Testimony of Daniel P. Collins
before the Senate Select Committee on Intelligence
May 24, 2005
Chairman Roberts, Vice-Chairman Rockefeller, and Members of the Committee, I am grateful for the opportunity to testify before you today. Three and one-half years ago, the USA PATRIOT Act was signed into law by President Bush with overwhelming support in both Houses of Congress. See Pub. L. No. 107-56, 115 Stat. 272 (Oct. 26, 2001). That strong bipartisan consensus reflected the gravity and importance of the chief objective of that legislation, which was set forth right in the title: “providing appropriate tools required to intercept and obstruct terrorism.” As the horrific events of September 11 demonstrated, there are few priorities more pressing than detecting and preventing terrorist attacks. It is critical that the men and women whose job it is to protect us have the tools they need to get that job done, and to get it done in a manner that both enhances security and respects liberty.
the Committee is well aware, several provisions of Title II of the PATRIOT Act
are scheduled to expire on December 31, 2005, absent action by Congress.
perspective on these matters is informed by my service over the years in
various capacities in the Justice Department.
Most recently, I served from June 2001 until September 2003 as an
Associate Deputy Attorney General (“ADAG”) in the office of Deputy Attorney
General Larry Thompson. During the same
period, I also served as the Department’s Chief Privacy Officer, and in that
capacity, I had the responsibility for coordinating the Department’s policies
on privacy issues. I also served, from
1992 to 1996, as an Assistant United States Attorney in the Criminal Division
of the U.S. Attorney’s Office for the Central District of California in
Before turning to the nine relevant PATRIOT Act provisions that are up for “sunset” review by this Committee, I think it is useful to outline some of the basic principles that should guide an analysis of these provisions. The overarching question whether a particular surveillance authority is an “appropriate tool” ultimately turns on whether that tool assists in detecting and preventing terrorism, and whether it does so in a manner that preserves and enhances privacy. In making that judgment, it is important not to fall into the fallacy of “zero-sum” thinking, whereby every expansion of government surveillance authority is somehow deemed inherently to represent a loss of privacy. This sort of thinking does not make much sense either from a national security perspective or from a civil liberties perspective. The question instead is whether the conditions placed on the availability and use of a particular tool are sufficient to permit it to be deployed effectively when warranted, but only in a manner that is respectful of privacy and basic civil liberties.
Beyond that very general statement, there is, I think, general agreement on a number of more specific principles that help to inform any judgment about the propriety and adequacy of the conditions place upon the use of a particular tool:
• Unwavering fidelity to the Constitution. Privacy is a cherished American right. Among the various ways in which the Constitution protects that right, the Fourth Amendment specifically reaffirms the right of the people to be free from unreasonable searches of their “houses, papers, and effects.” Our laws must scrupulously respect the limits established by the Constitution. As many have said, we have to think outside the box, but not outside the Constitution. But while the Constitution sets the minimum, our laws have long properly reflected the judgment that, from a policy perspective, there should be additional statutory protections for privacy. I do not question that judgment.
• Not all privacy interests are the same. Not all privacy interests are of the same magnitude, and it makes no policy sense to act as if they were. For example, some categories of information are more important and more sensitive than others. The fact that the supermarket club could maintain a computerized stockpile of information about my personal buying habits may raise a privacy concern, but it is not on the same level as someone eavesdropping on my phone conversations or reading my medical records. The nature and severity of the privacy intrusion at issue are certainly important factors to consider.
• Privacy is not always the most important value. It is essential to keep in mind that, while privacy is an important right, it is by no means the only important value. Human society, by its very nature, involves some loss of personal privacy. Competing concerns raised by new technology may also justify particular intrusions on privacy: no one can deny that airport inspections are essential to public safety, regardless of the cost to privacy.
• If it’s good enough for fighting the mob, it’s good enough for fighting terrorism. Any tool that is already available to fight any other type of crime — be it racketeering, drug trafficking, child pornography, or health care fraud — should be available for fighting terrorism, and should have an appropriate analog in the foreign intelligence context. If the judgment has already been made that the tool is appropriate for fighting these other crimes, and that any privacy interests at stake must yield to that effort, then surely the tool should also be available to fight terrorism.
• The importance of technological neutrality. In applying privacy principles to new and emerging technologies, an important benchmark is the concept of “technological neutrality.” The idea is that, just because a transaction is conducted using a new technology, there should not have to be a loss of privacy when compared to similar transactions using older technologies. To use an example, the privacy protection for ordinary email should be roughly equivalent to that of an ordinary postal letter. Conversely, the emergence of new technologies should not provide foreign agents with new ways to thwart legitimate and legally authorized foreign intelligence activities. The notion of technological neutrality takes into account both sides of the coin.
With these basic principles in mind, let me explain why I think each of the nine pertinent sections of the PATRIOT Act that would be made permanent by Section 101 of the proposed legislation are ones that properly enhance the abilities of intelligence officials in a manner that respects and preserves our freedoms.
(1)-(2) Sections 203(b) and 203(d)
These provisions, which authorize certain forms of information sharing between law enforcement officers and intelligence officials, are among the most important in the PATRIOT Act.
Specifically, section 203(b) authorizes the sharing of Title III wiretap information with intelligence and national security officials, subject to several conditions: (1) the information must have been obtained “by any means authorized by this chapter,” i.e., in accordance with the strict requirements of Title III; (2) the information to be shared must “include foreign intelligence or counterintelligence” or “foreign intelligence information” as those terms are specifically defined by the relevant statutes; (3) the information may only be used by such official “as necessary in the conduct of that person’s official duties”; (4) any such official must also comply with “any limitations on the unauthorized disclosure of such information”; and (5) to the extent the information “identifies a United States person,” the disclosure must comply with statutorily mandated guidelines issued by the Attorney General. See Pub. L. No. 107-56, § 203(b), (c), 115 Stat. at 280-81.
Section 203(d) more generally authorizes sharing of information “obtained as part of a criminal investigation,” subject to the following restrictions: (1) the information to be shared must comprise “ foreign intelligence or counterintelligence” or “foreign intelligence information” as those terms are specifically defined by the relevant statutes; (2) the information may only be used by such official “as necessary in the conduct of that person’s official duties”; and (3) any such official must also comply with “any limitations on the unauthorized disclosure of such information.” See Pub. L. No. 107-56, § 203(d), 115 Stat. at 281.
As the 9/11 Commission and others have noted, the need for appropriate sharing of information between law enforcement and intelligence officials is absolutely critical to detecting and preventing terrorism. Moreover, the safeguards imposed by section 203(b) and section 203(d) seem properly tailored to ensure that law enforcement officials will only share information that qualifies as “ foreign intelligence or counterintelligence” or “foreign intelligence information” and will do so only subject to appropriate restrictions. It must be emphasized that these modest provisions do not, as some critics have wrongly claimed, put the CIA in the business of “spying on Americans.” By definition, all information subject to sharing under sections 203(b) and 203(d) has been obtained by the lawful investigative activities of law enforcement officials either under Title III or “as part of a criminal investigation.”
(3) Section 204
Section 204 is a largely technical amendment that clarifies the relationship between the authorities under the criminal statute governing “pen registers” and “trap-and-trace” devices and the authorities under otherwise applicable federal law concerning certain foreign intelligence activities. Pub. L. No. 107-56, § 204, 115 Stat. at 281. I am not aware of an substantial reason why this provision should not be made permanent.
(4) Section 206
Section 206 of the PATRIOT Act addresses the subject of so-called “roving wiretaps” under the Foreign Intelligence Surveillance Act of 1978 (“FISA”). In my view, section 206 strikes an appropriate balance on this subject and should be preserved.
Under the current version of Section 105(c)(1)(B) of FISA, a FISA order authorizing electronic surveillance only needs to specify the nature and location of each such facility or place “if known.” 50 U.S.C. § 1805(c)(1)(B). Notably, the addition of the phrase “if known” was not made by the PATRIOT Act, but rather by the Intelligence Authorization Act for Fiscal Year 2002, Pub. L. No. 107-108, § 314(a)(2)(A), 115 Stat. 1394, 1402 (2001); that amendment is therefore not subject to the PATRIOT Act’s sunset provision. Although current law thus dispenses with a specification requirement when the exact nature and location of the facilities or places are not known in advance, the existing version of Section 105(a)(3)(B) continues unambiguously to state that an authorizing order may only be issued if, inter alia, “there is probable cause to believe that ... each of the facilities or places at which the electronic surveillance is directed is being used, or is about to be used, by a foreign power or an agent of a foreign power.” 50 U.S.C. § 1805(a)(3)(B). Reading these provisions together, it would seem clear that, even when it cannot be specified in advance what are the particular facilities and places that will be surveilled, the Government must nonetheless provide a sufficient description of the categories of facilities and places that will be surveilled (presumably by describing their connection to the target) so as to permit the court to make the finding that remains required by Section 105(a)(3)(B).
The pertinent change made by Section
206 of the PATRIOT Act was merely to eliminate the requirement that the
authorizing order in all cases specify in advance those third parties (e.g., wire carriers) who were directed
to supply assistance in carrying out the order.
See Pub. L. No. 107-56, § 206, 115 Stat. at 282 (amending 50
U.S.C. § 1805(c)(2)(B)). Instead,
the PATRIOT Act states that, if the court finds that “the actions of the target
of the application may have the effect of thwarting the identification of a
specified person,” the order may require the cooperation of other such persons
who have not been specified.
Some have called for making the roving wiretap provisions of FISA more analogous to those for ordinary criminal roving wiretaps in Title III. Under 18 U.S.C. § 2518(11), the requirement in § 2518(1)(b)(ii) to provide a “particular description of the nature and location of the facilities from which or the place where the communication is to be intercepted” does not apply if, inter alia, the application “identifies the person believed to be committing the offense.” Setting aside the issue about what the “identification” requirement thus imposed by Title III requires here, the apparent intent of these critics of Section 206 is that FISA should mimic § 2518(11) by imposing an identification requirement in any case in which the requirement to specify particular places has been waived. The analogy, however, is flawed, because of a crucial difference between § 2518(11) and Section 105 of FISA.
In addition to waiving the specification-of-places requirement in § 2518(1)(b)(ii), the roving wiretap provision of Title III also waives the requirement in § 2518(3)(d) that the court must first find probable cause to believe that “the facilities from which, or the place where, the wire, oral, or electronic communications are to be intercepted are being used, or are about to be used, in connection with the commission of such offense, or are leased to, listed in the name of, or common used by [the target].” See 18 U.S.C. § 2518(11) (stating that the “requirements of subsections (1)(b)(ii) and 3(d) of this section relating to the specification of the facilities from which, or the place where, the communication is to be intercepted do not apply” to roving wiretaps authorized under Title III). As I explained above, FISA’s analog to § 2518(3)(d) of Title III is contained in Section 105(a)(3)(B) of FISA, which states that an authorizing order may only be issued if, inter alia, “there is probable cause to believe that ... each of the facilities or places at which the electronic surveillance is directed is being used, or is about to be used, by a foreign power or an agent of a foreign power.” 50 U.S.C. § 1805(a)(3)(B). It is important to note that nothing in the roving wiretap provisions of FISA waives this requirement. The apparent effect of that difference is that unlike Title III, a FISA roving wiretap application must still provide, as I explained earlier, a sufficient description of the categories of facilities and places that will be surveilled (presumably by describing their connection to the target) so as to permit the court to make the additional probable cause finding that remains required by Section 105(a)(3)(B). This additional safeguard strikes a different balance from Title III, but an appropriate one, and it makes any analogy to Title III inapt. That is, in light of FISA’s preservation of this requirement, the need for a requirement to “identify” the target is doubtful. Indeed, because it overlooks this crucial additional requirement that only FISA imposes, the clear effect of incorporating Title III’s restrictions would be to make FISA roving wiretaps harder to obtain that Title III wiretaps.
(5) Section 207
extends the time periods for which the
(6) Section 214
Section 214 is one of several provisions of the PATRIOT Act that properly endeavor to ensure that there will be appropriate analogs, in foreign intelligence investigations, for the various tools that are available to assist law enforcement in criminal investigations. In particular, Section 214 addresses the use of “pen registers” and “trap and trace devices,” i.e., instruments for collecting information about the address or routing of a communication (e.g., the telephone numbers of outgoing calls dialed on a telephone and the telephone numbers of incoming calls), but not the content of the communication.
The Supreme Court held long ago that
that the proper use of a pen register does not implicate the Fourth Amendment,
because there is no reasonable expectation of privacy in the numbers dialed on
a telephone — numbers that, by definition, the dialer has voluntarily turned
over to a third party (i.e., the
telephone company). Smith v.
Under Section 214, the ability to use
pen registers and trap and trace devices under FISA is thus rendered more
analogous in scope to its criminal counterpart.
With respect to information concerning a
(7) Section 215
Section 215 of the PATRIOT Act is another provision designed to ensure that a tool available to assist law enforcement in ordinary criminal investigations will have an appropriate counterpart in foreign intelligence investigations. For a very long time, grand juries have had very broad authority to obtain, by subpoena, records and other tangible items that may be needed during the course of a criminal investigation. Section 215 provides a narrow analog to such subpoenas in the context of certain intelligence investigations under FISA. Indeed, in many respects, Section 215 contains more protections than the rules governing grand jury subpoenas:
— A court order is required. 50 U.S.C. § 1861(c).
— The court is not merely a
rubber-stamp, because the statute explicitly recognizes the court’s authority
to “modif[y]” the requested order.
— The section has a narrow scope, and can
be used in an investigation of a
— The section provides explicit protection
for First Amendment rights.
The draft bill would make the important clarification that the records may only be obtained if they are “relevant” to an investigation to protect against international terrorism or clandestine intelligence activities. See Section 211(a)(1)(A), (2). As I understand it, this amendment would not alter the current understanding of the provision, but would merely eliminate any doubt about whether the relevance standard is applicable here.
Some have called for a standard that is higher than “relevance” to an investigation, and have instead suggested that a Section 215 order should be granted only upon a showing of specific and articulable facts giving reason to believe that the person to whom the records pertain is a foreign power or an agent of a foreign power. This is much too narrow a standard. Suppose that FBI agents suspected that an as-yet-unidentified individual foreign agent may have consulted certain specific technical titles on bomb-making or on nuclear power facilities, and they are informed that 5 persons have checked out those specific titles from public libraries in the relevant area and time period. Because it cannot be said that there are “specific and articulable facts” to suspect all 5 persons who checked out the books as all being foreign agents (the most that can be said is that one of them may be), application of such a high standard would seemingly require more evidence before any of the records could be obtained. Even if one were to agree that the general business records authority in Section 215 might benefit from greater reticulation in the contexts of particular types of records, this particular requirement seems too strict. Given the various safeguards already in place in Section 215, which adequately take account of the difference between investigations under FISA and ordinary criminal investigations, there is insufficient justification for a standard that is so much more demanding than the ordinary “relevance” standard that has long governed grand jury subpoenas in criminal investigations (some of which, like the Versace murder and Zodiac gunman investigations, did consult library records).
some of its critics seem to imply, the narrowly drafted business records
provision in Section 215 has no special focus on authorizing the obtaining of
“library records.” On the contrary,
because the provision specifically forbids the use of its authority to
Section 211(b) of the draft bill would make appropriate and necessary clarifying changes to section 215 by specifying that the prohibition on nondisclosure of Section 215 orders is not intended to preclude the recipient of such an order from consulting with counsel or from requesting permission from the FBI to make other appropriate consultations (e.g., perhaps consulting an accountant with respect to an order requesting financial records).
Section 211(c) properly establishes additional procedural protections by requiring the Attorney General to adopt “minimization procedures governing the retention and dissemination” of any items obtained under a Section 215 order.
The Attorney General, in his testimony before this Committee on April 27, 2005, indicated that the Department of Justice agreed that a recipient of a Section 215 order could bring a challenge to such an order in court. Section 215 is silent as to where and how such a review might be carried out, as is the draft bill. I would recommend that specific provisions establishing the proper venue and procedures for such challenges be set forth in legislation.
(8) Section 218
Despite being only one sentence long, Section 218 is one of the most important provisions in the PATRIOT Act. Prior to Section 218, an application for electronic surveillance under FISA had to contain a certification that “the purpose” of the surveillance “is to obtain foreign intelligence information.” 50 U.S.C. § 1804(a)(7)(B) (2000 ed.). Section 218 changed the phrase “the purpose” to “a significance purpose,” thus clarifying that the presence of other purposes (such as a possible criminal prosecution) did not preclude a FISA application. In doing so, Section 218 disapproved the “primary purpose” test that had been engrafted onto the pre-PATRIOT Act language. In re Sealed Case, 310 F.3d 717 (For. Intel. Surv. Ct. of Rev. 2002). This amendment, as many have noted, was important in tearing down the “wall” between intelligence personnel and law enforcement personnel. It should not be permitted to lapse. Moreover, allowing Section 218 to expire could potentially put the law in a state of confusion, because the Foreign Intelligence Surveillance Court of Review has cast doubt on whether the “primary purpose” test was a correct reading of the pre-PATRIOT Act statutory language. In re Sealed Case, supra. As a result, there is considerable room for argument over what exactly would be the effect of allowing this provision to lapse. The Congress should ensure clarity in this important area of the law by making Section 218 permanent. Section 101 of the draft legislation does that, and Section 203 also includes a further, appropriate amendment confirming the correctness of the Court of Review’s conclusion that FISA Section 101(e)(1)’s reference to “protect[ing]” against international terrorism, etc., includes protecting by means of a criminal prosecution that disables the foreign agents involved.
(9) Section 225
This section extends to the FISA statute the same immunity from civil liability that exists under Title III for wire or electronic communications service providers who assist in carrying out a court order or an emergency request for assistance under FISA. Pub. L. No. 107-56, § 225, 115 Stat. at 295-96. There is no good reason the immunity of a service provider for carrying out court orders for surveillance should depend upon whether the order was issued under Title III or under FISA. This provision should be made permanent.
Additional provisions of the draft legislation
The draft bill also contains detailed provisions providing for the use of “administrative subpoenas” in certain intelligence investigations, and codifying (with changes) the use of so-called “mail covers” in such investigations. See Sections 213 and 212. The authorization of administrative subpoenas by Section 213 would appear to be an appropriate invocation of the principle that, if a tool is available to fight other crimes, it should be available to fight terrorism. Under 18 U.S.C. § 3486(a), administrative subpoenas are currently authorized in the investigation of, inter alia, a “Federal health care offense” and “a Federal offense involving the sexual exploitation or abuse of children.” As I said before, if the judgment has already been made that this tool is appropriate for fighting these other crimes, and that any privacy interests at stake must yield to that effort, then surely the tool should also be available to fight terrorism, and should have an analog in the foreign intelligence context. The appropriate questions should, in my view, instead focus on the technical issues concerning how such authority would be granted in the FISA context. Thus, for example, to the extent that the procedures specified in Section 213 differs from those in 18 U.S.C. § 3486, are those differences warranted by differential factors unique to the FISA context? Moreover, what should be the relation between the scope of the administrative subpoena authority in Section 213 of the draft bill and the business records provision in Section 215 of the PATRIOT Act? These are questions that I think warrant careful study and consideration. But I find it very hard to say that administrative subpoena authority is just fine when it comes to health care fraud, but is somehow a grave threat to liberty when it comes to fighting terrorism.
The “mail cover” provisions in Section 212 relate solely to information on the exterior of mail that is not subject to any reasonable expectation of privacy, such as addressing information. The provision appears to be fairly narrowly drafted in terms of the scope of the authority it confers, the high-level approval it requires, and the requirement for “minimization” with respect to retention and dissemination of records obtained by a mail cover under this section. Notably, the provision only applies to requests made to the “United States Postal Service.” The apparent intent of the provision is to ensure appropriate cooperation from the Postal Service, while leaving the judgment whether to request the mail cover with the FBI. That formal allocation of authority seems sensible (since only the FBI will be privy to the full context of the intelligence investigation that leads to the request). The Committee should evaluate whether it is needed as a practical matter in light of the history on this issue between the FBI and the Postal Service.
I would also like to make a brief comment about Section 202 of the draft bill. This section would amend FISA’s definition of “content” so that it more closely conforms with the definition of “content” under the Title III wiretap statute, 18 U.S.C. § 2510(8). This appears to be a sensible change. By defining “any information concerning the identity of the parties to [a] communication” as “contents,” FISA’s current definition could be misconstrued as casting doubt on whether mere addressing information, not derived from the substance of the communication, is “contents.” As the pen register statutes reflect, mere addressing information is not ordinarily considered to be “contents,” and there is no harm in eliminating a perceived potential ambiguity in FISA on this score.
* * *
I would be pleased to answer any questions the Committee might have on this subject.