Open Hearing on Foreign Intelligence Surveillance Authorities, U. S. Senate Select Committee on Intelligence
Thursday, September 26, 2013
216 Hart Senate Office Building, Capitol, Washington DC
Thank you, Chairman Feinstein, Vice Chairman Chambliss, distinguished members of the committee, for inviting us here today to talk about NSA’s 215 business records program and Section 702 of FISA. I’m going to try and be brief and just focus my opening remarks on the 215 program.
NSA’s 215 program involves the collection of metadata from telephone calls, including the number that was dialed, the date and time of the call and the length of the call.
The metadata collection does not include the content of any phone calls, any names, addresses or financial information of any party to a call or cell site location information. Moreover, the vast majority of the data obtained by NSA under this program is never reviewed.
The government can only search the data if it has a reasonable, articulable suspicion that the phone number being searched is associated with certain terrorist organizations.
Only a small number of analysts can make that determination, and that determination must be documented so that it can be reviewed by a supervisor and later reviewed for compliance purposes.
This program is conducted pursuant to authorization by the FISA Court, which must reapprove the program every 90 days. Since the court originally authorized this program back in 2006, it has been reapproved on 34 separate occasions by 14 individual Article 3 judges of the FISA Court. Each reapproval indicates the court’s conclusion that the collection was permissible under Section 215 and satisfied all constitutional requirements.
Oversight of the 215 program involves all three branches of government, including the FISA Court and the Intelligence and Judiciary committees of both houses of Congress. Within the executive branch, numerous entities are involved in assessing NSA’s compliance. NSA’s director of compliance, NSA’s Office of General Counsel, the NSA inspector general and the Department of Justice as well as ODNI are all involved in this process.
Every 90 days, DOJ reviews a sample of NSA’s queries to determine whether the reasonable, articulable suspicion has been met. DOJ lawyers also meet every 90 days with NSA operators and with the NSA IG to discuss the operation of the program and any compliance issues or concerns that may arise.
We also report extensively to the FISA court and to certain committees of Congress on matters regarding compliance. We report any compliance incidents to the court immediately. We also provide to the court with 30 days report – with 30-day reports that include a review of NSA’s compliance with the reasonable, articulable suspicion standard, as well as other issues.
With respect to Congress, we have reported any significant compliance problems, such as those uncovered in 2009, to the intelligence and the judiciary committees in both houses. In 2009, the committees received the FISA court documents and the government submissions to the court related to those compliance problems. Those documents have since been declassified and released by the DNI to give the public a better understanding of how the government and the FISA court respond to compliance problems once they’re identified.
Since I last appeared before you, we have also gone to great lengths to better explain publicly why the program is lawful. In particular, the Department of Justice released a 22-page white paper, providing the administration’s legal views on the 215 program. Moreover, the FISA court has now posted on its own website the opinion that accompanied its most recent reauthorization of the 215 program.
Thus, the American public can see not just the administration’s legal views, but the FISA courts reasoning and legal views as well. Our white paper and the FISA court opinion are in agreement on the legal underpinnings of the NSA 215 program.
Under Section 215, there must be reasonable grounds to believe that the records collected are relevant to an authorized investigation to protect against international terrorism. As both the court’s opinion and our white paper explain, relevant is a very broad term that was intended to establish a relatively low bar to the collection of business records. In its ordinary sense, information is relevant to an investigation if it – and I quote – bears upon or is pertinent to that investigation, close quote.
The meaning of relevance is similarly broad in other areas and contexts in the law. In civil discovery, for example, information can be relevant, not just where it bears directly on the case, but where it reasonably could lead to other material that could bear on an issue in the case. In fact, courts have held that large repositories of information can satisfy a relevant standard where the search of the whole repository is necessary to identify the critical documents.
That is precisely the rationale that underlies NSA’s 215 collection program, and it was recognized by the FISA court. The court found that the entire collection of the bulk metadata is relevant to an international terrorism investigation, because it is necessary to allow NSA to identify telephone calls between terrorists and other persons.
This process of identifying previously unknown connections between telephone numbers associated with terrorists and other telephone numbers might not be feasible without access to the bulk metadata. For instance, identifying connections spanning back several years might not be feasible if the data were not retained and collected by NSA for a sufficient period of time, because telecommunication providers currently have no statutory obligation to retain that data.
In addition to complying with 215, NSA’s program must also comply with the Fourth Amendment of the Constitution. Here, the Supreme Court’s decision in Smith v. Maryland is directly on point: In Smith, the court held that telephone users who convey information to phone companies for the purposes of routing their calls have no reasonable expectation of privacy in that information.
Now, some have questioned the applicability of Smith because it was issued over 30 years ago, and it did not concern a situation where the government collected and retained bulk metadata and aggregated it all in one place.
However, the recent opinion of the FISA court addressed that specific issue. It noted, and I quote, where one individual does not have a Fourth Amendment interests, grouping together a large number of similarly situated individuals cannot result in a Fourth Amendment interest springing into existence, close quote.
Now, I understand that there is some interest in legislating reforms to the 215 programs and to other aspects of FISA, including the nature of the FISA court process itself. We welcome having the public debate and discussion about whether the current version of 215 and other provisions of FISA strike the right balance between our national security and the privacy of our citizens, both of which are important.
We look forward to working with this committee to address those issues and find that correct balance.
Thank you, Madam Chairman.