Hearing of the Senate Judiciary Committee on Strengthening Privacy Rights and National Security: Oversight of FISA (Foreign Intelligence Surveillance Act) Surveillance Programs
July 31, 2013
Chaired by: Senator Patrick Leahy (D-VT)
Deputy Attorney General James Cole;
John C. Inglis, Deputy Director, National Security Agency;
Robert S. Litt, General Counsel, Office of the Director of National Intelligence;
Sean M. Joyce, Deputy Director, Federal Bureau of Investigation
SENATOR PATRICK LEAHY (D-VT): Good morning. Today the Judiciary Committee will scrutinize government surveillance programs conducted under the Foreign Intelligence Surveillance Act, or FISA.
In the years since September 11th, Congress has repeatedly expanded the scope of FISA, has given the government sweeping new powers to collect information on law-abiding Americans. And we must carefully consider now whether those laws may have gone too far.
Last month many Americans learned for the first time that one of these authorities, Section 215 of the USA Patriot Act, has for years been secretly interpreted — secretly interpreted — to authorize the collection of Americans’ phone records on an unprecedented scale. Information was also leaked about Section 702 of FISA, which authorizes the NSA to collect communications of foreigners overseas.
Now first, I’d make it very clear I do not condone the way these and other highly classified programs were disclosed, and I’m concerned about the potential damage to our intelligence-gathering capabilities and national security. It is — it’s appropriate to hold people accountable for allowing such a massive leak to occur. We need to examine how to prevent this type of breach in the future.
In the wake of these leaks, the president said this is an opportunity to have an open and thoughtful debate about these issues, and I welcome that statement because this is a debate that several of us on this committee, in both parties, have been trying to have for years. Like so many others, I’ll get the classified briefings, but then of course you can’t talk about them. There’s a lot of these things that should be and can be discussed. And if we’re going to have the debate that the president called for, the executive branch has to be a full partner. We need straightforward answers.
I’m concerned we’re not getting them. Just recently the director of national intelligence acknowledged he provided false testimony about the NSA surveillance program during a Senate hearing in March, and his office had to remove a fact sheet from its website after concerns were raised about its accuracy. And I appreciate it’s difficult to talk about classified programs in public settings, but the American people expect and deserve honest answers.
It’s also been far too difficult to get a straight answer about the effectiveness of the Section 215 phone records program. Whether this program is a critical national security tool is a key question for Congress as we consider possible changes to the law. Some supporters of this program have repeatedly conflated the efficacy of the Section 215 bulk beta — metadata collection program with that of Section 702 of FISA, even though they’re entirely different. And I don’t think that’s coincidence when we have people in government make that comparison, but it needs to stop.
I think the patience of the American people is beginning to wear thin, but what has to be of more concern in a democracy is the trust of the American people is wearing thin.
I asked General Alexander — and I understand he can’t be here today because he’s at a convention in Las Vegas, I guess for hackers — but I asked General Alexander about the effectiveness of the Section 215 phone records program in an Appropriations Committee hearing last month. He agreed to provide a classified list of terrorist events that Section 215 helped to prevent, and I’ve reviewed that list. Although I agree that it speaks to the value of the overseas content collection implemented in Section 702, it does not do the same for Section 215, (because ?) it simply does not reflect dozens or even several terrorist plots that Section 215 helped thwart or prevent, let alone 54, as some have suggested.
And these facts matter. This bulk collection program has massive privacy implications. The phone records of all of us in this room — all of us in this room — reside in an NSA database. I’ve said repeatedly, just because we have the ability to collect huge amounts of data does not mean that we should be doing so. I just read a report that the bulk collection of Internet metadata was shut down because it failed to produce meaningful intelligence. We need to take an equally close look at the phone records program. If this program is not effective, it has to end. So far I’m not convinced by what I’ve seen.
I’m sure that we’ll hear from witnesses today who will say that these programs are critical, helping to identify and connect the so- called dots. There’s always going to be dots to collect, analyze and try to connect. The government is already collecting data on millions of innocent Americans on a daily basis based on a secret legal interpretation of a statute that does not, on its face, appear to authorize this kind of bulk collection.
So what’s going to be next? When’s enough is enough? I think Congress has to carefully consider the powerful surveillance tools that we’ve granted the government and to ensure that there is stringent oversight and accountability and transparency. This data should not be limited to those surveillance programs about which information was leaked. That’s why I’ve introduced a bill that addresses not only Section 215 and Section 702 but also national security letters and roving wiretaps and other authorities under the Patriot Act.
And we see in the case of ECPA reform, the protection of Americans’ privacy is not a partisan issue. I thank Senator Lee of Utah and others for their support of my FISA bill, and I hope other senators will join that effort.
I look forward to the testimony of the government witnesses, particularly grateful for the participation of Judge Carr, a current member of the judiciary, former judge of the FISA Court. And I hope this will give us an opportunity for an open debate about the law and the policy and the FISA Court that led us to this — to this position.
And I yield first, of course, to Senator Grassley, and then we will call on the first panel. James Cole — we will put Mr. Inglis — General Inglis’ statement in the record. It did not arrive in time to be given, so we — he will just — his statement will be made part of the record, and he will answer questions.
SENATOR CHARLES GRASSLEY (R-IA): Yeah. Mr. Chairman, I thank you for holding this hearing.
And I think it’s very important that Congress do its oversight work, which this hearing is part of, but it’s even more important — the more secret a program is, the more oversight that Congress has. And as you said, probably more about this program could be told to this public, and the more that could be told, maybe more understanding and less questioning on the part of the public.
The Foreign Intelligence Surveillance Act provides a statutory framework for electronic surveillance in the context of the foreign intelligence gathering. Investigating threats to our national security gives rise to a tension between the protections of citizens’ privacy rights and the government’s legitimate national security interest. Congress, through this legislation, has sought, and I hope successfully, to strike a balance in this sensitive area, but — or — but whether it is the right balance, of course, is one of the reasons we’re having this hearing.
The reports in the media have raised important questions regarding exactly what information about American citizens is being collected by the government, whether the programs are being conducted as Congress intended and whether there are sufficient safeguards to ensure that they cannot be abused by this or any future administration. In short, the reports have raised questions about whether the proper balance has been struck.
We need to look no further than the recent IRS scandal to see what can happen when an unchecked executive branch bureaucracy with immense power targets political opponents. These actions trampled many citizens’ most basic rights to fully participate in our democratic process. This kind of abuse cannot be permitted to occur in our national security agencies as well, and maybe even more importantly.
Oversight by Congress will play an important role as we move forward in evaluating the wisdom and value of the intelligence programs.
However, Congress needs accurate information in order to conduct oversight responsibilities that the Constitution demands that we do under our checks and balances of government. That is why it was especially disturbing to see that the director of national intelligence was forced to apologize for inaccurate statements he made last March before Senate Intelligence Committee. Those statements concerned one of the very important programs that we will be hearing about this very day. Nothing can excuse this kind of behavior from a senior administration official of any administration, especially on matters of such grave importance.
We have a constitutional duty to protect Americans’ privacy. That’s a given. We also have an equal constitutional responsibility to ensure that the government provides a strong national defense. That’s a given. Intelligence-gathering is of course necessary and a vital part of that defense. We have a duty to ensure that the men and women and — of our military, our intelligence and our counterterrorism communities have the tools that they need to get the job done.
I understand officials contend that the programs authorized under FISA that we will discuss today are critical tools that have assisted them in disrupting attacks both here and abroad. To the extent possible, in this unclassified setting, I look forward to hearing how these programs have made our nation safer.
I want to emphasize that this is an equally important part of the balance that we have to strike. And as we consider whether reform of these intelligence programs is necessary or desirable, we must also make sure that we don’t overreact and repeat the mistakes of the past. We know that before 9/11, there was a wall erected under the Clinton administration between intelligence-gathering and law enforcement. That wall contributed to our failure to be able to connect the dots and prevent 9/11. None of the reforms that we consider should effectively rebuild that wall.
Additionally, while the intelligence and the law enforcement communities need to share information in a lawful way, any reform we consider should not confuse the differences between these two contexts. For example, no reform should be based on the misguided legal theory that foreign terrorists on foreign soil are entitled to the same constitutional rights that Americans expect here at home.
Finally, increased transparency is a worthy goal in general. And as I suggested before, whenever we can talk about these programs, I think there’s less questions out there in the minds of people, and we probably created some public relations problems for us and for this program and for our national security community because maybe we haven’t made enough information available. I say that understanding that we can’t tell our enemies what we — what tools we use. But if we consider any reform that may bring more transparency to the FISA process, we should keep in mind, then, that every piece of information we make available to the public will be read by a determined adversary, and that adversary has already demonstrated the capacity to kill thousands of Americans, even on our own soil.
I welcome the panel witnesses and look forward to engaging them as we streak to — seek to strike the difficult and sensitive balance between privacy and security. Thank you, Mr. Chairman.
SEN. LEAHY: Thank you very much.
Our first witness will be James Cole. First joined the Department of Justice in 1979. He served for 13 years in the Criminal Division, later becoming the deputy chief of the division’s public integrity section, went in private practice, sworn in as deputy attorney general on January 3rd, 2011. Of course, Mr. Cole is no stranger to this committee. Please go ahead, sir.
JAMES COLE: Thank you, Mr. Chairman, Mr. Ranking Member, members of the committee, for inviting us here today to speak about the 215 business records program and section 702 of FISA.
With these programs and other intelligence activities, we are constantly seeking to achieve the right balance between the protection of national security and the protection of privacy and civil liberties. We believe these two programs have achieved the right balance.
First of all, both programs are conducted under public statutes passed and later reauthorized by Congress.
Neither is a program that has been hidden away or off the books. In fact, all three branches of government play a significant role in the oversight of these programs. The judiciary, through the Foreign Intelligence Surveillance Court plays a role in authorizing the programs and overseeing compliance. The executive branch conducts extensive internal reviews to ensure compliance. And Congress passes the laws, oversees our implementation of those laws and determines whether or not the current laws should be reauthorized and in what form.
Let me explain how this has worked in the context of the 215 program. The 215 program involves the collection of metadata from telephone calls. These are telephone records maintained by the phone companies. They include the number the call was dialed from, the number the call was dialed to, the date and time of the call and the length of the call. The records do not include the names or other personal identifying information. They do not include cell site or other location information. And they do not include the content of any phone calls. These are the kinds of records that under long- standing Supreme Court precedent are not protected by the Fourth Amendment.
The short court order that you have seen published in the newspapers only allows the government to acquire the phone records. It does not allow the government to access or use them. The terms under which the government may access or use the records is covered by another, more detailed court order that the DNI declassified and released today. That other court order, called the primary order, provides that the government can only search the data if it has reasonable, articulable suspicion that the phone number being searched is associated with certain terrorist organizations.
The order also imposes numerous other restrictions on NSA to ensure that only properly trained analysts may access the data and that they can only access it when the reasonable, articulable suspicion predicate has been met and documented. The document of the analyst’s justification is important so that it can be reviewed by supervisors before the search and audited afterwards to ensure compliance. In the criminal context, the government could obtain the same types of records with a grand jury subpoena without going to the court.
But here we go to the court every 90 days to see the court’s authorization to collect the records. In fact, since 2006 the court has authorized the program on 34 separate occasions involving 14 different judges. As part of that renewal process, we inform the court whether there have been any compliance problems. And if there have been, the court will take a very hard look and make sure that we have corrected those problems. As we have explained before, the 11 judges on the FISA court are far from a rubber stamp. Instead, they review all of our pleadings thoroughly, they question us. And they don’t approve an order until they are satisfied that we have met all statutory and constitutional requirements.
In addition to the judiciary, Congress also plays a significant role in this program. The classified details of this program have been extensively briefed to both the Judiciary and Intelligence Committees and their staffs on numerous occasions. If there are any significant issues that arise with the 215 programs, we would report those to the two committees right away. Any significant interpretations by the FISA court would likewise be reported to the committees under our statutory obligations, including opinions of any significant interpretation, along with any of the court orders that go with that.
In addition, Congress plays a role in reauthorizing the provision under the — under which the government carries out this program, and has done so since 2006. Section 215 of the Patriot Act has been renewed several times since the program was initiated, including most recently for an additional four years in 2011. In connection with those recent renewals, the government provided a classified briefing paper to the House and Senate Intelligence Committees, to be made available to all members of Congress.
The briefing paper, and a second updated version of it, set out the operation of the programs in detail, explained that the government and the FISA court had interpreted the Section 215 authorization to authorize bulk collection of telephone metadata and stated that the government was in fact collecting such information. The DNI also declassified and released those two paper today. We also made offers to brief any member of the 215 program. And the availability of the paper and the opportunity for oral briefings were communicated through dear colleagues letters issued by the chairs of the intelligence committees to all members of Congress.
Thus, although we could not talk publicly about the program at the time, since it was properly classified, the executive branch took all reasonable, available steps to ensure that members of Congress were appropriately informed about the programs when they renewed it.
I understand that there have been recent proposals to amend Section 215 authority, to limit bulk collection of telephone metadata. As the president has said, we welcome a public debate about how best to safeguard both our national security and the privacy of our citizens. Indeed, we will be considering in the coming days and weeks further steps to declassify information and help facilitate that debate, just as we have done this morning in releasing the primary order and the congressional briefing papers. In the meantime, however, we look forward to working with the Congress to determine a careful and a deliberate way that tools can best be structured and secured to secure the nation, and at the same time, protect our privacy and civil liberty. Thank you, Mr. Chairman.
SEN. LEAHY: Well, I think we — I think we can — the debate you speak of is starting now. The administration did declassify FISC order. Of course, it does not contain any real legal analysis or discussion of the 215 relevance standards, so that will be part of our questions.
But first I want to ask Deputy Director Inglis a question before we even go into the legality and usefulness of this. We had a huge security breach, I think we’ll all agree, committed by Edward Snowden. And a few years ago, Bradley Manning downloaded hundreds of thousands of classified sensitive documents, passed them on to WikiLeaks. Now, if two data breaches of this magnitude occurred in the private sector, somebody would have been held accountable by now. There’s a lot of material kept in the private sector, trade secrets and so on. If they allowed this kind of leaking to go on in most companies, somebody would be held accountable. Who at the NSA has taken responsibility for allowing this incredibly damaging security breach to occur?
MR. INGLIS: Sir, that accountability must be considered at at least two levels. One, at the individual level, we have to take a hard look to see whether individuals exercise their responsibilities appropriately, whether they exercise due diligence in the exercise of those responsibilities.
SEN. LEAHY: Well, obviously there wasn’t. I mean, if this — if a 29-year-old school dropout could come in and take out massive, massive amounts of data, it’s obvious there weren’t adequate controls. Has anybody been fired?
MR. INGLIS: No, sir, not yet.
SEN. LEAHY: Has anybody been admonished?
MR. INGLIS: Sir, those investigations are underway. When those investigations are complete, we will have a full accounting within the executive branch and to the Congress of individual and systemic accountability. I think that, at the end of the day, we will have to look to see whether people exercise the responsibilities appropriately, whether they essentially exercise the trust that is accorded to them. In our system, we extend top secret SCI — special compartmented intelligence — clearances to a range of people, and expect that they will then exercise that trust as the American people intended. And we will make a full accounting of that.
SEN. LEAHY: To — I remember President Reagan made up a statement, which many of us use, about trust but verify. I mean, don’t you have — I realize you have to have a certain amount of trust, but don’t you have people double-checking what somebody’s doing?
MR. INGLIS: We do, sir.
SEN. LEAHY: Who double-checked Mr. Snowden?
MR. INGLIS: Well, there are checks at multiple levels. There are checks in terms of what an individual might be doing at any moment in time. There —
SEN. LEAHY: It obviously failed.
MR. INGLIS: In this case, I think we can say that they failed, but we don’t yet know where.
SEN. LEAHY: Well, you think you can say they failed. I mean, he’s sitting over at the airport in Russia with millions of items.
MR. INGLIS: I would say that with the benefit of what we now know, they did fail.
SEN. LEAHY: OK.
MR. INGLIS: But we don’t yet know where precisely they failed, and we may find that they failed at multiple points in the system, either in the exercise of individual responsibility or in the design of the system in the first place.
SEN. LEAHY: Has anybody offered — been asked to resign or offered to resign because of this failure?
MR. INGLIS: No one has offered to resign. Everyone is working hard to understand what happened and to put in place the necessary mechanism — (inaudible).
SEN. LEAHY: How soon we know who’s screwed up?
MR. INGLIS: I think that we’ll know over weeks and months precisely what happened and who should then be held accountable, and we will hold them accountable.
SEN. LEAHY: Are you taking any steps now to make sure such a screw-up doesn’t happen again?
MR. INGLIS: We are, sir. We have instituted a range of mechanisms, not simply one, to ensure that we would understand and immediately be able to catch someone who tried to repeat precisely what Mr. Snowden did, but we also have to be creative and thoughtful enough to understand that there are many other ways somebody might try to beat the system.
SEN. LEAHY: And you can understand why some people use that old expression, locking the door after the horse has been stolen?
MR. INGLIS: I can, sir.
SEN. LEAHY: OK, thank you. I appreciate your candor.
And I realize General Alexander is in Las Vegas, but I’ll ask you this question. Last month, he promised to provide me with specific examples of terrorism cases where Section 215 phone records (cautions ?) have been used; as I do believe by his answer, there are dozens of cases where Section 215 authority has been critical to the discovery and dysfunction of terrorist plots.
I’ve now reviewed all the classified material that the NSA sent. I’m far from convinced that the document is classified, but the — what was said in open testimony is that Section 215 ought to thwart or prevent 54 terrorist plots, not by any stretch can get 54 terrorist plots.
How many cases was Section 215 — (inaudible) — phone records collection critical to preventing a terrorist plot?
MR. INGLIS: Sir, I might answer in open session and then offer to provide follow-up details in a classified session. I would say that the administration has disclosed that there were 54 plots that were disrupted over the life of these two programs —
SEN. LEAHY: And Section 215 was critical to preventing 54 plots?
MR. INGLIS: No sir, and of those — and of those plots, 13 of those had a homeland nexus; the others had essentially plots that would have come to fruition in Europe, Asia, other places around the world.
Of the 13 —
SEN. LEAHY: How many — how many of those 13 were plots to harm Americans?
MR. INGLIS: Of the 13 that would have had a homeland nexus, 12 of those, 215 made a contribution.
The question you’ve asked, though, is more precise, in the sense of is there a but-for case to be made, that but for 215, those plots would have been disrupted, that’s a — that’s a very difficult question to answer, insomuch as that’s not necessarily how these programs work. That’s actually not how these programs work.
What happens is that you essentially have a range of tools at your disposal; one or more of these tools might tip you to a plot; others of these plots might then give you an exposure as to what the nature of that plot is. And finally, the exercise of multiple instruments of power, to include law enforcement power, ultimately completes the picture and allows you to interdict that plot.
SEN. LEAHY: Is there —
MR. INGLIS: There is an example amongst those 13 that comes close to a but-for example and that’s the case of Basaaly Moalin.
SEN. LEAHY: I’ve read that, I’ve read the material on that. And it’s safe to say the target of 54 outpours —
MR. INGLIS: It is safe to say that, sir.
SEN. LEAHY: That’s not — right.
MR. INGLIS: This capability, the 215 collection of metadata, is focused on the homeland. It’s focused on detecting plots that cross the foreign to homeland domain. And given there’s only 13 of those plots —
SEN. LEAHY: It wasn’t about — (inaudible) — in 54 cases.
MR. INGLIS: It was not, sir.
SEN. LEAHY: Thank you.
MR. INGLIS: Given that only 13 of those plots had a homeland nexus, it therefore only had its principal opportunity to make a contribution in 13 or less. In fact, it made a contribution to a plot that was disrupted overseas; I think that that shows that this actually is looking not simply at the homeland, but is looking at the foreign-homeland nexus.
SEN. LEAHY: I hope we are not mixing up 215 with other sections.
MR. INGLIS: We try hard not to do that, sir; they are distinguished but complementary tools.
SEAN JOYCE: Mr. Chairman, if I might add some insight to the value of 215 —
SEN. LEAHY: My time is up, but go ahead, if that’s what —
MS. : Can’t they make — (inaudible) —
SEN. LEAHY: Go ahead, Mr. Joyce — no they’re just here to help. But go ahead, Mr. Joyce.
MR. JOYCE: I just wanted to add, as you mentioned before, you know, how many dots do we need, and I think we need to frame this by understanding who the adversary is and what they’re trying to do, and they’re trying to harm America or they’re trying to strike America. And what we need is we need all these tools.
So you mention the value of 702 versus the value of Business Records 215; they are different. And I make the analogy like a baseball team: you have your most valuable player, but you also have the players that hit singles every day.
SEN. LEAHY: Mr. Joyce —
MR. JOYCE: I just want to relate to the homeland plots. So in Najibullah Zazi and the plot to bomb the New York subway system, Business Record 215 played a role; it identified specifically a number we did not previously know of a —
SEN. LEAHY: It was a — it was a critical role?
MR. JOYCE: What I’m saying — what it plays a —
SEN. LEAHY: (And was there ?) some undercover work that was — took place in there?
MR. JOYCE: Yes, there was some undercover work.
SEN. LEAHY: Yeah —
MR. JOYCE: What I’m saying is each tool plays a different role, Mr. Chairman. I’m not saying that it is the most important tool —
SEN. LEAHY: Wasn’t the FBI — wasn’t the FBI already aware of the individual in contact with Zazi?
MR. JOYCE: Yes, we were, but we were not aware of that specific telephone number, which NSA provided us.
SEN. LEAHY: The only reason I go down this, I — you know, if we did everything — for example, if we — if we could have more security, if we strip-searched everybody that came into every building in America; we’re not going to do that.
We have more security if we close our borders completely to everybody; we’re not going to do that. I — if we put a wiretap on everybody’s cell phone in America, if we search everybody’s home, but there are certain things — certain areas of our own privacy that we Americans expect, and at some point, you have to know where the balance is.
But I’ve taken — I’ve gone into other peoples’ time. Senator Grassley.
SEN. GRASSLEY: Mr. Chairman, clarify for me process. We’ve had the testimony now, so we ask questions of all the people?
SEN. LEAHY: Yes, that’s right. Well, the — we were going to have questions of Mr. Cole and Mr. Inglis, but Mr. Litt and Mr. Joyce are here to be able to add if anything is necessary.
SEN. GRASSLEY: Sure, OK. I’ll start out with Mr. Cole. And my questions are kind of emphasized to inform and to even be repetitive, because I think the public needs a greater understanding of what we’re up to here. There are two legal authorities that are — that we’re discussing here. One, Section 702 authority — that one I’m going to lay aside. The other authority is Section 215; many Americans are concerned about the scope there. They fear that the government is spying on them and prying into their personal lives. I ask questions to make absolutely sure that I understand the scope of 215.
First question, what information does the government collect under this program, and specifically, is anyone’s name, address, Social Security number or location collected?
MR. COLE: Senator Grassley, first, to answer the second part — name, address, location, Social Security number is not collected under the 215 program at all. Never has been, never will be. Secondly, the nature of the collection is really very dependent on this reasonable, articulable suspicion. While a lot of metadata does exist in a database, it cannot be accessed unless you go through the procedures of documenting that there is reasonable, articulable suspicion that the phone number you want to ask about is associated with terrorists. Unless you get that step made, you cannot enter that database and make a query and access any of those data.
SEN. GRASSLEY: OK. Again, for emphasis, is the government listening in on any American phone calls through this program? And let me say that I just heard within the last week on some news media that somebody is declaring that any bureaucrat someplace in some intelligence agency can pick up the phone and listen to the conversation.
MR. COLE: Nobody is listening to anybody’s conversations through this program, and through this program, nobody could. No information like that is being collected through this program.
SEN. GRASSLEY: Mr. Litt, Section 215 contains a requirement that records collected under the program, Provision B, quote, unquote, “relevant to an authorized investigation.” As a legal matter, how can you justify the assertion that phone records of millions of Americans who have nothing to do with terrorism are relevant to an authorized investigation under Section 215?
ROBERT LITT: So I’d begin by noting that a number of judges, repeatedly over the years, have found over the years that these records are, in fact, relevant. The reason is that the standard of relevance that we’re talking about here is not the kind of relevance that you think about in the Perry Mason sense of a criminal trial. It’s a much broader standard of relevance, and in a number of circumstances in the law, such as grand jury subpoenas or civil discovery, it’s a — it’s a well-accepted concept that if you need to get a large group of records in order to find a smaller group of records that actually provides the information you need to move forward, that the larger group of records can be relevant.
That’s particularly true in this case because of the kinds of controls that the deputy attorney general mentioned — the fact that the queries are limited, the access to the data is limited, and for that reason, the FISA court has repeatedly found that these records are relevant.
SEN. GRASSLEY: Is there any legal precedent that supports such a broad definition of relevance to an investigation?
MR. LITT: I’d actually defer that to the deputy attorney general.
SEN. GRASSLEY: OK.
MR. COLE: Well, the legal precedent comes from the history of all the orders that have been issued, the courts having looked at this under the FISA law and under the provisions of 215 and making sure that under the provisions and the ability to get these records relevant to a — rather, a foreign intelligence investigation. They have gone through the law that Mr. Litt has described on, as I said, I believe, 34 different occasions to do this analysis.
So those are — that legal precedent is there.
SEN. GRASSLEY: OK.
Mr. Joyce, one part of the balance that we have to strike, protecting privacy of Americans — the other part, national security. Thankfully, until the Boston bombing, we had prevented large-scale terrorist attacks on American soil. I have a few questions about how valuable the role of Section 215 and 702 programs have played in predicting (sic) our national security. Two questions, and then I’ll have to stop and go to our colleagues.
Can you describe any specific situations where Section 215 and Section 702 authorities helped disrupt a terrorist attack or identify individuals planning to attack, the number of times? And then secondly, if you didn’t have the authority to collect phone records in bulk the way that they are now under Section 215, how would you have affected those investigations?
MR. JOYCE: So to your first question, Senator, as far as a specific example of when we have utilized both of these programs is the one I had first mentioned, the first al-Qaida-directed plot since 9/11, in September of 2009, when Najibullah Zazi and others conspired plot to bomb the New York subway system.
We initially found out about Zazi through an NSA 702 coverage, and he was actually talking to an al-Qaida courier who was — he was asking for his help to perfect an explosives recipe. So but for that, we would not have known about the plot. We followed that up with legal process and then had FISA coverage on him and others as we fully investigated the plot. Business records 215 was also involved, as I had previously mentioned, where we also through legal process were submitting legal process for telephone numbers and other email addresses, other selectors. But NSA also provided another number we are unaware of of a co-conspirator, Adis Medunjanin. So that is an instance where a very serious plot to attack America on U.S. soil that we used both these programs.
But I say, as Chairman Leahy mentioned, there is a difference in the utility of the programs. But what I say to you is that each and every program and tool is valuable. There were gaps prior to 9/11. And what we have collectively tried to do, the members of the committee, other members of the other oversight committees, the executive branch and the intelligence community, is we have tried to close those gaps and close those seams. And the business record 215 is one of those programs that we have closed those seams. So I respectfully say to the chairman that the utility of that specific program initially is not as valuable. I say you are right. But what I say is it plays a crucial role in closing the gaps and seams that we fought hard to gain after the 9/11 attacks.
As you mentioned another instance when we used the business record 215 program, as Chairman Leahy mentioned, Basaaly Moalin. So initially the FBI opened a case in 2003 based on a tip. We investigated that tip. We found no nexus to terrorism and closed the case. In 2007 the NSA advised us, through the business record 215 program, that a number in San Diego was in contact with an al-Shabab and east — al-Qaida east — al-Qaida East Africa member in Somalia. We served legal process to identify that unidentified phone number. We identified Basaaly Moalin. Through further investigation, we identified additional co-conspirators, and Moalin and three other individuals have been convicted — and some pled guilty — to material support to terrorism.
So I go back to we need to remember what happened in 9/11, and everyone in this room remembers where they were and what happened.
SEN. LEAHY: Mr. Joyce, you’re stating the obvious there — (inaudible) — specific to it because we are going to have votes on the floor that’s going to take us out of here. We’d like to keep somewhat close to the time.
MR. JOYCE: Well, what — all I’ll say, Mr. Chairman, is, respectfully, you mentioned about the dots. We must have the dots to connect the dots.
SEN. LEAHY: Thank you.
One of the advantages of this committee on the — members of both the sides of the aisle bring all — bring a lot of different abilities and various areas of expertise.
Our next witness is the chair of the Senate Intelligence Committee.
SENATOR DIANNE FEINSTEIN (D-CA): I’m a witness here?
SEN. LEAHY: The next witness — next questioner — of the — chair of the Senate Intelligence Community, Senator Feinstein. And we’re — (inaudible) — to have her on this committee.
SEN. FEINSTEIN: Well, thank you very much. Thank you very much, Mr. Chairman.
I’d like to begin by putting a couple of letters in the record. These have just been declassified. The first is a letter to myself and Senator Chambliss on February 2nd, 2011, before this program came up before the Senate, explaining it, making the information available. The second is that same letter to the House, but — so we have before 2010 and 2011. I’d also —
SEN. LEAHY: Without objection, they’ll be made part of the record.
SEN. FEINSTEIN: Thank you.
I’d also like to — I just realized that I believe Mr. Inglis’ statement makes public for the first time a fact, and it’s an important fact. It’s on Page 4 of his letter. And what he points out, I think Mr. Cole described, that the query, which is the search of the database, can only be done on reasonable articulable suspicion, and only 22 people have access to that, trained and vetted analysts at the NSA. If the numbers are run and it looks like there is a problem, the report is made to the FBI, and the FBI looks at it. And if they want to collect content, they must get a probable cause warrant from the Foreign Intelligence Surveillance Court. But — and quote, in 2012, based on those fewer than 300 selectors, that’s queries, which actually were 288 for Americans, we provided a total of 12 reports to the FBI, which altogether tipped less than 500 numbers. So what you’re saying, if I understand it, Mr. Inglis, is that maximum, there were 12 probable cause warrants. Is that correct?
MR. INGLIS: I think in truth, any one of the numbers that were tipped could have led the FBI to develop probable cause on more than 12, but there were only 12 reports provided to the FBI across 2012, and there were less than 500 numbers in those report collectively that were tipped to the FBI in 2012.
SEN. FEINSTEIN: Let me ask Mr. Joyce this question. Do you — can you tell us how many orders — how many probable cause warrants were issued by the FBI in 2012?
MR. JOYCE: I can’t off the top of my head, Senator. I can get you those numbers, though, following the hearing.
SEN. FEINSTEIN: Well, I think we’d appreciate that. I think —
MR. JOYCE: I would just add, though, you make a very good point, whether it’s the 702 program or the business record 215, once that information is passed to us involving anyone in the United States, we must go to the FISC, the Foreign Intelligence Surveillance Court, and show probable cause on the FISC warrant basically to provide content or whatever as far as overhears for that specific individual.
SEN. FEINSTEIN: Good.
Now, the NSA has produced and declassified a chart, which I’d like to make available to all members. It has the 54 total events. It includes a Section 702 authority and Section 215 authority, which essentially work together. And it shows the events disrupted based on a combination of these two programs, 13 in the homeland, 25 in Europe, five in Africa and 11 in Asia.
Now, I remember I was on the Intelligence Committee before 9/11, and I remember how little information we have and the great criticism of the government because of those stovepipes, the inability to share intelligence, the inability to collect intelligence. We had no program that could’ve possibly caught two people in San Diego before the event took place.
I support this program.
I think, based on what I know, they will come after us. And I think we need to prevent an attack wherever we can from happening. That doesn’t mean that we can’t make some changes.
Yesterday, the at Intelligence Committee, I outlined some changes that we might consider as part of our authorization bill. And let me quickly run through them: the number of American phone numbers submitted as queries on a regular basis annually from the database, the number of referrals made to the FBI each year based on those queries and how many times the FBI obtains probable cause warrants to collect the content of a call — which we now know is very few times relatively — the number of times that a company — this is at their request from the high-tech companies — that any company is required to provide data pursuant to FISA’s business records provision.
As you know, the companies who provide information are seeking to be able to speak more publicly about this. And I think we should. There are some changes we can make to the business records section. We’re looking at reducing the five-year retention period that NSA keeps phone records in its database down to two or three years. It’s my understanding that the usefulness of it tails off as the years go on. We have to determine that point and then consider it. And requiring the NSA to send to the FISA court for its review the records of each query of the database as soon as is practicable so the court can determine the propriety of the query under the law.
These are things that can be done to increase transparency, but not to stop the program. I believe, based on what I have seen — and I read intelligence regularly — that we would place this nation in jeopardy if we eliminated these two programs. Thank you, Mr. Chairman.
MR. LITT: Mr. Chairman, may I — may I just offer a brief response to that? Just —
SEN. LEAHY: Just a moment, and I — and I will. Would you also include reporting how often NSA or anybody else goes into an individuals browsing history or their emails, their social media activity?
SEN. FEINSTEIN: Sure. Right. And we could do that in the private sector too, how often —
SEN. LEAHY: Yeah, I know. I was just — I was just looking at this article The Guardian reported today, which may or may not be accurate. Mr. Litt, you wanted to say something.
MR. LITT: Yes, thank you. I just wanted to say that I think that the administration is more or less in the same place that Senator Feinstein is. We are open to re-evaluating this program in ways that can perhaps provide greater confidence, public — and public trust that this is in fact a program that achieves both privacy protections and national security.
And in fact, the White House has directed the director of national intelligence to make recommendations in that area. So we will be looking forward to working with your committee and this committee to see whether there are changes that can be made that are consistent with preserving the essence of the program, and yet provide greater public confidence.
SEN. LEAHY: Thank you.
Senator Cornyn. Again, speaking of the anniversary we have, Senator Cornyn, of course, is the deputy Republican leader. And we appreciate his — amount of time he spends in this committee.
SENATOR JOHN CORNYN (R-TX): Mr. Chairman, thank you for having this hearing. And thanks to each of the witnesses for your service to our country.
Those of us who have been here for a little while, and through the evolution of these programs, have, I think, learned more than the public generally knows about how they operate. And I think that’s helped give us confidence in what is occurring with the — but I’m also sensitive to Senator Feinstein, the distinguished chair of the Senate Intelligence Committee, some of her observations. And Mr. Litt I think reiterated that too, about the importance of maintaining public confidence in classified programs, which is a tough — a tough thing to do.
But I think — I’m also reminded of the fact that since 2007 we have 43 new members of the United States Senate. And so there have been some people who have come to the Senate in recent years who perhaps have not been able to observe through their regular work some of the development of these programs and so I think a hearing like this, the other hearings that you’ve participated in that I’ve attended, have been very important to giving everyone a foundation of information where they can have confidence on behalf of the people we represent.
But I’d like to ask, maybe starting with Mr. Cole and go down the line, to get your reaction to the criticism made of the operations of the Foreign Intelligence Surveillance Court made by former judge — Foreign Intelligence Surveillance Court Judge James Robertson. And this really has to do with the nature of essentially essentially ex parte proceedings before the — before the court. I know that when it comes to individualized, particularized warrants, it’s common in our system to have essential ex parte proceedings. But here, when the Foreign Intelligence Surveillance Court is authorizing a program, it is, according to Judge Robertson, under this expanded jurisdiction, it’s turned the court into something of an administrative agency; and of course, talking again about public confidence in the — in the oversight of the court, which I think is an important part of that — maintaining that confidence, whether you think there might be some advantage, as Senator Blumenthal and I have discussed informally, having more of an adversarial process. My experience, I trust your experience with the adversarial process in our courts, is it usually produces more information that allows the judge to make a better decision. And I’d just like to get your reaction, Mr. Cole, and perhaps go down the line.
MR. COLE: Thank you, Senator. First of all, I can tell you from the practice we have before the FISA court that it’s far more than just another administrative agency. They push back hard, and they make sure that they are the guardians of the law and the Constitution. The topic of having an adversary — and there is one that we’re in the process of discussing and I know is being discussed in the Senate and in the House, and it’s one of those areas that I think is part of the debate that we should be having on how best to do this. There’s obviously issues we’ll have to work through as to clearances and classifications and who would be there and what their role would be and things of that nature if it’s going to be a practical way to do it. But those are the kinds of discussions I think we do need to have.
As you pointed out, it’s not the usual course. And in the criminal law context, we have many search warrants, Title III surveillance warrants that come in that are not done in an adversary way. But this is certainly part of what we’d like to be talking about and see if this has some utility.
SEN. CORNYN: Mr. Inglis, do you have anything to add?
MR. INGLIS: My background is largely operational, not in the training of the law. But that said, more than mindful of the absolute obligation to ensure that these things are done fully consistent with the Constitution. We welcome any and all hard questions, whether that comes from an adversarial process or the process we enjoy. We think that we should be held accountable to answer those questions and ensure that the authorities that we are granted supports the whole of the Constitution, not just the defense of national security but the defense of civil liberties.
SEN. CORNYN: Thank you.
MR. LITT: The only point that I’d like to make from the perspective of the intelligence community is to note that we already — this is an unusual process, to have the court involved in an essentially executive branch activity conduct of foreign intelligence. I don’t know of any other nation in the world that has the degree of judicial supervision of intelligence activities that this country has already. And I think that to some extent, people have a — make a mistaken analogy when they — when they hear the term “court” and they think of this an adversary proceeding like a criminal trial or a civil trial. The question is what is the best way to ensure that our intelligence programs are conducted in compliance with the law and with adequate protection for people’s privacy and civil liberties. And if it would help to have some sort of adversary process built into that, that — I think that would be entirely appropriate. But we shouldn’t be trying to make this mimic a criminal trial, because it’s a very different process.
SEN. CORNYN: Mr. George, do you have anything to add?
MR. GEORGE: No, my background is operational, so I’ll defer to my lead attorney, the deputy attorney general.
SEN. CORNYN: OK, thank you very much. Thank you, Mr. Chairman.
SEN. LEAHY: Thank you. I hope, Mr. Litt, you’re not saying if we have a — something that is very unusual, if we have something that can collect data on U.S. citizens, that you’re not saying the court should not be involved.
MR. LITT: No, no, I’m not saying that.
SEN. LEAHY: I just want to make sure.
MR. LITT: No, I’m not saying that at all.
SEN. LEAHY: Thank you.
SENATOR AMY KLOBUCHAR (D-MN): Thank you very much, Mr. Chairman. Thank you to our witnesses. As a former prosecutor, I’ve long believed that our laws must strike the right balance between protecting our civil liberties and protecting our national security. It — I think most Americans, I will say, didn’t expect the sweeping nature of the surveillance programs, and for that reason, I think this opportunity to re-examine these programs to see if there are ways we can ensure that they are more transparent and accountable without sacrificing the benefits they provide to national security is very important.
And I just got this order, the court order, Mr. Cole, that was just hot off the presses here, and could you — you said in your earlier testimony — you talked about the mat — the metadata, which I assume is just the collected data we have been hearing about on domestic phone calls, which isn’t the phone conversation itself. And then you go down to a category two, which must be when you are investigating parts of that metadata, which is based on this order, and then category three — this is how I’m thinking of it in terms of circle — would be when you would actually get a court order to start investigating a person. Is that a fair way to look at this?
MR. COLE: I think that’s a very good way of looking at it, because — and the word you used, I think, is important here, the surveillance that’s being done, because the only thing we’re actually involved in surveilling are these much smaller groups that we have reasonable, articulable suspicion for. We’re not surveilling everything that’s in the database. You have to go through some very specific requirements that are contained in that order before you could surveil.
SEN. KLOBUCHAR: In this order — and you said it would be — there have to be a reasonable suspicion that it’s a terrorist. That’s what you said earlier?
MR. COLE: Reasonable suspicion that it is relevant to an investigation of certain terrorist organizations.
SEN. KLOBUCHAR: OK. And so is there a percentage of that data that’s — you know, that you look at when you get to the big metadata, then you go down to the next category — what percentage of the metadata is the next category that’s based on this order?
MR. COLE: I think it’s hard to really quantify. I’ve heard numbers anywhere from .0001 percent of that metadata. It’s a very, very tiny fraction of the metadata that actually is accessed and surveilled.
SEN. KLOBUCHAR: And then when you go down to the part there where you’re actually investigating someone or you get a special court order to look into it, what percentage is that?
MR. COLE: That’s then even smaller because we then have to have probable cause to believe that those people are falling within the requirements of the Foreign Intelligence Surveillance Act.
SEN. KLOBUCHAR: OK. So given how small this is, is there no way of limiting the breadth of the data and information collected under the program that would not have adverse effects on our ability to effectively monitor national security threats?
MR. COLE: Well, this is what we’re looking at right now and trying to work through. As Senator — Chairman Feinstein had noted, she’s made some recommendations. We are in the process of looking through that process to see if there are other ways to go about doing this where we still preserve the effectiveness of the operation and try to limit whatever kind of privacy and civil liberties intrusions that come from that.
SEN. KLOBUCHAR: Very good.
And one idea that General Alexander suggested is that he’s open to the idea of telecommunication companies holding the records rather than having the NSA collect them, although we know we still have that issue of telephone immunity anyway, as long as the government could get access.
Mr. Inglis, do you want to testify about that and answer that? Do you think that’s a viable alternative? It seems to me that we may have to do more than that, but —
MR. INGLIS: So I think there are multiple implementations that could work. I think that we need to score all of those implementations against a set of criteria, which would include at the top that they do provide protections for privacy and civil liberties, but they also need to have sufficient breadth. To your question that if you ask a question of this database — let’s say you have the situation we had with Bisali Mewalem (ph) — we have a number from East Africa al-Qaida that we have reasonable suspicion is associated with a plot against the homeland — you want to check to see whether there is in fact a connection into the homeland. You need sufficient breadth in the database that you’re about to query to have confidence that if you come away with no response, that you can take that as confidence there isn’t a plot, or that if you get a response, you found it, whether it’s in any particular location in the world. So the breadth is important.
But I think that we can take a look at whether this is stored at the provider, so long as you have some confidence you can do this in timely way. We need to sometimes disrupt an operation that’s in play, that’s in progress, and so seconds, hours matter.
There might be other situations where you have the time to perhaps take more time, but we’ll have to think our way through whether the providers can meet that standard. I think there are technical architectures where they can.
Finally, to the question that Senator Feinstein has asked, a very thoughtful question, do we need hold these records for five years, our experience has shown that intelligence writ large tends to have a significant tail-off at five years, but there’s a knee in the curve that might live at two years or three years. We need to base it upon data with a rearward look, take a hard look at that and determine how long these things really are necessary and, beyond that, how long they’re valuable.
SEN. KLOBUCHAR: And one quick question at the end here, Mr. Cole: Now that this court order has been declassified, is there effort underway to declassify some of the legal rationale behind it?
MR. COLE: We’re still working on trying to declassify a number of things in this area. We’re trying to get as much as we can out, obviously balancing the national security concerns with those releases, but our goal is to try and get out as much information as we can to provide the transparency on this.
SEN. KLOBUCHAR: Thank you very much.
SENATOR JEFFERSON BEAUREGARD “JEFF” SESSIONS III (R-AL): Thank you all very, very much.
And let me ask this, Mr. Litt. With regard to Mr. Joyce’s comments about a certain case that they were able to interdict and stop dealing with the subway matter, and he said that the collection of data under this program played a role in the successful culmination of that case. Just fundamentally, you are a — you were a deputy attorney general under Janet Reno for six years in Department of Justice. You were members of the ABA’s criminal justice committee. You’ve studied these issues and are required to make sure that laws are followed. But is this — what was done in that case, does it violate the Constitution in any way, as defined by our U.S. case law and the words of the Constitution itself?
MR. LITT: So first, I thank you for the promotion, but I never actually served as deputy attorney general. I had a couple of positions in the — in the department, but —
SEN. SESSIONS: You were a deputy assistant attorney —
MR. LITT: Deputy assistant attorney general, that’s —
SEN. SESSIONS: You have to get all these assistant deputies and deputy assistants straight. So —
SEN. LEAHY: We can all agree he’s highly qualified. (Laughter.)
SEN. SESSIONS: Well, from your experience in these matters — and I think — I just want to raise a certain point, if you’ll give me a brief answer on that.
MR. LITT: I think the answer is quite clear under the — under the controlling case law that collection of this kind of telephone metadata from the telephone companies is not a violation of anyone’s constitutional rights.
SEN. SESSIONS: And when I was a federal prosecutor — and Mr. Cole, you were a prosecutor — virtually every complex case resulted in a subpoena to phone companies to get people’s phone records. Is that correct?
MR. COLE: I’d say the vast majority involved getting phone records — (inaudible) —
SEN. SESSIONS: And when you do that, you obtain their name, when — a lot of details about the call, but not the contents in the call.
MR. COLE: That’s right. Many times you can get subscriber information, who owns the phone, what their billing address is, things of that nature, which we don’t get under this program.
SEN. SESSIONS: And so in this haystack of information that you have is only numbers. It doesn’t even have the name of the person connected to that number, the subscriber of that number. Is that correct?
MR. COLE: That’s correct. If we find a chain that we think is important, we then have to do other investigation to find out who actually belongs to those numbers.
SEN. SESSIONS: Well, Chairman Leahy and others — and we talked — when the Patriot Act was passed, we went into great, great detail about all these issues, and I would say that balancing the constitutional rights — danger versus constitutional rights is not the right way to phrase this. I believe everything in the Patriot Act that we passed was consistent in principle to the very things that have been done by law enforcement for years and decades in terms of the ability to issue subpoena and obtain records. Maybe a few new applications of it to new technologies, but essentially, the principles are — were maintained. Would you agree, Mr. Cole?
MR. COLE: Yes, Senator. I think we — as I said at the beginning, I think we’ve struck the balance properly here, but there’s always room for discussion and getting people’s input. And times sometimes do change, and it’s good to come back and revisit these things and make sure we have the balance right.
SEN. SESSIONS: Well, I agree with that. And I think it’s — the questions that have been raised require us to look at that.
Now, the data, this haystack of phone numbers — there’s no ability to go back and listen to any of those conversations that occurred at a previous time, is there?
MR. COLE: No, there — we don’t even capture, through this, any conversations. So there’s no ability, no possibility of listening to conversations through what we get in this program.
SEN. SESSIONS: And if — Mr. Litt is an intel lawyer here — if you have the ability to tap a terrorist phone call in Europe or Yemen, let’s say, and that person calls to the United States, by definition of a lawful wiretap, you listen to the persons that the individual calls. Is that right? So I mean, by — a wiretap, by definition, is to listen to the conversations that the bad guy has with whoever he calls.
MR. LITT: That’s correct. And under FISA, the court requires us to have minimization procedures to ensure that we don’t retain or disseminate communications of Americans, unless those are of valid foreign intelligence or evidence of a crime.
SEN. SESSIONS: But if you want to tap a terrorist you’ve identified in the United States, you have to have a warrant with probably cause, do you not?
MR. LITT: That’s correct.
SEN. SESSIONS: And so if you identify a person by surveilling a foreign terrorist, you identify phone calls to the United States, you’d still have to have information sufficient to get a court to give you a Title III warrant to listen to that person’s phone calls.
MR. LITT: It could be a Title III warrant, it could be an individual warrant under Title I of FISA. But either way, there’s a probable cause standard that has to be met.
SEN. SESSIONS: It requires court approval.
MR. LITT: Yes.
SEN. SESSIONS: Mr. Chairman, we tried — I know this committee’s worked hard on this. We tried to make sure that every provision in the act was consistent with our constitutional and legal heritage. But we listen to the concerns that were being raised. And if we made a mistake, I’m willing to change it. But I’m inclined to think all of these actions are consistent with the Constitution and laws of the United States.
SEN. LEAHY: One of the — one of the reasons we’re having the hearing is there are going to be some proposals for changes in the law. And I want to make sure that we have as much information as possible for it.
SENATOR AL FRANKEN (D-MN): Thank you, Mr. Chairman. I also want to thank all the witnesses here — Mr. Cole, Mr. Inglis, Mr. Litt, Mr. Joyce — for your service to the country.
I want to be clear at the outset. I think that these programs protect our country and have saved lives, but I do think there is a critical problem at the center of this debate, and that’s the lack of transparency around these programs. The government has to give proper weight to both keeping America safe from terrorists and protecting Americans privacy. But when almost everything about these programs is secret and when the companies involved are under strict gag orders, the American public has no way of knowing whether we’re getting that balance right. I think that’s bad for privacy and bad for democracy.
Tomorrow I’m introducing a bill to address this — to fix this. It will force the government to disclose how many Americans have had their information collected under key authorities in the Foreign Intelligence Surveillance Act. And it will give force — it will also force the government to disclose how many Americans have had their information actually reviewed by federal agents. My bill would also allow private companies to disclose aggregate figures about the number of FISA orders that they’re receiving and the number of their users that these orders have affected.
Two weeks ago, a broad coalition of 63 Internet companies and bipartisan civil liberties groups sent a letter to the president asking for the reforms that my bill would make law. I’m proud to say that I’m introducing my bill with the support of Chairman Leahy, Senator Blumenthal and a number of other senators who are not on the Judiciary Committee. From what I just heard from Senator Feinstein, there may be some overlaps in our approaches. And I’d be happy to work with her.
I’d like to focus my questions on the subject of transparency. Mr. Litt, in the weeks after Mr. Snowden’s leaks, the Office of the Director of National Intelligence decided to declassify the fact that in 2012 only 300 queries were run on the database of telephone records complied under Section 215 of the Patriot Act. Can you tell me why the ODNI decided to declassify that fact?
MR. LITT: So first, to be clear, what was declassified was the fact that there were fewer than 300 telephone numbers approved for queries. There can be more than one query based on the same telephone number if, for example, over time you want to check and see whether there’d been an additional communication. So the number that was declassified was the number of selectors as to which reasonable, articulable suspicion had been established so that they could be the basis for a court order.
SEN. FRANKEN: Well, why did you decide to declassify the fact and then?
MR. LITT: You know, what we’re doing is we are looking at all of the information surrounding these programs, at what has already been revealed, because fundamentally these programs were classified in toto to begin with because of the feeling that revealing our capabilities would give our adversaries an edge in how to avoid those capabilities.
Once the fact of the program became public, we began to look at all the details surrounding the program such as the orders that we’ve released today and the number you mention there. And we’re making an assessment as to each one of them as to whether they — whether it’s in the public interest to release that particular fact which has previously been classified.
SEN. FRANKEN: It’s just that I think that I don’t want the public to take our word for it always, and I think there’s a balance here, and transparency is part of that balance. And I don’t want a situation where the government is transparent only when it’s convenient for the government.
An hour ago, ODNI declassified a FISA court order under Section 215. That’s a good thing. But ODNI has known for weeks that this hearing was coming, and yet ODNI releases material just a few minutes before the hearing began. You know, again, it’s a step forward, but you get the feeling — when it’s ad hoc transparency, that’s not — that doesn’t engender trust, I don’t think.
MR. LITT: I couldn’t agree with you more. I think we have an obligation to go through and look at the bad as well as the good and declassify what can be declassified without danger. We did actually have a discussion yesterday within the executive branch about whether we should release these documents this morning or not, because it’s generally not a good idea to release things on the morning of a hearing. And I think we came — we came to the conclusion that once we’ve made the determination that the documents should be declassified, there was no justification for holding them up any longer, and so that was —
SEN. FRANKEN: Did you just start thinking about that decision, like, yesterday?
MR. LITT: No, but it’s —
SEN. FRANKEN: And when did you — I mean, you’ve known this for a long time. (Laughs.) It might have been — you might have thought about this weeks ago and said, you know, maybe not the day of.
MR. LITT: We have been thinking about this for some time, and we’ve been processing these as quickly as we can. You’ll note that the documents that were released contained some redactions of information that remains classified.
SEN. FRANKEN: Of course.
MR. LITT: It’s a rather time-consuming interagency process to reach consensus on what can safely be released.
SEN. FRANKEN: Well, my time is up. But I think we should create a strong, permanent set of public reporting requirements that will empower the public to reach their own conclusions abut the merits of these programs, and that’s what the bill I’m working on would accomplish. Again, I’d love to work with Senator Feinstein. And Mr. Litt, I would love if you would work with me to make sure we get the reporting and requirements right as we move forward with the bill. Would you do that?
MR. LITT: Absolutely. We’d be glad to do that, sir.
SEN. FRANKEN: Thank you.
Thank you, Mr. Chairman.
SEN. LEAHY: Incidentally, we’re going to go next to Senator Flake, but I do want to compliment all four of the witnesses here for their candor, and I might want to single out General Inglis — or Mr. Inglis, I guess you go by now. But — and I have been advised and I understand from others is you’ve always been very direct, very clear, very straightforward, that is — often that’s in classified sessions, but you’ve been the same way in open session. I appreciate that.
SENATOR JEFFRY FLAKE (R-AZ): Thank you, Mr. Chairman. And thank you. And I’m sorry I wasn’t here to hear your testimony. I know that you’ve all noted in your written testimony that there are significant checks in the FISA system.
AUDIENCE MEMBER: (Off mic.)
SEN. FLAKE: Do you believe that there are insufficient checks to outweigh the concerns that some have about the appointment of an independent council? If you’ve touched on this in earlier questions, I apologize. But General Cole, can you mention that? With regard to an independent council, do you think that in the second panel, Mr. Baker raises some issues and problems with an independent council. Can you give me your thoughts on whether you think that’s needed or not?
MR. COLE: Certainly, Senator. I mean, this is a topic that’s being discussed both in the administration and in the Congress as one avenue that might be available. Traditionally, when you issue search warrants, when you issue wire taps and things like that, in the criminal law you don’t have an adversary process that takes place (if ?) there isn’t somebody on the other side. So there’s a legal tradition that the way we’ve been doing it is certainly one that we’ve done in other contexts. We also have the court that is involved, and that’s unusual, as Mr. Litt had pointed out, particularly in a foreign intelligence context to have the courts involved at all.
But this is something that I think we’re open to having discussions about as to what the utility would be, what the role would be, how it would work.
The devil can many times be in the details, but we think it’s — all of these things are worth discussing to figure out how to make this the best program it can be.
SEN. FLAKE: If there were an independent counsel involved, would it — can you foresee problems in terms of timeliness to have a lawyer staff cleared in time to review this sensitive information?
Somebody else — anybody else wants to address that as well?
MR. COLE: I’ll just start. It may be a little bit, but the court pushes back a lot itself, and there’s an enormous process that takes place with the court itself to make sure that we’ve satisfied all the requirements under the law and under the Constitution. So if there’s somebody on the other side doing it, I would imagine they’d be doing the same thing on roughly the same schedule.
MR. INGLIS (?): If I could just add to that, there is a letter that the chief judge of the Foreign Intelligence Surveillance Court has written to the chairman that I think is available on the Internet that outlines in some detail the procedures that the court follows and I think gives a good sense for the care and thoroughness that the FISA Court exercises today.
SEN. FLAKE: All right. There’s been some criticism that the process that we have for the selection of these judges may lead to more Republican judges being appointed than Democratic — or Republicans appointing judges than Democrats appointing judges. Do you sense or see any difference in your experience, all of you, with — is that an issue that somebody ought to be concerned about, or have you seen any difference in decisions rendered?
MR. INGLIS (?): From my experience, I haven’t seen any decisions of the judges — our judges and their being guided by the law and not necessarily by politics, but that’s certainly a topic we would leave to the sound discretion of the Congress.
SEN. FLAKE: Any other thoughts from anybody else — (inaudible) — see any problems with that process, selection of judges?
All right. Mr. Litt?
MR. LITT: No, I was just going to say it’s very hard to tell how another judge would have rendered a decision because you only have the one judge rendering the decision.
SEN. FLAKE: Right.
All right, thank you, Mr. Chairman.
SENATOR RICHARD DURBIN (D-IL): Thank you, Mr. Chairman.
I’m a liberal arts lawyer. I took some math courses, but it’s been a long time ago. So I’m going to ask the panelists, maybe Mr. Litt, Mr. Inglis or whoever, to help me do some math here. In 2012 there were 300 queries that resulted in a search of records, and we are told that there are three hops. In other words, if I was the subject matter of this search and I called Senator Feinstein, they would accumulate all of the records of my telephone calls to her and others and then all of the records of Senator Feinstein — telephone calls, which may have included Chairman Leahy, and now you’ve included all of his records as well. Mr. Jaffer of the ACLU will testify — at least speculate later that if I had an average of 40 contacts, that would mean that for my name, my query, you would accumulate 2 million phone records — 2 million for that one inquiry. Now multiply that in the year 2012 by 300. So we are talking about 600 million phone records. Now multiply that times seven years.
So what has been described as a discrete program to go after people would cause us harm, when you look at the reach of this program, it envelops a substantial number of Americans. So can somebody help me with the math here, if I’ve missed something along the way or perhaps should minimize that number?
MR. INGLIS (?): Sir, if I could start, and apologizing for the format — the unclassified format, I’ll be discreet in my remarks, but happy to follow up in any detail that you would prefer, either here or at NSA.
Now, first and foremost, the analysts are charged to provide information that is truly useful to the Federal Bureau of Investigation. And so in that regard, they try to be judicious about choosing when to do a second hop or, under the court’s authorization, a third hop. Those aren’t always exercised. They don’t always exercise a second hop for all numbers that might be pointed to by the first hop. And so while theoretically 40 times 40 times 40 gets you to a large number, that’s not typically what takes place.
If an analyst were to see, for example, at the second hop that there are very significant numbers associated with one of those numbers, they would have to come to some deduction as to what that means. That could be that you kind of glommed onto is a pizza deliveryman. You don’t want to pursue that; that’s not useful.
If on that second hop, you see that that’s hopped to a foreign number already known to the intelligence community because it’s a known terrorist, you’d want to make the third hop to understand what’s beyond that.
SEN. DURBIN: I understand that part of it, where you’re trying not to waste the time or resources of our government in protecting our nation.
MR. INGLIS (?): Yes, sir.
SEN. DURBIN: But the potential reach of this when we say 300 goes way beyond 300.
MR. INGLIS: So, I think that’s a very important question and we have to compare the theory to the practice. We try to be very, very judicious in the use of this very narrowly focused authority, and so the reason that we declassified the numbers is to show that we are in fact judicious. So, less than 300 times did we approve a query for selection — or a selector for query in 2012 and provided less than 500 numbers in 12 reports to the FBI in all of 2012.
MR. LITT: If I can just add one thing to that, it’s important to remember that all that we’re getting out of this is numbers. Nobody’s name, nobody’s address, the content of no communications. These are all — this is nothing but a tool to try to identify telephone numbers that warrant further inquiry.
SEN. DURBIN: I understand that, and here’s the point that I offered an amendment for this committee, which garnered a grand total of four votes a few years ago on this very subject because most of the members weren’t aware of this program, 215 program, in its detail. I knew a little bit more than some but obviously didn’t know as much as I’m learning today. And there was — there’s genuine concern today expressed. At that time, because of the limited knowledge of the members, I got four votes.
So, here’s the question I get down to — and it’s asked over and over again. If my cell phone is an area code 217, which it is, and I am a suspect, I certainly think it’s appropriate and I encourage our government to find out who I’m talking to. That’s important. I still can’t get to the point of requiring every person with a 217 area code to have their records collected in terms of their telephone conversations. Now multiple that times every area code across America and look at the potential reach. It seems to me that what is being described as a narrow program is really a very broad program in terms of the metadata collection on the front end.
What I’d like to ask — people have said — I’ve heard it from members of this panel, you know, we save lives with this. The 215 program has saved lives, stopped terrorism. Good. That’s what we want our government to do. Could you have also saved the same number of lives and had the same impact if, knowing my telephone number as a suspect, you could search my records as opposed to collecting everyone’s records in my area code?
MR. LITT: So, if I could go back to a case in point, perhaps it might be the best way to tease this out, and I think that’s a great question.
The Basaaly Moalin case, what we knew at the time when we made that query was we knew a number that we had reasonable suspicion was affiliated with a terrorist group plotting against the homeland. That number was in Somalia. It was associated with al-Shabab. We had reasonable suspicion it was associated with something in the United States. We had no idea what it might have been associated with, and so we needed to do a query. We didn’t know whether it would be associated wit ha 217 area code or a 303 area code; what of the grand, kind of, set of possibilities was it associated with.
In order to find the needle that matched up against that number, we needed the haystack, right. That’s what the premise is in this case. And in that point, if just before somebody had made that query you’d said this is going to connect to a number in San Diego, that would have been as surprising as if you’d said that number’s connected to someplace in Yemen.
SEN. DURBIN: But, Mr. Inglis, I guess what it gets down to is this: Once establishing that number with al-Shabab, this operative from al-Shabab, you could certainly go after that person’s telephone records in all of the contexts that that person has made. The basic question we’re faced with is do you need to collect five years’ worth of data on everyone in America and their telephone records so that the haystack, which is pretty big —
MR. INGLIS: That’s a fair question. So, the question would be, is it enough to look prospectively, in the future, right, at that particular number? It may well be that the plotting you’re looking for occurred in the past. And if you don’t have that person’s records in the past, then you can’t determine —
SEN. DURBIN: And a point that’s been raised repeatedly, if we required the phone companies to retain the records for five years —
MR. INGLIS: That’s a very fair point, and that is possible.
SEN. DURBIN: — it would not be in the grasp of the government but accessed by the government —
MR. INGLIS: I agree, sir —
SEN. DURBIN: — which serves the same purpose, does it not?
MR. INGLIS: I agree, but under the current legal framing the phone companies are not required to retain that for the benefit of the government.
SEN. DURBIN: How hard would that be?
MR. INGLIS: I think it would require a legal change. I don’t think that’s hard.
SEN. DURBIN: I don’t think so either.
MR. INGLIS: I (do ?) think that you can get there from here. You have to then think about the rest of the attributes that are necessary to make this a useful venture
SEN. DURBIN: Senator Feinstein said, ask him about the expense.
MR. INGLIS: I would say in a classified session I could give you chapter and verse on the expense.
The expenses are different, depending upon whether you choose the current implementation and you choose an implementation where you leave it at the providers. The government, if it requires the providers to retain those records, should bear that expense.
SEN. LEAHY: Thank you. Senator Lee.
SEN. LEE: Thank you, Mr. Chairman.
As I understand it, the NSA’s collection of metadata — you know, the kind of metadata that we’ve been discussed today is accomplished pursuant to Section 215 of the Patriot Act. Now, Section 215 (b)(2)(A) of the Patriot Act places an important limitation on that collection in that it limits the government’s ability to collect that metadata to circumstances where the data is in question is, quote, “relevant to an authorized investigation,” close quote.
At some point — you know, relevance is a concept that is difficult to define in the abstract. It is a somewhat fluid concept, and it’s one of those things that some jurist might say, I know it when I see it, but I struggle to define it. Yet regardless of how difficult it might be to define in the abstract what relevance is, don’t you think we have left the station of relevance long before we get to the point of collecting metadata on, potentially, 300 million Americans and their cell phone usage?
How can one get one’s mind around the concept of that volume of information, metadata or otherwise, all being relevant to an ongoing investigation?
MR. COLE: Well, Senator, Mr. Litt — and he can chime in — had noted a little bit earlier what — how broad, as you noted yourself, the concept of relevance is in civil discovery and many different kinds of legal contexts. It can be things that will lead you to things that you need (as a concept for relevance ?).
SEN. LEE: Right, and I understand Mr. Litt’s very broad conception of relevance, and — as he recently explained in his comments at the Brookings Institution. But I assure you, as a recovering lawyer myself, there is no context in civil discovery or otherwise in which one may define relevance broadly enough to take in information regarding each and every single American who owns a telephone.
MR. COLE (?): The answer I would give you to that, Senator, is that we are not really accessing or getting into all of that metadata that is stored in that database. We don’t actually get to roam around in it. We don’t get to look at it to our heart’s content and then say, well, this is relevant, and that’s relevant, so let’s take that.
You have to look at it in the context of the primary order which was declassified and issued today that says the only way you can access it is if you have reasonable, articulable suspicion that the number you are going to query off of is, in fact, related to specific terrorist groups. And that has to be documented. And if you don’t have that, you can’t get into this. So the surveillance concept, I think, is very important here. You cannot surveil this without that gate being checked through.
SEN. LEE: And that gate — that gate is not controlled by a warrant. I mean, if you want — if you want to access that, you don’t — you don’t have to go to court to get a warrant to access that. Those are controlled by internal procedures, correct?
MR. COLE: That’s correct, but they are controlled by the court order, and they are controlled by compliance audits that are done both by the executive branch, and the court looks at how it’s implemented on a periodic basis.
SEN. LEE: OK. Mr. Litt, did you have something to add to this?
MR. LITT: Yes, very briefly. I just want to make clear that the — that the standard of relevance that I articulated in the speech is not mine alone. This is one that’s been approved by the judges of the FISA court and has been — was known to members of this committee and the intelligence committee at the time that the Section 215 authority was renewed.
SEN. LEE: No, I understand that — I understand that. And that’s part of the problem that we’ve had, is that until recently, most people didn’t have any idea about those, and we had significant constraints that limited our ability to explain why some of us had concerns with the PATRIOT Act, why some of us on both sides of the aisle voted against reauthorizing the PATRIOT Act. We were unable to speak about this publicly, because we have secret procedures being undertaken pursuant to secret law, and it has been a bit of a problem.
Now, what would you say then, to — getting back to you, Mr. Cole — to my constituents — I understand what you’re saying, that we’re collecting all of it, but we’re not looking at. We’re collecting it, but we’re closing our eyes, so don’t worry about it.
What would you say to my constituents who say, I don’t want the government having that information? It’s not the government’s information. It still doesn’t make it relevant under the law. It still doesn’t — it still doesn’t meet what many of my constituents believe to be well within their reasonable expectation of privacy for the government to collect that much information, potentially information about 300 million Americans.
MR. COLE: Well, I would say two things. First of all, we have had 34 separate times a court say, that does meet the standard of relevance, to have it all and then have the restrictions.
But the further thing I would say, which I think is very important, is what we’re doing here today, which is, it’s worth having a debate about is there a better way to do it. It’s worth having a debate about where we’re going to strike that balance between security for the nation and making sure that people’s privacy and civil liberty rights are being honored. And that’s a tough balance to find, but it’s a balance worth talking about, and it’s the process that we are welcoming and engaging in right now.
SEN. LEE: OK. Thank you. I see my time’s expired. I just want to (comment ?) I appreciate your insight on this. I do think it is worth discussing publicly, and I think it’s also some thing that we need to consider from a constitutional standpoint.
We have been relying on 34-year-old Supreme Court case, Smith v. Maryland, to get at this idea that metadata is somehow beyond the reach of the Fourth Amendment. But we have to remember that Smith did not involve collection on hundreds of millions of Americans. It involved collection on a single target. It involved collection in a manner that is completely archaic by today’s standards and that by today’s standards would involve a minuscule amount of information.
I think at some point when you collect that much data on that many people, whether it’s that much data on one person, that might create some problem. That much data on hundreds of millions of people creates an even bigger problem and one that I think was not considered by the Supreme Court of the United States in Maryland v. Smith, one that we need to revisit.
SEN. LEAHY: Thank you.
SEN. LEE: Thank you, Chairman.
SEN. LEAHY: Thank you, Senator Lee.
Senator Whitehouse, you’ve — again showing your expertise here, you’ve served both on this committee and you’ve served on the Intelligence Committee. Appreciate you being here.
SENATOR SHELDON WHITEHOUSE (D-RI): Thank you, Chairman.
One of the — Mr. Cole, you just said it’s worth having a debate on these issues, and I think you’re right about that. But I also hope that the executive branch takes a lesson from this experience about the value of classification or what I would consider overclassification. I’ve seen this over and over now. When we were fighting with the Bush administration about the torture program, the executive branch got to tell its side of the story because the executive branch were the declassifiers, and we were stuck with facts that we knew that blew up the argument that was being made by the executive branch, but that we could not articulate because they were classified.
We’ve seen it on cyber, where so much of the American public is unaware of the cyberthreat that we’re facing. Now thankfully, that — we’re becoming more aware, but for a long time we were just in the dark about what was going on because in the private sector companies didn’t want to talk about it for fear of aggravating their regulators, their consumers, their clients, their — even giving their competitors advantage, and the government just wildly overclassified everything.
Now we have, I think, a terrific article that Senator Feinstein wrote. We have, I think, very good testimony by Bob Mueller. We have a lot of good information out there that helps the American public understand these programs, but it all came out late. It all came out in response to a leaker. There was no organized plan for how we rationally declassify this so that the American people can participate in the debate.
I think there’s an executive branch reaction towards classification. I think that reaction is in part because of the advantage it gives the executive branch relative to the legislative branch, which can’t declassify. And I think over and over again we’ve found that looking back, we’re worse for that effort in the first instance.
So I would really urge you to take a look at this. And you know, when this thing burst, there’s this old saying — I’m not going to get it exactly right — but there’s something about the rumor is all the way across town before the truth can even get its boots on. You’ve lived that experience in the last couple of months.
I hope this has an effect on you, because this is a recurring problem. And we really need to be balancing much more carefully the value of classification against the value of classification. I think you guys are terribly one-sided in favor of classification, and then something like this comes and pow, you’re still trying to get your boots on, because you never took the appropriate steps to put news out about this program that would have avoided, I think, a lot of this.
And I’d like to have you have a chance to react to that.
MR. COLE: I think you make very valid points, Senator Whitehouse, that these are all topics that we need to debate. They’re not easy topics because they involve, again, that same balancing, the same balancing that we’re trying to do between national security and civil liberties and what kinds of programs we put into place to gain intelligence information. It is the same kind of debate we need to have about what’s classified and what’s not classified and what secrets we let out.
If it was easy, we’d be having these left and right. I don’t think — at least from what I’ve seen — that the executive branch is doing it to disadvantage the legislative branch, but I think that may be —
SEN. WHITEHOUSE: But it does have that effect.
MR. COLE: — it may have that effect, and I would concede that. I think it’s done because people are cautious and it’s easier to overclassify than to underclassify; it’s safer to overclassify than to underclassify. And now we’re having to get into the hard work of finding just where that line is, and that’s a difficult job to do, but it’s worth doing.
SEN. WHITEHOUSE: Yeah.
MR. LITT: Senator, I’d just like to add something —
SEN. WHITEHOUSE: So when something like this happens or the torture program gets exposed or we have a significant cyber attack, or something happens that shows that that short-term decision, that it was easier to classify, was actually the wrong decision.
MR. LITT: I just want to add on this, and I know you are — you’re familiar with what I’m about to say, but we are having a public debate now, but that public debate is not without cost. The information that has been leaked is going to do damage to our ability to protect the nation. We are going to lose capabilities; people are paying attention to this.
The way that typically the Congress, both through the legislation it passes and through its own internal rules, has historically sought to achieve the balance between appropriate oversight of intelligence activities and the need to protect sources and methods is through the — primarily the intelligence committees, but also some other committees of Congress — this committee, the armed services committee, the appropriations committees.
And typically, that’s the forum in — that has — that has been used to strike this balance. It may be that —
SEN. WHITEHOUSE: I got that and my time has expired, so let me just jump in and say we all get that. My point is that the American public is an important part of this debate, and we would probably be better off if there was not such a strong instinct in favor of classifying and keeping things classified and we developed information for the American public in a way that minimized that intelligence collection loss and allowed us to have this debate.
SENATOR RICHARD BLUMENTHAL (D-CT): Thank you, Mr. Chairman. I want to join in thanking the chairman for this hearing and for his legislative proposal, which I’ve joined, and to each of you for your extraordinary contribution to our nation, but also to the thousands of others in the intelligence community and special operations who have thwarted and stopped terrorist threats to this country and which all too often, I believe, have been ignored, because the efforts to stop them have been so successful.
And the debate, as Mr. Cole has termed it, is one that’s very appropriate in a free society that’s trying to protect itself from terrorism by using search and surveillance, which have a role. And what we’re grappling to do here is to define how to reconcile the secrecy of search and surveillance, which necessarily have to be so, with privacy and civil liberties and all the other constitutional guarantees that make us unique among the nations in the world and in fact, the greatest nation in the history of the world.
You know, I have been a litigator for close to 40 years. I’ve never doubted that the scores of judges that I’ve litigated before have a commitment to rights of privacy and all the constitutional rights, and I have no doubt about the FISA judges pushing back and having a commitment to the rule of law.
But in appearance, this system is failing, and failing fast, to maintain the trust and credibility of the American people, who want to be protected from terrorist threats but at the same time also protected from the degradation of their constitutional rights.
So I am introducing a bill that would change the appointment and selection procedure so that the appearance and the reality of diversity of view and aggressive protection of constitutional rights is maintained and enhanced. And I’ll be introducing that bill tomorrow that would involve the circuit court judges on our courts of appeals, chief judges, in the appointment process, with the continued involvement of the chief justice, and change also the FISA Court of Review’s selection process.
I’ve found, in my years, that one of a judge’s worst nightmares is incompetent counsel. And the reason is, especially in a criminal trial, that incompetent counsel or lack of counsel for the defendant means that the record on appeal is weaker, that the test and clash of litigation is diminished in quality. And that’s the basic principle that I think should be involved in some way in the FISA Court as well.
And so a second bill that I’m proposing is for a special advocate to be involved, not necessarily in the ex parte proceedings on every single warrant or surveillance or search, but at some point, where there are significant issues of law, so that different sides are presented, challenges are made, and the judge or panel has the benefit of that contention that is at the core of our court process. Our courts not only insist on but — (audio break) — of different points of view, whether it is debate on a legal issue or cross-examination; that’s at the essence of our litigation process.
So I think in appearance, if not reality, the current design of the FISA Court stacks the deck against the protection of our civil liberties and can be improved and enhanced without sacrificing either speed or security, because those special advocates can be cleared beforehand for security purposes. They can be involved after the fact if necessary, on appeal, in effect, to the FISA Court of Review or to the United States Supreme Court.
And I hope — and this is to lead to the question — I hope, Mr. Cole and Mr. Litt, that you will join in this process of trying to improve the current FISA Court structure. And I’d like to know whether there is active consideration of changes in the selection procedure and the involvement of potentially a special advocate or independent counsel of some kind in this — in this process.
MR. COLE: Mr. Senator, I think at this point there is active consideration of a range of issues just to get at the kinds of things you’re talking about, to make sure that the process works as well as it can to balance both of those important issues of national security and civil liberties and privacy and to make sure that it’s transparent enough so that we maintain credibility with the American people about this program. Those are difficult issues, as we’ve discussed today for several hours, to find the right place. But yes, it is with — it is definitely something under consideration and active discussion in the administration.
SEN. BLUMENTHAL: Thank you, Mr. Chairman.
SEN. LEAHY: Mr. Cole, I have a question. I — as I understand it, the government believes that every single domestic phone record is relevant to a terrorism investigation and can be obtained using Section 215 of the Patriot Act. I understand the FISA Court agrees with that interpretation, but you then place restrictions on how it can be used once you’ve collected it. But I don’t understand what limits there might be on this theory.
Couldn’t you invoke under this — couldn’t you invoke Section 215 to obtain virtually all available commercial data? If Americans phone records are relevant, how about our credit card records, what sites we go on on the Internet, what we may bookmark, our medical records if we have it on the computer, our firearms records — if we keep a list of what firearms we own? Are all those things available?
MR. COLE: Well, I think there’s two important points here, Mr. Chairman. Number one is that the only way the court finds these relevant is in the context of the restrictions and in the context of what it is you’re looking for. So you have to take all of those features of this phone record process into account of how can it be done, how reasonably can it be done, what is the need for speed, what is the need to integrate all the different records that are coming together, and finds only when you look at that entire mix that this kind of program, and with these restrictions.
SEN. LEAHY: And —
MR. COLE: But to your question, you would have to make that same showing for those other kinds of records as to the need for that breadth and the need for those restrictions.
SEN. LEAHY: But if our — but if our — if our phone records are relevant, why wouldn’t our credit card records? Wouldn’t you like to know if somebody’s buying what is the fertilizer used in bombs?
MR. COLE: I may not need to collect everybody’s credit card records in order to do that because, again, these are — we’re not collecting all their phone records to that we can wander through them. And it’s only — the phone records are being done to look at the connections. If somebody’s buying things that could be used to make bombs, of course we would like to know that. But we may not need to do it in this fashion.
SEN. LEAHY: Director Clapper said NSA would notify Congress before obtaining cell phone location information under this program. But is there any legal impediment to expanding the program for cell phone location?
MR. COLE: I don’t believe there would be a legal impediment. And yesterday the 5th Circuit issued a ruling that goes to that issue. But it’s — the legal impediments are not the only issues that you take into account here.
SEN. LEAHY: I understand. Well, I’m — I want to put several items in the hearing record — a written testimony Mark Zwingmar (sp) who represented Yahoo in its challenge to — (inaudible) — received under the Protect America Act. He’s one of the few nongovernment employers to appear before the FISA court. So that’s important insight.
A letter from Judge Reggie Walton, presiding judge of the Foreign Intelligence Surveillance Court responding to questions from Senator Grassley and myself. A letter from a coalition of communications companies advocacy groups regarding transparency. A letter from a coalition of privacy and civil liberties groups. Recommending — (inaudible) — from the Constitution Project supporting S. 215, the FISA Accountability and Privacy Protection Act.
I propose all be placed in the record if there are no further questions from this panel. And if there aren’t, I would thank all four of you. I know you spent a lot of time preparing for this. I thank you all for being here. I know you have a lot of other things you should be doing and can be doing. But thank you for taking this time. And we’ll start on the next panel. If we get interrupted by a vote, we will then stop until 12:30, when Senator Blumenthal has offered to come back and preside.
But we call up Judge Carr — James Carr, U.S. District Court for the northern district of Ohio, Jameel Jaffer, the deputy legal director of the American Civil Liberties Union and Stewart Baker, partner, Steptoe and Johnson.
I thank you all very much.