is next, but he has graciously agreed to permit senator coats, who has to catch a plane, to make a statement. >> i thank my colleague and i hope i can return a favor. in the interest of not taking time, i will make a statement for the record. i have a number of questions we could pursue as we go through this. i was taken by the words of the vice chairman when he said --xing what is not roping broken -- we have to be very careful here." unfortunately, in my opinion, there has been misrepresentation that the current pogrom regarding -- program regarding privacy concerns, and regarding suggesting the lack of significant oversight by the three branches of government, which, unfortunately, has put us in a position where i am afraid we have over-reached in terms of what we are trying to do. i take a backseat to no one regarding our constitutional

rights on personal privacy that are guaranteed to us. nevertheless, i think we must carefully review and analyze consequences of any proposed notges to ensure that we do compromise our ability to detect threats against american citizens. the sirennot play to song of the political response simply to these people that we are responding to their misperceptions, in many cases, because there is too much at stake, mainly the security of americans. compromising to please a skeptical and frequently misinform the public, and therefore losing our ability to protect americans is something we have to take very seriously. i think as we go forward we have to carefully weigh and consider the response of general alexander to my question to him in a public hearing, when i

asked him about the question of diminishing our capabilities to detect and thwart an attack. his answer was "americans will die." we i hope as we go forward keep that in mind as we examine how we are reconstructing this program, and make sure that we're doing everything we can to keep americans from dying unnecessarily. thank you very much. >> thank you, senator coats. .enator king >> thank you, madam chair. thes asked recently what intelligence committee does, and after thinking about it i said our principal job is to way to provisions of the destitution. one is the preamble, which bests us with the responsibility of providing for the common defense and assuring domestic tranquility, and the others the fourth amendment to see the people's persons, property, and affects our secure from unreasonable search and

seizures. we are consciously trying to find the right balance and that is exactly what this hearing is about today. i have expressed from the very beginning of my service on this committee reservations about the government holding the bulk data . it always struck me as an invitation to abuse. i believe strongly that we have to have institutional checks rather than reliance upon the goodwill and good nature and who faith of individuals are entrusted with that kind of information. i am a great believer in the condition thatus all power corrupts and absolute power corrupts absolutely. i believe this provision that the house is recommended is moving in the right direction. . couple of specific questions it seems to me something has to be added to the bill with a timeframe for the retention of records. the question has been asked several times what if they

changed it, well, we would go back to congress -- let's do it now. let's decide what the right number is. 18 months is what the fcc requires, i understand, but will -- under our prior consideration we were talking about three to five years, and i would like your recommendation, perhaps mr. ledgett, what the number would be. i would be happier with the number, and with a number longer than 18 months. >> from our point of view, we can live with the 18-month that the fcciod imposes, regulatory point of -- knee inhe knew the curve of effectiveness is right about there. >> 18 months you feel this efficient, but should that not be put in the statute because the house bill, as i understand, has no figure in it.

is that correct? >> that is correct. that would address the issue on the part of the total communications companies, but as i said, it is not part of the statute. we will come back to the committee. >> well, let's do it while we have the chance would be my response to that. a there going to be requirement or is there a requirement in the bill at the telecommunications companies normalize their record in some way that is useful and able to be searched in a consistent and standardized way? i notice you are not in. can you give me an effort -- nodding. can you give me an affirmative? part of the order to instruct the telik mitigation companies to work with the government to make those records -- to work with those companies, to put the records in a format that would be usable, which is

usually an electronic format. >> there was some discussion one year and a half ago about possible delays. are you comfortable that this transition from government held data to privately held data will not delay -- if we have a bombing, god forbid, at the boston marathon, are we going to be able to get at that information in a matter of minutes, or is there going to be some further delay because of this change? >> i think that because of this change i am not sure there would be a further delay. we certainly have under the bill emergency powers to try to go to the powers without even going to the court when it is truly an emergency with the authority of the attorney general. we have that ability. the attorney general then has to file a request within seven days . we also, i believe, will have the cooperation of the providers that in a true emergency they will help us go through this. i think the data, generally, is

there and quite accessible and usable in the formats they are keeping it. it is a modern era. from all of those perspectives, i would imagine if there is any delay he would be minimal. >> final question, cost -- have there been estimates of proposals from the telecommunications companies what, if any, cost will be incurred by the government in order for them to maintain the documents and the standardized format, and those kinds of things? >> senator, it is a little early to give cost estimates at this point. once the law is passed, assuming it is, we need to work with individual providers and each one of them have a different architecture. so, their architecture and our ability and need to interface with that will drive the cost figures. >> i realize this might be a strange thing coming from one of us, but it would be nice to know the cost before we passed the law. and of course, the interesting costr would be the net

because i'm sure there are savings to not have to maintain this data. i would encourage you that we need some kind of ballpark estimate before we move forward with this legislation just to not have a bad surprise at the end. thank you very much. you could submit that for the record. >> thank you senator king. senator wyden. >> thank you. to her for holding in opening a gash opened hearing. it is constructive and i commend the witnesses for being here. at me start by talking about the fact that the house bill does not ban warrantless searches through americans' e-mail, and here, mr. ledgett, if i might, we are talking about the back the loophole, which allows nsa, in effect, to look through a giant pile of communications collected under 702 and

deliberately conduct warrantless searches for the communications of individual americans. now, this loophole was closed during the bush administration, but it was reopened in 2011, and a few months ago the director of national intelligence acknowledged in a letter to me that the searches are ongoing today. i am particularly concerned about it because as global communications at increasingly interconnected, this loophole is going to grow, and grow, and grow as a threat to the privacy of law-abiding americans. for the purposes of getting on top of this and working with all of you, my question today is how many of these warrantless searches for americans communications have been conducted under section 702? for you, mr. ledgett. >> july, senator wyden -- thank you, senator wyden.

the searches under the onlyment, section 702, are conducted under unlawfully acquired data and under approved procedures. the searches are not just conducted by nsa. they involve other agencies as well. we have provided, as you know, detailed information to the committee on the background on this, and we will work with the to and the rest of the ic provide information to you. >> so, when will i get an answer to the question? it is a specific question. the director admitted to me in a letter that the wireless searches are taking place -- that the war and this searches are taking place, and i am asking how many -- warrantless searches are taking place, and i am asking how many? i would like it within two weeks. >> yes, sir.

>> can we have it within two weeks? >> we will work on that, sir. we will get you a response within two weeks. >> thank you. making some progress. now, the only other question that i had for today was at this moment, your agencies continue to vacuum up the phone records of millions of law-abiding americans, and this is because the executive branch has not taken any action to stop these practices. this others consider enormously intrusive, and the inflated claims of its value have crumbled under scrutiny, but yet right now the constitutional rights of americans are needlessly being violated while, in effect, i guess the administration waits for the congress to act. i think this is a case of bureaucratic inertia at its worst.

you,he question for all of and maybe we start with you, mr. cole, would be that given that the government could use regular pfizer orders and national security --fisa orders and national security records to obtain the phone records of terrorist and their associates, which i support, why has the bulk record collection not been ended? >> i think it is the same question that senator udall asked. the authorities we have under national security letters and other authorities absent the 215 orders we have been talking about do not really give us the tools that we need. the legislation, hr 3361 gives , --nows, including the hops , prospective information that we would not have under certain authorities. we would only get a phone number, and at the key and what it has been in contact with, and

then you would have to go back and do separate items for each terrorist and associate that is there. it is not the same tool. , i understand your agencies desire for clear statutory authority, and the chair of the committee, i think, has been constructed here in urging changes to the gives the government broad authority right now, right now, to obtain records quickly. fisa court, unquestionably, has been inclined to give the government and enormous amount of it. the fact that surveillance has taken place right now is unacceptable to me. i will continue to keep working on this and i will have more to a about it, wrote very thank you. qwest iq. -- >> thank you. -- wrote.

thank you. >> thank you. >> thank you for holding an open and public hearing. myself withto align the senators. everyone in this room and other senators know i represent the nationals 38 and he. people get up every day. we have seen the revelations of eric snowden and we are not here to debate whether he was a traitor or a whistleblower. but i will say this. i am deeply disturbed that, while i support the need to review the to 15 project, to actually even examine it, i do not see the continual immunization of the nationals cured agency, whether in the

media or in other forms. -- national security agency, whether in the media or in other forms. people do a whole host of other things to keep america safe. eric snowden had his time. he gets an hour on tv. row from brian williams. we ought to say to the national security staff, that while we looked at the persecution à la the of other issues here, that we do not -- i have always maintained our must be constitutional, legal, authorized, and believe youo you are doing your work using the q 15 program, you believe there are cost to shuttle programs, legal, authorized, and did you deem them to be necessary?

>> thank you to the -- for the messages. yes, to answer your question. i believe it was constitutionally authorized and done within the legal and procedural constraints under which we operate it. i believe every investigation has shown it to be the case. >> yes. i concur. i do believe the oversight of that program is expensive. >> we will not discuss the constitutionality there and i've urged the administration to find any x the dated -- expedited procedure to find what program is constitutional. i presume the usa act is constitutional that i will go to questions of the sets the.

i will go to the nsa and the guy. do you believe what we did under 215 was necessary? you have now reviewed this usa freedom act. do you believe they say what you deem necessary to protect the people of the united states of america, that this will enable and that your job will be able to have the choice to continue to do what you think is necessary to protect the people? >> yes, i do. i believe it helps to mitigate the gap that sanctioned 215 fill,ation is enacted to which is the x journal with the u.s. nexus, detecting that an avoiding a repeat of the 9/11 sort of attack where you had folks outside of united aids who

were talking to people inside the united states and we could not identify them. the program was designed to address that. hr 361 does as well. we allow them do the job. >> yes. i concur. use ours the fbi to authorities. it strikes the right allen's. -- right balance. the telephone company -- i am not sure. we find a telephone company.

who is to say -- does all this come under the of ready of the fcc? >> to an extent. >> in other words, will we say they release all of these things and we will tell the fcc to keep an eye on it? >> you have to break it up in different pieces. the telephone companies already hold the data. we are not doing anything new. there are already under the control of how they hold and how they do with it and things of that nature. what will remain subject of oversight is how we to acquireious tools some of that data, to use some of that data. restrictions on how much can be looked at, what it can be disseminated or, how long you can keep it, those are the kinds of things and what the standards are for getting it.

those are the and wharton questions. a lot of oversight by the executive ranch, the justice department, the a the eye, the nsa, ig offices, there is a civic provision to do reviews. still be robust reporting by congress on what is done. let's thank you. life enqueue. -- >> thank you. >> thank you. >> it seems to me we're doing something unnecessary and unpredictable here, which might , butthe public feel better which would be not good for national sick erie. that is what our job is. it seems to me we are taking a program the president determined as a legal, and important,

counterterrorism tool -- a program that has audit, tax, andns, judicial other pressure systems built and. program currently in a highly , operated byon highly change professionals who have taken an oath to defend the constitution, and who have lived up to that oath, and we are shutting it down to move the storage of that for intelligence sectors, to a private system that does not yet it this. what is the sense of that? i could and will ask you to

describe the various queries and , to protectexternal american privacy as it relates. let me ask three things. on top of that. can you describe it ivc oriented training that has to be undergone for 215 databases? or the training internal rules and external audit designed to protect privacy taken seriously at the nsa? the answer to that is yes. if this is the case, asked in why we should be moving the process to a new and system that is a free enter rises them which does that no matter how they testify, not want to do this. we went through that in i said. that's why we have to do amid the -- immunity. they did not want to do it.

it is not their training. it is not their practice. it is not the nature of their workforce. it is a high concentration. 22 people are making serious .ecisions it is a private sector operation and it is huge. not everybody is verizon and eight. there are a lot of small telephone companies that have to do the same ring. i do not give make sense. how do you compare the security pop -- possibilities of the system it does not yet exist, which i promise you is not welcome by those who would be asked to do it, to prevent -- to replace a system working well, which the public is naturally .uspicious about 39% rating , butublic never trust us

if we're doing something for national security which is trustworthy, by trustworthy evil, who were trained, and they in ae their lives to this, particular place, why cash it out? >> thank you for the questions. the current system involves a host of safeguards, to close it starts, policy procedural safe guards him a training safeguards, and safeguards around eliminating the number of people allowed to ask if the database. very restrictive, completely audited, and with software in place that prevent them from making an erroneous query that has not been authorized i the court. record in that arena is

outstanding in that regard in privacy. iotecting think those were necessary for two reasons. it is the government with the data, as opposed to someone with -- who is not the government. closelyeed to circumscribed those. the second reason is because the data was aggregated. under the new program, the data is not aggregated or held by the government. telephone companies are holding data they already possess today or there is no additional data they are holding except queries from us that have it to civic number of interest. we will work with the countries to put protections into place so our influence in a particular number does not leak out and provide warning to potential terrorist. the companies already have this data, so the implications are just in this regard.

>> it is a large order for an untested series of companies. the art and the struggle to get people trained, to have them locked in on their duty as they go to work every single day, ashley those 22, but nsa in general, where nobody has complained about the private violations. everyone is worried about what might happen. everyone is always worried about what might happen here in that it has not happened. it all comes to an end at the end of next year. we will have to look at it again. profit-making, and i have dealt with telecommunications a long time. they say many things. they do not do many things. when we started the program, which was really controversial home of a road me letters --

controversial, they wrote me letters. it ended up in the supreme court and they all lost. i would just assume not give them the chance. i am sorry it has taken along. >> no robbie there it enqueue. >> enqueue. like many of my colleagues, i want to see our intelligence collection was strength to provide more trans and the, torove ivc, and also increase oversight. at the same time, as many of us have it best, we need to ensure we have the tools necessary to help her tech our nation from terrorist attacks. i want to follow-up on some of the questions that have been

raised by senator rockefeller. under the usa freedom act, the private sector would retain phone records rather than nsa. that is a major change. i believe it was mr. cole who pointed out, yes, but they are already saving these data. they are doing so for a completely different purpose than what we are contemplating. essentially, they are doing so for billing purposes for the most part. some experts warned us that data held in the private sector are at much greater risk of being breached by hackers, being for purposesused other than that for which they

were collected, were being missed used by personnel than if the data were continued to be held by federal entities. if only to look at what has year, wherethe past the security firm called 2013 the year of the mega-breach. that had million and their personal information compromised in the target case. there was a very compelling ,eport put out by our colleague senator rockefeller, the chairman of the commerce that found private companies already collect, mind, and sell as many as 75,000 individual data points on each consumer. there was a recent report by the fcc that found that companies group virtually every american by race, hobby, medical,

conditions. things we would all think were private. there was a story a couple of years ago by the new york times that described to father of a teenager learned she was pregnant because he kept seeing all of these flyers for chris and baby clothes coming to her in the mail. thosetrast to all of searches the nsa database, are limited to a very few, highly trained personnel. limitedngle search is him audited, and logged. there are have the coal safeguards. technical safeguards. you cannot do a search that will not work here at compliance issues have to be reported to the fisa court and congress. my question for you is, how are we going to ensure that these

same kind of robust protections, even greater that many of us want to see, are in place if we are going to have the data scattered across all of these companies? i just do not see how you will datae the privacy of that and is it not inevitable that many more people will have access to the data than they do under the current is him? -- system? >> thank you. the data is and has been in the possession of the telephone company since they started giving records however many decades ago that was good what we did at nsa was get a periodic seat of the data, which we then aggregated and held in a database.

describedings you were held on a copy nsa held on it database. the billing records existed before and will continue to this regardless of the future of the 215 program and all those to hacking and that sort of thing, the telephone companies you with every day. there will notis be a government held aggregated that of telephone numbers we apply all of those protections to. we make the database go away and then rely on the billing the telephone him pennies have held for decades and continue to hold or their own purposes and we query against the. -- those. >> don't you think there is a difference between the telephone companies holding this data for billing purposes, versus holding

it and knowing the government pacific to them selectors, which will make them. about why the information is being written vested? you will have to go across a large number of companies to find the information here it is teams to me to inevitably involve more people. that is very different from the kind of .ata dump you were receiving i just want to make sure, as we privacy,g to increase strengthen the safeguards, that we do not end up doing the opposite by having this data, these data, held by the private sector. now,w they are held there but they are held for an entirely different reason.

asking thosebe private sector employees to do the queries that are now done by an extremely limited classified number. ofextremely limited number federal employees. >> i understand. we will work with the telephone companies to ensure our queries are kept in a secure fashion by people who have gone through the clearance process the government runs, to ensure they are protected the right way. >> also, if i may, in traditional law enforcement, we are regularly going to phone companies with subpoenas and things of that nature to acquire some of their billing records and him of the various and kinds of information. we go to them for pin registers on the lawn was meant i. we work with phone companies to do wiretaps on the law

enforcement side. there is a long history of working with phone companies and using their data and fist roadies from a law enforcement perspective that has given us confidence in that regard. >> thank you. >> thank you very much. >> thank you. i have a question or two in light of the recent revelation that the senator referenced that the nsa has in using a loophole of the fisa amendment act to search for americans private medications without a warrant. what some people have dubbed the search loop old, and i think it was for target reform medications. the government based on that letter believes it has the authority to deliberately search phone also were e-mailed of specific americans and to

circumvent the traditional protections hearing the five with amendment. i would ask mr. legend and old, do you believe the government should be allowed to conduct searches of his mission on u.s. citizens, collected under sections of an o2, without having to seek a warrant for that information? the way it has been viewed and has an interpreted is the first issue is whether you are legally off arise to collect the information in the first race. this is what sections of an o2 allows us to do. we target only non-us or since and only people believed to be out by the united date. those are the strict limits or there will be communications at involve americans that are incidental. they are not targeted. >> you end up collecting incidental information you're

the authorization under section 7022 let the information trumps the profession of the americans who -- would typically be afforded under the for the moment? process. is a several you are first allowed to protect the information. it is like a criminal law wired that. you collect calls a make from other people, who may not even target of your invest in addition. but you will collect those calls as well because they involve the person whose phone you are tapping. if you are legally permitted to collect the information, then you have got it and then the session is whether or not you can access that information, used information we legally possess, and this is what is different from the root i'm in the is that is going to search for the american, the u.s. or

since records, which we are not doing. we get those in deadly. we have them legally under 702 and in the russian is whether or not it look through and those records because they are already illegally hours -- illegally hours. we have not done out to the them illegally in any shape or form. legitimate from investigation, to further legitimate antiterrorism investigations and things of that nature am a we certainly have restrictions we try to waste internally on those and we try to make sure they are users on we and we try to make sure they are only used or specific possess already legally it. >> you have made the government's division very clear and i appreciate that. it is something we should

probably look at, given the at forave is opportunity reform right now. i want to get to my idle restaurant. we're running short on time already. i want to go back to the issue raised early on and hr 3361ons around how to find a specific selection term. looking back at the old draft from the house, it could set a term used uniquely to describe a person, and be, or account. that is a pretty tight version, andhe new election term means a just read terms such as, and there is a laundry list of items there. i have validation every time i see such as, because it is up to the risen reading to decide whether the next thing they imagine is are the poor is not.

>> under your interpretation of the definition, passed by the house, what are some records secluded collection on a civic election term? >> any bowl collection. what is currently being authorized by the court of the collection of all records, and internet metadata records, indiscriminately, that would be certainly,hibited. if you went to collect all the telephone records within a certain zip code, indiscriminately, that would be prohibited. focus.nt is to limit and it is to prohibit indiscriminate collection and only authorized focus and intentional collections for ace this the purpose. the reason that such as is in there is that it is very difficult to predict what you may come across that you might

need, that will for you ample involve a larger number of records and just one specific telephone call to once the of the person that once the of a kind. some of the examples i gave in my opening damon. you have somebody who you know will build an improvised explosive device using ball bearings and fertilizer or you may want to go to the stores in the area that sell ball bearings and fertilizer. it is broader than a pacific item, but it is much less than every store in america, regardless, and then sort through it. if you know a terrorist suspect stated a particular hotel for a couple of nights, but you do not know who it was only you might get the hotel fusses records for those couple of nights, to see who all the guests were at the hotel to then cross ref is that with other information to identify who the terrorist was. it is focused and

discriminating. it is not indiscriminate. but it is larger than a specific identity of a pacific person. so, we need to have enough room to do an investigation that is effective and, we need to have enough restrictions so we are not indiscriminately collecting records in bulk. if there are better ways to define it, and it is a tough one to define, but if there are better ways to define it come a we are interested in working on that. we think this doesn't. >> i appreciate your willingness to work on this. the chair brought up the issue early into the discussion. i would end this by saying, i weekend to get it right when we do a good job of defining the terms very specifically. i do not give a lot of trust to his attempt and legislative history being the that described -- that ends up holding the day in court years from now.

holds a lot more sway in the room. thank you. >> thank you, madam chairman. i have a couple of quick questions and i really appreciate so many of my into this who dug very deeply, trying to plow through these critically inortant privacy protections the essential needs of national .ecurity there are a lot of good folks at nsa in terms of their work. on senatorollow-up rockefeller and senator collins, since this is an open hearing, to at least make clear or further understand what i think we may be doing with this house bill. it was reported, when we think

about 215 in the previous program that that collected metadata that was, with those entities, those companies, that entered into some relationship , and while large , in many were involved cases, the fastest growing set , wirelessne calls calls, were actually a relatively small percentage. is that an accurate description of how the press has presented the 215 program priory i go >> yes, that is how the press representative. >> and if that was an accurate representation, wouldn't the universe of calls that are now

potentially exposed to these kinds of inquiries be dramatically larger since any telco, regardless of whether they had a relationship or not, and any type of call, whether it is wired or wireless, be subject to the inquiries now made through this process? >> that is accurate. greg so, again, with the notion here that under the guise of --ther protect they privacy a further protecting privacy, i think the number of calls would be exponentially larger than what the prior system was. is that an accurate statement? >> i don't believe so, because the only calls that the are those will see directly responsive to the predicate information we have. >> in terms of actual inquiries,

but the universe of potential , whenthat you could query prior to the calls are only queried out of the database from ,he nsa, which the report said in many cases, did not include the fastest growing number of new calls, wireless calls. now even though the number may be the same because the protections are still the same, the actual universe of potential calls that could be queried against is dramatically larger than what 215 has right now. >> potentially, yes, that's right. let me just go to one other item. one of the things, again, i will check with staff to make sure this is all appropriate to be after, one of the things to 15 did not include was location information.

and in the nature of wireless technology, you can identify where a cell phone call originates. protections privacy do we have to ensure that location data will not be queried on a going forward basis -- who holdlco to this data hold not only the billing information, but the location data as well. be up tok that would specific requests and specific court orders. right now, when we have a good basis, we can get good location information, and sometimes it's very valuable. instancenk of one where it save somebody's life who had been taken hostage, being able to get that information quickly. it will not be collected in

bulk. it will be collected in the individual circumstances that warranted. 215ut in the previous section where the data was held, not -- tion data was >> that's right, we did not get the location data with what was held in the database of the nsa and could be queried with nsa's protection, but we would always have the ability to go back to the telephone company providers in an appropriate circumstance and ask them for individual location information that we but thatoriented. >> would require an additional step. willght, and that is what happen now. >> would they be combined into a single step or a dual step? >> i think it would require the court to take a look at whether

or not it was appropriate to provide location information as well as call data records, or whether or not only call data records were appropriate. it just depends on the circumstance. andgain, my time is expired i appreciate that. it is essential to the public that while we are trying to get ,his balance right and understandably, the public has a great deal of concern about the government holding the data, there lies a number of concerns the privacy act to vests should also -- activists should also be concerned about in terms of the scope of the data as well as greater access, if we are able to go at the telcos, and reemphasizing a couple of my colleagues said, the hope is that there will be an additional, higher-level of

security standard and higher level of training, and higher level of commitment from the telcos of these individuals who are going to have access to data, that they will have the same -- i don't think the leverage will be to the standards of the folks of the nsa, but this is an issue that needs to be thoroughly vetted. thank you, madam chairman. >> thank you very much, senator warner. we have completed this panel. wyden has asked in a more charming form, then sometimes, to ask one more question. agency a to ask your question relevant to a matter that has taken a lot of our time. for each of you, just go right down the row, do you believe it would be appropriate for your senateto secretly search

files without seeking external authorization or approval? >> no. >> now, if i understand your question, by definition we are authorized to conduct a authorization of some manner. >> you would have to have the appropriate legal approvals in every instance. >> so would we. >> thank you very much. >> if i may, let me thank the audience for their attention. this is a controversial subject and i know people feel strongly. it is very much appreciated. i would also like to thank the capitol police for their attention to this. we will change panels now, and i will introduce the next panel. i would like to thank them. thank the witnesses very much.

do we have someone to change the name tag ec? [captioning performed by national captioning institute] [captions copyright national cable satellite corp. 2014] >> i would like to introduce the panel. i will introduce everyone and then begin from my left, you're right, and go down the line. the first person to be

introduced is worth the senior counsel for the center of democracy and technology, mr. geiger, deputy director for the freedom, security, surveillance project at the center for technology.d mr. geithner has written extensively on the subject of collectionrm, bulk and surveillance in general. second, mr. garfield, president and ceo of the information technology industry council , an advocacy and policy organization that represents a number of tech companies, including google, facebook, yahoo!, microsoft, and many others. mr. garfield has previously appeared he for the house judiciary committee to discuss pfizer reforms. the final witness is michael woods, assistant general counsel for verizon.

safetys the public policy team. before joining verizon, he was chief of the national security at the fbi. he published a number of peer-reviewed law articles on national security, including articles related to section 215 of the united states patriot act. and finally, we have stewart baker, a partner in the washington office of steptoe and johnson. he creepy as lee served as the first assistant secretary for in the department of homeland security. from 1992-1994, he served as counsel for the national security agency. he brings a wealth of experience in both telecom and national security law. we will begin with you mr. geithner. once again, i will point out the

five-minute clock. if you could adhere to it, it would be appreciated. >> thank you, chairman feinstein. members of the committee, thank you for holding this open me tog and inviting testify on this very important issue of surveillance reform. i wish to say that i appreciate the dedication of the members of the intelligence community and of this committee to protecting both national security and civil liberties. anhough i am here as advocate for civil liberties, i recognize that the intelligence and law enforcement communities for those who wish to cause us great harm and i also realize that a major terrorist attack is just about the worst thing that can happen to civil liberties. at the same time, in the decade since the 9/11 attacks, the pendulum has swung too far in the direction of broad surveillance and it is time for

a correction. the answer cannot be mass surveillance of individuals with no connection to a crime or terrorism. congress has an opportunity now to establish meaningful privacy protections without weakening security. whatever reform congress settles on is unlikely to be revisited for many years, so congress should not just focus on surveillance programs and technologies of today, but those of tomorrow. the freedom act as the legislation that has made the most headway in this regard. addressough it does not all surveillance issues, it does seek to address bulk surveillance. however, there is serious and widespread doubt as to whether the bill as passed by the house accomplishes its goal. bulks not use the phrase

collection as coded jargon for existing programs or nationwide surveillance dragnets. bulk collection, as any normal person would understand it, means the large-scale collection of information about individuals with no connection to a crime or investigation. in that respect, the bill does not and bulk collection. this is not just the opinion of privacy advocates, but also more than half of the cosponsors of the usa per freedom is usa privacy freedom act as well as a number of corporate leaders. is a requirement that the government use specific selection terms in its demand for data. however, the definition of specific selection is openerately ambiguous and ended and ambiguous language is what led to bulk collection in

the first place. there is nothing in the bill that would prohibit, for example, the use of verizon or gmail.com or the state of search as a specific selection term. i can believe that this current government is sufficiently's done -- sufficiently stung by in thisto address this decade, but we will be left with language that is ambiguous. we recognize the need for in making flexibility surveillance requests. with my time remaining, i would like to propose an additional safeguard and path forward. rather than trying to find some magical definition for his pacific selection term, congress should strengthen other parts of the statute, in particular existing minimization procedures, and establishment

them as a and or privacy procedures where there are none establish and privacy procedures where there are none currently. then the bill should prohibit retention of information of individuals who do not meet specific criteria as outlined in the statute. foreign powers, agents of foreign powers or in contact with foreign powers or agents of foreign powers. compliance should be subject to oversight and revisited throughout a clean if procedures -- revisited periodically if procedures change significantly. drafted properly, this could provide for both privacy and flexibility. thank you very much and i look forward to your questions.

>> on behalf of 58 of the most innovative and dynamic companies in the world, we thank you for the opportunity to appear before the panel today. it is our firm view that we have a timely opportunity to advance surveillance reform in a fashion that both reflects who we are as a nation and is well advanced our geopolitical and economic interest. it is our hope and we strongly urge the senate to see this -- i seize this opportunity, and reaffirm our commitment to doing whatever we can to be helpful in achieving that goal. my testimony today will be focused onto things, one, why it is important to act and act judiciously, and second, the steps that are necessary to be taken to ensure we have a strong bill with broad support. with regards to the first, the reason to act as because it is in our national self-interest. i am proud to represent a group of companies that are the global leaders in innovation.

as such, they compete all around the world and see firsthand the wide ranging impact of the nsa disclosures. they are able to see firsthand the economic impact, the lost business sales and lost business opportunities that most experts will be in the tens of billions of dollars. they experienced firsthand the growing contagion of persistent protectionist policies that aim to limit their ability to whether it isly, forced localization requirements limitzil or attempts to cross-border data flows, these laws are the first step to creating an internet that is creasing lay vulcanized -- is increasingly vulcanized and no longer the global internet we have all come to appreciate. if that were not bad enough, we have experienced firsthand the growing distrust of whether the united states is willing to adhere to global norms as it relates to surveillance.

all of these reasons that we think it is important to act to regain trust as we move forward expeditiously. what should we do moving forward? fortunately, there is a growing consensus as to a path forward. we released principles in january that seemed quite forward leaning at the time we release them. today, they have been largely embraced as being the way we should move forward. usa freedom act incorporates many of these principles. however, in two respects, the usa freedom act needs to be improved. two sections need to be addressed. first is one that mr. geithner addressed, bulk collection. usa freedom act endeavors to end bulk collection. the language of the heart of that, they came out of

the house intelligence and house judiciary committees, we think achieved that goal. however, the language is missing in the final bill that came out of the house, and it is no longer clear that the language will achieve the goal of bulk election. ending bulk collection. >> can you tell me exactly what language you're speaking of? >> it is the same section we have been talking about. i will conclude that by making the point that there is an opportunity to changing that definition in a way that will move forward through the house in a way that addresses the concerns we are raising without violating the interests of national security. >> the second area is transparency. >> let me just say, we would welcome any suggestion you might make in writing on an amendment to the specific selection. the same goes for anybody else. it would be most helpful if when

you say things, if you want to us in legalhing to language or not legal language, we would appreciate it. know, there isy a fair amount of conversation happening both inside this room and outside this room with the aim of coming up with language that is acceptable to the intelligence community, and there is good progress as far as i can tell being made in being able to do that. last issue is transparency. transparency is a key part in rebuilding trust both nationally and internationally. the usa freedom act takes steps to addressing that with the resolution reached between the department of justice and many of the most impacted companies who happen to be our members. there are still additional steps with regard to the bands -- with andrd to building trust

maintaining national security. let me say that i too deeply respect the work being done by the intelligence community and offer my testimony with a great deal of humility. i recognize that there is a lot we don't know. for usy, it is important to play a leadership role in finding them have forward. we look forward to working with pathcommittee -- finding a forward. we look forward to working with this committee to achieve that. >> good afternoon. i am very pleased to testify before the committee on the topic of intelligence surveillance act reforms this afternoon. i name is michael woods and am the vice president and associate general counsel for verizon communications. i am responsible for the national security and public safety portfolio in our office and the chairman has also kindly

ed my prior government service. the revelations this past summer about the ball collection of metadata have eroded public confidence in legal structures that are meant to oversee intelligence activity. there is significant concern about the impact of surveillance activities on the privacy and civil liberties of americans. for verizon, customer privacy is a top priority. we believe that any collection by intelligence agencies of our customer data should be compelled under a set of clear and agreed upon rules. we believe these rules should be backed up with effective as mucht and have transparency as possible consistent with national requirements. we support the usa freedom act because we see it is largely achieving these objectives.

transparency rules that verizon has already implemented and firmly rejects the idea that verizon or any other communications providers be compelled to maintain or collect data for these purposes. we believe the collection and analysis of data for intelligence purposes is an inherently governmental function. compelling us or any other private entity to perform this function on behalf of the government is utterly inconsistent with the protection of our customers privacy. if verizon has a legal obligation to provide customer data to an intelligence agency or a law enforcement organization, it should be limited to that data which verizon generates in the ordinary course of business, and a production of data should be compelled at arms length overseen by a court. we appreciate the careful balance congress must achieve

here. we are confident this is something you will accomplish. we stand ready to assist this committee in any way we can. much appreciate the open channel of communications that this committee has had with parties interested in this legislation and we appreciate the bipartisan way in which this committee has operated. thank you for the opportunity to testify today. i will be happy to answer your questions. >> thank you, chairman, vice chairman, senator collins, my authorizing chairman when i was last in government, a pleasure to be here. i would like to make two points. first, i don't believe we should end the bulk collection program, but it will put us at risk and slow our responses to serious terror incidents and lead us into the dark with

respect to this data as senator collins, senator rockefeller made clear. we do not know how long or how battle that -- battle will be scored. it is a very serious risk we are come inor a payoff that my view, is minimal. what i would like to talk about in the main part of my presentation is the second step, the kind of piling on step at the house undertook not only to say not only are we going to end the ball collection, but we are going to require that you show that you have one of the magic list of five identifiers that you are asking for, and if it is not on that list or does not look a lot like something on that list, you cannot ask for it purposes.ism purse let me talk a little bit about we wantedl searches

to take, did undertake in real-life terrorist incidents. the case that was a subject of a cross-country chase was investigated in part because someone reported there was a guy buying large amounts of household chemicals in beauty supply shops with a kind of shaky story. it was perfectly appropriate for go toi to say we want to all the household beauty shops and ask them is someone buying this stuff. surely, there is no one here in the panel or on the committee who would say that is an improper search. the magic selector? i don't see a magic selector here that says household products. you are not searching for a person, an entity, an account, a device. you cannot do it according to this. with the washington sniper attack him again, a terrorist

attack and we wanted to act as we surely should. the phone companies -- do you have any indication of somebody who's phone was active at every one of those sites at the time the shooting occurred? of course we should ask that question. that is not a person, an entity, an account. it's an address. but at that point you are starting to stretch the concept of address in precisely the way that senator wyden has argued against. the problem we face is this list is too short. we cannot imagine all the clues we need to follow-up in order to catch terrorist. writing words like such as in front of it does not actually accomplish the goal. i think it was intended to reduce bulk and indiscriminate

searches. at the same time, it is going to prove to be a straitjacket, notwithstanding with the deputy attorney general said. i would like to see his justifications for each of the assurances he gave us about how he was going to conduct those searches. i think it is going to require that we immediately become creative about the meaning of those words in a way that i think senator wyden would not approve but in a way that i think all of us believe should be carried out. that insteaduggest of a list of magic words that even harley geiger want to offend, we should try to find a that says what we think is necessary to avoid ball collection, and it is something along the lines of narrowing -- bulk collection, and it is something along the lines of narrowing the search, avoiding the collection of innocent party

information, it you don't know who is innocent until you have that probably is the way to get out of what i think therwise will be a solution into satisfies no one in three years. >> thank you very much. let's go to questions. just off the top of my case ut let's take the mr. bake ar just mentioned. around to wholesale beauty product companies and big chemicals, nts of large amounts of chemicals. nd somebody calls the f.b.i. and says this looks very suspicious. b.i. goes to query himl and finds that he has been in with a known al qaeda member in pakistan. problem do you have with that? >> let me see if i understand

scenario correctly. so, they have the phone records al qaeda member in pakistan and they found out that find the nameg to of this suspicious individual, they find out that the two have with each other. i don't have a problem with that. don't see why that would be prohibited under this bill. if they have the call records of the individual in pakistan, then the fact on ave record that he was in contact with this other suspect. don't know if they did or didn't on that specific point. me that that's exactly the kinds of thing we this kind to enable of collection. >> certainly. individual is in direct contact with an agent of -- foreign wer or four that is a legitimate reason to look at their records. what we are concerned with and i think everyone at the table

xpressed concern with the ambiguity of the definition but we are concerned with at least concerned with i should say is the collection of individuals who have not been in contact with the agent of a fortune power or collection -- power.n >> let me stop you because my understanding was i forget 2012, the data base was only queried 288 times. the 288 times, 12 cases ere sent to the f.b.i. for a warrant. .o, it was very selective this was not any more than that. trust the department of ustice when they say the freedom act would provide them with there capability. with is it concerned provides this capability and

capabilities that undermines the goal of bulk collection. it would enable them to do other things. what other things? what i mentioned during my opening statement. definition of collection erms is open-ended what counts as a specific selection term. it could be the state of maine. verizon. be it could be something that would sweep in a large number of individuals not connected to the investigation. i understand the need for lexibility and sometimes it will be unavoidable to gather information about people not connected with the investigation. up with scenarios like that. and in that case i believed -- why i mentioned it in y opening statement -- it should be required they use the least intrusive means as the n.s. afp does they should not retain the information of the

eople not in contact with the suspect. >> you also mentioned minimization. how would you strengthen the minimization? minimization requirements already in section 215. he other none for t statue but the u.s.a. freedom put in privacy procedures. there are none in statue for national security letters. propose doing is what i just described which is a front end the the government use the least ntrusive means possibly and ack end a clear procehibition n dissemination and contention. ones have the most minimization and did require the -- the arization of minimization of retention and proceedly business. says nothing about acquisition. i'm approaching an upgrade to

that. t least in certain circumstances where the risk that the information gathered sweep in a large number of people. think baker, what do you of that? >> first i would clarify the that i had in mind was the f.b.i. hears that somebody all of these chemicals and decides to go to multiple anybody been has big large quantities of the chemicals. for the search is chemicals. i don't see how you justify that under the statute. is exactly the conflict. and this is a real indication. question open to whether the chemicals would work with a specific selection term r the name of the store would be a specific selection term. i know specific selection term that agencies use in practice but there's not a lot of public information. hasn't been built into statute before.

>> if you knew that known somebody who is a likely terrorist was coming into the f.b.i. y and wanted to get hold of the would you limit it to one plane or say they should to all the manifests t a given time or some reasonable limit? >> i believe law enforcement does get manifests but i would the government to use the least intrusive means possible and not save the the people of all of whose records they have pulled or hey are not relevant there is no reason to suspect they are connected to the investigation. would be to get a specific name. they are looking for someone. so, it is limited. >> i was going to add that ultimately what you are hearing hough is the language, the final language in the u.s.a.

freedom act doesn't fully the equities that we're talking about. the equities mr. geiger raised privacy or mr. baker raised about protecting national security. concerted effort needs to be made to improve that language so both equities are balanced. feasible to do that. >> thank you. mr. vice chairman. to yield to senator keating, who has to leave here shortly. >> thank you, senator. just a couple of questions. the , i think i heard answer to this but i want to be that the you feel u.s.a. freedom act is superior current law. mr. geiger? >> i believe it is an current law.o >> mr. garfield? >> i believe it is an but can be as well improved. >> mr. woods? >> i agree.

> mr. baker i didn't ask you because you said unequivocally you don't agree. i appreciate that. woods, you tion, mr. heard my questions to the prior panel about duration and i think in your testimony you sort of ifd we will do there but not we have to change anything. how would you feel about a provision that said 18 months or two years of retention? >> we would be very much opposed to it. as now we produce the records we retain for business purposes. compelled ant to be to retain records beyond that. can make see how we this change if you are not willing to make that commitment. policies and ange say we will only keep records two months then we've lost intelligence the value. >> as technology develops people transition s will from older to newer forms of technology. records that were generated by the old switch the

telephone system are not the records that are generated by the wireless system. s the bulk of people's telephone usage moves from one system to the other the kinds of records change. hey are probably going to change again as things evolve. >> i understand that. but you understand the thrust of question. you are recommending we go from the government holding the data o the companies holding the data but as a company you are not willing to commit to holding perioda for a meaningful of time to make it -- otherwise he protection of national security becomes a loser. both ways, tell us to switch but is we are going to do it as we choose. we are saying k we do it as we choose. e retain records generated in the ordinary course of business. we don't collect records for the purpose of conducting of our customers. so, we will respond to lawful that ts from the records we have. we are tphnot -- we are opposed

compelled to collect records for reasons that are unconnected with our business. asking you to collect records. it is a question of maintaining ecords you already v. >> our general principle in these records is we do not keep business r than purposes because we have learned the longer we keep records beyond what we need the greater risk to the privacy of customers. so the pwbest protection for is not to ivacy need. records beyond the >> did the louse question you legislation was passed? >> we were never asked. we played it clear. >> thank you. thank you very much. it clear.ockefeller. >> thank you. >> thank you very much. senator rockefelleit clear. >> thank you. >> thank you very much. senator rockefelleit clear. >> thank you. >> thank you very much. senator rockefelleit clear.

>> thank you. >> thank you very much. it clear.ockefeller. >> thank you. >> thank you very much. senator rockefelleit clear. >> thank you. >> thank you very much. senator rockefelleit clear. >> thank you. >> thank you very much. senator rockefeller.mit clear. >> thank you. >> thank you very much. senator rockefeller.ait clear. >> thank you. >> thank you >> mr. woods, you said in your tape -- statement from the record, which we do not have, which i regret -- it is unusual we do not have statements for the record, that the bottom-line is aat "national security fundamental government function that should not be outsourced to private companies." i happen to agree with that. verizon is in the business of providing communications, not acting as an intelligence agency, and many companies in a world state like west virginia which are not called at&t, not called verizon, but have very small operations but nevertheless cover numbers of

people. west virginia is such a place. they would have to go into the business of becoming nsa trained professionals to query and go through all the processes we talked about with the previous panel. so the bill will end the nsa role of storing and searching this data. responsibilitye for queries from an intelligence agency to the telephone companies. -- i haveecessarily not had a great experience with telephone companies. data brokering, all kinds of other things. i started and investigations unit in congress. we never had one. i gave myself subpoena power. it was a joyous moment. the experience, they are a moving target. you yourself have just used a

sentence longer than a business reason. you wouldn't keep it more than business reason. that may have nothing to do with, as senator king said, an intelligence reason. so, that sounds to me like a diminished national security role for the n.s.a. and expanded national security role for verizon, and i'm really wondering if that is right and particularly i'm wondering how does that co-relate in any fashion with the first statement that i read that you felt it shouldn't be outsourced to private companies. it shouldn't be outsourced to private companies. i have never believed, no matter tell me -- because i we i chair when fisa thing but they

didn't want any part of this. the n.s.a. people go to fisa thing but they didn't want and the free people go to work every day with one purpose in mind. they have been trained and they are there for years and years and they are not particularly looking for promotions. nobody makes any money in government. at least most people don't make any money in government and the free enterprise system is different kettle of fish. i don't attack it. my family has done rather well by it. but in the intelligence business i have a very different view about why you think you should be doing this but i really don't think you want to be. and you said that you shouldn't be. >> yes, senator. the first statement that you made reference to we made in response to the idea that the telephone company should be retaining more data and performing the search or analysis on behalf of the intelligence community.

that is not in the usa freedom act, and we are very happy about that. it is a proposal discussed as part of the larger things. we don't want that. we don't believe we should be doing that. what we are prepared to do and have done for many years and all sorts of telecommunications companies do is respond to targeted requests by law enforcement or by the intelligence community. what we see in the u.s.a. freedom act is not a shift of the national security role to verizon but rather a change in the kinds of requests that we will get from the n.s.a. instead of requesting all of our call detail records we will get a request for a targeted list of call detail records which we will deliver much in the way we deliver records in response to law enforcement subpoenas and other authorities. now, as to the -- >> can i ask another question? >> sure. >> my time is running out. what about all of these little companies that are not called verizon and at&t and frontier? there are lots of little companies. you don't get their billing.

they get their billing. so they will have to set up systems that are comparable to what you is the up if you can set it up, which i'm not sure you can because of the comparison to n.s.a.? what about them? they couldn't afford to do this. so all of their customers and all of that billing information is free and clear. >> senator, they actually are subject to fisa and other authorities. the government could go to many small companies with fisa orders. many don't have the infrastructure, and drawing from my f.b.i. experience law enforcement and agencies like the fbi are used to dealing with that. sometimes they have to do more of the work on the government's side. i think that that's -- these requirements, the security requirements, for example, already exist in fisa. it is not just peculiar to bulk collection. other fisa orders require we handle this in a cleared

environment and we observe all of the security procedures that are mandated by the government, by the attorney general and director of national intelligence. i agree. that is a different burden for a giant telecommunications company. >> you were the head of the unit that specialized in that. they don't have a unit. they probably don't know what fisa is except theoretically. >> i have had that experience in the f.b.i. of going to somebody that didn't know. but while that is all true, that the kinds of information that the intelligence communities are probably most after reside largely in a small number of rather large providers, which is you can see reflected in the programs that have existed up until now. >> maybe and maybe not. >> correct. >> thank you, senator rockefeller. senator wyden.

>> mr. garfield, a question for you with respect to the economic implications of these overly broad nsa surveillance practices. the way i come to this is the companies that are part your organization, the technology sector, this is advantage mark. -- advantage america. there is an area where we consistently lead, we have these cutting edge technologies, a host of exciting development, cloud commute something just -- cloud computing just one of them. these are all areas where we have a chance in a fragile economy to create good paying innovation-oriented jobs. my take is that if a foreign enemy was doing the damage to the american economy that some of these overly broad nsa practices are doing, our citizens would be up in arms. people with be up in arms literally from coast to coast. and you have highlighted at page three of your testimony the

forester study i believe or the technology foundation, $35 billion loss to the cloud computing industry just one part of the technology sector over three years. you talk about the balkanization of the internet. i think it would be helpful if fleshed that out. i assume what you are touching on is when countries like europe and brazil and others are applying various restrictions and opportunities for access to our digital goods and services that it makes it hard for us to have that seamless internet. flesh out that concept if you would of the balkanization of the internet. because i think it is important for people to really understand the implications of the economic harm being done to the american brand. your companies have gone to great lengths to constantly

innovate, by and large they like to be left alone by government. >> that is an accurate statement. >> be left alone and innovate. i read about john chambers and those who are up in arms. flesh out how these overly broad n.s.a. practices have damaged companies and what you mean by the balkanization of the internet that you feel has taken place. by the way, i feel so strongly about there that i'm investigating it as chairman of the finance committee because i think this has big implications on the global competitiveness of some of our most important companies. we will be following up as well. >> thank you, we appreciate that. the two concepts are interrelated. the internet as i mentioned in my testimony is built on open interoperable global platforms. they are also heavily reliant on trust. so what we see in a lot of

international markets is a move toward creating barriers to that openness, that interoperating, which would lead to new governing structures where you have essentially wall gardens that are separated from the broader global internet, which is highly problematic. the benefit of the internet is that it is global and interconnected. the loss of trust as well globally, which i mentioned in my oral testimony, it is highly problematic because the reason that we have done, u.s. companies, have done so globally is because we innovate but there is a trust in what we are innovating and advancing. if you undermine both of those it results in economic loss and those are not theoretical, they are real and have broader implications not just for our companies but if the foundation of the internet is changed then all of the social good that derives from it is lost.

>> thank you. senator collins? >> thank you. mr. baker, first of all it is good to see you again. >> it is a pleasure. >> i very much appreciate the fact that you gave us some real-life examples to contemplate as we attempt to get this right, and that is what everybody on this committee wants to do. mr. woods how long does verizon , currently retain call record data for business purposes? >> that is a complex question to answer. because we have many different systems for retaining data. i would take the opportunity to say that a number of witnesses and members have referred to an f.c.c. requirement that we retain for 18 months. >> that was going to be my next question, on whether you think you are required to retain data

for 18 months. >> the answer is no. that f.c.c. requirement requires us to maintain billing records for 18 months. when that rule was enacted in the 1980's our billing records integrated a lot of call detail records. if you remember what telephone bills used to look like, they that listednd pages your calls and there was a difference between long-distance and local. as the system has evolved most of our customers, about 70% to 80% of wire line customers and over 80% of wireless customers are on unlimited type plans. so that call detail record is no longer part of billing records that we retain for f.c.c. purposes. >> but we are moving more and more toward flat fee monthly calling plans. so, i'm trying to figure out how this is going to work if you are

not going to have the kind of detailed phone numbers that could be queried. and if you are not keeping all of the data for at least 18 months. so there is no -- it sounds like you are collecting or keeping less data than you used to we -- when there were individual calls that you were charged for if you were a customer. and you are keeping them of varying length and don't accept that there is an f.c.c. requirement to keep all of that data for 18 months. and correct where i am wrong. >> to the first point, we are not generating fewer call detail records. our systems generate them. even when customers are on unlimited plans the system switches and the gateways automatically generate them.

we use them for managing the traffic across the system. as i say we have many different , systems. we are generally retaining them 12 to 18 months for purely business purposes. we satisfy the f.c.c. requirement by retaining actual copies of the billing paper work. the f.c.c. requirement is all about resolving billing disputes with customers so we keep copies of the bills. but the call detail records are still being generated. >> excuse me for interrupting. but if, after 12 months, you are purging the call detail record and just retaining the billing record, which doesn't have the call detail in many cases, then aren't you losing -- wouldn't

the government be losing access potentially to six months' worth of data? there seems to be this common assumption that there is going to be 18 months of data. it is not in the bill and you are telling me that you don't keep that kind of data across the board. >> that is correct. if a law enforcement agency or the intelligence community came to us and asked us for call detail records from three years ago, for example, we might not able to honor that request. but that is the position that all law enforcement is in right now. the bulk collection is for a longer period of time only because n.s.a. is getting a continuous feed and is keeping it themselves. even now we don't have data five years back and it would just all collection would be from our ordinary business records. >> mr. baker, do you see that as a problem from your perspective as a former intelligence

community member? >> i said this was a step into the dark and it looks like a very long step down. we don't know how much data we will be able to get by serving these orders, and whatever verizon's practices are we don't know what the practices will be at frontier or comcast or a much smaller provider. so it is going to be a very bumpy ride. >> thank you. >> thank you, senator collins. your comments to a great extent crystallize this. i would like to, since there are just the four of us, just have a brief -- you didn't get your five minutes? >> you didn't call on me. >> i'm sorry. take 10. [laughter] >> mr. geiger, mr. baker gave us

a couple of examples about the positive use of i could give you 2015. a dozen more. do you know of any abuse of the use of 215? >> if there was an abuse of section 215 it is unlikely the public would know because it would be classified and shrouded in secrecy. certainly the over broad use of it has resulted in a loss of trust in american companies and translated to real dollar loss and lost jobs. moreover, mass surveillance is itself an abuse of privacy rights of americans and human rights of people abroad and the government has a history of abuse, not just this government but governments worldwide when surveillance power is too broad. lastly there is not a lot of , evidence that the authorities are effective. we have had multiple independent review boards including the

privacy and civil liberties oversight board and the president's review group and members of this panel who have reviewed the classified evidence and have determined that less intrusive means can achieve the same ends. so, i would say not only do i not have information about abuse, i have information that the authorities that you are asking about are not effective. >> well, i would strongly disagree with you. just as a simple example that mr. baker gave about the zozzi case, had we not had 215 i'm convinced that if we had this bill in place under the facts of that case we would have probably will an explosion in the subway in new york city. and the reaction that we had after 9/11 that you referred to that may be overstepped -- and i understand what you are saying,

that is the way congress tends to act unfortunately -- the reaction would have been to the point, in my opinion, where we went be here today talking about -- we would not be here today talking about modifying in a softer way, we would be talking about modifying them in a stronger way. mr. baker, you at homeland security until 2009 or so? >> yes. >> i'm not sure how much access you have to reviewing cases that may have involved the use of 215. can you shed any light on this from a standpoint of any, number one, abuses or reasons why even stronger reasons why 215 should be maintained? >> i heard mr. geiger say he didn't know of any abuses and i agree with that. i did not see abuses. and i will say we felt so strongly about the importance of

having a large data set that we had bitter battles with the european union to make sure that we could get information on everyone who was flying into the united states. and, of course, most of them were innocent but we needed the data so we could look at most -- the most suspect passengers and give them a little bit more questioning at the border. it was an enormously effective program that relied on having a comprehensive data base, not a selective data base based on five magic terms. >> if i can clarify the earlier statement, what i said was that the overbroad use of 215 is problematic. i can see it used in ways that are not bulk connection and they can be useful. rather the evidence compiled so far is the bulk collection programs are problematic and that is what we are trying to end. >> i understand that.

mr. woods, if -- and i'm going to ask you this and you may not be able to answer because it would relate to practices of your competitors but i assume there are some generalities in your industry. let's say you were mandated to keep records by this law that we are debating and ultimately may pass. if you were mandated it keep records up to 18 months, do you have any idea what that with cost your industry? >> no, senator, i don't have any reliable figures. >> would there be a cost? >> certainly increased storage space would be a cost. i have no idea of the magnitude. >> let's say we don't mandate it and leave it wide open as the house did, which i think is a

huge mistake. and let's say that you were -- you received a query on one of your customers who was in conversation with a customer of at&t who was then in contact with a customer of sprint. under this bill, as i understand it, if you got a query then you would give information on your customer, then we would have to go back to -- d.o.j. would have to go back to the fisa court for an authorization for a query on the at&t customer and they would have to go back to the fisa court and get a query on the sprint customer. is that your understanding? >> i'm not sure exactly how the process would work.

we would respond with the call detail records of whatever we had. we have call detail records on our customer and on calls that are not by our customers but transit our system as we handle a lot of what we used to call long-distance and international calling. so we would simply respond with as much as we had which might be the call from the verizon customer to the at&t customer. it might conceivably include other c.d.r.'s relevant. >> it might but it might not. >> that is totally dependent on how the call is routed through the telephone infrastructure. >> which makes my point that, as mr. baker said -- as you said, too -- right now we have it all collected at one point and there is only one query and that one query gives us all of the numbers in that little spider

web that is built when a terrorist makes a phone call to somebody who makes another call. and the information is available instantaneously as opposed to being received by n.s.a. or f.b.i. or whoever may request it over a period of hours or even days conceivably. so, the chairman is right, this is -- and i understand your, both the problem that you, mr. garfield and you mr. geiger raised relative to the economic issues and whatnot. but let's don't kid ourselves. we are not the only ones that do this. we've got folks across the pond who do this against us. so, and it is -- it has been

necessary to interrupt and disrupt terrorist activities. you want to say something, mr. garfield. >> i want to be clear we are not suggesting not engaging in activity that would protect our national security interests. the thing we're suggesting is particularly as it relates to the language in the bill that there are ways to do that while also addressing the equities related to privacy. so, behind you is the seal of the united states. it says "e pluribus unum." it turns out the american people have lost trust in its own government domestically and internationally and the impacts of the programs will be significant. and i think it is important to come up with language that achieves what you want but ensures we are not doing it in an indiscriminate way. >> and i don't think there's anybody here that disagrees with that philosophy.

i do think there will be disagreement over how we get there. ok. >> if i can respond to your point about data retention, as has been noted earlier, the telecommunication companies and many other internet services receive millions of requests from law enforcement around the country every year and they are responding and law enforcement generally doesn't have the ability to build such a gigantic data base. there's not been any evidence so far that we have seen that a data retention mandate is necessary for the companies or law enforcement to use the data from the requests to catch criminals. moreover, a data retention mandate would be an enormous burden both in terms of technological infrastructure for small companies and start-ups but would also result in loss of user trust and potential problems with privacy and data breach.

so we urge you not to go down the road of a data retention mandate. >> the problem is as mr. woods said they may not keep these records more than two months next year and things are going to change five years from now or three years from now. we all know how fast technology changes. there's not some requirement that it be kept for some period of time, then we may as well not have this program. we will lose it and we will lose the ability to interrupt and disrupt terrorist activities. so there's going to have to be some kind of understanding or mandate that -- some kind of understanding that is firm -- or some kind of mandate in the law on a period of time. otherwise, we simply will not be able to gather the information on guys that are talking. these guys are as smart as y'all are, a lot smarter than what we

are up here. these guys that want to do bad things to us. they are going to figure out their way around it. it is already happening. we see it. mr. woods can tell you some things that would scare folks to death about the way some of the folks in the terrorist world are reacting to revelations by mr. snowden. as we sit here today, giving away this information to terrorists i assure you there are folks watching this who are making notes and they are going to use those notes to try to avoid whatever type of system we ultimately come up with. so, we've got to be mindful of that as we try to carefully craft this legislation that protects privacy rights, we all agree that that needs to be done, but at the same time protects americans. thanks, madam chair. >> thank you. senator rockefeller. >> just a quick thought.

that is the influence of negative public thinking about the activities of government. shared by most people. or all people. when before i used we have an approval rating of 9% in congress i think i was quoted correctly. i think it varies between 11% and 9%. and i think we have a responsibility to consider what that means, but at the same time looking at this committee, whose job is not to measure public reaction but to do the very best job it can do to do something called protect our national security and privacy at the same time.

him senator chambliss made a strong case in his opening statement terror is breaking out all over the world. it is the biggest growth industry in existence. and it has the enormous emotional advantage of being based upon tribal hatreds, ancient vengeance, retributions from 200 years ago, flat out racism, territorial disputes. look at what is going on in the senkaku islands off china and philippines and taiwan, south korea all of them claiming a piece of rock beneath which is a lot of oil. it is going to increase and increase and increase and increase. therefore, the need for broad and highly professionalized analysis of the intelligence

which we are able to collect, if we are able to collect enough -- some years ago we closed down a lot about efficiencies in africa. stationlot at our chiefs in africa. we paid a terrible price for that. so, i'm very conscious of being on the intelligence committee. i'm on other committees but the intelligence committee has a responsibility to do in secret for the most part this is a very rare occasion when we have are an open meeting. and i don't consider that bad. i consider it good that we do our work privately. because we can talk to each other with ways we can trust and and talk to the government and n.s.a. and c.i.a. and have our disputes in ways that are understood by all of us as we

tried to adjust to extremely malevolent fast changing events . so we better be good at collecting intelligence and protecting privacy. i'm convinced that if somebody wants to say that n.s.a. is collecting so much bulk that they could become malevolent, is a usable argument in this country. it is like if tootsie rolls tasted like lemons people probably wouldn't buy them but they don't. we have not had problems of privacy. we have the perception of problems with privacy. that we can't stop. that is not our job. our job is to protect, through intelligence and through protecting security our people.

and that is what this hearing in a sense is all about. it is not reacting to public distaste for government or for collecting information. it is just that people are afraid of government and they always have been. and that in no way diminishes our responsibility to collect, analyze, query, one hop, two hop, three hops, whatever, with fire walls built. the fisa act and patriot act was extraordinary particularly the fisa act of fire walling people being able to -- so the chair could say there were very few cases where we had to actually go after folks. very few cases. people would guess thousands and it wasn't even 25.

i just want to put that plug in for the importance of the job of the intelligence committee and why it is that we can not be swayed by public opinion. we can listen to it and learn from it but not be swayed by it away from a stronger, more protective and better protection of privacy courts. thank you. >> thank you very much, both of my colleagues. i very much agree with what you have said. if i had my druthers, do i believe that the privacy rights are better served by having the telecoms hold this or having the government hold it? i actually believe privacy rights are better served by having a limited number of people, whom you know, who you train, who are supervised, who

are no more than 22, who do the actual querying, other than hundreds that you don't know out in telephone companies. and i am really very concerned that we are going to end up next year with this whole program going down. that is a very real concern because what both of my colleagues have said and we see the intelligence and read the intelligence and we know that terror is up around the world and we know that they will come at us if they can. so, the only way you stop that is by gaining intelligence to be able to disrupt a plot. that is what has been happening. and so far so good in the main. having said that, there are so

many different views in this body that we the time comes for these sections of the patriot act to be -- that sunset next year -- there's going to be chaos. and that concerns me greatly. there is a likelihood that we get left with nothing. so my hope is the various parts of the community can come together and we can find a way. the private sector is not perfect in terms of privacy at all. i mean, i know people that don't want their homes on the google map because of privacy concerns. and there's nothing they can do about it. it is there. facial recognition. all of the internet goings on that take place, hacking, which