[House Hearing, 113 Congress]
[From the U.S. Government Publishing Office]
EXAMINING RECOMMENDATIONS TO REFORM
FISA AUTHORITIES
=======================================================================
HEARING
BEFORE THE
COMMITTEE ON THE JUDICIARY
HOUSE OF REPRESENTATIVES
ONE HUNDRED THIRTEENTH CONGRESS
SECOND SESSION
__________
FEBRUARY 4, 2014
__________
Serial No. 113-62
__________
Printed for the use of the Committee on the Judiciary
Available via the World Wide Web: http://judiciary.house.gov
----------
U.S. GOVERNMENT PRINTING OFFICE
86-549 PDF WASHINGTON : 2013
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800
DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC,
Washington, DC 20402-0001
COMMITTEE ON THE JUDICIARY
BOB GOODLATTE, Virginia, Chairman
F. JAMES SENSENBRENNER, Jr., JOHN CONYERS, Jr., Michigan
Wisconsin JERROLD NADLER, New York
HOWARD COBLE, North Carolina ROBERT C. ``BOBBY'' SCOTT,
LAMAR SMITH, Texas Virginia
STEVE CHABOT, Ohio ZOE LOFGREN, California
SPENCER BACHUS, Alabama SHEILA JACKSON LEE, Texas
DARRELL E. ISSA, California STEVE COHEN, Tennessee
J. RANDY FORBES, Virginia HENRY C. ``HANK'' JOHNSON, Jr.,
STEVE KING, Iowa Georgia
TRENT FRANKS, Arizona PEDRO R. PIERLUISI, Puerto Rico
LOUIE GOHMERT, Texas JUDY CHU, California
JIM JORDAN, Ohio TED DEUTCH, Florida
TED POE, Texas LUIS V. GUTIERREZ, Illinois
JASON CHAFFETZ, Utah KAREN BASS, California
TOM MARINO, Pennsylvania CEDRIC RICHMOND, Louisiana
TREY GOWDY, South Carolina SUZAN DelBENE, Washington
RAUL LABRADOR, Idaho JOE GARCIA, Florida
BLAKE FARENTHOLD, Texas HAKEEM JEFFRIES, New York
GEORGE HOLDING, North Carolina DAVID N. CICILLINE, Rhode Island
DOUG COLLINS, Georgia
RON DeSANTIS, Florida
JASON T. SMITH, Missouri
[Vacant]
Shelley Husband, Chief of Staff & General Counsel
Perry Apelbaum, Minority Staff Director & Chief Counsel
C O N T E N T S
----------
FEBRUARY 4, 2014
Page
OPENING STATEMENTS
The Honorable Bob Goodlatte, a Representative in Congress from
the State of Virginia, and Chairman, Committee on the Judiciary 1
The Honorable John Conyers, Jr., a Representative in Congress
from the State of Michigan, and Ranking Member, Committee on
the Judiciary.................................................. 4
WITNESSES
The Honorable James Cole, United States Department of Justice
Oral Testimony................................................. 7
Prepared Statement............................................. 10
Peter P. Swire, Review Group on Intelligence and Communications
Technology
Oral Testimony................................................. 17
Prepared Statement............................................. 19
David Medine, Privacy and Civil Liberties Oversight Board
Oral Testimony................................................. 49
Prepared Statement............................................. 51
Steven G. Bradbury, Dechert, LLP
Oral Testimony................................................. 121
Prepared Statement............................................. 124
David Cole, Georgetown University Law Center
Oral Testimony................................................. 145
Prepared Statement............................................. 147
Dean C. Garfield, Information Technology Industry Council
Oral Testimony................................................. 158
Prepared Statement............................................. 160
APPENDIX
Material Submitted for the Hearing Record
Material submitted by the Honorable Bob Goodlatte, a
Representative in Congress from the State of Virginia, and
Chairman, Committee on the Judiciary.....................184
deg.OFFICIAL HEARING RECORD
Material Submitted for the Hearing Record but not Reprinted
Report from the Privacy and Civil Liberties Oversight Board, January
23, 2014, submitted by the Honorable Jerrold Nadler, a
Representative in Congress from the State of New York, and Member,
Committee on the Judiciary. This report is available at the
Committee and can also be accessed at:
http://www.pclob.gov/SiteAssets/Pages/default/PCLOB-Report-on-
the-Telephone-Records-Program.pdf
EXAMINING RECOMMENDATIONS TO REFORM FISA AUTHORITIES
----------
TUESDAY, FEBRUARY 4, 2014
House of Representatives
Committee on the Judiciary
Washington, DC.
The Committee met, pursuant to call, at 10:14 a.m., in room
2141, Rayburn House Office Building, the Honorable Bob
Goodlatte (Chairman of the Committee) presiding.
Present: Representatives Goodlatte, Sensenbrenner, Coble,
Smith of Texas, Chabot, Bachus, Issa, Forbes, King, Franks,
Gohmert, Jordan, Poe, Chaffetz, Gowdy, Labrador, Farenthold,
Holding, Collins, DeSantis, Smith of Missouri, Conyers, Nadler,
Scott, Lofgren, Jackson Lee, Cohen, Johnson, Chu, Deutch,
DelBene, Garcia, Jeffries, and Cicilline.
Staff Present: (Majority) Shelley Husband, Chief of Staff
and General Counsel; Branden Ritchie, Deputy Chief of Staff &
Chief Counsel; Allison Halataei, Parliamentarian & General
Counsel; Caroline Lynch, Counsel; Sam Ramer, Counsel; Kelsey
Deterding, Clerk; (Minority) Perry Apelbaum, Minority Staff
Director & Chief Counsel; Danielle Brown, Parliamentarian; and
Aaron Hiller, Counsel.
Mr. Goodlatte. Good morning. The Judiciary Committee will
come to order. And without objection, the Chair is authorized
to declare recesses of the Committee at any time.
Before we begin today's hearing, I would like to take a
moment to welcome the newest Member of the House Judiciary
Committee, David Cicilline of Rhode Island's First
Congressional District.
Born in Providence, Congressman Cicilline moved to
Washington, D.C., shortly after law school to work as a public
defender before returning to Rhode Island. In 1994, he was
elected to the Rhode Island State legislature and ultimately
elected Mayor of Providence in 2002 and again in 2006.
He was elected to the U.S. House of Representatives in 2010
and is also a Member of the House Committee on Foreign Affairs.
And we welcome you to the Judiciary Committee. [Applause.]
Mr. Conyers. Mr. Chairman?
Mr. Goodlatte. And I would like to recognize the Ranking
Member for any comments that he would like to make.
Mr. Conyers. Thank you.
On behalf of all of us on this side of the aisle, we join
Chairman Goodlatte in welcoming our newest Member to the
Committee, Congressman David Cicilline, First District, Rhode
Island. A Mayor, a public defender, practiced law in Rhode
Island, and I am confident that his depth of experience will be
a great asset to this Committee.
Mr. Cicilline, we welcome you and look forward to working
with you. [Applause.]
Thank you.
Mr. Goodlatte. And we welcome everyone to this afternoon's
hearing on Examining Recommendations to Reform FISA
Authorities, and I will begin by recognizing myself for an
opening statement.
Today's hearing will examine the various recommendations to
reform programs operated under the Foreign Intelligence
Surveillance Act, or FISA. Last summer's unauthorized public
release of these classified programs has sparked a national
debate about the extent of these programs and whether they pose
a threat to Americans' civil liberties and privacy.
There have been myriad proposals to reform or end these
programs. We are here today to vet these proposals and discuss
their impact on America's national security and their value in
enhancing civil liberty protections.
Following last year's leaks, Obama administration officials
appeared before this and other Committees in Congress to defend
these programs and urge Congress not to shut them down,
including the bulk metadata collection program operated under
Section 215 of the PATRIOT Act. But just 2 weeks ago, President
Obama announced that he supports ``a transition that will end
Section 215 bulk metadata program as it currently exists and
establish a mechanism that preserves the capabilities we need
without the Government holding this bulk metadata.''
I am glad the President has finally acknowledged what I and
many others concluded long ago, namely that the Section 215
bulk metadata program is in need of significant reform in order
to restore the trust of the American people and to protect
Americans' civil liberties. But I am disappointed that the
President was unable or unwilling to clearly articulate to
Congress and the American people the value of this information
in thwarting terror plots.
Instead, he simply declared that it is ``important that the
capability that this program is designed to meet is
preserved,'' while simultaneously announcing that he was ending
the program as it currently exists.
The 5-year storage of bulk metadata by the NSA is arguably
the most critical and the most controversial aspect of the
Section 215 program. But transferring storage to private
companies could raise more privacy concerns than it solves.
We need to look no further than last month's Target breach
or last week's Yahoo breach to know that private information
held by private companies is susceptible to cyber attacks. And
transferring storage to private companies would require the
Government to request data from multiple companies to connect
the dots it currently stores, thereby complicating its ability
to quickly and efficiently compile valuable intelligence.
Of equal importance is the impact such a storage mandate
would have on the ability of American companies to compete in a
global market. American technology companies are experiencing a
lack of customer trust and a loss of international business as
a result of the Snowden leaks, based upon the fear that
information about their customers is readily and routinely
turned over to the American Government.
I suspect requiring these companies to now house the data
specifically so the Government can access it will only
reinforce those fears. American companies, in fact, have sought
permission to publicly report national security requests from
the Government to inform and, hopefully, assuage the concerns
of their American and foreign customers.
To that end, I am pleased the Justice Department worked
jointly with American companies to identify information that
can be publicly reported about the size and scope of national
security requests. This is one step that will help provide
greater transparency to the American people about the nature of
our intelligence gathering programs.
On January 17th, President Obama also announced his desire
to transfer the query approval of metadata from the NSA to the
FISA court. I am interested to hear from today's witnesses
whether such a reform will, in fact, result in greater privacy
protections without weakening national security.
President Obama also endorsed additional privacy
protections for foreigners overseas. He instructed the Attorney
General and Director of National Intelligence to take the
unprecedented step of extending certain protections that we
have for the American people to people overseas. Specifically,
President Obama called for limiting the duration that personal
information about foreign nationals is stored while also
restricting the use of this information. Is it wise to restrain
our national security agencies by extending to foreigners the
rights and privileges afforded Americans?
In addition to President Obama's proposed reforms, two
panels, the President's Review Group on Intelligence and
Communications Technology and the Privacy and Civil Liberties
Oversight Board, have issued reports with their own proposals
and conflicting legal analysis. On December 12th, the review
group issued its report.
While the review group questioned the value of the bulk
collection of telephone metadata by the Government, the review
group did conclude that the program is constitutional, legal,
and has not been abused and recommended the program continue
with third-party or company storage.
A majority of the PCLOB, however, issued a report on
January 23 that questioned whether the program is
constitutional and concluded operated illegally under the
statute since 2006. And recommended the metadata program end
entirely.
I look forward to a discussion today of the constitutional
and statutory analysis and recommendations of these two panels.
The House Judiciary Committee has primary jurisdiction over the
legal framework of these programs and has conducted aggressive
oversight on this issue.
Any reforms Congress enacts must ensure our Nation's
intelligence collection programs effectively protect our
national security and include real protections for Americans'
civil liberties, robust oversight, and additional transparency.
It is now my pleasure to recognize the Ranking Member of
the Committee, the gentleman from Michigan, Mr. Conyers, for
his opening statement.
Mr. Conyers. Thank you.
I welcome the witnesses today, the Deputy Attorney General
in the first panel, and the witnesses coming up in the second
panel.
Now the 9/11 Commission, observing that Congress had
``vested substantial new powers in the investigative agencies
of the Government'' with the passage of the PATRIOT Act, argued
that it would be healthy for the country to engage in full and
informed debate on these new authorities.
The commission concluded that when that debate eventually
takes place, the burden of proof for retaining a particular
Government power should be on the executive to explain that the
power actually and materially enhances security. Today, we are
now engaged in that debate.
For the first time, the public understands that our
Government is engaged in widespread domestic surveillance. This
surveillance includes, but isn't limited to, the Government's
collection of records on virtually every phone call placed in
the United States under Section 215 of the PATRIOT Act.
Consensus is growing that this telephone metadata program
is largely ineffective, inconsistent with our national values,
and inconsistent with the statute as this Committee wrote it.
As the 9/11 Commission proposed, the burden rests with the
Government to convince us otherwise.
Reasonable people can disagree with me about whether or not
the Government has met that burden, but there are several
points to guide us in this debate that I believe are
incontrovertible. First, the status quo is unacceptable.
President Obama, his own Review Group on Intelligence and
Communication Technology, and the Privacy and Civil Liberties
Oversight Board all agree that the telephone metadata program,
as currently exists, must end.
The review group had full access to the leadership of the
intelligence community. It concluded that there has been no
instance in which the National Security Agency could say with
confidence that the outcome of a case would have been different
without the Section 215 metadata program.
The Privacy and Civil Liberties Oversight Board came to the
same conclusion and also observed that the operation of the
bulk telephone record program bears almost no resemblance to
the actual text of the statute.
In his remarks at the Department of Justice, President
Obama observed that because expanding technological
capabilities place fewer and fewer technical restraints on what
we can do, we have a special obligation to ask tough questions
about what we should do. The President ordered immediate
changes to the telephone metadata program and asked the
Attorney General and the Director of National Security to
develop options for a new approach that takes these records out
of Government hands.
I commend President Obama for his willingness to make these
necessary changes. It cannot be easy for a sitting President to
restrain his own intelligence capabilities, even if it is the
right thing to do. After all, in the President's own words,
there is an inevitable bias within the intelligence community
to collect more information about the world, not less.
My second point is that the Administration cannot solve
this problem without Congress. The House Judiciary Committee
must act. We are the primary Committee of jurisdiction in the
House for the Foreign Intelligence Surveillance Act, the
exclusive means by which the Government may conduct domestic
surveillance.
We are the proper forum for a debate about constitutional
rights and civil liberties. More acutely, the Government is
dependent on this Committee to renew the legal authorities now
under review.
Section 215 is scheduled to sunset on June 1, 2015. If it
expires, all Section 215 programs, not merely bulk collection,
expire with it. We should address bulk collection today, or we
risk losing all of Section 215 this time next year. Unless this
Committee acts and acts soon, I fear we will lose valuable
counterterrorism tools, along with the surveillance programs
many of us find objectionable.
And finally, as this Committee moves forward, H.R. 3361,
the USA FREEDOM Act, represents a reasonable consensus view and
remains the right vehicle for reform. I am struck by the
growing partisan--bipartisan consensus here. More and more of
us seem to agree that the Congress should end bulk collection
under Section 215 but allow the FBI's continued use of normal
business records orders on a case-by-case basis.
We should retain the basic structure of Section 702 of the
Foreign Intelligence Surveillance Act but enact additional
protections for United States persons whose communications are
intercepted without a warrant. We should create an opportunity
for an independent advocate to represent privacy and civil
liberties interests before the FISA court.
And in the service of meaningful public debate, we should
declassify significant opinions of the FISA court, enhance
reporting to the Congress, and allow companies to disclose more
about their cooperation with the Government.
These reforms are consistent with the President's remarks,
the recommendations of the review group, and the report of the
Privacy and Civil Liberties Oversight Board. They are also,
point for point, the main objectives of the measure called the
USA FREEDOM Act.
Our colleague and former Chairman of this Committee, Mr.
Sensenbrenner, is credited as the original author of the
PATRIOT Act, is our lead on this bill in the House. Senator
Leahy has introduced an identical measure in the Senate.
The USA FREEDOM Act enjoys the support of 130 Members in
the House, evenly divided between Democrats and Republicans.
More than half of this Committee now supports the bill, and our
numbers grow every week.
And so, Mr. Chairman, I urge that you bring this bill up
for consideration before the House Judiciary Committee as soon
as possible because our mandate is clear. We have heard from
the President, from his panel of experts, and from an
independent oversight board. We will examine their proposals
today, but the time for reform is now.
And so, at the risk of making too much reference to the
attacks of September 11, 2001, I close my remarks with another
passage from the 9/11 Commission report.
``We must find ways of reconciling security with liberty
since the success of one helps protect the other. The choice
between security and liberty is a false choice, as nothing is
more likely to endanger America's liberties than the success of
a terrorist attack at home.
``Our history has shown that insecurity threatens liberty.
Yet if our liberties are curtailed, we lose the values that we
are struggling to defend.''
I thank you and yield back my time.
Mr. Goodlatte. Thank you, Mr. Conyers.
And without objection, all other Members' opening
statements will be made a part of the record.
It is now our pleasure to welcome our first panel today,
and if the members of the panel would rise, I will begin by
swearing in the witnesses.
[Witnesses sworn.]
Mr. Goodlatte. Let the record reflect that all of the
witnesses responded in the affirmative.
Thank you, and I will begin by introducing our witnesses.
Our first witness is Mr. James Cole, the Deputy Attorney
General of the United States at the Department of Justice. Mr.
Cole first joined the agency in 1979 as part of the Attorney
General's Honors Program and served the department for 13 years
as a trial lawyer in the Criminal Division.
He entered private practice in 1992 and was a partner at
Bryan Cave, LLP, from 1995 to 2010, specializing in white-
collar defense. Mr. Cole has also served as chair of the
American Bar Association White Collar Crime Committee and as
chair-elect of the ABA Criminal Justice Section.
Mr. Cole received his bachelor's degree from the University
of Colorado and his J.D. from the University of California at
Hastings.
Our second witness is Mr. Peter Swire, a member of the
Review Group on Intelligence and Communications Technologies.
The review group's mission is to review and provide
recommendations on how, in light of advancements in
communications technologies, the United States can employ its
technical collection capabilities in a manner that optimally
protects national security and advances our foreign policy
while respecting our commitment to privacy and civil liberties,
recognizing our need to maintain the public trust, and reducing
the risk of unauthorized disclosure.
Mr. Swire is also a senior fellow at the Future of Privacy
Forum and the Center for American Progress, and policy fellow
at the Center for Democracy and Technology. Mr. Swire is a
professor at the Scheller College of Business at Georgia Tech,
having previously served as a C. William O'Neill Professor of
Law at the Ohio State University.
Mr. Swire worked for the Clinton administration as chief
counselor for privacy in the U.S. Office of Management and
Budget, where he held Government-wide responsibility for
privacy policy. In 2009 and 2010, Mr. Swire served as Special
Assistant to President Obama for Economic Policy, serving in
the National Economic Council with Lawrence Summers. Mr. Swire
earned his undergraduate degree from Princeton and his juris
doctor from Yale Law School.
Our third witness is Mr. David Medine, the chairman of the
Privacy and Civil Liberties Oversight Board. Mr. Medine started
full time as chairman on May 27, 2013. Prior to serving as
chairman, he was an attorney fellow for the Securities and
Exchange Commission and a special counsel at the Consumer
Financial Protection Bureau.
From 2002 to 2012, he was a partner in the law firm Wilmer
Hale, having previously served as a senior adviser to the White
House National Economic Council from 2000 to 2001. From 1992 to
2000, Mr. Medine was the Associate Director for Financial
Practices at the Federal Trade Commission. Before joining the
FTC, he taught at Indiana University School of Law and the
George Washington University School of Law.
Mr. Medine received his bachelor's degree from Hampshire
College and his juris doctor from the University of Chicago Law
School.
I want to welcome all of you. I would ask each of you
summarize your testimony in 5 minutes or less, and to help you
stay within that time, there is a timing light on your table.
When the light switches from green to yellow, you will have 1
minute to conclude your testimony. When the light turns red, it
signals the witness' 5 minutes have expired.
And we will begin with Deputy Attorney General Cole.
Welcome.
TESTIMONY OF THE HONORABLE JAMES COLE,
UNITED STATES DEPARTMENT OF JUSTICE
Mr. James Cole. Thank you, Mr. Chairman, Ranking Member
Conyers, and Members of the Committee, for inviting us here to
continue the discussion of certain intelligence collection
activities and our efforts to protect privacy and civil
liberties at the same time.
We have all invested a considerable amount of energy over
these past few months in reviewing specific intelligence
collection programs and the legal framework under which they
are conducted. I think it is fair to say that all of us--the
members of the Privacy and Civil Liberties Oversight Board, the
members of the Presidential review group, the Administration,
and the Congress--want the same thing--to maintain our national
security while upholding the liberties that we all cherish.
It is not always easy to agree on how best to accomplish
these objectives, but we will continue to work in earnest to
advance our common interests, and we appreciate the good faith
in which everyone has engaged in this endeavor.
We have benefited from the consideration of these difficult
issues by the PCLOB and the PRG, and it's a pleasure to appear
with them today. In his speech on January 17th, the President
laid out a series of measures to reform our surveillance
activities that draw upon many of the core recommendations
issued by the PCLOB and the PRG.
The work to develop or carry out these measures is well
underway, and I would like to highlight just a few of the most
significant initiatives announced by the President that the
Department of Justice is working to implement in close
coordination with the intelligence community.
First, we are examining alternatives to the collection of
bulk telephony metadata under Section 215, which, as you noted,
the President has said will end as it currently exists. The
President has said that the capability that this program was
designed to provide is important and must be preserved, but we
must find a new approach that does not require the Government
to hold this bulk metadata.
The Section 215 program, as currently constituted, is
subject to an extensive framework of laws and judicial orders
and to oversight by all three branches of Government, designed
to prevent abuse. Neither the PCLOB nor the PRG has questioned
the rigor of that oversight system, nor has anyone identified
any intentional misuse of the telephony metadata.
Nevertheless, we recognize that any time large amounts of
data are collected, whether by the Government or private
companies, there is a potential for misuse, and it will be
important that the new approach remains subject to a rigorous
oversight regime. Insofar as the legality of the program is
concerned, it is important to remember that the courts, the
final arbiters of the law, have repeatedly found the program
lawful, including 15 separate judges of the Foreign
Intelligence Surveillance Court and two District Courts. There
has been only one contrary District Court ruling, which is now
on appeal.
The PCLOB undertook its own analysis of the legality, but
the members were unable to agree on whether it was authorized
under the statute. Although we continue to believe the program
is lawful, we recognize that it has raised significant
controversy and legitimate privacy concerns. And as I have
said, we are working to develop a new approach, as the
President has directed.
Second, we are working to develop additional restrictions
on Government's ability to retain, search, and use in criminal
cases U.S. person information incidentally collected when we
target non-U.S. persons overseas under Section 702 of FISA.
Third, the President recognized that our global leadership
position requires us to take steps to maintain the trust and
cooperation of people not only here at home, but around the
world. Accordingly, he has also determined that as a matter of
policy, certain privacy safeguards afforded for signals
intelligence containing U.S. person information will be
extended to non-U.S. persons where consistent with national
security. We will be working with our colleagues in the
intelligence community to implement that policy directive.
Fourth, the department is working to change how we use
national security letters so that the nondisclosure
requirements authorized by statute will terminate within a
fixed time unless the Government demonstrates a need for
further secrecy. Although these nondisclosure obligations are
important in preserving the viability of national security
investigations, these reforms will ensure that secrecy extends
no longer than necessary.
Fifth, the President called upon Congress to authorize the
establishment of a panel of advocates from outside the
Government to provide an independent voice in significant cases
before the FISC. We believe the ex parte process has functioned
well. The court, however, should be able to hear independent
views in certain FISA matters that present significant or novel
questions. We will provide our assistance to Congress as it
considers legislation on this subject.
Sixth, we have already taken steps to promote greater
transparency about the number of national security orders
issued to technology companies, the number of customer accounts
targeted under those orders, and the legal authorities behind
those requests. As a result of the procedures that we have
adopted in this regard, technology companies have withdrawn
their lawsuit concerning this issue.
Through these new reporting methods, technology companies
will be permitted to disclose more information to their
customers than ever before. We look forward to consulting with
Congress as we work to implement the reforms outlined by the
President and as you consider various legislative proposals to
address these issues.
I'll be happy to take any questions you may have.
[The prepared statement of Mr. James Cole follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
__________
Mr. Goodlatte. Thank you.
Mr. Swire, welcome.
TESTIMONY OF PETER P. SWIRE, REVIEW GROUP ON INTELLIGENCE AND
COMMUNICATIONS TECHNOLOGY
Mr. Swire. Thank you, Mr. Chairman and Ranking Member
Conyers and Members of the Committee.
I appreciate the opportunity to testify today on behalf of
the five members of the review group and the invitation and the
request was rather than this being my personal statement, that
it be reflecting the group's effort and our report that was
issued in December.
The review group is a group of five people. I'll briefly
describe them in the context of our work and how we came to our
recommendations.
One of the members is Michael Morell, who had more than 30
years in the CIA as a professional intelligence officer, and he
finished his time there as Deputy Director of the CIA. So we
had the benefit in our group of somebody with many years of
deep experience in the intelligence community.
Richard Clarke had been the senior cybersecurity and anti-
terrorism adviser, both to President Clinton and President
George W. Bush. So he came to this with both technological and
Government experience in many different respects.
Cass Sunstein is, I think, the most cited law professor in
the United States, a professor at Harvard right now, and he has
spent 5 years as the Director of the Office of Information and
Regulatory Affairs at OMB, with a detailed knowledge of the
Government and how it operates.
And Geoffrey Stone is the former dean of the University of
Chicago Law School, and he's an expert, among other things, on
civil liberties in the time of war.
So I felt privileged to be working with these four
distinguished gentlemen. My own background is primarily in the
area of privacy, technology, and law, how these come together,
and I'll mention two parts of the background that are relevant
to today's hearing.
For one, when I worked under President Clinton, I was asked
to chair an administration process to propose legislation on
how to update wiretap laws for the Internet. And in the fall of
2000, this cleared administration proposal came before this
Committee for a hearing where the Department of Justice
testified, and some of the people here today asked questions of
that. So how to do the law around wiretaps on the Internet is
something we've been wrestling with for quite some time.
The second thing is that in 2004, I published an extensive
article on the history and issues surrounding FISA, which
touches on some of the issues we'll address today.
In terms of the review group, in August, the five of us
were invited to come meet with the President and be named to
the review group, and I'd like to just take a moment on the
charter of our group. The charter was to try to bring together
things that are hard to bring together.
How do we do national security? How do we maintain our
foreign allies and relationships with other countries,
including commercial relationships? How do we preserve privacy
and civil liberties in this new technological age? How do we
maintain public trust? And finally, how do we address the
insider threat, which we've seen can be a very--a big problem
in terms of maintaining classified secrets?
So, within these national security, commercial, civil
liberties and public trust things, how do we put this all
together in a package? The--our job was to be--as tasked by the
President, was to be forward looking. Where should we go from
here? So I'd like to emphasize we did not do a constitutional
analysis of any of the programs. That was not what we thought
our job was.
We also did not do a specific statutory analysis of whether
something was or was not lawful that was being done
specifically around 215. Others have taken on those tasks. Our
group did not do that constitutional or statutory analysis. We
thought putting these five major goals together into a report
was plenty for us to take on during the fall.
One of the things about our group is that we, in addition
to being forward looking, were not limited to counterterrorism
in our mission. And so, the PCLOB, as David Medine will talk
about, has statutory authorities specifically focused on
counterterrorism. We were asked to take on broader issues
around foreign affairs, et cetera, that in some cases go beyond
that scope.
We met during the fall each week. We got briefed
extensively on a classified basis from the agencies. We had
detailees from the agencies. Every question we asked for, we
got answered. The agencies were outstanding in their
cooperation.
We presented our preliminary findings orally to the
President's top advisers during the fall and, on December 11th,
transmitted our report to the White House. This was our report.
It was submitted for declassification review to make sure we
weren't releasing classified secrets, but the recommendations
were the group of five, it was our own.
And as it turned out, after we did this work together, the
civil liberties people in our group, the anti-terrorism, the
CIA people in the group, all of us came to consensus. So every
sentence of the report turned out to be agreed to by all five
of us. As I testify and as I answer your questions today, my
effort will be to accurately reflect the report that brought
these disparate views together.
Our--we met with the President after the report was
submitted. Our report was released in mid December, has been
extensively discussed in the press and elsewhere, and the
review group formally ceased to exist after the President's
speech.
So I'm here as a private citizen, but doing my very best to
reflect the views of the five people on the review group. So I
look forward to taking questions from you all.
Thank you.
[The prepared statement of Mr. Swire follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
__________
Mr. Goodlatte. Thank you.
Mr. Medine, welcome.
TESTIMONY OF DAVID MEDINE,
PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD
Mr. Medine. Thank you, Mr. Chairman, Ranking Member
Conyers.
Mr. Goodlatte. You want to hit the button there on your--
good. Pull it close to you as well.
Mr. Medine. There we go. Thank you, Mr. Chairman, Ranking
Member Conyers, and Members of the Committee, for the
opportunity to testify regarding recommendations to reform the
Nation's intelligence gathering program.
I'm the chairman of the Privacy and Civil Liberties
Oversight Board, an independent, bipartisan agency in the
executive branch tasked with ensuring that our Nation's
counterterrorism efforts are balanced with the need to protect
privacy and civil liberties.
I'd like to offer both my statement and the board's report
for the record. The board's report focuses on the 215 program
and the operations of the Foreign Intelligence Surveillance
Court. And most of the recommendations are unanimous in our
report. I will highlight some of the areas where there was lack
of unanimity.
But before I start, I'd like to express the board's respect
and admiration for the men and women in the intelligence
community, who work tirelessly to protect our country day and
night and uphold our values. We hold them in the highest
regard, based on everything we have observed during the course
of conducting our study.
In June, many Members of Congress and the President asked
us to prepare a report on the 215 and 702 programs conducted by
NSA. Our 702 report will be issued in a couple of months.
In the course of conducting our study, we had briefings
with a number of intelligence agencies and had an opportunity
to see the 215 program in action. We held two public events to
get public input, as well as soliciting public comment, and met
with industry groups, trade associations, and advocates
regarding this program. This culminated in our release on
January 23 of our report addressing, again, the 215 program and
reforms to the FISC.
With regard to the 215 program, we conducted a statutory
analysis and concluded that the program lacks a viable
foundation in the law. We also looked at the First and Fourth
Amendment of the Constitution and concluded that the program
raised serious concerns under both of those amendments.
We examined the privacy and civil liberties consequences of
the program and found them serious because the program contains
highly sensitive information. Citizens may be chilled in
exercising their associational rights, in engaging with
reporters or religious groups or political organizations,
knowing that the Government is collecting information about
them.
This is also information that's subject to potential abuse.
We did not see any abuse now, but we certainly know lessons
from the 20th century where there were abuses of surveillance
of civil rights leaders and anti-war activists and others. And
so, gathering this information by the Government does raise
serious privacy and civil liberties consequences.
But we also looked at the efficacy of the program, and we
looked at each of the instances in which there were claimed
successes in the program. We had classified information, and we
checked our facts with the intelligence community. And after
that analysis, we concluded that the benefits of the program
are modest at best, and they are outweighed by the privacy and
civil liberties consequences.
As a result, a majority of the board recommended that the
program be discontinued, and the entire board recommended that
there be immediate changes to the program to add privacy and
civil liberties protections. The dissenting members of the
board felt that the Government's interpretation of the program
in the law was reasonable and that with the privacy changes
that we are proposing on the interim basis, that they would be
comfortable with having the program continue with those
changes.
Turning to the Foreign Intelligence Surveillance Court, the
board unanimously recommends changes to the operation of the
court, both to bolster the court's confidence with the public
and as well as let the court benefit from adversary
proceedings, which are the heart of the judicial process.
So, accordingly, the board recommends that a panel of
special advocates be created, made up of private attorneys
appointed by the court in cases involving significant legal and
policy issues and new technologies so that there is another
side presented besides the Government's position, to argue on
both statutory and constitutional grounds.
We also recommend that there be an opportunity to appeal
decisions of the court by the advocate. There have only been
two appeals ever to the Foreign Intelligence Surveillance Court
of Review, and we think there's a benefit from the appellate
process and, therefore, recommend a mechanism by which we think
you can constitutionally have the special advocate obtain
appellate review of the decisions.
And then we also encourage the court to obtain more
technical assistance and outside legal views because these are
complex issues that the court is confronting, and the court
could benefit from technology advice.
And lastly, the board focused on transparency issues. In
our democracy, there's a tension between openness and secrecy
with regarding our intelligence programs. We've made
recommendations that we believe serve both of those values, and
most of those recommendations are unanimous as well.
So thank you very much for the opportunity to appear, and
I'd be happy to answer your questions.
[The prepared statement of Mr. Medine follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
__________
Mr. Goodlatte. Thank you, Mr. Medine.
I will begin the questioning and will start with Deputy
Attorney General Cole. Both the PCLOB and the review group have
questioned the value of the bulk metadata program. Congress has
been waiting for a long time for the Administration to explain
exactly why bulk collection is crucial to national security.
So, Deputy Attorney General Cole, this is the
Administration's opportunity to explain to Congress why bulk
collection, as opposed to other intelligence measures, is
necessary to protect our citizens.
Mr. James Cole. Well, Mr. Chairman, I think to understand
this, we first have to understand the value of trying to make
the connections, connect the dots between people who we know
are involved in terrorist activity or have reasonable,
articulable suspicion to believe are, and the other people that
they may be acting with, both inside and outside of the United
States.
That's a very useful tool. It's not the only piece of
evidence you would need in an investigation. And in fact, in my
years as a prosecutor, there is rarely one piece of evidence
that makes the case. It's a whole fabric of evidence that's
woven together, small pieces that relate to each other that
become useful once they're compared with and connected with
many others.
This is a tool that gives us one of those pieces of
information, the connections from one person to another. And in
order to be able to get it in a useful way, the initial view
and the most expeditious way to do it was to have the bulk
collection of the mass of telephone records with significant
restrictions on how we could access it.
So that we could, when we find a phone number associated
with a certain terrorist group, we can search through the other
records and find those connections. Now we can find other ways,
and we are finding other ways to try and approximate and gain
that same kind of information.
Mr. Goodlatte. Let me ask you about one subset of that that
is very, very important and seems to be the thing that concerns
many people the most. The President's review group has
recommended that the storage of bulk metadata be transferred to
a third party or to company storage. The President also
indicated that it is his preference as well.
How does third-party storage protect Americans' privacy
more than Government storage, and does the President have
additional ideas for reform beyond third-party storage?
Mr. James Cole. Well, Mr. Chairman, we're trying to work
through the best way to go about this, and the President has
given us this direction, and we are looking for all the
possible alternatives. The President's review group made that
recommendation. The PCLOB noted that there are issues with all
of the different alternatives that you can use here.
I think one of the issues that comes to mind is that the
Government has certain powers that private groups don't have,
and there is a concern among the American people when the
Government has possession of all of those records and the
powers that go with the Government, that they would prefer that
the Government not have those records, that some private party
have them.
Obviously, we need to make sure that strict controls are
put on, as they were when the Government possessed the bulk
data, to make sure that they're not abused. And it's very, very
important to make sure that those strict controls, as had been
done under the bulk collection, are continued regardless of
where these records reside.
Mr. Goodlatte. Let me ask you one follow up to that. That
is really a critical question here. The third-party storage is
really an idea that is still in progress.
If the Administration finds that third-party storage is not
a viable option, what would be the President's recommendation
for moving forward, continue the bulk collection program or
ending it?
Mr. James Cole. I think that's the process we're going
through right now. I don't want to try and get too far ahead of
it and hypothesize about where we may end up by the time we
have to make recommendations to the President and he makes a
decision. But obviously, the providers already----
Mr. Goodlatte. You have heard the Ranking Member. There is
legislation before the Committee. There are other legislative
ideas than the one he referenced. But he and many others are
chomping at the bit to move forward, and having the
Administration's position on this critical aspect of this is
important.
So we need to know the answer to that sooner rather than
later.
Mr. James Cole. And we're working on trying to get that
answer, and we'll provide it to you. The providers already keep
these records for a certain period of time, and some keep it
longer than what is required under regulations.
And so, we have to work through what we think is the
optimal period of time that the records need to be kept if
there's going to be a provider keeping it solution.
Mr. Goodlatte. And I want to direct one question to Mr.
Medine before my time expires. The PCLOB majority recommends
ending the bulk collection of telephony metadata under Section
215. The majority also recommends, however, that the program
continue with certain modifications.
Why did the majority not recommend the immediate end to the
program?
Mr. Medine. The majority looked to how other programs have
been continued when, say, courts have struck them down. Even
the Supreme Court has found programs unconstitutional and,
nonetheless, gave the Government an opportunity to transition
to a new program.
And so, rather than shut it off, we felt we followed the
approach that the courts have taken, which is to say let's
quickly transition into another program, either keeping the
information with providers or some other mechanism as
developed.
Mr. Goodlatte. Well, you are talking about courts in other
cases because the court----
Mr. Medine. Nothing--not in this case.
Mr. Goodlatte. I haven't heard them say that in this case.
Mr. Medine. But we've looked at precedent of how, if a
program has been found to be illegal or unconstitutional,
courts oftentimes don't just shut it down. They give an
opportunity to transition, and we thought that--especially
since we're not a court, that it was reasonable to recommend
that there be a period of transition, hopefully brief, to a
different program.
Mr. Goodlatte. Thank you.
The gentleman from Michigan, Mr. Conyers, is recognized for
5 minutes.
Mr. Conyers. Thank you.
And I thank the witnesses.
I would like to begin by asking Mr. Medine about the
telephone metadata program. Let us get right to it. Is the
telephone metadata program consistent with the plain text of
Section 215?
Mr. Medine. Ranking Member Conyers, in the view of the
majority of the board, it is not for a number of reasons. As I
think you indicated in your statement, in many ways, it barely
reflects the language of the statute.
Mr. Conyers. And it also makes it clear that it must be
relevant, and relevant does not mean everything. And I think
that that is a very important way for us to begin looking at
this.
Mr. Swire, the review group's report proposes the
Government only seek business records under Section 215 on a
case-by-case basis. Why is targeted collection a preferable and
sufficient alternative to bulk collection?
Mr. Swire. Thank you, Congressman.
The review group in many instances thinks that targeted
collection to face serious threats is traditional law
enforcement and national security practice. When you identify
particular people who create risks, it's wise to follow up on
those.
We also, on bulk collection, on 215 in particular, found
that there had not been any case where it had been essential to
preventing an attack. The review group did find, as a group,
that there was usefulness in Section 215 bulk collection, and
we thought that transitioning it away from Government holding
of the data was better within our system of checks and balances
than having it held by the Government.
Mr. Conyers. Thank you.
The report also says that the Government should no longer
hold telephone metadata. If the Government can only collect
metadata with a particularized showing of suspicion and the
Government cannot hold information in bulk, what is left of the
telephone metadata program?
Mr. Swire. Well, what's left is similar to metadata in
other circumstances. This Committee knows about trap and trace
and pen register authorities, which are done under standards
much less than probable cause. It's much easier to get the
metadata as step one to an investigation, and everything in our
approach is consistent with using a judicial step, but a step
with less than probable cause to go forward with the
investigations.
Mr. Conyers. Mr. Deputy Attorney General, in his January
17th remarks, President Obama asked the Justice Department to
develop options for a new approach that can match the
capabilities and fill the gaps that the Section 215 program was
designed to address without the Government holding this
metadata itself.
What range of options might we consider as alternatives to
the Government storing this information, if your group has
gotten that far in its work?
Mr. James Cole. Well, certainly, Mr. Ranking Member, there
are three options that come to mind just off the top of my
head, which is--or two options. One is a third party who would
gather all of the data together so that the access could be
across providers, which was the--one of the efficient and
effective aspects of the metadata bulk collection program.
The other is to have the providers keep it. At this point,
under regs, they're required to keep it for about 18 months. It
might require legislation, if we deem that not to be a
sufficient amount of time, to require them to keep it longer. I
don't think they really favor that option.
We're also trying to think outside the box and see if there
are any other options that we can come up with. There's a lot
of very talented and very capable people trying to think
through this problem and trying to find whatever creative
solutions we can.
Mr. Conyers. Thank you.
And my last question is to Mr. Medine. Both your board and
the review group find that the bulk collection program has
never disrupted a terrorist--a terror plot. The report also
closely examines the 12 cases in which the Government says the
telephone metadata program has contributed to a success story
in a counterterrorism investigation.
What were those contributions, and do any of them to you
justify a massive domestic call records database?
Mr. Medine. Mr. Ranking Member, we have analyzed carefully
all of the success stories and, as you indicate, did not find
any instance in which a plot was disrupted or an unknown
terrorist was identified. However, there are some aspects of
the program that have produced some benefits. One, a material
assistance case benefited from use of the 215 program.
And there are also the ``peace of mind'' concept, which is
sometimes it's helpful to know there isn't a U.S. connection to
a potential plot that's underway overseas. But we found in
those and any other instances where the program had had
successes, that those successes could have been replicated
using other legal authorities without the need to collect bulk
telephone metadata and all of the privacy and civil liberties
problems associated with that collection.
Mr. Conyers. Mm-hmm. Thank you, Mr. Chairman.
Mr. Goodlatte. Thank you.
The Chair recognizes the gentleman from Wisconsin, the
Chairman of the Crime, Terrorism, Homeland Security, and
Investigations Subcommittee, Mr. Sensenbrenner, for 5 minutes.
Mr. Sensenbrenner. Thank you very much, Mr. Chairman.
I was the principal author of the PATRIOT Act that was
signed by President Bush in 2001, and I also was the principal
author of the two reauthorizations in 2006 and in 2011. Let me
say that the revelations about Section 215 were a shock and
that if the bulk collection program was debated by the Congress
in each of these three instances, it never would have been
approved.
And I can say that without qualification. Congress never
did intend to allow bulk collections when it passed Section
215, and no fair reading of the text would allow for this
program.
The PCLOB said, ``The Section 215 bulk telephone records
program lacks a viable legal foundation under Section 215,
implicates constitutional concerns under the First and Fourth
Amendments, raises serious threat to privacy and civil
liberties as a policy matter, and has shown only limited
value.''
I agree with that. Now the Administration, the argument
that they use under Section 215 is essentially that if the
Administration and the intelligence community wants something,
it is relevant. And that is not a limiting principle, which
everybody thought relevant was, it is a vacuum cleaner, and
that is why there has been such outrage, both here and
overseas, that has impacted our intelligence community and also
implicated the commercial relationship between us and foreign
countries, particularly major trading partners in the European
Union.
And I am very worried about an intelligence review
structure where the Administration and the FISCs could sanction
this. That is why Mr. Conyers and I, together with a lot of
Members equally divided between Republicans and Democrats, have
sponsored the USA FREEDOM Act.
We attempted to make the FREEDOM Act a balance between the
civil liberties concerns that have been expressed in the last 7
months, as well as the need to have an active intelligence
operation. Now Section 215 expires in June of next year. And
unless Section 215 is fixed, you, Mr. Cole, and the
intelligence community will end up getting nothing because I am
absolutely confident that there are not the votes in this
Congress to reauthorize Section 215.
Now the FREEDOM Act is the only piece of legislation that
attempts to comprehensively address this problem in a way that
I think will get the support of a majority of the Members of
both the House and the Senate. The Feinstein bill I think is a
joke because it basically prohibits bulk collection, except as
authorized under a subsection, which authorizes the
intelligence community to keep on doing business as usual.
Mr. Cole, I think that we are smart enough to recognize
that for what it is. And it is a joke. There hasn't been
anything else that has come from the Administration or
elsewhere to deal with this issue, and the clock, sir, is a-
ticking. And it is ticking rapidly, and this is going to have
to be addressed in this year, even though it is an election
year.
Now will the Department of Justice, Mr. Cole, support the
FREEDOM Act? And all I need is a ``yes'' or ``no'' answer.
Mr. James Cole. Uh----
Mr. Sensenbrenner. Not ``yes, but'' or, ``no, of course.''
But ``yes'' or ``no.''
Mr. James Cole. The Department of Justice is a big place,
Senator, and at this point, we have not taken a position on the
FREEDOM Act. We'd be more than happy to----
Mr. Sensenbrenner. Well, then I----
Mr. James Cole [continuing]. Work with you on that.
Mr. Sensenbrenner. Well, then--well, I haven't seen any
indication of that to date, and I would urge you to hurry up
and to get the big place together. Because the FREEDOM Act are
reasonable reforms that have been emphasized as necessary and
responsible by both the PCLOB and the review panel. There is
nothing else out there to fix this up.
So you have a choice between reaching something that will
be supported by a majority of the Congress or letting the clock
tick, and come June 1 of next year, there will be no authority
for anything under Section 215.
Now if the Administration has got problems with the Leahy-
Sensenbrenner-Conyers bill, let us talk about it. But it is
past time for genuine reform, and I can tell you, sir, that if
the Administration doesn't want to weigh in on this, I am sure
that Congress will do so. And I don't want to hear any ex post
facto complaining.
My time is up.
Mr. Goodlatte. The Chair recognizes the gentleman from New
York, Mr. Nadler, for 5 minutes.
Mr. Nadler. Thank you very much, Mr. Chairman.
Let me first do something I rarely do, which is to express
my complete and total agreement with the gentleman from
Wisconsin. [Laughter.]
Both in his analysis of the misuse and abuse of Section 215
and of what will happen to Section 215 if it is not
substantially modified either this year or early next year.
Mr. Conyers and I and various others opposed the Section
215 version that was adopted back in 2001 and again in 2006 and
2011. We thought it was too broad. But now we have even that
very broad version completely taken over the side by the
Administration, by two Administrations, actually, and by the
FISC.
And the fact that the FISC several times determined that
the use of Section 215 as authorization for what amounts to a
general warrant, all right? You can collect all data, and then
you can access that data without a specific warrant to access
it or even a court order to access it, based on reasonable and
articulable suspicion, but simply by an NSA or CIA officer
saying, ``We really need to look at that particular phone,'' is
a derogation of all of American history, frankly, since 17--it
is why we put the Fourth Amendment in because we objected to
the British general warrants.
And we have, in effect, reestablished that here. And that
will not stand. It cannot be allowed to stand.
So let me simply echo that it has got to change. There is
no excuse for picking everything and then allowing access to
that without some sort of a specific court order.
And the fiction that the warrant that the FISA court grants
and says Verizon or AT&T shall give the Government access, you
know, all telephone metadata over a 3-month period is a
warrant, is a specific warrant that negates the necessity for a
warrant or a court order for more specific information is just
that, a fiction, and it is a general warrant. And it cannot be
permitted to stand, and it won't be permitted to stand.
So I will second Mr. Sensenbrenner and urge you to swiftly
get the department together and to if you don't want the
FREEDOM Act to pass it the way it is or Section 215 simply to
not be extended, which might be the best solution, frankly,
from my point of view, you better come in with very specific
recommendations.
Now let me say last week in testimony before the Senate,
some Administration officials suggested that terrorist plots
thwarted is not the appropriate metric for evaluating the
effectiveness of the program. And yet for months, the
Administration has made precisely the opposite argument.
For example, in a September letter to NSA employees,
General Alexander wrote that the agency has ``contributed to
keeping the U.S. and its allies safe from 54 terrorist plots.''
We have heard this 54 terrorist plots line repeated on
several other occasions, although PCLOB and a lot of others
have discredited it. Why has the argument changed? Why are we
now to apply a different set of metrics to the program?
Mr. James Cole. I assume that's directed to me, Mr. Nadler.
Mr. Nadler. Yes, it is.
Mr. James Cole. Well, first of all, I think to a degree
you're going to have to ask the people who made those
statements. I don't think any of them were from the Department
of Justice.
We have been, and actually, some of the members of the
PCLOB have agreed that that is--the past success or failure is
not the only metric to use, or necessarily the best one. That
there are many different ways to assess the utility of the 215
program that doesn't always have to be, as I said earlier, the
smoking gun or the nail in the coffin that gives you the single
piece of evidence that will lead to success. It's one piece of
evidence.
Mr. Nadler. Okay. Thank you.
I am sorry to cut you off, but I have another question I
must get in. National security letters empower the FBI and
other Government agencies to compel individuals and
organizations to turn over many of the same records that can be
obtained by Section 215. But NSLs are issued by FBI officials,
not by a judge or by a prosecutor in the context of a grand
jury investigation.
As the Government has explained their use of this to this
Committee, NSLs are used primarily to obtain telephone records,
email subscriber information, and banking and credit card
records. The FBI issued 21,000 NSLs in fiscal year 2012. The
oversight and minimization requirements for these NSLs are far
less rigorous than those in place for Section 215 orders.
The review group recommends ``that all statutes authorizing
the use of national security letters should be amended to
require the use of the same oversight minimization, retention,
and dissemination standards that currently govern the use of
Section 215 orders.''
Should we adopt that recommendation? Is there any reason
that the two programs should not be harmonized? For that
matter, is there any reason that NSLs should exist in addition
to Section 215 authorization in whatever form we extend it, if
we do?
Mr. James Cole. Well, actually, under the NSL program, you
can't get the same records you can get with 215. It's much more
limited under NSLs as to just specific categories of records.
Whereas, 215, grand jury subpoenas, things like that, the
records are almost unlimited as to the nature or the type that
you can get.
So there's a restriction in NSLs. They're used really in
the main as part of preliminary inquiries----
Mr. Nadler. Yes, but my point is if you can get it as under
215, if, in fact, 215 is broader, why do you need NSLs ever?
Mr. James Cole. It may just be a question of, again, how
many times you need that information and whether or not you go
to a court. In a grand jury situation, subpoenas are issued
without the involvement of the court many, many, many times,
probably as frequently, if not more so, as NSLs.
Mr. Sensenbrenner [presiding]. The gentleman's time has
expired.
Mr. Nadler. Thank you.
Mr. Sensenbrenner. The gentleman from North Carolina, Mr.
Coble?
Mr. Coble. I thank the Chairman.
Gentlemen, good to have you all with us.
Mr. Cole, I was going to talk to you about bulk collection,
but I think that has been pretty thoroughly examined.
Mr. Swire, let me go to you. The review group's report
recommended a transition of Section 215 bulk metadata from
Government storage to storage providers or third parties. This
recommendation is consistent with recent guidance put forth by
the Administration after its own review.
Last week, it was reported by Yahoo that information
relating to email accounts and passwords, likely in the hands
of such a party database, had been compromised due to a
security breach. Are you concerned that Section 215 metadata
could be similarly compromised after transitioning to a private
provider or third-party storage?
Mr. Swire. Thank you, Congressman.
A couple of observations. One is, of course, that the
National Security Agency itself has had leaks and lack of
complete security for its documents. So we're not comparing
perfect with perfect. We face these challenges for databases in
each case.
A second observation is that the telephone companies hold
telephone records. That's part of what they do and have done,
and one of the options that we put forward is that the
telephone companies would continue to hold these.
So it's not a question of some new risk that we bring into
the world. It's a risk that we face both from the Government
side and the private sector side when we have these databases.
I'm not sure if I--your----
Mr. Coble. I think that was appropriate. Thank you, sir.
Mr. Swire. Okay.
Mr. Coble. Mr. Medine? The FISA court has repeatedly upheld
through its orders approving the NSA metadata program
production of records to an agency other than the FBI. Did the
privacy and civil liberties oversight majority take this into
account?
Mr. Medine. Yes, sir. Section 215, on its face, only
permits the FBI to make requests and obtain access to telephone
records, despite the fact that under the current system it is
the NSA that obtains that information. And so, we think that
was one of a number of respects in which the current program
does not match the requirements of Section 215.
Mr. Coble. So you have no discomfort with that?
Mr. Medine. Excuse me?
Mr. Coble. You have no discomfort or problem with that?
Mr. Medine. Yes. We have discomfort with a number of
aspects of compliance. As was discussed earlier, the scope of
relevance under the statute, the fact that information has to
be linked to a specific investigation, and something that we
haven't touched on yet, which is the Electronic Communications
Privacy Act does not permit telephone companies to provide
information to the Government under the 215 program at all in
either an individual request or on a bulk basis.
The Electronic Communications Privacy Act only has an
exception for national security letters and a few other areas.
So we think that it makes sense to discontinue--the majority
does, to discontinue the 215 program and move to other legal
authorities.
Mr. Coble. Thank you again, gentlemen, for being with us
this morning.
I yield back, Mr. Chairman.
Mr. Sensenbrenner. The gentleman from Virginia, Mr. Scott?
Mr. Scott. Thank you, Mr. Chairman.
Mr. Cole, you offered several procedural changes as
recommendations. To paraphrase President Reagan, we need to
trust, but codify. Would you object to those recommendations
being codified rather than just remaining as administrative
process?
Mr. James Cole. I think as the President mentioned in his
speech, he's anxious to work with Congress on many of these
things to try and find the right solutions that we have. I know
the USA FREEDOM Act, many of the goals that are set out there
are goals that we share.
As I said in my opening, sometimes we have different ways
of getting there, but we all seem to share the right goal
together.
Mr. Scott. And follow-up, several other questions. We
frequently hear that the information gathered was helpful. I
find that legally irrelevant. So let me just ask a question. If
a collection of data were illegal, would a finding that it was
helpful provide retroactive immunity for illegally collecting
evidence?
Mr. James Cole. No, Mr. Scott, it would not. If the
collection is illegal, the standard would not be met.
Mr. Scott. Thank you.
Mr. Swire, there was a case a couple of months ago in DNA
that found that if DNA is legally collected, that there is no--
there is no prohibition against running it through the database
to see if the person had committed another crime. If I were to
go up to you, if a law enforcement agency would go up to you
and say, ``I would like some DNA to see if you have committed
crime,'' that would be legally laughable.
There appears to be no statutory limitation on what you can
do with this information. So I guess my question is under--you
recommended under 702 that if you have collected information
about a U.S. person, you can never use it in any proceeding.
That would, of course, eliminate any incentive to get the
information in the first place if it was for something other
than foreign intelligence.
If that is your recommendation for 702, would that also be
your recommendation on 215, that you cannot use this data for
other proceedings?
Mr. Swire. Thank you, Congressman.
Under Section 702, the target, by statute, is supposed to
be somebody outside the United States. But sometimes they're in
communication with people in the United States, and the concern
behind our recommendation here is the possibility, which we
have not seen in practice, is the possibility that the 702, do
it overseas, could turn out to be a way to gather lots of
information about United States people.
And so, we made a recommendation to say that that would not
be used in evidence in court as a way to prevent that
temptation to use the authority to go after U.S. persons.
In terms of 215, we don't have the same statute that's
specifically targeted at overseas. 215 can be for domestic
phone calls as well. So we didn't have this using our overseas
authorities to get people domestically----
Mr. Scott. But you're using foreign intelligence excuse to
gather information that is subsequently used for criminal
investigation.
Mr. Swire. We did not make a recommendation about
subsequent use, but we, I think--I think all of us recognize
using foreign intelligence powers for purely domestic phone
calls has been something that's drawn a huge amount of
attention to these issues and is something that historically
has been something that's been looked at carefully when the CIA
or other agencies have done it.
So that's a concern using foreign intelligence issues
authorities for domestic purposes.
Mr. Scott. Let me follow through with another question that
has been kind of alluded to, and that is that you want to limit
Section 215 by ensuring that there is reasonable grounds to
believe that it is relevant to an authorized investigation and
the order is reasonably focused in scope and breadth.
Can you explain how that recommendation varies from what
everybody up here thought was present law?
Mr. Swire. Well, I think when we talk about like a
subpoena, an order should be reasonable in focus, scope, and
breadth.
Mr. Scott. We wouldn't have to put that in a statute to
assume that to be the case, right?
Mr. Swire. Well this gets into the statutory interpretation
of the current 215. Our group did not take a position on that.
The Government and the Privacy and Civil Liberties Oversight
Board have come to different views on that.
Mr. Scott. That we would have to put reasonable in scope
and breadth in the statute for that to be assumed?
Mr. Swire. Our recommendation was that a judge be involved
in these things and that there be a reasonable breadth
requirement explicitly in statute so that it's clear from
Congress that that's what you intend.
Mr. Scott. You also indicated a recommendation that the NSA
not be involved in collection of data other than foreign
intelligence. Can you explain what the NSA is doing that is not
involved in foreign intelligence?
Mr. Swire. In our--in our report, we talk about two other
areas the NSA currently has or bears very important
responsibilities. Currently, the Director of the NSA is also
the Director of Cyber Command, which is part of the military
operation for combat-related activities in cyberspace. We
thought that was quite a different function from foreign
intelligence collection.
The NSA also has responsibilities for what's called
information assurance, protecting our classified and other
systems, and we thought that defensive role is quite different
from the offensive role of gathering intelligence and
recommended those functions be split. The President has not
decided to adopt either of those recommendations.
Mr. Scott. Thank you.
And Mr. Cole, are you aware of any abuses in the use of
classified information? Things like I think there is a thing
called LOVEINT. Are you familiar with that?
Mr. James Cole. I've heard that phrase, yes, sir.
Mr. Scott. What is that?
Mr. James Cole. I think it's when you have somebody who is
dating somebody, and they have access to one of these databases
or a database and uses it to look at their--the person they're
dating and find out who they're talking to and who they're in
contact with. That's what I understand it to mean.
Mr. Scott. And that happens?
Mr. James Cole. I think there have been a few instances. I
think the NSA had noted a few instances of it. I don't think
they existed under 215. I think they may have existed under
other authorities, but I think there has been just a handful of
those over time.
Mr. Scott. And what happens?
Mr. James Cole. And they've been dealt with immediately.
Mr. Scott. And what has happened to the culprits?
Mr. James Cole. I know that most, if not all of them, lost
their jobs. There were referrals in many of those cases to the
Justice Department to consider whether or not prosecution would
be appropriate.
Mr. Scott. Thank you, Mr. Chairman.
Mr. Goodlatte [presiding]. Thank you.
The Chair recognizes the gentleman from Alabama, Mr.
Bachus, for 5 minutes.
Mr. Bachus. Thank you.
I would ask all three of the panelists is relevancy for
purposes of intelligence gathering different from relevancy for
purposes of, say, a criminal investigation or civil
investigation? Shouldn't it be a--shouldn't the standard be
somewhat different, or is it? Start with Mr. Cole.
Mr. James Cole. I think as you've seen from the court's
opinions, they borrow both from criminal investigations, civil
proceedings, and do that and use those as analogies to get to
the standard in foreign intelligence. And they find it to be
the same standard.
Mr. Bachus. You know, as just a Member of Congress, I sort
of have the opinion that it is much more urgent for us to
defend ourselves as a country. But does sometimes applying a
civil court standard of relevancy or even a criminal court
standard of relevancy sort of diminish their ability at--in
defending the country from terrorists?
Mr. James Cole. Well, I think if you look at Judge Eagan's
opinion from the FISA court, her view and her finding was that
the term ``relevancy'' was very broad and was very useful in
both criminal, civil, and foreign intelligence investigations
and can be applied very broadly when it's necessary.
It's not without limitation. It's not completely
unrestrained. It's only when there is an actual need to get a
broad scope of documents that it's authorized under that
standard. And so, I think she had corporately found that scope.
Mr. Bachus. All right. Ask the other two gentlemen.
Mr. Medine. The majority of the PCLOB has also considered
relevancy in the context of criminal and civil proceedings as
the statute suggests. And we looked at every case cited by the
Government and more on criminal discovery, and I'm using the
relevance standard, grand jury subpoenas, as well as civil. And
our conclusion was that the 215 program far exceeded in scope
anything that had been previously approved ever, and even the
Government's white paper acknowledges that.
And so, we in our--at least the majority's view, it goes
well beyond the face of the statute and a reasonable reading of
relevance.
Mr. Bachus. Right. Now that was a majority opinion.
Mr. Medine. That's correct.
Mr. Bachus. So did two members dissent from that?
Mr. Medine. Yes, they did. And they--and they felt that the
Government's reading of the statute was a reasonable one, as
was the court's interpretation.
Mr. Bachus. Okay. Mr. Swire?
Mr. Swire. Yes, Congressman. So our group did not do that
legislative history and statutory analysis as part of our work.
In our forward-looking recommendation, we used the word
``relevant'' for the scope of a 215 order but said like a
subpoena, it should be reasonable in focus, scope, and breadth.
So we tried to hem it in with that reasonable scope language.
Mr. Bachus. I just, if we are talking about an EPA
violation or we are talking about a criminal offense, a minor
criminal offense, just applying those standards in that case
law to public enemy and our foreign enemies of the United
States, I feel like that lacks somewhat.
Judge John Bates wrote a letter I think after both of you
all's reviews came out, and I think he raised some very
legitimate concerns over things you have assigned to the court,
including reviewing every national security letter, a public
advocate. He and I think others in judiciary believe that could
be a hindrance.
After his letter, have you reviewed it, and do you agree
that he brings up some very valid points that ought to be
considered? Mr. Swire? Professor?
Mr. Swire. After our report was complete, we did receive
the judge's letter. In terms of the public advocate, I'd make a
following observation, which is the PCLOB report did extremely
thorough analysis of the legality under the statute of 215 that
was really much more detailed than anything any of the District
Courts had done.
And I think for just myself, not speaking for the whole
group, I think that that supports our group's recommendation
that having detailed briefing with thorough analysis on these
issues not just from the Government can really help us
understand the statute better. So that's part of why we thought
the advocate would be helpful in some way because there would
be a sort of thoroughness of a position----
Mr. Bachus. Could you--could you all review his letter and
maybe give this Committee additional comments in view of his
letter? Particularly with the increasing caseload, if you are
going to increase their caseload, you are going to have to
increase their resources.
Mr. Medine. I should add that the PCLOB's recommendation is
that there be a special advocate only in those cases which
involve unique law and technology issues, not the everyday 215
order where judges are very well equipped to make those
judgments.
Mr. Bachus. Yes, but I am talking about their caseloads.
You have assigned--under you all's--both of your all's
proposals, it is going to increase quite a bit.
Mr. Medine. Yes. Sure.
Mr. Bachus. Thank you.
Mr. Goodlatte. The gentlewoman from California, Ms.
Lofgren, is recognized for 5 minutes.
Ms. Lofgren. Well, thank you, Mr. Chairman.
And thank you to all the witnesses for your appearance here
today and for answering our questions.
I would like to concur with many of the comments made by
our colleague Mr. Sensenbrenner as to the surprise that many of
us had at the interpretation of the word ``relevant'' in
Section 215. I would like to explore--we have talked a lot
about the metadata for telephone records. But what I would like
to explore with you, Mr. Cole, and perhaps others of you have
an opinion, is not what is happening now, but what you believe
the statute would authorize if, if the bulk collection of
telephone data is relevant because there might be in that
massive data information that would be useful for an
investigation.
What other tangible items would the statute authorize, not
saying that we are doing this, the Government to collect? Would
we be authorized to collect bulk credit card records, Mr. Cole?
Mr. James Cole. Ms. Lofgren, I think what you have to look
at, which is a very important part of the analysis that Judge
Eagan described, I thought, quite well, is that it's not
everything. It's what is necessary to gather the relevant
information.
Ms. Lofgren. Well, let me--what we are trying to explore
here is really the role of the Government versus the citizen.
Mr. James Cole. Correct.
Ms. Lofgren. And if you can compile the record of every
communication between every American because within that
massive data there might be something useful to keep us safe, I
am trying to explore with you, if that is your reading of
Section 215 vis-a-vis metadata and the phone company, would
that include cookies?
Mr. James Cole. Cookies?
Ms. Lofgren. Yes. Could it?
Mr. James Cole. Again, I think the issue here really is
under 215 with telephony metadata, the issue that was presented
to the court was we needed the connections from one phone
number to another.
Ms. Lofgren. Okay. Well, let me----
Mr. James Cole. And so, that was necessary. In a credit
situation----
Ms. Lofgren. Let me ask you ask you this. Let me go to Mr.
Swire because you are clearly not going to address this issue.
Mr. James Cole. I'm trying to, Congresswoman.
Ms. Lofgren. I think you are trying to use up my time. If
relevance allows for the collection of mass data because within
that haystack, to use General Alexander's words, there is the
needle, would 215, under that reading of the act, allow for the
collection of all the photos taken at ATM machines, all the
cookies selected by commercial providers?
We have special standards for records of gun sales and
credit card records, but it doesn't preclude their selection.
Did your group look at that from a legal basis, not what we are
actually doing?
Mr. Swire. Well, we did not go through that list. But what
I would observe is that a judge would have to make that
decision. So the Department of Justice would need to go to the
judge and say----
Ms. Lofgren. Right.
Mr. Swire [continuing]. We want ATM photographs for this
reason, and the judge would have to say that it meets all the
other standards for 215. So that's something beyond just the
Justice Department on its own.
Ms. Lofgren. Right. Let me ask about NSLs because NSL, as I
think Rich Clarke gave some very pointed comments about how
many were collected, thousands each day, with no supervision
whatsoever. And that is directed to electronic communications.
Could you under the Section I think, what is it, 502, do
mass collection under 502? It doesn't seem to be precluded as--
--
Mr. Swire. So I'm not remembering the section. Under NSLs,
we were not aware of bulk collection under NSLs.
Ms. Lofgren. I am not saying what is happening. Do you
think it provides the legal authority to do so? It is not
precluded.
Mr. Swire. I haven't seen a theory under which the NSL
authority could be used in that bulk way. I'm not aware of such
a document that would----
Ms. Lofgren. All right. What about 702, and do you think
that 702 provides the legal authority for bulk collection?
Mr. Swire. 702, that partly depends on your idea of bulk.
702 does allow targeting of people outside the United States
and allows content and allows accumulation of allotted data
about those individuals and the people they're in communication
with.
That, by itself, would not be the way that we'd have the
entire database of everything that happens. It has to be
targeted to an individual overseas.
Ms. Lofgren. Just a final question. Have the metadata of
Senators and Members of Congress been collected?
Mr. Swire. I'm not aware of any way that they're scrubbed
out of the database. So whatever databases exist, I don't know
why your phone calls would be screened out. We haven't heard
any evidence--I'm not aware of any evidence that that screening
out happens.
Mr. Goodlatte. The time of the gentlewoman has expired.
Ms. Lofgren. My time has expired. Thank you.
Mr. Goodlatte. The Chair recognizes the gentleman from
California, Mr. Issa, for 5 minutes.
Mr. Issa. Thank you, Mr. Chairman.
Following up on that, the gentlelady's question was do you
collect? Your answer apparently is, yes, you do because you
scrub everything. Is that correct?
Mr. Swire. Is--so----
Mr. Issa. You take it, yes?
Mr. Swire. In terms of whether Members of Congress' records
are collected, first of all, the names are not listed. It's
based on phone numbers.
Mr. Issa. Well, no, but the simple question. 202-225 and
four digits. Do you collect it?
Mr. Swire. At this point, I'm not the U.S. Government, and
maybe----
Mr. Issa. Okay. Mr. Cole, do you collect 202-225 and four
digits afterwards?
Mr. James Cole. Without going specifically, probably we do,
Congressman.
Mr. Issa. So separation of powers, this is the--another
branch. You gather the logs of Members of the House and Senate
in their officials calls, including calls to James Rosen. Is
that right?
Mr. James Cole. We're not allowed to look at any of those,
however, unless we make a reasonable, articulable suspicion
finding that that number is associated with a terrorist
organization. So while they may be in the database, we can't
look at any of those numbers under the court order without
violating the court order.
Mr. Issa. Well, speaking of court orders, Mr. Rosen, is he,
in fact, a criminal?
Mr. James Cole. Is he, in fact, a criminal?
Mr. Issa. Well, the Attorney General had said that James
Rosen, a Fox reporter, you know, there was a wiretap placed on
his family, he and his family. Correct? Not, and this was----
Mr. James Cole. No, there was not a wiretap, sir.
Mr. Issa. There wasn't? I am sorry. You collected personal
emails. Let me get it correct.
There was a warrant for personal emails, but there was also
the--they wiretapped his family.
Let me rephrase that. Let me go on, and I will come back to
that because I want to make sure I get the terminology right.
Do you screen executive branch numbers?
Mr. James Cole. We don't screen any numbers, as far as----
Mr. Issa. So you collect all numbers? The President's phone
call log record is in the NSA database?
Mr. James Cole. I believe every phone number that is with
the providers that get those orders comes in under the scope of
that order.
Mr. Issa. Would you get back to us for the record as to
whether all phone calls of the executive branch, including the
President, are in those logs?
Mr. James Cole. Be happy to get that back to you,
Congressman.
Mr. Issa. Okay. Especially if he calls Chancellor Merkel,
it would be good to know.
The freedom of association is a basic constitutional right,
wouldn't you agree, Mr. Cole?
Mr. James Cole. Yes, it is.
Mr. Issa. And if you are looking at our associations, and
then if we have associations with somebody that you believe is
``a terrorist,'' then you take the next step, right?
Mr. James Cole. Well, we don't look at your associations,
Congressman.
Mr. Issa. Well, what does the metadata do if it is not----
Mr. James Cole. We don't look at the metadata unless we
have a reasonable, articulable suspicion that the specific
phone number we want to query is associated with terrorists.
That's the only way we can get into that metadata.
Mr. Issa. Do you collect the phone number metadata of all
embassies here in Washington, all the foreign embassies?
Mr. James Cole. I believe we would. Again, we don't screen
anything out, to my knowledge. But that's something that NSA
would know. My understanding is we don't screen anything.
Mr. Issa. And they have conversations with large amounts of
numbers back in their home countries, right?
Mr. James Cole. All the telephone numbers have large
amounts of conversations with lots of other telephone numbers.
We don't look at them unless we have that reasonable,
articulable suspicion for a specific----
Mr. Issa. But isn't it true that the reasonable,
articulable suspicion goes a little like this? I talk to
somebody in Lebanon, who talks to somebody in Lebanon, who
talks to somebody in Lebanon, who talks to somebody in Lebanon,
who talks to somebody in Lebanon.
If you gather all that data, then I have talked to somebody
who has indirectly talked to a terrorist. Isn't that right?
Mr. James Cole. That's not how it would work, Congressman,
no.
Mr. Issa. How do I know that? How do I know that a 12-step
removed, somebody talked to somebody, who talked to somebody,
who talked to somebody, who talked to somebody who is on the
list wouldn't occur? And I will just give you an example.
The Deputy Prime Minister of Lebanon at one time gave
$10,000 to a group associated with a Hezbollah element. If I
called the Deputy Prime Minister, which I did, from my office,
wouldn't I have talked to somebody who was under suspicion of
being connected to a terrorist organization?
The answer, by the way, is yes. But go ahead and give
yours.
Mr. James Cole. Well, we wouldn't be querying your phone
number, Congressman, unless we had evidence that you were, in
fact, involved with a terrorist organization. That's the
requirement under the court order----
Mr. Issa. But you would query the Deputy Prime Minister,
who had made a contribution and was under suspicion, right?
Mr. James Cole. If we queried his phone number, we might
find that connection.
Mr. Issa. And at that point, you would have a connection
between somebody who you had a warrant for and me. So you could
have a warrant for me. Is that right?
Mr. James Cole. Well, I do not think we would necessarily
have enough to have a warrant for you with just that one phone
call, Congressman. That is not how it works. Again, there are a
lot of restrictions in those court orders and in the rest of
the law as to what we can do, and we can get warrants for, and
what we cannot get warrants for.
Mr. Issa. Well, we will follow up with the James Rosen
thing later. Thank you. I yield back.
Mr. Goodlatte. The Chair recognizes the gentlewoman from
Texas, Ms. Jackson Lee, for 5 minutes.
Ms. Jackson Lee. Let me thank the Chair and the Ranking
Member for someone who was here, as a number of other Members,
in the aftermath of 9/11 and the intensity of writing the
PATRIOT Act that came out of this Committee in a bipartisan
approach. Ultimately it did not reach the floor of the House in
that way.
As I try to recollect, I do not remember testimony that
contributes to the massive data collecting that we have now
wound up with. So I will pose as quickly as I can a series of
questions. And, first, thank everyone for their service. It is
good to see you, General Cole, and all of the other witnesses,
the head of the Privacy and Oversight Board, and Mr. Swire as
well. We thank you.
Quickly, you have been, I think, a lifer to a certain
extent, working for United States justice and the United States
of America. Again, we thank you. Did you all have an immediate
interpretation of mega collecting under the final passage of
the PATRIOT Act? Was that what first came to mind?
Mr. James Cole. I was not in the government at the time the
PATRIOT Act was passed, so I can honestly tell you I did not
really think about it at that moment.
Ms. Jackson Lee. As you proceeded to be in government and
as you have continued in service now and over these past couple
of years, was that a firm conclusion that you could gather
everything?
Mr. James Cole. As I became aware of what was being done
under 215, and looking at the prior court precedents that came
out that it had been approved and the descriptions of it, and
some of the notices that were given to Congress, I was of the
view that it was lawfully authorized under the PATRIOT Act and
under 215.
Ms. Jackson Lee. Well, you are as well required to follow
the law, but I note that justice is in the U.S. Department of
Justice, and what you are suggesting is that no lawyers as far
as you know may have gathered to say that this may be extreme?
Mr. James Cole. I am not aware of anybody saying that at
the time, but again, I was not in the Justice Department at the
time.
Ms. Jackson Lee. Not at that time. I am coming forward now
in the time that you have been in the Justice Department.
Mr. James Cole. As far as the legal basis, I think everyone
that I have talked to has been comfortable with the legal
basis.
Ms. Jackson Lee. So as you have listened to Members of
Congress, what is your commitment to coming back to us, working
with the Department of Justice to address and to help change
what we are presently dealing with?
Mr. James Cole. Well, I can tell you is that the
President's commitment, and we work for the President, and we
are there to fulfill that commitment to try and change 215 on
the telephony metadata as we know it and find another way where
the government does not hold----
Ms. Jackson Lee. So you have a commitment based upon the
President's representation to come back and look at a better
way of handling the trolling of Americans' data that may not be
relevant.
Mr. James Cole. We are looking for another way that will
accomplish what we have been accomplishing under 215 as best we
can and not involve the government holding the metadata.
Mr. Goodlatte. You may want to use an adjoining microphone
if you can get to one.
Ms. Jackson Lee. Can you all hear me?
Voice. No.
Ms. Jackson Lee. You cannot hear?
Voice. No, we cannot hear. We cannot hear.
Ms. Jackson Lee. Testing, testing. Can you hear me now?
Thank you. That is what happens when you start trolling and
collecting data. [Laughter.]
I am sorry. Mr. Chairman, will I be indulged my time? Thank
you.
Mr. Goodlatte. No. [Laughter.]
Ms. Jackson Lee. I did not hear that. [Laughter.]
Please indulge me, Mr. Chairman. Technological troubles
here.
In the report, there was a comment, ``The idea of balancing
has an element of truth, but it is also inadequate and
misleading.'' Mr. Swire, when we are talking about security and
privacy, what do you think that means? And I am going to go
ahead to my good friend over the Oversight Board, Mr. Medine.
Thank you very much. I think it is going to be in your hands to
be as aggressive as you possibly can be, and I want you to give
me your interpretation of two things: the question of relevance
and the question of the importance of having an advocacy for
the people in the FISA Court. Mr. Swire?
Mr. Swire. The review group supported having an advocate,
exactly. Had to have amicus versus party, so there are some
tricky legal issues. And we did not make a legal decision about
our view on the word ``relevance.''
Mr. Goodlatte. Without objection, the gentlewoman will be
granted an additional minute on her time.
Ms. Jackson Lee. Thank you. Mr. Medine, could you answer
the question as extensively as you can on that? Thank you, and
thank you for your service.
Mr. Medine. You are welcome. Nice to see you again. On
relevance, again, the majority of the board is concerned about
the almost unlimited scope of relevance, and I think that we
have heard questioning earlier today that it encompasses
Members of Congress, the executive branch, and also dissidents,
and protestors, and religious organizations. And so we think
that it is written too broadly under this program, and there
should be much more targeted requests for information, which
can be legitimately done without the need to gather bulk
information. Right now, relevance is almost whatever the
government can pull in and analyze as the scope of relevance.
And we think that there needs to be a narrower concept to
protect privacy and civil liberties.
I mean, with regard to having an advocate in the Foreign
Intelligence Surveillance Court, I think it is critical that
there be another voice to respond to the government. As Mr.
Swire mentioned earlier, if all the briefing that we have done
on this program could have been presented to the Court, the
Court could have made a more balanced decision. It was not
until 2013 that the Court issued its first opinion regarding
the legality of this program. We think in the adversary
process, the Court would have carefully considered all the
arguments pro and con, rendered its decision. And we also
recommend that there be an opportunity for appeal to the FISCR,
which is the Court of Appeals, and ultimately to the Supreme
Court to resolve these important statutory and constitutional
issues.
Ms. Jackson Lee. Let me just indicate that in addition as
an aside, the President put on the record that he thought that
we needed to haul in, from another perspective, the contractors
dealing with the vetting of all those who work in this area
just as a protection. If we are so interested in trolling
Americans, we need to also make sure that our contractors or
our workers in the intelligence are fully vetted. Just in your
own mindset, do you think the government can handle its vetting
and narrow the sort of outside contractors that are doing that
now?
Mr. Goodlatte. The time of the gentlewoman has expired. The
gentleman will be allowed to answer the question.
Mr. Medine. And actually with due respect, that is not on
our board's domain, but maybe the deputy attorney general might
be able to address that.
Mr. Goodlatte. Mr. Cole?
Mr. James Cole. I am sorry, could you repeat the question?
Ms. Jackson Lee. The President indicated that maybe we
should reduce our outside contractors that are vetting those
who have access to our security data. Would you be also in
agreement with that approach?
Mr. James Cole. I think we need to make sure that we take
care of the insider threat. That has been something the
President has talked about. We need to make sure that people
who work for the government are suitable and have been vetted
properly. We have always thought that from both a cost
perspective and a security perspective, the more we can reduce
contractors the better. But as we hire contractors, we hire
employees as well. They just need to be vetted very well when
they are given very sensitive and classified positions.
Ms. Jackson Lee. I thank the Chairman, and I thank the
witness. I yield back.
Mr. Goodlatte. The Chair recognizes the gentleman from
Virginia, Mr. Forbes, for 5 minutes.
Mr. Forbes. Mr. Chairman, thank you, and, gentlemen, thank
you so much for taking your time and your expertise to be here
with us today.
Mr. Cole, it is my understanding that the review group's
recommendation was that the use of private organizations to
collect and store bulk telephony metadata should be implemented
only if expressly authorized by the Congress. My question to
you is not for the word ``should,'' but we have watched the
President when he was all in on healthcare and promised us all
we could keep our insurance if we wanted it. It later changed.
We listened to his words say he could not change immigration
laws without Congress. He changed. We listened to him about
military force without congressional permission. He changed. We
heard his State of the Union where he said he had a pen and he
had a phone regardless of what Congress did.
My question to you is, in your professional opinion, do you
believe that the President of the United States has the
authority to use private organizations to collect and store
bulk telephony metadata without the express approval of the
Congress of the United States?
Mr. James Cole. Congressman, that is an issue that is
probably part of the mix that we are looking at----
Mr. Forbes. My question to you is do you have it, and we
have seen you kind of slide off of the answers to the questions
today. I am not asking you what ultimately would be determined.
I am talking about your professional opinion today sitting
there, is it your professional opinion that the President has
authority or does not have the authority?
Mr. James Cole. I am going to give you a lawyer's opinion.
Mr. Forbes. That is what we hired you for.
Mr. James Cole. Okay. There may be ways we could find for
him either through contract or executive order to do it. It
could also be done through legislation. There may be a number
of different ways that you can----
Mr. Forbes. So then basically if this Congress wants to
avoid that, we had better to get to work and expressly prohibit
the President from doing that, because he could do that the
same way he is threatening to do certain other things.
Mr. James Cole. I think the President has clearly indicated
he is looking forward to working with Congress to achieve a lot
of these things.
Mr. Forbes. Yes, but he also said that ``working'' means if
Congress does not do what he says, he has got the pen, he will
do it anyway.
Mr. Swire, if I could ask you, and I appreciate your
comments about wanting to have specific and targeted
collection, I believe, as opposed to bulk collection. Is that a
fair representation?
Mr. Swire. Our report emphasizes the usefulness of the
targeted collection.
Mr. Forbes. Mr. Swire, I represent a lot of people. We have
a lot communications from groups in the country who believe
that even with specific and targeted collection, they are
concerned because they have seen what the IRS, the Justice
Department, and other agencies have done in targeting
conservative groups and individuals in the faith community.
What would you suggest that we do to try to protect those
groups, because it is not going to be much consolation to them
to say we can do specific and targeted collection if they have
seen that they have been specifically targeted already by this
Administration. Any suggestions that your group might have for
that?
Mr. Swire. Well, we have a couple of statements or
conclusions in our report that I think are relevant to that.
One is we found no evidence that there was in these
surveillance activities any political targeting of Americans.
So this is not where they are picking phone numbers based on
politics or faith groups or whatever, and that includes people
with a lot of experience in the intelligence community who are
on our group.
And the second thing is we found a very substantial
compliance effort, much of which has been built up over the
last 4 or 5 years, and so, a very earnest effort to comply with
these rules, and so, in both of those cases, not political
targeting and following the rules. We were distinctly heartened
by what we found as we went through our----
Mr. Forbes. Well, let me ask you this because it is also my
understanding that your group did not conclude that the Section
215 Bulk Telephony Metadata Collection Program had been
operating illegally with respect to these statutes or the
Constitution. You further found no allegations in the report of
abuse of this authority by members of the law enforcement and
intelligence community. You further found that there was no
allegation that the National Security Letter Program operated
illegally, that no allegation of misuse or abuse by the law
enforcement or intelligence community was made in the report.
And yet you made substantial recommendations to change them.
So as to these groups who are very concerned about that,
what would be your recommendations to protect the interests of
those groups?
Mr. Swire. Congressman, we were interested in traditional
American checks and balances and having the different branches
of government doing their jobs, and going forward having within
the executive branch bulk collection held in secret without
judicial or congressional participation in that. We thought
that was not a good way to go. And so, for the bulk collection,
we recommended being very skeptical of the bulk collection, and
we recommended having judicial safeguards in instances where it
went forward as a way to maintain these sorts of checks and
balances.
Mr. Forbes. Good. Mr. Chairman, thank you, and I yield back
the balance of my time.
Mr. Goodlatte. The Chair thanks the gentleman, and
recognizes the gentleman from Tennessee, Mr. Cohen, for 5
minutes.
Mr. Cohen. Thank you, Mr. Chairman. Would it be improper
for me to recognize the Delta Sigma Thetas, who are here today?
Mr. Goodlatte. I think it would be very proper.
Mr. Cohen. Well, welcome. They are here and a great
sorority that does a lot of good for our country. Thank you,
Mr. Chairman.
Mr. Cole, before we talk about the NSA, which is indeed the
subject of this, I want to go to another subject and give you
some praise. You recently spoke before the New York State Bar
Association, and I was so encouraged by your speech. It was
about criminal justice issues that relate to this Committee as
well.
And you indicated that the President is open to using his
commutation power in a much more manifest way than he has in
the past. You called on attorneys to come forward and try to
help people with clemency requests, and that notice will be
given to individuals in prison maybe with mandatory minimums
that are unjust, people who had no violence in their
background, may be first-time offenders who were sentenced for
long times who judges said, I hate this, but I have to. And you
give them notice. I thank you for that. And you and the
President deserve praise for this effort.
It is my opinion that the President can leave a legacy for
justice that could be unmatched if he used that power that you
have discussed, and I am sure you have worked with him on, in a
manifold way. There are thousands of people that need justice
and should receive it, and this is probably the only way they
can. I know he is waiting on the legislature, the Congress, to
act. I think he should probably act on his own.
The FISA Court is appointed entirely by the Chief Justice,
and I have great regard for the Chief Justice. He and I are
friends. But I do not know that that makes for a good balance
of power on the FISA Court. His appointments, and it may just
folks he kind of knows, but 10 of the 11 judges who have been
currently sitting were appointed by Republicans presidents. And
it may just be how that happened, you know, but it could be
that there is a certain ideological link there, and it should
be changed.
I would think that the FISA Court ought to have a wide
expanse of ideology, and some people are more skeptical of the
government's perspective and more inclined toward looking
toward civil liberties. I do not know that we have that in that
Court. Does it trouble you, Mr. Cole, that the Chief Justice
names every single of those people?
Mr. James Cole. Congressman, I do not think it particularly
troubles me. I think we have seen judges throughout the Court,
and everyone that I have dealt with at the Court has just been
straight down on the facts and the law, and making sure that
they honored civil liberties. We have seen released any number
of opinions of judges when there were compliance problems, and
the judges coming down hard on the Justice Department and on
NSA to make sure that we fix them, and to make sure that we
protected people's privacy and people's civil liberties.
So I think you have got a good group of judges that have
been there over the years.
Mr. Cohen. Let me ask you this. You said the judges down
the line. Do they not almost unanimously agree? How many times
have you seen a split opinion?
Mr. James Cole. Well, there is only one judge that looks at
a FISA application, so you would not have the split. And what
has been discussed any number of times is that we present these
applications to the FISA Court. They go to the staff. They go
to the judges. Sometimes the judges will kick them back, and
they will say you need more information about this, or, I do
not find you have met the standard on that. And sometimes we
will provide more information, other times we will withdraw it.
So the statistics of how many have been granted that were
submitted are a little bit misleading because it does not take
into account some of the dialogue that goes on between the
Justice Department and the Court that results in the
applications being withdrawn.
Mr. Cohen. And they do not sit en banc?
Mr. James Cole. No. There is a review group, an appellate
group, which is 3 judges, and they will sit as 3 judges.
Mr. Cohen. How often are they split?
Mr. James Cole. I would have to go back and look. I do not
really know the statistics off the top of my head.
Mr. Cohen. Would ``rare'' be a good term to apply to their
outcomes?
Mr. James Cole. It might be, but I just do not know the
statistics.
Mr. Cohen. Did the President not come out for some type of
change and think that maybe each of the judges should rotate
and pick somebody?
Mr. James Cole. I think that is one of the things that has
been proposed in some of the pieces of legislation. I think
generally as long as we get good judges who are there and we do
not inject politics into it, I think we are happy as long as we
have got judges that are there, and that fully staff the----
Mr. Cohen. I understand not getting politics in it, but the
Pope is politics. I mean, everything is politics. The justices
are politics. Would it be wrong if the congressional leaders,
equal Democrat and Republican, suggested some people to the
judges and they pick from that group so there would be more of
a check and balance on the choices?
Mr. James Cole. I think there are any number of models that
might be workable in this regard to try and find a way to staff
that Court. We are more than happy to work with the Congress on
trying to find good ways to do that.
Mr. Cohen. Thank you. Thank you. I appreciate it, and I
thank the Chairman for his indulgence in recognizing the
greatest group of ladies in red since the Biograph Theater.
Mr. Goodlatte. That is an interesting comparison.
[Laughter.]
The gentleman from Texas, Mr. Gohmert, is recognized for 5
minutes.
Mr. Gohmert. Thank you, Mr. Chairman, and I appreciate the
witnesses being here. Mr. Cole, if you had been testifying in
front of this Committee back before Edward Snowden took the
documents he did, and you were asked if it was possible that
any contractor would be able to access and take the documents
that we now know he did, based on your comment that nobody can
access these documents without proper cause, back then you
would have said nobody could access those documents without
proper cause and authorization, would you not?
Mr. James Cole. I think what I was saying, Congressman, is
under the law and the court order nobody is allowed to do that
without violating the----
Mr. Gohmert. So you are making a distinction that it is
possible that they could access those documents, just like
Edward Snowden did, correct?
Mr. James Cole. Things are possible. You know, this is
something that we would like to nail down, but exactly what----
Mr. Gohmert. Well, you answered my question on that. The
answer, though, accurately would be that not only Members of
Congress, but anybody is subject to having that data looked at
or accessed by someone who may not follow the law.
But let me tell all of you witnesses, in my first term we
went through the process of debating whether or not we were
going to renew the PATRIOT Act, and 215 was of particular
importance. And I asked the question, for example, you know,
under 215 where it says that you would only access these
documents to protect against international terrorism or
clandestine intelligence activities. I said what is
``clandestine intelligence activities,'' and I was assured that
since we are talking about international terrorism, our
intelligence activities have to do with foreigners, and we were
assured that was the case. And Chairman Sensenbrenner at the
time assured that he had been assured that that was the case,
and that is why he was initially totally opposed to any more
sunsets that I fought so hard for and we did finally get in
here. And now we find out those representations were not
accurate.
And let me tell you something else that concerns me is,
yes, I know the Constitution and the Fourth Amendment does say
that we have the right to be secure in our persons, houses,
papers, and effects against unreasonable searches and seizures.
And that is not to be violated, and no warrants are to be
issued but upon probable cause supported by oath or
affirmation, particularly describing places, persons, or things
to be seized.
And when we saw the copy of this order from the FISA Court,
all those assurances from my terms as a freshman went out the
window because you have a judge, based on this before the FISA
Court, who just says give all call detail records, telephony
metadata. And then it defines telephony metadata basically as
everything that you would desire about information and calls
being made.
I cannot find in that order any particularity or any
specificity as at least appellate courts have always required.
So this causes me great concerns without regard for discussion
about Snowden, the fact that we had information provided to us
that were misrepresentations of what was being done by this
government.
So let me also ask, since we have been told repeatedly how
critical this FISA ability under 215 is, we have been told that
all of these different plots have been foiled. And when it
comes right down to it, it appears it was basically a subway
bombing, and there are articles that indicate that, well, gee,
they intercepted some information, so they went back and got
all the phone logs for communication. But you do not need FISA
Court, you do not need 215 when you have probable cause from a
terrorist, a known terrorist, calling an American citizen. You
would be able to get a warrant for that, would you not? I ask
all of you.
Mr. James Cole. Well, I think there are a couple of issues
there.
Mr. Gohmert. Well, the question is, you would be able to
get a warrant if you showed that a known foreign terrorist made
calls to an American citizens. You could go in and get
basically any court to grant a warrant to get those logs, could
you not?
Mr. James Cole. It depends on whether you get it under
FISA, in which case you would have to show that it was an agent
of a foreign power or a terrorist or an intelligence----
Mr. Gohmert. That was part of my question, a known foreign
terrorist.
Mr. James Cole. Right. You may well be able to do that.
Mr. Gohmert. Mr. Swire, do you think we could get that?
Mr. Swire. Congressman, to date the courts have not held
that that was a search, so they say there is not a Fourth
Amendment constitutional protection in the metadata. And we
recommend----
Mr. Gohmert. In other words, you do not need 215 to get
that, do you?
Mr. Swire. Well, you need some statutory basis to require
the companies to turn over the data, but it is not a
constitutional protection. It is statutory right now.
Mr. Goodlatte. The time of the gentleman has expired.
Mr. Gohmert. If I could get an answer from our last
witness.
Mr. Medine. Again, we agree that under Supreme Court law
there is not a constitutional Fourth Amendment issue, but we
also do believe this information could be obtained through
other authorities, a warrant, subpoena, or possibly national
security----
Mr. Gohmert. Without 215?
Mr. Medine. Yes.
Mr. Gohmert. Okay. Thank you very much.
Mr. James Cole [continuing]. Would only be required for the
listening of the call, not for the data.
Mr. Gohmert. Thank you. I yield back.
Mr. Goodlatte. The Chair recognizes the gentleman from
Georgia, Mr. Johnson, for 5 minutes.
Mr. Johnson. Thank you, Mr. Chairman. The revelation that
U.S. intelligence agencies were collecting telephone and email
metadata on foreign to domestic, domestic to foreign, as well
as domestic to domestic communications caused an uproar. This
disclosure has given rise to the suspicion that intel agencies
have been spying on Americans. The intel community denies
spying on Americans, and states that the purpose of the
metadata collection is to protect Americans from terrorist
attacks like 9/11.
Now, in the wake of the death of Osama bin Laden, who was
one of the 5 top leaders of Al-Qaeda, and, in fact, 4 of the 5
top leaders of Al-Qaeda, including Osama bin Laden, are no
longer living. And Al-Qaeda has, thus, decentralized with
affiliates worldwide acting independently to establish an
Islamic state through violence. These groups all share a Salafi
jihadist ideology, which is that violence is the only pathway
to achieving a world governed by what Al-Qaeda calls true
Islam. Those groups are working toward that goal.
Given the nature of the Al-Qaeda threat, or actually the
Salafi jihadist threat, given the nature of that threat, and
also assuming that those organizations use cell phones, chat
rooms, emails, Facebook, and Twitter to conduct their
operations, do you believe that that the universal data
collection by U.S. intel agencies has the potential to disrupt
Al-Qaeda's operations throughout the world? And secondly, and I
think we already have answers to this from two of you, is
metadata actually private information, and, if so, who does the
information belong to? Is it the customer or is the service
provider? Starting with you, Mr. Cole.
Mr. James Cole. Congressman Johnson, I think that the 215
program is a tool, and it is a tool that is helpful. It is not
going to solve all the problems all on its own in finding
terrorists. It is one piece of what we use as a number of tools
to try and find terrorists before they attack the country. In
and of itself, it has some utility, but I do not think we
should overstate the utility of it, but it is helpful, and I
think it is something that we have determined that we do not
want to give up that capability because it is helpful.
Mr. Johnson. All right. Let me go to----
Mr. Swire. Congressman, yes. One of the major themes of our
reports is that we have to use our communication system for
multiple goals. We have to use it to capture dangerous people
and find them. It is the same communication system we used for
commerce and we use for free speech and all these other things.
And so, our report tried to figure out ways to be really
good at finding the threats and also protect these other goals.
People are all struggling with how to build that, and it is a
big challenge.
Mr. Medine. Congressman, you raised the question about
whether Americans were improperly being spied on. We did not
find any evidence of that, but the mere fact that people
believe that could be affects their behavior, their
association, their speech rights. And that is one of the major
reasons we recommend, the majority of the board, to not
continue the 215 bulk collection program because there are
other methods that are more particularized to gather this
information without storing everyone's phone records.
Mr. Johnson. How would that affect the ability of our
intelligence agencies to protect Americans from a threat like
9/11?
Mr. Medine. The majority believes that the ability to
collect this information could be transferred to the providers
instead of maintained in a bulk collection and maintain the
same level of efficiency.
Mr. Johnson. Okay. What would cause the private providers
to have adequate security as to who in their operations had
access to the, for lack of a better term, private information,
the private metadata? What are the consequences? What are the
ramifications of that?
Mr. Medine. Well, under current law, the Federal
Communications Commission requires telephone providers to
maintain those records for 18 months, and also maintain the
security of that information. So that is current law, and that
happens every day that the providers maintain that information.
What we are saying is instead of having them dump all of their
information into a government database, it should be kept with
them and obtained from them on a case by case basis.
Mr. Johnson. Anyone else?
Mr. James Cole. I think one important point, and it goes to
a question Mr. Gohmert asked, is that there are lots of
security protections in lots of different databases. You can
get around them every now and again. You can get around them in
a government database. You can get around them in a provider's
database. People can hack in. We tried to put in protections
and legal restrictions to prevent that from happening, but
nothing is completely foolproof.
Mr. Goodlatte. The time of the gentleman has expired.
Mr. Johnson. Thank you.
Mr. Goodlatte. The gentleman from Ohio, Mr. Jordan, is
recognized for 5 minutes.
Mr. Jordan. Thank you, Mr. Chairman. Mr. Cole, are you
familiar with the name Barbara Bosserman?
Mr. James Cole. I have heard that name, yes.
Mr. Jordan. Is she an attorney who works at the Justice
Department?
Mr. James Cole. She is.
Mr. Jordan. And she is part of the team that is
investigating the targeting of conservative groups by the
Internal Revenue Service, is that correct?
Mr. James Cole. She is a member of that team.
Mr. Jordan. A member of that team. I would dispute that and
say she is leading the team, but I will take your word for it.
Now, in the last 5 days, Mr. Cole, you have sent me two
letters, one January 30th, last week, one just yesterday, where
we had invited Ms. Bosserman to come testify in front of the
Oversight Committee, and you sent me two letters saying that
she is not going to come. And I counted them up. In these two
letters, I think it is 7 different times you say this is an
ongoing investigation, and that is why Ms. Bosserman cannot
come to our Committee and testify. Do you recall those two
letters you sent me, Mr. Cole?
Mr. James Cole. I do.
Mr. Jordan. Yes, and you signed both of them?
Mr. James Cole. I did.
Mr. Jordan. And you referenced many times ongoing an
investigation?
Mr. James Cole. Yes, it is.
Mr. Jordan. So here is my question. How can the President
of the United States go on TV on Superbowl Sunday and say that
there is not a smidgen of corruption in this investigation, not
a smidgen of corruption in the IRS with how they targeted
conservative groups? How can he be so sure when it is an
ongoing investigation, something you told me 7 times in two
letters in 5 days? How can the President make that statement?
Mr. James Cole. Congressman, I think you should probably
address that question to the White House.
Mr. Jordan. Did you brief the President on the status of
this investigation?
Mr. James Cole. I have not.
Mr. Jordan. Do you know if the Attorney General has briefed
the President on the status of this investigation?
Mr. James Cole. Not that I am aware of.
Mr. Jordan. Do you know if Ms. Bosserman, part of this
team, who is investigating the targeting of conservative
groups, do you know if she has talked to the President?
Mr. James Cole. Generally, the Justice Department does not
brief the White House on----
Mr. Jordan. So how is the President so sure?
Mr. James Cole. Congressman, I am not in a position to
answer----
Mr. Jordan. He did not say I do not think there is, there
probably is not, nothing seems to point that way. He said there
is not a smidgen of corruption. He was emphatic. He was
dogmatic. He knew for certain. And no one has briefed him?
Mr. James Cole. No one I am aware of, Congressman.
Mr. Jordan. So you know what I think, Mr. Cole? I mean, you
know, just a country boy from Ohio. You know what I think? I
think the President is so emphatic and he knows for certain
because his person is running the investigation, because Ms.
Bosserman gave $6,750 to the Obama campaign and to the
Democratic National Committee, and she is heading up the
investigation. I think the President is so confident because he
knows who is leading the investigation. And that is a concern
not just for me, and Members of this Committee, and Members of
the Oversight Committee, but, more importantly, the American
people who have to deal with the IRS every single year. Does
that raise any concerns with you, Mr. Cole?
Mr. James Cole. Congressman, Ms. Bosserman is a member of
the team. She is not leading this investigation.
Mr. Jordan. How was the team picked?
Mr. James Cole. The team was assigned in normal course by
career prosecutors. It includes the FBI, the IG for the----
Mr. Jordan. How many members are on the team? This is
something the FBI has refused to answer for the last year
because I have been asking the question. They have refused to
meet with us. They initially said they were going to meet with
us. Then they talked with lawyers of the Justice Department and
they said, no, we are going to rescind that offer, Mr. Jordan.
We are not going to come meet with you. So how was the team put
together, and how many members are on the team?
Mr. James Cole. Congressman, off the top of my head, I have
no idea how many members are on that team. And generally, we do
not brief elected officials on ongoing investigations. That is
a standard----
Mr. Jordan. But again, we are not asking for a full
briefing. We understand it is ongoing. We would just like to
know who is heading it up. How many agents have you assigned?
How many lawyers have you assigned? Who is heading it up? If it
is not Ms. Bosserman as I think it is, who actually does head
it up?
Mr. Johnson. Mr. Chairman, parliamentary inquiry, please?
Mr. Goodlatte. The gentleman will state his parliamentary
inquiry.
Mr. Johnson. Is it proper for a Member of the Committee to
question a witness about a matter that is not relevant to the
matter that the hearing has been noted for?
Mr. Goodlatte. It is proper, and it has been done many
times before in this hearing, this Committee.
Mr. Jordan. I would just point out----
Mr. Goodlatte. The gentleman will continue.
Mr. Jordan. Mr. Cole sent me two letters in the last 5
days. It is a pretty important issue. And when you appoint
someone or you assign someone who gave $6,750 to the very
person who--the President could be a potential target in this
investigation, and yet the person leading the investigation
gave $6,000 to his campaign? She has got a financial stake in
an outcome, a specific outcome. And Mr. Cole says ``normal
course of duty.'' We have got 10,000 lawyers at the Justice
Department, and, oh, it just happened to work out that Ms.
Bosserman heads up the team. Really?
Mr. James Cole. She is not heading up the team,
Congressman. There are many people----
Mr. Jordan. It is not what the witnesses we have talked to
have said. Mr. Cole said she asked all the questions when they
have been interviewed.
Mr. James Cole. She is not the head of the team, and there
are many people who will be making the decision as to what to
do with this case based on the evidence, the facts, and the
law, just like every single investigation the Department of
Justice does.
Mr. Jordan. Okay. All I know is the President said----
Mr. James Cole. And including FBI agents----
Mr. Jordan. All I know is the President said there is not a
smidgen of corruption.
Mr. James Cole [continuing]. Including eight----
Mr. Jordan. The President has already reached a decision.
Mr. James Cole [continuing]. And the Inspector General's
office.
Mr. Jordan. Mr. Chairman, if I could real quickly. I sent
my letters to Ms. Bosserman. She did not write me back. You
did, Mr. James Cole. Did you talk to her about coming to
testify? Did you tell her not to come testify?
Mr. James Cole. I did not tell her not to testify.
Mr. Jordan. Did you have any conversation with Ms.
Bosserman about the request I gave her to come testify in front
of our Committee?
Mr. James Cole. Congressman, there is a standard----
Mr. Jordan. No, no, I did not ask that. I said did you talk
to Ms. Bosserman about that specific request I sent to her. My
letter was to her, and I got responses back from you.
Mr. James Cole. And I am answering your question,
Congressman. There is a very long-held policy in the Department
of Justice that line attorneys are not subjected to the
questioning by Members of Congress.
Mr. Jordan. Did you ask her if she wanted to testify?
Mr. James Cole. If I may finish, Congressman, they are not
subjected to questioning----
Mr. Johnson. Regular order, Mr. Chairman.
Mr. James Cole [continuing]. By Members of Congress, and we
do not send people up here to talk about ongoing
investigations. We have done that in every Administration.
Mr. Jordan. But you are not answering my question. Answer
my question.
Mr. Goodlatte. The time of the gentleman has expired. The
gentleman may answer the question.
Mr. James Cole. I think I have answered it.
Mr. Jordan. I do not think you have.
Mr. Goodlatte. The Chair recognizes the gentlewoman from
California, Ms. Chu, for 5 minutes.
Ms. Chu. Mr. Medine, the PCLOB's report urges Congress to
enact legislation that would allow the FISA Court to seek
independent views from the special advocates. These advocates
would step in where there are matters involving interpretation
of the scope of surveillance authorities or when broad
collection programs are involved.
The report stresses that the Court should have discretion
as to when these advocates step in. But is it advisable for the
Courts to have that discretion? Is it possible that the Courts
may leave the advocates out of the process when such important
questions are before them?
Mr. Medine. First, we do think it is important for
advocates to be involved in issues of new technology and new
legal developments. In terms of how they get involved, our
feeling was that there are cases where they should certainly,
obviously, be involved such as in a novel program that is being
proposed. But there may be other cases which may not seem as
novel on its face, but the judge is aware of the facts and
circumstances, and wants to bring them in as well.
So we felt it was appropriate to give the judge discretion
as to when to involve the advocate, but we also called for
reporting. And under the Court rules, Rule 11, the government
is required to indicate to the Court if it is making an
application that involves a new technology or a new legal
issue. And so, what we have asked is that there be reporting of
every Rule 11 case, and how many of those instances has a
special advocate been appointed, and that way there can be
oversight of the court process of appointment.
But we do, again, think that it is appropriate for the
judges to maintain some discretion.
Ms. Chu. Would that report also include times when special
advocates were not included, though?
Mr. Medine. Right. How many times has Rule 11 application
been forwarded, and how many of those instances has an advocate
been appointed or not appointed? So again, if it is a
significant case, one would assume it is likely that they would
be, but there will be accountability to the public by the Court
as to when they make those appointments.
Ms. Chu. Now, you also advocate for the ability of the
special advocates to request appellate review of court rulings.
Why did you recommend this, and how would this strengthen
privacy protections?
Mr. Medine. In our American judicial system, we have a
process by which district judges get reviewed by appellate
bodies and ultimately the Supreme Court. We think that works
effectively to have a dispassionate review by 3 judges at the
appellate level and the 9 justices at the Supreme Court. And we
think that the FISA Court process would be improved by
encouraging that development.
And so, we would like to empower the advocate to bring to
the FISA Court of Review, which is their appellate body,
adverse decisions to the advocate and in favor of the
government so that there could be greater review. Again, much
as there would be in any case in the District Court system.
Ms. Chu. Mr. Swire, many of us think that, of course, the
language in the statute in which the Section 215 bulk
collection of metadata is broad, but that the government's
interpretation of the relevant standard is even broader. The
review group proposed a standard that the Court may only issue
a 215 order if the government has reasonable grounds to believe
that the particular information sought is relevant to an
authorized investigation. And like a subpoena, the order has
reasonable and focused scope and breadth.
Can you tell us how this standard would narrow the
government's inquiry so we could protect the American public in
terms of its privacy interests? And how is this standard an
improvement?
Mr. Swire. Well, one change is that it would be a judge
involved, and that is something that President Obama has
recently said they are going to work with the FISA Court to do.
A next change is to try to have these narrowing of scopes so
that the bulk collection by the government prior to judicial
looking at it would not occur. So it would be a narrowing in
that respect as well.
Ms. Chu. Also, the review group recognizes that
intelligence programs, some, should remain secret. But you are
also proposing that a program should be kept secret from the
American public only if the program serves a compelling
governmental interest, and if the efficacy of the program would
be substantially impaired if our enemies were to know of its
existence.
If this proposed standard were in existence today, would
the government have been compelled to disclose Section 215 bulk
collection program? How is your standard an improvement over
what we have today?
Mr. Swire. Right. Well, our recommendation 11 talks about a
compelling government interest, and there would be a process
within the government. When that process happens, we emphasized
having not only intelligence perspectives, but, for instance,
economic perspectives, civil liberties perspectives, as part of
a sort of comprehensive review.
And I also note that on bulk collection, the President has
asked John Podesta to lead a process for private and public
sector bulk data which is supposed to come back with additional
recommendations about bulk data within, I think, 60 days.
Ms. Chu. Thank you. I yield back.
Mr. Goodlatte. The time of the gentlewoman has expired. The
Chair recognizes the gentleman from Texas, Mr. Poe, for 5
minutes.
Mr. Poe. Thank you, Mr. Chairman. I have great concerns
about this whole process. This is reminiscent to me of the old-
fashioned star chamber where courts met in secret, issued their
verdicts and edicts in secret. No one knew what happened until
the sentence was carried out.
I also spent some time in the Soviet Union when it was the
Soviet Union. Everything I did and all the citizens did was
spied on by the Soviets. And here we are in 2014 trying to
justify what I think is spying on American citizens.
Mr. Cole, I have a question for you, but I want to quote
Mr. Medine in his testimony. He said, ``Based on the
information provided to the Board, including classified
briefings and documentation, we have not identified a single
instance involving a threat to the United States in which the
program made a concrete difference in the outcome of a
counterterrorism investigation.'' Mr. Cole, name one criminal
case that has been filed based upon this vast surveillance and
metadata collection.
Mr. James Cole. Congressman, I think there was one which
was a material support case that was filed based on the 215
metadata where we were able to identify someone. And again, as
I have said, this is not----
Mr. Poe. Reclaiming my time, as you know our time is
limited. So how many criminal cases have been filed based upon
this massive seizure?
Mr. James Cole. Well, the criminal support statute is a
criminal----
Mr. Poe. I understand. My question is how many.
Mr. James Cole. I do not know off the top of my head,
Congressman.
Mr. Poe. There is one.
Mr. James Cole. There may be one.
Mr. Poe. There may be one. So we have this vast metadata
collection on Americans, and the reason is, oh, we have to
seize this information or we are going to all die because of
terrorists. And you are telling me as a former prosecutor--I am
a former judge and prosecutor--all this information has
collected one criminal case, is that what you are saying, that
you know of?
Mr. James Cole. Well, Congressman, the point of this is not
necessarily to make criminal cases.
Mr. Poe. I am not asking you----
Mr. James Cole. The point of it is to gather intelligence.
Mr. Poe. Reclaiming my time. My question is, one criminal
case. That is all you can show for criminal cases being filed
against individuals, right?
Mr. James Cole. I think that is the correct number, but I
would have to go back and check to be sure.
Mr. Poe. It may not even be one.
Mr. James Cole. The point of the statute is not to do
criminal investigations. The point of the statute is to do
foreign intelligence investigations.
Mr. Poe. But the collection is on American citizens. When a
warrant is signed--I signed a lot of warrants, Fourth
Amendment. You know, I actually believe in the Fourth
Amendment. A warrant is served. Police officers go out and
investigate. They return the warrant, and it is filed as a
public document in State courts and in Federal courts. But when
collection on American citizens of their information, this is
not made public to them. They never know that this information
was seized from them, do they?
Mr. James Cole. Well, as I think even the PCLOB and the
President's review group have noted, the Fourth Amendment does
not cover the collection of metadata under the current law. So
it would not have those requirements.
Mr. Poe. I know that is the current law, but that is not my
question. My question is, the information is seized from them.
They do not know that their personal information was seized by
the Federal Government. They do not know that. They are not
protected under our current statute under the PATRIOT Act. Is
that correct or not?
Mr. James Cole. The information does not come from them. It
comes from the companies that they have phone service with.
And, no, they are not informed directly that that metadata from
those phone companies has been collected.
Mr. Poe. Do you have a problem with that information being
seized on Americans through a third party and Americans never
know that that they are the subject to this metadata
collection? I mean, do you have a personal problem with that,
or do you think that is okay, the government ought to do that?
Mr. James Cole. These are the issues we grapple with every
day, Congressman, as far as trying to do national security
investigations and trying to protect people's civil liberties.
And we take leads from the Court as to the scope of the Fourth
Amendment and where people's reasonable expectations of privacy
are. And these are difficult lines to deal with, and just what
we are doing right now is trying to find where that right line
is.
Mr. Poe. Well, I think it is an invasion of personal
privacy, and it is justified on the idea that we have got to
capture these terrorists. And the evidence, based on what you
have told me, is all of this collection has resulted in one bad
guy having criminal charges filed him. I think that is a bit
over reaching to justify this massive collection on
individuals' personal privacy. That is just my opinion. I yield
back to the Chair.
Mr. Goodlatte. The Chair thanks the gentleman, and
recognizes the gentleman from Florida, Mr. Deutch, for 5
minutes.
Mr. Deutch. Thank you, Mr. Chairman. General Cole, I am
going to come at the judge's line of questioning from a
slightly different angle, but I think trying to get at the same
point. In a September letter to NSA employees, General
Alexander wrote that ``The Agency has contributed to keeping
the U.S. and its allies safe from 54 terrorist plots,'' and
that 54 terrorist plots has been repeated on several occasions.
Last week in testimony before the Senate, there were some
officials from the Administration who suggested that terrorist
plots thwarted is not the appropriate metric for evaluating the
effectiveness of the program. And I would just like to
understand has the argument changed, and if it has, why should
we now apply a different metric to determine the success of
this program if it is not criminal prosecutions and if it is
not terrorist plots thwarted?
Mr. James Cole. A couple of things, Congressman. The 54
number, as I recalled it, was both 702 and 215. And the bulk of
it, frankly, was 702 coverage. And that is a very, very
valuable program, and, frankly, probably more valuable than
215.
215 has a use, and it has a number of different uses. They
are not as dramatic as 702, but they provide pieces of a
puzzle. They provide tips and leads that allow us to then go
and investigate and then gather other information. And that is
really the value of 215.
Mr. Deutch. But even if that 54 number that had been used
does not apply primarily to the 215 program, you are telling me
that the notion of terrorist plots thwarted even as it applies
to this program is not the metric we should be using.
Mr. James Cole. It is not the only metric. Certainly it is
a great metric, but I do not think it is the only metric we
should be using. I think if we are gaining evidence that is
valuable to us in doing investigations that help keep the
country safe, that is a valuable metric.
Mr. Deutch. Right. And Mr. Medine had told us earlier in
his testimony, their first recommendation was to end the 215
program, and said that whatever successes you are referring to
could have been replicated in other ways. Mr. Medine, is that
right? And how could that have been accomplished?
Mr. Medine. Well, there are other authorities--grand jury
subpoenas, search warrants, national security letters--that
allow for access to the information without the need to collect
bulk records.
Mr. Deutch. And would have accomplished all of the same
things that the 215 program does successfully.
Mr. Medine. Substantially. Even the material support we
talked about, but in many other cases. We looked at a lot of
different metrics and based our recommendations on that.
Mr. Deutch. Right. And when we talked about the suggestions
going forward, the idea of moving this information away from
the government, Mr. Swire, you had said that when we are
talking about metadata held by or the suggestion of metadata to
be held by private providers or private third parties instead
of by the government. And, Mr. Cole, I think you said people
are thinking outside the box about how to store this
information.
My question is this. The metadata that is being collected
that you are comfortable moving to the private parties puts
that metadata, does it not, and here is what I am concerned
about. It puts the metadata that Mr. Medine and others believes
is unnecessary to gather because it does not accomplish what is
necessary. We can do it in other ways without intruding on
people's civil liberties. But if it is stored by private
contractors, private parties, it is at risk then, is it not, of
being stored with all of the other data, dramatically more
intrusive personal data, that we turn over to private parties
regularly when we go on the internet, regularly.
It puts it in the same place with all of the information
that we have been assured time and time again today this
program does not do in terms of intruding on the specifics of
our emails and the specifics of what we do on the internet, et
cetera. It puts it all together. Why should that not be a
concern of ours?
Mr. Swire. Congressman, I think part of the question is are
we creating extra risk as we shift things around----
Mr. Deutch. Exactly right.
Mr. Swire [continuing]. And find ways to shift things
around. When it comes to phone company telephone records, as
has been mentioned earlier, the Federal Communications
Commission already requires it to be there for 18 months. Phone
companies have been holding phone company data for an awfully
long time.
Mr. Deutch. Right, and, no, I understand, and that point
has been made earlier. But there was another suggestion made. I
think one of your suggestions was that we may need to have some
other party. We may need to look outside of the box. My concern
is that we are creating more risk than already exists in the
program that we do not even need.
Mr. Swire. Right. And what we said, and our entire report
is prefaced by a transmittal letter saying this is our best
effort in the time we had to come up with things. And one of
the suggestions we had was in addition to possibly the phone
companies, maybe a private sector entity could hold this with
the right sorts of safeguards, and that we should look for ways
to transition.
We did not say we had the magic answer. Each one of these
has downsized. But we thought getting it away from a huge
government database was a better way to go.
Mr. Deutch. Right, to a private database where risks could
be even greater than they already are. I appreciate it, and I
appreciate all the witnesses being here. I yield back. Thank
you.
Mr. Goodlatte. The Chair thanks the gentleman, and
recognizes the gentleman from Arizona, Mr. Franks, for 5
minutes.
Mr. Franks. Well, thank you, Mr. Chairman, and thank all of
you for being here. You know, it occurs to me that this
Committee, the Judiciary Committee, has a unique role in
Congress in the sense that it sort of epitomizes the entire
purpose of government. Our job is to protect the lives and the
constitutional rights of Americans. And sometimes it is
difficult to make that balance work out right.
You know, everyone on this Committee, I believe, wants to
try to do everything that we can to protect the national
security, to protect the lives of American people. But we also
want to protect their constitutional rights in that process,
and that requires us to make a clear distinction on how we go
about that to where we maximize both.
And I just have to suggest to you, without trying to sound
argumentative, that this Administration has made it very
difficult for us, because as Mr. Deutch has said and others, we
feel that we have been blatantly deceived on what some of these
programs have done and what they did. And consequently, it is
hard for us sometimes to come up with the kind of architecture
for any policy because we simply do not trust the
Administration to be forthright with American people or us. And
at the same time, I want to do the right thing here.
So let me just ask you this question, Deputy Attorney
General Cole. The President has made several recommendations
for changing these data collection programs, including ending
outright the bulk collection program. And then the last time
the authorities were up for renewal, then the Administration,
after they had said this, came before us and asked us to renew
them completely. Now, help me understand that. Help me
understand the contradiction there.
Mr. James Cole. I do not believe it is a contradiction,
Congressman. I think it is just an evolution as people come to
the debate and try to figure out the best way to do it, as we
get the recommendations from the PCLOB and the President's
review group, as we look at the value of what we get from these
programs. And I think what the President has said is he does
believe that the 215 program is valuable, but he is trying to
find ways and has charged us with trying to find ways to
accomplish as much and most of what that gives in other ways
that will cause less concern for the American people,
legitimate concern that they have about what is being done.
Despite all of the court restrictions that are put on,
despite the fact that as both groups found, there has been no
intentional abuse of any of this, it has been well regulated
and well minded, and it has been reported to the courts and
Congress and the executive branch. There is still a faith that
we want to keep with the American people about making sure that
they are satisfied we are doing everything we can do. So that
is where we are. It is an evolution more than a contradiction.
Mr. Franks. Attorney General Cole, I appreciate that. I
just would suggest to you that the American people are clearly
at odds with that understanding. They feel that they have been
deceived, and I certainly cannot possibly come back to them and
tell them they have not.
But if I could shift gears and ask you, Mr. Medine, a
question regarding 2315 that the Attorney General brought up.
How can a bulk collection that potentially violates the First
and Fourth Amendments be potentially unconstitutional, but
individual collection is not? Help me understand the dichotomy
there. I mean, if as, you know, the majority suggests here that
the bulk collection of telephony metadata under Section 215 is
constitutionally unsound, would the same not be true for
individual 215 orders?
Mr. Medine. First, the board did not say that the bulk
collection was unconstitutional. What we did say is that there
is a Supreme Court precedent, Smith v. Maryland, that says that
records held by third parties are not entitled to Fourth
Amendment protection. But we have also looked at the Jones case
involving GPS tracking and seen a potential trend, especially
in the voices of five justices, suggesting that this type of
information was entitled to constitutional protection because
of the breadth of its collection.
So collecting information on hundreds of millions of
Americans over an extended period of time is very different
from collecting information on one person who may be a suspect
for a short period of time. So we did not reach constitutional
conclusion on that, but I think there is a distinction between
those two scenarios.
Mr. Franks. All right. Well, quickly, Judge Bates, who
formerly sat on the FISC, recently wrote a letter objecting to
the creation of a public advocate position, like Mr. Obama has
suggested. He wrote that, ``Given the nature of FISA
proceedings, the participation of an advocate would neither
create a truly adversarial process nor constructively assist
the courts in assessing the facts.''
Attorney General Cole, I will ask you, do you agree with
Judge Bates' conclusion and tell me why.
Mr. James Cole. Well, I think the history of the Court has
been that it has functioned quite well, and that the judges
have been very earnest about trying to look at both sides. But
I think, again, as we have started to think through this, there
may be instances where the Court could benefit from another
point of view, not in every instance. And the instances may be
quite infrequent. But there are those where we think that
another perspective may be helpful to the Court in reaching its
conclusions.
Mr. Franks. Mr. Chairman, I am out of time. Thank you, sir.
Mr. Goodlatte. The Chair thanks the gentleman, and
recognizes the gentlewoman from Washington, Ms. DelBene, for 5
minutes.
Ms. DelBene. Thank you, Mr. Chair, and thanks to all of you
for being here today. Mr. Medine, I would like to talk about
transparency and the impact of the Administration's step to
allow technology companies to be able to provide greater
disclosure about the number of government requests they
receive.
Just yesterday many companies took advantage of the
agreement reached with the DoJ and have provided new
information to the public, which I think is a welcomed
development. Do you think legislation that allows companies to
provide more details to the public would be helpful? In
particular, can you talk about the distinction between what the
agreement last week allows and what you believe should happen?
I am also a co-sponsor of the USA Freedom Act, and we also
outline recommendations there. And I would love your opinion on
that.
Mr. Medine. Our board's report recommends a number of areas
where transparency could be greater so that there could be more
public confidence in our intelligence programs, and so
transparency with regard to the government's request to
companies is certainly a part of that.
What our Board recommended is that companies be given an
opportunity, in some cases a greater opportunity, to disclose
government requests consistent with national security. And so,
we have not had a chance to evaluate the arrangement that was
struck with the Justice Department, but certainly it is a move
in the right direction to allow the companies to make it clear
what is collected and also to disabuse people, particularly
overseas, and clarify that there is less collection going on
than they think, which I think will actually help American
businesses down the road. So we are very supportive in
principle of doing this, but we have not examined the specifics
of it.
In terms of whether there is a need for legislation, I
think we could evaluate how well the government struck its
balance. But there are important national security concerns in
revealing information, and it is important to do it in the
right way.
Ms. DelBene. Okay. We would be interested in your opinion
on that after you have had a chance to look at it in more
detail.
Mr. Cole, you stated last week the Administration had
determined that the public interest in disclosing this
information now outweighs the national security concerns that
required its classification. And, you know, my position is that
even greater disclosure is warranted in order to restore the
credibility and trust of the American in our government.
But I want to focus one particular element of the
transparency agreement announced last week. In the letter you
shared with companies' general counsels last week outlining the
terms of the agreement, you state that the government is able
to designate a service or designate a new capability order, and
thereby delay reporting on that service for 2 years. And I
wondered what the criteria was that you would be using in
making the decision of what a new capability would encompass.
Mr. James Cole. Well, I think the criteria is set out in
the letter. It is a new platform or a service or a capability
that we have not had before that would indeed be something new
and that we would be, I think, going to the court and having it
incorporated in the order. And so, it would be something where
we have gained a new capability to intercept communications
that we have not had before, so that if people are relying on
our inability to be able to intercept that information--
terrorists and people like that--that they will not all of a
sudden see a spike if we come to adopt that view or that
capability, and, no oh, I better get off this platform.
Ms. DelBene. But given that that is a rather vague
definition of what a new capability is, because of a new
version of what you are doing right now, how do we know that
that is not going to be used in such a broad way that basically
ends up preventing disclosure of a lot of information that
otherwise is covered in the agreement?
Mr. James Cole. I believe there is an avenue for the
companies to go to the Court and challenge that, and certainly
come to the Justice Department and challenge that, and say it,
in fact, is not a new capability. And we can try and work that
through, and the Court could find that it is not.
Ms. DelBene. And why do you believe that there has to be
such a caveat in the agreement at all?
Mr. James Cole. From a national security standpoint so that
people who are comfortable communicating over a certain type of
capability do not all of a sudden realize that we can now
intercept that capability.
Ms. DelBene. But do have a specific example in mind from
what----
Mr. James Cole. Nothing that I would want to talk about in
an open hearing.
Ms. DelBene. Thank you, and I will yield back, Mr. Chair.
Mr. Goodlatte. The Chair thanks the gentlewoman, and
recognizes the gentleman from South Carolina, Mr. Gowdy, for 5
minutes.
Mr. Gowdy. Thank you, Mr. Chairman. Mr. Chairman, I was
going to pursue a line of questioning related to the balancing
of constitutional principles, and two of them are at play here,
national security and privacy. And then I was going to pursue a
line of questioning related to the expectation of privacy and
whether or not it can change with culture and technology. But
two things happened, Mr. Chairman, on the long, arduous walk
from your chair to mine.
One was something my friend from Tennessee said, suggesting
a link between appointing judges and how they rule. In fact,
Mr. Chairman, our colleague from Tennessee said everything is
politics, justices are politics. So I want to ask Mr. Swire, I
am going to read you a list of names, and everybody on this
list has at least two things in common, and I want you to see
if you can guess what those two things are, okay?
Mr. Swire. It is arduous for us, too, Congressman, but go
ahead.
Mr. Gowdy. David Souter, John Paul Stevens, Harry Blackmun,
William Brennan, Earl Warren, and Anthony Kennedy. What do all
of those justices have in common?
Mr. Swire. I suspect you are pointing to the fact that they
are Supreme Court justices nominated by Republican presidents.
Mr. Gowdy. That is exactly what I am referring to. And what
would be the second thing they have in common? Would you agree
that they wildly underperformed if they were put there to
pursue a conservative agenda?
Mr. Swire. I am hesitant to say all these justices wildly
underperformed on any criteria.
Mr. Gowdy. You do not think Brennan wildly underperformed
if we put him there to pursue a conservative agenda?
Mr. Swire. I am sorry, which----
Mr. Gowdy. Blackmun, Brennan. They cannot get you in
trouble anymore. [Laughter.]
Judges cannot take up for themselves, Mr. Chairman. They
either cannot or will not. I just do not think it is
appropriate to try to make links between who put somebody on
the bench and how they are going to turn out because I just
pointed to a half dozen that did not turn out the way we though
they were going to turn out.
The second thing that happened, Mr. Chairman, was Mr.
Jordan's line of questions. Mr. Cole, I am not going to ask you
about the IRS targeting scandal for two reasons. Number one,
you cannot comment on it, and I know you cannot comment on it,
so I am not going to put you in a position of having to
repeatedly say you cannot comment on it. The second thing you
cannot do is explain to us why the President said what he said
Sunday. So because you cannot explain it any more than anyone
can explain it, I am not going to ask you about it.
I am going to ask you to do one thing, and you do not have
to comment on it. I am just going to ask you to do one thing,
prosecutor to prosecutor. I am going to ask you to consider, in
my judgment, how seriously the President undermined the
integrity of that investigation by what he said, ``not a
smidgen.'' Lay aside that is not a legal term, ``not a
smidgen'' or scintilla of evidence to support corruption or
criminality.
This investigation is ongoing. I assume no conclusions have
been reached, hence the word ``ongoing.'' And for him to
conclude that there is no evidence of criminality whatsoever in
the midst of an investigation I think undermines the hard work
that the men and woman of your Department do. And I do not
expect you to comment. I do not want you to comment, other than
I would ask you to consider anew appointing special counsel
under the regulations. The special counsel of regulation say it
is appropriate in extraordinary circumstances.
What we have been discussing all day today is the
extraordinary circumstance of whether can you target under the
Fourth Amendment. The IRS case is whether government has
targeted people for the exercise of their First Amendment
rights. So I do not think anyone would argue it is not
extraordinary if there is an allegation that government is
targeting someone.
And the second part of the regulation speaks to the public
interest. So I would just ask you to please respectfully
reconsider in light of what was said Sunday night, which was
there is nothing here, not a smidgen of criminality in the
midst of an investigation that matters greatly to lots of
people. The Chief Executive said move on. For no other reason
than to protect the integrity of the justice system, which I
know you care about and I care about, I would ask you
respectfully to consider appointing someone as special counsel
in light of what the President said Sunday night, because he
seriously undermined the integrity, in my judgment, of what is
an ongoing investigation. And with that, I will yield, Mr.
Chair.
Mr. Goodlatte. The Chair thanks the gentleman, and
recognizes the gentleman from New York, Mr. Jeffries, for 5
minutes.
Mr. Jeffries. I thank the Chair as well as the witnesses
for your participation in today's hearing.
Mr. Cole, I want to go over a few questions related to the
relevancy standard. I recognize this may have been ground
covered earlier in the hearing, but if you would just indulge
me. They will be pretty brief.
Since the passage of the PATRIOT Act, which I believe was
done in late 2001, how many actual terrorist plots have been
thwarted connected to the new tools made available to law
enforcement pursuant to this act?
Mr. James Cole. Well, I do not think that 215 was around in
the original version of the PATRIOT Act. That came some time
later. I do not know the exact number.
Mr. Jeffries. Right. I am asking about the overall PATRIOT
Act.
Mr. James Cole. I do not know the exact number.
Mr. Jeffries. Okay. Now, as it relates to the bulk
collection of metadata allegedly authorized by 216 that came
subsequent to the initial creation of the PATRIOT Act, how many
terrorist plots can be directly linked to this bulk collection?
Am I correct that the answer is zero?
Mr. James Cole. I think the question is directly linked.
There are tips and there are leads that come from the 215
metadata as I have said a number of----
Mr. Jeffries. Can you provide us with one example where a
tip or a link actually led to the thwarting of a terrorist plot
connected to this bulk collection?
Mr. James Cole. Well, alleged charges. It does not mean
that there were not other tips and leads that led to further
investigations that were valuable and helpful to the
government.
Mr. Jeffries. But it is fair to say there is no substantial
connection between this bulk collection and the resolution or
thwarting of any terrorist plot related to this particular
authorization under 215, correct?
Mr. James Cole. I think that may be correct, but I think
that that is not always the only standard that is used.
Mr. Jeffries. Right. Now, you referenced that earlier in
your testimony. Can you give an example to the American people
to justify this bulk collection outside of its alleged
relevance, given that there has been no evidence, not a
scintilla of evidence, presented that it has been relevant to
any terrorist investigation?
Mr. James Cole. Well, I think it is relevant in a couple of
ways. One is to be able to rule out that there are connections
within the United States from terrorist plots that may be
starting outside the United States. So it is very valuable to
be able to know that so we can direct our resources very much
at the core of what we are trying to look for.
Mr. Jeffries. Now, do you think that the current relevance
standard is a robust one?
Mr. James Cole. I think the current relevance standard is
one that is used in both criminal and civil law, and it is a
very broad standard.
Mr. Jeffries. It is a very permissive standard in terms of
what the government has been able to get access to, correct?
Mr. James Cole. It is not unfettered. It has to be done in
a way that is necessary. We cannot just take whatever we want
any time we want for any purpose. We have to go to a court and
justify the fact that we need this volume of records in order
to find the specific things we are looking for under very
restricted circumstances. And then the court has to say you
have permission to do this.
Mr. Jeffries. Right, but what is very troubling, and I
would like to talk to Mr. Swire about this, it is my
understanding that once that bulk collection has been obtained,
that the standard of reasonable articulable suspicion as it
currently exists is a decision made by a NSA supervisor, not by
an independent member of the judiciary, correct?
Mr. Swire. In the first instance, it is made by the
analyst, and it is reviewed by a supervisor.
Mr. Jeffries. Now, how is the Review Board proposing to
change the absence of judicial consideration?
Mr. Swire. As was true in 2009 when there were some
difficulties with compliance, we recommended that it go to the
FISA Court in individual instances for a judge to review.
Mr. Jeffries. Are you saying in the first instance in terms
of the authorization of bulk collection or subsequent
collection to search the data there must be a judicial
determination made?
Mr. Swire. In this case, there is collection, and then
there is reasonable articulable suspicion about some phone
number. And at that point you would go to the judge and say,
judge, here is our RAS, and here is why we think we should look
at it.
Mr. Jeffries. Okay. Now, as it relates to collection, there
has been discussion and debate about which entity would be most
appropriate, putting aside the question as to whether it is
even proper for this information to be collected, and I think
the jury is still out on that, and the balance of facts suggest
that it is not. But assuming that this information is
collected, I guess the proposals have included the private
sector, telephone companies, and an independent third party yet
to be identified. Has there been any consideration given to the
judicial branch as a separate, but co-equal, branch of
government independent from the executive creating the
mechanism to retain this data given the fact that a judicial
determination at some point is going to be made as to whether
it should be searched?
Mr. Swire. Yes. I am not aware of the judicial branch
holding databases and running those except for their own court
records. So that would be quite a different function than I
think what we have seen previously
Mr. Jeffries. Okay, thank you. I yield back.
Mr. Goodlatte. The Chair thanks the gentleman, and
recognizes the gentleman from Texas, Mr. Farenthold, for 5
minutes.
Mr. Farenthold. Thank you, Mr. Chairman. Mr. Medine, you
talked a little bit earlier in response to some questions about
limited Fourth Amendment protections for information held by
third parties. I think a lot of that is what Section 215 kind
of bootstraps on. It gives the government broad authority to
get a hold of that information.
Just so the folks watching this and everybody understands,
there is a difference between, like, if I have a file on my
computer or if I have a file on something on a cloud storage. I
have more privacy, correct, in what is on my computer, more
protection.
Mr. Medine. Under current Supreme Court law, that is right.
Mr. Farenthold. And the same would be true for something
sent by postal mail. I would have more privacy than something
sent by email. That is kind of more traditional. And I would
assume that, you know, a canceled check that I have in my
drawer is more protected than the bank record. Is that
something you think most Americans understand the difference in
this day and age about information that is held electronically
or held by third parties? Do you think most Americans
understand that it is basically fair game?
Mr. Medine. I suspect that they do not, but I think the key
thing here is that, as you say, technology has changed
dramatically since the Supreme Court's decision in Smith v.
Maryland, which was collecting a limited amount of information
for one person over a short period of time as opposed to----
Mr. Farenthold. Our ability to gather information has
changed. So the courts could revisit this, but is it also not
appropriate that Congress could revisit this and say you
actually do have a reasonable expectation of privacy in certain
things?
Mr. Medine. That is exactly what the majority of our board
has recommended is that based upon our legal analysis of
Section 215, our constitutional analysis, which we say is
heading in the direction of adding protections, and also our
balancing national security with privacy and civil liberties,
we saw a great impact of this program on----
Mr. Farenthold. So let me just ask Mr. Cole, and I suspect
I know the answer to this question. So if any of my information
is held by a third party, do you see any substantial limitation
on what Section 215 allows you guys to get?
Mr. James Cole. Yes, I see very significant limitations on
what we could get being held by a third party.
Mr. Farenthold. All right. Let us just talk about some
things that are probably held in bulk. We talked a lot about
the metadata on telephone calls. Could geolocation data that is
routinely reported back from cell phones be gathered?
Mr. James Cole. If there is a need, it may or it may not.
Mr. Farenthold. Bank records, credit card transactions,
things like that?
Mr. James Cole. They may not be. It depends on whether
there would be a need to show the connections where you would
need the whole group----
Mr. Farenthold. But under the rationale that you get all
telephone records, could that not be extended to say, all
right, we need all credit card transaction records, or all
geolocation data so we can go back and mine it after the fact,
from what we hear from the folks to your left, is a very
limitedly effective program.
Mr. James Cole. Well, we are not mining the data,
Congressman. That is not something----
Mr. Farenthold. Or go back and searching it, I guess.
Mr. James Cole. Well, and we are searching only in a very
limited way.
Mr. Farenthold. Right, but the same argument that says you
can collect all the phone data, could the exact same argument
not be used for any other sorts of data that are collected by
businesses in bulk?
Mr. James Cole. Not necessarily because the phone data
connects two different people, and you have to look at those
two different sets of information.
Mr. Farenthold. Right. So the geolocation data does the
same thing. I go----
Mr. James Cole. Not necessarily because it only focuses on
one person and not----
Mr. Farenthold. Right. But if you got the geolocation data,
you could get everybody who is within 150 feet of me by rather
than searching the person's phone, you could search the law and
where they are, and you could tell everybody who's in this room
right now.
Mr. James Cole. But there may be other ways to go about
that without collecting all of the data for every single cell
tower in the United States.
Mr. Farenthold. Okay. But do you believe that it would be
legal for you all to do that?
Mr. James Cole. Only if there was a need. The Court's
rulings have really focused on the fact that there is a need
under the facts and circumstances----
Mr. Farenthold. All right. I see I am almost out of time,
and I wanted to follow up on something that came up in the
Oversight and Government Reform Committee last week. Can you
tell us whether the NSA is playing any role in identifying,
assessing, or classifying information about security threats or
vulnerabilities associated with the healthcare.gov website? Are
you aware of anything?
Mr. James Cole. I am not aware of anything, Congressman.
Nothing that I am aware of.
Mr. Farenthold. Thank you very much. I yield back.
Mr. Goodlatte. The Chair thanks the gentleman and
recognizes the gentleman from Rhode Island, Mr. Cicilline, for
5 minutes.
Mr. Cicilline. Thank you, Mr. Chairman. I thank you and the
Ranking Member for the warm welcome, and I look forward to the
work of this Committee. Thank the witnesses for being here and
for your testimony.
I am, too, a proud sponsor of the USA Freedom Act and
really associate myself with the remarks of my colleague, Mr.
Sensenbrenner, and hope the urgency of action is clear to all
of the witnesses and hopefully to our colleagues in the
Congress.
I share the view of many people that it is very difficult
for me to understand how the existing statute authorizes this
massive data collection of all Americans, and I am struggling
to understand how that authorization is provided in the
statute. But I want to ask a couple of very specific questions.
One is I think there has been testimony from all three
witnesses that there is not a lot of evidence, if any, that
this action, this metadata data collection, has led to the
interruption of a terrorist attack, but it has been useful in a
variety of different ways. And since the private industry holds
these records for 18 months, has anyone looked at in the
instances it has been useful what the time period has been? Has
it been beyond the 18 months? If we were to change that to 24
months, would we cover all of the useful moments and not have
to have the government collecting any of this data? Does anyone
know the answer to that?
Mr. James Cole. I think that is one of the factors that we
are trying to look at to see how long you need the data for.
This was one of the issues when the President said, and we
talked about cutting it down to 3 years instead of 5 years for
holding it, is one step. And we may look further to see what
the right amount of time is.
Mr. Cicilline. So with respect to the information we have
currently, the benefits of in these instances where it has been
useful, we do not know what that time period has been.
Mr. James Cole. We are looking into that.
Mr. Cicilline. Okay. The second thing I want to ask is, you
know, we have this very deeply held belief in this country that
the key parts to our justice system or two of the key parts are
an independent neutral magistrate or judge. The current system
allows the queries to be made by decisions made by someone
other than a judge. And one of those reforms that has been
recommended is that a FISA Court judge make that determination
as a result of hopefully some adversarial process so that
arguments can be made on both sides. That seems a very common
sense reform.
I would like to ask your thoughts about the national
security letters because it seems to me the same kind of
information can be collected through the national security
letters that do not require a judicial determination. And it
would seem to me that that would be a fairly easy reform to
implement that says these letters can broadly collect lots of
information without any judicial determination that it is
necessary or appropriate. Why not impose the same requirement?
And I know, you know, the argument always is, oh, it is too
much, you know. It will require lots of extra hours.
Setting aside the fact that it will be a lot of work for
some folks and that we are prepared to fund that, does it not
make sense that we ensure that there is a judicial
determination as to the propriety of the information sought
that can be quite broad? And I would like all three of you to
comment on that.
Mr. James Cole. First of all, you have to understand
national security letters are not as broad as other things,
other kinds of subpoenas, grand jury subpoenas, even
administrative subpoenas under the Controlled Substances Act or
215 authorities. It is more limited. That being said, it is
much like an administrative subpoena or a grand jury subpoena,
which does not involve any prior judicial approval before they
are issues. Any judicial involvement comes on the back end if
people do not comply with it.
And they are very routine. They are used----
Mr. Cicilline. But those grand juries--excuse me for
interrupting--those grand jury subpoenas require the
participation of grand jurors, of citizens, to make a
determination----
Mr. James Cole. They do not issue them themselves. There
usually can be just a blanket authority from the grand jury to
go issue----
Mr. Cicilline. But it requires action of citizens to
authorize it. In this case, the national security letters,
there is no participation of citizens. It can be a NSA official
that makes that determination with no either citizen
participation or judicial participation.
Mr. James Cole. Actually grand jurors usually do not
participate in the decision to issue a subpoena. They receive
the evidence that comes as a result of it and consider it, but
they do not usually get involved in the issuance of the
subpoena. That is usually done by the prosecutor.
Mr. Cicilline. So is it your position that having a
judicial determination of the national security letter request
is not appropriate? Would that not provide additional
protection against an intrusion into the privacy rights of
citizens with a de minimis kind of intervention by a judicial
officer?
Mr. James Cole. I do not think it would provide any
significant protection against privacy invasions for citizens.
There are still administrative subpoenas, grand jury subpoenas,
lots of things like that that go well beyond what a national
security letter can do. I do not see the point of it.
Mr. Cicilline. Mr. Swire?
Mr. Swire. Our report came out in a different place, and we
did recommend a judge. And in terms of the comparison with a
grand jury subpoena, here are two differences that are not
always stressed. One is that the NSLs stay secret under current
law probably for 50 years, and that is very different. And the
second way from what happens in a criminal investigation where
if there is a problem with the investigation, the criminal
defendant and his or her lawyer find out about it quickly, and
that is a check on over reach.
With NSLs, the person who is being looked at does not get
that kind of notice, so you do not have a built in check
against using it too much.
Mr. Medine. Our board unanimously recommended that the RAS
determinations, reasonable articulable suspicion, immediately
go to the Court, after the fact, for judicial oversight of that
program.
Going forward, the only thing I would say is, because we
have not studied national security letters on our Board as yet,
to consider that we not make it a higher standard to collect
counterterrorism information than we do in ordinary criminal
cases, to look more broadly overall at how are these programs
operating.
Mr. Cicilline. Thank you. I thank you, and I yield back.
Mr. Goodlatte. The Chair recognizes the gentleman from
North Carolina, Mr. Holding, for 5 minutes.
Mr. Holding. Thank you, Mr. Chairman. Mr. Swire, with
private parties holding metadata, what kind of liability do
those private parties have for any misuse of the metadata?
Mr. Swire. So a phone company today, if it is hacked into
or if they turn it over when they are not supposed to turn it
over?
Mr. Holding. First, you know, if they are hacked into, I
guess there would be some determination as to whether they have
taken adequate steps to protect the data. So what liability do
they have there? What liability do they have if they turn it
over to the government, and for some reason the government
misuses it? Are there any immunities that these third parties
have?
Mr. Swire. So there is not an immunity if they lack
reasonable security. Most of them have privacy policies where
they said they are going to use reasonable security measures.
The Federal Trade Commission or the Federal Communications
Commission could bring a case against it. Private tort suits
have not succeeded mostly, but the government could come in.
When it comes to the second part, I think that comes up
with the scope of the immunity that Congress included in the
law the last time around. I do not know all the contours of
that, but it is quite immunity is my understanding.
Mr. Holding. And, of course, if we set it up so these third
parties are retaining this information for a longer period of
time, I assume that they would want additional assurances of
immunities.
Mr. Swire. I predict they would want that, yes.
Mr. Holding. Mr. Cole, you would certainly agree that we
live in a dangerous world.
Mr. James Cole. I am sorry?
Mr. Holding. We live in a dangerous world.
Mr. James Cole. Yes, we do.
Mr. Holding. And the dangers are overseas, and they are at
home.
Mr. James Cole. That is correct.
Mr. Holding. There are plenty of people who wish us great
harm. And in the years subsequent to 9/11, the danger may have
changed, but I do not think the danger has diminished.
Mr. James Cole. That is correct.
Mr. Holding. In fact, it may have increased.
Mr. James Cole. It has become different, and it has become
a lot more difficult to detect.
Mr. Holding. And you have mentioned several times and the
other Members have mentioned several times about the use of the
metadata in 215. And, you know, some people pointed out that,
you know, no criminal case has been brought, you know, on the
basis of metadata queries. But you pointed out that it is a
part of a fabric of an investigation. I would like to think of
it as a mosaic when you are putting together an investigation,
whether it is public corruption, or a sophisticated drug
conspiracy, or indeed, you know, a terrorism investigation.
I want to give you a few minutes to spin a hypothetical
based on your experience as a prosecutor and as, you know,
someone who oversees a lot of investigations, a hypothetical
where the Section 215 metadata is used as a piece of that
mosaic. And to give some context to the conversations, you
know, that we have had back and forth, and kind of what that
mosaic looks like.
Mr. James Cole. Well, obviously there is any number of
different ways it could play out. But one possible scenario is
you have reasonable articulable suspicion that a certain phone
number is connected with a certain terrorist group, and you
then inquire about it, and you see calls to and----
Mr. Holding. Now let us back up a little bit. And how would
you come about one of these telephone numbers?
Mr. James Cole. Well, that could be from any number of
other sources of intelligence, and without going into too much
detail, there is a lot of information that feeds in that helps
inform how we come to those conclusions if there is, in fact,
reasonable articulable suspicions. But it has to be documented.
It is not just something that is floating in the air. It has to
actually be written down so somebody can read it, look at. A
supervisor can determine that, in fact, it is reasonable
articulable suspicion, and authorize the inquiry to be made.
At that point, we just have the phone number. We then look
at who that phone number has called, and we may see that there
are a number of calls to another number. At that point, we do
not know who that is, but we may then give that information to
the FBI. They may then through a national security letter or
something else determine who that number belongs to. They may
then be able to look at other holdings that they have and other
information they have that indicates that that other number is,
in fact, somebody that they have been investigating for
terrorism. And then they start putting that together, and the
investigation starts to blossom from there. That is one of the
ways that this could play out.
Mr. Holding. So the metadata may not be the smoking gun,
but it certainly puts not only a piece of the mosaic, but it
might be like the cement that kind of puts the mosaic together,
hooks it to another part.
Mr. James Cole. It is tip or a lead. It starts the process
going.
Mr. Holding. Thank you. Mr. Chairman, I yield back.
Mr. Goodlatte. I thank the gentleman, and the Chair
recognizes the gentleman from Georgia, Mr. Collins, for 5
minutes.
Mr. Collins. Thank you, Mr. Chairman. I appreciate the
time. And I am probably not going to spend the whole time
because one of the things that I want to focus on here is
probably the question, is I think from the sense--Mr. Cole, you
have been here many times, and we have had these conversations.
Others have been here as well. Today the Committee, especially
Judiciary, reminds me more of a P90X workout. One side you are
going hard for 5 minutes, and then the next time, whew, I rest
for 5 minutes. [Laughter.]
Hard for 5 minutes, rest for 5 minutes. And what happens
here is you see a unilateral sort of discussion and
understanding that what we have that nobody is comfortable
with. They are not. They do not want to put our national
security at risk. Nobody on this panel, nobody in this
Congress, and many people in the country, they do not want to
put--but they are also very uncomfortable with the collection.
They are very uncomfortable with the way it has been dripped
out of this is what is happening now, this is what is happening
now, 2 weeks later here is what is happening. By the way, we
are now angry birds, you know. Whatever it is, it is just
dripping out.
And so, every time we begin to maybe put a hold on it, it
becomes a deeper problem with another revelation, and some of
that was definitely not intended. Some of that was leaked
maliciously, and I recognize all that. And from my part of
Georgia, people understand national security. They understand
patriotism. That is not the problem. What they do not
understand is a loss of trust in the government, frankly a loss
of trust in this Administration, a loss of trust.
So what I really would like to focus on just for a moment,
and if you have a lot you want to say, great. If you do not,
then that is okay. But I think we have discussed a lot of
specific recommendations. We have talked about have you found
out, have you showed it. The mosaic, as my dear friend from
North Carolina talked about, about investigations. But mine
goes back to an essential question that this Congress will have
to ask, and I believe it is the only reason that the President
came out and said we need to change this, we need to look at
this, is because, frankly, the poll numbers are bad. You have
been looking at this for 5 years. You knew it for 5 years. And
now it is, well, this is getting bad, we need to get ahead of
this, let us show leadership, the whole crowd is up there, let
me run in front and lead. The problem is trust.
So my question as we look at this, no matter what
recommendations may come here, and I have associated with many
on both sides of the aisle of the problems that we have, is in
my district and in many others, NSA has become not a three-
letter word, but a four-letter word. It has become something
that they just do not understand and they do not trust anymore.
So my question is, no matter what recommendations we give--
any of you want to talk about it--for just a moment, how do we
restore that? And that is the basic question here. How do we
restore trust?
Mr. James Cole. Congressman, I think you raise a very, very
important point, which is trust. We come to this through years
of both Republican and Democratic Administrations where the
intelligence community has determined that it is appropriate to
classify a lot of things information that we are now talking
about in open hearings. And they had a good faith determination
at the time that it should be classified for the national
security and safety of our country.
It is out, and we are talking about it. And the American
people deserve to have answers, and they deserve to have a
level of transparency that makes them comfortable about these
things. And I think that this Administration, quite frankly,
has taken the bull by the horns, and these are not easy issues.
These are not easy resolutions. These are not easy balances to
find. But this Administration has gone very far in trying to be
transparent, in trying to bring these programs back into line,
in trying to balance how far we can go, how transparent we can
be, how many civil liberties and privacy interests we have to
respect, and how much of the national security side we have to
respect, and where that balance is. And these are tough
balances.
You are not going to do it overnight. You are not going to
sit there and say, oh, that is easy. Let us just go over and
disclose all of this, or let us just not collect this
information. These are things that if you do not collect it and
something blows up, people are going to be very angry. But
these are also things that if you do over collect, and you do
over classify, and you do inhibit people's civil liberties,
they are going to be upset about that, too. So we have to find
that balance, and I wish it were easier, but it is not.
Mr. Collins. And, look, I respect that, and you have been
up here, and you are an advocate of what the Administration is
doing, and I get that. But I think the trust factor is the
biggest issue, and I think it was not grabbing the bull by the
horns. I think it was grabbing a microphone and saying I will
make you feel better, and I understand that. But at the same
point, it does not go to the heart of the question. It does not
go to that trust issue on how we in this Congress can explain
that, and how the Administration can make it look more instead
of a public appearance and we are going to PR, how we actually
solve this.
Look, I respect everyone. Thank you for being here. But
that goes back to the real issue. This is a trust issue. We can
do the recommendations, but we have got to get back to trust,
and we just do not have that trust right now.
Mr. Chairman, I yield back.
Mr. Goodlatte. The Chair thanks the gentleman, and the
Chair thanks all of our witnesses on this first panel. You have
taken a large number of questions, and we appreciate the input
to the Committee.
I want to ask unanimous consent to place the following
documents into the record: Annex A of the PCLOB report,
separate statement of board member Rachel Brand; Annex B of the
PCLOB report, separate statement of board member Elizabeth
Collins Cook; comments of the judiciary on proposals regarding
FISA; a letter written by the Honorable John D. Bates, director
of the Administrative Office of the United States Courts on
January 10, 2014;* Presidential Policy Directive Number 28, the
President's directive regarding signals intelligence issued
January 17, 2014.**
---------------------------------------------------------------------------
*The corrected date of the submitted letter is January 13, 2014.
**See Appendix for submitted material.
---------------------------------------------------------------------------
I want to thank all the members of the panel, and you are
excused. And we will----
Mr. Nadler. Mr. Chairman?
Mr. Goodlatte. Yes?
Mr. Nadler. May I ask unanimous consent that we admit into
the record the entirety of the PCLOB report since the
dissenting views are going be----
Mr. Goodlatte. Without objection, that will be made a part
of the record as well.***
---------------------------------------------------------------------------
***The PCLOB report document submitted for the record is not
reprinted here but can
be accessed at: http://www.pclob.gov/SiteAssets/Pages/default/PCLOB-
Report-on-the-Telephone-Records-Program.pdf.
---------------------------------------------------------------------------
Mr. Nadler. Thank you.
Mr. Goodlatte. And we thank all of our panelists.
Mr. James Cole. Thank you, Mr. Chairman.
Mr. Goodlatte. And we will move onto to the next panel. We
are expecting a vote soon, but we want to keep moving.
[Pause.]
Mr. Goodlatte. We welcome our second panel today, and if
all of you would please rise, we will begin by swearing you in.
[Witnesses sworn.]
Mr. Goodlatte. Thank you very much. Let the record reflect
that all of the witnesses answered in the affirmative.
Our first witness of the second panel of witnesses is Mr.
Steven G. Bradbury, an attorney at Dechert, LLP, here in
Washington, D.C. Formerly, Mr. Bradbury headed the Office of
Legal Counsel in the U.S. Department of Justice during the
Administration of George W. Bush, handling legal issues
relating to the FISA court and the authorities of the National
Security Agency.
He served as a law clerk for Justice Clarence Thomas on the
Supreme Court of the United States and for Judge James L.
Buckley of the United States Court of Appeals for the D.C.
Circuit. Mr. Bradbury is an alumnus of Stanford University and
graduated from Michigan Law School.
Our second witness is Mr. Dean C. Garfield, president and
CEO of the Information Technology Industry Council, a global
trade association that is a voice advocate and thought leader
for the information and communications technology sector.
Previously, Mr. Garfield served as executive vice president and
chief strategic officer for the Motion Picture Association of
America.
Mr. Garfield is a regular contributor to the Huffington
Post and has been featured in several national and
international publications representing the ICT industry. Mr.
Garfield holds degrees from Princeton University and New York
University School of Law.
Our third witness is Mr. David Cole, a professor of law at
Georgetown University Law Center. He is also the legal affairs
correspondent for The Nation and a regular contributor to the
New York Review of Books. He is the author of seven books.
Mr. Cole previously worked as a staff attorney for the
Center for Constitutional Rights from 1985 to 1990 and has
continued to litigate as a professor. He has litigated many
constitutional cases in the Supreme Court. Mr. Cole received
his bachelor's degree and law degree from Yale University. Mr.
Cole has also received two honorary degrees and numerous awards
for his human rights work.
I want to thank you all for being here today. We ask that
each of you summarize your testimony in 5 minutes or less, and
to help you stay within that time, there is a timing light on
your table. When the light turns from green to yellow, you will
have 1 minute to conclude your testimony. When the light turns
red, it signals the witness' 5 minutes have expired, but I
think you all know that.
And I thank you all. And we begin with Mr. Bradbury.
Welcome.
TESTIMONY OF STEVEN G. BRADBURY, DECHERT, LLP
Mr. Bradbury. Thank you, Mr. Chairman.
The independent judges of the FISA court have repeatedly
upheld the legality of the NSA programs, and the President has
strongly affirmed that they remain necessary to protect the
United States from foreign attack. While I welcomed the
President's defense of the programs in his recent speech, I'm
disappointed that he decided, evidently at the last minute, to
pursue changes in the telephone metadata program recommended by
his review group.
The President wants to move the metadata into private
hands. I don't believe that's workable, not without seriously
affecting the operation of the program and creating new data
privacy concerns.
The current program allows NSA to combine data from
multiple companies into a single, efficiently searchable
database and preserve it for historical analysis. This database
is among the most effective tools we have for detecting new
connections with foreign terrorist organizations. Moving this
database outside NSA would require ceding control to a private
contractor, since no single phone company has the capacity to
manage all the data.
Putting a private contractor between NSA and the data would
compromise the utility and responsiveness of this asset. It
would also reduce the security of the data. Today, the database
is kept locked down at Fort Mead, with access strictly limited
by court order and stringent oversight. If it were outsourced
to a contractor, the data would likely reside in a suburban
office park on much less secure servers.
It would be vulnerable to privacy breaches and cyber
incursions from foreign governments and terrorist groups. It
could be exposed to court-ordered discovery by litigants in
civil lawsuits, and the contractor's employees would be much
less subject to direct oversight by the executive branch, the
FISA court, and Congress. Those are not desirable outcomes.
The President also intends to require FISA court approval
of the reasonable suspicion determinations before NSA could
query the database. This change moves us back toward the pre-9/
11 approach. It will inevitably hamper the speed and
flexibility of the program, particularly if it requires
separate court approval of each query, and it will place a
substantial new burden on the FISA court. Requiring the
involvement of lawyers and court filings will impose a
legalistic bureaucracy on a judgment call more appropriately
made in real time by intelligence analysts.
Finally, the President ordered NSA not to analyze calling
records out to the third hop from the seed number, something
the NSA only does when there's a specific intelligence reason.
Why should we needlessly forego these potentially important
intelligence leads?
Beyond the changes endorsed by the President, I urge this
Committee to reject most of the other major proposals for
curtailing FISA. The most sweeping proposal would restrict the
use of Section 215 to individual business records directly
pertaining to a specific person.
A similar proposal would limit NSA to conducting queries of
the telephone calling records only while the data is retained
by the companies in the ordinary course of business. These
restrictions would kill the metadata program by denying NSA the
broad field of data needed to conduct the necessary analysis.
At the same time, denying NSA the ability to access
metadata in bulk would preclude the historical analysis of
terrorists' calling connections, which is among the most
valuable capabilities of the 215 program. Any requirement to
shorten the data retention period would degrade our ability to
discover important historical connections.
One further proposal would attempt to convert FISA into an
adversary process by establishing some form of public advocate.
This proposal would raise significant constitutional concerns,
both if the President is required to share sensitive national
security secrets with an adversary and if the public advocate
were given the power to oppose each FISA application and to
appeal a decision of the FISA court.
Such an officer would lack the Article III standing
necessary to initiate an appeal and would occupy a gray zone
outside the three branch framework established in the
Constitution.
Instead of creating a formal office of public advocate, the
President wants to set up a panel of pre-cleared outside
advocates who could be called upon by the FISA judges to submit
amicus briefs on significant questions. This proposal is less
objectionable if it leaves to the FISA judges the decision to
call for amicus input and preserves the President's discretion
to decide whether the amicus gets access to classified
information.
Of course, any requirement that an outsider be granted
access to the intelligence information available to the court
will chill the executive branch's willingness to disclose the
most sensitive details relevant to FISA applications. As the
FISA judges recently pointed out, this disincentive would
threaten the relationship of trust between the Justice
Department and the FISA court, something this Committee should
strive to avoid.
Many of these reforms, Mr. Chairman, run the risk of re-
creating the type of cumbersome, overlawyered FISA regime that
proved so inadequate in the wake of 9/11. If our Nation were
attacked again, I am concerned that a future President may feel
the need to fall back on Article III authority to conduct the
surveillance necessary to protect the country, and I don't
think any of us would like that outcome.
Thank you very much.
[The prepared statement of Mr. Bradbury follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
__________
Mr. Goodlatte. Thank you, Mr. Bradbury.
Mr. Cole, welcome.
TESTIMONY OF DAVID COLE,
GEORGETOWN UNIVERSITY LAW CENTER
Mr. David Cole. Thank you, Mr. Chairman, Ranking Member,
for inviting me here to testify.
I want to make three brief points in my opening remarks.
First, that technological advances employed by the NSA raise
substantial privacy and liberty concerns and demand new legal
responses if we are not going to forfeit our privacy by
technological default. Second, that Congress is particularly
well situated to adopt rules to protect Americans' privacy in
the digital age. And third, that the USA FREEDOM Act, sponsored
by Representative Sensenbrenner and Senator Leahy, is an
excellent start toward restoring the privacy and the
accountability that has been infringed by NSA practices.
First, the NSA metadata program illustrates the profound
threat to our privacy and to our associational freedoms brought
on by the capabilities of the digital age. At the time of the
framing or even 50 years ago, if the Government wanted to know
what we read, what we listened to, who we spoke and associated
with in the privacy of our home, they would have to get a
warrant based upon probable cause.
Today, virtually everything we do in the home and out,
including what we read, with whom we associate, where we go,
and even what we are thinking about leaves a digital trace that
reveals the most personal details of our lives.
According to the Administration's interpretation of Section
215, there is no limit on the Government getting these digital
details of our lives, whether they be phone records or email
records or Internet browsing data records or business or bank
records. There is no limit on their ability to get them because
they might at some point be useful to search through for a
connection to terrorism.
According to the Government's reading of the Fourth
Amendment, the Fourth Amendment provides no constitutional
limit on the Government's ability to get all of this data about
all of us because, by sharing it with Google or AT&T or
Verizon, we have forfeited our--any interest in privacy that we
might have.
But many people who have looked at this problem, including
President Obama, including the President's review group,
including the Privacy and Civil Liberties Oversight Board,
including Justice Alito, including Justice Sotomayor, and
including Justice Scalia, have said and acknowledged that when
technology advances in this way, it is critical that we adapt
our laws to ensure that we retain the privacy that we had at
the time of the framing.
We're in a brave new world. And unless we adapt our laws to
reflect that fact, we will effectively forfeit the privacy that
is so critical to our own human relations and to a free and
open democracy.
Second, Congress is well situated to act. As Justice Alito
said in the Jones case, a legislative body is well situated to
gauge changing public attitudes, to draw detailed lines, and to
balance privacy and public safety in a comprehensive way. When
it comes to adjusting law to deal with advances in technology,
Congress has historically done so, and it has historically done
so where the Supreme Court has either declined to protect
Americans' privacy or failed to address sufficiently Americans'
privacy.
So when the Supreme Court said the Fourth Amendment does
not protect the privacy rights of people vis-a-vis pen
registers, Congress responded by enacted statutory limits on
the Government's use of pen registers. When the Supreme Court
said we have no privacy rights in our bank records, Congress
responded by enacting the Right to Financial Privacy Act. FISA
itself imposes restrictions on the Government's ability to
gather information that the court has not yet said is
constitutionally protected.
That intervention is necessary here because the
Administration has essentially interpreted Congress' prior law
to give it carte blanche. I was around when we debated the
changes on the PATRIOT Act, and I am absolutely certain that
had the Administration come to Congress and said we'd like to
amend the business records law, which at that time allowed the
Government to get records on specific targets, and we'd like to
amend it by giving us the authority to get records, phone
records and other business records on literally every American
and amass them in a single database and keep them for 5 years,
there is no way that this Committee would have approved of
that. There is no way that this Congress would have approved of
that.
And yet that's the interpretation that the Administration
has put on this law in secret. And therefore, I think it's
critical that Congress respond, and I think the USA FREEDOM
Act, by ending dragnet collection and requiring a nexus between
business records sought and terrorism investigations, is the
best way to go.
Thank you very much.
[The prepared statement of Mr. David Cole follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
__________
Mr. Goodlatte. Thank you, Mr. Cole.
Mr. Garfield, I don't know how the introductions and the
seating got reversed there. Our apologies to you, but you get
the last word of the testimony. Then we are going to take a
recess to go vote, and we will come back and ask questions of
all members of the panel.
TESTIMONY OF DEAN C. GARFIELD,
INFORMATION TECHNOLOGY INDUSTRY COUNCIL
Mr. Garfield. Thank you, Chairman Goodlatte, Ranking Member
Conyers.
On behalf of some of the most dynamic and innovative
companies in the world, we thank you for hosting this hearing
and for inviting us to testify.
My testimony today will be infused with a healthy dose of
humility because we recognize that the phrase, ``We don't know
what we don't know,'' is particularly apt in the area of
national security. That being said, given the multinational and
multisectoral nature of the tech sector and our business, we
know we have something important to contribute to this
conversation.
As you instructed, rather than repeating my written
testimony, which has been submitted for the record, I'll focus
on the economic impact; second, the societal implications; and
then, third, offer some solutions.
With regard to the first, the economic impact is
significant and ongoing. We live in a world where innovations
that were previously the province of your imagination or solely
the movies are now found in technology that positively impact
all of our everyday lives.
Those innovations are not just cool and potentially
lifesaving. They have positive economic benefit, with the
United States benefiting significantly.
By way of example, the data solutions industry, which is
fast growing, is expected to create over 4 million new jobs in
the next 3 years. Nearly a third of those jobs are expected to
be created in the United States, which we all benefit from.
Unfortunately, because of the NSA disclosures, ``made in
the USA'' is no longer a badge of honor, but a basis for
questioning the integrity and the independence of U.S.-made
technology. In fact, a number of industry experts have
projected that the losses from the NSA disclosures in the cloud
computing space alone will be in the tens of billions of
dollars.
Second, with regard to the societal implications, the
impact is significant there as well. Many countries are using
the NSA's disclosures as a basis for accelerating their
policies around force localization and protectionism. We've all
read about what's happening in Brazil and their efforts to
create a walled garden around their data.
Brazil is not alone. Some of our other allies, including
Europe, are questioning the safe harbor that enables cross-
border data flows. As well, many European countries are
advocating the creation of country-specific clouds.
If that is able to proceed and turns into a contagion, we
run the real risk of going down the path of a Smoot-Hawley like
protectionist downward spiral that dramatically impacts U.S.
businesses and actually impacts businesses all around the world
and transfer what is an open, global Internet instead into a
closed, siloed Internet, which is not something that none of us
would like to see.
Congress is in a great position to avoid that, and so I'll
turn to solutions. I offer 3 sets of solutions that build on 8
principles that we released 2 weeks ago.
First, we think that additional transparency is critical.
The previous panel spoke to some of the steps that have
recently been taken by the Justice Department to enable greater
disclosures. We view those steps as a positive step forward but
still think that legislation is necessary to cement those gains
and to build on them.
Second, we think greater oversight is also very important,
and developing a framework that enables a civil liberty
advocate to be a part of the FISC court process--I'm sorry, the
FISA court process is also important.
The last round of questions for the first panel revolved
around trust, and we think that rebuilding trust is also
critically important. And there are a number of steps we can
take in that regard.
One is around the standard-setting processes around
encryption. The NSA disclosures have significantly undermined
the encryption standard-setting process, and the President in
his speech passed on the opportunity to affirm the integrity of
those processes. We think that it's critically important that
that occur.
Second, and finally, the issue that's been much debated in
the first panel around Section 215. We think the work that
you're doing today and, hopefully, will do in the future around
examining and reexamining 215 is critically important. In
addition to considering national security, we would advocate
considering other factors, including economic security, civil
liberties, cost, as well as the impact on our standing with
U.S. citizens and around the world.
Those same factors are equally apt as we consider whether
that data should be stored by a third party.
Again, I thank you for this opportunity and look forward to
your questions.
[The prepared statement of Mr. Garfield follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
__________
Mr. Goodlatte. Thank you, Mr. Garfield.
The Committee will stand in recess, and we will return as
soon as these votes are over to begin the questioning.
[Recess.]
Mr. Goodlatte. The Committee will reconvene. We are missing
one of our witnesses. We will go ahead and start with you, Mr.
Bradbury, and I am sure we will be joined by Mr. Garfield
shortly. There he is. You were safe. We were starting with Mr.
Bradbury anyway.
Do you see any legitimacy in Justice Sotomayor's concern
that there is a cumulative effect to the data collected? Does
the evolution of technology necessitate a reevaluation of the
concept of a legitimate expectation of privacy?
Mr. Bradbury. Well, first, Justice Sotomayor in the Jones
case was not addressing anything like the telephone metadata
program. There was a criminal investigation targeted at a
specific individual where they were tracking him around, and
they put a device on his car, and they were collecting data
about everywhere he went and everything he did. It was focused
on a dragnet, if you will, on that particular individual. And
there is nothing like that here. The only focus in this program
in this program is on terrorist groups and their connections.
Number two----
Mr. Goodlatte. Well, let me just interject there because I
understand that concern, but I think the concern that a lot of
Americans have is that while that is the purpose and intent of
this, the collection of data, which as we know technology today
allows us to do pretty incredible things, and not just the
government, but it is certainly done in the private sector. It
is done in presidential elections, for example, to mix data and
come up with very, very informative facts from the advanced use
of technology. And the long-term storage of that data at the
same time is, I think, whether it is what she is concerned
about or what many of us are concerned about.
Nonetheless, I know it is a concern of many of my
constituents that when you put those two things together, there
has to be a much greater degree of trust in what government is
going to do with that data over an extended period of time.
Mr. Bradbury. Certainly that is true, and I think it is
important for Congress and an appropriate role for Congress to
study if statutory changes are appropriate with regard to
developments and the use of data and the creation of data and
data records.
But the same concern, which I think is a hypothetical
concern about the potential for abuse, would apply to broad
data collections that are all done by all manner of Federal
regulatory agencies under subpoena authorities, administrative
subpoena powers, that are based on the exact same language of
this statute, but that do not involve----
Mr. Goodlatte. But let me point out one difference, and it
really goes to my next question. And that is, do you believe it
is possible that because the FISC operates in secrecy and all
those other agencies you cite, and you are correct about that,
they do not operate in secrecy. Is it possible for the
evolution of the law in that court to become so ossified or to
go off track because it does not get challenged in the same way
that regular Federal courts, or Federal regulatory process for
that matter, are challenged? And if so, what would be the
damage in having a panel of experts, maybe like yourself,
available to argue a counterpoint to make sure that the FISC
has all points of view?
Mr. Bradbury. Well, I do think that there is nothing wrong
or objectionable, as I have indicated, with a panel of experts
that could be called upon as amicus to provide views on a
difficult question, provided the constitutional issues I
identify could be addressed.
But the other agencies I mentioned do not have to go
through a court, so there are no court decisions unless the
subject of an administrative subpoena challenges it in court,
which is rare because this standard is so generous to those
agencies. So the Securities Exchange Commission, Federal Trade
Commission, Consumer Financial Protection Bureau, they get vast
amounts of data about transactions affecting private interests
of Americans in vast quantities.
Now, I am not saying it is the same quantity as here, true.
But here, the interests are very different. They are the
protection of the Nation from foreign attack. That is the
paramount mission of the National Security Agency. The reason
for the secrecy in the FISA process is because it involves the
most sensitive national security secrets and threats to the
country. It simply cannot be exposed.
Mr. Goodlatte. I understand that, but there is an element
of trust here that will ultimately cause this to fail unless
the American people believe that what the protections are
available to them are actually being asserted and exercised in
the judicial process. And they do not get to see that like they
do in other proceedings. And your point is well taken about
those other agencies. Maybe we should be looking at what they
do with their data as well.
But finally, let me ask you, do you believe that the
government acquisition of third party data should be permitted
indefinitely, or should there be some limit on how much of this
data should be permitted?
Mr. Bradbury. Well, in terms of time limit, the government
does impose a time limit if the court order includes a time
limit that requires all this data to be deleted, purged, after
5 years. The reason they chose 5 years, it is a standard time
in the NSA programs because it is an important period to look
back and do historical analysis. We know there was a cell
operating in a particular operation 3 years ago. We see a new
number now. It is important to know if it----
Mr. Goodlatte. There is always an example of, you know, if
you saved it further. I think it declines, however,
exponentially, for example, the example of the Boston bombing.
The data that was used to determine whether he had phone
contacts with people that might be engaged in a conspiracy that
we are going to launch another attack, which his certainly a
concern that law enforcement and the general public would have,
would not need to have storage for 5 years.
But let me just also suggest that it is not just about the
length of time. The gentlewoman from California asked the
question of the first panel related to what is the limit on
what kind of data can be gathered. It is not just telephone
data. It is not just financial services data. It could be
almost anything. And, therefore, when you put together that
wide array of data over an extended period of time, there
becomes a great deal of mistrust about how this system could be
abused.
Mr. Bradbury. Yes, and I think once the disclosures were
made and this became the subject of public debate--I think it
is a healthy debate--I think it was incumbent on the President
to come out early and often to explain to the American people
the nature of the program, the limitations, the lack of abuse,
and to defend the program. I was happy to see that he did that
in his speech on the 17th. I think that came a little late in
the day, and unfortunately it was combined with a decision to
change the program in material respects.
So I think it is first the role of the President to defend
these programs. And second, I think the Chairs and Ranking
Members of the intelligence committees that oversee the
programs have an important role in terms of explaining and
defending the programs.
Mr. Goodlatte. Thank you. I am going to ask one more
question, and that is directed to you, Mr. Garfield. Can you
list for us the problems that your member companies anticipate
they will face if they are required to store all the data the
NSA is currently storing?
Mr. Garfield. It would probably be a long list, but we have
talked about many of them. Some of them include having to keep
data that goes beyond the business purpose of that data, the
time period for keeping it that extends beyond the time period,
security concerns, cost concerns, as well as the broader
concern around trust, which is a critical component of how we
operate in the tech sector.
Mr. Goodlatte. Thank you. The Chair recognizes the
gentleman from Michigan, Mr. Conyers, for 5 minutes.
Mr. Conyers. Thank you, Mr. Chair. In her concurrence in
U.S. v. Jones, Justice Sotomayor wrote this: ``It may be
necessary to reconsider the premise that an individual has no
reasonable expectation of privacy in information voluntarily
disclosed to third parties.'' Well, here is where that leads
us: your phone number, the website address, the email address,
the correspondence with the internet service providers, the
books, groceries, and medications that we purchase online
retailers, and so forth and so on.
How should we, Professor David Cole, how we should we
rethink the right to privacy in what Justice Sotomayor called
the digital age?
Mr. David Cole. Thank you, Representative Conyers. I think
that Justice Sotomayor is onto something. I think Justice Alito
said much the same thing. He did not speak specifically to the
third party disclosure rule, but he did speak specifically to
the risks to our privacy that are posed by the fact that the
government has technology today that allows it to learn
information about all of us without going through the steps
that were required at the time that the Constitution was
adopted. And historically, the Fourth Amendment has been
adapted to deal with those kinds of technological advances,
whether it is the phone, or the use of the beeper, or the use
of a GPS, or the use of a thermal imaging device.
So I think the Supreme Court can and should recognize that
in the modern era, there is a difference between my voluntarily
sharing information with, say, Mr. Bradbury and, therefore,
voluntarily assuming the risk that he will turn around and
provide that information to the government. That is a voluntary
risk that assume.
There is a difference between that and the fact that to
live in the modern age today you necessarily have to share
information with businesses. Every place you walk, you are
sharing with the cell phone company where you are. Every time
you make a search on the internet, you are sharing with Google
what you are thinking about. Every time you send an email, you
are sharing with Google or your internet service provider who
your friends are, who you are addressing.
And the notion that we somehow as Americans have
voluntarily surrendered our privacy and all that incredibly
intimate detail is probably telling about what we think and
what we do than anyone who knows us knows about us. I mean, I
do not think my wife knows as much about me as my computer
knows about me, and yet if you adopt a third party disclosure
rule without any change to recognize the advance in technology,
you have just forfeited privacy.
But that is for the Supreme Court. I think even if the
Supreme Court does not change the rules, this Congress can
recognize that Americans demand more privacy than that. And as
I said in my opening and as I say in my written statement,
Congress has frequently done that. And I think this is an
appropriate time to do that yet again to protect the privacy
that all Americans deserve.
Mr. Conyers. What do you think of the USA Freedom Act that
I worked with both our U.S. Senator Leahy and with our former
Chairman, Jim Sensenbrenner? Do you think that----
Mr. David Cole. I think that is precisely the type of
response I think that is needed and that is justified because
what it does is it says we are going to end the notion that the
government, simply by calling something business records and
claiming that at some point in the future they may want to look
through those business records, the government can collect
everybody's records. Instead, what the USA Freedom Act says is
the NSA, the FBI, they can collect records if they demonstrate
that those records have a nexus either to a target of an
investigation--a suspected terrorist or a foreign agent--or to
a person known to or associated with that target.
That seems to me a perfectly reasonable and tailored
response. Indeed, I think that is how the Administration sold
what they were asking Congress to do when Section 215 was
amended with the PATRIOT Act. And again, as I said in the
opening, I do not think anybody in Congress thought when they
said we are going to allow you to get relevant records that are
relevant to an authorized investigation. I do not think a
single Member of Congress thought what we meant by that is
there are no limits on the business records that you can get.
You can get records on every American, every phone call without
any showing of any connection to terrorism. That is clearly
unacceptable in terms of protecting the privacy of Americans.
The USA Freedom Act protects that privacy. It ensures that
security interests are balanced by giving the government the
ability to get those records where it has a basis for
suspecting that a person has that nexus.
Mr. Conyers. Thank you so much. I have got a question for
Mr. Dean Garfield, but I am going to give it to him and ask him
to submit it in writing so it will go in the record.
Thank you, Mr. Chairman.
Mr. Goodlatte. Thank the gentleman, and the Chair
recognizes the gentleman from Alabama, Mr. Bachus, for 5
minutes.
Mr. Bachus. Thank you. First, Professor Cole, I am a part
of a bipartisan group that is looking at sentencing reform,
which is a different area. We are not dealing with that today,
but I know you have been very active in advocating for changes
in our criminal justice system, and I applaud you for that.
Mr. David Cole. Thank you.
Mr. Bachus. And I will ask the first question to you. It is
not just the technology that has changed over the last 30 or 40
years. It is really the amount of information out there. We
share so much information on Facebook, Tweeter, or Twitter,
InstaGram. You know, that information is there in the public
realm. I think Smith v. Maryland, those cases that were decided
in the 70's and 80's on privacy and our expectations on
privacy. How does the fact that there is so much more
information out there, and we are sharing so much more
information, how does that affect our expectation of right to
privacy or how should it?
Mr. David Cole. Well, I think that is the key question, and
I think the answer may lie in the decision of Justice Alito in
the Jones case where he says that there is a difference between
following a car from point A to point B in public. You do not
have an expectation of privacy with respect to your going from
point A to point B in a car in public. There is a difference
between that and using a GPS to follow that car from point A to
point B to point C to point D to point E to point F all the way
to point Z, 24/7 for 28 days. You are still in public, but the
notion that the government could have followed you 24/7 for 28
days without the technology, it just could not have. It would
have cost remarkable resources they would not have. And Justice
Alito says, therefore, people had a reasonable expectation of
privacy with respect to that information because it was just
onerous for the government to collect it.
The same thing is true with all this information. You know,
we generate all this information, but what has changed is that
now every time we make a decision and take an action, it
generates a digital record. And now we have computers that have
the ability to collect and amass all of that data and to
examine it for connections and ties, which tells whoever is
looking, whether it be the NSA, or the FBI, or the IRS, whoever
is looking, tells them a whole lot more about an individual
than they ever possibly could have known before the advent of
this technology and before the blossoming of these digital
traces.
And, you know, it seems to me that both the Constitution,
the Fourth Amendment doctrine, and the statutory law of this
Congress needs to be adapted to recognize that fact. Otherwise,
as Justice Scalia said in the Kyllo case involving thermal
imaging devices, we will simply forfeit our privacy to advances
in technology.
We have a choice, and the choice is whether we want to
preserve our privacy or not. It does not go automatically. It
goes if we let it go. And Congress has the power to stop it.
Mr. Bachus. Okay. Mr. Bradbury, would you like to comment?
Mr. Bradbury. Well, I think there is a big difference
between what has been referred to as the third party doctrine,
records being held by a third party, and the notion that
metadata, which is transactional data, simply data about
communications, not the content of the communications, is not a
search because there is not a reasonable expectation of
privacy. That is data created by a company to conduct its
business. And the people involved in the communications as
subscribers know the company is creating that record, that
data. It is not your personal record. It is not something that
includes the content4 of the communication.
There may be a communication that is stored in a cloud some
place and somebody might try to argue that is held by a third
party and it is not subject to protections. But this Congress
has given it protections under the Electronic Communications
Privacy Act and the Stored Communications Act. And I think
there is an argument that the Court would recognize it as
protected because it still includes the substance and private
communications. So I think there is a big difference between
that pure transactional metadata and every other kind of third
party stored data.
The last thing I would comment on, Congressman, is with
respect to the Jones case and what has been called the mosaic
theory is that at a certain point when you put enough
information about an individual together in an investigation,
voila, that becomes a search suddenly, I think that Court has
not gone there yet. There is a lot of scholarship about it and
discussion. But if the Court goes there, that could really
seriously interfere with criminal investigations of all kinds.
I mean, think about organized crime investigations where
the prosecutors who are investigating or the FBI puts up on the
wall an organization chart with the pictures of the members of
the organization and collects all kinds of public data about
the goings-on of those particular members of the organization.
Does that constitute a search that would require a warrant to
put that kind of profile together from all manner of public
available information? No, it cannot. If it does, then criminal
investigations would come to a halt.
Mr. Bachus. Thank you.
Mr. Goodlatte. The Chair recognizes the gentleman from New
York, Mr. Nadler, for 5 minutes.
Mr. Nadler. I thank the Chairman. Let me first observe that
because of the evolving technology, people may, in fact, if
they think about it, realize that the metadata on their phones
is in the possession of somebody, but still have an expectation
of privacy when they are using the phone because you do not
think about it in everyday terms. And if you did and you said,
gee, I do not want this in the public domain because it might
go into the public domain because the phone company is keeping
it for billing records and maybe because of something else, you
would have no privacy at all. So I think our law has to change.
Maybe for 40 or 50 years the expectation of privacy theory was
valid, you know, and was sufficient, but no longer as privacy
becomes more invaded.
But let me ask you the following, Professor Cole. You wrote
in your testimony, ``The bill would''--the bill, that is to
say, the USA Freedom Act--``would restore an approach to
privacy that is governed in this country since its founding,
namely the notion that the government should only invade
privacy where it has some individualized objective basis for
suspicion,'' which, of course, is not the bulk collection of
information under Section 215.
But you are describing exactly what we always wanted to do
to avoid the general warrant. The Fourth Amendment was written
specifically to say no general warrants. You have to describe
the thing to be searched. We do not want the king's officer to
be able to come and say show me everything based on nothing
except that you live in Boston.
What we have now, is this not the type of general warrant
that Section 215, the way it has been interpreted, precisely
the general warrant that the Fourth Amendment was enacted to
prevent?
Mr. David Cole. I think it is. I think that when you have
an order that says go out and collect literally every
American's every phone call record, how is that different from
a general warrant? It is not targeted. It is not predicated on
individualized suspicion. It is as expansive as a general
warrant, and that is precisely the concern that was raised.
Now, Mr. Bradbury says, well, but it is only getting
metadata, not content. I think that is a very evanescent----
Mr. Nadler. Because you can learn a lot from metadata.
Mr. David Cole. Well, and here is what Stewart Baker, who
is general counsel of the NSA, said about that. He said,
``Metadata absolutely tells you everything about somebody's
life. If you have enough metadata, you do not really need
content. It is sort of embarrassing how predictable we are as
human beings.''
Mr. Nadler. Okay. I thought the moment I heard about it, I
thought it was precisely the general warrant. And we certainly
had no intention of authorizing Section 215. And the FISA
Court, if it were not the kind of kangaroo court it is because
it only gets one side, and it is done in secret, probably would
not have decided it that way.
But let me ask you a second question. The review board
established by the President recommended, among other things,
that we harmonize the standards for national security letters
for Section 215 collection. This makes sense to me,
particularly as many of the standards for NSL's minimization of
initial approval process are less rigorous. What is your
opinion? Should we harmonize the standards by requiring that
NSL meet the same and presumably amended standards since it
will fix the problem that now exists with the Administration
and FISA Court's interpretation of what is relevant?
In other words, should we make the NSLs match 215, and, for
that matter, if we do, why bother having NSLs at all anymore?
Mr. David Cole. Right. Well, yes, I think they should be
harmonized. The USA Freedom Act would harmonize them and would
employ the same standard to define the nexus required to get
business records generally and the nexus required to get NSLs.
Right now, NSLs in Section 215 have the same standards.
It's just that it is this relevance standard which the
government has read to be meaningless. So the USA Freedom Act
would keep parity between----
Mr. Nadler. It would harmonize them?
Mr. David Cole. Huh?
Mr. Nadler. It would harmonize them.
Mr. David Cole. Right.
Mr. Nadler. Good.
Mr. David Cole. It is harmonized, yes. But I think it needs
to be harmonized and elevated to----
Mr. Nadler. Harmonized up, not down.
Mr. David Cole. Yes.
Mr. Nadler. Mr. Garfield, in the few seconds I have, last
week the government agreed to allow to Facebook, Microsoft,
Google, Yahoo, Apple, and other tech companies to make
information available to the public about the government's
request for email and other internet data. Are these new
disclosure rules sufficient? Should Congress take additional
steps? And assuming that the NSA continues to collect telephone
metadata under Section 215, will the government reach a similar
deal with telephone companies for disclosures about call record
requests?
Mr. Garfield. I will answer the first two questions, which
I am in a good position to answer.
Mr. Nadler. That is why I asked you.
Mr. Garfield. The agreement last week I think is a positive
step in allowing greater transparency, which is something we
strongly believe in.
The answer to your second question as to whether
legislation would be helpful is yes. It goes part way, but not
far enough. For example, it is important that the private
sector have transparency reports and disclosures, but it is
also important that the public sector do as well. And so, in
that respect, among others, I think having legislation would be
very helpful.
Mr. Nadler. Thank you. My time has expired. Thank you.
Mr. Goodlatte. The Chair recognizes the gentlewoman from
California, Ms. Lofgren, for 5 minutes.
Ms. Lofgren. Thank you, Mr. Chairman, and thanks for this
hearing. You know, Mr. Conyers read the exact quote from
Justice Sotomayor's opinion that I had been looking at. And I
have been thinking a lot about we have the role of writing the
statutes, but behind that is, you know, what the Constitution
requires. And I think that it is not just the Court that needs
to examine that. I think the Congress has an obligation to do
that as well.
And as I have been thinking about this, I have been
thinking about two longstanding doctrines, one, the third party
data, there is no expectation of privacy, as well the plain
sight doctrine. And just as you have said, I mean, 30 years
ago, if I walked out my front door, I knew that my neighbors
could see me. I did not expect that my picture would be taken
every place I walked and compiled, and using facial recognition
technology someone could say where I was every moment of every
day.
Yes, if I went in and checked into a hotel, I knew that
that was not private information, but I did not expect that
every email I send, every website, that if I went on my
Constitution document that somebody could track how often I
read the Fourth Amendment. That was not part of the third party
doctrine.
So I think Congress needs to not delegate this to the
Court, but to head on take on these issues because I think if
you look at where the Court is going, you know, I do not know
how long it is going to take them to get there. You know, we
cannot discuss what we are told in closed sessions, but I will
just read the news reports that we had a few days ago, reports
that that the NSA is spying using leaky mobile apps; a few days
before that the NSA collected over 200 million text messages;
that in late December that cookies were being used to track
people; that there were 5 billion records of mobile phone
location data collected daily; that there was collection of
pornographic website visits used to blackmail potential so-
called terrorists; that money transfers were being tracked. And
it goes on and on.
So I guess, you know, one of the questions I have,
Professor Cole, is if the Congress should step forward to
interpret the Fourth Amendment in light of big data, how would
we do that, statute by statute? And I am a co-sponsor of Mr.
Sensenbrenner's bill, but that really relates to just a portion
of this question. Do you have thoughts on that?
Mr. David Cole. Well, I think it is a great question. I
think it is the defining question of privacy for the next
generation, which is how do we preserve privacy in the face of
these advances in technology, which make it possible for the
government to learn everything about us.
And I think, you know, it is absolutely critical that
Congress play a role, that Congress has historically played a
role, not waited for the Supreme Court to act, in some
instances acting before the Supreme Court does so, FISA for
example. In other areas when the Supreme Court has said there
is no expectation of privacy, Congress has come on the heels of
that and said, wait a minute, the American people disagree with
you. We want our privacy. And so, I think that is what you did
with respect to bank records, video rental records, PIN
registers, and the like.
So there is a real history of Congress stepping up here and
doing so. And I am not sure you can do it in a global way, but
the USA Freedom Act, as I suggested earlier, is a useful start
because it puts in place the principle of individualized
suspicion, rejecting this general warrant notion.
Ms. Lofgren. I am going to follow up with you and I am
going to ask one additional question of Mr. Garfield. On the
technology issues, one of the very distressing reports was that
the government, rather than alert people to zero day events,
simply exploited them. I am worried about the balkanization of
the internet. We see what Brazil is doing, certain
authoritarian regimes insisting that servers be placed in their
country. I am worried about governance and whether ICON will be
able to continue to be the governing body, or whether efforts
to dismantle that will be enhanced by these revelations.
I am wondering if we should make obligations to the
government to proactively take steps to preserve the global
internet both through mandates not to weaken encryption,
mandates as to assisting in zero day events, and if you have
thoughts on that.
Mr. Garfield. Yes, I absolutely do. We worry as well about
the potential balkanization and what the NSA disclosures mean
for internet governance. I think it is very important for
Congress to act in this area. I think the President missed an
opportunity by not speaking to the encryption standards issue
and the need to bolster the integrity of encryption standards.
And so, to the extent that Congress has the ability to do that,
we would encourage it.
Ms. Lofgren. My time has expired. Thank you, Mr. Chairman.
Mr. Goodlatte. The Chair thanks the gentlewoman, and
recognizes the gentleman from Virginia, Mr. Scott, for 5
minutes.
Mr. Scott. Thank you, Mr. Chairman. Mr. Garfield, can you
just say another word about the effect of global
competitiveness on this issue and how American companies are
actually pretty much at a disadvantage if we do not get this
straight?
Mr. Garfield. No, absolutely. So trust, integrity, security
are key components of technology and doing well in technology
and developing your business in that area. The United States
has played a significant leadership role around the world. And
to the point in my testimony, rather than continuing to be a
badge of honor, today because of the NSA disclosures, countries
and customers around the world are questioning the integrity
and independence of U.S. technology companies, which puts us at
a competitive disadvantage overseas, but also here where the
American people also have those same trust concerns.
Mr. Scott. And do you have a choice in vendors in a lot of
products, whether it is an American company or a foreign
company?
Mr. Garfield. I am sorry?
Mr. Scott. Is there a choice in vendors in products?
Mr. Garfield. Almost always, I mean, but the tech sector is
highly competitive. We represent both domestic and
international companies. The impact, interestingly enough, is
global because to the extent that innovations that are being
led by the United States do not occur, the whole world is
disadvantaged because we all benefit from those innovations.
And so, it creates a global problem, but one that is
particularly acute for U.S. companies.
Mr. Scott. Does your council have a position on where
information should be stored if the decision is made to collect
and store this data where it ought to be stored at NSA or some,
say, department store or something like that?
Mr. Garfield. Yes. Our view is that the same considerations
that we offer in evaluating 215 are apt in considering where
that data is stored. For example, if the goal is to rebuild
trust, it is not clear how having that data stored in a third
party addresses the trust concern. If it is around data
integrity and security, it is not clear how having it stored in
a third party addresses that data integrity or security
question.
And so, in the examination, we think it is important to
come up with certain principles and have those principles guide
the examination both of 215 as well as where the data is
stored.
Mr. Scott. So are you suggesting it could be stored at the
NSA as long as they separate it down the hall, across the
street, but have NSA control it rather than the private sector?
Mr. Garfield. I am not suggesting that at all.
Mr. Scott. Well, where would it be?
Mr. Garfield. The beginning comment that I made, which is
that there is a lot that I am not privy to for a whole host of
reasoning, including security clearance. And so, I do not feel
I am in a position to give advice to the U.S. government on
national security. What I feel that I have the confidence to do
is to make sure that certain important factors, in addition to
national security, are considered. Economic security, privacy,
civil liberties, as well as our standing in the world, are some
of the factors that we think should be considered.
Mr. Scott. Thank you. Mr. Cole, the Administration has
offered a lot of administrative changes. What would be the
shortcomings if those changes are not codified?
Mr. David Cole. If those changes are not codified?
Mr. Scott. Right.
Mr. David Cole. Well, I think those changes are important
ones, in particular the notion that the NSA cannot search
through the bulk collection without first getting approval from
a court. That seems to me an important modification. The notion
that there would be an independent advocate in the FISC seems
to be important. And one implication of not doing that, I think
as we see, we see repeated instances of what we have now
learned about, right?
So Mr. Bradbury said 15 judges of the FISA Court approved
of the use of Section 215 to get all of our phone data. What he
did not say is that when that program was first approved by the
first judge in May 2006, he did not even write an opinion. He
did not address the constitutional questions. He did not say
why he thought the limitation on relevance was somehow met by
giving the NSA access to everybody's information. No opinion.
Every 90 days thereafter, a different Federal judge, and
this is how he gets to 15, signed an order that extended the
program. No analysis of the constitutional question, no
analysis of the statutory question. It was not until Edward
Snowden disclosed it to the public that the FISC finally wrote
an opinion 7 years after the program had been up and running
explaining retroactively why they thought what they had been
doing for 7 years was okay. And it is, as the privacy board has
shown in its analysis, a very, very doubtful construction of
the statute, one that, as Representative Sensenbrenner has, was
not in anybody's mind who adopted the statute.
So I think the Administration's proposals are important,
but I think they do not go far enough. And particularly the key
way in which they do not far enough is that they do not end
bulk collection. They do not end dragnet collection. They just
put it somewhere else. I think with the USA Freedom Act would
do is end it, and that is a much better response.
Mr. Scott. You were not here when Mr. Cole answered the
question about retroactive immunity. I asked the question that
you keep hearing that the collection of the data was helpful.
It was an illegal collection, finding that it was helpful does
not give you immunity for the collection. Do you have a comment
on what relevance it is that people keep saying we need because
it is helpful as a justification for getting the data?
Mr. David Cole. Yes, absolutely. I mean, it would be
helpful if the police could, without a warrant, search every
one of our homes on a daily basis without any basis for
suspicion. That would be helpful because they might find some
bad guys who are hiding behind the privacy that we all expect
from our home. But that does not make it right.
But number two, I think when they say it is helpful, you
have got to look behind that, as the privacy board did, met
with them in classified sessions, looked at classified
materials, looked at the ``success stories,'' and found, and
here I am quoting from them on page 146, ``We have not
identified a single instance involving a threat to the United
States in which the telephone records program made a concrete
difference in the outcome of a counterterrorism investigation.
Moreover, we are aware of no instance in which the program
directly contributed to the discovery of a previously unknown
terrorist plot or the disruption of a terrorist attack.''
Mr. Scott. Well, to justify the program because it was
helpful, it just adds insult to injury. It was not even
helpful. But even if it had been helpful, it would not
retroactively make the collection legal, would it?
Mr. David Cole. That is right.
Mr. Bachus [presiding]. Mr. Scott, your time has expired.
Mr. Scott. Thank you, Mr. Chairman.
Mr. Bachus. Thank you. Mr. Chaffetz.
Mr. Chaffetz. Thank you. I appreciate the hearing. I know
it has been a long one, and I appreciate your patience here.
Mr. Garfield, one of the terms that has been thrown out
there is this so-called balkanization of the internet or
internet balkanization. I would like you to expand on that. You
have talked about bits and parts of it. You know, there have
been some concerns about what is going on in Brazil, the
European Union. They have announced some policies that would
disadvantage the United States based companies. Can you kind of
expand your thoughts on that?
Mr. Garfield. Yes. I know this is not just theoretical, it
is actually real, so you point to Brazil where the government
of Brazil is moving forward with policies that would
essentially create a wall garden around data that is developed
in Brazil. They have already said that the email systems being
used by the government can only be stored or developed by
Brazilian companies. So as a result, U.S. companies that have
previously held a leadership position in the technology
innovation in that space are being dispossessed.
It is an economic issue, but it also a broader internet
governance issue. If it turns out that the open internet that
we have all gotten used to becomes a balkanized series of
walled gardens, then a lot of the innovation, a lot of the
societal benefits that we have experienced will be limited.
Mr. Chaffetz. Thank you. In your written testimony you
state the need to rebuild trust regarding the National
Institute of Standards and Technologies, or NIST, and their
commitment to cryptographic standards developed and vetted by
experts globally. Could you explain the importance of this in
your opinion?
Mr. Garfield. Yes. The reason why technologies work across
geographic boundaries is you get off the plane and your phone
will work in Europe as well as the United States, is because of
standards that are driven through consensus and multi
stakeholder voluntary processes. Some of the disclosures have
suggested that the United States has exploited vulnerabilities
in cryptography, which erodes trust. And so, in order to ensure
that our technology will work across borders, it is critical to
rebuild that trust.
The President missed an opportunity in his speech to speak
to this issue. We hope that he will, but Congress has the
opportunity to correct that error.
Mr. Chaffetz. Thank you. I think you have touched on two of
the concerns that globally the communication that we enjoy.
These things are so important. So I appreciate all of your
expertise being here today. I appreciate this Committee talking
about such an important issue.
Mr. Chairman, I think you wanted me to yield you some time
if that is correct? I will yield back or yield to you, whatever
you choose.
Mr. Bachus. Yes, yield to me, if you will.
Mr. Chaffetz. Yes.
Mr. Bachus. And let me say this. I am going to pursue that
same line. I had intended to. And, Mr. Garfield, are there
other countries that are demanding information from your member
companies about their citizens or foreign citizens?
Mr. Garfield. It happens in a number of countries. And so,
as we think about internet governance and jurisdiction issues,
we are always careful about the salutary impact. And so, the
rules that we live by in one market set a precedent for how we
operate globally, and that is in part why in our
recommendations we strongly encourage more multilateral
dialogue around these surveillance and security issues so we
can get greater harmonization around the rules that are
created.
Mr. Bachus. Right. And are other countries tapping into
your member company systems for spying purposes?
Mr. Garfield. The question presumes that that is happening
anywhere, including here in the United States.
Mr. Bachus. Well, say, in other countries.
Mr. Garfield. No. So our companies are always working hard
to make sure that cryptography and security measures are
robust.
Mr. Bachus. But what I am talking about is, you know, they
have databases, and they maintain those in other countries. Can
they come and use that platform to access information for
spying purposes?
Mr. Garfield. We work hard to make sure that is not, in
fact, the case. I mean, the previous panel made the point that
we live in a world in which cyber warfare and efforts on
undermining cyber security are quite aggressive, including by
companies as well as nations. We are always working because it
is a first priority of ours to maintain the data integrity to
fight against that.
Mr. Bachus. Well, let me say this. If you are required to
store some of this data, say, even the U.S. government, then it
could be subject to requests in civil proceedings, divorce
proceedings, once you maintain it. So you may want to consider
to start maintaining that data.
Mr. Garfield. Exactly, and there are two issues. One is
data stored by private companies at the request of the U.S.
government, and then data stored at a third party. We are
unequivocally opposed to data being stored by the private
sector, us, beyond the need for business purposes for the very
reason you highlight, which is the data integrity issue. It
creates additional vulnerabilities. We are always fighting
against that, but we do not want to create more targets.
Mr. Bachus. Thank you. The gentlelady from Texas is
recognized for 5 minutes.
Ms. Jackson Lee. Let me thank you again, and let me take
note that this is a long hearing, and we thank you very much
for your participation here.
I was, Professor Cole, reading the old 215, and I guess I
continue to be baffled, having been here when we crafted the
PATRIOT Act in the waning hours, months, and days after 9/11.
And everyone was in a perplexed state, and the idea was, of
course, to protect our citizens. But I notice 215 in Section
501 particularly pointed out, they listed books, records,
papers, documents, and other items. There goes the mega data.
But they also said protect against international terrorism or
clandestine intelligence activities. Further down, it goes onto
again emphasize that we should specify that there is an effort
to protect against international terrorism, clandestine
intelligence.
And I only raise that because it looks to me that we have
firewalls, but what resulted is this massive acknowledgement of
the gathering of telephone records of every single American.
And I want to find a way to politely push back on Justice
Sotomayor's reflection, and I think it is a reflection, and I
think it is one in the reality of today, which is maybe we can
have privacy, and have you muse, if you will, on the new
legislation that we have introduced where we enunciate a whole
list of reasons. And I do not know if you have been able to
look at that number 1 section that we have here that goes on to
as relevant material, obtain foreign intelligence not
concerning a United States person, protect against
international terrorism. It sort of lays it out.
And I ask you, can we comfortably find a way to answer
Justice Sotomayor and say, yes, we can? I might use that. And
is there something else we should add in the legislation that I
have co-sponsored enthusiastically, and we will be looking
forward to it moving forward. Can we add something else because
as I look at 215, Section 501, it looks as if we had all that
we need to have to say, you know what? I do not think they
wanted you to get the mega data. Are we where we need to be in
this new legislation?
Mr. David Cole. Thank you for that question. You know, I
agree that Section 215, if you read it with its ordinary
meaning, sought to put constraints on the types of records and
the amounts of records that the government could obtain because
it did not say you are hereby authorized to obtain all business
records on all Americans. It said you are authorized to obtain
business records that are relevant to an authorized
investigation.
And as the privacy board's report shows in exhaustive
detail, very powerful analysis, no court in any other setting
has ever read a relevance limitation as expansively as saying
you can pick up every American's every record. No court, not in
a grand jury context, not in a civil discovery context. So
Congress did seek to put in limited language.
Ms. Jackson Lee. We did.
Mr. David Cole. But the Administration essentially took it
out. So I think what Congress needs to do is to push precisely
as Justice Sotomayor suggests, and I think that the key is to
identify when it is obviously justified to sweep up the kinds
of records that disclose so much about our intimate and
personal lives. And I think the USA Freedom Act does a good job
because it says you can do so when those records pertain to a
foreign agent or a suspected terrorist, when they pertain to an
individual in contact with or known to a suspected agent of a
foreign power or a terrorist who is a subject of an
investigation.
So that says you can get records on the target. You can get
records on people connected to the target. But, no, you cannot
get records on every single American because Americans want
security, but they also want privacy, and they want to use
their phones. And we should not have to give up any one of
those three. I think the USA Freedom Act ensures that we have
all three.
Ms. Jackson Lee. And diligence is part of that. Mr.
Gardner, let me ask you this. I know you may have been asked
and answered over and over again. What will be the burden of
the private sector hold onto this vast amount of data if it was
to be crafted in that way? What would be the cost? What would
be the problems?
Mr. Garfield. It is hard to put a precise number on it. I
think it suffices to say the burden would significant, not only
in cost, but the impression that it creates. One of the
challenges we face as a result of the NSA disclosures is there
is a question around the integrity as well as the independence
of U.S.-based companies. If we are to store that data, that
would call into question whether we are, in fact, independent.
And so, there are financial costs as well as broader costs as
well.
Mr. Bachus. Thank you.
Ms. Jackson Lee. Mr. Chairman, if you would just indulge me
for 30 seconds, a group question.
Mr. Bachus. A brute question? But a very short response.
Mr. Garfield. Okay.
Ms. Jackson Lee. Thank you very much. I will not follow up.
I just want to get Mr. Bradbury and Mr. Cole in again, and I
will group my question together. Mr. Gardner makes a valid
point on the perception issue. Why is it not better that we
have a monitored holding of the data of whatever it may be, and
the fact that we have now laid out a framework by the Federal
Government instead of the private sector.
And then just an aside with respect to how we do our
intelligence. Do you think it is time that we haul in all of
the outside contracting and do a better job of vetting and
doing this in house dealing with our intelligence access? If I
can get a quick answer. I think I put two questions in at once.
Mr. Bradbury?
Mr. Bradbury. Thank you, Congresswoman. I do think there
are risks with outside contractors, and I think putting the
data in private hands would raise those risks. I think it would
increase privacy concerns and make the program less effective.
So I think it is monitored now while it is being held by
the NSA, closely overseen. I do not think it is an excess or
abuse of the relevant standard. I think if this Committee
changes the relevance standard, it should not single out the
NSA and the intelligence community. It should consider applying
the same narrowing standard to all Federal regulatory agencies,
which collect vast amounts of records and data for their own
investigatory purposes. They do not just limit themselves to
those narrow individual records that are directly pertaining to
their investigation. They get databases so that they can search
it for relevant queries.
And so, if the same standards applied across the board, I
think it would really inhibit the functioning of government. I
do not think the NSA should be singled out when its mission is
the most important.
Ms. Jackson Lee. Thank you. Mr. Cole, can you----
Mr. David Cole. I think if you adopt the USA Freedom Act,
which I think you should, then the problem of where to store
the bulk collection is solved because there is no bulk
collection, right? If you say the NSA can only collect data
where it is actually connected to a terror suspect or someone
who is connected to a terror suspect, there is no bulk
collection, and there is not the problem of storage. The
problem of storage arises only if you continue to permit bulk
collection. I do not think that should continue to be
permitted.
Ms. Jackson Lee. I thank you, Mr. Chairman. I think we have
got strong support for the H.R. 3361, and I look forward to
moving forward on such legislation. With that, I yield back.
Mr. Bachus. This concludes today's hearing. The Chairman
thanks all of our witnesses for attending.
Without objection, all Members will have 5 legislative days
to submit additional written questions for the witnesses or
additional materials for the record.
This hearing is adjourned. Thank you.
[Whereupon, at 3:09 p.m., the Committee was adjourned.]
A P P E N D I X
----------
Material Submitted for the Hearing Record
Material submitted by the Honorable Bob Goodlatte, a Representative in
Congress from the State of Virginia, and Chairman, Committee on the
Judiciary
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
�