S. Hrg. 110-385 NATIONAL SECURITY LETTERS: THE NEED FOR GREATER ACCOUNTABILITY AND OVERSIGHT ======================================================================= HEARING before the COMMITTEE ON THE JUDICIARY UNITED STATES SENATE ONE HUNDRED TENTH CONGRESS SECOND SESSION __________ WEDNESDAY, APRIL 23, 2008 __________ Serial No. J-110-86 __________ Printed for the use of the Committee on the Judiciary U.S. GOVERNMENT PRINTING OFFICE WASHINGTON : 2008 42-457 PDF For Sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, Washington, DC 20402-0001 COMMITTEE ON THE JUDICIARY PATRICK J. LEAHY, Vermont, Chairman EDWARD M. KENNEDY, Massachusetts ARLEN SPECTER, Pennsylvania JOSEPH R. BIDEN, Jr., Delaware ORRIN G. HATCH, Utah HERB KOHL, Wisconsin CHARLES E. GRASSLEY, Iowa DIANNE FEINSTEIN, California JON KYL, Arizona RUSSELL D. FEINGOLD, Wisconsin JEFF SESSIONS, Alabama CHARLES E. SCHUMER, New York LINDSEY O. GRAHAM, South Carolina RICHARD J. DURBIN, Illinois JOHN CORNYN, Texas BENJAMIN L. CARDIN, Maryland SAM BROWNBACK, Kansas SHELDON WHITEHOUSE, Rhode Island TOM COBURN, Oklahoma Bruce A. Cohen, Chief Counsel and Staff Director Stephanie A. Middleton, Republican Staff Director Nicholas A. Rossi, Republican Chief Counsel C O N T E N T S ---------- STATEMENTS OF COMMITTEE MEMBERS Page Cardin, Hon. Benjamin L., a U.S. Senator from the State of Maryland....................................................... 6 Feingold, Hon. Russell D., a U.S. Senator from the State of Wisconsin...................................................... 5 prepared statement, letter and attachments................... 79 Leahy, Hon. Patrick J., a U.S. Senator from the State of Vermont. 1 prepared statement........................................... 84 Specter, Hon. Arlen, a U.S. Senator from the State of Pennsylvania................................................... 3 Whitehouse, Hon. Sheldon, a U.S. Senator from the State of Rhode Island......................................................... 7 WITNESSES Baker, James A., former Counsel for Intelligence Policy, Department of Justice, Washington, D.C......................... 8 Nojeim, Gregory T., Director, Project on Freedom, Security & Technology, Center for Democracy & Technology, Washington, D.C. 11 Woods, Michael J., former Chief, National Security Law Unit, Office of the General Counsel, Federal Bureau of Investigation, Washington, D.C................................................ 13 QUESTIONS AND ANSWERS Responses of Michael J. Woods to questions submitted by Senator Feingold....................................................... 35 SUBMISSIONS FOR THE RECORD American Civil Liberties Union, Caroline Fredrickson, Director, Washington Legislative Office, Washington, D.C., statement and attachments.................................................... 48 Baker, James A., former Counsel for Intelligence Policy, Department of Justice, Washington, D.C., statement............. 66 Nojeim, Gregory T., Director, Project on Freedom, Security & Technology, Center for Democracy & Technology, Washington, D.C., statement................................................ 86 Organizations supporting the National Security Letters Reform Act, joint letter.............................................. 100 Woods, Michael J., former Chief, National Security Law Unit, Office of the General Counsel, Federal Bureau of Investigation, Washington, D.C., statement.................................... 102 NATIONAL SECURITY LETTERS: THE NEED FOR GREATER ACCOUNTABILITY AND OVERSIGHT ---------- WEDNESDAY, APRIL 23, 2008 U.S. Senate, Committee on the Judiciary, Washington, DC The Committee met, pursuant to notice, at 10:04 a.m., in room SD-226, Dirksen Senate Office Building, Hon. Patrick J. Leahy, Chairman of the Committee, presiding. Present: Senators Feingold, Cardin, Whitehouse, Specter, Kyl, and Sessions. OPENING STATEMENT OF HON. PATRICK J. LEAHY, A U.S. SENATOR FROM THE STATE OF VERMONT Chairman Leahy. Good morning. When Congress last reauthorized and expanded the USA PATRIOT Act in March, 2006, I voted against it, although I voted for the first one. I stated then that I felt the administration and the Congress had missed an opportunity to get it right. But we were able to include some sunshine provisions, which has given us insight that we will use today in our examination of national security letters, or NSLs. I have long been concerned by the scope of the authority for NSLs and the lack of accountability for their use. Thankfully, we are able to include requirements for review of the NSL program by the Inspector General when we reauthorized the PATRIOT Act. There had not been that kind of a review before. Now, for 2 years, the reports by the Inspector General have revealed extremely troubling and widespread misuse of NSLs. The authority to issue NSLs allows the Federal Bureau of Investigation to request sensitive personal information: phone bills, e-mail transactions, bank records, credit reports, things that could basically stop a business while they try to put this all together, and do this without a judge, without a grand jury, without even having a prosecutor evaluate those requests. In the reports, the Inspector General has found some very, very disturbing misuse of this authority. The Inspector General's report found widespread violations, including failure to comply with even the minimal authorization requirements, and more disturbingly, that the FBI requested and received information to which it was not entitled under the law. The reports found some rampant confusion about the authorities, and virtually no checks to ensure compliance or correct mistakes. But what I found very significant, is the Inspector General found that NSL use has grown to nearly 50,000 a year, and nearly 60 percent of those NSLs are used to find information about Americans. It is a major change in the years since 9/11. I raised these concerns publicly and privately with Director Mueller of the FBI. In fairness, the FBI has acknowledged some problems. It has issued new guidelines, new guidance, a new data system to track issuance of these NSLs. It has also created an Office of Integrity and Compliance to ensure that there are processes and procedures in place to ensure compliance. I believe that the Director and his staff are sincere in their efforts, but I am not persuaded that the actions taken have been enough. So we are following up on an earlier oversight hearing to ask what changes are needed to the statutory authority. Among the things that concern me are whether the law should require higher level review and approval, perhaps judicial or Department of Justice review, before NSLs can be issued. Is a standard for issuance which requires only that it be relevant to a terrorism investigation too lenient? I mention this, because we have seen all the statistics, the sudden huge increase in the number of arrests that were related and said to be terrorism. Then when we asked the question about, if they are terrorists, why did they get a fine or 30 days in jail or 60 days in jail? Well, it turned out they were just run-of-the- mill cases that they reclassified so that the statistics were good. I want to know if that is the same thing here. Is the scope of documents available under NSLs too broad? I'd like to hear how we can ensure that there are adequate standards for determining when private records on U.S. persons that have been collected using NSLs, how can they be retained? Actually, how can they be disseminated and used? Simply because one of these NSLs is issued with no guidance, no checks and balances, or anything else and their name gets picked up, are they going to find some day when their kids are trying to get into college, are they blocked? If they're trying to get a job or a promotion, are they suddenly blocked and they don't know why? Now, I commend Senator Feingold. He's been a leader on this issue. I believe his bipartisan bill, the National Security Letter Reform Act of 2007, is on the right track, particularly in its recommendation for the need for a real check on independent oversight of NSLs. The bill would also narrow the extraordinarily broad scope of information that NSLs can acquire. They would make the standard for their issuance more rigorous. I look forward to hearing our witnesses' view on this important legislation, getting ideas from them if there are other important steps we can take. The problem we see with NSLs is just one part of a much broader concern. We all know that the changing nature of national security threats, and particularly the threat from international terrorism, has required changes in the way the government collects and uses intelligence, the kind of information it needs. Nobody disagrees with that. But we have to remember what a perilous undertaking it is when the government engages in domestic spying. Americans don't like it, and for very good reason. We have a long history of abuses: the Red scare of 1919; McCarthyism; co-intel for Watergate; the recent Pentagon Talon data base program; the collected information on Quakers and other anti-war protestors. Can you imagine the shock that must have been, those collecting that, to find that Quakers were protesting a war? Quakers always protest a war. The shock would have been if, when they did that, spying on these Quakers, if they had them saying, we're in favor of war. Now, that, that would have been worth collecting. So if we're going to adapt our collection and use of information for Americans as a changing threat, we have to be sure to do the same for the checks and accountability mechanisms, we have to protect our liberties as Americans. The FBI's misuse of NSLs is one example of the need for clearly defined procedures and careful controls when collecting and using domestic intelligence, but we have to be just as vigilant in other areas: data mining, use of satellites to collect domestic information, biometrics, fusion centers. They are all tools for national security, but each is fraught with the potential for privacy invasions and harm to American liberties. We in the Congress have a responsibility to see how these are being used. [The prepared statement of Senator Leahy appears as a submission for the record.] So I am looking forward to this. Senator Specter, who I mentioned is the senior Republican on the Committee, has a long history of asking these questions of both Republicans and Democrats, and I am glad you're here. STATEMENT OF HON. ARLEN SPECTER, A U.S. SENATOR FROM THE STATE OF PENNSYLVANIA Senator Specter. Thank you, Mr. Chairman. I wouldn't be anywhere else, especially since I'm the Ranking Member and I'm really not needed here because there's such a large showing of Republican members of this Committee to handle this important issue. This is a prized Committee, very keenly sought after by members of the U.S. Senate. If any were here, I would exhort them to attend because this is a very important matter, especially in the context of what has happened with expansion of executive authority. Decades from now, I believe historians will look down on this period since 9/11 to the present time and beyond as an extraordinary expansion of executive power, necessary, at least to some extent, as I have stated by my votes and my positions in supporting the expansion of the PATRIOT Act. But I am concerned when we are having hearings on national security letters and we do so in the context of the President having issued a signing statement which purports to limit the executive's responsibility to comply with Section 119, notwithstanding the fact that this was a matter negotiated. That's my recollection, confirmed by Nick Rossi, who was on my staff at the time and is now Chief Counsel. We negotiated the oversight on review of national security letters, and then the President signs a statement in which he says that he'll interpret Section 119 in a manner consistent with the broader Article 2 powers. Well, that's not adequate. There's been expressed negotiations. This comes in the context where one of the reported incidents involves a matter where the FBI sought records under Section 215 under the order for business records from the FISA court, twice refused. Then the FBI goes to a national security letter based on the same information. Well, that sounds wrong to me. If they don't have a basis for it when it goes to a court, to come back to something they have unilateral control on, it's not exactly what Congress intends here. And all of this occurs in a context with vast, vast expansion. When you have the President violating the Foreign Intelligence Surveillance Act, the National Security Act, requiring reports to the Intelligence Committees, on his purported authority under Article 2, never tested judicially, but violations occur on unilateral action. You have the concerns about the State Secrets Act, and the Attorney General says there will be a calamitous result, violating the President's Article 2 powers. You have an effort to legislate under the Shield Law and letters from the FBI and the Attorney General and the Director of National Intelligence and Homeland Security that the world is going to collapse, notwithstanding the careful calculation of that statute to preserve national security interests. The attorney/client privilege, pressed by this administration far beyond any other administration. Former Attorney General Edwin Meece and former Attorney General Richard Thornburg testified in this room that the current interpretation is inappropriate. Two principles: the government proves its case, and the constitutional right to counsel, which necessarily implies confidential privilege. But now there is an expansion of executive authority. Thank God for the courts, because it has been more than frustrating to be on this Committee and to chair it, to be Ranking Member, and not to have the semblance of effective oversight. We simply can't chase the executive sufficiently to have effective oversight. Now there is a move to have retroactive immunity to the telephone companies. As yet on the record we don't know what that retroactive immunity is for, but we're asked to grant it legislatively. I believe that from what I know as to what the telephone companies have done, they've been good citizens and they ought to be protected. But the government can step into their shoes and defend those cases and preserve the open courts, and also to give the telephone companies their due. So I would say, Mr. Chairman, we ought to do a lot more, but I'm not quite sure what to do. Chairman Leahy. Well, if the Senator would yield, I was somewhat concerned when I became Chairman. I'd send letters down to Department of Justice asking questions and not get any response, and wondered if it was because I was a Democrat and it was a Republican administration. Then I found out that the chairman, when he was chairman, found it difficult to get answers to those letters also. Senator Specter. Well, I'm still co-signing the letters, Mr. Chairman. Chairman Leahy. I know you are, and I appreciate that very much. I think oversight--I agree with the Senator from Pennsylvania. Oversight is extremely important because if you have no check and balance, at a time when our government can be all-powerful, it is a terrible situation. The Senator from Pennsylvania, like myself, was a prosecutor. There are a lot of things we would have loved to have done unilaterally. But fortunately we couldn't. We had to have oversight by the courts, we had to have checks and balances. The country's safer that way. Senator Specter. I want to associate myself with the remarks which you made, following the interruption, and conclude my statement just by associating myself. Chairman Leahy. I apologize. I thought you had. I thought you had. Senator Specter. Oh, no you don't. It's fine. We do it all the time and it's totally acceptable. Chairman Leahy. You see? What you all missed was the opportunity to see Senator Specter and myself at a hearing in Vermont. Senator Specter. Where was everybody? Chairman Leahy. It was very interesting. They're still talking about it up there, approvingly. Senator Specter. It was an official Committee hearing. Where was everybody? Chairman Leahy. And Senator Specter was praised by Republicans and Democrats across the political spectrum for his participation. Senator Feingold, this is your legislation. If you want to say something, please feel free. STATEMENT OF HON. RUSSELL D. FEINGOLD, A U.S. SENATOR FROM THE STATE OF WISCONSIN Senator Feingold. Thank you, Mr. Chairman and Ranking Member Specter. Thank you for holding this important hearing, and for your commitment to this issue. I could not agree more that greater oversight and accountability are needed with respect to national security letters. The Justice Department's Inspector General documented serious misuse and abuse of national security letters from 2003 to 2006. A followup audit conducted by the FBI itself not only confirmed the Inspector General's findings, it documented even more violations. These widespread problems are directly attributable to the PATRIOT Act, which expanded the NSL statutes to essentially grant the FBI a blank check to obtain sensitive information about innocent Americans. Congress gave the FBI very few rules to follow and then failed to adequately fix these problems when it reauthorized the PATRIOT Act. I appreciate that Director Mueller and others in the FBI leadership ranks have taken these problems seriously, but leaving this to the FBI alone to fix is not the answer. These Inspector General reports prove that ``trust us'' simply doesn't cut it. It was a significant mistake for Congress to grant the government broad powers and just keep its fingers crossed that they wouldn't be misused. Congress has the responsibility to put appropriate limits on government powers, limits that allow agents to actively pursue criminals, terrorists, and spies, but that also protect the privacy of innocent Americans. Congress must also ensure that the statute complies with the Constitution. In that vein, last fall a Federal District Court struck down one of the new NSL statutes, as modified by the PATRIOT Act Reauthorization legislation enacted in 2006 on First Amendment grounds. This is why I introduced the National Security Letter Reform Act with a bipartisan group of Senators, including Senators Sununu, Durbin, Murkowski, Salazar, Hagel, and others. This bill places new safeguards on the use of national security letters and related PATRIOT Act authorities to protect against abuse and ensure the constitutionality of the statute. Among other things, it restricts the type of records that can be obtained without a court order to those that are the least sensitive and private, and it ensures that the FBI can only use NSLs to obtain information about individuals that have at least some nexus to a suspected terrorist or spy. I am pleased that it has received endorsements from all over the political spectrum, from the Center for American Progress, to the League of Women Voters, to Grover Norquist of Americans For Tax Reform. I would ask, Mr. Chairman, that an April 22 letter in support of the bill, as well as a ``Dear Colleague'' about the bill, be included in the record. Chairman Leahy. Without objection, so ordered. [The prepared statement of Senator Feingold, with attachments, appears as a submission for the record.] Senator Feingold. Thank you, Mr. Chairman. This legislation is a measured, reasonable response to a serious problem. Again, thank you very much for holding the hearing on the bill and on this topic, and I look forward to the witnesses' testimony. Chairman Leahy. Thank you. Senator Cardin, did you wish to-- STATEMENT OF HON. BENJAMIN L. CARDIN, A U.S. SENATOR FROM THE STATE OF MARYLAND Senator Cardin. Thank you, Mr. Chairman. Just very briefly, let me first comment that I will be moving between this Committee and the Foreign Relations Committee that has a hearing on Darfur today. I'm saying that for Senator Specter's benefit, because I'm sure his colleagues are very busy in other committees that are holding hearings today. But obviously this is an extremely important hearing, and I thank you very much for conducting this hearing. I just want to make a quick observation, if I might. I think Americans would be very surprised to learn that there are tens of thousands of national security letters issued every year--every year--the majority of which are directed toward Americans, requesting sensitive information such as their credit information or their telephone records, and it is done without any court supervision. They also, I think, would be surprised to learn about the Inspector General's report that pointed out that a large number of these letters were issued contrary to the law, in violation of the authority that the Department had. So I think it's very important for us to do the appropriate oversight. I'm sure we're going to hear today, Mr. Chairman, that as a result of the Inspector General's report, as a result of the oversight that this Committee has done, that the circumstances are improved, that procedures are now in place, that the number of violations of laws have been reduced dramatically and that the circumstances and the use of national security letters have improved dramatically. But what happens when we turn off the spotlight? What happens when Congress does not hold regular oversight hearings on the use of national security letter? Will we revert back to the use of these letters, contrary to law? When one agency can make a decision without review of the courts, without oversight, there is the potential for abuse. So I just want to compliment Senator Feingold for his legislation. I think it's important that we look at ways in which we can establish the appropriate check-and-balance in our system to make sure that the agencies have the tools that they need to protect our country and to pursue investigations that are important so they can get the material necessary for investigations, but at the same time protect the civil liberties of the people of our Nation. Clearly that was not done over the last five or 6 years. Clearly that was abused and did not further justice, and it did hurt the civil liberties of the people of our country. So I think that we should not only be holding the oversight hearing that Senator Specter has talked about the importance of, but to look at ways in which we can institutionalize a better check-and-balance system on the use of this extraordinary power by the Department of Justice. Mr. Chairman, I look forward to our witnesses. Again, I apologize if I have to leave to attend another hearing on the circumstances within the Darfur region of Sudan. Chairman Leahy. Thank you very much. Senator Whitehouse, did you have anything you wanted to add? STATEMENT OF HON. SHELDON WHITEHOUSE, A U.S. SENATOR FROM THE STATE OF RHODE ISLAND Senator Whitehouse. Thank you, Mr. Chairman. Very briefly, I just wanted to commend Senator Feingold for his legislation. He has undertaken what those of us who have the honor of working with him have come to expect as a very thoughtful and thorough approach to this issue. I think we should also take a moment, if it has not been done already, to commend Inspector General Glen Fine. We are here, in large part, because of the research work that he did. Our job is to oversee the executive branch and remark and bring attention to situations where folks have failed in their duties or failed in their responsibilities, and assure that those mistakes are cured. It is also, I think, our responsibility to express appreciation and pride when folks in the executive branch do their duties particularly well. I think the Department of Justice Office of Inspector General did its duties particularly well in this respect, and I think the record of the hearing should reflect that. I remain a little bit dismayed that the FBI, as an institution--I had this discussion with Director Mueller when he was here--did not more highly value the rather extraordinary powers that they were given in this legislation and the responsibilities, the concomitant responsibilities that came with that. The fact that there wasn't adequate internal oversight, that there weren't checks and balances going, frankly, right up to the Director's office, because this is an issue that directly affects the credibility of one of our proudest law enforcement agencies with this Congress, and if they're not minding the store when we give them the kind of scope--I think mistakenly, but irrespective of that--that they are and it's cabined with particular congressional restrictions, the level of disinterest in attending to those congressional limitations is kind of surprising. You would have thought that the highest levels of the FBI, somebody would be saying, you know, this is pretty serious stuff, they put some pretty serious boundaries around it. We're going to look like real dopes if we foul this up. You know, somebody in my office is going to be in charge of making sure this is done right. The failure of that, I think, is an interesting and significant failure in this whole process. So I very much look forward to the testimony of all the witnesses. I appreciate the Chairman holding this hearing, and I thank Senator Feingold for, once again, his thoughtful and thorough approach to an important issue. Chairman Leahy. Well, thank you very much. Gentlemen, you've had a chance to hear our views on this. Don't let that influence you in any way, shape, or manner as you give your testimony. I mean that, seriously. The first witness will be James Baker. He has an extensive background in the area of national security. He served at the Justice Department for 17 years. He was Counsel for Intelligence Policy in the Office of Intelligence Policy & Review from 2001 to 2007. Is that correct? A former Federal prosecutor, he's worked on a wide variety of national security matters. He taught national security law at Harvard Law School in 2007. He's a Fellow at the Institute of Politics at Harvard's Kennedy School of Government. He currently serves as the Assistant General Counsel for National Security at Verizon. He received his bachelor's degree from the University of Notre Dame and his law degree from the University of Michigan Law School. Mr. Baker, please go ahead, sir. STATEMENT OF JAMES A. BAKER, FORMER COUNSEL FOR INTELLIGENCE POLICY, DEPARTMENT OF JUSTICE, WASHINGTON, D.C. Mr. Baker. Thank you, Mr. Chairman, Ranking Member Specter, and members of the Committee. I appreciate the opportunity to be here today. Let me just say at the outset that I am appearing here today in my individual capacity at the request of the Committee and anything I say should not be taken as reflecting the views, necessarily, of my current or former employers. So, Mr. Chairman, you have my written statement, which I would ask to be made part of the record. Chairman Leahy. Without objection, it will be part of the record. Mr. Baker. Thank you, sir. [The prepared statement of Mr. Baker appears as a submission for the record.] Mr. Baker. I won't try to recapitulate what I say there, but my objective today is to try to be of whatever assistance I can to the Committee to try to put national security letters in context with what the intelligence community, the FBI, is doing every day to conduct national security investigations and to obtain foreign intelligence information. So what I am urging today is that we think about this in a holistic way and try to understand the perspective of the people on the ground who have to use these tools as they go about doing what everybody agrees we want them to do, which is to protect the country. And so what I urge is we not focus just on NSLs, but we think in a larger way about the whole question of what I refer to as metadata. I'll come back to that. Well, I'll just address that right now. Metadata, as I describe in my written statement, what I mean by that, and what other people have referred to or used that term to refer to, is really a distinction between content information and non-content information. Content information is the words that are spoken on a telephone call, the substance of an e-mail, what happens in the privacy of our homes, those kinds of things. That's the content that I refer to. When I'm talking about metadata I'm talking about non- content. It's information about those things, maybe the date, the time, the duration of the telephone call, the ``to'' and ``from'' of an e-mail, indications about where you moved at different points in time, but it's not your actual substance of your communications. So what I think, and what I'm trying to say today is that Congress, I suggest, should think about the problem or the issue of the collection of non-content information and how it wants the government to go about doing that, and what rules apply, what oversight there should be, and so on. Metadata, generally speaking, is not protected by the Fourth Amendment. Content is protected by the Fourth Amendment. Metadata is protected in some instances by statute, but in many instances by nothing. There are no statutes with respect to certain types of metadata. So what I think Congress needs to think about, is what does it want the government to do? What do we as Americans want the government to do with respect to the collection of all types of metadata, from the types of metadata we're talking about today from national security letters, but broadly, all different types of metadata? That's the big issue. That's the big privacy issue, I think, that faces us today. Let me just say, metadata is a critically important tool for conducting national security investigations. It's been referred to as the bread and butter of FBI investigations. But I don't want to over-sell it, either. It's not a panacea. It may be the bread and butter, but it's not necessarily the main course or the dessert. I mean, it's not everything. It provides you with certain guideposts and ways to think about problems and who to focus on, but it's an investigative tool, not an investigation. My main criticism, I think, of the current statutes that we have, and I urge the Congress to think about it as it decides what to do next, is that they are just way too complex. There are too many tools that are out there for the government to use with too many different standards, too many different approval levels, too many different oversight mechanisms with respect to the collection of metadata. For example, as I said in my written statement, there are eight different ways, by my count, at least, to get telephone toll records. There are eight different ways, with all kinds of different standards. That's too complex. That is what leads to, I think, some of the confusion that ensues that you see reflected in the Inspector General's report, which I also commend. I think it's an excellent report. So I think as you consider what to do next, you should worry about making things too complex. That's what I urge you to worry about with respect to that. You should also worry about making sure there's adequate oversight. You should make sure that there are the right people in the right jobs, working hard to get it right. That's critically important. I also urge that there be adequate and statutorily mandated minimization procedures with respect to all different types of metadata. Senator Feingold's bill urges that, or would require that with respect to national security letters, but you need to think broadly and think about other types of metadata that are collected from a variety of different sources. As I suggest in my written statement, one thing to think about would be a national security subpoena. It would be simple, it would be broad in scope. It wouldn't be unlimited in scope. It wouldn't be able to collect certain types of data if you wanted to restrict that, such as tax records and so on. It would not be an administrative subpoena, it would be a subpoena that would require the involvement of the Department of Justice. I see my time has expired, Mr. Chairman, so I will stop there. But what I urge is, do not approve a national security subpoena unless you also provide for adequate oversight mechanisms, provide resources for that, and require minimization. Thank you, Mr. Chairman. Chairman Leahy. Thank you. We will go into what you mean by adequate oversight on that. The next witness is Gregory Nojeim--did I get that correct? Mr. Nojeim. Yes. Chairman Leahy. Thank you. He's a Senior Counsel and Director of the Project on Freedom, Security & Technology at the Center for Democracy & Technology in Washington. He's a recognized expert on Fourth Amendment and surveillance issues arising in the national security and intelligence areas. Before joining CDT in May of 2007, he was the Associate Director and Chief Legislative Counsel for the American Civil Liberties Union. He received his bachelor's degree from the University of Rochester and his law degree from the University of Virginia. Go ahead, sir. STATEMENT OF GREGORY T. NOJEIM, DIRECTOR, PROJECT ON FREEDOM, SECURITY & TECHNOLOGY, CENTER FOR DEMOCRACY & TECHNOLOGY, WASHINGTON, D.C. Mr. Nojeim. Thank you, Senator Leahy, Senator Specter, members of the Committee. Thank you for the opportunity to testify today on behalf of CDT. The DOJ Inspector General found widespread errors and violations in the FBI's use of NSLs to obtain bank, credit, and communication records of U.S. citizens without prior judicial review. These violations are the natural, predictable outcome of the PATRIOT Act and other legal and technology changes. They weakened the rules under which FBI agents make these demands while dramatically expanding their scope. In response, the FBI issued detailed guidance on NSLs that contains many useful elements. But internal reforms can only fix so much. The only way to truly address the problems is to legislate traditional checks and balances under which a judge must approve governmental access to sensitive information. So far, NSL legislation has been a one-way street. With almost every change in the law, more records from more businesses with more personal information about people increasingly distant from the target of the investigation have been made available to more people in government, with more coercion and less judicial oversight. And, the judicial review that has been provided for has been largely toothless. Self-policing doesn't work. Going to a judge makes a difference in a way that is unachievable by merely internal reviews or by reviews conducted by attorneys in a different part of the executive branch. Senator Specter said, ``Thank God for the courts.'' It's time to give the courts something meaningful to do in this context. We ask that you enact legislation that reflects the principle that the more sensitive the information sought, the tighter the standard should be for getting it and the more exacting and detached the review for the request for information should be. When revealing information is sought in an intelligence investigation, mere relevance without judicial review and without a tie between the subject of the records and a foreign power is an inappropriate standard. The weak relevance standard is often justified by drawing parallels between NSLs and criminal subpoenas, which are issued without prior judicial review. But intelligence investigations are more dangerous to liberty than criminal investigations. They require stronger compensating protections. Intelligence investigations are broader than criminal investigations. They are not limited by the criminal code. They can investigate legal activity, including First Amendment activity. Intelligence investigations are conducted in much greater secrecy than criminal cases, even perpetual secrecy. When a person receives a grand jury subpoena, normally a person can complain about it. In an intelligence case, when a business gets an NSL, they're gagged. They're prohibited by law from complaining about it, and the subject of the NSL never learns of it. Finally, in a criminal investigation almost everything the government does is ultimately exposed to scrutiny. The prosecutor knows that at the end of the day, his actions will often come out in public. That is a powerful constraint. There's no public airing at the end of intelligence investigations. In this context, the relevance standard offers insufficient protection against abuse. There is just no substitute for tightening the standard and subjecting requests for sensitive information to judicial review. After-the-fact minimization, while it's important, doesn't prevent the initial intrusion. Minimization under FISA, the model that many urge for NSLs, is actually quite permissive. Moreover, none of the changes that the FBI has put in place can get to the core issue. That is to ensure that NSLs are used only in a focused way when there is a factual basis for believing that the individual whose data is sought is a terrorist or a foreign agent, or that information is otherwise sufficiently important to the activities under investigation. The NSL Reform Act, in contrast, does get to the core issue. It creatively honors the principle that sensitive information deserves more protection. First, it would separate information that can now be obtained with an NSL into sensitive and less-sensitive personal information. Not all metadata is created alike. Some of it is particularly sensitive. The ``to"/"from'' information about a person's e-mailing is more sensitive than information that merely identifies a person. Yesterday I applied for a loan at a bank. The records that I gave to the bank might be regarded as metadata under this proposal. I had to give them my tax return and a lot of other sensitive information that, frankly, I didn't want to give up, and frankly shouldn't be available to law enforcement without a really good reason. We like the way that the NSL Reform Act separates out these two types of sensitive information to less sensitive and more sensitive, and says that when the information is more sensitive there has to be some judicial authorization, usually -probably -through Section 215 of the PATRIOT Act before the information can be given to the government. These are necessary reforms. They and other measures can ensure that the government has the tools it needs to prevent terrorism and that those tools are subjected to appropriate checks and balances. Thank you very much. Chairman Leahy. Thank you very much. [The prepared statement of Mr. Nojeim appears as a submission for the record.] Chairman Leahy. Our next witness, Michael Woods, is an attorney with extensive expertise in national security areas. He served in a variety of national security-related positions at the Justice Department, beginning his service in 1993. He served as Chief of the FBI's National Security Law Unit from 1997 to 2002. In private practice, he has advised Department of Defense clients in matters of national security policy. He has published Law Review articles on national security law issues, including those related to national security letters and the PATRIOT Act. He graduated from the University of Oxford and Harvard Law School. Mr. Woods, glad to have you here. STATEMENT OF MICHAEL J. WOODS, FORMER CHIEF, NATIONAL SECURITY LAW UNIT, OFFICE OF THE GENERAL COUNSEL, FEDERAL BUREAU OF INVESTIGATION, WASHINGTON, D.C. Mr. Woods. Thank you, Mr. Chairman. Mr. Chairman and members of the Committee, I am very pleased to have the opportunity to appear this morning. I think, really, I have two things to offer the Committee in this very important work. The first, is my practical experience. As a former Chief of the FBI's National Security Law Unit, I was basically in charge of the national security letter production process during the time I was there. I would add and would underline that I left the FBI in 2002, and so I am probably not the person who can comment on what has gone on more recently than that internally, or about the measures that have taken place. But I can certainly give some insight into how these letters were used investigatively prior to the PATRIOT Act, into the rationale for the changes that were sought in the PATRIOT Act, and into some of the investigative concerns that I think persist to this day. The second, of course, as the Chairman has noted, I have written on what I call transactional data, which Mr. Baker is referring to as metadata. I will use whatever term the Committee wants. I do not mean to create confusion. I have summarized this research in my written testimony, and I have appended a Law Review article that I think might be helpful. Chairman Leahy. Incidentally, all the written testimony of all the witnesses will be put in the record in total. Mr. Woods. Thank you, Mr. Chairman. Like the other witnesses this morning, and I'm sure everyone on the Committee, I see in this constantly evolving digital environment an enormous challenge for our government. The cloud of transactional information or metadata that each of us now creates in our daily lives, though it may not contain the direct content of our private communications, reveals a steadily more detailed picture of our activities, our personal habits, our social networks, our finances. This information largely resides in the custody of third parties, in quantities, formats, and conditions of which most of us remain unaware. The constant expansion in the capacity of digital storage systems and in the power of search engine technology make this transactional information at once more permanent and more easily accessible than ever before. This situation poses a real challenge to counterintelligence and counterterrorism investigators. On the one hand, it allows a new window into the hidden activities of our most sophisticated adversaries. On the other, the compromise of privacy by the acquisition of transactional data seems much greater now, that the quantity and detail of that information has increased. I believe it is critically important that the Committee leave the FBI with a flexible and effective tool for obtaining transactional information. That tool should incorporate safeguards that inspire public confidence, but safeguards that are proportionate and carefully tailored in response to the actual harms. Though I disagree based on my experience with the suggestion that the legal standard for national security should be returned to its pre-PATRIOT Act level, I think many parts of the current legislative proposal represent very promising steps in the right direction. I am very happy to elaborate on these views in response to your questions, and look forward to assisting the Committee in this important work. Again, thank you for inviting me. Chairman Leahy. Thank you very much, Mr. Woods. [The prepared statement of Mr. Woods appears as a submission for the record.] Chairman Leahy. Over the last several years, the FBI issued virtually no guidance. They had no real checks or oversight on the expanded use of national security letters. We have had several Inspector General reviews which came about because Congress, in its oversight, insist on these reviews. They pointed out errors in every single aspect of the national security letters: they're drafted incorrectly; they're issued without even the minimal administration requirements; their use was not monitored; the information collected is often not even recorded or tracked. So, in other words, these Inspector General reports showed that the FBI failed in every respect to police its use of NSLs. It was only after these devastating IG reports came out that the FBI took steps to control use, and then started issuing guidance, creating a data bank, and so forth. But even now the FBI resists any process for outside review. Even though they had this abysmal record following on them, they don't want any outside approval. One article likens this to the stereotypical male driver who has circled the same block four times, but still stubbornly refuses to ask anyone for directions. My wife would like that one. Now, haven't we seen enough from these IG reports? Though the FBI can't effectively check it's own use of this very powerful authority, do we have to wait for more years, and documents, and so on or should Congress require approval of the NSLs outside of the FBI? Who should be the reviewing authority? Should we have judicial review? You have differing views. Mr. Baker, let me begin with you, then go to Mr. Nojeim, then Mr. Woods. Mr. Baker. Thank you, Mr. Chairman. Yes. I mean, I subscribe to the notion that it's appropriate to have review of metadata collection tools, whatever legal tool Congress ends up approving outside of the FBI. I think it's appropriate. I think it works well when you think about it in the criminal context or the grand jury process where the FBI agents need to go--must go--to a Federal prosecutor to obtain approval to issue the grand jury subpoena so there's an outside check on what happens before the document goes out that results in the collection of the information. So, I think that's very appropriate. I think that system has worked well with respect to grand juries. The difficult thing for the Committee is to try to calibrate what it does with respect to what the effect is. So the higher you ratchet up the approval levels, if you indeed require the FBI to go to a court in addition to a Justice Department attorney, it's just going to make it that much more difficult and that much more time-consuming to obtain the information. It will be something that discourages the FBI from actually trying to pursue those. Now, some people say that's a good idea, we don't want them to do all these NSLs. But the volume, as you can see, of the number of NSLs is so huge and the time pressure is so great, that we need to have something that's-- Chairman Leahy. But even now they're not even going to the U.S. Attorney. Mr. Baker. No, I agree. But with the NSLs, they just do it internally. It goes to the SAC, Special Attorney in Charge. Chairman Leahy. But you would not support judicial review because of the volume? Mr. Baker. For much of the information, I think judicial review is too much. I concede and think it would be a good idea if Congress wanted to carve out a certain set of records--tax return records, firearms records, educational records, the sort of things that are listed in the current 215--out and say, if you're going to have this category of material you have to go to the court. But for the transaction, for much of the transactional data, again, I agree with Mr. Woods, we need to be very careful. It needs to be carefully calibrated. You need to think about what categories you want to carve out and make sure they're really important. Chairman Leahy. Mr. Nojeim? Mr. Nojeim. That is exactly what the Feingold bill does. It carves out the more sensitive information and says for that tax return that was given to the bank so a person can get a loan, for e-mail ``to''/``from'' information, you've got to go to a court first. It's not good enough for the FBI to check itself. Let me just say a word about the checks and balances that we're calling for. One doesn't normally think of a person in the executive branch charged with being a prosecutor or protecting national security as being the person who provides the check and the balance. It's the judge who has to provide that check and the balance. That's their role in our system. It's just not the proper role of prosecutors to be actually charged with that. They can certainly help, but a true check has to be judicial. Chairman Leahy. And Mr. Woods? Mr. Woods. I guess I would agree with the idea that there needs to be judicial review available, but I would focus directly on the calibration. I would draw the analogy to the grand jury. The former prosecutors on the Committee know that, as a prosecutor, you might issue hundreds of grand jury subpoenas. Now, the possibility of judicial review is there, but it's the prior approval of the court, and in most instances in the Federal system, prior approval of a grand jury is not something that is required. I think we have to shift toward that analysis. Chairman Leahy. Of course, in the grand jury the prosecutor eventually is going to have to answer to the court how he collected the evidence. Mr. Woods. Exactly. Chairman Leahy. They're not going to say, OK, on every one of these subpoenas you have to have a witness come in, but at some point they're going to say, it appears you overreached, or you didn't. Is that not correct? Mr. Woods. That is correct. But I think that one of the things we'll certainly end up discussing here is the very fundamental distinction between the collection of intelligence and criminal investigations. I mean, Congress and the executive branch have struggled with the oversight of these activities for a long time because that public accounting is not present in the intelligence world. Chairman Leahy. Thank you. Senator Specter? Senator Specter. Thank you, Mr. Chairman. Mr. Baker, in my opening statement I referred to a situation where the FBI had been twice turned down by the FISA court on a request for a Section 215 order for business records and they then used a national security letter. I am advised, further, that at the time you were head of the Office of Intelligence, Policy & Review in the Department of Justice and that you advised the FBI that they ought not to use a national security letter in that context. Is all of that true? Mr. Baker. It is true, Senator, that I was head of the Office of Intelligence & Policy Review at that time. Senator, I don't recall, sitting here today, giving that advice with respect to NSLs. Senator Specter. Do you recall the situation where the FBI had twice been turned down by the FISA court for a Section 215 order? Mr. Baker. I remember the case in general, Senator. I would just comment, just as a point of clarification--and I can talk more about how the FISA process works--but it was-- Senator Specter. Well, I don't have much time. There was such a case. Then the FBI did use a national security letter in that situation? Mr. Baker. With respect to that investigation, yes. Senator Specter. Well, that's pretty blatantly wrong, isn't it, Mr. Baker? Mr. Baker. Well, technically speaking, under the law they were authorized to do it. Now, that doesn't mean necessarily that it was a good idea to do it with respect to the facts that are here in this case. Senator Specter. Well, did the court turn it down because there was a First Amendment issue? Mr. Baker. My understanding is that the court did not officially turn it down. There was a back-and-forth between the government on a number of-- Senator Specter. OK. But the court didn't grant it? Mr. Baker. I beg your pardon? Senator Specter. The court didn't grant it. Mr. Baker. I'm sorry. I didn't-- Senator Specter. The court didn't authorize the order? Mr. Baker. No, it did not, sir. Senator Specter. OK. Well, with 5 minutes of talk, that's enough on this issue. To me it's pretty plain that the FBI is circumventing the court, which had it twice before it. It wasn't granted. That's the critical aspect. Let me move to you, Mr. Nojeim. You call for ``specific and articulatable facts'' for NSLs. Others have contended that the relevance standard is sufficient. Isn't a standard of relevance, which is not even reviewed by an attorney, highly subjective and highly questionable just on the say-so of an FBI agent? Mr. Nojeim. It is. It is. One of the problems with a relevance standard-- Senator Specter. Would it slow down the process to make it impractical if your standard of a specific and articulatable facts standard were to be required? Mr. Nojeim. No, I don't think so. The FBI guidance actually requires agents now to articulate the reasons why they believe that the information sought is relevant to the investigation. Senator Specter. Mr. Woods, what do you think about a ``specific and articulable facts'' standard for NSLs? Mr. Woods. I think it's inappropriate. Senator Specter. You think what? Mr. Woods. I think it's inappropriate. I believe it's inappropriate because it was the standard prior to the PATRIOT Act. It did slow the process prior to the PATRIOT Act and it did make these tools far less available. Senator Specter. Well, was it a good process? Just being part of the PATRIOT Act doesn't speak to its value, speak to its appropriateness. Mr. Woods. As I've outlined in my written testimony, it was a process and a standard that worked very well in the traditional counterintelligence cases of the FBI in chasing spies, in cases where you make fairly common investigative links from known agents out to their associates, et cetera. It did not work very well in the kind of inchoate threat situations that we were encountering in terrorism where you don't have a lot of facts about the individual, therefore you don't have specific facts about the person to whom you are trying to connect. This is where that standard started to break down in the 1990's, and it's why the FBI asked for it to be changed. Senator Specter. Mr. Woods, what do you think of Judge Posner's argument, which was made again in March of 2007 in the Wall Street Journal that the FBI, really, institutionally, is not the best agency to handle this, going again and looking to the idea of a United States Mi-5. What do you think of that? Mr. Woods. I've never been in favor of that. I disagree with Judge Posner on that, and some other things. I actually think it is a good--I mean, the critics like Judge Posner say that it's the FBI's investigative criminal orientation that slows down the intelligence gathering process. I think that if you're going to have anyone do domestic intelligence collection, and I think someone needs to, it ought to be people who are steeped in the criminal process, in the constitutional process rather than the kind of people we have collecting foreign intelligence, for example, who lack that background. Senator Specter. Thank you very much. Thank you, Mr. Chairman. Chairman Leahy. Thank you, Senator Specter. Senator Feingold? Senator Feingold. Thank you, Mr. Chairman. Mr. Baker and Mr. Woods, according to the Inspector General's reports the FBI uploads information it obtains through NSLs into numerous data bases that are widely accessible to tens of thousands of personnel at the FBI and other agencies. I'd like to ask you both, should all this information be retained indefinitely, and what type of limit should the FBI be required to impose on the type of information it retains and the length of time it is kept? Mr. Baker? Mr. Baker. Well, as I have said in my written statement, Senator Feingold, I think there should be rules. There need to be minimization rules. As your bill would require for national security letters, I would urge you to require it for all types of metadata. It's something that Congress needs to worry about, not just with respect to the fruits of the national security letters, but with respect to all the types of data from all the different tools that the government uses to collect metadata, including grand jury subpoenas, pen register trap and trace orders, all kinds of things. That said, with respect to destruction, I do say in my statement that I think, if you're going to allow the government to collect a lot of data on the front end, you need to minimize the retention and dissemination, and at some point in time it needs to be destroyed. Senator Feingold. Well, the FBI would probably argue that you can never predict when the information might be useful. Based on your government experience, how quickly does the utility of this type of information as actionable intelligence start to decrease? I realize you can't say an absolute answer, but what is your sense as a professional in this area? Mr. Baker. If you're trying to get actionable intelligence which will allow you to actually do something to stop a threat, stop a spy, it starts to dwindle relatively quickly. So what I suggest in my testimony is a pretty long time period, which is 5 years, destruction after 5 years. You can come up with examples where 10, 15, 20 years would reveal something about someone, but it is--I don't know how you want to say it, but it's a slope that drops pretty quickly, Senator. So I think definitely after 5 years, and at some point even before that it drops off quickly. Senator Feingold. Thank you, Mr. Baker. Your response to this issue, Mr. Woods? Mr. Woods. I think, definitely, there needs to be a mechanism for governing the retention of this information. The national security letter statutes were developed kind of quickly. They've been ignored and in a corner for most of their life. It's really a mistake that these statutes didn't have something like this from the beginning. And I would agree with Mr. Baker. I think for a model we would look at other things, the retention rules that we put in the Attorney General guidelines, the retention rules that are in the DoD guidelines. There should be that kind of review to eliminate retention as quickly as possible. Senator Feingold. Based on those responses, I'd like to ask each of the witnesses if you could give a ``yes'' or ``no'' answer. Is it safe to assume that all the witnesses support the provision of the NSL Reform Act mandating that the FBI issue minimization and retention procedures for NSLs? Mr. Baker? Mr. Baker. Yes, I do. But I would also suggest that you should worry about acquisition, minimization at the stage of acquisition. Don't get more than you really need for the purpose that you're searching for it. Senator Feingold. Mr. Nojeim? Mr. Nojeim. Yes, I agree. Senator Feingold. OK. Mr. Woods? Mr. Woods. Yes, I agree, too. Senator Feingold. And I want to thank the Ranking Member for raising the issue of the relevance standard, which I consider, of course, to be woefully inadequate to protect the privacy of Americans who have done nothing wrong. I believe that the specific and articulable facts standard is an appropriate standard, but we will certainly work on this legislation to make sure that the government can get what it needs, but not go too far. I do think that the relevance standard is not adequate, and as Senator Specter said, the mere fact that it was put in as a change in the PATRIOT Act is not to me, a recommendation. It is actually a sign that it might not have been looked at closely enough, because that's my view of the whole legislation. Mr. Nojeim, the most recent Inspector General report indicated that the percentage of NSL requests generated in the course of investigations of U.S. persons has increased steadily in the past several years, from 39 percent in 2003 to 57 percent in 2006. Is this cause for concern? Mr. Nojeim. Yes, it is. I think that you can trace that increase to the PATRIOT Act itself, which eliminated the requirement that the records pertain to an agent or a foreign power. Most Americans don't fit that description. Senator Feingold. And also, Mr. Nojeim, the FBI conducted its own internal review of 10 percent of all NSLs issued from 2003 to 2006. According to the most recent Inspector General report, the FBI's review found more than 550 instances in which the FBI received records it had not requested in response to an NSL, yet out of those hundreds of incidents only four times did the FBI realize that this violation had occurred. That's less than 1 percent. The IG report also stated that at least some of this unlawfully obtained information was uploaded into an FBI data base that is shared more widely with the intelligence community. What does that tell us about the extent to which these data bases may contain unlawfully obtained information? Mr. Nojeim. It suggests that there could be a big, big problem. We won't know what information in the data base was lawfully obtained and what information wasn't. It's not tagged, so you just won't know. Senator Feingold. Thanks to all the witnesses. Thank you, Mr. Chairman. Senator Whitehouse. Thank you. I believe Senator Sessions is next in order. Senator Sessions. Well, I think the FBI deserves criticism for not managing this program well, not following strictly the guidelines and accounting correctly in the beginning. Wouldn't you agree, Mr. Woods? Mr. Woods. Yes, I would. Senator Sessions. And Mr. Mueller came here and promised to do better, and the OIG report indicates that they have done better and fixed the problem in recent months. Is that correct? Mr. Woods. That's the testimony. Senator Sessions. I think we heard--we know what happened. We saw the Director in here. This oversight Committee, which has the responsibility to make sure this program is going right, we grilled Mr. Mueller, we made him promise to do better, and he's done better. Now, let me ask you this, Mr. Woods. Isn't it true that a DEA agent investigating an American citizen can issue a subpoena for some person's telephone toll records if he thinks it's relevant to a drug-dealing operation? Mr. Woods. That is absolutely true. Senator Sessions. And IRS can get your bank records if they think you may be cheating on your income tax. Mr. Woods. That's correct. There are actually over 300 Federal agencies that have administrative subpoena authority that is based on the relevance standard. Senator Sessions. And Mr. Nojeim, forgive me if I object, but I do not believe, and strongly reject the idea that we ought to give greater protection to terrorists and spies than we give to drug dealers and tax cheats. I just do not believe that's accurate, and fundamentally that is what I understood you to be saying. Mr. Nojeim. What I have said, Senator, is that intelligence investigations are different. If you're conducting a criminal investigation of a terrorist who may have committed a crime or a spy who may have committed espionage, which is a crime, the same rules apply. What we're talking about is a different kind of investigation, one untethered from a criminal charge or from criminal suspicion. Senator Sessions. Well, OK. Now, Senator Specter asked the question about specific and articulable facts, shouldn't that be the standard. Well, Mr. Woods, isn't it true that DEA doesn't have to quote articulable facts to get your telephone toll records? Mr. Woods. That's correct. Senator Sessions. Or the bank records. Mr. Woods. No. These-- Senator Sessions. Or your motel records. Mr. Woods. All of these transactional records are basically available in the other context, criminal, administrative subpoenas, on relevance to the investigation, Senator. Senator Sessions. So we absolutely ought not to be adding greater difficulties for investigators investigating a life- and-death situation, perhaps, than we do for drug dealers. And let's make this clear, Mr. Baker. You're a lawyer, and all of this. But the reason is, these are not the individual's records. These are records in the possession of a third party. They have a diminished right of privacy in those records because they're not their records. You can't subpoena an individual's home computer. You can't subpoena their personal records and obtain those records without a warrant, if they object. But you can subpoena records at the Office of Motor Vehicles, at the telephone records or bank records, right? Mr. Woods. That's correct. The Fourth Amendment protects things with respect to which you have an expectation of privacy, and the type of things we're talking about today, the transactional data, is not protected by the Fourth Amendment. Senator Sessions. And every day in America, Mr. Woods, every county attorney in America investigating any kind of misdemeanor or offense that wants records can issue a subpoena based on the standard of relevance to that investigation in every State in America that I know of. Would you agree? Mr. Woods. Yes, I would. Senator Sessions. And since time immemorial, that's been the standard that prosecutors have used. Mr. Woods. Yes. Senator Sessions. And how we're in this deal where we want to put more standards, more burdens on people who are trying to protect the American people from an attack is beyond my comprehension, and I'd object to it. Let me ask this, Mr. Woods. Let's say you're investigating a person that you think may be connected to--you have some indication they may be connected to Al Qaeda and you issue a subpoena on the relevance to the investigation and get those telephone toll records. You see a lot of other calls to someone else and you want to now subpoena that person's records to see if they may have--see what connections those phone numbers show. Now, in this context there may not be anything. It may be a perfectly innocent series of phone records you receive. But isn't it possible, and isn't it what we pay our investigators to do, if lo and behold there's a call to some known Al Qaeda number in Iraq or Afghanistan? Isn't that what we're about? Mr. Woods. Well, yes. I mean, that's the goal of these investigations, along with the goal of eliminating the people who are not, which is another function of these types of legal authorities. Senator Sessions. Well, I don't know if somebody got my phone--my time is up. We also need to be sure that the information we're obtaining is not the power to listen in on these phone calls, but it's just simply the telephone toll records that show where that person may have called in the past. Is that correct? Mr. Woods. That is correct. These national security letters do not get content of phone conversations or e-mail content. Senator Sessions. And I would point out that we tightened these standards when we reauthorized the PATRIOT Act. I didn't think they needed to be tightened, but we tightened them, all to make sure that spies and terrorists have their full rights-- in fact, more rights than we give the drug dealers in America. Senator Whitehouse. Senator Kyl? While I am chairing, I am going to be the last person here, I'm very happy to have you go ahead, if you would like to. I'd be happy to defer to you at this point. Senator Kyl. I am going to be here for a while, so please go ahead. Senator Whitehouse. Thank you. This is, I think, a very, very interesting question that we have and it's a very interesting hearing. I see it in a slightly different context than Senator Sessions does, although we share the experience of both having been prosecutors and U.S. Attorneys. It strikes me that there is a privacy interest that is raised that is separate from the privacy interest or value of a particular piece of data once you start to multiply and aggregate it into an enormous pool of data. It's something we don't have much guidance on from the Constitution, because at the time the Constitution was written the way an investigation worked was, the marshall or the sheriff came to your house, seized whatever evidence was necessary, brought it before the prosecutor or the magistrate, whoever, and when it was done, whether it was a bloody axe, a contract document, or whatever, it was either contraband, in which case it was destroyed, or it was of no value, in which case it was discarded, or it was returned and that was the end of that. Then along comes the Xerox machine. Now documents start to live on in the files of government agencies. Fortunately--or unfortunately--they are paper files. They're very hard to go back and search. So while they're still there for somebody who remembers, you know, in the so and so investigation I think we did this, let's go back and see what we found when we searched Joe Smith's house, we still have that in that file in this paper record, it's not a very live record. Now, electronically we can not only preserve it, but we can aggregate it and we can maintain it indefinitely, and we can build, in theory, a massive consolidated data base of all of this information that people could plow through at will. I do think, despite the fact that none of those individual pieces of data might rise over Fourth Amendment levels, it does raise a new question that we as a society need to address. So I would ask you to comment a little bit on those thoughts, and in particular the sort of nexus or matrix between the intensity of the privacy value of a particular piece of data that is sought versus the intensity of the investigation itself. I am not sure whether I would be more concerned as a citizen about my privacy if the government said, look, I want 1 year's tax records for this one purpose or if they said, every phone call you have ever made, we are going to track who you made it to, when you made it, when it ended, and we're going to share it with all people who are interested. The privacy balance, I just think isn't that easy, yet it's hard to measure that intensity of government investigation component. It's so much easier when the document itself is the trigger. How would you recommend--do you have thoughts on how you'd recommend we cope with that concern? And I'll followup further. Mr. Baker. Senator, at the end of my written statement I have a statement in there about, as time goes by--you're exactly right--and our data collection capabilities increase, every human endeavor that can be reduced to a digital form will be collected by someone for some purpose, either commercially or for intelligence purposes or law enforcement. That's the direction we're heading in. These do become extremely powerful tools. They're powerful tools to protect the country. They're powerful tools that, when you have an urgent situation, you can go into a data base, you can search through, you can look for connections. Senator Whitehouse. And they're valuable tools. They're important tools, I think we all agree. Mr. Baker. Right. Extremely valuable. Senator Whitehouse. But they still need some-- Mr. Baker. They need oversight. They need oversight and they need minimization. They need oversight by people. We can have all of our technology, we can have all of our systems, we can have all of our laws, quite frankly, but at a certain point in time the people matter. For example, it mattered that Glen Fine was Inspector General at the Department of Justice at the time that you ordered a review of these things. I've worked with Glen closely and he's a very tenacious, intelligent, hard-working person. It mattered who he was. So you really have to make sure you have the right people in those jobs, doing the right thing. At a certain point--I know time is almost up--you are right, I think, to focus on the Fourth Amendment issues. At a certain point in time, when the government's knowledge about our activities becomes so pervasive, that may, in fact, raise Fourth Amendment concerns. I think it's something that we're going to be struggling with. Senator Whitehouse. Let me interrupt you now, because my time has expired and I do have plenty of time with you once Senator Kyl has a chance to ask his questions, and yield to the distinguished Senator. Senator Kyl. Thank you very much. I think we all agree that, over time, the challenge presented by the acquisition of this transactional information is going to require us to develop new regimes or protocols of dealing with it. What I'd like to do, especially with regard to how long you keep it, I do suspect that the last thing government agencies are going to want are roomfuls of data that they can't do anything with because they're simply too massive. But what I'd like to do here is focus just a little bit on how this process actually works, the typical situation, because it gets to the standard that we're debating here and the reason why we went to a relevance standard. This is transactional information about which the individuals had no expectation of privacy. Mr. Woods, you had experience in actually doing this and actually supervising it. Give us an example of how it worked. I'm specifically interested in why it's different in the context of preventing a crime from being committed, a terrorist act, as opposed to investigating a crime that has been committed. Mr. Woods. OK. I think that probably the best example is the sort of classic terrorist threat scenario that we run into a lot these days, where there is information, perhaps from foreign intelligence, which indicates maybe a particular target or a particular city or a particular--there's been a foreign communication that is suspect. We don't know who made the communication, but it has enough characteristics that we're concerned about it and it says something about Washington, DC. This is thrown to the FBI in a proactive mode. What can the FBI do? Well, the FBI could say--say it's sort of an e-mail, or the FBI might want to look at other e-mails that had connected to the same source, maybe it's from an internet cafe or something like that, and just do a quick scan to see, is this point of communication been in contact with anybody else that we know about, anything that might give us a lead? That transactional information about those communications is certainly relevant to the threat. It would be, I think, impossible in those situations to make out a specific and articulable facts case. We don't know who the person on the other end of the communication is. We don't know for sure that they're an agent of a foreign power. It becomes very gray and circumstantial. We could spend a lot of time trying to work with that standard. That's kind of--I mean, that is why we asked, in the Bureau, for the relevance standard. There are situations where, you know, when the FBI is being mandated to be proactive and to depart from the investigative model, it's encountering these situations that don't fall into line with the standard that was designed for an investigative model. It is more dangerous. It is more risky in terms of civil liberties, but it is, in my view, what needs to be done now. I would focus, therefore, more on the oversight, retention, and minimization end of this than on the legal standard itself. Senator Kyl. Now, that is the precise thing that I think we need to focus on. Why would you do that? Why would you want to retain the relevancy standard rather than going back to the articulable facts standard that we discussed earlier? Why would minimization procedures or other oversight be a better answer to the privacy concerns? Mr. Woods. Well, I think the standard itself, the scenario that I laid out, I think is going to become more and more common. We're going to need to assess threats quickly. We're going to need to respond to them quickly. But by their very nature, many of them are going to fall into the sort of fuzzy environment that the relevance standard is far better for. I mean, there's a reason why it's the standard for criminal investigations. This is how you quickly figure out what's going on. I do think, though, where the system is breaking down is, once that's done, once that information is collected, how long do we keep it? What impulse is there for the government to sort through that? If I might, just one sort of side issue on this. The government--the FBI and other agencies--are facing two pressures. I mean, one is, get out there in front of the threats. The other pressure is, share information. These data bases didn't exist when I was first in the FBI. They exist now because of our examination of the failure of information sharing prior to 9/11. So I think with those two things together, you need to reinvigorate the rules on minimization and retention. They were never added to national security letter statutes in the first place. All these things came into existence without those, very unlike, say, FISA or criminal statutes in that regard. But that is why I would focus the attention there. Senator Whitehouse. Senator, can I just followup on that? Since it's down to just the two of us, we can be off the clock. Senator Kyl. Sure. That's fine. Go on, please. Senator Feingold might object to that now, but it's fine with me. Senator Whitehouse. Continue as long as you please, though. Senator Kyl. No. Let's just go ahead and have others respond to that if they like, and then a final comment. That will be fine. Mr. Nojeim. Mr. Woods has made a good case for the relevance standard, but the problem that we see with it is that it really doesn't have a good articulable end. Say, for example, the threat information that is received is that there's a terrorist in Washington, DC. What information is relevant to investigating that threat? Is information about everyone who is staying at a hotel in Washington relevant? Is information about everyone who rented a car in Washington relevant? It just seems like there's no end. Once you decide that information about who that person has communicated with is relevant, is information about who they communicated with also relevant, and so on, and so forth? So I guess the problem with the relevance standard is that it seems to untethered in that when we're talking about an intelligence investigation that is, again, not tied to the investigation of a particular crime, it seems like there's just no end to the information that could be obtained. Senator Kyl. I appreciate that point. But it seems to me that it, in some respects, ignores realities of life. That is, you've got some people who we have a lot of confidence in, we've given a great deal of authority to, to protect us from terrorism. We have put them into that position and they're in real-time situations trying to sort through a lot of material to be able to track something to get to the point where they can maybe stop a terrorist act from occurring. They don't have time in that context, it seems to me, to sit around saying, oh, look at this juicy bit of information, let's set that aside and maybe we can deal with that later and really embarrass this political figure, or why don't we stop what we're doing here and gather up all this information for some other purpose? I mean, they're on the tail of something, they're trying to get through it quickly. It seems to me that the problem is really quite the other way, and that is to be able to barrel through a whole of information as quickly as possible and not go back to what they just went through because it's of no immediate use to them, and they've simply got too much work to do to figure out what the terrorist attack might be to sit around and focus on all that. So I think that the realities, the practical realities don't suggest that the problem is a likely big problem. I think, though, that ultimately there's got to be some decision made about, OK, now that's over did all of that stuff get captured someplace or did we simply go through it and it's simply out there in the ether again? To the extent we did make a record of some of it, what should be done with it? I mean, I can see why privacy concerns there would require some mitigation or some procedures and protocols and so on. But during the process of trying to prevent the crime or the terrorist act itself, it seems to me that the broader standard giving them more flexibility and leeway to protect us is the appropriate way to approach it. That's my own point of view which I believe is pretty consistent with Mr. Woods'. Senator Whitehouse. The Senator from Wisconsin? Senator Feingold. Thank you, Mr. Chairman. Let me briefly respond to what Senator Sessions, and to some extent Senator Kyl, said about the standard for getting an NSL. Senator Sessions mentioned grand jury subpoenas, which of course are to investigate crimes. I believe that Congress should change the current relevance standard for NSLs. Intelligence investigations are not, as has been pointed out, subject to the same built-in checks that are present in criminal investigations. They are much broader, meaning that virtually anything could be relevant to an intelligence investigation. They are conducted entirely in secret. Investigative techniques are rarely tested through the adversary judicial process. I think that is why more oversight is needed, and that is why a more targeted standard is needed for the NSL authority. So in that connection I would like to ask Mr. Nojeim, we have heard a proposal today for a new national security subpoena authority. Would you please address your thoughts on that proposal? Mr. Nojeim. I think that if the response to the Inspector General's reports is that there be a broader collection device--and that's what these subpoenas would be--that it's exactly the wrong response. It's not clear to me who could receive one of these subpoenas. It does seem to me that they could be received by anyone as opposed to just the limited entities that are now possible recipients of national security letters. There was no discussion about the gag that would come with one of these subpoenas. I put those two together because I think about who might be a recipient. What we're talking about is expanding the class of people who might receive a demand from the FBI for information, but, the demand says that they can't disclose anything about that demand. It could be served on any person. I just don't know how my mom would respond to that request. I don't know how other people would respond to that request. I don't think that we should go in that direction as a result of the abuses that have been uncovered in the IG reports. Senator Feingold. I couldn't agree with you more. I can't imagine how granting the FBI administrative subpoena authority is a response to evidence of abuse of their current authority. We just barely dodged this bullet in the last round. For this to be a response to what we learned about the NSLs strikes me as kind of bizarre. Mr. Nojeim, two Supreme Court decisions in the 1970s determined that Americans do not have Fourth Amendment rights to information they reveal to their phone companies or banks, such as the phone numbers they dial or the checks they write. Given the unprecedented technological advances of the past 30 years, do you think these decisions would come out the same way again today? Mr. Nojeim. I think they're on shaky ground today. Take Smith v. Maryland, for example. That's the decision where the court decided that numbers dialed on a telephone didn't have Fourth Amendment protection. They reached that decision in part because those numbers dialed are not so revealing. The court said, for example, you can't even tell whether the telephone call was actually completed. You can't tell who was communicated with when those numbers were dialed. Fast forward to today and think about the kinds of information that qualify as metadata, but that are much more revealing. E-mail ``to''/``from'' information. It's usually the case that you know who you're communicating with and the government will know when it gets that information. It knows the communication actually happened. So right there, it's much more revealing. URL information--where a person went on the Internet. The closest parallel to that is probably library sign-out records, and most States protect those and require extra procedures. Yet, in the internet context, URL information, at least before the first backslash, is available with a national security letter. Senator Feingold. I commend all the witnesses for their testimony today. Mr. Nojeim, I particularly commend you for your ability today to distinguish not simply between metadata and content, but to point out that within the context of metadata there really need to be distinctions. It's not simply one kind of information or another, there are vast differences. You've done an excellent job of pointing out the dangers of not having those kind of distinctions within the metadata category. Thank you, Mr. Chairman. Senator Whitehouse. Thank you. I will sort of pick up where I left off, because I find this subject so intriguing. I think it's our next really big civil liberties issue to address. Does anyone dispute that it is essentially inevitable that, given the way we can electronically gather and store data, government data bases containing personal information are going to continue to proliferate and that, given the ease with which access to different electronic data bases can be increasingly achieved, there will be more and more access points for government agencies to those data bases? Are we not, to some degree, headed for a situation in which there is essentially a large, multi-accessed, multi-inputted, but essentially single government data base containing a vast amount of personal data related to American citizens? Mr. Baker. Senator, there may be a number of reasons you wouldn't want to create one data base, but you could have data bases that are linked in certain ways. Senator Whitehouse. Linkage makes it effectively the same, I think. Mr. Baker. It would allow you, with certain tools, to go through the different data bases. If your query fit the criteria for going into a data base, you could come up with some kind of a model to do that. So, I think that's right. If I could just quickly respond to something that Senator Feingold said before he left, since it was my sort of bizarre idea to come up with this national security subpoena. Just, I want to be clear, and when Senator Kyl was talking about the different standards that apply, you can have relevance, you can have specific and articulable facts, you can have probable cause, but relevance, specific and articulable facts as to what? As to what? You have a twofold task in front of you. You have to pick the right standard, the right predication, how much facts you want to support it, but then as to what? You need to think about that. My concern is, and the reason I came up with this bizarre idea--other people have too--is that if you raise the standard with respect to national security letters so high, FBI agents in the field will find some other way to get what they need because they are charged with, and have tremendous pressure on them, to prevent the next attack, as we all know. So if national security letters are too difficult, well, let's see if we can find something else. 215? Oh, you've got to go to a judge. That's a pain in the neck; forget that. Oh. Grand jury subpoena? I'll just go to this AUSA that I work with all the time, we'll get that, and there's no court oversight in the real-time sense and you just get it from the AUSA. There's no minimization requirements. Boom, we've got it. We've got the information that I believe I, the agent, need to protect the country and I'm not going to mess with these other statutes. So the volume will drop with respect to national security letters, it will be a less effective tool, but your insight into what is going on--your, the Congress' insight--the government's insight will just change. It will be harder to conduct oversight of those kinds of activities, and I urge that you worry about that. Senator Whitehouse. I understand that. But I think, in addition to the question you have raised of the ``how do you get it'' problem, we also have to address the ``what do you with it'' problem, which I think, as those of us familiar with this area--we would generally categorize that as the minimization problem. So you've got the ``how do you get it'' problem, then once you've got it, what do you do with it, how long can you keep it, do you destroy it, who can you connect to it, all that sort of stuff. Then you have, as you mentioned, the predication problem, which is, who is allowed to query it. Who's allowed to hit the data base and under what circumstances? Is strikes me that if we're going to solve this problem we have to address really all of those three issues, that those are the three big prongs of this question from the government's point of view: what are you allowed to get, what are you allowed to do with it once you get it, and who are you allowed to let have a look at it, and on what terms? Mr. Nojeim. And to add just a couple more things. Not just what can you get, but what do you have to show to get it, and also what do you do with it after a few years? I mean, do you just throw it away or do you save it to see whether it might be useful in some other investigation 10 decades from now? I think that your-- Senator Whitehouse. And minimization, I think, has become a hugely moving target. In my days as a U.S. Attorney, minimization basically meant that the agent flipped off the switch on the microphone and stopped listening when it became apparent that the conversation was with the subject about pork chops for the weekend, that he'd called the butcher. Once you learned that this was an every Thursday call for Friday dinner, you didn't listen to it at all because you didn't any longer have a reasonable basis to listen to it. It was just kind of that simple. Now, particularly in the FISA minimization context, it's gotten much more complex, much more deep in time, and into questions of distribution. So the simple ground rules very recently have had to adapt to a much more complex landscape, and I'm not sure that they're well understood. Yes, Mr. Woods? Mr. Woods. Senator, there is a reason for that. That is-- and we keep coming back to this matter of intelligence investigations--this is fundamentally different than the criminal context in that the adversaries we are facing are different. We are facing intelligence services with the full resources and backing of foreign governments. We are facing transnational terrorist groups. So FISA minimization, for example, is structured after the fact, I think largely because of the language difficulties. You may be intercepting something on FISA that's in a dialect of, choose the language, and therefore the Congress allowed that to be done after the fact. I think we face the same thing here. To go to your earlier comments, it is important to remember that these intelligence investigations are not solely restrained by these statutes. We have 30 years of oversight, of regulation, of Attorney General guidelines, of executive orders. The reason I put so much emphasis on retention/minimization issues is, over the years that has been the least-glamorous part of this work. I would say that minimization rules are stuck in the Xerox era, at best. What we need--I mean, minimization in the FBI, in my experience, was done with respect to FISA quite carefully, and one of the reasons is that every so often the Justice Department comes by and audits it. There's nothing like that. We've had national security letters since 1986. This is the first serious audit of how they are being used. I think, going forward, the Committee really ought to look at creating some of that, and at the same time maybe look at updating stuff from the Xerox era to something a little closer now. Senator Whitehouse. I also felt that the minimization process in Federal investigations that I oversaw, and at State investigations--I was a State Attorney General as well--was helped by the prospect that the Rhode Island State Police, local FBI agents, Secret Service agents, or ATF agents had that they were operating pursuant to an order allowing them to do this, which incorporated in its terms the legal requirement that they follow the minimization procedures, and that there was the prospect that a judge might at some point take an interest and say, you know, I signed this order and gave you the authority to collect this stuff, I told you you had to do it under these terms, I want to have a look. And just the prospect, I think, of judicial oversight was very helpful. It's one of the reasons we've had this fight on the Foreign Intelligence Surveillance Act, because they put out minimization rules but they wouldn't let it be set up so that the FISA court ever had the authority to see if they were being complied with, which completely undercut that motivation. I thought that was mistake, and thankfully I think we've corrected that in the FISA statute. Mr. Nojeim. I think that one of the reasons that we need the NSL Reform Act is that it requires that minimization procedures be adopted. There was a provision in the reauthorization legislation that required the Attorney General and the DNI to study whether minimization would be feasible. An NSL working group involving both agencies was put together. They recommended basically the FISA minimization procedures, but the Attorney General rejected that. I think it's time for you to say, we're going to have to step in and require that these minimization procedures be adopted. Senator Whitehouse. A lot of very sensible stuff seems to have been rejected for reasons that make absolutely no sense to me. Senator Kyl? Senator Kyl. Well, let me just play off that point. There's a hierarchy of values here. One, is the protection of the American people from known dangerous enemies who have struck us with great destruction. We have instructed others in our government to see that that never happens again. Every one of us ought to be strongly committed to that. Now, we also have the potential prospect of violations of privacy that might have an adverse consequence on someone, but I don't think there's a lot of evidence that that's happened yet. I recall the words of the FBI agent who, about two and a half weeks before 9/11, complained to another that, because of the wall that separated two groups within the FBI, the Terrorist and Criminal Investigation, that someday somebody was going to get killed and then questions would be asked, and of course that's what happened. So on the one hand, we have something that is critical for the protection of the American people, and we've seen breakdowns in that because we set up artificial legal barriers to the exchange of information and collection of information. On the other hand, we're all concerned about privacy because we can see in the future, if not today, a ballooning of information and access to information, and we're rightly concerned about how that's all used. But I suggest we keep this in perspective, and that enabling the people to do the job to protect this starts with, I would argue, a lower standard like the relevancy kind of standard. Then in order to prevent that other potential from occurring, you can build on it. All of you have addressed that in one way or another, and I think we're all in agreement that both of those require work. But just another specific example that we fixed, Zacharias Mousawi. He didn't fit into the two ways that you could get information. We couldn't prove that he was an agent of a foreign power or that he belonged to a terrorist organization. They don't carry cards anymore. He was acting on his own in concert, ultimately, with another group. So we had to create a third category after the fact, unfortunately. What it demonstrates is, I think we need to be a little bit more liberal on the front end for the purposes of the protection of the American people, and then make sure that, whether it's minimization procedures or other kinds of protocols that ensure the privacy of the American people, to put those into place. But looking at the relative challenges and relative threats and relative harms that have occurred so far, it seems that some may be balancing these equities, I think, in the wrong way. I would hope that as we draw on your expertise--all three of you have been very valuable to this exercise today. As we continue to draw on your expertise, would you also take into account what I am trying to say here? Because as policymakers, we've got to take all of these things into consideration. It seems to me that--well, I've made my point. If any of you would like to comment, I still have a little bit of green left. Mr. Baker? Mr. Baker. Yes, Senator. With respect to the law, I mean, Michael and I both lived through the era of the wall and we can probably go on for quite a bit of time about that. But let me just say, that's why I focused on creating-- urging you to create--a system that's simple and effective. One of the lessons from the wall was, the rules were complex, the rules were misunderstood, and people were afraid of the adverse consequences to their career of making a mistake, so they didn't do what they should have done in certain instances with respect to sharing information. I think that's one of the things you don't want to have happen here. I think with respect to the current regime that we have, as reflected in the IG's report, you do have confusion about what these statutes allow: you do have confusion with respect to what the scope is, you have confusion about what the standard is. So, I think that has contributed to the situation that we find ourselves in today. The only other comment I would make is, the IG's report with respect to national security letters are bad facts. I mean, that is a very bad situation. All I would suggest to the Congress, as we all learned in law school, bad cases make bad law. My urging is, don't let that happen. Senator Kyl. But fix the bad cases. Mr. Baker. Fix the bad cases, but make sure you don't inadvertently create some other problem. Mr. Nojeim. I think if we can learn one thing from the IG reports, it's that people who mean well and are in the business of collecting this information didn't do a good job about following the rules. I think there's just no question about that when you look at the Inspector General reports. I think there's also no question that some of the reforms that the FBI put in place are going to address some of those problems, but the bigger problems can't be addressed by changing the people who do the work or by changing what work they do. There just has to be a judicial check at some point in this process when the information is particularly sensitive. Again, the principle that we're asking you to abide by is that the more sensitive information ought to be under that judicial check, and that less sensitive identifying information could still be sought without it. Senator Kyl. A final word, Mr. Woods? Mr. Woods. All right. Senator Kyl. Again, thank you to all three of you. I appreciate it. Mr. Woods. I actually agree with what both of the other witnesses have been saying, in principle. I think the committee should be guided by a rule of proportion. I mean, I read the IG reports and I see errors and ineptitude in the nuts and bolts of this, the kind of right documentation here, what should be uploaded, what shouldn't be uploaded. I do not see, as one sometimes hears in the discussions, a malevolent presence in the government that is bent on subverting people's civil liberties or obtaining information that it should not obtain. I think the remedy ought to reflect the reality of what's in those reports, which to me means concentrating a lot of effort on that nuts-and-bolts level and not ratcheting up the legal standard that affects every case, or attempting to sort of, you know, throw up our hands and say, this is scary and we're going to try to back off, because that affects the 90 percent of the cases that didn't even have these nuts-and-bolts problems in the IG report. That's what I've been trying to argue, and I'm happy to assist the Committee, as I'm sure my colleagues are. Senator Whitehouse. Well, I agree with you that there are two very different issues here. One is the very simple, old- fashioned bureaucratic foul-up that took place at the FBI with respect to the implementation process for these NSLs, and that is an important problem. It's a problem that we have drilled into, that the Inspector General has drilled into that I think a variety of initiatives will help to minimize. But every time we touch on this issue I think it raises these larger questions of, really, what the rules are. I don't think we've adapted well enough yet to this modern electronic world in which there are vast pools of information available. I do think that the privacy of American citizens is a core value in our society and it's a core value for a reason because it affects the balance of power, if you will, between government and citizenry. In a democracy, that is absolutely vital. So I give it, perhaps, a higher value than some of my colleagues do. But wherever you assign its value, I think I agree with the Senator from Arizona's point, that the American people could feel more comfortable about what information is made available to law enforcement if they had a higher level of comfort with what would happen to it once law enforcement had its hands on it in terms of its duration, maintenance, and all of that, and with what uses it would be put to and who would have access to it. So I see the question as how you define what the government can get access to, how you define what the government can do with it once it's been allowed to get access to it, and how you define who's allowed to query that pool of information which, in a nutshell, are access, minimization, and predication, as related phenomena that I think this Committee and this Congress are going to have to deal with. I think I will ask you for final comments, because we're nearly done with our time. Your thoughts on how you see those are three related, cross- referencing, interwoven concepts. Mr. Baker? Mr. Baker. Well, I think you're exactly right, Senator. If you look at old FISA that we've been talking about, the original FISA, that required minimization of acquisition in terms of, what does the government get and why; minimization of retention: once you've gotten it, what do you keep? Do you throw certain things away? Who has access to it? What do they do with it? Where do they store it? How can they look at it? And then minimization of dissemination: Who can they give it to, what purpose can they use it for, and so on. If you look at the definition of minimization under FISA, I think it's a pretty good one because it says that the Attorney General will approve minimization procedures that will be reviewed by the court and approved by the court, but that--on the one hand, do all that, limit the acquisition, retention, and dissemination of non-relevant, non-pertinent U.S. person information, consistent with the need of the United States to obtain, produce, and disseminate foreign intelligence information. So you've got to have the right balance, exactly what you're saying. You've got to have the right access to the right data, at the right time, for the right purposes, and to be able to use it effectively for what we all want to accomplish. So I think that is what you are focused on. I think that's exactly right. I would just add in, as we discussed earlier, you need to think about how long we're going to keep this stuff. As these data bases grow at a certain point in time, what should we be throwing away? Stuff that has not been found to be relevant or pertinent to an investigation in the sense that it's produced a lead that's really, really good during a 5-year period, should we throw it away at that point in time, or what are we going to do with it? Senator Whitehouse. Mr. Nojeim? Mr. Nojeim. It seems to me your ability to control some of the things that you want to control is limited, but is available for some of the things you want to deal with. So, for example, on ``what is the quality of the employees that are doing this work, accessing this information? '' I don't think you're going to have a lot of control over that. You'll be able to approve the people at the top, but the people below them you're not going to be able to control that much. ``Who in government can get the information once it's uploaded into one of the databases? '' I don't think you're going to want to put a lot of limits on that because of the imperative toward information sharing. So you might, but probably won't put limits on that. I think that we're really looking at the front end and the back end. Senator Whitehouse. Well, the logical limit on that, just to interject, would be not who gets access to it so much as when they get access, the predication question. Mr. Nojeim. For what purpose. For what purpose they get access. Senator Whitehouse. At what point does somebody in the government say, I'm interested in Mr. Nojeim's file, let me pull that up? It shouldn't be just on every government computer. There should be a question that has to be answered first: I need this because X. Particularly in the public corruption world, you've got to predicate before you can go after a public official. I think there's a similar test. It's not just who has access, it's what is required. What's the question that they have, and is it a legitimate question? Mr. Nojeim. I think that's exactly right. I think it's very hard to legislate because there are just so many contexts in which you're going to have to think down the road. I think that it's worth talking about. I also think, though, where you can be most effective is at the front end and the back end. It's articulating a standard that is what permits the data to get into the data base in the first place, and articulating the minimization procedures that must be followed for getting it cleared out at the end of the day. Senator Whitehouse. Yes. I appreciate it. Thank you. Mr. Woods, it looks like you have the final word. Mr. Woods. I think that we shouldn't simply take a step because it's easy. It's easy to look at the front end and say we need to change the standard. I really do believe that the core of this is in the sort of middle and back end of this, controlling what is done with information. But I would just end on your point about-- Senator Whitehouse. In terms of the interrelationship, do you agree that if we're going to really get this right we're going to have to focus on not only acquisition, but also minimization and retention and also predication and the querying function, and that those three need to be seen as a coordinated group? Mr. Woods. They are all linked. I think--and you're seeing this--as soon as you enter into this question you get pulled into the much broader issue of information sharing, of access to digital information. I think a very important issue, and that is public confidence. Things like the IG report shake public confidence and make the public concerned about these issues. I don't think the public understands how their information is handled, either by the government or by commercial entities. It is a very large question and I think I would just urge the Committee to stick with it. It's not going to be easily resolved, but it desperately needs doing. Senator Whitehouse. Good. Well, I want to thank all the witnesses. I think this has been a helpful and interesting day. I would urge you also to stick with it and keep doing your work, and keep hammering on Members of Congress to get to this. We are, I think, in a very interesting time, driven by the technological leaps that we've taken. I will close by repeating the observation I made at the beginning when the Founding Fathers were designing the Fourth Amendment. It never crossed their mind that the sheriff would keep any evidence. It would be thrown out. It would be used at trial and it would be returned, or be destroyed if it was contraband. That was it. Now we have this facility for maintaining huge amounts of information and it raises a question that, because the Founding Fathers did not face, we can't go and grab an answer off the shelf. This generation has to figure it out based on the principles that have made this country great. I think it's a fascinating topic, and I appreciate your attention to it The record will remain open for 7 days for any additional submissions anybody chooses to make. The hearing is hereby adjourned. [Whereupon, at 11:54 a.m. the Committee was adjourned.] [Questions and answers and submissions for the record follow.] [GRAPHIC] [TIFF OMITTED] T2457.001 [GRAPHIC] [TIFF OMITTED] T2457.002 [GRAPHIC] [TIFF OMITTED] T2457.003 [GRAPHIC] [TIFF OMITTED] T2457.004 [GRAPHIC] [TIFF OMITTED] T2457.005 [GRAPHIC] [TIFF OMITTED] T2457.006 [GRAPHIC] [TIFF OMITTED] T2457.007 [GRAPHIC] [TIFF OMITTED] T2457.008 [GRAPHIC] [TIFF OMITTED] T2457.009 [GRAPHIC] [TIFF OMITTED] T2457.010 [GRAPHIC] [TIFF OMITTED] T2457.011 [GRAPHIC] [TIFF OMITTED] T2457.012 [GRAPHIC] [TIFF OMITTED] T2457.013 [GRAPHIC] [TIFF OMITTED] T2457.014 [GRAPHIC] [TIFF OMITTED] T2457.015 [GRAPHIC] [TIFF OMITTED] T2457.016 [GRAPHIC] [TIFF OMITTED] T2457.017 [GRAPHIC] [TIFF OMITTED] T2457.018 [GRAPHIC] [TIFF OMITTED] T2457.019 [GRAPHIC] [TIFF OMITTED] T2457.020 [GRAPHIC] [TIFF OMITTED] T2457.021 [GRAPHIC] [TIFF OMITTED] T2457.022 [GRAPHIC] [TIFF OMITTED] T2457.023 [GRAPHIC] [TIFF OMITTED] T2457.024 [GRAPHIC] [TIFF OMITTED] T2457.025 [GRAPHIC] [TIFF OMITTED] T2457.026 [GRAPHIC] [TIFF OMITTED] T2457.027 [GRAPHIC] [TIFF OMITTED] T2457.028 [GRAPHIC] [TIFF OMITTED] T2457.029 [GRAPHIC] [TIFF OMITTED] T2457.030 [GRAPHIC] [TIFF OMITTED] T2457.031 [GRAPHIC] [TIFF OMITTED] T2457.032 [GRAPHIC] [TIFF OMITTED] T2457.033 [GRAPHIC] [TIFF OMITTED] T2457.034 [GRAPHIC] [TIFF OMITTED] T2457.035 [GRAPHIC] [TIFF OMITTED] T2457.036 [GRAPHIC] [TIFF OMITTED] T2457.037 [GRAPHIC] [TIFF OMITTED] T2457.038 [GRAPHIC] [TIFF OMITTED] T2457.039 [GRAPHIC] [TIFF OMITTED] T2457.040 [GRAPHIC] [TIFF OMITTED] T2457.041 [GRAPHIC] [TIFF OMITTED] T2457.042 [GRAPHIC] [TIFF OMITTED] T2457.043 [GRAPHIC] [TIFF OMITTED] T2457.044 [GRAPHIC] [TIFF OMITTED] T2457.045 [GRAPHIC] [TIFF OMITTED] T2457.046 [GRAPHIC] [TIFF OMITTED] T2457.047 [GRAPHIC] [TIFF OMITTED] T2457.048 [GRAPHIC] [TIFF OMITTED] T2457.049 [GRAPHIC] [TIFF OMITTED] T2457.050 [GRAPHIC] [TIFF OMITTED] T2457.051 [GRAPHIC] [TIFF OMITTED] T2457.052 [GRAPHIC] [TIFF OMITTED] T2457.053 [GRAPHIC] [TIFF OMITTED] T2457.054 [GRAPHIC] [TIFF OMITTED] T2457.055 [GRAPHIC] [TIFF OMITTED] T2457.056 [GRAPHIC] [TIFF OMITTED] T2457.057 [GRAPHIC] [TIFF OMITTED] T2457.058 [GRAPHIC] [TIFF OMITTED] T2457.059 [GRAPHIC] [TIFF OMITTED] T2457.060 [GRAPHIC] [TIFF OMITTED] T2457.061 [GRAPHIC] [TIFF OMITTED] T2457.062 [GRAPHIC] [TIFF OMITTED] T2457.063 [GRAPHIC] [TIFF OMITTED] T2457.064 [GRAPHIC] [TIFF OMITTED] T2457.065 [GRAPHIC] [TIFF OMITTED] T2457.066 [GRAPHIC] [TIFF OMITTED] T2457.067 [GRAPHIC] [TIFF OMITTED] T2457.068 [GRAPHIC] [TIFF OMITTED] T2457.069 [GRAPHIC] [TIFF OMITTED] T2457.070 [GRAPHIC] [TIFF OMITTED] T2457.071 [GRAPHIC] [TIFF OMITTED] T2457.072 [GRAPHIC] [TIFF OMITTED] T2457.073 [GRAPHIC] [TIFF OMITTED] T2457.074