Hearing of the House Permanent Select Committee on Intelligence on How Disclosed NSA Programs Protect Americans, and Why Disclosure Aids Our Adversaries

Chaired by: Representative Michael J. “Mike” Rogers (R-MI)

Witnesses:

General Keith Alexander, Director, National Security Agency;

James Cole, Deputy Attorney General

John Chris Inglis, Deputy Director, National Security Agency

Sean Joyce, Deputy Director, Federal Bureau of Investigation

Robert Litt, General Counsel, Office of the Director of National Intelligence


REPRESENTATIVE MICHAEL J. “MIKE” ROGERS (R-MI):  Well, the committee will come to order. General Alexander, Deputy Attorney General Cole, Chris Inglis, Deputy Director Joyce and Mr. Litt, thank you for appearing before us today, especially on short notice. The ranking member and I believe it is important to hold an open hearing today, and we don’t do a tremendous amount of those, to provide this House and the public with an opportunity to hear directly from you how the government is using the legal authorities that Congress has provided to the executive branch since the terrorist attacks of September 11th, 2001.

I’d also like to recognize the hard work of the men and women of the NSA and the rest of the intelligence community, who work day in and day out to disrupt threats to our national security. People at the NSA in particular have heard a constant public drumbeat about a laundry list of nefarious things they are alleged to be doing to spy on Americans, all of them wrong; the misperceptions have been great, yet they keep their heads down and keep working every day to keep us safe.

And General Alexander, please convey our thanks to your team for continuing every day, despite much misinformation about the quality of their work, and thank them for all of us for continuing to work to protect America.

I also want to take this moment to thank General Alexander, who has been extended as national security adviser in one way or another three different times. That’s a patriot. This is a very difficult job at a very difficult time in our history. And for the general to accept those extensions of his military service to protect this nation, I think with all of the, again, misinformation out there, I want to thank you for that. Thank you for your patriotism. Thank you for continuing to serve to protect the United States, again in – you have that great burden of knowing lots of classified information you cannot talk publicly about. I want you to know, thank you, on behalf of America for your service to your country,

The committee has been extensively briefed on these efforts over a regular basis as a part of our ongoing oversight responsibility over the 16 elements of the intelligence community and the national intelligence program. In order to fully understand intelligence collection programs, most of these briefings and hearings have taken place in classified settings. Nonetheless, the collection efforts under the business records provision in Section 702 of the Foreign Intelligence Surveillance Act are legal, court-approved and subject to an extensive oversight regime.

We look forward to hearing from all of the witnesses about the extensive protections and oversight in place for these programs. General Alexander, we look forward to hearing what you’re able to discuss in an open forum about how the data that you obtain from providers under court order, especially under the business records provision, is used. And Deputy Attorney General Cole, we look forward to hearing more about the legal authorities themselves and the state of law on what privacy protections Americans have in these business records.

One of the frustrating parts about being a member of this committee, and really challenge, is sitting at the intersection of classified intelligence programs and transparent democracy as representatives of the American people. The public trusts their government to protect the country from another 9/11-type attack, but that trust can start to wane when they are faced with inaccuracies, half-truths and outright lies about the way the intelligence programs are being run.

One of the more damaging aspects of selectively leaking incomplete information is that it paints an inaccurate picture and fosters distrust in our government. This is particularly so when those of us who have taken the oath to protect information that can damage the national security if released cannot publicly provide clarifying information because it remains classified. It is at times like these where our enemies with – our enemies within become almost as damaging as our enemies on the outside. It is critically important to protect sources and methods so we aren’t giving the enemy our playbook. It’s also important, however, to be able to talk about how these programs help protect us so they can continue to be reauthorized, and then we highlight the protections and oversight of which these programs operate under.

General Alexander, you and I have talked over the last week about the need to be able to publicly elaborate on the success stories these authorities have contributed to without jeopardizing ongoing operations. I know you’ll have the opportunity to talk about several of those today. I place the utmost value in protecting sources and methods, and that’s why you’ve been, I think, so diligent in making sure that anything that’s disclosed comports with the need to protect sources and methods so that, again, we don’t make it easier for the bad guys overseas – terrorists, in this case – to do harm to United States citizens. And I respect that.

I also recognize that when we are forced into the position of having so publicly discuss intelligence programs due to irresponsible criminal behavior, we also have to careful to balance the need for secrecy while educating the public. I think you have struck the right balance between protecting sources and methods and maintaining the public’s trust by providing more examples of how these authorities have helped disrupt terrorist plots and connections. I appreciate your efforts in this regard.

For these authorities to continue, they must continue to be available. Without them, I fear we will return to the position where wee were prior to the attacks of September 11th, 2001, and that would be unacceptable for all of us. I hope today’s hearing will help answer questions that have arisen as a result of the fragmentary and distorted illegal disclosures over the past several days.

Before recognizing General Alexander for his opening statement, I turn the floor over to the ranking member for any opening statement he’d like to make.

REPRESENTATIVE C.A. “DUTCH” RUPPERSBERGER (D-MD): Well, I reiterate a lot of what the chairman has said. General Alexander, Chris Inglis, you know, your leadership at NSA has been outstanding.

And I just want to acknowledge the people who work at NSA every day. The NSA’s in my district. I have on occasion to communicate. And a lot of the people who go to work to protect our country, who work hard every day, are concerned that the public are – think they’re doing something wrong, and that’s not the case at all.

And the most important thing we can do here today is let the public know the true facts. I know that Chairman Rogers and I and other members have asked you to help declassify what we can that will not hurt our security, so the public can understand that this important – is legal, why we’re doing this program and how it protects us.

We’re here today because of the brazen disclosure of critical classified information that keeps our country safe. This widespread leak by a 29-year-old American systems administrator put our country and our allies in danger by giving the terrorists a really good look at the playbook that we use to protect our country. The terrorists now know many of our sources and methods.

There’s been a lot in the media about this situation – some right, a lot wrong. We’re holding this open hearing today so we can set the record straight and the American people can hear directly from the intelligence community as to what is allowed and what is not under the law. We need to educate members of Congress also, with the public.

To be clear, the National Security Agency is prohibited from listening in on phone calls of Americans without proper court-approved legal authorities. We live in a country of laws. These laws are strictly followed and layered with oversight from three branches of government, including the executive branch, the courts and Congress.

Immediately after 9/11 we learned that group of terrorists were living in the United States, actively plotting to kill Americans on our own soil, that we didn’t have the proper authorities in place to stop them before they could kill almost 3,000 innocent people. Good intelligence is clearly the best defense against terrorism.

There are two main authorities that have been highlighted in the press. The business records provision allows the government to legally collect what is called metadata – simply, the phone number and length of call, no content, no conversations. This authority allows our counterterrorism and law enforcement officials to close the gap on foreign and domestic terrorist activities. It enables our intelligence community to discover whether foreign terrorists have been in contact with people in the U.S. who may be planning a terrorist attack on U.S. soil.

The second authority is known as Section 702 of the FISA Amendment Act. It allows the government to collect the content of email and phone calls of foreigners, not Americans, located outside the United States. This allows the government to get information about terrorists, cyberthreats, weapons of mass destruction and nuclear weapons proliferation that threaten America. This authority prohibits the targeting of American citizens or U.S. permanent residents without a court order, no matter where they are located.

Both of these authorities are legal. Congress approved and reauthorized both of them over the last two years. In fact, these authorities have been instrumental in helping prevent dozens of terrorist attacks, many on U.S. soil.

But the fact still remains that we must figure out this could have happened. How was this 29-year-old systems administrator able to access such highly classified information and about such sensitive matters, and how was he able to download it and remove from his workplace undetected? We need to change our systems and practices and employ the latest in technology that will alert superiors when a worker tries to download and remove this type of information. We need to seal this crack in the system.

And to repeat something incredibly important, the NSA is prohibited from listening to phone calls or reading emails of Americans without a court order, period, end of story.

Look forward to your testimony.

REP. ROGERS: Again, thank you very much. Thanks, Dutch, for that.

General Alexander, the floor is yours.

GENERAL KEITH ALEXANDER: Chairman, Ranking Member, thank you for the kind words. I will tell you it is a privilege and honor to serve as the director of the National security Agency and the commander of U.S. Cyber Command. As you noted, we have extraordinary people doing great work to protect this country and to protect our civil liberties and privacy.

Over the past few weeks unauthorized disclosures of classified information have resulted in considerable debate in the press about these two programs. The debate has been fueled, as you noted, by incomplete and inaccurate information, with little context provided on the purpose of these programs, their value to our national security and that of our allies, and the protections that are in place to preserve our privacy and civil liberties. Today we will provide additional detail and context on these two programs to help inform that debate.

These programs were approved by the administration, Congress and the courts – from my perspective, a sound legal process that we all work together as a government to protect our nation and our civil liberties and privacy.

Ironically, the documents that have been released so far show the rigorous oversight and compliance our government uses to balance security with civil liberties and privacy.

Let me start by saying that I would much rather be here today debating this point than trying to explain how we failed to prevent another 9/11. It is a testament to the ongoing teamwork of the Central Intelligence Agency, the Federal Bureau of Investigation and the National Security Agency, working with our allies and then industry partners, that we have been able to connect the dots and prevent more terrorist attacks.

The events of the September 11th, 2001, occurred in part because of a failure on the part of our government to connect those dots. Some of those dots were in the United States. The intelligence community was not able to connect those domestic dots, phone calls between operatives in the U.S. and al-Qaida terrorists overseas.

Following the 9/11 commission, which investigated the intelligence community’s failure to detect 9/11, Congress passed the Patriot Act. Section 215 of that act, as it has been interpreted and implied, helps the government close that gap by enabling the detection of telephone contact between terrorists overseas and operatives within the United States.

As Director Mueller emphasized last week during his testimony to the – to the Judiciary Committee, if we had had Section 215 in place prior to 9/11, we may have known that the 9/11 hijacker Midhar was located in San Diego and communicating with a known al-Qaida safe house in Yemen.

In recent years these programs, together with other intelligence, have protected the U.S. and our allies from terrorist threats across the globe to include helping prevent the terrorist – the potential terrorist events over 50 times since 9/11.

We will actually bring forward to the committee tomorrow documents that the interagency has agreed on that in a classified setting gives every one of those cases for your review. We’ll add two more today publicly we’ll discuss. But as the chairman noted, if we give all those out, we give all the secrets of how we’re tracking down the terrorists as a community, and we can’t do that. Too much is at risk for us and for our allies. I’ll go into greater detail as we go through this testimony this morning.

I believe we have achieved this security and relative safety in a way that does not compromise the privacy and civil liberties of our citizens.

We would like to make three fundamental points. First, these programs are critical to the intelligence community’s ability to protect our nation and our allies’ security. They assist the intelligence community efforts to connect the dots.

Second, these programs are limited, focused and subject to rigorous oversight. They have distinct purposes and oversight mechanisms. We have rigorous training programs for our analysts and their supervisors to understand their responsibilities regarding compliance.

Third, the disciplined operation of these programs protects the privacy and civil liberties of the American people.

We will provide important details about each of those. First, I’d ask the deputy attorney general, Jim Cole, to discuss the overarching framework of our authority. Sir?

JAMES COLE: Thank you. Thank you, General.

Mr. Chairman, Mr. Ranking Member, members of the committee, as General Alexander said, and as the chairman and ranking member said, all of us in the national security area are constantly trying to balance protecting public safety with protecting people’s privacy and civil liberties in this government. And it’s a constant job at balancing this.

We think we’ve done this in these instances. There are statutes that are passed by Congress. This is not a program that’s off the books, that’s been hidden away. This is part of what government puts together and discusses. Statutes are passed. It is overseen by three branches of our government, the legislature, the judiciary and the executive branch. The process of oversight occurs before, during and after the processes that we’re talking about today. And I want to talk a little bit about how that works, what the legal framework is and some of the protections are that are put into it.

First of all, what we have seen published in the newspaper concerning 215 – this is the business records provisions of the Patriot Act that also modify FISA – you’ve seen one order in the newspaper that’s a couple of pages long that just says under that order we’re allowed to acquire metadata, telephone records.

That’s one of two orders. It’s the smallest of the two orders. And the other order, which has not been published, goes into in great detail what we can do with that metadata. How we can access it, how we can look through it, what we can do with it once we have looked through it and what the conditions are that are placed on us to make sure that we protect privacy and civil liberties and, at the same time, protect public safety.

Let me go through a few of the features of this. First of all, it’s metadata. These are phone records. These – this is just like what you would get in your own phone bill. It is the number that was dialed from, the number that was dialed to, the data and the length of time. That’s all we get under 215. We do not get the identity of any of the parties to this phone call. We don’t get any cell site or location information as to where any of these phones were located and, most importantly – and you’re probably going to hear this about 100 times today – we don’t get any content under this. We don’t listen in on anybody’s calls under this program at all.

This is under, as I said, Section 215 of the Patriot Act. This has been debated and up for reauthorization and reauthorized twice by the United States Congress since its inception in 2006 and in 2011.

Now, in order – the way it works is the – there is an application that is made by the FBI under the statute to the FISA court. We call it the FISC. They ask for and receive permission from the FISC under this to get records that are relevant to a national security investigation, and they must demonstrate to the FISC that it will be operated under the guidelines that are set forth by the attorney general under Executive Order 12333. This is what covers intelligence gathering in the federal government. It is limited to tangible objects.

Now, what does that mean? These are like records, like the metadata, the phone records I’ve been describing. But it is quite explicitly limited to things that you could get with a grand jury subpoena; those kinds of records.

Now, it’s important to know prosecutors issue grand jury subpoenas all the time and do not need any involvement of a court or anybody else, really, to do so. Under this program, we need to get permission from the court to issue this ahead of time, so there is court involvement with the issuance of these orders, which is different from a grand jury subpoena. But the type of records – just documents, business records, things like that – are limited to those same types of records that we could get through a grand jury subpoena.

Now, the orders that we get last 90 days. So, we have to re-up and renew these orders every 90 days in order to do this. Now, there are strict controls over what we can do under the order. And, again, that’s the bigger, thicker order that hasn’t been published. There’s restrictions on who can access it in this order. It is stored in repositories at NSA that can only be accessed by a limited number of people. And the people who are allowed to access it have to have special and rigorous training about the standards under which that they can access it.

In order to access it, there needs to be a finding that there is reasonable suspicion that you can articulate, that you can put into words, that the person whose phone records you want to query is involved with some sort of terrorist organizations. And they are defined – it’s not everyone; they are limited in the statute.

So, there has to be independent evidence aside from these phone records that the person you’re targeting is involved with a terrorist organization. If that person is a United States person – a citizen or a lawful permanent resident – you have to have something more than just their own speeches, their own readings, their own First Amendment-type activity. You have to have additional evidence beyond that that indicates that there is reasonable, articulable suspicion that these people are associated with specific terrorist organizations.

Now, one of the things to keep in mind is under the law, the Fourth Amendment does not apply to these records. There was a case quite a number of years ago by the Supreme Court that indicated that tow (ph) records, phone records like this that don’t include any content are not covered by the Fourth Amendment because people don’t have a reasonable expectation of privacy in who they called and when they called. That’s something you show to the phone company. That’s something you show to many, many people within the phone company on a regular basis.

Once those records are accessed under this process and reasonable, articulable suspicion is found, that’s found by specially trained people. It is reviewed by their supervisors. It is documented in writing ahead of time so that somebody can take a look at it. Any of the accessing that is done is done in an auditable fashion. There is a trail of it. So both the decision and the facts that support the accessing in the query is documented. The amount that was done, what was done – all of that is documented and reviewed and audited on a fairly regular basis.

There are also minimalization procedures that are put into place so that any of the information that is acquired has to be minimized, it has to be limited and it has – and its use is strictly limited. And all that is set out in the terms of the court order. And if any U.S. persons are involved, there are particular restrictions on how any information concerning a U.S. person can be used in this.

Now, there is extensive oversight in compliance that is done with these records and with this process. Every now and then, there may be a mistake, a wrong phone number is hit or a person who shouldn’t have been targeted gets targeted because there’s a mistake in the phone record, something like that. Each of those compliance incidents, if and when they occur, have to be reported to the FISA court immediately. And let me tell you, the FISA court pushes back on this. They want to find out whey this happened, what were the procedures and the mechanisms that allowed it to happen and what have you done to fix it. So whenever we have a compliance incident, we report it to the court immediately and we report it to Congress, we report it to the Intelligence Committees of both houses and the Judiciary Committees of both houses.

We also provide the Intelligence and Judiciary Committees with any significant interpretations that the court makes of the 215th statute. And if they make a ruling that is significant or issue an order that is significant in its interpretation, we provide those as well as the applications we made for those orders to the Intelligence Committee and to the Judiciary Committee. And every 30 days, we are filing with the FISC, with the court a report that describes how we implement this program. It includes a discussion of how we’re applying the reasonable articulable suspicions standard. It talks about the number of approved queries that we made against this database, the number of instances that the query results in containing U.S. person information that was shared outside of NSA, and all of this goes to the court. At least once every 90 days, and sometimes more frequently, the Department of Justice, the Office of the Director of National Intelligence and the NSA meet to assess NSA’s compliance with all of these requirements that are contained in the court order.

Separately, the Department of Justice meets with the inspector general for the National Security Agency and assesses NSA’s compliance on a regular basis. Finally, there is, by statute, reporting of certain information that goes to Congress in semiannual reports that we make on top of the period reports we make if there’s a compliance incident, and those include information about the data that was required and how we are performing under this statute.

So once again, keeping in mind all of this is done with three branches of government involved, oversight and initiation by the executive branch with – reviewed by multiple agencies, statutes that are passed by Congress, oversight by Congress and then oversight by the court.

Now, the 702 statute under the FISA Amendments Act is different. Under this, we do get content. But there’s a big difference. You are only allowed, under 702, to target, for this purpose, non-U.S. persons who are located outside of the United States.

So if you have a U.S. permanent resident who’s in Madrid, Spain, we can’t target them under 702. Or if you have a non-U.S. person who’s in Cleveland, Ohio, we cannot target them under 702. In order to target a person, they have to be neither a citizen nor a permanent U.S. resident, and they need to be outside of the United States while we’re targeting them.

Now, there’s prohibitions in the statute. For example, you can’t reverse target somebody. This is where you target somebody who’s out of the United States but really your goal is to capture conversations with somebody who is inside the United States. So you’re trying to do indirectly what you couldn’t do directly. That is exclusively prohibited by this statute. And if there is ever any indication that it’s being done – because again, we report the use that we make of this statute to the court and to the Congress – that is seen.

You also have to have a valid foreign intelligence purpose in order to do any of the targeting on this. So you have to make sure, as it was described, that it’s being done for defined categories of weapons of mass destruction, foreign intelligence, things of that nature. These are all done pursuant to an application that is made by the attorney general and the director of national intelligence to the FISC. The FISC gives a certificate that allows this targeting to be done for a year period. It then has to be renewed at the end of that year in order for it to be re-upped.

Now, also there is a requirement that again there is reporting. You cannot, under the terms of this statute, have and collect any information on conversations that are wholly within the United States. So you’re targeting someone outside the United States. If they make a call to inside the United States, that can be collected, but it’s only because the target of that call outside the United States initiated that call and went there. If the calls are wholly within the United States, we cannot collect them. If you’re targeting a person who is outside of the United States and you find that they come into the United States, we have to stop the targeting right away. And if there’s any lag and we find out that we collected information because we weren’t aware that they were in the United States, we have to take that information, purge it from the systems and not use it.

Now, there’s a great deal of minimization procedures that are involved here, particularly concerning any of the acquisition of information that deals or comes from U.S. persons. As I’ve said, only targeting people outside the United States who are not U.S. persons, but if we do acquire any information that relates to a U.S. person, under limited criteria only can we keep it. If it has to do with foreign intelligence in that conversation or understanding foreign intelligence or evidence of a crime or a threat of serious bodily injury, we can respond to that. Other than that, we have to get rid of it, we have to purge it and we can’t use it. If we inadvertently acquire any of it without meaning to, again, once that’s discovered, we have to get rid of it. We have to purge it.

The targeting decisions that are done are, again, documented ahead of time, reviewed by a supervisor before they’re ever allowed to take place in the beginning. The Department of Justice and the Office of the Director of National Intelligence conduct onsite reviews of each targeting that is done. They look at them to determine and go through the audit to determine that they were done properly. This is done at least every 60 days, and many times done more frequently than that.

In addition, if there’s any compliance issue, it is immediately reported to the FISC. The FISC again pushes back: how did this happen, what are the procedures, what are the mechanisms you’re using to fix this; what have you done to remedy it; if you acquired information you should have, have you gotten rid of it as you’re required? And in addition, we’re providing Congress with all of that information if we have compliance problems.

We also report quarterly to the FISC concerning the compliance issues that have arisen during that quarter, on top of the immediate reports and what we’ve done to fix it and remedy the ones that we reported.

We also – to Congress under this program, the Department of justice and the Office of the Director of National Intelligence provide a semiannual report to the FISC and to the Congress assessing all of our compliance with the targeting and minimization procedures that are contained in the court order.

We also provide a semiannual report to the FISC and to Congress concerning the implementation of the program, what we’ve done and we found. And we also provide to Congress documents that contain, again, how we’re dealing with the minimization procedures, any significant legal interpretations that the FISC makes concerning these statutes as well as the orders and the applications that would relate to that.

And on top of all of this, annually, the inspector general for NSA does an assessment, which he provides to Congress, that reports on compliance, the number of disseminations under this program that relate to U.S. persons, the number of targets that we reasonably believed at the time to be outside the United States who were later determined to be in the United States and what that was done. So in short, there is from before, during and after, the involvement of all three branches of the United States government on a robust and fairly intimate way.

I’d like to make one other observation, if I may, on this. We have tried to do this in as thorough, as protective, and as transparent a way as we possibly can, considering it is the gathering of intelligence information. Countries and allies of ours all over the world collect intelligence. We all know this. And there have recently been studies about how transparent our system is in the United States compared to many of our partners, many in the EU, countries like France, the U.K., Germany, who we work with regularly.

And a report that was just recently issued in May of this year found that the FISA Amendment Act, the statute that we’re tackling about here – and I will quote – imposes at least as much if not more due process and oversight on foreign intelligence surveillance than other countries – and this includes EU countries – and that under this, the U.S. is much more transparent about its procedures, requires more due process protections in its investigations that involve national security, terrorism and foreign intelligence.

The balance is always one we seek to strive to achieve. But I think, as I’ve laid out to you, we have done everything we can to achieve it, and I think part of the proof of what we’ve done is this report that came out just last month indicating our system is as good and, frankly, better, than all of our allies and liaison partners.

Thank you, Mr. Chairman.

GEN. ALEXANDER: Chairman, now – we’ll now switch to the value of the program and talk about some statistics that we’re putting together.

As we stated, these programs are immensely valuable for protecting our nation and securing the security of our allies. In recent years the information gathered from these programs provided the U.S. government with critical leads to help prevent over 50 potential terrorist events in more than 20 countries around the world. FAA 702 contributed in over 90 percent of these cases. At least 10 of these events included homeland-based threats. In the vast majority, business records, FISA reporting, contributed as well.

I would also point out there is a great partnership with the Department of Homeland Security in those with a domestic nexus. But the real lead for domestic events is the Federal Bureau of Investigation. It has been our honor and privilege to work with Director Mueller and Deputy Director Joyce. Well, I’ll turn it now over to Sean.

SEAN JOYCE: Thank you, General. Thank you, Chairman and Ranking Member and members of the committee, for the opportunity to be here today.

NSA and the FBI have a unique relationship and one that has been invaluable since 9/11. And I just want to highlight a couple of the instances.

In the fall of 2009 NSA, using 702 authority, intercepted an email from a terrorist located in Pakistan. That individual was talking with the individual located inside the United States talking about perfecting a recipe for explosives.

Through legal process, that individual was identified as Najibullah Zazi. He was located in Denver, Colorado. The FBI followed him to New York City. Later, we executed search warrants with the New York Joint Terrorism Task Force and NYPD and found bomb- making components and backpacks. Zazi later confessed to a plot to bomb the New York subway system with backpacks.

Also working with FISA business records, the NSA was able to provide a previously unknown number of one of the co-conspirators, Adis Medunjanin. This was the first core al-Qaida plot since 9/11, directed from Pakistan.

Another example: NSA utilizing 702 authority was monitoring a known extremist in Yemen. This individual was in contact with an individual in the United States named Kalid Uizani (ph). Uizani and other individuals that we identified through a FISA that the FBI applied for through the FISC were able to detect a (nascent ?) plotting to bomb the New York Stock Exchange. Uizani had been providing information and support to this plot. The FBI disrupted and arrested these individuals.

Also, David Headley, a U.S. citizen living in Chicago: The FBI received intelligence regarding his possible involvement in the 2008 Mumbai attacks responsible for the killing of over 160 people. Also, NSA, through 702 coverage of an al-Qaida-affiliated terrorist, found that Headley was working on a plot to bomb a Danish newspaper office that had published the cartoon depictions of the prophet Muhammad. In fact, Headley later confessed to personally conducting surveillance of the Danish newspaper office. He and his coconspirators were convicted of this plot.

Lastly, the FBI had opened an investigation shortly after 9/11. We did not have enough information nor did we find links to terrorism, so we shortly thereafter closed the investigation. However, the NSA, using the business record FISA, tipped us off that this individual had indirect contacts with a known terrorist overseas. We were able to reopen this investigation, identify additional individuals through a legal process and were able to disrupt this terrorist activity.

Thank you. Back to you, General.

GEN. ALEXANDER: So, that’s four cases total that we put out publicly. What we’re in the process of doing with the interagency is looking at over 50 cases that are classified and will remain classified that will be brought to both the intel committees of the Senate and the House; to all of you.

Those 50 cases right now have been looked at by the FBI, CIA and other partners within the community, and the National Counterterrorism Center is validating all the points so that you know that what we’ve put in there is exactly right.

I believe the numbers from those cases are something that we can publicly reveal and all publicly talk about. What we are concerned, as the chairman said, is going into more detail on how we stop some of these cases, as we are concerned it will give our adversaries a way to work around those and attack us or our allies. And that would be unacceptable.

I have concerns that the intentional and irresponsible release of classified information about these programs will have a long and irreversible impact on our nation’s security and on that of our allies. This is significant.

I want to emphasize that the foreign intelligence is the best counter – the foreign intelligence programs that we’re talking about is the best counterterrorism tools that we have to go after these guys. We can’t lose those capabilities.

One of the issues that has repeatedly come out: Well, how do you then protect civil liberties and privacy? Where’s the oversight, what are you doing on that? We have the deputy director of the National Security Agency, Chris Inglis, will now talk about that and give you some specifics about what we do and how we do it with these programs.

CHRIS INGLIS: Thank you, General Alexander.

Chairman, Ranking Member, members of the committee, I’m pleased to be able to briefly describe the two programs as used by the National Security Agency with a specific focus on the internal controls and the oversight provided. And, first, to remind these two complementary but distinct programs are focused on foreign intelligence. That’s NSA’s charge.

The first program, executed under Section 215 of the Patriot Act, authorizes the collection of telephone metadata only. As you’ve heard before, the metadata is only the telephone numbers and contact, the time and date of the call, and the direction of that call. This authority does not therefore allow the government to listen in on anyone’s telephone call, even that of a terrorist.

The information acquired under a court order from the telecommunications provider does not contain the content of any communications, what you’re saying during the course of the conversation, the identities of the people that are talking or any cell phone locational information.

As you also know, this program was specifically developed to allow the U.S. government to detect communications between terrorists operating outside the U.S. who are themselves communicating with potential operatives inside the U.S., a gap highlighted by the attacks of 9/11.

The controls on the use of this data at NSA are specific, rigorous and designed to ensure focus on counterterrorism. To that end, the metadata acquired and stored under this program may be queried only when there is a reasonable suspicion, based on specific and documented facts, that an identifier, like a telephone number, is associated with specific foreign terrorist organizations. This determination is formally referred to as the reasonable articulable suspicion standard. During all of 2012, the 12 months of 2012, we at NSA approved fewer than 300 unique numbers which were then used to initiate a query of this data set.

The second program authorized Section 702 of the Foreign Intelligence Surveillance Act authorizes targeting only for communications of foreigners who are themselves not within the United States for foreign intelligence purposes, with the compelled assistance of an electronic communications service provider. As I noted earlier, NSA being a foreign intelligence agency, foreign intelligence for us is information related to the capabilities, intentions or activities of foreign governments, foreign organizations, foreign persons or international terrorists.

Let me be very clear. Section 702 cannot be and is not used to intentionally target any U.S. citizen or any U.S. person, any person known to be in the United States, a person outside the United States if the purpose is to acquire information from a person inside the United States. We may not do any of those things using this authority.

The program is also key in our counterterrorism efforts, as you’ve heard. More than 90 percent of the information used to support the 50 disruptions mentioned earlier was gained from this particular authority.

Again, if you want to target the content of a U.S. person anywhere in the world, you cannot use this authority; you must get a specific court warrant.

I’d like to now describe in further detail some of the rigorous oversight for each of these programs. First, for the Section 215 program also referred to, business records/FISA, controls that determine how we manage and use the data are explicitly defined and formally approved by the Foreign Intelligence Surveillance Court. First, the metadata segregated from other data sets held by NSA in all queries against the database are documented and audited. As defined in the orders of the court, only 20 analysts at NSA and their two managers, for a total of 22 people, are authorized to approve numbers that may be used to query this database. All of those individuals must be trained in the specific procedures and standards that pertain to the determination of what is meant by reasonable articulable suspicion.

Every 30 days NSA reports to the court the number of queries and disseminations made during that period. Every 90 days the Department of Justice samples all queries made across the period and explicitly reviews the basis for every U.S. person or every U.S. identity query made. Again, we do not know the names of the individuals of the queries we might make.

In addition, only seven senior officials at NSA may authorize the dissemination of any information we believe that might be attributable to a U.S. person. Again, we would not know the name; it would only be the telephone number. And that dissemination in this program would only be made to the Federal Bureau of Investigation, after determining that the information is related to and necessary to understand a counterterrorism initiative.

The Foreign Intelligence Surveillance Court reviews the program every 90 days. The data that we hold must be destroyed within five years of its acquisition. NSA and the Department of Justice brief oversight committees on the employment of the program. We provide written notification of all significant developments within the program. The Department of Justice provides oversight committees with all significant Foreign Intelligence Surveillance Court opinions regarding the program.

Turning my attention to the 702 program, the Foreign Intelligence Surveillance Court annually reviews certifications, which are required by law, that are jointly submitted by the attorney general and the director of national intelligence. These certifications define the categories of foreign actors that may be appropriately targeted and by law must include specific targeting and minimization procedures that the attorney general and the court both agree are consistent with the law and the Fourth Amendment of the Constitution. These procedures require that a communication of or concerning a U.S. person must be prompt destroyed after it is identified either as clearly not relevant to the authorized purpose or as not containing evidence of a crime.

The statute further requires a number of reports to be provided to both the court and the oversight committees: the semiannual assessment by the Department of Justice and the Office of the Director of National Intelligence regarding compliance with the targeting and minimization procedures, an annual IG assessment that reports compliance with procedural requirements laid out within the order, the number of disseminations that may refer to U.S. persons, the number of targets later found to be in the United States and whether the communications of such targets were ever reviewed.

An annual director of NSA report is also required to describe the compliance efforts taken by NSA and address the number of U.S. person identities disseminated in NSA reporting.

Finally, Foreign Intelligence Surveillance Court procedures require NSA to inform the court of an novel issues of law or technology relevant to an authorized activity and any noncompliance, to include the executive branch’s plan for remedying that same event. In addition to the procedures I just described, the Department of Justice conducts on-sight reviews at NSA to sample NSA’s 702 targeting and tasking decisions every 60 days.

And finally, I would conclude with my section to say that in July of 2012, the Senate Select Committee on Intelligence, in a report reviewing the process over the four years of the laws of life at that point in time, said that across the four-year history of the program, the committee had not identified a single willful effort by the executive branch to violate the law.

GEN. ALEXANDER: So to wrap up, Chairman, first I’d like to just hit on, when we say certain officials – that certain positions that at NSA can disseminate U.S. persons data, today there are 10 people in those positions. One of those is our SIGINT operations officer. Everyone of those has to be credentialed. Chris and I are two of those officials.

I do want to hit a couple key points. First with our industry partners. Under the 702 program, the U.S. government does not unilaterally obtain information from the servers of U.S. companies. Rather, the U.S. companies are compelled to provide these records by U.S. law, using methods that are in strict compliance with that law.

Further, as the deputy attorney general noted, virtually all countries have lawful intercept programs under which they compel communications providers to share data about individuals they believe represent a threat to their societies. Communications providers are required to comply with those programs in the countries in which they operate.

The United States is not unique in this capability. The U.S., however, operates its program under the strict oversight and compliance regime that was noted above, with careful oversights by the courts, Congress and the administration. In practice, U.S. companies have put energy and focus and commitment into consistently protecting the privacy of their customers around the world while meeting their obligations under the laws of the U.S. and other countries in which they operate. And I believe they take those seriously.

Our third and final point: As Americans we value our privacy and our liberty – our civil liberties. Americans – as Americans we also value our security and our safety. In the 12 years since the attacks on September 11th, we have lived in relative safety and security as a nation. That security is a direct result of the intelligence community’s quiet efforts to better connect the dots and learn from the mistakes that permitted those attacks to occur in 9/11.

In those 12 years, we have thought long and hard about oversight and compliance and how we minimize the impact on our fellow citizens’ privacy. We have created and implemented and continued to monitor a comprehensive mission compliance program inside NSA. This program, which was developed based on industry best practices and compliance works to keep operations and technology aligned with NSA’s externally approved procedures.

Outside of NSA, the officer of the – the Office of the Director of National Intelligence, Department of Justice and the Foreign Intelligence Surveillance Court provide robust oversight, as well as this committee. I do believe we have that balance right.

In summary, these programs are critical to the intelligence community’s ability to protect our nation and our allies’ security. They assist the intelligence community’s efforts to connect the dots. Second, these programs are limited, focused and subject to rigorous oversight. They have distinct purposes and oversight mechanisms. Third, the disciplined operation of these programs protects the privacy and civil liberties of the American people.

As you noted, Chairman, the people of NSA take these responsibilities to heart. They protect our nation and our allies as part of a bigger team. And they protect our civil liberties and privacy. It has been an honor and privilege to lead these great Americans. I think Bob Litt has a couple comments to make and then we’ll turn it back to you, Mr. Chairman.

ROBERT LITT: Yes. Mr. Chairman, Mr. Ranking Member, members of the committee, I just want to speak very briefly and address a couple of additional misconceptions that the public has been fed about some of these programs.

The first is that collection under Section 702, the FISA Amendments Act, is somehow a loosening of traditional standards because it doesn’t require individualized warrants. And in fact, exactly the opposite is the case. The kind of collection that is done under Section 702, which is collecting foreign intelligence information from foreigners outside of the United States, historically was done by the executive branch under its own authority without any kind of supervision whatsoever. And as a result of the FISA amendments Act, this has now been brought under a judicial processes with the kind of restrictions and limitations that have been described by the other witnesses here. So in fact this is a tightening of standards from what they were before.

The second misconception is that the FISA court is a rubber stamp for the executive branch. and people point to the fact that the FISA court ultimately approves almost every application that the government submits to it. But this does not recognize the actual process that we go through with the FISA court. The FISA court is judges – federal district judges appointed from around the country, who take this on in addition to their other burdens. They’re all widely respected and experienced judges. And they have a full-time professional staff that works only on FISA matters.

When we prepare an application for a FISA, whether it’s under one of these programs or a traditional FISA, we first submit to the court what’s called a read copy, which the court’s staff will review and comment on. And they will almost invariably come back with questions, concerns, problems that they see, and there’s an iterative process back and forth between the government and the FISA court to take care of those concerns so that at the end of the day we’re confident that we’re presenting something that the FISA court will approve. That is hardly a rubber stamp. It’s rather extensive and serious judicial oversight of this process.

The third point – the third misconception that I want to make is that the process we have here is one that simply relies on trust for individual analysts or individual people at NSA to obey the rules. I won’t go into detail as to the oversight, because I think it’s been adequately described by the others, but the point is, there is a multilayered level of oversight, first within NNSA, then involving my agency, the Office of the Director of National Intelligence and the Department of Justice, and ultimately involving the FISA court and the Congress, to ensure that these rules are complied with.

And the last point that I – the last misconception I want to address is that this information shouldn’t have been classified and it was classified only to conceal it from the American people, and that the leaks of this information are not damaging. And Mr. Chairman and Mr. Ranking Member, you both made this point.

These are, as General Alexander said, extremely important collection programs to protect us not only from terrorists but from other threats to our national security, a wide variety. And they have produced a huge amount of valuable intelligence over the years. We are now faced with a situation that because this information has been made public, we run the risk of losing these collection capabilities. We’re not going to know for many months whether these leaks in fact have caused us to lose these capabilities, but if they do have that effect, there is no doubt that they will cause our national security to be affected.

Thank you, Mr. Chairman.

REP. ROGERS: Thank you all very much. I appreciate that. I just have a couple of quick questions. I know members have lots of questions here and I want to get to them.

Mr. Inglis, just for the record, can you describe quickly your civilian role as the deputy? You serve in that role in a civilian capacity is that correct?

  1. INGLIS Yes, sir. Across the history of NSA, there’s always been a senior serving military officer – that’s the director of the National Security Agency – and at the same time a senior serving civilian authority, and that would be the deputy director, and that’s my role.

REP. ROGERS: But you have also had military service; is that correct?

  1. INGLIS:Yes, sir, I did. I served for a period of 13 years on active duty in the United Stats Air Force and then transitioned to the National Security Agency.

REP. ROGERS: So you rose to the rank of?

  1. INGLIS:I was brigadier general in the Air National Guard. As in all things, it’s complicated. But I –

REP. ROGERS: I just wanted to get on the record that you do have – you have military service as well as your civilian service.

  1. INGLIS:I do, sir. As I transitioned from the active Air Force to the National Security Agency, I retained my affiliation with the reserve component and was pleased and proud to be able to serve in the Air National Guard for another 20 years.

REP. ROGERS: Great. Well, thank you for that service.

You mentioned in – (queries ?) of less than 300. What the – what does that mean exactly?

  1. INGLIS:In each of those cases, sir, there was a determination made by an analyst at NSA that there was a reasonable, describable, articulable suspicion that a number of interest, a telephone number of interest, might be associated with a connected plot of – a specific terrorist plot overseas, and therefore, a desire to see whether that plot had a connection into the United States. The process they go through then is as described, one where they make a –

REP. ROGERS: (Inaudible) – it’s not a – you don’t put in a name.

  1. INGLIS:We do not, sir.

REP. ROGERS: So you put in – (inaudible).

  1. INGLIS:The only thing we get from the providers are numbers. The only thing that we could possibly then bounce against that data set are numbers themselves.

REP. ROGERS: Right. So there are no names and no addresses affiliated with these phone numbers.

  1. INGLIS:No, there are not, sir.

REP. ROGERS: OK. Just phone numbers.

  1. INGLIS:That’s right, sir.

REP. ROGERS: OK. Go ahead.

  1. INGLIS:So an analyst would then try to determine whether there was a describable, must-be written documentation that would say that there is a suspicion that this is attributed to a foreign terrorist plot and there might be a U.S. nexus. After having made that determination, they would make a further check to determine whether it is possible to discern that this might be associated with the U.S. person. The way you would infer that is you might look at the area code and say that area code could likely be in the United States. We all know that within this area, that if you see an area code that begins with 301, that would be Maryland. That would be your only insight into whether or not this might be attributable to a U.S. person.

If that were to be the case, then the case for reasonable, articulable suspicion must get a further review to ensure that this is not a situation where somebody is merely expressing their First Amendment rights. If that’s all that was, if they were merely expressing their First Amendment rights, however objectionable any person might find that, that is not a basis to query the database.

If it gets through those checks, then at that point it must be approved by one of those 20 plus two individuals, 20 analysts, specially trained analysts, or their two managers, such that it might then be applied as a query against the data set. Again, the query itself would just be a number and a query against the data set would then determine whether that number exists in the database. That’s how that query is formed. Again, last year –

REP. ROGERS: So the response is not a name, it’s not an address, it’s a phone number.

  1. INGLIS:It cannot be. If it were to be a name or if it were to be address, there would be no possibility that the database would return any meaningful results since none of that information is in the data.

REP. ROGERS: So just a phone number pops back up. Just a phone number.

  1. INGLIS:What comes back if you clear the database are phone numbers that were in contact, if there are any, with that number. And again, the other information in that database would indicate that call occurred and what the duration of that call would – were to be.

REP. ROGERS: Again, I just want to make very clear, there are no names and no addresses in that database.

  1. INGLIS:There are not, sir.

REP. ROGERS: Right. And why only less than 300 queries of phone numbers into that database?

  1. INGLIS:So only less than 300 numbers were actually approved for query against that database. Those might have been applied multiple times, and therefore, there might be some number greater than that of actual queries against the database. But the reason there were so few selectors approved is that the court has determined that there is a very narrow purpose for this use. It can’t be to prosecute a greater understanding of a simply domestic plot. It cannot be used to do anything other than terrorism. And so therefore, there must be well-defined, describable written determinations that this is a suspicion of a connection between a foreign plot and a domestic nexus. If it doesn’t meet those standards, then – (inaudible).

REP. ROGERS: And are those queries reported to the court?

  1. INGLIS:Those queries are all reported to the Department of Justice, reviewed by the Department of Justice. The number of those queries are reported to the court at any time that there is a dissemination associated with a U.S. person.

REP. ROGERS: And is there a court-approved process in order to make that query into that information of only phone numbers?

  1. INGLIS:(Inaudible) – the court explicitly approves the process by which those determinations are made, and the Department of Justice now provides a rich oversight auditing of that capability.

REP. ROGERS: Great. Thank you.

General Alexander, are – is the NSA on private companies’ servers as defined under these two programs?

GEN. ALEXANDER: We are not.

REP. ROGERS: Is – does the NSA have the ability to listen to Americans’ phone calls or read their emails under these two programs?

GEN. ALEXANDER: No, we do not have that authority.

REP. ROGERS: Does the technology exist at the NSA to flip a switch by some analyst to listen to Americans’ phone calls or read their emails?

GEN. ALEXANDER: No.

REP. ROGERS: So the technology does not exist for any individual or group of individuals at the NSA to flip a switch, to listen to Americans’ phone calls or read their emails.

GEN. ALEXANDER: That is correct.

REP. ROGERS: Right. When – Mr. Joyce, if you could help us understand that, if you get a piece of a number – there has been some public discussion that, gosh, there’s just not a lot of value in what you might get from a program like this that has this many levels of oversight.

Can you talk about how that might work into an investigation to help you prevent a terrorism attack to the United States?

  1. JOYCE:Certainly, investigating terrorism is not an exact science and it’s like a mosaic. And we try to take these disparate pieces and bring them together to form a picture. There are many different pieces of intelligence. We have assets, we have physical surveillance, we have electronic surveillance; through a legal process, phone records; through additional legal process, financial records; also, these programs that we’re talking about here today. They’re all valuable pieces to bring that mosaic together and figure out how these individuals are plotting to attack the United States here or whether it’s U.S. interests overseas.

So every dot – as General Alexander mentioned, we hear the cliche frequently after 9/11 about connecting the dots. I can tell you, as a team and with the committee and with the American public, we come together to put all those dots together to form that picture to allow us to disrupt these activities.

REP. ROGERS: All right, thank you.

Given the large number of questions by members, I’m going to move along. Mr. Ruppersberger for a brief – (off mic).

REP. RUPPERSBERGER: And I want to thank all the witnesses for your presentation, especially Mr. Cole. You – very good presentation and I think you explained the law in a very succinct way. You know, it’s unfortunate sometimes when we have incidents like this that a lot of negative or false information gets out.

I think though that those of us who work in this field, in the intelligence field every day, know what the facts are, and we’re trying to now present those facts through this panel. That’s important. But I would say that if I weren’t in this field and if I weren’t listening to the media accounts of what occurred in the beginning, I would be concerned too. So this is very important that we get the message out to the American public that what we do is legal and we’re doing it to protect our national security from attacks from terrorists.

Now, one area that – and Mr. Litt, you addressed this – but I think it’s important to just re-emphasize the FISA court. And again, it’s unfortunate, when people disagree with you, they attack you, they say things that aren’t true. We know that these are federal judges in the FISA court, that they have integrity and that they will not approve anything that they feel is wrong. We have 90-day periods where the court looks at this issue.

I want to ask you though, General Alexander, do you feel in any way that the FISA court is a rubber stamp, based on the process? Our forefathers created a great system of government, and that’s checks and balances. And that’s what we are and that’s what we do in this country to follow our Constitution. It’s unfortunate that these federal judges are being attacked.

GEN. ALEXANDER: I do not. I believe, as you have stated, that the federal judges on that court are superb. Our nation would be proud of what they do and the way they go back and forth to make sure we do this exactly right, and every time we make a mistake, how they work with us to make sure it is done correctly, to protect our civil liberties in privacy and go through the court process.

All have been extremely professional. There is, from my perspective, no rubber stamp. It’s kind of interesting, it’s like saying you just ran a 26-mile marathon and somebody said, well, that was just a jog. Every time we work with the court, the details and the specifics of that that go from us up through the FBI, through the Department of Justice and through the court, on each one of those orders that we go to the court, there is tremendous oversight, compliance and work. And I think the court has done a superb job.

More importantly, if I could, what we worked hard to do is to bring all of these – all of these under a court supervision for just this reason. I mean, we’ve done the right thing, I think, for our country here.

Thank you.

REP. RUPPERSBERGER: OK, well, thanks for that answer.

The second thing that I want to get into, General Alexander, the public are saying, well, how did this happen? We have – we have rules, we have regulations, we have – individuals who work in intelligence go through a system of being classified. And yet, here we have a technical person who had lost some jobs, had a background that wasn’t always – would be considered the best. We have to learn from mistake, how they’ve occurred.

What system are you or the director of national intelligence of the administration putting into effect now to make sure what happened in this situation, that if another person were to turn against his or her country, that we would have an alarm system that would not put us in this position right now?

GEN. ALEXANDER: So this is a very difficult question, especially when that person is a system administrator and they get great access –

REP. RUPPERSBERGER: Why don’t you explain what a system administrator – (off mic)?

GEN. ALEXANDER: The system administrator is one that actually helps operate, run, set the conditions, the auditing and stuff on a system or a portion of the network.

When one of those persons misuses their authorities, this is a huge problem.

So working with the director of national intelligence, what we are doing is working to come up with a two-person rule and oversight for those and ensure that we have a way of blocking people from taking information out of our system.

This is work in progress. We’re working with the FBI on the investigation. We don’t have all the facts yet. We’ve got to get those. And as we’re getting those facts, we are working through our system. Director Clapper has asked us to do that and providing that feedback to the rest of the community.

REP. RUPPERSBERGER: OK. Thank you.

I yield back.

REP. ROGERS: Mr. Thornberry.

REPRESENTATIVE MAC THORNBERRY (R-TX): Thank you, Mr. Chairman, and thank you all for being here and for making some additional information available to the public. I know it’s frustrating for you, as it is for us, to have these targeted narrow leaks and not be able to talk about the bigger picture.

General Alexander, you mentioned that you’re going to send us tomorrow 50 cases that have been stopped because of these programs, basically. Four have been made public to this point, and I think there are two new ones that you are talking about today.

But I would invite you to explain to us both of those two new cases, Molen (ph) and the Operation Wifi case. And one of them starts with a 215 – one of them starts with a 702. And so I think it’s important for you to provide the information about how these programs stopped those terrorist attacks.

GEN. ALEXANDER: OK. I’m going to defer this, because the actual guys who actually do all the work when we provide it is the FBI and get it exactly right. I’m going to have Sean do that.

Go ahead, Sean.

  1. JOYCE:So, Congressman, as I mentioned previously, NSA on the Op Wifi, which is Khalid Ouazzani out of Kansas City – that was the example that I had referred to earlier. NSA, utilizing 702 authority, identified a(n) extremist located in Yemen. This extremist located in Yemen was talking with an individual located inside the United States, in Kansas City, Missouri. That individual was identified as Khalid Ouazzani.

The FBI immediately served legal process to fully identify Ouazzani. We went up on electronic surveillance and identified his co-conspirators. And this was the plot that was in the very initial stages of plotting to bomb the New York Stock Exchange. We were able to disrupt the plot, we were able to lure some individuals to the United States, and we were able to effect their arrest. And they were convicted for this terrorist activity.

REP. THORNBERRY: OK. Just so I – on that plot, it was under the 702, which is targeted against foreigners – that some communication from this person in Yemen back to the United States was picked up, and then they turned it over to you at the FBI to serve legal process on this person in the United States.

  1. JOYCE:That is absolutely correct. And if you recall, under 702, it has to be a non-U.S. person outside the United States and then also one of the criteria is link to terrorism.

REP. THORNBERRY: OK. Would you say that this – their intention to blow up the New York Stock Exchange was a serious plot, or is this something that they kind of dreamed about, you know, talking among their buddies?

  1. JOYCE:I think the jury considered it serious, since they were all convicted.

REP. THORNBERRY: OK. And what about the other plot, October 2007, that started, I think, with a 215?

  1. JOYCE:I referred to that plot. It was a(n) investigation after 9/11 that the FBI conducted. We conducted that investigation and did not find any connection to terrorist activity.

Several years later, under the 215 business record provision, the NSA provided us a telephone number only in San Diego that had indirect contact with an extremist outside the United States.

We served legal process to identify who was the subscriber to this telephone number. We identified that individual. We were able to, under further investigation and electronic surveillance that we applied specifically for this U.S. person with the FISA Court, we were able to identify co-conspirators, and we were able to disrupt this terrorist activity.

REP. THORNBERRY: I’m sorry. Repeat for me again what they were plotting to do.

  1. JOYCE:It was actually – he was providing financial support to an overseas terrorist group that was a designated terrorist group by the United States.

REP. THORNBERRY: But there was some connection to suicide bombings that they were talking about, correct?

  1. JOYCE:Not in the example that I’m citing right here.

REP. THORNBERRY: Oh, I’m sorry, the group in Somalia to which he was financing, that’s what they – that’s what they do do in Somalia. Correct?

  1. JOYCE:That is correct, and as you know as part of our classified hearings regarding the American presence in that area of the world.

REP. THORNBERRY: OK. Thank you. Chairman, I yield back.

GEN. ALEXANDER: If I could, Congressman, just hit a couple key points. It’s over 50 cases. And the reason I’m not giving you a specific number is we want the rest of the community to actually beat those up and make sure that everything we have there is exactly right. I’d give you the number 50-X, but if somebody says, well, not this one. Actually, what we’re finding out is there’s more. They said you missed these three or four. So those are being added to the packet.

On the top of that packet, we’ll have a summary of all of these – the listing of those. I believe those numbers are things that we can make public – that you can use; that we can use. And we’ll try to give you the numbers that apply to Europe as well – as well as those that had a nexus in the United States.

The issue on terms of releasing more on the specific overseas cases is that our – it’s our concern that in some of those, now, going into further details of exactly what we did and how we did it, may prevent us from disrupting a future plot. So that’s something that’s work in progress. Our intent is to get that to the committee tomorrow for – both intel committees, for the Senate and the House.

REP. THORNBERRY: Thank you.

REP. ROGERS: Mr. Thompson.

REPRESENTATIVE MIKE THOMPSON (D-CA): Thank you, Mr. Chairman. Thank you all very much for being here and for your testimony and for you service to our country. Mr. Litt, before going to a hearing, does or has the FISA Court ever rejected a case that’s been brought before it?

  1. LITT:I believe the answer to that is yes, but I would defer that to the deputy attorney general.
  2. COLE:It has happened. It’s not often, but it does happen.

REP. THOMPSON: Thank you. Mr. Cole, what kinds of records comprise the data collected under the business records provision?

  1. COLE:There’s a couple of different kinds. The short hand, and it’s required under the statute, is the kinds of records you could get with a grand jury subpoena. These are business records that already exist. It could be a contract. It could be something like that.

In this instance that we’re talking about for this program, these are telephone records. And it’s just like your telephone bill. It’ll show a number called, the date the number was called, how long the call occurred, a number that called back to you. That’s all it is, not even identifying who the people are that’s involved.

REP. THOMPSON: Have you previously collected anything else under that authority?

  1. COLE:Under the 215 authority?

REP. THOMPSON: Correct.

  1. COLE:I’m not sure, beyond the 215 and the 702, that – answering about what we have and haven’t collected has been declassified to be talked about.

REP. THOMPSON: OK. It was said that there’s been cases where there was data inadvertently or mistakenly collected and then subsequently destroyed. Is that –

  1. COLE:That’s correct.

REP. THOMPSON: And they’re actually has been data that has been inadvertently collected and it was destroyed, nothing else was done with it?

  1. COLE:That’s correct. This is a very strict process that we go through in that regard. You can get a wrong digit on a phone number and you collect the wrong number, something like that. And when that’s discovered that’s taken care of in that way.

REP. THOMPSON: And who does the checking? Who determines if something has been inadvertently collected and then decides that it’s – needs to be destroyed?

  1. COLE:Well, I’ll refer over to NSA in the first instance because they do a very robust and vigorous check internally themselves. But then as an after the fact the Department of Justice and ODNI and the inspector general for NSA also do audits and make sure that we understand all the uses and if there’s any compliance problems that they’re identified, they’re given to the court, they’re given to the Congress and they’re fixed.

REP. THOMPSON: I don’t think I need anything more than that.

General Alexander, could you tell us what Snowden meant during this chat thing that he did when he said that NSA provides Congress with, and I quote, “a special immunity,” to its surveillance?

GEN. ALEXANDER: I have no idea.

REP. THOMPSON: Anybody else?

GEN. ALEXANDER: I’m not sure I understand the context of the special immunity.

REP. THOMPSON: I don’t either. That’s why I –

GEN. ALEXANDER: (Inaudible) – with special respect. (Laughter.)

REP. THOMPSON: He said, with a special immunity to its surveillance.

GEN. ALEXANDER: I have no idea. I think it may be in terms of disseminating any information – let’s say not in this program but in any program that we have, if we have to disseminate U.S. persons data or a threat to a U.S. member of Congress, we’re not allowed to say the name unless it’s valuable to one of the investigations (or something ?). So we can’t just put out names and stuff in our thing. So part of the minimization procedures protects the who. Did you want to add to that?

REP. THOMPSON: No, I would simply have said that your status as U.S. person gives you a special status, as we’ve described throughout this hearing. If you – if that does surface, and you figure that out, you’ll get that information to us?

Also, the president kind of suggested, I guess, in his television interview the other night that the New York subway bomber could not have been or would not have been caught without PRISM. Is that true?

GEN. ALEXANDER: Yes. That is accurate. Without the 702 tool, we would not have identified Najibullah Zazi.

REP. THOMPSON: Thank you. I have no further questions. I yield back the balance of my time.

REP. ROGERS: Mr. Miller.

REPRESENTATIVE JEFF MILLER (R-FL): Thank you, Mr. Chairman.

General Alexander, which agency actually presents the package to the FISA court for them to make their decision?

GEN. ALEXANDER: Well, it’s actually the business records FISA. It’s the FBI – (inaudible) – go ahead.

  1. JOYCE (?): The FBI is part of the process. It then goes over to the Department of Justice, and they are the ones – if the DAG wants to comment on that.
  2. COLE:The formal aspect of the statute allows the director of the FBI to make an application to the court. The Justice Department handles that process. We make the – put all the paperwork together. And it must be signed off on before it goes to the court by either the attorney general, myself or if we have a confirmed assistant attorney general in charge of the national security division, that person is authorized. But it has to be one of the three of us to sign it before it goes.

REP. MILLER: And the court is a single judge?

  1. COLE:The judges sit kind of in rotation in the court, presiding over it. These are all Article III judges. They have lifetime appointments. They have their districts that they deal with. And they are selected by a chief justice to sit on a FISA court for a period of time. And so they will rotate through and be the duty judges that are required for this.

REP. MILLER: I guess the crux of my question is, would there be a way that if you did not get the answer that you wanted from a certain judge, could you go to another FISA court judge and ask for another opinion?

  1. COLE:I think that would be very, very difficult to do because the staff at the FISA court does a great deal of the prep work, and they’re going to recognize when they have thrown something back that if you’re coming back and you haven’t made any changes to correct the deficiencies to cause them to throw it back, my guess is they’ll throw it back again.

REP. MILLER: And I think that one of the things that a lot of people don’t understand – and it was alluded to by Mr. Litt – and I think, Mr. Cole, you have also discussed it – and that’s the read- ahead document that the court gets, the opportunity – a lot of focus has been made on the fact that, as my colleague, Mr. Thompson, said, court’s a rubber stamp, but they do have an opportunity to review the documents prior to rendering a decision.

  1. COLE:They do. And it’s by no means as a rubber stamp. They push back a lot. And when they see something, they – these are very thick applications that have a lot in them. And when they see anything that raises an issue, they will push back and say we need more information about this area, we need more information about that legal issue, we need more information about your facts in certain areas. This is by no means a rubber stamp. There is an enormous amount of work, and they make sure, they’re the ones to make sure that the privacy and the civil liberty interests of the United States citizens are honored. They’re that bulwark in this process. So they have to be satisfied.

REP. MILLER: There’s been some discussion this morning on the inadvertent violation of a court order where data has been collected and then destroyed, but has there ever been any disciplinary action taken on somebody who inadvertently violated an order?

  1. COLE:Not that I’m aware of. And I think one of the statistics that Mr. Inglis had included in his comments was that in the history of this, there has never been found an intentional violation of any of the provisions of a court order or any of the collection in that regard.

So, the nature of the kinds of anomalies that have existed were technical errors or typographical errors; things of that nature as opposed to anything that was remotely intentional. So, it would be in those instances no reason for discipline. There may be reason to make sure our systems are fixed so that a technical violation or technical error doesn’t exist again because we’ve identified it. But nothing intentional.

  1. LITT:Can I just add one thing to that point? An important part of the oversight process that the Department of Justice and the ODNI engage in is when compliance problems are identified. And the vast majority of them are self-identified by NSA. But when a compliance issue is identified, we go and look at it and say, OK, are there changes that need to be made in the system so that this kind of mistake doesn’t happen again? It’s a constantly improving process to prevent problems from occurring.

REP. MILLER: Thank you, yield back.

REP. ROGERS: Ms. Schakowsky.

REPRESENTATIVE JAN SCHAKOWSKY (D-IL): Thank you, Mr. Chairman.

General Alexander, do you feel that this open hearing today jeopardizes in any way our national security?

GEN. ALEXANDER: I don’t think the hearing itself jeopardizes it. I think the damage was done in the release of the information already. I think today what we have the opportunity is, where it makes sense, provide additional information on the oversight, the compliance and some of the statistics without jeopardizing it.

So, to answer your question, no, we’re being very careful to do that. And I appreciate what the committee has done on that.

REP. SCHAKOWSKY: How many people were in the same position as Snowden was as a systems manager to have access to this information that could be damaging if released?

GEN. ALEXANDER: Well, there are system administrators throughout NSA in our – all our complexes around the world. And there is (on ?) the order of 1,000 system administrators – people who actually run the networks – who have, in certain sections, that level of authority and ability to interface with the system,s

REP. SCHAKOWSKY: How many of those are outside contractors rather than –

GEN. ALEXANDER: The majority are contractors. As you may know – as you may recall, about 12, 13 years ago, as we tried to downsize our government workforce, we pushed more of our information technology workforce or system administrators to the contract arena. That’s consistent across the intelligence community.

REP. SCHAKOWSKY: I would – I would argue that this conversation that we’re having now could have – could have happened, unlike what you said, Mr. Litt – and perhaps we disagree also, General Alexander – that the erosion of trust, the misconceptions and the misunderstandings that resulted – and why one would assume that when there’s 1,000 – are there any more than 1,000, by the way, do you think?

GEN. ALEXANDER: Well, we’re actually counting all those positions. I’ll get you an accurate number.

REP. SCHAKOWSKY: – that some of this information would not have become public and that the effort that has to convince the American public of the necessity of this program, I think, would suggest that we would have been better off at having a discussion of the rigorous oversight, the legal framework, et cetera, up front and how this could prevent, perhaps another 9/11; in fact, 50 or so attacks.

Let me ask you this, Mr. Cole. You know, you were talking about transparency and you were saying that – essentially that while the Verizon phone records order looked bad on its face, that there are other FISA court orders that talk in more depth about the legal rationale about what we’re – what we’re doing. So, will you release those court opinions with the necessary redactions of course? And if not, why?

  1. COLE:Well, I’m going to refer that over to Mr. Litt because the classifying authority on that would be DNI.
  2. LITT:As you may know, we have been working for some time on trying to declassify opinions of the FISA court. It’s been a very difficult task because, like most legal opinions, you have facts intermingled with legal discussion. And the facts frequently involve classified information, sensitive sources and methods. And what we’ve been discovering is that when you remove all the information that needs to be classified, you’re left with something that looks like Swiss cheese and is not really very comprehensible.

Having said that, I think as General Alexander said, there’s information out in the public domain now. There is – the director of national intelligence declassified certain information about these programs last week. And as a result of that, we are going back, taking another look at these opinions to see whether, in light of that declassification, there is now – we can make a more comprehensible release of the opinion. So the answer to that is we are looking at that, and frankly, we would like to release into the public domain as much of this as we can without compromising national security.

REP. SCHAKOWSKY: I think, General Alexander – so what other types of records are collected under the Section 215? Can you talk about that at all?

GEN. ALEXANDER: Yeah, for NSA, the only, the only records that are collected under Business Records 215 is this telephony data. That’s all.

REP. SCHAKOWSKY: And is there authorization to collect more?

GEN. ALEXANDER: Under 215, for us, no. This is the only that we do. Now, it gets into other authorities, but it’s not ours, and I don’t know if the – I’ll pass that to the attorney general, because you’re asking me now outside of NSA.

  1. COLE:215 is generally – is a general provision that allows the acquisition of business records if it’s relevant to a national security investigation. So that showing has to be made to the court to allow that subpoena to issue that there is a relevance and a connection.

And that can be any number of different kinds of records that a business might maintain, customer records, purchase orders, things of that nature. Somebody buys materials that they could make an explosive out of, you could go to a company that sells those and get records of the purchase, things of that nature.

REP. SCHAKOWSKY: What about emails?

  1. COLE:Emails would not be covered by business records in that regard. You would have to, under the Electronic Communications Privacy Act, get specific court authorization for emails that stored content. If you’re going to be looking at them in real time while they’re going, you’re going to have a separate FISA court order that would allow you to do that. It wouldn’t be covered by the business records.

REP. SCHAKOWSKY: Thank you, Mr. Chairman.

GEN. ALEXANDER: Then just to make sure, one clear part on the system administrator (verses ?), so what you get access to is helping to run the network and the web service that are on that network that are publicly available. To get to any data like the business records 215 data that we’re talking about, that’s in an exceptionally controlled area. You would have to have specific certificates to get into that.

I am not aware that he had – he, Snowden – had any access to that.

And on the reasonable, articulable suspicion numbers and on what we’re seeing there, I don’t know of any inaccurate res numbers that have occurred since 2009. There are rigorous controls that we have from a technical perspective, that once a number is considered res- approved, you put that number in. You can’t make a mistake, because the system helps correct that now. So that is a technical control that we’ve put in there.

REP. SCHAKOWSKY: I yield back.

REPRESENTATIVE MIKE CONAWAY (R-TX): Thank you, Chairman.

General Alexander, thank you for your – for your long service.

Mr. Cole – (inaudible) – a very extensive array of the oversight and the internal controls that are associated with what’s going on. In a business environment, some of (these ?) actually requires that companies go through their entire systems to make sure that not only that the details (trees ?) work, but that the force works as well.

Is there anyone at the – in the vast array of what you guys are doing that steps back and says, all right, we’re – the goal is protect privacy and civil liberties. And we’re doing the very best we can. Is there a – you know, an internal control audit, so to speak, that looks at the entire system, that says, we’ve got the waterfront covered and we’re doing what we need to be doing?

  1. COLE:I’ll start. I mean, there are these periodic reviews that I’ve described that audit everything that is done under both of these programs by both NSA and the Department of Justice and the Office of the Director of National Intelligence, and we report to the court and we report to Congress. So all of that is done looking at the whole program at the same time.

REP. CONAWAY: Yes, but – you know, Mr. Cole, I’ve been looking at the program of that. I understand that the various pieces work really well and that that’s the design to go at it and – (inaudible) – the kind of audit process. But is there an overall look at anything that is done to say, we’ve got it all covered, or – and if we don’t and there are suggestions that we need to improve it, when do those suggestions get vetted? And have we had suggestions for improvement that we’ve said, no, we don’t need to do that?

  1. LITT:Mr. Conaway, if I might speak on that. There are at least two levels at which that takes place. One is that by statute, within the Office of the Director of National Intelligence, there is – there is a civil liberties protection officer, whose name is Alex Joel, who’s an incredibly capable person, whose job it is to take exactly that kind of look at our programs and make suggestions for the protection of civil liberties.

Outside of the intelligence community –

REP. CONAWAY: And that person would have the requisite clearances to know all the details?

  1. LITT:Absolutely. He is in fact part of this audit process as well, his office is. The second thing is that outside of the intelligence community, the president’s Civil Liberties Oversight Board, which has five confirmed members, is also charged with evaluating the impact of our counterterrorism programs on privacy and civil liberties. They also have full clearances. They have the ability to get full visibility into this program. In fact, they have recently been briefed on these programs, and I know they are in fact looking at them to make exactly that kind of assessment.

REP. CONAWAY: Who do they report to? And is that report public?

  1. LITT:It’s the president’s board. I suspect that to the extent they’re making a classified report, it would not be public. To the extent that they can make an unclassified report, it’s up to them whether or not it becomes public.

REP. CONAWAY: Some of you have mentioned the term “minimization” and a also “five-year destruction” – (inaudible) – five=year window on the –(inaudible) – record issues. (Inaudible) – purge, get rid of, destroy. In electronic setting, can you help us understand exactly what that means? I understand when I shred a piece of paper into (a thousand ?) little pieces, that’s one thing, but given the number of times you back up data and all the other things, can a citizen feel like – (inaudible) –minimization worked, that electronically we have in fact deleted all these things that we’re supposed to delete?

  1. INGLIS:I’ll take a start at that. Yes, sir, I believe they can. We have a fairly comprehensive system at NSA that whenever we collect anything, whether it’s under this authority or some other, we actually bind to that communication, where we got it, how we got it what authority we got it under, so that we know precisely whether we can retain it for some fixed period of time. And if it simply ages off, as in the case of the (BR ?) FISA data we talked about, at the expiration of those five years it is automatically taken out of the system, literally just deleted from the system.

REP. CONAWAY: OK. And it’s mechanically –(inaudible) – and all of the backup copies are either done away with or –

  1. INGLIS:Yes, sir. It gets fairly complicated very quickly, but we have what are called source systems of record within our architecture, and those are the places that we say, if the data element has the right to exist, it’s attributable to one of those. If it doesn’t have the right to exist, you can’t find it in there. And we have very specific lists of information that determine what the provenance of data is, how long that data can be retained.

We have on the other side of the coin purge lists that if we were authorized – if we were required to purge something, that item would show up explicitly on that list. And we regularly run that against our data sets to make sure that we’ve checked and double-checked that those things that should be purged have been purged.

REP. CONAWAY: All right. One quick one. Any indication that the FISA court has a problem with resources necessary to run its oversight piece?

  1. COLE:Not that I’m aware of right now, but obviously the courts are suffering under sequestration like everybody else, so I don’t know what’s going to hit them as we go forward.

REP. CONAWAY: Thank you, Mr. Chairman. Yield back.

REP. ROGERS: (Off mic) – Conaway.

(Off mic.)

REPRESENTATIVE JAMES LANGEVIN (D-RI): Thank you, Mr. Chairman. And gentlemen, I want to thank you all for your testimony here today and your service to our country.

I’m – as members of the committee, I have been briefed on the program, and I know the excessive due diligence you’ve gone through to make sure this is done right. So I think it’s important that this discussion is being had this morning, and hopefully, it’s going to give greater confidence to the American people that all the agencies involved have dotted their “i’s” and dotted their “t’s.”

I especially think it’s helpful that we’re having a discussion about the FISA court today and how detailed the requests have to be before they get approval. And I think it’s made clear that these are not just one-page documents that are presented to a FISA judge and then it’s rubber-stamped. It actually goes through excessive due diligence and – before you even to the point that the judge sees it. And obviously, if all the criteria have been met, then it gets approved, and if the criteria have not been, then it’s going to be rejected.

So I won’t belabor that point. I think that’s had a very fruitful discussion. But can you talk further about the – again the role of the IG and go into that process a little more so that the amount of review the IG does once a query has been made, in terms of the range of queries that have been made, I think that would be important to clarify.

  1. INGLIS:I would just start with that and defer to the ODNI and the attorney general – deputy attorney general for some follow- up.

So at NSA any analyst that wants to form a query, regardless of whether it’s this authority or any other, essentially has a two-person control rule. They would determine whether this query should be applied, and there is someone who provides oversight on that. We’ve already learned that under the metadata records that are captured by the BR/FISA program, that there’s a very special court-defined process by which that’s done. Those are all subject to the IG – the inspector general’s review on a periodic basis, such that we can look at the procedures defined, the procedures as executed, reconcile the two and ensure that internal to NSA that that’s done exactly right. There are periodic reports that the IG has produce on these various programs, and they are faithfully reported.

But I think the real checks and balances within the executive branch happen between NSA, the Department of Justice, the Office of the Director of National Intelligence, and because NSA also has a foot within the Department of Defense, the Department of Defense enters into that as well. They have intelligence oversight mechanisms.

And between those four components, there is rich and rigorous oversight, which varies in terms of the things that they look for based upon the authorities – BR/FISA is a particularly rigorous authority – but they all have checks and balances that transcend just NSA.

REP. LANGEVIN: Thank you.

  1. JOYCE:And Congressman, if I – if I could just add to that – and I refer you to a recent review by the DOJ inspector general on the 702 program. That was highly complimentary of all the checks and balances that were in place.

REP. LANGEVIN: Thank you.

So let me turn my attention now to – I know these programs primarily target non-U.S. persons, but can you – and this is probably a question for you, Mr. Joyce – just to clarify, you’ve said that if a U.S. person or a – the overseas, all of the United States or a non- U.S. person living in the United States – that if they’re – we become aware of that they may be involved in terrorist activity, that they’re served process. Can you go into that level of detail of what then happens and how the courts are involved with – if we become aware that a U.S. person or – is involved?

  1. JOYCE:So I think either – maybe I misspoke or you misspoke. We are not looking at all at U.S. persons. The 702 is anyone outside the United States.

REP. LANGEVIN: Right.

  1. JOYCE:And even if a U.S. person is outside of the United States, it is not included in the 702 coverage. OK. So it’s a non- U.S. person outside the United States, and it has to have – there’s three different criteria it goes through. One of those links is terrorism.

REP. LANGEVIN: Right.

  1. JOYCE:So that is where specifically only certain individuals are targeted, those ones – one of the criteria: a link to terrorism. On numerous occasions, as I’ve outlined in some of the examples, those individuals outside the United States were discovered communicating with someone inside the United States. We then – that is being tipped from the NSA – we then go through the legal process here, the FBI does, regarding that U.S. person. So we go and we have to serve what’s called a national security letter to identify the subscriber. It’s much like a subpoena. Following that, if we want to pursue electronic surveillance, we have to make a specific application regarding that person with the FISA Court here.

REP. LANGEVIN: OK. That’s what I was looking for. So thank you very much.

I yield back.

REP. ROGERS: Mr. – (off mic).

GEN. ALEXANDER: So if I could, just to follow on and to clarify, because this – as we’re going through this, I want to make sure that everything we say is exactly right from my perspective. And so as Sean said, NSA may not target the phone calls or emails of any U.S. person anywhere in the world without individualized court orders.

REP. LANGEVIN: OK. Thank you.

REP. ROGERS: (Off mic) – that’s an important point we can’t make enough.

Mr. LoBiondo.

REPRESENTATIVE FRANK LOBIONDO (R-NJ): Thank you. Thank you, Mr. Chairman.

General Alexander and team, thank you for helping us understand in so many closed sessions and hopefully helping the nation understand what we’re doing, why we’re doing it and how we’re doing it.

I want to focus a little bit more on 702, if we could, and General Alexander, could you – could you explain what happens if a target of surveillance is communicating with a U.S. person in the United States?

GEN. ALEXANDER: So under 702, I think the best case is some that Sean Joyce made. If we see – if we’re tracking a known terrorist in another country – say, Pakistan, Yemen or some place – and we see them communicating with someone in the United States, and it has a terrorism nexus focused on doing something in the United States, we tip that to the FBI.

So our job is to identify that, see the nexus of it.

It could be in another country as well. So sometimes we’d see somebody in one of those countries planning something in Europe or elsewhere. We would then share that through intelligence means to those countries.

But when it comes into the United States, our job ends. We’re the outside, and we provide that to the inside FBI to take it from there. So they then take it and say, does this make sense? They’ll go up, as Sean explained, look at the process for getting additional information to see if this is a lead worth following.

REP. LOBIONDO: And what does the government have to do if it wants to target a U.S. person under FISA when they’re located abroad, when they’re not here? What would be the process for the government?

  1. COLE:That would be the full package going to the FISA court, identifying that person, identifying the probable cause to believe that that person is involved in either terrorism or foreign intelligence activities, and indicating that we have then the request to the court to allow us to intercept their communications, because we’ve made the showing that they’re involved in terrorist or foreign intelligence activities. So we’d have to make a formal application targeting that person specifically, whether they’re inside or outside of the United States.

REP. LOBIONDO: And what if you –

  1. COLE:And again – sir, if I might, and again, that could not be done under 702. There’s a separate section of the Foreign Intelligence Surveillance Act that would allow that. But it would not be doable under 702.

REP. LOBIONDO: And what if you want to monitor someone’s communication in the United States?

  1. COLE:Same thing; again, a different provision of FISA, but we would have to show that that person is, in fact, with probable cause, involved in foreign terrorist activities or foreign intelligence activities on behalf of a terrorist organization or a foreign power. We’d have to lay out to the court all of those facts to get the court’s permission to then target that person.

REP. LOBIONDO: So I just want to reemphasize that you have to specifically go to the FISA court and make your case as to why this information is necessary to be accessed.

  1. COLE:That’s correct.

REP. LOBIONDO: And without that, you have no authority and cannot do it and do not do it.

  1. COLE:That’s correct.

REP. LOBIONDO: OK, thank you.

I yield back, Mr. Chairman.

REP. ROGERS: Great. Thank you very much.

Mr. Schiff.

REPRESENTATIVE ADAM SCHIFF (D-CA): Thank you, Mr. Chairman.

And thank you, gentlemen, for your work.

On the business records program, the general FISA court order allows you to get the metadata from the top communications providers. Then when there are reasonable and articulable facts, you can go and see if one of the numbers has a match in the metadata.

On those 300 or so occasions when you do that, does that require separate court approval, or does the general FISA court order allow you, when your analysts have the reasonable and articulable facts to make that query – in other words, every time you make the query, does that have to be approved by the court?

  1. COLE:We do not have to get separate court approval for each query. The court sets out the standard that must be met in order to make the query in its order, and that’s in the primary order. And then that’s what we audit in a very robust way in any number of different facets, through both executive branch, and then give it to the court and give it to the Congress. So we’re given that 90-day period with these parameters and restrictions to asset it. We don’t go back to the court each time.

REP. SCHIFF: And does the court scrutinize, after you present back to the court, these are the occasions where we found reasonable and articulable facts? Do they scrutinize your basis for conducting those queries?

  1. COLE:Yes, they do.

REP. SCHIFF: General Alexander, I want to ask you – I raised this in closed session, but I’d like to raise it publicly as well – what are the prospects for changing the program such that, rather than the government acquiring the vast amounts of metadata, the telecommunications companies retain the metadata, and then only on those 300 or so occasions where it needs to be queried, you’re querying the telecommunications providers for whether they have those business records related to a reasonable, articulable suspicion of a foreign terrorist connection?

GEN. ALEXANDER: I think, jointly, the FBI and NSA are looking at the architectural framework of how we actually do this program, and what are the advantages and disadvantages of doing each one. Each case, as you know from our discussions, if you leave it at the service providers, you have a separate set of issues in terms of how you actually get the information, then how you have to go back and get that information, how you follow it down, and the legal authority for them to compel them to keep these records for a certain period of time.

So what we’re doing is we’re going to look at that, come back to the director of national intelligence, the administration, and then to you all, and give you recommendations on that for both the House and the Senate. I do think that that’s something that we’ve agreed to look at and that we’ll do. It’s just going to take some time. We want to do it right.

And I think, just to set expectations, the concern is speed in crisis. How do we do this? And so that’s what we need to bring back to you, and then, I think, have this discussion here and let people know where we are on it.

Anything that you want to add?

REP. SCHIFF: I would – because I would strongly encourage us to vigorously investigate that potential restructuring. Even though there may be attendant inefficiencies with it, I think that the American people may be much more comfortable with the telecommunications companies retaining those business records, that metadata, than the government acquiring it, even though the government doesn’t query it except on very rare occasions.

GEN. ALEXANDER: So it may be something like that we bring back and look at. So we are going to look at that. And we have already committed to doing that, and we will do that and go through all the details of that.

REP. SCHIFF: Mr. Litt, I wanted to ask you about the FISA court opinions. This week I’m going to be introducing the House companion to the bipartisan Merkley bill that would require disclosure of certain FISA court opinions, again, in a form that doesn’t impair our national security.

I recognize the difficulty that you described earlier in making sure those opinions are generated in a way that doesn’t compromise the programs.

You mentioned that you’re doing a review, and I know one’s been going on for some time. In light of how much the programs have now been declassified, how soon do you think you can get back to us about whether you’re going to be able to declassify some of those FISA court opinions?

  1. LITT:I’m hesitant to answer any questions that begins “how soon,” partly because there are a lot of agencies with equities in this, partly because there’s a lot else going on in this area. My time has not been quite as free up to address this topic as I would have liked over the last week and a half.

I can tell you that I’ve asked my staff to work with the other agencies involved and try to press this along as quickly as possible. We’re trying to identify those opinions where we think there’s the greatest public interest in having them declassified and start with those. And we’d like to push the process through as quickly as possible at this point.

REP. SCHIFF: And I would just encourage, in the last second, that beyond the two programs at issue here, to the degree you can declassify other FISA court opinions, I think it’s in the public interest.

  1. LITT:Yes, I think that’s part of what we’re doing.

REP. SCHIFF: Thank you, Mr. Chairman.

  1. COLE:Congressman Schiff, I just wanted to correct a little bit one of the things I said. The FISC does not review each and every reasonable, articulable suspicion determination. What does happen is they are given reports every 30 days in the aggregate. And if there are any compliance issues, if we found that it wasn’t applied properly, that’s reported separately to the court.

REP. ROGERS: Do you have a follow-up?

REP. SCHIFF: Thank you, Mr. Chairman.

I just want to make sure I understood what you just said. A prior court approval is not necessary for a specific query, but when you report back to the court about how the order has been implemented, you do set out those cases where you found reasonable, articulable facts and made a query. Do you set out those with specificity, or you just say on 15 occasions we made a query?

  1. COLE:It’s more the latter, the aggregate number, where we’ve made a query. And if there’s any problems that have been discovered, then we, with specificity, report to the court those problems.

REP. SCHIFF: It may be worth considering providing the basis of the reasonable and articulable facts and having the court review that as a further check and balance. I’d just make that suggestion, Mr. Chairman.

REP. ROGERS: Mr. Cole, my understanding, though, is that every access is already pre-approved; that the way you get into the system is court-approved. Is that correct?

  1. COLE:That’s correct. The court sets out the standards which have to be applied to allow us to make the query in the first place. Then the application, the implementation of that standard, is reviewed by NSA internally at several levels before the actual implementation is done.

It’s reviewed by the Department of Justice; it’s reviewed by the Office of the Director of National Intelligence. It’s reviewed by the inspector general for the National Security Agency. So there is numerous levels of review of the application of this. And if there are any problems with those reviews, those are then reported to the court.

REP. ROGERS: And just to be clear, so if they don’t follow the court-approved process, that would be a variation that would have to be reported to the court.

  1. COLE:That’s correct.

REP. ROGERS: OK. But you are meeting the court-approved process with every query?

GEN. ALEXANDER: That’s correct.

REP. ROGERS: Great. Thank you.

  1. INGLIS:And sir, if I might add to that, that every one of those query is audited. Those are all reviewed by the Department of Justice. Those are the reviews that we spoke about at 30 and 90 days. And there’s a very specific focus on those that we believe are attributable to U.S. persons despite the fact that – (inaudible) – verifies that we don’t know the identities of those persons. And so the court gets all of those reports.

REP. SCHIFF: Thank you, Mr. – I would just point out – I mean, all those internal checks are valuable, but they’re still internal checks. And it may be worthwhile having the court, if not prospectively, at least after the fact review those determinations. Thank you, Mr. Chairman.

REPRESENTATIVE DEVIN NUNES (R-CA): Thank you, Mr. Chairman. Mr. Cole, really what’s happened here is that the totality of many problems within the executive branch has now tarnished the fine folks at the NSA and the CIA. And you know, I just made a shortlist here, but right after Benghazi, there was lies after Benghazi, four dead Americans; Fast and Furious, the Congress still is missing documents. We had dead Americans and dead Mexican citizens.

You at least tapped into or got phone records from AP reporters, Fox News reporters, including from the House gallery right here within this building. Last week, as you know, AG Holder has been – is being accused by the Judiciary Committee of possibly lying to the committee. And then, to top it all off, you have, you know, an IRS official who with other officials ran like a covert media operation on a Friday to help, you know, try to release documents – to think that this would just go away – about the release of personal data from U.S. citizens, from the IRS.

So now, you know, I understand when my constituents ask me, well, if the IRS is leaking personal data – General Alexander, this question is for you – how do I know for sure that the NSA and people that are trying to protect this country aren’t leaking data?

So Mr. Rogers asked the question about, you know, how do we know that someone from the White House just can’t go, turn a switch, and begin to listen to their phone conversations? So General, I think if you could clarify kind of the difference in what the people that are trying to protect this country are doing and what they go through, the rigorous standards – I think it would help, I think, fix this mess for the American people.

GEN. ALEXANDER: Thank you, Congressman. I think the key – the key facts here – when we disseminate data, everything that we disseminate, and all the queries that are made into the database, are 100-percent auditable. So they are audited by not only the analyst who’s actually doing the job but the overseers that look and see, did he do that right or she do that right?

In every case that we have seen so far, we have not seen one of our analysts willfully do something wrong like what you just said. That’s where disciplinary action would come in. What I have to overwrite – underwrite – is when somebody makes an honest mistake. These are good people; if they transpose two letters in typing something in, that’s an honest mistake.

We go back and say, now, how can we fix it? The technical controls that you can see that we’re adding in help fix that. But it is our intent to do this exactly right. In that, one of the things that we have is tremendous training programs for our people that they go through: how to protect U.S. persons’ data; how to interface with a business record FISA; the roles and responsibilities under FAA 702. Everyone, including myself, at NSA has to go through that training to ensure that we do it right. And we take that very seriously.

I believe the best in the world in terms of protecting our privacy – and I would just tell you, you know, the other thing that’s sometimes confused here is that, well, then, they’re getting everybody else in the world. But our approach is foreign intelligence. You know, it’s the same thing in Europe; we’re not interested in – well, one, we don’t have the time. And two, ours is to protect our country and our allies. I think we do that better than anyone else.

Now, Chris, anything you want to add to that?

  1. INGLIS:No, I think that’s exactly right. When somebody comes to work at NSA, just like elsewhere in the government, they take an oath to the Constitution – not to NSA, not to some particular mission but to the Constitution.

And the entirety of the Constitution covers the issues importantly that we’re discussing here today: national security and the protection of civil liberties. There’s no distinction for us. They’re all important.

REP. NUNES: So I want to – I want to switch gears a little bit here, General Alexander. And perhaps this is a good question for Mr. Joyce, but – I just find it really odd that right before the Chinese president comes to this country that all of these leaks happen, and this guy has fled to Hong Kong, this Snowden. I’m really concerned at just the information that you presented us last week, yet this is probably going to be the largest leak in American history, and there’s still probably more to come out.

Can you just explain to the American people the seriousness of this leak and the damage – you said earlier that it’s damaged national security. Can you go into a few of those specifics?

  1. JOYCE:Very – no – (chuckles). Really, I can comment very little other than saying it’s an ongoing criminal investigation. I can tell you, as we have all seen, these are egregious leaks – egregious. It has affected – we are revealing in front of you today methods and techniques. I have told you – the examples I gave you – how important they have been: the first core al-Qaeda plot to attack the United States post-9/11, we used one of these programs. Another plot to bomb the New York Stock Exchange – we used these programs. And now, here we are talking about this in front of the world.

So I think those leaks affect us.

REP. NUNES: General?

GEN. ALEXANDER: It also – it also affects our partnership with our allies because the way it comes out – and with industry. I mean, it’s damaged all of those. Industry is trying to do the right thing, and they’re compelled by the courts to do it. And we use this to also protect our allies and our interests abroad. And so I think the way it’s come out and the way it looks is that we’re willfully doing something wrong, when in fact we’re using the courts, Congress and the administration to make sure that everything we do is exactly right.

And as Chris noted, we all take an oath to do that. And we take that oath seriously.

REP. NUNES: And in fact, just in closing here, Mr. Chairman, we know from the Mandiant report that came out that other governments are busy doing this and expanding their cyberwarfare techniques. And I just want to say that, you know, it is so vital, as the chairman has pointed out many times, for the folks – and the work that you’re doing at NSA and all of your folks – how important that is to not only today’s security but tomorrow’s security. So thank you for your service, General.

I yield back.

REP. ROGERS: And I would dispute the fact that other governments do it any way, shape or form close to having any oversight whatsoever – (of ?) – their intelligence-gathering programs.

Ms. Sewell.

REPRESENTATIVE TERRI SEWELL (D-AL): Thank you, Mr. Chairman. I also want to thank all of our witnesses today for your service to this country and for helping to maintain our national security.

I’d like to talk a little bit about the security practices. We have spent a lot of time really explaining to the American people the various levels of complexity in which you have judicial oversight and congressional oversight.

How did this happen? How did a relatively low-level administrator – systems administrator, I think you said, General Alexander – have classified information? And is it an acceptable risk? I get that you have a thousand or so system administrators. It is extremely frightening that you would go through such measures to do the balancing act internally to make sure that we are balancing protection and security and privacy, and yet internally in your own controls, there are system administrators that can go rogue.

Is it an acceptable risk? How did it happen? And is there oversight to these system administrators?

GEN. ALEXANDER: Well, there is oversight. What we are now looking at is where that broke down and what happened, and that’s going to be part of the investigation that we’re working with the FBI on.

I would just come back to 9/11. One of the key things was, we went from the need-to-know to the need-to-share. And in this case, what the system administrator had access to is what we’ll call the public web forums that NSA operates. And these are the things that talk about how we do our business, not necessarily what’s been collected as a result of that – nor does it necessarily give them the insights of the training and the other issues that – training and certification process and accreditation that our folks go through to actually do this. So those are in separate programs that require other certificates to get into.

Those are all things that we’re looking at.

You may recall that the intelligence community looked at a new information technology environment that reduces the number of system administrators.

If we could jump to that immediately, I think that would give us a much more secure environment, and we’d reduce this set of problems. It’s something that the DNI is leading and that we’re supporting, as you know, across the community. I think that is absolutely vital to get to.

And there are – there are mechanisms that we can use that will help secure this.

Please?

REP. SEWELL: So to be clear, Snowden did not have the certificates necessarily – necessary to lead that public forum?

GEN. ALEXANDER: So each set of data that we would have – and in this case, let’s say the business records FISA – you have to have specific certificates and work in this – because this is a – (inaudible) – so that would be extremely difficult for him to – he’d have to up to NSA, get into that room to do that.

Others require certificates for you to be working in this area to have that.

He would have to get one of those certificates to actually enter that area. Does that make sense? In other words, it’s a key.

REP. SEWELL: Well, you know, I think that – I would encourage us to figure out a way that we can declassify more information. I thank you for giving us two additional examples of terrorist attacks that we have thwarted because of these programs.

But I think that providing us with as much information as you can on the FISA court’s opinions, how that goes, would help the American public demystify what we’re doing here.

I think that the examples – the additional examples that you gave today were great. But I also am concerned that we have contractors doing – I get that we cannot – that there was a move at some point to not have as many government employees. And so we’ve sort of outsourced it.

But given the sensitivity of the information and the access, even for relatively low-level employees, do you see that being a problem? And how do we go about –

GEN. ALEXANDER: So we do have significant concerns in this area, and it is something that we need to look at.

The mistakes of one contractor should not tarnish all the contractors because they do great work for our nation as well. And I think we have to be careful not to throw everyone under the bus because of one person.

But you raise two great points that I think we will look at. One: How do we provide the oversight and compliance? And I talked with our technology directorate about the two-person control for system administrators to make any change. We are going to implement that.

And I think in terms of what we’ve released to the public, I am for releasing as much as we can, but I want to weigh that with our national security. And I think that’s what you expect us. That’s what the American people expect of us.

REP. SEWELL: Absolutely.

GEN. ALEXANDER: So that’s where I need really join that debate on this side and make sure that what we do is exactly right.

I think, on things like how we minimize data, how we run this program, those kinds of things, I think, we can – we’re trying to be – that’s why Chris went through those great details.

I think those are things that the American people should know because what they find out is, shoot, look at the oversight, the compliance and the training that our people are going through. This is huge. This isn’t some rogue operation that a group of guys up at NSA are running. This is something that has oversight by the committees, the courts, the administration and a hundred percent auditable process on the business record FISA.

You know, that’s extraordinary oversight. And I think, when the American people look at that, they say, wow, for less than 300 selectors, that amount of oversight – and that’s what we jointly agreed to do.

I think that’s tremendous.

REP. SEWELL: I do, too. I applaud the efforts.

I just – I think that, given the nature of this leak, you know, we don’t want our efforts to be for naught if, in fact, what happens is that the leaks get the American people so concerned that they – we roll back on these programs and, therefore, increase our vulnerability as a nation.

I think that all of us – that’s not in anyone’s best interests.

Going back to sort of the difference between private contractors and government employees, is there a difference in the level of security clearance that –

GEN. ALEXANDER: Same level of security clearance and the same process for securing them.

REP. SEWELL: OK. Thank you. I yield back the rest of my time.

REP. ROGERS: Thank you. Mr. Westmoreland?

REPRESENTATIVE LYNN WESTMORELAND (R-GA): Thank you, Mr. Chairman.

Mr. Cole, as Mr. Nunez had mentioned about some of the other things that have come out about leaks and so forth, could you – because my constituents asked me the difference in maybe what the attorney general did in going to the court to – on the Rosen case in that he was an unindicted co-conspirator because that was actually about a leak also.

What type of process or internal review did y'all go over before you asked for those phones to be tapped? And to make it perfectly clear, that was not in a FISA court; is that correct?

  1. COLE:Number one, that was not a FISA court. In the Rosen case, there were no phones being tapped. It was just to acquire a couple of emails.

And there is a very, very robust system. It’s set out in regulations that the Department of Justice follows of the kind of scrubbing and review that must be done before any subpoena like that can be issued.

You have to make sure that you’ve exhausted all other reasonable avenues of investigation. That’s done before you even get to the decision about whether or not such a process should be used.

You have to make sure that the information you’re looking at is very, very tailored and only necessary – truly necessary to be able to move the investigation forward in a significant way.

There has – there are restrictions on what can be done with the information, and it goes through a very long process of review from the U.S. attorney’s office through the United States attorney him or herself into the – usually the criminal division of the Justice Department through the assistant attorney general of the criminal division, through the deputy attorney general’s office and up, ultimately, to the attorney general signing it.

This gets a lot of review before that’s done under the criteria that we have in our guidelines in our CFR.

REP. WESTMORELAND: So the DOJ didn’t – because of it being a security leak, the DOJ didn’t contact the FBI or the NSA, or there was no coordination with that? It was strictly a DOJ criminal investigation?

  1. COLE:Well, the FBI does criminal investigations with the Department of Justice. And they were contacted in that regard, but it was not part of the FISA process. It did not involve the NSA –

REP. WESTMORELAND: And I think that’s what we need to be clear of is that it was absolutely not part of the FISA process. And that is a lot more detailed and a lot more scrutinized as far as getting information than what this was; is that correct?

  1. COLE:Well, they’re both very detailed and very scrutinized processes. They have different aspects to them, but they’re both very unusually, frankly, detailed and scrutinized, both of those processes.

REP. WESTMORELAND: Thank you.

And, General, going back to what Ms. Sewell had asked about the difference of clearance that you would have with a contractor or a government employee, when you have a thousand different contractors – I mean, I know from my experience on having had one of my staff go through a security clearance, it’s pretty – it’s a pretty detailed operation.

And I know that this gentleman had previously, I believe, heard that he had worked for the CIA. Had there been any further clearance given to this individual when he became a contractor after he left the employ of the CIA?

GEN. ALEXANDER: No additional clearance. He had what is needed to work at NSA or one of our facilities at top-secret special intelligence clearance.

And that goes through a series of processes and reviews. The director of national intelligence is looking at those processes to make sure that those are all correct. And he’s stated he’s taken that on. We support that objective.

But to work at NSA, whether you’re a contract, a government civilian or a military, you have to have that same level of clearance.

REP. WESTMORELAND: Does it bother you that this gentleman had only been there for a short period of time? Or is there any oversight or review or whatever of the individuals that are carrying out this work? Is there any type of probation time or anything?

Because, you know, it seems that he was there a very short period of time.

GEN. ALEXANDER: So he had worked in a couple positions. He had just moved into the Booz Allen position in March, but he had worked in an information technology position for the 12 months preceding that at NSA Hawaii.

So he’d actually been there 15 months. He had moved from one contract to another.

REP. WESTMORELAND: So would he have been familiar with these programs at his previous job?

GEN. ALEXANDER: Yes, and I believe that’s where, going out on what we call the public classified web servers, they’d help you understand parts of NSA that he gained some of the information and took some of that, and I can’t go into more detail.

  1. LITT:Mr. Westmoreland, if I just might make one point there. When you say, would he have become familiar with these programs, I think part of the problems that we’re having these days is that he wasn’t nearly as familiar with these programs as he’s portrayed himself to be –

REP. WESTMORELAND: Yeah.

  1. LITT:– and this is what happens when somebody who sees a tiny corner of things thinks that it gives him insight and visibility into the whole program.

REP. WESTMORELAND: Thank you, and I yield back.

REPRESENTATIVE JIM HIMES (D-CT): Thank you, Mr. Chairman, and I’d do like to thank the panel for appearing here today and for your service to the country. I think I’ve told each of you that in my limited time on this committee I’ve been heartened by your competence and by the competence of the agencies in which you work.

I’ll also add that I’ve seen nothing in the last week, week and a half, to suggest that any of these programs that are being discussed are operating in any way outside the law and I would add that the controls that appear to be in place on these programs seem solid.

I’ll also say that I don’t know that there’s any way to do oversight without a posture of skepticism on the part of the overseers, and so I hope you’ll take my observations and questions in that spirit. And I’d like to limit my questions and observations purely to Section 215 in the Verizon disclosures which, quite frankly, trouble me. They trouble me because of the breadth and the scope of the information collection. They trouble me because I think this is historically unprecedented in the extent of the data that is being collected on potentially all American citizens and the controls which you’ve laid out for us notwithstanding, that’s, I think, new for this country.

We know that when a capability exists there’s a potential for abuse. Mr. Nunes ran through a lot of current issues, going back to J. Edgar Hoover bugging the hotel rooms of Martin Luther King to Nixon to concerns around the IRS. If a capability exists, from time to time it will be abused. And one of the things I’m concerned about is this individual who I – whose resume would, I think, make him – it would make it unlikely that he would get an unpaid internship in my office, he had access to some of the most sensitive information that we have. And perhaps he could have or someone like him could have chosen a different path, could have access to phone numbers. And though we spend a lot of time on the fact that you don’t get names we all know that with a phone number and Google you can get a name pretty quickly. He could have chosen to make a point about Congressman Himes making 2:00 a.m. phone calls out of a bar in Washington or the CEO of Google making phone calls or anything, really – information that we hold to be private.

So I guess I’ve got two questions and I guess I’d direct this one on 215 to Mr. Litt and to Mr. Cole. Where do we draw the line? So in other words, so long as the information is not information to which I have a reasonable expectation of privacy under Maryland v. Smith and under Section 215 powers, where do we draw the line?

Could you, for example, get video data? As I walk around Washington, I suppose that you could probably reconstruct my day with video that is captured on third party cameras. Could you keep that in a way that is analogous to what you’re doing with phone numbers? And, again, with all of the careful guards and what not, could you not reconstruct my day because I don’t have a reasonable expectation of privacy around – I know that’s a hypothetical but I’m trying to identify where the line is.

  1. COLE:Well, I think the real issue here is how it’s accessed, what it can be used for, how you can actually –

REP. HIMES: I’m stipulating that that system – even though we know it’s not perfect I’m stipulating that that system is perfect. I’m asking where is the limit as to what you can keep in the tank.

  1. COLE:I think some of it is a matter for the United States Congress to decide as policy matters and the legislating that you do surrounding these acts as to where you’re going to draw those lines. Certainly the courts have looked at this and determined that under the statutes we have, there is a relevance requirement and they’re not just saying out of whole cloth you’re allowed to gather these things. You have to look at it all together, and they’re only saying that you can gather this volume under these circumstances, under these restrictions, with these controls.

Without those circumstances and controls and restrictions, the court may well not have approved the orders under 215 to allow that collection to take place.

So you can’t separate them out one from the other and say, just the acquisition, what can we do, because the acquisition comes together with the restrictions on access.

REP. HIMES: And if those restrictions and controls are adequate there’s theoretically no restriction on your ability to store information on anything for which I do not have a reasonable expectation of privacy?

  1. COLE:I’ll refer back to NSA as to feasibility – (inaudible) – technical with that.

REP. HIMES: Let me – I do have one more – yeah. This is a conversation to be – I do have one more, a much more specific question.

  1. :Can I – can I hit –

REP. HIMES: Yeah.

  1. :– if I could and I’ll ask for more time if I could, because I do think what you’ve asked is very important. So your question is, could somebody get out and get your phone number and see that you were at a bar last night. The answer is no because, first, in our system somebody would have had to approve and there’s only 22 people that can approve a reasonable articulable suspicion on a phone number. So, first, that has to get input. Only those phone numbers that are approved could then be queried. And so you have to have one of those 22 break a law.

Then you have to have somebody go in and break a law, and the system is a hundred percent auditable so it will be caught. There is no way to change that, and so on that system whoever did that would have broken the law. That would be willful and then that person would be found by the court to be in violation of a court order and that’s much more serious. We have never had that happen.

REP. HIMES: Yeah. No, I thank you. I appreciate that and I sort of – I think it’s really important that we explore these bright lines about what you can keep and what you can’t. Again, I don’t see anything about the control systems that are troubling but I do have one last quick question, if the chairman will indulge me.

And General, this is, I guess, for you and it’s something that I asked you in closed session. As we weigh this – because, obviously, we’re weighing security against privacy and whatnot – as we weigh this I think it’s really important that we understand exactly the national security benefit, and I limit myself to 215 here.

Fifty episodes – I don’t think it’s adequate to say that 702 and 215 authorities contributed to our preventing 50 episodes. I think it’s really essential that you grade the importance of that contribution. The question I asked you, and you can answer now or I’d really like to get into this. How many of those 50 episodes would have occurred but for your ability to use the Section 215 authorities as disclosed in the Verizon situation? How essential, not just contributing to but how essential are these authorities to stopping which terrorist attacks?

GEN. ALEXANDER: OK. For clarity, over 50 and in 90 percent of those cases FAA 702 contributed and in 50 percent I believe they were critical. We’ll send that to the committee.

REP. HIMES: This is 702 you’re talking about?

GEN. ALEXANDER: 702.

REP. HIMES: OK.

GEN. ALEXANDER: Now, shifting to the business record FISA. and I’ll do a Mutt and Jeff here – I’m not sure which one I am – it was just over 10 that had a domestic and the vast majority of –

REP. HIMES: Ten of the 50 were Section 215?

GEN. ALEXANDER: Just over 10.

REP. HIMES: And of those 10, how many would you say –

GEN. ALEXANDER: No, no.

REP. HIMES: – were critical?

GEN. ALEXANDER: No, no. You’re – let me finish.

REP. HIMES: I’m sorry. Did I get it wrong?

GEN. ALEXANDER: Yeah, you do. Over – just slightly over 10 and I don’t want to pin that number until the community verifies it – so just a little over 10 were a domestic – had a domestic nexus. And so business records FISA could only apply to those. See, so the ones in other countries it couldn’t apply to because the data is not there and it doesn’t come into the U.S.

So if we now look at that, the vast majority of those had a contribution by business record FISA. So I think we have to be careful that you don’t try to take the whole world and then say, well, you only did those that were in the United States and only, you know, some large majority of that.

I do think this. Going back to 9/11, we didn’t have the ability to connect the dots. This adds one more capability to help us do that, and from my perspective what we’re doing here with the civil liberties and privacy oversight and bringing together does help connect those dots. Go ahead, Sean.

REP. HIMES: If I could just – I’m out of time but I think this point is really important. If my constituents are representative of the broader American public they’re more concerned, frankly, with the Section 215 gathering of American data than they are with the foreign data. And so I really hope you’ll elucidate for us specifically case by case how many stopped terrorist attacks were those programs, 215, essential to.

REP. ROGERS: Mr. Joyce, do you have a comment?

  1. JOYCE:I would just add to General Alexander’s comments and I think you ask an almost impossible question to say how important each dot was. What I can tell you is post-9/11 I don’t recognize the FBI I came into 26 years ago. Our mission is to stop terrorism, to prevent it. Not after the fact – to prevent it before it happens in the United States.

And I can tell you, every tool is essential and vital. And the tools, as I outlined to you, and the uses today have been valuable to stopping some of those plots.

You ask, how can you put a value on an American life? And I can tell you, it’s priceless.

REP. HIMES: Thank you, Mr. Chairman.

REP. ROGERS: Ms. Bachmann.

REPRESENTATIVE MICHELE BACHMANN (R-MN): Thank you, Mr. Chair, for holding this important hearing today. I just have a series of short questions.

My first one is, you had mentioned earlier in your testimony that data must be destroyed within five years of acquisition. I believe that’s in Section 215, phone records. Is that – that’s true, within five years?

  1. INGLIS:That is true. It’s destroyed when it reaches five years of age.

REP. BACHMANN: And how long do the phone companies on their own maintain data?

  1. INGLIS:That varies. They don’t hold that data for the benefit of the government; they hold that for their own business internal processes. I don’t know the specifics. I know that it is variable. I think that it ranges from six to 18 months and that the data that they hold is, again, useful for their purposes, not necessarily the government’s.

REP. BACHMANN: So then my question is, did the FISA orders give the United States companies a choice in whether to participate in the NSA business records or in the prison programs? Were these – was this voluntarily – voluntary compliance on the part of these companies?

  1. INGLIS:No, these are court orders that require their compliance with the terms of the court order.

REP. BACHMANN: So let me just for the record state, is NSA spying today, or have you spied on American citizens?

  1. INGLIS:We do not target U.S. persons anywhere in the world without a specific court warrant.

REP. BACHMANN: And does the NSA listen to the phone calls of American citizens?

  1. INGLIS:We do not target or listen to the telephone calls of U.S. persons under that targeting without a specific court warrant.

REP. BACHMANN: Does the NSA read the emails of American citizens?

  1. INGLIS:Same answer, ma'am.

REP. BACHMANN: Does the NSA read the text messages of American citizens?

  1. INGLIS:Again, we do not target the content of U.S. person communications without a specific warrant anywhere on the earth.

REP. BACHMANN: Has the NSA ever tracked any political enemies of the administration, whether it’s a Republican administration or Democrat administration? Have either of the administrations – you said you’re a hundred-percent auditable, so you would know the answer to this question – have you ever tracked the political enemies of an administration?

  1. INGLIS:In my time at NSA, no, ma'am.

REP. BACHMANN: Does the government keep video data like Mr. Himes had just questioned? Does the government have a database with video data in it, tracking movements of the American people?

  1. INGLIS:No, ma'am.

GEN. ALEXANDER: It’s not – it’s not ours.

REP. BACHMANN: I’m sorry, that – that’s not – the microphone isn’t on.

GEN. ALEXANDER: NSA does not hold such data, tracking –

  1. INGLIS:Yeah, and we don’t know of any data – anybody that does. So I think those are held, as you see from Boston, by individual shop owners (and ?) street corners.

REP. BACHMANN: But does the federal government have a database with video data in it –

  1. INGLIS:No.

REP. BACHMANN: – tracking the whereabouts of the American people?

  1. JOYCE:The FBI does not have such a database, nor am I aware of one.

REP. BACHMANN: Do we – do – does the American government have a database that has the GPS location/whereabouts of Americans, whether it’s by our cellphones or by other tracking device? Is there – is there a known database?

GEN. ALEXANDER: NSA does not hold such a database.

REP. BACHMANN: Does the NSA have a database that you maintain that holds the content of Americans’ phone calls? Do you have recordings of all of our calls? So if we’re making phone calls, is there a national database that has the content of our calls?

GEN. ALEXANDER: We’re not allowed to do that, nor do we do that unless we have a court order to do that. And it would be only in specific cases. And almost always that would be an FBI lead, not ours.

REP. BACHMANN: So do we maintain a database of all of the e- mails –

GEN. ALEXANDER: No.

REP. BACHMANN: – that have ever been sent by the American people?

GEN. ALEXANDER: No. No, we do not.

REP. BACHMANN: Do we – is there a database from our government that maintains a database of the text messages of all Americans?

GEN. ALEXANDER: No, none that I know of, and none at NSA.

REP. BACHMANN: And so I think what you have told this committee today is that the problem is not with the NSA that is trying to keep the American people safe – you’ve told us that you have a hundred- percent auditable system that has oversight both from the courts and from Congress – it seems to me that the problem here is that of an individual who worked within the system who broke laws and who chose to declassify highly sensitive classified information. It seems to me that’s where our focus should be, on how there could be a betrayal of trust and how a traitor could do something like this to the American people. It seems to me that’s where our focus must be and how we can prevent something like that from ever happening again.

Let me ask your opinion.

How damaging is this to the national security of the American people that this trust was violated?

GEN. ALEXANDER: I think it was irreversible and significant damage to this nation.

REP. BACHMANN: Has this helped America’s enemies?

GEN. ALEXANDER: I believe it has and I believe it will hurt us and our allies.

REP. BACHMANN: I yield back, Mr. Chair.

REPRESENTATIVE THOMAS ROONEY (R-FL): Thank you, Mr. Chairman. I want to thank the panel. You know, one of the negatives about being so low on the totem pole up here is basically all of the questions that I wanted to address have been asked. And I think I’m really proud of this committee because on both sides of the aisle a lot of the questions were very poignant. And I hope that the American people and those that are in the room have learned a lot about what happened here and learned a lot about the people on the panel.

I can say specifically, General Alexander, in my time on the Intelligence Committee I have more respect for you and I’m glad that you’re the one up there testifying so the American people can see, despite what their – what’s being portrayed and the suspicions that are out there, that there’s nobody better to articulate what happened and what we’re trying to do than yourself. So I want to thank you for that. I’ll ask a couple basic questions that I think that might help clear some things up.

Mr. Cole, you talked about how the Fourth Amendment isn’t applicable under the business records exception of the PATRIOT Act in Section 215, applicable case law, Maryland v. Smith, et cetera. And then we heard about how to be able to look at the data under 215, there has to be very specific suspicion that is presented to a court and that court is not a rubber stamp in allowing us to basically look at metadata which is strictly phone records.

One of the, I think, problems that people have out there is that it was such a large number of phone numbers. And when you testify, when everybody testifies that it’s very specific and only a limited number of people are able to basically articulate who we should be looking at and then you hear this number of millions from Verizon, can you – can you help clear that up?

  1. COLE:Certainly. First of all, as we said, we don’t give the reasonable suspicion to the court ahead of time. They set out the standards for us to use. But the analogy, and I’ve heard it used several times, is if you’re looking for a needle in the haystack, you have to get the haystack first. And that’s why we have the ability under the court order to acquire – and the key word here is acquire – all of that data. We don’t get to use all of that data necessarily.

That is the next step which is you have to be able to determine that there is reasonable, articulable suspicion to actually use that data. So if we want to find that there is a phone number that we believe is connected with terrorist organizations and terrorist activity, we need to have the rest of the haystack, all the other numbers to find out which ones it was in contact with. And as you heard Mr. Inglis say, it’s a very limited number of times that we make those queries because we do have standards that have to be met before we can even make use of that data. So while it sits there, it is used sparingly.

REP. ROONEY: Did you or anybody that you know at the NSA break the law in trying to obtain this information?

  1. COLE:I am aware of nobody who has broken the law at the NSA in obtaining this information in the lawful sense. There is other issues that we have with the leaks that have gone on here.

REP. ROONEY: And maybe this question is for General Alexander. Based on everything that we’ve heard today, do you see any problems with either 702 or 215 that you think should be changed by this body?

GEN. ALEXANDER: Not right now. But this is something that we have agreed that we would look at, especially the structure of how we do it. I think Congressman Schiff brought up some key points. And we are looking at all of those. And what we have to bring back to you is the agility, how we do it in the oversight, is there other ways that we can do this.

But at the end of the day, we need these tools and we’ve just got to figure out the right way to do it or the next step. From my perspective, having the court, this body of Congress and the administration do oversight, I think if the American people were to step through it, they would agree that what we’re doing is exactly the right way. So those are the steps that we will absolutely go back and look at the entire architecture and that’s a commitment that FBI and NSA has made to the administration and to this committee.

REP. ROONEY: Final question, Mr. Joyce. What’s next for Mr. Snowden we can expect?

  1. JOYCE:Justice.

REP. ROONEY: I yield back, Mr. Chairman. Thank you.

REPRESENTATIVE MIKE POMPEO (R-KS): Great, thank you, Mr. Chairman. Thank you all for being here today. You know, this has been a great hearing. I think the American people will have gotten a chance to hear from folks who are actually executing this program in an important way and they’ll have a choice whether to believe Mr. Inglis and General Alexander or a felon who fled to Communist China. For me, there’s an easy answer to that.

There are those who talk about the war on terror winding down. They say we’re towards the end of this. These programs were created post-9/11 to counter the terrorist threat both for the soldiers fighting overseas and our allies and for us here in the States. General Alexander, Mr. Joyce, do you think these programs are just as much needed today as they were in the immediate aftermath of 9/11?

GEN. ALEXANDER: I do.

  1. JOYCE:I do too. And I would just add, I think the environment has become more challenging and I think the more tools you have to be able to fight terrorism, the more we’re going to be able to protect the American people.

REP. POMPEO: Thank you. We’ve talked a lot about the statutory basis for Section 215 and Section 702. We’ve talked a lot and all the process that goes with it. I want to spend just a minute talking about the constitutional boundaries and where they are. We’ve got FISA court judges, Article 3. Mr. Litt, these are just plain old Article 3 judges in the sense of lifetime tenure, nominated by the president, confirmed by the United States Senate. They have the same power, restrictions and authority as all Article 3 judges do. Is that correct?

  1. LITT:Yes, that’s correct.

REP. POMPEO: And we have Article 2 here before us today. And we’ve got Article 1 oversight taking place this morning. I want to talk about Article 1’s involvement. There have been some members who talked about the fact that they didn’t know about these programs. General Alexander or maybe Mr. Inglis, can you talk about the briefings that you’ve provided for members of Congress both recently and as this set of laws was developed – set of laws were developed?

  1. INGLIS:So 702 was recently reauthorized at the end of 2012. In the run up to that, NSA, in companionship with the Department of Justice, FBI and DNI, made a series of presentations across the Hill some number of times and talked in very specific details at the classified level about the setup of those programs, the controls on those programs and the success of those programs.

The reauthorization of Section 215 of the PATRIOT Act came earlier than that but there was a similar set of briefings along those lines. At the same time, we welcome and continue to welcome any and all congresspersons or senators to come to NSA or we can come to you and at the classified level brief any and all details. That’s a standing offer. And some number in fact have taken us up on that offer.

REP. POMPEO: Did you have something to add, General?

GEN. ALEXANDER: That’s exactly right. In fact, any place, anytime we can help, we will do it.

REP. POMPEO: Good. I appreciate that. I’ve been on the committee only a short time. I learned about these programs actually before I came on the committee. So I know that members outside of this committee also had access to the information and I think that’s incredibly important. As committee oversight members, it’s one thing. But I think it’s important that all the members of Congress understand the scope of these programs and I appreciate the fact that you’ve continued to offer that assistance for all of us. A couple of just cleanup details going last, I want to make sure I have this right. General Alexander, from the data under Section 215 that’s collected, can you – can you figure out the location of the person who made a particular phone call?

GEN. ALEXANDER: Not beyond the area code.

REP. POMPEO: Do you have any information about signal strength or tower direction? I’ve seen articles that talk about you having this information. I want to make sure –

GEN. ALEXANDER: No, we don’t.

REP. POMPEO: – for the record we’ve got that right.

GEN. ALEXANDER: We don’t have that in the database.

REP. POMPEO: And then lastly, Mr. Litt, you made a reference to Section 702. You talked about it being a restriction on Article 2 authority and not an expansion. That is, Article 2, presidents of both parties believe they had the powers that are being exercised under Section 702 long before that statutory authority was granted. So is it the case that you view Section 702 as a control and a restriction on Article 2?

  1. LITT:Yes.

REP. POMPEO: Great. Mr. Chairman, I yield back.

REPRESENTATIVE PETER KING (R-NY): Thank you, Mr. Chairman. I will make this brief. I want to first of all thank all the witnesses for their testimony, for their service and for all you’ve done to strengthen and maintain this program. My question, General Alexander, I guess is to you and also perhaps to Mr. Joyce.

Several times in your testimony you referenced 9/11 and how – and I recall, after September 11th, there was almost a loud challenge to the intelligence community to do a better job of connecting the dots, be more aggressive, be – you know, be more forward-thinking, try to anticipate what’s going to happen, think outside the box; all those cliches we heard at the time. And as I see it, this is a very legitimate and legal response to that request.

I would ask you, General Alexander – well, you, Mr. Joyce, I believe, referenced the case after September 11th where there was – (inaudible) – from Yemen which enabled you to foil the New York Stock Exchange plot. It’s also my understanding that, prior to 9/11, there was phone messages from Yemen which you did not have the capacity to follow through on, which perhaps could have prevented the 9/11 attack. And either General Alexander or Mr. Joyce, if both of you explain how the attack could have been prevented, or if you believe it could have been prevented.

  1. JOYCE:I don’t know, Congressman, if the attack could have been prevented. What I can tell you is that is a tool that was not available to us at the time of 9/11. So when there was actually a call made from a known terrorist in Yemen to Khalid Mihdhar in San Diego, we did not have that tool or capability to track that call. Now, things may have been different. And we will never know that, unfortunately. So that is the tool that we’re talking about today that we did not have at the time of 9/11.

Moving forward, as you mentioned about the stock exchange, here we have a similar thing, except this was under, again, the 702 program, where NSA tipped to us that a known extremist in Yemen was talking or conversing with an individual inside the United States we later identified as Khalid Ouazzani. And then we were able to go up on our legal authorities here in the United States on Ouazzani, who was in Kansas City, and were able to identify two additional co- conspirators.

We found through electronic surveillance that they were actually in the initial stages of plotting to bomb the New York Stock Exchange. So as – to really summarize, as I mentioned before, all of these tools are important. And as Congressman Schiff mentioned, we should have this dialogue. We should all be looking for ways, as you said, thinking outside the box, of how to do our business. But I sit here before you today humbly and say that these tools have helped us.

REP. KING: General Alexander.

GEN. ALEXANDER: Yeah, if I could, I think, on the Mihdhar case, Mihdhar was the terrorist, the AQ terrorist from the 9/11 plot in California that was actually on American Airlines Flight 77 that crashed into the Pentagon.

What we don’t know, going back in time, is the phone call between Yemen and there, if we would have had the reasonable, articulable suspicion standard. So we’d have to look at that. But assuming that we did, if we had the database that we have now with the business records FISA and we searched on that Yemen number and saw it was talking to someone in California, we could have then tipped that to the FBI.

Another step – and this is an assumption, but let me play this out, because we will never be able to go all the way back and redo all the figures from 9/11 – but this is why some of these programs were put in was to help that. Ideally, going from Mihdhar, we would have been able to find the other teams, the other three teams in the United States, and/or one in Germany or some other place.

So the ability to use the metadata from the business record FISA would have allowed us, we believe, to see (so ?). Now – so it’s hypothetical. There are a lot of conditions that we could put on there. You’d have to have this right. You’d have to have the Raz right. But we didn’t have that ability. We couldn’t connect the dots because we didn’t have the dots.

And so I think what we’ve got here is that one additional capability, one more tool to help us work together as a team to stop future attacks. And as Sean has laid out, you know, when you look at this, you know, the New York City (two ?) and others, I think, from my perspective, you know, those would have been significant events for our nation. And so I think what we’ve jointly done with Congress is help set this program up correctly.

REP. KING: I’ll just close, General, by saying in your opening statement you said that you’d rather be testifying here today on this issue rather than explaining why another 9/11 happened. So I want to thank you for your service in preventing another 9/11. And you mentioned the Zazi case. I have some very close, familiar knowledge of that. And I wanted to thank all of you for the effort that was done to prevent that attack.

Mr. Chairman, I yield back.

REP. ROGERS: Just a couple of clarifying things here to wrap it up.

Mr. Joyce, you’ve been in the FBI for 26 years. You’ve conducted criminal investigations as well. Sometimes you get a simple tip that leads to a broader investigation. Is that correct?

  1. JOYCE:That is correct, Chairman.

REP. ROGERS: And so without that initial tip, you might not have found the other very weighty evidence that happened subsequent to that. Is that correct?

  1. JOYCE:Absolutely.

REP. ROGERS: So in the case of Mulalen (sp) in 2007, the very fact that under the business 215 records there was a simple tip that was we have someone that is known with ties to al-Qaida’s East African network calling a phone number in San Diego. That’s really all you got was a phone number in San Diego. Is that correct?

  1. JOYCE:That is correct.

REP. ROGERS: And according to – in the unclassified report, that tip ultimately led to the FBI’s opening of a full investigation that resulted in the February 2013 conviction. Is that correct?

  1. JOYCE:Yes, it is, Chairman.

REP. ROGERS: So without that first tip, you would have – you weren’t up on his electronic communications. You didn’t really – you were not – he was not a subject of any investigation prior to that tip from the National Security Agency.

  1. JOYCE:No, actually, he was the subject of a prior investigation –

REP. ROGERS: That was closed.

  1. JOYCE:– several years earlier that was closed because we could not find any connection to terrorism.

REP. ROGERS: Right.

  1. JOYCE:And then if we did not have the tip from NSA, we would not have been able to reopen that investigation.

REP. ROGERS: Reopen the case. But at the time, you weren’t investigating it.

  1. JOYCE:Absolutely not.

REP. ROGERS: Right.

  1. JOYCE:(Inaudible.)

REP. ROGERS: And when they dipped that number into the business records, the preserved business records from the court order, they dipped a phone number in, and a phone number came out in San Diego. Did you know who that person was when they gave you that phone number?

  1. JOYCE:No, we did not. So we had to serve legal process to identify that subscriber and then corroborate it. And then we later went up on electronic surveillance with an order through the FISC.

REP. ROGERS: And when you went up on electronic surveillance, you used a court order, a warrant –

  1. JOYCE:That is correct.

REP. ROGERS: – a subpoena? What did you use?

  1. JOYCE:We used a FISA court order.

REP. ROGERS: So you had to go back. You had to prove a standard of probable cause to go up on this individual’s phone number. Is that correct?

  1. JOYCE:That’s right. And as has been mentioned hopefully several times today, anyone inside the United States, a U.S. person, whether inside or outside, we need a specific court order regarding that person.

REP. ROGERS: Right.

And Mr. Cole, just for purposes of explanation, if you were to have – an FBI agent came to you for an order to preserve business records, do they need a court order? Do they need a warrant for that in a criminal investigation?

  1. COLE:No, they do not. You can just get a grand jury subpoena. And, separate from preserving it, you can acquire them with a grand jury subpoena. And you don’t need to go to a court to do that.

REP. ROGERS: Right. So that is a lower legal standard in order to obtain information on a U.S. citizen on a criminal matter.

  1. COLE:That’s correct, Mr. Chairman.

REP. ROGERS: So the – we’ve – and I think this is an important point to make. When we – the system is set up on this foreign collection. And I argue we need this high standard because it is in a classified – or used to be in a classified setting. You need to have this high standard. So can you describe the difference?

If I were going to do a criminal investigation on getting the same amount of information, the legal standard would be much lower if I were working an embezzlement case in Chicago than trying to catch a counter – excuse me – a terrorist operating overseas trying to get back into the United States to conduct a plot.

  1. COLE:Some of the standards might be similar, but the process that you have to go through is much greater in the FISA context. You actually have to go to a court, the FISA court, ahead of time and set out facts that will explain to the court why this information is relevant to the investigation that you’re doing, why it’s a limited type of investigation that is allowed to be done under the statute and under the rules, and then the court has to approve that ahead of time, along with all of the rules and restrictions about how you can use it, how you can access it, what you can do with it, and who you can disseminate it to.

There is a much different program that goes on in a normal grand jury situation. You have restrictions on who you can disseminate it to under secrecy grounds, but even those are much broader than they would be under the FISA grounds. And you don’t need a court ahead of (time ? ).

REP. ROGERS: So in total, this is a much more overseen – and, by the way, on a criminal embezzlement case in Chicago, you wouldn’t brief that to Congress, would you?

  1. COLE:No, we would not, not as a normal course.

REP. ROGERS: Yeah. And so you have a whole ‘nother later of legislative oversight on this particular program. And again, I argue the necessity of that, because it is – as I said, used to be a classified program of which you want additional oversight. You want members of the legislature making sure we’re on track, that you don’t necessarily need in a criminal matter domestically.

  1. COLE:That’s correct. In a normal criminal embezzlement case in Chicago, you would have the FBI and the Justice Department involved, and that’s about it. In this, you’ve got the National Security Agency. You’ve got the ODNI. You’ve got the inspectors general. You’ve got the Department of Justice. You have the court monitoring what you’re doing.

If there’s any mistakes that were made, you have Congress being briefed on a regular basis. There is an enormous amount of oversight in this compared to a grand jury situation, yet the records that can be obtained are of the same kind.

REP. ROGERS: Great. Thanks. And I just want a couple of clarifying questions, Mr. Joyce, if you will.

Does China have an adversarial intelligence service directed at the United States?

  1. JOYCE:Yes, they do.

REP. ROGERS: Do they perform economic espionage activities targeted at U.S. companies in the United States?

  1. JOYCE:Yes, they do.

REP. ROGERS: Do they conduct espionage activities toward military and intelligence services, both here and abroad, that belong to the United States of America?

  1. JOYCE:Yes, they do.

REP. ROGERS: Do they target policymakers and decision-makers – Department of State and other policymakers that might engage in foreign affairs when it comes to the United States?

  1. JOYCE:Yes.

REP. ROGERS: Would you – how would you rate them as an adversarial intelligence service given the other intelligence services that we know are adversarial, the Russians, the Iranians, the others?

  1. JOYCE:They are one of our top adversaries.

REP. ROGERS: Yeah. And you have had a string of successes recently in prosecutions for Chinese espionage activities in the United States; is that correct?

  1. JOYCE:That is correct.

REP. ROGERS: And so that has been both economic and, if I understand it, as well as military efforts. So they’ve been very aggressive in their espionage activities toward the United States? Would you – is that a fair assessment?

  1. JOYCE:I think they have been very aggressive against United States interests.

REP. ROGERS: Yeah. General Alexander, do they – how would you describe in an unclassified way, the Chinese cyber efforts for both espionage and their military capability to conduct disruptive attacks toward the United States?

GEN. ALEXANDER: Very carefully. (Laughter.) With a lot of legal oversight.

I think one of the things that – you know, it’s public knowledge out there about the cyber activities that we’re seeing. But I also think that what’s missing perhaps in this conversation with the Chinese is what’s acceptable practices here. And I think the president has started some of that in the discussions with the new president of China. And I think that’s some of the stuff that we actually have to have.

This need not be an adversarial relationship. I think our country does a lot of business with China, and we need to look at how can we improve the relations with China in such a way that both our countries benefit because we can. And I think that’s good for everybody.

What concerns me is now this program and what we’re talking about with China has got – I think we’ve got solve this issue with China and then look at ways to move – to move forward. And I think we do have to have that discuss on cyber. What is – what are the right standards? Have that discussion both privately and publicly. And it’s not just our country; it’s all the countries of the world as well as China.

REP. ROGERS: And I appreciate you drawing the line. But would you say that China engages in economic – cyber-economic espionage against intellectual property – to steal intellectual property in the United States?

GEN. ALEXANDER: Yes.

REP. ROGERS: Would you argue that they engage in cyber activities to steal both military and intelligence secrets of the United States?

GEN. ALEXANDER: Yes.

REP. ROGERS: I just – I think this is important that we put it in context for several things that I think Americans want to know about the relationship between Mr. Snowden and where he finds home today and that we know that we’re doing a full investigation into possible connections with any nation-state who might take advantage of this activity.

And the one thing I disagree with Mr. Litt today that they haven’t seen anything of any changes, and I would dispute that based on information I’ve seen recently and would ask to comment.

Do you believe that al-Qaida elements have, just historically, when they’ve been – when issues have been disclosed, changed the way they operate to target both soldiers abroad and their terrorist- plotting activities, movements, financing, weaponization and training?

  1. LITT:To be clear, what I intended to say – and if I wasn’t clear, I apologize was – we know that they’ve seen this. We know they’ve commented on it. What we don’t know yet is, over the long term, what impact it’s going to have to our collection capability.

But you’re absolutely right. We know they watch us, and they modify their behavior based on what they learn.

REP. ROGERS: And we also know that, in some cases, in certain countries, they have modified their behavior, including the way they target U.S. troops based on certain understandings of communications; is that correct?

  1. LITT:I think that’s correct.

REP. ROGERS: That is. I’ll guarantee you it’s absolutely correct.

And that’s what’s so concerning about this. I do appreciate you being here. I know how difficult it is to come and talk to – General, did you want to say something before we –

GEN. ALEXANDER: Yeah. I wanted to say, if I could, just a couple of things because they didn’t come up in this testimony.

But, first, thanks to this committee, the administration and others, in the summer of 2009, we set up the directorate of compliance, put some of our best people in it to ensure that what we’re doing is exactly right. And this committee was instrumental in helping us set that up. So that’s one point.

When we talk about oversight and compliance, people think it’s just once in a while, but there was rigorous actions by you and this entire committee to set that up.

The second is, in the open press, there’s this discussion about pattern analysis. They’re out there doing pattern analysis on this. That is absolutely incorrect. We are not authorized to go into the data nor are we data-mining or doing anything with the data other than those queries that we discussed. Period. We’re not authorized to do it. We aren’t doing it. There are no automated processes running in the background pulling together data, trying to figure out networks. The only time you can do pattern analysis is once you start the query, on that query and where you go forward.

You can’t go in and try to bring up – you know, I have four daughters and 15 grandchildren. I can’t supervise them with this database. It is not authorized, and our folks do not do it. And so that’s some of the oversight and compliance you and the rest of the oversight committees see. But I think it’s important for the American people to know that it’s limited.

In this case for 2012, less than 300 selectors were looked at, and they had an impact in helping us prevent potential terrorist attacks. They contributed. And I think when you look at that and you balance those two, that’s pretty good.

REP. ROGERS: And I – and I do appreciate it. And I want to commend – the folks from the NSA have always – we’ve never had to issue a subpoena. All that information is always readily provided. You meet with us regularly. We have staff investigators at the NSA frequently. We have an open dialogue.

When problems happen, we do deal with them in a classified way and in a way, I think, that Americans would be proud that their elected representatives deal with issues. And I’m not saying that there are some hidden issues out there. There are not.

I know this has been difficult to come and talk about very sensitive things in a public way in order to preserve your good work and the work on behalf of all the patriots working to defend America. I still believe it was important to have a meeting where we could at least, in some way, discuss and reassure the level of oversight and redundancy of oversight on a program that we all recognize needed an extra care and attention and lots of sets of eyes. I hope today in this hearing that we’ve been able to do that.

I do believe that America has the responsibility to keep some things secret as we serve to protect this country. And I think you all do that well. And the darndest thing is that we may have found that that is easier for a systems analyst or a systems administrator to steal the information than it is for us to access the program in order to prevent a terrorist attack in the United States. And we’ll be working more on those issues. And we have had great dialogue about what’s coming on some other oversight issues.

Again, thank you very, very much. Thank you all for your service, and I wish you all well today.