Testimony of Daniel P. Collins
before the Senate Select Committee on Intelligence
May 24, 2005
Chairman
Roberts, Vice-Chairman Rockefeller, and Members of the Committee, I am grateful
for the opportunity to testify before you today. Three and one-half years ago, the USA PATRIOT
Act was signed into law by President Bush with overwhelming support in both
Houses of Congress. See Pub. L.
No. 107-56, 115 Stat. 272 (Oct. 26, 2001).
That strong bipartisan consensus reflected the gravity and importance of
the chief objective of that legislation, which was set forth right in the
title: “providing appropriate tools required to intercept and obstruct
terrorism.” As the horrific events of
September 11 demonstrated, there are few priorities more pressing than
detecting and preventing terrorist attacks.
It is critical that the men and women whose job it is to protect us have
the tools they need to get that job done, and to get it done in a manner that
both enhances security and respects liberty.
However, as
the Committee is well aware, several provisions of Title II of the PATRIOT Act
are scheduled to expire on December 31, 2005, absent action by Congress.
My
perspective on these matters is informed by my service over the years in
various capacities in the Justice Department.
Most recently, I served from June 2001 until September 2003 as an
Associate Deputy Attorney General (“ADAG”) in the office of Deputy Attorney
General Larry Thompson. During the same
period, I also served as the Department’s Chief Privacy Officer, and in that
capacity, I had the responsibility for coordinating the Department’s policies
on privacy issues. I also served, from
1992 to 1996, as an Assistant United States Attorney in the Criminal Division
of the U.S. Attorney’s Office for the Central District of California in
Before
turning to the nine relevant PATRIOT Act provisions that are up for “sunset”
review by this Committee, I think it is useful to outline some of the basic principles
that should guide an analysis of these provisions. The overarching question whether a particular
surveillance authority is an “appropriate tool” ultimately turns on
whether that tool assists in detecting and preventing terrorism, and whether it
does so in a manner that preserves and enhances privacy. In making that judgment, it is important not
to fall into the fallacy of “zero-sum” thinking, whereby every expansion
of government surveillance authority is somehow deemed inherently to
represent a loss of privacy. This sort
of thinking does not make much sense either from a national security
perspective or from a civil liberties perspective. The question instead is whether the conditions
placed on the availability and use of a particular tool are sufficient to
permit it to be deployed effectively when warranted, but only in a manner that
is respectful of privacy and basic civil liberties.
Beyond that
very general statement, there is, I think, general agreement on a number of
more specific principles that help to inform any judgment about the propriety
and adequacy of the conditions place upon the use of a particular tool:
• Unwavering fidelity to the
Constitution. Privacy is a cherished
American right. Among the various ways
in which the Constitution protects that right, the Fourth Amendment
specifically reaffirms the right of the people to be free from unreasonable
searches of their “houses, papers, and effects.” Our laws must scrupulously respect the limits
established by the Constitution. As many
have said, we have to think outside the box, but not outside the Constitution. But while the Constitution sets the minimum,
our laws have long properly reflected the judgment that, from a policy
perspective, there should be additional statutory protections for privacy. I do not question that judgment.
• Not all privacy interests are the
same. Not all privacy interests are
of the same magnitude, and it makes no policy sense to act as if they
were. For example, some categories of
information are more important and more sensitive than others. The fact that the supermarket club could
maintain a computerized stockpile of information about my personal buying
habits may raise a privacy concern, but it is not on the same level as someone
eavesdropping on my phone conversations or reading my medical records. The nature and severity of the privacy
intrusion at issue are certainly important factors to consider.
• Privacy is not always the most
important value. It is essential to
keep in mind that, while privacy is an important right, it is by no means the
only important value. Human society, by
its very nature, involves some loss of personal privacy. Competing concerns raised by new technology
may also justify particular intrusions on privacy: no one can deny that airport inspections are
essential to public safety, regardless of the cost to privacy.
• If it’s good enough for fighting
the mob, it’s good enough for fighting terrorism. Any tool that is already available to fight
any other type of crime — be it racketeering, drug trafficking, child
pornography, or health care fraud — should be available for fighting terrorism,
and should have an appropriate analog in the foreign intelligence context. If the judgment has already been made that
the tool is appropriate for fighting these other crimes, and that any privacy
interests at stake must yield to that effort, then surely the tool should also
be available to fight terrorism.
• The law of inertia must not be a
principle of privacy policy. It does
not make much sense to perpetuate outmoded ways of doing things simply because
it has always been done that way. As
times and technologies change, the judgments that are reflected in existing
statutory rules may need to be re-evaluated.
• The importance of technological
neutrality. In applying privacy
principles to new and emerging technologies, an important benchmark is the
concept of “technological neutrality.”
The idea is that, just because a transaction is conducted using a new
technology, there should not have to be a loss of privacy when compared to
similar transactions using older technologies.
To use an example, the privacy protection for ordinary email should be
roughly equivalent to that of an ordinary postal letter. Conversely, the emergence of new technologies
should not provide foreign agents with new ways to thwart legitimate and
legally authorized foreign intelligence activities. The notion of technological neutrality takes
into account both sides of the coin.
With these
basic principles in mind, let me explain why I think each of the nine pertinent
sections of the PATRIOT Act that would be made permanent by Section 101 of the
proposed legislation are ones that properly enhance the abilities of intelligence
officials in a manner that respects and preserves our freedoms.
(1)-(2) Sections
203(b) and 203(d)
These
provisions, which authorize certain forms of information sharing between law
enforcement officers and intelligence officials, are among the most important
in the PATRIOT Act.
Specifically,
section 203(b) authorizes the sharing of Title III wiretap information with
intelligence and national security officials, subject to several conditions:
(1) the information must have been obtained “by any means authorized by
this chapter,” i.e., in accordance with the strict requirements of Title
III; (2) the information to be shared must “include foreign intelligence
or counterintelligence” or “foreign intelligence information” as those terms
are specifically defined by the relevant statutes; (3) the information may
only be used by such official “as necessary in the conduct of that person’s
official duties”; (4) any such official must also comply with “any
limitations on the unauthorized disclosure of such information”; and (5) to the
extent the information “identifies a United States person,” the disclosure must
comply with statutorily mandated guidelines issued by the Attorney
General. See Pub. L. No. 107-56,
§ 203(b), (c), 115 Stat. at 280-81.
Section
203(d) more generally authorizes sharing of information “obtained as part of a
criminal investigation,” subject to the following restrictions: (1) the
information to be shared must comprise “ foreign intelligence or
counterintelligence” or “foreign intelligence information” as those terms are
specifically defined by the relevant statutes; (2) the information may
only be used by such official “as necessary in the conduct of that person’s
official duties”; and (3) any such official must also comply with “any
limitations on the unauthorized disclosure of such information.” See Pub. L. No. 107-56, § 203(d),
115 Stat. at 281.
As the 9/11
Commission and others have noted, the need for appropriate sharing of
information between law enforcement and intelligence officials is absolutely
critical to detecting and preventing terrorism.
Moreover, the safeguards imposed by section 203(b) and section 203(d)
seem properly tailored to ensure that law enforcement officials will only share
information that qualifies as “ foreign intelligence or counterintelligence” or
“foreign intelligence information” and will do so only subject to appropriate
restrictions. It must be emphasized that
these modest provisions do not, as some critics have wrongly claimed,
put the CIA in the business of “spying on Americans.” By definition, all information subject
to sharing under sections 203(b) and 203(d) has been obtained by the lawful
investigative activities of law enforcement officials either under
Title III or “as part of a criminal investigation.”
(3) Section 204
Section 204
is a largely technical amendment that clarifies the relationship between the
authorities under the criminal
statute governing “pen registers” and “trap-and-trace” devices and the
authorities under otherwise applicable federal law concerning certain foreign
intelligence activities. Pub. L. No.
107-56, § 204, 115 Stat. at 281. I
am not aware of an substantial reason why this provision should not be made
permanent.
(4) Section 206
Section 206 of the PATRIOT Act addresses
the subject of so-called “roving wiretaps” under the Foreign Intelligence
Surveillance Act of 1978 (“FISA”). In my
view, section 206 strikes an appropriate balance on this subject and should be
preserved.
Under the
current version of Section 105(c)(1)(B) of FISA, a FISA order authorizing
electronic surveillance only needs to specify the nature and location of
each such facility or place “if known.”
50 U.S.C. § 1805(c)(1)(B).
Notably, the addition of the phrase “if known” was not made by the
PATRIOT Act, but rather by the Intelligence Authorization Act for Fiscal Year
2002, Pub. L. No. 107-108, § 314(a)(2)(A), 115 Stat. 1394, 1402 (2001);
that amendment is therefore not subject to the PATRIOT Act’s sunset
provision. Although current law thus
dispenses with a specification requirement when the exact nature and
location of the facilities or places are not known in advance, the existing
version of Section 105(a)(3)(B) continues unambiguously to state that an
authorizing order may only be issued if, inter alia, “there is probable
cause to believe that ... each of the facilities or places at which the electronic
surveillance is directed is being used, or is about to be used, by a foreign
power or an agent of a foreign power.”
50 U.S.C. § 1805(a)(3)(B).
Reading these provisions together, it would seem clear that, even when
it cannot be specified in advance what are the particular facilities and
places that will be surveilled, the Government must nonetheless provide a
sufficient description of the categories of facilities and places that will be
surveilled (presumably by describing their connection to the target) so as to
permit the court to make the finding that remains required by Section
105(a)(3)(B).
The pertinent change made by Section
206 of the PATRIOT Act was merely to eliminate the requirement that the
authorizing order in all cases specify in advance those third parties (e.g., wire carriers) who were directed
to supply assistance in carrying out the order.
See Pub. L. No. 107-56, § 206, 115 Stat. at 282 (amending 50
U.S.C. § 1805(c)(2)(B)). Instead,
the PATRIOT Act states that, if the court finds that “the actions of the target
of the application may have the effect of thwarting the identification of a
specified person,” the order may require the cooperation of other such persons
who have not been specified.
Some have
called for making the roving wiretap provisions of FISA more analogous to those
for ordinary criminal roving wiretaps in Title III. Under 18 U.S.C. § 2518(11), the
requirement in § 2518(1)(b)(ii) to provide a “particular description of
the nature and location of the facilities from which or the place where the
communication is to be intercepted” does not apply if, inter alia, the application “identifies the person believed to be
committing the offense.” Setting aside
the issue about what the “identification” requirement thus imposed by Title III
requires here, the apparent intent of these critics of Section 206 is that FISA
should mimic § 2518(11) by imposing an identification requirement in any
case in which the requirement to specify particular places has been waived. The
analogy, however, is flawed, because of a crucial difference between
§ 2518(11) and Section 105 of FISA.
In addition to waiving the
specification-of-places requirement in § 2518(1)(b)(ii), the roving
wiretap provision of Title III also
waives the requirement in § 2518(3)(d) that the court must first find
probable cause to believe that “the facilities from which, or the place where,
the wire, oral, or electronic communications are to be intercepted are being
used, or are about to be used, in connection with the commission of such
offense, or are leased to, listed in the name of, or common used by [the
target].” See 18 U.S.C. § 2518(11) (stating that the “requirements of
subsections (1)(b)(ii) and 3(d) of
this section relating to the specification of the facilities from which, or the
place where, the communication is to be intercepted do not apply” to roving
wiretaps authorized under Title III). As
I explained above, FISA’s analog to § 2518(3)(d) of Title III is contained
in Section 105(a)(3)(B) of FISA, which states that an authorizing order may
only be issued if, inter alia, “there is probable cause to believe that
... each of the facilities or places at which the electronic surveillance is
directed is being used, or is about to be used, by a foreign power or an agent
of a foreign power.” 50 U.S.C.
§ 1805(a)(3)(B). It is important to
note that nothing in the roving wiretap
provisions of FISA waives this requirement.
The apparent effect of that difference is that unlike Title III, a FISA
roving wiretap application must still provide, as I explained earlier, a
sufficient description of the categories of facilities and places that will be
surveilled (presumably by describing their connection to the target) so as to
permit the court to make the additional probable cause finding that remains
required by Section 105(a)(3)(B). This
additional safeguard strikes a different balance from Title III, but an
appropriate one, and it makes any analogy to Title III inapt. That is, in light of FISA’s preservation of
this requirement, the need for a requirement to “identify” the target is
doubtful. Indeed, because it overlooks
this crucial additional requirement that only FISA imposes, the clear effect of
incorporating Title III’s restrictions would be to make FISA roving wiretaps harder to obtain that Title III
wiretaps.
(5)
Section 207
Section 207
extends the time periods for which the
(6) Section 214
Section 214
is one of several provisions of the PATRIOT Act that properly endeavor to
ensure that there will be appropriate analogs, in foreign intelligence investigations, for the various tools that are
available to assist law enforcement in criminal
investigations. In particular, Section
214 addresses the use of “pen registers” and “trap and trace devices,” i.e., instruments for collecting
information about the address or routing of a communication (e.g., the telephone numbers of outgoing
calls dialed on a telephone and the telephone numbers of incoming calls), but not the content of the
communication.
The Supreme Court held long ago that
that the proper use of a pen register does not implicate the Fourth Amendment,
because there is no reasonable expectation of privacy in the numbers dialed on
a telephone — numbers that, by definition, the dialer has voluntarily turned
over to a third party (i.e., the
telephone company). Smith v.
Under Section 214, the ability to use
pen registers and trap and trace devices under FISA is thus rendered more
analogous in scope to its criminal counterpart.
With respect to information concerning a
(7) Section 215
Section 215
of the PATRIOT Act is another provision designed to ensure that a tool
available to assist law enforcement in ordinary criminal investigations will
have an appropriate counterpart in foreign intelligence investigations. For a very long time, grand juries have had
very broad authority to obtain, by subpoena, records and other tangible items
that may be needed during the course of a criminal investigation. Section 215 provides a narrow analog to such
subpoenas in the context of certain intelligence investigations under
FISA. Indeed, in many respects, Section
215 contains more protections than the rules governing grand jury
subpoenas:
— A court order is required. 50 U.S.C. § 1861(c).
— The court is not merely a
rubber-stamp, because the statute explicitly recognizes the court’s authority
to “modif[y]” the requested order.
— The section has a narrow scope, and can
be used in an investigation of a
— The section provides explicit protection
for First Amendment rights.
The draft
bill would make the important clarification that the records may only be
obtained if they are “relevant” to an investigation to protect against
international terrorism or clandestine intelligence activities. See
Section 211(a)(1)(A), (2). As I
understand it, this amendment would not alter the current understanding of the
provision, but would merely eliminate any doubt about whether the relevance
standard is applicable here.
Some have
called for a standard that is higher than “relevance” to an investigation, and
have instead suggested that a Section 215 order should be granted only upon a
showing of specific and articulable facts giving reason to believe that the
person to whom the records pertain is a foreign power or an agent of a foreign
power. This is much too narrow a standard. Suppose that FBI agents suspected that an
as-yet-unidentified individual foreign agent may have consulted certain
specific technical titles on bomb-making or on nuclear power facilities, and
they are informed that 5 persons have checked out those specific titles from
public libraries in the relevant area and time period. Because it cannot be said that there are
“specific and articulable facts” to suspect all 5 persons who checked
out the books as all being foreign agents (the most that can be said is that
one of them may be), application of such a high standard would seemingly
require more evidence before any of the records could be obtained. Even if one were to agree that the general
business records authority in Section 215 might benefit from greater
reticulation in the contexts of particular types of records, this particular
requirement seems too strict. Given the
various safeguards already in place in Section 215, which adequately take
account of the difference between investigations under FISA and ordinary
criminal investigations, there is insufficient justification for a standard
that is so much more demanding than the ordinary “relevance” standard that has
long governed grand jury subpoenas in criminal investigations (some of which,
like the Versace murder and Zodiac gunman investigations, did consult library
records).
Despite what
some of its critics seem to imply, the narrowly drafted business records
provision in Section 215 has no special focus on authorizing the obtaining of
“library records.” On the contrary,
because the provision specifically forbids the use of its authority to
investigate
The draft
legislation properly declines to create any sort of carve-out for libraries
from the otherwise applicable scope of Section 215: that would simply establish libraries and
library computers as a “safe harbor” for international terrorists. Indeed, over the years, grand juries have, on
appropriate occasions, issued subpoenas for library records in connection with
ordinary criminal investigations. In my
view, a sensible privacy policy should allow an appropriately limited analog in
the FISA context, and Section 215 is just that.
Section 211(b) of the draft bill would make
appropriate and necessary clarifying changes to section 215 by specifying that
the prohibition on nondisclosure of Section 215 orders is not intended to
preclude the recipient of such an order from consulting with counsel or from
requesting permission from the FBI to make other appropriate consultations
(e.g., perhaps consulting an accountant with respect to an order requesting
financial records).
Section
211(c) properly establishes additional procedural protections by requiring the
Attorney General to adopt “minimization procedures governing the retention and
dissemination” of any items obtained under a Section 215 order.
The Attorney
General, in his testimony before this Committee on April 27, 2005, indicated
that the Department of Justice agreed that a recipient of a Section 215 order
could bring a challenge to such an order in court. Section 215 is silent as to where and how
such a review might be carried out, as is the draft bill. I would recommend that specific provisions
establishing the proper venue and procedures for such challenges be set forth
in legislation.
(8) Section 218
Despite
being only one sentence long, Section 218 is one of the most important
provisions in the PATRIOT Act. Prior to
Section 218, an application for electronic surveillance under FISA had to
contain a certification that “the purpose” of the surveillance “is to obtain
foreign intelligence information.” 50
U.S.C. § 1804(a)(7)(B) (2000 ed.).
Section 218 changed the phrase “the purpose” to “a significance
purpose,” thus clarifying that the presence of other purposes (such as a
possible criminal prosecution) did not preclude a FISA application. In doing so, Section 218 disapproved the
“primary purpose” test that had been engrafted onto the pre-PATRIOT Act
language. In re Sealed Case, 310 F.3d 717 (For. Intel. Surv. Ct. of Rev.
2002). This amendment, as many have
noted, was important in tearing down the “wall” between intelligence personnel and
law enforcement personnel. It should not
be permitted to lapse. Moreover,
allowing Section 218 to expire could potentially put the law in a state of
confusion, because the Foreign Intelligence Surveillance Court of Review has cast
doubt on whether the “primary purpose” test was a correct reading of the pre-PATRIOT
Act statutory language. In re Sealed Case, supra. As a result, there is
considerable room for argument over what exactly would be the effect of
allowing this provision to lapse. The
Congress should ensure clarity in this important area of the law by making
Section 218 permanent. Section 101 of
the draft legislation does that, and Section 203 also includes a further,
appropriate amendment confirming the correctness of the Court of Review’s
conclusion that FISA Section 101(e)(1)’s reference to “protect[ing]” against international
terrorism, etc., includes protecting by means of a criminal prosecution that
disables the foreign agents involved.
(9) Section 225
This section
extends to the FISA statute the same immunity from civil liability that exists
under Title III for wire or electronic communications service providers who
assist in carrying out a court order
or an emergency request for assistance under FISA. Pub. L. No. 107-56, § 225, 115 Stat. at
295-96. There is no good reason the
immunity of a service provider for carrying out court orders for surveillance
should depend upon whether the order was issued under Title III or under
FISA. This provision should be made
permanent.
Additional
provisions of the draft legislation
The draft
bill also contains detailed provisions providing for the use of “administrative
subpoenas” in certain intelligence investigations, and codifying (with changes)
the use of so-called “mail covers” in such investigations. See
Sections 213 and 212. The authorization
of administrative subpoenas by Section 213 would appear to be an appropriate
invocation of the principle that, if a tool is available to fight other crimes,
it should be available to fight terrorism.
Under 18 U.S.C. § 3486(a), administrative subpoenas are currently
authorized in the investigation of, inter
alia, a “Federal health care offense” and “a Federal offense involving the
sexual exploitation or abuse of children.”
As I said before, if the judgment has already been made that this tool
is appropriate for fighting these other crimes, and that any privacy interests
at stake must yield to that effort, then surely the tool should also be
available to fight terrorism, and should have an analog in the foreign
intelligence context. The appropriate
questions should, in my view, instead focus on the technical issues concerning
how such authority would be granted in the FISA context. Thus, for example, to the extent that the
procedures specified in Section 213 differs from those in 18 U.S.C.
§ 3486, are those differences warranted by differential factors unique to
the FISA context? Moreover, what should
be the relation between the scope of the administrative subpoena authority in
Section 213 of the draft bill and the business records provision in Section 215
of the PATRIOT Act? These are questions
that I think warrant careful study and consideration. But I find it very hard to say that
administrative subpoena authority is just fine when it comes to health care
fraud, but is somehow a grave threat to liberty when it comes to fighting
terrorism.
The “mail
cover” provisions in Section 212 relate solely to information on the exterior
of mail that is not subject to any reasonable expectation of privacy, such as
addressing information. The provision
appears to be fairly narrowly drafted in terms of the scope of the authority it
confers, the high-level approval it requires, and the requirement for
“minimization” with respect to retention and dissemination of records obtained
by a mail cover under this section.
Notably, the provision only applies to requests made to the “United
States Postal Service.” The apparent
intent of the provision is to ensure appropriate cooperation from the Postal
Service, while leaving the judgment whether to request the mail cover with the
FBI. That formal allocation of authority
seems sensible (since only the FBI will be privy to the full context of the
intelligence investigation that leads to the request). The Committee should evaluate whether it is
needed as a practical matter in light of the history on this issue between the
FBI and the Postal Service.
I would also
like to make a brief comment about Section 202 of the draft bill. This section would amend FISA’s definition of
“content” so that it more closely conforms with the definition of “content”
under the Title III wiretap statute, 18 U.S.C. § 2510(8). This appears to be a sensible change. By defining “any information concerning the
identity of the parties to [a] communication” as “contents,” FISA’s current
definition could be misconstrued as casting doubt on whether mere addressing
information, not derived from the substance of the communication, is
“contents.” As the pen register statutes
reflect, mere addressing information is not ordinarily considered to be
“contents,” and there is no harm in eliminating a perceived potential ambiguity
in FISA on this score.
* *
*
I would be
pleased to answer any questions the Committee might have on this subject.