate local law. There
were all those distinctions being discussed.
But even through all of that, my experience with
conservative and liberal judges would have indicated that you
wouldn't have an order from a judge under our Constitution that
requires specificity as to a place and information be gathered
that would say something like this order from this court does.
All call detail records between the United States and abroad or
wholly within the United States, including local telephone
calls.
I think that pretty much covers everything. I see no
specificity here. Oh, yes, just get all the records. And you
should be comforted by the fact that you can get this stuff. It
is okay.
So I am just concerned. I have now seen the incredible
abuse by the FISA court, in my opinion, and I am just wondering
if we are better off going to a system where we don't require a
FISA court. There is not this Star Chamber. What would be
another alternative?
And that will be my last question.
Ms. Martin. If I might, Mr. Gohmert? I think that the
original conception of the FISA court was quite limited and
perhaps quite useful, which was that it would act as a kind of
usual court in issuing a warrant, right, which is always done
ex parte. Because the search that the FISA court was going to
authorize--which had to be particularized--had to be based on
probable cause, was never going to be revealed, Congress set up
secret procedures for doing that.
But it was always recognized that what we are talking about
is searches and seizures of Americans. And now the Government
has taken the concept of a FISA court to kind of, in my view,
put a fig leaf on a totally different kind of collection
directed at Americans. It is not particularized. It is totally
in secret. And that includes the 702 program, which----
Mr. Gohmert. Right.
Ms. Martin. And so, you need to go back to the drawing
board about are we really going to have unparticularized
collection that is intended and does collect information about
Americans?
Mr. Gohmert. Well, let me tell you we have got votes coming
up in just a few minutes. And so, I want to get to people who
want to ask questions.
But I would ask the witnesses if you have any proposals, if
you could provide that in writing to us, any alternatives, any
major changes, because I think this justifies major changes.
And with that, who is next? Okay. Recognize the gentleman
from New York, Mr. Nadler.
Mr. Nadler. Thank you.
Mr. Jaffer, various Administration officials have used
comparison of Section 215 authority to what can be obtained
through a grand jury subpoena, something we expressly include
in the statute itself as a limiting principle. Are you aware of
any examples where by virtue of grand jury subpoena, law
enforcement has been able to engage in the type of ongoing bulk
collection, what you described as dragnet collection of
information done under Section 215?
Mr. Jaffer. No, not even close.
Mr. Nadler. Mr. Baker, are you aware of any such?
Mr. Baker. There are plenty of subpoenas for massively
overbroad collections of data so that the Government can be
comfortable that it has gone through everything that might be
relevant.
Mr. Nadler. There are subpoenas, grand jury subpoenas for,
in effect, everything in the world without being specific, all
metadata?
Mr. Baker. Addressed to a particular case or database,
there are plenty of cases where a single database has been
subpoenaed.
Mr. Nadler. No, a single database. But has there ever been
a grand jury subpoena that says let us see the outside of every
postcard or letter sent in the United States? Or let us see the
phone numbers of everybody who called anybody in the United
States?
Mr. Baker. So if I could go back to an example that the
Chairman mentioned, as a practical matter, every flight that
comes into the United States, every travel reservation on that
flight is provided to the Government by the carrier, every
single one.
Mr. Nadler. Has there ever been--has there been a subpoena
for every flight record in the United States?
Mr. Baker. Every flight record coming into the United
States, yes.
Mr. Nadler. A subpoena for every flight record?
Mr. Baker. No. It is under a law passed by the United
States Congress that says you must provide this information to
the Government so it can search for terrorists.
Mr. Nadler. You must provide the name of every individual
on every flight?
Mr. Baker. Yes. That was passed in 2002, and it has been
enforced.
Mr. Nadler. And that is a subpoena?
Mr. Baker. And it has caught a lot of terrorists.
Mr. Nadler. Excuse me. That was a subpoena?
Mr. Baker. No.
Mr. Nadler. That is a law?
Mr. Baker. It was a law.
Mr. Nadler. Well, that is a little different from a
subpoena.
Okay. Mr. Bradbury, you talk about how the metadata that is
acquired and kept under this program can be queried when there
is responsible suspicion, as if that meets the statute. The
statute talks about collection. You seem to be talking about
query. There is a difference between collection and query.
Mr. Jaffer, let me ask you this. Does the Fourth Amendment
talk to collection or to queries?
Mr. Jaffer. Collection.
Mr. Nadler. Collections. So a broad--okay. Let me go to the
next question because I have a bunch quickly.
Mr. Jaffer, you talked--Mr. Baker, rather, you talked about
Section 702, as the discussion of Section 702 has really hurt
us because it has told the Europeans and everybody else what we
are doing for foreigners. But nothing, as I think you point out
in your testimony, too, nothing that we have learned about
Section 702--I can't think of anything we have learned about
Section 702 from Mr. Snowden--or however you pronounce his
name--that wasn't included in the debate in 2008 on Section
702, when we knew we were going to be collecting across the
board on everybody.
And the question in that debate was--and I thought the
resolution of that debate was inadequate, which is why I voted
against it--how were we going to protect Americans against
being caught up? And this is what we have been talking about.
But the assumption there was that foreigners have no
constitutional right and no privacy rights. And we can get all
the information on them anyway. So how is this information now
harmful in a way that the congressional debate wasn't?
Mr. Baker. I think that the congressional debate seeded
what we are now seeing. It is a cost. It is a cost of having
the debate we are having, and my point here is that Europe will
extract that cost from companies that did nothing but their
obligation under the law.
Mr. Nadler. But they would have extracted that cost just
because of the congressional debate, if they were paying
attention.
Mr. Baker. What I say is that this Congress and this
Administration has an obligation to stand between those
companies and----
Mr. Nadler. That is a separate discussion, and that may be.
But--okay. Ms. Martin, how can we--how can Congress solve the
problem? We have a basic problem.
Every challenge to abuse of constitutional rights by the
Bush administration and the Obama administration has been met
in the same way. Either the use of the state secrets doctrine
to say you can't go to court on that. The subject matter of the
discussion is a state secret. Therefore, move to dismiss the
case ab initio. Or you have no standing because you cannot
prove that you personally were harmed by this.
Now Mr. Snowden may have done a public service in giving
some people standing by proving that they were harmed by this
because anyone who is a Verizon subscriber arguably can now go
into court and say that. How can we deal with these two
problems that an Administration, any Administration can violate
constitutional rights from here to kingdom come, subject to no
court review because of either the state secrets doctrine or
the standing problems because they don't admit what they are
doing in the first place. It is secret.
It is secret what we are doing to you. Therefore, you have
no standing because you can't prove what we are doing to you.
Mr. Gohmert. The time has expired, but you may answer
briefly.
Ms. Martin. Well, I think one key way of doing it, which is
outside the court system, is for the Congress to insist that
the Administration disclose all that information. The
Government then won't be able to claim state secrets because it
has disclosed the information.
Mr. Nadler. Disclose what information?
Ms. Martin. Disclose the information about what it has done
and who it has done it to, right? And something like that did
happen and is happening in the context of the violations of the
laws against torture, and that helps in creating a consensus
that we know the Government violated the law.
We have some kind of public debate about what the
Government shouldn't do, and whether or not we end up with an
individual remedy in the court is a question that I would be
glad to think about some more. I know there are now five
lawsuits seeking individual remedies that have a better chance
than they did before, but they all depend upon public
disclosure by the Administration of information.
Mr. Nadler. Or by Mr. Snowden or somebody else.
Ms. Martin. Well, that is more difficult because then the
Administration claims state secrets.
Mr. Gohmert. We are going to have to--in order to get the
other two Democrats and one Republican left, we are going to
need to move on. But I would ask if you have additional
information, if you would prove that in writing in response to
that question.
And now at this time, we yield 5 minutes to the gentleman
from Idaho, Mr. Labrador.
Mr. Labrador. Thank you, Mr. Chairman.
Mr. Jaffer, I am trying to figure out how we got from Smith
v. Maryland to the moment that we are at today. Can you try to
explain to me what exactly maybe the proponents of these laws
and the interpretation of these laws are trying to say because
I am not following Smith v. Maryland very well. I have read it
a couple of times.
Mr. Jaffer. Right.
Mr. Labrador. But I am not sure that you can get to the
collection of metadata all over the United States.
Mr. Jaffer. Well, I think that there is a vast chasm
between Smith and the kind of surveillance that is going on
now. Smith was a case about a specific criminal investigation.
It was a pen register installed on one person's phone for 2
days.
We are now talking about 7 years of surveillance of every
American's phone calls. So I don't think it is a serious
argument to say that Smith justifies what the Government is
doing now. I think that the more relevant case is Jones, which
was decided just last year. A 9-0 court found that the tracking
of individuals' location over the long term constituted a
search under the Fourth Amendment, and even in Jones, the
surveillance was narrower and shallower than the kind of
surveillance we are talking about today.
Mr. Labrador. And they said that the tracking of
individuals over a long period of time resulted in a search and
seizure. Can you explain why they said that? Because there is
now an argument that collecting all this data actually gives
you very personal information about the individual.
Mr. Jaffer. That is right. Sometimes we talk about metadata
as if it is less sensitive, and that is not really true. Using
this kind of metadata, in Jones, for example, the court noted
that you could, just tracking somebody's location over a long
period of time, you could draw all sorts of accurate
conclusions about their medical history, about their intimate
relationships, about their professional life, about their
personal life.
And the same is true of phone calls. If the Government has
access to your call records over a long period of time, the
Government can draw all those conclusions in the same way.
Now that is not to say that the Government should never
have access to the phone records. There are circumstances in
which the Government has to have that access, but we just want
to make sure that that is limited to cases, specific cases in
which the call records are, in fact, relevant to an
investigation.
Mr. Labrador. And in Smith v. Maryland, there was a
specific reason why it was relevant. Correct?
Mr. Jaffer. That is correct. Even in Jones, there was that
specificity.
Mr. Labrador. Okay. So because what concerns me is that, I
think as a Government official, as a legislator, I would like
to stop gang membership, for example, or I would like to stop
child pornography, or I would like to stop bank robberies. And
I could maybe pass a law that would require the Government to
collect everybody's data, right, everybody's metadata so we can
stop those crimes. What do you think about that, Ms. Martin?
Ms. Martin. I think that is the proven solution of
countries like the Soviet Union and China.
Mr. Labrador. Exactly.
Ms. Martin. I mean, and I think there have actually been
studies showing that you can stop crime by that kind of
government surveillance and collection.
Mr. Labrador. So, Mr. Baker, what is the difference? I want
to stop all these crimes, and I would think that everybody in
this Congress would think that that would be inappropriate for
me to pass a law that would allow me to collect all the
metadata of every American so I could stop child pornography.
What is the difference between that and what is happening
here in this instance?
Mr. Baker. We are responding, in the case of the 215
programs, to the fact that there is a well-organized, offshore
conspiracy seeking to carry out attacks on us.
Mr. Labrador. I understand that, but--and I agree with
that. And that is why maybe I don't have as much problem with
the 702 program.
But you are collecting the data or the Government is
collecting the data of American citizens and saying that it may
become relevant after we collect it. Why not just collect the
data of every American because it might become relevant in a
child pornography case later?
Mr. Baker. All of these searches, there is really two
issues here. First, is it a search at all? And Smith suggests
it isn't. And if it is a search, is it reasonable? And that
depends in part on the nature of the justification and the
problem that you are trying to solve.
In this case, we are trying to solve a problem that
requires classified tools and is a national security threat.
That is different from trying to stop bank robberies, frankly.
Mr. Labrador. Well, and I just find it fascinating that the
author of the PATRIOT Act and most of the Members of Congress
who voted for the PATRIOT Act had no idea that the Government
would go to these lengths to collect data. And I hope that we
can continue to have these hearings.
Thank you very much for being here.
Mr. Gohmert. The time has expired. Thank you very much.
Mr. Labrador. I yield back my time.
Mr. Gohmert. I yield to the gentleman from Virginia, Mr.
Scott, for 5 minutes.
Mr. Scott. Thank you, Mr. Chairman.
I know we are trying to get three Members in in this very
short period of time. So let me just pose a question for Mr.
Jaffer real quick.
I am interested in what you can do with the data after you
have gotten it. There is a real question as to whether you have
the legal authority to get all the phone calls. But after you
have got it, we found out in a DNA case that if you get
someone's DNA legally and you find out it is not them, you can
still run that DNA through the database without any probable
cause, no articulable suspicion, anything. You have the data,
and you can use it.
What is the limitation on the data after you have acquired
it? Now they say you have to have articulable suspicion to
query the data that you have obtained. But the Section 215
doesn't require any such limitation. It just tells you to
describe what you are getting. This seems to be a little
gratuitous policy, not a limitation by statute.
And so, can you say a word about where the limitation is
after you have gotten the data what you can do with it?
Mr. Jaffer. Well, on the 215 program, we don't have the
Government's minimization procedures. They haven't been
released.
Mr. Scott. Well, let me just--and the minimization
procedure specifically has--the witness before was a little
murky on this--has--specifically has a criminal justice
exception. So running a criminal justice investigation with
data you now have can be done without articulable suspicion or
probable cause or anything. You just go look to see, as the
gentleman was suggesting, who has been committing gang crimes.
You got a gang member, you can spin his little thing around
to find out who he is talking to. Is there a limitation on what
you can do after you have gotten it?
Mr. Jaffer. No, almost certainly not. And we know that that
the limitations are very weak because we have seen the 702
minimization procedures. Those were disclosed.
And if they are any guide, I think it is safe to assume
that the 215 procedures don't protect Americans' privacy.
Mr. Scott. Now if you were running a criminal investigation
without probable cause by virtue of getting information in the
hands of the FBI, and we have removed that firewall that used
to be there, what would be the sanction against improperly
using that information? Would the exclusionary rule kick in?
Mr. Jaffer. Well, I don't think we will ever know because
the Government doesn't notify criminal defendants that it is
using these kinds of surveillance programs.
Mr. Scott. Would fruit of a poison tree kick in?
Mr. Jaffer. Well, it would if the Government disclosed. But
it doesn't disclose. It keeps it secret from criminal
defendants, and this is one of the things that we have been
very frustrated with is that the Government told the Supreme
Court that criminal defendants would be notified when
information was introduced against them derived from these
programs. And it is not, in fact, giving that kind of notice.
Mr. Scott. Thank you.
Mr. Chairman, as a courtesy to my colleagues, I will yield
back at this time.
Mr. Gohmert. Thank the gentleman from Virginia.
At this time, I will yield to Mr. Johnson for 5 minutes.
Ms. Jackson Lee. Mr.--excuse me, Mr. Gohmert. This is
regular order.
Mr. Gohmert. Okay. Well, I was just going by the list that
the clerk gave me here.
Ms. Jackson Lee. The list goes from the beginning of the
Committee. I think Mr. Johnson knows.
Thank you.
Mr. Gohmert. Exactly. All right. Then we will yield 5
minutes to my friend from Texas, Ms. Jackson Lee.
Ms. Jackson Lee. I thank you very much.
Let me just say that this has been not eye-opening, but it
raises more questions than probably it gives answers. And I
think I want to start immediately with the question, Mr.
Jaffer, on the 215 PATRIOT Act, which grants the FBI broad
authority, as we have seen in the previous hearing and what we
have read, and could put and does put civil liberties at risk.
From your perspective, what danger might occur or what would
happen if we did not renew Section 215?
Mr. Jaffer. Well, I think that is a good question to ask
the Government. So far, they haven't been able to explain why
the dragnet surveillance under this provision is actually
necessary. They haven't been able to point to cases in which
this particular surveillance program was crucial. I think it is
a good question to put to them.
But I would just say that while I think that your concern
about 215 is totally justified, I think that the Committee
ought to be concerned about 702 as well. And the Government
keeps emphasizing that this is a program directed at people
abroad, and that is true. But in the course of surveillance of
people abroad, the Government is building huge databases of
Americans' phone calls, not just the metadata. But the----
Ms. Jackson Lee. So you are saying that reverse targeting
is occurring, even though language put in the bill to not have
that occur?
Mr. Jaffer. I actually am not saying that the Government is
violating the statute. I am saying that they are using the
statute precisely as it was designed to be used, but the
statute allows them to gather Americans' communications so long
as they are not targeting a specific American.
Ms. Jackson Lee. So to hold them until they believe
something rises to the top?
Mr. Jaffer. That is right.
Ms. Jackson Lee. So it is sort of like storing in your
Internet or storing pictures in your iPhone or something of the
sort?
Mr. Jaffer. That is exactly right.
Ms. Jackson Lee. Let me to go Mr. Baker. You sat before
Homeland Security a number of years. Thank you for your
service. Thank all of you for your service. But you made the
point that on your blog, that you thought that the FBI could
have caught the people on 9/11, but there was too liberal--
civil liberties was too much in the way.
What are you suggesting when the idea of 9/11 was, one,
these were foreign nationals. So the FBI had opportunity to
deal with them in the construct of our civil liberties, and it
was basically connecting the dots or not finding out that guys
were learning to take off and not land in a plane training
place down in Florida. What civil liberties need to be violated
in order to have protected us from 9/11?
Mr. Baker. The problem is that there were two al-Qaeda
operatives in the country for 2 weeks. We knew--the FBI, the
CIA all knew they were here, but the FBI's task force that was
organized for the Cole bombing, as I remember, was not allowed
to go looking for them, even though they had by far the most
resources of anybody to find them.
And the reason they were not allowed to do it was because
the FISA court had made up a doctrine that led to the wall that
said we are going to keep law enforcement over here and
intelligence over here and not allow them to talk. And out of
fear that the FISA court would punish them for talking and for
going to look for these guys, the Cole task force stood down.
We lost our best chance to catch those guys at that time,
and it was because the FISA court was so aggressively enforcing
a doctrine that, frankly, it shouldn't have adopted in the
first place, but which it adopted pretty clearly for civil
liberties reasons.
Ms. Jackson Lee. Well, let me ask your comment on that.
Ms. Martin. I think the record is much more complex. There
were many times that the Government dropped the ball when it
might have stopped 9/11, and most of them had absolutely
nothing to do with the law. The CIA, for example, knew for many
months the names of the hijackers. They knew that they wanted
to carry out an attack against the United States. They knew
that they had gotten visas, and they didn't tell the FBI to go
find those people inside the United States.
And the wall had nothing to do with preventing the CIA from
telling the FBI to go find known al-Qaeda terrorists in the
United States. The record is just much more complicated than
Mr. Baker is making it out.
Ms. Jackson Lee. Well, let me just finish. So let me just
make this comment. Maybe I will be short of the red light.
One, I maintain that we have too many contractors unknown
and unbeknownst in the intelligence community. I thank them for
their service, but they need to rein in this rampant
proliferation of contracts, even though the Government tried to
defend its satellites as this, and really have a profound staff
that is here in the United States Government.
The last point is the FISA court can stand a lot of review.
One, I think there should be something about the balance of
Democratic appointed judges and Republican. But I also think
the release of opinions should be something that we should be
able to allow to the public and, therefore, find a way to rein
in all of this.
I yield back.
Mr. Gohmert. Thank you.
We have 4\1/2\ minutes left--4 minutes, 20 seconds left in
the vote. So I yield to the gentleman for such time. Mr.
Johnson?
Mr. Johnson. I will be brief. Thank you, Mr. Chairman.
Section 702, collecting foreign data, intelligence data,
metadata content of communications, and so forth. Is that
correct?
Mr. Jaffer. Not quite. Section 702 is surveillance directed
at people outside the United States, but it is surveillance of
Americans' communications with those people outside the United
States.
Mr. Johnson. Yes, and collection of the scope you don't
disagree with. In other words, content metadata?
Mr. Jaffer. That is right.
Mr. Johnson. And minimalization procedures in place that
perhaps may not be as stringent as they should. Perhaps. I am
not saying that that is the case or not.
But with respect to the data collected under 702 of
Americans that are just incidentally caught up in foreign-to-
foreign communications or a foreign target that is
communicating with someone in the U.S., who owns that data? Is
it the person who initiates the call? Is it the person who
accepts the call? Or is it both or----
Mr. Jaffer. My guess is----
Mr. Johnson. Or is it the provider, the service provider
who owns the data?
Mr. Jaffer. I think that Americans have a reasonable
expectation of privacy in their international communications.
Mr. Johnson. Have there been court cases specifically on
that point?
Mr. Jaffer. Yes. On the content of communications, yes.
Mr. Johnson. Yes. Okay. So now, I would submit that when
you are talking about surveillance, when you look at the
definition of the word ``surveillance,'' it includes keeping a
close watch on people or things. And so, you can surveil a
thing. That thing may not have a constitutional right, but a
person certainly does.
I think we should make or I think we should be prepared to
distinguish between surveillance, what kind of surveillance we
are talking about. That is a term that kind of gets everybody
excited.
That is about really all I have to say. Anybody got any
comments about that?
[No response.]
Mr. Johnson. I will yield back, Mr. Chairman.
Mr. Gohmert. The time has been yielded back. And at this
time, this concludes today's hearing.
Thanks to all of our witnesses for attending. We know it
has been a long day for you, and we appreciate you bearing with
it. It is an important subject. It is only our future, our
security, and our privacy.
So thank you, and we look forward to your comments that we
anticipate receiving back in writing, things that you wished
you had said or wanted to say, and to direct us. So thank you
very much.
Without objection, all Members will have 5 legislative days
to submit additional written questions for the witnesses or
additional materials for the record.
This hearing is now adjourned.
[Whereupon, at 2:32 p.m., the Committee was adjourned.]
A P P E N D I X
----------
Material Submitted for the Hearing Record
Questions for the Record submitted to James Cole, United States
Department of Justice; Robert S. Litt, Office of Director of National
Intelligence; John C. Inglis, National Security Agency; and Stephanie
Douglas, FBI National Security Branch*
---------------------------------------------------------------------------
*The Committee had not received a response to these questions at
the time this hearing record was finalized and submitted for printing
on December 12, 2013.
Response to Questions from the Hearing from Stewart A. Baker,
Steptoe & Johnson, LLP
Response to Questions for the Record from Jameel Jaffer,
American Civil Liberties Union (ACLU)
Response to Questions from the Hearing and for the Record
from Kate Martin, Center for National Security Studies
�