Fellow americans in their privacy being protected while providing our intelligence agencies with the authorities they need to acquire foreign intelligence that is so important to our National Security. The bill passed by the house last month would make some significant changes to the provisions of the Foreign Intelligence Surveillance Act that we believe will help us meet these two objectives. Among other provisions, the bill would prohibit bulk collection of information under section 215, the National Security letter statutes, and the pen register trap and trace provisions of fisa. It replaces the bulk telephony Metadata Collection Program with a new framework that preserves the capabilities we need without the Government Holding the bulk metadata. To be clear, the president called for this transition not because the program was illegal or was being abused but rather to give the public greater confidence that their privacy is being appropriately protected while maintaining the tools that our intelligence and Law Enforcement agencies need. The bill would also provide Greater Transparency to the public concerning some of our intelligence collection activities and authorize the foreign Intelligence Surveillance court to appoint independent amicus in appropriate cases so that alternative views may be heard. Id like to spend just a few minutes describing some of the key provisions. As i have mentioned, hr 3361 establishes a new mechanism under section 215 that permits the government to access telephony metadata without having to collect it in bulk. It includes all the Key Attributes that were identified by the president in march for a new program, including in particular a requirement that absent an emergency situation, the government would obtain the records only pursuant to individual orders from the fisa Court Approved with the use of specific selection terms for such queries and only if a judge agrees that the government has established reasonable articulable suspicion that the term is associated with a foreign terrorist group. As i said before, and its worth repeating, the bills prohibition of bulk collection extends to all bulk collection of record pursuant to section 215 Going Forward as well as under the National Security letter statutes and the pen register trap and trace provisions of fisa. Under each of these authorities, the government would be required to use a specific selection term as a basis for production of records. The bill defines specific selection term as and as the chairman quoted, a discrete term such as a term specifically identifying a person, entity, account, address, or device as used by the government to limit the scope of the information or tangible things that are sought. This definition clearly prevents bulk collection under these authorities. Including the collection of the sort that has been conducted with respect to the telephone and internet metadata. While i have heard people say it would allow the government to seek all of the phone records, for example, of a particular zip code, that is not the case. That would be the type of indiscriminate bulk collection that this bill is designed to end. At the same time the bill does preserve the governments ability to collect information in ways necessary to identify and disrupt the threats we face. For example, if the fbi learns that an unknown suspect intends to build an improvised explosive device using ball bearings and fertilizer, this bill would enable the fbi to obtain sales records for those items from particular stores in the relevant area that sell those items. Or if the fbi comes aware that an unidentified terrorist suspect spent several nights at a particular hotel, this bill would allow the fbi to request the hotels guest records for those particular nights. As the House Permanent Select Committee on intelligence noted in its report on hr 3361, and i quote, bulk collection means indiscriminate acquisition. It does not mean the acquisition of a large number of communication records or other tangible things, close quote. The bills definition of specific selection term recognizes that distinction. In addition, the other provisions of hr 3361 would create unprecedented transparency and further enhance oversight. The bill, first of all, builds on what the government has already committed to make public regarding the use of National Security authorities. In addition to codifying the director of National Intelligences commitment to release annual figures, the bill essentially codifies the department of justices january framework for reporting by providers but adds additional options for reporting broken down by authority. Also, the bill would require a declassification review of any fisa court opinions, orders, or decisions that include a significant construction or interpretation of fisa, and it would direct the government to make such opinions and orders publicly available to the greatest extent practicable. Third, the legislation would skret a significa create a significant new measure to ensure the fisa court and the court of review receive independent Third Party Input in consideration of novel or significant matters. Beyond the existing statutory authorities for providers to challenge orders they receive pursuant to fisa, the legislation would provide a mechanism for these courts to appoint an amicus cur rye to assist the court in the consideration of any application for an order or review that prevents novel or significant interpretations of the law unless the court issues a written finding that such appointment is not appropriate. In sum, we support the usa freedom act as an effective means of addressing some of the concernins that have been raise boo the impact of our collection intelligence activities on privacy while preserving the authorities we need for National Security. We urge the committee to give the house bill serious consideration as soon as possible consistent with this committees important role. Madam chairman, thank you for the opportunity to present our views. Stephanie osullivan will now make an Opening Statement and then we will all be happy to answer your questions. Thanks very much, mr. Cole. Mrs. Osullivan. Chairman feinstein, vice chairman chambliss, and distinguished members of the committee, we are pleased to appear before you to express the administrations strong support for the usa freedom act, hr 3361, as recently passed by the house of representatives. The Deputy Attorney general has provided an indepth review of the usa freedom act as passed by the house last month, but i wanted to touch on a few key points in my remarks. Over the past year the nation has been engaged in a robust discussion about how the Intelligence Community uses its authorities to collect critical foreign intelligence in a manner that protects Civil Liberties and privacy. We take great care to ensure the protection of individual privacy and Civil Liberties in the conduct and intelligence activities. Nevertheless, we have continued to examine ways to increase the confidence of our fellow citizens that their privacy is being protected while at the same time providing the Intelligence Community with the authorities it needs to fulfill its mission and responsibilities. To that end, we have increased our transparency efforts and the director of National Intelligence has declassified and released thousands of pages of documents about intelligence Collection Programs including Court Decisions and a variety of other documents. We are continuing to do so. These documents demonstrate the commitment of all three branches of the government to ensuring that these programs operate within the law and apply vigorous protections for personal privacy. It is important to emphasize that although the information released by the director of National Intelligence was properly classified originally, the dni declassified it because the Public Interest in declassification outweighed the National Security concerns that originally prompted classification. In addition to declassifying documents, weve already taken significant steps to allow the public to understand how we use the authorities in fisa, now and Going Forward. For example, we are currently working to finalize a transparency report that will outline on an annual basis the total number of orders issued under various fisa authorities and an estimate of the total number of targets affected by those orders. Moreover, we recognize that its important for companies to be able to reassure their customers about the limited number of people targeted by orders requiring the companies to provide information to the government. And so we support the provisions of the house bill that allow the companies to report information about National Security legal demands and Law Enforcement legal demands that they receive each year. We believe this increased transparency provides the public with relevant information about the use of these legal authorities while at the same time protecting important collection capabilities. Making adjustments to our intelligence activities and as appropriate our authorities is also part of this effort. For several years the government has sought and the fisa court has issued orders under section 215 of the patriot act allowing the bulk collection of metadata about telephone calls. The president has ordered a transition that will end this bulk collection in a manner that maintains the tools intelligence agencies need for National Security. We are committed to following this mandate. The Intelligence Community believes that the new framework in the usa freedom act preserves the capabilities the Intelligence Community needs without the Government Holding this metadata in bulk. The usa freedom act would prohibit all bulk collection of records pursuant to section 215, the pen register trap and trace provision of fisa, and National Security statutes Going Forward. Let me repeat that. The Intelligence Community understands and will adhere to the bills prohibitions on all bulk collection under these authorities. Moreover, the usa freedom act makes other important changes by further ensuring that individuals privacy is appropriately protected without sacrificing operational effectiveness. To that end, we support the usa freedom act as an effective means of addressing the concerns that have been raised by the impact of our activities while preserving the authorities we need for National Security. We urge the committee to give the house bill serious consideration as expeditiously as possible consistent with this committees deliberations, and we are ready to work with the senate to clarify language in the bill as necessary. In closing, we appreciate the committees leadership and particularly your support over the past year in considering issues related to our intelligence collection activities and privacy and civil liberty issues. We also appreciate your support. For the men and women working throughout the Intelligence Community to include the nsa who remain dedicated to keeping our nation safe and protecting our privacy and who have upheld their oath by conducting themselves in accordance with our nations laws. We look forward to answering your questions. Thank you very much, mrs. Osullivan, and we will now proceed to questions. I have two, and the question i have is this, would you support a modified definition that changes whats called specific selection term and instead call it a specific identifier and defines it more specifically by adding that its meant to be a discrete term used by the government to narrowly taper the scope of information . Madam chairman, i think that we think the definition thats in the bill works, but as mrs. Osullivan said, were more than happy to work with the committee. If you feel there is better language, were more than happy to work with the committee to try and put out language that really accomplishes what i think we all understand needs to be done. Were trying to end bulk collection, but were trying to allow enough flexibility to get in times the volumes of records that may be important to do these investigations but still keeping them focused. So were happy with the language thats there and were happy to work with you on additional language if all im asking is that you take a look at it. More than happy to do so. Thank you, thank you. And fcc rule section 42. 6 at 47 cfr requires companies that, quote, offer or bill tolled Telephone Service to retain billing information and telephone toll calls for at least 18 months. Here is the question. Does this rule require Telephone Companies to retain the information that the government needs for a sufficient period of time . As you know, in this bill before us, there is no time for retention of records. Ill refer to mr. Leddette or mr. Juliano but we believe this provides a sufficient time for us. There is a provision that allows us to order Technical Assistance from the companies to make sure that the records are in the kind of form and format that will be useful to us. Mr. Leddette. Madam chairman, we believe the 18 month retention period would be sufficient. If the companies were to change their practices, wed advise the committee. Youre saying youre confident that the companies will retain the call records for 18 months . We actually cant say that, maam. They will retain the records for as long as their business requirements dictate they retain the records and they could change their Business Models and change the need for that. We will advise the committee if and as that happens and affects our ability to conduct our intelligence mission. Okay. Thank you. Mr. Vice chairman. Thanks, madam chair. Mr. Cole, in your opinion is nsa section 215 bulk telephone and Metadata Collection Program conduct conducted within our laws . Yes, it is. Do you agree with me that nsas bulk telephone and metadata Collection System has been one of the most heavily overseen programs in the Intelligence Community . Yes, mr. Vice chairman, i do. Mr. Juliano, this bill would extend the sunsets for both lone wolf and roving out to december 31, 2017. It seems to me that these two provisions are pretty noncontroversial at this point. The only reason we kept extending these sunsets was because of the concerns about the 215 bulk data Collection Program which this bill is going to eliminate. Have there been any abuses of the roving or lone wolf provisions to your knowledge . No, sir, there hasnt. Would you be in favor of making the provisions permanent . Yes, sir. Mr. Cole, do you agree with that . I think that would be appropriate, senator, yes. Mr. Ledgett . Yes, sir. Miss osullivan . Yes, sir. Mr. Ledgett, the nsa has been subjected to a lot of unwarranted abuse since snowdens treasonous disclosures. I want to publicly thank you and all the patriotic americans who serve our nation by quietly performing nsas vital mission. In your opinion, is this country safer or less safe after those damaging disclosures . Mr. Vice chairman, first, thank you for the words of support to the nsa workforce. We appreciate that. In my opinion, the country is less safe because of the disclosure of the methods that we use to conduct our authorized foreign intelligence mission. It doesnt appear to be there doesnt appear to be any requirements in the bill for the Service Providers to retain call detail records for any set period of time, as you just discussed with the chairman. Mr. Ledgett, if Service Providers decide to scale back their Data Retention period, how would that impact nsas mission . Mr. Vice chairman, that would make it make the information less useful for providing intelligence on the external threat with a u. S. Nexus, and so we would come back and inform the committee if that became the case. Mr. Giuliani, how would the Service Providers be effected if they decided to cut back the Retention Periods . I think it would affect the richness of the data and the usefulness. Would it make other investigative techniques less effective . Im not sure it would make them less effective but if the data is less rich and theres less data to use, it would impact the value of the data. Now, im in favor of providing a statutory basis for the fisa court to use their inherent Judicial Authority to appoint amy cuss cure ray when the courts determine it would be appropriate, and in our bill we made a provision for that. Section 401 requires the court to appoint an amicus to assist the court in situations involving, and i quote, novel or significant interpretations of the law unless the court issues a written finding that such appointment is not appropriate. Now, this seems like an unconstitutional i think fringement. We routinely trust our courts and judges to make these sorts of interpretations in ex parte situations in the criminal context. Mr. Cole, do you think its a good idea to try to impose this requirement on fisa courts . Well, mr. Vice chairman, i think as a practical matter, the courts will be appointing amicus when there is a significant and a novel issue that comes before them, and i think that that will happen in the due course. This doesnt require them in all instances to. It just says if for some reason they decide they dont want one, they just have to put their reasons in writing. But my expectation is that when it is significant and novel, the courts generally will want to have another point of view and have an amicus come in. So i think the operation of it will be virtually the same as if it was just the inherent power. So what if you run into a judge who just in every case decides that theyre going to make a determination that we dont need an amicus brief. Do you think its going to be incumbent upon the doj to review those decisions that judge makes . No, i dont think theres a mechanism that requires the Justice Department to oversee how the court is employing this. This is still within the sound discretion of the court to appoint an amicus in the significant or novel cases. Its just that when you have one that is significant or novel and they dont, they need to merely state their reasons if they dont appoint one why. Thanks, madam chair. Thank you, mr. Vice chairman. Senator udall i will just read the list, udall, king, widen, mikulski, rockefeller, coats, collins, heinrich, risch, and levin. Thank you, madam chair. Let me begin by asking unanimous content to enter into the government published by the Reform Government Surveillance Coalition. Without objection. Thank you. Madam chairman, the Reform Government Surveillance Coalition is made up of leading American Companies aol, linkedin, drop box, facebook, yahoo , and twitter. And i think the important sentence in their letter is in the next few weeks the senate has the opportunity to demonstrate leadership and pass a version of the usa freedom act that woot help restore the confidence of Internet Users here and around the world while keeping citizens safe. The Coalition Goes on to express real concerns with the house bill and urges us in the senate to make some significant changes to the house bill. In that spirit i want to make an initial set of comments and then, of course, i have questions for the panel. On january 17th the president ordered a transition away from the bulk collection of phone records. I share this goal with the president and i applauded his intention at the time. He also stated that it, quote, is not enough for leaders to say trust us, for history has too many examples when that trust has been breached. Our system of government depends on the law to constrain those in power, end of quote. I agree that we must depend on the law to constrain potential future abuses of government surveillance, but i believe the house passed bill, the topic of our hearing today, falls short of this goal and is not the true reform ive demanded for years. In addition to my concerns that the house passed bill omits many of the reforms included in the original usa freedom act, the section 215 language in the house passed bill describing the specific selection term used to secretly collect records is vague enough to still allow the collection of mass information. I believe it is not this administrations intent to interpret the language so broadly but the nsa has shown time and time again it will seize on any wiggle room in the law, and theres plenty of that in this bill. So, mr. Cole, let me ask you, even if it is not the intent of this administration or even of this congress, what would stop the fisa court from interpreting the specific selection term very broadly should the government ask it to do so . Well, i think a lot of what would prohibit that is the legislative history, the statements of intent. The legislative history were creating today by making clear and unambiguous statements that this is intended to stop bulk collection and that what were focusing on is some focused tailored inquiries that will detend on the facts and circumstances and its impossible to predict all of them ahead of time, but to make sure we have focused inquiries and focused collection of information for our investigations. So i think a lot of that is going to come from both the language of the statute and if theres improvements that people want to suggest, were happy to work with them on them, but we think the language does it by using terms like specific and identifiers and things of that nature to make it not the indiscriminate bulk collection that had been going on before, and i think also just the reports that have come out of the house, the statements that are being made both by you senators in the course of your comments and by the witnesses that come before you as making up the legislative history, those would constrain it. And i think in addition, if there were an interpretation by the fisa court that it is very broad, that would be a novel and significant order and opinion and would be given to the United States congress, given to the senate, and the senate would then have an opportunity to pass additional legislation to rein it back in. But i would be very, very surprised to see it go in that direction based on the language thats here and the legislative history. We do have a moment in time where we have to get this right, and with all due respect, i dont remember the fisa court showing a great deal of restraint in the past, but i want to move to my next question, if i could. The current Court Approved order for section 215 bulk collection expires on june 20th. Thats not a long time from now. So in the absence of agreement in congress on a surveillance reform bill in the next two weeks, i assume that the administration will ask the fisa court for another 90day extension. Thats disappointing. I believe the administration has the tools it needs to keep americans safe while also protecting our constitutional privacy rights. So mr. Cole, back to you again, has the administration looked at what can be done to utilize existing authorities such as regular fisa orders and National Security letters if only on an interim basis to end bulk collection now and doesnt it make sense for the administration to proactively pursue other options today to end bulk collection even as congress does its work . No final decision has been made on the renewal, but to answer the specific question, senator, you dont get all of the features under the existing authorities that you have under the current fisa order that exists or under hr 3361. You dont get the two hops. You dont get the prospective production of records that can come. You dont get the time period thats given by the statute, the 180 days to try to transition into the new type of system and formatting that the phone companies and providers will have to do. So theres a number of features that we dont have today and wouldnt have today without the current fisa order. As the president had said on the 17th of january, this is important information, but we think we have found a way to collect the kinds of information we need to substitute it without bulk collection. But without the structure we have in 3361, we dont have that tool. My sense if i can be a bit contrarian is the fisa court has expansively interpreted the patriot act to allow the collection of millions of americans phone numbers. If you came to them with a more narrowly drawn law without requiring further action, they would positively respond. Have you made any such requests . If you engaged with the court on those questions . We have to my noge not engaged with the court on those questions. We have a judicially tried and tested method here as the chairman had pointed out. 37 times the court has approved this. Other courts have approved this as well. Were a little reluctant to start going into some other type of legal regimen that has not been tested, that has not been approved by the courts. Wed rather go the legislative route where the United States congress and both houses have looked at it, have deliberated, and have decided to pass it. So we think that our choices at this point really come down to what has been approved by the courts over a number of years, the new legislation, or else not having the tools we need at all. Madam chair, my time is expired. I want to thank the panel for being here today. As you can imagine i have another hours worth of questions. I will extend a number of them to you all for the record. Thank you, senator. Thank you very much, senator udall. Senator king is next, but he has very graciously agreed to permit senator coats who has to catch a plane to make a statement. So senator, youre on. Well, i thank my colleague and i hope i can return the favor sometime. In the interest of not taking up time, i simply will make a statement for the record. I have a number of questions which we can pursue as we go through this. I was taken by the words of the vice chairman when he said fixing what is not broken, we have to be very, very careful here. Unfortunately, in my opinion, theres been significant misrepresentation of the Current Program regarding privacy concerns and regarding suggesting a lack of sufficient oversight by the three branches of government, which, unfortunately, has put us in a position where im afraid we may overreach in terms of what were trying to do here. I take a backseat to no one regarding our Constitutional Rights on personal privacy that are guaranteed to us. Nevertheless, i think we must carefully review and analyze the consequences of any proposed changes to ensure that we dont compromise our ability to detect and thwart threats against american citizens. We should not play to the siren song of the political response simply to please people that we are responding to their misperceptions in many cases because theres too much at stake, and namely the security of americans. Compromising to please a skeptical and frequently misinformed public and, therefore, losing our ability to protect americans is something that we have to take very seriously. So i think as we go forward, we have to carefully weigh and consider the response of general alexander to my question to him in a public hearing when i asked him about the question of diminishing our capabilities to detect and thwart an attack. And his answer was, americans will die. So i hope as we go forward we keep that in mind as we examine how were reconstructing this program and make sure that were doing everything we can to keep americans from dying unnecessarily. Madam chairman, thank you very much. And i thank you, senator coats. Appreciate it. Senator king . Thank you, madam chair. I was asked recently what the Intelligence Committee does, and after thinking about it for a minute, i said our principal job is to weigh two provisions of the constitution. One is the preamble, which vests us with the responsibility of protecting providing for the common defense and ensuring domestic tranquility and the other is the Fourth Amendment see that peoples persons, property, and effects are secure from unreasonable searches and seizures. We are constantly trying to find that right balance, and thats exactly what this hearing is about today. I have expressed from the very beginning of my service on this committee reservations about the Government Holding the bulk data. It always struck me as an invitation to abuse. I believe strongly that we have to have institutional checks rather than reliance upon the good will and good nature and good faith of individuals who have who are entrusted with that kind of information. Im a great believer in lord actons famous admonition that all power corrupts and absolute power corrupts absolutely, so i think the provisions that the president recommended, the house has adopted, is moving very definitely in the right direction. A couple specific questions. It seems to me that something has to be added to this bill with a time frame for the retention of records. The question has been asked several times what if they changed it . Well, wed go to fisa, come back to the congress. Lets do it now. Lets decide what the right number is. 18 months is what the fcc requires, i understand, but under our prior consideration, we were talking about three to five years, and i would like your recommendation, perhaps mr. Ledgett, as to what the right number should be. Id be more comfortable, a, with a number, and, b, with a longer number than 18 months. Senator, i think from the our point of view, we can live with the 18month retention period that the fcc imposes from a regulatory point of view and that the knee in the curve in terms of the effectiveness is right about there. So 18 months you feel is sufficient but should not that be put in the statute because the house bill, as i understand it, has no figure in it. Is that correct . Yes, sir, thats correct. That would address the issue of the potential action on the part of the Telecommunication Companies, but as i said earlier, we if its not part of the statute we will come back to the committee. Well, lets do it while we have the chance. It would be my response to that. Are you going to be is there going to be a requirement or is there a requirement in the bill that the Telecommunication Companies normalize their records in some way that are useful and able to be searched in a consistent and standardized way . I notice youre nodding. Can you fif me an affirm at this on that . Yes, there is. Theres not a direct requirement but theres the ability of the court as part of the order to instruct the Telecommunication Companies to work with the government to make those records do Technical Assistance is what we call it to put the records in a format that will be usable which usually is in some electronic format. Now, there was some discussion when we talked about this in committee a year and a half ago about delays, possible delays. Are you comfortable that this transition from government held data to privately held data will not delay if we have a bombing, god forbid, at the boston marathon, are we going to be able to get at that information in a matter of minutes or will there be a further delay because of this change . I think that because of this change, im not sure there would be a further delay. We certainly have under the bill Emergency Powers to try and go to the providers without even going to the court when its truly an emergency with the authority of the attorney general. So we have that ability that will not delay anything. The attorney general has to then file a request within seven days. We also, i believe, will have the cooperation of the providers in a true emergency. They will help us go through this. I think the data generally is there and is quite accessible and quite usable in the formats that theyre keeping it. This is kind of a modern era. So i think from all of those perspectiv perspectives, i would imagine if there is any delay, it would be minimal. Final question, cost. Have there been estimates or proposals from the Telecommunications Companies, what if any costs will be incurred by the government in order for them to maintain the documents and maintain the accessibility, the format and that kind of things. Its a little early to get cost estimates. Once the law is passed, assuming it is, we need to work with the individual providers and each one of them has a different architecture. So their architecture and our ability and need to interface with that is going to drive those cost figures. Well, i realize this may be a strange thing coming from one of us, but it would be nice to know the cost before we pass the law. And, of course, the interesting number would be the net cost because i presume theres savings to the government to not have to maintain a massive data server farm to maintain this data, but i would urge you, i think we need at least some kind of ballpark estimate before we move forward with this legislation just to not have a bad surprise at the end. Thank you very much. You can submit that for the record. Thank you, madam chair. Thank you, senator king. Senator widen. Thank you, madam chair. Let me commend you for holding an open hearing today. I think thats very constructive and i appreciate all our witnesses being here. Let me start by talking about the fact that the house bill does not ban warrantless searches for americans emails and here particularly i want to get into this with you, mr. Ledgett, if i might. Were talking, of course, about the backdoor search loophole, section 702 of the fisa statute. This allows nsa in effect to look through this giant pile of communications that are collected under 702 and deliberately conduct warrantless searches for the communications of individual americans. Now, this loophole was closed during the bush administration, but it was reopened in 2011, and a few months ago the director of National Intelligence acknowledged in a letter to me that the searches are ongoing today. And im particularly concerned about it because as Global Communications get increasingly interconnected, this loophole is going to grow and grow and grow as a threat to the privacy of lawabiding americans. So for purposes of getting on top of this and working with all of you, my question today is, how many of these warrantless searches for Americans Communications have been conducted under section 702 . For you, mr. Ledgett. Thank you, senator wyden. The searches under the provisions of the fisa Amendment Act section 702 are only conducted on lawfully acquired data and under foreign Intelligence SurveillanceCourt Approved procedures. The searches are not just conducted by nsa. They involve other agencies as well. We have provided, as you know, detailed information to the committee on the background on this, and we will work with the dni and the rest of the ic to provide Additional Information to you. So when will i get an answer to the question . Its a very specific question. The director admitted to me in a letter that these warrantless searches are taking place and im going the next step and saying how many of them . When will i get a letter telling me how many of them have taken place . Id like it within two weeks because it is obviously relevant to making this part of the senate bill because it was omitted in the house. Yes, sir. Can we have it within two weeks . Well work on that, sir. Well get you a response within two weeks. Thank you. Making some progress. Now, the only other question i had for today is at this moment your agencies continue to vacuum up the phone records of millions of lawabiding americans, and this is because the executive branch has not taken any action to stop these practices. I and others consider this enormously intrusive and the inflated claims about its value have crumbled under scrutiny, but yet right now the Constitutional Rights of americans are needlessly being violated while in effect i guess the congress the administration waits for the congress to act. And i think this is a case of bureaucratic inertia at its worst. So my question for all of you, nshth maybe we start with you, mr. Cole, was given that the government can use regular fisa orders and National Security letters to quickly obtain the phone records of terrorists and their associates, something i support, why hasnt the bulk collection of americans phone records been ended . Well, i think this is the same question that senator udall had asked, which is that the authorities that we have under National Security letters and under other authorities absent the 215 orders that weve all been talking about dont really give us the tools that we need. The legislation, hr 3361, gives us those, including the two hops. It gives us the prospective collection. It gives us a wider range of information that we wouldnt have under normal authorities. Wed only get a single entity, a phone number and what its been in contact with. You then have to go back and do separate items for each additional terrorist and associate thats there. Its not the same tool that we would have under either the legislation or what we have now. Mr. Cole, i understand your agencys decision for clear statutory authority, and the chair of the committee has, i think, been constructive here in terms of urging some changes to the house proposal, but the reality is that current law gives the government Broad Authority right now, right now to obtain records quickly, and the fisa court unquestionably has been inclined to give the government an enormous amount of latitude. So the fact that this dragnet surveillance is taking place right now is unacceptable to me, and im going to continue to keep working on this and ill have more to say about it down the road. Thank you, madam chair. Thank you very much, senator. Senator mikulski. Senator feinstein, im going to echo the comments of other senators to thank you and senator chambliss for holding an open and public hearing on this most important topic. I also want to align myself with remarks of senators chambliss and coats and particularly senator chambliss line of questioning. Everyone in this room and other senators know that i represent the National Security agency. Over 15,000 people get up every day and wonder how to protect america. So now that weve seen the revelations of snowden and were not here to debate whether he was a traitor or a whistle blower but i will say this. I am deeply disturbed that while i support the need to review the 215 project, to actually even examine reforms, i do not want to see the continual demonization of the National Security agency, whether its in the media or in other forms. Every day, every day the people who work at the National Security agency protect our war fighters, stop cyber attacks, and do a whole host of other things to keep america safe. Now, eric snowden has his time. He gets an hour on tv. He gets a hoorah from Brian Williams but i think we ought to say to the National Security staff that while we look at the constitutionality and other issues here, that we do not demonize them. Now, i have always maintained that our programs must be constitutional, legal, authorized, and necessary. Now, mr. Ledgett and mr. Giuliani, do you believe that in you doing your work using the 215 program, you believe there were knconstitutional, legal, we they authorized, and did you deem them to be necessary. Senator, first thanks for the message of support to the great men and women at nsa. Yes, in answer to your question, i do believe it was constitutional, authorized, and done within the legal and procedural constraints under which we operate and i believe every investigation has shown that to be the case. Yes, senator, and i concur with mr. Ledgetts comments and do believe as was noted earlier that the oversight of that program is extensive. Now, i want to go were not going to discuss here today the constitutionality. I have urged the administration to find any expedited procedure to find out was the 215 program constitutional. If its not, end it right away. So if its unconstitutional, no. I presume this usa act is constitutional. But i want to go to questions of necessity. Now im going to go again to nsa and the fbi. You believe that what we did under 215 was necessary. Youve now reviewed this usa freedom act. Do you believe that based on what you deem necessary to protect the people of the United States of america that this will enable you to do your job and that you will be able to have the tools to continue to do what you think is necessary to protect the people . Yes, senator, i do. I believe that it helps to mitigate the gap that the section 215 legislation had been enacted to fill, which is the external terrorist with a u. S. Nexus, detecting that and avoiding a repeat of the 9 11 sort of attack where we had folks out the United States who were talking to people inside the United States and we couldnt identify them. So the 215 program was designed to address that, and the hr 3361 we believe does as well and allows us to do that job in the way we need to to protect the american public. Senator, and i concur, it does allow us in the fbi to continue the traditional use of our authorities as provided by the congress and i think it strikes the right balance. Now, my last time in my 29 seconds left, there is a great deal of question about who should hold the data. Now, why we think the Telephone Company would be a better, safer place im not sure, okay . But and maybe its not you two, maybe its mr. Cole. So lets say it becomes a Telephone Company thats going to hold this data. Who then becomes the overseeing and regulatory body . Does all of this then come under the Regulatory Authority of the fcc . Well, to an extent. In other words, are we then going to say goodbye to our work and all these things and just say, well, were going to count on the fcc to keep an eye on this . Well, i think you have to break it up into different pieces, senator. The Telephone Companies already hold the data. So were not doing anything new here, and they already are under the control of the fcc as to the data that they hold and how they deal with it and things of that nature. But what is going to remain subject to oversight from congress, from the executive branch, from the judiciary is how we use the various tools that are in hr 3361 to query that data, to acquire some of that data, to use some of that data. The restrictions on how much can be looked at, what it can be used for, what it can be disseminated for, how long you can keep it, those are the kinds of things and what the standards are for actually getting it. Those are the kind of important questions that will remain subject to a lot of oversight by the executive branch, the Justice Department, the dni, fbi, nsa, the igs offices, theres a specific provision for the doj ig to do reviews, by the courts, and by congress because theres still going to be robust reporting to congress on what is done. Thank you. Thanks very much, senator mikulski. Senator rockefeller. Thank you, madam chair. It seems to me that were doing something unnecessary and unpredictable here which might make the public feel better, but which would be not good for National Security. Which is what our job is. It seems to me that were taking a program that the president has determined to be legal, and important, as a counterterrorism tool. A program that has audits, inspections, judicial checks, congressional oversight, and other Privacy Protection mechanisms built in. A program that is currently in a highly secure location. Operated by highly trained professionals. Who have taken an oath to defend the constitutions, and who have lived up to that oath, and who are we are shutting it down to move the storage and querying of that data for intelligence purposes for heavens sakes for a private sector system that does not yet exist. What is the sense of that . Mr. Ledgett, the i could ask you, or will ask you to describe the various queries, checks, audits both internal and external that are currently in place at the nsa to protect american privacy as it relates to the querying of 215 mega data. But let me ask three things, too. On top of that. Can you describe the privacy oriented training that nsa analysts have to undergo for 215 databases . Are the training internal rules and external audits which are designed to protect privacy taken seriously at the nsa . The answer to that is yes. If this is the case explain to me why we should be moving the querying process to a new and untested system that is a Free Enterprise system which does at base, no matter how they testify, not want to be doing this. Yes. We went through that in fisa. Thats why we had to do immunity. They didnt want to do it. Its not their training. Its not their practice. Its not the nature of their workforce. It isnt the high intensity concentration. 22 people are making very serious decisions about what gets to be queried, et cetera. Its a private sector operation. Its huge. And not everybody is verizon and at t. There are a lot of very Small Companies, Telephone Companies, that have to go through the same thing. I dont think it makes any sense. So how how do you compare the security possibilities of the system which does not yet exist, which at core, i promise you, is not welcomed by those who would be asked to do it . To replace a system which is working well, which the public naturally is suspicious about, because theyre suspicious like what are we at 9 favorable rating in government . Maybe thats what we deserve. But you know when the public is never going to trust us, but if were doing something for National Security, which is trust worthy, by trustworthy people who are trained and they devote their lives to this, as Barbara Mikulski said, in a particular place, why cash it out . Senator, rockefeller, thanks for the question, the Current System involves a host of safeguards, technical safeguards, policy and procedural safeguards, training safeguards and safeguards around limiting the number, you mention the 22 people who are authorized to access that database. Thats an example. Very, very restricted. Completely audited. And with software in place that prevents them from making an erroneous query against a number that has not been authorized by the court. And our record of in that arena is outstanding in that regard in terms of protecting the the privacy. I think those were were necessary for two reasons. One, because its the government with the data, as opposed to someone whos not the government, and so the powers of electronic surveillance and the need to very closely circumscribe those, the second one was the second reason is because the data was aggregated so all the data was in one place. Under the new program, the data is not aggregated, and its not held by the government. So the Telephone Companies are holding the data that they already possess today, there is no Additional Data that theyre holding, except the queries from us that have the specific numbers of interest. And we will work with the companies to put protections in place so that our interest and in particular number doesnt leak out and provide warning to the terrorists, or potential terrorists of interest. But so the Companies Already have this data. And, so the privacy implications i believe are different in this regard. Its a very large order for a very untested series of companies. The art, and the struggle, to get people trained to have them locked in on their duty as they go to work every single day, especially those 22, but nsa in general, where nobody has complained about the privacy violations. Everybody is worried about what might happen, everybodys always worried about what might happen, but it hasnt happened. Now it all comes to an end at the end of next year, or this year, whatever it is. So well have to look at it again. But to change it to profit making and im chairman of the Commerce Committee and ive dealt with telecommunications for a long time. They say many things and they dont do many things. When we started the Erate Program which was really controversial they all wrote me letters swearing that they would not litigate, and in every single case they all it litigated it and it ended up in the Supreme Court and they all lost. But the point is they didnt want to do it. And they dont really want to do this. Id just as soon not give them the chance. Im sorry for taking so long. No problem. Thank you, senator rockefeller. Senator collins . Thank you, madam chair. Mr. Ledgett, like many of my colleagues, i want to see our intelligence collection laws strengthened to provide more transparency, improve privacy, and also to increase oversight. At the same time, as many of us have expressed, we need to ensure that we still have the tools that are necessary to help protect our nation from terrorist attacks. I want to follow up on some of the questions they have been raised by senator rockefeller, and senator mikulski. Under the usa freedom act, the private sector would retain the phone records rather than nsa. Thats a major, major change. Now i believe it was mr. Cole who pointed out, yes, but theyre already saving these this these data. But theyre doing so for a completely different purpose than what were contemplating in this bill. Ease sectionly, theyre doing so for billing purposes, for the most part. Some experts have warned us that data held in the private sector are at much greater risk of being breached by hackers, being deliberately used for purposes other than that for which they were collected, or being misused by personnel than if the data were continued to be held by a federal entity. Youve only to look at whats happened in the past year, where semantic the Security Firm called 2013 the year of the mega breach when we had i think it was 40 million americans had their personal information compromised in the target case. There was a very compelling report by our colleague senator rockefeller, as the chairman of the Commerce Committee, that found that private Companies Already collect, mine and sell as many as 75,000 individual data points on each consumer. There was a recent report by the ftc that found that Companies Group virtually every american by race, by hobbies, by medical conditions, things that we would all think were private. And there was a story a couple of years ago by the New York Times that described how a father of a teenager learned that she was pregnant, because he kept seeing all this these flyers for cribs and baby clothes coming to her in the mail. In contrast, all of the searches of the nsa database are limited to a very few highly trained personnel. Every single search is limited, audited, and logged. There are technical safeguards, you cant just take a number that youre curious about, and do a search. That wont work. And compliance issues have to be reported to the fisa court, and to congress. So my question for you is how are we going to ensure that these same kind of robust protections, indeed again greater protections that many of us want to see, are in place if were going to have the data scattered across all of these Telecom Companies . I just dont see how youre going to ensure the privacy of that data, and isnt it inevitable that many more people will have access to the data than do under the Current System . Thanks, senator collins. The data is and has been in the possession of the Telephone Companies since they started keeping billing records however many decades ago that was. What we did at nsa under the 215 program was get a periodic feed of that data, which we then aggregated and held in a database. So all those protections that you describe were on the copy of the data that nsa held in its database. So the actual billing records existed before, and will continue to exist regardless of the future of the 215 program, or the passage of hr3361. And all those vulnerabilities to hacking and that sort of thing are things that the Telephone Companies deal with every day. So the difference is that there will not be that governmentheld aggregated group of telephone numbers that that we apply all those protections to. And so, we make that database go away, and instead rely on the billing records that the Telephone Companies have held for decades and continue to hold and will continue to hold for their own purposes and query against those. But dont you think that theres a big difference between the Telephone Companies holding this data for billing purposes, versus holding it, knowing that the government may come to them with specific selectors, which is going to make them curious about why the information is being requested. Youre going to have to go across a large number of companies to find the information. That seems to me to inevitably involve more people. Thats very different from the kind of data dump that you were receiving, and i just want to make sure, as were trying to to increase privacy, strengthen the safeguards, that we dont end up doing the opposite by having by having this data these data held by the private sector. I know theyre held there now. But theyre held for an entirely different reason. And now were going to be asking those private sector employees to do the queries that are now done by an extremely limited classified number. So i cant say it, but an extremely limited number of federal employees. I understand, maam. And we will work with the Telephone Companies to ensure that our queries are kept in a secure fashion by people whove gone through a security clearance process that the government that the government runs to ensure that theyre protected in the right way. Senator, also, if i may, in the traditional Law Enforcement sphere, we are regularly going to phone companies with grand jury subpoenas, and things of that nature, to acquire some of their billing records, to acquire some of their some of this very same kind of information. We go to them for pen registers that are on the Law Enforcement side. We work with the phone companies to do wiretaps on the Law Enforcement side. So theres a fairly long history of working with the phone companies, and using their data, and their facilities from a Law Enforcement perspective that has given us some confidence that this will work in that regard. Thank you. Thank you very much, senator collins. Senator. Thank you, madam chair. I have a question or two in light of the recent public revelation that senator wyden referenced that the nsa has been using a loophole in the fisa amendments act to search for americans private communications without a warrant. What some people have dubbed the back door search loophole. Now i think its fairly clear that the intent of section 702 was to target foreign communications. But the government clearly, based on that letter, believes it has the authority to deliberately search for the phone calls or emails of specific americans, and to circumvent the traditional warrant protections guaranteed by the Fourth Amendment. I would ask mr. Ledgett, and mr. Cole, do you believe that the government should be allowed to conduct searches of information on u. S. Citizens, collected under section 702, without having to seek a warrant for that information . Senator, i the way that it has been viewed, and the courts have interpreted it, is that the first issue is whether you are legally authorized to collect the information in the first place. This is what section 702 allows us to do. We target only nonu. S. Persons, and only people believed to be outside of the United States. And those are the strict limits. Obviously there will be communications that will involve americans that are incidental. Theyre not the ones that are targeted. But were allowed to collect that information so you end up collecting incidental information thats correct. On americans. And youre saying that the authorization under section 702, to collect that information, trumps the protection of those americans would typically be afforded under the Fourth Amendment . No. Its a several step process. You first are allowed to collect the information. Its just like a traditional criminal law wiretap. You have the person and the phone number that you have wiretapped, but you collect calls that they make to other people who may not be the target of your investigation, but youll collect those calls, as well, because they involve the person whose phone you are tapping. So its the same thing with 702. If you are legally per milted to collect that information, then youve got it. And then the question is, whether or not we can access that information, use the information that we legally possess. And this is what is different from the warrant requirement. Because the warrant is going to search for the americans, the u. S. Persons, records which were not doing. We get those incidentally, but we have them legally under 702, and then the question is, whether or not its then appropriate to look through those records, because theyre already legally ours. We havent made a violation, we havent gone out to seek them illegally in any way, shape or form, they are legally within our possession and control. To further legitimate criminal investigations to further legitimate counterterrorism investigations and things of that nature. And, certainly we have restrictions that we try to place internally on those. We try to make sure that theyre used responsibly. We try to make sure that theyre only used for specific purposes. But we already legally possess it. And its just a question of not ignoring what we legally possess. Mr. Cole i think youve made the governments position very clear, and i appreciate that. I think i think its something we should probably look at, given the fact that we have this opportunity for reform right now. I want to get to my final question, because were running short on time already. But i want to go back to this issue that was raised early on in the questions around how hr3361 defines a specific selection term. And in looking back at the old draft from the house, it said a term used to uniquely describe a person, entity or account, end quote. It was a pretty tight definition. The the new version says specific selection term means a discreet term, such as, and then theres sort of a laundry list of items in there. I have a little bit of trepidation any time i see such as because then its up to the person reading to decide whether the next thing they imagine is part of that such as or is not part of that such as list. Under your interpretation, of this definition, passed by the house, what are some records that would be excluded from collection under a specific selection term . Well, i think any bulk collection, what is currently being authorized by the court of the collection of all telephony records, and internet metadata records, indiscriminately, that would be prohibited. That would be very clearly prohibited. Certainly if you want to collect all the telephone records within a certain zip code, indiscriminately, that would be prohibited. Because the the point of this is to limit and to focus. Its to prohibit indiscriminate collection, and only authorize focused and intentional collections for a specific purpose. The reason the such as is in there is that its very difficult to predict upperingly what you may come across that you might need that will, for example, involve a larger number of records than just one specific telephone call to one specific person at one specific time. Some of the examples i gave in my Opening Statement. You have somebody who you know is going to build an improvised explosive device using ball bearings and fertilizer. You may want to go to the stores in that area that sell ball bearings and fertilizer. Its broader than just a singing specific item but its much less than every store in america, regardless and then sort through it. If you know a terrorist suspect stayed at a particular hotel for a couple of nights but you dont know who it, you might get that Hotels Records for those couple of nights to see who all the residents were, or all the guests were at the hotel, to be able to then cross reference that with other information to identify who that terrorist was. Again its focused, its not indiscriminate but its larger than a specific identity of a single person. So we need to have enough room do do an investigation that will be effective, and we need to have enough restrictions so that were not indiscriminately collecting records in bulk. And thats the means. If there are better ways to define it, its a tough one to define. Right. But if there are better ways to define it were open to working on that. We think this does it. I appreciate thats. And i appreciate your willingness to work on it. I think the chair brought up the issue early on in the discussion. I would just end by saying that i think we tend to get it right when we do a good job of defining the terms very specifically. I dont give a lot of trust to legislative intent, and legislative history being the thing that describes that ends up holding the day in court years from now. I think the words in the law hold a lot more sway at the end of the day in the courtroom. Thank you. Senator warner, thank you for your patience. Thank you, madam chairman. I just have a couple of quick questions, and i really appreciate so many of my colleagues who dug in to this very deeply in trying to prod through these critically important Privacy Protections, and the essential needs of National Security and echoing what senator mikulski said in terms of the good folks at nsa and their work. I want to follow up where senator rockefeller and senator collins, since this is an open hearing to at least again make clear, at least further understand what i think we may be doing with this house bill. It was reported when we think about 215 in the Previous Program that that collected metadata that was with those entities, those companies, that entered into some relationship with the ic, and i believe there was a february wall street journal article that reported, dont want to get into any percentages here, that while the large entities, large companies, were involved that in many cases the Fastest Growing set of telephone calls, wireless calls, were actually a relatively small percentage, and is that an accurate description of how the press has presented the 215 Program Prior previously . Yes, senator, thats how the press represented it. And if that was an accurate presentation, wouldnt the universe of calls that are now potentially exposed to these kind of inquiries be actually dramatically larger since any tellco regardless of whether they had a relationship with the ic or not and any type of call whether it is wire or wireless, be subject to the inquiries that could be now made through this new process . Yes, senator, thats accurate. So, again, with the notion here that under the guise of further protecting privacy, i think on a factual basis of the number of calls potentially scrutinized, the universe will be exponentially larger than what the prior system was. Is that an accurate statement . No, senator, i dont believe so. Because the only calls that the government will see are those that are directly responsive to the predicate information that we have. No in terms of actual inquiries, correct. But the universe of potential calls that you could query when prior to the calls were only queried out of the 215 database that was held at the nsa, which as president reports said did not include, in many cases, the Fastest Growing number of new calls, wireless calls, now the universe of even though the number of queries may be the same because the protections are still the same, the actual universe of potential calls that could be queried against is dramatically larger than what 215 has right now. Potentially, yes, thats right, senator. Thats a fairly big additional yes. Let me just go to one other item. One of the things, again checked with staff to make sure this is all appropriate to be asked here, is that one of the things hat 215 did not include was Location Information. The nature of wireless telephony is, having had some background in that field, you can identify where a cell phone call originates. Now what kind of Privacy Protections do we have in this legislation to ensure that location data will not be queried on a Going Forward basis since the tellcos who told this data hold not only the billing information but hold the location data, as well . I think that would be up to the specific request and specific court orders. Right now in Law Enforcement context when we have a good basis for it we can go and get Location Information. And sometimes its very valuable. It can i can think of one instance where it saved somebodys life who had been taken hostage. Being able to get Location Information. Quickly. It wont be collected in bulk. It will be collected in each individual circumstances that warrants it by showing the court that this is information that is relevant but in the previous 215 second where the data was held, the metadata was held at nsa, the location data was not thats correct. We didnt get the location data with what was held in the database at nsa and then could be queried within nsas protection. But we could always have the ability to go back to the Telephone Company providers, in an appropriate circumstance, and ask them for individual Location Information that we thought was warranted. But that would require an additional step. Thats right. Im not talking now not so much on Law Enforcement side im talking more on the ic side. Right. It would right and thats what will happen now, too. Would they be combined into a single step or a dual step . It could be a i think it would require the court to take a look at whether or not it thought it was appropriate under the facts and circumstances of the request to provide Location Information, as well as the call data records. Or whether or not only the call data records were appropriate. Just depends on the circumstances. Again my time has expired and i appreciate. But i just think it is essential to the public that while were trying to get this balance right, and you know, understandably public great deal of concern about Government Holding the data, i think, is a number of us have outlined, there lies a number of concerns the privacy advocates should also be concerned about in terms of both the scope of the amount of data potentially even greater access, if were able to go at this at the telcos, and again, reemphasizing what a couple of my colleagues have said, my hope is that there will be a an additional higher level of security standard, and a higher level of training, and higher level of commitment from the telcos of these individuals who are going to be have access to data that they will have the same i dont think theyll ever get to the standards of the folks at the nsa, but, this is an issue that needs to be thoroughly vetted. Thank you, madam chair. Thank you very much, senator warner. We have completed this panel. However, senator warner senator wyden, in a more charming form than sometimes, has asked to ask one more question briefly, and then we will move on. Thank you, madam chair. Ill submit other questions for the record. But i need to ask your agencies a question for the record, relevant to a matter that has taken a lot of our time. For each of you, just go right down the row. Do you believe that it would be appropriate for your agency to secretly Search Senate files, without seeking an external authorization or approvapproval . Just go down the row. Mr. Ledgett . No, sir. Miss osullivan . No, sir. If i understand your question, by definition we are not permitted to conduct a search that is not properly authorized in some fashion. Right answer. The only thing i would limit it is that because my agency involves the attorney general, not every approval would have to be external but you would have to have the appropriate legal approvals in every instance. Correct. So we would. Thank you very much, madam chair. Thank you very much, senator wyden. And if i may, let me thank the audience for their attention. This is a controversial subject and i know people feel strongly. It is very much appreciated, and i would also like to thank the Capitol Police for their attention to this. We will change panels now and i will introduce the next panel. Id like to welcome and thank let me thank the witnesses. Thank you very much, mr. Ledgett, mrs. Osullivan, mr. Cole, mr. Guiliano, thank you very much. Do we have someone to change the name tags . Id like to introduce the panel. And i will introduce everyone and then again from my left your right and go right down the line. The first person to be introduced is Harley Geiger. He is the senior counsel with the center for democracy and technology. And he is Deputy Director of the freedom, security and surveillance project at the center for democracy and technology. Mr. Geiger has written extensively on the subject of fisa reform, bulk collection, and surveillance in general. Second is dean dar field. Hes the president and ceo of the Information Technology industry council, known as iti. Iti is an advocacy and policy organization that represents a number of tech companies, including google, facebook, yahoo microsoft, and many others. Mr. Garfield has previously appeared before the House Judiciary Committee to discuss fisa reforms. And the final witness is michael woods, whos the Vice President and assistant General Council for verizon. Mr. Woods leads verizons National Security and Public Safety policy teams. Before joining verizon he was chief of the National Security law unit at the fbi. He also has published a number of law review articles on National Security issues including articles relating to section 215 of the United States patriot act. And finally we have stewart baker, a partner in the Washington Office of stepto and johnson. He previously served as the First Assistant secretary for policy at the department of homeland security. In addition, from 92 to 94 mr. Baker served as the general counsel for the National Security agency. He brings a wealth of experience and both telecom and National Security law. I thank you all for being here, and we will begin with you, mr. Geiger, and once again ill point out the 5 00 five minute clock and if you could adhere to it, it would be appreciated. Thank you, chairman feinstein. Vice chairman chambliss, and also the numbers of this committee. Thank you for holding this open hearing. And inviting me to testify on behalf of the center for democracy and technology on this very important issue of surveillance reform. At the outset i wish to say that i appreciate the dedication of the members of the Intelligence Community, and of this committee, to protecting both National Security and Civil Liberties. Although im here as an advocate for Civil Liberties, i recognize that the intelligence and Law Enforcement communities thwart those who wish to cause us great harm, and i also recognize that a major terrorist attack is just about the worst thing that can happen to Civil Liberties. At the same time, in the decade following the 9 11 terrorist attacks, the pendulum has swung too far in favor of overbroad surveillance and it is time now for a correction. The answer to the threats that this country faces cannot be mass surveillance of individuals with no connections to a crime or terrorism. And congress has an opportunity now to establish meaningful Privacy Protections in surveillance authorities, without significantly weakening security. Whatever Reform Congress settles on, is unlikely to be revisited for many years, so congress should not just consider the surveillance programs, technologies, governments, and threats of today, but those of tomorrow, as well. The usa freedom act is the legislation that has made the most headway in this regard. And although the bill does not address many of the serious issues that are raised by overbroad surveillance the usa freedom act does seek to prohibit bulk collection under section 215 of the patriot act, the fisa p. I. N. Trap statute and the National Security authorities. However there is serious and widespread doubt as to whether the bill as passed by the house actually accomplishes this goal. The senators, let us not use the phrase bulk collection as coded jargon for existing programs or nationwide surveillance dragnets. Rather, bulk collection as any normal person would understand it means the largescale collection of information about individuals with no connection to a crime or investigation. In that respect the bill does not end bulk collection. And this is not just the opinion of privacy advocates, but also more than half the house cosponsors of the usa freedom act and many of americas biggest tech companies, which, as noted earlier, today issued a letter stating that the bill may not end bulk collection. The linchpin of the houses prohibition on bulk collection is the requirement that the government use a specific selection term in its demands for data. However, the definition of specific selection term is deliberately ambiguous and open ended. And the exemployedation of ambiguous statutory language is what led to bulk collection in the first place. There is nothing in the bill that would prohibit, for example, the use of verizon, or gmail. Com or the state of georgia as a specific selection term. Its not indiscriminate. Now i can believe that this government, this current government, is sufficiently stung by scandal to avoid such an aggressive interpretation of the statute. But the memory of this debate will fade, and we will be left with ambiguous language that is open to creative interpretation. While the definition should be clarified, we do recognize and appreciate the need for government flexibility in making surveillance requests. So with my time remaining then i would like to propose an additional safeguard and path forward. Rather than vainly trying to find some magical definition for specific selection term that satisfies all interests, congress should strengthen other parts of the statute, in particular existing minimization procedures. And establish minimization or privacy procedures where there are none currently. Specifically, the usa freedom act should require at the front end that the government use the least intrusive means possible to obtain the information. Then, the bill should prohibit the retention and dissemination of information of individuals who do not meet specific criteria outlined in the statute. For example, individuals who, based on reasonable arctic u lab suspicion are foreign powers, agents of foreign powers or in contact with foreign powers or agents of foreign powers. Compliance should be subject to oversight and should be revisited periodically if the minimization procedures change significantly. This is not a complete solution. But rather im proposing a partial solution to be layered on top of the other partial solutions that are already in the bill. Drafted properly, this could provide for both privacy and flexibility. Thank you, and i look forward to your questions. Thank you very much, mr. Geiger. Mr. Garfield . Thank you, chairman feinstein, vice chairman sham blitz. On behalf of 58 of the most innovative and Dynamic Companies in the world we thank you for this opportunity to appear before this panel today. Its our firm view that we have a timely opportunity to advance surveillance reform in a fashion that both reflects who we are as a nation, and as well, advance our economic and geopolitical interests. It is our hope, and we strongly urge the senate, to seize that opportunity, and i hereby reaffirm our commitment to doing whatever we can to be helpful in achieving that goal. My testimony today will focus on two things. One, why its important to act, and act expeditiously. And second, the steps that are necessary to be taken to ensure we have a strong bill that has broad support. With regard to the first, the reason to act is because its in our national selfinterest. Im proud to represent a group of companies that are the Global Leaders in innovation. As such, they compete all around the world, and see firsthand the wideranging impact of the nsa disclosures. They are able to see firsthand the economic impact, the lost Business Sales and lost Business Opportunity that most experts agree will be in the tens of billions of dollars. They experience firsthand the growing contagion of persistent protectionist policies that aim to limit their ability to compete globally. Whether its forced localization requirements in brazil, or attempts to limit crossborder data flows, these laws are the first step to creating an internet that is increasingly vulcanized and no longer the open interoperable Global Internet that weve all grown to appreciate. If that were not bad enough, we also experience firsthand the lack of the growing distrust of whether the United States is willing to adhere to global norms as it relates to surveillance. It is for all of these reasons that we think its important to act to regain trust and to do it expeditiously. What should we do Going Forward . Fortunate theres a growing consensus as to a path forward. We released global surveillance principles in january that seemed quite forward leaning at the time that we released them. Today, theyve been largely embraced as being the way that we should move forward. Indeed, the usa freedom act incorporates many of these principles. However, in two respects, the usa freedom act needs to be improved. Two sections that need to be addressed. First is one that mr. Geiger addressed, which is bulk collection. The usa freedom act endeavors to end bulk collection. The language that came that is at the heart of achieving that, that came out of the house intelligence, as well as the House Judiciary Committees, we think achieved that goal. However, the language was changed in the final bill that made its way out of the house. And it is no longer clear that that language will achieve the goal of ending bulk collection. If that is our let me interrupt you. Could you tell us exactly what language youre speaking of in the bill . Do you have a section . Yes, it is the specific selection term. Its the same section that weve been talking about. And ill conclude that by making the point that the there is the opportunity to change that definition that made its way through the house in a way that addresses the concerns that were raising without doing violence to the interest and protection protecting National Security. The second area is transparency. Just let me say. We would welcome any suggestion we might make in writing on amendment to specific selection. Absolutely. And the same goes for mr. Geiger or anybody else. The most helpful is when you say things, if you want to submit something to us in legal language or not legal language, wed appreciate it. Chairman, as you likely know, theres a fair amount of conversation happening both within this room and outside this room with the aim of coming up with language that is acceptable to the Intelligence Community, and there is Good Progress as far as i can tell being made in being able to do that. The last issue is transparency. Transparency is a key part of rebuilding trust, both domestically and internationally. The usa freedom act takes steps to addressing that by incorporating the resolution that was reached between the department of justice, and many of the most impacted companies who happen to be our members. There are still additional steps, however, with regard to the bans that can be taken that advance privacy interests, and the aim at rebuilding trust without compromising National Security. And i think its important that we take those steps. Let me conclude by simply saying i, too, deeply respect the work thats being done by the Intelligence Community, and offer our testimony and my testimony with a great deal of humility. Thank you. We recognize theres a lot that we dont know. But as a tech sector, and the role that we play globally, its important for us to play a leadership role in finding a path forward, and we embrace doing that and look forward to working with this committee to achieve that end. Thank you very much, mr. Garfield. Mr. Woods . Good afternoon. Good afternoon chairman feinstein and vice chairman chambliss, members of the committee. Im very pleased to testify before the committee on the topic of Foreign Intelligence Surveillance Act reforms this afternoon. My name is michael woods, and im a Vice President and associate general counsel at verizon communications. The chairman has already noted im responsibility for the National Security and Public Safety portfolio in our office, and the chairmans also kindly noted my prior government service. Verizon is very pleased to participate in these discussions about Foreign Intelligence Surveillance Act. The revolutions this past summer about the bulk collection of telephony metadata have eroded Public Confidence in legal structures that are meant to oversee intelligence activities. There is significant public concern about the impact of surveillance activities on the privacy and Civil Liberties of americans. For verizon, customer privacy is a top priority. We believe that any collection by intelligence agencies of our customers data should be compelled under a set of clear and agreed upon rules. We believe these rules must be backed up with effective oversight, and we believe the rules should include as much procedural transparency as possible, consistent with legitimate National Security requirements. We support the usa freedom act because we see it as largely achieving these objectives. We are pleased that the house passed bill eliminates both data collection, codifies transparency rules that verizon has already implemented in its public reporting, and firmly rejects the idea that verizon or any other communications providers, be compelled to retain and collect data beyond that needed for Business Purposes. We believe that the collection and analysis of data for intelligence purposes is an inherently governmental function. Compelling us or any other private entity to perform this function on behalf of the government is utterly inconsistent with the protection of our customers privacy. If verizon has a legal obligation to provide Customer Data to an Intelligence Agency, or a Law Enforcement organization, it should be limited to that data which verizon generates in the ordinary course of business. And that production of data should be compelled in an arms length transaction, overseen by a court. We appreciate the careful balance that Congress Must achieve here. We are confident that this is something that you will accomplish. We stand ready to assist this committee in any way we can. In fact, we very much appreciate the open channel of communications that this committee has had with parties interested in this legislation, and we appreciate the bipartisan way in which the committee has operated. Thank you for the opportunity to testify today. Id be happy to answer any questions the Committee Members may have. Thanks very much, mr. Woods. Mr. Baker . Thank you, chairman feinstein, vice chairman chambliss, and senator collins, who was my authorizing chairman when i was last in government. Its a pleasure to be here. I would like to make two points. First, i do not believe we should end the bulk Collection Program. It will put us at risk. It will, as senator king strongly suggested, slow our responses to serious terrorist incidents, and it is a leap into the dark with respect to this data, as senator collins, and senator rockefeller made clear and senator mikulski as well. We do not know how long or how that data will be stored or how it will be protected. Its privacy or the security of the searches that are being connected. Its a very serious risk that were talking for a payoff that, in my view, is minimal. But what id like to talk about in the main part of my presentation is the second step, the kind of piling on step that the house undertook to say not only are we going to end bulk collection, but were going to require that you show that you have one of a magic list of five identifiers that youre asking for. And if its not on that list, or it doesnt look a lot like something on that list, you cannot ask for it for terrorism purposes. The list is person entity account address or device. Let me just talk a little bit about some actual searches that we wanted to take, did understake, and real life terrorist incidents. The zazi case which was the subject of a crosscountry chase, was brought was investigated in part because someone reported that it was a guy buying large amounts of household chemicals in Beauty Supply shops, with a kind of shaky story. And so it was perfectly appropriate for the fbi to say, we want to go to all the household beauty shops and ask them, is somebody buying a lot of this stuff. Surely theres nobody here on the panel, or on the committee who would say no, thats an improper search. But, wheres the magic selector . I dont see a magic selector here that says howhold products searches. Youre not searching for a person or an entity or an account or an address or a device, you cant do it according to this. The same suppose we had a washington sniper attack that was again a a terrorist attack and we wanted to ask because we surely should, the phone company, do you have any indication of somebody who whose phone was active at every one of those shooting sites at the time the shootings occurred. Well of course we should ask that question. With 215, of course. And yet, thats not a person. Thats not an entity, an account. Its an address if you think that an address is everybody whos in touch with a particular cell tower. But at that point youre starting to stretch the concept of address in precisely the way that senator wyden has argued against. The problem we face is this list is too short. We cannot imagine all of the clues that we will need to follow up in order to catch terrorists. And writing a list, even with records like such as in front of it, does not actually accomplish the goal that i think was intended, to reduce bulk and indiscriminate searches. At the same time its going to prove to be a straight jacket. Notwithstanding what the Deputy Attorney general said id like to see his justifications fr each of the assurances he gave us about how he was going to conduct those searches. I think its going to require him to immediately become creative about the meaning of those words, in a way that i think senator wyden would not approve. But in a way that authorizes searches that all of us would believe should be carried out. And so, i would suggest the chairman who suggested that we, if i understood her correctly, that instead of a list of magic words, that even Harley Geiger wont defend, we should try to find a principle that says, what we think is necessary to avoid bulk collection, and it is something along the lines of narrowing the search, avoiding unnecessary collection of innocent parties information. But you dont know whos innocent until youve looked for certain kinds of information. You have to narrow the search in a modest but effective way. Thats probably the way to get out of what i think otherwise will be a solution that satisfies no one in three years. Thank you very much. Lets go to questions, and lets this is just off the top of my head. But lets take the gazi case, mr. Geiger that mr. Baker just mentioned. This is a guy thats going around to wholesale beauty Product Companies and buying certain amount of chemicals. A large amount of chemicals. And somebody calls the fbi and says, this looks very suspicious. And so the fbi goes to query him and find that he has been in contact with a known al qaeda member in pakistan. What problem do you have with that . Let me see if i understand your scenario correctly. So, the they have the phone records of an al qaeda member in pakistan, and then they found out that theyre trying to find the name of this suspicious individual, they found out the two have been in contact with each other. I dont have a problem with that. I dont see why that would be prohibited under this bill. If they do have the call records of the individual in pakistan, then they should have the fact on record that he was in contact with this other suspect. Well, i dont know whether they did or didnt on that specific point. But, it seems to me that thats exactly the kind of thing that were looking to enable, this kind of collection. Certainly. And if there if an individual is in direct contact with an agent of a foreign power or somebody whos reasonably suspected of being such then that is a legitimate reason to look at their records. What we are concerned with, and i think everyone at the table has now expressed concern with the ambiguity of the definition, the way that the bill goes about preventing bulk collection, were concerned with, at least what im concerned with, i should say, is the collection of individuals who have not been in contact with the agent of a foreign power. The collection of information about individuals who are not connected to the investigation. Well, let me stop you. Because if my understanding was, i forget whether its 2012, with 288 cases. Queries . 2012, the database was only queried 2 8 times. Out of the 288 times, 12 cases were sent to the fbi for a warrant. So it was very selective. I mean, this was not any more than that. And i trust the department of justice, and dodi and the administration when they say the usa freedom act would provide them with this capability. What we are concerned with is that it provides them with this capability plus other unknown capabilities that undermine the bills goal of prohibiting bulk collection. And what is that . Im sorry . You said it would enable them to do other things. Like what other things . Like what i had mentioned during my Opening Statement. The definition of specific selection term is open ended enough that it does beg the question, what counts as a specific selection term. It could be the state of maine. It could be verizon. It could be gmail. Com. It would be something perhaps that would sweep in a large number of individuals who are not connected to the investigation, and i can understand the need for flexibility, and sometimes it will be unavoidable to gather information about people who are not connected to the investigation. I think we can come up with scenarios like that. And in that case, i believe, and this is why i had mentioned this in my testimony and my open statements, i believe there should be a requirement at the front end that they use the least intrusive means possible and do not retain the information as they currently do. They should not retain the information of people who are not in contact with the suspects. You also mentioned strengthening minimization. How would you strengthen the minimization . So, there are minimization requirements already in statute. In section 215. There are none for the fisa pen trap statute but the usa freedom act would put in privacy procedures. There are no minimization procedures at least in statute for National Security letters and what i would propose doing is what i had just described, which is a requirement that the front ends, that the government use the least intrusive means possible. That at the back end is a clear prohibition on dissemination and retention of individuals who do not meet a certain criteria. Section 215 of the three authorities that i had just mentioned has the most detailed minimization procedures and it merely requires the minimization of retention and dissemination sorry, minimization of retention and prohibition of dissemination. It says nothing about acquisition. So im proposing an upgrade to that. At least in certain circumstances where the risk that the information gathered will obtain will sweep in a large number of people mr. Baker, what do you think of that . So, i at first i would clarify the search that i had in mind, which is that the fbi hears that somebody is buying all these chemicals and decides to go to multiple stores and say, has anybody been buying large quantities of these chemicals . The only search is for the chemicals. Not for a name. Not for an entity. I dont see how you justify that under the statute. See, thats exactly the conflict. And this is a real case. And thats open to question whether or not the chemicals would work as a specific selection term. Or whether the name of the store would be a specific selection term. This is part of the problem. Is that, i know that specific selection term is a is something that agencies use in practice but theres not a lot of public was in about it. This concept has not been built into statute before. Well let me ask you, if you knew that a known terrorist or someone who is a likely terrorist was coming into this country, and you and the fbi wanted to get a hold of the manifests, would you limit it to one plane, or would you say they should have access to all of the manifests at a given time or some reasonable limit . I believe Law Enforcement does get manifests, but i would i would encourage the government to use the least intrusive means possible and not to save the information of all of the people whose records they have pulled. If they have no longer if they are not relevant or there is no reason to suspect that they are connected to the investigation. Well the purpose would be to get a specific name. I mean theyre looking for someone. So, that is limited. Pardon me . I was going to add that ultimately what youre hearing, though, is that the language the ultimate, the final language in the usa freedom act doesnt fully balance the equities that were talking about. The equities that mr. Geiger raised about privacy, or the equities that mr. Baker raised about protecting National Security. And so i think a concerted effort needs to be made to improve that language so both of those equities are better balanced. And i guess the concluding thing is, i think its feasible to do that. Thank you. Mr. Vice chairman . Im happy to yield to senator king, who has to leave here shortly. Thank you, senator. Just a couple of questions. First, i think i heard the answer to this but i just wanted to be clear. Mr. Geiger, mr. Garfield and mr. Woods do garfield, mr. Woods, do you feel the usa Patriot Freedom act is superior to current law . I believe it is an improvement to current law. I believe its an improvement, as well, but can be improved. Mr. Woods . Yes, i agree. I didnt ask you because you said unequivocally you dont agree. Second question, mr. Woods you heard my questions to the prior panel about duration. In your testimony you sort of said well do this, but not if we have to change anything. How would you feel about a provision that said 18 months or two years of retention . We would be very much opposed to it. Our position is as now, we produce the records that we retain for Business Purposes. We do not want to be compelled to retain records beyond that. I dont see how we can make this change if youre not willing to make that commitment. What if you say we are only going to keep records two months. Then we have lost virtually all the intelligence. Well, senator, as technology develops, people and companies will transition from older to newer forms of technology. The kind of records that were generated by the old switched telephone system are not the same kind of records that are generated by the wireless system. As the bulk of the Peoples Telephone usage moves from one system to the other, the kinds of records we have change. They are probably going to change again. I understand that. You understand the thrust of my question. You are recommending we go from the Government Holding the data to the Companies Holding the data, but as a company, you are not willing to commit to holding the data for a meaningful period of time in order to make it a otherwise the protection of National Security becomes a loser. We cant have it both way. You cant tell us to switch but say we are going to do as we choose. Senator, i dont think we are saying we are doing as we choose. We retain records generated in the ordinary course of business. We are not an intelligence agently. We dont conduct surveillance of our customers. We will respond to lawful requests from the records that we have. We are not we are opposed to being compelled records for reasons completely unconnected for our business. No one is asking you to collect records, its a question of maintaining records you already have. Our general principle in these records is we do not keep them longer than the Business Purpose because we learned that the longer we keep records beyond what we need them, the greater the risks the privacy of our customers. The best protection for our customers privacy is not to retain records beyond the period needed in the business. Did the house examine this question with you when this legislation was passed . Whenever asked we made this position clear, yes. Thank you, madam chair. Thank you very much. Senator rockefeller . Excuse me, widen is after king. No, no, no. Thank you for getting me in such deep trouble with the chair. Mr. Woods, you said in your statement for the record, which we do not have, which i regret, i mean its very unusual we dont have statements for the record, that the bottom line is that, quote, National Security is a fundamental government function that should not be outsourced to private companies. I happen to agree with that. Verizon is in the business of providing other service to your customers not acting as an Intelligence Agency. Many companies in little states like West Virginia which are not called at t, not called verizon, not called frontier which have very small operations but nevertheless they cover people, by far in West Virginia. They would pay professionals to query and go through the process we talked about with the previous panel. So this bill will end the nsas role in storing and search iing this data, transferring the responsibility for the multiple queries from be a Intelligence Agency to the Telephone Companies. Im not necessarily had a great experience as i indicated with the Telephone Companies, cramming data brokering, all kinds of other things. I started an Investigations Unit in the Commerce Committee. We never had one. I got myself subpoena power. I gave it to myself. It was a joyous moment. The experience with the Telecommunications Company they are moving target. You yourself used the sentence, longer than a business reason, you wouldnt keep more than the business reason. Correct. The business reason may have nothing to do with as senator king said, intelligence reason. So that sounds to me like a diminished National Security role for the nsa and expanded nsa, expanded National Security role for verizon. I am wondering is that right . Particularly, im wondering how does that corelate in any fashion with the first statement that i read that you felt they should not be outsourced to private companies . S i dont understand that. I never believed, no matter what you tell me because i was chair when we did the fisa thing, ste steny and i did a lot of that. They got liability protection. They had built up so much ill will they didnt want any part of this. Its not your business. Nsa people go to work every day with only one purpose in mind. They have been trained. They are there years and years. They are not particularly looking for promotions. Nobody makes any money in government, at least most people dont make any money in government. The Free Enterprise system is an entirely different kettle of fish. I dont attack it. My family has done rather well by it. However, in the intelligence business, i have a very different view. I dont know why you think you should be doing this, but i really dont think you want to be. You said that you shouldnt be. Yes, senator. The first statement you made reference to, we made in response to the idea that the Telephone Company should be retaining more data and performing the searcher analysis on behalf of the Intelligence Community. Thats not in the usa freedom act, and we are very happy about that. It is a proposal that has been discussed as part of the larger reform discussions. We do not want that. We do not believe we should be doing that. What we are quite prepared to do, what we have done for many, many years and all sorts of Telecommunications Companies do is respond to targeted requests by Law Enforcement or by the Intelligence Community. And what we see in the usa freedom act is not a shift of the National Security role to verizon, but rather a change in the kinds of requests that we will get from the nsa. Instead of requesting all of our call detail records, we will get a request for a targeted list of call detail records, which we will deliver much in the way we deliver records in response to Law Enforcement subpoenas and other authorities. Now, as to the can i ask one more . Sure. My time is running out. What about all these little companies that arent called verizon, at t and frontier . There are lots of little companies. You dont get their billing. They get their billing. Right. So they are going to have to set up systems comparable to what you are going to set up if you can set it up, which im not sure you can because of the comparison to nsa. What about them . They cant afford to do this. All of their customers and all that billing information is just free and clear. Well, senator, they actually are subject to fisa and other authorities. The fbi could go to such, even very Small Companies with fisa orders. Many of them dont have the infrastructure and just drawing from my fbi experience, Law Enforcement agencies and agencies like the fbi are used to dealing with that. In some cases they have to do more of the work on the government side. I think though that that is, these requirements, the security requirements, for example, already exist in fisa. Its not just peculiar to both collection. Other kinds of fisa orders require that we handle this in a cleared environment, that we observe all the security procedures that are mandated by the government, by the attorney general, by the director of National Intelligence. And i agree. That is a different burden for a giant Telecommunications Company. You were head of a unit which specializes in this. Dont little companies dont have a unit and they dont specialize in that. They probably dont know what fisa is, except theoretically. I had that experience in the fbi going to someone who didnt know, yes. It is that is all true, the kinds of information that the Intelligence Community is probably most after reside largely in a small number of rather large providers, which is you can see reflected in the programs that have existed up to now. Maybe and maybe not. Correct. Thanks, senator rockefeller. Senator wyden. Thank you very much. Madam chair. Mr. Garfield, question with respect to the economic implications of these overly broad nsa surveillance practices, and the way i come to this is the companies that are part of your organization, the technology sector, this is advantage america. This is an area where we consistently lead, we have these cutting edge technologies, got a host of exciting developments, Cloud Computing is just one of them. These are all