Suffering under that issue. Many finding they cant keep the insurance play planned and like. Their premiums are rising. Uncertainty is growing about which parts of the law the president will decide to uphold. But in just these few months we have already seen reports of incidents where obama care hasnt adequately protected americans personal data. In one reported instance in minnesota, an Insurance Broker was accidentally provided the personal information of 2,400 people. Moreover, there are many Unanswered Questions about the websites ability to protect privacy Going Forward. Now i expect, in fact, i understand that the standards of the dedicated professionals in our Intelligence Community do not compare to those of the contractors who failed to set up the website that ive referred to. But its easy to see why Many Americans tend to be skeptical, then, that the government can adequately maintain their privacy when it collects vast amounts of information. The president s disengagement on these important matters doesnt help. He claims he was unaware of the problems with the obama care website before it was launched. Now reports say he was unaware of the reported surveillance of many world leaders. As i did back in october, i called on the president to lead. Many of these programs are critical to our National Security. The president needs to contribute to the National Debate by publicly explaining and defending them. Prince, a visit to ft. Meade would help. Im convinced there is a role for Greater Transparency, oversight and accountability in the fisa process. The public trust of our Intelligence Community must be rebuilt. We must ensure intelligence authorities are exercised in a manner consistent with our laws and constitution. These proposals should be subject to the same rigorous and critical examination to which were subject iing these proposals should address the specific concerns that are brought to light. These proposals shouldnt have a terrorist abroad shouldnt provide a feterrorist abroad wi rights similar to u. S. Citizens here at home. These proposals shouldnt make it more burdensome for authorities to investigation a terrorist than it is to investigate a common criminal. These proposals shouldnt return us to pre9 11 posture. The balance between protecting individual liberties and our National Security is a delicate one. And reasonable people can disagree about precisely where that balance must be struck. And thats our responsibility here in the congress of the United States. Our witnesses on both panels today represent a wide range of you. And i look forward to hearing their point of view. Before you start, mr. Chairman, id like to explain further something you brought up that i had a conflict. At 2 30 secretaries im skeptical of that agreement. But i have a responsibility to learn more about it. But i have to weigh going to that hearing to be here because im also, as leader of the republicans, know the importance of fisa and whatever work is done there for our National Security as well. The chairman did accommodate us to some extent by moving this ahead by a half hour. Im going to stay beyond that half hour anyway to ask questions at least of the first panel. I had asked the meeting to be rescheduled, and this chairmans prerogative to lead this committee as he sees necessity to do it. But i think its too bad this could not be worked out so that senators could attend both of these matters together. Thank you. I wish i could be at the other hearing, too. But weve had to reschedule this once already. And everybody has agreed to be here today. I didnt think it was fair to our witnesses to reschedule it again. Besides, a lot of these classified briefings, the one you just referred to, ive had to miss in the past because of conflicts. I find i can usually read almost all of what was said there in the paper the next day anyway. Usually in more detail. I agree with you on that point. Ill share my it kind of makes a mockery of what they call secured. Well, it depends upon whose ox is being gored, i guess its more of a question who can get it out quickest. I do recall one of these very highly classified matters that we had. The very first thing that came out top secret was a photograph of the cover of that one of that weeks news magazines. It went downhill from there. Our first witness is general Keith Alexander whos the director of the National Security agency. Began service at the u. S. Military academy at west point. Previously served as the commanding general of the u. S. Army intelligence in security command. Director of intelligence, u. S. Central command. Of course, general, i thank you for being here. Your full statement will be made part of the record. But in the time you have, please feel free to hit any points you want or summarize any way youd like. Chairman, thank you. Ill keep my opening remarks short. But i would like to hit a few key things. First, nsa is a foreign intelligence agency. Those acts and too manies that we do are to connect what we know about foreign intelligence to whats going on here in the United States. We need tools to bring that together. I want to talk briefly about some of those too manies. And some of those tools, like section 215, in my opinion, and i think in the courts, are constitutional. Were authorized by congress. Theyre legal. Theyre necessary. And theyve been effective. From my perspective, the threats are growing. When we look at whats going on in iraq today, whats going on in syria, the amount of People Killed from 1 september to 3 december is over 5,000 from terrorist related acts in iraq, syria and several other countries around the world. In iraq alone, in 2012 the total number killed was 2,400. From 1 september to 3 december, that has risen to 2,200 plus in a threemonth period. Its on the verge of a sectarian conflict. The crisis in the middle east is growing. And the threat to us from terrorist activities or safe havens and those being radicalized are growing. What we found out in 9 11, and i go back to senator grassley, your comments. We cant go back to a pre9 11 moment. Sir, i absolutely agree with that. So we have to find out what is the right way for our nation to defend ourselves and our allies and protect Civil Liberties and privacy. I think the way were doing section 215 is actually a good model, not just for our country but for the rest of the world. It has the courts, congress and the administration all involved. Why do i say that . The reason is, if you look at all the information that is out there, the billions and billions of books of information that are out there, there is no viable way to go through that information if you dont use meta data. In this case meta data is a way of knowing where those books are in the library and a way of focusing our collection the same that our allies do to look at where are the bad books. From our perspective, from the National Security agencys perspective, what we do is get great insights into the bad actors overseas. Under that information, we can take the information, the to, from. I put that on a little card. It says from number. The to number. The date. Time group of the call. And the duration. Thats the element of information we use in the 215. There is no content. There are no names. No email addresses. From my perspective, that is the least intrusive way that we can do this. If we could come up with a better way, we ought to put it on the table and argue our way through it. The issue that i see right now is there isnt a better way. What weve come up with is can we change one. Senator grassley, you brought out a great point. 9 11, we couldnt connect the dots because we didnt have this capability to say, someone outside the United States is trying to talk to someone inside the United States. We also had people in the administration that refused to listen to fbi agents who had picked up on what was happening here in the United States when they were told its not important, even though anybody with a brain in their head would have known it was. But go ahead. I understand your point. Thank you. Lets stick to the facts. Were not talking about a library. I had my First Library card when i was 4 years old. I understand libraries. Lets talk about the nsa. I think the important part for us, mr. Chairman, is how do you know how do you bring information you know from outside the country to that which we have inside . How do you connect the dots . Thats the issue with the meta data program. There is no other way that we know of to connect the dots. So that gets us back to do we not do that at all . Given that the threat is growing, i believe that is an unacceptable risk to our country. So what we have to do is, can we do more on the oversight and compliance . And there are things that are being looked at. But taking these programs off the table from my perspective is absolutely not the thing to do. I do agree with this discussion with industry as well that you brought up, chairman. Industry ought to be a player in here. They have been hurt by this. And i think unfairly hurt. We ought to put this on the table from two perspectives. Industry has some technical capabilities that may be better than what we have. If they have ideas of what we could do better to protect this nation and our Civil Liberties and privacy, we should put it on the table. And i think we should have a way of bringing government and industry together for the good of the nation. And we ought to take those steps. So, mr. Chairman, i just want to conclude with this statement. Were a foreign intelligence agency. Our job is to figure out whats going on outside the United States and to provide that level of information to the fbi and others who are operating inside the United States. To date, weve not been able to come up with a better way of doing it. Im not wet. Wed, i dont think anybody is wed to a specific program. We do need something to help connect the dots. Something to help defend this country. We think these programs have been effective. Thats all i have, mr. Chairman. Thank you, chairman leahy, Ranking Member quite all right. James cole first joined the department of justice in 1979. Served for 13 years in the colonel division. He later become deputy chief of the divisions Public Integrity section before entering private practice. And was sworn as the Deputy Attorney general on january 3rd, 2011. Please go ahead, mr. Cole. Thank you, chairman leahy, Ranking Member grassley and distinguished members of the committee for inviting us here to talk about the foreign Intelligence Surveillance act. Im going to focus my opening remarks just on the 215 program. As has been mentioned, it involves the collection of meta data from telephone calls, including the number that was dialed, the date and the time of the call and the length of the call. It does not include the content of any phone calls, any names, addresses or Financial Information of any party to the call. And under 215, it does not include any cell site Location Information. The government can search this data only if it has a reasonable arctic ewe labl suspicion that the phone number being searched is associated with certain terrorist organizations. Only a small number of analysts can make that determination. And that determination must be documented so it can be reviewed by a supervisor and later reviewed for compliance purposes. And only a small portion of these records actually end up being searched. This program is conducted pursuant to authorization by the fisa court. Since the court originally authorized this program back in 2006, it has been reapproved on 35 separate occasions by 15 individual article 3 judges on the fisa court. Oversight of the 215 program involves all three branches of government. Within the executive branch, numerous entities and nsa, the department of justice and the office of the director of National Intelligence are involved in assessing compliance. We report any compliance incidents to the fisa court immediately. With respect to congress, we have reported any significant compliance problems such as those uncovered in 2009 to the intelligence and judiciary committees of both houses. Documents related to those 2009 problems have since been declassified and have been released by the dni. Over the past several months, weve also gone to Great Lengths to better explain publicly why the program is lawful. Under section 215 there must be reasonable grounds to believe that the records that are collected are relevant to an authorized investigation to protect against International Terrorism. As both the fisa courts opinions and our own 22page white paper explained, relevant is a very broad term. In its ordinary sense, information is relevant to an investigation if it bears upon or is pertinent to that investigation. Courts have held that large repositories of information can satisfy relevance standard where the search of the whole repository is necessary in order to identify the critical documents. This is precisely the rationale that underlying the 215 Collection Program, and it was recognized by the fisa court. The court found that the entire collection of bulk meta data is relevant to an authorized International Terrorism investigation because it is necessary, a necessary part of the process, to allow nsa to identify phone calls between terrorists and other persons. As judge egans recent opinion reauthorized and the program recognized, and i quote, because the subset of terrorist communications is ultimately contained within the whole of the meta data produced, but can only be found after the production is aggregated and queried using identifiers determined to be associated with the identified International Terrorist organizations, the whole production is relevant to the Ongoing Investigation out of necessity. In addition to compliance with 215, nsas program must also comply with the Fourth Amendment of the constitution. Here the Supreme Courts decision in smith versus maryland is directly on point. In smith the court held that telephone users who convey information to phone companies for the purpose of routing their calls have no reasonable expectation of privacy in that information. Now, the smith case is a number of years ago. And some have questioned the applicability of it because it didnt concern a situation where the government collected and retained the bulk meta data and aggregated it all in one place. However, a recent opinion of the fisa court addressed this specific issue, and it noted where one individual does not have a Fourth Amendment interesting with grointeres interest, grouping together a large number of similarly situated individuals cannot springing into existence. I understand that there is interest in legislating reforms to the 215 program and other aspects of fisa including the nature of the Court Process itself. We welcome this public debate and this public discussion about whether the current version of 215 and other provisions of fisa strike the right balance between our National Security and the privacy of our citizens. Both of which are important and have to be honored. We look forward to working with the committee to address these issues and to find the right balance. Thank you, mr. Chairman. Thank you. Thank you very much, mr. Cole. And our last witness on this panel will be robert litt. Confirmed by the senate in 2009. He served as general counsel of the office of the director of National Intelligence. Prior to joining odni he was partner with the law firm arnold porter. Worked at the department of justice. And has testified before this committee before. Welcome back, mr. Litt. Thank you, mr. Chairman. Ranking member grassley. Members of the subcommittee. We do appreciate the opportunity to appear today to continue our discussions about the intelligence activities that are conducted pursuant to the foreign Intelligence Surveillance act. Its critical to assume that the public dialogue on this topic is grounded in fact rather than in misconceptions. And we therefore understand the importance of helping the public to understand how the Intelligence Community actually uses the legal authorities provided by congress to gather foreign intelligence and the extent to which there is vigorous oversight of those activities to ensure they comply with the law. As you know the president directed the Intelligence Community to make as much information as possible available without certain intelligence programs that were the subject of unauthorized disclosure. Consistent with protecting National Security and sensitive sources and methods. Since that time, the director of National Intelligence has declassified and released thousands of pages of documents about these programs. Including court orders and a variety of other documents. Were continuing to do so. These documents demonstrate both that the programs were authorized by law and that they were subject to vigorous oversight, as general alexander said, by all three branches of government. Its important to emphasize that this information was properly classified. Its been declassified only because in the present circumstances, the Public Interest in declassification outweighs the National Security concerns that originally prompted classification. In addition to declassifying documents, weve taken significant steps to allow the public to understand the extent to which we use the authorities in fisa Going Forward. Specifically, as we described in more detail in the written statement that we submitted for the record, the government will release on an annual basis the total number of orders issued under various fisa authorities and the total number of targets affected by those orders. Moreover, we recognize that its important for companies to be able to reassure their customers about how often, or more precisely how rarely, the companies provide information to the government. And so weve agreed to allow the companies to report the total number of Law Enforcement and National Security legal demands they receive each year and the number of accounts affected by those orders. We believe that these steps strike the proper balance between providing the public relevant information about the use of these legal authorities, while at the same time protecting important collection capabilities. A number of bills that have been introduced in congress including the usa freedom act which you sponsored, mr. Chairman, contain provisions that would require or authorize additional disclosures. We share the goals that these laws and bills provide of providing the public with greater insight into the governments use of fisa authorities. However, we are concerned that some of the specific proposals raise significant practical or operational concerns. In particular, we need to make sure that any disclosures are operationally feasible with a reasonable degree of effort and that they would provide meaningful information to the public. We also need to make sure that the disclosures do not compromise significant intelligence collection capabilities by providing our adversaries information that they can use to avoid surveillance. Mr. Chairman, i do want to emphasize our commitment to work with this committee and others to ensure the maximum possible transparency about our intelligence activities consistent with National Security. Were open to considering any proposals so long as they are feasible and do not compromise our ability to collect the information we need to protect our nation and its allies. And weve been in discussion with the staff of this committee and the Intelligence Committee on some proposals and some alternate means of trying to provide Greater Transparency while protecting our critical sources and methods. We look forward to continuing to work with you in this regard. Thank you. Thank you, mr. Litt. Senator, normally id ask questions at this point. But im going to first ask senator grassley who does want to make the other briefing. Senator grassley. I appreciate very much that accommodation. Mr. Cole, back on october 2nd, i wrote a letter to the assistant attorney or to the attorney general requesting information about cases of willful and intentional abuse of authority by nsa employees. Some of them were referred to the Justice Department for prosecution. Id like to know whether these cases were prosecuted, and if not, why not . I ask for a response by december 1st. Do you know the answers to these questions . And if not, when would i be able to expect an answer . I dont know the specific answers on each of the ones you cited, senator grassley. But were in the process of collecting that information. A number of them were not prosecuted. A number of them involved the risk of further damaging the National Security by having to release more information. Other sanctions were found that were adequate in those cases. But were trying to put together that information so that we can give you an assessment of what happened in those cases. I thank you for that courtesy. Mr. Cole, i want to make sure that i understand the administrations positions on the usa freedom act. In your prepared testimony, that bill isnt specifically mentioned. But in your testimony you state that the administration, quote, does not support legislation that would have the effect of ending the 215 program, end of quote, because the administration maintained that it is a lawful and valuable to protect National Security. The answer may be obvious, but i want to be clear for the record. Do you understand the usa freedom act to be, quote, legislation that would have the effect of ending the section 215 program, end of quote, that you described in your testimony . Senator, the you kind of asked me a legal question. Im going to have to give you a bit of a lawyers answer. Its going to depend on how the court if the usa freedom act becomes law, its going to depend on how the court interprets any number of the provisions that are in it and any number of the additional requirements that are contained in it over whats here now. I think it will have an impact on what is currently done under 215. But 215 covers more than just bulk Data Collection. It covers individualized Business Record acquisition. And depending on what kinds of records are being sought, what the facts and circumstances are, will depend on the nature and extent of the freedom acts impact on it. On the bulk data, i think its going to be a question of the courts interpretation. Right now the interpretation of the word relevant is a broad interpretation. Adding pertinent to a Foreign Agent or somebody in contact with a Foreign Agent could be another way of talking about relevance, as it is right now. Wed have to see how broadly the court interprets that or how narrowly. I appreciate your legal view. Just from a standpoint of how our process of legislation works, and since the president s commander in chief, the number one person in charge of our National Security, i would hope that we would have a Firm Statement from the administration of whether or not this legislation is harmful or not. And it would be better to know that before courts get a decision, which would be years would be now and i think the administration owes that to all of us, both proponents and opponents of what that situation is. Other than my other question to you as well, other than 215, the usa freedom act would also make other significant changes to the tools used to investigate terrorism and espionage cases. For example, the bill would raise the Legal Standard to issue National Security letters to require the information sought be both relevant and material, as well as the information as well as the information pertained directly or indirectly to a foreign power or an agent of that power. This is a change from the current standard, which is mere relevance. Question, what operational effect, if any, will these changes have on the ability of your department and the fbi to protect the nation from terrorist attack . Senator grassley, probably the largest effect that it would have on the nsl situation is the addition of the requirement that it be relevant to or there is information that it is connected to a foreign power. Many times nsls are used in a very preliminary stage of an investigation in order to determine if the person whos being looked at is, in fact, a foreign power or an agent of a foreign power. And so the question is sometimes being answered through the use of National Security letters. If you must answer that question before you can get a National Security letter, it would reduce the availability of those of that tool in terrorism investigations. Thank you, mr. Chairman. And i have two questions that ill submit can i answer one more . Mr. Litt, one of the issues this committee has been looking at is whether or how to add more of an adversarial element in the fisa Court Process. The chairman invited a former fisa court judge to be a witness at our hearing in july. Judge james karr explained in his answers to questions for the record that he did, quote, not believe that having independent counsel review all Government Applications before the fisk would be necessary or desirable, end of quote. This appears to be reflected in the legislation passed by the senate Intelligence Committee, in contrast, as i understand it, the freedom act requires the government to provide every application to the advocate. Question, between the different advocate proposals in the u. S. Freedom act and the senate Intelligence Committee bill, which do you believe is a better approach to making the fisa Court Process more adversarial, and why . So, senator grassley, since the department of justice is the agency that really conducts the litigation before the fisa court, im going to defer the answer to that to Deputy Attorney general cole. Although i will say that theres been a lot of interagency discussion about the appropriate approach there which i think he can lay out. Senator grassley, i think weve said on a number of occasions, we find that there is a use and a value to having an independent legal representative in the fisa Court Process, in the appropriate circumstances. We would not advocate or recommend having one for all of the procedures that go on there. Many of them, like in normal criminal cases, are routinely done in an ex parte basis. Theyre done usually with a fair degree of expedience and efficiency. And we think a permanent public advocate might impede that process some if its applying to every single thing thats there. There would also be, i think, some constitutional issues of standing for a public advocate on every single issue. We would propose that it be an amicus appointed by the court. When the court feels that they have the need for another perspective and another point of view, when its a significant issue involving privacy issues, civil liberty issues, that the court would like to have another view on, that would be a good example of a time. Something like the bulk Data Collection programs where somebody may want to have a view of what the law is other than the governments view, we think that would be a good area. But i think the courts in the best position to determine when and where its going to need those kinds of things and do it only for those issues. General alexander, itll take you five seconds to answer this question. As our hearing in july your Deputy Director testified that the nsa conducting an investigation into highly classified information was compromised by a single contractor. He stated the nsa would report back to congress about the individual on systemic responsibilities of what occurred. When can we expect that report. Well send that up right away. Weve actually taken 41 different actions. Well get that report on what those are. What is right away . Over the next week. Okay. So well have it by wednesday. Thank you, mr. Chairman. Next wednesday. By then. Thank you. I go to this last question about 215 phone records and fisa courts or fisk courts or so on. Its been said these laws have been authorized. Theyve never been up on appeal. Weve never had an Appellate Court rule on them. The bill that i have does not require an advocate in every fisa court case. It would be only when the court agreed that it might be helpful. We also have statements from judges that if that was the case, there might be more credibility with the courts. Or at least more of a willingness on the part of the public to accept courts that operate in secret. Would you agree with that, mr. Cole . I think that that would help the public have better confidence. I think the court does run well. I think theres a great deal of independence from my experience with the court in its rulings. It is not by any means a rubber stamp. But i think theres a value with the public to having some other person, some other advocate, in the appropriate kinds of cases. And i think theres a value to that, senator, mr. Chairman. So i think that is a good idea as long as we keep it into the in the right matters. So i would agree with that. Senator klobuchar will submit questions for the record. The cell phone location records. Its reportedly gathering information or Communications Information from Online Gaming sites. The stories suggest the activities are directed abroad. We know the nsa was making plans to obtain cell site Location Information under section 215. We also know that the nsa engaged in bulk collection of internet meta data under the fisa pen registered statute. It suggests to me under that kind of legal interpretation of fisa the nsa could collect the same amounts of information domestically that this Research Suggests theyre collecting abroad. Mr. Litt, maybe i should direct it first at you. I know the program authorized the bulk parts of Internet Data was shut down in 2011 because it wasnt operationally useful. But under the current law, would the nsa be able to restart the bulk collection of Internet Data . If the nsa and the department of justice were able to make a showing to the fisa court that the collection of internet meta data in bulk, which, of course, is a category of information thats not protected by the Fourth Amendment, that if it were relevant to an authorized investigation and could convince the fisa court of that, then, yes, it would be authorized. It was shut down before as not being operationally useful. Would you have to go to the court . I believe to restart the bulk collection of Internet Data, would you have to go to the court . I believe we would. Mr. Cole . Yes, mr. Chairman. Under the fisa statute, i think you would have to get Court Authority just like you would under 215 to be able to do that. And that would only last for a period of time. It would have to be renewed periodically. Theres no active authority for it right now. Thank you. Setting aside any techny logical limitations, would the fisa pen register statute authorize you to obtain all internet meta data, not just email meta data . I think that is correct. Again, it would be limited to the meta data in that regard. If i could just add on that. If i could just make sure i understand mr. Coles answer. The only limitation would be that it would be meta data . It cannot be content. In the latest order of the fisa court under 215, it specifically excluded cell site location as well. I was going to add only that youd have to show that the categories of meta data that youre seeking was, in fact, relevant to the authorized investigation. Mr. Cole, youve talked about the legislation that senator lee and i talked about to update the Electronics Communication privacy act. We want to require in criminal matters, im talking just about criminal matters now, the government obtain a probable cause warrant to gain access to the contents of electronic communication stored by a Third Party Provider. Section 215 of the usa patriot act requires the government to show only relevance to an authorized intelligence investigation or to obtain records. Im not talking about bulk collection. But the more standard usage of 215. Has section 215 ever been relied upon to obtain the contents of stored communications from a Third Party Provider . Not that im aware of, mr. Chairman. Mr. Litt . Im hesitant to give an answer to that just because its not a question ive ever asked. Id prefer to get back to you on that, sir. I just dont know the answer sitting here. Can you get back to me by the end of the week . I will try. If they havent, as a legal matter, could section 215 be used to obtain the contents of communication . I would have to think about that. Considering that it is the its limited to the types of information you can get with a grand jury subpoena, id have to look. Because of the aspects of stored communications and things of that nature, id have to check. But im not sure id have to go back and look at that. So without a check of the legal authorities, ill get back to you on that, mr. Chair. And i appreciate you checking those. I think you understand by the question i yes. There are some serious legal ramifications to your answer. I agree. Good. Were going to go to senator franken. But general alexander, you talked about using and ill get to you in my next round about going to the private sector and looking for best practices from them. You can imagine im going to ask if those best practices had been use e used, would a 29yearold contractor been able to walk away with all your secrets like mr. Snowden did . Senator franken . Youre going to ask that in the next round . Sure. Do you want it answered now . I mean no. Thats okay. Youve been waiting patiently. Ill wait my turn. Well, okay. Gener general, youll have plenty of time to think about that. Except i have a question for you. Lets see if you can do both at the same time. I have a bill, too, surveillance Transparency Act that i think youre all familiar with. Among other things, general alexander, the would require nsa to tell the American People how many of them have had their communications collected by the nsa. Do you think the American People have the right to know, roughly, how many of them have had their information collected by the nsa . I do, senator. I think the issue is how do you describe that . Those that are under a court order so under fisa, as you know, to collect the content of a communications, we have to get a warrant. The issue would be almost in the title iii court. Do you tell someone, a u. S. Person, who may not be a u. S. Citizen, that were tracking them here in the United States or that we have identified that. Im not suggesting that you have to tell people theyre being surveilled. That they personally are a suspect. What im saying is the American People have a right to know how many American People have had their information collected. Thats a different question. I wasnt suggesting we tip people off that are suspects. Yeah, so i think in broad terms, absolutely. And let me give you an example. In broad terms . Yeah, so for example, under 215 today, less than 200 numbers are approved for reasonable arctic you labl suspicion. Thats 200 orders or 200 people . 200 numbers. Some of them may be multiple numbers per person. Those numbers could be both foreign and domestic. In fact, they are. But thats the total number for that category, for section 215 today under that program. The other one that i think and i think the Deputy Attorney general mentioned, we can also put out more about what were doing under the faa 702 program, that weve compelled industry to do in a more transparent manner. The issue is how do we do that without revealing some of our own capabilities. Were working through the inner agency to get a resolution on that. Did i say that right . Okay. Im being told by staff that thats actually the number of people that have had their phone numbers searched, not collected. So under 215, all the data is going into repository. Metadata. So if, for example, im talking to a foreign terrorist, my number would automatically hit that link. In fact, you probably would want to know that. I know the white house would. Right, we need to know that. Thats right. So the issue would be, how many of those . We would look at those, and based on our analysis, give those numbers that are appropriate to the fbi for them to then go through their appropriate process to look at those numbers. Okay. Theres a difference between collected and searched, but thats okay. But lets talk about 702. Thats supposed to target nonamericans, right . Foreign persons. Reasonably believed to be outside the United States, correct. Right. Are americans shouldnt the American People know how Many Americans have gotten caught up in that . That, again and i dont mean to hedge. Let me just tell you the difficulties. If a terrorist that were going after is talking to another person, in that communication, theres nothing that says, im an american and heres my, you know, my Social Security number. So the fact is, when were tracking a terrorist, if theyre talking to five people and one of those is american, chances of us knowing that are very small. If we find out thats an american, then there are procedures the attorney general and the courts have given us that we have to do to minimize that data on that american. Okay. Well, i guess my question is, my bill calls for the nsa to report how Many Americans information has been searched, has been looked at by agents. And im not talking about necessarily a precise number, but 702 says that you can only look at nonamericans. And look, my feeling is this. The American People are skeptical of executive power. Right. That when there is a lack of transparency, they tend to suspect that something they tend to be very skeptical and suspect abuse. And part of the reason to have transparency is for people to be able to make their decisions based on some real information about whether or not this power is being abused or not. Now, i believe that you gentlemen have our National Security at interest. Thats your interest. That is your interest. But i also believe that you know, you keep saying theres oversight from all three branches of government. Were one of the branches. Were doing the oversight, okay. Were feeling it. And my feeling in doing the oversight is that i would be more comfortable and the American People would be more comfortable and feel that they can decide for themselves if they knew how Many Americans were being caught up in a program like 702 that is designed by law not to target americans. So i think, senator, absolutely. I would just put into this that what were going to do is if asked to do that, were going to give you faithfully and truthfully that which we know. My concern would be two days later we find out that was also an american. So we could report that later, but were not doing to do you see what i mean . What im talking about in my legislation isnt a precise number. Its a range. And what ive been told by odni is that producing this estimate would be very difficult, but i dont think it would be that difficult. So maybe i would just offer, senator, to have you come up and we could sit down and show you this and come up with perhaps a way to do that. Because i do think actually, i agree with you. I think this is the right thing to do because the number isnt that big. I think if we could explain it to the American People and you as one of our three elements of our government, could say heres what we see and heres what the administration sees and heres what the courts and all three of us together say thats the best number we can come up with. When the American People understand that, theyll know were doing this right. So i agree with you. I see mr. Litt, who i know quite well, weve discussed this a lot, sort of jumping out of his seat. No, im firmly planted, sir. Well, eager to answer. Thats why im afraid ive run out of no, im sorry. Go ahead. I see that youre ive never seen him this eager, frankly. Mr. Chairman, if i might for a minute. This is a good example of the thing i was talking about in my opening remarks. I think we all agree that the question you pose is a reasonable one, which is how Many Americans are being caught up in this . The problem is trying to find a way to provide that information in a manner thats both operationally feasible and doesnt compromise sources and methods. Weve got some ideas in that regard. Theyre not fully fleshed out yet. We want to work with your staff and see if there are ways we can arrive at something that will give at least some sort of reasonable proxy that gives americans the impact of this surveillance. Thank you. Im glad ive got this answered today. This has been part of my discussions with odni where you said this may be too difficult to do. But it sounds like weve got a little bit of movement on this. I want eed to ask a question abt what you were referring to, mr. Chairman, about Location Information, but i really am way over my time. Thank you for your indulgence. This is on the capacity issue. General alexander, in a he hearing let me go beyond that. Last week the Washington Post asked an intelligence official speaking on the record to estimate how Many Americans had had their Location Information collected by the nsa. The official answer, quote, its awkward for us to try to provide any specific numbers. Right after he said that, the article says that an nsa spokesman interrupted the conversation to change that answer. Do you believe its difficult for this administration to estimate how Many Americans have had their information collected, or do you think its awkward . I think its difficult, but i think were talking by each other, if i might explain. Okay, good. You should the Business Record fisa, there was a series of questions on cell site Location Information that others have asked. We have walked down that road. As you know, thats one the courts said were not going that, we dont do that. There has been a few records that were done to check to see if technically it could be done. That was the first set of issues on the Business Record fisa. So there is no cell site location data under Business Record fisa were using today, period. Second, if an american travels overseas and communications are collected, the chances are in that collection, we may not know thats been collected, that its an american position. But if you collect, youll probably get the cell site location with that. The issue would be, how many of those have been collected. The answer is were really not looking for that. It may have been collected because they talked to, you know and i dont mean any of these people are bad. You seem to point to them a lot. I just want you to be careful because theyre right behind you. But i am concerned, senator, that in that case, we wont know at all who are the americans and who arent in those issues for the same reason before. But what we can tell you is i think good numbers on those that we target overseas that are americans under those procedures that we have. We can give you those numbers. 703, 4, and 5 that fall into that. I think thats, perhaps, what were really looking for. Does that make sense . Yes. Thank you. Mr. Chairman, thank you for your indulgence. I also want to go down to the briefing. Thank you, gentlemen. Say hello to everybody for me. I will. General, ill go back to the question i asked, and not facetiously, i assure you. You said that your work with private industry and proving techniques and so forth, and i assume you would. Lets go back to the snowden case. As you know, ive expressed grave concerns about how a 29yearold subcontractor can come walking in, and that your system of checks and balances and all was not good enough to stop him from walking out with a huge amount of data. I see something similar, all the different type of data, when our own state department and department of defense put huge numbers of highly classified and highly sensitive cable traffic from some of our embassies into one location where a private first class, i believe he was, was able to go in and take it all out on a lady gaga cd. And we know the enormous, enormous problems caused to our diplomacy and the security of a lot of americans and our allies because of that situation. Ive never found anybody to say what we ever gained by putting all that material in one place. So now we go to the snowden case. Whether somebody thinks hes a hero or a villain is not so much the question as it is, i think we can all agree, that a lot of the material that has been released because of him has been very damaging to the United States. Its certainly been damaging to our allies, our relationships with our allies. I realize as you and others do that some of our allies have said how terrible it is were doing this. Has to make one think of the scene in the movie casablanca. Im shocked to see this going on knowing theyre doing very similar things. But having said that, there were things that created great problems for us. So any question is, first, have can you say with confidence that you now have checks and balances at nsa to stop this from happening again . And secondly, has anybody been disciplined at nsa for dropping the ball so badly . So first, chairman, on the checks and balances and the things weve done, thats the 41 different actions that i discussed for senator grassley that our Technology Director is using. That does employ best industry and best practices that we have. It has drastically improved that capability. These are subsequent to the snowden thats correct. This is all since the snowden thing. This gets into compartmentalizing and encrypting data to creating communities of interest. And we do have three cases that were currently reviewing, working our way through that i dont want to prejudge given my position, that we will fully inform this committee of action weve taken once that action is complete. So we are doing that. Now, first off, those 41 steps or 35 or whatever, i would hope that this makes it better. The obvious question comes up. Why werent these steps taken before . Was it because there is a sense of confidence that we are the nsa, we will not make a mistake, or was it just well actually, chairman, the reason is happened is his job was to move data. He was the person who was to move the books from point a to point b. He was the share point server, web server administrator. His job was, in fact, to do what he did. And therein lies part of the problem. We had one individual who has a responsibility to move that data who betrayed that trust. We believe that they would execute that duty faithfully and in a manner that everybody had agreed should be done. To use your analogy, general, let us say i run a company that sells millions of dollars worth of diamonds. Im going to have to transfer them from my warehouse in this state to my warehouse in this state. Now, am i negligent if i say, boy, look, we got this 29yearold subcontractor, heres the keys to the car, the truck that carries all these diamonds, get them there safely. By the wary, heres a map. Or is it better off i have two or three people who check on how it gets there . So prior to this event, it was standard that one person would do one job and hed have backup help. Youd have oversight of that. But in doing that job, its very difficult, if not impossible, to see that person replicates a copy of what he took. A little bit different than in the diamond case, but your point is well taken. You wouldnt give the guy the keys to the car to drive your diamonds across state, especially when you didnt know him. In this case, what weve done is input a twoperson rule just like you would for that for these specific issues. Youll see that in parts of the writeup. I would also point out one of the notes i got is from the wikileaks. We were all implementing the wikileaks issues that had been found through the inner agency process. So we were implementing that. This specific vulnerability that he exploited was not found in the wikileaks area. And there were some specific things that id prefer not to go into here because can i suggest that theres still going to be people out there who are going to want to find more things . Would we both agree on that . Absolutely. And can we also agree that the vast majority of people work with you, and i do believe this, are very honest and would not want to do anything to betray the country they serve. Is that correct . Absolutely, chairman. Thank you. I talked about the Collection Programs. Thats one thing. The other thing is do we really need to be collecting massive amounts of data on innocent americans just to keep us safe . Just simply because you can do something, does it make sense to do it . We had a question entirely different before this committee once when i raised the question about roadblocks being set up by our border people in vermont and one of our interstate highways about 40 or 50 miles from the canadian border. They said with great enthusiasm that, well, over a period of x amount of time, they found four or five Illegal Immigrants and collected x amount of marijuana and some cocaine. I said, wonderful. They spent a huge amount of money to set up this roadblock inconveniencing everybody. I said, look how much more you could collect if we set those roadblocks on every single bridge coming into washington, d. C. In the morning. A couple hundred thousand, 200,000 people come in from maryland. A number from virginia and west virginia. Unless we have something cataclysmic like two inches of snow. Then of course we have to close. Vermont, anything under ve inches of snow is called a dusting. I digress. But the fact is but not much. The fact is, if we set those kind of roadblocks, wed collect hundreds of Illegal Immigrants. We would collect huge amounts of illegal drugs. And probably other contraband. Would we do it . No. I mean, the place would come to a screaming halt, and there would be those people who are totally innocent who might be screaming about it, including chairs of various oversight committees. But my point is, weve already established that the 215 section phone Records Program was uniquely valuable in one terrorism case. The nsa shut down a Collection Program related to internet metadata because it wasnt meeting operational expectations. And i was concerned learning nsa has done an assessment on the effectiveness of about collection under section 702 despite the fact the program mistakenly led to the collection of thousands of domestic emails, including their contents. We can do a huge amount, but then at some point you have to ask, what did we get out of it . So general, id ask you this. Shouldnt the nsa assess the utility of its various collection methods in a systematic way, especially if they pose a risk of obtaining Americans Communications . I mean, the question would be very simple if we were talking about going into everybodys home to look at their letters and their files and their those personal things. But somehow were looking at it different by because its out there electronically. Senator, chairman, that was exactly why under the pen register trap and trade the email Metadata Program when we looked at that, we and i was the key nsa official to say this program does not meet the Operational Requirements for the amount that were putting in, and we recommend to the dni and the white house that we stop that and inform congress. So we made that operational decision based on what we got for what we put into it to what it cost us. Were doing the same on the Business Records, fisa, the Metadata Program. Heres the issue quite candidly youre doing that now on the prtt . We did the prtt back in 2011 when we stopped that program. That was based on my recommendation based on working with our people to look at what were doing. Did you find any terrorism plots . With the pen register trap and trade . Id have to go back and get you the specifics on that. Thatll take more than wednesday, though. But i will get you that answer. Okay. Because im thinking when the Deputy Director testified, there was only one time where section 215 right, so now were going to 215. The issue i have on 215 and why i am so concerned, i agree that what congress, the courts and the administration had given us here is extremely intrusive taken in its whole, but the way weve put the oversight in compliance and the regiment we have around it and the oversighted in congress ensure were doing this right. The frequency that we look at that, less than 200 numbers now approved, and less than 300 for all of 2012, from my perspective, that shows that were being judicious in how we do it. There is oversight by all three branches of the government and complete audit ability in every action that we do. We cant we dont have a better way of doing this. That goes into that question of industry. So my question is, i dont know a better way to do it. And im being completely candid. Im concerned with all that our countrys going to face, that we will have failed the nation if an attack gets through. So youve asked us to do that. I cant think of a better way. I think this is where industry do they have a better way of doing it . We ought to put it on the table and argue that through all branches of the government. Nobody has come up with a better way. And so thats my concern with the Metadata Program we have today. I cant think of a better way. Its like holding on to a hornets nest. You know, were getting stung. Youve asked us to do this for the good of the nation, to defend the nation, to get the intelligence we need. Nobodys come up with a better way. If we let this down, i think well have let the nation down. So thats why im concerned. General, i realize the world changes, but i think back to my days as a young prosecutor, and without going into war stories, i remember when as a member of the executive board of the national das association, we had a meeting with j. Edgar hoover. Four or five of us, we went across the spectrum politically. We were all chilled by what we heard from him, his disregard of the constitution, his willingness to do things he explained to us, theres no such thing as organized crime in america, even though of course theres a massive organized crime operation at that time. But we had to fear communists. He even suggested to us that the New York Times in its editorial policy was very close to becoming a communist newspaper and he was about to investigate it as such. Im serious. Im thinking what it would have been like if he had the power that you and the nsa have. And thats i had a friend who died in the towers, 9 11. I think about that all the time. I think of my wife who is a medical surgical nurse at arlington hospital going there, even though shed retired, to volunteer to help with the wounded coming from the pentagon and told there were no wounded. You were either alive and walking or you were dead. There was nothing in between. These things sere in your mind. You dont want this to ever happen again. But i also think of the j. Edgar hoover type thing. I think as an american, its very easy to go to another country and complain to them about their police state. Im not suggesting thats what you are, but their ability to go and listen in on everybody, search everybody. We give up a lot of our privacy in this country. And frankly, i worry about giving up too much. And can we be totally secure . Of course we cannot. You cant be totally secure going out to dinner in the evening from some random shooter, who isnt even aiming for you. So, i mean, i look at the administration declassifying a number of fisa Court Opinions. They get credit for doing that, but theres been no release of any fisa Court Opinion from the 2006 time period contending legal and constitutional analysis of the section 215 phone Records Program. Is that because it didnt exist or hasnt been declassified . And i ask this question and ill let mr. Cole give me an answer to that at some appropriate point, but i really feel that our oversight has not been adequate or that so much of it is done secretly that its too easy to say, if you knew what we knew, you wouldnt ask us questions. And i worry as Technology Gets greater and greater the temptation, whether its this administration, the next administration, or the administration after that, for people to misuse it. So i know ive been critical of these things. I hope none of you take it personally. But as a vermonter, im very concerned about my privacy and everybody els. Did you want to add anything mr. Cole, mr. Litt, or general . Mr. Chairman, you know, i think that we are all concerned to make sure that we get this balance right and that an important part of that balance is transparency to the American Public, keeping their trust in what were doing, making sure that while doing that we dont compromise our abilities to be able to use classified techniques that will help keep them safe. But thats theres a tension between those two. And there always has been. And finding that right balance is always something that is difficult, but it is our job. And it is our collective job in all three branches of government, including with oversight from the United States congress as a very important part of that. So i think the path that we are on now is very much the one youre describing of trying to make sure that we find that line and find that balance of giving the information that we can give providing the transparency while maintaining the operational integrity of what were doing. We shouldnt be saying to you, particularly from an oversight function, if you only knew what we knew, you would say were doing fine. We should be in a position to be able to tell you what were doing. Mr. Chairman, if i can just add a couple points. The first is, as im sure you know, theres nobody in the Intelligence Community today who operates on the assumption that you ascribed to j. Edgar hoover before that i dont care what the constitution says. Everybody is singularly in focus on complying with the constitution and the law. As you know, in all the material thats come out, theres been no suggestion of any willful abuse or violation of privacy of people. The compliance violations that have occurred have been technical. Theyve been unintentional. Nobodys been out there attempting to illegally spy on americans or anything else. But the other point i want to make is sort of a more philosophical one. Because the point you raise about worrying about the next person is of course something that was a concern all the way back to the framers of the constitution, which is why they set up the constitution with checks and balances to try to ensure that the innate fen den si of human beings with power to seek to abuse that power is checked. Thats what weve tried to accomplish within the Intelligence Community with the degree of oversight that we have. The number of people who are looking over other peoples shoulders, the number of reports that have to be done, the technological controls we have in place. As general alexander said earlier, if there are ways we can do that better, were open to that. Wed like to ensure that theres oversight that is sufficient to persuade the American People that we are doing the right thing on their behalf. But we do think its important that the in considering what to do we dont throw out that the baby of National Security with the bath water of oversight. And if there are better ways of doing things, if theres any Silver Lining in the snowden matter, you are taking, as i understand from general alexanders testimony, you are taking the steps to make sure that colossal mistake wouldnt happen again. Were going to do our best. General . Chairman and after you speak, general, im going to turn the gavel over to senator whitehouse. Hes a nicer person. Chairman, first, two things. As you correctly stated, there was one unique case under 215 where the metadata helped. There were seven others where it contributed and four where it didnt find anything of value and we were able to tell the fbi that. Now, that last part of value, i want to point that out. This summer there was a big issue on terrorism that we all went through. This program helped us understand was that focused on the United States or elsewhere. We used that program to determine none of those leads were coming into this country and were able to focus our efforts elsewhere, which really helped both the Intelligence Community and the fbi in that case. The second part, you know, ive been in this job for a little over eight years. And my experience from dealing with the people that we have, dealing with congress, the courts, and the administration on this is our folks take the constitution to heart. We have to we see this as two roles. Defend the nation and protect our Civil Liberties and privacy. Everybody at nsa, including myself, takes an oath to that constitution that well support and defend the constitution. And you know the rest of that. And i would tell you that the oversight we have, especially by the courts, ensures that what happened that you brought up will not happen here. From my perspective, we have great oversight in this program. And at times, i complain that the oversight was so robust that it was crippling, but now you can see that everything that weve done, all the things that have come out, were either selfreported or brought out. They werent revealed by snowden. We had already reported those incidents. I think you can see that were acting well and faithfully to discharge those duties. Just to correct one thing to add to what bob said. There have been no willful or intentional violations under the 215 or 702. As you do know, there were 12 under executive order 12333. In both cases, all the violations we know about weve selfreported. Some of those we knew would be significant. We brought them up to the white house, to the dni, to the department of justice, to the courts and to congress. We made a mistake. These were not intentional. They were significant. And youve read the court things and you read some of those. But from my perspective, i think we should take great pride in the fact this agency in every case reports on itself, tells you what it did wrong, and does everything we can to correct it. Thank you. Senator, why dont you take over here. I apologize to the next panel that im going to i may not be able to get back. Im going to try to. You want to take the seat here . Sure. Ill do that when the panels shift. But let me just take a little bit of time myself right now with this panel before theyre excused. First of all, we are at a time where we have entered a new technological era. The era of big data. And ill loosely and unprofessionally define big data as the ability to have enormous amounts of data that dont get looked at and figure out once theyre aggregated how to search for things in that big heap of data. That raises questions about whether the aggregation is a search or not a search until a human being actually asks a question and the information gets to another human mind. Some of these are pretty difficult questions we have to work our way through. I think the attention the committee is paying to this is a very sensible attention. But our National Intelligence establishment is not the only group that is playing in this big data area. We all know that google and other private sector providers are very, very actively in big data, data mining and doing things like that. What can you tell me about what other governments are doing without ses if iing names and releasing any security information. I take it that other foreign sovereigns are doing very aggressive things in this space to try to pull as much information as they can as well out of the cloud and out of the capacities of big data. Whod like to take that . General . Senator, i have some experience in that. My opinion, none of them have the oversight by all three branches like we do. Either their parliaments, congress, courts and their administration. Understood. My point is that theyre all out there doing it. They do. Well, not all. Well, the ones who have capability. The most powerful ones all do it. Thats right. And if we were to pass a law that prevented our intelligence and defense establishment from operating in that big data atmosphere, we would be essentially unilaterally disarming in an arena in which other governments are very active. Is that true . Thats true. In fact, i think some have likened it to because we have a powerful Intel Community or powerful navy, we would tell our submarines to surface in those areas where people their subs arent as good. So theyre and the actual collection of data in the sense that it is brought to the awareness of a human mind somewhere has to be overseen very scrupulously. As i understand it, this operation is overseen by multiple inspectors general, multiple general councils, multiple federal executive agencies, nsa connects in ways that provide varying levels of visibility, but in most cases complete visibility to our department of defense, to the fbi, to the department of justice, jim, to the odni, the office of the director of National Intelligence, to the president , to the National Security council. So theres considerable attention that is being dedicated to this. We have a court that is dedicated to this that reports to the Supreme Court. We have this legislative committee, the senate Intelligence Committee and the house committees. So its hard for me to think of whatever we might do to add to the level of oversight. I think we may make it more efficient and effective, but i dont want anybody to leave this hearing thinking we just kind of leave this question to the nsa. We have built a system in which every branch of government and within those branches of government, in many cases multiple different agencies and in some cases within those agencies and some independent sectors all compete to have a look and make sure the right things are being done. So ill let you all go. I appreciate what youre doing. I understand that we need to get this right. But i think it would be a mistake to yunilaterally walk away from the realm of big data to protect our National Security when were perfectly comfortable with private companies doing that to make money and to find out more about us so they can market to us better and when foreign governments are energetically penetrating this space in order to accomplish similar results. And i think nobody should leave this hearing not aware that the layers of oversight and checking and double checking and triple checking that are done here are very, very rigorous and considerable. I know you have to live with that all the time. If youd like to make any closing comment to that, you can do that. Otherwise, ill let you go. I think you summarized it very well, senator. All right. Well leave with that. I appreciate very much you all being here. Thank you for your service to our country. Thank you, senator. Well take a minute and call up the next panel. It was hard to get bob litt out of here, professor. He loves it so much being in front of us. All right. Let me ask the panel to stand to be sworn. Do you affirm that the testimony youre about to give to this committee will be the truth, the whole truth, and nothing but the truth so help you god . Thank you very much. Please be seated. I am delighted to welcome our second panel on this important issue, and why dont i just go right across the table and ask each of you to make your Opening Statements and well do collective questions at the end. We may be rejoined by a number of my colleagues. This is the time that the Administration Briefing on iran is taking place in the classified area. So obviously thats of interest. Well start with ed black, who has been the president and ceo of the computer and Communications IndustryAssociation Since 1995. He previously served as chairman of the state departments advisory commit on International Communications and information policy, and he worked as chief of staff and legislative director for two members of congress. Mr. Black, welcome. Please proceed. Thank you, senator whiteho e whitehouse for the opportunity to be here. Thank you, senator whitehouse. This is an important subject. I want to start out by just pointing out that 16 years ago the white house charted a course for a vibrant internet economy into perceptive magazine report. The first u. S. Government policy statement addressing the needs of internet commerce. That policy statement correctly identified user trust as the foundation of internet commerce. It noted, quote, if Internet Users do not have confidence their communications and data are safe from unauthorized access or modification, they will be unlikely to use the internet on a routine basis for commerce. That may sound rudimentary today, but we should not take for granted decades of progress in kree yagt security and fostering user trust. And we should not discount out easily that foundation can be damaged. The broad nsa surveillance regime and the way it has been received internationally has harmed u. S. Companies, u. S. Competitiveness, and the internet itself. The u. S. Government must be proactive in addressing these concerns. The status quo is no longer an option. If we do not act, we will put at risk our Economic Security and undercut our diplomatic ability to influence the future of the internet. Therefore, mr. Chairman, c, i supports the usa freedom act and look forward to working with the commit and staff on this important piece of legislation. A healthy Global Internet is a source of american competitive advantage. The u. S. Itc documented a growing digital trade surplus. Our Global Competitiveness is not just good for commerce. It is an essential component of our longterm National Security. The internet doesnt only benefit the u. S. , however. The open internet provides great global commercial benefits. The internet economy in g20 countries is expected to reach 4. 2 trillion by 2016. 21 of Economic Growth in mature economies over the past five years is attributed to the internet. Traditional industries are the beneficiary of 75 of the economic value derived from the internet. Thus, we should not underestimate the internets role in Global Economic development, which in turn has its own security benefits for the United States and the rest of the world. The nsas practices clearly impact the business of u. S. Internet companies. So much of online commerce today is fundamentally based on trust. If users are going to turn over very sensitive, personal, and confidential information to accompany email and other cloud services, they need to believe the company will act as a responsible steward of their data. Although, traditional debate on utility of broad surveillance has focused on hard power arguments, one must not overlook the effect on soft power. It is important to recognize the dramatic effect these revelations have had on our international and diplomatic authority. Particularly in regard to the future of internet governance. Last years conference showed us that through this deep International Division of over whether to subordinate the open internet to world governments, including repressive regimes, the u. S. Needs to be a beacon for freedom and openness in this battle. Given these risks, we propose enhanced transparency and procedural reform, clearer protection for americans, and baseline protections for international users. With regard to transparency and procedural reform, we think all governments should share with citizens meaningful information about their surveillance laws, their legal interpretations, and judicial procedures that govern the exercise of this powerful authority. Of course, the u. S. Cannot demand this from others unless it leads by example. Furthermore, companies should be permitted to disclose publicly to their users the precise volumes of requests from governments. Businesses should not only be prermted to release transparency reports but encouraged to do so. We categorically reject the notion that open government will cause undue damage to security. Transparency and criminal surveillance have been the norm for years and have not appeared to materially affected Law Enforcement. In order to present a robust check on the government, the fisc must also evolve to include a wellresourced advocate to provide an alternative view point, particularly in situations involving novel questions of law. Second, focusing on protection for americans. Federal laws addressing the circumstances in which the government may collect american data for National Security purposes are badly in need of reform. Collection of metadata is one area that is most obvious as it reveals a great deal of sensitive, private information. Furthermore, important First Amendment rights of association are implicated by the government assembling its own version of your social network and their own analysis. The usa freedom act addresses this problem by explicitly prohibiting this type of collection, both on the internet and on telephone net works. Thats one of the reasons we are supporting it. Third and finally, protections for foreigners. A difficult subject to deal with but despite the global interconnected nature of the internet, the u. S. National Security Policy continues to presume u. S. Citizens deserve protection from unwanted surveillance while others do not. If foreigners lack baseline privacy assurances, foreign competitors will supplant u. S. Leadership in Internet Innovation and digital commerce. Thus, undermining strategic economic and other security interests. This is especially true Going Forward as foreign markets are increasingly important. Thank you very much for the opportunity to testify. Look forward to your questions. Thank you very much, mr. Black. Our next witness is julian sanchez, who is currently a Research Fellow at the cato institute, focusing on the intersection of technology, prooif circumstances and Civil Liberties with a focus on National Security and surveillance issues. He previously served as the washington editor for a Technology News site and has written for a wide array of publications. Mr. Sanchez, welcome. Thank you, senator whitehouse. Its a privilege to address this committee. I want to begin my suggestion to step back from the details of the disclosures in recent months, we find a disturbing pattern across multiple programs and authorities focusing in particular on the Metadata Program, the now defunct internet Metadata Program and upstream collection under section 702 of the fisa amendments act. In each of these cases what we see is extraordinary but nevertheless limited authorities were secretly interpreted in ways that permitted far more extensive collection than certainly members of the general public and even i think many legislators believed at the time of passage had been authorized. This was done in part because the fisa court, which was established on the premise that it would be authorizing and finding probable cause in cases of specific and traditional targeted surveillance, instead found itself in the position of addressing broad programs of surveillance, often involving novel, legal, or technological issues. Its not clear that body was well established to consider. In the metadata cases, these interpretations took to form of an unprecedented reading of relevance that held entire databases containing information about millions of admittedly innocent americans to be relevant on the grounds that a fishing expedition through those records might ultimately turn up evidence that would not otherwise be detected in the absence of some specific grounds for suspicion. That is probably true, but it is of course true of any phishing expediti expedition. There is no real limiting principle in that argument for any type of records. I was particularly disturbed to hear earlier, mr. Litt refuse to reassure us that the scope of the records obtainable under section 215 does not exclude the contents of Digital Communications or cloud stored documents. Its also particularly troubling to see this applied in the case of the internet Metadata Program, because in that case, the shortsighted holding of smith versus maryland was applied as though it referred to metadata generally, which is certainly not a term we find in had the 1975 decision. When in this case, it involved e ma email metadata thats never processed by the internet backbone provider from whom it was presumably obtained. Theres an additional constitutional question in that case. In the case of 702, we know the Supreme Court relied on the recent ruling in amnesty v. Clapper on representations that only communications to or from specific overseas targets were being intercepted. We now learned, of course, that also communications referring to overseas targets would be intercepted and in many cases for technical reasons, a single email meeting selection criteria would lead to the entire inbox of the commune cant being obtained, including again potentially entirely domestic emails on what the court believed could be a scale of many tens of thousands per year under that one Collection Program. In each case, additionally, we learned that for months or years the actual Technical Details of how these programs operated were misrepresented to the fisa court, which was of course therefore not able to effectively conduct oversight and in each case, again, elaborate safeguards and restrictions imposed by the fisa court as a condition of authorizing those programs were effectively neglected because of the vast scale and complexity of those programs. Additionally in many cases, we found that the claims of efficacy made at the time dont appear to have held up well over scrutiny from many dozens of foiled terror plots weve gotten down in the case of the metadata case to one instance involving funding and Material Support where it appears to have played some uniquely valuable role. Given the limitations imposed by the fisc, its not clear why more traditional targeted records orders could not have been used without incidentally sweeping in millions of innocent persons records. We are assured that the problems detected with these programs have not been willful or intentional. This is not especially comforting to me for several reasons. The first is that if we look to history, we find that in general, abuses of intelligence powers were committed by people who were well aware of the oversight mechanisms in place who often took elaborate steps to gain those restrictions. In the cases of Bradley Manning and edward snowden, steps were taken to evade oversight mechanisms. We know that certainly happened many times in the past. Its why abuses went undetected for so long. Additionally, the scale of collection itself makes abuse more difficult to detect and less likely to be detected when it does occur. Think of the case of illegal wiretaps it of the southern christian Leadership Conferences offices. That at least was halted by an attorney general who found the suspicious fact the wiretap existed and there was record of it. When youre doing collection on this scale, the mere existence of communications or records about an Innocent Party are not themselves that kind of essential indicator. Finally and most generally, i would just encourage the committee to think architectu l architecturally. We should not authorize extraordinary architectures of surveillance on the basis that we now have great confidence in the probity of the persons controlling the levers. James otis, whose condemnation of the writ of assistance was part of the inspiration for the Fourth Amendment, condemned those writs saying it is from their mere existence that every household or in the province becomes less secure. And there is a sense in which while they may serve some role in protecting us against foreign attacks, we are less secure when the government maintains vast databases on americans without particularized suspicion. I thank you and look forward to your questions. Thank you, mr. Sanchez. Our final witness is professor kerry cordero, whose bio i have just mislayed, but im sure you can get me another one very quickly. Thank you. She is an adjunct professor of law and the director of National Security studies at the Georgetown University law school. Shes previously held several National Security related positions with the department of justice and the office of director of National Intelligence. Shes also testified before this committee before. Welcome back, professor. Please proceed. Mr. Chairman, thanks very much. Thanks for the opportunity to return to the committee. Since the october hearing, the conversation, i would suggest, has shifted somewhat from where it first was. First, i would suggest that the conversation has evolved from objections to specific programs to a discussion of our understanding of intolerance for foreign Intelligence Surveillance activities more broadly. Second, the legislative proposals are coming closer to scaling back National Security legal authorities in a way that might take the country back to pre9 11 standards. And third, the path forward on authorized Public Disclosure in a way thats responsive to the concerns of the previous sector remains a worthy goal but still a significant challenge. With respect to the metaData Collection under the Business Records provision of fisa, the power of metadata. Basically, this argument is that metadata is a powerful tool, can reveal an awful lot about us and there should be limits on the collection and use of it. I dont disagree with the general proposition, but the problem with the argument made on 215 is that the worrisome assemblage of americans metadata bears no relation to the existing 215 Program Congress is currently considers. It does collect an enormous volume of americans telephone detail records, but the collected information does not appear to include content of phone calls, names of subscribe subscribers, Payment Information or Location Information. The vast majority of it is never viewed by human eyes and the records are handled under court order rules. So of the arguments that congress should outlaw collection altogether for better or for worse, every day americansoutlaw bulk communication all together, we all, regular people, government leaders, as well as those who are National Security threats, use the internet, computers and smart phones to communicate. And so just as everyday citizens should not with expected to con ve convert to the Postal Service or land lines. It is just as unrealistic to expect citizens to unplug as it is to expect or require the nsa or the fbi to use 20th century collection, analytic or investigative techniques to protect the nation from 21st century threats. A few observations on s1599, the usa freedom act that has been submitted. Sections 101 and 201 would change the Legal Standards to implement devices by applying connection to an agent of a foreign power. The likely intended effect of these provisions is to eliminate the 215 bulk telephone program. It would have far more existing consequences. The standardings are currently aligned on the National Security side with investigative authorities in the criminal context which operate on a relevant standard. By raising the standard, these zexzs would render these techniques nearly useless which is when they are precisely most useful. These changes could return us to the days prior to 9 11. Similarly, section 501 would amend the National Security letters by requiring the requested record to also have a connection to an agent of a foreign power. This would have a similar effect in sterms of severely limiting the fbis ability to kublgt investigation. 301 would appear to inhibit the Intelligence Community from section 702 of fisa to search for u. S. Personifications. The nsa can query the communications already acquired under 702. The proposed legislation would only take place with a criminal warrant prior to judicial approval based on probable cause. And in my written statement, i give an example of how this could po tenl shlly play out in practice. A few words just on a particular proposal to enhance transparency thats in the bill. In my view, theres substantial value with the executive branch of the private sector to rebuild confidence between them. But a particularly problematic proposal is section 502. I believe that this is not only targets but persons of communications who are incidentally collected. If thats the sbent, it would actual actually grade the sbel juns community personnel, look at, grade, keep records aport and record on information for records that they would otherwise be in pursuit of discovering, analyzing and reporting only foreign intelligence information. So, again, thank you for the opportunity to be hear today and i look forward to your questions. Thank you very much. Let me start with a question for mr. Black. There is legitimate concern that the knowledge of our National Security activities cast a shadow on the ability of American Companies to compete internationally. That was the basis of your testimony. Do you believe that foreign customers, if they sign up for a service with waweah, that the Chinese Government is not looking into this data . Or the russian government, if they sign up, in areas under its jurisdiction, or the french government, for that matter . Do you think that the yiegts government is the only government thats frying to take advantage of Big Government . Ill do think the reality is that governments in general are inclined to want more and more information. Too much. Its what we address in our testimony is, in fact, standard that all governments should be asked to undertake disclosure in terms of limits. The difficulty is that the yiegts is in a difficult position in credibility when we are you saying the russians are more advanced than the United States is . Im not doing a come parson. Im simply saying that i dont think most people, the citizens and the customers of the world, think that United States laws first of all, i do believe you have to protect the balance of this, dont get me wrong. But are there any other countries for the next behavior . Is there another country that has a bet ere i think theres many that dont do as much as we do. I can name some. Theres very tiny little countries that probably dont have a phone system. But in terms of the Major Economic and political actors on the stage. What do we want . Tremendous empowerment, tremendous dip low matic and political opportunities and for billions of people around the world . Do we want one where people can have association with other people without being spied on by their government ord our government or any other government . Is that a desirable outcome. If so, how do we take steps in that direction . Or do we accept the reality to go into maximum collection and go in the big brother direction as far as we can go. I dont think thats a future i look forward to. Its difficult to want to restrain especially with our government who really do believe in the motivation of what theyre doing. But they are zealous and more effective. And they are, in fact, in a position where they are able to gather a great deal of information. So you think our Government Security services are more dangerous to Civil Services than china and russia . Are they more interested . Absolutely. No doubt about it. You agree that our government ov overof our national oversite is far more once again, i cant compare to other people. I dont know the details. I certainly had a presumption of that. Do i any we have lived up to the best intent and good faith of our constitution with the legal constructions, no, i dont think weve lived up to the principles. The core prince pms of the first amend. And fourth amenldsment, as faithfully as we cocould. Are we better . Of course. Thats not a question that i think is fair. You take a different view than the courts that have overlooked this. I think some are in a position of higs tor kal base. With the Business Records theres no present decision by any court that suggest that is theres been that this is operated in violation of the Fourth Amendment. It would take a new dwgs to decision to make that conclusion that has not yet been rebderred by any court. Is that correct . Im not confident enough. I have some Great Councils that work for me. I would suggest the various efforts to get those questions raised. Youre the one that said this is in operation of the Fourth Amendment. Im asking you if you can support a case for that proposition . Kouncounselor you know, i believe the fisa court made ruling that certain practices orders the ord rs. Thats not in the constitution. Professor, for how long has incidental collection with communication with people who are not the sublt of the warrant been a fact in Law Enforcement . Well, both on the criminal side and on the National Security side, there always is going to be incidental collection. So the criminal tieltle three wiretaps hanldle it in one way. On the National Security side, its for the u. S. Personalization. Its always been a factor. The min mization procedures, particularly on the any of the fisam min mization features are approved in the kourlt. So, for as long as there has been any authorized government exceptions communicationings. Thats right. I wonder if you could tell me your position on some kind of adversarial process as i have advocated as a constitutional advocate and other forms in the fisa that might be feasible. I would step back from a moment and just say that in cases where you have something that is an authority clearly envision something relatively targeted to acquisition and records with nexus to terror espionage schts. The appropriate move, at that point, is if its believed that some sort of bulk position used in that authority, is to return to congress and not leave that decision in the hands of the fisa court. When a request is brought too effectively, i think it would be better to have congressional authorization. In closer cases, i any what we can see from some of the opinions that have been release ds first, i think it would benefit the courts proceedings to have. But also, i think in particular to have technical expertise. I alluded to earlier with respect to the use of pen register authority to use interim data where you dont just have the number and the content. But layerings of method data and content. Do you think that we aught to have a constitutional advocate . I think that would be extraordinarily helpful. But, also, i think a technical adds vise ri capacity of some kind would be useful. Sometimes, the most difficult about the ways they intersect in surprising ways where, often, there isnt on point. I galter there is no need for some sort of an adversarial process. You would be willing to support some sort of process . Thank you, senator. Sernlly, since the oblgt hairing, this conversation has evolved. There are different proposals. In my view, as we just said in the prior hearing, based on the kurnts procedures that take place wnl the department of justice and the Intelligence Community and the court, in my view, i think that the kurnts process is independent. These are independent article iii judges who make judges on their own. In my view, there doesnt need to be an adversarial process and i think the current process is su fishlt. However, tweenl the proposals between us establish iing betwe an advocate if the court believes it needs it. And thats because your loathe to create a bureaucracy . Or what is the reason . Sure, several reasons. Theres multiple offices and legal aufgss and different layers of management that are involved in reviewing fisa matters. I think it is already bureaucracy heavy. And the wail that the aufgs is describing these legislative proposals, it would simply add to that process. I am concerned that overtime, there has been a very constructive relationship between the executive brampk and the fisa court. I also worry that the office of special advocate would in so some way advocate harm that sort of established relationship of trust by being in the middle. With respect to the proposals to sntd the problem this relationship of trust has actually undermined trust in the American Public . And really threatens to completely e vis rate comforts and operates in skrelt and makes secret law. And, in the end, the relationship of trust would undermine the whole system . It will have to operate in secret, too. So just as the creation of the fisa court in 1978 and the creation of the office that worked in the Justice Department that was an independent, not Political Office at the time was created to be this independent participant in the process. Now, people dont put in terms of the meeds future, i dont actually think in the long term, because it will operate in secret. It will operate in secret that could provide for some greater measure of transparency. It affects americans around the world or at least in our country. But anyway, my time is expired and thank you to the witnesses for being here today. Thank you, senate tosh. Im also grateful to the witnesses to help conform about this committee. We go about our decisions. I welcome them. And we have two weeks . We will hold the record of this hearing open for wasnt additional week for any further materials anybody wishes to submit. And with that, we will adjourn the hearing. [captioning performed by national captioning institute] of what he took. [captions Copyright National cable satellite corp. 2013] treasury secretary jack lew will be on capitol hill this financial systems. You can see that on cspan three at nine 30 a. M. Eastern. In a few moments, todays headlines and your calls live on washington journal. The house of representatives is in session for general speeches at 10 eastern with legislative business at noon. Todays agenda includes consideration of a Budget Proposal for the next two years, a bill that was worked out with the leaders of the congressional Budget Committee. In 45 minutes, we will discuss withpposed the budget deal Kurt Schrader of oregon, a member of the Budget Committee and will be joined i Budget Committee member representative sean duffy, rep i wisconsin republican. Small we will look at how businesses are being affected by the Affordable Care act. Good morning, everyone. It is thursday, december 12. It has been an all miter on c span 2. Republicans protesting last months rule change on filibusters. It will be a busy day on the house for floor. Theyre slated to vote on the twoyear budget deal to avoid another government shutdown. Also on the docket, a farm bill extension. And the Defense Authorization bill. Live coverage on cspan at