[House Hearing, 115 Congress]
[From the U.S. Government Publishing Office]
SECTION 702 OF THE FOREIGN INTELLIGENCE SURVEILLANCE ACT
=======================================================================
HEARING
BEFORE THE
COMMITTEE ON THE JUDICIARY
HOUSE OF REPRESENTATIVES
ONE HUNDRED FIFTEENTH CONGRESS
FIRST SESSION
__________
MARCH 1, 2017
__________
Serial No. 115-2
__________
Printed for the use of the Committee on the Judiciary
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Available via the World Wide Web: http://judiciary.house.gov
________
U.S. GOVERNMENT PUBLISHING OFFICE
24-726 PDF WASHINGTON : 2017
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800;
DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC,
Washington, DC 20402-0001
COMMITTEE ON THE JUDICIARY
BOB GOODLATTE, Virginia, Chairman
F. JAMES SENSENBRENNER, Jr., JOHN CONYERS, Jr., Michigan,
Wisconsin Ranking Member
LAMAR S. SMITH, Texas JERROLD NADLER, New York
STEVE CHABOT, Ohio ZOE LOFGREN, California
DARRELL E. ISSA, California SHEILA JACKSON LEE, Texas
STEVE KING, Iowa STEVE COHEN, Tennessee
TRENT FRANKS, Arizona HENRY C. ``HANK'' JOHNSON, Jr.,
LOUIE GOHMERT, Texas Georgia
JIM JORDAN, Ohio TED DEUTCH, Florida
TED POE, Texas LUIS V. GUTIERREZ, Illinois
JASON CHAFFETZ, Utah KAREN BASS, California
TOM MARINO, Pennsylvania CEDRIC RICHMOND, Louisiana
TREY GOWDY, South Carolina HAKEEM JEFFRIES, New York
RAUL LABRADOR, Idaho DAVID N. CICILLINE, Rhode Island
BLAKE FARENTHOLD, Texas ERIC SWALWELL, California
DOUG COLLINS, Georgia TED LIEU, California
RON DeSANTIS, Florida JAMIE RASKIN, Maryland
KEN BUCK, Colorado PRAMILA JAYAPAL, Washington
JOHN RATCLIFFE, Texas BRADLEY SCHNEIDER, Illinois
MARTHA ROBY, Alabama
MATT GAETZ, Florida
MIKE JOHNSON, Louisiana
ANDY BIGGS, Arizona
Shelley Husband, Chief of Staff & General Counsel
Perry Apelbaum, Minority Staff Director & Chief Counsel
C O N T E N T S
----------
MARCH 1, 2017
Page
OPENING STATEMENTS
The Honorable Bob Goodlatte, a Representative in Congress from
the State of Virginia, and Chairman, Committee on the Judiciary 1
The Honorable John Conyers, Jr., a Representative in Congress
from the State of Michigan, and Ranking Member, Committee on
the Judiciary.................................................. 3
WITNESSES
Jeff Kosseff, Assistant Professor, Cyber Science Department,
United States Naval Academy
Oral Testimony................................................. 6
Prepared Statement............................................. 8
April F. Doss, Partner, Saul Ewing LLP
Oral Testimony................................................. 20
Prepared Statement............................................. 22
Elizabeth Goitein, Co-Director, Liberty & National Security
Program, Brennan Center for Justice, NYU School of Law
Oral Testimony................................................. 34
Prepared Statement............................................. 36
Adam Klein, Senior Fellow, Center for a New American Strategy
Oral Testimony................................................. 59
Prepared Statement........................................61
deg.OFFICIAL HEARING RECORD
Unprinted Material Submitted for the Hearing Record
Material submitted by the Honorable John Conyers, Jr., a Representative
in Congress from the State of Michigan, and Ranking Member,
Committee on the Judiciary. This material is available at the
Committee and can also be accessed at:
http://docs.house.gov/Committee/Calendar/
ByEvent.aspx?EventID=105619
Material submitted by the Honorable Bob Goodlatte, a Representative in
Congress from the State of Virginia, and Chairman, Committee on the
Judiciary. This letter is available at the Committee and can also
be accessed at:
http://docs.house.gov/Committee/Calendar/
ByEvent.aspx?EventID=105619
SECTION 702 OF THE FOREIGN INTELLIGENCE SURVEILLANCE ACT
----------
WEDNESDAY, MARCH 1, 2017
House of Representatives
Committee on the Judiciary
Washington, DC.
The Committee met, pursuant to call, at 1:36 p.m., in room
2141, Rayburn House Office Building, the Honorable Bob
Goodlatte (Chairman of the Committee) presiding.
Present: Representatives Goodlatte, Jordan, Poe, Marino,
Labrador, Conyers, and Lieu.
Staff Present: (Majority) Shelley Husband, Chief of Staff &
General Counsel; Branden Ritchie, Deputy Chief of Staff & Chief
Counsel; Zach Somers, Parliamentarian and General Counsel; Ryan
Breitenbach, Counsel, Subcommittee on Crime, Terrorism,
Homeland Security, and Investigations; (Minority) Joe
Graupensperger, Chief Counsel, Subcommittee on Crime,
Terrorism, Homeland Security, and Investigations; and Veronica
Eligan, Professional Staff Member.
Mr. Goodlatte. The Committee will reconvene. Today's
unclassified hearing follows a classified panel in which
Members of the Judiciary Committee heard testimony from the
Federal Bureau of Investigation, National Security Agency,
Department of Justice, and the Office of the Director of
National Intelligence regarding the operations and
constitutionality of Section 702 of the Foreign Intelligence
Surveillance Act, or FISA.
In February 2016, the Judiciary Committee held a classified
hearing that began our consideration of the reauthorization of
the FISA Amendments Act, which was first signed into law in
2008 and reauthorized in 2012.
Our hearing last year served as a good background and
foundational update on the status of national security
operations under the law. Much has happened since the law was
last reauthorized, however, including the unauthorized
disclosures of classified information by Edward Snowden in 2013
that spawned significant public debate on U.S. Government
surveillance.
We also have many new Members who have not yet had an
opportunity to directly question experts regarding the
statute's successes or areas where reform may be needed.
Finally, we have very recent jurisprudence upholding the
statute's constitutionality. Like congressional oversight,
judicial oversight of this program is an integral safeguard, so
exploring various courts' legal analysis concerning 702 will be
beneficial for our own oversight as well.
Congress enacted FISA in 1978 to establish statutory
guidelines authorizing the use of electronic surveillance in
the United States for foreign intelligence purposes. Following
enactment, global communications infrastructure shifted from
satellite to fiberoptic wire, altering the manner in which
domestic and foreign communications are transmitted.
This technological shift had the adverse and unintended
effect of requiring the government to obtain an individualized
FISA court order to monitor foreign communications by non-U.S.
persons. The government had to obtain probable cause to
investigate a foreign national located overseas, an untenable
proposition that served to extend rights under the U.S.
Constitution extraterritorially and limit lawful U.S.
intelligence activities.
In 2008, the FISA Amendments Act corrected this anomaly by
establishing procedures for the collection of foreign
intelligence on targets located outside U.S. borders. At its
core, Section 702 of the act permits the attorney general and
the director of national intelligence to jointly authorize the
targeting of non-U.S. persons reasonably believed to be located
outside the United States.
As an important safeguard, the act prohibits the use of
Section 702 to intentionally target a person inside the United
States and forbids so-called reverse targeting using Section
702 to target a person outside this country if the true purpose
of the acquisition is to target someone inside the United
States.
Furthermore, the government may not acquire a communication
to which all parties are known to be inside the U.S., and all
Section 702 acquisitions must be conducted in a manner
consistent with the Fourth Amendment to the Constitution of the
United States.
Section 702 also prohibits the intentional targeting of a
U.S. person outside the United States. Instead, Sections 703
and 704 of the act preserve Fourth Amendment protections for
U.S. citizens by requiring the government to obtain an
individualized order from the FISA court, known as the FISC, to
acquire U.S. persons' communications while they are outside the
United States.
America's intelligence community has deemed Section 702 its
most important tool in battling terrorism. However, it has also
been criticized by some as an overly broad program that
collects communications of U.S. citizens without sufficient
legal process. Today's classified and public panels afford
Members an opportunity to examine Section 702 collection in
greater detail and probe the aspects of this important
collection with which they may be concerned.
The Judiciary Committee has primary jurisdiction over FISA.
During Committee consideration of the USA FREEDOM Act, I made a
commitment to Members that the Committee would separately
undertake fulsome oversight of the FISA Amendments Act, which
is slated to expire on December 31 of this year. This hearing
is the first step of this Congress toward a detailed, thorough,
and careful examination.
I thank all of our witnesses for testifying today. These
individuals represent multiple viewpoints to ensure that this
is a well-rounded debate that gives voice to diverse
stakeholders. We must ensure that our protection doesn't come
at the expense of cherished liberty.
Every single one of us who has promised to uphold the
Constitution has a duty to ensure that surveillance authorities
are crafted and employed in a manner consistent with our oath
and the expectation of all Americans. Strong and effective
national security tools, like Section 702, and civil liberties
can and must coexist.
With that, I am pleased to welcome and recognize the
Ranking Member of the Committee, the gentleman from Michigan,
Mr. Conyers, for his opening statement.
Mr. Conyers. Thank you, Chairman Goodlatte.
And I thank the second panel of witnesses for being here
and joining us today.
As has been noted, last Congress we enjoyed a relative
amount of success working together in a bipartisan fashion to
pass the USA FREEDOM Act. We demonstrated that privacy and
security are not necessarily mutually exclusive values.
Our bill did not contain every reform I had hoped to see,
but it shows that our Committee is capable of crafting
authorities that serve the government's needs and respects our
commitment to civil liberties. There are a few important
lessons from that project worth repeating as we undertake this
next round of surveillance reform.
We're all in this together. The Members of the Committee
include some of the most progressive Democrats and conservative
Republicans in the Congress, but no matter. We have shown that
both in this Committee and on the House floor we can build
consensus around our common values. Among those values are a
dedication to privacy, to transparency in government, and to
the protection from unreasonable search guaranteed to the
people by the Fourth Amendment.
I've enjoyed working with our coalition in the past, and I
look forward to doing so here as we seek the basic reform that
I think is needed for Section 702.
We cannot do this work well without the assistance of the
intelligence community. On April 22, 2016, several Members of
this Committee wrote to Director Clapper to request that he
prepare a public estimate of the impact of Section 702 on
United States citizens. We were not the first to make this
request. As early as 2011, Senator Wyden and Senator Udall had
asked for similar information.
By the time we wrote our letter, more than 30 civil
liberties organizations had petitioned the director for the
same. I was encouraged by the government's initial response.
ODNI and NSA took the extraordinary step of holding an
unclassified briefing for our personal staffs. Over the next
few months, they held additional discussion with Committee
counsel. On December 16, our group of Members again wrote to
Director Clapper to memorialize our understanding of the
project.
The government has pledged to provide us with an estimate
of the impact of 702 on United States citizens. Both the
estimate and the methodology used to reach it will be made
public. The government also promised to provide this
information in time to inform the debate on reauthorization
when it begins.
And without objection, I ask that both letters of mine be
placed in the record.*
---------------------------------------------------------------------------
*Note: The submitted material is not printed in this hearing record
but is on file with the Committee, and can also be accessed at:
http://docs.house.gov/Committee/Calendar/
ByEvent.aspx?EventID=105619
Mr. Goodlatte. Without objection, they will be made a part
of the record.
Mr. Conyers. Thank you.
Unfortunately, here we are at the beginning of our debate
and the intelligence community has not so much as responded to
our December letter, let alone completed the project. I had
hoped for better.
The Members of this Committee and the public at large
require that estimate if we're to engage in a meaningful
debate. We'll not simply take the government's word on the size
of the so-called incidental collection.
And this problem illustrates my final observation: We
should all do a better job of distinguishing between technical
legal arguments and the values at play in this discussion.
They're both different, and they're both important.
Here are the facts. The law prohibits the government from
using Section 702 to target any United States citizen.
Nevertheless, the government can and does collect massive
amounts of information about our citizens under this authority.
The Members here are well aware that this practice has been
read into the statute by the government and ratified many times
over by the Foreign Intelligence Surveillance Court.
We know it is not unlawful in that respect. We also
understand that the men and women of the intelligence community
have a duty to keep us safe within the four corners of the law
and that they take this obligation seriously.
Our criticism comes from someplace else. The idea of using
this authority to collect large amounts of information about
United States citizens without a warrant or individualized
suspicion and then applying that information to purposes having
nothing to do with counterintelligence or counterterrorism is,
in a word, wrong. It does not comport with our values or those
that underscore the Fourth Amendment to the Constitution.
And at the end of the day, as the sunset of this authority
draws near, the manner in which one collects, retains, and
disseminates this information is only lawful if Congress says
it is. And so I am eager to hear those witnesses that are
present with us today and engage in this inquiry.
I thank the Chairman and yield back any time remaining.
Mr. Goodlatte. The Chair thanks the gentleman.
We would welcome our distinguished witnesses today. And if
you would all please rise, I'll begin by swearing you in.
Do you and each of you solemnly swear that the testimony
you are about to give shall be the truth, the whole truth, and
nothing but the truth, so help you God?
Thank you.
Let the record reflect that all the witnesses have
responded in the affirmative.
Mr. Jeff Kosseff is the assistant professor of the United
States Naval Academy's Cyber Science Department. Previously,
Professor Kosseff practiced cybersecurity and privacy law at
Covington & Burling and clerked for Judge Milan D. Smith, Jr.,
of the United States Court of Appeals for the Ninth Circuit,
and for Leonie M. Brinkema of the United States District Court
for the Eastern District of Virginia.
Before becoming a lawyer, he was a journalist for the
Oregonian and was a finalist for the Pulitzer Prize for
national reporting and recipient of the George Polk Award. He
is a graduate of Georgetown University Law Center and the
University of Michigan.
April Doss is currently a partner at the law firm Saul
Ewing, where she chairs the firm's Cybersecurity and Privacy
Practice Group. From 2003 to 2016, Ms. Doss worked at the
National Security Agency where she served in a variety of
roles. She worked on information-sharing policy, managed
counterterrorism programs, led innovative compliance processes
in new technology development, served as an intelligence
oversight program manager, lived overseas as a foreign liaison
officer, and provided legal advice on NSA's intelligence
activities.
From 2014 to 2016, she was the associate general counsel
for intelligence law responsible for providing legal advice on
NSA's global intelligence operations, technology capabilities,
privacy and civil liberties, and oversight and compliance
programs. Ms. Doss is a graduate of Goucher College, Yale
University, and UC Berkeley Law.
Elizabeth Goitein co-directs the Brennan Center for
Justices' Liberty and National Security Program at the New York
University School of Law. Before joining the Brennan Center,
she served as counsel to U.S. Senator Russell Feingold. As
counsel to Senator Feingold, Ms. Goitein handled a variety of
liberty and national security matters with a particular focus
on government secrecy and privacy rights.
Previously, she was a trial attorney in the Federal
Programs Branch of the Civil Division of the Department of
Justice. Ms. Goitein is a graduate of Yale University, the
Juilliard School, and Yale Law School.
Adam Klein. Mr. Klein is a senior fellow at the Center for
a New American Security, a bipartisan national security
research organization in Washington. His research centers on
the intersection of national security policy and law, including
government surveillance in the digital age, counterterrorism,
and rules governing the use of military force.
Previously, Adam served as a law clerk to Justice Antonin
Scalia of the United States Supreme Court and Judge Brett
Kavanaugh of the U.S. Court of Appeals for the D.C. Circuit,
and was a senior associate at WilmerHale. He has also worked on
national security policy at the Rand Corporation and the 9/11
Public Discourse Project. He is a graduate of Northwestern
University and Columbia Law School.
Welcome to all of you. We will proceed under the 5-minute
rule. There is a timer, I think, right in front of you there.
When you get down to 1 minute, I think it will warn you that
you have 1 minute left. Please summarize at that point. Your
entire statement, written statement, will be made part of the
record.
We'll start with you, Mr. Kosseff. Am I pronouncing your
name correctly?
Mr. Kosseff. Yes.
Mr. Goodlatte. Good.
TESTIMONY OF JEFF KOSSEFF, ASSISTANT PROFESSOR, CYBER SCIENCE
DEPARTMENT, UNITED STATES NAVAL ACADEMY
Mr. Kosseff. Mr. Chairman, Mr. Ranking Member, and Members
of the Committee, thank you for the opportunity to testify
about 702. My name is Jeff Kosseff, and I'm an assistant
professor at the U.S. Naval Academy, where I teach
cybersecurity law. The views that I express today are only my
own and do not necessarily represent the DOD or its components.
Some of my testimony today is drawn from a Hoover
Institution paper that I published last year with my colleague,
Chris Inglis, who served as the deputy director of the NSA. I
initially was quite hesitant to work on a paper about 702 with
the NSA's former deputy director. As a lawyer, I have
represented media organizations sometimes adverse to government
agencies.
Before becoming a lawyer, I was a journalist. I suspect the
Committee would agree with me that journalists may be an
especially skeptical bunch, and I was highly skeptical about
the constitutionality of a government surveillance program that
I understood primarily through reading the media accounts of
the Snowden leaks.
Nonetheless, I evaluated the entirety of the program based
not only on media reports, but also on the public primary
source record. What I found was an effective program that is
subject to rigorous oversight by the three branches of
government and on balance complies with the Fourth Amendment.
That is not to say that I easily arrived at my conclusion,
nor do I deny that there are some aspects of the program that
raise very, very difficult Fourth Amendment questions.
To start with the Fourth Amendment analysis, we have to
look at whether there was a warrant or an exception to the
warrant requirement. I agree with the FISA Court of Review that
foreign intelligence can be considered a special need that is
separate from law enforcement and is exempt from the warrant
requirement.
The FISA court has held that this exception covers 702, and
I agree with this conclusion for the reasons stated in my
written testimony. Even if warrants are not required, the
Fourth Amendment demands an assessment of the reasonableness of
the search by balancing the intrusion on individual privacy
with the promotion of legitimate government interests.
The public record strongly supports the conclusion that 702
is an effective national security program. For example, the
Privacy and Civil Liberties Oversight Board noted that more
than 25 percent of the NSA's reports about international
terrorism rely at least in part on 702 information. 702 is
simply a more nimble alternative to Title I of FISA, which was
designed to protect subjects who are U.S. persons.
On the other side of the balancing test, we must assess the
invasion of the individual's privacy interests. The statute
explicitly prohibits the government from using 702 to
intentionally target persons known to be in the U.S. or U.S.
persons, and it explicitly prohibits reverse targeting.
702 programs are subject to a number of additional
procedural safeguards, including oversight from all three
branches of government, certification requirements, and
minimization and targeting procedures.
That said, the FBI's querying of 702 data for evidence of a
crime, I believe, raises the most difficult Fourth Amendment
issues. In a recent FISA court proceeding, amicus argued that
each FBI query of 702 information is a separate action subject
to the Fourth Amendment reasonableness test. Judge Hogan
correctly rejected that formulation and instead evaluated the
702 program as a whole.
Judge Hogan set forth a compelling case as to why national
security interests outweigh the intrusion on privacy.
Importantly, the FBI and other agencies can only query data
that has been obtained through the certification targeting and
tasking procedures. Only a subset of the 702 information is
available to the FBI for queries, and the FBI does not receive
unminimized information obtained through the NSA's upstream
process.
On balance, the FBI's ability to query 702 data as
described in the public record does not render 702
unconstitutional. During the reauthorization process, Congress
may well conclude that there are legitimate policy reasons to
limit the FBI's ability to conduct such queries. However, my
testimony today is limited to the application of the Fourth
Amendment to 702.
The intelligence community continues to increase the amount
of information available to the public about 702, and this is
absolutely crucial. I commend these transparency efforts
recognizing the tremendous difficulty caused by the inherently
classified nature of foreign intelligence programs.
Further, and importantly, the work of the Privacy and Civil
Liberties Oversight Board has been absolutely essential in
informing the public debate about 702. The Fourth Amendment,
like other important constitutional rights, is highly fact
dependent, requiring close analysis of not only how the program
is structured by statute, but how it actually is being
implemented. And that analysis must be ongoing, and that's why
transparency is so vital to our constitutional analysis.
Thank you, and I look forward to your questions.
[The testimony of Mr. Kosseff follows:]
__________
Mr. Goodlatte. Thank you.
Ms. Doss, welcome.
TESTIMONY OF APRIL F. DOSS, PARTNER, SAUL EWING LLP
Ms. Doss. Mr. Chairman, Mr. Ranking Member, Members of the
Committee, thank you for the opportunity to testify about
Section 702 of the FISA Amendments Act. My name is April Doss.
I am a partner at the law firm Saul Ewing. Prior to that, I
spent 13 years at the National Security Agency.
Although my perspective is informed by the years I spent in
the intelligence community, the views expressed here are solely
my own and do not represent the NSA or any other agency or
organization.
Like many other Americans, I recall exactly where I was on
September 11, 2001, and not long after that I began working at
the NSA where over the years I managed counterterrorism
programs, conducted intelligence oversight activities, and
spent a number of years in the Office of General Counsel,
where, among other things, I served as the associate general
counsel for intelligence law, responsible for providing legal
advice on all of NSA's overseas intelligence operations,
technology development used for those operations, and privacy,
civil liberties, and oversight and compliance programs.
Having worked at NSA both before and after the passage of
the FISA Amendments Act, and having worked with that authority
from a number of perspectives, I can attest to the following
observations from my personal experience.
In 2008, when the law was passed, the authority was
critically needed because of the gaps created by the ways in
which technology and intelligence targets had changed in the
years since the original FISA was passed, the very points that
Mr. Chairman referred to in his opening statement.
The 702 authority strikes an appropriate balance between
the government's need for foreign intelligence information and
the privacy impacts on individuals, the very same critical
points that Mr. Ranking Member pointed to in his opening
statement.
The statutory framework incorporates robust oversight
requirements and privacy protections. Those protections have
been implemented across all three branches of government in
meaningful and substantive ways. And the 702 authority has
consistently, since its passage in 2008, provided critical
intelligence information to the U.S. and to its allies,
including intelligence critical to supporting warfighters in
the field that would not have been obtainable in other ways.
FISA appropriately balances individual privacy and national
security. One point to start with, despite some public
misconceptions to the contrary, FAA 702 is a targeted
intelligence authority. It's not bulk collection. The
collection can only be initiated when an analyst is able to
articulate and document a specific set of facts to meet the
statutory and procedural requirements for demonstrating that a
specific facility is associated with a specific user, who's a
non-U.S. person, reasonably believed to be located outside the
U.S., and likely to possess or communicate foreign intelligence
information.
Although a large number of selectors have been targeted
under 702, they've only been tasked for collection because on
an individualized, particularized basis each of them meets all
of those criteria noted in the law.
And because of the tailored and documented and carefully
overseen manner in which the front-end collection is carried
out, it's neither unlawful nor inappropriate, in my view, to
query that collection for U.S. person information when there's
a legitimate basis to do so, and those legitimate bases may
include both intelligence purposes and law enforcement
purposes, as articulated by Judge Hogan in his November 2015
court opinion.
The government has a compelling national security need to
be able to carry out U.S. person searches of that collected
information in appropriate cases. As an intelligence community
lawyer for many years, I know firsthand just how often urgent,
time-sensitive operational needs arise. And I can tell you,
it's my view that if it were necessary for intelligence
analysts, who work 24 hours a day, 7 days a week, to receive
prior approval from somewhere outside of the NSA or the CIA or
the FBI, for instance, from the FISC to conduct a query, that
could have a significant detrimental impact on intelligence
activities.
With respect to the question of estimating the amount of
U.S. person information that's incidentally acquired in 702
collection, this is a critically important question that goes
to the heart of this balancing between national security and
privacy. However, I do believe that it raises significant
privacy implications in how that might be done.
The challenge, of course, being how to have the reference
information that an intelligence analyst would need to know who
the user is of an unknown identifier or where that user is in
the world. In my view, the collection and maintenance of that
reference information would itself pose significant impacts to
privacy.
During 13 years at the NSA, I had the opportunity to
witness firsthand the critical importance of this authority in
supporting U.S. troops, in detecting terrorist plans and
intentions and other critical intelligence needs, and in
protecting the U.S. and its allies. Many of those instances
remain classified, but the PCLOB's report, I think, points to
the importance of that collection and its sheer volume.
Thank you, and I look forward to the Committee's questions.
[The testimony of Ms. Doss follows:]
__________
Mr. Goodlatte. Thank you, Ms. Doss.
Regrettably, we're going to have to recess for votes that
are on the floor with about 5 minutes remaining in the call.
And there are several votes, so it may be a little bit of time.
So if you haven't had anything to eat or want take a break,
please do so.
We will reconvene as soon as the votes conclude. We'll say
45 minutes. We'll come back just as soon as we possibly can and
work through this. And while we're over there, we'll encourage
our colleagues to come join us.
Thank you. The Committee will stand in recess.
[Recess.]
[3:38 p.m.]
Mr. Marino [presiding]. The Judiciary Committee will come
to order. And I believe that, Ms. Goitein, you're up next.
TESTIMONY OF ELIZABETH GOITEIN, CO-DIRECTOR, LIBERTY & NATIONAL
SECURITY PROGRAM, BRENNAN CENTER FOR JUSTICE, NYU SCHOOL OF LAW
Ms. Goitein. Mr. Chairman, Members of the Committee, thank
you for this opportunity to testify on behalf of the Brennan
Center for Justice.
Congress' goal when it passed the FISA Amendments Act in
2008 was to give our government more powerful tools to use
against foreign threats. Consistent with that goal, Section 702
of the act has been used to monitor suspected terrorists
overseas, to trace their networks, and to disrupt their plots.
All of us in this room, I imagine, support that goal and those
activities.
We're here today because of the other things that Section
702 has been interpreted to allow. The government is not simply
monitoring foreign terrorists and foreign suspects. Instead,
it's scanning the content of almost all of the international
communications that flow into and out of the United States and
is acquiring hundreds of millions of communications each year.
We know from how the data is collected that it includes a
massive amount of Americans' communications. But despite
repeated requests by Members of this Committee, the government
still has not managed to provide an estimate of how many
Americans' communications are swept up.
We also know that despite being required to minimize the
retention and use of Americans' data, the government keeps that
data for years and routinely searches it for information to use
against Americans in ordinary criminal proceedings. According
to the Privacy and Civil Liberties Oversight Board, the FBI
searches the data when performing assessments, which are
investigations that lack a factual predicate. That means the
FBI is reading Americans' emails and listening to their phone
calls without a factual basis to suspect wrongdoing, let alone
a warrant.
I don't believe this is what Congress had in mind when it
passed Section 702. In writing the law, however, Congress did
give significant discretion to the executive branch and the
FISA court, trusting them to implement the statute in a manner
consistent with its objective. So for instance, Congress
allowed the targeting of any foreigner overseas, trusting the
government to focus its efforts on those who pose a threat to
us. Congress also left it to the executive branch and the FISA
court to come up with specific minimization rules.
I don't mean to imply that this trust was misplaced. In
fact, we've seen essentially no evidence of intentional misuse.
But what we have seen is mission creep, so that a law designed
to protect against foreign threats to the United States has
become a major source of warrantless access to Americans' data
and a tool for ordinary domestic law enforcement. This outcome
is contrary not only to the original intent of FISA, but to
Americans' expectations and their trust that Congress will
protect their privacy and their freedoms.
As it now stands, law-abiding citizens of this country and
others are vulnerable. Their personal information sits in
massive databases where it's subject to being hacked by the
Russian or Chinese Government, cyber criminals, or, I suppose,
a 400-pound hacker sitting on his bed.
American technology companies are facing the real threat
that they'll be unable to do business with foreign companies
and customers because of our government's collection practices.
And yes, there is the potential for abuse. Remember that
Congress passed FISA in 1978 because multiple Presidents had
abused surveillance authorities to target political opponents,
personal enemies, and disfavored ideologies and minority
groups. In today's tumultuous political environment, we would
be naive to think that could never happen again.
We can't rely on the courts to supply the missing
protections. The few judges that have reviewed Section 702 have
upheld it. They're not delusional. They're not ``so-called
judges.'' But they are applying Fourth Amendment precedent and
doctrines that are hopelessly unsuited to the digital
globalized era. This is a classic case of the law failing to
keep up with technology.
When that's happened in the past, Congress has acted to
fill the gap. Just a few weeks ago, as you know, the House, by
unanimous voice vote, passed the Email Privacy Act. Americans
are counting on you to do the exact same thing here, to protect
the privacy of their emails and other communications.
Thank you, and I look forward to taking your questions.
[The testimony of Ms. Goitein follows:]
__________
Mr. Marino. Thank you.
Mr. Klein.
TESTIMONY OF ADAM KLEIN, SENIOR FELLOW,
CENTER FOR A NEW AMERICAN STRATEGY
Mr. Klein. Thank you, Mr. Chairman and Members of the
Committee. Thank you for inviting me to testify today.
My name is Adam Klein. I'm a senior fellow at the Center
for a New American Security, which is a bipartisan research
organization that develops strong, pragmatic national security
and defense policies.
In a recent report, two colleagues and I offered more than
60 recommendations for the future of surveillance policy,
including Section 702. Our research was informed by private
consultations with dozens of current and former government
officials, technology experts, legal scholars, and privacy
advocates.
We concluded that Section 702 is a valuable intelligence
tool and should be reauthorized with current authorities
intact. In particular, we were moved by the measured but
largely positive judgment of the bipartisan Privacy and Civil
Liberties Oversight Board, which concluded that the program has
been valuable and effective, found no evidence of intentional
abuse, and reported that over a quarter of the NSA's reports on
international terrorism were based in whole or in part on
Section 702.
Our report also noted, however, that important intelligence
programs, including Section 702, will not be politically
sustainable unless the public has confidence that they're being
used in a lawful and appropriate way and that they are subject
to strong oversight. So the challenge for us is to enhance
public trust without diminishing Section 702's effectiveness as
an intelligence tool.
My written testimony lists more than a dozen concrete
actionable ways Congress can do this as part of this process.
I'll just highlight a few here.
First, and I think this is the most urgent issue facing the
Committee during the reauthorization process, Congress needs to
revive the Privacy and Civil Liberties Oversight Board. The
Board has provided excellent oversight of Section 702. Its
positive judgment about the program is one of the best
arguments for why the program should be reauthorized.
Unfortunately, the Board is now paralyzed because it has no
chairman and has too few members to take official action.
My written testimony contains several proposals for
reviving and enhancing the Board. I'll just note one here. The
Foreign Intelligence Surveillance Court, before it issues the
annual order that allows Section 702 to operate, should be
required to confirm that the President has made nominations to
any vacancies on the Board. This will give Presidents a real
incentive to nominate members to the Board, something that has
been a problem since the Board was created.
Another area where there's room for pragmatic reform is
queries of Section 702 information using U.S. person
identifiers, especially FBI queries in criminal investigations
that are not related to national security. This practice does
raise real civil liberties concerns. But at the same time,
there are reasons not to prohibit these queries altogether or
at least to be very cautious before doing so.
The 9/11 Commission explained that the inability to connect
the dots between domestic law enforcement and foreign
intelligence was a key reason why the government did not
disrupt the 9/11 attacks. If there's a connection between the
subject of an FBI investigation in the United States and a
foreign terrorist or a spy or a proliferator who has been
targeted under 702, we want the FBI to know that.
Now, that said, there are ways to address privacy concerns
short of banning these queries altogether. The most important
is transparency. So the government should provide more
information about the number of such queries, about how often
they return Section 702 information, and about how the Justice
Department uses that information downstream in the criminal
justice system.
Another possibility worth exploring is whether the FBI
could continue running all the queries it runs today but in
some subset of them receiving only the metadata of the
responsive communications initially instead of the underlying
content. That could be enough to reveal any connections to
problematic foreign actors.
One final recommendation I'd like to highlight. The USA
FREEDOM Act created a pool of cleared advocates to present
public interest arguments before the FISA court. Now, whether
to appoint one of those advocates is currently in the court's
discretion. We believe that Congress should make it mandatory
in at least one case a year: the court's annual review of
Section 702. That's a very easy way to strengthen judicial
oversight of 702 with absolutely no costs for national
security.
Thank you, and I look forward to your questions.
[The testimony of Mr. Klein follows:]
__________
Mr. Marino. Thank you. We're now going to proceed into the
5-minute questioning, the three of us, and if anyone else shows
up will have an opportunity to question you. I'm going to
recognize myself for the first 5 minutes of questioning.
And, Mr. Kosseff, am I pronouncing that right, Kosseff?
Mr. Kosseff. Yes.
Mr. Marino. And then I would like, if you care to, each
member to answer my first question, which would be very simple.
Is there anyone here that believes that we should not
reauthorize this legislation?
Mr. Kosseff. I believe you should reauthorize.
Mr. Marino. We should reauthorize?
Mr. Kosseff. Yes.
Ms. Doss. I'm in favor of a clean reauthorization.
Ms. Goitein. I would be in favor of reauthorization if
there were significant reform.
Mr. Marino. Okay.
Mr. Klein. Yes, I support it as well, reauthorization.
Mr. Marino. Ms. Goitein, you stated that, although not
intentional at this point, did you say thousands or millions of
names were gathered up, information was gathered up? Did I
paraphrase that correctly? Did you say that you thought that
there were thousands or there may be even millions of names or
information gathered up unintentionally?
Ms. Goitein. Not unintentionally. It's part of the
incidental collection. The terminology gets mixed up.
``Incidentally'' is the terminology that's used by the
government. But it is part of the design of the program, to
acquire communications of foreign targets with Americans as
well as with others. And so as an inevitable result of that,
millions of Americans' communications, which is the best
estimate that anyone can have until the government provides a
more accurate estimate, are being collected.
Mr. Marino. Can you give me another example or an example
of how you come to that conclusion?
Ms. Goitein. Sure. Well, one example is that there are 250
million Internet communications that are acquired each year
under Section 702, at least that was the case in 2011. And this
is collecting all of the communications of the targets. If you
assume that----
Mr. Marino. There's the big word, okay, ``assume.''
Ms. Goitein. Well, that's all we can----
Mr. Marino. So are you basing this on a mathematical
calculation?
Ms. Goitein. Unfortunately, after a year of asking for it,
the intelligence community still has not given the Committee
the numbers we would need to do an actual calculation. So if
you conservatively assume that even 1 out of 100 of every
foreign target's communications was with an American, that
would still be millions of Americans' communications.
Mr. Marino. You're dealing with a career prosecutor here. I
don't assume anything.
Ms. Goitein. I would like not to assume. I would love to
have the facts.
Mr. Marino. Mr. Klein, what say you about that?
Mr. Klein. I actually agree with Ms. Goitein's description
of incidental collection. I mean, this is something that has
been documented by the Privacy and Civil Liberties Oversight
Board, that this is a realistic prospect, that this happens in
substantial volume.
And there have been statistical transparency reports by the
intelligence community documenting, among other things, U.S.
person identities that are part of disseminated intelligence
reports. This is on page six of the 2016 transparency report.
So this is a real thing. But at the same time, there are
measures in place to ensure that the U.S. person information
collected through the program is minimized, is used only in
specified ways subject to the supervision of the FISA court. So
there are safeguards in place, but I do think that greater
transparency would help boost public trust in that.
Mr. Marino. And, Mr. Kosseff and Ms. Doss, do you have a
thought?
Mr. Kosseff. I fully support transparency in terms of the
numbers of incidental collections of U.S. persons' information.
However, I also recognize there very well may be some
logistical difficulties, as well as potential civil liberties
concerns in terms of how you calculate and how you obtain that
information.
I'm not an expert on that issue. I just know that's what's
been stated in the public record. So I think that always will
have to be balanced with the need for transparency. But
absolutely, if there was a way to get those numbers, that would
be excellent.
Mr. Marino. Ms. Doss.
Ms. Doss. From a practical perspective, I believe that it
would be far more intrusive on privacy and really not feasible
to come up with those numbers in a meaningful way, and I'll
explain briefly why. I touched on it in my written testimony as
well.
The challenge is that when the intelligence community is
targeting a foreign intelligence target, there's no way a
priori to know who the target will be in communication with.
Intelligence analysts in their tradecraft typically look for
communications of intelligence value, not for irrelevant ones,
and when they see communications of value, they will inevitably
find unknown identifiers, which might be phone numbers or email
addresses.
The challenge is that there is nothing inherent in the
unknown identifiers that can definitively point not only to
where the other communicant might be, but to what their
nationality and citizenship and identity are. So in order to
make that determination, my view is the intelligence community
would be required to have a significant amount of reference
information about U.S. people who are of no intelligence
interest in order to identify the U.S. person communications.
Ms. Goitein. Could I briefly respond to that?
Mr. Marino. Briefly. My time has expired, but go ahead.
Ms. Goitein. Okay. For two of the programs under Section
702, it should be very straightforward to collect the
information. For the phone collection, a country code will
suffice as an estimate. There's no need to do research or have
reference information. It's not 100 percent accurate, but it's
accurate enough for the estimate that we seek.
For the purpose of Internet communications collected
through upstream collection, the IP address serves as a proxy
for country. It is a reliable enough proxy that the NSA relies
on it to try to filter out domestic, wholly domestic
communications. If it's reliable enough for that purpose, it's
reliable enough for the estimate that we have sought.
The difficult program is PRISM. That's where it's a bit
harder. And I would just say that we are aware of all of the
problems in terms of trying to figure out the nationality of
U.S. persons. There are privacy implications, but the privacy
community has unanimously come down on the side of saying that
it would be a net gain for privacy if there were a limited,
one-time sampling under conditions that we have laid forward in
a letter.
So while I appreciate Ms. Doss' concerns, I think the
privacy community feels differently.
Mr. Marino. My time has expired.
Congressman Lieu from California, you're up.
Mr. Lieu. Thank you, Mr. Chair.
Having served on Active Duty in the military, I believe
when it comes to terrorists, we need to hunt them down and kill
them. And I don't think anyone on this Committee has any
problem with Section 702 and how it goes after foreign bad
dudes and foreign Nations. I think some, and perhaps many of
us, have a concern when we're talking about an American citizen
and how they incidentally get caught up in this surveillance.
And under Section 702, if you're an American citizen and
you're caught up in this surveillance, that information can be
passed to the FBI to then do a criminal proceeding and do a
criminal case against you. To me, that's just a flat-out
violation of the Fourth Amendment.
And so for those of you who want a clean authorization, why
do we even need that? Why don't we just require a warrant, as
the Fourth Amendment does? How does going after American
citizens for a criminal case that's unrelated to a target or
foreign inquiry, how does that help our national security? And
I guess that's my first question to those who think there
should be no reforms to this section.
Mr. Kosseff. Well, to touch on that, one of the main
justifications for having that ability has been that, let's
say, that the FBI were searching for some--their unified
database for an American U.S. identifier. They could then come
up with a hit on 702 and that would tell them additional
information about a potential foreign intelligence threat. So
that's one justification.
And the other justification is going back to the wall
between FBI and intelligence data that existed pre-September
11.
So those are two justifications for it. I also fully see
your point on there being concerns about the FBI having that
access.
When it comes to a Fourth Amendment issue, that's a little
different. I'm not aware of any cases where a subsequent query
of data that had been lawfully collected constitutes its own
separate Fourth Amendment search.
So there very well may be some very strong policy reasons
to change the FBI's ability to query that data, but I see that
more as a privacy and policy concern than a Fourth Amendment
issue just under the doctrinal Fourth Amendment law.
Mr. Lieu. Thank you.
Yes, go ahead.
Ms. Goitein. I would disagree on the Fourth Amendment
analysis. The notion that restrictions on searches of lawfully
acquired information or lawfully accessed property is somehow
not a part of the Fourth Amendment is simply not the case. It's
actually the constitutional norm.
The terms of access to information or property are
generally set forth in the warrant, and they usually do require
limits on searches.
If I obtain a warrant to search a computer, for example, in
a case where I have shown probable cause of a copyright
infringement, I can take that computer, I can copy the hard
drive, I lawfully have that information. But I am only
permitted to search for the evidence of copyright infringement.
After I find that, I can't go pulling up the IRS returns to
look for evidence of tax fraud.
Uusually that's built into the warrant as a restriction on
searching. It is part of the terms of access. The terms of
access of 702, of getting this information without a warrant,
is that the government has no intent to target any American,
any particular known American. They have to certify our
interest is only in the foreigner, not in any particular known
Americans. And I would argue that that serves as a
constitutional barrier to a warrantless search after
collection.
Mr. Lieu. Thank you. And I think you had touched on this
earlier. I just want to get it very clear from you. You would
believe that responding to a request for information that this
Committee has sent out to intelligence agencies about the
statistics, you think that on balance it's better to get that
information versus any privacy concern.
Ms. Goitein. Yes, I believe so, and 30 civil liberties
organizations have signed a letter saying that, including the
major national privacy organizations in this country.
Mr. Lieu. And let me conclude by just saying, you know, all
of us here, and those intelligence agencies, took an oath not
to an Administration or to a political party or to an agency,
it was an oath to the Constitution.
And what that means is even if a program may be effective
or not effective or incredibly brilliant, if it violates the
Constitution, we just can't execute it unless we change the
Constitution. And I just hope people understand that that's
what it means when we all take an oath to the Constitution,
that that is the primary document to which we owe our
allegiance.
And with that, I yield back.
Mr. Marino. The Chair recognizes the gentleman from Idaho,
Mr. Labrador.
Mr. Labrador. Thank you, Mr. Chairman.
And thank you all for being here today.
I think it is the responsibility of this Committee and
every Member of Congress to ensure that the privacy and the
Fourth Amendment rights of every U.S. citizens are protected
and remain of paramount importance to this government.
Professor Kosseff--am I pronouncing your name correctly?--
in Ms. Goitein's testimony, she highlighted that, as of 2011,
more than 250 million Internet transactions a year are being
collected by the government. Is it possible to subject the
collection of 250 million transactions a year to rigorous
oversight?
Mr. Kosseff. Based on the procedures that the NSA has
developed and my understanding of the procedures through the
Privacy and Civil Liberties Oversight Board's report of it, I
am very impressed by the multiple levels of analysis that have
to go through, the targeting decisions, the certifications, and
the minimization procedures, and the oversight for each,
throughout all three branches of government.
So I do think that it is possible. I do think the volume,
obviously, makes it very difficult. But I also don't think
that's a reason not to do it. If there are ways to strengthen
the oversight, then that would definitely be something worth
looking at. But at least from a Fourth Amendment perspective, I
think that is possible.
Mr. Labrador. Ms. Goitein, do you think it is possible to
subject this to rigorous oversight?
Ms. Goitein. I think there is some indication, even in Ms.
Doss' testimony, that it may be a little too much of a
challenge, that while there has been no international lack of
compliance with the rules, there have been repeated instances
of noncompliance with FISA court orders and with court-ordered
procedures.
I'm not talking about trivial technical violations. I'm
talking about violations that were systemic, sometimes quite
prolonged, and that resulted in significant overcollection and
unauthorized searches.
Again, this was not through bad faith. There's essentially
two explanations, and one is that the oversight isn't enough or
isn't working, and the second explanation is that the system is
so large and so technically and legally complex that compliance
is effectively impossible.
Mr. Labrador. Well, let me just stop you there, because I
only have 5 minutes.
So, for me, a particular concern--and this is not a
political question. It just had a chilling effect on me,
because I've been a critic of--or at least a proponent of
strong reforms in this system now for several years. But I was
concerned when I saw that Michael Flynn's information was made
public.
So we have heard that there's supposed to be all these
guidelines that are supposed to protect the identity of people.
And whatever your political persuasion is, for me it had a
chilling effect, that I thought my political opponents could
use my personal information that they maybe gathered in some
private communication against me in the future. So that should
be quite terrifying to anybody, whether you're a Republican or
a Democrat.
Mr. Kosseff, you mention that the numerous statutory
limitations have been put in place to limit the invasion of
privacy. It seems that, even with these limitations to protect
the privacy of the average Americans, somehow leaks are
happening. In Mr. Flynn's case, these leaks not only invaded
his privacy but also crippled and ultimately prevented the
Commander in Chief from having his key national security
personnel from doing its job, which you may have a political
opinion about or not.
How do we trust these intelligence agencies to ensure that
our national security when they're divulging highly sensitive
information to settle scores or--can we prevent them from using
this personal information to settle scores?
Mr. Kosseff. Well, I can't speak to those specific----
Mr. Labrador. So let's use that as an example, because
that's an example that now the American people can relate to.
It's what some of us have been warning about for years, and all
of a sudden it happened, and it's a real-life example, where
somebody's sensitive information was used for a political
purpose, whether you agree with that political purpose or not.
Mr. Kosseff. Sure. So, putting that aside, I think in terms
of the oversight, I think trust is by far the most important
characteristic of a program like 702 or really any other
intelligence program and----
Mr. Labrador. Well, but the Fourth Amendment was put in
place because we don't trust the government.
Mr. Kosseff. Yes, yes.
Mr. Labrador. Ms. Goitein, without taking a political
position on this, shouldn't we be alarmed by this?
Ms. Goitein. I think what you're touching on relates to
essentially the history of FISA and why it was put in place,
which is that surveillance was--and I'm not taking a position
on the particular surveillance in this case. I'm taking a
position more on your response to it and your sense that you're
chilled, to some degree----
Mr. Labrador. Yes.
Ms. Goitein [continuing]. By the possibility that your
communications could be acquired. And they could be. Under
section 702, they could be.
And I think that is something that really ought to be of
concern, because the statute is not narrow enough. It doesn't
limit the government to conducting surveillance of foreign
threats to the U.S. And that opens the door to potential
abuses; it opens the door to possible political surveillance.
That's why FISA was enacted in the first place in 1978, because
those things were happening.
And section 702, while it responded to a real threat and it
intended to address that threat in an effective way, it also
eliminated some of the protections that might prevent the
chilling that you're experiencing.
Mr. Labrador. Thank you.
Mr. Marino. The gentleman's time has expired.
The Chair now recognizes the gentleman from Ohio, Mr.
Jordan.
Mr. Jordan. Thank you, Mr. Chairman.
Ms. Goitein, we sent a letter a year ago--your group may
have been part of putting this letter together; I signed on to
it--asking Mr. Clapper the number of Americans whose
communications have incidentally been collected under section
702 of FISA.
Can you hazard a guess? They wouldn't give us a number. Can
you hazard a guess?
Ms. Goitein. I had said earlier millions, which I think is
conservative.
Mr. Jordan. You think it's millions?
Ms. Goitein. Yes. Potentially tens of millions. I don't
know. I really hesitate to speculate. I know that that
speculation is discouraged. I wish I had better numbers for
you.
Mr. Jordan. So the response they give back to me--you know,
they give a short, little three-paragraph response. And they
say this--the operative sentence or clause says, ``The numbers
of Americans whose communications have been incidentally
collected under 702 is a very difficult, if not an impossible,
number to calculate.''
That seems like baloney to me. It seems like that would be
relatively easy to calculate. We're talking about the greatest
intelligence service on the planet. You'd think they would be
able to know that, right?
Ms. Goitein. Well, I think if we were asking for an
accurate calculation, it actually would be difficult. We're
asking for an estimate.
Mr. Jordan. Right, an estimate.
Ms. Goitein. Certainly for two of the three programs under
section 702, it should be quite straightforward.
Mr. Jordan. Okay.
I just want to make sure I know exactly how this works. So
there's a bad guy who's not an American, who's overseas, we
want to surveil him. And this individual's going to communicate
with an American.
So, on the front end, my understanding is the FISA Court
says the procedures on how you're going to handle
communications to and from or about Americans. On the front
end, the FISA Court says, okay, those procedures, when you get
in the situation, this is how you're going to conduct yourself.
Is that right?
Ms. Goitein. Yes.
Mr. Jordan. Okay.
And so now it happens; the bad guy communicates with an
American. And we now have the American's phone conversation,
the content of those phone conversations and the content of
those email or whatever electronic communications, right?
Ms. Goitein. Yes. Presumably.
Mr. Jordan. Okay.
And what happens when they look at--first of all, how are
those communications stored?
Ms. Goitein. It depends on the agency. Let's say the NSA
collects the communications.
Mr. Jordan. Right.
Ms. Goitein. The NSA, through, let's say, the PRISM
program. Then the NSA can just keep it in its own databases,
can also give it to the FBI and to the CIA, the raw data with
the American's information in it, to those agencies----
Mr. Jordan. When you say ``raw data,'' is that the content
of the--the actual email content----
Ms. Goitein. Yes.
Mr. Jordan [continuing]. And the actual content of those
conversations?
Ms. Goitein. Yes.
Mr. Jordan. Okay. So that that content could be on multiple
databases.
Ms. Goitein. Correct.
Mr. Jordan. FBI, NSA, various Federal agencies, right?
Ms. Goitein. Correct.
Mr. Jordan. Okay.
Then how is it--then we have the term ``query.'' What's
that mean?
Ms. Goitein. A query is when an agent who is authorized to
access the system and to run the query usually takes an email
address or a phone number or some kind of identifier, a
communications identifier, to search through the data for a
particular individual's communications so that they can look at
it.
Mr. Jordan. Okay.
So we have it all there, and then they--let's say Joe
Smith's the American. They have all the information on Joe
Smith, and they said, now we want to query that. And it can be
triggered just by the name? It could be triggered by what?
Ms. Goitein. I think it would be much more likely to be a
phone number or an email address. That would be the way, I
think, it's usually done.
Mr. Jordan. Okay.
Ms. Goitein. I should say that the NSA and the CIA and the
FBI all have rules that provide some limit on when they can
query using a U.S. person identifier.
Mr. Jordan. Is the information that was collected under a
702 about Americans, is it tagged differently in the databases
that it's in, or is it just part of the overall database?
Ms. Goitein. It's tagged differently.
Mr. Jordan. Tagged differently. So you could selectively go
through and just say, I want information collected only under
702 about Americans?
Ms. Goitein. No. I think it would be more likely, actually,
to work the other way, that whoever's running the query, if
they get back information that's tagged as 702, they have to be
trained in 702 in order to then access that information. But if
they're not trained, they just go and ask someone else who is,
and they come look at it.
Mr. Jordan. Okay.
When they have that information about the American, can
they use that information to--let's say the American's done
something wrong. Could that American be prosecuted by
information gained under 702?
Ms. Goitein. By the FBI, yes.
Mr. Jordan. And could they be prosecuted only for crimes or
potential crimes relative to national security, or is it
broader than that?
Ms. Goitein. No. It's broader than that. It includes crimes
that have no relationship to foreign intelligence or national
security.
Mr. Jordan. And has that happened?
Ms. Goitein. That information is not public.
Mr. Jordan. Yeah. We don't know.
Ms. Goitein. And we would know if the government were more
faithfully adhering to the notification requirements of the
statute, under which the government is supposed to notify
defendants when it uses information derived from section 702.
Mr. Jordan. But do you think it has happened, where
someone, an American, information gathered under 702 about that
American is used to prosecute them and that's used to prosecute
them in some area outside of national security? Do you think
that has happened?
Ms. Goitein. I'm really not in a position to say. I don't
know.
Mr. Jordan. But can you hazard a guess?
Ms. Goitein. I'm sorry.
Mr. Jordan. Do you think it's happened?
Ms. Goitein. Section 702 has certainly been used in
criminal prosecutions that have a terrorism component, such as
material support for terrorism. As for whether it's been used
in a case that has nothing to do with national security, I'll
put it this way: The FBI, according to the Privacy and Civil
Liberties Oversight Board, routinely searches the data, data
that includes section 702 data, for Americans' information when
it's conducting criminal investigations that have nothing to do
with national security. So I would imagine that, if they found
something responsive, yes, they would use it. But----
Mr. Jordan. Which is----
Ms. Goitein [continuing]. That is all I can say, really.
Mr. Jordan. Yeah, which is scary.
Okay. I thank the Chairman, and I thank the witnesses.
Mr. Marino. Before I go to Mr. Lieu, Ms. Doss, can you give
us a little explanation concerning your experience about how
tagging takes place, when something's tagged, if it's tagged,
does a U.S. citizen's name comes up when this tagging takes
place overseas?
Ms. Doss. Thank you. Ms. Goitein's testimony fundamentally
misstates the facts in that regard, so thank you for the
opportunity to clarify.
The central challenge with identifying U.S. person
communications in collected 702 data is that, by and large, the
intelligence community will not have reference information to
know who the U.S. persons are. They're targeting foreign
persons for foreign intelligence reasons. The foreign
intelligence target will communicate with any number of people,
but, appropriately, the government does not have a
comprehensive database of all of the identifiers, the phone
numbers and email addresses, associated with the U.S. people.
So what happens is the data gets queried, looking
specifically for foreign intelligence. When an unknown
identifier is revealed, if there appears to be intelligence
value in the communication, the analyst will then go do the due
diligence research that will help them understand whatever
information might be available about the communicant's
nationality, location, identity. But there's no reference
database that says, here's the U.S. people.
There are capacities within some--I can't speak for all of
the databases that might hold 702 information everywhere in the
CIA, FBI, and NSA. There are capacities to tag data as U.S.-
person-related when it's recognized, but that requires
recognition of it. There isn't any means, certainly not that
I'm familiar with, that allows tagging of it upon arrival.
And one of the things that's really critically important
that Ms. Goitein sort of slipped past in her previous testimony
was that there's two dimensions to this: location in the U.S.
and U.S. people anywhere in the world.
For the question of whether somebody is located in the
U.S., there are instances in which technical data can be
helpful in making that determination, and it's critically
important. It's not available for all types of 702 data, but it
is for some, and that's critically important. That tells you
location. That cannot tell you whether or not somebody might be
a U.S. person anywhere else in the world, which, of course, is
one of the key protections of 702.
Mr. Marino. Mr. Lieu?
Mr. Lieu. Thank you, Mr. Chair.
So let me follow up on the gentleman from Ohio's question
to you, Ms. Goitein. And you can also respond to what Ms. Doss
said as well.
So let's say an intelligence agency is targeting a foreign
national or foreign country, and then they find out
incidentally that an American citizen is buying marijuana
across State lines. Could that information be given to the FBI
to then go prosecute that American citizen?
Ms. Goitein. Yes.
Mr. Lieu. How is that constitutional? I don't understand
why your Fourth Amendment rights somehow get violated just
because of how the information got collected on you, through
this means. I don't understand that.
Ms. Goitein. I think if the government happens upon
information of a crime that there is an argument that that's
analogous to the ``plain view'' exception to the warrant
requirement. Now, I think that that looks very different in a
situation where you have a collection program that enables
essentially the mass collection of hundreds of millions of
communications a year. So I do think that's troubling. I'm much
more troubled by the deliberate searching, which is not
analogous to ``plain view,'' for Americans' information.
And I do need to say that I did not say that Americans'
information is somehow tagged as Americans' information. I
believe I was asked the question whether section 702 data is
tagged as 702 data. It's required to be tagged as 702 data in
the statute.
So I think you misunderstood my testimony----
Ms. Doss. My apologies if I misunderstood.
Ms. Goitein. Okay.
Mr. Lieu. Thank you.
So let me follow up on what you said, in terms of the scale
of this program. So, under section 702, there's three
categories, generally, in which intelligence agencies can go
target. The first two I understand. One is terrorism. The
second is, you know, nuclear nonproliferation issues and so on.
But the third is this massive category known as foreign
affairs. So that could apply to academic students, human rights
activists, lawyers. It's this massive group. And do you have
any idea of how big that group is? Because foreign affairs is
virtually everything, potentially.
Ms. Goitein. Again, we unfortunately have very, very little
information about how that works in practice. Certainly it is a
fear that under the very broad definition of ``foreign
intelligence information'' in the statute, that would, on its
face, encompass conversations of human rights activists,
conversations of journalists with their sources, NGOs that work
on important political issues, and things of that nature.
One of the certifications on foreign intelligence topics
was leaked, and that was the certification for foreign
intelligence related to foreign powers. And the foreign powers
about which the NSA is authorized to collect information that
relates to those foreign powers includes most of the countries
in the world, including allies of ours, including tiny
countries that have very little role on the world stage,
neutral countries with no history of terrorism. St. Lucia is on
that list.
So certainly on paper these authorities are extremely
broad. And we are trusting in the self-restraint of the people
who are operating these programs to not take advantage of that
breadth.
Mr. Lieu. Thank you.
And then one last question on the Fourth Amendment. As you
know, the Fourth Amendment doesn't just say government can't
engage in warrantless searches. It also says government can't
engage in warrantless seizures.
So why isn't it the case that the seizure of an American
citizen's email--that is a constitutional violation right
there, before you even start searching. I mean, why is it the
case that we even allow incidental collection of Americans? Why
not just say, if there's incidental collection of Americans, we
mask it, we delete it unless there's a warrant? Why wouldn't
that be the case under the Constitution?
Ms. Goitein. Certainly one thing that I believe is
constitutionally necessary--now, as I said, I think the courts
have been applying some very old caselaw to come to different
conclusions, but we need much, much stricter minimization
requirements.
The minimization requirements that exist right now, which
are described as strict, allow the NSA, the CIA, the FBI to
hold on to Americans' data literally for years. If the FBI
reviews data, sees Americans' data, comes to no conclusion
about whether or not it is foreign intelligence, the 5-year
limitation evaporates and they can hold on to it for some
longer period that is still classified.
If the information's believed to contain secret meaning,
which I think covers every email I ever sent to my sister, then
that also is exempt from the age-off requirement.
Let's see, what else? The NSA is supposed to purge U.S.
person data on detection if it doesn't contain foreign
intelligence or evidence of a crime. The Privacy and Civil
Liberties Oversight Board reported that this rarely, if ever,
happens. The CIA and the FBI have no such requirement. They
just rely on these very porous age-off requirements.
And all three agencies can search the data using U.S.
person identifiers.
So if you look at these restrictions, such as they are,
yes, there are restrictions on the use and retention of U.S.
person data. But is that use and retention minimized? Not by
any common sense of that word.
Mr. Lieu. Thank you.
I yield back.
Mr. Marino. The Chair now recognizes the gentleman from
Texas, Congressman Poe.
Mr. Poe. Thank you, Chairman.
Thank you all for being here.
I'm going to pick up where my colleague just, I think, left
off. And I want to keep it real simple for me--not for you, but
for me.
The government, under secret courts, gets a secret warrant
to seize information from a bad guy. Let's just call him
``terrorist outlaw.'' And they grab that information from
terrorist outlaw from their secret court, with secret
information. And the warrant for that document, if you want to
call it a warrant, is never publicized to the public.
Is that correct, Professor?
Oh, I guess when I say ``professor,'' everybody looks at
each other. I'll ask the witness that was just talking.
Is it ``Goitein''?
Ms. Goitein. Goitein.
Mr. Poe. Goitein. I apologize.
Is that correct? That document, we call it a warrant; I
don't think it's a warrant. But that document is never made
public. Is that correct? And that's part of FISA, that it's
never made public.
Ms. Goitein. Correct.
Mr. Poe. Okay.
So they seize information about outlaw terrorist, and in
that information, they inadvertently come across data--emails,
phone conversations--about some American. And they call that
query. Is that correct?
Ms. Goitein. Not if they just stumble upon it. If they're
looking for it, then that would be called a query.
Mr. Poe. Okay.
Ms. Goitein. It's very technical. There are----
Mr. Poe. I know.
Ms. Goitein [continuing]. Different ways they can find the
information.
Mr. Poe. But they seize it, is the point. They seize the
information if they come across it, whether they're not looking
for the information because the American's not the target. If
it was the target, oh, my goodness, we'd have to get a search
warrant. So they're going to say that he's not a target, or the
American is not a target; they just come across the
information, even inadvertently. And if it's on purpose,
they've got to get a warrant, so I'm going to say it's
inadvertently. Let's just assume, in my hypothetical, they come
across it inadvertently.
And they read the information, or they have their computers
read the information. And they seize that information, and they
keep that information on whether it's one American or a bunch
of Americans. Is that correct? I'm just asking.
Ms. Goitein. Yes.
Mr. Poe. So they got that information----
Ms. Goitein. Seize it all together.
Mr. Poe. Yeah, it's all together.
And they got that information. And I think what you said
from the last question was they, in essence, keep that
information forever.
Ms. Goitein. Not forever. Five years is the standard----
Mr. Poe. But they've got excuses.
Ms. Goitein. But there are a lot of exceptions.
Mr. Poe. A lot of exceptions, yeah.
So they've got this information. And I don't believe the
NSA ever destroys information, ever, on anybody. But once they
have that information--and then they determine that that
information is that this person, this American, may have
violated the law.
Then they make that person a target, they've got more
information, and then they can file criminal charges on that
information. Is that right or not?
Ms. Goitein. Well, I mean, what worries me is--I guess it
depends what you meant by making the American a target. If they
actually made the American a target, legally speaking, and went
and got a warrant or a FISA Court order, we'd be in a different
world. But that's not what happens.
Mr. Poe. But that's not what they do. That's not what they
do. They get the information, they read the information, it's
inadvertent, ``Oh, this guy may be a troublemaker as well,''
and they get more information based upon connecting all the
dots to his emails, his phone calls, you know, his
conversations with his mother-in-law. They get all that
information, and then they can file criminal charges on him.
Ms. Goitein. That's right. And they don't just have to
stumble upon the information. That's what the backdoor search
is.
Mr. Poe. Right.
Ms. Goitein. The backdoor search is when the FBI says: I
have a criminal investigation on Joe Blow. And, look, I have
this huge database. There's a bunch of section 702 data in it.
But I'm going to query that data to see what I know about Joe
Blow.
Mr. Poe. That's right.
So they come across the information through a FISA warrant.
They get the information on the American. And then they file
criminal charges. And all of that is done without a search
warrant under the Fourth Amendment to the Constitution of the
United States against that American citizen, correct?
Ms. Goitein. That's correct.
Mr. Poe. And I think that is illegal and a violation of the
Constitution and an abuse of power by our government on
Americans, for whatever my opinion is worth.
Mr. Jordan. Mr. Chairman?
Mr. Poe. I yield back.
Mr. Marino. Mr. Jordan.
Mr. Jordan. If I could, Mr. Chairman.
So, just the example that Judge Poe just went through, just
to be clear, all the answers you gave when you get to that same
individual, that individual could be prosecuted for you
believe, something that's not related to national security as
well.
Ms. Goitein. Well, I know that that individual can be
prosecuted for something that's not related to national
security. You had also asked whether I think that's actually
happening. I think the FBI uses all the authorities it has.
Mr. Jordan. Can I also ask, Mr. Chairman, how many times
has the FBI--do we know how many times the FBI goes into that
database and actually uses information gathered either under
the FISA example that the judge just described or under a 702
example that I described in my previous round of questions? Do
you know how many times that happens?
We'll let the FBI answer. How about that?
Mr. Klein. The Privacy and Civil Liberties Oversight Board
has commented on that, and they said that it's extremely rare
that a query in a non-national-security investigation returns
information about a U.S. person from 702, but we don't know
what the exact number is. Actually, the FBI has been ordered by
the Foreign Intelligence Surveillance Court to count that
number.
So one pragmatic, relatively simple thing the Committee
could do is require that number to be published, obviously not
the details of the individual cases, but that top-line number
could add some transparency. And if the number turns out to be
really low, that might relieve some people's concerns about
this practice.
Mr. Jordan. Do you know that number, or you're currently
trying to ascertain that number?
Mr. Klein. No, no, I don't, but the FBI does, because it
has to report every case where a query in a non-national-
security investigation comes back with 702----
Mr. Jordan. Okay, then you misunderstood. The FBI knows
that number right now.
Mr. Klein. They're counting every case, so they know the
number. And they're reporting it to the Foreign----
Mr. Jordan. But you're not allowed to give it to us today.
Mr. Klein. No. I'm a private citizen at a think tank, so
I----
Mr. Jordan. I thought you were with the FBI. Excuse me. I
hadn't looked at the witness list that close. I thought you had
some affiliation with the FBI.
Mr. Klein. Maybe I look like it.
Mr. Jordan. You look like it.
Ms. Goitein. Could I add one quick thing to that? Which is
I think it's also important, even though the court did not ask
for this, for the FBI to report the number of----
Mr. Marino. Okay. I have to ask you to just cease for a
moment. The Chairman of the full Committee, Chairman Goodlatte,
has to leave after he asks his questions, so then perhaps we
can get back.
So the Chair recognizes Chairman Goodlatte.
Mr. Goodlatte. Thank you, Mr. Chairman. And I have no
problem with going back to Mr. Jordan's questions if he'd like
to pursue them further.
And I do agree that we do need to address that issue with
regard to what Fourth Amendment protections are given to U.S.
citizens whose data goes through this process where it's taken
by the NSA, a portion of that, a small portion, goes to the
FBI, and the FBI saves it over a long period of time. I have
questions both about the long-term retention of it and about
what kind of threshold the government has to meet before they
can use that information in a criminal case. So I think that's
a legitimate issue that we need to consider as we reauthorize
this program.
I also think it's very important that we reauthorize the
program, however. And I want to turn back to Ms. Doss, so maybe
you can get us focused on the positive value of this. Because
it doesn't appear well-understood that the NSA is a Department
of Defense entity that supports the warfighter. And as former
counsel to the NSA, I'm sure you are more familiar than the
rest of us that NSA intelligence supports our military.
So is 702 collection used to assist our men and women in
uniform?
Ms. Doss. In my experience, yes, absolutely, it is.
And former Director of the NSA Michael Hayden, when he was
still there, talked often about the ways in which, in a post-9/
11 world, tactical intelligence and national intelligence were
really converging. Once upon a time, tactical intelligence to
support warfighters on the battlefield was very much about
troop movements.
It still, of course, includes that, but in an era of
asymmetric terrorist activity and asymmetric warfare, as many
of our troops overseas are engaged in, the same information
about terrorist plans and intentions that can protect the
national borders and the broader national security absolutely
has proven critical to protecting the warfighter as well.
Mr. Goodlatte. Thank you.
And, Mr. Klein, I appreciated your comments a moment ago.
I'd like to follow up on the discussion about the Privacy and
Civil Liberties Oversight Board, popularly known as PCLOB. And
I'd like to know whether you believe that the PCLOB still
serves as a valuable independent body for reviewing U.S.
Government surveillance programs.
Mr. Klein. I do. I think it does.
Unfortunately, with only two members and soon to have one
member, because one of the remaining members has been nominated
for a high-ranking position in the Department of Justice, they
do not have a quorum, which means they can't take official
action. So, unfortunately, the Board is effectively paralyzed.
Mr. Goodlatte. How many members of the Board are there?
Mr. Klein. There are five.
Mr. Goodlatte. And how long has it been that there have
been fewer than three?
Mr. Klein. It's relatively recent. The Chairman resigned
last summer, which created its own problems. Only the Chairman
can hire staff under the statute.
Mr. Goodlatte. So is this an indication of a lack of
interest or support in it by first the Obama administration,
now the Trump administration? Or is it just circumstance that
makes it ineffective right now?
Mr. Klein. I don't think it's specific to any
Administration. This is a longstanding problem going back to
when the Board was created. This is back well before 2010, and
the Board scuffled around for years struggling to find enough
members and staff to do its work.
I want to emphasize that this isn't just a privacy and
civil liberties issue, although it is that. It's also an
important issue for our national security. This is an important
part of our case domestically but also to the international
community that we have rigorous and multilayered oversight.
And evidence of that is the fact that the general counsel
of the Office of the Director of National Intelligence in his
letter explaining all of the rigorous oversight we have to our
allies in Europe cited the Board as one element of that
oversight.
So I think even if you support this program, as I do, if
you think it's important for national security, if you want it
to be perceived as credible, we need to keep this board going.
Mr. Goodlatte. Should the reauthorization of the FISA
Amendments Act look to strengthen the PCLOB?
Mr. Klein. Yes, I think it should. I actually have three
specific proposals that the Committee can consider.
The most forward-leaning one is to require, as part of the
FISA Court's annual review, it to certify that the President
has made nominations to fill any vacancies. Now, I think it
should be limited to nominations. We don't want this program
getting caught up in nomination politics. But that would give
Presidents an adequate incentive to staff something that, after
all, doesn't report to the President; you can understand why
it's not the number-one priority.
Mr. Goodlatte. Are these Senate-confirmed?
Mr. Klein. These are Senate-confirmed positions. Four of
them are part-time, but they're all Senate-confirmed.
Two other things that the Congress could do: The Board is
subject to what's called the Government in the Sunshine Act.
This applies broadly across the government to multimember
agencies. But it's a very bad fit for this board, which, after
all, does not exercise regulatory power. We're not talking
about smoke-filled rooms and dealmaking here. This is just
oversight. And four of them are part-time, so they need to
collaborate informally. So requiring them to go through a very
formal process just to hold a meeting really hampers them,
unfortunately.
Mr. Goodlatte. All right. We'll look at that. That's a good
suggestion.
You had a third one as well?
Mr. Klein. Yes, I did. The Chairman is the only person who
can hire staff. So if the Chairman resigns or is otherwise
incapacitated, the Board is paralyzed from hiring staff.
Now, that's not an immediate problem right now, as I
understand it; they are pretty well staffed up. But the Senate
Intelligence Committee has proposed this, and I think it's a
good idea: If the Chair is vacant, allow the other members to
unanimously exercise the powers of the Chairman.
Mr. Goodlatte. Thank you.
Professor Kosseff, can privacy and national security
coexist?
Mr. Kosseff. Absolutely. And I think 702 is a good example
of it, in terms of the various levels of oversight from all
three branches of the government, the development of
minimization and targeting procedures, both by the executive
branch and being approved by the FISA Court. I think that that
shows a real concern for both protecting national security
while making sure that privacy still is at the forefront.
Obviously, all of the procedures can be improved. And, on
the flip side, there's never going to be perfect security or
perfect privacy, and there's always going to be some policy
decisions to be made. But I do think 702, in many ways, is a
model of considering both the very difficult considerations of
security in an era when our telecommunications infrastructure
is very different from the 1978 era, when we initially had
FISA, while at the same time protecting privacy.
So the answer is, yes, absolutely.
Mr. Goodlatte. Some have argued that section 702 must
respect human rights, essentially extending American
constitutional rights to foreign nationals. Do you have an
opinion on extending constitutional rights to foreigners?
Mr. Kosseff. I think that's a tough decision--or a tough
issue that's come up with the ICCPR issue as well as PPD-28.
And I think, in some ways, there are a number of statutory
provisions within 702 that do apply both to U.S. persons and
non-U.S. persons, including the various disclosure limits, the
purpose limits, penalties for misuse. So I'd be concerned about
extending, just as a practical matter of government
surveillance and intelligence operations, and I think on the--
--
Mr. Goodlatte. It would completely change the meaning----
Mr. Kosseff. Yeah, yeah.
Mr. Goodlatte [continuing]. Of intelligence gathering,
wouldn't it?
Mr. Kosseff. Yeah.
Mr. Goodlatte. It would put the U.S. at a severe
disadvantage, since I'm not aware of other major countries that
gather intelligence respecting even the rights of their own
citizens, much less foreign nationals.
Mr. Kosseff. I think it's a tough balance. I think there's
a lot of concern about if the United States is not seen as
adequately respecting privacy of non-U.S. persons, then there
could be implications for the privacy shield, for example.
But I don't have personal experience in intelligence
operations, but I think it would probably create a number of
very difficult logistical issues if we were to do that.
Mr. Goodlatte. Very good. Thank you.
Thank you, Mr. Chairman. And, Mr. Chairman, if you wouldn't
mind, after you've asked the additional questions you wish to,
just adjourn the hearing.
Mr. Jordan [presiding]. Yep. I'd be happy to. Thank you.
Mr. Goodlatte. Thank you.
Mr. Jordan. I want to thank the Chairman for his questions
and work.
The Chairman asked the question, can privacy and security
coexist, but--and I have utmost respect for the Chairman, but
it seems to me the question for this Committee is not that
question. The question for this Committee, the question for all
of us is, is 702 consistent with the Constitution. I mean,
that's the fundamental question.
And, Mr. Kosseff, do you think that that's, I guess, the
appropriate question, and do you think it's actually happening?
Mr. Kosseff. I think it is the appropriate question. And I
think, based on what we have in the public record of how 702
operates, I think that it currently is consistent with the
Fourth Amendment, but I give two important caveats.
First, it's not a static answer. The answer could always
change in the future based on any additional discovery of
operational problems with 702 or how it's being used. And I
think one key to that is figuring out exactly how you analyze
the Fourth Amendment issues.
Mr. Jordan. Yes.
Mr. Kosseff. As I've testified early----
Mr. Jordan. I guess you think it's constitutional, but it
sounds like you think it's pretty darn important to be
skeptical----
Mr. Kosseff. Absolutely.
Mr. Jordan [continuing]. Or be concerned.
Mr. Kosseff. Absolutely.
Mr. Jordan. I would argue that too. I mean, think about
what we've witnessed in last several years. We saw the IRS
target people for exercising their First Amendment free speech
rights, go after people for political reasons. I mean, you
could look at the Flynn situation that Congressman Labrador
brought up.
So, in that context, holy cow, I would almost say we better
be more than skeptical, we better be cynical about it.
Keep going. I'm sorry.
Mr. Kosseff. I think there needs to be constant, rigorous
oversight. I think that there has been, both from your
Committee, the other Committees, as well as the FISA Court, if
you look at some of the changes that have been made to things
like the MCT issue in response to the FISA Court. I think there
has been rigorous oversight. But I think it has to be constant.
And we can't just rest on one assessment that it's operating
fine; it has to be constantly evaluated.
Mr. Jordan. Okay.
Ms. Doss, do you think that's the appropriate question, is
702 consistent with the Constitution?
Ms. Doss. Absolutely. And, in my view, it is----
Mr. Jordan. Okay.
Ms. Doss [continuing]. Both as----
Mr. Jordan. I had a feeling you were going to say that.
Yeah, yeah.
And, Ms. Goitein, what do you think?
Ms. Goitein. I certainly think it's the most important
question. In my view, it's not constitutional, but I don't
dispute the authority of the judges who have said otherwise. I
just think that, as I said, this is a case of the law failing
to keep up with technology. That happens. That happens often.
And it becomes your job to step in and fill the constitutional
gap.
Mr. Jordan. Mr. Klein?
Mr. Klein. Yes, I agree that that's the first question. I
don't think it's necessarily the last question. Even if it is
constitutional, which I personally believe it is--and two
courts have said so--you can ask whether it's wise or whether
there's more information that we'd like to collect.
So, on the subject of incidental collection, which you
talked about before, how much of Americans' data is getting
caught up in this, the Privacy and Civil Liberties Oversight
Board actually recommended five categories of data, including
several of the things that Ms. Goitein was talking about, that
the intelligence community is supposed to collect and report to
Congress and to publish, to the extent consistent with national
security. That's called Recommendation 9.
Mr. Jordan. Okay.
Mr. Klein. That's a good place to start. So there are
things we can do inform----
Mr. Jordan. Let me ask about that, the dialogue you had
with the Chairman on this Civil Liberties Protection Board or
whatever the official title is. I asked you questions my last
round about how many times the FBI queries the database and
they get information that was derived from a 702. Does this
oversight board know that number?
Mr. Klein. Nobody knows the exact number of queries. The
reason is that the FBI does not normally code its queries for
nationality, because nationality is not relevant to most
investigations. I think it would be good to have an estimate of
the number of queries. It's a fairly routine practice,
according to the Board, so the estimate would be high.
Mr. Jordan. So, on the same question I started off--about a
half an hour ago, I asked a question that we sent to Mr.
Clapper about the number of communications or transactions
involving United States persons subject to 702 surveillance on
an annual basis, and we got the response back and said they
couldn't figure that out. Does this board know that number?
Mr. Klein. They don't, no. Nobody knows that number. To do
that, they would have to either go through every communication,
which is simply infeasible, or some representative----
Mr. Jordan. We just heard--I mean, I've got to believe that
the NSA knows that number or they can get an estimate. Does the
Board know the estimate?
Mr. Klein. No. There is no estimate.
I mean, the reason why an estimate might be difficult is
because emails typically don't disclose, on their face, the
nationality of the people communicating. In some cases, you
might have the information telling you the location from where
the email was sent; in other cases, you might not. Even still,
that's not a perfect proxy.
And the question is, to find that out, to find out if the
person is a U.S. citizen, what else would you have to do? Would
you have to use other types of surveillance to get additional
information about who that email address belongs to? That could
create greater privacy harms.
So, while I agree with the motivations behind the letter
and I agree that the estimate would be worth having and a good
thing to have, I do sympathize with the intelligence community
because there are real, practical obstacles that they're facing
in creating such an estimate.
That's why I think we should look at the Recommendation 9
from the Privacy Board. There are five types of information
that are a decent starting point for finding out incidental
collection. Let's get those counts, let's get them public to
the extent possible.
Mr. Jordan. Tell me those five.
Mr. Klein. Let's see. I have them here.
Mr. Jordan. Or have you given us something in writing on
that already? Okay. That's fine.
Mr. Klein. Yeah, I mean, I can read them, but it'd probably
be better to give them to you in writing.
Mr. Jordan. That's fine. That's fine. All right.
Ms. Goitein?
Ms. Goitein. Quickly. The NSA has determined that the IP
address is an accurate enough indicator of a person's status as
a U.S. person being domestically located, or being located
overseas, to use it to filter out the wholly domestic
communications that the NSA is prohibited from acquiring.
If it's accurate enough to enable the NSA to comply with
that constitutional obligation, then it's certainly accurate
enough for the estimate----
Mr. Jordan. It's certainly accurate enough to give us a
count.
Ms. Goitein [continuing]. That we're looking for.
And just one other quick point about oversight and the
importance of oversight, which I do not dispute; I think
oversight is incredibly important. But it's not an end in
itself, and it's never a substitute for adequate substantive
limits in the law. If the law and the rules allow the FBI to
read Americans' emails without obtaining a warrant, then the
FBI could be scrupulously adhering to those rules and we still
have a problem.
Mr. Jordan. Yep. Well-said.
I want to thank you all for being here today.
And the Committee is adjourned.
[Whereupon, at 4:45 p.m., the Committee was adjourned.]
[all]