if you need the time, this is important, please take it. with us today are deputy attorney general cole. he is prepared to go first, and he will be followed by principal deputy dni stephanie o'sullivan. mr. ledgett and mr. juliano will not give formal remarks but will be available to answer questions. >> thank you. distinguished members of the committee, we're all very pleased to appear before you to express the administration's support for the usa freedom act, hr 3361 as recently passed by the house of representatives. i appreciate this committee's leadership and the considerable effort that it has dedicated over the past year working with us to explore how we can increase the confidence of our

fellow americans in their privacy being protected while providing our intelligence agencies with the authorities they need to acquire foreign intelligence that is so important to our national security. the bill passed by the house last month would make some significant changes to the provisions of the foreign intelligence surveillance act that we believe will help us meet these two objectives. among other provisions, the bill would prohibit bulk collection of information under section 215, the national security letter statutes, and the pen register trap and trace provisions of fisa. it replaces the bulk telephony metadata collection program with a new framework that preserves the capabilities we need without the government holding the bulk metadata. to be clear, the president called for this transition not because the program was illegal or was being abused but rather to give the public greater confidence that their privacy is

being appropriately protected while maintaining the tools that our intelligence and law enforcement agencies need. the bill would also provide greater transparency to the public concerning some of our intelligence collection activities and authorize the foreign intelligence surveillance court to appoint independent amicus in appropriate cases so that alternative views may be heard. i'd like to spend just a few minutes describing some of the key provisions. as i have mentioned, hr 3361 establishes a new mechanism under section 215 that permits the government to access telephony metadata without having to collect it in bulk. it includes all the key attributes that were identified by the president in march for a new program, including in particular a requirement that absent an emergency situation, the government would obtain the records only pursuant to individual orders from the fisa court approved with the use of specific selection terms for

such queries and only if a judge agrees that the government has established reasonable articulable suspicion that the term is associated with a foreign terrorist group. as i said before, and it's worth repeating, the bill's prohibition of bulk collection extends to all bulk collection of record pursuant to section 215 going forward as well as under the national security letter statutes and the pen register trap and trace provisions of fisa. under each of these authorities, the government would be required to use a specific selection term as a basis for production of records. the bill defines specific selection term as and as the chairman quoted, a discrete term such as a term specifically identifying a person, entity, account, address, or device as used by the government to limit the scope of the information or tangible things that are sought. this definition clearly prevents

bulk collection under these authorities. including the collection of the sort that has been conducted with respect to the telephone and internet metadata. while i have heard people say it would allow the government to seek all of the phone records, for example, of a particular zip code, that is not the case. that would be the type of indiscriminate bulk collection that this bill is designed to end. at the same time the bill does preserve the government's ability to collect information in ways necessary to identify and disrupt the threats we face. for example, if the fbi learns that an unknown suspect intends to build an improvised explosive device using ball bearings and fertilizer, this bill would enable the fbi to obtain sales records for those items from particular stores in the relevant area that sell those items. or if the fbi comes aware that

an unidentified terrorist suspect spent several nights at a particular hotel, this bill would allow the fbi to request the hotel's guest records for those particular nights. as the house permanent select committee on intelligence noted in its report on hr 3361, and i quote, bulk collection means indiscriminate acquisition. it does not mean the acquisition of a large number of communication records or other tangible things, close quote. the bill's definition of specific selection term recognizes that distinction. in addition, the other provisions of hr 3361 would create unprecedented transparency and further enhance oversight. the bill, first of all, builds on what the government has already committed to make public regarding the use of national security authorities. in addition to codifying the director of national

intelligence's commitment to release annual figures, the bill essentially codifies the department of justice's january framework for reporting by providers but adds additional options for reporting broken down by authority. also, the bill would require a declassification review of any fisa court opinions, orders, or decisions that include a significant construction or interpretation of fisa, and it would direct the government to make such opinions and orders publicly available to the greatest extent practicable. third, the legislation would skret a significa create a significant new measure to ensure the fisa court and the court of review receive independent third party input in consideration of novel or significant matters. beyond the existing statutory authorities for providers to challenge orders they receive pursuant to fisa, the legislation would provide a mechanism for these courts to appoint an amicus cur rye to assist the court in the consideration of any application

for an order or review that prevents novel or significant interpretations of the law unless the court issues a written finding that such appointment is not appropriate. in sum, we support the usa freedom act as an effective means of addressing some of the concernins that have been raise boo the impact of our collection intelligence activities on privacy while preserving the authorities we need for national security. we urge the committee to give the house bill serious consideration as soon as possible consistent with this committee's important role. madam chairman, thank you for the opportunity to present our views. stephanie o'sullivan will now make an opening statement and then we will all be happy to answer your questions. >> thanks very much, mr. cole. mrs. o'sullivan. >> chairman feinstein, vice chairman chambliss, and distinguished members of the committee, we are pleased to appear before you to express the administration's strong support for the usa freedom act, hr

3361, as recently passed by the house of representatives. the deputy attorney general has provided an in-depth review of the usa freedom act as passed by the house last month, but i wanted to touch on a few key points in my remarks. over the past year the nation has been engaged in a robust discussion about how the intelligence community uses its authorities to collect critical foreign intelligence in a manner that protects civil liberties and privacy. we take great care to ensure the protection of individual privacy and civil liberties in the conduct and intelligence activities. nevertheless, we have continued to examine ways to increase the confidence of our fellow citizens that their privacy is being protected while at the same time providing the intelligence community with the authorities it needs to fulfill its mission and responsibilities. to that end, we have increased our transparency efforts and the director of national intelligence has declassified and released thousands of pages

of documents about intelligence collection programs including court decisions and a variety of other documents. we are continuing to do so. these documents demonstrate the commitment of all three branches of the government to ensuring that these programs operate within the law and apply vigorous protections for personal privacy. it is important to emphasize that although the information released by the director of national intelligence was properly classified originally, the dni declassified it because the public interest in declassification outweighed the national security concerns that originally prompted classification. in addition to declassifying documents, we've already taken significant steps to allow the public to understand how we use the authorities in fisa, now and going forward. for example, we are currently working to finalize a transparency report that will outline on an annual basis the total number of orders issued under various fisa authorities

and an estimate of the total number of targets affected by those orders. moreover, we recognize that it's important for companies to be able to reassure their customers about the limited number of people targeted by orders requiring the companies to provide information to the government. and so we support the provisions of the house bill that allow the companies to report information about national security legal demands and law enforcement legal demands that they receive each year. we believe this increased transparency provides the public with relevant information about the use of these legal authorities while at the same time protecting important collection capabilities. making adjustments to our intelligence activities and as appropriate our authorities is also part of this effort. for several years the government has sought and the fisa court has issued orders under section 215 of the patriot act allowing the bulk collection of metadata about telephone calls. the president has ordered a transition that will end this

bulk collection in a manner that maintains the tools intelligence agencies need for national security. we are committed to following this mandate. the intelligence community believes that the new framework in the usa freedom act preserves the capabilities the intelligence community needs without the government holding this metadata in bulk. the usa freedom act would prohibit all bulk collection of records pursuant to section 215, the pen register trap and trace provision of fisa, and national security statutes going forward. let me repeat that. the intelligence community understands and will adhere to the bill's prohibitions on all bulk collection under these authorities. moreover, the usa freedom act makes other important changes by further ensuring that individuals' privacy is appropriately protected without sacrificing operational effectiveness. to that end, we support the usa freedom act as an effective

means of addressing the concerns that have been raised by the impact of our activities while preserving the authorities we need for national security. we urge the committee to give the house bill serious consideration as expeditiously as possible consistent with this committee's deliberations, and we are ready to work with the senate to clarify language in the bill as necessary. in closing, we appreciate the committee's leadership and particularly your support over the past year in considering issues related to our intelligence collection activities and privacy and civil liberty issues. we also appreciate your support. for the men and women working throughout the intelligence community to include the nsa who remain dedicated to keeping our nation safe and protecting our privacy and who have upheld their oath by conducting themselves in accordance with our nation's laws. we look forward to answering your questions. >> thank you very much, mrs. o'sullivan, and we will now

proceed to questions. i have two, and the question i have is this, would you support a modified definition that changes what's called specific selection term and instead call it a specific identifier and defines it more specifically by adding that it's meant to be a discrete term used by the government to narrowly taper the scope of information? >> madam chairman, i think that we think the definition that's in the bill works, but as mrs. o'sullivan said, we're more than happy to work with the committee. if you feel there is better language, we're more than happy to work with the committee to try and put out language that really accomplishes what i think we all understand needs to be done. we're trying to end bulk collection, but we're trying to

allow enough flexibility to get in times the volumes of records that may be important to do these investigations but still keeping them focused. so we're happy with the language that's there and we're happy to work with you on additional language if -- >> all i'm asking is that you take a look at it. >> more than happy to do so. >> thank you, thank you. and fcc rule section 42.6 at 47 cfr requires companies that, quote, offer or bill tolled telephone service to retain billing information and telephone toll calls for at least 18 months. here is the question. does this rule require telephone companies to retain the information that the government needs for a sufficient period of time? as you know, in this bill before us, there is no time for retention of records. >> i'll refer to mr. leddette or

mr. juliano but we believe this provides a sufficient time for us. there is a provision that allows us to order technical assistance from the companies to make sure that the records are in the kind of form and format that will be useful to us. >> mr. leddette. >> madam chairman, we believe the 18 month retention period would be sufficient. if the companies were to change their practices, we'd advise the committee. >> you're saying you're confident that the companies will retain the call records for 18 months? >> we actually can't say that, ma'am. they will retain the records for as long as their business requirements dictate they retain the records and they could change their business models and change the need for that. we will advise the committee if and as that happens and affects our ability to conduct our

intelligence mission. >> okay. thank you. mr. vice chairman. >> thanks, madam chair. mr. cole, in your opinion is nsa section 215 bulk telephone and metadata collection program conduct conducted within our laws? >> yes, it is. >> do you agree with me that nsa's bulk telephone and metadata collection system has been one of the most heavily overseen programs in the intelligence community? >> yes, mr. vice chairman, i do. >> mr. juliano, this bill would extend the sunsets for both lone wolf and roving out to december 31, 2017. it seems to me that these two provisions are pretty noncontroversial at this point.

the only reason we kept extending these sunsets was because of the concerns about the 215 bulk data collection program which this bill is going to eliminate. have there been any abuses of the roving or lone wolf provisions to your knowledge? >> no, sir, there hasn't. >> would you be in favor of making the provisions permanent? >> yes, sir. >> mr. cole, do you agree with that? >> i think that would be appropriate, senator, yes. >> mr. ledgett? >> yes, sir. >> miss o'sullivan? >> yes, sir. >> mr. ledgett, the nsa has been subjected to a lot of unwarranted abuse since snowden's treasonous disclosures. i want to publicly thank you and all the patriotic americans who serve our nation by quietly performing nsa's vital mission. in your opinion, is this country safer or less safe after those damaging disclosures? >> mr. vice chairman, first,

thank you for the words of support to the nsa workforce. we appreciate that. in my opinion, the country is less safe because of the disclosure of the methods that we use to conduct our authorized foreign intelligence mission. >> it doesn't appear to be -- there doesn't appear to be any requirements in the bill for the service providers to retain call detail records for any set period of time, as you just discussed with the chairman. mr. ledgett, if service providers decide to scale back their data retention period, how would that impact nsa's mission? >> mr. vice chairman, that would make it -- make the information less useful for providing intelligence on the external threat with a u.s. nexus, and so we would come back and inform the committee if that became the case. >> mr. giuliani, how would the service providers be effected if

they decided to cut back the retention periods? >> i think it would affect the richness of the data and the usefulness. >> would it make other investigative techniques less effective? >> i'm not sure it would make them less effective but if the data is less rich and there's less data to use, it would impact the value of the data. >> now, i'm in favor of providing a statutory basis for the fisa court to use their inherent judicial authority to appoint amy cuss cure ray when the courts determine it would be appropriate, and in our bill we made a provision for that. section 401 requires the court to appoint an amicus to assist the court in situations involving, and i quote, novel or significant interpretations of the law unless the court issues a written finding that such

appointment is not appropriate. now, this seems like an unconstitutional i think fringement. we routinely trust our courts and judges to make these sorts of interpretations in ex parte situations in the criminal context. mr. cole, do you think it's a good idea to try to impose this requirement on fisa courts? >> well, mr. vice chairman, i think as a practical matter, the courts will be appointing amicus when there is a significant and a novel issue that comes before them, and i think that that will happen in the due course. this doesn't require them in all instances to. it just says if for some reason they decide they don't want one, they just have to put their reasons in writing. but my expectation is that when it is significant and novel, the courts generally will want to have another point of view and have an amicus come in. so i think the operation of it will be virtually the same as if it was just the inherent power.

>> so what if you run into a judge who just in every case decides that they're going to make a determination that we don't need an amicus brief. do you think it's going to be incumbent upon the doj to review those decisions that judge makes? >> no, i don't think there's a mechanism that requires the justice department to oversee how the court is employing this. this is still within the sound discretion of the court to appoint an amicus in the significant or novel cases. it's just that when you have one that is significant or novel and they don't, they need to merely state their reasons if they don't appoint one why. >> thanks, madam chair. >> thank you, mr. vice chairman. senator udall -- i will just read the list, udall, king, widen, mikulski, rockefeller, coats, collins, heinrich, risch,

and levin. >> thank you, madam chair. let me begin by asking unanimous content to enter into the government published by the reform government surveillance coalition. >> without objection. thank you. >> madam chairman, the reform government surveillance coalition is made up of leading american companies aol, linkedin, drop box, facebook, yahoo!, and twitter. and i think the important sentence in their letter is in the next few weeks the senate has the opportunity to demonstrate leadership and pass a version of the usa freedom act that woot help restore the confidence of internet users here and around the world while keeping citizens safe. the coalition goes on to express real concerns with the house bill and urges us in the senate to make some significant changes to the house bill. in that spirit i want to make an initial set of comments and then, of course, i have questions for the panel. on january 17th the president ordered a transition away from the bulk collection of phone records. i share this goal with the president and i applauded his

intention at the time. he also stated that it, quote, is not enough for leaders to say trust us, for history has too many examples when that trust has been breached. our system of government depends on the law to constrain those in power, end of quote. i agree that we must depend on the law to constrain potential future abuses of government surveillance, but i believe the house passed bill, the topic of our hearing today, falls short of this goal and is not the true reform i've demanded for years. in addition to my concerns that the house passed bill omits many of the reforms included in the original usa freedom act, the section 215 language in the house passed bill describing the specific selection term used to secretly collect records is vague enough to still allow the collection of mass information. i believe it is not this administration's intent to interpret the language so broadly but the nsa has shown time and time again it will seize on any wiggle room in the

law, and there's plenty of that in this bill. so, mr. cole, let me ask you, even if it is not the intent of this administration or even of this congress, what would stop the fisa court from interpreting the specific selection term very broadly should the government ask it to do so? >> well, i think a lot of what would prohibit that is the legislative history, the statements of intent. the legislative history we're creating today by making clear and unambiguous statements that this is intended to stop bulk collection and that what we're focusing on is some focused tailored inquiries that will detend on the facts and circumstances and it's impossible to predict all of them ahead of time, but to make sure we have focused inquiries and focused collection of information for our investigations. so i think a lot of that is going to come from both the language of the statute and if there's improvements that people want to suggest, we're happy to

work with them on them, but we think the language does it by using terms like specific and identifiers and things of that nature to make it not the indiscriminate bulk collection that had been going on before, and i think also just the reports that have come out of the house, the statements that are being made both by you senators in the course of your comments and by the witnesses that come before you as making up the legislative history, those would constrain it. and i think in addition, if there were an interpretation by the fisa court that it is very broad, that would be a novel and significant order and opinion and would be given to the united states congress, given to the senate, and the senate would then have an opportunity to pass additional legislation to rein it back in. but i would be very, very surprised to see it go in that direction based on the language that's here and the legislative history. >> we do have a moment in time where we have to get this right, and with all due respect, i

don't remember the fisa court showing a great deal of restraint in the past, but i want to move to my next question, if i could. the current court approved order for section 215 bulk collection expires on june 20th. that's not a long time from now. so in the absence of agreement in congress on a surveillance reform bill in the next two weeks, i assume that the administration will ask the fisa court for another 90-day extension. that's disappointing. i believe the administration has the tools it needs to keep americans safe while also protecting our constitutional privacy rights. so mr. cole, back to you again, has the administration looked at what can be done to utilize existing authorities such as regular fisa orders and national security letters if only on an interim basis to end bulk collection now and doesn't it make sense for the administration to proactively pursue other options today to end bulk collection even as congress does its work? >> no final decision has been made on the renewal, but to answer the specific question, senator, you don't get all of

the features under the existing authorities that you have under the current fisa order that exists or under hr 3361. you don't get the two hops. you don't get the prospective production of records that can come. you don't get the time period that's given by the statute, the 180 days to try to transition into the new type of system and formatting that the phone companies and providers will have to do. so there's a number of features that we don't have today and wouldn't have today without the current fisa order. as the president had said on the 17th of january, this is important information, but we think we have found a way to collect the kinds of information we need to substitute it without bulk collection. but without the structure we have in 3361, we don't have that tool. >> my sense if i can be a bit

contrarian is the fisa court has expansively interpreted the patriot act to allow the collection of millions of americans' phone numbers. if you came to them with a more narrowly drawn law without requiring further action, they would positively respond. have you made any such requests? if you engaged with the court on those questions? >> we have to my noge not engaged with the court on those questions. we have a judicially tried and tested method here as the chairman had pointed out. 37 times the court has approved this. other courts have approved this as well. we're a little reluctant to start going into some other type of legal regimen that has not been tested, that has not been approved by the courts. we'd rather go the legislative route where the united states congress and both houses have looked at it, have deliberated, and have decided to pass it. so we think that our choices at

this point really come down to what has been approved by the courts over a number of years, the new legislation, or else not having the tools we need at all. >> madam chair, my time is expired. i want to thank the panel for being here today. as you can imagine i have another hour's worth of questions. i will extend a number of them to you all for the record. >> thank you, senator. >> thank you very much, senator udall. senator king is next, but he has very graciously agreed to permit senator coats who has to catch a plane to make a statement. so senator, you're on. >> well, i thank my colleague and i hope i can return the favor sometime. in the interest of not taking up time, i simply will make a statement for the record. i have a number of questions which we can pursue as we go through this. i was taken by the words of the vice chairman when he said fixing what is not broken, we have to be very, very careful here. unfortunately, in my opinion,

there's been significant misrepresentation of the current program regarding privacy concerns and regarding -- suggesting a lack of sufficient oversight by the three branches of government, which, unfortunately, has put us in a position where i'm afraid we may overreach in terms of what we're trying to do here. i take a backseat to no one regarding our constitutional rights on personal privacy that are guaranteed to us. nevertheless, i think we must carefully review and analyze the consequences of any proposed changes to ensure that we don't compromise our ability to detect and thwart threats against american citizens. we should not play to the siren song of the political response simply to please people that we are responding to their misperceptions in many cases

because there's too much at stake, and namely the security of americans. compromising to please a skeptical and frequently misinformed public and, therefore, losing our ability to protect americans is something that we have to take very seriously. so i think as we go forward, we have to carefully weigh and consider the response of general alexander to my question to him in a public hearing when i asked him about the question of diminishing our capabilities to detect and thwart an attack. and his answer was, americans will die. so i hope as we go forward we keep that in mind as we examine how we're reconstructing this program and make sure that we're doing everything we can to keep americans from dying unnecessarily. madam chairman, thank you very much. >> and i thank you, senator coats. appreciate it. senator king? >> thank you, madam chair. i was asked recently what the

intelligence committee does, and after thinking about it for a minute, i said our principal job is to weigh two provisions of the constitution. one is the preamble, which vests us with the responsibility of protecting -- providing for the common defense and ensuring domestic tranquility and the other is the fourth amendment see that people's persons, property, and effects are secure from unreasonable searches and seizures. we are constantly trying to find that right balance, and that's exactly what this hearing is about today. i have expressed from the very beginning of my service on this committee reservations about the government holding the bulk data. it always struck me as an invitation to abuse. i believe strongly that we have to have institutional checks rather than reliance upon the good will and good nature and good faith of individuals who have -- who are entrusted with that kind of information.

i'm a great believer in lord acton's famous admonition that all power corrupts and absolute power corrupts absolutely, so i think the provisions that the president recommended, the house has adopted, is moving very definitely in the right direction. a couple specific questions. it seems to me that something has to be added to this bill with a time frame for the retention of records. the question has been asked several times what if they changed it? well, we'd go to fisa, come back to the congress. let's do it now. let's decide what the right number is. 18 months is what the fcc requires, i understand, but under our prior consideration, we were talking about three to five years, and i would like your recommendation, perhaps mr. ledgett, as to what the right number should be. i'd be more comfortable, a, with a number, and, b, with a longer number than 18 months. >> senator, i think from the our point of view, we can live with

the 18-month retention period that the fcc imposes from a regulatory point of view and that the knee in the curve in terms of the effectiveness is right about there. >> so 18 months you feel is sufficient but should not that be put in the statute because the house bill, as i understand it, has no figure in it. is that correct? >> yes, sir, that's correct. that would address the issue of the potential action on the part of the telecommunication companies, but as i said earlier, we -- if it's not part of the statute we will come back to the committee. >> well, let's do it while we have the chance. it would be my response to that. are you going to be -- is there going to be a requirement or is there a requirement in the bill that the telecommunication companies normalize their records in some way that are useful and able to be searched

in a consistent and standardized way? i notice you're nodding. can you fif me an affirm at this on that? >> yes, there is. there's not a direct requirement but there's the ability of the court as part of the order to instruct the telecommunication companies to work with the government to make those records -- do technical assistance is what we call it to put the records in a format that will be usable which usually is in some electronic format. >> now, there was some discussion when we talked about this in committee a year and a half ago about delays, possible delays. are you comfortable that this transition from government held data to privately held data will not delay -- if we have a bombing, god forbid, at the boston marathon, are we going to be able to get at that information in a matter of minutes or will there be a further delay because of this change? >> i think that because of this change, i'm not sure there would be a further delay. we certainly have under the bill

emergency powers to try and go to the providers without even going to the court when it's truly an emergency with the authority of the attorney general. so we have that ability that will not delay anything. the attorney general has to then file a request within seven days. we also, i believe, will have the cooperation of the providers in a true emergency. they will help us go through this. i think the data generally is there and is quite accessible and quite usable in the formats that they're keeping it. this is kind of a modern era. so i think from all of those perspectiv perspectives, i would imagine if there is any delay, it would be minimal. >> final question, cost. have there been estimates or proposals from the telecommunications companies, what if any costs will be incurred by the government in order for them to maintain the documents and maintain the accessibility, the format and that kind of things. >> it's a little early to get

cost estimates. once the law is passed, assuming it is, we need to work with the individual providers and each one of them has a different architecture. so their architecture and our ability and need to interface with that is going to drive those cost figures. >> well, i realize this may be a strange thing coming from one of us, but it would be nice to know the cost before we pass the law. and, of course, the interesting number would be the net cost because i presume there's savings to the government to not have to maintain a massive data server farm to maintain this data, but i would urge you, i think we need at least some kind of ballpark estimate before we move forward with this legislation just to not have a bad surprise at the end. thank you very much. you can submit that for the record. thank you, madam chair. >> thank you, senator king. senator widen. >> thank you, madam chair. let me commend you for holding an open hearing today. i think that's very constructive and i appreciate all our witnesses being here. let me start by talking about

the fact that the house bill does not ban warrantless searches for americans' e-mails and here particularly i want to get into this with you, mr. ledgett, if i might. we're talking, of course, about the backdoor search loophole, section 702 of the fisa statute. this allows nsa in effect to look through this giant pile of communications that are collected under 702 and deliberately conduct warrantless searches for the communications of individual americans. now, this loophole was closed during the bush administration, but it was reopened in 2011, and a few months ago the director of national intelligence acknowledged in a letter to me that the searches are ongoing today. and i'm particularly concerned about it because as global communications get increasingly interconnected, this loophole is going to grow and grow and grow as a threat to the privacy of

law-abiding americans. so for purposes of getting on top of this and working with all of you, my question today is, how many of these warrantless searches for americans' communications have been conducted under section 702? for you, mr. ledgett. >> thank you, senator wyden. the searches under the provisions of the fisa amendment act section 702 are only conducted on lawfully acquired data and under foreign intelligence surveillance court approved procedures. the searches are not just conducted by nsa. they involve other agencies as well. we have provided, as you know, detailed information to the committee on the background on this, and we will work with the dni and the rest of the ic to provide additional information to you. >> so when will i get an answer

to the question? it's a very specific question. the director admitted to me in a letter that these warrantless searches are taking place and i'm going the next step and saying how many of them? when will i get a letter telling me how many of them have taken place? i'd like it within two weeks because it is obviously relevant to making this part of the senate bill because it was omitted in the house. >> yes, sir. >> can we have it within two weeks? >> we'll work on that, sir. we'll get you a response within two weeks. >> thank you. making some progress. now, the only other question i had for today is at this moment your agencies continue to vacuum up the phone records of millions of law-abiding americans, and this is because the executive branch has not taken any action to stop these practices. i and others consider this

enormously intrusive and the inflated claims about its value have crumbled under scrutiny, but yet right now the constitutional rights of americans are needlessly being violated while in effect i guess the congress -- the administration waits for the congress to act. and i think this is a case of bureaucratic inertia at its worst. so my question for all of you, nshth maybe we start with you, mr. cole, was given that the government can use regular fisa orders and national security letters to quickly obtain the phone records of terrorists and their associates, something i support, why hasn't the bulk collection of american's phone records been ended? >> well, i think this is the same question that senator udall had asked, which is that the authorities that we have under national security letters and under other authorities absent the 215 orders that we've all

been talking about don't really give us the tools that we need. the legislation, hr 3361, gives us those, including the two hops. it gives us the prospective collection. it gives us a wider range of information that we wouldn't have under normal authorities. we'd only get a single entity, a phone number and what it's been in contact with. you then have to go back and do separate items for each additional terrorist and associate that's there. it's not the same tool that we would have under either the legislation or what we have now. >> mr. cole, i understand your agency's decision for clear statutory authority, and the chair of the committee has, i think, been constructive here in terms of urging some changes to the house proposal, but the reality is that current law gives the government broad authority right now, right now to obtain records quickly, and the fisa court unquestionably has been inclined to give the

government an enormous amount of latitude. so the fact that this dragnet surveillance is taking place right now is unacceptable to me, and i'm going to continue to keep working on this and i'll have more to say about it down the road. thank you, madam chair. >> thank you very much, senator. senator mikulski. >> senator feinstein, i'm going to echo the comments of other senators to thank you and senator chambliss for holding an open and public hearing on this most important topic. i also want to align myself with remarks of senators chambliss and coats and particularly senator chambliss' line of questioning. everyone in this room and other senators know that i represent the national security agency. over 15,000 people get up every day and wonder how to protect

america. so now that we've seen the revelations of snowden and we're not here to debate whether he was a traitor or a whistle blower but i will say this. i am deeply disturbed that while i support the need to review the 215 project, to actually even examine reforms, i do not want to see the continual demonization of the national security agency, whether it's in the media or in other forms. every day, every day the people who work at the national security agency protect our war fighters, stop cyber attacks, and do a whole host of other things to keep america safe. now, eric snowden has his time. he gets an hour on tv. he gets a hoo-rah from brian williams but i think we ought to say to the national security staff that while we look at the constitutionality and other issues here, that we do not demonize them. now, i have always maintained

that our programs must be constitutional, legal, authorized, and necessary. now, mr. ledgett and mr. giuliani, do you believe that in you doing your work using the 215 program, you believe there were knconstitutional, legal, we they authorized, and did you deem them to be necessary. >> senator, first thanks for the message of support to the great men and women at nsa. yes, in answer to your question, i do believe it was constitutional, authorized, and done within the legal and procedural constraints under which we operate and i believe every investigation has shown that to be the case. >> yes, senator, and i concur with mr. ledgett's comments and do believe as was noted earlier that the oversight of that

program is extensive. >> now, i want to go -- we're not going to discuss here today the constitutionality. i have urged the administration to find any expedited procedure to find out was the 215 program constitutional. if it's not, end it right away. so if it's unconstitutional, no. i presume this usa act is constitutional. but i want to go to questions of necessity. now -- i'm going to go again to nsa and the fbi. you believe that what we did under 215 was necessary. you've now reviewed this usa freedom act. do you believe that based on what you deem necessary to protect the people of the united states of america that this will enable you to do your job and that you will be able to have the tools to continue to do what you think is necessary to

protect the people? >> yes, senator, i do. i believe that it helps to mitigate the gap that the section 215 legislation had been enacted to fill, which is the external terrorist with a u.s. nexus, detecting that and avoiding a repeat of the 9/11 sort of attack where we had folks out the united states who were talking to people inside the united states and we couldn't identify them. so the 215 program was designed to address that, and the hr 3361 we believe does as well and allows us to do that job in the way we need to to protect the american public. >> senator, and i concur, it does allow us in the fbi to continue the traditional use of our authorities as provided by the congress and i think it strikes the right balance. >> now, my last time in my 29

seconds left, there is a great deal of question about who should hold the data. now, why we think the telephone company would be a better, safer place i'm not sure, okay? but -- and maybe it's not you two, maybe it's mr. cole. so let's say it becomes a telephone company that's going to hold this data. who then becomes the overseeing and regulatory body? does all of this then come under the regulatory authority of the fcc? >> well, to an extent. >> in other words, are we then going to say good-bye to our work and all these things and just say, well, we're going to count on the fcc to keep an eye on this? >> well, i think you have to break it up into different pieces, senator. the telephone companies already hold the data. so we're not doing anything new here, and they already are under the control of the fcc as to the data that they hold and how they deal with it and things of that nature. but what is going to remain

subject to oversight from congress, from the executive branch, from the judiciary is how we use the various tools that are in hr 3361 to query that data, to acquire some of that data, to use some of that data. the restrictions on how much can be looked at, what it can be used for, what it can be disseminated for, how long you can keep it, those are the kinds of things -- and what the standards are for actually getting it. those are the kind of important questions that will remain subject to a lot of oversight by the executive branch, the justice department, the dni, fbi, nsa, the ig's offices, there's a specific provision for the doj ig to do reviews, by the courts, and by congress because there's still going to be robust reporting to congress on what is done. >> thank you. >> thanks very much, senator mikulski. senator rockefeller. >> thank you, madam chair.

it seems to me that we're doing something unnecessary and unpredictable here which might make the public feel better, but which would be not good for national security. which is what our job is. it seems to me that we're taking a program that the president has determined to be legal, and important, as a counterterrorism tool. a program that has audits, inspections, judicial checks, congressional oversight, and other privacy protection mechanisms built in. a program that is currently in a highly secure location. operated by highly trained professionals. who have taken an oath to defend the constitutions, and who have

lived up to that oath, and who are -- we are shutting it down to move the storage and querying of that data for intelligence purposes for heaven's sakes for a private sector system that does not yet exist. what is the sense of that? mr. ledgett, the -- i could ask you, or will ask you to describe the various queries, checks, audits both internal and external that are currently in place at the nsa to protect american privacy as it relates to the querying of 215 mega data. but let me ask three things, too. on top of that. can you describe the privacy oriented training that nsa analysts have to undergo for 215 databases? are the training internal rules and external audits which are designed to protect privacy taken seriously at the nsa?

the answer to that is yes. if this is the case explain to me why we should be moving the querying process to a new and untested system that is a free enterprise system which does at base, no matter how they testify, not want to be doing this. yes. we went through that in fisa. that's why we had to do immunity. they didn't want to do it. it's not their training. it's not their practice. it's not the nature of their workforce. it isn't the high intensity concentration. 22 people are making very serious decisions about what gets to be queried, et cetera. it's a private sector operation. it's huge. and not everybody is verizon and at&t. there are a lot of very small companies, telephone companies, that have to go through the same thing. i don't think it makes any sense. so how -- how do you compare the

security possibilities of the system which does not yet exist, which at core, i promise you, is not welcomed by those who would be asked to do it? to replace a system which is working well, which the public naturally is suspicious about, because they're suspicious like what are we at 9% favorable rating in government? maybe that's what we deserve. but you know when the public is never going to trust us, but if we're doing something for national security, which is trust worthy, by trustworthy people who are trained and they devote their lives to this, as barbara mikulski said, in a particular place, why cash it out? >> senator, rockefeller, thanks for the question, the current system involves a host of safeguards, technical safeguards, policy and procedural safeguards, training

safeguards and safeguards around limiting the number, you mention the 22 people who are authorized to access that database. that's an example. very, very restricted. completely audited. and with software in place that prevents them from making an erroneous query against a number that has not been authorized by the court. and our record of -- in that arena is outstanding in that regard in terms of protecting the -- the privacy. i think those were -- were necessary for two reasons. one, because it's the government with the data, as opposed to someone who's not the government, and so the powers of electronic surveillance and the need to very closely circumscribe those, the second one was -- the second reason is because the data was aggregated so all the data was in one place. under the new program, the data is not aggregated, and it's not held by the government. so the telephone companies are holding the data that they

already possess today, there is no additional data that they're holding, except the queries from us that have the specific numbers of interest. and we will work with the companies to put protections in place so that our interest and in particular number doesn't leak out and provide warning to the terrorists, or potential terrorists of interest. but so the companies already have this data. and, so the privacy implications i believe are different in this regard. >> it's a very large order for a very untested series of companies. the art, and the struggle, to get people trained to have them locked in on their duty as they go to work every single day, especially those 22, but nsa in general, where nobody has complained about the privacy violations. everybody is worried about what might happen, everybody's always worried about what might happen,

but it hasn't happened. now it all comes to an end at the end of next year, or this year, whatever it is. so we'll have to look at it again. but to change it to profit making and i'm chairman of the commerce committee and i've dealt with telecommunications for a long time. they say many things and they don't do many things. when we started the e-rate program which was really controversial they all wrote me letters swearing that they would not litigate, and in every single case they all it -- litigated it and it ended up in the supreme court and they all lost. but the point is they didn't want to do it. and they don't really want to do this. i'd just as soon not give them the chance. >> i'm sorry for taking so long. >> no problem. thank you, senator rockefeller. senator collins? >> thank you, madam chair. mr. ledgett, like many of my colleagues, i want to see our intelligence collection laws

strengthened to provide more transparency, improve privacy, and also to increase oversight. at the same time, as many of us have expressed, we need to ensure that we still have the tools that are necessary to help protect our nation from terrorist attacks. i want to follow up on some of the questions they have been raised by senator rockefeller, and senator mikulski. under the usa freedom act, the private sector would retain the phone records rather than nsa. that's a major, major change. now i believe it was mr. cole who pointed out, yes, but they're already saving these -- this -- these data. but they're doing so for a completely different purpose

than what we're contemplating in this bill. ease sectionly, they're doing so for billing purposes, for the most part. some experts have warned us that data held in the private sector are at much greater risk of being breached by hackers, being deliberately used for purposes other than that for which they were collected, or being misused by personnel than if the data were continued to be held by a federal entity. you've only to look at what's happened in the past year, where semantic -- the security firm called 2013 the year of the mega breach when we had i think it was 40 million americans had their personal information compromised in the target case. there was a very compelling

report by our colleague senator rockefeller, as the chairman of the commerce committee, that found that private companies already collect, mine and sell as many as 75,000 individual data points on each consumer. there was a recent report by the ftc that found that companies group virtually every american by race, by hobbies, by medical conditions, things that we would all think were private. and there was a story a couple of years ago by "the new york times" that described how a father of a teenager learned that she was pregnant, because he kept seeing all this -- these flyers for cribs and baby clothes coming to her in the mail. in contrast, all of the searches of the nsa database are limited to a very few highly trained

personnel. every single search is limited, audited, and logged. there are technical safeguards, you can't just take a number that you're curious about, and do a search. that won't work. and compliance issues have to be reported to the fisa court, and to congress. so my question for you is how are we going to ensure that these same kind of robust protections, indeed again greater protections that many of us want to see, are in place if we're going to have the data scattered across all of these telecom companies? i just don't see how you're going to ensure the privacy of that data, and isn't it inevitable that many more people

will have access to the data than do under the current system? >> thanks, senator collins. the data is and has been in the possession of the telephone companies since they started keeping billing records however many decades ago that was. what we did at nsa under the 215 program was get a periodic feed of that data, which we then aggregated and held in a database. so all those protections that you describe were on the copy of the data that nsa held in its database. so the actual billing records existed before, and will continue to exist regardless of the future of the 215 program, or the passage of hr-3361. and all those vulnerabilities to hacking and that sort of thing are things that the telephone companies deal with every day. so the difference is that there will not be that government-held aggregated group of telephone

numbers that -- that we apply all those protections to. and so, we make that database go away, and instead rely on the billing records that the telephone companies have held for decades and continue to hold -- and will continue to hold for their own purposes and query against those. >> but don't you think that there's a big difference between the telephone companies holding this data for billing purposes, versus holding it, knowing that the government may come to them with specific selectors, which is going to make them curious about why the information is being requested. you're going to have to go across a large number of companies to find the information. that seems to me to inevitably involve more people. that's very different from the kind of data dump that you were receiving, and i just want to

make sure, as we're trying to -- to increase privacy, strengthen the safeguards, that we don't end up doing the opposite by having -- by having this data -- these data held by the private sector. i know they're held there now. but they're held for an entirely different reason. and now we're going to be asking those private sector employees to do the queries that are now done by an extremely limited classified number. so i can't say it, but an extremely limited number of federal employees. >> i understand, ma'am. and we will work with the telephone companies to ensure that our queries are kept in a secure fashion by people who've gone through a security clearance process that the

government -- that the government runs to ensure that they're protected in the right way. >> senator, also, if i may, in the traditional law enforcement sphere, we are regularly going to phone companies with grand jury subpoenas, and things of that nature, to acquire some of their billing records, to acquire some of their -- some of this very same kind of information. we go to them for pen registers that are on the law enforcement side. we work with the phone companies to do wiretaps on the law enforcement side. so there's a fairly long history of working with the phone companies, and using their data, and their facilities from a law enforcement perspective that has given us some confidence that this will work in that regard. >> thank you. >> thank you very much, senator collins. senator. >> thank you, madam chair. i have a question or two in light of the recent public revelation that senator wyden referenced that the nsa has been using a loophole in the fisa amendments act to search for

americans ' private communications without a warrant. what some people have dubbed the back door search loophole. now i think it's fairly clear that the intent of section 702 was to target foreign communications. but the government clearly, based on that letter, believes it has the authority to deliberately search for the phone calls or e-mails of specific americans, and to circumvent the traditional warrant protections guaranteed by the fourth amendment. i would ask mr. ledgett, and mr. cole, do you believe that the government should be allowed to conduct searches of information on u.s. citizens, collected under section 702, without having to seek a warrant for that information? >> senator, i -- the way that it has been viewed, and the courts have interpreted it, is that the first issue is whether you are legally authorized to collect

the information in the first place. this is what section 702 allows us to do. we target only non-u.s. persons, and only people believed to be outside of the united states. and those are the strict limits. obviously there will be communications that will involve americans that are incidental. they're not the ones that are targeted. but we're allowed to collect that information -- >> so you end up collecting incidental information -- >> that's correct. >> on americans. and you're saying that the authorization under section 702, to collect that information, trumps the protection of those americans would typically be afforded under the fourth amendment? >> no. it's a several step process. you first are allowed to collect the information. it's just like a traditional criminal law wiretap. you have the person and the phone number that you have wiretapped, but you collect calls that they make to other people who may not be the target of your investigation, but

you'll collect those calls, as well, because they involve the person whose phone you are tapping. so it's the same thing with 702. if you are legally per milted to collect that information, then you've got it. and then the question is, whether or not we can access that information, use the information that we legally possess. and this is what is different from the warrant requirement. because the warrant is going to search for the americans, the u.s. persons, records which we're not doing. we get those incidentally, but we have them legally under 702, and then the question is, whether or not it's then appropriate to look through those records, because they're already legally ours. we haven't made a violation, we haven't gone out to seek them illegally in any way, shape or form, they are legally within our possession and control. to further legitimate criminal investigations to further legitimate counterterrorism

investigations and things of that nature. and, certainly we have restrictions that we try to place internally on those. we try to make sure that they're used responsibly. we try to make sure that they're only used for specific purposes. but we already legally possess it. and it's just a question of not ignoring what we legally possess. >> mr. cole i think you've made the government's position very clear, and i appreciate that. i think -- i think it's something we should probably look at, given the fact that we have this opportunity for reform right now. i want to get to my final question, because we're running short on time already. but i want to go back to this issue that was raised early on in the questions around how hr-3361 defines a specific selection term. and in looking back at the old draft from the house, it said a term used to uniquely describe a person, entity or account, end quote. it was a pretty tight definition.

the -- the new version says specific selection term means a discreet term, such as, and then there's sort of a laundry list of items in there. i have a little bit of trepidation any time i see "such as" because then it's up to the person reading to decide whether the next thing they imagine is part of that "such as" or is not part of that "such as" list. under your interpretation, of this definition, passed by the house, what are some records that would be excluded from collection under a specific selection term? >> well, i think any bulk collection, what is currently being authorized by the court of the collection of all telephony records, and internet metadata records, indiscriminately, that would be prohibited. that would be very clearly prohibited. certainly if you want to collect all the telephone records within a certain zip code,

indiscriminately, that would be prohibited. because the -- the point of this is to limit and to focus. it's to prohibit indiscriminate collection, and only authorize focused and intentional collections for a specific purpose. the reason the "such as" is in there is that it's very difficult to predict upperingly what you may come across that you might need that will, for example, involve a larger number of records than just one specific telephone call to one specific person at one specific time. some of the examples i gave in my opening statement. you have somebody who you know is going to build an improvised explosive device using ball bearings and fertilizer. you may want to go to the stores in that area that sell ball bearings and fertilizer. it's broader than just a singing specific item but it's much less

than every store in america, regardless and then sort through it. if you know a terrorist suspect stayed at a particular hotel for a couple of nights but you don't know who it, you might get that hotel's records for those couple of nights to see who all the residents were, or all the guests were at the hotel, to be able to then cross reference that with other information to identify who that terrorist was. again it's focused, it's not indiscriminate but it's larger than a specific identity of a single person. so we need to have enough room do do an investigation that will be effective, and we need to have enough restrictions so that we're not indiscriminately collecting records in bulk. and that's the means. if there are better ways to define it, it's a tough one to define. >> right. >> but if there are better ways to define it we're open to working on that. we think this does it. >> i appreciate that's. and i appreciate your

willingness to work on it. i think the chair brought up the issue early on in the discussion. i would just end by saying that i think we tend to get it right when we do a good job of defining the terms very specifically. i don't give a lot of trust to legislative intent, and legislative history being the thing that describes -- that ends up holding the day in court years from now. i think the words in the law hold a lot more sway at the end of the day in the courtroom. thank you. >> senator warner, thank you for your patience. >> thank you, madam chairman. i just have a couple of quick questions, and i really appreciate so many of my colleagues who dug in to this very deeply in trying to prod through these critically important privacy protections, and the essential needs of

national security and echoing what senator mikulski said in terms of the good folks at nsa and their work. i want to follow up where senator rockefeller and senator collins, since this is an open hearing to at least again make clear, at least further understand what i think we may be doing with this house bill. it was reported when we think about 215 in the previous program that that collected metadata that was with those entities, those companies, that entered into some relationship with the ic, and i believe there was a february "wall street journal" article that reported, don't want to get into any percentages here, that while the large entities, large companies, were involved that in many cases the fastest growing set of telephone calls, wireless calls,

were actually a relatively small percentage, and is that an accurate description of how the press has presented the 215 program prior -- previously? >> yes, senator, that's how the press represented it. >> and if that was an accurate presentation, wouldn't the universe of calls that are now potentially exposed to these kind of inquiries be actually dramatically larger since any tellco regardless of whether they had a relationship with the ic or not and any type of call whether it is wire or wireless, be subject to the inquiries that could be now made through this new process? >> yes, senator, that's accurate. >> so, again, with the notion here that under the guise of further protecting privacy, i think on a factual basis of the

number of calls potentially scrutinized, the universe will be exponentially larger than what the prior system was. is that an accurate statement? >> no, senator, i don't believe so. because the only calls that the government will see are those that are directly responsive to the predicate information that we have. >> no in terms of actual inquiries, correct. but the universe of potential calls that you could query when prior to the calls were only queried out of the 215 database that was held at the nsa, which as president reports said did not include, in many cases, the fastest growing number of new calls, wireless calls, now the universe of even though the number of queries may be the same because the protections are still the same, the actual universe of potential calls that could be queried against is

dramatically larger than what 215 has right now. >> potentially, yes, that's right, senator. >> that's a fairly big additional yes. let me just go to one other item. one of the things, again checked with staff to make sure this is all appropriate to be asked here, is that one of the things hat 215 did not include was location information. the nature of wireless telephony is, having had some background in that field, you can identify where a cell phone call originates. now what kind of privacy protections do we have in this legislation to ensure that location data will not be queried on a going forward basis since the tellcos who told this data hold not only the billing information but hold the location data, as well?

>> i think that would be up to the specific request and specific court orders. right now in law enforcement context when we have a good basis for it we can go and get location information. and sometimes it's very valuable. it can -- i can think of one instance where it saved somebody's life who had been taken hostage. being able to get location information. quickly. it won't be collected in bulk. it will be collected in each individual circumstances that warrants it by showing the court that this is information that is relevant -- >> but in the previous 215 second where the data was held, the metadata was held at nsa, the location data was not -- >> that's correct. we didn't get the location data with what was held in the database at nsa and then could be queried within nsa's protection. but we could always have the ability to go back to the telephone company providers, in an appropriate circumstance, and

ask them for individual location information that we thought was warranted. >> but that would require an additional step. >> that's right. >> i'm not talking now not so much on law enforcement side i'm talking more on the ic side. >> right. it would -- right and that's what will happen now, too. >> would they be combined into a single step or a dual step? >> it could be a -- i think it would require the court to take a look at whether or not it thought it was appropriate under the facts and circumstances of the request to provide location information, as well as the call data records. or whether or not only the call data records were appropriate. just depends on the circumstances. >> again my time has expired and i appreciate. but i just think it is essential to the public that while we're trying to get this balance right, and you know, understandably public great deal of concern about government holding the data, i think, is a number of us have outlined,

there lies a number of concerns the privacy advocates should also be concerned about in terms of both the scope of the amount of data potentially even greater access, if we're able to go at this at the telcos, and again, reemphasizing what a couple of my colleagues have said, my hope is that there will be a -- an additional higher level of security standard, and a higher level of training, and higher level of commitment from the telcos of these individuals who are going to be -- have access to data that they will have the same -- i don't think they'll ever get to the standards of the folks at the nsa, but, this is an issue that needs to be thoroughly vetted. thank you, madam chair. >> thank you very much, senator warner. we have completed this panel. however, senator warner -- senator wyden, in a more charming form than sometimes, has asked to ask one more

question briefly, and then we will move on. >> thank you, madam chair. i'll submit other questions for the record. but i need to ask your agencies a question for the record, relevant to a matter that has taken a lot of our time. for each of you, just go right down the row. do you believe that it would be appropriate for your agency to secretly search senate files, without seeking an external authorization or approvapproval? just go down the row. mr. ledgett? >> no, sir. >> miss o'sullivan? >> no, sir. if i understand your question, by definition we are not permitted to conduct a search that is not properly authorized in some fashion. >> right answer. >> the only thing i would limit it is that because my agency involves the attorney general, not every approval would have to be external but you would have to have the appropriate legal approvals in every instance. >> correct. >> so we would. >> thank you very much, madam chair. >> thank you very much, senator

wyden. and if i may, let me thank the audience for their attention. this is a controversial subject and i know people feel strongly. it is very much appreciated, and i would also like to thank the capitol police for their attention to this. we will change panels now and i will introduce the next panel. i'd like to welcome and thank -- let me thank the witnesses. thank you very much, mr. ledgett, mrs. o'sullivan, mr. cole, mr. guiliano, thank you very much. do we have someone to change the name tags?

i'd like to introduce the panel. and i will introduce everyone and then again from my left your right and go right down the line. the first person to be introduced is harley geiger. he is the senior counsel with the center for democracy and technology. and he is deputy director of the freedom, security and surveillance project at the center for democracy and technology. mr. geiger has written extensively on the subject of fisa reform, bulk collection, and surveillance in general. second is dean dar field. he's the president and ceo of the information technology industry council, known as iti.

iti is an advocacy and policy organization that represents a number of tech companies, including google, facebook, yahoo! microsoft, and many others. mr. garfield has previously appeared before the house judiciary committee to discuss fisa reforms. and the final witness is michael woods, who's the vice president and assistant general council for verizon. mr. woods leads verizon's national security and public safety policy teams. before joining verizon he was chief of the national security law unit at the fbi. he also has published a number of law review articles on national security issues including articles relating to section 215 of the united states patriot act. and finally we have stewart baker, a partner in the washington office of stepto and

johnson. he previously served as the first assistant secretary for policy at the department of homeland security. in addition, from '92 to '94 mr. baker served as the general counsel for the national security agency. he brings a wealth of experience and both telecom and national security law. i thank you all for being here, and we will begin with you, mr. geiger, and once again i'll point out the 5:00 -- five minute clock and if you could adhere to it, it would be appreciated. >> thank you, chairman feinstein. vice chairman chambliss, and also the numbers of this committee. thank you for holding this open hearing. and inviting me to testify on behalf of the center for democracy and technology on this very important issue of surveillance reform. at the outset i wish to say that i appreciate the dedication of the members of the intelligence community, and of this committee, to protecting both national security and civil liberties. although i'm here as an advocate for civil liberties, i recognize

that the intelligence and law enforcement communities thwart those who wish to cause us great harm, and i also recognize that a major terrorist attack is just about the worst thing that can happen to civil liberties. at the same time, in the decade following the 9/11 terrorist attacks, the pendulum has swung too far in favor of overbroad surveillance and it is time now for a correction. the answer to the threats that this country faces cannot be mass surveillance of individuals with no connections to a crime or terrorism. and congress has an opportunity now to establish meaningful privacy protections in surveillance authorities, without significantly weakening security. whatever reform congress settles on, is unlikely to be revisited for many years, so congress should not just consider the surveillance programs, technologies, governments, and threats of today, but those of tomorrow, as well. the usa freedom act is the legislation that has made the most headway in this regard.

and although the bill does not address many of the serious issues that are raised by overbroad surveillance the usa freedom act does seek to prohibit bulk collection under section 215 of the patriot act, the fisa p.i.n. trap statute and the national security authorities. however there is serious and widespread doubt as to whether the bill as passed by the house actually accomplishes this goal. the senators, let us not use the phrase bulk collection as coded jargon for existing programs or nationwide surveillance dragnets. rather, bulk collection as any normal person would understand it means the large-scale collection of information about individuals with no connection to a crime or investigation. in that respect the bill does not end bulk collection. and this is not just the opinion of privacy advocates, but also more than half the house co-sponsors of the usa freedom act and many of america's biggest tech companies, which, as noted earlier, today issued a

letter stating that the bill may not end bulk collection. the linchpin of the house's prohibition on bulk collection is the requirement that the government use a specific selection term in its demands for data. however, the definition of specific selection term is deliberately ambiguous and open ended. and the exemployedation of ambiguous statutory language is what led to bulk collection in the first place. there is nothing in the bill that would prohibit, for example, the use of verizon, or gmail.com or the state of georgia as a specific selection term. it's not indiscriminate. now i can believe that this government, this current government, is sufficiently stung by scandal to avoid such an aggressive interpretation of the statute. but the memory of this debate will fade, and we will be left with ambiguous language that is open to creative interpretation. while the definition should be clarified, we do recognize and

appreciate the need for government flexibility in making surveillance requests. so with my time remaining then i would like to propose an additional safeguard and path forward. rather than vainly trying to find some magical definition for specific selection term that satisfies all interests, congress should strengthen other parts of the statute, in particular existing minimization procedures. and establish minimization or privacy procedures where there are none currently. specifically, the usa freedom act should require at the front end that the government use the least intrusive means possible to obtain the information. then, the bill should prohibit the retention and dissemination of information of individuals who do not meet specific criteria outlined in the statute. for example, individuals who, based on reasonable arctic u lab suspicion are foreign powers, agents of foreign powers or in contact with foreign powers or agents of foreign powers. compliance should be subject to

oversight and should be revisited periodically if the minimization procedures change significantly. this is not a complete solution. but rather i'm proposing a partial solution to be layered on top of the other partial solutions that are already in the bill. drafted properly, this could provide for both privacy and flexibility. thank you, and i look forward to your questions. >> thank you very much, mr. geiger. mr. garfield? >> thank you, chairman feinstein, vice chairman sham blitz. on behalf of 58 of the most innovative and dynamic companies in the world we thank you for this opportunity to appear before this panel today. it's our firm view that we have a timely opportunity to advance surveillance reform in a fashion that both reflects who we are as a nation, and as well, advance our economic and geopolitical interests. it is our hope, and we strongly urge the senate, to seize that opportunity, and i hereby reaffirm our commitment to doing whatever we can to be helpful in

achieving that goal. my testimony today will focus on two things. one, why it's important to act, and act expeditiously. and second, the steps that are necessary to be taken to ensure we have a strong bill that has broad support. with regard to the first, the reason to act is because it's in our national self-interest. i'm proud to represent a group of companies that are the global leaders in innovation. as such, they compete all around the world, and see firsthand the wide-ranging impact of the nsa disclosures. they are able to see firsthand the economic impact, the lost business sales and lost business opportunity that most experts agree will be in the tens of billions of dollars. they experience firsthand the growing contagion of persistent protectionist policies that aim to limit their ability to compete globally. whether it's forced localization requirements in brazil, or

attempts to limit cross-border data flows, these laws are the first step to creating an internet that is increasingly vulcanized and no longer the open interoperable global internet that we've all grown to appreciate. if that were not bad enough, we also experience firsthand the lack of the growing distrust of whether the united states is willing to adhere to global norms as it relates to surveillance. it is for all of these reasons that we think it's important to act to regain trust and to do it expeditiously. what should we do going forward? fortunate there's a growing consensus as to a path forward. we released global surveillance principles in january that seemed quite forward leaning at the time that we released them. today, they've been largely embraced as being the way that we should move forward. indeed, the usa freedom act

incorporates many of these principles. however, in two respects, the usa freedom act needs to be improved. two sections that need to be addressed. first is one that mr. geiger addressed, which is bulk collection. the usa freedom act endeavors to end bulk collection. the language that came -- that is at the heart of achieving that, that came out of the house intelligence, as well as the house judiciary committees, we think achieved that goal. however, the language was changed in the final bill that made its way out of the house. and it is no longer clear that that language will achieve the goal of ending bulk collection. if that is our -- >> let me interrupt you. could you tell us exactly what language you're speaking of in the bill? do you have a section? >> yes, it is the specific selection term. it's the same section that we've been talking about. and i'll conclude that by making the point that the -- there is the opportunity to change that

definition that made its way through the house in a way that addresses the concerns that we're raising without doing violence to the interest and protection -- protecting national security. the second area is transparency. >> just let me say. we would welcome any suggestion we might make in writing on amendment to specific selection. >> absolutely. >> and the same goes for mr. geiger or anybody else. the most helpful is when you say things, if you want to submit something to us in legal language or not legal language, we'd appreciate it. >> chairman, as you likely know, there's a fair amount of conversation happening both within this room and outside this room with the aim of coming up with language that is acceptable to the intelligence community, and there is good progress as far as i can tell being made in being able to do that. the last issue is transparency. transparency is a key part of

rebuilding trust, both domestically and internationally. the usa freedom act takes steps to addressing that by incorporating the resolution that was reached between the department of justice, and many of the most impacted companies who happen to be our members. there are still additional steps, however, with regard to the bans that can be taken that advance privacy interests, and the aim at rebuilding trust without compromising national security. and i think it's important that we take those steps. let me conclude by simply saying i, too, deeply respect the work that's being done by the intelligence community, and offer our testimony and my testimony with a great deal of humility. >> thank you. >> we recognize there's a lot that we don't know. but as a tech sector, and the role that we play globally, it's important for us to play a leadership role in finding a path forward, and we embrace doing that and look forward to working with this committee to achieve that end. >> thank you very much, mr. garfield. mr. woods?

>> good afternoon. good afternoon chairman feinstein and vice chairman chambliss, members of the committee. i'm very pleased to testify before the committee on the topic of foreign intelligence surveillance act reforms this afternoon. my name is michael woods, and i'm a vice president and associate general counsel at verizon communications. the chairman has already noted i'm responsibility for the national security and public safety portfolio in our office, and the chairman's also kindly noted my prior government service. verizon is very pleased to participate in these discussions about foreign intelligence surveillance act. the revolutions this past summer about the bulk collection of telephony metadata have eroded public confidence in legal structures that are meant to oversee intelligence activities. there is significant public concern about the impact of surveillance activities on the privacy and civil liberties of americans. for verizon, customer privacy is a top priority. we believe that any collection by intelligence agencies of our

customer's data should be compelled under a set of clear and agreed upon rules. we believe these rules must be backed up with effective oversight, and we believe the rules should include as much procedural transparency as possible, consistent with legitimate national security requirements. we support the usa freedom act because we see it as largely achieving these objectives. we are pleased that the house passed bill eliminates both data collection, codifies transparency rules that verizon has already implemented in its public reporting, and firmly rejects the idea that verizon or any other communications providers, be compelled to retain and collect data beyond that needed for business purposes. we believe that the collection and analysis of data for intelligence purposes is an inherently governmental function. compelling us or any other private entity to perform this function on behalf of the government is utterly

inconsistent with the protection of our customers' privacy. if verizon has a legal obligation to provide customer data to an intelligence agency, or a law enforcement organization, it should be limited to that data which verizon generates in the ordinary course of business. and that production of data should be compelled in an arm's length transaction, overseen by a court. we appreciate the careful balance that congress must achieve here. we are confident that this is something that you will accomplish. we stand ready to assist this committee in any way we can. in fact, we very much appreciate the open channel of communications that this committee has had with parties interested in this legislation, and we appreciate the bipartisan way in which the committee has operated. thank you for the opportunity to testify today. i'd be happy to answer any questions the committee members may have. >> thanks very much, mr. woods. mr. baker? >> thank you, chairman feinstein, vice chairman chambliss, and senator collins,

who was my authorizing chairman when i was last in government. it's a pleasure to be here. i would like to make two points. first, i do not believe we should end the bulk collection program. it will put us at risk. it will, as senator king strongly suggested, slow our responses to serious terrorist incidents, and it is a leap into the dark with respect to this data, as senator collins, and senator rockefeller made clear and senator mikulski as well. we do not know how long or how that data will be stored or how it will be protected. its privacy or the security of the searches that are being connected. it's a very serious risk that we're talking for a payoff that, in my view, is minimal. but what i'd like to talk about in the main part of my presentation is the second step, the kind of piling on step that the house undertook to say not

only are we going to end bulk collection, but we're going to require that you show that you have one of a magic list of five identifiers that you're asking for. and if it's not on that list, or it doesn't look a lot like something on that list, you cannot ask for it for terrorism purposes. the list is person entity account address or device. let me just talk a little bit about some actual searches that we wanted to take, did understake, and real life terrorist incidents. the zazi case which was the subject of a cross-country chase, was brought -- was investigated in part because someone reported that it was a guy buying large amounts of household chemicals in beauty supply shops, with a kind of shaky story. and so it was perfectly appropriate for the fbi to say, we want to go to all the household beauty shops and ask them, is somebody buying a lot

of this stuff. surely there's nobody here on the panel, or on the committee who would say no, that's an improper search. but, where's the magic selector? i don't see a magic selector here that says howhold products searches. you're not searching for a person or an entity or an account or an address or a device, you can't do it according to this. the same -- suppose we had a washington sniper attack that was again a -- a terrorist attack and we wanted to ask because we surely should, the phone company, do you have any indication of somebody who -- whose phone was active at every one of those shooting sites at the time the shootings occurred. well of course we should ask that question. with 215, of course. and yet, that's not a person. that's not an entity, an account. it's an address if you think that an address is everybody who's in touch with a particular cell tower. but at that point you're starting to stretch the concept of address in precisely the way

that senator wyden has argued against. the problem we face is this list is too short. we cannot imagine all of the clues that we will need to follow up in order to catch terrorists. and writing a list, even with records like "such as" in front of it, does not actually accomplish the goal that i think was intended, to reduce bulk and indiscriminate searches. at the same time it's going to prove to be a straight jacket. notwithstanding what the deputy attorney general said i'd like to see his justifications fr each of the assurances he gave us about how he was going to conduct those searches. i think it's going to require him to immediately become creative about the meaning of those words, in a way that i think senator wyden would not approve. but in a way that authorizes searches that all of us would believe should be carried out. and so, i would suggest the

chairman who suggested that we, if i understood her correctly, that instead of a list of magic words, that even harley geiger won't defend, we should try to find a principle that says, what we think is necessary to avoid bulk collection, and it is something along the lines of narrowing the search, avoiding unnecessary collection of innocent parties' information. but you don't know who's innocent until you've looked for certain kinds of information. you have to narrow the search in a modest but effective way. that's probably the way to get out of what i think otherwise will be a solution that satisfies no one in three years. >> thank you very much. let's go to questions, and let's -- this is just off the top of my head. but let's take the gazi case, mr. geiger that mr. baker just mentioned. this is a guy that's going

around to wholesale beauty product companies and buying certain amount of chemicals. a large amount of chemicals. and somebody calls the fbi and says, this looks very suspicious. and so the fbi goes to query him and find that he has been in contact with a known al qaeda member in pakistan. what problem do you have with that? >> let me see if i understand your scenario correctly. so, the -- they have the phone records of an al qaeda member in pakistan, and then they found out that -- they're trying to find the name of this suspicious individual, they found out the two have been in contact with each other. i don't have a problem with that. i don't see why that would be prohibited under this bill. if they do have the call records of the individual in pakistan, then they should have the fact on record that he was in contact with this other suspect.

>> well, i don't know whether they did or didn't on that specific point. but, it seems to me that that's exactly the kind of thing that we're looking to enable, this kind of collection. >> certainly. and if there -- if an individual is in direct contact with an agent of a foreign power or somebody who's reasonably suspected of being such then that is a legitimate reason to look at their records. what we are concerned with, and i think everyone at the table has now expressed concern with the ambiguity of the definition, the way that the bill goes about preventing bulk collection, we're concerned with, at least what i'm concerned with, i should say, is the collection of individuals who have not been in contact with the agent of a foreign power. the collection of information about individuals who are not connected to the investigation. >> well, let me stop you. because if my understanding was, i forget whether it's 2012, with 288 cases. queries? 2012, the database was only queried 2 8 times.

out of the 288 times, 12 cases were sent to the fbi for a warrant. so it was very selective. i mean, this was not any more than that. >> and i trust the department of justice, and dodi and the administration when they say the usa freedom act would provide them with this capability. what we are concerned with is that it provides them with this capability plus other unknown capabilities that undermine the bill's goal of prohibiting bulk collection. >> and what is that? >> i'm sorry? >> you said it would enable them to do other things. like what other things? >> like what i had mentioned during my opening statement. the definition of specific selection term is open ended enough that it does beg the question, what counts as a specific selection term. it could be the state of maine. it could be verizon. it could be gmail.com. it would be something perhaps that would sweep in a large number of individuals who are

not connected to the investigation, and i can understand the need for flexibility, and sometimes it will be unavoidable to gather information about people who are not connected to the investigation. i think we can come up with scenarios like that. and in that case, i believe, and this is why i had mentioned this in my testimony and my open statements, i believe there should be a requirement at the front end that they use the least intrusive means possible and do not retain the information as they currently do. they should not retain the information of people who are not in contact with the suspects. >> you also mentioned strengthening minimization. how would you strengthen the minimization? >> so, there are minimization requirements already in statute. in section 215. there are none for the fisa pen trap statute but the usa freedom act would put in privacy procedures. there are no minimization procedures at least in statute for national security letters and what i would propose doing is what i had just described, which is a requirement that the

front ends, that the government use the least intrusive means possible. that at the back end is a clear prohibition on dissemination and retention of individuals who do not meet a certain criteria. section 215 of the three authorities that i had just mentioned has the most detailed minimization procedures and it merely requires the minimization of retention and dissemination -- sorry, minimization of retention and prohibition of dissemination. it says nothing about acquisition. so i'm proposing an upgrade to that. at least in certain circumstances where the risk that the information gathered will obtain -- will sweep in a large number of people >> mr. baker, what do you think of that? >> so, i -- at first i would clarify the search that i had in mind, which is that the fbi hears that somebody is buying all these chemicals and decides to go to multiple stores and say, has anybody been buying large quantities of these chemicals? the only search is for the chemicals.

not for a name. not for an entity. i don't see how you justify that under the statute. >> see, that's exactly the conflict. and this is a real case. >> and that's open to question whether or not the chemicals would work as a specific selection term. or whether the name of the store would be a specific selection term. this is part of the problem. is that, i know that specific selection term is a -- is something that agencies use in practice but there's not a lot of public was in about it. this concept has not been built into statute before. >> well let me ask you, if you knew that a known terrorist or someone who is a likely terrorist was coming into this country, and you -- and the fbi wanted to get a hold of the manifests, would you limit it to one plane, or would you say they should have access to all of the manifests at a given time or some reasonable limit? >> i believe law enforcement does get manifests, but i would -- i would encourage the government to use the least intrusive means possible and not to save the information of all

of the people whose records they have pulled. if they have no longer -- if they are not relevant or there is no reason to suspect that they are connected to the investigation. >> well the purpose would be to get a specific name. i mean they're looking for someone. so, that is limited. pardon me? >> i was going to add that ultimately what you're hearing, though, is that the language -- the ultimate, the final language in the usa freedom act doesn't fully balance the equities that we're talking about. the equities that mr. geiger raised about privacy, or the equities that mr. baker raised about protecting national security. and so i think a concerted effort needs to be made to improve that language so both of those equities are better balanced. >> and i guess the concluding thing is, i think it's feasible to do that. >> thank you. mr. vice chairman? >> i'm happy to yield to senator king, who has to leave here shortly.

>> thank you, senator. just a couple of questions. first, i think i heard the answer to this but i just wanted to be clear. mr. geiger, mr. garfield and mr. woods do garfield, mr. woods, do you feel the usa patriot freedom act is superior to current law? >> i believe it is an improvement to current law. >> i believe it's an improvement, as well, but can be improved. >> mr. woods? >> yes, i agree. >> i didn't ask you because you said unequivocally you don't agree. second question, mr. woods you heard my questions to the prior panel about duration. in your testimony you sort of said we'll do this, but not if we have to change anything. how would you feel about a provision that said 18 months or two years of retention? >> we would be very much opposed to it. our position is as now, we

produce the records that we retain for business purposes. we do not want to be compelled to retain records beyond that. >> i don't see how we can make this change if you're not willing to make that commitment. what if you say we are only going to keep records two months. then we have lost virtually all the intelligence. >> well, senator, as technology develops, people and companies will transition from older to newer forms of technology. the kind of records that were generated by the old switched telephone system are not the same kind of records that are generated by the wireless system. as the bulk of the people's telephone usage moves from one system to the other, the kinds of records we have change. they are probably going to change again. >> i understand that. you understand the thrust of my question. you are recommending we go from the government holding the data to the companies holding the data, but as a company, you are not willing to commit to holding the data for a meaningful period of time in order to make it a --

otherwise the protection of national security becomes a loser. we can't have it both way. you can't tell us to switch but say we are going to do as we choose. >> senator, i don't think we are saying we are doing as we choose. we retain records generated in the ordinary course of business. we are not an intelligence agently. we don't conduct surveillance of our customers. we will respond to lawful requests from the records that we have. we are not -- we are opposed to being compelled records for reasons completely unconnected for our business. >> no one is asking you to collect records, it's a question of maintaining records you already have. >> our general principle in these records is we do not keep them longer than the business purpose because we learned that the longer we keep records beyond what we need them, the greater the risks the privacy of our customers. the best protection for our

customers' privacy is not to retain records beyond the period needed in the business. >> did the house examine this question with you when this legislation was passed? >> whenever asked we made this position clear, yes. >> thank you, madam chair. >> thank you very much. senator rockefeller? >> excuse me, widen is after king. >> no, no, no. thank you for getting me in such deep trouble with the chair. mr. woods, you said in your statement for the record, which we do not have, which i regret, i mean it's very unusual we don't have statements for the record, that the bottom line is

that, quote, national security is a fundamental government function that should not be outsourced to private companies." i happen to agree with that. verizon is in the business of providing other service to your customers not acting as an intelligence agency. many companies in little states like west virginia which are not called at&t, not called verizon, not called frontier which have very small operations but nevertheless they cover people, by far in west virginia. they would pay professionals to query and go through the process we talked about with the previous panel. so this bill will end the nsa's role in storing and search iing this data, transferring the responsibility for the multiple

queries from be a intelligence agency to the telephone companies. i'm not necessarily had a great experience as i indicated with the telephone companies, cramming data brokering, all kinds of other things. i started an investigations unit in the commerce committee. we never had one. i got myself subpoena power. i gave it to myself. it was a joyous moment. the experience with the telecommunications company they are moving target. you yourself used the sentence, longer than a business reason, you wouldn't keep more than the business reason. >> correct. >> the business reason may have nothing to do with as senator king said, intelligence reason. so that sounds to me like a diminished national security role for the nsa and expanded nsa, expanded national security role for verizon. i am wondering is that right? particularly, i'm wondering how

does that co-relate in any fashion with the first statement that i read that you felt they should not be outsourced to private companies? s i don't understand that. i never believed, no matter what you tell me because i was chair when we did the fisa thing, ste steny and i did a lot of that. they got liability protection. they had built up so much ill will they didn't want any part of this. it's not your business. nsa people go to work every day with only one purpose in mind. they have been trained. they are there years and years. they are not particularly looking for promotions. nobody makes any money in government, at least most people don't make any money in government. the free enterprise system is an entirely different kettle of fish. i don't attack it. my family has done rather well by it. however, in the intelligence

business, i have a very different view. i don't know why you think you should be doing this, but i really don't think you want to be. you said that you shouldn't be. yes, senator. the first statement you made reference to, we made in response to the idea that the telephone company should be retaining more data and performing the searcher analysis on behalf of the intelligence community. that's not in the usa freedom act, and we are very happy about that. it is a proposal that has been discussed as part of the larger reform discussions. we do not want that. we do not believe we should be doing that. what we are quite prepared to do, what we have done for many, many years and all sorts of telecommunications companies do is respond to targeted requests by law enforcement or by the intelligence community. and what we see in the usa freedom act is not a shift of the national security role to verizon, but rather a change in the kinds of requests that we

will get from the nsa. instead of requesting all of our call detail records, we will get a request for a targeted list of call detail records, which we will deliver much in the way we deliver records in response to law enforcement subpoenas and other authorities. now, as to the -- >> can i ask one more? >> sure. >> my time is running out. what about all these little companies that aren't called verizon, at&t and frontier? there are lots of little companies. you don't get their billing. they get their billing. >> right. >> so they are going to have to set up systems comparable to what you are going to set up if you can set it up, which i'm not sure you can because of the comparison to nsa. what about them? they can't afford to do this. all of their customers and all that billing information is just free and clear. >> well, senator, they actually are subject to fisa and other

authorities. the fbi could go to such, even very small companies with fisa orders. many of them don't have the infrastructure and just drawing from my fbi experience, law enforcement agencies and agencies like the fbi are used to dealing with that. in some cases they have to do more of the work on the government side. i think though that that is, these requirements, the security requirements, for example, already exist in fisa. it's not just peculiar to both collection. other kinds of fisa orders require that we handle this in a cleared environment, that we observe all the security procedures that are mandated by the government, by the attorney general, by the director of national intelligence. and i agree. that is a different burden for a giant telecommunications company. >> you were head of a unit which specializes in this. don't little companies don't have a unit and they don't specialize in that. they probably don't know what fisa is, except theoretically. >> i had that experience in the fbi going to someone who didn't

know, yes. it is -- that is all true, the kinds of information that the intelligence community is probably most after reside largely in a small number of rather large providers, which is you can see reflected in the programs that have existed up to now. >> maybe and maybe not. >> correct. >> thanks, senator rockefeller. senator wyden. >> thank you very much. madam chair. mr. garfield, question with respect to the economic implications of these overly broad nsa surveillance practices, and the way i come to this is the companies that are part of your organization, the technology sector, this is advantage america. this is an area where we consistently lead, we have these cutting edge technologies, got a host of exciting developments, cloud computing is just one of them. these are all