technology, a non-profit public interest organization dedicated to keeping the internet open, innovative, and free. i and the broad coalition of internet companies and advocates that cdp brought together this summer to press for greater surveillance transparency are grateful to chairman franken and senator heller for introducing the surveillance transparency act, a bill that would allow companies and require the government to publish basic statistics about how the government is using its national security surveillance authorities. particularly in the wake of recent revelations about the nsa's surveillance programs, we believe this level of transparency about what companies do and don't do in response to government demands is critically important for three reasons. first, the american people and policy makers have a clear right and need to know this information so that they may have a more informed public debate about the appropriateness of the government's use of its authorities and to better ensure those authorities are not misused or abused. second, the company have a clear first amendment right to tell us

this information. and the government as tempt to gag them from sharing even this most basic data or even to admit that they have received foreign intelligence demands at all is clearly unconstitutional. indeed you'll see this prior restraint at work in the room. even though everyone in this room knows and understands that google has received foreign intelligence surveillance act process, google's representative is the one person in the room who cannot admit it. third, greater transparency is urgently necessary to restore the international community's trust in the u.s. government and in our u.s. internet industry, which is projected to lose tens if'll hundreds of billions of dollars in the face of widespread concern from foreign governments and international users. we must take this opportunity to demonstrate that our surveillance practices are necessary and proportionate and respectful of constitutional and human rights. and if the numbers show otherwise we must take this opportunity to reform our surveillance laws as well as better protect our rights and national security. speaking of national security there are two basic arguments

why publishing these numbers would threaten it, but neither is persuasive. first there's concern that such reporting will reveal which services have not been targeted by the u.s. government such that our enemies will seek them out. however, it has always been the case companies that haven't received national security demands can say they have not received national security demands as was most recently demonstrated just last week when apple revealed it has never received an order under section 215 of the patriot act. the second argument is that reporting will reveal which services have been targeted such that their enemies will avoid them. however, this concern rings somewhat hollow when top intelligence officials such as nsa -- current nsa director keith alexander have repeatedly and publicly announced the names of various services such as google, facebook, twitter, and yahoo! that they believe terrorists are using. senator frachken also mentioned a comment by former nsa director michael hayden. put simply, these generals

recognize that saying someone on a service is being surveilled is very different from identifying who on that service is being surveilled and only the latter is dangerous to national security. therefore, the less transparent alternatives to the bill the government has suggested are unnecessary to protect national security. more than that, they would actually be worse than the current transparency status quo. on the government reporting side the dni has announced he will voluntarily public new statistics reflecting how many people have been, quote, targeted, unquote under various surveillance authorities. but such limited reporting would actually be misleading. for example, the dni's reporting for 2012 would only have indicated that around 300 people had their telephony metadata targeted under section 215 of the patriot act. w yet we know now know the government has used section 215 to obtain the phone records of every single person in the country. such falsely reassuring reporting would do more harm than good. on the company reporting side

the government advocates for a lot of what i'll call fuzzing and lumping. they want to lump together into a single number all the different foreign intelligence authorities as well as all state, local, and federal law enforcement requests and then fuzz that number up by putting it into a range of a thousand. that kind of fuzz'll and lumping would be a step back for transparency, obscuring more than it reveals. especially considering that companies are already engaged in detailed reporting about the law enforcement process they receive and in some cases have also been allowed to publish separate rounded numbers about the national security letters they receive. no one's ever suggested that either that reporting or the detailed reporting the government has done for decades about its law enforcement wiretapping has ever disrupted an investigation. neither would the reporting required and allowed for under this bill or that provided by the transparency provisions of the u.s. freedom act, another bill cdp strongly supports. greater transparency is no replacement for substantive

reform of our surveillance laws but it can serve as a key stepping stone toward that broader reform by allowing the public and policy makers to better understand how the government is using its powers. so i thank you for your consideration and i look forward to your questions. >> thank you, mr. bankston. mr. rosensweig. >> senator fraenk, senator flake, members of the subcommittee, i thank you very much for the invitation to appear today. it is always an honor to be asked to provide one's views to the senate of the united states. and i thank you for affording me that opportunity. i should begin by saying as a current holder of a top secret clearance for some of the work i continue to do for dhs i have limited what i have read to what has been lawfully declassified by the dni, as have most of the people in my position, which somewhat constrains how i can speak to the issues today. that having been said, i would make four basic points.

the first is that transparency is a good thing but unlimited transparency cannot be our end goal. secrecy itself has its virtues in any number of circumstances. one can think of everything ranging from the attorney-client privilege to the identity of an undercover officer in a gang in los angeles to any number of reasons why governments legitimately keep secrets that are subject to oversight in a classified manner, either through the oversight of their executive branch or legislative branch or in some cases the judicial branch. thus, while i fully support the overarching sentiment that underlies much of the bill that is before you, that is, the idea that we can and should seek to increase transparency with respect to the nsa surveillance programs, i think that we have to do so in a calibrated way, one that takes into account what the end goal of transparency in

this circumstance is. now, i would submit that the end goal here is greater oversight, greater audit, greater assurance that the nsa and other intelligence community activities are acting in conformance with the laws that set them out and not in ways that are in violation of those laws. to my mind the right answer to the questions you are asking is how will the transparency you're advocating advance that goal? with that in mind, my second point is that i think that the proper reflection on what we should be learning more about with respect to the nsa surveillance is to require a lot of disclosure of aggregate information, a lot of disclosure to -- with respect to existing programs but that we should take very seriously the protestations of government officials who are frankly in a better position to know than i am at least given

what little i know about the classified nature of these programs, that further disclosures will disclose sources, methods, capabilities that have not yet publicly been disclosed. indeed, my single greatest constructive criticism that i would offer with respect to the bill before you is the idea that the disclosure requirements are key to statutory programs themselves and like section 215 or section 702 and seems to operate from the unstated assumption that we have already learned from the classified programs operating under those statutes. if that's the case then the transparency that is key to those sections is to be welcomed indeed. i skt without knowing that there are other programs involved, other covert programs that have not yet been disclosed either lawfully or unlawfully. and it is at least plausible to me that further disclosures of

particularized numbers would lead to the disclosure of programs that have not yet made it into the public record. if that were the case, i would think that that would be an unfortunate result. my third point would simply be that the most effective reforms i think are not just enhanced transparency of -- for the american public but for structural reforms. things you can do that aren't part of this bill, part of what congress can do, things like making the nsa inspector general a presidential appointment, expanding the jurisdiction of the privacy and civil liberties oversight board. those sorts of things don't sound as sexy as greater transparency. but i tend to think that in the end they will actually prove more effective than even the most detailed disclosure of individuated numbers within various programs. with that i will conclude and i look forward to your questions. >> thank you, mr. rosenzweig. mr. salgado.

>> chairman franken, ranking member -- thank you. chairman franken, ranking member flame, senator blumenthal, and senator lee, thank you for the opportunity to appear before you this morning to talk about the surveillance transparency act of 2013. my name is richard salgado. i am the director for law enforcement and information security at google. in that capacity i oversee the company's response to government requests for user information under various authorities. i'm also responsible for working with teams across google to protect the skurs of our networks and our user data. mr. chairman, we commend you for introducing the surveillance transparency act of 2013. simply stated, we believe that service providers should be able to disclose basic statistics about national security demands that we may receive. the revelations about the u.s. governments and other government surveillance practices over the past few months have sparked a serious debate about the laws governing surveillance of private communications by the

intelligence community. google recognizes the very real threats that the u.s. and other countries face today. and of course governments have a duty to protect their citizens. but the current lack of transparency about the nature of government surveillance in democratic countries undermines the freedom and the trust most citizens cherish. it also has a negative impact on our economic growth and security and on the promise of an internet as a platform for openness and free expression. in the wake of the press reports about the so-called prison program, governments around the world have been considering proposals that would limit the free flow of information. this could have severe unintended consequences such as a reduction in data security, increased cost, decreased competitiveness, and harms to consumers. proposal like data localization pose a significant threat to the free and open internet. if they're adopted, then what we

will face is the effective creation of a splinternet broken up into smaller national, regional pieces with barriers around it to replace the global internet that we know today. enacting the surveillance transparency act would allow the u.s. to take a first step toward rebuilding the trust that's necessary. transparency and national security are not usually mutually exclusive. since 2010 we've published a transparnszy report where we share information about the law enforcement requests for user data we receive from governments around the world. earlier this year after some discussions with the department of justice we began providing more information about the volume and scope of national security letters that we receive, although in broad ranges. there's been no intimation from the department of justice that publishing statistics concerning nsls has damaged national security. we approached the doj about expanding our reporting to include aggregated statistics about fisa requests that we may receive. we were disappointed the justice department refused.

in june we filed a motion for declaratory judgment before the foreign intelligence surveillance court, asserting a first amendment right to publish this type of information. the doj repeated that it would allow companies to add the number of domestic law enforcement and national security requests together and report the sum as falling within some broad range. but this would be a significant step backward for google's users in the broader public. rather than promote transparency, this proposal would actually obscure important information about the volume and type of all government demands that google may receive, not just national security demands. as i mentioned, google already discloses aggregate statistics about domestic law enforcement demands and have done so since 2010. publishing future reports where we could only release this type of information in ranges rather than actual numbers and type would provide less transparency than we have now. in addition there would be no discernible benefits for transparency around national

security demands that we may receive. indeed, google would continue to be prohibited from even acknowledging their receipt, which would only invite continued speculation about the nature of the information we are able to report. we would also lose the benefit of providing information specifically about national security letters that we couldn't currently enjoy. in short, the d.o.j. proposal would not provide the type of transparency that is reflected in the transparency surveillance act of 2013. transparency is critical in informing the public debate on these issues, but it's only one step among many that are needed. two weeks ago google along with aol, apple, facebook, linkedin, microsoft, and yahoo voiced support for broader fisa reform that would include substantial enhancements to privacy protections and appropriate oversight and accountability mechanisms. we strongly believe that governments throughout the world must reform laws governing state -- and access to private

communications. this activity must be rulebound, narrowly tailored, transparent, and subject to oversight. we look forward to working with the congress on the surveillance transparency act of 2013 and other reform measures. thank you for your time and consideration. >> thank you, gentlemen, for your testimony. mr. bankston and mr. salgado, you heard witnesses from odni and d.o.j. say that it would be very difficult for the government to provide an estimate of the number of u.s. persons caught up in surveillance. do you agree with them? >> i'd prefer to talk about what the nsa should be able to do rather than getting into a debate about what they technically could do, although i have some opinions about that as well. the authorities we're discussing today are foreign intelligence authorities. they are predominantly intended to and are sometimes limited to acquiring the communications of foreign persons or persons outside of the united states and have special protections for u.s. persons.

therefore, knowing how many u.s. persons have been surveilled, have been swept up intentionally or unintentionally under these powers is critical to understanding whether they're being used correctly prorks portionately, and in line with constitutional or statutory limits. the fact the nsa is claiming it does not have the ability to provide even a rough estimate as to how many u.s. persons have been swept up in the surveillance is quite frankly shocking and i think points to perhaps a need to recalibrate what we are authorizing them to do if they cannot even judge how their activities are impacting the american people. he more importantly, i'm also disappointed to hear the implication that the nsa has more important things to do than to ensure that it is not inappropriately impacting the privacy of u.s. persons. that should be a core priority of the nsa, one that they can and should dedicate a reasonable amount of resources to. we think that with a reasonable amount of resources it can, as demonstrated in the fisa court

case of 2011, take measures to make reasonable estimates about how their authorities are impacting the american people. >> indeed, in the bates fisa court decision of 2011 nsa had been violating its authority, right? and they were able to discover that partly by doing the kind of estimation that they did. >> ip deed. and if such estimates had been required -- if those had been required earlier, we would have found out three years earlier that americans were unconstitutionally being surveiled and would have presumably put a stop to it. >> mr. salgado. >> i think it certainly makes sense to explore all the various ways we can increase transparency around these programs, whose data has been collected and what data. we want to be able to do that of course in a way that's a practical, reliable way. so i think it makes good sense to explore the different ways that that kind of an obligation could be satisfied by the government and to take into

account the costs that it may -- that it may be necessary to incur. but certainly the value of that sort of detail is significant. >> thank you. mr. banks, you organize an impressive coalition of dozens of technology companies and civil society groups all calling for greater transparency and endorsing my bill specifically. it's a broad coalition of the nation's leading technology internet companies including google and apple and microsoft and facebook. as well as many leading civil liberties books. but mr. salgado, could you just speak to why google and apple and microsoft and facebook are companies that normally compete with each other are working together on this? and what this means in terms of your business.

>> yeah, chairman. the disclosure that's we've seen coming out in june and then since then have really the great potential for doing serious damage to the competitiveness of these american companies. there's a potential for great damage to the internet as a whole. but certainly what these companies and google recognizes is that the trust that's threatened is essential to these businesses. it's very important that the users of our services understand that we are stewards of their data, we hold it responsibly, we treat it with respect, and that there's not any sort of confusion around the rules where we may be compelled to disclose the data to the government. and when there are rules around that that it's clear what they are and the interaction between the government and google and the other companies as well. this is central to make sure

that the users have confidence in their ability to place and trust their data with us. the impact of the disclosures in june are manifest. we can see as an academic matter, or rather as an anecdotal manner that customers who may be considering using the rich services available in the cloud are nervous to do so now as a result of those disclosures. this means that companies, some abroad and some in the united states, may not be taking advantage of the efficiencies and security benefits and all the other advantages of the cloud as a result of this. it's a terrible result and one that we need to address. transparency, among other steps, would help restore the confidence in the cloud and american companies. >> thank you. the ranking member. >> thank you. appreciate the testimony. mr. salgado, you heard the testimony previously. and my question as to whether or not some of the companies would be concerned, would share the

concern that there would be increased privacy concerns were this additional information to be gathered, tell me why that doesn't make sense. or tell me why you disagree. >> senator, i assume you're referring to the u.s. persons -- >> yes. >> -- step within the government disclosure portion. i think i share mr. litt's view that it's unlikely this would result in any more disclosures by companies to be able to make this the evaluation that would be required of the -- >> so they have the data? they could simply drill down on their own data without asking you for additional information? >> that's what i would anticipate. >> and revealing more information about drilling down on u.s. persons doesn't concern you as a company to have that additional information out there as required in this legislation. >> i think that as we look at

the methods by which the intelligence community may address the u.s. persons' estimation, it makes sense other to look at that. how do you minimize those additional steps and do they in fact require intrusions where there weren't any before absent that obligation. >> mr. bankston, do you have any thoughts on that? >> the general privacy concerns they raise but there are additional concerns about privacy that would be raised by drilling down on this information. >> i think it's important to note that to some extent privacy is invaded and was invaded when the government collects the data itself. and to say that we cannot make a meaningful estimate of how many people's data we have collected and how many u.s. persons data we have collected because to look at some small selection of it, to make that estimate would harm privacy, it just doesn't make sense to me. the privacy to some extent has

already been violated. we're just trying to get a gauge of how many people's privacy has been violated. >> mr. salgado, you mentioned the prospect of different countries walling off their data or making an attempt to. how real of a concern? how timely of a concern is that? have we seen such moves being taken by certain countries? can you explain a little about that? >> yes, senator, we have. so it's a very real threat. we've seen proposed legislation and jurisdictions to do just this. you see it in several flavors. there's the possibility of requiring data location. so companies requiring to exclusively store data within a jurisdiction. you see affirmative laws that are often referred to as blocking statutes which would say companies that operate in this jurisdiction are not allowed to cooperate with u.s. authorities around data disclosures. you see different flavors of these things.

they all tend to start to create a network structure, an internet structure that is based on political boundaries and the idea of a global internet quickly breaks down. >> well, thank you. that's a concern that i think a lot of us have, that this free flow across borders that's been so healthy and been necessary for the growth of this kind of communication would be disrupted. mr. rosenzweig, you -- let me just get a general answer from you on this. is the value of legislation like this -- i can see the value in allowing companies to be able to explain more to their users and get greater comfort there. is there as much value in this being an additional check on government not to go too far because they have to reveal this information? what is the greater value in legislation like this? or is it shared that way? >> i think the first principal

value of the legislation is the one senator franken expressed which would be to statutorily mandate that which is now merely voluntary and an act of grace by the executive branch. so i think that's a g-- regularizing, that institutionalizing that is a positive value. i think that in general legislation that requires the government to explain itself is a positive value as well. everything from foia to inspectors general statutes. my concern in particular would be to ensure that the disclosure requirements don't wind up disrupting the existence of heretofore undisclosed programs that are a value to us. and that i think i can't answer in a generalized manner. i think it's a very case-by-case specific manner. i think it's probably not a decision best left to the executive branch alone. i think it's a decision left to the executive branch in a

classified discussion with this body and the house of representatives. it by its nature cannot be a discussion that at least at the first instance involves the american people because that by its nature terminates the discussion itself. >> all right. thank you. that's been very helpful. >> thank you. senator flake, chairman leahy has graced us and has arrived. i'd like to add this statement from the chairman to the record before -- thank you. i'd like to ask him to ask his questions. >> thank you. and i also thank the courtesy of my friend from connecticut, senator blumenthal. i think more and more people agree or should agree that we need additional transparency about our government

surveillance activities. i think if we don't we're not going to restore public confidence. i think senator franken's worked to build consensus around transparency legislation deserves praise. i'm glad google and other tech companies are lending their support to that bill. i think that the tech industry realized we need more than transparency, we need substantive reform. several of the major tech companies, i want to make shire got them all right, google, microsoft, yahoo, apple, facebook, aol, and linkedin, signed a letter to me supporting greater transparency. they want substantial enhancement to privacy protection, appropriate oversight, and accountability matters that i know mr. salgado knows that letter. i recently introduced a comprehensive surveillance reform bill, the bipartisan usa

freedom act. i support -- appreciate these companies supporting stronger fisa work. mr. salgado, let me ask you, just enhancing transparency, is that going to be enough to bring back global confidence in american technology companies? do we need to do more? and if we don't do more, is this going to affect u.s. businesses? >> thank you, mr. chairman. i think it's an important step to have increased transparency. but i do agree that more is needed than that. and as you noted, we've expressed our support for the legislation that you've offered, the -- i think we need some reform that allows users and others to know that the intelligence community and its collection of data is done under law, that it's rulebound, that it's narrowly tailored. that there is oversight, there's accountability for it.

and of course as we've been discussing today, that there is some transparency around it that can help bring some of the trust that all this happened. >> and aside from affecting the reputation of the united states, if we don't do that it's going to affect businesses too, is that right? >> absolutely, mr. chairman. we've already seen impacts on the businesses. chairman franken cited a couple studies in the opening statement that reflected financial consequences. i think there's real concerns over the entire structure of the internet over these revelations if this isn't addressed correctly. >> let me go a little bit on that where my biggest concern is about section 215 phone records. the legal rationale underpinning it has that legal principle. if all our phone records are relevant to intelligence investigations then why wouldn't everything be considered relevant? and if that's the case are

companies like yours concerned that consumers do not trust that their data is safe from unwarranted government intrusion? does google think about what that might do as far as cloud technology is concerned? >> that's right, mr. chairman. the confusion that came out as a result of the june revelations and since then and additional stories i think have led to a real concern both inside the united states and outside the united states about what's happening. what are the decisions of the fisa court. awful those have played a need in the confusion. >> especially when the nsa handles those things so carelessly, they let a 29-year-old subcontractor walk off with all their secrets and as far as i know no