S. Hrg. 110-385
NATIONAL SECURITY LETTERS: THE NEED FOR GREATER ACCOUNTABILITY AND
OVERSIGHT
=======================================================================
HEARING
before the
COMMITTEE ON THE JUDICIARY
UNITED STATES SENATE
ONE HUNDRED TENTH CONGRESS
SECOND SESSION
__________
WEDNESDAY, APRIL 23, 2008
__________
Serial No. J-110-86
__________
Printed for the use of the Committee on the Judiciary
U.S. GOVERNMENT PRINTING OFFICE
WASHINGTON : 2008
42-457 PDF
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512-1800
Fax: (202) 512-2104 Mail: Stop IDCC, Washington, DC 20402-0001
COMMITTEE ON THE JUDICIARY
PATRICK J. LEAHY, Vermont, Chairman
EDWARD M. KENNEDY, Massachusetts ARLEN SPECTER, Pennsylvania
JOSEPH R. BIDEN, Jr., Delaware ORRIN G. HATCH, Utah
HERB KOHL, Wisconsin CHARLES E. GRASSLEY, Iowa
DIANNE FEINSTEIN, California JON KYL, Arizona
RUSSELL D. FEINGOLD, Wisconsin JEFF SESSIONS, Alabama
CHARLES E. SCHUMER, New York LINDSEY O. GRAHAM, South Carolina
RICHARD J. DURBIN, Illinois JOHN CORNYN, Texas
BENJAMIN L. CARDIN, Maryland SAM BROWNBACK, Kansas
SHELDON WHITEHOUSE, Rhode Island TOM COBURN, Oklahoma
Bruce A. Cohen, Chief Counsel and Staff Director
Stephanie A. Middleton, Republican Staff Director
Nicholas A. Rossi, Republican Chief Counsel
C O N T E N T S
----------
STATEMENTS OF COMMITTEE MEMBERS
Page
Cardin, Hon. Benjamin L., a U.S. Senator from the State of
Maryland....................................................... 6
Feingold, Hon. Russell D., a U.S. Senator from the State of
Wisconsin...................................................... 5
prepared statement, letter and attachments................... 79
Leahy, Hon. Patrick J., a U.S. Senator from the State of Vermont. 1
prepared statement........................................... 84
Specter, Hon. Arlen, a U.S. Senator from the State of
Pennsylvania................................................... 3
Whitehouse, Hon. Sheldon, a U.S. Senator from the State of Rhode
Island......................................................... 7
WITNESSES
Baker, James A., former Counsel for Intelligence Policy,
Department of Justice, Washington, D.C......................... 8
Nojeim, Gregory T., Director, Project on Freedom, Security &
Technology, Center for Democracy & Technology, Washington, D.C. 11
Woods, Michael J., former Chief, National Security Law Unit,
Office of the General Counsel, Federal Bureau of Investigation,
Washington, D.C................................................ 13
QUESTIONS AND ANSWERS
Responses of Michael J. Woods to questions submitted by Senator
Feingold....................................................... 35
SUBMISSIONS FOR THE RECORD
American Civil Liberties Union, Caroline Fredrickson, Director,
Washington Legislative Office, Washington, D.C., statement and
attachments.................................................... 48
Baker, James A., former Counsel for Intelligence Policy,
Department of Justice, Washington, D.C., statement............. 66
Nojeim, Gregory T., Director, Project on Freedom, Security &
Technology, Center for Democracy & Technology, Washington,
D.C., statement................................................ 86
Organizations supporting the National Security Letters Reform
Act, joint letter.............................................. 100
Woods, Michael J., former Chief, National Security Law Unit,
Office of the General Counsel, Federal Bureau of Investigation,
Washington, D.C., statement.................................... 102
NATIONAL SECURITY LETTERS: THE NEED FOR GREATER ACCOUNTABILITY AND
OVERSIGHT
----------
WEDNESDAY, APRIL 23, 2008
U.S. Senate,
Committee on the Judiciary,
Washington, DC
The Committee met, pursuant to notice, at 10:04 a.m., in
room SD-226, Dirksen Senate Office Building, Hon. Patrick J.
Leahy, Chairman of the Committee, presiding.
Present: Senators Feingold, Cardin, Whitehouse, Specter,
Kyl, and Sessions.
OPENING STATEMENT OF HON. PATRICK J. LEAHY, A U.S. SENATOR FROM
THE STATE OF VERMONT
Chairman Leahy. Good morning.
When Congress last reauthorized and expanded the USA
PATRIOT Act in March, 2006, I voted against it, although I
voted for the first one. I stated then that I felt the
administration and the Congress had missed an opportunity to
get it right. But we were able to include some sunshine
provisions, which has given us insight that we will use today
in our examination of national security letters, or NSLs.
I have long been concerned by the scope of the authority
for NSLs and the lack of accountability for their use.
Thankfully, we are able to include requirements for review of
the NSL program by the Inspector General when we reauthorized
the PATRIOT Act. There had not been that kind of a review
before.
Now, for 2 years, the reports by the Inspector General have
revealed extremely troubling and widespread misuse of NSLs. The
authority to issue NSLs allows the Federal Bureau of
Investigation to request sensitive personal information: phone
bills, e-mail transactions, bank records, credit reports,
things that could basically stop a business while they try to
put this all together, and do this without a judge, without a
grand jury, without even having a prosecutor evaluate those
requests.
In the reports, the Inspector General has found some very,
very disturbing misuse of this authority. The Inspector
General's report found widespread violations, including failure
to comply with even the minimal authorization requirements, and
more disturbingly, that the FBI requested and received
information to which it was not entitled under the law. The
reports found some rampant confusion about the authorities, and
virtually no checks to ensure compliance or correct mistakes.
But what I found very significant, is the Inspector General
found that NSL use has grown to nearly 50,000 a year, and
nearly 60 percent of those NSLs are used to find information
about Americans. It is a major change in the years since 9/11.
I raised these concerns publicly and privately with Director
Mueller of the FBI. In fairness, the FBI has acknowledged some
problems. It has issued new guidelines, new guidance, a new
data system to track issuance of these NSLs.
It has also created an Office of Integrity and Compliance
to ensure that there are processes and procedures in place to
ensure compliance.
I believe that the Director and his staff are sincere in
their efforts, but I am not persuaded that the actions taken
have been enough. So we are following up on an earlier
oversight hearing to ask what changes are needed to the
statutory authority. Among the things that concern me are
whether the law should require higher level review and
approval, perhaps judicial or Department of Justice review,
before NSLs can be issued.
Is a standard for issuance which requires only that it be
relevant to a terrorism investigation too lenient? I mention
this, because we have seen all the statistics, the sudden huge
increase in the number of arrests that were related and said to
be terrorism. Then when we asked the question about, if they
are terrorists, why did they get a fine or 30 days in jail or
60 days in jail? Well, it turned out they were just run-of-the-
mill cases that they reclassified so that the statistics were
good. I want to know if that is the same thing here. Is the
scope of documents available under NSLs too broad?
I'd like to hear how we can ensure that there are adequate
standards for determining when private records on U.S. persons
that have been collected using NSLs, how can they be retained?
Actually, how can they be disseminated and used?
Simply because one of these NSLs is issued with no
guidance, no checks and balances, or anything else and their
name gets picked up, are they going to find some day when their
kids are trying to get into college, are they blocked? If
they're trying to get a job or a promotion, are they suddenly
blocked and they don't know why?
Now, I commend Senator Feingold. He's been a leader on this
issue. I believe his bipartisan bill, the National Security
Letter Reform Act of 2007, is on the right track, particularly
in its recommendation for the need for a real check on
independent oversight of NSLs.
The bill would also narrow the extraordinarily broad scope
of information that NSLs can acquire. They would make the
standard for their issuance more rigorous. I look forward to
hearing our witnesses' view on this important legislation,
getting ideas from them if there are other important steps we
can take.
The problem we see with NSLs is just one part of a much
broader concern. We all know that the changing nature of
national security threats, and particularly the threat from
international terrorism, has required changes in the way the
government collects and uses intelligence, the kind of
information it needs. Nobody disagrees with that.
But we have to remember what a perilous undertaking it is
when the government engages in domestic spying. Americans don't
like it, and for very good reason. We have a long history of
abuses: the Red scare of 1919; McCarthyism; co-intel for
Watergate; the recent Pentagon Talon data base program; the
collected information on Quakers and other anti-war protestors.
Can you imagine the shock that must have been, those
collecting that, to find that Quakers were protesting a war?
Quakers always protest a war. The shock would have been if,
when they did that, spying on these Quakers, if they had them
saying, we're in favor of war. Now, that, that would have been
worth collecting.
So if we're going to adapt our collection and use of
information for Americans as a changing threat, we have to be
sure to do the same for the checks and accountability
mechanisms, we have to protect our liberties as Americans. The
FBI's misuse of NSLs is one example of the need for clearly
defined procedures and careful controls when collecting and
using domestic intelligence, but we have to be just as vigilant
in other areas: data mining, use of satellites to collect
domestic information, biometrics, fusion centers. They are all
tools for national security, but each is fraught with the
potential for privacy invasions and harm to American liberties.
We in the Congress have a responsibility to see how these are
being used.
[The prepared statement of Senator Leahy appears as a
submission for the record.]
So I am looking forward to this. Senator Specter, who I
mentioned is the senior Republican on the Committee, has a long
history of asking these questions of both Republicans and
Democrats, and I am glad you're here.
STATEMENT OF HON. ARLEN SPECTER, A U.S. SENATOR FROM THE STATE
OF PENNSYLVANIA
Senator Specter. Thank you, Mr. Chairman. I wouldn't be
anywhere else, especially since I'm the Ranking Member and I'm
really not needed here because there's such a large showing of
Republican members of this Committee to handle this important
issue.
This is a prized Committee, very keenly sought after by
members of the U.S. Senate. If any were here, I would exhort
them to attend because this is a very important matter,
especially in the context of what has happened with expansion
of executive authority.
Decades from now, I believe historians will look down on
this period since 9/11 to the present time and beyond as an
extraordinary expansion of executive power, necessary, at least
to some extent, as I have stated by my votes and my positions
in supporting the expansion of the PATRIOT Act.
But I am concerned when we are having hearings on national
security letters and we do so in the context of the President
having issued a signing statement which purports to limit the
executive's responsibility to comply with Section 119,
notwithstanding the fact that this was a matter negotiated.
That's my recollection, confirmed by Nick Rossi, who was on my
staff at the time and is now Chief Counsel.
We negotiated the oversight on review of national security
letters, and then the President signs a statement in which he
says that he'll interpret Section 119 in a manner consistent
with the broader Article 2 powers. Well, that's not adequate.
There's been expressed negotiations. This comes in the context
where one of the reported incidents involves a matter where the
FBI sought records under Section 215 under the order for
business records from the FISA court, twice refused. Then the
FBI goes to a national security letter based on the same
information. Well, that sounds wrong to me. If they don't have
a basis for it when it goes to a court, to come back to
something they have unilateral control on, it's not exactly
what Congress intends here. And all of this occurs in a context
with vast, vast expansion.
When you have the President violating the Foreign
Intelligence Surveillance Act, the National Security Act,
requiring reports to the Intelligence Committees, on his
purported authority under Article 2, never tested judicially,
but violations occur on unilateral action. You have the
concerns about the State Secrets Act, and the Attorney General
says there will be a calamitous result, violating the
President's Article 2 powers.
You have an effort to legislate under the Shield Law and
letters from the FBI and the Attorney General and the Director
of National Intelligence and Homeland Security that the world
is going to collapse, notwithstanding the careful calculation
of that statute to preserve national security interests.
The attorney/client privilege, pressed by this
administration far beyond any other administration. Former
Attorney General Edwin Meece and former Attorney General
Richard Thornburg testified in this room that the current
interpretation is inappropriate. Two principles: the government
proves its case, and the constitutional right to counsel, which
necessarily implies confidential privilege. But now there is an
expansion of executive authority. Thank God for the courts,
because it has been more than frustrating to be on this
Committee and to chair it, to be Ranking Member, and not to
have the semblance of effective oversight. We simply can't
chase the executive sufficiently to have effective oversight.
Now there is a move to have retroactive immunity to the
telephone companies. As yet on the record we don't know what
that retroactive immunity is for, but we're asked to grant it
legislatively. I believe that from what I know as to what the
telephone companies have done, they've been good citizens and
they ought to be protected. But the government can step into
their shoes and defend those cases and preserve the open
courts, and also to give the telephone companies their due.
So I would say, Mr. Chairman, we ought to do a lot more,
but I'm not quite sure what to do.
Chairman Leahy. Well, if the Senator would yield, I was
somewhat concerned when I became Chairman. I'd send letters
down to Department of Justice asking questions and not get any
response, and wondered if it was because I was a Democrat and
it was a Republican administration. Then I found out that the
chairman, when he was chairman, found it difficult to get
answers to those letters also.
Senator Specter. Well, I'm still co-signing the letters,
Mr. Chairman.
Chairman Leahy. I know you are, and I appreciate that very
much. I think oversight--I agree with the Senator from
Pennsylvania. Oversight is extremely important because if you
have no check and balance, at a time when our government can be
all-powerful, it is a terrible situation. The Senator from
Pennsylvania, like myself, was a prosecutor. There are a lot of
things we would have loved to have done unilaterally. But
fortunately we couldn't. We had to have oversight by the
courts, we had to have checks and balances. The country's safer
that way.
Senator Specter. I want to associate myself with the
remarks which you made, following the interruption, and
conclude my statement just by associating myself.
Chairman Leahy. I apologize. I thought you had. I thought
you had.
Senator Specter. Oh, no you don't. It's fine. We do it all
the time and it's totally acceptable.
Chairman Leahy. You see? What you all missed was the
opportunity to see Senator Specter and myself at a hearing in
Vermont.
Senator Specter. Where was everybody?
Chairman Leahy. It was very interesting. They're still
talking about it up there, approvingly.
Senator Specter. It was an official Committee hearing.
Where was everybody?
Chairman Leahy. And Senator Specter was praised by
Republicans and Democrats across the political spectrum for his
participation.
Senator Feingold, this is your legislation. If you want to
say something, please feel free.
STATEMENT OF HON. RUSSELL D. FEINGOLD, A U.S. SENATOR FROM THE
STATE OF WISCONSIN
Senator Feingold. Thank you, Mr. Chairman and Ranking
Member Specter. Thank you for holding this important hearing,
and for your commitment to this issue.
I could not agree more that greater oversight and
accountability are needed with respect to national security
letters. The Justice Department's Inspector General documented
serious misuse and abuse of national security letters from 2003
to 2006.
A followup audit conducted by the FBI itself not only
confirmed the Inspector General's findings, it documented even
more violations. These widespread problems are directly
attributable to the PATRIOT Act, which expanded the NSL
statutes to essentially grant the FBI a blank check to obtain
sensitive information about innocent Americans.
Congress gave the FBI very few rules to follow and then
failed to adequately fix these problems when it reauthorized
the PATRIOT Act. I appreciate that Director Mueller and others
in the FBI leadership ranks have taken these problems
seriously, but leaving this to the FBI alone to fix is not the
answer. These Inspector General reports prove that ``trust us''
simply doesn't cut it.
It was a significant mistake for Congress to grant the
government broad powers and just keep its fingers crossed that
they wouldn't be misused. Congress has the responsibility to
put appropriate limits on government powers, limits that allow
agents to actively pursue criminals, terrorists, and spies, but
that also protect the privacy of innocent Americans.
Congress must also ensure that the statute complies with
the Constitution. In that vein, last fall a Federal District
Court struck down one of the new NSL statutes, as modified by
the PATRIOT Act Reauthorization legislation enacted in 2006 on
First Amendment grounds.
This is why I introduced the National Security Letter
Reform Act with a bipartisan group of Senators, including
Senators Sununu, Durbin, Murkowski, Salazar, Hagel, and others.
This bill places new safeguards on the use of national security
letters and related PATRIOT Act authorities to protect against
abuse and ensure the constitutionality of the statute.
Among other things, it restricts the type of records that
can be obtained without a court order to those that are the
least sensitive and private, and it ensures that the FBI can
only use NSLs to obtain information about individuals that have
at least some nexus to a suspected terrorist or spy. I am
pleased that it has received endorsements from all over the
political spectrum, from the Center for American Progress, to
the League of Women Voters, to Grover Norquist of Americans For
Tax Reform.
I would ask, Mr. Chairman, that an April 22 letter in
support of the bill, as well as a ``Dear Colleague'' about the
bill, be included in the record.
Chairman Leahy. Without objection, so ordered.
[The prepared statement of Senator Feingold, with
attachments, appears as a submission for the record.]
Senator Feingold. Thank you, Mr. Chairman.
This legislation is a measured, reasonable response to a
serious problem. Again, thank you very much for holding the
hearing on the bill and on this topic, and I look forward to
the witnesses' testimony.
Chairman Leahy. Thank you.
Senator Cardin, did you wish to--
STATEMENT OF HON. BENJAMIN L. CARDIN, A U.S. SENATOR FROM THE
STATE OF MARYLAND
Senator Cardin. Thank you, Mr. Chairman. Just very briefly,
let me first comment that I will be moving between this
Committee and the Foreign Relations Committee that has a
hearing on Darfur today. I'm saying that for Senator Specter's
benefit, because I'm sure his colleagues are very busy in other
committees that are holding hearings today.
But obviously this is an extremely important hearing, and I
thank you very much for conducting this hearing.
I just want to make a quick observation, if I might. I
think Americans would be very surprised to learn that there are
tens of thousands of national security letters issued every
year--every year--the majority of which are directed toward
Americans, requesting sensitive information such as their
credit information or their telephone records, and it is done
without any court supervision. They also, I think, would be
surprised to learn about the Inspector General's report that
pointed out that a large number of these letters were issued
contrary to the law, in violation of the authority that the
Department had.
So I think it's very important for us to do the appropriate
oversight. I'm sure we're going to hear today, Mr. Chairman,
that as a result of the Inspector General's report, as a result
of the oversight that this Committee has done, that the
circumstances are improved, that procedures are now in place,
that the number of violations of laws have been reduced
dramatically and that the circumstances and the use of national
security letters have improved dramatically.
But what happens when we turn off the spotlight? What
happens when Congress does not hold regular oversight hearings
on the use of national security letter? Will we revert back to
the use of these letters, contrary to law? When one agency can
make a decision without review of the courts, without
oversight, there is the potential for abuse.
So I just want to compliment Senator Feingold for his
legislation. I think it's important that we look at ways in
which we can establish the appropriate check-and-balance in our
system to make sure that the agencies have the tools that they
need to protect our country and to pursue investigations that
are important so they can get the material necessary for
investigations, but at the same time protect the civil
liberties of the people of our Nation. Clearly that was not
done over the last five or 6 years. Clearly that was abused and
did not further justice, and it did hurt the civil liberties of
the people of our country.
So I think that we should not only be holding the oversight
hearing that Senator Specter has talked about the importance
of, but to look at ways in which we can institutionalize a
better check-and-balance system on the use of this
extraordinary power by the Department of Justice.
Mr. Chairman, I look forward to our witnesses. Again, I
apologize if I have to leave to attend another hearing on the
circumstances within the Darfur region of Sudan.
Chairman Leahy. Thank you very much.
Senator Whitehouse, did you have anything you wanted to
add?
STATEMENT OF HON. SHELDON WHITEHOUSE, A U.S. SENATOR FROM THE
STATE OF RHODE ISLAND
Senator Whitehouse. Thank you, Mr. Chairman.
Very briefly, I just wanted to commend Senator Feingold for
his legislation. He has undertaken what those of us who have
the honor of working with him have come to expect as a very
thoughtful and thorough approach to this issue. I think we
should also take a moment, if it has not been done already, to
commend Inspector General Glen Fine. We are here, in large
part, because of the research work that he did.
Our job is to oversee the executive branch and remark and
bring attention to situations where folks have failed in their
duties or failed in their responsibilities, and assure that
those mistakes are cured. It is also, I think, our
responsibility to express appreciation and pride when folks in
the executive branch do their duties particularly well.
I think the Department of Justice Office of Inspector
General did its duties particularly well in this respect, and I
think the record of the hearing should reflect that. I remain a
little bit dismayed that the FBI, as an institution--I had this
discussion with Director Mueller when he was here--did not more
highly value the rather extraordinary powers that they were
given in this legislation and the responsibilities, the
concomitant responsibilities that came with that.
The fact that there wasn't adequate internal oversight,
that there weren't checks and balances going, frankly, right up
to the Director's office, because this is an issue that
directly affects the credibility of one of our proudest law
enforcement agencies with this Congress, and if they're not
minding the store when we give them the kind of scope--I think
mistakenly, but irrespective of that--that they are and it's
cabined with particular congressional restrictions, the level
of disinterest in attending to those congressional limitations
is kind of surprising.
You would have thought that the highest levels of the FBI,
somebody would be saying, you know, this is pretty serious
stuff, they put some pretty serious boundaries around it. We're
going to look like real dopes if we foul this up. You know,
somebody in my office is going to be in charge of making sure
this is done right. The failure of that, I think, is an
interesting and significant failure in this whole process.
So I very much look forward to the testimony of all the
witnesses. I appreciate the Chairman holding this hearing, and
I thank Senator Feingold for, once again, his thoughtful and
thorough approach to an important issue.
Chairman Leahy. Well, thank you very much.
Gentlemen, you've had a chance to hear our views on this.
Don't let that influence you in any way, shape, or manner as
you give your testimony. I mean that, seriously.
The first witness will be James Baker. He has an extensive
background in the area of national security. He served at the
Justice Department for 17 years. He was Counsel for
Intelligence Policy in the Office of Intelligence Policy &
Review from 2001 to 2007. Is that correct? A former Federal
prosecutor, he's worked on a wide variety of national security
matters. He taught national security law at Harvard Law School
in 2007. He's a Fellow at the Institute of Politics at
Harvard's Kennedy School of Government. He currently serves as
the Assistant General Counsel for National Security at Verizon.
He received his bachelor's degree from the University of
Notre Dame and his law degree from the University of Michigan
Law School.
Mr. Baker, please go ahead, sir.
STATEMENT OF JAMES A. BAKER, FORMER COUNSEL FOR INTELLIGENCE
POLICY, DEPARTMENT OF JUSTICE, WASHINGTON, D.C.
Mr. Baker. Thank you, Mr. Chairman, Ranking Member Specter,
and members of the Committee. I appreciate the opportunity to
be here today.
Let me just say at the outset that I am appearing here
today in my individual capacity at the request of the Committee
and anything I say should not be taken as reflecting the views,
necessarily, of my current or former employers.
So, Mr. Chairman, you have my written statement, which I
would ask to be made part of the record.
Chairman Leahy. Without objection, it will be part of the
record.
Mr. Baker. Thank you, sir.
[The prepared statement of Mr. Baker appears as a
submission for the record.]
Mr. Baker. I won't try to recapitulate what I say there,
but my objective today is to try to be of whatever assistance I
can to the Committee to try to put national security letters in
context with what the intelligence community, the FBI, is doing
every day to conduct national security investigations and to
obtain foreign intelligence information. So what I am urging
today is that we think about this in a holistic way and try to
understand the perspective of the people on the ground who have
to use these tools as they go about doing what everybody agrees
we want them to do, which is to protect the country.
And so what I urge is we not focus just on NSLs, but we
think in a larger way about the whole question of what I refer
to as metadata. I'll come back to that. Well, I'll just address
that right now.
Metadata, as I describe in my written statement, what I
mean by that, and what other people have referred to or used
that term to refer to, is really a distinction between content
information and non-content information. Content information is
the words that are spoken on a telephone call, the substance of
an e-mail, what happens in the privacy of our homes, those
kinds of things. That's the content that I refer to.
When I'm talking about metadata I'm talking about non-
content. It's information about those things, maybe the date,
the time, the duration of the telephone call, the ``to'' and
``from'' of an e-mail, indications about where you moved at
different points in time, but it's not your actual substance of
your communications.
So what I think, and what I'm trying to say today is that
Congress, I suggest, should think about the problem or the
issue of the collection of non-content information and how it
wants the government to go about doing that, and what rules
apply, what oversight there should be, and so on.
Metadata, generally speaking, is not protected by the
Fourth Amendment. Content is protected by the Fourth Amendment.
Metadata is protected in some instances by statute, but in many
instances by nothing. There are no statutes with respect to
certain types of metadata. So what I think Congress needs to
think about, is what does it want the government to do? What do
we as Americans want the government to do with respect to the
collection of all types of metadata, from the types of metadata
we're talking about today from national security letters, but
broadly, all different types of metadata? That's the big issue.
That's the big privacy issue, I think, that faces us today.
Let me just say, metadata is a critically important tool
for conducting national security investigations. It's been
referred to as the bread and butter of FBI investigations. But
I don't want to over-sell it, either. It's not a panacea. It
may be the bread and butter, but it's not necessarily the main
course or the dessert. I mean, it's not everything. It provides
you with certain guideposts and ways to think about problems
and who to focus on, but it's an investigative tool, not an
investigation.
My main criticism, I think, of the current statutes that we
have, and I urge the Congress to think about it as it decides
what to do next, is that they are just way too complex. There
are too many tools that are out there for the government to use
with too many different standards, too many different approval
levels, too many different oversight mechanisms with respect to
the collection of metadata.
For example, as I said in my written statement, there are
eight different ways, by my count, at least, to get telephone
toll records. There are eight different ways, with all kinds of
different standards. That's too complex. That is what leads to,
I think, some of the confusion that ensues that you see
reflected in the Inspector General's report, which I also
commend. I think it's an excellent report.
So I think as you consider what to do next, you should
worry about making things too complex. That's what I urge you
to worry about with respect to that. You should also worry
about making sure there's adequate oversight. You should make
sure that there are the right people in the right jobs, working
hard to get it right. That's critically important. I also urge
that there be adequate and statutorily mandated minimization
procedures with respect to all different types of metadata.
Senator Feingold's bill urges that, or would require that with
respect to national security letters, but you need to think
broadly and think about other types of metadata that are
collected from a variety of different sources.
As I suggest in my written statement, one thing to think
about would be a national security subpoena. It would be
simple, it would be broad in scope. It wouldn't be unlimited in
scope. It wouldn't be able to collect certain types of data if
you wanted to restrict that, such as tax records and so on. It
would not be an administrative subpoena, it would be a subpoena
that would require the involvement of the Department of
Justice.
I see my time has expired, Mr. Chairman, so I will stop
there. But what I urge is, do not approve a national security
subpoena unless you also provide for adequate oversight
mechanisms, provide resources for that, and require
minimization.
Thank you, Mr. Chairman.
Chairman Leahy. Thank you. We will go into what you mean by
adequate oversight on that.
The next witness is Gregory Nojeim--did I get that correct?
Mr. Nojeim. Yes.
Chairman Leahy. Thank you. He's a Senior Counsel and
Director of the Project on Freedom, Security & Technology at
the Center for Democracy & Technology in Washington. He's a
recognized expert on Fourth Amendment and surveillance issues
arising in the national security and intelligence areas. Before
joining CDT in May of 2007, he was the Associate Director and
Chief Legislative Counsel for the American Civil Liberties
Union. He received his bachelor's degree from the University of
Rochester and his law degree from the University of Virginia.
Go ahead, sir.
STATEMENT OF GREGORY T. NOJEIM, DIRECTOR, PROJECT ON FREEDOM,
SECURITY & TECHNOLOGY, CENTER FOR DEMOCRACY & TECHNOLOGY,
WASHINGTON, D.C.
Mr. Nojeim. Thank you, Senator Leahy, Senator Specter,
members of the Committee. Thank you for the opportunity to
testify today on behalf of CDT.
The DOJ Inspector General found widespread errors and
violations in the FBI's use of NSLs to obtain bank, credit, and
communication records of U.S. citizens without prior judicial
review. These violations are the natural, predictable outcome
of the PATRIOT Act and other legal and technology changes. They
weakened the rules under which FBI agents make these demands
while dramatically expanding their scope. In response, the FBI
issued detailed guidance on NSLs that contains many useful
elements.
But internal reforms can only fix so much. The only way to
truly address the problems is to legislate traditional checks
and balances under which a judge must approve governmental
access to sensitive information.
So far, NSL legislation has been a one-way street. With
almost every change in the law, more records from more
businesses with more personal information about people
increasingly distant from the target of the investigation have
been made available to more people in government, with more
coercion and less judicial oversight. And, the judicial review
that has been provided for has been largely toothless.
Self-policing doesn't work. Going to a judge makes a
difference in a way that is unachievable by merely internal
reviews or by reviews conducted by attorneys in a different
part of the executive branch.
Senator Specter said, ``Thank God for the courts.'' It's
time to give the courts something meaningful to do in this
context.
We ask that you enact legislation that reflects the
principle that the more sensitive the information sought, the
tighter the standard should be for getting it and the more
exacting and detached the review for the request for
information should be.
When revealing information is sought in an intelligence
investigation, mere relevance without judicial review and
without a tie between the subject of the records and a foreign
power is an inappropriate standard. The weak relevance standard
is often justified by drawing parallels between NSLs and
criminal subpoenas, which are issued without prior judicial
review.
But intelligence investigations are more dangerous to
liberty than criminal investigations. They require stronger
compensating protections.
Intelligence investigations are broader than criminal
investigations. They are not limited by the criminal code. They
can investigate legal activity, including First Amendment
activity.
Intelligence investigations are conducted in much greater
secrecy than criminal cases, even perpetual secrecy. When a
person receives a grand jury subpoena, normally a person can
complain about it. In an intelligence case, when a business
gets an NSL, they're gagged. They're prohibited by law from
complaining about it, and the subject of the NSL never learns
of it.
Finally, in a criminal investigation almost everything the
government does is ultimately exposed to scrutiny. The
prosecutor knows that at the end of the day, his actions will
often come out in public. That is a powerful constraint.
There's no public airing at the end of intelligence
investigations.
In this context, the relevance standard offers insufficient
protection against abuse. There is just no substitute for
tightening the standard and subjecting requests for sensitive
information to judicial review.
After-the-fact minimization, while it's important, doesn't
prevent the initial intrusion. Minimization under FISA, the
model that many urge for NSLs, is actually quite permissive.
Moreover, none of the changes that the FBI has put in place
can get to the core issue. That is to ensure that NSLs are used
only in a focused way when there is a factual basis for
believing that the individual whose data is sought is a
terrorist or a foreign agent, or that information is otherwise
sufficiently important to the activities under investigation.
The NSL Reform Act, in contrast, does get to the core
issue. It creatively honors the principle that sensitive
information deserves more protection. First, it would separate
information that can now be obtained with an NSL into sensitive
and less-sensitive personal information.
Not all metadata is created alike. Some of it is
particularly sensitive. The ``to"/"from'' information about a
person's e-mailing is more sensitive than information that
merely identifies a person.
Yesterday I applied for a loan at a bank. The records that
I gave to the bank might be regarded as metadata under this
proposal. I had to give them my tax return and a lot of other
sensitive information that, frankly, I didn't want to give up,
and frankly shouldn't be available to law enforcement without a
really good reason.
We like the way that the NSL Reform Act separates out these
two types of sensitive information to less sensitive and more
sensitive, and says that when the information is more sensitive
there has to be some judicial authorization, usually -probably
-through Section 215 of the PATRIOT Act before the information
can be given to the government. These are necessary reforms.
They and other measures can ensure that the government has the
tools it needs to prevent terrorism and that those tools are
subjected to appropriate checks and balances.
Thank you very much.
Chairman Leahy. Thank you very much.
[The prepared statement of Mr. Nojeim appears as a
submission for the record.]
Chairman Leahy. Our next witness, Michael Woods, is an
attorney with extensive expertise in national security areas.
He served in a variety of national security-related positions
at the Justice Department, beginning his service in 1993. He
served as Chief of the FBI's National Security Law Unit from
1997 to 2002. In private practice, he has advised Department of
Defense clients in matters of national security policy. He has
published Law Review articles on national security law issues,
including those related to national security letters and the
PATRIOT Act. He graduated from the University of Oxford and
Harvard Law School.
Mr. Woods, glad to have you here.
STATEMENT OF MICHAEL J. WOODS, FORMER CHIEF, NATIONAL SECURITY
LAW UNIT, OFFICE OF THE GENERAL COUNSEL, FEDERAL BUREAU OF
INVESTIGATION, WASHINGTON, D.C.
Mr. Woods. Thank you, Mr. Chairman.
Mr. Chairman and members of the Committee, I am very
pleased to have the opportunity to appear this morning. I
think, really, I have two things to offer the Committee in this
very important work. The first, is my practical experience. As
a former Chief of the FBI's National Security Law Unit, I was
basically in charge of the national security letter production
process during the time I was there. I would add and would
underline that I left the FBI in 2002, and so I am probably not
the person who can comment on what has gone on more recently
than that internally, or about the measures that have taken
place.
But I can certainly give some insight into how these
letters were used investigatively prior to the PATRIOT Act,
into the rationale for the changes that were sought in the
PATRIOT Act, and into some of the investigative concerns that I
think persist to this day.
The second, of course, as the Chairman has noted, I have
written on what I call transactional data, which Mr. Baker is
referring to as metadata. I will use whatever term the
Committee wants. I do not mean to create confusion. I have
summarized this research in my written testimony, and I have
appended a Law Review article that I think might be helpful.
Chairman Leahy. Incidentally, all the written testimony of
all the witnesses will be put in the record in total.
Mr. Woods. Thank you, Mr. Chairman.
Like the other witnesses this morning, and I'm sure
everyone on the Committee, I see in this constantly evolving
digital environment an enormous challenge for our government.
The cloud of transactional information or metadata that each of
us now creates in our daily lives, though it may not contain
the direct content of our private communications, reveals a
steadily more detailed picture of our activities, our personal
habits, our social networks, our finances. This information
largely resides in the custody of third parties, in quantities,
formats, and conditions of which most of us remain unaware.
The constant expansion in the capacity of digital storage
systems and in the power of search engine technology make this
transactional information at once more permanent and more
easily accessible than ever before. This situation poses a real
challenge to counterintelligence and counterterrorism
investigators. On the one hand, it allows a new window into the
hidden activities of our most sophisticated adversaries. On the
other, the compromise of privacy by the acquisition of
transactional data seems much greater now, that the quantity
and detail of that information has increased.
I believe it is critically important that the Committee
leave the FBI with a flexible and effective tool for obtaining
transactional information. That tool should incorporate
safeguards that inspire public confidence, but safeguards that
are proportionate and carefully tailored in response to the
actual harms.
Though I disagree based on my experience with the
suggestion that the legal standard for national security should
be returned to its pre-PATRIOT Act level, I think many parts of
the current legislative proposal represent very promising steps
in the right direction.
I am very happy to elaborate on these views in response to
your questions, and look forward to assisting the Committee in
this important work.
Again, thank you for inviting me.
Chairman Leahy. Thank you very much, Mr. Woods.
[The prepared statement of Mr. Woods appears as a
submission for the record.]
Chairman Leahy. Over the last several years, the FBI issued
virtually no guidance. They had no real checks or oversight on
the expanded use of national security letters. We have had
several Inspector General reviews which came about because
Congress, in its oversight, insist on these reviews. They
pointed out errors in every single aspect of the national
security letters: they're drafted incorrectly; they're issued
without even the minimal administration requirements; their use
was not monitored; the information collected is often not even
recorded or tracked.
So, in other words, these Inspector General reports showed
that the FBI failed in every respect to police its use of NSLs.
It was only after these devastating IG reports came out that
the FBI took steps to control use, and then started issuing
guidance, creating a data bank, and so forth.
But even now the FBI resists any process for outside
review. Even though they had this abysmal record following on
them, they don't want any outside approval. One article likens
this to the stereotypical male driver who has circled the same
block four times, but still stubbornly refuses to ask anyone
for directions. My wife would like that one.
Now, haven't we seen enough from these IG reports? Though
the FBI can't effectively check it's own use of this very
powerful authority, do we have to wait for more years, and
documents, and so on or should Congress require approval of the
NSLs outside of the FBI? Who should be the reviewing authority?
Should we have judicial review? You have differing views.
Mr. Baker, let me begin with you, then go to Mr. Nojeim,
then Mr. Woods.
Mr. Baker. Thank you, Mr. Chairman. Yes. I mean, I
subscribe to the notion that it's appropriate to have review of
metadata collection tools, whatever legal tool Congress ends up
approving outside of the FBI. I think it's appropriate. I think
it works well when you think about it in the criminal context
or the grand jury process where the FBI agents need to go--must
go--to a Federal prosecutor to obtain approval to issue the
grand jury subpoena so there's an outside check on what happens
before the document goes out that results in the collection of
the information. So, I think that's very appropriate.
I think that system has worked well with respect to grand
juries. The difficult thing for the Committee is to try to
calibrate what it does with respect to what the effect is. So
the higher you ratchet up the approval levels, if you indeed
require the FBI to go to a court in addition to a Justice
Department attorney, it's just going to make it that much more
difficult and that much more time-consuming to obtain the
information. It will be something that discourages the FBI from
actually trying to pursue those.
Now, some people say that's a good idea, we don't want them
to do all these NSLs. But the volume, as you can see, of the
number of NSLs is so huge and the time pressure is so great,
that we need to have something that's--
Chairman Leahy. But even now they're not even going to the
U.S. Attorney.
Mr. Baker. No, I agree. But with the NSLs, they just do it
internally. It goes to the SAC, Special Attorney in Charge.
Chairman Leahy. But you would not support judicial review
because of the volume?
Mr. Baker. For much of the information, I think judicial
review is too much. I concede and think it would be a good idea
if Congress wanted to carve out a certain set of records--tax
return records, firearms records, educational records, the sort
of things that are listed in the current 215--out and say, if
you're going to have this category of material you have to go
to the court. But for the transaction, for much of the
transactional data, again, I agree with Mr. Woods, we need to
be very careful. It needs to be carefully calibrated. You need
to think about what categories you want to carve out and make
sure they're really important.
Chairman Leahy. Mr. Nojeim?
Mr. Nojeim. That is exactly what the Feingold bill does. It
carves out the more sensitive information and says for that tax
return that was given to the bank so a person can get a loan,
for e-mail ``to''/``from'' information, you've got to go to a
court first. It's not good enough for the FBI to check itself.
Let me just say a word about the checks and balances that
we're calling for. One doesn't normally think of a person in
the executive branch charged with being a prosecutor or
protecting national security as being the person who provides
the check and the balance. It's the judge who has to provide
that check and the balance. That's their role in our system.
It's just not the proper role of prosecutors to be actually
charged with that. They can certainly help, but a true check
has to be judicial.
Chairman Leahy. And Mr. Woods?
Mr. Woods. I guess I would agree with the idea that there
needs to be judicial review available, but I would focus
directly on the calibration. I would draw the analogy to the
grand jury. The former prosecutors on the Committee know that,
as a prosecutor, you might issue hundreds of grand jury
subpoenas. Now, the possibility of judicial review is there,
but it's the prior approval of the court, and in most instances
in the Federal system, prior approval of a grand jury is not
something that is required. I think we have to shift toward
that analysis.
Chairman Leahy. Of course, in the grand jury the prosecutor
eventually is going to have to answer to the court how he
collected the evidence.
Mr. Woods. Exactly.
Chairman Leahy. They're not going to say, OK, on every one
of these subpoenas you have to have a witness come in, but at
some point they're going to say, it appears you overreached, or
you didn't. Is that not correct?
Mr. Woods. That is correct. But I think that one of the
things we'll certainly end up discussing here is the very
fundamental distinction between the collection of intelligence
and criminal investigations. I mean, Congress and the executive
branch have struggled with the oversight of these activities
for a long time because that public accounting is not present
in the intelligence world.
Chairman Leahy. Thank you.
Senator Specter?
Senator Specter. Thank you, Mr. Chairman.
Mr. Baker, in my opening statement I referred to a
situation where the FBI had been twice turned down by the FISA
court on a request for a Section 215 order for business records
and they then used a national security letter. I am advised,
further, that at the time you were head of the Office of
Intelligence, Policy & Review in the Department of Justice and
that you advised the FBI that they ought not to use a national
security letter in that context. Is all of that true?
Mr. Baker. It is true, Senator, that I was head of the
Office of Intelligence & Policy Review at that time. Senator, I
don't recall, sitting here today, giving that advice with
respect to NSLs.
Senator Specter. Do you recall the situation where the FBI
had twice been turned down by the FISA court for a Section 215
order?
Mr. Baker. I remember the case in general, Senator. I would
just comment, just as a point of clarification--and I can talk
more about how the FISA process works--but it was--
Senator Specter. Well, I don't have much time. There was
such a case. Then the FBI did use a national security letter in
that situation?
Mr. Baker. With respect to that investigation, yes.
Senator Specter. Well, that's pretty blatantly wrong, isn't
it, Mr. Baker?
Mr. Baker. Well, technically speaking, under the law they
were authorized to do it. Now, that doesn't mean necessarily
that it was a good idea to do it with respect to the facts that
are here in this case.
Senator Specter. Well, did the court turn it down because
there was a First Amendment issue?
Mr. Baker. My understanding is that the court did not
officially turn it down. There was a back-and-forth between the
government on a number of--
Senator Specter. OK. But the court didn't grant it?
Mr. Baker. I beg your pardon?
Senator Specter. The court didn't grant it.
Mr. Baker. I'm sorry. I didn't--
Senator Specter. The court didn't authorize the order?
Mr. Baker. No, it did not, sir.
Senator Specter. OK. Well, with 5 minutes of talk, that's
enough on this issue. To me it's pretty plain that the FBI is
circumventing the court, which had it twice before it. It
wasn't granted. That's the critical aspect.
Let me move to you, Mr. Nojeim. You call for ``specific and
articulatable facts'' for NSLs. Others have contended that the
relevance standard is sufficient. Isn't a standard of
relevance, which is not even reviewed by an attorney, highly
subjective and highly questionable just on the say-so of an FBI
agent?
Mr. Nojeim. It is. It is. One of the problems with a
relevance standard--
Senator Specter. Would it slow down the process to make it
impractical if your standard of a specific and articulatable
facts standard were to be required?
Mr. Nojeim. No, I don't think so. The FBI guidance actually
requires agents now to articulate the reasons why they believe
that the information sought is relevant to the investigation.
Senator Specter. Mr. Woods, what do you think about a
``specific and articulable facts'' standard for NSLs?
Mr. Woods. I think it's inappropriate.
Senator Specter. You think what?
Mr. Woods. I think it's inappropriate. I believe it's
inappropriate because it was the standard prior to the PATRIOT
Act. It did slow the process prior to the PATRIOT Act and it
did make these tools far less available.
Senator Specter. Well, was it a good process? Just being
part of the PATRIOT Act doesn't speak to its value, speak to
its appropriateness.
Mr. Woods. As I've outlined in my written testimony, it was
a process and a standard that worked very well in the
traditional counterintelligence cases of the FBI in chasing
spies, in cases where you make fairly common investigative
links from known agents out to their associates, et cetera.
It did not work very well in the kind of inchoate threat
situations that we were encountering in terrorism where you
don't have a lot of facts about the individual, therefore you
don't have specific facts about the person to whom you are
trying to connect. This is where that standard started to break
down in the 1990's, and it's why the FBI asked for it to be
changed.
Senator Specter. Mr. Woods, what do you think of Judge
Posner's argument, which was made again in March of 2007 in the
Wall Street Journal that the FBI, really, institutionally, is
not the best agency to handle this, going again and looking to
the idea of a United States Mi-5. What do you think of that?
Mr. Woods. I've never been in favor of that. I disagree
with Judge Posner on that, and some other things.
I actually think it is a good--I mean, the critics like
Judge Posner say that it's the FBI's investigative criminal
orientation that slows down the intelligence gathering process.
I think that if you're going to have anyone do domestic
intelligence collection, and I think someone needs to, it ought
to be people who are steeped in the criminal process, in the
constitutional process rather than the kind of people we have
collecting foreign intelligence, for example, who lack that
background.
Senator Specter. Thank you very much.
Thank you, Mr. Chairman.
Chairman Leahy. Thank you, Senator Specter.
Senator Feingold?
Senator Feingold. Thank you, Mr. Chairman.
Mr. Baker and Mr. Woods, according to the Inspector
General's reports the FBI uploads information it obtains
through NSLs into numerous data bases that are widely
accessible to tens of thousands of personnel at the FBI and
other agencies.
I'd like to ask you both, should all this information be
retained indefinitely, and what type of limit should the FBI be
required to impose on the type of information it retains and
the length of time it is kept?
Mr. Baker?
Mr. Baker. Well, as I have said in my written statement,
Senator Feingold, I think there should be rules. There need to
be minimization rules. As your bill would require for national
security letters, I would urge you to require it for all types
of metadata. It's something that Congress needs to worry about,
not just with respect to the fruits of the national security
letters, but with respect to all the types of data from all the
different tools that the government uses to collect metadata,
including grand jury subpoenas, pen register trap and trace
orders, all kinds of things.
That said, with respect to destruction, I do say in my
statement that I think, if you're going to allow the government
to collect a lot of data on the front end, you need to minimize
the retention and dissemination, and at some point in time it
needs to be destroyed.
Senator Feingold. Well, the FBI would probably argue that
you can never predict when the information might be useful.
Based on your government experience, how quickly does the
utility of this type of information as actionable intelligence
start to decrease? I realize you can't say an absolute answer,
but what is your sense as a professional in this area?
Mr. Baker. If you're trying to get actionable intelligence
which will allow you to actually do something to stop a threat,
stop a spy, it starts to dwindle relatively quickly. So what I
suggest in my testimony is a pretty long time period, which is
5 years, destruction after 5 years.
You can come up with examples where 10, 15, 20 years would
reveal something about someone, but it is--I don't know how you
want to say it, but it's a slope that drops pretty quickly,
Senator. So I think definitely after 5 years, and at some point
even before that it drops off quickly.
Senator Feingold. Thank you, Mr. Baker.
Your response to this issue, Mr. Woods?
Mr. Woods. I think, definitely, there needs to be a
mechanism for governing the retention of this information. The
national security letter statutes were developed kind of
quickly. They've been ignored and in a corner for most of their
life. It's really a mistake that these statutes didn't have
something like this from the beginning. And I would agree with
Mr. Baker. I think for a model we would look at other things,
the retention rules that we put in the Attorney General
guidelines, the retention rules that are in the DoD guidelines.
There should be that kind of review to eliminate retention as
quickly as possible.
Senator Feingold. Based on those responses, I'd like to ask
each of the witnesses if you could give a ``yes'' or ``no''
answer. Is it safe to assume that all the witnesses support the
provision of the NSL Reform Act mandating that the FBI issue
minimization and retention procedures for NSLs?
Mr. Baker?
Mr. Baker. Yes, I do. But I would also suggest that you
should worry about acquisition, minimization at the stage of
acquisition. Don't get more than you really need for the
purpose that you're searching for it.
Senator Feingold. Mr. Nojeim?
Mr. Nojeim. Yes, I agree.
Senator Feingold. OK.
Mr. Woods?
Mr. Woods. Yes, I agree, too.
Senator Feingold. And I want to thank the Ranking Member
for raising the issue of the relevance standard, which I
consider, of course, to be woefully inadequate to protect the
privacy of Americans who have done nothing wrong. I believe
that the specific and articulable facts standard is an
appropriate standard, but we will certainly work on this
legislation to make sure that the government can get what it
needs, but not go too far.
I do think that the relevance standard is not adequate, and
as Senator Specter said, the mere fact that it was put in as a
change in the PATRIOT Act is not to me, a recommendation. It is
actually a sign that it might not have been looked at closely
enough, because that's my view of the whole legislation.
Mr. Nojeim, the most recent Inspector General report
indicated that the percentage of NSL requests generated in the
course of investigations of U.S. persons has increased steadily
in the past several years, from 39 percent in 2003 to 57
percent in 2006. Is this cause for concern?
Mr. Nojeim. Yes, it is. I think that you can trace that
increase to the PATRIOT Act itself, which eliminated the
requirement that the records pertain to an agent or a foreign
power. Most Americans don't fit that description.
Senator Feingold. And also, Mr. Nojeim, the FBI conducted
its own internal review of 10 percent of all NSLs issued from
2003 to 2006. According to the most recent Inspector General
report, the FBI's review found more than 550 instances in which
the FBI received records it had not requested in response to an
NSL, yet out of those hundreds of incidents only four times did
the FBI realize that this violation had occurred. That's less
than 1 percent. The IG report also stated that at least some of
this unlawfully obtained information was uploaded into an FBI
data base that is shared more widely with the intelligence
community. What does that tell us about the extent to which
these data bases may contain unlawfully obtained information?
Mr. Nojeim. It suggests that there could be a big, big
problem. We won't know what information in the data base was
lawfully obtained and what information wasn't. It's not tagged,
so you just won't know.
Senator Feingold. Thanks to all the witnesses.
Thank you, Mr. Chairman.
Senator Whitehouse. Thank you.
I believe Senator Sessions is next in order.
Senator Sessions. Well, I think the FBI deserves criticism
for not managing this program well, not following strictly the
guidelines and accounting correctly in the beginning. Wouldn't
you agree, Mr. Woods?
Mr. Woods. Yes, I would.
Senator Sessions. And Mr. Mueller came here and promised to
do better, and the OIG report indicates that they have done
better and fixed the problem in recent months. Is that correct?
Mr. Woods. That's the testimony.
Senator Sessions. I think we heard--we know what happened.
We saw the Director in here. This oversight Committee, which
has the responsibility to make sure this program is going
right, we grilled Mr. Mueller, we made him promise to do
better, and he's done better.
Now, let me ask you this, Mr. Woods. Isn't it true that a
DEA agent investigating an American citizen can issue a
subpoena for some person's telephone toll records if he thinks
it's relevant to a drug-dealing operation?
Mr. Woods. That is absolutely true.
Senator Sessions. And IRS can get your bank records if they
think you may be cheating on your income tax.
Mr. Woods. That's correct. There are actually over 300
Federal agencies that have administrative subpoena authority
that is based on the relevance standard.
Senator Sessions. And Mr. Nojeim, forgive me if I object,
but I do not believe, and strongly reject the idea that we
ought to give greater protection to terrorists and spies than
we give to drug dealers and tax cheats. I just do not believe
that's accurate, and fundamentally that is what I understood
you to be saying.
Mr. Nojeim. What I have said, Senator, is that intelligence
investigations are different. If you're conducting a criminal
investigation of a terrorist who may have committed a crime or
a spy who may have committed espionage, which is a crime, the
same rules apply. What we're talking about is a different kind
of investigation, one untethered from a criminal charge or from
criminal suspicion.
Senator Sessions. Well, OK. Now, Senator Specter asked the
question about specific and articulable facts, shouldn't that
be the standard. Well, Mr. Woods, isn't it true that DEA
doesn't have to quote articulable facts to get your telephone
toll records?
Mr. Woods. That's correct.
Senator Sessions. Or the bank records.
Mr. Woods. No. These--
Senator Sessions. Or your motel records.
Mr. Woods. All of these transactional records are basically
available in the other context, criminal, administrative
subpoenas, on relevance to the investigation, Senator.
Senator Sessions. So we absolutely ought not to be adding
greater difficulties for investigators investigating a life-
and-death situation, perhaps, than we do for drug dealers. And
let's make this clear, Mr. Baker. You're a lawyer, and all of
this. But the reason is, these are not the individual's
records. These are records in the possession of a third party.
They have a diminished right of privacy in those records
because they're not their records. You can't subpoena an
individual's home computer. You can't subpoena their personal
records and obtain those records without a warrant, if they
object. But you can subpoena records at the Office of Motor
Vehicles, at the telephone records or bank records, right?
Mr. Woods. That's correct. The Fourth Amendment protects
things with respect to which you have an expectation of
privacy, and the type of things we're talking about today, the
transactional data, is not protected by the Fourth Amendment.
Senator Sessions. And every day in America, Mr. Woods,
every county attorney in America investigating any kind of
misdemeanor or offense that wants records can issue a subpoena
based on the standard of relevance to that investigation in
every State in America that I know of. Would you agree?
Mr. Woods. Yes, I would.
Senator Sessions. And since time immemorial, that's been
the standard that prosecutors have used.
Mr. Woods. Yes.
Senator Sessions. And how we're in this deal where we want
to put more standards, more burdens on people who are trying to
protect the American people from an attack is beyond my
comprehension, and I'd object to it.
Let me ask this, Mr. Woods. Let's say you're investigating
a person that you think may be connected to--you have some
indication they may be connected to Al Qaeda and you issue a
subpoena on the relevance to the investigation and get those
telephone toll records. You see a lot of other calls to someone
else and you want to now subpoena that person's records to see
if they may have--see what connections those phone numbers
show.
Now, in this context there may not be anything. It may be a
perfectly innocent series of phone records you receive. But
isn't it possible, and isn't it what we pay our investigators
to do, if lo and behold there's a call to some known Al Qaeda
number in Iraq or Afghanistan? Isn't that what we're about?
Mr. Woods. Well, yes. I mean, that's the goal of these
investigations, along with the goal of eliminating the people
who are not, which is another function of these types of legal
authorities.
Senator Sessions. Well, I don't know if somebody got my
phone--my time is up. We also need to be sure that the
information we're obtaining is not the power to listen in on
these phone calls, but it's just simply the telephone toll
records that show where that person may have called in the
past. Is that correct?
Mr. Woods. That is correct. These national security letters
do not get content of phone conversations or e-mail content.
Senator Sessions. And I would point out that we tightened
these standards when we reauthorized the PATRIOT Act. I didn't
think they needed to be tightened, but we tightened them, all
to make sure that spies and terrorists have their full rights--
in fact, more rights than we give the drug dealers in America.
Senator Whitehouse. Senator Kyl? While I am chairing, I am
going to be the last person here, I'm very happy to have you go
ahead, if you would like to. I'd be happy to defer to you at
this point.
Senator Kyl. I am going to be here for a while, so please
go ahead.
Senator Whitehouse. Thank you.
This is, I think, a very, very interesting question that we
have and it's a very interesting hearing. I see it in a
slightly different context than Senator Sessions does, although
we share the experience of both having been prosecutors and
U.S. Attorneys.
It strikes me that there is a privacy interest that is
raised that is separate from the privacy interest or value of a
particular piece of data once you start to multiply and
aggregate it into an enormous pool of data. It's something we
don't have much guidance on from the Constitution, because at
the time the Constitution was written the way an investigation
worked was, the marshall or the sheriff came to your house,
seized whatever evidence was necessary, brought it before the
prosecutor or the magistrate, whoever, and when it was done,
whether it was a bloody axe, a contract document, or whatever,
it was either contraband, in which case it was destroyed, or it
was of no value, in which case it was discarded, or it was
returned and that was the end of that.
Then along comes the Xerox machine. Now documents start to
live on in the files of government agencies. Fortunately--or
unfortunately--they are paper files. They're very hard to go
back and search.
So while they're still there for somebody who remembers,
you know, in the so and so investigation I think we did this,
let's go back and see what we found when we searched Joe
Smith's house, we still have that in that file in this paper
record, it's not a very live record.
Now, electronically we can not only preserve it, but we can
aggregate it and we can maintain it indefinitely, and we can
build, in theory, a massive consolidated data base of all of
this information that people could plow through at will.
I do think, despite the fact that none of those individual
pieces of data might rise over Fourth Amendment levels, it does
raise a new question that we as a society need to address. So I
would ask you to comment a little bit on those thoughts, and in
particular the sort of nexus or matrix between the intensity of
the privacy value of a particular piece of data that is sought
versus the intensity of the investigation itself.
I am not sure whether I would be more concerned as a
citizen about my privacy if the government said, look, I want 1
year's tax records for this one purpose or if they said, every
phone call you have ever made, we are going to track who you
made it to, when you made it, when it ended, and we're going to
share it with all people who are interested.
The privacy balance, I just think isn't that easy, yet it's
hard to measure that intensity of government investigation
component. It's so much easier when the document itself is the
trigger. How would you recommend--do you have thoughts on how
you'd recommend we cope with that concern? And I'll followup
further.
Mr. Baker. Senator, at the end of my written statement I
have a statement in there about, as time goes by--you're
exactly right--and our data collection capabilities increase,
every human endeavor that can be reduced to a digital form will
be collected by someone for some purpose, either commercially
or for intelligence purposes or law enforcement. That's the
direction we're heading in. These do become extremely powerful
tools. They're powerful tools to protect the country. They're
powerful tools that, when you have an urgent situation, you can
go into a data base, you can search through, you can look for
connections.
Senator Whitehouse. And they're valuable tools. They're
important tools, I think we all agree.
Mr. Baker. Right. Extremely valuable.
Senator Whitehouse. But they still need some--
Mr. Baker. They need oversight. They need oversight and
they need minimization. They need oversight by people. We can
have all of our technology, we can have all of our systems, we
can have all of our laws, quite frankly, but at a certain point
in time the people matter.
For example, it mattered that Glen Fine was Inspector
General at the Department of Justice at the time that you
ordered a review of these things. I've worked with Glen closely
and he's a very tenacious, intelligent, hard-working person. It
mattered who he was. So you really have to make sure you have
the right people in those jobs, doing the right thing.
At a certain point--I know time is almost up--you are
right, I think, to focus on the Fourth Amendment issues. At a
certain point in time, when the government's knowledge about
our activities becomes so pervasive, that may, in fact, raise
Fourth Amendment concerns. I think it's something that we're
going to be struggling with.
Senator Whitehouse. Let me interrupt you now, because my
time has expired and I do have plenty of time with you once
Senator Kyl has a chance to ask his questions, and yield to the
distinguished Senator.
Senator Kyl. Thank you very much. I think we all agree
that, over time, the challenge presented by the acquisition of
this transactional information is going to require us to
develop new regimes or protocols of dealing with it.
What I'd like to do, especially with regard to how long you
keep it, I do suspect that the last thing government agencies
are going to want are roomfuls of data that they can't do
anything with because they're simply too massive.
But what I'd like to do here is focus just a little bit on
how this process actually works, the typical situation, because
it gets to the standard that we're debating here and the reason
why we went to a relevance standard.
This is transactional information about which the
individuals had no expectation of privacy. Mr. Woods, you had
experience in actually doing this and actually supervising it.
Give us an example of how it worked. I'm specifically
interested in why it's different in the context of preventing a
crime from being committed, a terrorist act, as opposed to
investigating a crime that has been committed.
Mr. Woods. OK. I think that probably the best example is
the sort of classic terrorist threat scenario that we run into
a lot these days, where there is information, perhaps from
foreign intelligence, which indicates maybe a particular target
or a particular city or a particular--there's been a foreign
communication that is suspect. We don't know who made the
communication, but it has enough characteristics that we're
concerned about it and it says something about Washington, DC.
This is thrown to the FBI in a proactive mode. What can the
FBI do? Well, the FBI could say--say it's sort of an e-mail, or
the FBI might want to look at other e-mails that had connected
to the same source, maybe it's from an internet cafe or
something like that, and just do a quick scan to see, is this
point of communication been in contact with anybody else that
we know about, anything that might give us a lead? That
transactional information about those communications is
certainly relevant to the threat. It would be, I think,
impossible in those situations to make out a specific and
articulable facts case.
We don't know who the person on the other end of the
communication is. We don't know for sure that they're an agent
of a foreign power. It becomes very gray and circumstantial. We
could spend a lot of time trying to work with that standard.
That's kind of--I mean, that is why we asked, in the Bureau,
for the relevance standard. There are situations where, you
know, when the FBI is being mandated to be proactive and to
depart from the investigative model, it's encountering these
situations that don't fall into line with the standard that was
designed for an investigative model. It is more dangerous. It
is more risky in terms of civil liberties, but it is, in my
view, what needs to be done now.
I would focus, therefore, more on the oversight, retention,
and minimization end of this than on the legal standard itself.
Senator Kyl. Now, that is the precise thing that I think we
need to focus on. Why would you do that? Why would you want to
retain the relevancy standard rather than going back to the
articulable facts standard that we discussed earlier? Why would
minimization procedures or other oversight be a better answer
to the privacy concerns?
Mr. Woods. Well, I think the standard itself, the scenario
that I laid out, I think is going to become more and more
common. We're going to need to assess threats quickly. We're
going to need to respond to them quickly. But by their very
nature, many of them are going to fall into the sort of fuzzy
environment that the relevance standard is far better for. I
mean, there's a reason why it's the standard for criminal
investigations. This is how you quickly figure out what's going
on.
I do think, though, where the system is breaking down is,
once that's done, once that information is collected, how long
do we keep it? What impulse is there for the government to sort
through that? If I might, just one sort of side issue on this.
The government--the FBI and other agencies--are facing two
pressures. I mean, one is, get out there in front of the
threats.
The other pressure is, share information. These data bases
didn't exist when I was first in the FBI. They exist now
because of our examination of the failure of information
sharing prior to 9/11. So I think with those two things
together, you need to reinvigorate the rules on minimization
and retention. They were never added to national security
letter statutes in the first place. All these things came into
existence without those, very unlike, say, FISA or criminal
statutes in that regard. But that is why I would focus the
attention there.
Senator Whitehouse. Senator, can I just followup on that?
Since it's down to just the two of us, we can be off the clock.
Senator Kyl. Sure. That's fine. Go on, please. Senator
Feingold might object to that now, but it's fine with me.
Senator Whitehouse. Continue as long as you please, though.
Senator Kyl. No. Let's just go ahead and have others
respond to that if they like, and then a final comment. That
will be fine.
Mr. Nojeim. Mr. Woods has made a good case for the
relevance standard, but the problem that we see with it is that
it really doesn't have a good articulable end.
Say, for example, the threat information that is received
is that there's a terrorist in Washington, DC. What information
is relevant to investigating that threat? Is information about
everyone who is staying at a hotel in Washington relevant? Is
information about everyone who rented a car in Washington
relevant? It just seems like there's no end.
Once you decide that information about who that person has
communicated with is relevant, is information about who they
communicated with also relevant, and so on, and so forth? So I
guess the problem with the relevance standard is that it seems
to untethered in that when we're talking about an intelligence
investigation that is, again, not tied to the investigation of
a particular crime, it seems like there's just no end to the
information that could be obtained.
Senator Kyl. I appreciate that point. But it seems to me
that it, in some respects, ignores realities of life. That is,
you've got some people who we have a lot of confidence in,
we've given a great deal of authority to, to protect us from
terrorism. We have put them into that position and they're in
real-time situations trying to sort through a lot of material
to be able to track something to get to the point where they
can maybe stop a terrorist act from occurring.
They don't have time in that context, it seems to me, to
sit around saying, oh, look at this juicy bit of information,
let's set that aside and maybe we can deal with that later and
really embarrass this political figure, or why don't we stop
what we're doing here and gather up all this information for
some other purpose?
I mean, they're on the tail of something, they're trying to
get through it quickly. It seems to me that the problem is
really quite the other way, and that is to be able to barrel
through a whole of information as quickly as possible and not
go back to what they just went through because it's of no
immediate use to them, and they've simply got too much work to
do to figure out what the terrorist attack might be to sit
around and focus on all that.
So I think that the realities, the practical realities
don't suggest that the problem is a likely big problem. I
think, though, that ultimately there's got to be some decision
made about, OK, now that's over did all of that stuff get
captured someplace or did we simply go through it and it's
simply out there in the ether again? To the extent we did make
a record of some of it, what should be done with it?
I mean, I can see why privacy concerns there would require
some mitigation or some procedures and protocols and so on. But
during the process of trying to prevent the crime or the
terrorist act itself, it seems to me that the broader standard
giving them more flexibility and leeway to protect us is the
appropriate way to approach it. That's my own point of view
which I believe is pretty consistent with Mr. Woods'.
Senator Whitehouse. The Senator from Wisconsin?
Senator Feingold. Thank you, Mr. Chairman.
Let me briefly respond to what Senator Sessions, and to
some extent Senator Kyl, said about the standard for getting an
NSL. Senator Sessions mentioned grand jury subpoenas, which of
course are to investigate crimes.
I believe that Congress should change the current relevance
standard for NSLs. Intelligence investigations are not, as has
been pointed out, subject to the same built-in checks that are
present in criminal investigations. They are much broader,
meaning that virtually anything could be relevant to an
intelligence investigation. They are conducted entirely in
secret. Investigative techniques are rarely tested through the
adversary judicial process. I think that is why more oversight
is needed, and that is why a more targeted standard is needed
for the NSL authority.
So in that connection I would like to ask Mr. Nojeim, we
have heard a proposal today for a new national security
subpoena authority. Would you please address your thoughts on
that proposal?
Mr. Nojeim. I think that if the response to the Inspector
General's reports is that there be a broader collection
device--and that's what these subpoenas would be--that it's
exactly the wrong response.
It's not clear to me who could receive one of these
subpoenas. It does seem to me that they could be received by
anyone as opposed to just the limited entities that are now
possible recipients of national security letters.
There was no discussion about the gag that would come with
one of these subpoenas. I put those two together because I
think about who might be a recipient. What we're talking about
is expanding the class of people who might receive a demand
from the FBI for information, but, the demand says that they
can't disclose anything about that demand.
It could be served on any person. I just don't know how my
mom would respond to that request. I don't know how other
people would respond to that request. I don't think that we
should go in that direction as a result of the abuses that have
been uncovered in the IG reports.
Senator Feingold. I couldn't agree with you more. I can't
imagine how granting the FBI administrative subpoena authority
is a response to evidence of abuse of their current authority.
We just barely dodged this bullet in the last round. For this
to be a response to what we learned about the NSLs strikes me
as kind of bizarre.
Mr. Nojeim, two Supreme Court decisions in the 1970s
determined that Americans do not have Fourth Amendment rights
to information they reveal to their phone companies or banks,
such as the phone numbers they dial or the checks they write.
Given the unprecedented technological advances of the past
30 years, do you think these decisions would come out the same
way again today?
Mr. Nojeim. I think they're on shaky ground today. Take
Smith v. Maryland, for example. That's the decision where the
court decided that numbers dialed on a telephone didn't have
Fourth Amendment protection. They reached that decision in part
because those numbers dialed are not so revealing. The court
said, for example, you can't even tell whether the telephone
call was actually completed. You can't tell who was
communicated with when those numbers were dialed.
Fast forward to today and think about the kinds of
information that qualify as metadata, but that are much more
revealing. E-mail ``to''/``from'' information. It's usually the
case that you know who you're communicating with and the
government will know when it gets that information. It knows
the communication actually happened. So right there, it's much
more revealing.
URL information--where a person went on the Internet. The
closest parallel to that is probably library sign-out records,
and most States protect those and require extra procedures.
Yet, in the internet context, URL information, at least before
the first backslash, is available with a national security
letter.
Senator Feingold. I commend all the witnesses for their
testimony today. Mr. Nojeim, I particularly commend you for
your ability today to distinguish not simply between metadata
and content, but to point out that within the context of
metadata there really need to be distinctions. It's not simply
one kind of information or another, there are vast differences.
You've done an excellent job of pointing out the dangers of not
having those kind of distinctions within the metadata category.
Thank you, Mr. Chairman.
Senator Whitehouse. Thank you.
I will sort of pick up where I left off, because I find
this subject so intriguing. I think it's our next really big
civil liberties issue to address. Does anyone dispute that it
is essentially inevitable that, given the way we can
electronically gather and store data, government data bases
containing personal information are going to continue to
proliferate and that, given the ease with which access to
different electronic data bases can be increasingly achieved,
there will be more and more access points for government
agencies to those data bases? Are we not, to some degree,
headed for a situation in which there is essentially a large,
multi-accessed, multi-inputted, but essentially single
government data base containing a vast amount of personal data
related to American citizens?
Mr. Baker. Senator, there may be a number of reasons you
wouldn't want to create one data base, but you could have data
bases that are linked in certain ways.
Senator Whitehouse. Linkage makes it effectively the same,
I think.
Mr. Baker. It would allow you, with certain tools, to go
through the different data bases. If your query fit the
criteria for going into a data base, you could come up with
some kind of a model to do that. So, I think that's right.
If I could just quickly respond to something that Senator
Feingold said before he left, since it was my sort of bizarre
idea to come up with this national security subpoena. Just, I
want to be clear, and when Senator Kyl was talking about the
different standards that apply, you can have relevance, you can
have specific and articulable facts, you can have probable
cause, but relevance, specific and articulable facts as to
what? As to what? You have a twofold task in front of you. You
have to pick the right standard, the right predication, how
much facts you want to support it, but then as to what? You
need to think about that.
My concern is, and the reason I came up with this bizarre
idea--other people have too--is that if you raise the standard
with respect to national security letters so high, FBI agents
in the field will find some other way to get what they need
because they are charged with, and have tremendous pressure on
them, to prevent the next attack, as we all know.
So if national security letters are too difficult, well,
let's see if we can find something else. 215? Oh, you've got to
go to a judge. That's a pain in the neck; forget that. Oh.
Grand jury subpoena? I'll just go to this AUSA that I work with
all the time, we'll get that, and there's no court oversight in
the real-time sense and you just get it from the AUSA. There's
no minimization requirements. Boom, we've got it.
We've got the information that I believe I, the agent, need
to protect the country and I'm not going to mess with these
other statutes. So the volume will drop with respect to
national security letters, it will be a less effective tool,
but your insight into what is going on--your, the Congress'
insight--the government's insight will just change. It will be
harder to conduct oversight of those kinds of activities, and I
urge that you worry about that.
Senator Whitehouse. I understand that. But I think, in
addition to the question you have raised of the ``how do you
get it'' problem, we also have to address the ``what do you
with it'' problem, which I think, as those of us familiar with
this area--we would generally categorize that as the
minimization problem. So you've got the ``how do you get it''
problem, then once you've got it, what do you do with it, how
long can you keep it, do you destroy it, who can you connect to
it, all that sort of stuff.
Then you have, as you mentioned, the predication problem,
which is, who is allowed to query it. Who's allowed to hit the
data base and under what circumstances? Is strikes me that if
we're going to solve this problem we have to address really all
of those three issues, that those are the three big prongs of
this question from the government's point of view: what are you
allowed to get, what are you allowed to do with it once you get
it, and who are you allowed to let have a look at it, and on
what terms?
Mr. Nojeim. And to add just a couple more things. Not just
what can you get, but what do you have to show to get it, and
also what do you do with it after a few years? I mean, do you
just throw it away or do you save it to see whether it might be
useful in some other investigation 10 decades from now? I think
that your--
Senator Whitehouse. And minimization, I think, has become a
hugely moving target. In my days as a U.S. Attorney,
minimization basically meant that the agent flipped off the
switch on the microphone and stopped listening when it became
apparent that the conversation was with the subject about pork
chops for the weekend, that he'd called the butcher. Once you
learned that this was an every Thursday call for Friday dinner,
you didn't listen to it at all because you didn't any longer
have a reasonable basis to listen to it. It was just kind of
that simple.
Now, particularly in the FISA minimization context, it's
gotten much more complex, much more deep in time, and into
questions of distribution. So the simple ground rules very
recently have had to adapt to a much more complex landscape,
and I'm not sure that they're well understood.
Yes, Mr. Woods?
Mr. Woods. Senator, there is a reason for that. That is--
and we keep coming back to this matter of intelligence
investigations--this is fundamentally different than the
criminal context in that the adversaries we are facing are
different. We are facing intelligence services with the full
resources and backing of foreign governments. We are facing
transnational terrorist groups.
So FISA minimization, for example, is structured after the
fact, I think largely because of the language difficulties. You
may be intercepting something on FISA that's in a dialect of,
choose the language, and therefore the Congress allowed that to
be done after the fact. I think we face the same thing here. To
go to your earlier comments, it is important to remember that
these intelligence investigations are not solely restrained by
these statutes. We have 30 years of oversight, of regulation,
of Attorney General guidelines, of executive orders.
The reason I put so much emphasis on retention/minimization
issues is, over the years that has been the least-glamorous
part of this work. I would say that minimization rules are
stuck in the Xerox era, at best. What we need--I mean,
minimization in the FBI, in my experience, was done with
respect to FISA quite carefully, and one of the reasons is that
every so often the Justice Department comes by and audits it.
There's nothing like that. We've had national security letters
since 1986. This is the first serious audit of how they are
being used. I think, going forward, the Committee really ought
to look at creating some of that, and at the same time maybe
look at updating stuff from the Xerox era to something a little
closer now.
Senator Whitehouse. I also felt that the minimization
process in Federal investigations that I oversaw, and at State
investigations--I was a State Attorney General as well--was
helped by the prospect that the Rhode Island State Police,
local FBI agents, Secret Service agents, or ATF agents had that
they were operating pursuant to an order allowing them to do
this, which incorporated in its terms the legal requirement
that they follow the minimization procedures, and that there
was the prospect that a judge might at some point take an
interest and say, you know, I signed this order and gave you
the authority to collect this stuff, I told you you had to do
it under these terms, I want to have a look. And just the
prospect, I think, of judicial oversight was very helpful.
It's one of the reasons we've had this fight on the Foreign
Intelligence Surveillance Act, because they put out
minimization rules but they wouldn't let it be set up so that
the FISA court ever had the authority to see if they were being
complied with, which completely undercut that motivation. I
thought that was mistake, and thankfully I think we've
corrected that in the FISA statute.
Mr. Nojeim. I think that one of the reasons that we need
the NSL Reform Act is that it requires that minimization
procedures be adopted. There was a provision in the
reauthorization legislation that required the Attorney General
and the DNI to study whether minimization would be feasible. An
NSL working group involving both agencies was put together.
They recommended basically the FISA minimization procedures,
but the Attorney General rejected that. I think it's time for
you to say, we're going to have to step in and require that
these minimization procedures be adopted.
Senator Whitehouse. A lot of very sensible stuff seems to
have been rejected for reasons that make absolutely no sense to
me.
Senator Kyl?
Senator Kyl. Well, let me just play off that point. There's
a hierarchy of values here. One, is the protection of the
American people from known dangerous enemies who have struck us
with great destruction. We have instructed others in our
government to see that that never happens again. Every one of
us ought to be strongly committed to that.
Now, we also have the potential prospect of violations of
privacy that might have an adverse consequence on someone, but
I don't think there's a lot of evidence that that's happened
yet.
I recall the words of the FBI agent who, about two and a
half weeks before 9/11, complained to another that, because of
the wall that separated two groups within the FBI, the
Terrorist and Criminal Investigation, that someday somebody was
going to get killed and then questions would be asked, and of
course that's what happened.
So on the one hand, we have something that is critical for
the protection of the American people, and we've seen
breakdowns in that because we set up artificial legal barriers
to the exchange of information and collection of information.
On the other hand, we're all concerned about privacy because we
can see in the future, if not today, a ballooning of
information and access to information, and we're rightly
concerned about how that's all used.
But I suggest we keep this in perspective, and that
enabling the people to do the job to protect this starts with,
I would argue, a lower standard like the relevancy kind of
standard. Then in order to prevent that other potential from
occurring, you can build on it. All of you have addressed that
in one way or another, and I think we're all in agreement that
both of those require work.
But just another specific example that we fixed, Zacharias
Mousawi. He didn't fit into the two ways that you could get
information. We couldn't prove that he was an agent of a
foreign power or that he belonged to a terrorist organization.
They don't carry cards anymore. He was acting on his own in
concert, ultimately, with another group. So we had to create a
third category after the fact, unfortunately.
What it demonstrates is, I think we need to be a little bit
more liberal on the front end for the purposes of the
protection of the American people, and then make sure that,
whether it's minimization procedures or other kinds of
protocols that ensure the privacy of the American people, to
put those into place. But looking at the relative challenges
and relative threats and relative harms that have occurred so
far, it seems that some may be balancing these equities, I
think, in the wrong way.
I would hope that as we draw on your expertise--all three
of you have been very valuable to this exercise today. As we
continue to draw on your expertise, would you also take into
account what I am trying to say here? Because as policymakers,
we've got to take all of these things into consideration. It
seems to me that--well, I've made my point. If any of you would
like to comment, I still have a little bit of green left.
Mr. Baker?
Mr. Baker. Yes, Senator. With respect to the law, I mean,
Michael and I both lived through the era of the wall and we can
probably go on for quite a bit of time about that.
But let me just say, that's why I focused on creating--
urging you to create--a system that's simple and effective. One
of the lessons from the wall was, the rules were complex, the
rules were misunderstood, and people were afraid of the adverse
consequences to their career of making a mistake, so they
didn't do what they should have done in certain instances with
respect to sharing information.
I think that's one of the things you don't want to have
happen here. I think with respect to the current regime that we
have, as reflected in the IG's report, you do have confusion
about what these statutes allow: you do have confusion with
respect to what the scope is, you have confusion about what the
standard is.
So, I think that has contributed to the situation that we
find ourselves in today. The only other comment I would make
is, the IG's report with respect to national security letters
are bad facts. I mean, that is a very bad situation. All I
would suggest to the Congress, as we all learned in law school,
bad cases make bad law. My urging is, don't let that happen.
Senator Kyl. But fix the bad cases.
Mr. Baker. Fix the bad cases, but make sure you don't
inadvertently create some other problem.
Mr. Nojeim. I think if we can learn one thing from the IG
reports, it's that people who mean well and are in the business
of collecting this information didn't do a good job about
following the rules. I think there's just no question about
that when you look at the Inspector General reports.
I think there's also no question that some of the reforms
that the FBI put in place are going to address some of those
problems, but the bigger problems can't be addressed by
changing the people who do the work or by changing what work
they do. There just has to be a judicial check at some point in
this process when the information is particularly sensitive.
Again, the principle that we're asking you to abide by is that
the more sensitive information ought to be under that judicial
check, and that less sensitive identifying information could
still be sought without it.
Senator Kyl. A final word, Mr. Woods?
Mr. Woods. All right.
Senator Kyl. Again, thank you to all three of you. I
appreciate it.
Mr. Woods. I actually agree with what both of the other
witnesses have been saying, in principle. I think the committee
should be guided by a rule of proportion. I mean, I read the IG
reports and I see errors and ineptitude in the nuts and bolts
of this, the kind of right documentation here, what should be
uploaded, what shouldn't be uploaded. I do not see, as one
sometimes hears in the discussions, a malevolent presence in
the government that is bent on subverting people's civil
liberties or obtaining information that it should not obtain.
I think the remedy ought to reflect the reality of what's
in those reports, which to me means concentrating a lot of
effort on that nuts-and-bolts level and not ratcheting up the
legal standard that affects every case, or attempting to sort
of, you know, throw up our hands and say, this is scary and
we're going to try to back off, because that affects the 90
percent of the cases that didn't even have these nuts-and-bolts
problems in the IG report. That's what I've been trying to
argue, and I'm happy to assist the Committee, as I'm sure my
colleagues are.
Senator Whitehouse. Well, I agree with you that there are
two very different issues here. One is the very simple, old-
fashioned bureaucratic foul-up that took place at the FBI with
respect to the implementation process for these NSLs, and that
is an important problem. It's a problem that we have drilled
into, that the Inspector General has drilled into that I think
a variety of initiatives will help to minimize. But every time
we touch on this issue I think it raises these larger questions
of, really, what the rules are. I don't think we've adapted
well enough yet to this modern electronic world in which there
are vast pools of information available.
I do think that the privacy of American citizens is a core
value in our society and it's a core value for a reason because
it affects the balance of power, if you will, between
government and citizenry. In a democracy, that is absolutely
vital. So I give it, perhaps, a higher value than some of my
colleagues do.
But wherever you assign its value, I think I agree with the
Senator from Arizona's point, that the American people could
feel more comfortable about what information is made available
to law enforcement if they had a higher level of comfort with
what would happen to it once law enforcement had its hands on
it in terms of its duration, maintenance, and all of that, and
with what uses it would be put to and who would have access to
it.
So I see the question as how you define what the government
can get access to, how you define what the government can do
with it once it's been allowed to get access to it, and how you
define who's allowed to query that pool of information which,
in a nutshell, are access, minimization, and predication, as
related phenomena that I think this Committee and this Congress
are going to have to deal with. I think I will ask you for
final comments, because we're nearly done with our time. Your
thoughts on how you see those are three related, cross-
referencing, interwoven concepts.
Mr. Baker?
Mr. Baker. Well, I think you're exactly right, Senator. If
you look at old FISA that we've been talking about, the
original FISA, that required minimization of acquisition in
terms of, what does the government get and why; minimization of
retention: once you've gotten it, what do you keep? Do you
throw certain things away? Who has access to it? What do they
do with it? Where do they store it? How can they look at it?
And then minimization of dissemination: Who can they give it
to, what purpose can they use it for, and so on.
If you look at the definition of minimization under FISA, I
think it's a pretty good one because it says that the Attorney
General will approve minimization procedures that will be
reviewed by the court and approved by the court, but that--on
the one hand, do all that, limit the acquisition, retention,
and dissemination of non-relevant, non-pertinent U.S. person
information, consistent with the need of the United States to
obtain, produce, and disseminate foreign intelligence
information.
So you've got to have the right balance, exactly what
you're saying. You've got to have the right access to the right
data, at the right time, for the right purposes, and to be able
to use it effectively for what we all want to accomplish. So I
think that is what you are focused on. I think that's exactly
right.
I would just add in, as we discussed earlier, you need to
think about how long we're going to keep this stuff. As these
data bases grow at a certain point in time, what should we be
throwing away? Stuff that has not been found to be relevant or
pertinent to an investigation in the sense that it's produced a
lead that's really, really good during a 5-year period, should
we throw it away at that point in time, or what are we going to
do with it?
Senator Whitehouse. Mr. Nojeim?
Mr. Nojeim. It seems to me your ability to control some of
the things that you want to control is limited, but is
available for some of the things you want to deal with. So, for
example, on ``what is the quality of the employees that are
doing this work, accessing this information? '' I don't think
you're going to have a lot of control over that.
You'll be able to approve the people at the top, but the
people below them you're not going to be able to control that
much. ``Who in government can get the information once it's
uploaded into one of the databases? '' I don't think you're
going to want to put a lot of limits on that because of the
imperative toward information sharing. So you might, but
probably won't put limits on that. I think that we're really
looking at the front end and the back end.
Senator Whitehouse. Well, the logical limit on that, just
to interject, would be not who gets access to it so much as
when they get access, the predication question.
Mr. Nojeim. For what purpose. For what purpose they get
access.
Senator Whitehouse. At what point does somebody in the
government say, I'm interested in Mr. Nojeim's file, let me
pull that up? It shouldn't be just on every government
computer. There should be a question that has to be answered
first: I need this because X. Particularly in the public
corruption world, you've got to predicate before you can go
after a public official. I think there's a similar test. It's
not just who has access, it's what is required. What's the
question that they have, and is it a legitimate question?
Mr. Nojeim. I think that's exactly right. I think it's very
hard to legislate because there are just so many contexts in
which you're going to have to think down the road. I think that
it's worth talking about.
I also think, though, where you can be most effective is at
the front end and the back end. It's articulating a standard
that is what permits the data to get into the data base in the
first place, and articulating the minimization procedures that
must be followed for getting it cleared out at the end of the
day.
Senator Whitehouse. Yes. I appreciate it. Thank you.
Mr. Woods, it looks like you have the final word.
Mr. Woods. I think that we shouldn't simply take a step
because it's easy. It's easy to look at the front end and say
we need to change the standard. I really do believe that the
core of this is in the sort of middle and back end of this,
controlling what is done with information. But I would just end
on your point about--
Senator Whitehouse. In terms of the interrelationship, do
you agree that if we're going to really get this right we're
going to have to focus on not only acquisition, but also
minimization and retention and also predication and the
querying function, and that those three need to be seen as a
coordinated group?
Mr. Woods. They are all linked. I think--and you're seeing
this--as soon as you enter into this question you get pulled
into the much broader issue of information sharing, of access
to digital information. I think a very important issue, and
that is public confidence. Things like the IG report shake
public confidence and make the public concerned about these
issues. I don't think the public understands how their
information is handled, either by the government or by
commercial entities. It is a very large question and I think I
would just urge the Committee to stick with it. It's not going
to be easily resolved, but it desperately needs doing.
Senator Whitehouse. Good.
Well, I want to thank all the witnesses. I think this has
been a helpful and interesting day. I would urge you also to
stick with it and keep doing your work, and keep hammering on
Members of Congress to get to this. We are, I think, in a very
interesting time, driven by the technological leaps that we've
taken. I will close by repeating the observation I made at the
beginning when the Founding Fathers were designing the Fourth
Amendment. It never crossed their mind that the sheriff would
keep any evidence. It would be thrown out. It would be used at
trial and it would be returned, or be destroyed if it was
contraband. That was it.
Now we have this facility for maintaining huge amounts of
information and it raises a question that, because the Founding
Fathers did not face, we can't go and grab an answer off the
shelf. This generation has to figure it out based on the
principles that have made this country great. I think it's a
fascinating topic, and I appreciate your attention to it
The record will remain open for 7 days for any additional
submissions anybody chooses to make.
The hearing is hereby adjourned.
[Whereupon, at 11:54 a.m. the Committee was adjourned.]
[Questions and answers and submissions for the record
follow.]
[GRAPHIC] [TIFF OMITTED] T2457.001
[GRAPHIC] [TIFF OMITTED] T2457.002
[GRAPHIC] [TIFF OMITTED] T2457.003
[GRAPHIC] [TIFF OMITTED] T2457.004
[GRAPHIC] [TIFF OMITTED] T2457.005
[GRAPHIC] [TIFF OMITTED] T2457.006
[GRAPHIC] [TIFF OMITTED] T2457.007
[GRAPHIC] [TIFF OMITTED] T2457.008
[GRAPHIC] [TIFF OMITTED] T2457.009
[GRAPHIC] [TIFF OMITTED] T2457.010
[GRAPHIC] [TIFF OMITTED] T2457.011
[GRAPHIC] [TIFF OMITTED] T2457.012
[GRAPHIC] [TIFF OMITTED] T2457.013
[GRAPHIC] [TIFF OMITTED] T2457.014
[GRAPHIC] [TIFF OMITTED] T2457.015
[GRAPHIC] [TIFF OMITTED] T2457.016
[GRAPHIC] [TIFF OMITTED] T2457.017
[GRAPHIC] [TIFF OMITTED] T2457.018
[GRAPHIC] [TIFF OMITTED] T2457.019
[GRAPHIC] [TIFF OMITTED] T2457.020
[GRAPHIC] [TIFF OMITTED] T2457.021
[GRAPHIC] [TIFF OMITTED] T2457.022
[GRAPHIC] [TIFF OMITTED] T2457.023
[GRAPHIC] [TIFF OMITTED] T2457.024
[GRAPHIC] [TIFF OMITTED] T2457.025
[GRAPHIC] [TIFF OMITTED] T2457.026
[GRAPHIC] [TIFF OMITTED] T2457.027
[GRAPHIC] [TIFF OMITTED] T2457.028
[GRAPHIC] [TIFF OMITTED] T2457.029
[GRAPHIC] [TIFF OMITTED] T2457.030
[GRAPHIC] [TIFF OMITTED] T2457.031
[GRAPHIC] [TIFF OMITTED] T2457.032
[GRAPHIC] [TIFF OMITTED] T2457.033
[GRAPHIC] [TIFF OMITTED] T2457.034
[GRAPHIC] [TIFF OMITTED] T2457.035
[GRAPHIC] [TIFF OMITTED] T2457.036
[GRAPHIC] [TIFF OMITTED] T2457.037
[GRAPHIC] [TIFF OMITTED] T2457.038
[GRAPHIC] [TIFF OMITTED] T2457.039
[GRAPHIC] [TIFF OMITTED] T2457.040
[GRAPHIC] [TIFF OMITTED] T2457.041
[GRAPHIC] [TIFF OMITTED] T2457.042
[GRAPHIC] [TIFF OMITTED] T2457.043
[GRAPHIC] [TIFF OMITTED] T2457.044
[GRAPHIC] [TIFF OMITTED] T2457.045
[GRAPHIC] [TIFF OMITTED] T2457.046
[GRAPHIC] [TIFF OMITTED] T2457.047
[GRAPHIC] [TIFF OMITTED] T2457.048
[GRAPHIC] [TIFF OMITTED] T2457.049
[GRAPHIC] [TIFF OMITTED] T2457.050
[GRAPHIC] [TIFF OMITTED] T2457.051
[GRAPHIC] [TIFF OMITTED] T2457.052
[GRAPHIC] [TIFF OMITTED] T2457.053
[GRAPHIC] [TIFF OMITTED] T2457.054
[GRAPHIC] [TIFF OMITTED] T2457.055
[GRAPHIC] [TIFF OMITTED] T2457.056
[GRAPHIC] [TIFF OMITTED] T2457.057
[GRAPHIC] [TIFF OMITTED] T2457.058
[GRAPHIC] [TIFF OMITTED] T2457.059
[GRAPHIC] [TIFF OMITTED] T2457.060
[GRAPHIC] [TIFF OMITTED] T2457.061
[GRAPHIC] [TIFF OMITTED] T2457.062
[GRAPHIC] [TIFF OMITTED] T2457.063
[GRAPHIC] [TIFF OMITTED] T2457.064
[GRAPHIC] [TIFF OMITTED] T2457.065
[GRAPHIC] [TIFF OMITTED] T2457.066
[GRAPHIC] [TIFF OMITTED] T2457.067
[GRAPHIC] [TIFF OMITTED] T2457.068
[GRAPHIC] [TIFF OMITTED] T2457.069
[GRAPHIC] [TIFF OMITTED] T2457.070
[GRAPHIC] [TIFF OMITTED] T2457.071
[GRAPHIC] [TIFF OMITTED] T2457.072
[GRAPHIC] [TIFF OMITTED] T2457.073
[GRAPHIC] [TIFF OMITTED] T2457.074
�
