On February 4, 2014, the House Judiciary Committee held a hearing on “Examining Recommendations to Reform FISA Authorities.” The written testimony of the six witnesses and the statement of Chairman Goodlatte (R-VA) are available here. Ranking Member Conyers’ (D-MI) opening statement is available here.
The witnesses were divided into two panels. The first panel included James Cole (Department of Justice), Peter Swire (President’s Review Group on Intelligence and Communications Technology), and David Medine (Privacy and Civil Liberties Oversight Board). The second panel included Steven Bradbury (Dechert, LLP), Dean Garfield (Information Technology Industry Council) and David Cole (Georgetown University Law Center). The vast majority of the time and questioning from Members of Congress was spent on the first panel.
The focus of the hearing was on Section 215 of the PATRIOT Act (the section known as the library records provision under which the NSA claimed authority to collect bulk data of telephone records; this provision could also be used to obtain other “business records” including library records). Some questions also covered the Section 702 program, which targets non-U.S. persons. The majority of the Committee members appeared to support reforms to the program, with numerous members pointing to their support for the USA FREEDOM Act. Several members also focused on the need to restore trust amongst the American people.
During opening statements, Chairman Goodlatte noted that President Obama had not articulated how the bulk collection of telephony metadata had thwarted terrorist plots. He also questioned the President’s proposal to transfer the storage of bulk data to private companies, pointing to recent security breaches of Target and Yahoo!.
Ranking Member Conyers called the Section 215 bulk collection program ineffective, inconsistent with American values and inconsistent with the statutory language. He pointed out that Section 215 of the PATRIOT Act is scheduled to sunset on June 1, 2015 and if the bulk collection issue is not addressed, the Government risks losing Section 215 in its entirety. Conyers praised H.R. 3361, the USA FREEDOM Act, which has 130 House Members supporting the bill with an even split between Democrats and Republicans (Senator Leahy introduced an identical bill in the Senate), a point reiterated by several other members of the Judiciary Committee. The bill, among other things, would amend Section 215 to prohibit bulk collection and require showing a nexus between the business records sought and the person targeted.
James Cole, Deputy Attorney General at the U.S. Department of Justice (DOJ), statement focused on President Obama’s January 17, 2014 speech laying out proposed reforms, including having third party storage of the bulk data, establishing an independent voice before the FISA courts, and establishing greater transparency. He also argued that the bulk collection of telephony metadata was constitutional and permitted under the PATRIOT Act.
Several members questioned Cole regarding the value of the bulk collection of telephone data and the appropriate metric in assessing its benefits. He repeatedly asserted that the program was useful and that pointing to the number of terrorist plots thwarted was not an appropriate metric in assessing the value of the Section 215 program, though Cole did not provide an alternative metric other than to call the program “helpful.”
Peter Swire of the President’s Review Group (PRG) gave an overview of the makeup of the review group and the scope of their report. He noted that while the Privacy and Civil Liberties Oversight Board had done legal analysis around the statutory language of Section 215 and the First and Fourth Amendments, this analysis was not undertaken by the President’s Review Group.
In response to criticisms regarding the risks of permitting third parties to house the bulk data, particularly in light of security breaches, Swire pointed out that the NSA has had leaks and all databases are at risk. He also noted that telephone companies already collect the data and requiring them to store such data would not create any new harms.
David Medine, Chairman of the Privacy and Civil Liberties Oversight Board (PCLOB), gave an overview of the conclusions of the recently issued report on Section 215, noting that PCLOB would be issuing a separate report on Section 702 in the coming months. He pointed to the PCLOB’s majority conclusion that the Section 215 program violated the statutory parameters of the PATRIOT Act, but also raised serious concerns regarding the First and Fourth Amendments. He noted that the benefits of bulk collection were “modest at best” and such benefits were outweighed by the concerns regarding civil liberties and privacy. The Board recommended termination of the Section 215 bulk collection program.
Medine also pointed out that the Administration’s interpretation of Section 215 takes an overly expansive view of the term “relevant.” He noted that Congress intended to put limits on Section 215 when it was created, but that these limits were ignored with an interpretation that “relevant” covered everything.
Representative Sensenbrenner (R-WI) pointed out that he was the principal author of the PATRIOT Act as well as its two reauthorizations (Sensenbrenner also introduced the USA FREEDOM Act into the House) and that the revelations about how Section 215 was being used were a shock, a sentiment later echoed by Representative Lofgren (D-CA). Sensenbrenner asserted that there was no way that the PATRIOT Act, as interpreted by the Administration, would have been approved or reauthorized if debated in Congress and that no fair reading of the Act could support the bulk collection of telephony metadata. When Cole stated that the DOJ had not taken a position on the USA Freedom Act, Sensenbrenner suggested that the DOJ quickly take a position because the Government is faced with a choice between the USA Freedom Act or having no authority when June 1, 2015 comes around and Section 215 expires. These sentiments were echoed by Representative Nadler (D-NY)
Representative Bachus (R-AL) seemed to be one of the few Committee members that did not want to see changes made to the program. He cited a letter by Judge John Bates, which expressed concerns in allowing a public advocate participate in FISA Court hearings.
Representative Lofgren (D-CA) asked what data, other than telephone data, could be collected. She asked whether credit card information or Internet browser cookies could be collected. Cole argued that not everything could be collected, only what was “necessary.”
Both Lofgren and Representative Issa (R-CA) asked whether the telephony metadata of Members of Congress had been collected. Swire said that to his knowledge, nothing had been screened out. Cole agreed that there was no reason to think otherwise, but argued that because the data had been collected into a database did not mean that it had been looked at. Issa also asked whether telephony metadata of the Executive Branch, including the President’s, as well as the records of the numerous embassies in the United States, had also been collected and Cole stated that he believed every phone number’s metadata was included in the database.
Representative Poe (R-TX) asked Cole to name a criminal case that had been filed as a result of the metadata program. Cole stated that there may be one material support case, but argued that the point of the statute was not to pursue criminal cases but to gather foreign intelligence.
Steven Bradbury, attorney at Dechert, LLP and former head of the Office of Legal Counsel at the DOJ, argued that the NSA programs did not violate any statutory or constitutional laws. He argued that numerous FISA court judges had upheld the programs. He also asserted that all Members of Congress were informed about or had the opportunity to be briefed on the details of the Section 215 and 702 programs during their reauthorizations. He stated that the programs were critically important and argued against any changes, expressing disappointment with President Obama’s proposals to reform the programs.
Dean Garfield, President and CEO of the Information Technology Industry Council, pointed to the impacts that the revelations about bulk collection of data have had on the information and communications technology sector. He stated that the revelations about the programs had eroded trust in U.S. companies and the security of the data they collect. He also warned that forcing localized storage could result in “Balkinization” of the Internet. He advocated for greater transparency and oversight, as well as clarification of what Section 215 permits.
Some members raised concerns about how U.S. companies could be disadvantaged globally as a result of the NSA revelations, a point on which Garfield agreed. He noted that concerns included cost, storage concerns, and the public lack of trust, including the perception that companies are not independent from the U.S. Government.
David Cole, Professor of Constitutional Law and National Security at Georgetown University Law Center, expressed support for the USA FREEDOM Act. He pointed out that because of evolving technology, privacy law must be adapted in light of the increased ease of collecting massive amounts of data. He also argued against defenders of the NSA collection practices by pointing out that the former NSA general counsel had stated that metadata can reveal an enormous amount about a person’s life and with enough metadata, content is unnecessary.
Chairman Goodlatte questioned Bradbury, pointing to concerns about privacy when bulk data is collected. Bradbury responded that there were hypothetical concerns about abuse, but these concerns did not match the reality of the programs. He also pointed out that the Securities and Exchange Commission, Federal Trade Commission and Consumer Financial Protection Bureau also collect massive amounts of data and that the NSA should not be singled out.
Lofgren raised concerns regarding the expectations of privacy in the modern world. In response, Cole stated that the defining question is how to preserve the right to privacy in the face of new technologies and that it was the responsibility of Congress to address these issues. He said that without Congressional action, there is a risk of surrendering privacy to the digital age.
Representative Nadler called the FISA court a “kangaroo court” because of its one-sided and secretive nature. He pointed out that while technology evolves and metadata is collected, people still have an expectation of privacy. Cole then pointed out that the metadata collection programs were the same as issuing a general warrant.